set system lockout
5-18 Setting User Accounts and Passwords
set system lockout
Use this command to set the number of failed login attempts allowed before disabling a read-write
or read-only user account or locking out a super-user account, the number of minutes to lock out a
super-user account after maximum login attempts or inactivity, and the number of inactive days
before a read-write or read-only account is disabled or a super-user account is locked out. You can
also enable or disable the port lockout feature and identify an emergency access user.
Syntax
set system lockout {[attempts attempts] [time minutes] [inactive days] [emergency-
access username] [port {enable | disable}]}
Parameters
Defaults
At least one of the optional parameters must be specified.
Mode
Switch command, super user.
attempts attempts (Optional) Specifies the number of failed login attempts allowed before a
read-write or read-only user’s account will be disabled or a super-user
account will be locked out for a period of time.
Valid ranges are:
• If the security profile = C2, range is from 2 to 5.
• If the security profile = normal, range is from 1 to 15.
The default value is 3 attempts.
time minutes (Optional) Specifies the number of minutes a super-user account will be
locked out after the maximum failed login attempts or period of inactivity.
Valid values are 0 to 65565.
Defaults are:
• If the security profile = C2, default is one minute.
• If the security profile = normal, default is 15 minutes.
inactive days (Optional) Specifies the period of inactivity in days after which a non-
super-user account will be disabled or a super-user account will be locked
out for a period of time. Valid values are 0 to 65565. A value of 0 means
that no inactivity checking will be done.
Defaults are:
• If the security profile = C2, default is 90 days.
• If the security profile = normal, default is 0, accounts will not be
disabled or locked out due to inactivity.
emergency-access
username
(Optional) Specifies the user account that is allowed emergency access to
the switch through the console port.
port enable |
disable
(Optional) Enables or disables the lockout feature on SSH/Telnet (network
access) and the console port interface. When enabled, any sequential
number of failed logins that meet the configured attempts limit will
lockout all logins through those applications.
To Next Page
Loading...
Need help?
General