193
exceed: Specifies the action to be taken when a user fails to log in after the specified number of attempts.
lock: Permanently prohibits a user who fails to log in after the specified number of attempts from logging
in.
lock-time time: Forces a user who fails to log in after the specified number of attempts to wait for a period
of time before trying again. The time argument is in minutes and in the range 1 to 360.
unlock: Allows a user who fails to log in after the specified number of attempts to continue trying to log
in.
Description
Use the password-control login-attempt command to specify the maximum number of consecutive failed
login attempts and the action to be taken when a user fails to log in after the specified number of
attempts.
Use the undo password-control login-attempt command to restore the default.
By default, the maximum number of consecutive failed login attempts is three and a user failing to log in
after the specified number of attempts must wait for one minute before trying again.
• If prohibited permanently, a user can log in only after you remove the user from the blacklist.
• If prohibited temporarily, a user can log in again after the lock time elapses or an administrator
removes the user from the blacklist.
• If not prohibited to log in, a user is removed from the blacklist as long as the user logs in successfully
or after the blacklist aging time (one minute) elapses.
Related commands: display password-control, display password-control blacklist, reset
password-control blacklist.
Examples
# Set the maximum number of login attempts to four and permanently prohibit a user failing to log in
after four attempts from logging in.
<Sysname> system-view
[Sysname] password-control login-attempt 4 exceed lock
Later, if a user tries to log in but fails four times, you can find it in the blacklist, with its status changed from
unlock to lock:
[Sysname] display password-control blacklist
Username: test
IP: 192.168.44.1 Login failed times: 4 Lock flag: lock
Total 1 blacklist item(s) matched. 1 listed.
The user can no longer log in.
# Set the maximum number of login attempts to two and prohibit a user failing to log in after two attempts
from logging in within three minutes.
<Sysname> system-view
[Sysname] password-control login-attempt 2 exceed lock-time 3
Later, if a user tries to log in but fails two times, you can find it in the blacklist, with its status changed from
unlock to lock:
[Sysname] display password-control blacklist
Username: test
IP: 192.168.44.1 Login failed times: 2 Lock flag: lock
To Next Page
Loading...
