cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
24319
Views
20
Helpful
2
Replies

What's the difference between "login block-for X attempts X within X" and "security authentication failure rate X"?

gravityfive
Level 1
Level 1

What's the difference between, just for example, "login block-for 100 attempts 15 within 100" and "security authentication failure rate 3"?

Please ignore the numbers, I need to know what the differences are in commands and what they do, what they affect.

2 Replies 2

Venkatesh Attuluri
Cisco Employee
Cisco Employee

security authentication failure rate threshold-rate log
threshold-rate  : Number of allowable unsuccessful login attempts. The valid value range for the threshold-rate argument is 2 to 1024. The default is 10.
The default number of failed login attempts before a 15-second delay is 10.


login block-for 60 attempts 2 within 10

The command above will BLOCK all connections to Router1 for 60 seconds if the credentials are entered INCORRECTLY 2 times WITHIN a span of 10 seconds. If this policy is breached you’ll get the following message on the console terminal  
That command and the "login block-for" command only apply to VTY/TTY lines and not the console line.

 

 

Your explanation is useful

Review Cisco Networking for a $25 gift card