aaa authentication limit-login-attempts

Syntax

aaa authentication limit-login-attempts <ATTEMPTS> lockout-time <LOCKOUT-TIME>

no aaa authentication limit-login-attempts

Description

Enables local login attempt limiting. If the number of failed local login attempts equals the configured threshold, the user is locked out for the configured duration.

The no form of this command disables local login attempt limits.

NOTE:

This local login attempt limiting feature is only available when not using remote authentication through AAA servers (TACACS+ or RADIUS).

Command context

config

Parameters

<ATTEMPTS>

Specifies the threshold of failed local login attempts that triggers user lockout. Range: 1 to 10. For example, if <ATTEMPTS> is set to 1, a single failed login attempt triggers immediate user lockout.

<LOCKOUT-TIME>

Specifies the amount of time a user is locked out. Range: 1 to 3600 seconds.

Authority

Administrators

Examples

Enabling local login attempt failure limiting with a 20 second lockout being triggered upon the fourth consecutive login attempt failure.

switch(config)# aaa authentication limit-login-attempts 4 lockout-time 20

Disabling login attempt failure limiting:

switch(config)# no aaa authentication minimum-password-length