Configuring the Pre-notification and Post-notification Rule

Use the following procedure to configure the pre-notification and post-notification rule.

After enhanced secure mode is enabled, the switch enforces password expiry. To ensure a user does not lose access, the switch offers pre- and post-notification messages explaining when the password will expire.

The administrator can define pre- and post-notification intervals to between one to 99 days.

Before you begin

  • You must enable enhanced secure mode in either the JITC or non-JITC sub-modes. As a best practice, use the non-JITC sub-mode because the JITC sub-mode is more restrictive and prevents the use of some troubleshooting utilities.

About this task

The pre-notification intervals provide messages to warn users that their passwords will expire within a particular timeframe:

The post-notification intervals provide notification to users that their passwords have expired within a particular timeframe:

  • interval 1—By default, interval 1 is 1 day.

  • interval 2—By default, interval 2 is 7 days.

  • interval 3—By default, interval 3 is 30 days.

Procedure

  1. Enter Global Configuration mode:

    enable

    configure terminal

  2. Configure the pre-notification rule option:

    password pre-expiry-notification-interval <1–99> <1–99> <1–99>

  3. Configure post-notification rule option:

    password post-expiry-notification-interval <1–99> <1–99> <1–99>

  4. Configure the pre-notification rule to the default:

    default password pre-expiry-notification-interval

  5. Configure the post-notification rule to the default:

    default password post-expiry-notification-interval

  6. Save the configuration:

    save config

    Note

    Note

    The save config command saves the configuration file with the filename configured as the primary configuration filename in boot config. Use the command show boot config choice to view the current primary and backup configuration filenames.

Example

Configure the pre- and post-notification rules to the default:

Switch:1>enable
Switch:1#configure terminal
Switch:1(config)#default password pre-expiry-notification-interval 
Switch:1(config)#default password post-expiry-notification-interval
Switch:1(config)#save config

Variable definitions

Use the data in the following table to use the pre-expiry-notification-interval command.

Variable

Value

<1–99> <1–99> <1–99>

Configure the pre-notification intervals to provide messages to warn the users that their passwords will expire within a particular timeframe.

The first <1–99> variable specifies the first notification, the second <1–99> specifies the second notification, and the third <1–99> variable specifies the third interval.

By default, the first interval is 30 days, the second interval is 7 days, and the third interval is 1 day.

Use the data in the following table to use the post-expiry-notification-interval command.

Variable

Value

<1–99> <1–99> <1–99>

Configure the post-notification intervals to provide notification to the users that their passwords have expired within a particular timeframe.

The first <1–99> variable specifies the first notification, the second <1–99> specifies the second notification, and the third <1–99> variable specifies the third interval.

By default, the first interval is 1 day, the second interval is 7 days, and the third interval is 30 days.