< Home

lock-authentication enable

Function

The lock-authentication enable command enables a FW to automatically lock out an account if an administrator enters incorrect accounts for consecutive three times.

The undo lock-authentication enable command disables the function of locking out the administrators that fail the authentication.

Format

lock-authentication enable

undo lock-authentication enable

Parameters

None

Views

AAA view

Default Level

2: Configuration level

Usage Guidelines

The account lock function does not take effect when the administrator logs in using the Console port.

By default, the function of locking out the administrators that fail the authentication is enabled.

When an administrator logs in to the device and performs RADIUS, AD, HWTACACS, or LDAP server authentication, the account lock function does not take effect.

The undo lock-authentication enable command can only unlock administrator accounts locked due to authentication failures. If an administrator fails to access the device because the IP address is blacklisted, run the undo firewall blacklist item command to delete it from the blacklist.

Example

# Enable a FW to lock out an account if an administrator enters incorrect accounts for a specified number of consecutive times.

<sysname> system-view
[sysname] aaa
[sysname-aaa] lock-authentication enable
Parent Topic: Administrator Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >