How to disable the password complexity check function for an SNMP community name on a CE series switch

19

Run the snmp-agent community complexity-check disable command in the system view to disable complexity check of community names. In this case, you can modify the minimum length of an SNMP community name. If the configured community name does not meet complexity requirements, the system is prone to attacks from malicious users, affecting system security. Therefore, disabling complexity check of community names is not recommended.

Other related questions:
How do I configure SNMP community name on S series switches
The snmp-agent community { read | write } community-name command can be used to configure community names on S series switches (except S1700). read indicates the read permission and write indicates the write permission. If the same community name is configured, the latter configuration overwrites the earlier community name. The following provides an example: [HUAWEI] snmp-agent community write community001 Community complexity check needs to be performed when SNMP community names are configured on S series switches (except S1700) in versions after V200R002. Community complexity requirements are as follows: 1. The community name must contain at least eight characters. The set password min-length command sets the value of minimum password length which must equal to or be larger than 8. 2. The community must be a combination of at least two of the following: uppercase letters A to Z, lowercase letters a to z, digits, and special characters (excluding question masks). You can use the snmp-agent community complexity-check disable command to disable community name complexity check on a switch. After community name complexity check is disabled, the value of community name length is an integer in the range 1 to 32. The configuration method is as follows: [HUAWEI] snmp-agent community complexity-check disable Note: If a configured community name does not meet complexity requirements, the system is prone to attacks including password cracking from malicious users, affecting system security. Therefore, it is recommended that community name complexity check be enabled.

Disable the password complexity check on S series switches
In the versions earlier than V200R003, S series switches (except S1700 switches) use simple user name and password rules, so that the user names and passwords are easy to manage and remember. However, simple passwords have security risks. In V200R003, the switches pose stricter requirements on user names and passwords. After you create a local user by using the local-user command on a switch, the password must pass a complexity check performed by the switch. In V200R005 and later versions, you can choose whether to enable password complexity check. By default, a switch checks password complexity. Disable the password complexity check on a switch as follows: �?If you are a common local user, run the following command: [HUAWEI] aaa [HUAWEI-aaa] undo user-password complexity-check �?If you log in to the switch through the console port, run the following command: [HUAWEI] user-interface console 0 [HUAWEI-ui-console0] authentication-mode aaa [HUAWEI-ui-console0] quit [HUAWEI] aaa [HUAWEI-aaa] undo user-password complexity-check �?If you log in to the switch through Telnet or SSH, run the following command: [HUAWEI] user-interface vty 0 [HUAWEI-ui-vty0] authentication-mode aaa [HUAWEI-ui-vty0] quit [HUAWEI] aaa [HUAWEI-aaa] undo user-password complexity-check

How to disable the user name length check function on CE series switches
By default, the security policy function is enabled for local accounts on CE series switches to ensure security. The function requires that a local user name contain at least six characters.

If the minimum length is specified for local user names on a switch, the switch also checks user name length.

To disable user name length check, run the following commands:
<HUAWEI> system-view
[~HUAWEI] aaa
[~HUAWEI-aaa] undo local-user policy security-enhance       //Disable the security policy function for local accounts.
[*HUAWEI-aaa] undo user-name minimum-length       // If the minimum user name length check function has been enabled, disable this function.
[*HUAWEI-aaa] commit

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top