Manualshelf

Operation Manual

ManualsBrandsTrapeze smart mobile ManualsSoftwareMobility System Software 7.3
171172173174175176177178179180
AAA Commands
AAA Commands
9 – 173
Defaults
By default the password restrictions are disabled.
Access
Enabled.
History
Introduced in MSS 6.0.
Usage
When this command is enabled, the following password restrictions take effect:
Passwords must be a minimum of 10 characters in length, and a mix of uppercase letters,
lowercase letters, numbers, and special characters, including at least two of each (for example,
Tre%Pag32!).
A user cannot reuse any of his or her 10 previous passwords (not applicable to network users).
When a user changes his or her password, at least 4 characters must be different from the
previous password.
When you enable the password restrictions, MSS evaluates the passwords configured on the MX
switch and displays a list of users whose password does not meet the restriction on length and
character types.
Examples
To enable password restrictions on the MX switch, type the following command:
MX# set authentication password-restrict enable
warning: the following users have passwords that do not have atleast 2 each of upper-case
letters, lower-case letters, numbers and special characters -
dan
admin
user1
user2
jdoe
jsmith
success: change accepted.
See Also
set authentication minimum-password-length on page 9-172
set authentication max-attempts on page 9-171
clear user lockout on page 9-158
set authentication proxy
Configures a proxy authentication rule for wireless users on a third-party AP.
Syntax
set authentication proxy ssid ssid-name user-glob server-group-name
Defaults
None.
Access
Enabled.
History
Introduced in MSS 4.0.
Usage
AAA for third-party AP users has additional configuration requirements. See the
“Configuring AAA for Users of Third-Party APs” section in the “Configuring AAA for Network
Users” chapter of the Trapeze Mobility System Software Configuration Guide.
ssid ssid-name SSID name to which this authentication rule applies.
user-glob A single user or a set of users.
Specify a username, use the double-asterisk wildcard
character (**) to specify all usernames, or use the
single-asterisk wildcard character (*) to specify a set of
usernames up to or following the first delimiter
character—either an at sign (@) or a period (.). (For
details, see “User Globs” on page 2–7.)
radius-server-group A group of RADIUS servers used for authentication.