Disable the password complexity check on S series switches

69

In the versions earlier than V200R003, S series switches (except S1700 switches) use simple user name and password rules, so that the user names and passwords are easy to manage and remember. However, simple passwords have security risks. In V200R003, the switches pose stricter requirements on user names and passwords. After you create a local user by using the local-user command on a switch, the password must pass a complexity check performed by the switch. In V200R005 and later versions, you can choose whether to enable password complexity check.
By default, a switch checks password complexity. Disable the password complexity check on a switch as follows:
�?If you are a common local user, run the following command:
[HUAWEI] aaa
[HUAWEI-aaa] undo user-password complexity-check
�?If you log in to the switch through the console port, run the following command:
[HUAWEI] user-interface console 0
[HUAWEI-ui-console0] authentication-mode aaa
[HUAWEI-ui-console0] quit
[HUAWEI] aaa
[HUAWEI-aaa] undo user-password complexity-check
�?If you log in to the switch through Telnet or SSH, run the following command:
[HUAWEI] user-interface vty 0
[HUAWEI-ui-vty0] authentication-mode aaa
[HUAWEI-ui-vty0] quit
[HUAWEI] aaa
[HUAWEI-aaa] undo user-password complexity-check

Other related questions:
How do I configure SNMP community name on S series switches
The snmp-agent community { read | write } community-name command can be used to configure community names on S series switches (except S1700). read indicates the read permission and write indicates the write permission. If the same community name is configured, the latter configuration overwrites the earlier community name. The following provides an example: [HUAWEI] snmp-agent community write community001 Community complexity check needs to be performed when SNMP community names are configured on S series switches (except S1700) in versions after V200R002. Community complexity requirements are as follows: 1. The community name must contain at least eight characters. The set password min-length command sets the value of minimum password length which must equal to or be larger than 8. 2. The community must be a combination of at least two of the following: uppercase letters A to Z, lowercase letters a to z, digits, and special characters (excluding question masks). You can use the snmp-agent community complexity-check disable command to disable community name complexity check on a switch. After community name complexity check is disabled, the value of community name length is an integer in the range 1 to 32. The configuration method is as follows: [HUAWEI] snmp-agent community complexity-check disable Note: If a configured community name does not meet complexity requirements, the system is prone to attacks including password cracking from malicious users, affecting system security. Therefore, it is recommended that community name complexity check be enabled.

Do ARs support password complexity modification
No, ARs do not support this function.

How to disable the password complexity check function for an SNMP community name on a CE series switch
Run the snmp-agent community complexity-check disable command in the system view to disable complexity check of community names. In this case, you can modify the minimum length of an SNMP community name. If the configured community name does not meet complexity requirements, the system is prone to attacks from malicious users, affecting system security. Therefore, disabling complexity check of community names is not recommended.

What are SNMP commands and what are their functions for S series switches
S series switches (except S1700) use different commands to implement different SNMP functions. For example: snmp-agent //Enable SNMP. snmp-agent sys-info version //Configure the SNMP version. snmp-agent community //Configure an SNMP read-write community name. snmp-agent target-host trap //Configure the destination address to receive traps. snmp-agent community complexity-check disable //Disable community name complexity check. For details on SNMP commands, click S2750&S5700&S6700 V200R003(C00&C02&C10) Command Reference and choose Network Management and Monitoring Commands > SNMP Configuration Commands. Choose corresponding materials based on the device model and version. S series fixed switches are used here as an example.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top