5-10
Basic Configuration
5.3.2. The Invalid Access Lockout Feature
When properly configured and enabled, the Invalid Access Lockout feature can watch
all login attempts made via SSH connection, Telnet connection, web browser or the
serial SetUp Port. If the counter for any of these exceeds the user-defined threshold for
maximum invalid attempts, then the corresponding port or protocol will be automatically
disabled for the length of time specified by the Lockout Duration parameter.
When Invalid Access Attempt monitoring is enabled for the serial SetUp Port, the
TSM/RSM will count invalid access attempts at the serial SetUp Port. If the number of
invalid access attempts exceeds the defined Lockout Attempts trigger value, the
TSM/RSM will lock the serial SetUp Port for the defined Lockout Duration period. When
Invalid Access Attempt monitoring for SSH, Telnet or Web are selected, a lockout will
be triggered when the number of invalid access attempts during the defined Lockout
Duration period exceeds the defined Hit Count for the protocol. For example, if the SSH
Hit Count is set at 10 and the SSH Lockout Duration period is set at 120 seconds, then if
over 10 invalid access attempts are detected within 120 seconds, the TSM/RSM will then
lock out the MAC address that generated the excessive attempts for 120 seconds.
Note that when an Invalid Access Lockout occurs, you can either wait for the Lockout
Duration period to elapse (after which, the TSM/RSM will automatically reactivate the
port or protocol), or you can issue the /UL command (type /UL and press [Enter])
via the Text Interface to instantly unlock all TSM/RSM logical network ports and
communication protocols.
Notes:
• WhentheSerialPortInvalidAccessLockoutAlarmhasbeenenabledas
describedinSection7.5,theTSM/RSMcanalsoprovidenotificationvia
email,SyslogMessage,and/orSNMPtrapwheneveranInvalidAccess
Lockoutoccursattheserialport.
• IftheNetworkPorthasbeenlockedbytheInvalidAccessLockoutfeature,it
willstillrespondtothepingcommand(providingthatthepingcommandhas
notbeendisabledattheNetworkPort.)
The Invalid Access Lockout configuration menus allow you to select the following
parameters:
• SerialPortProtection(SerialPortLockout): Enables/Disables the Invalid Access
Lockout function for the serial SetUp Port and selects lockout parameters. When
this item is enabled and excessive Invalid Access attempts are detected at the
SetUp Port, the SetUp Port will be locked until the user-defined Lockout Duration
period elapses, or until the /UL command is issued.
• SerialPortProtection: Enables/Disables the Invalid Access Lockout feature for
the serial SetUp Port. (Default = Off)
• LockoutAttempts: The number of invalid attempts that must occur in order to
trigger the Invalid Access Lockout feature at the serial SetUp Port. (Default = 9)
• LockoutDuration: This option selects the length of time that the serial SetUp
Port will remain locked when Invalid Access Lockout occurs. If the duration is
set at "Infinite", then ports will remained locked until the /UL command is issued.
(Default = 30 Minutes)
To Next Page
Loading...
Need help?
General
