Error password limit function not effective experience case
- 0 Followed
- 0Collected ,159Browsed
Problem Description
Enable the password error restriction function globally, set the detection cycle for station (STA) password error restriction to 300 seconds, and the detection threshold to 3 times.
wlan password-failure-limit enable detection-period 300 failure-threshold 3
Abnormal phenomenon: After the customer tested entering an incorrect password more than 3 times consecutively, the terminal was not added to the dynamic denylist.
Process Analysis
1. View the service template configuration as follows:
wlan service-template xxx-office
ssid xxx
vlan 70
client forwarding-location ap vlan 70
client forwarding-location ap vlan 80
client forwarding-location ap vlan 90
user-isolation enable
akm mode psk
preshared-key pass-phrase cipher $c$3$jy7Wqz54xxxxx
cipher-suite ccmp
security-ie rsn
wpa3 personal mandatory
pmf mandatory
bss transition-management enable
access-control acl 4000
service-template enable
2. Disable the WPA3 security mode in the service template and test again. This function takes effect, meaning that when the number of password verification fails reaches the specified upper limit within the designated detection cycle, the client will be immediately added to the dynamic denylist.
Solution
Usage restriction: WPA3 and WAPI security modes currently do not support the password error limitation function.