Configure Fast Login Limit
Network Requirements
- PC1 and PC2 serve as the local terminals, and can log into Device via telnet.
- After PC1 fast logs into Device repeatedly, the login is limited, and PC2 is not affected.
Network Topology
Figure 7‑2 Networking for configuring the fast login limit
Configuration Steps
Step 1: Configure the IP address of the interface, and configure the routing protocol to make PC1, PC2, and Device communicate with each other (omitted).
Step 2: Configure the telnet fast login limit function.
#Enable telnet login security function, and configure the maximum fast login times as 20 and the prohibit time as 10.
|
Device#configure terminal
Device(config)#service login-secure telnet
Device(config)#login-secure telnet quick-connect max-times 20
Device(config)#login-secure telnet quick-connect forbid-time 10
|
Step 3: Configure the login user name and password of Device, and set using the local authentication login.
|
Device(config)#local-user user1 class manager
Device(config-user-manager-user1)#service-type ssh
Device(config-user-manager-user1)#password 0 admin
Device(config-user-manager-user1)#exit
Device(config)#line vty 0 15
Device(config-line)#login aaa
Device(config-line)#exit
|
Step 4: Check the result.
# PC1 uses user1 to log in and log out repeatedly for 21 times via telnet, the login interval does not exceed 30s, and view the fast connection information of telnet login security statistics.
Device#show login-secure telnet quick-connect
telnet module quick connect info:
connect ip connect times last connect time forbid-time record-time
---------- ------------- ----------------- ----------- -----------
10.0.0.1 21 TUE MAR 11 20:22:38 2022 00:09:00 00:01:00
You can see that PC1 is regarded as the login attack address, and is not permitted to log into the device via telnet for 10 minutes.
PC2 can log into Device via telnet successfully.
Switch
.png){kind=icon}
.png){kind=logo}
.jpg)
.png){kind=logo}
