1-8
z
lock-time
: In this mode, the system inhibits the user from re-logging in within a certain time period.
After the period, the user is allowed to log into the switch again. By default, this time is 120
minutes.
z
lock
: In this mode, the system inhibits the user from re-logging in forever. The user is allowed to
log into the switch again only after the administrator removes the user from the user blacklist.
z
unlock
: In this mode, the system allows the user to log in again.
z
Login attempt times limitation and failure processing are not supported for FTP and Super
passwords.
z
The number of retries allowed to enter an SSH password is determined by the configuration of the
SSH server instead of that configured by using the
password-control login-attempt
command.
You can use the
password-control login-attempt
command to configure the actions to be taken
when the number of retries to enter the SSH password exceeds the configured value. Refer to
SSH Terminal Services part for information about SSH server.
z
If a user in the blacklist changes his/her IP address, the blacklist will not affect the user anymore
when the user logs into the switch.
The system administrator can perform the following operations to manually remove one or all user
entries in the blacklist.
Table 1-8
Manually remove one or all user entries in the blacklist
Operation
Command
Description
Delete one specific or all
user entries in the blacklist
reset password-control
blacklist
[
user-name
user-name
]
Executing this command without the
user-name
user-name
option
removes all the user entries in the
blacklist.
Executing this command with the
user-name
user-name
option
removes the specified user entry in the
blacklist.
Configuring the Password Authentication Timeout Time
When the local/remote server receives the user name, the authentication starts; when the user
authentication is completed, the authentication ends. Whether the user is authenticated on the local
server or on a remote server is determined by the related AAA configuration.
If a password authentication is not completed before the authentication timeout expires, the
authentication fails, and the system terminates the connection and makes some logging.
If a password authentication is completed within the authentication timeout time, the user will log into
the switch normally.