1. ACLI Reference Guide
  2. ACLI Configuration Elements N-Z
  3. password-policy

password-policy

The password-policy element configures password rules for password secure mode.

Parameters

min-secure-pwd-len
Enter the minimum password length to use when system is in secure password mode. The maximum allowable length for any password is 64 characters.
  • Default: 8
  • Values: 8-64

Note:

The password using this minimum length value must contain at least one punctuation mark and two out of these three requirements: upper case letter, lower case letter, number. No special characters are allowed, for example: #, &, @.

Note:

This parameter is ignored when the password-policy-strength parameter is used (the Admin Security and/or Admin Security ACP license is active).
expiry-interval
Specifies the maximum password lifetime in days.
  • Default: 90
  • Min: 1 / Max: 65535
password-change-interval
Specifies the minimum password lifetime.
  • Default: 24 hours
  • Min: 1 hour / Max: 24 hours
expiry-notify-period
Specifies the number of days prior to expiration that users begin to receive password expiration notifications.
  • Default: 30 days
  • Min: 1 day / Max: 90 days
grace-period
Time after password expiration user has until forced to change password.
  • Default: 30 days
  • Min: 1 day / Max: 90 days
grace-logins
Number of logins after password expiration the user has until forced to change password.
  • Default: 3
  • Min: 1 / Max: 10
password-history-count
Specifies the number of previously used passwords retained in encrypted format in the password history cache.
  • Default: 3
  • Supported values are integers within the range 3 through 24 (retained passwords). Each system's actual support, however, is dependent on enabled license:
    • Admin Security alone—Password history count ranges between 3 and 10
    • JITC—Password history count ranges between 8 and 24

    Note:

    If your configuration violates either of the licenses above, the system displays an error message that states the applicable range.
password-policy-strength
Enables the enhanced password strength requirements provided by the Admin Security and/or Admin Security ACP license.
  • Default: disabled
  • enabled | disabled

Path

password-policy is an element under the security path. The full path from the topmost ACLI prompt is: configure terminal, and then security, and then password-policy.