Exremeware Summit 48si switch not disconnected after 3 time login fail attempt in SSH mode

  • 0
  • 1
  • Question
  • Updated 3 years ago
  • Answered
Switch version is  Extremeware  Version 7.8.4.1 patch1-r4

When we try to login switch via SSH with wrong username , after 3rd attempt it should get disconnected but we can see it offering 4th time login attempt.

Same thing if we try with telnet then it disconnected after 3rd attemt.

so please help here if we can do any change in command to check further or any change in switch config , which can help here.




Photo of Narender kumar

Narender kumar

  • 430 Points 250 badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 51,266 Points 50k badge 2x thumb
"show managment" = here you'd see how many login attempts are allowed
"configure cli max-failed" = configure max attempts
"show log" = check for login fails

-Ron
Photo of Ryan Mathews

Ryan Mathews, Alum

  • 8,988 Points 5k badge 2x thumb
Did you get your hands on ExtremeWare too Ron?  Got to say...I'm impressed.  

There seems to be no end to your talents!
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 51,266 Points 50k badge 2x thumb
Thanks but I'm not even sure what ExtremeWare exactly is :-)

But I was curious so I've used my expert Google skills to find a CLI guide and it looked like XOS.

I look forward to learn more in the XOS bootcamp in January - right now I've only some base knowledge from playing around with my lab X430.

So let's see whether I'd "impress" after the training.... if not I'll blame the trainer and demand full refund for the class :-)
Photo of Drew C.

Drew C., Community Manager

  • 40,724 Points 20k badge 2x thumb
ExtremeWare was Extreme Networks' first OS from the late 90s.  Many of the commands are identical to those in EXOS, but not all of them.  Its behavior is quite different as well.
The EXOS training you'll be attending won't cover any eWare, as it and all of the products that it supports are End-of-Life.
Photo of Drew C.

Drew C., Community Manager

  • 40,724 Points 20k badge 2x thumb
Narender,
I booted up a 48si in the lab and tried this in v7.8.4.1-patch1-4.  For both telnet and SSH, I was disconnected after 3 tries as expected.  However, this behavior does not appear to be configurable as it is in EXOS (which is what Ron's commands above are from).

The default is three consecutive login attempts before being disconnected.  You can disable the account entirely, but that's probably not what you want to do.
The command for this is:  configure account [all | <name>] password-policy lockout-on-login-failures [on | off]
The default is off.  You would have to login from another admin account and use the clear account lockout command to unlock the account.

You can also see how many successful and failed attempts there are for a given account.
Summit48si:7 # show accounts
   User Name      Access LoginOK  Failed User Type
----------------  ------ -------  ------ ---------
           admin    R/W        4      11     Admin
            user    RO         0       0      User
--------------------------------------------------
(*) - Account locked
Hope this helps.
Photo of Narender kumar

Narender kumar

  • 430 Points 250 badge 2x thumb
i raised case with ETAC but due to EOS  no support  is given for this issue.
Let me know what else i can do from my end to suppress issue.
Photo of Drew C.

Drew C., Community Manager

  • 40,724 Points 20k badge 2x thumb
What software version is your 48si running?
Photo of Narender kumar

Narender kumar

  • 430 Points 250 badge 2x thumb
Version 7.8.4.1 patch1-r4
Photo of Drew C.

Drew C., Community Manager

  • 40,724 Points 20k badge 2x thumb
I just noticed you included that in your original post... sorry.
In this case, I'm not sure what the appropriate action is since the product and software have reached end-of-life.  I wasn't able to reproduce the problem in the lab and unless someone knows a way to change the configuration for number of login attempts, I don't see that it is possible.
There's always new EXOS-based network gear :)