H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 264

250
You can allow a user to log in a certain number of times within a specified period of time after the
password expires, so that the user does not need to change the password immediately. For
example, if you set the maximum number of logins with an expired password to three and the time
period to 15 days, a user can log in three times within 15 days after the password expires.
•
Password history
With this feature enabled, the system maintains certain entries of passwords that a user has used.
When a user changes the password, the system checks the new password against the used ones
to see whether it was used before and, if so, displays an error message.
You can set the maximum number of history password records for the system to maintain for each
user. When the number of history password records exceeds your setting, the latest record will
overwrite the earliest one.
•
Login attempt limit
Limiting the number of consecutive failed login attempts can effectively prevent password
guessing.
If an FTP or virtual terminal line (VTY) user fails authentication due to a password error, the system
adds the user to a blacklist. If a user fails to provide the correct password after the specified
number of consecutive attempts, the system takes one of the following actions:
{
Prohibiting the user from logging in until the user is removed from the blacklist manually.
{
Allowing the user to try continuously and removing the user from the blacklist when the user
logs in to the system successfully or the blacklist entry times out (the blacklist entry aging time
is one minute).
{
Prohibiting the user from logging in within a configurable period of time, and allowing the user
to log in again after the period of time elapses or the user is removed from the blacklist.
A blacklist can contain up to 1024 entries.
A login attempt using a wrong username will undoubtedly fail but the username will not be added
into the blacklist.
Web users failing login authentication are not blacklisted. Users accessing the system through the
Console or AUX interface are not blacklisted either, because the system is unable to obtain the IP
addresses of these users and these users are privileged and therefore relatively secure to the
system.
•
Password composition checking
A password can be a combination of characters from the following four categories:
{
Uppercase letters A to Z
{
Lowercase letters a to z
{
Digits 0 to 9
{
32 special characters including blank space and tilde (~), back quote (`), exclamation point (!),
at sign (@), pound sign (#), dollar sign ($), percent sign (%), caret (^), ampersand sign (&),
asterisk (*), left parenthesis ("("), right parenthesis (")"), underscore (_), plus sign (+), minus
sign (-), equal sign (=), left brace ({), right brace (}), vertical bar (|), left bracket ([), right bracket
(]), back slash (\), colon (:), quotation marks ("), semi-colon (;), apostrophe ('), left angle
bracket (<), right angle bracket (>), comma (,), dot (.), and slash (/)
Depending on the system security requirements, you can set the minimum number of categories a
password must contain and the minimum number of characters of each category.
- H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C LSWM1WCM10 Access Controller Module H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C WA3600 Series Access Points H3C WA2600 Series WLAN Access Points H3C S10500 Series Switches H3C S5800 Series Switches H3C S5820X Series Switches H3C S12500 Series Switches H3C S9500E Series Switches H3C MSR 5600 H3C MSR 50 H3C MSR 3600 H3C MSR 30 H3C MSR 2600 H3C MSR 20-2X[40] H3C MSR 20-1X H3C MSR 930 H3C MSR 900 H3C SR8800 H3C SR6600-X H3C SR6600 H3C SecPath F5020 H3C SecPath F5040 H3C VMSG VFW1000