API Guide
Use this command to increase password strength. When you enter the command, at least one parameter
is required. When you enter the character-restriction parameter, at least one option is required.
To reset parameters to their default values, use the no password-attributes command.
Supported on the MX9116n and MX5108n switches in Full Switch mode starting in release 10.4.0E(R3S).
Also supported in SmartFabric mode starting in release 10.5.0.1.
Example
OS10(config)# password-attributes min-length 6 character-restriction
upper 2 lower 2 numeric 2
Supported
Releases
10.4.0E(R1) or later
password-attributes max-retry lockout-period
Configures a maximum number of consecutive failed login attempts and the lockout period for the user ID.
Syntax
password-attributes {[max-retry number] [lockout-period minutes]}
Parameters
● max-retry number — (Optional) Sets the maximum number of consecutive failed login attempts
for a user before the user is locked out, from 0 to 16.
● lockout-period minutes — (Optional) Sets the amount of time that a user ID is prevented from
accessing the system after exceeding the maximum number of failed login attempts, from 0 to 43,200.
Default
● Maximum number of retries: 3
● Lockout period: 0 — No lockout period is configured. Failed login attempts do not lock out a user.
Command Mode CONFIGURATION
Usage
Information
To remove the configured max-retry or lockout-period settings, use the no password-
attributes {max-retry | lockout-period} command.
When a user is locked out due to exceeding the maximum number of failed login attempts, other users can
still access the switch.
Supported on the MX9116n and MX5108n switches in Full Switch mode starting in release 10.4.1.0. Also
supported in SmartFabric mode starting in release 10.5.0.1.
Example
OS10(config)# password-attributes max-retry 5 lockout-period 30
Supported
Releases
10.4.1.0 or later
privilege
Creates a privilege level and associates commands with it.
Syntax
privilege mode priv-lvl privilege-level command-string
Parameters
● mode — Enter the privilege mode used to access CLI modes:
○ exec — Accesses EXEC mode.
○ configure — Accesses class-map, DHCP, logging, monitor, openflow, policy-map, QOS,
support-assist, telemetry, CoS, Tmap, UFD, VLT, VN, VRF, WRED, and alias modes.
○ interface — Accesses Ethernet, fibre-channel, loopback, management, null, port-group, lag,
breakout, range, port-channel, and VLAN modes.
○ route-map — Accesses route-map mode.
○ router — Accesses router-bgp and router-ospf modes.
○ line — Accesses line-vty mode.
● priv-lvl privilege-level — Enter the number of a privilege level, from 2 to 14.
1020 Security