02-03-2014 12:34 PM - edited 03-07-2019 05:58 PM
I am looking for a way to enforce password complexity on the local passwords (not TACACAS/ACS/RADIUS) on a router or a swtich. i.e. enable password, username/password and so on require uppercase,lowercase,numeric, non-alphanumeric.... The requirement is I was able to find a few mentions of this not being possible but all the posts are a few years old. I thought I saw this feature available on ios release 15.0 but I cannot find the article saying so any more. Does anyone know of a command that will allow me to do this?
02-03-2014 01:01 PM
It's supported, but I'm not sure what IOS/platform you're on...
HTH,
John
*** Please rate all useful posts ***
02-03-2014 11:19 PM
Hi John,
Really cool feature I wasn't aware of +5 for this man
Regards
Alain
Don't forget to rate helpful posts.
02-04-2014 03:31 AM
Thanks Alain
HTH,
John
*** Please rate all useful posts ***
08-22-2019 05:09 AM
Even if we apply given procedure it does not enforce us to use policy only as we can also configure username and password without policy applied. Surprisingly, without policy applied will also be able to access the device.
Another drawback of configuring password policy is that it support only type 7 encrypted password.
Is there any options to enforce policy and keeping the password secured with secret.
02-03-2014 03:18 PM
Hello
See if these are applicable?
security passwords min-length x
security authentication failure rate x log
enable secret xxxxx
aaa new-model
aaa authentication login secure
aaa authentication password-prompt backup_Passwd:
aaa authentication username-prompt backup_Username:
username ???? privilege 15 password xxxxx
ip domain-name xxxx.com
crypto key zero
crypto key generate rsa general-keys modulus 1024|2048
ip ssh time-out xx
ip ssh authentication-retries x
ip ssh version 2
line con
login authentication secure
exec-timeout x x
transport output telnet
line aux 0
login authentication secure
exec-timeout x x
transport output telnet
line vty 0 988
login authentication secure
transport input ssh
exec-timeout x x
absolute-timeout x x
login block-for 10 attempts 2 within 5
res
Paul
Please don't forget to rate any posts that have been helpful.
Thanks.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: