Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Configuring WLC with 802.1x and a Windows AD


i have a WLC5508 and some 3602 Access Points. We plan to implement a 802.1x authentication method for our main wlan.
For this scenario i configured the WLC as a AAA client on our Access Control Server which is checking the credentials in the companys Active Directory (a seperate group with all users that are allowed to use the wlan function).
The security policy forces all users to change their AD password periodically and to lock a users account after five failed login attempts (the counter of this is set to 0 after every successful login).

I'm not sure how to deal with these restrictions while configuring the 802.1x authentication. What will happen if a user is changing his AD password with his notebook but forgets to change it in the wlan profile on his smartphone?
If he forgets to change the credentials on his phone and walks five times past the wlan range, will his account be locked? And if so, is there a possibility to prevent this, maybe on the ACS?

Any help would be appreciated
Thanks in advance!

VIP Purple

Configuring WLC with 802.1x and a Windows AD

New Member

Configuring WLC with 802.1x and a Windows AD

At first, thank you for your help

If I understand aright, my mentioned problem is solved with a seperate Group Policy for the wireless users, where I can set an extra counter for the authentication failures?!

Haven't thought about this way to solve the problem. I will check if this is an option for our company.

Other hints are still appreciated!

CreatePlease to create content