182 Configuring Authentication, Authorization, and Accounting• The username guest password password command creates auser with the name “guest” and password “password”. A simple passwordcan be configured here, since strength-checking has not yet been enabled.• The passwords strength minimum numeric-characters 2command sets the minimum number of numeric characters required whenpassword strength checking is enabled. This parameter is enabled only ifthe passwords strength minimum character-classesparameter is set to something greater than its default value of 0.• The passwords strength minimum character-classes 4command sets the minimum number of character classes that must bepresent in the password. The possible character classes are: upper-case,lower-case, numeric and special.• The passwords strength-check command enables passwordstrength checking.• The username admin password paSS1&word2 privilege15 command creates a user with the name “admin” and password“paSS1&word2”. This user is enabled for privilege level 15. Note that,because password strength checking was enabled, the password wasrequired to have at least two numeric characters, one uppercase character,one lowercase character, and one special character.• The passwords lock-out 3 command locks out a local user afterthree failed login attempts.This configuration allows either user to log into the switch. Both users willhave privilege level 1. Neither user will be able to successfully execute theenable command, which grants access to Privileged EXEC mode, becausethere is no enable password set by default (the default method list for telnetenable authentication is only the “enable” method).TACACS+ Authentication ExampleUse the following configuration to require TACACS+ authentication whenlogging in over a telnet connection:aaa authentication login “tacplus” tacacsNOTE: It is recommend that the password strength checking and passwordlockout features be enabled when using local users.