How can we help?

Known issue with Cisco devices in quiet mode

Follow

With Cisco quiet mode enabled, your Cisco device won’t allow any other devices to connect to it after five failed login attempts, and will block all users from logging in for 120 seconds. When quiet mode is activated, Auvik can’t sign in either. So if your Cisco device is in quiet mode, you’ll need to whitelist Auvik for Auvik to monitor the device.

Log into your Cisco device

  1. Telnet, SSH, or serial (console) into your Cisco device.
  2. Enter global configuration mode by typing enable and enter your password.
  3. Enter configuration mode by typing configure terminal.

Create an access list

  1. Create an access list named SSH_MGMT: ip access-list standard SSH_MGMT
  2. Permit the IP address of the Auvik agent: permit host <auvik-collector-ip>
    • Note: Replace <auvik-collector-ip> with the IP address of the Auvik agent
  3. Exit configuration mode by typing end.

Link the new access list to your quiet mode access class

  1. Assign the new access list to the quiet mode access class: login quiet-mode access-class SSH_MGMT

Auvik will now be able to login even if quiet mode is active.

 

Have more questions? Submit a request

Comments

  • Avatar
    Joe Beckner

    Additional info regarding Cisco IOS router quiet mode: Quiet mode is used to prevent Denial Of Service attacks from brute force login attacks. I have been activating this recently since many of our customer's routers are coming under brute force login attacks from IP addresses in China.

    We have a router configured to block logins for 180 seconds if there are 3 failed login attempts within 60 seconds. Cisco CLI command: login block-for 180 attempts 3 within 60. The router's quiet mode was being activated frequently. I traced the problem to an Auvik collector. Since no credentials were configured on Auvik for this router, Auvik was trying to login using usernames admin and cisco. I added the correct login credentials to Auvik and the problem went away.

    I am not sure that it is a good practice for Auvik to try to login into a router or switch if credentials are not explicitly configured for the device.

  • Avatar
    Aleksandar Todorovic

    Thanks Joe for the additional insight here!

    You're absolutely right that there are times that default usernames / credentials shouldn't be used.

    As part of Auvik's automated discovery and on-boarding process, we do include these credentials to use (you may be surprised at how often they work!!) to help aid the discovery.

    The good news here is that you can absolutely delete these default credentials (globally from your MSP dashboard for all your clients, or on an individual client from that client dashboard), or if you so choose you can replace them with the correct set of credentials.

    Further details on how to do that are here:

    https://support.auvik.com/hc/en-us/articles/204828230-How-do-I-add-edit-delete-or-retry-login-credentials-

Powered by Zendesk