An attacker attempts to obtain system administrators' login access rights by traversing key information, such as user names and passwords.
To defend against such common user name and password attack and crack attempts, configure the maximum number of authentication failures and the authentication interval to prevent login of unauthorized users. Then users who fail in authentication for the maximum number of times will be blocked for a period, decreasing the attempt success rate and hardening switch security.
Enable local account locking and set the retry interval to 6 minutes, maximum number of consecutive password errors to 4, and account locking period to 6 minutes.
<HUAWEI> system-view [HUAWEI] aaa [HUAWEI-aaa] local-aaa-user wrong-password retry-interval 6 retry-time 4 block-time 6 //By default, local account locking is enabled, the retry interval is 5 minutes, the maximum number of consecutive password errors is 3, and the account locking period is 5 minutes.