cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
theartfulpenguin
New Contributor

NetVanta 3200's excessive login attemps. 'access-attempts' isn't an available option.

We use NetVanta 3200's for T1 termination and seeing excessive login attempts.  We want to use the 'access-attempts' command on page 1982 of the AOS 13.6 command reference.

When we navigate to the proper place in the configuration under, enable/config t/ line console 0, it isn't an option.

Is there something else that needs to be enabled for that to be an option?

Is it not an option on the NetVanta 3200? If not is there another way/command to do a time lockout for failed logins?  The max is 30 seconds.  We wish it could be 5 or 10 minutes.

I can post a screenshot of the available options.

I verified the current firmware is AOS 13.6, backup firmware is 13.5.  The command reference states this command was introduced in AOS 11.10.2.

Help.  Thanks. 

Labels (1)
Tags (3)
0 Kudos
3 Replies
jayh
Honored Contributor
Honored Contributor

Re: NetVanta 3200's excessive login attemps. 'access-attempts' isn't an available option.

I assume that the device is exposed to the Internet and you're seeing attempts from random IPs not under your control. This is kind of expected these days, and isn't likely to go away soon. Even if unsuccessful, the constant door-rattling will consume CPU and resources and impact performance. The best way to deal with it is to create an access list containing just the netblocks of your management systems where logins are expected and apply that ACL to the VTY lines and HTTP/S processes. Also shut down telnet and use only SSH for command line access.

!

ip access-list standard admin-access

  permit [subnet and inverse mask of your trusted IPs]

  permit [Additional trusted subnets as needed]

!

!

http ip access-class admin-access in

http ip secure-access-class admin-access in

!

!

line telnet 0 4

  shutdown

line ssh 0 4

  line-timeout 60

  no shutdown

  ip access-class admin-access in

!

Re: NetVanta 3200's excessive login attemps. 'access-attempts' isn't an available option.

Yes as long as it is exposed to the internet that is going to happen.

Thanks for the info.  We will end up doing that.

We are disabling telnet & moving https access to a different, higher, port.

However, still have the question about the 'access-attempts' command.

jayh
Honored Contributor
Honored Contributor

Re: NetVanta 3200's excessive login attemps. 'access-attempts' isn't an available option.

The command reference "bible" lists every command available in AOS for pretty much any device that runs AOS. Many of these features are only available on specific platforms and as such won't be available on everything. If you get an error entering the command it either isn't available on that platform or requires a different license. I've not seen the "access-attempts" feature available on the typical Total Access or Netvanta devices we deploy.