09-15-2008 07:10 PM - edited 03-10-2019 04:05 PM
Hi, I want my 2851 to stop allowing login attempts after 3 failed attempts and to (if possible) send an email to the network administrator about the failed login attempts. Can anyone help with this?
Thanks in advance! Mitchell
09-16-2008 08:18 AM
Mitchell-
1. ip ssh authentication-retries 3
2. This can be done with EEM (Embedded Event Manager). Once the 3rd failure happens, a syslog event is triggered and then you would configure EEM to send the email. Here's a link to it http://www.cisco.com/en/US/products/ps6815/products_ios_protocol_group_home.html
You could also post in Network Management, there is a guy (J.Clarke I believe) that is really good at EEM.
Hope that helps.
09-16-2008 10:11 AM
Hi Collin,
Thanks for your post, I was not aware of EEM and will spend some time looking through it. I think it will work for the email notification.
About the login retries, my router already resets the interface after 3 failed login attempts, but this does not prevent someone from trying again and again to get in using a compromised user ID. What I would like to do is lock out the user ID after 3 failed attempts. Do you know if this is possible?
Thanks for your help!
Mitchell
09-16-2008 01:06 PM
I think you can do it with aaa authentication attempts login 3. Are you using AAA locally or with a RADISU/TACACs server?
09-16-2008 02:21 PM
We are using AAA locally. I will try this command on my test router and see what happens. Thanks for the help!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide