Support User Manuals

Western Telematic AFS-16-1 Switch User Manual

Open as PDF

of 135

5-8

Basic Configuration

5.3.2. The Invalid Access Lockout Feature

When properly configured and enabled, the Invalid Access Lockout feature will watch

all login attempts made at the Network Port and RS232 Port. If either port exceeds the

selected number of invalid attempts, then that port will be automatically disabled for a

user-defined length of time (Lockout Duration.) The Invalid Access Lockout feature uses

two separate counters to track invalid access attempts:

• SerialPortCounter: Counts invalid access attempts at the Serial Port. If the

number of invalid attempts at the port exceeds the user-defined Lockout Attempts

value, then the port will be locked.

• Telnet,SSHandWebBrowserCounter: Counts all invalid attempts to access

command mode via Telnet, SSH or Web Browser interface. If the number of

cumulative invalid attempts exceeds the user-defined Lockout Attempts value, then

the Network Port will be locked.

Note:IntheWebBrowserInterface,theInvalidAccessLockoutitemdoes

notappearintheSystemParametersmenu,andisinsteadaccessedviathe

GeneralParametersfly-outmenuasdescribedbelow.

Note that when an Invalid Access Lockout occurs, you can either wait for the Lockout

Duration period to elapse (after which, the AFS-16 will automatically reactivate the port),

or you can issue the /UL command (type /UL and press [Enter]) via the Text Interface to

instantly unlock all of the AFS-16's logical network ports.

Notes:

• WhentheInvalidAccessLockoutAlarmhasbeenenabledasdescribed

inSection7.4,theAFS-16canalsoprovidenotificationviaemail,Syslog

Message,and/orSNMPtrapwheneveranInvalidAccessLockoutoccurs.

• InvalidAccessLockoutparameters,definedviatheSystemParameters

menu,willapplytoboththeSerialPortandtheNetworkPort.

• WhenaSerialPortislocked,anexternalmodemconnectedtothatportwill

notanswer.

• IfeithertheRS232PortorNetworkPortarelocked,theotherportwillremain

unlocked,unlesstheInvalidAccessLockoutfeaturehasalsobeentriggered

atthatport.

• IfanyoneoftheAFS-16’slogicalnetworkportsislocked,allothernetwork

connectionstotheunitwillalsobelocked.

• AllinvalidaccessattemptsattheAFS-16NetworkPortarecumulative(the

countforinvalidaccessattemptsisdeterminedbythetotalnumberof

allinvalidattemptsatall16logicalnetworkports.)Ifavalidloginname/

passwordisenteredatanyofthelogicalnetworkports,thenthecountforall

AFS-16logicalnetworkportswillberestarted.

• IftheNetworkPorthasbeenlockedbytheInvalidAccessLockoutfeature,it

willstillrespondtothepingcommand(providingthatthepingcommandhas

notbeendisabledattheNetworkPort.)

previous next