Cisco Security Authentication Failure Rate
Cisco Security Authentication Failure Rate or SHIT THAT DOES NOT WORK!!!
security authentication failure rate To configure the number of allowable unsuccessful login attempts, use the security authentication failure rate command in global configuration mode. security authentication failure rate threshold-rate log threshold-rate - Number of allowable unsuccessful login attempts. The valid value range for the threshold-rate argument is 2 to 1024. The default is 10. log - Syslog authentication failures if the rate exceeds the threshold. The default number of failed login attempts before a 15-second delay is 10.
security authentication failure rate - Example IOS help gives you a little more insight into how ‘security authentication failure rate’ is supposed to work: r3(config)# security authentication failure rate 3 ? log log a message if the Authentication failures over the last one minute equalled this number r3(config)# security authentication failure rate 3 log
security authentication failure rate – Does it work? I have not been able to get this to work. I’ve tried with routers running 12.4(12.4(15)T10) and 12.3(12.3(14)T7) and could not get this to work. I tried ‘login local’ and just using a simple vty password. No logging. No 15-second delay. Nothing. So this is good to know for your exam and maybe it will work with your flavor of IOS, but I could not get this to work. If you cannot get this to work in production, you might want to check out the “login block” feature instead.
Why doesn’t it work: A conspiracy theory I’m totally speculating here, but I think that this was a command that was either never implemented – or implemented and deprecated. The ‘login block’ feature set accomplishes all of the same task that ‘security authentication failure rate’ attempts to address – with a lot more granularity as well as the ability to verify settings.
Recommend
More recommend
