Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
20962
Views
20
Helpful
2
Replies

What's the difference between "login block-for X attempts X within X" and "security authentication failure rate X"?

gravityfive
Level 1
Level 1

‎07-17-2014 01:53 PM - edited ‎02-21-2020 05:14 AM

What's the difference between, just for example, "login block-for 100 attempts 15 within 100" and "security authentication failure rate 3"?

Please ignore the numbers, I need to know what the differences are in commands and what they do, what they affect.

1 person had this problem
0 Helpful
2 Replies 2

Venkatesh Attuluri
Cisco Employee
Cisco Employee

‎07-30-2014 08:57 AM

security authentication failure rate threshold-rate log
threshold-rate  : Number of allowable unsuccessful login attempts. The valid value range for the threshold-rate argument is 2 to 1024. The default is 10.
The default number of failed login attempts before a 15-second delay is 10.


login block-for 60 attempts 2 within 10

The command above will BLOCK all connections to Router1 for 60 seconds if the credentials are entered INCORRECTLY 2 times WITHIN a span of 10 seconds. If this policy is breached you’ll get the following message on the console terminal  
That command and the "login block-for" command only apply to VTY/TTY lines and not the console line.

 

 

muthukumars1994
Level 1
Level 1
In response to Venkatesh Attuluri

‎09-02-2016 11:05 PM

Your explanation is useful

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card