Enhancements to username and password – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual
Page 36
If you configure local user accounts, you also need to configure an authentication-method list for
Telnet access and SNMP access. Refer to
For each local user account, you specify a user name. You also can specify the following parameters:
• A password
NOTE
If you use AAA authentication for SNMP access and set the password same as the username,
providing the password during authentication is optional. You can provide just the correct username
for successful authentication.
• A management privilege level, which can be one of the following:
‐
Super User level (default) - Allows complete read-and-write access to the system. This is
generally for system administrators and is the only privilege level that allows you to
configure passwords.
‐
Port Configuration level - Allows read-and-write access for specific ports but not for global
parameters.
‐
Read Only level - Allows access to the Privileged EXEC mode and User EXEC mode with
read access only.
• You can set additional username and password rules. Refer to
Enhancements to username and password
This section describes the enhancements to the username and password features introduced in earlier
releases.
The following rules are enabled by default:
• Users are required to accept the message of the day.
• Users are locked out (disabled) if they fail to login after three attempts. This feature is automatically
enabled. Use the disable-on-login-failure command to change the number of login attempts (up to
10) before users are locked out.
The following rules are disabled by default:
• Enhanced user password combination requirements
• User password masking
• Quarterly updates of user passwords
• You can configure the system to store up to 15 previously configured passwords for each user.
• You can use the disable-on-login-failure command to change the number of login attempts (up to
10) before users are locked out.
• A password can now be set to expire.
Enabling enhanced user password combination requirements
When strict password enforcement is enabled on the Brocade device, you must enter a minimum of
eight characters containing the following combinations when you create an enable and a user
password:
• At least two upper case characters
• At least two lower case characters
• At least two numeric characters
• At least two special characters
Enhancements to username and password
36
FastIron Ethernet Switch Security Configuration Guide
53-1003088-03