Exremeware Summit 48si switch not disconnected after 3 time login fail attempt in SSH mode

  • 15 December 2015
  • 9 replies
  • 320 views

Switch version is Extremeware Version 7.8.4.1 patch1-r4

When we try to login switch via SSH with wrong username , after 3rd attempt it should get disconnected but we can see it offering 4th time login attempt.

Same thing if we try with telnet then it disconnected after 3rd attemt.

so please help here if we can do any change in command to check further or any change in switch config , which can help here.

9 replies

Userlevel 7
"show managment" = here you'd see how many login attempts are allowed
"configure cli max-failed" = configure max attempts
"show log" = check for login fails

-Ron
Userlevel 6
"show managment" = here you'd see how many login attempts are allowed
"configure cli max-failed" = configure max attempts
"show log" = check for login fails

-Ron
Did you get your hands on ExtremeWare too Ron? Got to say...I'm impressed.

There seems to be no end to your talents!
Userlevel 7
"show managment" = here you'd see how many login attempts are allowed
"configure cli max-failed" = configure max attempts
"show log" = check for login fails

-Ron
Thanks but I'm not even sure what ExtremeWare exactly is :-)

But I was curious so I've used my expert Google skills to find a CLI guide and it looked like XOS.

I look forward to learn more in the XOS bootcamp in January - right now I've only some base knowledge from playing around with my lab X430.

So let's see whether I'd "impress" after the training.... if not I'll blame the trainer and demand full refund for the class 🙂
Userlevel 7
"show managment" = here you'd see how many login attempts are allowed
"configure cli max-failed" = configure max attempts
"show log" = check for login fails

-Ron
ExtremeWare was Extreme Networks' first OS from the late 90s. Many of the commands are identical to those in EXOS, but not all of them. Its behavior is quite different as well.
The EXOS training you'll be attending won't cover any eWare, as it and all of the products that it supports are End-of-Life.
Userlevel 7
Narender,
I booted up a 48si in the lab and tried this in v7.8.4.1-patch1-4. For both telnet and SSH, I was disconnected after 3 tries as expected. However, this behavior does not appear to be configurable as it is in EXOS (which is what Ron's commands above are from).

The default is three consecutive login attempts before being disconnected. You can disable the account entirely, but that's probably not what you want to do.
The command for this is:
code:
configure account [all | ] password-policy lockout-on-login-failures [on | off]

The default is off. You would have to login from another admin account and use the
code:
clear account lockout
command to unlock the account.

You can also see how many successful and failed attempts there are for a given account.
Summit48si:7 # show accounts
User Name Access LoginOK Failed User Type
---------------- ------ ------- ------ ---------
admin R/W 4 11 Admin
user RO 0 0 User
--------------------------------------------------
(*) - Account locked[/code]Hope this helps.
Narender,
I booted up a 48si in the lab and tried this in v7.8.4.1-patch1-4. For both telnet and SSH, I was disconnected after 3 tries as expected. However, this behavior does not appear to be configurable as it is in EXOS (which is what Ron's commands above are from).

The default is three consecutive login attempts before being disconnected. You can disable the account entirely, but that's probably not what you want to do.
The command for this is:
code:
configure account [all | ] password-policy lockout-on-login-failures [on | off]

The default is off. You would have to login from another admin account and use the
code:
clear account lockout
command to unlock the account.

You can also see how many successful and failed attempts there are for a given account.
Summit48si:7 # show accounts
User Name Access LoginOK Failed User Type
---------------- ------ ------- ------ ---------
admin R/W 4 11 Admin
user RO 0 0 User
--------------------------------------------------
(*) - Account locked[/code]Hope this helps.
i raised case with ETAC but due to EOS no support is given for this issue.
Let me know what else i can do from my end to suppress issue.
Userlevel 7
Narender,
I booted up a 48si in the lab and tried this in v7.8.4.1-patch1-4. For both telnet and SSH, I was disconnected after 3 tries as expected. However, this behavior does not appear to be configurable as it is in EXOS (which is what Ron's commands above are from).

The default is three consecutive login attempts before being disconnected. You can disable the account entirely, but that's probably not what you want to do.
The command for this is:
code:
configure account [all | ] password-policy lockout-on-login-failures [on | off]

The default is off. You would have to login from another admin account and use the
code:
clear account lockout
command to unlock the account.

You can also see how many successful and failed attempts there are for a given account.
Summit48si:7 # show accounts
User Name Access LoginOK Failed User Type
---------------- ------ ------- ------ ---------
admin R/W 4 11 Admin
user RO 0 0 User
--------------------------------------------------
(*) - Account locked[/code]Hope this helps.
What software version is your 48si running?
Narender,
I booted up a 48si in the lab and tried this in v7.8.4.1-patch1-4. For both telnet and SSH, I was disconnected after 3 tries as expected. However, this behavior does not appear to be configurable as it is in EXOS (which is what Ron's commands above are from).

The default is three consecutive login attempts before being disconnected. You can disable the account entirely, but that's probably not what you want to do.
The command for this is:
code:
configure account [all | ] password-policy lockout-on-login-failures [on | off]

The default is off. You would have to login from another admin account and use the
code:
clear account lockout
command to unlock the account.

You can also see how many successful and failed attempts there are for a given account.
Summit48si:7 # show accounts
User Name Access LoginOK Failed User Type
---------------- ------ ------- ------ ---------
admin R/W 4 11 Admin
user RO 0 0 User
--------------------------------------------------
(*) - Account locked[/code]Hope this helps.
Version 7.8.4.1 patch1-r4
Userlevel 7
Narender,
I booted up a 48si in the lab and tried this in v7.8.4.1-patch1-4. For both telnet and SSH, I was disconnected after 3 tries as expected. However, this behavior does not appear to be configurable as it is in EXOS (which is what Ron's commands above are from).

The default is three consecutive login attempts before being disconnected. You can disable the account entirely, but that's probably not what you want to do.
The command for this is:
code:
configure account [all | ] password-policy lockout-on-login-failures [on | off]

The default is off. You would have to login from another admin account and use the
code:
clear account lockout
command to unlock the account.

You can also see how many successful and failed attempts there are for a given account.
Summit48si:7 # show accounts
User Name Access LoginOK Failed User Type
---------------- ------ ------- ------ ---------
admin R/W 4 11 Admin
user RO 0 0 User
--------------------------------------------------
(*) - Account locked[/code]Hope this helps.
I just noticed you included that in your original post... sorry.
In this case, I'm not sure what the appropriate action is since the product and software have reached end-of-life. I wasn't able to reproduce the problem in the lab and unless someone knows a way to change the configuration for number of login attempts, I don't see that it is possible.
There's always new EXOS-based network gear 🙂

Reply