User Account Lockout

This feature prevents users from logging in after 20 failed attempts. The user account is locked out for 30 minutes after the last failure login attempt. If the account has not been locked, the running count of  failed login attempts is reset to 0 after a valid login.

The administrator controls this feature via Avi Vantage’s CLI or REST API. The setting for it is maintained within the UserAccountProfile object. By default, all the users in the system are attached to “Default-User-Account-Profile,” as shown below. If required, the admin can create a new user account profile with different thresholds.

Note: This feature may be disabled by setting the max_login_failure_count to 0.


admin:10-10-24-52]: > show useraccountprofile Default-User-Account-Profile
+-------------------------------+---------------------------------------------------------+
| Field | Value |
+-------------------------------+---------------------------------------------------------+
| uuid | useraccountprofile-6753548e-7ac5-4601-939b-ad4394405db4 |
| name | Default-User-Account-Profile |
| max_password_history_count | 0 |
| max_login_failure_count | 20 |
| account_lock_timeout | 30 |
| max_concurrent_sessions | 0 |
| credentials_timeout_threshold | 0 |
+-------------------------------+---------------------------------------------------------+
To change user account lockout attributes:
[admin:10-10-24-52]: > configure useraccountprofile Default-User-Account-Profile
Updating an existing object. Currently, the object is:
[admin:10-10-24-52]: useraccountprofile> max_login_failure_count 30
Overwriting the previously entered value for max_login_failure_count
[admin:10-10-24-52]: useraccountprofile> account_lock_timeout 60
Overwriting the previously entered value for account_lock_timeout
[admin:10-10-24-52]: useraccountprofile> save
+-------------------------------+---------------------------------------------------------+
| Field | Value |
+-------------------------------+---------------------------------------------------------+
| uuid | useraccountprofile-6753548e-7ac5-4601-939b-ad4394405db4 |
| name | Default-User-Account-Profile |
| max_password_history_count | 0 |
| max_login_failure_count | 30 |
| account_lock_timeout | 60 |
| max_concurrent_sessions | 0 |
| credentials_timeout_threshold | 0 |
+-------------------------------+---------------------------------------------------------+