102 G8264 Application Guide for ENOS 8.4The administrator can choose the number of days allowed before each passwordexpires. When a strong password expires, the user is allowed to log in one last time(last time) to change the password. A warning provides advance notice for users tochange the password.User Access ControlThe end‐user access control commands allow you to configure end‐user accounts.Setting up User IDsUp to 20 user IDs can be configured. Use the following commands to define anyuser name and set the user password at the resulting prompts:Defining a User’s Access LevelThe end user is by default assigned to the user access level (also known as class ofservice, or COS). COS for all user accounts have global access to all resourcesexcept for User COS, which has access to view only resources that the user owns.For more information, see Table 8 on page 111.To change the user’s level, select one of the following options:Validating a User’s ConfigurationEnabling or Disabling a UserAn end user account must be enabled before the switch recognizes and permitslogin under the account. Once enabled, the switch requires any user to enter bothusername and password.Locking AccountsTo protect the switch from unauthorized access, the account lockout feature can beenabled. By default, account lockout is disabled. To enable this feature, ensure thestrong password feature is enabled (See “Strong Passwords” on page 101). Thenuse the following command:RS G8264(config)# access user 1 name <1‐64 characters>RS G8264(config)# access user 1 passwordChanging user1 password; validation required:Enter current admin password: administrator password>Enter new user1 password: user password>Re enter new user1 password: user password>New user1 password accepted.RS G8264(config)# access user 1 level {user|operator|administrator}RS G8264# show access user uid 1RS G8264(config)# [no] access user 1 enableRS G8264(config)# access user strong password lockout
