Can I configure password policy for management users?

Aruba Employee
Aruba Employee

Product and Software: This article applies to Aruba OS 3.4.2 and later.


ArubaOS introduces a new feature that allows you to configure password policy for management users.


By default, the password for a management user has no requirements other than a minimum length of 6 alphanumeric or special characters. This minimum password length limitation is applicable only to newly created management users. The existing users or the upgrade from prior builds are not affected. However, if your company enforces a best practices password policy for management users with root access to network equipment, you may want to configure a password policy that sets requirements for management user passwords.


The new Password Management Policy profile can be configured to do these things:


  • Require a specified number of letters, numbers, and special characters in the password of a management user.
  • Put limits on the number of repeating characters in the password.
  • Set the number of failed management user login attempts that results in the management user being locked out of the network for a period of time.

The following command sets a management password policy that requires the password to have a minimum of nine characters, including one numerical digit and one special character:


aaa password-policy mgmt


password-min-digit 1

password-min-length 9

password-min-special-characters 1


Consider these special characters that are allowed and are not allowed in any management user password.


Allowed Characters

Disallowed Characters

exclamation point: !

Parenthesis: ( )

underscore: _

apostrophe: '

at symbol: @

semicolon: ;

pound sign: #

dash: -

dollar sign: $

equals sign: =

percent sign: %

slash: /

caret: ^

question mark: ?

ampersand: &


star: *


greater and less than symbols: < >


curled braces: { }


straight braces: [ ]


colon: :


period: .


pipe: |


plus sign: +


tilde: ~


comma: ,


accent mark: `



For the "local-userdb-guest", usernames, passwords, and email addresses are defined as "rstring" type. The rstring tag disallows the following characters (; - =). This change was done to avert security vulnerabilities. A double-hyphen (--) marks the start of an SQL comment, which might cause the potential SQL injection problem, and should be disallowed.

Version history
Revision #:
1 of 1
Last update:
‎07-02-2014 04:51 PM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: