Loading...
6-7
Configuration Options
6.2.2. The Invalid Access Lockout Feature
When properly configured and enabled, the Invalid Access Lockout feature can watch all
login attempts made via SSH connection, Telnet connection, web browser or the serial
Console Port. If the counter for any of these exceeds the user-defined threshold for
maximum invalid attempts, then the corresponding port or protocol will be automatically
disabled for the length of time specified by the Lockout Duration parameter.
When Invalid Access Attempt monitoring is enabled for the serial Console Port, the RPC
will count invalid access attempts at the serial Console Port. If the number of invalid
access attempts exceeds the defined Lockout Attempts trigger value, the RPC will lock
the serial Console Port for the defined Lockout Duration period. When Invalid Access
Attempt monitoring for SSH, Telnet or Web are selected, a lockout will be triggered
when the number of invalid access attempts during the defined Lockout Duration period
exceeds the defined Hit Count for the protocol. For example, if the SSH Hit Count is set
at 10 and the SSH Lockout Duration period is set at 120 seconds, then if over 10 invalid
access attempts are detected within 120 seconds, the RPC will then lock out the MAC
address that generated the excessive attempts for 120 seconds.
Note that when an Invalid Access Lockout occurs, you can either wait for the Lockout
Duration period to elapse (after which, the RPC will automatically reactivate the port or
protocol), or you can issue the /UL command (type /UL and press [Enter]) via the Text
Interface to instantly unlock all RPC logical network ports and communication protocols.
Notes:
• WhentheSerialPortInvalidAccessLockoutAlarmhasbeenenabledas
describedinSection8.5,theRPCcanalsoprovidenotificationviaemail,
SyslogMessage,and/orSNMPtrapwheneveranInvalidAccessLockout
occursattheserialConsolePort.
• IftheNetworkPorthasbeenlockedbytheInvalidAccessLockoutfeature,it
willstillrespondtothepingcommand(providingthatthepingcommandhas
notbeendisabledattheNetworkPort.)
The Invalid Access Lockout configuration menus allow you to select the following
parameters:
• SerialPortProtection: Enables/Disables the Invalid Access Lockout function for
the serial Console Port and selects lockout parameters. When this item is enabled
and excessive Invalid Access attempts are detected at the Console Port, the
Console Port will be locked until the user-defined Lockout Duration period elapses,
or until the /UL command is issued.
• SerialPortProtection: Enables/Disables the Invalid Access Lockout feature for
theserialConsolePort.(Default=Off)
• LockoutAttempts: The number of invalid attempts that must occur in order to
trigger the Invalid Access Lockout feature at the serial Console Port.
(Default=9)
• LockoutDuration: This option selects the length of time that the serial Console
Port will remain locked when Invalid Access Lockout occurs. If the duration is
set at "Infinite", then ports will remained locked until the /UL command is issued.
(Default=30Minutes)
Loading...
Terms of Use | Privacy Policy | DMCA Policy
2006-2020 Rsmanuals.com