https://community.cisco.com/t5/network-access-control/securing-login-on-2851/m-p/1092150#M369423 <HTML><HEAD></HEAD><BODY><P>Hi Collin,</P><P>Thanks for your post, I was not aware of EEM and will spend some time looking through it. I think it will work for the email notification.</P><P></P><P>About the login retries, my router already resets the interface after 3 failed login attempts, but this does not prevent someone from trying again and again to get in using a compromised user ID. What I would like to do is lock out the user ID after 3 failed attempts. Do you know if this is possible?</P><P>Thanks for your help!</P><P>Mitchell</P><P></P></BODY></HTML> Tue, 16 Sep 2008 17:11:16 GMT mitchell.smith 2008-09-16T17:11:16Z https://community.cisco.com/t5/network-access-control/securing-login-on-2851/m-p/1092148#M369404 <P>Hi, I want my 2851 to stop allowing login attempts after 3 failed attempts and to (if possible) send an email to the network administrator about the failed login attempts. Can anyone help with this?</P><P>Thanks in advance! Mitchell</P> Sun, 10 Mar 2019 23:05:23 GMT https://community.cisco.com/t5/network-access-control/securing-login-on-2851/m-p/1092148#M369404 mitchell.smith 2019-03-10T23:05:23Z https://community.cisco.com/t5/network-access-control/securing-login-on-2851/m-p/1092149#M369412 <HTML><HEAD></HEAD><BODY><P>Mitchell-</P><P></P><P>1. ip ssh authentication-retries 3</P><P>2. This can be done with EEM (Embedded Event Manager). Once the 3rd failure happens, a syslog event is triggered and then you would configure EEM to send the email. Here's a link to it <A class="jive-link-custom" href="http://www.cisco.com/en/US/products/ps6815/products_ios_protocol_group_home.html" target="_blank">http://www.cisco.com/en/US/products/ps6815/products_ios_protocol_group_home.html</A></P><P></P><P>You could also post in Network Management, there is a guy (J.Clarke I believe) that is really good at EEM.</P><P></P><P>Hope that helps.</P></BODY></HTML> Tue, 16 Sep 2008 15:18:38 GMT https://community.cisco.com/t5/network-access-control/securing-login-on-2851/m-p/1092149#M369412 Collin Clark 2008-09-16T15:18:38Z https://community.cisco.com/t5/network-access-control/securing-login-on-2851/m-p/1092150#M369423 <HTML><HEAD></HEAD><BODY><P>Hi Collin,</P><P>Thanks for your post, I was not aware of EEM and will spend some time looking through it. I think it will work for the email notification.</P><P></P><P>About the login retries, my router already resets the interface after 3 failed login attempts, but this does not prevent someone from trying again and again to get in using a compromised user ID. What I would like to do is lock out the user ID after 3 failed attempts. Do you know if this is possible?</P><P>Thanks for your help!</P><P>Mitchell</P><P></P></BODY></HTML> Tue, 16 Sep 2008 17:11:16 GMT https://community.cisco.com/t5/network-access-control/securing-login-on-2851/m-p/1092150#M369423 mitchell.smith 2008-09-16T17:11:16Z https://community.cisco.com/t5/network-access-control/securing-login-on-2851/m-p/1092151#M369448 <HTML><HEAD></HEAD><BODY><P>I think you can do it with <B>aaa authentication attempts login 3</B>. Are you using AAA locally or with a RADISU/TACACs server?</P><P></P><P></P></BODY></HTML> Tue, 16 Sep 2008 20:06:31 GMT https://community.cisco.com/t5/network-access-control/securing-login-on-2851/m-p/1092151#M369448 Collin Clark 2008-09-16T20:06:31Z https://community.cisco.com/t5/network-access-control/securing-login-on-2851/m-p/1092152#M369464 <HTML><HEAD></HEAD><BODY><P>We are using AAA locally. I will try this command on my test router and see what happens. Thanks for the help!</P></BODY></HTML> Tue, 16 Sep 2008 21:21:49 GMT https://community.cisco.com/t5/network-access-control/securing-login-on-2851/m-p/1092152#M369464 mitchell.smith 2008-09-16T21:21:49Z