Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

What's the difference between "login block-for X attempts X within X" and "security authentication failure rate X"?

What's the difference between, just for example, "login block-for 100 attempts 15 within 100" and "security authentication failure rate 3"?

Please ignore the numbers, I need to know what the differences are in commands and what they do, what they affect.

Everyone's tags (1)
Cisco Employee

security authentication

security authentication failure rate threshold-rate log
threshold-rate  : Number of allowable unsuccessful login attempts. The valid value range for the threshold-rate argument is 2 to 1024. The default is 10.
The default number of failed login attempts before a 15-second delay is 10.

login block-for 60 attempts 2 within 10

The command above will BLOCK all connections to Router1 for 60 seconds if the credentials are entered INCORRECTLY 2 times WITHIN a span of 10 seconds. If this policy is breached you’ll get the following message on the console terminal  
That command and the "login block-for" command only apply to VTY/TTY lines and not the console line.



New Member

Your explanation is useful

Your explanation is useful

CreatePlease login to create content