Western Telematic AFS-16-1 manual Invalid Access Lockout Feature

Basic Configuration

5.3.2.The Invalid Access Lockout Feature

When properly configured and enabled, the Invalid Access Lockout feature will watch all login attempts made at the Network Port and RS232 Port. If either port exceeds the selected number of invalid attempts, then that port will be automatically disabled for a user-defined length of time (Lockout Duration.) The Invalid Access Lockout feature uses two separate counters to track invalid access attempts:

•Serial Port Counter: Counts invalid access attempts at the Serial Port. If the number of invalid attempts at the port exceeds the user-defined Lockout Attempts value, then the port will be locked.

•Telnet, SSH and Web Browser Counter: Counts all invalid attempts to access command mode via Telnet, SSH or Web Browser interface. If the number of cumulative invalid attempts exceeds the user-defined Lockout Attempts value, then the Network Port will be locked.

Note: In the Web Browser Interface, the Invalid Access Lockout item does not appear in the System Parameters menu, and is instead accessed via the General Parameters fly-out menu as described below.

Note that when an Invalid Access Lockout occurs, you can either wait for the Lockout Duration period to elapse (after which, the AFS-16 will automatically reactivate the port), or you can issue the /UL command (type /UL and press [Enter]) via the Text Interface to instantly unlock all of the AFS-16's logical network ports.

Notes:

•When the Invalid Access Lockout Alarm has been enabled as described in Section 7.4, the AFS-16 can also provide notification via email, Syslog Message, and/or SNMP trap whenever an Invalid Access Lockout occurs.

•Invalid Access Lockout parameters, defined via the System Parameters menu, will apply to both the Serial Port and the Network Port.

•When a Serial Port is locked, an external modem connected to that port will not answer.

•If either the RS232 Port or Network Port are locked, the other port will remain unlocked, unless the Invalid Access Lockout feature has also been triggered at that port.

•If any one of the AFS-16’s logical network ports is locked, all other network connections to the unit will also be locked.

•All invalid access attempts at the AFS-16 Network Port are cumulative (the count for invalid access attempts is determined by the total number of all invalid attempts at all 16 logical network ports.) If a valid login name/ password is entered at any of the logical network ports, then the count for all AFS-16 logical network ports will be restarted.

•If the Network Port has been locked by the Invalid Access Lockout feature, it will still respond to the ping command (providing that the ping command has not been disabled at the Network Port.)

5-8