Wired Networks

How to configure Management Password and its policy in Mobility Access Switch

Environment :

 

By default, the password for a new management user has no requirements other than a minimum length of 6 alphanumeric or special characters. However, if your company enforces a best practices password policy for management users with root access to network equipment, you may want to configure a password policy that sets requirements for management user passwords.

 

 

Defining a Management Password Policy:
 

 

To define specific management password policy settings through the CLI, complete the following steps:

Describes the characters allowed in a management user password. The disallowed characters cannot be used by any management user password, even if the password policy is disabled.

 

Allowed Characters Disallowed Characters:
 

 

exclamation point: !
Parenthesis: ( )

 

underscore: _
apostrophe: '

 

at symbol: @
semi-colon: ;

 

pound sign: #
dash: -

 

dollar sign: $

 

equals sign: =

 

percent sign: %
slash: /

 

caret: ^
question mark: ?

 

ampersand: &

 

star: *

 

greater and less than symbols:

 

< >

 

curled braces: { }

 

straight braces: [ ]

 

colon :

 

period: .

 

pipe: |

 

plus sign: +

 

tilde: ~

 

comma: ,

 

accent mark: `

 

 
In the CLI:
 
aaa password-policy mgmt
enable
no
password-lock-out
password-lock-out-time
password-max-character-repeat.
password-min-digit
password-min-length
password-min-lowercase-characters
password-min-special-character
password-min-uppercase-characters
password-not-username

 

Bypassing the Enable Password Prompt:
 

 

The bypass enable feature lets you bypass the enable password prompt and go directly to the privileged commands (config mode) after logging on to the Mobility Access Switch. This is useful if you want to avoid changing the enable password due to company policy.
 

 

Use the enable bypass CLI command to bypass the enable prompt an go directly to the privileged commands (config mode). Use the no enable bypass CLI command to restore the enable password prompt.

Resetting the Admin or Enable Password:
 
This section describes how to reset the password for the default administrator user account (admin) on the Mobility Access Switch. The default password is admin123.
Use this procedure if the administrator user account password is lost or forgotten.
 
1. Connect a local console to the serial port on the Mobility Access Switch.
2. From the console, login in the Mobility Access Switch using the username password and the password forgetme!.
3. Enter enable mode by typing in enable, followed by the password enable.
4. Enter configuration mode by typing in configure terminal.
5. To configure the administrator user account, enter mgmt-user admin root. Enter a new password for this account. Retype the same password to confirm.
6. Exit from the configuration mode, enable mode, and user mode.
 
This procedure also resets the enable mode password to enable. If you have defined a management user password policy, make sure that the new password conforms to this policy.
 
enable: Enable the password management policy
 
password-lock-out: Command provides the ability to reduce the number of passwords that can be guessed in a short period of time. It automatically clears the lockout after the configured "lock-out" minutes. Range: 0-10 attempts. By default, the password lockout feature is disabled, and the default value of this parameter is 0 attempts.
 
password-lock-out-time: Command configures the number of minutes a user is locked out. The lockout is cleared without administrator intervention. Range: 1 min to 1440 min (24 hrs). Default: 3.
 
password-max-character-repeat: Configures the maximum number of consecutive repeating characters allowed in a management user password. Range: 0-10 characters. By default, there is no limitation on the numbers of character that can repeat within a password.
 
password-min-digit: The minimum number of numeric digits required in a management user password. Range: 0-10 digits. By default, there is no requirement for numerical digits in a password, and the parameter has a default value of 0.
 
password-min-length: The minimum number of characters required for a management user password Range: 6-64 characters. Default: 6.
 
password-min-lowercase-characters: The minimum number of lowercase characters required in a management user password. Range: 0-10 characters. By default, there is no requirement for lowercase letters in a password, and the parameter has a default value of 0.
 
password-min-special-character: The minimum number of special characters required in a management user password. ArubaOSRange: 0-10 characters. By default, there is no requirement for special characters in a password, and the parameter has a default value of 0. SeeUsage Guidelines for a list of allowed and disallowed special characters.
 
password-min-uppercase-characters: The minimum number of uppercase characters required in a management user password. Range: 0-10 characters. By default, there is no requirement for uppercase letters in a password, and the parameter has a default value of 0.
 
password-not-username: Password cannot be the management users’ current username or the username spelled backwards.
 
(ArubaS1500-24P) #show aaa password-policy mgmt
 
Mgmt Password Policy
--------------------
Parameter                                                                                                 Value
---------                                                                                                 -----
Enable password policy                                                                                    No
Minimum password length required                                                                          6 characters
Minimum number of Upper Case characters                                                                   0 characters
Minimum number of Lower Case characters                                                                   0 characters
Minimum number of Digits                                                                                  0 digits
Minimum number of Special characters (!, @, #, $, %, ^, &, *, <, >, {, }, [, ], :, ., comma, |, +, ~, `)  0 characters
Username or Reverse of username NOT in Password                                                           No
Maximum Number of failed attempts in 3 minute window to lockout user                                      0 attempts
Time duration to lockout the user upon crossing the "lock-out" threshold                                  3 minutes
Maximum consecutive character repeats                                                                     0 characters

Resetting the Password:

(host)
User: password
Password: forgetme!
(host) >enable
Password: enable
(host) #configure terminal
Enter Configuration commands, one per line. End with CNTL/Z
(host) (config) #mgmt-user admin root
Password: ******
Re-Type password: ******
(host) (config) #exit
(host) #exit
(host) >exit

After you reset the administrator user account and password, you can login to the Mobility Access Switch and reconfigure the enable mode password. To do this, enter configuration mode and type the enable secret command. You are prompted to enter a new password and retype it to confirm. Save the configuration by entering write memory.

Reconfigure the enable mode password

User: admin
Password: ******
(host) >enable
Password: ******
(host) #configure terminal
Enter Configuration commands, one per line. End with CNTL/Z
(host) (config) #enable secret
Password: ******
Re-Type password: ******
(host) (config) #write memory
 
 

 

 

 

Version history
Revision #:
1 of 1
Last update:
‎11-04-2014 03:24 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.