The Login Password Retry Lockout feature allows system administrators to lock out a local AAA user account after a configured number of unsuccessful attempts by the user to log in using the username that corresponds to the AAA user account. A locked-out user cannot successfully log in again until the user account is unlocked by the administrator.
A system message is generated when a user is either locked by the system or unlocked by the system administrator. The following is an example of such a system message:
%AAA-5-USER_LOCKED: User user1 locked out on authentication failure.
The system administrator cannot be locked out.
To configure Login Password Retry Lockout, perform the following steps. 1. 2. 3. 4. 5. 6. SUMMARY STEPS
Router (config)# username user1 privilege 15 password 0 cisco
Router (config)# aaa new-model
Router (config)# aaa local authentication attempts max-fail 3
Router (config)# aaa authentication login default local
To unlock the locked-out user, perform the following steps
clear aaa local user lockout {username username | all}
Example:Router# clear aaa local user lockout username user1
Best Regards,
Important Show Command - show aaa local user locked
Deepak Arora
No comments:
Post a Comment