Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Password complexity enforcement

I am looking for a way to enforce password complexity on the local passwords (not TACACAS/ACS/RADIUS) on a router or a swtich. i.e. enable password, username/password and so on require uppercase,lowercase,numeric, non-alphanumeric.... The requirement is I was able to find a few mentions of this not being possible but all the posts are a few years old. I thought I saw this feature available on ios release 15.0 but I cannot find the article saying so any more. Does anyone know of a command that will allow me to do this?                   

Everyone's tags (2)
4 REPLIES

Password complexity enforcement

http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_aaa/configuration/15-sy/sec-aaa-comm-criteria-pwd.html#GUID-DD1BD8BD-BC5E-4DC1-B08C-F860D2C82AEF

It's supported, but I'm not sure what IOS/platform you're on...

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
Purple

Password complexity enforcement

Hi John,

Really cool feature I wasn't aware of  +5 for this man

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Password complexity enforcement

Thanks Alain

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
VIP Purple

Re: Password complexity enforcement

Hello

See if these are applicable?

security passwords min-length x

security authentication failure rate x log

enable secret xxxxx

aaa new-model

aaa authentication login secure

aaa authentication password-prompt backup_Passwd:

aaa authentication username-prompt backup_Username:

username ???? privilege 15 password xxxxx

ip domain-name xxxx.com

crypto key zero

crypto key generate rsa general-keys modulus 1024|2048

ip ssh time-out xx

ip ssh authentication-retries x

ip ssh version 2

line con

login authentication secure

exec-timeout x x

transport output telnet

line aux 0

login authentication secure

exec-timeout x x

transport output telnet

line vty 0 988

login authentication secure

transport input ssh

exec-timeout x x

absolute-timeout x x

login block-for 10 attempts 2 within 5

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.

Please don't forget to rate any posts that have been helpful. Thanks.
684
Views
5
Helpful
4
Replies
CreatePlease to create content