beautypg.com

The invalid access lockout feature -8 – Western Telematic AFS-16-1 User Manual

Page 29

background image

5-8

Basic Configuration

5.3.2. The Invalid Access Lockout Feature
When properly configured and enabled, the Invalid Access Lockout feature will watch
all login attempts made at the Network Port and RS232 Port. If either port exceeds the
selected number of invalid attempts, then that port will be automatically disabled for a
user-defined length of time (Lockout Duration.) The Invalid Access Lockout feature uses
two separate counters to track invalid access attempts:

Serial Port Counter: Counts invalid access attempts at the Serial Port. If the

number of invalid attempts at the port exceeds the user-defined Lockout Attempts
value, then the port will be locked.

Telnet, SSH and Web Browser Counter: Counts all invalid attempts to access

command mode via Telnet, SSH or Web Browser interface. If the number of
cumulative invalid attempts exceeds the user-defined Lockout Attempts value, then
the Network Port will be locked.

Note: In the Web Browser Interface, the Invalid Access Lockout item does

not appear in the System Parameters menu, and is instead accessed via the
General Parameters fly-out menu as described below.

Note that when an Invalid Access Lockout occurs, you can either wait for the Lockout
Duration period to elapse (after which, the AFS-16 will automatically reactivate the port),
or you can issue the /UL command (type

/UL and press [Enter]) via the Text Interface to

instantly unlock all of the AFS-16's logical network ports.

Notes:

• When the Invalid Access Lockout Alarm has been enabled as described

in Section 7.4, the AFS-16 can also provide notification via email, Syslog
Message, and/or SNMP trap whenever an Invalid Access Lockout occurs.

• Invalid Access Lockout parameters, defined via the System Parameters

menu, will apply to both the Serial Port and the Network Port.

• When a Serial Port is locked, an external modem connected to that port will

not answer.

• If either the RS232 Port or Network Port are locked, the other port will remain

unlocked, unless the Invalid Access Lockout feature has also been triggered
at that port.

• If any one of the AFS-16’s logical network ports is locked, all other network

connections to the unit will also be locked.

• All invalid access attempts at the AFS-16 Network Port are cumulative (the

count for invalid access attempts is determined by the total number of
all invalid attempts at all 16 logical network ports.) If a valid login name/
password is entered at any of the logical network ports, then the count for all
AFS-16 logical network ports will be restarted.

• If the Network Port has been locked by the Invalid Access Lockout feature, it

will still respond to the ping command (providing that the ping command has
not been disabled at the Network Port.)

See also other documents in the category Western Telematic Computer Accessories: