Password Policies
GigaVUE‑OS nodes observe several policies designed to ensure strong password protection for user accounts.
Policy |
Description |
|||||||||||||||||||||||||||
Password Standards |
Passwords must meet the following standards:
Note: The following special characters are not supported:
However, you can use these characters in the password as described in the Reserved Characters in Passwordssection.
|
|||||||||||||||||||||||||||
Password Recommendations |
The following are password recommendations:
Note: It is recommended that you do not include the at sign (@) in passwords. Under some circumstances, this can lead to the failure of some CLI commands, such as image fetch or configuration upload. Note: The monitor account is designed to give a read-only access to the GigaVUE‑OS. The monitor account is disabled by default. To enable it, assign a password to the account. GigaVUE‑FM, GigaVUE‑OS H-VUE, and GigaVUE-OS CLI users can use the monitor account as long as it is enabled (has a password). |
|||||||||||||||||||||||||||
Password recommendation for admin users | The default password on the admin account is admin123A!. After the first login, you must change the password to a non-default value in compliance with the password requirements mentioned above. For example: gigamon123A!!. | |||||||||||||||||||||||||||
Password Change Rights |
Only admin users can change the passwords of other users. For example, to change the password of the psandoval account, an admin user would use the following command: (config) # username psandoval password <new password>
|
A secure passwords mode is available. Refer to the “Configuring Secure Passwords Mode” section in the GigaVUE-OS H-VUE Administration Guide for details, as well as thesystem.
Reset Passwords on GigaVUE Nodes from U-Boot
Passwords are reset using the following procedure on GigaVUE‑HC2 nodes.
For the procedure to reset passwords on GigaVUE-TA10 and GigaVUE-TA40 nodes, refer to Reset Passwords on GigaVUE-TA10 and GigaVUE-TA40.
For the procedure to reset passwords on GigaVUE-TA100, GigaVUE-TA100-CXP, GigaVUE‑HC1, and GigaVUE‑HC3 nodes, refer to Reset Passwords on GigaVUE-TA100, GigaVUE-TA100-CXP, GigaVUE‑HC1, GigaVUE‑HC3, and GigaVUE-TA200.
To reset a password on GigaVUE‑HC2 use the following steps:
1. | Reboot the system |
2. | Watch the screen messages until you see the following: |
Press Enter to boot this image, or any other key for boot menu
3. | Press any key other than Enter, such as the space bar |
4. | To access the command prompt, type: c |
5. | At the command prompt, type: setenv reset_button 1 |
This causes the admin password to be reset to a blank password, and it also reconfigures AAA authentication to use local authentication first.
6. | At the command prompt, type: run bootcmd |
This performs a reboot.
7. | When the system boots up, login as the admin user and set a new admin password using the following command: username admin password <new password>. |
Reset Passwords on GigaVUE-TA10 and GigaVUE-TA40
To reset a password on GigaVUE-TA10 and GigaVUE-TA40 nodes, use the following steps:
1. | Reboot the system |
2. | Watch the screen messages until you see the following: |
Press Enter to boot this image, or any other key for boot menu
3. | Press any key other than Enter, such as the space bar |
4. | Use up/down arrows to select Command Prompt |
5. | At the command prompt, type: setenv mmcresetbtn 1 |
6. | At the command prompt, type: run bootcmd |
This performs a reboot and causes the admin password to be reset to a blank password.
7. | When the system boots up, login as the admin user and set a new admin password using the following command: username admin password <new password>. |
Reset Passwords on GigaVUE-TA100, GigaVUE-TA100-CXP, GigaVUE‑HC1, GigaVUE‑HC3, and GigaVUE-TA200
To reset a password on GigaVUE-TA100, GigaVUE-TA100-CXP, GigaVUE‑HC1, GigaVUE‑HC3, GigaVUE-TA200
1. | Reboot the system |
2. | Watch the screen messages until you see the following: |
Press Enter to boot this image, or any other key for boot menu
3. | Press any key other than Enter, such as the space bar |
4. | To modify the kernel arguments, type: a |
This modifies the kernel arguments before booting. The kernel arguments are:
<112M memmap=2176M$1920M console=tty0 console=ttyS0,115200n8
5. | Add the following to the kernel arguments: reset_button=1, as follows |
<112M memmap=2176M$1920M console=tty0 console=ttyS0,115200n8 reset_button=1
This performs a reboot and causes the admin password to be reset to a blank password, and it also reconfigures AAA authentication to use local authentication first.
6. | When the system boots up, login as the admin user and set a new admin password using the following command: username admin password <new password>. |
Configure a Password Expiration Duration
Use the following CLI command to configure the number of days before a password expires:
(config) # aaa authentication password expiration duration 20
Refer to aaa authentication for details.
Configure Login Attempts
Use the following CLI command to configure the handling of failed login attempts:
(config) # aaa authentication attempts
Refer to aaa authentication for details.
Reserved Characters in Passwords
This section describes how to use the following reserved characters in passwords:
? |
\ |
" |
There are two ways to include these characters in a password:
1. Enter the username without specifying the password
In this technique, you issue the username command and include the password argument, but do not actually specify the password. This causes the system to prompt you for the password, allowing you to enter reserved characters directly. For example:
(config) # username mcabrera passwordPassword: *********Confirm: *********
In this example, you could enter a password using a reserved character as follows—for example, Test123?
2. Include the escape character before each reserved character
Alternatively, you can include reserved characters in a password specified in the username command by using the following:
Enclose the entire password in double-quotation marks. In particular, use this technique to include the question mark (?) in a password. |
Include the escape character, which is the slash (\), before the single quote (") character or before the slash (\) in a password. |
The following table shows some sample passwords:
Command |
Password Created |
username user1 password "Test123?" |
Test123? |
username user2 password Test123\” |
Test123" |
username user3 password Test123\\ |
Test123\ |