Configuration Procedure - HPE FlexNetwork 7500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 7500 Series:
- Security configuration manual (597 pages) ,
- Command reference manual (474 pages) ,
- Network management and monitoring command reference (430 pages)
Table of Contents
Advertisement
•
An FTP or VTY user failing to provide the correct password in two successive login attempts is
permanently prohibited from logging in.
•
A user can log in five times within 60 days after the password expires.
•
A password expires after 30 days.
•
The minimum password update interval is 36 hours.
•
The maximum account idle time is 30 days.
•
A password cannot contain the username or the reverse of the username.
•
No character appears consecutively three or more times in a password.
Configure a super password control policy for user role network-operator to meet the following
requirements:
•
A super password must contain a minimum of 24 characters.
•
A super password must contain a minimum of four character types and a minimum of five
characters for each type.
Configure a password control policy for the local Telnet user test to meet the following requirements:
•
The password must contain a minimum of 24 characters.
•
The password must contain a minimum of four character types and a minimum of five
characters for each type.
•
The password for the local user expires after 20 days.
Configuration procedure
# Enable the password control feature globally.
<Sysname> system-view
[Sysname] password-control enable
# Disable a user account permanently if a user fails two consecutive login attempts on the user
account.
[Sysname] password-control login-attempt 2 exceed lock
# Set all passwords to expire after 30 days.
[Sysname] password-control aging 30
# Globally set the minimum password length to 16 characters.
[Sysname] password-control length 16
# Set the minimum password update interval to 36 hours.
[Sysname] password-control update-interval 36
# Specify that a user can log in five times within 60 days after the password expires.
[Sysname] password-control expired-user-login delay 60 times 5
# Set the maximum account idle time to 30 days.
[Sysname] password-control login idle-time 30
# Refuse any password that contains the username or the reverse of the username.
[Sysname] password-control complexity user-name check
# Specify that no character can be included three or more times consecutively in a password.
[Sysname] password-control complexity same-character check
# Globally specify that all passwords must each contain a minimum of four character types and a
minimum of four characters for each type.
[Sysname] password-control composition type-number 4 type-length 4
# Set the minimum super password length to 24 characters.
220
Advertisement
Table of Contents
Troubleshooting
