Version 33.1.1 supports the Korean Common Criteria (Korean CC) security profile. You can use the following commands to configure the profile and password rules for Korean CC and Korean Common Criteria for SNMPv3 (Korean CCv3) users.
To configure the security profile on the system, use the following command:
configure security profile [korean-cc]
# configure security profile korean-cc
Security profile will be enabled only after rebooting the switch.
To remove this security profile, use:
unconfigure switch erase [all | nvram]
Attempting to configure the security profile after already enabling it will result in the following output:
# configure security profile korean-cc Security profile is already enabled.
If the Korean CC security profile is been enabled but the system hasn't been restarted, you will receive the following output from the show security profile command:
# show security profile Security profile (current) : Off Security profile (configured) : Korean Common Criteria
Once restarted, you will receive the following output:
# show security profile Security profile (current) : Korean Common Criteria Security profile (configured) : Korean Common Criteria
Use the following commands to configure different password rules:
configure account [all | name] password-policy char-repeat [permit | deny]
configure account [all | name] password-policy history [num_passwords | duration days | none]
configure account [all | name] password-policy long-sequence [permit | deny]
configure account [all | name] password-policy username-match [permit | deny]
configure snmpv3 user password-policy [authentication | privacy] [[username-match | char-repeat | long-sequence | char-validation][permit | deny] | history [num_passwords | duration days | none] | min-length [num_characters | none]]
You can use the following command to display security profile configuration and password rules configuration for Korean CC and KCCv3, respectively:
show accounts password-policy
show snmpv3 user password-policy