05-14-2024 06:11 AM
we configure a password policy, but we can't link it to the local user with a secret, if we need to link it with a local user, we should use password instead of a secret,
any help here
Thanks
05-14-2024 06:15 AM
Not sure I understand what you are trying to accomplish, can you elaborate?
05-14-2024 06:23 AM
Hi Richard,
I configure the password policy as below:
aaa common-criteria policy policy1
min-length 8
numeric-count 1
upper-case 1
lower-case 1
special-case 1
when I tried to link it to a local user, just I allowed to use password not a secret as below
#username admin privilege 15 common-criteria-policy policy1 ?
password Specify the password for the user
<cr>
when I use a secret as below, it is allowed but without the password policy
username admin privilege 15 secret 9 <the secret>
05-14-2024 07:17 AM
What version of code is running on the switch you are configuring. I checked a 2960L in my environment that is running 15.2.7(E4) and it appears that secret is an available option. What are the details of the switch you are working on?
05-14-2024 07:36 AM
Hi Richard
WS-C2960+48PST-S
15.2(7)E
05-14-2024 07:51 AM
I just tested this on a WS-C2960X-48LPS-L running 15.2(7)E6. I was able to do this.
!
aaa common-criteria policy Test1
min-length 8
max-length 10
numeric-count 1
special-case 1
char-changes 4
!
username test1 common-criteria-policy Test1 secret 9 $9$L2AJ.x/8PNN5gt$.aAJmUYGIVHbG5J7Lb.jxKolAX6i1lt37Xjp2FISnw6
05-14-2024 07:20 AM - edited 05-14-2024 07:21 AM
Let me check my notes
MHM
05-14-2024 07:40 AM
Check this
From cisco doc.
For local users, password common criteria full evaluation is applicable only to the username username common-criteria-policy policy-name password cleartext-password command.
For local users that have been defined using the username username common-criteria-policy policy-name secret 5|8|9 <HASH> commands, they are not evaluated against the password common criteria. Only the common criteria lifetime is applied to the username.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide