Reference Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4112F-ON/S4112T-ON

521

522

523

524

525

526

527

528

529

530

Example

OS10(config)# ip access-list permit10

OS10(config-ipv4-acl)# permit ip 172.16.0.0 255.255.0.0 any

OS10(config-ipv4-acl)# exit

OS10(config)# line vty

OS10(config-line-vty)# ip access-class permit10

OS10(config-line-vty)#

View VTY ACL conguration

OS10(config-line-vty)# show configuration

line vty

ip access-class permit10

ipv6 access-class deny10

OS10(config-line-vty)#

Enable AAA accounting

To record information about all user-entered commands, use the AAA accounting feature — not supported for RADIUS accounting. AAA

accounting records login and command information in OS10 sessions on console connections (console option) and remote connections

(default option), such as Telnet and SSH.

AAA accounting sends accounting messages:

• Sends a start notice when a process begins, and a stop notice when the process ends (start-stop option)

• Sends only a stop notice when a process ends (stop-only option)

• No accounting notices are sent (none option)

• Logs all accounting notices in syslog (logging option)

• Logs all accounting notices on congured TACACS+ servers (group tacacs+ option)

Enable AAA accounting

• Enable AAA accounting in CONFIGURATION mode.

aaa accounting commands all {console | default} {start-stop | stop-only | none} [logging]

[group tacacs+]

Enter the no form of the command to disable AAA accounting.

Enable user lockout

By default, a maximum of three consecutive failed password attempts is supported on the switch. You can set a limit to the maximum

number of allowed password retries with a specied lockout period for the user ID.

This feature is available only for the sysadmin and secadmin roles.

• Congure user lockout settings in CONFIGURATION mode.

password-attributes {[max-retry number ] [lockout-period minutes]}

– max-retry number — Sets the maximum number of consecutive failed login attempts for a user before the user is locked out

(0 to 16; default 3).

– lockout-period minutes — Sets the amount of time that a user ID is prevented from accessing the system after exceeding

the maximum number of failed login attempts (0 to 43,200; default 0).

When a user is locked out due to exceeding the maximum number of failed login attempts, other users can still access the switch.

By default, lockout-period minutes is 0; no lockout period is congured. Failed login attempts do not lock out a user.

524

System management