取消
显示结果 
搜索替代 
您的意思是: 
cancel
公告

December 2020

December 2020

328
查看次数
0
有帮助
1
回复
路西菲尔
Beginner

思科防火墙asa5520怎么设置登陆错误锁定?

思科防火墙asa5520,能不能设置管理员用户密码的复杂度,多种字符最小位数,以及用户登录错误几次锁定账户一定时间等等,设备本身有命令支持这些功能吗?
1 条回复1
Rps-Cheers
Rising star

本帖最后由 1540488497lcj 于 2021-3-17 17:43 编辑
请参考Cisco官方文档:https://www.cisco.com/c/en/us/td ... .html#pgfId-1711061


Configuring the Password Policy
After you configure the password policy, when you change a password (either your own or another user’s), the password policy applies to the new password. Any existing passwords are grandfathered in. The new policy applies to changing the password with the username command as well as the change-password command.
PrerequisitesDetailed Steps











CommandPurpose
Step 1
password-policy lifetime days
ciscoasa(config)# password-policy lifetime 180
(Optional) Sets the interval in days after which passwords expire for remote users (SSH, Telnet, HTTP); users at the console port are never locked out due to password expiration. Valid values are between 0 and 65536 days. The default value is 0 days, a value indicating that passwords will never expire.
7 days before the password expires, a warning message appears. After the password expires, system access is denied to remote users. To gain access after expiration, do one of the following:

  • Have another administrator change your password with the username command.
  • Log in to the physical console port to change your password.

Step 2
password-policy minimum-changes value
ciscoasa(config)# password-policy minimum-changes 2
(Optional) Sets the minimum number of characters that you must change between new and old passwords. Valid values are between 0 and 64 characters. The default value is 0.
Character matching is position independent, meaning that new password characters are considered changed only if they do not appear anywhere in the current password.
Step 3
password-policy minimum-length value
ciscoasa(config)# password-policy minimum-length 8
(Optional) Sets the minimum length of passwords. Valid values are between 3 and 64 characters. We recommend a minimum password length of 8 characters.
Step 4
password-policy minimum-uppercase value
ciscoasa(config)# password-policy minimum-uppercase 3
(Optional) Sets the minimum number of upper case characters that passwords must have. Valid values are between 0 and 64 characters. The default value is 0, which means there is no minimum.
Step 5
password-policy minimum-lowercase value
ciscoasa(config)# password-policy minimum-lowercase 6
(Optional) Sets the minimum number of lower case characters that passwords must have. Valid values are between 0 and 64 characters. The default value is 0, which means there is no minimum.
Step 6
password-policy minimum-numeric value ciscoasa(config)# password-policy minimum-numeric 1
(Optional) Sets the minimum number of numeric characters that passwords must have. Valid values are between 0 and 64 characters. The default value is 0, which means there is no minimum.
Step 7
password-policy minimum-special value ciscoasa(config)# password-policy minimum-special 2
(Optional) Sets the minimum number of special characters that passwords must have. Valid values are between 0 and 64 characters. Special characters include the following: !, @, #, $, %, ^, &, *, '(‘ and ‘)’. The default value is 0, which means there is no minimum.
Step 8
password-policy authenticate enable ciscoasa(config)# password-policy authenticate enable
(Optional) Sets whether users must change their password using the change-password command, instead of letting users change their password with the username command. The default setting is disabled: a user can use either method to change their password.
If you enable this feature, if you try to change your password with the username command, the following error message appears:
ERROR: Changing your own password is prohibited
You also cannot delete your own account with the clear configure username command. If you try, the following error message appears:
ERROR: You cannot delete all usernames because you are not allowed to delete yourself

不能显示该小部件。