×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Password complexity enforcement

Unanswered Question
Feb 3rd, 2014
User Badges:

I am looking for a way to enforce password complexity on the local passwords (not TACACAS/ACS/RADIUS) on a router or a swtich. i.e. enable password, username/password and so on require uppercase,lowercase,numeric, non-alphanumeric.... The requirement is I was able to find a few mentions of this not being possible but all the posts are a few years old. I thought I saw this feature available on ios release 15.0 but I cannot find the article saying so any more. Does anyone know of a command that will allow me to do this?                   

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
cadet alain Mon, 02/03/2014 - 23:19
User Badges:
  • Purple, 4500 points or more

Hi John,

Really cool feature I wasn't aware of  +5 for this man


Regards


Alain



Don't forget to rate helpful posts.

John Blakley Tue, 02/04/2014 - 03:31
User Badges:
  • Purple, 4500 points or more

Thanks Alain



HTH,
John

*** Please rate all useful posts ***

paul driver Mon, 02/03/2014 - 15:18
User Badges:
  • Green, 3000 points or more

Hello

See if these are applicable?


security passwords min-length x

security authentication failure rate x log

enable secret xxxxx

aaa new-model

aaa authentication login secure

aaa authentication password-prompt backup_Passwd:

aaa authentication username-prompt backup_Username:

username ???? privilege 15 password xxxxx


ip domain-name xxxx.com

crypto key zero

crypto key generate rsa general-keys modulus 1024|2048


ip ssh time-out xx

ip ssh authentication-retries x

ip ssh version 2




line con

login authentication secure

exec-timeout x x

transport output telnet

line aux 0

login authentication secure

exec-timeout x x

transport output telnet

line vty 0 988

login authentication secure

transport input ssh

exec-timeout x x

absolute-timeout x x


login block-for 10 attempts 2 within 5



res

Paul




Please don't forget to rate any posts that have been helpful.

Thanks.

Actions

This Discussion

Related Content