Password Policies
GigaVUE‑OS nodes observe several policies designed to ensure strong password protection for user accounts.
|
Policy |
Description |
|||||||||||||||||||||||||||
|
Password Standards |
Passwords must meet the following standards:
Note: The following special characters are not supported:
However, you can use these characters in the password as described in the Reserved Characters in Passwordssection.
|
|||||||||||||||||||||||||||
|
Password Recommendations |
The following are password recommendations:
Note: It is recommended that you do not include the at sign (@) in passwords. Under some circumstances, this can lead to the failure of some CLI commands, such as image fetch or configuration upload. Note: The monitor account is designed to give a read-only access to the GigaVUE‑OS. The monitor account is disabled by default. To enable it, assign a password to the account. GigaVUE‑FM, GigaVUE‑OS and GigaVUE-OS CLI users can use the monitor account as long as it is enabled (has a password). |
|||||||||||||||||||||||||||
| Password recommendation for admin users | The default password on the admin account is admin123A!. After the first login, you must change the password to a non-default value in compliance with the password requirements mentioned above. For example: gigamon123A!!. | |||||||||||||||||||||||||||
|
Password Change Rights |
Only admin users can change the passwords of other users. For example, to change the password of the psandoval account, an admin user would use the following command: (config) # username psandoval password <new password>
|
A secure passwords mode is available. Refer to the “Configuring Secure Passwords Mode” section in the GigaVUE Administration Guide for details, as well as thesystem.
Reset Passwords on GigaVUE‑HC1, and GigaVUE‑HC3
To reset a password on GigaVUE‑HC1, and GigaVUE‑HC3, nodes use the following steps:
| 1. | Reboot the system. |
| 2. | Watch the screen messages until you see the following: |
Press Enter to boot this image, or any other key for boot menu
| 3. | Press any key other than Enter, such as the space bar |
| 4. | To modify the kernel arguments, type: a |
This modifies the kernel arguments before booting. The kernel arguments are:
<112M memmap=2176M$1920M console=tty0 console=ttyS0,115200n8
| 5. | Add the following to the kernel arguments: reset_button=1, as follows |
<112M memmap=2176M$1920M console=tty0 console=ttyS0,115200n8 reset_button=1
This performs a reboot and causes the admin password to be reset to a blank password, and it also reconfigures AAA authentication to use local authentication first.
| 6. | When the system boots up, login as the admin user and set a new admin password using the following command: username admin password <new password>. |
Reset Passwords on GigaVUE-HCT, and GigaVUE‑HC1-Plus
To reset a password on GigaVUE-HCT, and GigaVUE‑HC1-Plus, nodes use the following steps:
| 1. | Reboot the system. |
| 2. | Watch the screen messages until you see the following, and press the "ESC" key several times to stop the bootup process: |
HROT-BL -"6.0.00" (release/hd_6000,dc1efdffdb7) Aug 20 2022:17:11:34
[NOTICE] - HROT-BL Booting Firmware
HROT-PFW -"6.0.00" (release/hd_6000,74671ff592a) Aug 28 2022:13:49:17
[NOTICE] - HROT-PFW Primary BIOS Integrity: [ok]
[NOTICE] - HROT-PFW CN:ENG-ISK1 O:Gigamon Integrity: [ok]
[NOTICE] - HROT-PFW CN:ENG-ISK2 O:Gigamon Integrity: [ok]
[NOTICE] - HROT-PFW CN:PROD-ISK1 O:Gigamon Integrity: [ok]
[NOTICE] - HROT-PFW CN:ENG-KEK-PlainSigner O:Gigamon Integrity: [ok]
[NOTICE] - HROT-PFW CN:ENG-KEK2-PlainSigner O:Gigamon Integrity: [ok]
[NOTICE] - HROT-PFW CN:PK O:Gigamon Integrity: [ok]
[NOTICE] - HROT-PFW Primary BIOS and KEY authentication successful
Booting.Yantra.40.011p.0 06/21/2022 12:00
POST CODE: 0x000000C2
POST CODE: 0x000000C5
POST CODE: 0x000000C6
POST CODE: 0x000000C3
POST CODE: 0x000000C7
POST CODE: 0x000000C8
POST CODE: 0x0000007E
POST CODE: 0x00000083
POST CODE: 0x000000C1
POST CODE: 0x000000C4
POST CODE: 0x000000A2
POST CODE: 0x0000004B
POST CODE: 0x00000052
POST CODE: 0x0000004D
POST CODE: 0x000000A2
POST CODE: 0x00000059
POST CODE: 0x00000010
POST CODE: 0x00000011
POST CODE: 0x00000012
POST CODE: 0x00000013
POST CODE: 0x00000015
POST CODE: 0x00000016
POST CODE: 0x00000017
POST CODE: 0x00000018
POST CODE: 0x0000001D
POST CODE: 0x00000026
POST CODE: 0x00000016
POST CODE: 0x00000017
POST CODE: 0x00000018
POST CODE: 0x00000020
POST CODE: 0x00000016
POST CODE: 0x00000017
POST CODE: 0x00000018
POST CODE: 0x00000027
POST CODE: 0x00000028
POST CODE: 0x0000002B
POST CODE: 0x00000029
POST CODE: 0x0000002E
POST CODE: 0x00000030
POST CODE: 0x000000FB
| 3. | Go to the GRUB prompt, press the key "E" when the image option appears in the display. The grub prompt appears as follows: |
setparams 'GigaVUE-OS-image1' 'GigaVUE-OS1'
set gfxpayload=text
insmod gzio
insmod part_msdos
insmod xfs
set root='hd0,gpt2'
linuxefi (hd0,2)/vmlinuz console=ttyS0,115200n8 text img_id=1 root=/de\
v/sda5 rw net.ifnames=0 biosdevname=0 acpi=copy_dsdt pcie_aspm=force resume=/d\
ev/sda4 quiet
| 4. | Add reset_button=1 at the end as below and then press "ctrl + x" |
linuxefi (hd0,2)/vmlinuz console=ttyS0,115200n8 text img_id=1 root=/de\ v/sda5 rw net.ifnames=0 biosdevname=0 acpi=copy_dsdt pcie_aspm=force resume=/d\ ev/sda4 quiet reset_button=1
Reset Passwords on GigaVUE‑TA25, GigaVUE‑TA25E, GigaVUE‑TA200, GigaVUE‑TA200E, GigaVUE‑TA400, and (Undefined variable: prodVar.prod-GigaVUE-TA400E)
To reset a password on
| 1. | Reboot the system. |
| 2. | Go to the GRUB prompt, press the key "E" when the image option appears in the display. The grub prompt appears as follows: |
setparams 'GigaVUE-OS-image1' 'GigaVUE-OS1'
set gfxpayload=text
insmod gzio
insmod part_msdos
insmod xfs
set root='hd0,gpt2'
linuxefi (hd0,2)/vmlinuz console=ttyS0,115200n8 text img_id=1 root=/de\
v/sda5 rw net.ifnames=0 biosdevname=0 acpi=copy_dsdt pcie_aspm=force resume=/d\
ev/sda4 quiet
| 3. | Add reset_button=1 at the end as below and then press "ctrl + x" |
linuxefi (hd0,2)/vmlinuz console=ttyS0,115200n8 text img_id=1 root=/de\ v/sda5 rw net.ifnames=0 biosdevname=0 acpi=copy_dsdt pcie_aspm=force resume=/d\ ev/sda4 quiet reset_button=1
Configure a Password Expiration Duration
Use the following CLI command to configure the number of days before a password expires:
(config) # aaa authentication password expiration duration 20
Refer to aaa authentication for details.
Configure Login Attempts
Use the following CLI command to configure the handling of failed login attempts:
(config) # aaa authentication attempts
Refer to aaa authentication for details.
Reserved Characters in Passwords
This section describes how to use the following reserved characters in passwords:
| ? |
| \ |
| " |
There are two ways to include these characters in a password:
1. Enter the username without specifying the password
In this technique, you issue the username command and include the password argument, but do not actually specify the password. This causes the system to prompt you for the password, allowing you to enter reserved characters directly. For example:
(config) # username mcabrera passwordPassword: *********Confirm: *********
In this example, you could enter a password using a reserved character as follows—for example, Test123?
2. Include the escape character before each reserved character
Alternatively, you can include reserved characters in a password specified in the username command by using the following:
| Enclose the entire password in double-quotation marks. In particular, use this technique to include the question mark (?) in a password. |
| Include the escape character, which is the slash (\), before the single quote (") character or before the slash (\) in a password. |
The following table shows some sample passwords:
|
Command |
Password Created |
|
username user1 password "Test123?" |
Test123? |
|
username user2 password Test123\” |
Test123" |
|
username user3 password Test123\\ |
Test123\ |
