09-15-2008 07:10 PM - edited 03-10-2019 04:05 PM
Hi, I want my 2851 to stop allowing login attempts after 3 failed attempts and to (if possible) send an email to the network administrator about the failed login attempts. Can anyone help with this?
Thanks in advance! Mitchell
09-16-2008 08:18 AM
Mitchell-
1. ip ssh authentication-retries 3
2. This can be done with EEM (Embedded Event Manager). Once the 3rd failure happens, a syslog event is triggered and then you would configure EEM to send the email. Here's a link to it http://www.cisco.com/en/US/products/ps6815/products_ios_protocol_group_home.html
You could also post in Network Management, there is a guy (J.Clarke I believe) that is really good at EEM.
Hope that helps.
09-16-2008 10:11 AM
Hi Collin,
Thanks for your post, I was not aware of EEM and will spend some time looking through it. I think it will work for the email notification.
About the login retries, my router already resets the interface after 3 failed login attempts, but this does not prevent someone from trying again and again to get in using a compromised user ID. What I would like to do is lock out the user ID after 3 failed attempts. Do you know if this is possible?
Thanks for your help!
Mitchell
09-16-2008 01:06 PM
I think you can do it with aaa authentication attempts login 3. Are you using AAA locally or with a RADISU/TACACs server?
09-16-2008 02:21 PM
We are using AAA locally. I will try this command on my test router and see what happens. Thanks for the help!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: