You are here: Home > CLI Commands > Just_CLI_Topics > aaa password-policy mgmt

aaa password-policy mgmt

aaa password-policy mgmt

enable

no

password-lock-out

password-lock-out-time

password-max-character-repeat.

password-min-digit

password-min-length

password-min-lowercase-characters

password-min-special-character

password-min-special-character

password-min-uppercase-characters

password-not-username

Description

Define a policy for creating management user passwords.

Syntax

Parameter

Description

enable

Enable the password management policy.

password-lock-out

The number of failed attempts within a 3 minute window that causes the user to be locked out for the period of time specified by the password-lock-out-time parameter.

Range: 0-10 attempts. By default, the password lockout feature is disabled, and the default value of this parameter is 0 attempts.

password-lock-out-time

The number of minutes a user who has exceeded the maximum number of failed password attempts is locked out of the network. After this period has passed, the lockout is cleared without administrator intervention.

Range: 1 min to 1440 min (24 hrs). Default: 3.

NOTE: When a management user gets locked out, that event is logged in the managed device log file. The management user lockout warning message can have any one of the following warning IDs.

125060 = Password policy locked out a management user created via the mgmt-user command in the serial console CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions..

125061 = Password policy locked out a management user created via the WebUI or the mgmt-user command in the Telnet or SSHSecure Shell. SSH is a network protocol that provides secure access to a remote device. CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions..

133109 = Password policy locked out a management user created via the local-userdb command in the CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions..

password-max-character-repeat

The maximum number of consecutive repeating characters allowed in a management user password.

Range: 0-10 characters. By default, there is no limitation on the numbers of character that can repeat within a password, and the parameter has a default value of 0 characters.

password-min-digit

The minimum number of numeric digits required in a management user password.

Range: 0-10 digits. By default, there is no requirement for numerical digits in a password, and the parameter has a default value of 0.

password-min-length

The minimum number of characters required for a management user password

Range: 6-64 characters. Default: 6.

password-min-lowercase-characters

The minimum number of lowercase characters required in a management user password.

Range: 0-10 characters. By default, there is no requirement for lowercase letters in a password, and the parameter has a default value of 0.

password-min-special-characters

The minimum number of special characters (!, @, #, $, %, ^, &, *, <, >, {, }, [, ], :, ., comma, |, +, ~, ` ) in password. Range: 0-10 special characters.

Default: 0 (minimum number of special character required is disabled by default, The following ( ')', '(' ;, -, space, =, /, ?) are dis-allowed).

password-min-special-character

The minimum number of special characters required in a management user password.

Range: 0-10 characters. By default, there is no requirement for special characters in a password, and the parameter has a default value of 0. See Usage Guidelines below for a list of allowed and disallowed special characters

password-min-uppercase-characters

The minimum number of uppercase characters required in a management user password.

Range: 0-10 characters. By default, there is no requirement for uppercase letters in a password, and the parameter has a default value of 0.

password-not-username

Password cannot be the current username or the username spelled backwards of the management user.

Usage Guidelines

By default, the password for a management user has no requirements other than a minimum length of 6 alphanumeric or special characters. You do not need to configure a different management user password policy unless your company enforces a best practices password policy for management users with root access to network equipment.

Example

The following command sets a management password policy that requires the password to have a minimum of nine characters, including one numerical digit and one special character:

(host) ^[md] (config) aaa password-policy mgmt

enable

password-min-digit 1

password-min-length 9

password-min-special-characters 1

Related Commands

Command

Description

show aaa password-policy mgmt

This command displays the current management password policy.

Command History

Release

Modification

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

License

Command Mode

All platforms

Base operating system.

Config mode on Mobility Master.

/*]]>*/