Options

AAA Authentication Max Tries/ Timeout?

Fulcrum45Fulcrum45 Member Posts: 621 ■■■■■□□□□□
in CCNA Security
Using AAA New-Model I know there is a way to set the maximum number of authentication failures on a Cisco device: aaa local authentication attempts max-fail. However, it seems once they're locked out that's it. You need to manually reset the user account or "clear" the login attempts before they can try again. Is there a command that allows you to set a timer between max failures so that no one becomes permanently locked out without manual intervention? Or is this a security feature to prevent DDOS attacks and the like?
· Share on FacebookShare on Twitter

Comments

  • Options
    HondabuffHondabuff Member Posts: 667 ■■■□□□□□□□
    Fulcrum45 wrote: »
    Using AAA New-Model I know there is a way to set the maximum number of authentication failures on a Cisco device: aaa local authentication attempts max-fail. However, it seems once they're locked out that's it. You need to manually reset the user account or "clear" the login attempts before they can try again. Is there a command that allows you to set a timer between max failures so that no one becomes permanently locked out without manual intervention? Or is this a security feature to prevent DDOS attacks and the like?

    I Think its this command If I remember.

    Router(confg)#login block-for 300 attempts 5 within 60
    “The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln
    · Share on FacebookShare on Twitter
  • Options
    Fulcrum45Fulcrum45 Member Posts: 621 ■■■■■□□□□□
    Thank you! I'm going to try this in the lab when I get home. I found a Cisco forum where one poster said that there was no way to set this. I knew that couldn't be right otherwise everyone would be locking themselves out.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.