dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
7
share rss forum feed

nschlutter

join:2003-02-07
Osseo, MN

1 recommendation

reply to Network Guy

Re: Who keeps their router's SSH port open?

Another option is to enable some of the enhanced security features mentioned in this document

Basically these features allow you to deny logins after a certain number of failed logins as well as insert a delay between login attempts.

The quiet-mode can be accomplished with the commands:

login block-for X attempts Y within Z

An access-list can also be created that allows logins from certain network(s) during the quiet-mode time. The configuration for this looks like:

login quiet-mode access-class ACL

The delay is accomplished with the command:

login delay X

I wrote a blog post about this as well if you're looking for a slightly more wordy version


Network Guy
Premium
join:2000-08-25
New York
kudos:2

Interesting you post this now. I'm reading a Cisco Press book to get my CCNA Security and I just read past this very same topic explaining that command.

Cool stuff


HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to nschlutter

Thanks for that as well nschlutter See Profile

Cisco refers to the second feature as “quiet mode” and also includes an option to specify an access-list which is exempted during the block period.

The second line of configuration will reference the access-list created above to never block the specified networks.

A bit vague, then again some stuff on how Cisco does it is vague... till you put it into practice. I'm not referring to
the way you write it up nschlutter See Profile, it's just personal experience with the way Cisco writes up the way
their commands (are supposed) to work.

Also, a bit of a personal gripe... why'd it take Cisco till 12.4T to introduce this command...

Regards