1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Network Router
  5. ASR 1000 Series
  6. Common criteria operational user guidance and preparative procedures

User Lockout - Cisco ASR 1000 Series Common Criteria Operational User Guidance And Preparative Procedures

Aggregation services router
Hide thumbs Also See for ASR 1000 Series:
Table of Contents

Advertisement

line vty <first> <last> [2] and [20] under section "Configuring Virtual Terminal Lines
for Remote Console Access"
exec-timeout <time> [10] >System Management >
Fundamentals Command
line console [19] under section "Configuring Line Password Protection"
exec-timeout <time>
To save these configuration settings to the startup configuration:
copy run start [3] under section "C commands"
where first and last are the range of vty lines on the box (i.e. "0 4"), and time is the period of
inactivity after which the session should be terminated. Configuration of these settings is limited
to the privileged administrator (see Section 4.1). These settings are not immediately activated
for the current session. The current line console session must be exited. When the user logs
back in, the inactivity timer will be activated for the new session.
3.2.6

User Lockout

User accounts must be configured to lockout after a specified number of authentication failures
TOE-common-criteria(config)# aaa local authentication attempts max-fail [number of
failures]
where number of failures is the number of consecutive failures that will trigger locking of the
account. Configuration of these settings is limited to the privileged administrator (see Section
4.1).
Related commands:
clear aaa local user fail-attempts
clear aaa local user lockout
username [username]
show aaa local user lockout
Note: this lockout only applies to privilege 14 users and below.
Note: this applies to consecutive failures, and is not affected by the SSH or Telnet session
disconnections after their default number of failures. In other words, if this lockout command is
set to 5 failures, and SSH disconnects after 3 failed attempts, if the user attempts another SSH
session and enters the wrong credentials two additional times, the account will lock.
Reference, section D through E
Clears the unsuccessful login
attempts of the user.
Unlocks the locked-out user.
Displays a list of all locked-out
users.
Cisco IOS Configuration
Page 18 of 72
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Cisco ASR 1000 Series

Related Content for Cisco ASR 1000 Series

This manual is also suitable for:

Asr 1001Asr 1002xAsr 1004Asr 1006Asr 1013Asr 1001hx ... Show all

Table of Contents