Cisco CCNA (640-553) Security Training

 

Using the “block count” command

 

By Charles Ross CCNA - CCNP #CSCO10444244

 

In today’s article, I’m going to quickly inform you about the Cisco IOS local RADIUS server group configuration mode command named “block count”

 

Network administrators (like you) use the “block count” command to lock out group members for a length of time after a set number of incorrect passwords are entered.

 

Below is the command’s syntax:

 

block count count time {seconds | infinite}

 

As you can see, the command can use the count and seconds arguments and the “time” and “infinite” keywords.

 

countThis argument is used to indicate the number of failed passwords before a lockout is trigged; the lockout range is from 1 to 4294967295.

  

time This keyword is used to specify the time to block the account.

 

seconds—This argument is used to indicate the number of seconds that the lockout should (will) last; the range is from 1 to 4294967295. 

 

infinite –This keyword is used to indicate that the lockout should be indefinite (infinite). 

 

Note: If you use the “infinite” keyword, an administrator must manually unblock the locked username.

 

Below is an example of the command being used:

 

router#configure terminal

router(config)#radius-server local

router(config-radsrv)#group ittechtips

router(config-radsrv-group)#block count 3 time 120

router(config-radsrv-group)#exit

router(config-radsrv)#user cross password baseball74 group ittechtips

router(config-radsrv)#end

router#copy run start

 

In the example above, the user named “cross” which belongs to the ittechtip group; will be locked out for 120 seconds if he fails three incorrect password attempts.

 

And, like with mostly all Cisco IOS commands; you can use the word “no” in front of the command to remove (disable) the configured command; like you see below:

 

router(config-radsrv-group)#no block count 3 time 120

 

By the way, if you decide to use the command, make sure your router(s) is running Cisco IOS 12.3(11)T or higher.

 

I hope this article was very informative and helped you quickly understand the usage of the block count command. If you need to learn more; I suggest you visit my website, (www.ittechtips.com) were you’ll find the latest information regarding the Cisco CCNA (640-553) Security exam techniques.

 

To your success,

 

Charles Ross

CCNA- CCNP #CSCO10444244

http://www.ittechtips.com