max-login-failure
This command specifies whether to lock out a local user account after a specific number of failed login attempts.
Syntax
max-login-failure count
Parameters
- count
- Specifies the maximum number of failed login attempts to allow before lockout. A value of 0 disables account lockout. Enter a value in the range 0 64. The default value is 3.
Guidelines
The max-login-failure command defines the number of failed login attempts to
allow before a successful login. If the value is 3 and the user failed three consecutive login
attempts, the behavior on the next login attempt for this user is as follows:
- If failure, the account is locked out. The duration of the lockout depends on the value that is defined by the lockout-duration command.
- If successful, the account is not locked out and the count is reset.
Note: The max-login failure command applies to all local accounts, which include
the
admin account. When the duration is 0, the admin account is
locked out for 120 minutes or until reenabled by another administrator.Examples
- Enable lockout behavior for accounts that on the fifth login failure, the account is locked out
until reset by a privileged
administrator:
# lockout-duration 0 # max-login-failure 4 - Disable lockout.
# max-login failure 0