4000 Router Series Security Configuration Guide

Configuring password control

Overview

Password control refers to a set of functions provided by the device to manage login and super password

setup, expirations, and updates for device management users, and to control user login status based on

predefined policies.

Local users are divided into two types: device management users and network access users. This feature

applies only to device management users. For more information about local users, see "Configuring

AAA."

Password setting

Minimum password length

You can define the minimum length of user passwords. If a user enters a password that is shorter than the

minimum length, the system rejects the password.

Password composition policy

A password can be a combination of characters from the following types:

• Uppercase letters A to Z.

• Lowercase letters a to z.

• Digits 0 to 9.

• Special characters. For information about special characters, see the password-control composition

command in Security Command Reference.

Depending on the system's security requirements, you can set the minimum number of character types a

password must contain and the minimum number of characters for each type, as shown in Table 5.

Table 5 Password c

ontrol composition policy

Password combination

level

Minimum number of

character t

Minimum number of characters for

each t

Level 1 One One

Level 2 Two One

Level 3 Three One

Level 4 Four One

When a user sets or changes a password, the system checks if the password meets the combination

requirement. If not, the operation will fail.

Password complexity checking policy

A less complicated password such as a password containing the username or repeated characters is

more likely to be cracked. For higher security, you can configure a password complexity checking policy

to make sure all user passwords are relatively complicated. With such a policy configured, when a user