12 Replies Latest reply: Apr 18, 2014 7:46 AM by Sandeep RSS

    security authentication failure rate - not working for me?

    Joshua Johnson - CCNP R&S

      Hey all,

       

      I'm using a 3725 router testing out the security authentication failure rate 3 log command and I'm not sure how to get it to work.

       

      I tried telneting to the router and purposely failing the login may times (over 3) and it's not delaying for 15 seconds.

      I've also tried failing the console login several times and still no delay.

       

      Can someone explain how this feature works and tell me what I'm doing wrong please?

       

      Here's my router config just for reference...

       

       

      ISP1#show run
      Building configuration...

       

      Current configuration : 1666 bytes
      !
      version 12.4
      service timestamps debug datetime msec
      service timestamps log datetime msec
      no service password-encryption
      !
      hostname ISP1
      !
      boot-start-marker
      boot-end-marker
      !
      security authentication failure rate 3 log
      enable secret 5 $1$Uh8C$zXKvhjpWBSlmB2bxu1rXQ.
      !
      no aaa new-model
      memory-size iomem 5
      ip cef
      !
      !
      !
      !
      !        
      multilink bundle-name authenticated
      !
      !
      !
      !
      !
      !
      !
      !
      !
      !
      !
      !
      !
      !
      !
      !
      !
      !
      !
      !
      archive
      log config
        hidekeys
      !
      !
      !
      !
      !
      !
      !
      !
      interface Loopback0
      ip address 11.11.11.11 255.255.255.255
      !
      interface FastEthernet0/0
      no ip address
      shutdown
      duplex auto
      speed auto
      !
      interface Serial0/0
      ip address 192.168.1.2 255.255.255.252
      clock rate 2000000
      !
      interface FastEthernet0/1
      no ip address
      shutdown
      duplex auto
      speed auto
      !
      interface Serial0/1
      no ip address
      shutdown
      clock rate 2000000
      !
      interface Serial0/2
      no ip address
      shutdown
      clock rate 2000000
      !
      interface Serial0/3
      no ip address
      shutdown
      clock rate 2000000
      !
      interface FastEthernet1/0
      no ip address
      shutdown
      duplex auto
      speed auto
      !
      interface FastEthernet2/0
      no ip address
      shutdown
      duplex auto
      speed auto
      !
      router bgp 2
      no synchronization
      bgp router-id 2.2.2.2
      bgp log-neighbor-changes
      network 11.11.11.11 mask 255.255.255.255
      network 192.168.1.0 mask 255.255.255.252
      neighbor 192.168.1.1 remote-as 1
      neighbor 192.168.1.1 password 5 cisco
      no auto-summary
      !
      ip forward-protocol nd
      !
      !
      ip http server
      no ip http secure-server
      !
      !
      !
      !
      !
      !
      !
      control-plane
      !
      !
      !
      !
      !
      !
      !
      !
      !
      !
      line con 0
      password cisco
      logging synchronous
      login   
      line aux 0
      line vty 0 4
      password cisco
      logging synchronous
      login
      line vty 5 15
      password cisco
      logging synchronous
      login
      !
      !
      end

       

      ISP1#