Rate-Limiting Authentication Attempts
Cisco IOS commands offer several ways to rate-limit authentication
attempts:
■ The security authentication failure rate threshold-rate log command
enables you to set a number of failures after which a 15-second delay
is imposed and a syslog message triggered.
■ The login block-for seconds attempts tries within seconds command
enables you to block login attempts for seconds if the number of login
attempts exceeds tries within seconds. You can exclude a list of
addresses from blocking by configuring the login quiet-mode accessclass
{acl-name | acl-number} command.
■ The login delay seconds command enforces a minimum delay of
seconds between successive login attempts. This helps mitigate
dictionary attacks against the router.