We need to be able to stipulate the criteria for what is an acceptable password.
The VG450 runs IOS XE systems support this with the following command:
aaa common-criteria policy PASSWORD_POLICY
min-length 15
max-length 127
numeric-count 1
upper-case 1
lower-case 1
special-case 1
char-changes 8
once we have configured what is required for a valid password we use the following command to generate the user account username XXXX privilege 15 common-criteria-policy PASSWORD_POLICY secret xxxxx
The VG320 runs IOS and does not seem to support this function setting acceptable password criteria is required for STIG compliance.
I did come up with the command "aaa password restriction" which does check some of the boxes by doing the following "Password configured should have characters belonging to at least 3 out of 4 classes of characters (Capital letters, small letters, numbers, special characters)" but really is a ways away still from what the aaa common-criteria policy PASSWORD_POLICY allows.
does anyone know another way to enforce a strict password policy like in IOS-XE?
thank you