- play_arrow Login Classes and Login Settings
- play_arrow User Accounts
- play_arrow Trusted Platform Module
- play_arrow User Authentication
- play_arrow Remote Access Management
- play_arrow Access Control
- Access Control Authentication Methods
- Preventing Unauthorized Access to EX Series Switches Using Unattended Mode for U-Boot
- Preventing Unauthorized Access to EX Series Switches Using Unattended Mode for U-Boot
- RADIUS Server Configuration for Authentication
- RADIUS over TLS (RADSEC)
- 802.1X Authentication
- MAC RADIUS Authentication
- Service-Type Attribute and Jumbo Frame Handling Overview
- 802.1X and RADIUS Accounting
- Example: Setting Up 802.1X for Single-Supplicant or Multiple-Supplicant Configurations on an EX Series Switch
- Example: Setting Up 802.1X in Conference Rooms to Provide Internet Access to Corporate Visitors on an EX Series Switch
- Interfaces Enabled for 802.1X or MAC RADIUS Authentication
- Static MAC Bypass of 802.1X and MAC RADIUS Authentication
- Configuring PEAP for MAC RADIUS Authentication
- Captive Portal Authentication
- Flexible Authentication Order on EX Series Switches
- Server Fail Fallback and Authentication
- Authentication Session Timeout
- Central Web Authentication
- Dynamic VLAN Assignment for Colorless Ports
- VoIP on EX Series Switches
- play_arrow Configuring IEEE 802.1x Port-Based Network Access Control
- play_arrow Configuring IEEE 802.1x Port-Based Network Access Control in Enhanced LAN Mode
- 802.1X for MX Series Routers in Enhanced LAN Mode Overview
- Understanding 802.1X and LLDP and LLDP-MED on MX Series Routers in Enhanced LAN Mode
- Understanding 802.1X and RADIUS Accounting on MX Series Routers in Enhanced LAN Mode
- Understanding 802.1X and VoIP on MX Series Routers in Enhanced LAN Mode
- Understanding Guest VLANs for 802.1X on MX Series Routers in Enhanced LAN Mode
- Understanding Dynamic VLANs for 802.1X on MX Series Routers in Enhanced LAN Mode
- Understanding Server Fail Fallback and Authentication on MX Series Routers in Enhanced LAN Mode
- Configuring 802.1X RADIUS Accounting on MX Series Routers in Enhanced LAN Mode
- Configuring 802.1X Interface Settings on MX Series Routers in Enhanced LAN Mode
- Configuring LLDP-MED on MX Series Routers in Enhanced LAN Mode
- Configuring LLDP on MX Series Routers in Enhanced LAN Mode
- Configuring Server Fail Fallback on MX Series Routers in Enhanced LAN Mode
- Understanding Captive Portal Authentication on the MX Series Routers
- Understanding Authentication Session Timeout on MX Series Routers
- Authentication Process Flow for MX Series Routers in Enhanced LAN Mode
- Specifying RADIUS Server Connections on an MX Series Router in Enhanced LAN Mode
- Configuring Captive Portal Authentication on MX Series Routers in Enhanced LAN Mode
- Designing a Captive Portal Authentication Login Page on an MX Series Router
- Configuring Static MAC Bypass of Authentication on MX Series Routers in Enhanced LAN Mode
- Controlling Authentication Session Timeouts on an MX Series Router in Enhanced LAN Mode
- Configuring MAC RADIUS Authentication on MX Series Routers in Enhanced LAN Mode
- Example: Configuring MAC RADIUS Authentication on an MX Series Router
- Example: Setting Up Captive Portal Authentication on an MX Series Router
- Example: Connecting a RADIUS Server for 802.1X to an MX Series Router
- Example: Setting Up 802.1X in Conference Rooms to Provide Internet Access to Corporate Visitors on an MX Series Router
- Example: Configuring Static MAC Bypass of Authentication on an MX Series Router
- Example: Applying Firewall Filters to Multiple Supplicants on Interfaces Enabled for 802.1X or MAC RADIUS Authentication on MX Series Routers
- play_arrow Device Discovery
- play_arrow Domain Name Security
- play_arrow Permission Flags
- access
- access-control
- admin
- admin-control
- all
- clear
- configure
- control
- field
- firewall
- firewall-control
- floppy
- flow-tap
- flow-tap-control
- flow-tap-operation
- idp-profiler-operation
- interface
- interface-control
- maintenance
- network
- pgcp-session-mirroring
- pgcp-session-mirroring-control
- reset
- rollback
- routing
- routing-control
- secret
- secret-control
- security
- security-control
- shell
- snmp
- snmp-control
- system
- system-control
- trace
- trace-control
- view
- view-configuration
- play_arrow Configuration Statements and Operational Commands
Plain-Text Passwords
Change the Requirements for Plain-Text Passwords
To change the requirements for plain-text passwords, include the
password statement at the [edit system login]
hierarchy level:
[edit system login] password { change-type (set-transitions | character-set); format (sha256 | sha512); maximum-length length; maximum-lifetime days minimum-changes number; minimum-character-changes number minimum-length length; minimum-lifetime days minimum-lower-cases number; minimum-numerics number; minimum-reuse number minimum-punctuations number; minimum-upper-cases number; }
These statements apply to plain-text passwords only, not encrypted passwords.
How to Change the Requirements for Plain-Text Passwords
This example shows how to set various maximum and minimum requirements for plain-text passwords to increase password strength.
Overview
You can use a variety of requirements to strengthen plain-text passwords for greater
security. Many possible configurations exist at the [edit system login
password] hierarchy level that allow you to require users to create
plain-text passwords conforming to a particular set of requirements. These
requirements may include such things as password length, number of changes, type of
characters, numbers, or letter case.
Configuration
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste them into a
text file, remove any line breaks, change any details necessary to match your
network configuration, and then copy and paste the commands into the CLI at the
[edit] hierarchy level.
set system login password minimum-length 12 set system login password maximum-length 22 set system login password minimum-numerics 1 set system login password minimum-upper-cases 1 set system login password minimum-lower-cases 1 set system login password minimum-punctuations 1
Configure the Requirements for Plain-Text Passwords
Step-by-Step Procedure
This example configures password requirements that require the user to create a password with at least 12 characters but no more than 22 characters. The password requirements also specify at least one lowercase letter and one uppercase letter, at least one punctuation character, and at least one numeric character.
Enter configuration mode and navigate to the
[edit system login password]hierarchy level.content_copy zoom_out_mapuser@host> configure [edit] user@host# edit system login password
Set a minimum length requirement of 12 characters and a maximum length requirement of 22 characters for user passwords.
content_copy zoom_out_map[edit system login password] user@host# set minimum-length 12 [edit system login password] user@host# set maximum-length 22
Require users to set a password that has at least one lowercase letter and at least one uppercase letter.
content_copy zoom_out_map[edit system login password] user@host# set minimum-lower-cases 1 [edit system login password] user@host# set minimum-upper-cases 1
Require users to set a password that has at least one punctuation character and at least one numeric character.
content_copy zoom_out_map[edit system login password] user@host# set minimum-punctuations 1 [edit system login password] user@host# set minimum-numerics 1
Results
In configuration mode, confirm your configuration by entering the
show command at the [edit system login
password] hierarchy level..
[edit system login password] user@host# show minimum-length 12; maximum-length 22; minimum-numerics 1; minimum-upper-cases 1; minimum-lower-cases 1; minimum-punctuations 1;
If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.
After you have confirmed that the configuration is correct, enter
commit in configuration mode.
