Password Policies
GigaVUE‑OS nodes observe several policies designed to ensure strong password protection for user accounts.
|
Policy |
Description |
|||||||||||||||||||||||||||
|
Password Standards |
Passwords must meet the following standards:
Note: The following special characters are not supported:
However, you can use these characters in the password as described in the Reserved Characters in Passwordssection.
|
|||||||||||||||||||||||||||
|
Password Recommendations |
The following are password recommendations:
Note: It is recommended that you do not include the at sign (@) in passwords. Under some circumstances, this can lead to the failure of some CLI commands, such as image fetch or configuration upload. Note: The monitor account is designed to give a read-only access to the GigaVUE‑OS. The monitor account is disabled by default. To enable it, assign a password to the account. GigaVUE‑FM, GigaVUE‑OS and GigaVUE-OS CLI users can use the monitor account as long as it is enabled (has a password). |
|||||||||||||||||||||||||||
| Password recommendation for admin users | The default password on the admin account is admin123A!. After the first login, you must change the password to a non-default value in compliance with the password requirements mentioned above. For example: gigamon123A!!. | |||||||||||||||||||||||||||
|
Password Change Rights |
Only admin users can change the passwords of other users. For example, to change the password of the psandoval account, an admin user would use the following command: (config) # username psandoval password <new password>
|
A secure passwords mode is available. Refer to the “Configuring Secure Passwords Mode” section in the GigaVUE Administration Guide for details, as well as thesystem.
Configure a Password Expiration Duration
Use the following CLI command to configure the number of days before a password expires:
(config) # aaa authentication password expiration duration 20
Refer to aaa authentication for details.
Configure Login Attempts
Use the following CLI command to configure the handling of failed login attempts:
(config) # aaa authentication attempts
Refer to aaa authentication for details.
Reserved Characters in Passwords
This section describes how to use the following reserved characters in passwords:
| ? |
| \ |
| " |
There are two ways to include these characters in a password:
1. Enter the username without specifying the password
In this technique, you issue the username command and include the password argument, but do not actually specify the password. This causes the system to prompt you for the password, allowing you to enter reserved characters directly. For example:
(config) # username mcabrera passwordPassword: *********Confirm: *********
In this example, you could enter a password using a reserved character as follows—for example, Test123?
2. Include the escape character before each reserved character
Alternatively, you can include reserved characters in a password specified in the username command by using the following:
| Enclose the entire password in double-quotation marks. In particular, use this technique to include the question mark (?) in a password. |
| Include the escape character, which is the slash (\), before the single quote (") character or before the slash (\) in a password. |
The following table shows some sample passwords:
|
Command |
Password Created |
|
username user1 password "Test123?" |
Test123? |
|
username user2 password Test123\” |
Test123" |
|
username user3 password Test123\\ |
Test123\ |
