Cisco Wireless LAN Controller Configuration Guide, Release 7.4
Configuring Password Policies
Downloads: This chapterpdf (PDF - 1.17MB) The complete bookPDF (PDF - 18.89MB) | Feedback

Configuring Password Policies

Information About Password Policies

The password policies allows you to enforce strong password checks on newly created passwords for additional management users of controller and access point. The following are the requirements enforced on the new password:

  • When the controller is upgraded from old version, all the old passwords are maintained as it is, even though the passwords are weak. After the system upgrade, if strong password checks are enabled, the same is enforced from that time and the strength of previously added passwords will not be checked or altered.
  • Depending on the settings done in the Password Policy page, the local management and access point user configuration is affected.

Configuring Password Policies (GUI)


    Step 1   Choose Security > AAA > Password Policies to open the Password Policies page.
    Step 2   Select the Password must contain characters from at least 3 different classes check box if you want your password to contain characters from at least three of the following classes: lower case letters, upper case letters, digits, and special characters.
    Step 3   Select the No character can be repeated more than 3 times consecutively check box if you do not want character in the new password to repeat more than three times consecutively.
    Step 4   Select the Password cannot be the default words like cisco, admin check box if you do not want the password to contain words such as Cisco, ocsic, admin, nimda, or any variant obtained by changing the capitalization of letters or by substituting 1, |, or! or substituting 0 for o or substituting $ for s.
    Step 5   Select the Password cannot contain username or reverse of username check box if you do not want the password to contain a username or the reverse letters of a username.
    Step 6   Click Apply to commit your changes.
    Step 7   Click Save Configuration to save your changes.

    Configuring Password Policies (CLI)

    • Enable or disable strong password check for AP and WLC by entering this command:

      config switchconfig strong-pwd { case-check | consecutive-check | default-check | username-check | all-checks} { enable | disable}

      where
      • case-check—Checks the occurrence of same character thrice consecutively
      • consecutive-check—Checks the default values or its variants are being used.
      • default-check—Checks either username or its reverse is being used.
      • all-checks—Enables/disables all the strong password checks.

    • See the configured options for strong password check by entering this command:

      show switchconfig

      Information similar to the following appears:

      
                
              
      802.3x Flow Control Mode......................... Disabled
      FIPS prerequisite features....................... Disabled
      secret obfuscation............................... Enabled
      Strong Password Check Features:
      
               case-check ...........Enabled
               consecutive-check ....Enabled
               default-check .......Enabled
               username-check ......Enabled