| reply to Network Guy
Re: Who keeps their router's SSH port open?Another option is to enable some of the enhanced security features mentioned in this document
Basically these features allow you to deny logins after a certain number of failed logins as well as insert a delay between login attempts.
The quiet-mode can be accomplished with the commands:
login block-for X attempts Y within Z
An access-list can also be created that allows logins from certain network(s) during the quiet-mode time. The configuration for this looks like:
login quiet-mode access-class ACL
The delay is accomplished with the command:
login delay X
I wrote a blog post about this as well if you're looking for a slightly more wordy version |
|
| Interesting you post this now. I'm reading a Cisco Press book to get my CCNA Security and I just read past this very same topic explaining that command.
Cool stuff  |
|
| reply to nschlutter
Thanks for that as well nschlutter 
Cisco refers to the second feature as “quiet mode” and also includes an option to specify an access-list which is exempted during the block period. The second line of configuration will reference the access-list created above to never block the specified networks.
the way you write it up nschlutter , it's just personal experience with the way Cisco writes up the way
their commands (are supposed) to work.
Also, a bit of a personal gripe... why'd it take Cisco till 12.4T to introduce this command...
Regards |
|
