Manualshelf

R3303-HP HSR6800 Routers Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution
221222223224225226227228229230
216
Syntax
password-control login-attempt login-times [ exceed { lock | lock-time time | unlock } ]
undo password-control login-attempt
Default
The maximum number of consecutive failed login attempts is 3 and a user failing to log in after the
specified number of attempts must wait for 1 minute before trying again.
Views
System view
Default command level
2: System level
Parameters
login-times: Specifies the maximum number of consecutive failed login attempts, in the range of 2 to 10.
exceed: Specifies the action to be taken when a user fails to log in after the specified number of attempts.
lock: Permanently prohibits a user who fails to log in after the specified number of attempts from logging
in.
lock-time time: Forces a user who fails to log in after the specified number of attempts to wait for a period
of time before trying again. The time argument is in minutes and the value range is 1 to 360.
unlock: Allows a user who fails to log in after the specified number of attempts to continue trying to log
in.
Usage guidelines
If prohibited permanently, a user can log in only after you remove the user from the password control
blacklist.
If prohibited temporarily, a user can log in again after the lock time elapses or an administrator removes
the user from the password control blacklist.
If not prohibited to log in, a user is removed from the password control blacklist as long as the user logs
in successfully or after the blacklist aging time (1 minute) elapses.
Examples
# Set the maximum number of login attempts to 4 and permanently prohibit a user from logging in if the
user fails to log in after four attempts.
<Sysname> system-view
[Sysname] password-control login-attempt 4 exceed lock
Later, if a user tries to log in but fails four times, you can find it in the password control blacklist with its
status changed from unlock to lock:
[Sysname] display password-control blacklist
Username: test
IP: 192.168.44.1 Login failed times: 4 Lock flag: lock
Total 1 blacklist item(s) matched. 1 listed.
The user can no longer log in.
# Set the maximum number of login attempts to 2 and prohibit a user from logging in within 3 minutes
if the user fails to log in after two attempts.