Configure the Pre-Notification and Post-Notification Rule

Use the following procedure to configure the pre-notification and post-notification rule.

After enhanced secure mode is enabled, the switch enforces password expiry. To ensure a user does not lose access, the switch offers pre- and post-notification messages explaining when the password will expire.

The administrator can define pre- and post-notification intervals to between one to 99 days.

Before you begin

  • You must enable enhanced secure mode in either the JITC or non-JITC sub-modes. As a best practice, use the non-JITC sub-mode because the JITC sub-mode is more restrictive and prevents the use of some troubleshooting utilities.

About this task

The pre-notification intervals provide messages to warn users that their passwords will expire within a particular time frame:

The post-notification intervals provide notification to users that their passwords have expired within a particular time frame:

  • interval 1—By default, interval 1 is 1 day.

  • interval 2—By default, interval 2 is 7 days.

  • interval 3—By default, interval 3 is 30 days.

Procedure

  1. Enter Global Configuration mode:

    enable

    configure terminal

  2. Configure the pre-notification rule option:

    password pre-expiry-notification-interval <1–99> <1–99> <1–99>

  3. Configure post-notification rule option:

    password post-expiry-notification-interval <1–99> <1–99> <1–99>

  4. Save the configuration:

    save config

    Note

    Note

    This command saves the configuration using the file name configured as the primary configuration. Use the command show boot config choice to view the current primary and backup configuration file names.

Variable definitions

Use the data in the following table to use the pre-expiry-notification-interval command.

Variable

Value

<1–99> <1–99> <1–99>

Configure the pre-notification intervals to provide messages to warn the users that their passwords will expire within a particular timeframe.

The first <1–99> variable specifies the first notification, the second <1–99> specifies the second notification, and the third <1–99> variable specifies the third interval.

By default, the first interval is 30 days, the second interval is 7 days, and the third interval is 1 day.

Use the data in the following table to use the post-expiry-notification-interval command.

Variable

Value

<1–99> <1–99> <1–99>

Configure the post-notification intervals to provide notification to the users that their passwords have expired within a particular timeframe.

The first <1–99> variable specifies the first notification, the second <1–99> specifies the second notification, and the third <1–99> variable specifies the third interval.

By default, the first interval is 1 day, the second interval is 7 days, and the third interval is 30 days.