Subba, I've not heard or used this product (Nipper) before, so I cannot confirm what the reasoning is for this. I can tell you that based on the captures at the wire this appears to be a false-positive. It appears there is a simuliar question being asked on their (Nipper's) forums. My guess is it (Nipper) is using the logging from the Cisco devices in error to claim this as an issue. If its not given access to the Cisco devices other than a network feed not snmp/logins/syslogging/works/etc, I as well as many others would surely be interested. Forum reference (which hasn't been answered at this time) Ref: http://nipper.titania.co.uk/forums/viewtopic.php?f=3&t=72&sid=8f7bc0ec62d41b 09cd977eb7e72d1f6e I would be interested to know if you find out the reasoning for this, of course offlist would be fine. Regards, -Joe Blanchard ________________________________ From: Subba Rao [mailto:castellan2004-nsm@yahoo.com] Sent: Thursday, April 02, 2009 9:43 PM To: nanog@nanog.org; Jo¢ Subject: RE: Nipper and Cisco configuration results Joe, Thank you for replying. I am asking about the Nipper complaint. Why is Nipper report saying "Rlogin" is enabled when I don't see any ACL in the config? Using IOS 12.4 Cheers, Subba Rao