Security
118
System Management Guide
3HE 11018 AAAC TQZZA Edition: 01
Default count: 3
minutes1: 5
minutes2: 10
Parameters count — the number of unsuccessful login attempts allowed for the specified time. This
is a mandatory value that must be explicitly entered.
Values 1 to 64
minutes1 — the period of time, in minutes, that a specified number of unsuccessful
attempts can be made before the user is locked out
Values 0 to 60
minutes2 — the lockout period, in minutes, where the user is not allowed to log in
Values 0 to 1440
When the user exceeds the attempted count times in the specified
time, then that user is locked out from any further login attempts for
the configured time period.
authentication-order
Syntax authentication-order [method-1] [method-2] [method-3] [exit-on-reject]
no authentication-order
Context config>system>security>password
Description This command configures the sequence in which password authentication, authorization, and
accounting is attempted among RADIUS, TACACS+, and local passwords.
The order should be from the most preferred authentication method to the least preferred.
The presence of all methods in the command line does not guarantee that they are all
operational. Specifying options that are not available delays user authentication.
If all (operational) methods are attempted and no authentication for a particular login has
been granted, then an entry in the security log registers the failed attempt. Both the attempted
login identification and originating IP address are logged with a timestamp.
The no form of the command reverts to the default authentication sequence.
Default authentication-order radius tacplus local
Parameters method-1 — the first password authentication method to attempt
Values radius, tacplus, local
Default radius
method-2 — the second password authentication method to attempt
Values radius, tacplus, local
Default tacplus
To Next Page
Loading...
