Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
688
Views
0
Helpful
2
Replies

ASR901 local password policy?

K-Grev
Level 1
Level 1

‎01-07-2021 10:53 AM

Hi,

Im trying to configure a local password policy to fullfill a stig check but im unsure how to do it on an ASR.

On switches I have it normally goes like this:

  1. enable
  2. configure terminal
  3. aaa new-model
  4. aaa common-criteria policy policy-name
  5. char-changes number
  6. max-length number
  7. min-length number
  8. numeric-count number
  9. special-case number
  10. exit
  11. username username common-criteria-policy policy-name password password
  12. end

But this isnt a supported method on an ASR. The googles isnt really halping me out on this one. Does nayone know how to do this?

 

Thanks for any help.

Labels:
0 Helpful
2 Replies 2

TJ-20933766
Spotlight
Spotlight

‎01-07-2021 01:46 PM

According to https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k-r6-2/system-security/configuration/guide/b-system-security-cg-asr9000-62x/b-system-security-cg-asr9000-62x_chapter_010.html#concept_js2_ll3_jmb, it looks like the commands are:

aaa password-policy STIG-POLICY
 min-length 12
 max-length 40
 lifetime months 3
 min-char-change 4
 authen-max-attempts 5
 lockout-time days 1
 commit

Let me know if that worked since I don't have an ASR to verify these commands

0 Helpful

K-Grev
Level 1
Level 1
In response to TJ-20933766

‎01-19-2021 06:33 AM

Sorry I'm getting back to this late. But my ASR only has the command "aaa password restriction"

 

Thanks for your time.

0 Helpful
Customers Also Viewed These Support Documents