Configuring the maximum age rule

Use the following procedure to configure the maximum age rule.

If enhanced secure mode is enabled, the individual with the administrator access level role can configure the aging-time for each user. If you configure the aging time for each user, the aging time must be more than the global change interval value. The default is 90 days.

If you do not enable enhanced secure mode, the aging time is a global value for all users.

Before you begin

  • You must enable enhanced secure mode in either the JITC or non-JITC sub-modes. As a best practice, use the non-JITC sub-mode because the JITC sub-mode is more restrictive and prevents the use of some troubleshooting utilities.

Procedure

  1. Enter Global Configuration mode:

    enable

    configure terminal

  2. Configure the maximum age rule option:

    password aging-time day <1–365> [user WORD<1–255>]

  3. Optional: Configure the maximum age rule to the default:

    default password aging-time [user WORD<1–255>]

  4. Save the configuration:

    save config

    Note

    Note

    The save config command saves the configuration file with the filename configured as the primary configuration filename in boot config. Use the command show boot config choice to view the current primary and backup configuration filenames.

Example

Configure the maximum age rule option to 100 days for user jsmith:

Switch:1>enable
Switch:1#configure terminal
Switch:1(config)#password aging-time day 100 user jsmith
Switch:1(config)#save config

Variable definitions

Use the data in the following table to use the password aging-time command.

Variable

Value

day <1–365>

Configures the password aging time in days. The default is 90 days.

user WORD<1–255>

Specifies a particular user.