Your Active Directory enforces password compliance. Your IOS XE box can too!
IOS XE supports Common Criteria Policies that allow Network Engineers to configure options such as minimum and maximum password lengths, max number of times a character can be consecutively repeated, and force use of upper, lower, numeric, and special characters.
In this task, we will view and run a playbook that will create a Common Criteria Policy and a local user with a compliant password.
- View the Playbook that will Create the Common Criteria Policy
- Run the Playbook that will Create the Common Criteria Policy
- View the Common Criterial Policy on the Switch
- View the Playbook that will Create the IOS XE Local User
- Run the Playbook that will Create the IOS XE Local User
- View the Local User Notice how some users need to have the Common Criteria applied and that the one we just created does have it applied.
- View the Playbook that will Configure Login Block
- Run the Playbook that will Configure Login Block
- View the Login Block Configuration
cat playbooks/02a-add-common-criteria-policy.yaml
ansible-playbook -i inventories/devnet-switches.yaml playbooks/02a-add-common-criteria-policy.yaml --ask-vault-pass
show runn | sec aaa common-criteria
cat playbooks/02b-add-common-criteria-users.yaml
ansible-playbook -i inventories/devnet-switches.yaml playbooks/02b-add-common-criteria-users.yaml --ask-vault-pass
show runn | inc username
cat playbooks/02c-config-login-block.yaml
ansible-playbook -i inventories/devnet-switches.yaml playbooks/02c-config-login-block.yaml --ask-vault-pass
sh runn | inc login block
sh runn | inc login on
Click here to move on to the next section. Configuring Type 6 Password Encryption.