Implementing Specific Management Password Policy
By default, the password for a new management user has no requirements other than a minimum length of 6 alphanumeric or special characters. However, if your company enforces a best practices password policy for management users with root access to network equipment, you may want to configure a password policy that sets requirements for management user passwords.
This section describes the following topics:
Defining Management Password Policy
The following procedure describes how to configure specific management password policy setting.
- In the node hierarchy, navigate to .
- Expand .
- Select .
- Configure the settings described in Table 1.
Parameter |
Description |
|
Select this check box to enable the password management policy. The password policy will not be enforced until this check box is selected. |
|
The minimum number of characters required for a management user password Range: 6-64 characters. Default: 6. |
|
The minimum number of uppercase characters required in a management user password. Range: 0-10 characters. By default, there is no requirement for uppercase letters in a password, and the parameter has a default value of 0. |
|
The minimum number of lowercase characters required in a management user password. Range: 0-10 characters. By default, there is no requirement for lowercase letters in a password, and the parameter has a default value of 0. |
|
The minimum number of numeric digits required in a management user password. Range: 0-10 digits. By default, there is no requirement for numerical digits in a password, and the parameter has a default value of 0. |
|
The minimum number of special characters. Range: 0-10 characters. |
|
When you select this check box, the password cannot be the current username or the username spelled backwards of the management users. |
|
The maximum number of consecutive repeating characters allowed in a management user password. Range: 0-10 characters. By default, there is no limitation on the numbers of character that can repeat within a password, and the parameter has a default value of 0 characters. |
|
The number of failed attempts within a 3 minute window that causes the user to be locked out for the period of time specified by the parameter.Range: 0-10 attempts. By default, the password lockout feature is disabled, and the default value of this parameter is 0 attempts. |
|
The duration in time that locks out the user upon crossing the lock out threshold. Range: 0-60 in minutes. |
- Click .
- Click .
- In the window, select the check box and click .
The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command configures specific management password policy settings:
aaa password-policy mgmt
Management Authentication Profile Parameters
Table 2 describes configuration parameters on the Management Authentication profile page.
In the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions., you configure these options with the and commands.
Parameter |
Description |
|
Enables authentication for administrative users. |
|
Select a predefined management role to assign to authenticated administrative users: |
|
Default superuser role |
|
Guest provisioning role |
|
|
|
Network operations role |
|
No commands are accessible for this role |
|
Read-only role |
|
Negates any configured parameter. |
|
Name of the group of servers used to authenticate administrative users. See the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command , in the CLI Command Reference Guide for more information. |