Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Enforcing Minimum Password Length on switches, routers, and FWs

Cisco sent a letter addressing the lack of ability in enforcing a minimum password length on IOS devices and ASAs. In the letter, Cisco states that "With the shipping versions of Cisco IOS as of the current date, the native capabilities allow for encrypting the password as well as specifying a minimum length."

In regards to specifying a minimum length, I believe Cisco is referring to Autosecure for routers. But I don't know of any way to set a minimum password length on switches, even though Cisco states that it is natively support by IOS. I also know of no way to do this with ASAs. I know we can enforce several policies with TACACS, but we're looking for device IOS capabilities.

I'd also like to know what is meant by a "shipping version" of IOS. I'd always thought that a device came with a base IOS with a base license.

Thanks for the time and help.

2 ACCEPTED SOLUTIONS

Accepted Solutions
VIP Purple

Re: Enforcing Minimum Password Length on switches, routers, and

With "shipping version" the newest available versions are ment. If you don't use them, some of these fancy new features can't be used.

For the ASA:

asa(config)# password-policy ?

configure mode commands/options:

  authenticate-enable  Enable the user authentication feature

  lifetime             Set password lifetime

  minimum-changes      Set minimum character changes between old and new

                       password

  minimum-length       Set minimum password length

  minimum-lowercase    Set minimum number of lowercase password characters

  minimum-numeric      Set minimum number of numeric password characters

  minimum-special      Set minimum number of special password characters

  minimum-uppercase    Set minimum number of uppercase password characters

IOS-Router:

router(config)#security passwords min-length ?

  <0-16>  Minimum length of all user/enable passwords

For the Catalyst I'm not aware of a corresponding setting. But the best option is to let the TACACS-server control these settings.


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
Bronze

Enforcing Minimum Password Length on switches, routers, and FWs

you can set password min-length by using the following command;

security passwords min-length

Full details of the command can be found here;

http://www.cisco.com/en/US/docs/ios/12_3t/secur/command/reference/sec_s1gt.html#wp1204059

Please rate post if helpful

3 REPLIES
VIP Purple

Re: Enforcing Minimum Password Length on switches, routers, and

With "shipping version" the newest available versions are ment. If you don't use them, some of these fancy new features can't be used.

For the ASA:

asa(config)# password-policy ?

configure mode commands/options:

  authenticate-enable  Enable the user authentication feature

  lifetime             Set password lifetime

  minimum-changes      Set minimum character changes between old and new

                       password

  minimum-length       Set minimum password length

  minimum-lowercase    Set minimum number of lowercase password characters

  minimum-numeric      Set minimum number of numeric password characters

  minimum-special      Set minimum number of special password characters

  minimum-uppercase    Set minimum number of uppercase password characters

IOS-Router:

router(config)#security passwords min-length ?

  <0-16>  Minimum length of all user/enable passwords

For the Catalyst I'm not aware of a corresponding setting. But the best option is to let the TACACS-server control these settings.


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

Enforcing Minimum Password Length on switches, routers, and FWs

Thanks karsten for your time and knowledge. This is exactly what I was looking for.

Bronze

Enforcing Minimum Password Length on switches, routers, and FWs

you can set password min-length by using the following command;

security passwords min-length

Full details of the command can be found here;

http://www.cisco.com/en/US/docs/ios/12_3t/secur/command/reference/sec_s1gt.html#wp1204059

Please rate post if helpful

48620
Views
4
Helpful
3
Replies
CreatePlease login to create content