PurposeCommand or Action
Configures your Cisco NX-OS device for login
parameters that help provide DoS detection.
[no] login block-for seconds attempts
tries within seconds
Step 2
Example:
Switch(config)# login block-for 100
attempts 2 within 100
This command must be issued before any
other login command can be used.
Note
(Optional) Although this command is optional, it is
recommended that it be configured to specify an ACL
[no] login quiet-mode access-class
{acl-name | acl-number}
Step 3
that is to be applied to the device when the device
Example:
Switch(config)# login quiet-mode
access-class myacl
switches to quiet mode. When the device is in quiet
mode, all login requests are denied and the only
available connection is through the console.
Exits to privileged EXEC mode.exit
Example:
Switch(config)# exit
Step 4
Displays login parameters.show login failures
Step 5
Example:
Switch# show login
•
failures --Displays information related only to
failed login attempts.
Configuration Examples for Login Parameters
Setting Login Parameters Example
The following example shows how to configure your switch to enter a 100 second quiet period if 15 failed
login attempts is exceeded within 100 seconds; all login requests are denied during the quiet period except
hosts from the ACL "myacl."
Switch(config)# login block-for 100 attempts 15 within 100
Switch(config)# login quiet-mode access-class myacl
Showing Login Parameters Example
The following sample output from the show login command verifies that no login parameters have been
specified:
Switch# show login
No Quiet-Mode access list has been configured, default ACL will be applied.
Switch is enabled to watch for login Attacks.
If more than 2 login failures occur in 45 seconds or less, logins will be disabled for 70
Cisco Nexus 3600 NX-OS Security Configuration Guide, Release 7.x
22
Configuring AAA
Secure Login Enhancements
To Next Page
Loading...
Need help?
General
