The following table lists configurable password policy parameters.
Parameter |
Description |
---|---|
admin-lockout |
Enables lockout for admin role accounts. |
character-restriction lower |
Specifies the minimum number of lowercase alphabetic characters that must occur in the password. The maximum value must be less than or equal to the minimum length value. The default value is zero, which means there is no restriction of lowercase characters. |
character-restriction upper |
Specifies the minimum number of uppercase alphabetic characters that must occur in the password. The maximum value must be less than or equal to the Minimum Length value. The default value is zero, which means there is no restriction of uppercase characters. |
character-restriction numeric |
Specifies the minimum number of numeric characters that must occur in the password. The maximum value must be less than or equal to the Minimum Length value. The default value is zero, which means there is no restriction of numeric characters. |
character-restriction special-char |
Specifies the minimum number of punctuation characters that must occur in the password. All printable, non-alphanumeric punctuation characters except the colon(:), exclamation mark (!), and question mark (?) are allowed. The value must be less than or equal to the Minimum Length value. The default value is zero, which means there is no restriction of punctuation characters. Special characters, such as backslash (\) and question mark (?), are not counted as characters in a password unless the password is specified within quotes. For firmware download passwords, apostrophe (') cannot be used. |
history |
Specifies the number of old passwords against which a newly configured password is checked. The new password is discarded if it matches an old password. Range is from 0 through 10. The default is 0. |
login-notify-duration |
Specifies the duration in hours for which admin is notified of the number of last successful attempts. Use value 0 to disable the notification. Valid values range from is from 0 through 120. The default is 0. |
min-length |
Specifies the minimum length of the password. Passwords must be from 8 through 32 characters in length. The default value is 8. The total of the previous four parameters (lowercase, uppercase, digits, and punctuation) must be less than or equal to the Minimum Length value. |
max-logins |
Specifies the maximum number of log-in sessions allowed per local user. Range is from 0 through 10. The default is 0, representing an infinite number of log-ins. |
max-retry |
Specifies the number of failed password logins permitted before a user is locked out. The lockout threshold can range from 0 through 16. The default value is 0. When a password fails more than one of the strength attributes, an error is reported for only one of the attributes at a time. |
repeat |
Specifies the minimum number of consecutive repetitive characters in a newly configured password. The new password is discarded if it has consecutive repetitive characters (for example, aaa, xxx,1111). Configure 1 for disabling. The default is 1. |
sequence |
Specifies the minimum number of consecutive sequential characters both in forward and reverse direction (for example, abc, cba) in a newly configured password. The new password is discarded if it has consecutive sequential characters (for example, abc, xyz, fedc). Configure 1 for disabling. The default is 1. |
Note
Passwords have a maximum of 40 characters.