In the default setting, a user fails to authenticate 3 times. Then his ip address is added to black list, and is deleted from black list after 10 minutes.
Admin can accord needs of users to change the authentication failure count to lock and timeout to unlock by using command “lock authentication-count count” and “lock lock-timeout timeout” in the view of proper user’s interface. For example:
[sysname] user-interface vty 0 4
[sysname-ui-vty0-4] lock authentication-count 5 // authentication failure count to lock is 5
[sysname-ui-vty0-4]lock lock-timeout 5 // timeout to unlock is 5 minute