Jesin's Blog

Welcome to the Portal of Technology

  • Facebook
  • GitHub
  • RSS
  • Twitter
  • Home
  • Categories
    • Domains
    • Linux
    • Networking
    • PHP
    • Virtualization
    • Web Design
    • Web Servers
    • Windows
  • WordPress Plugins
    • Custom Error Pages
    • HTTP Digest Authentication
    • Mailgun Email Validator
  • Toolbox
    • DNS Lookup Tool
    • htdigest Generator Tool Online
    • htpasswd Generator Tool Online
    • HTTP Headers Lookup Tool
    • MD5 Encryption Tool
    • Open Port Check Tool
    • SHA-1 Encryption Tool
    • URL Encoding/Decoding Tool
  • About Me
  • Contact Me
  • Sitemap
Home ›
Networking ›
Cisco Account Lockout using login block-for

Cisco Account Lockout using login block-for

September 22, 2011 Networking Jesin A Leave a Comment

networking category thumbnail

Account lockout policies can be implemented on Cisco equipment to prevent Brute-Force attacks. This tutorial will explain how to use login block-for command to block users if they exceed a certain number of incorrect login attempts. The login block-for command will block all telnet and SSH connections to that router if incorrect credentials are entered for a specified number of times.

See the previous articles for configuring Cisco Devices for Telnet and SSH access. The syntax of the command is as follows

login block-for <Time period in seconds> attempts <Max no of failed attempts>within <Time period in seconds>

The command should be entered in Configuration mode. Here is an example

Router1(config)#login block-for 60 attempts 2 within 10

The command above will BLOCK all connections to Router1 for 60 seconds if the credentials are entered INCORRECTLY 2 times WITHIN a span of 10 seconds. If this policy is breached you’ll get the following message on the console terminal

%SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 5 secs, [user: jesin] [Source: 10.0.0.4] [localport: 22] [Reason: Login Authentication Failed] [ACL: sl_def_acl] at 17:01:34 UTC Thu Sep 22 2011

This means your router has entered into “quiet mode” during which will will NOT accept any telnet or SSH connections. The command show login failures will display the failed login attempts.

Router1#sh login failures
Total failed logins: 2
Detailed information about last 50 failures
Username        SourceIPAddr    lPort Count TimeStamp
jesin                            10.0.0.4        22    2   17:01:34 UTC Thu Sep 22 2011

Related posts:

linux password lockout policy thumbnailLinux password lockout policy networking category thumbnailConfigure Cisco Routers for SSH Access networking category thumbnailConfigure Cisco Routers and Switches for Telnet Access networking category thumbnailHow to set the time in Cisco devices networking category thumbnailHow to recover a Cisco device password

Tags: account lockout, cisco

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get a wealth of information delivered to your inbox. Subscribe and never miss a single article.

  • Tutorials and howtos
  • Code, scripts and commands
  • Online Tools

* No spam, unsubscribe anytime

Hire Me

  • SSL installation and hardening (A+ on Qualys SSL test)
  • Apache & Nginx configuration
  • Email deliverability improvement (10/10 on Mail Tester & MailGenius)
  • WordPress customization, optimization and migration
  • and much more…

    Tools

    • DNS Lookup Tool
    • htdigest Generator Tool Online
    • htpasswd Generator Tool Online
    • HTTP Headers Lookup Tool
    • MD5 Encryption Tool
    • Open Port Check Tool
    • SHA-1 Encryption Tool
    • URL Encoding/Decoding Tool

    Nav

    • Home
    • About Me
    • Contact Me
    • Privacy Policy
    • Sitemap
    Vultr SSD VPS

    Creative Commons License
    Jesin's Blog by Jesin A is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
    Based on a work at websistent.com.