TIC Commands 427
Syntax
•
passwords lockout
number
• no passwords lockout
•
number
— The number of authentication failures before the user account is locked-out.
(Range: 1-5).
Default Configuration
Lockout is disabled.
Command Mode
Global Configuration mode.
User Guidelines
• The setting is relevant to local users passwords, line passwords and enable passwords.
• The account is not locked out for access from local console.
• A user that has privilege level 15 can release accounts that are locked out by using the
set username
active
, ’
set enable-password active
’ and ’
set line active
’ privileged EXEC commands.
• Disabling lockout unlocks all users.
• Re-enabling lockout resets the authentication failures counters.
• Changing the authentication failures threshold does not reset the counters.
Example
The following example enables lockout of a user account after a series of five failures.
aaa login-history file
The aaa login-history file Global Configuration mode command enables writing to login history file.
To disable writing to the file use the no form of this command.
Syntax
• aaa login-history file
• no aaa login-history file
Default Configuration
Enabled.
Command Mode
Global Configuration mode.
Console (config)#
passwords lockout
5
5400_CLI.book Page 427 Wednesday, December 17, 2008 4:33 PM