Manualshelf

HP MSR2000/3000/4000 Router Series Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router
919293949596979899100
86
A password expires after 30 days.
The minimum password update interval is 36 hours.
The maximum account idle time is 30 days.
A password cannot contain the username or the reverse of the username.
No character appears consecutively three or more times in a password.
Configure a super password control policy for user role network-operator to meet the following
requirements: A super password must contain at least four character types and at least five characters for.
each type.
Configure a password control policy for the local Telnet user test to meet the following requirements:
The password must contain at least 16 characters.
The password must consist of at least four character types and at least five characters for each type.
The password for the local user expires after 20 days.
Configuration procedure
# Enable the password control feature globally.
<Sysname> system-view
[Sysname] password-control enable
# Prohibit the user from logging in forever after two successive login failures.
[Sysname] password-control login-attempt 2 exceed lock
# Set all passwords to expire after 30 days.
[Sysname] password-control aging 30
# Set the minimum password update interval to 36 hours.
[Sysname] password-control update-interval 36
# Specify that a user can log in five times within 60 days after the password expires.
[Sysname] password-control expired-user-login delay 60 times 5
# Set the maximum account idle time to 30 days.
[Sysname] password-control login idle-time 30
# Refuse any password that contains the username or the reverse of the username.
[Sysname] password-control complexity user-name check
# Specify that no character of the password can be repeated three or more times consecutively.
[Sysname] password-control complexity same-character check
# Specify that a super password must contain at least four character types and at least five characters for
each type.
[Sysname] password-control super composition type-number 4 type-length 5
# Configure a super password used for switching to user role network-operator as
12345ABGFTweuix@#$%! in plain text.
[Sysname] super password role network-operator simple 12345ABGFTweuix@#$%!
# Create a device management user named test.
[Sysname] local-user test class manage
# Set the service type of the user to Telnet.
[Sysname-luser-manage-test] service-type telnet
# Set the minimum password length to 16 for the local user.