The access-user remote authen-fail command enables the account locking function for access users who fail remote authentication.
The undo access-user remote authen-fail command disables the account locking function for access users who fail remote authentication.
By default, the account locking function is disabled for access users who fail remote authentication.
access-user remote authen-fail retry-interval retry-interval retry-time retry-time block-time block-time
undo access-user remote authen-fail
| Parameter | Description | Value |
|---|---|---|
retry-interval retry-interval |
Specifies the authentication retry interval after a remote authentication failure. |
The value is an integer in the range from 5 to 65535, in minutes. |
retry-time retry-time |
Specifies the maximum number of consecutive authentication failures. |
The value is an integer in the range from 3 to 65535. |
block-time block-time |
Specifies the account locking period. |
The value is an integer in the range from 5 to 65535, in minutes. |
Usage Scenario
To ensure account and password security, enable the account locking function for access users who fail remote authentication. If a user reaches the incorrect account or password attempt limit within the specified authentication retry period, the user is locked and will be automatically unlocked after a certain period.
Precautions
# Enable the account locking function for access users who fail remote authentication, and set the authentication retry interval to 5 minutes, maximum number of consecutive authentication failures to 3, and account locking period to 5 minutes.
<HUAWEI> system-view [HUAWEI] aaa [HUAWEI-aaa] access-user remote authen-fail retry-interval 5 retry-time 3 block-time 5