Switches, Hubs, and Modems

Re: Is there possible to ignore user continue trying login?

 
wowhsieh
Occasional Contributor

Is there possible to ignore user continue trying login?

I noticed from switch 5130 system logs, there were a lot of user trying login, is there possible to ignore those login to prevent 5130 busy respond?

5 REPLIES 5
Ivan_B
HPE Pro

Re: Is there possible to ignore user continue trying login?

Hello!

Do you want to suppress messages to prevent them from appearing in the logbuffer? If that is what you want, check 'info-center logging suppress module' command.

Examples
# Configure a log suppression rule to suppress output of logs with the shell_login mnemonic value for the shell module.
<Sysname> system-view
[Sysname] info-center logging suppress module shell mnemonic shell_login

Hope it helps!

 

I am an HPE employee

Accept or Kudo

wowhsieh
Occasional Contributor

Re: Is there possible to ignore user continue trying login?

a simple topology like below~~

pc > layer2 switch > firewall > 5130 > modem > internet

a user said his pc software session always broke from time to time, I spent a lot of time to troubleshooting network and devices and still not found problem, but it seems that 5130 is the most possible problem,

just now(about 21:13) I noticed the network link broke at 5130, I look at the log and found a lot of "topology change" at port 15, the port link to a Cisco switch, I wonder maybe it's STP feature cause the network broke for a while?!  so I turn off STP(default is on) and wait to see if that happened again ...

 

Snap1.gif

wowhsieh
Occasional Contributor

Re: Is there possible to ignore user continue trying login?

is it possible that 5130 drop those users who trying to login(a lot of trying login in one minute) so 5130 won't pay attention to those trying.

 

log.gif

Ivan_B
HPE Pro

Re: Is there possible to ignore user continue trying login?

Hello!

If the switch will be rejecting all login attempts, how will it distinguish valid login attempt from non-valid? We need to think in this direction and the solution is below. But, in general, that idea to expose the switch to the Internet is quite dangerous, these devices do not have sophisticated security mechanisms, normally these are behind firewalls.

My suggestion - protect management plane of this switch with proper ACLs, allow only access from your local network and deny all other IP addresses. You can protect HTTP/HTTPS with ACL, as well as SSH or Telnet (which I suggest to disable, as it is not secure at all). 

Check the Fundamentals Command Reference and Configuration guides for commands:

ip http acl
ip https acl

For VTY (telnet and SSH) protection, check:
user-interface vty 0 15
 acl [ ipv6 ] acl-number { inbound | outbound }

Hope it helps!

 

I am an HPE employee

Accept or Kudo

Ivan_B
HPE Pro

Re: Is there possible to ignore user continue trying login?

Hi @wowhsieh !

Did you have time to try the solution proposed? Did it resolve the problem?

Thank you in advance!

 

I am an HPE employee

Accept or Kudo