Table of Contents
Advertisement
Managing Switch User Accounts
Configuring Global User Lockout Settings
The following user lockout settings configured for the switch apply to all user accounts:
•
Lockout window—the length of time a failed login attempt is aged before it is no longer counted as a
failed attempt.
•
Lockout threshold—the number of failed login attempts allowed within a given lockout window period
of time.
•
Lockout duration—the length of time a user account remains locked until it is automatically unlocked.
In addition to the above lockout settings, the network administrator also has the ability to manually lock
and unlock user accounts. The following subsections describe how to configure user lockout settings and
how to manually lock and unlock user accounts.
Note. Only the admin user is allowed to configure user lockout settings. The admin account is protected
from lockout; therefore, it is always available.
Lockout settings are saved automatically; that is, these settings do not require the
issu, or
configuration snapshot
out settings configured for the switch, use the
For more information about this command and those used in the configuration examples throughout this
section, see the OmniSwitch CLI Reference Guide.
Configuring the User Lockout Window
The lockout window is basically a moving observation window of time in which failed login attempts are
counted. If the number of failed login attempts exceeds the lockout threshold setting (see
User Lockout Threshold Number" on page
the user account is locked out of the switch.
Note that if a failed login attempt ages beyond the observation window of time, that attempt is no longer
counted towards the threshold number. For example, if the lockout window is set for 10 minutes and a
failed login attempt occurred 11 minutes ago, then that attempt has aged beyond the lockout window time
and is not counted. In addition, the failed login count is decremented when the failed attempt ages out.
By default, the lockout window is set to 0; this means that there is no observation window and failed login
attempts are never aged out and will never be decremented. To configure the lockout window time, in
minutes, use the
user lockout-window
-> user lockout-window 30
Do not configure an observation window time period that is greater than the lockout duration time period
(see
"Configuring the User Lockout Duration Time" on page
Configuring the User Lockout Threshold Number
The lockout threshold number specifies the number of failed login attempts allowed during any given
lockout window period of time (see
ple, if the lockout window is set for 30 minutes and the threshold number is set for 3 failed login attempts,
then the user is locked out when 3 failed login attempts occur within a 30 minute time frame.
OmniSwitch AOS Release 6 Switch Management Guide
command to save user settings over a reboot. To view the current lock-
show user lockout-setting
10-15) during any given observation window period of time,
command. For example:
"Configuring the User Lockout Window" on page
July 2010
Configuring Global User Lockout Settings
write
command.
10-16).
memory,
reload
"Configuring the
10-15). For exam-
page 10-15
- Quick Links:
- File Transfer
- Using Tftp to Transfer Files
Hide quick links:
Advertisement
Table of Contents
