Reference Guide
number of max-auth-tries is reduced by one. In this case, if you congured ip ssh server max-auth-tries 1, the
password prompt does not display.
Virtual terminal line
Virtual terminal line (VTY) is used to control Telnet or SSH connections to the switch.
You can enter the VTY mode by using the line vty command in the CONFIGURATION mode.
OS10(config)# line vty
OS10(config-line-vty)#
Control access to VTY
You can control the Telnet or SSH connections to the switch by applying access lists on VTY lines.
Create IP or IPv6 access lists with permit or deny lters.
Enter the VTY mode by using the line vty command in the CONFIGURATION mode.
Apply the access lists to the VTY line with the {ip | ipv6} access-class access-list-name command.
Example
OS10(config)# ip access-list permit10
OS10(config-ipv4-acl)# permit ip 172.16.0.0 255.255.0.0 any
OS10(config-ipv4-acl)# exit
OS10(config)# line vty
OS10(config-line-vty)# ip access-class permit10
OS10(config-line-vty)#
View VTY ACL conguration
OS10(config-line-vty)# show configuration
!
line vty
ip access-class permit10
ipv6 access-class deny10
OS10(config-line-vty)#
Enable login statistics
To monitor system security, allow users to view their own login statistics when they sign in to the system. A large number of login failures or
an unusual login location may indicate a system hacker. Enable the display of login information after a user successfully logs in; for example:
OS10 login: admin
Password:
Last login: Thu Nov 2 16:02:44 UTC 2017 on ttyS1
Linux OS10 3.16.43 #2 SMP Debian 3.16.43-2+deb8u5 x86_64
...
Time-frame for statistics : 25 days
Role changed since last login : false
Failures since last login : 0
Failures in time period : 1
Successes in time period : 14
OS10#
This feature is available only for the sysadmin and secadmin roles.
• Enable the display of login information in CONFIGURATION mode.
login-statistics enable
System management
461