Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11040
Views
0
Helpful
4
Replies

Password policy configuration on cisco routers/switches/asa II

markbowman
Level 1
Level 1

‎01-07-2011 06:41 AM - edited ‎03-06-2019 02:52 PM

Any one know how to configure a password policy on the local username account (ex. 8 characters, with numeric char. in it, etc.)??  I know the above question has already been presented several years ago, but I'm wondering if anyone has any additional information? And I'll add more details on what I'm looking for.   I need to come up with some documentation saying that a cisco router/switch/firewall CAN/CANNOT be setup to require a certain complex password (any password on the device). Or if there is a setting on any of the above devices that I can set to require a password to be at least 8 characters, at least 1 symbol, and at least 1 number, that will work too. And I know about the 'security passwords min-length' command on routers, that is kind of what I'm looking for but it needs to REQUIRE symbols/numbers as well. If anyone has any type documentation/information on this subject matter it would be appreciated.

Labels:
0 Helpful
4 Replies 4

Sebastian Helmer
Level 5
Level 5

‎01-08-2011 03:32 AM

Hi,

I never thing about that or check if that is possible to configure on a switch, but you can use Radius Authentication and use the password policy of your domain users e.g. . could this be a solution for you?

regards Sebastian

(pls. rate if that helps)

0 Helpful

justinmitchell
Level 4
Level 4

‎01-08-2011 03:43 AM

This is not possible directly on the device. If you need this level of password enforcement you will have to use RADIUS or TACACS and enforce the policy on the authentication server. I would avoid any policies that prohibit a password identical one already configured on the device, that will inform users what a device password is if they are lucky enough to guess it.

0 Helpful

Mark Yeates
Level 7
Level 7

‎01-08-2011 08:25 AM

Mark,

The closest password policy enforcement mechanism "built-in" on a router or switch is the use of the security passwords min-length XX command. The only enforcement you can configure is the minimum password length of any account/password on the router. There are no commands that allow you to define what characters the password must contain.

As stated before using RADIUS/TACACS would be the ideal method of enforcing strong passwords as defined by your password policy.

http://www.cisco.com/en/US/docs/ios/12_3t/secur/command/reference/sec_s1gt.html#wp1204059

HTH,

Mark

0 Helpful

markbowman
Level 1
Level 1

‎01-10-2011 04:26 AM

Thanks for the responses. I guess I should have mentioned in the original post that we do use TACACS but this actually for an audit. A government regulatory committee wants documentation on the device itself.

Thanks again.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card