system : password-policy
 
password-policy
Use this command to configure higher security requirements for administrator passwords and IPsec VPN pre-shared keys.
Syntax
config system password-policy
set status {enable | disable}
set apply-to [admin‑password ipsec-preshared-key]
set change-4-characters {enable | disable}
set expire <days>
set minimum-length <chars>
set min-lower-case-letter <num_int>
set min-upper-case-letter <num_int>
set min-non-alphanumeric <num_int>
set min-number <num_int>
set expire-status {enable | disable}
set expire-day <num_int>
end
Variable
Description
Default
apply-to [admin‑password ipsec-preshared-key]
Select where the policy applies: administrator passwords or IPSec preshared keys.
admin‑password
change-4-characters {enable | disable}
Enable to require the new password to differ from the old password by at least four characters.
disable
expire <days>
Set time to expiry in days. Enter 0 for no expiry.
0
minimum-length <chars>
Set the minimum length of password in characters. Range 8 to 32.
8
min-lower-case-letter <num_int>
Enter the minimum number of required lower case letters in every password.
0
min-upper-case-letter <num_int>
Enter the minimum number of required upper case letters in every password.
0
min-non-alphanumeric <num_int>
Enter the minimum number of required non-alphanumeric characters in every password.
0
min-number <num_int>
Enter the minimum number of number characters required in every password.
0
expire-status {enable | disable}
Enable to have passwords expire.
enable
expire-day <num_int>
Enter the number of days before the current password is expired and the user will be required to change their password.
This option is available only when expire-status is set to enable.
90
status {enable | disable}
Enable password policy.
disable