Configuring Password Complexity
Enable the Password Complexity feature
The minimum password length must be configured to 8.
The
manager
credentials must be configured. If they are not, use thepassword manager
command to create the password.Enable the Password Complexity feature (Enable Password Complexity)
Configure the Password Complexity parameters
Configure the password aging, history, and log-on details. (Configure the Password Complexity parameters)
Configure the password minimum length (Configure password minimum length)
Configure the password composition (Configure password composition)
-
Configure complexity checks on a new user password (Configure password complexity checks)
Viewing the password configuration
To view the password configuration, enter the show
password-configuration
command. The Password
Control
parameter displays the status and parameters of
the feature, either enabled or disabled.
Example
In this example, the password configuration is disabled and the minimum password length is 8.
switch# show password-configuration
Global password control configuration
Password control : Disabled
Password history : Disabled
Number of history records : 8
Password aging : Disabled
Aging time : 90 days
Early notice on password expiration : 7 days
Minimum password update interval : 24 hours
Expired user login : 3 login attempts in 30 days
Password minimum length : 8
User login details checking : Enabled
Password composition
Lower case : 2 characters
Upper case : 2 characters
Special character : 2 characters
Number : 2 characters
Repeat password checking : Disabled
Username checking : Disabled
Repeat characters checking : Disabled
More information
show password-configuration |
Enable Password Complexity
To enable the Password Complexity feature, enter
the password configuration-control
command.
Example
In this example, the WebUI is enabled and the
user enters y
to disable the WebUI and enable the
Password Complexity feature.
switch# password configuration-control The password configuration feature cannot be enabled when the WebUI is enabled. Would you like to disable WebUI and REST protocol? [y/n]: y
More information
password configuration-control |
Configure the Password Complexity parameters
You can configure the Password Complexity parameters at any time but they will only take effect if the Password Complexity feature is enabled.
Example
In this example, we enable the aging
and history
parameters.
switch# password configuration aging switch# password configuration history
The Password history
and Password
aging
are now enabled.
We then set the aging parameter, aging-period
,
to 60 days:
switch# password configuration aging-period 60
The show password-configuration
displays
the configuration changes:
switch# show password-configuration
Global password control configuration
Password control : Enabled
Password history : Enabled
Number of history records : 8
Password aging : Enabled
Aging time : 60 days
Early notice on password expiration : 7 days
Minimum password update interval : 24 hours
Expired user login : 3 login attempts in 30 days
Password minimum length : 8
User login details checking : Enabled
Password composition
Lower case : 2 characters
Upper case : 2 characters
Special character : 2 characters
Number : 2 characters
Repeat password checking : Disabled
Username checking : Disabled
Repeat characters checking : Disabled
More information
password configuration commands |
password configuration |
Configure password minimum length
To configure the password minimum length, enter
the password minimum-length
command. The minimum
password length must be equal or greater than the sum of the password
composition. You can set the password minimum length for all users
or per user.
Example
To configure the password minimum length to 10 for all users, enter:
switch# password minimum-length 10
To configure the password minimum length to 10
for the operator user operatorABC
only, enter:
switch# password operator user-name operatorABC minimum-length 10
To configure the password minimum length to 10
for the local user localuserXYZ
only, enter:
switch# aaa authentication local-user localuserXYZ min-pwd-length 10
More information
password minimum-length |
Configure password composition
To configure the password composition policy
for all users, which includes the minimum number of characters from
the set of lowercase letters, uppercase letters, special characters,
and numbers, enter the password composition
command.
The minimum password length must be equal or greater than the sum
of the password composition.
Example
In this example, we set the password special characters parameter to 3.
switch# password composition specialcharacter 3
The show password-configuration
command
displays the configuration changes:
switch# show password-configuration
Global password control configuration
Password control : Enabled
Password history : Enabled
Number of history records : 8
Password aging : Enabled
Aging time : 60 days
Early notice on password expiration : 7 days
Minimum password update interval : 24 hours
Expired user login : 3 login attempts in 30 days
Password minimum length : 10
User login details checking : Enabled
Password composition
Lower case : 2 characters
Upper case : 2 characters
Special character : 3 characters
Number : 2 characters
Repeat password checking : Disabled
Username checking : Disabled
Repeat characters checking : Disabled
More information
password composition |
Configure password complexity checks
To configure password complexity checks on a
new user password, enter the password complexity
command.
Example
In this example, we set the password complexity
check to all, which includes repeat-password-check
, repeat-char-check
,
and user-name-check
.
switch# password complexity all
More information
password complexity |