Use the passwords lock-out command in Global Configuration mode to
strengthen the security of the switch by locking user accounts that have failed
login due to wrong passwords. When a lockout count is configured, a user
who is logging in must enter the correct password within that count.
Otherwise that user is locked out from further switch access. Only a user with
read/write access can reactivate a locked user account. Password lockout does
not apply to logins from the serial console. Use the no form of this command
to set the password lockout count to the default value.
no passwords lock-out
This command does not require a parameter description.
The default value is 0 or no lockout count is enforced.
Global Configuration mode.
Password lockout only applies to users with authentication configured to
local. RADIUS or TACACS authenticated users will use policies configured
on the respective RADIUS/TACACS servers.
The following example sets the number of user attempts before lockout at 2.
console(config)#passwords lock-out 2
Password Management Commands