diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/management-accounts.md b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/management-accounts.md
new file mode 100644
index 00000000000..8d136e49976
--- /dev/null
+++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/management-accounts.md
@@ -0,0 +1,49 @@
+# management-accounts
+
+## Table of Contents
+
+- [Management](#management)
+ - [Management Interfaces](#management-interfaces)
+ - [Management Accounts](#management-accounts)
+
+## Management
+
+### Management Interfaces
+
+#### Management Interfaces Summary
+
+##### IPv4
+
+| Management Interface | description | Type | VRF | IP Address | Gateway |
+| -------------------- | ----------- | ---- | --- | ---------- | ------- |
+| Management1 | oob_management | oob | MGMT | 10.73.255.122/24 | 10.73.255.2 |
+
+##### IPv6
+
+| Management Interface | description | Type | VRF | IPv6 Address | IPv6 Gateway |
+| -------------------- | ----------- | ---- | --- | ------------ | ------------ |
+| Management1 | oob_management | oob | MGMT | - | - |
+
+#### Management Interfaces Device Configuration
+
+```eos
+!
+interface Management1
+ description oob_management
+ vrf MGMT
+ ip address 10.73.255.122/24
+```
+
+### Management Accounts
+
+#### Password Policy
+
+The password policy set for management accounts is: AVD_POLICY
+
+#### Management Accounts Device Configuration
+
+```eos
+!
+management accounts
+ password policy AVD_POLICY
+```
diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/management-security.md b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/management-security.md
index d817ae8108f..78171acca4a 100644
--- a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/management-security.md
+++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/management-security.md
@@ -11,6 +11,7 @@
- [SSL profile test1-trust-cert Certificates Summary](#ssl-profile-test1-trust-cert-certificates-summary)
- [SSL profile test2-chain-cert Certificates Summary](#ssl-profile-test2-chain-cert-certificates-summary)
- [SSL profile test2-trust-cert Certificates Summary](#ssl-profile-test2-trust-cert-certificates-summary)
+ - [Password Policies](#password-policies)
- [Management Security Configuration](#management-security-configuration)
## Management
@@ -90,6 +91,11 @@ interface Management1
| ------------------ | ----------- | ------ | ------ |
| - | Hostname must be FQDN | - | Enabled |
+### Password Policies
+| Policy Name | Digits | Length | Lowercase letters | Special characters | Uppercase letters | Repetitive characters | Sequential characters |
+|-------------|--------|--------|-------------------|--------------------|-------------------|-----------------------|----------------------|
+| AVD_POLICY | > 1 | > 2 | > 3 | > 4 | > 5 | < 6 | < 7 |
+
### Management Security Configuration
```eos
@@ -99,6 +105,14 @@ management security
password encryption-key common
password encryption reversible aes-256-gcm
password minimum length 17
+ password policy AVD_POLICY
+ minimum digits 1
+ minimum length 2
+ minimum lower 3
+ minimum special 4
+ minimum upper 5
+ maximum repetitive 6
+ maximum sequential 7
ssl profile certificate-profile
certificate eAPI.crt key eAPI.key
ssl profile cipher-list-profile
diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/management-accounts.cfg b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/management-accounts.cfg
new file mode 100644
index 00000000000..24f16d01fa4
--- /dev/null
+++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/management-accounts.cfg
@@ -0,0 +1,18 @@
+!RANCID-CONTENT-TYPE: arista
+!
+transceiver qsfp default-mode 4x10G
+!
+hostname management-accounts
+!
+no enable password
+no aaa root
+!
+interface Management1
+ description oob_management
+ vrf MGMT
+ ip address 10.73.255.122/24
+!
+management accounts
+ password policy AVD_POLICY
+!
+end
diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/management-security.cfg b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/management-security.cfg
index b59370c014e..4b20c5fee47 100644
--- a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/management-security.cfg
+++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/management-security.cfg
@@ -17,6 +17,14 @@ management security
password encryption-key common
password encryption reversible aes-256-gcm
password minimum length 17
+ password policy AVD_POLICY
+ minimum digits 1
+ minimum length 2
+ minimum lower 3
+ minimum special 4
+ minimum upper 5
+ maximum repetitive 6
+ maximum sequential 7
ssl profile certificate-profile
certificate eAPI.crt key eAPI.key
ssl profile cipher-list-profile
diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/management-accounts.yml b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/management-accounts.yml
new file mode 100644
index 00000000000..a244686dd63
--- /dev/null
+++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/management-accounts.yml
@@ -0,0 +1,3 @@
+management_accounts:
+ password:
+ policy: "AVD_POLICY"
diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/management-security.yml b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/management-security.yml
index 4f58d66f589..e87f3bd2441 100644
--- a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/management-security.yml
+++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/management-security.yml
@@ -5,6 +5,17 @@ management_security:
minimum_length: 17
encryption_key_common: true
encryption_reversible: aes-256-gcm
+ policies:
+ - name: AVD_POLICY
+ minimum:
+ digits: 1
+ length: 2
+ lower: 3
+ special: 4
+ upper: 5
+ maximum:
+ repetitive: 6
+ sequential: 7
ssl_profiles:
- name: tls-versions-profile
tls_versions: "1.0 1.1"
diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/hosts.ini b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/hosts.ini
index a3a7e23f8d1..4616a6ef155 100644
--- a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/hosts.ini
+++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/hosts.ini
@@ -62,6 +62,7 @@ mcs-client
loopbacks-interfaces
mac-address-table
maintenance
+management-accounts
management-api-http
management-cvx
management-api-models
diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/input-variables.md b/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/input-variables.md
index 79091bbaf51..29861a657fa 100644
--- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/input-variables.md
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/input-variables.md
@@ -447,6 +447,12 @@ roles/eos_cli_config_gen/docs/tables/ip-name-servers.md
roles/eos_cli_config_gen/docs/tables/ip-ssh-client-source-interfaces.md
--8<--
+### Management accounts
+
+--8<--
+roles/eos_cli_config_gen/docs/tables/management-accounts.md
+--8<--
+
### Management API HTTP
--8<--
diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/management-accounts.md b/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/management-accounts.md
new file mode 100644
index 00000000000..3fe0b1eeebc
--- /dev/null
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/management-accounts.md
@@ -0,0 +1,15 @@
+=== "Table"
+
+ | Variable | Type | Required | Default | Value Restrictions | Description |
+ | -------- | ---- | -------- | ------- | ------------------ | ----------- |
+ | [management_accounts](## "management_accounts") | Dictionary | | | | |
+ | [ password](## "management_accounts.password") | Dictionary | | | | |
+ | [ policy](## "management_accounts.password.policy") | String | | | | |
+
+=== "YAML"
+
+ ```yaml
+ management_accounts:
+ password:
+ policy:
+ ```
diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/management-security.md b/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/management-security.md
index e7561aa51d2..4894671ac3d 100644
--- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/management-security.md
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/management-security.md
@@ -8,6 +8,17 @@
| [ minimum_length](## "management_security.password.minimum_length") | Integer | | | Min: 1
Max: 32 | |
| [ encryption_key_common](## "management_security.password.encryption_key_common") | Boolean | | | | |
| [ encryption_reversible](## "management_security.password.encryption_reversible") | String | | | | |
+ | [ policies](## "management_security.password.policies") | List, items: Dictionary | | | | |
+ | [ - name](## "management_security.password.policies.[].name") | String | Required, Unique | | | |
+ | [ minimum](## "management_security.password.policies.[].minimum") | Dictionary | | | | |
+ | [ digits](## "management_security.password.policies.[].minimum.digits") | Integer | | | Min: 1
Max: 65535 | |
+ | [ length](## "management_security.password.policies.[].minimum.length") | Integer | | | Min: 1
Max: 65535 | |
+ | [ lower](## "management_security.password.policies.[].minimum.lower") | Integer | | | Min: 1
Max: 65535 | |
+ | [ special](## "management_security.password.policies.[].minimum.special") | Integer | | | Min: 1
Max: 65535 | |
+ | [ upper](## "management_security.password.policies.[].minimum.upper") | Integer | | | Min: 1
Max: 65535 | |
+ | [ maximum](## "management_security.password.policies.[].maximum") | Dictionary | | | | |
+ | [ repetitive](## "management_security.password.policies.[].maximum.repetitive") | Integer | | | Min: 1
Max: 65535 | |
+ | [ sequential](## "management_security.password.policies.[].maximum.sequential") | Integer | | | Min: 1
Max: 65535 | |
| [ ssl_profiles](## "management_security.ssl_profiles") | List, items: Dictionary | | | | |
| [ - name](## "management_security.ssl_profiles.[].name") | String | | | | |
| [ tls_versions](## "management_security.ssl_profiles.[].tls_versions") | String | | | | List of allowed TLS versions as string
Examples:
- "1.0"
- "1.0 1.1"
|
@@ -39,6 +50,17 @@
minimum_length:
encryption_key_common:
encryption_reversible:
+ policies:
+ - name:
+ minimum:
+ digits:
+ length:
+ lower:
+ special:
+ upper:
+ maximum:
+ repetitive:
+ sequential:
ssl_profiles:
- name:
tls_versions:
diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.jsonschema.json b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.jsonschema.json
index 76d26061290..7efbc9d4fc5 100644
--- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.jsonschema.json
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.jsonschema.json
@@ -6900,6 +6900,30 @@
"^_.+$": {}
}
},
+ "management_accounts": {
+ "type": "object",
+ "properties": {
+ "password": {
+ "type": "object",
+ "properties": {
+ "policy": {
+ "type": "string",
+ "title": "Policy"
+ }
+ },
+ "additionalProperties": false,
+ "patternProperties": {
+ "^_.+$": {}
+ },
+ "title": "Password"
+ }
+ },
+ "additionalProperties": false,
+ "patternProperties": {
+ "^_.+$": {}
+ },
+ "title": "Management Accounts"
+ },
"management_api_gnmi": {
"type": "object",
"properties": {
@@ -7430,6 +7454,88 @@
"encryption_reversible": {
"type": "string",
"title": "Encryption Reversible"
+ },
+ "policies": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "properties": {
+ "name": {
+ "type": "string",
+ "title": "Name"
+ },
+ "minimum": {
+ "type": "object",
+ "properties": {
+ "digits": {
+ "type": "integer",
+ "minimum": 1,
+ "maximum": 65535,
+ "title": "Digits"
+ },
+ "length": {
+ "type": "integer",
+ "minimum": 1,
+ "maximum": 65535,
+ "title": "Length"
+ },
+ "lower": {
+ "type": "integer",
+ "minimum": 1,
+ "maximum": 65535,
+ "title": "Lower"
+ },
+ "special": {
+ "type": "integer",
+ "minimum": 1,
+ "maximum": 65535,
+ "title": "Special"
+ },
+ "upper": {
+ "type": "integer",
+ "minimum": 1,
+ "maximum": 65535,
+ "title": "Upper"
+ }
+ },
+ "additionalProperties": false,
+ "patternProperties": {
+ "^_.+$": {}
+ },
+ "title": "Minimum"
+ },
+ "maximum": {
+ "type": "object",
+ "properties": {
+ "repetitive": {
+ "type": "integer",
+ "minimum": 1,
+ "maximum": 65535,
+ "title": "Repetitive"
+ },
+ "sequential": {
+ "type": "integer",
+ "minimum": 1,
+ "maximum": 65535,
+ "title": "Sequential"
+ }
+ },
+ "additionalProperties": false,
+ "patternProperties": {
+ "^_.+$": {}
+ },
+ "title": "Maximum"
+ }
+ },
+ "additionalProperties": false,
+ "patternProperties": {
+ "^_.+$": {}
+ },
+ "required": [
+ "name"
+ ]
+ },
+ "title": "Policies"
}
},
"additionalProperties": false,
diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.schema.yml b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.schema.yml
index 4038e198c8c..f0151fb0030 100644
--- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.schema.yml
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.schema.yml
@@ -4276,6 +4276,14 @@ keys:
items:
type: str
description: Name of Interface Group
+ management_accounts:
+ type: dict
+ keys:
+ password:
+ type: dict
+ keys:
+ policy:
+ type: str
management_api_gnmi:
type: dict
keys:
@@ -4593,6 +4601,62 @@ keys:
type: bool
encryption_reversible:
type: str
+ policies:
+ type: list
+ primary_key: name
+ items:
+ type: dict
+ keys:
+ name:
+ type: str
+ minimum:
+ type: dict
+ keys:
+ digits:
+ type: int
+ min: 1
+ max: 65535
+ convert_types:
+ - str
+ length:
+ type: int
+ min: 1
+ max: 65535
+ convert_types:
+ - str
+ lower:
+ type: int
+ min: 1
+ max: 65535
+ convert_types:
+ - str
+ special:
+ type: int
+ min: 1
+ max: 65535
+ convert_types:
+ - str
+ upper:
+ type: int
+ min: 1
+ max: 65535
+ convert_types:
+ - str
+ maximum:
+ type: dict
+ keys:
+ repetitive:
+ type: int
+ min: 1
+ max: 65535
+ convert_types:
+ - str
+ sequential:
+ type: int
+ min: 1
+ max: 65535
+ convert_types:
+ - str
ssl_profiles:
type: list
items:
diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/schema_fragments/management_accounts.schema.yml b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/schema_fragments/management_accounts.schema.yml
new file mode 100644
index 00000000000..8392168494a
--- /dev/null
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/schema_fragments/management_accounts.schema.yml
@@ -0,0 +1,13 @@
+# yaml-language-server: $schema=../../../../plugins/plugin_utils/schema/avd_meta_schema.json
+# Line above is used by RedHat's YAML Schema vscode extension
+# Use Ctrl + Space to get suggestions for every field. Autocomplete will pop up after typing 2 letters.
+type: dict
+keys:
+ management_accounts:
+ type: dict
+ keys:
+ password:
+ type: dict
+ keys:
+ policy:
+ type: str
diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/schema_fragments/management_security.schema.yml b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/schema_fragments/management_security.schema.yml
index ef165068586..9939e954b64 100644
--- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/schema_fragments/management_security.schema.yml
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/schema_fragments/management_security.schema.yml
@@ -21,6 +21,62 @@ keys:
type: bool
encryption_reversible:
type: str
+ policies:
+ type: list
+ primary_key: name
+ items:
+ type: dict
+ keys:
+ name:
+ type: str
+ minimum:
+ type: dict
+ keys:
+ digits:
+ type: int
+ min: 1
+ max: 65535
+ convert_types:
+ - str
+ length:
+ type: int
+ min: 1
+ max: 65535
+ convert_types:
+ - str
+ lower:
+ type: int
+ min: 1
+ max: 65535
+ convert_types:
+ - str
+ special:
+ type: int
+ min: 1
+ max: 65535
+ convert_types:
+ - str
+ upper:
+ type: int
+ min: 1
+ max: 65535
+ convert_types:
+ - str
+ maximum:
+ type: dict
+ keys:
+ repetitive:
+ type: int
+ min: 1
+ max: 65535
+ convert_types:
+ - str
+ sequential:
+ type: int
+ min: 1
+ max: 65535
+ convert_types:
+ - str
ssl_profiles:
type: list
items:
diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/documentation/management-accounts.j2 b/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/documentation/management-accounts.j2
new file mode 100644
index 00000000000..085fe3f3897
--- /dev/null
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/documentation/management-accounts.j2
@@ -0,0 +1,19 @@
+{# doc - management accounts #}
+{% if management_accounts is arista.avd.defined %}
+
+### Management Accounts
+
+#### Password Policy
+
+{% if management_accounts.password.policy is arista.avd.defined %}
+The password policy set for management accounts is: {{ management_accounts.password.policy }}
+{% else %}
+No specific password policy is set for management accounts.
+{% endif %}
+
+#### Management Accounts Device Configuration
+
+```eos
+{% include 'eos/management-accounts.j2' %}
+```
+{% endif %}
diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/documentation/management-security.j2 b/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/documentation/management-security.j2
index d8f471f2367..e88abfb85ab 100644
--- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/documentation/management-security.j2
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/documentation/management-security.j2
@@ -94,6 +94,22 @@
{% endif %}
{% endfor %}
{% endif %}
+{% if management_security.password.policies is arista.avd.defined %}
+
+### Password Policies
+| Policy Name | Digits | Length | Lowercase letters | Special characters | Uppercase letters | Repetitive characters | Sequential characters |
+|-------------|--------|--------|-------------------|--------------------|-------------------|-----------------------|----------------------|
+{% for policy in management_security.password.policies | arista.avd.natural_sort('name') %}
+{% set min_digits = policy.minimum.digits if policy.minimum.digits is arista.avd.defined else 'N/A' %}
+{% set min_length = policy.minimum.length if policy.minimum.length is arista.avd.defined else 'N/A' %}
+{% set min_lower = policy.minimum.lower if policy.minimum.lower is arista.avd.defined else 'N/A' %}
+{% set min_special = policy.minimum.special if policy.minimum.special is arista.avd.defined else 'N/A' %}
+{% set min_upper = policy.minimum.upper if policy.minimum.upper is arista.avd.defined else 'N/A' %}
+{% set max_repetitive = policy.maximum.repetitive if policy.maximum.repetitive is arista.avd.defined else 'N/A' %}
+{% set max_sequential = policy.maximum.sequential if policy.maximum.sequential is arista.avd.defined else 'N/A' %}
+| {{ policy.name }} | > {{ min_digits }} | > {{ min_length }} | > {{ min_lower }} | > {{ min_special }} | > {{ min_upper }} | < {{ max_repetitive }} | < {{ max_sequential }} |
+{% endfor %}
+{% endif %}
### Management Security Configuration
diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/documentation/management.j2 b/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/documentation/management.j2
index 5c6c2655e34..3be1b2cbd70 100644
--- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/documentation/management.j2
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/documentation/management.j2
@@ -12,6 +12,7 @@
or management_ssh is arista.avd.defined
or management_tech_support is arista.avd.defined
or ip_ssh_client_source_interfaces is arista.avd.defined
+ or management_accounts is arista.avd.defined
or management_api_gnmi is arista.avd.defined
or management_cvx is arista.avd.defined
or management_console is arista.avd.defined
@@ -44,6 +45,8 @@
{% include 'documentation/management-tech-support.j2' %}
{## IP SSH Client Source Interfaces #}
{% include 'documentation/ip-ssh-client-source-interfaces.j2' %}
+{## Management Accounts #}
+{% include 'documentation/management-accounts.j2' %}
{## Management API gNMI #}
{% include 'documentation/management-api-gnmi.j2' %}
{## Management CVX #}
diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos-intended-config.j2 b/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos-intended-config.j2
index 88d4409c4ee..0a8367eef9b 100644
--- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos-intended-config.j2
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos-intended-config.j2
@@ -272,6 +272,8 @@
{% include 'eos/ip-http-client-source-interfaces.j2' %}
{# ip ssh client source interfaces #}
{% include 'eos/ip-ssh-client-source-interfaces.j2' %}
+{# management accounts #}
+{% include 'eos/management-accounts.j2' %}
{# management api http #}
{% include 'eos/management-api-http.j2' %}
{# management console #}
diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/management-accounts.j2 b/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/management-accounts.j2
new file mode 100644
index 00000000000..46fbb6e0526
--- /dev/null
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/management-accounts.j2
@@ -0,0 +1,8 @@
+{# eos - management accounts #}
+{% if management_accounts is arista.avd.defined %}
+!
+management accounts
+{% if management_accounts.password.policy is arista.avd.defined %}
+ password policy {{ management_accounts.password.policy }}
+{% endif %}
+{% endif %}
diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/management-security.j2 b/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/management-security.j2
index d54ec1771c8..80c3cab62b4 100644
--- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/management-security.j2
+++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/management-security.j2
@@ -14,6 +14,36 @@ management security
{% if management_security.password.minimum_length is arista.avd.defined %}
password minimum length {{ management_security.password.minimum_length }}
{% endif %}
+{% if management_security.password.policies is arista.avd.defined %}
+{% for policy in management_security.password.policies %}
+ password policy {{ policy.name }}
+{% if policy.minimum is arista.avd.defined %}
+{% if policy.minimum.digits is arista.avd.defined %}
+ minimum digits {{ policy.minimum.digits }}
+{% endif %}
+{% if policy.minimum.length is arista.avd.defined %}
+ minimum length {{ policy.minimum.length }}
+{% endif %}
+{% if policy.minimum.lower is arista.avd.defined %}
+ minimum lower {{ policy.minimum.lower }}
+{% endif %}
+{% if policy.minimum.special is arista.avd.defined %}
+ minimum special {{ policy.minimum.special }}
+{% endif %}
+{% if policy.minimum.upper is arista.avd.defined %}
+ minimum upper {{ policy.minimum.upper }}
+{% endif %}
+{% endif %}
+{% if policy.maximum is arista.avd.defined %}
+{% if policy.maximum.repetitive is arista.avd.defined %}
+ maximum repetitive {{ policy.maximum.repetitive }}
+{% endif %}
+{% if policy.maximum.sequential is arista.avd.defined %}
+ maximum sequential {{ policy.maximum.sequential }}
+{% endif %}
+{% endif %}
+{% endfor %}
+{% endif %}
{% for ssl_profile in management_security.ssl_profiles | arista.avd.natural_sort %}
ssl profile {{ ssl_profile.name }}
{% if ssl_profile.tls_versions is arista.avd.defined %}