configure account password-policy lockout-on-login-failures

configure account [all | name] password-policy lockout-on-login-failures [on | off]


Disables an account after the user has three consecutive failed login attempts.

Syntax Description

all Specifies all users (and future users).
name Specifies an account name.
on Specifies an account name.
off Resets the password to never lockout the user.



Usage Guidelines

If you are not working on SSH, you can configure the number of failed logins that trigger lockout, using the configure cli max-failed-logins num-of-logins command.

This command applies to sessions at the console port of the switch as well as all other sessions and to user-level and administrator-level accounts. This command locks out the user after 3 consecutive failed login attempts; the user‘s account must be specifically re-enabled by an administrator.

Using the off option resets the account to allow innumerable consecutive failed login attempts, which is the system default. The system default is that three failed consecutive login attempts terminate the particular session, but the user may launch another session; there is no lockout feature by default.



The switch does not allow to lock out of at least one administrator account.


The following command enables the account finance for lockout.

After three consecutive failed login attempts, the account is subsequently locked out:

configure account finance password-policy lockout-on-login-failures on


This command was first available in ExtremeXOS 11.2.

Platform Availability

This command is available on ExtremeSwitching X435, X440-G2, X450-G2, X460-G2, X465, X590, X620, and X695 series switches.