Password Control Configuration; Configuration Prerequisites; Configuration Tasks - 3Com 5500-SI Configuration Manual
5500 series
Hide thumbs
Also See for 5500-SI:
- Datasheet (9 pages) ,
- Getting started manual (148 pages) ,
- Quick reference manual (59 pages)
Table of Contents
Advertisement
576
C
30: P
HAPTER
ASSWORD
Table 634 Functions provided by password control (continued)
Function
Description
Login attempt
You can use this function to enable the switch to limit the number of login
limitation and
attempts allowed for each user.
failure
If the number of login attempts exceeds the configured maximum number,
processing.
the user fails to log in. In this case, the switch operates in one of the following
processing mode:
1 Inhibit the user from re-logging in within a certain time period. After the
period, the user is allowed to log into the switch again.
2 Inhibit the user from re-logging in forever. The user is allowed to log into
the switch again only after the administrator manually removes the user
from the user blacklist.
3 Allow the user to log in again without any inhibition.
By default, the switch adopts the first mode, but you can actually specify the
processing mode as needed.
User blacklist
If the maximum number of attempts is exceeded, the user cannot log into the
switch and is added to the blacklist by the switch. All users in the blacklist are
not allowed to log into the switch.
For the user inhibited from logging in for a certain time period, the switch will
remove the user from the blacklist when the time period expires.
For the user inhibited from logging in forever, the switch provides a command
which allows the administrator to manually remove the user from the blacklist.
The blacklist is saved in the RAM of the switch, so it will be lost when the
switch reboots.
Blacklist can be hot backups so that they keep synchronized between the
primary and secondary SRP cards of the switch.
System logging
The switch automatically logs the following events:
1 Successful user login: The switch logs the user name, user IP address, and
VTY ID.
2 Inhibition of a user due to ACL rule: The switch logs the user IP address.
3 User authentication failure. The switch logs the user name, user IP address,
VTY ID, and failure reason.
Password Control
Configuration
Configuration
Prerequisites
Configuration Tasks
C
C
O
ONTROL
ONFIGURATION
PERATIONS
This section contains configuration information on Password Control.
A user PC is connected to the switch to be configured; both devices are operating
normally.
The following sections describe the configuration tasks for password control:
Configuring Password Aging
■
Configuring the Limitation of Minimum Password Length
■
Configuring History Password Recording
■
Configuring a User Login Password in Encryption Mode
■
Configuring Login Attempts Limitation and Failure Processing Mode
■
Configuring the Timeout Time for Users to be authenticated
■
After the above configuration, you can execute the display password-control
command in any view to check the information about the password control for all
users, including the enable/disable state of password aging, the aging time, the alert
time before password expiration; the enable/disable state of the minimum password
Application
Telnet, SSH, and FTP passwords: the
limitation and all the three modes
of processing are applicable.
Super passwords: the limitation and
the first mode of processing are
applicable.
—
No configuration is needed for this
function.
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
