R0106-HP MSR Router Series Security Command Reference(V7)
218
password-control login-attempt
Use password-control login-attempt to configure the login attempt limit. The settings include the
maximum number of consecutive login failures and the action to be taken when the maximum number is
reached.
Use undo password-control login-attempt to restore the default.
Syntax
password-control login-attempt login-times [ exceed { lock | lock-time time | unlock } ]
undo password-control login-attempt
Default
The global login-attempt settings:
• The maximum number of consecutive login failures is 3.
• The locking period is 1 minute.
The login-attempt settings for a user group equal the global settings.
The login-attempt settings for a local user equal those for the user group to which the local user belongs.
Views
System view, user group view, local user view
Predefined user roles
network-admin
Parameters
login-times: Specifies the maximum number of consecutive login failures. The value range is 2 to 10.
exceed: Specifies an action to be taken for the user who fails to log in after making the maximum number
of attempts.
• lock: Disables the user account permanently.
• lock-time time: Disables the user account for a period of time. The user can uses this user account
when the timer expires. The value range for the time argument is 1 to 360 minutes.
• unlock: Allows the user account to continue using this account to perform login attempts.
Usage guidelines
The login-attempt policy depends on the view:
• The policy in system view has global significance and applies to all user groups.
• The policy in user group view applies to all local users in the user group.
• The policy in local user view applies only to the local user.
A login-attempt policy with a smaller application scope has higher priority. The system prefers to use the
login-attempt policy in local user view for a local user.
• If no policy is configured for the local user, the system uses the policy for the user group to which the
local user belongs.
• If no policy is configured for the user group, the system uses the global policy.
If an FTP or VTY user fails to log in after making the maximum login attempts, the system adds the user
account and the user's IP address to the password control blacklist. This user account is locked for only
this user. Other users can still use this user account, and the blacklisted user can use other user accounts.