Upcoming community maintenance Oct. 27th through Oct. 29th
For more info click here

Password Control Configuration - PVOS

MVP
MVP
Requirement:

Configure Password Control on the PVOS switches. 



Solution:

To configure password control configuration, we need to make sure of the below: 

  •   The switches are on Aruba OS, KA/KB/WB/WC/YA/YB/YC/RA 16.01.xxxx and later.

             Note: This feature does not work on firmware K.16.01.xxxx and later

  • Moreover make sure that the minimum password length is configured equal or more than the sum of password composition.

           Ø If we fail to do that in advance the switch will throw in the following error:
           Ø HP-5412Rzl2 (config) # password configuration-control

           Ø The minimum password length configured is 8 less than the sum of password composition. Operation aborted

 

We can have a look at the default minimum password length and the password composition from the following command:

HP-5412Rzl2#show password configuration-control

 

So we could see that at default, the password composition consists of 2 lowercase, 2 Upper case, 2 special characters and 2 numbers. The minimum password length as a result should be 8, if we add the password composition characters.

Command to increase the minimum password length is:
          5412Rzl2 (config)# password minimum-length 8

Note: The minimum password length is modified. Update the local passwords to comply with the modified password length.


Moreover we also need to make sure that manager credentials should be configured to enable “password configuration – control”

Configuring it without the manager credentials throws in the following error: 
         Command: 5412Rzl2 (config)# password configuration-control

 



Configuration:

Configuring password configuration-control:

After configuring the manager credentials, we can configure the password configuration control on the switch:

Command: 5412Rzl2 (config)# password configuration-control

Note: Configuring this feature will disable the WebUI on the switch and the REST protocol as well.


When password configuration control is setup, we can’t change the manager password before 24 hours because the default minimum wait time in hours before an existing password can be updated is 24 hours.

To change the minimum wait time we can use the following command:

  • HP-5412Rzl2 (config)# password configuration update-interval-time <0-168> in hours

If you want to remove the manager password, we need to disable password configuration control.

NOTE: When Password configuration control is enabled, it is required to enter the minimum characters of 15 for both manager and operator passwords.

This can be changed with the following command:

Refer to the CLI clip above for the command.

Here “admin” is any username.
Note: You can only uses values of 15 and above.



Verification

To confirm that password configuration-control is active we can use the following commands:

Hp-5412Rzl2(config)# show password-configuration

 

 

Version history
Revision #:
1 of 1
Last update:
4 weeks ago
Updated by:
 
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: