InformationSome tools exist on the Internet, which specifically attack the management-plane protocol accounts of the system and frequently attempt accounts to attack devices so as to obtain accounts. Therefore, the system should be able to reject all remote login requests in a blocking manner when it is found that repeated remote login attempts fail for a certain number of consecutive times by monitoring the system account authentication. At this time, only IP requests from whitelisted users are allowed to be responded). This blocking can last for a period of time, so as to achieve the purpose of timely cutting off brute-force cracking attempts and protecting the CPU processing capability of the management plane.
SolutionConfiguring the number of failures and locking time by running the following commands:
ZXR10 (config-system-user)#user-authen-restriction fail-time 3 lock-minute 2