Cisco Login Failure Rate
Written by Packet Lab | Thursday, 11 February 2010 14:56 Last Updated on Monday, 15 March 2010 19:40 by Packet Lab
To configure the number of allowable unsuccessful login attempts, use the security authentication failure rate command in global configuration mode....supposedly. :-)
Cisco Login Failure Rate - Part 1
Cisco Login Failure Rate - Part 2
Cisco Login Failure Rate - Part 3
The Quick and Dirty
Supposedly this feature allows you to configure the number of allowable unsuccessful login attempts on your Cisco devices. I say 'supposedly' because I have not been able to get this to work. I’ve tried with routers running 12.4(12.4(15)T10) and 12.3(12.3(14)T7) and could not get this to work. I tried ‘login local’ and just using a simple vty password. No logging. No 15-second delay. Nothing.
I’m totally speculating here, but I think that this was a command that was either never implemented – or implemented and deprecated. The ‘login block’ feature set accomplishes all of the same task that ‘security authentication failure rate’ attempts to address – with a lot more granularity as well as the ability to verify settings.
So this is good to know for the CCNA Security exam and maybe it will work with your flavor of IOS, but I could not get this to work. If you cannot get this to work in production, you might want to check out the “login block” feature instead..
Command and Configuration References
Search Terms: security authentication failure rate, threshold-rate, Cisco Login Failure Rate, Security Authentication Failure Rate