Administrator Guide

Security Commands 1070

A value greater than 0 specifies the minimum number of character class tests

a password must pass. A value of 0 disables the minimum strength checking

set by the above commands. Minimum character class checking validates

passwords that contain a character matching a configured character class. If

minimum character class checking is enabled, a password must pass at least

the minimum number of configured minimum strength class checks to be

valid. Non-configured minimum character classes are not counted towards

the minimum matching character classes.

If minimum character class checking is disabled and if a password contains a

character matching a configured (non-zero) minimum strength character

class, it must meet the specific minimum strength limit for the matching

class. If the password only contains characters from non-configured character

classes, the password is considered valid.

If the maximum consecutive characters or maximum repeated characters

limits are configured, passwords must pass these tests regardless of the

minimum character class checking setting.

Example

console(config)#passwords strength minimum character-classes 4

passwords strength exclude-keyword

Use this command to exclude the keyword while configuring the password.

The password does not accept the keyword in any form (inbetween the string,

case insensitive and reverse) as a substring. You can configure up to a

maximum of three keywords. Use the no form of this command to reset the

restriction for a given string or all the strings configured.

Syntax

passwords strength exclude–keyword

string

no passwords strength exclude–keyword [

string

]

Default Configuration

This command has no default configuration.

Command Mode

Global Configuration

2CSNXXX_SWUM204.book Page 1070 Monday, January 25, 2016 1:25 PM