We use NetVanta 3200's for T1 termination and seeing excessive login attempts. We want to use the 'access-attempts' command on page 1982 of the AOS 13.6 command reference.
When we navigate to the proper place in the configuration under, enable/config t/ line console 0, it isn't an option.
Is there something else that needs to be enabled for that to be an option?
Is it not an option on the NetVanta 3200? If not is there another way/command to do a time lockout for failed logins? The max is 30 seconds. We wish it could be 5 or 10 minutes.
I can post a screenshot of the available options.
I verified the current firmware is AOS 13.6, backup firmware is 13.5. The command reference states this command was introduced in AOS 11.10.2.
Help. Thanks.
I assume that the device is exposed to the Internet and you're seeing attempts from random IPs not under your control. This is kind of expected these days, and isn't likely to go away soon. Even if unsuccessful, the constant door-rattling will consume CPU and resources and impact performance. The best way to deal with it is to create an access list containing just the netblocks of your management systems where logins are expected and apply that ACL to the VTY lines and HTTP/S processes. Also shut down telnet and use only SSH for command line access.
!
ip access-list standard admin-access
permit [subnet and inverse mask of your trusted IPs]
permit [Additional trusted subnets as needed]
!
!
http ip access-class admin-access in
http ip secure-access-class admin-access in
!
!
line telnet 0 4
shutdown
line ssh 0 4
line-timeout 60
no shutdown
ip access-class admin-access in
!
Yes as long as it is exposed to the internet that is going to happen.
Thanks for the info. We will end up doing that.
We are disabling telnet & moving https access to a different, higher, port.
However, still have the question about the 'access-attempts' command.
The command reference "bible" lists every command available in AOS for pretty much any device that runs AOS. Many of these features are only available on specific platforms and as such won't be available on everything. If you get an error entering the command it either isn't available on that platform or requires a different license. I've not seen the "access-attempts" feature available on the typical Total Access or Netvanta devices we deploy.