Cisco Support Community
Community Member

Securing login on 2851

Hi, I want my 2851 to stop allowing login attempts after 3 failed attempts and to (if possible) send an email to the network administrator about the failed login attempts. Can anyone help with this?

Thanks in advance! Mitchell


Re: Securing login on 2851


1. ip ssh authentication-retries 3

2. This can be done with EEM (Embedded Event Manager). Once the 3rd failure happens, a syslog event is triggered and then you would configure EEM to send the email. Here's a link to it

You could also post in Network Management, there is a guy (J.Clarke I believe) that is really good at EEM.

Hope that helps.

Community Member

Re: Securing login on 2851

Hi Collin,

Thanks for your post, I was not aware of EEM and will spend some time looking through it. I think it will work for the email notification.

About the login retries, my router already resets the interface after 3 failed login attempts, but this does not prevent someone from trying again and again to get in using a compromised user ID. What I would like to do is lock out the user ID after 3 failed attempts. Do you know if this is possible?

Thanks for your help!


Re: Securing login on 2851

I think you can do it with aaa authentication attempts login 3. Are you using AAA locally or with a RADISU/TACACs server?

Community Member

Re: Securing login on 2851

We are using AAA locally. I will try this command on my test router and see what happens. Thanks for the help!

CreatePlease to create content