Login block-for

R1<---->R2

R2 has this config:

login block-for 15 attempts 2 within 30
login on-failure log every 60

R1 tries to log in twice and fails.
Log is generated, temporary ACL is put on VTY and AUX ports.

000077: *Mar 1 02:30:18.823 UTC: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 15 secs, [user: ] [Source: 192.168.12.1] [localport: 23] [Reason: Login Authentication Failed] [ACL: sl_def_acl] at 02:30:18 UTC Fri Mar 1 2002

line con 0
exec-timeout 5 0
logging synchronous
login authentication local_auth
transport output telnet
line aux 0
access-class sl_def_acl in
login authentication local_auth
transport output telnet
line vty 0 4
access-class sl_def_acl in
login authentication local_auth
transport input telnet ssh

After 15 seconds, the ACLs are removed:

line con 0
exec-timeout 5 0
logging synchronous
login authentication local_auth
transport output telnet
line aux 0
login authentication local_auth
transport output telnet
line vty 0 4
login authentication local_auth
transport input telnet ssh
!

CCIE TO BE - SECURITY

Saturday, May 8, 2010

Login block-for

No comments:

Post a Comment

Blog Archive

About Me