End User Access Control
Considerations for Configuring End User Accounts
Strong Passwords
© Copyright Lenovo 2016
Enterprise NOS allows an administrator to define end user accounts that permit
end users to perform operation tasks via the switch CLI commands. Once end user
accounts are configured and enabled, the switch requires username/password
authentication.
For example, an administrator can assign a user, who can then log into the switch
and perform operational commands (effective only until the next switch reboot).
Note the following considerations when you configure end user accounts:
A maximum of 20 user IDs are supported on the switch.
ENOS supports end user support for console, Telnet, BBI, and SSHv2 access to
the switch.
If RADIUS authentication is used, the user password on the Radius server will
override the user password on the G8264. Also note that the password change
command only modifies only the user password on the switch and has no effect
on the user password on the Radius server. Radius authentication and user
password cannot be used concurrently to access the switch.
Passwords for end users can be up to 128 characters in length for TACACS,
RADIUS, Telnet, SSH, Console, and Web access.
The administrator can require use of Strong Passwords for users to access the
G8264. Strong Passwords enhance security because they make password guessing
more difficult.
The following rules apply when Strong Passwords are enabled:
Minimum length: 8 characters; maximum length: 64 characters
Must contain at least one uppercase alphabet
Must contain at least one lowercase alphabet
Must contain at least one number
Must contain at least one special character:
Supported special characters: ! " # % & ' ( ) ; < = >> ? [\] * + , ‐ . / : ^ _ { | } ~
Cannot be same as the username
When strong password is enabled, users can still access the switch using the old
password but will be advised to change to a strong password at log‐in.
Strong password requirement can be enabled using the following command:
RS G8264(config)# access user strongpassword enable
Chapter 4: Securing Administration
101