lockout-duration

This command specifies the duration to lock out local accounts.

Syntax

lockout-duration minutes

Parameters

minutes
Specifies the number of minutes to lock out an account after the maximum number of failed login attempts is exceeded. A value of 0 indicates that accounts are locked out until reset by a privileged administrator. Enter a value in the range 0 - 1000. The default value is 1.

Guidelines

The lockout-duration command specifies the duration to lock out accounts after the maximum number of failed login attempts is exceeded. Define the maximum number of failed login attempts with the max-login failure command. Instead of locking out an account for a specific duration, the account can be locked out until re-enabled by a privileged administrator. To lock out accounts until reset, set the duration to 0.
Note: The lockout-duration command applies to all local accounts, which include the admin account. When the duration is 0, the admin account is locked out for 120 minutes or until reenabled by another administrator.

Examples

Enable lockout behavior for accounts that on the fifth login failure, the account is locked out until reset by a privileged administrator:
# lockout-duration 0
# max-login-failure 4