User Account and Password Management
5-4 Setting User Accounts and Passwords
– A user account cannot be deleted while it is the emergency access account.
– Only one EA user is supported at a time and one shall always exist.
– EA status can only be removed by replacing it with another account.
– EA user access not made through the console port will be subject to normal password
handling.
–The default admin user will be the default EA user.
– When the password reset button is enabled, it will restore the default admin account as
the EA user.
• The switch is capable of verifying that a specified user is only connected to the product a
configurable number of times (see “set system login simultaneous-logins" on page 5-6). Any
attempt for a specified user to exceed the configured limit results in a trap.
For example, if simultaneous logins is set to 1, a specific user would not be able to Telnet to the
switch, and then simultaneously try to SSH to the switch or access local management via the
console port.
• All settings are persistent and show up as part of the running configuration. Passwords are
not displayed in clear text.
Defaults
The default values for user account and password parameters are listed in the following table by
the security mode of the switch. For information about security modes and profiles, see Chapter 7,
Setting the Security Mode.
Table 5-1 User Account and Password Parameter Defaults by Security Mode
Parameter Normal Mode Default C2 Mode Default
Password history 0 (no history) 8 previous passwords
Password change frequency 0 (no waiting) 1440 minutes (24 hours)
Minimum number of characters in password 8 9
Allow consecutively repeating characters in
password
yes 2 characters
Aging of system passwords disabled 90 days
Password required at time of new user account
creation
no yes
Substring matching at password validation 0 (no checking) 0 (no checking)
New users required to change password at first
log in
no yes
Lockout based on inactivity 0 (no activity checking) 90 days of inactivity
Lockout based on failed login attempts 3 failed attempts 3 failed attempts
Lockout period duration after unsuccessful logins 15 minutes 1 minute
Grace period after password expiration 0 30 days
Grace login limit 0 3
Warning period 20 days 20 days
To Next Page
Loading...
Need help?
General