Re: Account inactivity Nexus9000 9.3(8)

adir868 · ‎12-25-2022

Hi

I want to verify if it's possible to configure user locking after account inactivity

for example:

if the user doesn't log between 90 days, the account will be locked

Nexus 9000, version - 9.3(8)

marce1000 · ‎12-25-2022

- Are you referring to 'user ports' or administrative access ?

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

balaji.bandi · ‎12-25-2022

where is the source of authentication taking place ?

Local account or external source,

Local account :

You can configure up to a maximum of 256 user accounts. By default, the user account does not expire unless you explicitly configure it to expire. The expiration option determines the date when the user account is disabled.

Other sources Like TACACS / Radius / LDAP - need to look based on the solution document and policy of expiration if in active.

you can do in ISE local account not to the disable, same case with AD/LDAP.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

adir868 · ‎12-25-2022

I meant to local accounts, there is any option to configure lock to local account after 90 days inactivity? it means 90 days without login

balaji.bandi · ‎12-25-2022

i do not believe on box you have this option - only option you have here

expire Expiry date for this user account(in YYYY-MM-DD format)

if you have any syslog or accounting option in place, you can make script out of box to trigger if the user activity not seen in 90 days and deactivate the account.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help