Users Guide
278 Authentication, Authorization, and Accounting
7
Set the minimum number of character classes that must be present in the
password. The possible character classes are: upper-case, lower-case,
numeric and special:
console(config)#passwords strength minimum character-classes 4
8
Enable password strength checking:
console(config)#passwords strength-check
9
Create a user with the name “admin” and password “paSS1&word2”. This
user is enabled for privilege level 15. Note that, because password strength
checking was enabled, the password was required to have at least two
numeric characters, one uppercase character, one lowercase character, and
one special character:
console(config)#username admin password paSS1&word2 privilege
15
10
Configure the switch to lock out a local user after three failed login
attempts:
console(config)#passwords lock-out 3
This configuration allows either user to log into the switch. Both users will
have privilege level 1. If no enable password was configured, neither user
would be able to successfully execute the enable command, which grants
access to Privileged Exec mode, because there is no enable password set by
default (the default method list for Telnet enable authentication is only the
“enable” method).
NOTE: It is recommend that the password strength checking and password
lockout features be enabled when configuring local users.