TechTutorials - Free Computer Tutorials  







Cisco CCNA Security Training: Using the “block count” command 
 


Added: 08/28/2009, Hits: 2,844, Rating: 0, Comments: 0, Votes: 0
Add To Favorites | Comment on this article
In today’s article, I’m going to quickly inform you about the Cisco IOS local RADIUS server group configuration mode command named “block count”.

Network administrators (like you) use the “block count” command to lock out group members for a length of time after a set number of incorrect passwords are entered.

Below is the command’s syntax:

block count count time {seconds | infinite}

As you can see, the command can use the count and seconds arguments and the “time” and “infinite” keywords.

count—This argument is used to indicate the number of failed passwords before a lockout is trigged; the lockout range is from 1 to 4294967295.

time —This keywrd is used to specify the time to block the account.

seconds—This argument is used to indicate the number of seconds that the lockout should (will) last; the range is from 1 to 4294967295.

infinite –This keyword is used to indicate that the lockout should be indefinite (infinite).

Note: If you use the “infinite” keyword, an administrator must manually unblock the locked username.

Below is an example of the command being used:

router#configure terminal
router(config)#radius-server local
router(config-radsrv)#group ittechtips
router(config-radsrv-group)#block count 3 time 120
router(config-radsrv-group)#exit
router(config-radsrv)#user cross password baseball74 group ittechtips
router(config-radsrv)#end
router#copy run start


In the example above, the user named “cross” which belongs to the ittechtip group; will be locked out for 120 seconds if he fails three incorrect password attempts.

And, like with mostly all Cisco IOS commands; you can use the word “no” in front of the command to remove (disable) the configured command; like you see below:

router(config-radsrv-group)#no block count 3 time 120

By the way, if you decide to use the command, make sure your router(s) is running Cisco IOS 12.3(11)T or higher.

I hope this article was very informative and helped you quickly understand the usage of the block count command. If you need to learn more; I suggest you visit my website, (www.ccnaittechtips.com) were you’ll find the latest information regarding the Cisco CCNA (640-553) Security exam techniques.

To your success,

Charles Ross
CCNA- CCNP #CSCO10444244
http://www.ccnaittechtips.com





Comments (0)

Be the first to comment on this article


Related Items








7 Seconds Resources, Inc.




IT Showcase