1.6.1 Configure Login Block - login quiet-mode

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

All login parameters are disabled by default. You must issue the login block-for command, which enables default login functionality, before using any other login commands. After the login block-for command is enabled, the following defaults are enforced:

A default login delay of one second

All login attempts made via Telnet or SSH are denied during the quiet period; that is, no ACLs are exempt from the login period until the login quiet-mode access-class command is issued.

Rationale:

If the configured number of connection attempts fail within a specified time period, the Cisco device will not accept any additional connections for a 'quiet period.' (Hosts that are permitted by a predefined access-control list [ACL] are excluded from the quiet period.)

The number of failed connection attempts that trigger the quiet period can be specified via the new global configuration mode command login block-for . The predefined ACL that is excluded from the quiet period can be specified via the new global configuration mode command login quiet-mode access-class .

Solution

To enable the feature enter the commands

Hostname#(config)login block-for {**seconds**} attempts {**tries**} within {**seconds**

All login attempts made via Telnet or SSH are denied during the quiet period; that is, no ACLs are exempt from the login period until the login quiet-mode access-class command is issued

Hostname#(config)login quiet-mode access class {**acl-name | acl-number**}
Hostname#(config)login delay {**seconds**}

Default Value:

no login-block enabled

See Also

https://workbench.cisecurity.org/files/3762