Western Telematic AFS-16-1 Switch User Manual


 
5-8
Basic Configuration
5.3.2. The Invalid Access Lockout Feature
When properly configured and enabled, the Invalid Access Lockout feature will watch
all login attempts made at the Network Port and RS232 Port. If either port exceeds the
selected number of invalid attempts, then that port will be automatically disabled for a
user-defined length of time (Lockout Duration.) The Invalid Access Lockout feature uses
two separate counters to track invalid access attempts:
• SerialPortCounter: Counts invalid access attempts at the Serial Port. If the
number of invalid attempts at the port exceeds the user-defined Lockout Attempts
value, then the port will be locked.
• Telnet,SSHandWebBrowserCounter: Counts all invalid attempts to access
command mode via Telnet, SSH or Web Browser interface. If the number of
cumulative invalid attempts exceeds the user-defined Lockout Attempts value, then
the Network Port will be locked.
Note:IntheWebBrowserInterface,theInvalidAccessLockoutitemdoes
notappearintheSystemParametersmenu,andisinsteadaccessedviathe
GeneralParametersfly-outmenuasdescribedbelow.
Note that when an Invalid Access Lockout occurs, you can either wait for the Lockout
Duration period to elapse (after which, the AFS-16 will automatically reactivate the port),
or you can issue the /UL command (type /UL and press [Enter]) via the Text Interface to
instantly unlock all of the AFS-16's logical network ports.
Notes:
• WhentheInvalidAccessLockoutAlarmhasbeenenabledasdescribed
inSection7.4,theAFS-16canalsoprovidenotificationviaemail,Syslog
Message,and/orSNMPtrapwheneveranInvalidAccessLockoutoccurs.
• InvalidAccessLockoutparameters,definedviatheSystemParameters
menu,willapplytoboththeSerialPortandtheNetworkPort.
• WhenaSerialPortislocked,anexternalmodemconnectedtothatportwill
notanswer.
• IfeithertheRS232PortorNetworkPortarelocked,theotherportwillremain
unlocked,unlesstheInvalidAccessLockoutfeaturehasalsobeentriggered
atthatport.
• IfanyoneoftheAFS-16’slogicalnetworkportsislocked,allothernetwork
connectionstotheunitwillalsobelocked.
• AllinvalidaccessattemptsattheAFS-16NetworkPortarecumulative(the
countforinvalidaccessattemptsisdeterminedbythetotalnumberof
allinvalidattemptsatall16logicalnetworkports.)Ifavalidloginname/
passwordisenteredatanyofthelogicalnetworkports,thenthecountforall
AFS-16logicalnetworkportswillberestarted.
• IftheNetworkPorthasbeenlockedbytheInvalidAccessLockoutfeature,it
willstillrespondtothepingcommand(providingthatthepingcommandhas
notbeendisabledattheNetworkPort.)