End User Access Control
Considerations for Configuring End User Accounts
Strong Passwords
94
NE2552E Application Guide for ENOS 8.4
Lenovo ENOS allows an administrator to define end user accounts that permit end
users to perform operation tasks via the switch CLI commands. Once end user
accounts are configured and enabled, the switch requires username/password
authentication.
For example, an administrator can assign a user, who can then log into the switch
and perform operational commands (effective only until the next switch reboot).
A maximum of 20 user IDs are supported on the switch.
Lenovo ENOS supports end user support for Console, Telnet, BBI, and
SSHv1/v2 access to the switch.
If RADIUS authentication is used, the user password on the Radius server will
override the user password on the NE2552E. Also note that the password
change command modifies only the user switch password on the switch and has
no effect on the user password on the Radius server. Radius authentication and
user password cannot be used concurrently to access the switch.
Passwords can be up to 64 characters in length for Telnet, SSH, Console, and
Web access.
The administrator can require use of Strong Passwords for users to access the
NE2552E. Strong Passwords enhance security because they make password
guessing more difficult.
The following rules apply when Strong Passwords are enabled:
Minimum length: 8 characters; maximum length: 64 characters
Must contain at least one uppercase alphabet
Must contain at least one lowercase alphabet
Must contain at least one number
Must contain at least one special character:
Supported special characters: ! " # % & ' ( ) ; < = >> ? [\] * + , ‐ . / : ^ _ { | } ~
Cannot be same as the username
When strong password is enabled, users can still access the switch using the old
password but will be advised to change to a strong password while attempting to
log in.
The strong password requirement can be enabled using the following command:
NE2552E(config)# access user strong-password enable