Use AAA to lock out source IP?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-04-2011 01:15 PM - edited 03-10-2019 06:12 PM
Hello,
Is there any aaa command(s) to lock-out source IPs after a given number of attempts? I'd like to make it so specific users do not get locked out universally. (2811 v12.3 (8) T5)
Or would I need an IPS for this?
Thanks for any info,
Sean
- Labels:
-
AAA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-04-2011 08:16 PM
Hi Sean,
Honestly i did not understand your exact requirement. You can direct the traffic to the AAA server via a source interface of the router.
Tacacs :
ip tacacs source-interface subinterface-name
http://www.cisco.com/en/US/docs/ios/12_3/security/command/reference/sec_i1g.html#wp1074100
Radius:
ip radius source-interface subinterface-name [vrf vrf-name]
http://www.cisco.com/en/US/docs/ios/12_3/security/command/reference/sec_i1g.html#wp1071845
You can define the maximum attempts of the user as well. After failure of these attempts the account wll get locked out.
aaa authentication attempts login number-of-attempts
http://www.cisco.com/en/US/docs/ios/12_3/security/command/reference/sec_a1g.html#wp1070744
Hope this helps.
Regards,
Anisha
P.S.:Please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.
