cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
472
Views
0
Helpful
4
Replies

Securing login on 2851

mitchell.smith
Level 1
Level 1

Hi, I want my 2851 to stop allowing login attempts after 3 failed attempts and to (if possible) send an email to the network administrator about the failed login attempts. Can anyone help with this?

Thanks in advance! Mitchell

4 Replies 4

Collin Clark
VIP Alumni
VIP Alumni

Mitchell-

1. ip ssh authentication-retries 3

2. This can be done with EEM (Embedded Event Manager). Once the 3rd failure happens, a syslog event is triggered and then you would configure EEM to send the email. Here's a link to it http://www.cisco.com/en/US/products/ps6815/products_ios_protocol_group_home.html

You could also post in Network Management, there is a guy (J.Clarke I believe) that is really good at EEM.

Hope that helps.

Hi Collin,

Thanks for your post, I was not aware of EEM and will spend some time looking through it. I think it will work for the email notification.

About the login retries, my router already resets the interface after 3 failed login attempts, but this does not prevent someone from trying again and again to get in using a compromised user ID. What I would like to do is lock out the user ID after 3 failed attempts. Do you know if this is possible?

Thanks for your help!

Mitchell

I think you can do it with aaa authentication attempts login 3. Are you using AAA locally or with a RADISU/TACACs server?

We are using AAA locally. I will try this command on my test router and see what happens. Thanks for the help!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: