Cisco Security Authentication Failure Rate Cisco Security - - PowerPoint PPT Presentation

Cisco Security Authentication Failure Rate

Cisco Security Authentication Failure Rate SHIT THAT DOES NOT WORK!!!

• r

To configure the number of allowable unsuccessful login attempts, use the security authentication failure rate command in global configuration mode. security authentication failure rate threshold-rate log threshold-rate - Number of allowable unsuccessful login attempts. The valid value range for the threshold-rate argument is 2 to 1024. The default is 10. log - Syslog authentication failures if the rate exceeds the threshold. The default number of failed login attempts before a 15-second delay is 10.

security authentication failure rate

IOS help gives you a little more insight into how ‘security authentication failure rate’ is supposed to work:

r3(config)# security authentication failure rate 3 ? log log a message if the Authentication failures over the last one minute equalled this number r3(config)# security authentication failure rate 3 log

security authentication failure rate - Example

I have not been able to get this to work. I’ve tried with routers running 12.4(12.4(15)T10) and 12.3(12.3(14)T7) and could not get this to work. I tried ‘login local’ and just using a simple vty

• password. No logging. No 15-second delay. Nothing.

So this is good to know for your exam and maybe it will work with your flavor of IOS, but I could not get this to work. If you cannot get this to work in production, you might want to check out the “login block” feature instead.

security authentication failure rate – Does it work?

I’m totally speculating here, but I think that this was a command that was either never implemented – or implemented and deprecated. The ‘login block’ feature set accomplishes all

• f the same task that ‘security authentication failure rate’ attempts to address – with a lot more

granularity as well as the ability to verify settings.

Why doesn’t it work: A conspiracy theory