Cisco Catalyst Center Administrator Guide, Release 3.2.x

Account lockout

Updated: May 5, 2026

Want to summarize with AI?

Overview

Information about configuring account lockout policy to manage user login attempts, account lockout period, and number of login entries.

You can configure the account lockout policy to manage user login attempts, account lockout period, and number of login retries.

By default, account lockout uses dual-layer security that tracks failed attempts against both username and source IP address. When triggered, both elements lock simultaneously: the IP address is blocked from all authentication attempts, and the username is locked across all IP addresses.

Account lockout impacts only local users, not external authentication users.

Procedure

	1.	From the main menu, choose System > Settings > Trust & Privacy > Account Lockout.
	2.	Click the Enforce Account Lockout toggle button so that you see a check mark.
	3.	Enter values for these Enforce Account Lockout parameters: Maximum Login Retries Lockout Effective Periods (minutes) Reset Login Retries after (minutes) Note Hover your cursor over Info to view details for each parameter.
	4.	Select the Idle Session Timeout value (the duration after which the session expires and users are redirected to the login page). The default is 1 hour.
	5.	Click Save. If you leave the session idle, a Session Timeout dialog box appears five minutes before the session timeout. To continue, do one of these tasks: If you want to continue the session, click Stay signed in. To end the session immediately, click Sign out.

Need help?

Open a support case

(Requires a Cisco Service Contract)

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.