aaa authentication console-lockout

Syntax

aaa authentication console-lockout

no aaa authentication console-lockout

Description

Enables console lockout. By default, console lockout is disabled.

The no from of this command disables the console lockout.

Command context

config

Example

switch(config)# aaa authentication console-lockout
All the currently locked-out users will be unlocked.

Proceed?[y/n] y
Enabling console-lockout may result in switch console access becoming
inaccessible in the event of multiple console login failures.

Proceed?[y/n] y

switch(config)#show running-config

Running configuration:

; JL256A Configuration Editor; Created on release #WC.16.06.0000x
; Ver #12:08.1d.9b.3f.bf.bb.ef.7c.59.fc.6b.fb.9f.fc.ff.ff.37.ef:ba
hostname "switch"
module 1 type jl256a
snmp-server community "public" unrestricted
aaa authentication num-attempts 2
aaa authentication lockout-delay 120
aaa authentication console-lockout
vlan 1
   name "DEFAULT_VLAN"
   untagged 1-52
   ip address dhcp-bootp
   exit
no tftp server
no autorun
no dhcp config-file-update
no dhcp image-file-update
no dhcp proxy-url-update
no dhcp tr69-acs-url
password operator

NOTE:

When only console lockout is enable in switch, the users locked out from console can still be able to login from Telnet or SSH sessions.
Console lockout feature is applicable in console access to Commander, Standby, and Member console of stacked switches and Activate Standby console of HA switches.
When both user-based and console lockout is enabled, users locked out from any one of the management interfaces gets locked form the remaining interfaces as well.
All locked users will be unlocked on redundancy switchover, reboot, and power cycle of the system.
Lockout feature is not supported on webUI, REST interfaces.
Console lockout has no impact when lockout delay is set to zero.
When the console is locked out after num-attempts login failures, change in num-attempts or lockout-delay configuration from another session unlocks all Console/Telnet/SSH locked users.