The aaa-quiet administrator except-list command configures a user to access the network using a specified IP address when the user account is locked.
The undo aaa-quiet administrator except-list command restores the default setting.
By default, a user cannot access the network when the account is locked.
aaa-quiet administrator except-list { ipv4-address | ipv6-address } &<1-32>
undo aaa-quiet administrator except-list
Parameter |
Description |
Value |
|---|---|---|
ipv4-address |
Specifies an IPv4 address. A user can access the network using this IPv4 address when the user account is locked. |
The value must be a valid unicast address in dotted decimal notation. |
ipv6-address |
Specifies an IPv6 address. A user can access the network using this IPv6 address when the user account is locked. |
The total length of the value is 128 bits, which are divided into eight groups. Each group contains four hexadecimal digits. The value is in the format of X:X:X:X:X:X:X:X. |
Usage Scenario
In AAA view, after the function of locking the account of an AAA local authentication user or AAA remote authentication user is configured using the local-aaa-user wrong-password or administrator remote authen-fail command, if a user consecutively enters an incorrect password and the number of times that the user enters an incorrect password reaches the allowed maximum number of times, the user account is locked and the user cannot access the network when the account is locked. To facilitate maintenance and management, you can run the aaa-quiet administrator except-list command to configure the user to access the network using a specified IP address when the user account is locked.
Precautions