—For a VTY or console administrator, the maximum number of allowed authentication failures can be set in the lock authentication-count command. The default value is 3.
# Set the threshold for authentication attempts to 5 on the console port.
system-view
[sysname] user-interface console 0
[sysname-ui-console0] lock authentication-count 5
—For users who log in through Telnet, SSH, web UI, FTP, SFTP, or SNMP, run the firewall blacklist authentication-count login-failed command to set the threshold for authentication attempts.
By default, the value is 3 for Telnet, SSH, web, FTP, and SFTP users or 6 for SNMP users.
# Set the threshold for authentication attempts to 5 for administrators who log in through the web UI.
system-view
[sysname] firewall blacklist authentication-count login-failed 5
If the number of consecutive wrong passwords exceeds the specified threshold, the client IP address is blacklisted to prevent more login attempts.
By default, the blacklist entry will be time out in 10 minutes. That is, the user can try to log in again using the same IP address 10 minutes later.
—For a VTY or console administrator, the maximum number of allowed authentication failures can be set in the lock authentication-count command. The default value is 3.
# Set the threshold for authentication attempts to 5 on the console port.
system-view
[sysname] user-interface console 0
[sysname-ui-console0] lock authentication-count 5
—For users who log in through Telnet, SSH, web UI, FTP, SFTP, or SNMP, run the firewall blacklist authentication-count login-failed command to set the threshold for authentication attempts.
By default, the value is 3 for Telnet, SSH, web, FTP, and SFTP users or 6 for SNMP users.
# Set the threshold for authentication attempts to 5 for administrators who log in through the web UI.
system-view
[sysname] firewall blacklist authentication-count login-failed 5
If the number of consecutive wrong passwords exceeds the specified threshold, the client IP address is blacklisted to prevent more login attempts.
By default, the blacklist entry will be time out in 10 minutes. That is, the user can try to log in again using the same IP address 10 minutes later.
Log in to the management server for which OceanStor BCManager is installed and check whether a service IP address has been assigned for the management server.
If yes, confirm whether the service IP address needs to be used. If the service IP address does not need to be used, delete the service IP address.
If no, contact Huawei technical support.
