switch#
configure terminal
switch(config)#
login block-for 100 attempts 3 within 60
switch(config)#
show login
No Quiet-Mode access list has been configured, default ACL will be applied.
Switch is enabled to watch for login Attacks.
If more than 3 login failures occur in 60 seconds or less,
logins will be disabled for 100 seconds.
Switch presently in Normal-Mode.
Current Watch Window remaining time 45 seconds.
Present login failure count 0.
switch(config)#
show login failures
*** No logged failed login attempts with the device.***
The following example shows how to configure a quiet-mode ACL. All login requests are denied during the
quiet period except hosts from the myacl ACL. This example also shows a login failure.
switch#
configure terminal
switch(config)#
login block-for 100 attempts 3 within 60
switch(config)#
login quiet-mode access-class myacl
switch(config)#
show login
Switch is enabled to watch for login Attacks.
If more than 3 login failures occur in 60 seconds or less,
logins will be disabled for 100 seconds.
Switch presently in Quiet-Mode.
Will remain in Quiet-Mode for 98 seconds.
Denying logins from all sources.
switch(config)#
show login failures
Information about last 20 login failure's with the device.
--------------------------------------------------------------------------------
Username
Line
SourceIPAddr
Appname
TimeStamp
--------------------------------------------------------------------------------
asd
/dev/pts/0
171.70.55.158
login
Mon Aug
3 18:18:54 2015
qweq
/dev/pts/0
171.70.55.158
login
Mon Aug
3 18:19:02 2015
qwe
/dev/pts/0
171.70.55.158
login
Mon Aug
3 18:19:08 2015
--------------------------------------------------------------------------------
Configuration Examples for the Password Prompt Feature
The following example shows how to configure the switch to prompt the user to enter a password after she
enters the
username
command and the error message that displays if she does not enter a password.
switch#
configure terminal
switch(config)#
password prompt username
Password prompt username is enabled.
After providing the required options in the username command, press enter.
User will be prompted for the username password and password will be hidden.
Note: Choosing password key in the same line while configuring user account, password will
not be hidden.
switch(config)#
username user1
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
36
Configuring AAA
Configuration Examples for the Password Prompt Feature