Troubleshooting guide

ManualsBrandsCisco ManualsComputer equipmentWide Area Virtualization Engine 274

251

252

253

254

255

256

257

258

259

260

1-9

Cisco Wide Area Application Services Configuration Guide

OL-26579-01

Chapter 1 Creating and Managing Administrator User Accounts and Groups

Creating and Managing User Accounts

Step 4 In the Maximum login retries field, enter the maximum number of login attempts to be allowed before

the user is locked out. The user remains locked out until cleared by the administrator. To clear a

locked-out account, see the “Unlocking User Accounts” section on page 1-8.

Step 5 Click Submit to save your changes.

To configure password policy from the CLI, use the authentication strict-password-policy global

configuration command.

When the standard password policy is enabled, user passwords must meet the following requirements:

• The password must be 1 to 31 characters long.

• The password can include both uppercase and lowercase letters (A–Z and a–z) and numbers (0–9).

• The password cannot contain the characters ‘ “ | (apostrophe, double quote, or pipe) or any control

characters.

When the strong password policy is enabled, user passwords must meet the following requirements:

• The password must be 8 to 31 characters long.

• The password can include both uppercase and lowercase letters (A–Z and a–z), numbers (0–9), and

special characters including ~`!@#$%^&*()_+-=[]\{};:,</>.

• The password cannot contain the characters ‘ “ | (apostrophe, double quote, or pipe) or any control

characters.

• The password cannot contain all the same characters (for example, 99999).

• The password cannot contain consecutive characters (for example, 12345).

• The password cannot be the same as the username.

• Each new password must be different from the previous 12 passwords. User passwords expire within

90 days.

• The password cannot contain dictionary words.

A user account will be locked out after the configured number of failed login attempts (the default is

three). The user remains locked-out until cleared by the administrator. To clear a locked-out account, see

the “Unlocking User Accounts” section on page 1-8.

Working with Roles

The WAAS Central Manager GUI allows you to create roles for your WAAS system administrators so

that each administrator can focus on configuring and managing a specific WAAS service. For example,

you can set up a role that allows an administrator to create and modify application policies but does not

allow the administrator to make any other changes to the system.

You can think of a role as a set of enabled services. Make sure you have a clear idea of the services that

you want the role to be responsible for because you will select these services when you create the role.

Once you create the role, you can assign the role to existing accounts as described later in this chapter.

A role can give read and write or read-only access to each enabled service.

Each user account or group can be assigned to zero or more roles. Roles are not inherited or embedded.

The WAAS Central Manager provides one predefined role, known as the admin role. The admin role has

access to all services, similar to a CLI user that has privilege level 15. Without the admin role, a user

will not be able to perform all administrative tasks.