Client exclusion - Maximum 802.1 x-AAA failure attempts

RDavidov · ‎02-05-2024

Hello

Is it possible to change Maximum 802.1 x-AAA failure attempts values on WLC 9800 series?

The documentation only contains a description of this function, but does not indicate how to change this values

Excessive 802.1X Authentication Failures—Clients are excluded on the fourth 802.1X authentication attempt, after three consecutive failures.

For example by default Excessive 802.1X Authentication Failures is 3, can i change it to 5 or more ?

marce1000 · ‎02-05-2024

- Using some kind of 'brute force attack' on the issue with :
# show running-config all | inc aaa
I notice :
>....
>aaa authentication attempts login 3
>...

Change accordingly (with CLI in the running-config) , check if that works as intended

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

RDavidov · ‎02-07-2024

thanks, I'll try this option

pieterh · ‎02-06-2024

AFAIK client exclusion is handled at the authentication server
if this is Active Directory -> check there

MHM Cisco World · ‎02-07-2024

The wlc exclusive list have it policy and this policy have defualt set for times authc failed are this what you ask for?

MHM

RDavidov · ‎02-07-2024

Yes. Is it possible to change the values in this policy so that the client gets on the exclusive list, for example, after 5 attempts ?

Client exclusion - Maximum 802.1 x-AAA failure attempts

IOS-XE 16.x AAA関連 debug 取得方法

Secure Endpoint: 除外(Exclusion)の設定方法について

ACS 5.x: File / Bulk Operations on AAA Clients

Client Exclusion が無効にも関わらず、認証を複数回失敗した場合などにクライアントが Exclusion List に入ってしまう問題

WLC TPCのMinimum/Maximum Power Levelの設定方法