From: Tony Olzak (aolzak@xxxxxxxxxxxxxxxxxxx)
Date: Tue Dec 05 2000 - 20:39:09 GMT-3
I'm not sure about by IP address, but if you are telling ACS to use the NT
database you can lock out accounts after a certain number of unsuccessful
logins.
Tony
----- Original Message -----
From: "Yurchenko, Michael" <michael.yurchenko@verizon.com>
To: "'Bill Dellamar'" <wdellamar@yahoo.com>; "Yurchenko, Michael"
<michael.yurchenko@verizon.com>; "CCIE Group Study (E-mail)"
<ccielab@groupstudy.com>
Sent: Tuesday, December 05, 2000 1:17 PM
Subject: RE: Cutting off ip address...
> I could see that part happening, but how to tie it up w/an access list on
> the vty to deny access to particular host from whom several attempts has
> been failed?
>
> -----Original Message-----
> From: Bill Dellamar [mailto:wdellamar@yahoo.com]
> Sent: Tuesday, December 05, 2000 12:19 PM
> To: Yurchenko, Michael; CCIE Group Study (E-mail)
> Subject: Re: Cutting off ip address...
>
>
> I believe that this might be duplicated using tacacs.
> If it's setup to authenicate via an NT external
> database.
>
> Click to configure a particular external database type
> for users to authenticate against. CiscoSecure ACS can
> authenticate against the Windows NT User Database
>
> I think,
> Bill
>
>
> --- "Yurchenko, Michael"
> <michael.yurchenko@verizon.com> wrote:
> > Hello,
> >
> > Some time ago, I was trying to get in a router of
> > the company I was working
> > for, and I noticed an interesting feature. If
> > someone did not enter the vty
> > password successfully upon 3 telnet attempts (of 3
> > password entries each),
> > the ip address of the client attempting to connect
> > would no longer be able
> > to telnet to this device (i believe for 24 hours).
> > Does anyone know how
> > something like that could be duplicated?
> >
> > Sincerely,
> > mike.
> >
> >
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:59 GMT-3