Reset Search
 

 

Article

How to configure password security on ERS 4900/5900

« Go Back

Information

 
TitleHow to configure password security on ERS 4900/5900
Objective
How to configure password security restrictions in enhanced secure mode on BOSS operated switches.
Environment
  • ERS 4900/5900
  • BOSS
Procedure
  1. Enter Global Configuration mode: 
    enable
    configure terminal
  2. Configure the password validity period: 
    password aging-time [username <name>]<0–365>
  3. Configure the password change interval: 
    password change-interval <1-999>
  4. Configure whether the switch accepts repeated consecutive characters in the password: 
    password check—repeated [enable | disable]
  5. Configure whether the switch accepts sequential characters in a password: 
    password check—sequential [enable | disable]
  6. Configure password complexity: 
    password complexity [lower—case <0–9> | numeric <0–9> | special <0–9> | upper-case <0–9>]
  7. Configure the password delay-time: 
    password delay—time <0–3600>
  8. Configure the password encryption key: 
    password encryption-key aes-cbc
  9. Configure the interval for post-expiration log in: 
    password grace-period <1-365>
  10. Configure the failure notification message:
    password login-failure-notification "<message>"
  11. Configure the minimum length for a password: 
    password min-length <8–255>
  12. Configure password expiry notifications: 
    password notifications <1–90>
  13. Configure whether the switch enforces a password change on first login: 
    password password-change-on-first-login [disable | enable]
  14. Configure the maximum number of password changes per day: 
    password password-change-rate-limiter <1–10>
  15. Configure the maximum number of passwords retained in history: 
    password password-history <0–12>
  16. Configure the number of post-expiration logins: 
    password post-expiration-login <0-10>
  17. Configure the number of days after which a disabled user account due to inactive period is re-enabled: 
    password unlock-timer <1–365>
  18. Verify password security restrictions: 
    show password {aging-time | change-interval | check-repeated | check-sequential | complexity | 
    delay-time | grace-period | loginfailure-notification | min-length | notifications | password-changeon-first-login | 
    password-change-rate-limiter | password-history | post-expiration-login | unlock-timer}
  19. Reset password security restrictions to default values: 
    default password {aging-time | change-interval | check-repeated | check-sequential |  complexity | 
    delay-time | grace-period | minlength | notifications | password-change-on-first-login | passwordchange-rate-limiter | 
    password-history | post-expiration-login | unlock-timer}




 
Additional notes
VariableValue
aging-time <0-365>Specifies the number of days the password remains valid.
The default value is 0.
aging-time [username]Specifies the user for which you configure the aging time.
change-interval <1-999>Specifies the password change interval, in hours.
check-repeated [enable | disable]Specifies whether the switch accepts repeated characters in a password:
  • disable - Accepts repeated consecutive characters.
  • enable - Forbids repeated consecutive characters.
The default value is disabled.
check-sequential [enable | disable]Specifies whether the switch accepts sequential characters in a password:
  • disable - Accepts repeated sequential characters.
  • enable - Forbids repeated sequential characters.
The default value is disabled.
lower-case <0–9>Specifies the minimum number of lower-case characters that can be included in the password.
numeric <0–9>Specifies the minimum number of numeric characters that can be included in the password.
special <0–9>Specifies the minimum number of special characters (!, @, #, $, %, ^, &, *, (, ), -, +, =, _) that can be included in the password.
upper-case <0–9>Specifies the minimum number of upper-case characters that can be included in the password.
delay-time <0–3600>Specifies the amount of delay time after 3 login attempts, in seconds. Default is 60 seconds.
encryption-key aes-cbcEnables internal password encryption.
grace-period <1-365>Specifies the interval in which the user can login after his password expires.
login-failure-notification "<message>"Specifies the notification message that the user sees after an incorrect login. The maximum length is 99 characters.
min-length <8–255>Specifies the minimum length for a password.
notifications <1–90>Specifies the notification interval in days before the password expires. Default is 10 days.
password-change-on-first-login [disable | enable]Specifies whether the switch enforces a password change on first login:
  • disable - Disables password change on first login.
  • enable - Enables password change on first login.
The default value is disabled.
password-change-rate-limiter <1-10>Specifies the maximum number of password changes allowed per day. Default is 1.
password-history <0-12><0-12> Specifies the number of passwords retained in history. Default is 1.
post-expiration-login <0-10>Specifies the number of allowed post-expiration logins.
unlock-timer <1–365><1-365> Specifies the number of days after which a disabled user account due to inactivity period is re-enabled.
Default is 7 days.



 

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255