User Manual
Enterasys X-Pedition User Reference Manual 33
Configuring CLI Access Security
Password Policy Management
Secure access to the X-Pedition through password protection and policies is available in both
single- and multi-user modes. Global password policies are established using the system set
password-policy command and apply to all passwords in single- or multi-user mode unless
specifically overridden by one of the command options described below.
The following policy elements are configurable in single-user and multi-user modes:
• Enable or disable password policy verification (enabled by default)
• Minimum password length (by default, 8 characters)
• Access management including:
– The amount of time a user has to log in successfully (by default, 60 seconds)
– The number of login failures to allow before disabling a user’s account (by default, 6)
– After an account is disabled, the amount of time that must pass before permitting another
login attempt (by default, 60 minutes)
• Password change management including:
– Require a user to change the password following the first login (off by default)
– The number of days the password is valid (by default, 90 days)
– The number of days prior to password expiration to warn the user of the pending expiration
(by default, 14 days)
– The number of previous passwords that cannot be re-used (by default, 5)
Single-User Mode
Creating a Password
By default, the X-Pedition operates in single-user mode with password access enabled and no
passwords defined. To define a password for Login, Enable, or Configure mode, use the system set
password command from Configure mode. The following example sets an Enable mode password:
Note: Passwords are case sensitive. In other words, the X-Pedition recognizes upper- and lower-
case letters as different characters (e.g., “M” is not the same as “m”).
You must set the password for each mode individually (i.e., you may use a different
password for each mode). If a password is configured for Enable mode, the X-Pedition
asks for the password when you enter the enable command. If no password is defined, the
X-Pedition will advise you to configure a password, then switch to Enable mode—from
xp(config)# system set password enable MyPassword