System information

ISR Overview and Providing Secure Administrative Access 97

Consider the enhanced support for virtual logins conﬁguration shown in Example 3-17.

After entering global conﬁguration mode, the login block-for 30 attempts 5 within 10

command is used to block login attempts for 30 seconds after ﬁve failed login attempts

occur within a 10-second time period. If logins are then blocked based on the ﬁrst

command, the period of time that logins are blocked is called the quiet period. However, in

this example, the login quiet-mode access-class 101 command speciﬁes that during the

quiet period, trafﬁc permitted by ACL 101 still is allowed to log in via Telnet, SSH, or

HTTP. The delay between successive login attempts is conﬁgured to 3 seconds with the

upon every failed or successful login attempt using the login on failure log and login on-

success log commands. Finally, the show login command is issued to conﬁrm the

conﬁguration of these virtual login parameters.

Table 3-9 Commands for Enhancing Virtual Login Support

Command Description

Router(conﬁg)# login block-for

seconds attempts attempts

within seconds

Speciﬁes the number of failed login attempts

(within a speciﬁed time period) that trigger a quiet

period, during which login attempts would be

blocked.

Router(conﬁg)# login quiet-

mode access-class {acl-name |

acl-number}

Speciﬁes an ACL that identiﬁes exemptions from

the previously described quiet period.

Router(conﬁg)# login delay

seconds

Speciﬁes a minimum period of time that must pass

between login attempts. The default time period is

1 second.

Router(conﬁg)# login on-

failure log [every

login_attempts]

Creates log messages for failed login attempts.

Router(conﬁg)# login on-

success log [every

login_attempts]

Creates log messages for successful login attempts.

Router# show login Can be used to verify that enhanced support for

virtual logins is conﬁgured and to view the login

parameters.