Wired Intelligent Edge (Campus Switching and Routing)

 View Only
last person joined: one year ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of HPE Aruba Networking switching devices, and find ways to improve security across your network.
Back to Library

Password Control Configuration - PVOS 

Sep 30, 2020 11:14 AM

Requirement:

Configure Password Control on the PVOS switches. 



Solution:

To configure password control configuration, we need to make sure of the below: 

  •   The switches are on Aruba OS, KA/KB/WB/WC/YA/YB/YC/RA 16.01.xxxx and later.

             Note: This feature does not work on firmware K.16.01.xxxx and later

  • Moreover make sure that the minimum password length is configured equal or more than the sum of password composition.

           Ø If we fail to do that in advance the switch will throw in the following error:
           Ø HP-5412Rzl2 (config) # password configuration-control

           Ø The minimum password length configured is 8 less than the sum of password composition. Operation aborted

 

We can have a look at the default minimum password length and the password composition from the following command:

HP-5412Rzl2#show password configuration-control

 

So we could see that at default, the password composition consists of 2 lowercase, 2 Upper case, 2 special characters and 2 numbers. The minimum password length as a result should be 8, if we add the password composition characters.

Command to increase the minimum password length is:
          5412Rzl2 (config)# password minimum-length 8

Note: The minimum password length is modified. Update the local passwords to comply with the modified password length.


Moreover we also need to make sure that manager credentials should be configured to enable “password configuration – control”

Configuring it without the manager credentials throws in the following error: 
         Command: 5412Rzl2 (config)# password configuration-control

 



Configuration:

Configuring password configuration-control:

After configuring the manager credentials, we can configure the password configuration control on the switch:

Command: 5412Rzl2 (config)# password configuration-control

Note: Configuring this feature will disable the WebUI on the switch and the REST protocol as well.


When password configuration control is setup, we can’t change the manager password before 24 hours because the default minimum wait time in hours before an existing password can be updated is 24 hours.

To change the minimum wait time we can use the following command:

  • HP-5412Rzl2 (config)# password configuration update-interval-time <0-168> in hours

If you want to remove the manager password, we need to disable password configuration control.

NOTE: When Password configuration control is enabled, it is required to enter the minimum characters of 15 for both manager and operator passwords.

This can be changed with the following command:

Refer to the CLI clip above for the command.

Here “admin” is any username.
Note: You can only uses values of 15 and above.



Verification

To confirm that password configuration-control is active we can use the following commands:

Hp-5412Rzl2(config)# show password-configuration

 

 

Statistics
0 Favorited
19 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.