No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Security

CloudEngine 8800, 7800, 6800, and 5800 V200R005C10

This document describes the configurations of Security, including ACL, local attack defense, MFF, attack defense, traffic suppression and storm control, ARP security, Port security, DHCP snooping, ND snooping, PPPoE+, IPSG, SAVI, separating the management plane from the service plane, security risks.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
An AAA Local User Cannot Be Created Due to Incorrect Password Setting

An AAA Local User Cannot Be Created Due to Incorrect Password Setting

Fault Description

An AAA local user fails to be created, and the device displays an error message.

Possible Causes

  • The length of the user password does not meet requirements.
  • The complexity of the user password does not meet requirements.
  • The password contains forbidden words.

Procedure

  1. Handle the problem according to the error message.

    Error Message

    Possible Cause and Verification

    Solution

    Error: The password length must range from 8 to 128.

    NOTE:

    The password length range from 8 to 128 is an example. The actual password length depends on the configuration on the device.

    The minimum password length is configured on the device or the security policy function is enabled on the device for local accounts. The password length does not reach the minimum length.

    Run the display this command in the AAA view to verify the following items:
    • If the local-user policy password min-len command has been executed, the device is configured to limit the minimum length of passwords.
    • If the undo local-user policy security-enhance is not executed, the security policy function is enabled on the device for local accounts. The password must contain at least eight characters.

    When you create a local user, the password length must be longer than the minimum password length configured on the device.

    Error: New password must contain at least one capital letter, one symbol and one number.

    The complexity check is enabled for local user passwords. The configured password does not contain digits, upper-case letters, or special characters (excluding spaces and question marks). The password can contain spaces if it is put within double quotation marks ("").

    Run the display this command in the AAA view to check whether the local-user policy password complexity-enhance command has been executed.

    The password of a local user must contain one or more digits, upper-case letters, and special characters with the exception of spaces and question marks (?). The password can contain spaces if it is put within double quotation marks ("").

    Error: Password is too simple, it should include capital, lowercase, number and special character.

    The security policy function is enabled on the device for local accounts. The configured password does not contain digits, upper-case letters, lower-case letters, or special characters (excluding spaces and question marks). The password can contain spaces if it is put within double quotation marks ("").

    Run the display this command in the AAA view to check whether the undo local-user policy security-enhance command has been executed.

    The password of a local user must contain one or more digits, upper-case letters, lower-case letters, and special characters with the exception of spaces and question marks (?). The password can contain spaces if it is put within double quotation marks ("").

    Error: Admin huawei's new password should not include the username or username revert.

    NOTE:

    The user name huawei is an example. The actual user name depends on the configuration on the device.

    The security policy function is enabled on the device for local accounts, and the configured password contains the user name or the user name in inverse order.

    Run the display this command in the AAA view to check whether the undo local-user policy security-enhance command has been executed.

    The password of a local user cannot contain the user name or the user name in inverse order.

    Error: The password is too simple, it should not contain forbidden words.

    Forbidden words are configured on the device for passwords, and the configured password contains one or more forbidden words.

    Run the display this command in the password security view to check whether the forbidden word command has been executed.

    The password of a local user cannot contain any forbidden word.

    NOTE:

    If both the security policy function and minimum password length are configured on the device, the stricter condition is used.

    For security purposes, you are advised not to cancel the preceding security configurations.

Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100074765

Views: 18715

Downloads: 64

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next