Hello,
With local authentication (with no aaa new-model -no tacacs, no radius device/function)) I would like to get an information message that the authentication failed not at all error of mis-writting the password, but only when the 3th attempt/try is failed ?
Does someone knows if we can do this ?
Regards,
Solved! Go to Solution.
This is possible, but you need to be running an IOS Security Feature Set. Your command would look like this:
security authentication failure rate 3 log
For more info:
http://www.cisco.com/en/US/docs/ios/12_3/security/command/reference/sec_r1g.html#wp1098833
Please rate this post if it helps.
Edit: Keep in mind that this command introduces a 15-second delay once the failure threshold is reached. This is a Brute-force attack mitigation technique by design, but it does meet your requirement. Besides this, I would recommend leaning on EEM and perhaps some TCL scripting, which far too much for such a small task.
This is possible, but you need to be running an IOS Security Feature Set. Your command would look like this:
security authentication failure rate 3 log
For more info:
http://www.cisco.com/en/US/docs/ios/12_3/security/command/reference/sec_r1g.html#wp1098833
Please rate this post if it helps.
Edit: Keep in mind that this command introduces a 15-second delay once the failure threshold is reached. This is a Brute-force attack mitigation technique by design, but it does meet your requirement. Besides this, I would recommend leaning on EEM and perhaps some TCL scripting, which far too much for such a small task.
Hello Antonio,
Thank you for your answer. THis would help me.
I'll also have a look at EEM.
Best Regards,