Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
280
Views
0
Helpful
7
Replies

Configure password policy and secret type 9

Sudqi
Level 1
Level 1

‎05-14-2024 06:11 AM

we configure a password policy, but we can't link it to the local user with a secret, if we need to link it with a local user, we should use password instead of a secret, 

any help here

Thanks

Labels:
0 Helpful
7 Replies 7

Richard Pidcock
Level 1
Level 1

‎05-14-2024 06:15 AM

Not sure I understand what you are trying to accomplish, can you elaborate?

 

Richard W. Pidcock
0 Helpful

Sudqi
Level 1
Level 1
In response to Richard Pidcock

‎05-14-2024 06:23 AM

Hi Richard,

I configure the password policy as below:

aaa common-criteria policy policy1
min-length 8
numeric-count 1
upper-case 1
lower-case 1
special-case 1

 

when I tried to link it to a local user, just I allowed to use password not a secret as below

#username admin privilege 15 common-criteria-policy policy1 ?
password Specify the password for the user
<cr>

when I use a secret as below, it is allowed but without the password policy

 

username admin privilege 15 secret 9 <the secret>

 

 

0 Helpful

Richard Pidcock
Level 1
Level 1
In response to Sudqi

‎05-14-2024 07:17 AM

What version of code is running on the switch you are configuring.  I checked a 2960L in my environment that is running 15.2.7(E4) and it appears that secret is an available option.  What are the details of the switch you are working on?

Richard W. Pidcock
0 Helpful

Sudqi
Level 1
Level 1
In response to Richard Pidcock

‎05-14-2024 07:36 AM

Hi Richard

WS-C2960+48PST-S

15.2(7)E

0 Helpful

Richard Pidcock
Level 1
Level 1
In response to Sudqi

‎05-14-2024 07:51 AM

I just tested this on a WS-C2960X-48LPS-L running 15.2(7)E6.  I was able to do this.

!
aaa common-criteria policy Test1
min-length 8
max-length 10
numeric-count 1
special-case 1
char-changes 4
!

username test1 common-criteria-policy Test1 secret 9 $9$L2AJ.x/8PNN5gt$.aAJmUYGIVHbG5J7Lb.jxKolAX6i1lt37Xjp2FISnw6

 

 

Richard W. Pidcock
0 Helpful

MHM Cisco World
VIP
VIP
In response to Sudqi

‎05-14-2024 07:20 AM - edited ‎05-14-2024 07:21 AM

Let me check my notes

MHM

0 Helpful

MHM Cisco World
VIP
VIP

‎05-14-2024 07:40 AM

Check this 

From cisco doc.

  • For local users, password common criteria full evaluation is applicable only to the username username common-criteria-policy policy-name password cleartext-password command.

  • For local users that have been defined using the username username common-criteria-policy policy-name secret 5|8|9 <HASH> commands, they are not evaluated against the password common criteria. Only the common criteria lifetime is applied to the username.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card