Отвалились некоторые 7600 по управлению:
1 2 3 4 5 6 |
root@host:/# telnet 172.16.1.1 22 Trying 172.16.1.1... telnet: Unable to connect to remote host: Connection refused root@host:/# telnet 172.16.1.1 Trying 172.16.1.1... telnet: Unable to connect to remote host: Connection refused |
1 2 3 4 5 6 7 |
R1# terminal monitor 183098: Jun 21 08:03:10.406 MSK: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: NMS] [Source: 10.172.1.1] [localport: 23] [Reason: Login Authentication Failed] at 08:03:10 MSK Fri Jun 21 2019 183099: Jun 21 08:03:16.670 MSK: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: NMS] [Source: 10.172.1.1] [localport: 23] [Reason: Login Authentication Failed] at 08:03:16 MSK Fri Jun 21 2019 183100: Jun 21 08:03:22.935 MSK: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: NMS] [Source: 10.172.1.1] [localport: 23] [Reason: Login Authentication Failed] at 08:03:22 MSK Fri Jun 21 2019 183101: Jun 21 08:03:39.231 MSK: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: NMS] [Source: 10.172.1.1] [localport: 23] [Reason: Login Authentication Failed] at 08:03:39 MSK Fri Jun 21 2019 183102: Jun 21 08:03:45.495 MSK: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: NMS] [Source: 10.172.1.1] [localport: 23] [Reason: Login Authentication Failed] at 08:03:45 MSK Fri Jun 21 2019 183103: Jun 21 08:03:45.495 MSK: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 16 secs, [user: NMS] [Source: 10.172.1.1] [localport: 23] [Reason: Login Authentication Failed] [ACL: sl_def_acl] at 08:03:45 MSK Fri Jun 21 2019 |
Из-за неуспешных попыток логина включается блокировка, трафик блокируется ACL-ом по умолчанию на 60 сек:
1 2 3 4 5 6 7 8 9 10 11 12 13 |
R1# show login A default login delay of 1 seconds is applied. No Quiet-Mode access list has been configured. All successful login is logged. All failed login is logged. Router enabled to watch for login Attacks. If more than 5 login failures occur in 60 seconds or less, logins will be disabled for 60 seconds. Router presently in Quiet-Mode. Will remain in Quiet-Mode for 59 seconds. Denying logins from all sources. |
Создается ACL sl_def_acl
1 2 3 4 5 6 |
R1# show access-lists sl_def_acl Extended IP access list sl_def_acl 10 deny tcp any any eq telnet (11369 matches) 20 deny tcp any any eq www 30 deny tcp any any eq 22 (27 matches) 40 permit ip any any |
Количество линий при этом:
1 2 3 4 |
R1# show users Line User Host(s) Idle Location * 1 vty 0 NMS idle 00:00:00 172.18.200.200 Interface User Mode Idle Peer Address |
По таймауту блокировка выключается:
1 |
183104: Jun 21 08:04:45.496 MSK: %SEC_LOGIN-5-QUIET_MODE_OFF: Quiet Mode is OFF, because block period timed out at 08:04:45 MSK Fri Jun 21 2019 |
1 2 3 4 5 6 7 8 9 10 11 12 13 |
R1# show login A default login delay of 1 seconds is applied. No Quiet-Mode access list has been configured. All successful login is logged. All failed login is logged. Router enabled to watch for login Attacks. If more than 5 login failures occur in 60 seconds or less, logins will be disabled for 60 seconds. Router presently in Normal-Mode. Current Watch Window remaining time 59 seconds. Present login failure count 0. |
Доступ восстанавливается:
1 2 3 4 |
root@host:/# telnet 172.16.1.1 Trying 172.16.1.1... Connected to 172.16.1.1. Escape character is '^]'. |
Как решение добавить в ACL исключение:
1 |
R1(config)# login quiet-mode access-class ACL_TRUST |