Filter
Top Products
5-11
Basic Configuration
5.3.2. The Invalid Access Lockout Feature
When properly configured and enabled, the Invalid Access Lockout feature will watch all
login attempts made at the Network Port and serial Console Port. If the port exceeds the
selected number of invalid attempts, then the port where the Invalid Attempts occurred
will be automatically disabled for a user-defined length of time (Lockout Duration.) The
Invalid Access Lockout feature uses two separate counters to track invalid access
attempts:
• Serial Port Counter: Counts invalid access attempts at the RS232 Console Port.
If the number of invalid attempts at the port exceeds the user-defined Lockout
Attempts value, then the port will be locked.
• Telnet, SSH and Web Browser Counter: Counts all invalid attempts to access
command mode via Telnet, SSH or Web Browser interface. If the number of
cumulative invalid attempts exceeds the user-defined Lockout Attempts value, then
the Network Port will be locked.
Note: In the Web Browser Interface, the Invalid Access Lockout item does not
appear in the System Parameters Menu, and is instead accessed via the "Invalid
Access Lockout" link on the left hand side of the screen.
Note that when an Invalid Access Lockout occurs, you can either wait for the Lockout
Duration period to elapse (after which, the MPC will automatically reactivate the port), or
you can issue the /UL command (type /UL and press [Enter]) via the Text Interface to
instantly unlock all of the MPC's logical network ports.
Notes:
• When the Invalid Access Lockout Alarm has been enabled as described
in Section 7.7, the MPC can also provide notification via email, Syslog
Message, and/or SNMP trap whenever an Invalid Access Lockout occurs.
• Invalid Access Lockout parameters, defined via the System Parameters
menu, will apply to both the Serial Console Port and the Network Port.
• When the Console Port is locked, an external modem connected to that port
will not answer.
• When either the Console Port or Network Port are locked, the other port will
remain unlocked, unless the Invalid Access Lockout feature has also been
triggered at that port.
• If any one of the MPC’s logical network ports is locked, all other network
connections to the unit will also be locked.
• All invalid access attempts at the MPC Network Port are cumulative (the
count for invalid access attempts is determined by the total number of
all invalid attempts at all 16 logical network ports.) If a valid login name/
password is entered at any of the logical network ports, then the count for all
MPC logical network ports will be restarted.
• If the Network Port has been locked by the Invalid Access Lockout feature, it
will still respond to the ping command (providing that the ping command has
not been disabled at the Network Port.)