Configuring Security Features on an External AAA Server
Configuring Login Parameters
Use this task to configure your Cisco MDS 9000 device for login parameters that helps to detect suspected
DoS attacks and slow down dictionary attacks.
All login parameters are disabled by default. You must enter the login block-for command, which enables
default login functionality, before using any other login commands. After the login block-for command is
enabled, the following default is enforced:
• All login attempts made through Telnet or SSH are denied during the quiet period; that is, no ACLs are
To configure the login parameter, follow these steps:
Procedure
Step 1
Enters configuration mode:
switch#configure terminal
Step 2
Configures your Cisco MDS 9000 device for login parameters that helps to provide DoS detection:
switch(config)# login block-for 100 attempts 2 within 100
Note
Step 3
(Optional) Although this command is optional, it is recommended that, it should be configured to specify an
ACL that is to be applied to the device when the device switches to quiet mode. When the device is in quiet
mode, all login requests are denied and the only available connection is through the console:
switch(config)# login quiet-mode access-class myacl
Step 4
Exits to privileged EXEC mode:
switch(config)#exit
Step 5
Display login parameters:
switch#show login
Step 6
Display information related only to failed login attempts:
switch#show login failures
exempt from the login period until the login quiet-mode access-class command is entered.
This command must be issued before any other login command.
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
Configuring Login Parameters
39