The administrator can access the serial port even if he/she is locked out and
reset the password or clear the config to regain control of the switch. This
ensures that if a hacker tries to log in as admin and causes the account to be
locked out, then the administrator with physical access to the switch can still
log in and reactivate the admin account.
Password Strength is a measure of the effectiveness of a password in resisting
guessing and brute-force attacks. The strength of a password is a function of
length, complexity and randomness. Using strong passwords lowers overall
risk of a security breach. The scope of this feature is to enforce a baseline
Password Strength for all locally administered users.
The feature doesn't affect users with an existing password until their
password ages out. Password Strength is only enforced when a user is
configuring a new password or changing their existing password. The default
action is Disabled in FP and is independent of any platform. The network
operator has to take care that the Password Strength check is Disabled before
downloading scripts containing old users to avoid password configuration
failure for such users.
The Password Strength check won't be applied for already configured user
passwords on reload. It is applied only to passwords that are newly configured
after config restoration. This ensures that config migration doesn't affect the
The operator is able to override the password complexity check even when the
Password Strength feature is enabled. It is possible by explicitly adding the
command while configuring the password as shown in the relevant section of
the CLI specification to avoid the check.
This override functionality is useful in overriding password checks whenever
the operator wants to do so while applying scripts containing weak passwords.
Also the existing users are saved in the running configuration with this
override check command so as to allow the successful creation of these users
during boot-up in spite of the changes in the password strength definitions.
This override check keyword is available only in CLI.
Password Management Commands