Implementing Specific Management Password Policy

By default, the password for a new management user has no requirements other than a minimum length of 6 alphanumeric or special characters. However, if your company enforces a best practices password policy for management users with root access to network equipment, you may want to configure a password policy that sets requirements for management user passwords.

This section describes the following topics:

Defining Management Password Policy

The following procedure describes how to configure specific management password policy setting.

  1. In the Managed Network node hierarchy, navigate to Configuration > System > Profiles.
  2. Expand Other Profiles.
  3. Select Mgmt Password Policy.
  4. Configure the settings described in Table 1.

Table 1: Management Password Policy Settings

Parameter

Description

Enable Password Policy

Select this check box to enable the password management policy. The password policy will not be enforced until this check box is selected.

Minimum password length required

The minimum number of characters required for a management user password

Range: 6-64 characters. Default: 6.

Minimum number of Upper Case characters

The minimum number of uppercase characters required in a management user password.

Range: 0-10 characters. By default, there is no requirement for uppercase letters in a password, and the parameter has a default value of 0.

Minimum number of Lower Case characters

The minimum number of lowercase characters required in a management user password.

Range: 0-10 characters. By default, there is no requirement for lowercase letters in a password, and the parameter has a default value of 0.

Minimum number of Digits

The minimum number of numeric digits required in a management user password.

Range: 0-10 digits. By default, there is no requirement for numerical digits in a password, and the parameter has a default value of 0.

Minimum number of Special characters (!, @, #, $, %, ^, &, *, <, >, {, }, [, ], :, ., comma, |, +, ~, `)

The minimum number of special characters.

Range: 0-10 characters.

Username or Reverse of username NOT in Password

When you select this check box, the password cannot be the current username or the username spelled backwards of the management users.

Maximum consecutive character repeats

The maximum number of consecutive repeating characters allowed in a management user password.

Range: 0-10 characters. By default, there is no limitation on the numbers of character that can repeat within a password, and the parameter has a default value of 0 characters.

Maximum Number of failed attempts in 3 minute window to lockout user

The number of failed attempts within a 3 minute window that causes the user to be locked out for the period of time specified by the Time duration to lockout the user upon crossing the "lock-out" threshold parameter.

Range: 0-10 attempts. By default, the password lockout feature is disabled, and the default value of this parameter is 0 attempts.

Time duration to lock out the user upon crossing the "lock-out" threshold

The duration in time that locks out the user upon crossing the lock out threshold.

Range: 0-60 in minutes.

  1. Click Submit.
  2. Click Pending Changes.
  3. In the Pending Changes window, select the check box and click Deploy changes.

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command configures specific management password policy settings:

aaa password-policy mgmt

Management Authentication Profile Parameters

Table 2 describes configuration parameters on the Management Authentication profile page.

Table 2: Management Authentication Profile Parameters

Parameter

Description

Enable

Enables authentication for administrative users.

Default Role

Select a predefined management role to assign to authenticated administrative users:

Root

Default superuser role

Guest-provisioning

Guest provisioning role

Location-api-mgmt

Location API Application Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software. role

Network-operations

Network operations role

No-access

No commands are accessible for this role

Read-only

Read-only role

No access

Negates any configured parameter.

Server Group

Name of the group of servers used to authenticate administrative users. See the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command aaa-server-group, in the CLI Command Reference Guide for more information.