Guest

Preview Tool

Cisco Bug: CSCul77934 - Login block :: Converting the complete ipv6 subnet into single ipv4 add

Last Modified

Nov 18, 2019

Products (1)

  • Cisco IOS

Known Affected Releases

15.3(1)IE101.226 15.4(1.14)T

Description (partial)

Symptom:
Login Enhancements (Login Block) in quit mode for IPv6 source in same subnet{or ipv6 address
with same first 8 hex values} disconnect after 1 failed attempted and convert the complete ipv6
subnet into single ipv4 address.

For example:
Address 2001::2/126 and 2001::3/126 will be converted to 32.1.0.0 which is first 8 hex values
of the IPv6 address  0:0:0:0:0:ffff:2001:0.

Total failed logins: 6
Detailed information about last 50 failures

Username        SourceIPAddr    lPort Count TimeStamp
cisco           32.1.0.0        22    3     19:17:11 IST Mon Dec 2 2013

Conditions:
On the router following services should be enable with IPv6 address:

** login block-for

login block-for 300 attempts 3 within 1800
login on-failure log
login on-success log

** Telnel/ssh/http

ip http server
ip http authentication local

line vty 0 4
 login local
 transport input all

** IPv6 address on the interface

interface Ethernet0/0
 no ip address
 ipv6 address 2001::1/126
 ipv6 enable
 ipv6 nd prefix 2001::/126
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.