Configuring Deny Access for Failed Login Attempts
You can configure the device to block users or management stations (IP addresses) from accessing the web interface if the user enters incorrect login credentials for a user-defined number of successive login attempts.
You can only perform the configuration described in this section if you are a management user with Security Administrator level or Master level. For more information, see Configuring Management User Accounts.
|
➢
|
To configure deny access upon failed login attempts: |
|
1.
|
Open the Web Settings page (Setup menu > Administration tab > Web & CLI folder > Web Settings). |
|
2.
|
Under the Security group, configure the following parameters: |
|
●
|
'Deny Authentication Timer' [DenyAuthenticationTimer]: Define the duration (in seconds) for which login to the Web interface is denied from a specific IP address (management station) for all users, when the number of failed login attempts has exceeded the maximum. To configure the blocked duration per user, use the 'Block Duration' parameter in the Local Users table (see Configuring Management User Accounts). |
|
●
|
'Blocking Duration Factor' [BlockDurationFactor]: Define the number to multiple the previous blocking time for blocking the IP address or the user upon the next failed login scenario. |
|
●
|
'Value time of Deny Access counting' [DenyAccessCountingValidTime]: Defines the maximum time interval (in seconds) between failed login attempts to be included in the count of failed login attempts for denying access to the user. |
|
●
|
'Deny Access On Fail Count' [DenyAccessOnFailCount]: Define the maximum number of failed login attempts, after which the requesting IP address (management station) for all users is blocked. |
For a detailed description of the parameters mentioned above, see Web Parameters.