dslreports logo
    All Forums Hot Topics Gallery


how-to block ads

Search Topic:
share rss forum feed


Osseo, MN

1 recommendation

reply to Network Guy

Re: Who keeps their router's SSH port open?

Another option is to enable some of the enhanced security features mentioned in this document

Basically these features allow you to deny logins after a certain number of failed logins as well as insert a delay between login attempts.

The quiet-mode can be accomplished with the commands:

login block-for X attempts Y within Z

An access-list can also be created that allows logins from certain network(s) during the quiet-mode time. The configuration for this looks like:

login quiet-mode access-class ACL

The delay is accomplished with the command:

login delay X

I wrote a blog post about this as well if you're looking for a slightly more wordy version

Network Guy
New York
Interesting you post this now. I'm reading a Cisco Press book to get my CCNA Security and I just read past this very same topic explaining that command.

Cool stuff

reply to nschlutter
Thanks for that as well nschlutter See Profile

Cisco refers to the second feature as “quiet mode” and also includes an option to specify an access-list which is exempted during the block period.

The second line of configuration will reference the access-list created above to never block the specified networks.

A bit vague, then again some stuff on how Cisco does it is vague... till you put it into practice. I'm not referring to
the way you write it up nschlutter See Profile, it's just personal experience with the way Cisco writes up the way
their commands (are supposed) to work.

Also, a bit of a personal gripe... why'd it take Cisco till 12.4T to introduce this command...