02-05-2015 06:41 PM
The IOS device has a command of
login block-for 60 attempts 3 within 10 and login on-failure log every 3
if i want do it in the IOS-XR device
i can't find the command in the Config Guid
what command can support this function for me
Thanks
Solved! Go to Solution.
02-06-2015 04:44 AM
XR does not support either of these commands, however we do log all failures in syslog and XR has a separate management plane so you should not be getting too many brute force attempts.
However, if you are, or even are not, then I would recommend using MPP (http://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r5-1/security/configuration/guide/b_syssec_cg51xasr9k/b_syssec_cg51xasr9k_chapter_0110.html) as MPP will send a TCP reset instead of establishing a connection for login if the IP address or incoming interface is not in the specified values.
Thanks,
Sam
02-06-2015 04:44 AM
XR does not support either of these commands, however we do log all failures in syslog and XR has a separate management plane so you should not be getting too many brute force attempts.
However, if you are, or even are not, then I would recommend using MPP (http://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r5-1/security/configuration/guide/b_syssec_cg51xasr9k/b_syssec_cg51xasr9k_chapter_0110.html) as MPP will send a TCP reset instead of establishing a connection for login if the IP address or incoming interface is not in the specified values.
Thanks,
Sam
09-28-2016 03:48 AM
If among right range IP have some abnormal IP behavior, how should I do?
Thank you very much.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide