Cisco CCNA (640-553) Security Exam Training - Using the "Block Count" Command

In today's article, I'm going to quickly inform you about the Cisco IOS local RADIUS server group configuration mode command named "block count." Network administrators (like you) use the "block count" command to lock out group members for a length of time after a set number of incorrect passwords are entered. Below is the command's syntax: block count count time {seconds | infinite} As you can see, the command can use the count and seconds arguments and the "time" and "infinite" keywords. count-This argument is used to indicate the number of failed passwords before a lockout is triggered; the lockout range is from 1 to 4294967295. time -This keyword is used to specify the time to block the account. seconds-This argument is used to indicate the number of seconds that the lockout should (will) last; the range is from 1 to 4294967295. infinite -This keyword is used to indicate that the lockout should be indefinite (infinite). Note: If you use the "infinite" keyword, an administrator must manually unblock the locked username. Below is an example of the command being used: router#configure terminal router(config)#radius-server local router(config-radsrv)#group ittechtips router(config-radsrv-group)#block count 3 time 120 router(config-radsrv-group)#exit router(config-radsrv)#user cross password baseball74 group ittechtips router(config-radsrv)