CLI: config security

config:# security groupBasedAccessControl ipv4

security groupBasedAccessControl ipv4 [enabled <enable>] [defaultPolicy <defpolicy>]

Configure group based access control settings for IPv4

enabled Enable group based access control (true/false)

defaultPolicy Default policy (allow/deny)

config:# security groupBasedAccessControl ipv6 [enabled <enable>] [defaultPolicy <defpolicy>]

Configure group based access control settings for IPv6

enabled Enable group based access control (true/false)

defaultPolicy Default policy (allow/deny)

config:# security ipAccessControl ipv4

security ipAccessControl ipv4 [enabled <enable>] [defaultPolicyIn <defpolicyin>] [defaultPolicyOut <defpolicyout>]

Configure IPv4 access control settings

enabled Enable IP access control (true/false)

defaultPolicyIn Default policy for inbound traffic (accept/drop/reject)

defaultPolicyOut Default policy for outbound traffic (accept/drop/reject)

config:# security ipAccessControl ipv6 [enabled <enable>] [defaultPolicyIn <defpolicyin>] [defaultPolicyOut <defpolicyout>]

Configure IPv6 access control settings

enabled Enable IP access control (true/false)

defaultPolicyIn Default policy for inbound traffic (accept/drop/reject)

defaultPolicyOut Default policy for outbound traffic (accept/drop/reject)

config:# security loginLimits [singleLogin <singlelogin>] [passwordAging <pwaging>] [passwordAgingInterval <pwaginginterval>] [idleTimeout <idletimeout>]

Configure login limitations

singleLogin Prevent concurrent user login (enable/disable)

passwordAging Enable password aging (enable/disable)

passwordAgingInterval Set password aging interval (in days) (7..365)

idleTimeout Set user idle timeout (in minutes) (1..1440 or infinite)

config:# security restrictedServiceAgreement [enabled <enabled>] [bannerContent]

Configure the Restricted Service Agreement banner

enabled Enable Restricted Service Agreement enforcement (true/false)

bannerContent The Restricted Service Agreement banner

config:# security strongPasswords [enabled <enable>] [minimumLength <minlength>] [maximumLength <maxlength>] [enforceAtLeastOneLowerCaseCharacter <forcelower>] [enforceAtLeastOneUpperCaseCharacter <forceupper>] [enforceAtLeastOneNumericCharacter <forcenumeric>] [enforceAtLeastOneSpecialCharacter <forcespecial>] [passwordHistoryDepth <historydepth>]

Configure strong password requirements

enabled Enable strong passwords (true/false)

minimumLength Minimum password length (8..32)

maximumLength Maximum password length (16..64)

enforceAtLeastOneLowerCaseCharacter Enforce at least one lower case character (enable/disable)

enforceAtLeastOneUpperCaseCharacter Enforce at least one upper case character (enable/disable)

enforceAtLeastOneNumericCharacter Enforce at least one numeric character (enable/disable)

enforceAtLeastOneSpecialCharacter Enforce at least one special character (enable/disable)

passwordHistoryDepth Password history depth (1..12)

config:# security userBlocking [maximumNumberOfFailedLogins <maxfails>] [blockTime <blocktime>]

Configure user blocking

maximumNumberOfFailedLogins Set maximum number of failed logins before blocking a user (3..10 or unlimited)

blockTime Set user block time (in minutes) (1..1440 or infinite)

See Also

CLI: config

CLI: config authentication

CLI: config device

CLI: config group

CLI: config keyword

CLI: config network

CLI: config password

CLI: config port

CLI: config serial

CLI: config terminalblock

CLI: config time

CLI: config user