The password policies allows you to enforce strong password checks on newly created passwords for additional management users of controller and access point. The following are the requirements enforced on the new password:
When the controller is upgraded from old version, all the old passwords are maintained as it is, even though the passwords are weak. After the system upgrade, if strong password checks are enabled, the same is enforced from that time and the strength of previously added passwords will not be checked or altered.
Depending on the settings done in the Password Policy page, the local management and access point user configuration is affected.
Restrictions on Password Policies
Strong password requirement based on WLAN-CC requirement is applicable only to WLAN admin login passwords and is not applicable to AP Management passwords.
Strong password - lockout feature is not applied if you try to access the Cisco WLC through a serial connection or a terminal server connection and it has unlimited attempts.
Configuring Password Policies (GUI)
Choose Security > AAA > Password Policies to open the Password Policies page.
Select the Password must contain characters from at least 3 different classes check box if you want your password to contain characters from at least three of the following classes: lower case letters, upper case letters, digits, and special characters.
Select the No character can be repeated more than 3 times consecutively check box if you do not want character in the new password to repeat more than three times consecutively.
Select the Password cannot be the default words like cisco, admin check box if you do not want the password to contain words such as Cisco, ocsic, admin, nimda, or any variant obtained by changing the capitalization of letters or by substituting 1, |, or! or substituting 0 for o or substituting $ for s.
Select the Password cannot contain username or reverse of username check box if you do not want the password to contain a username or the reverse letters of a username.
Click Apply to commit your changes.
Click Save Configuration to save your changes.
Configuring Password Policies (CLI)
Enable or disable strong
password check for AP and WLC by entering this command: