186 Configuring Authentication, Authorization, and Accounting
•The
username guest password password
command creates a
user with the name “guest” and password “password”. A simple password
can be configured here, since strength-checking has not yet been enabled.
•The
passwords strength minimum numeric-characters 2
command sets the minimum number of numeric characters required when
password strength checking is enabled. This parameter is enabled only if
the
passwords strength minimum character-classes
parameter is set to something greater than its default value of 0.
•The
passwords strength minimum character-classes 4
command sets the minimum number of character classes that must be
present in the password. The possible character classes are: upper-case,
lower-case, numeric and special.
•The
passwords strength-check
command enables password
strength checking.
•The
username admin password paSS1&word2 privilege
15
command creates a user with the name “admin” and password
“paSS1&word2”. This user is enabled for privilege level 15. Note that,
because password strength checking was enabled, the password was
required to have at least two numeric characters, one uppercase character,
one lowercase character, and one special character.
•The
passwords lock-out 3
command locks out a local user after
three failed login attempts.
This configuration allows either user to log into the switch. Both users will
have privilege level 1. Neither user will be able to successfully execute the
enable command, which grants access to Privileged EXEC mode, because
there is no enable password set by default (the default method list for telnet
enable authentication is only the “enable” method).
TACACS+ Authentication Example
Use the following configuration to require TACACS+ authentication when
logging in over a telnet connection:
aaa authentication login “tacplus” tacacs
NOTE: It is recommend that the password strength checking and password
lockout features be enabled when using local users.
To Next Page
Loading...
