How to disable the user name length check function on CE series switches

10

By default, the security policy function is enabled for local accounts on CE series switches to ensure security. The function requires that a local user name contain at least six characters.

If the minimum length is specified for local user names on a switch, the switch also checks user name length.

To disable user name length check, run the following commands:

<HUAWEI> system-view
[~HUAWEI] aaa
[~HUAWEI-aaa] undo local-user policy security-enhance       //Disable the security policy function for local accounts.

[*HUAWEI-aaa] undo user-name minimum-length       //
If the minimum user name length check function has been enabled, disable this function.

[*HUAWEI-aaa] commit

Other related questions:
How to disable the password complexity check function for an SNMP community name on a CE series switch
Run the snmp-agent community complexity-check disable command in the system view to disable complexity check of community names. In this case, you can modify the minimum length of an SNMP community name. If the configured community name does not meet complexity requirements, the system is prone to attacks from malicious users, affecting system security. Therefore, disabling complexity check of community names is not recommended.

How to modify the minimum length of an SNMP community name on a CE series switch
Run the snmp-agent community complexity-check disable command in the system view to disable complexity check of community names. In this case, you can modify the minimum length of an SNMP community name. If the configured community name does not meet complexity requirements, the system is prone to attacks from malicious users, affecting system security. Therefore, disabling complexity check of community names is not recommended.

What are the requirements for the length of SNMP community names on CE switches
By default, a switch checks the complexity of community names. A community name required by CE switches is a string of 8 to 32 characters and meets the following conditions: 1. The community name must be a combination of at least two of uppercase letters (A to Z), lowercase letters (a to z), digits, and special characters (excluding question masks and spaces). 2. If the string is enclosed in double quotation marks (" "), the string can contain spaces. If the complexity check of a community name is disabled using the snmp-agent community complexity-check disable command, the community name can contain 1 to 32 characters. To ensure the security of SNMP community names, you are advised to enable the complexity check of a community name.

How can I configure the SNMPv3 user group and user name on a CE switch
Only SNMPv3 supports user group and user name configuration. By default, a CE switch has SNMPv3 enabled. The user's security level must be higher than or equal to the security level of the user group. A security level can be (in descending order): 1. privacy: authentication and encryption 2. authentication: authentication without encryption 3. none: no authentication or encryption If the user group is at the privacy level, the user must be at the privacy level. If the user group is at the authentication level, the user must be at the privacy or authentication level. # Configure the user group group001, set the security level to privacy, and configure access control to restrict the access of NMS to the switch. system-view [~HUAWEI] snmp-agent group v3 group001 privacy write-view alliso acl 2001 [*HUAWEI] commit # Set the user name to user001, authentication password to Authe@1234, and encryption password to Priva@1234. system-view [~HUAWEI] snmp-agent usm-user v3 user001 group group001 [*HUAWEI] snmp-agent usm-user v3 user001 authentication-mode sha Please configure the authentication password (8-255) Enter Password: //Enter the authentication password. Confirm Password: //Confirm the authentication password. [*HUAWEI] snmp-agent usm-user v3 user001 privacy-mode aes256 Please configure the privacy password (8-255) Enter Password: //Enter the encryption password. Confirm Password: //Confirm the encryption password. [*HUAWEI] commit

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top