aaa authentication console-lockout


aaa authentication console-lockout

no aaa authentication console-lockout


Enables console lockout. By default, console lockout is disabled.

The no from of this command disables the console lockout.

Command context



switch(config)# aaa authentication console-lockout
All the currently locked-out users will be unlocked.

Proceed?[y/n] y
Enabling console-lockout may result in switch console access becoming
inaccessible in the event of multiple console login failures.

Proceed?[y/n] y
switch(config)#show running-config

Running configuration:

; JL256A Configuration Editor; Created on release #WC.16.06.0000x
; Ver
hostname "switch"
module 1 type jl256a
snmp-server community "public" unrestricted
aaa authentication num-attempts 2
aaa authentication lockout-delay 120
aaa authentication console-lockout
vlan 1
   name "DEFAULT_VLAN"
   untagged 1-52
   ip address dhcp-bootp
no tftp server
no autorun
no dhcp config-file-update
no dhcp image-file-update
no dhcp proxy-url-update
no dhcp tr69-acs-url
password operator
  • When only console lockout is enable in switch, the users locked out from console can still be able to login from Telnet or SSH sessions.

  • Console lockout feature is applicable in console access to Commander, Standby, and Member console of stacked switches and Activate Standby console of HA switches.

  • When both user-based and console lockout is enabled, users locked out from any one of the management interfaces gets locked form the remaining interfaces as well.

  • All locked users will be unlocked on redundancy switchover, reboot, and power cycle of the system.

  • Lockout feature is not supported on webUI, REST interfaces.

  • Console lockout has no impact when lockout delay is set to zero.

  • When the console is locked out after num-attempts login failures, change in num-attempts or lockout-delay configuration from another session unlocks all Console/Telnet/SSH locked users.