556 CHAPTER 49: PASSWORD CONTROL CONFIGURATION OPERATIONS
Password Control
Configuration
Configuration
Prerequisites
A user PC is connected to the switch to be configured; both devices are operating
normally.
Configuration Tasks The following sections describe the configuration tasks for password control:
■ “Configuring Password Aging”
■ “Configuring the Limitation of Minimum Password Length”
Login attempt
limitation and failure
processing.
Login attempt limitation: You can use this function to
enable the switch to limit the number of login attempts
allowed for each user.
Telnet and
SSH
passwords
If the number of login
attempts exceeds the
configured maximum
number, the user fails to
log in. In this case, the
switch provides three
failure processing modes.
By default, the switch
adopts the first mode, but
you can actually specify the
processing mode as
needed.
Inhibit the user from
re-logging in within a
certain time period. After
the period, the user is
allowed to log into the
switch again.
Inhibit the user from
re-logging in forever. The
user is allowed to log into
the switch again only after
the administrator manually
removes the user from the
user blacklist.
Allow the user to log in
again without any
inhibition.
User blacklist If the maximum number of attempts is exceeded, the
user cannot log into the switch and is added to the
blacklist by the switch. All users in the blacklist are not
allowed to log into the switch.
■ For the user inhibited from logging in for a certain
time period, the switch will remove the user from the
blacklist when the time period expires.
■ For the user inhibited from logging in forever, the
switch provides a command which allows the
administrator to manually remove the user from the
blacklist.
■ The blacklist is saved in the RAM of the switch, so it
will be lost when the switch reboots.
-
System log function The switch automatically records the following events in
logs:
■ Successful user login. The switch records the user
name, user IP address, and VTY ID.
■ Inhibition of a user due to ACL rule. The switch
records the user IP address.
■ User authentication failure. The switch records the
user name, user IP address, VTY ID, and failure
reason.
No
configuratio
n is needed
for this
function.
Table 408 Functions provided by password control
Function Description Application
To Next Page
Loading...
