Configuring the account lockout threshold

You can configure the lockout threshold with the password-attributes max-retry maxretry command. The value of the maxretry specifies the number of times a user can attempt to log in with an incorrect password before the account is locked. The number of failed login attempts is counted from the last successful login. The maxretry can be set to a value from 0 through 16. A value of 0 disables the lockout mechanism (default).

The following example sets the lockout threshold to 5.

  1. In privileged EXEC mode, use the configure terminal command to enter global configuration mode.
  2. Enter the password-attributes command with the specified parameter.
    device# configure terminal
    Entering configuration mode terminal
    device(config)# password-attributes max-retry 4
    

    When a user account is locked, it can be unlocked using the procedure described in Unlocking an account.