Reference Guide
login authentication — configures an authentication method to log in to the
switch.
service password-encryption — encrypts all passwords configured in the system.
radius-server key — configures a key for all RADIUS communications between the
switch and the RADIUS host server.
tacacs-server key — configures a key for communication between a TACACS+
server and client.
username — establishes an authentication system based on user names.
password-attributes
Configure the password attributes (strong password).
C9000 Series
Syntax
password-attributes [min-length number] [max-retry number]
[lockout-period minutes][character-restriction [upper number]
[lower number] [numeric number] [special-char number]]
To return to the default, use the no password-attributes [min-length
number] [max-retry number] [lockout-period minutes] [character-
restriction [upper number] [lower number] [numeric number]
[special-char number]] command.
Parameters
min-length
number
(OPTIONAL) Enter the keywords min-length then the
number of characters. The range is from 0 to 32 characters.
max-retry number (OPTIONAL) Enter the keywords max-retry then the
number of maximum password retries. The range is from 0
to 16.
lockout-period
minutes
(OPTIONAL) Enter the keyword lockout-period then the
number of minutes. The range is from 1 to 1440 minutes.
The default is
0 minutes and the lockout-period is not
enabled. This parameter enhances the security of the switch
by locking out sessions on the Telnet or SSH sessions for
which there has been a consecutive failed login attempts.
The console is not locked out.
character-
restriction
(OPTIONAL) Enter the keywords character-restriction
to indicate a character restriction for the password.
upper number (OPTIONAL) Enter the keyword upper then the upper
number. The range is from 0 to 31.
lower number (OPTIONAL) Enter the keyword lower then the lower
number. The range is from 0 to 31.
1822
Security