login authentication lockout

Last Updated : Apr 06, 2020 |

Use the login authentication lockout command to lock out or disable a local user account after successive failed login attempts. When an account is disabled, the administrator must re-enable the account. Use the no form of the command to return the lockout or disable threshold counts to their default values.

When you run the login authentication lockout command, the new lockout settings immediately override previous settings for all user accounts.

Note:

You can only lock a root account, but not disable it.

Syntax

login authentication {[lockout <time> | disable | unset] | attempt <count>

Parameters

Parameter

Description

Possible Values

Default Value

lockout

A keyword to implement the policy of locking an account for a specified time if the count is exceeded

time

The lockout time in seconds

30-3600

0

Disables the timeout function.

180

disable

A keyword to implement the policy of disabling an account if the count is exceeded

unset

A keyword indicating not to implement account lockout or account disablement

count

The number of successive failed login attempts before account lockout is enforced

1-10

0

Disables the timeout function.

3

User Level

admin

Context

general

Example

To disable access to the device after eight failed login attempts:

Gxxx-001(super)# login authentication disable attempt 8