lockout-duration
This command specifies the duration to lock out local accounts.
Syntax
lockout-duration minutes
Parameters
- minutes
- Specifies the number of minutes to lock out an account after the maximum number of failed login attempts is exceeded. A value of 0 indicates that accounts are locked out until reset by a privileged administrator. Enter a value in the range 0 - 1000. The default value is 1.
Guidelines
The lockout-duration command specifies the duration to lock out accounts after
the maximum number of failed login attempts is exceeded. Define the maximum number of failed login
attempts with the max-login failure command. Instead of locking out an account
for a specific duration, the account can be locked out until re-enabled by a privileged
administrator. To lock out accounts until reset, set the duration to 0.
Note: The
lockout-duration command applies to all local accounts, which include the
admin
account. When the duration is 0, the admin
account is locked
out for 120 minutes or until reenabled by another administrator.Examples
Enable lockout behavior for accounts that on the fifth login failure, the account is locked out
until reset by a privileged
administrator:
# lockout-duration 0
# max-login-failure 4