Implementing Specific Management Password Policy

By default, the password for a new management user has no requirements other than a minimum length of 6 alphanumeric or special characters. However, if your company enforces a best practices password policy for management users with root access to network equipment, you may want to configure a password policy that sets requirements for management user passwords.

This section describes the following topics:

Defining Management Password Policy

To define specific management password policy settings through the WebUI or the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions., complete the following steps:

In the WebUI

To configure specific management password policy settings:

1. In the Managed Network node hierarchy, navigate to Configuration > System > Profiles.

2. Expand Other Profiles.

3. Select Mgmt Password Policy.

4. Configure the settings described in Table 1.

Table 1: Management Password Policy Settings
Parameter	Description
Enable Password Policy	Select this check box to enable the password management policy. The password policy will not be enforced until this check box is selected.
Minimum password length required	The minimum number of characters required for a management user password Range: 6-64 characters. Default: 6.
Minimum number of Upper Case characters	The minimum number of uppercase characters required in a management user password. Range: 0-10 characters. By default, there is no requirement for uppercase letters in a password, and the parameter has a default value of 0.
Minimum number of Lower Case characters	The minimum number of lowercase characters required in a management user password. Range: 0-10 characters. By default, there is no requirement for lowercase letters in a password, and the parameter has a default value of 0.
Minimum number of Digits	The minimum number of numeric digits required in a management user password. Range: 0-10 digits. By default, there is no requirement for numerical digits in a password, and the parameter has a default value of 0.
Minimum number of Special characters (!, @, #, $, %, ^, &, *, <, >, {, }, [, ], :, ., comma, \|, +, ~, `)	The minimum number of special characters. Range: 0-10 characters.
Username or Reverse of username NOT in Password	When you select this check box, the password cannot be the current username or the username spelled backwards of the management users.
Maximum consecutive character repeats	The maximum number of consecutive repeating characters allowed in a management user password. Range: 0-10 characters. By default, there is no limitation on the numbers of character that can repeat within a password, and the parameter has a default value of 0 characters.
Maximum Number of failed attempts in 3 minute window to lockout user	The number of failed attempts within a 3 minute window that causes the user to be locked out for the period of time specified by the Time duration to lockout the user upon crossing the "lock-out" threshold parameter. Range: 0-10 attempts. By default, the password lockout feature is disabled, and the default value of this parameter is 0 attempts.
Time duration to lock out the user upon crossing the "lock-out" threshold	The duration in time that locks out the user upon crossing the lock out threshold. Range: 0-60 in minutes.

5. Click Submit.

6. Click Pending Changes.

7. In the Pending Changes window, select the check box and click Deploy changes.

Management Authentication Profile Parameters

Table 2 describes configuration parameters on the Management Authentication profile page.

In the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions., you configure these options with the aaa authentication mgmt and aaa-server-group commands.

Table 2: Management Authentication Profile Parameters
Parameter	Description
Enable	Enables authentication for administrative users.
Default Role	Select a predefined management role to assign to authenticated administrative users:
Root	Default superuser role
Guest-provisioning	Guest provisioning role
Location-api-mgmt	Location API Application Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software. role
Network-operations	Network operations role
No-access	No commands are accessible for this role
Read-only	Read-only role
No access	Negates any configured parameter.
Server Group	Name of the group of servers used to authenticate administrative users. See the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command aaa-server-group, in the CLI Command Reference Guide for more information.