configure snmpv3 user password-policyNEW!

Description

Configures SNMPv3 password policies for all users.

Syntax Description


authentication	Specifies authentication scheme.
privacy	Specifies privacy.
username-match	Specifies the password matches the user name.
char-repeat	Specifies the password contains the same letter or number twice in a row.
long-sequence	Specifies the password contains a sequence of more than 3 characters in alphabetical, numerical, or kayboard order.
char-validation	Specifies the password doesn't contain one of each of upper case and lower case letters, and numbers and special characters.
permit	Specifies to permit the selected password policy (Default).
deny	Specifies to deny the selected password policy.
history	Specifies to check the passwords against passwords stored in the history, either the number of passwords or duration.
none	Specifies the specific user password policy is not enforced (Default).
`num_passwords`	Specifies the number of history passwords, between 1 and 10, that new password will be checked against. Range 1,10.
duration	Specifies the length of time history will be checked.
`days`	Specifies the password used within the specified number of days can't be reused. Range 1,365.
min-length	Specifies the minimum length of password, between 8 and 48 characters.
`num_characters`	Specifies the minimum length of the password, between 8 and 48 characters. Range 8,48.
none	Specifies none.

Default

N/A.

Usage Guidelines

Use this command to invoke password policies for passwords (AUTH & PRIV) for an SNMPv3 user. Configuring this command invokes the following restrictions:

9 digit length secure:
The password's minimum length can be made to 9 and range becomes [9,48] for SNMP case. The Default range is [8,48].
Numbers, Upper Case (English), Lower Case (English), Special Characters (1 each)
There must be a number in "0 to 9", an upper case in "'a' to 'z'", a lower case in "'A' to 'Z'", and a special character in the group "!@#$%^&*()" with the remaining a possible combination of any characters.
User name and password can't be the same:
A restriction is placed only when the user name and password match exactly. The user name can be a substring of the password or the other way around.
The same letters or numbers can't appear in succession in the passphrase (for example, no '11' or 'aa' in the passphrase):
Special characters can still appear in succession.
Sequential input (logical and keyboard indexed) beyond 3 characters is prohibited:
Any input 1234 or abcd or qwer is prohibited. This prohibits both ascending and descending order and checks upper case input, for example "DCBA" and "rewq" are also not allowed. Mixed case is not considered sequential, for example "Abcd" is allowed.
Any password used within the last 3 months is not allowed:
The code is calendar agnostic. The duration can be set to 90 days for the 3-month period. Days are counted down to the second. 90 days is exactly 7,776,000 seconds.

The maximum number of passwords stored is 25 each (Auth or Priv) per user.

For every modification of passwords (Auth or Priv), the history is only verified for the last 25 passwords

Example

The following example requires SNMPv3 users to use this specified format for all passwords:

# configure snmpv3 user password-policy authentication username-match deny

History

This command was first available in versoin 33.1.1.

Platform Availability

This command is available on all Universal switches supported in this document.