2504 WLC Question - Lobby Ambassador Available?

I was wondering if the 2504 has the lobby ambassador feature available. Customer requires temp username/passwords for guests managed through web gui. I couldn't find conclusive documentation it was included so I figured I'd check here before calling Cisco.
Thanks in advance!
- Mike

There should be the ability to configure that yes.  Go into the Management and add a user.  In the drop down for the role, there should be Lobby Ambasador/Admin listed there.
Steve

Similar Messages

  • One Lobby Ambassador on multiple WLCs

    Hello,
    I have wireless network with 2 WLCs and I configured a guest access WLAN with web autentication.
    I would like to use a LOCAL authentications with lobby ambassador for guest users.
    Is there a way to create a user only once in one WLC?
    At the moment I have to connect to each wlc with lobby ambassador privilege and create the same user/pwd on each.
    Thanks
    Johnny

    Hi Johnny,
    I reckon you only have to create the guest user on the Anchor Controller (that's assuming you have your wireless infrastructure configured that way) as that is the WLC that is doing the authentication.
    Hope this helps
    Scott

  • Logging the Lobby Ambassador Activities on WLC

    Dear all,
    we interested in "Logging the Lobby Ambassador Activities on WLC",
    we found resusurces that explain hot to do this using WCS, but we want to konw if it's
    possible without WCS.
    More in general, we give the possibilities to oue employee to create guest account, using
    the Radius to autenticate as Lobby Admin.
    We are intereset to identify who creates the particular guest account, in case of
    incident investigation.
    Thanks, for any suggestion on regard.
    bye

    This is not possible with just the WLC. You would want to look at ISE or NAC Guest Server.

  • Please help me to configure 2504 WLC as secondary in N+1 HA mode. My primary WLC is 5508 and both have 50 AP license.

    Please help me to configure 2504 WLC as secondary in N+1 HA mode. My primary WLC is 5508 and both have 50 AP license. I want to deploy the AP in the same location.

    Go HERE:  https://supportforums.cisco.com/discussion/12219106/high-availibility-2500

  • 2504 WLC on edge network for guest wifi

    I have a 2504 WLC with a 1042 AP and I have it placed on my edge Cisco 3750 switch.
    I have the management interface of the WLC set on my WAN IP 71.x.x.x subnet range, and I have the WLC doing DHCP duties with a DHCP scope of 192.168.X.0. I have my DNS servers set on external DNS servers out on the Internet.
    I have two Cisco 3845 Routers on my edge network - one for each ISP with BGP protocol.
    Since my native VLAN is 71.x.x.x, I added a sub interface on my main core router and gave it a 192.168.x.1 255.255.255.0 address for the gateway. Also, I added ip prefix-list iBGP seq 10 permit 192.168.x.0/24 le 32 to my main core router. On my secondary ISP router I added
    ip prefix-list iBGP seq 10 permit 192.168.X.0/24 le 32, and ip prefix-list OUT seq 10 permit 192.168.x.0/24 statements.
    I added VLAN 10 to my edge switch and gave it IP 192.168.x.2 255.255.255.0, and the switchports that my core router and my WLC are connected to the edge switch, are in trunk mode with encapsulation dot1q 10. The switchport on my edge switch that the AP is connected to is in switchport access mode.
    I can connect to the wifi with a 192.168.x.x IP address on my laptop, but I cannot get any Internet access.
    Is it possible to have the DHCP scope be in a different subnet than my WAN IP subnet, and allow guests to get to the external Internet only? Do I need to put the WLC somewhere internal on my network i.e. the DMZ and then tunnel the traffic out to the Internet with no Internal network access?
    Thanks for any help you can provide.

    right, and how does a 'normal/current' user access the internet?  Somwhere going to your ISP there should be some sort of NAT statement when you send interwebs traffic.
    if your ISP is taking care of all of that for you, you probably need to let them know you added the subnet so they can do the NAT.
    HTH,
    Steve
    Please remember to rate useful posts, and mark questions as answered

  • Configuring 2504 WLC for LanSchool/AppleTV

    Good Day to All,
    Recently my small elementary schools have upgraded to Cisco Air-Cap2600 series AP's and a 2504 WLC. Very much a sweet step up from 10 year old Apple Airport Extremes.
    My question is what would be the best pratice to enable Multicast via the GUI for the needs of those platforms and any other future P2P services?
    Thanks in advance from a newbie,
    GEP

    What is the WLC software version running on your 2504 ?
    If it is 7.4.x follow the below reference guide
    http://www.cisco.com/en/US/docs/wireless/technology/bonjour/Bonjour_Deployment.html
    If it is 7.5.x following config guide should help
    http://www.cisco.com/en/US/docs/wireless/controller/7.5/config_guide/b_cg75_chapter_01011.html
    HTH
    Rasika

  • Lobby Ambassador - Selecting Profile

    We have a WCS version 5.2.130 and WLC version 4.2.130.0
    Not very familiar with it. The issue here is although the WLC is reachable from WCS, I can't seems to select a profile when we want to create guest users from lobby ambassador. The WLC has been configured with 2 wlans - wlanguest and wlan01 but I can't select this profile to assign the user to.
    Hope someone can shed some light.

    For guest users and lobby admins, the WLAN profiles that can be selected from the WLC are only those that are using WEB-AUTH as security policy.
    Make sure the WLAN profile for guest user is using web-auth on your WLC, that will address your issue.

  • Lobby ambassador can't see controller

    have added a new WLC to the WCS which has the same setup like others
    But when the lobby ambassador wants to add a guest user - he can't find this controller in the choice box
    what is missing?

    Please check if tha tWLC has the GUEST WLAN configured?? if not it will not come is wat i beleive.. on top of that..
    http://www.cisco.com/en/US/partner/docs/wireless/wcs/release/notes/WCS_RN7_0_220.html#wp68364
    7.0.172 WCS does not support 7.0.220 WLC..
    Regards
    Surendra

  • Wireless Lobby Ambassador account errantly displays NCS home page

    Hi all,
    I'm running a supported NCS 1.0 virtual appliance installation which functions fine for most folks, but Lobby Ambassadors with Windows 7 and IE8 or IE9 end up seeing an odd version of the NCS home page with all the graphs, etc, rather than the normal very restrictive list of guest users.  Viewed with the same credentials with XP and IE7 or IE8, it's fine!  Does not matter whether or not Chrome Frame gets installed.  It's not as though the credentials are truly elevated, since the entire command bar is devoid of commands....it just doesn't show the list of guest users.
    Anyone else?
    Gary

    Noticed there is released a patch for 1.1.1 on the 14th of June, but havent been able to find any release notes for the patch.
    Tried to install it my self, it fails every time with "% Manifest file not found in the bundle"
    Getting the same error no matter if I use the main command /patch install or /application update
    application update ncs1_1_update_file.ubf FTPRepository
    patch install ncs1_1_update_file.ubf FTPRepository
    * Edit : the patch in question is only for the WAN release, which doesnt include wireless management, so I guess we are waiting for a seperate patch for the general packadge

  • Encryption options on a Lobby Ambassador implementation

    Hi all,
    I'm in the middle of configuring a guest wireless network using the lobby ambassador feature. I have things up and running using Open Encryption at L2 and WebAuth at L3 - The Controller doesn't like any L2 security that I try to add and I'm uneasy at just using WebAuth, has anyone implemented something similar? Were you able to add any kind of encryption?
    Thanks,
    Denis

    By it's very nature, the WebAuth feature will not allow any encryption. This is a feature very much like a hot-spot that you'd see in a coffee shop. In order to allow any user to access the authentication splash page, the WLAN has to be completely open.
    If security is required, then it really has to come from higher layers of the stack (ie, IPSEC, HTTPS, SSH, etc).
    So to answer your question, yes I have implemented a number of Web Auth WLANs, and no, it is absolutely not possible to implement any kind of encryption on the WLAN.
    Hope this helps!
    Richard.

  • Customize Lobby Ambassador View

    Hi all,
    I have a problem with the following situation:
    - Cisco Prime Infrastructure 2.0 (2.0.0.0.294)
    - Cisco ACS 5.4 (5.4.0.46.0a)
    - 2x Cisco WLAN Controller 5508 in SSO mode
    - x APs 2600 Series
    All devices are configured properly, I can see the WLC on Prime, etc.
    Prime and WLC are added to ACS for TACACS+ Authentication.
    Admin users are able to login to Prime with full feature set (root permission).
    Lobby Ambassadors can also login to Prime for Guest User creation.
    Therefore I have created two Shell Profiles on ACS.
    Now I want to create WLAN Guest User with Lobby Ambassador Account (TACACS-authenticated!).
    I want to customize the Default Guest User Creation page with a company logo and some default settings (WLAN Profile, Apply to Controller List, set "generate password" to fixed, etc.) to fixed values.
    Only thing what Lobby Ambassador can change should be setting the password period (with hours or using calender), guest user name and description.
    If I configure a local user on Prime, I can customize the page.
    However if I use TACACS user, I am not able to use the customized page.
    Can anybody help me with this issue?
    THANKS a lot!!!!
    edit: problem solved by workaround...
    https://supportforums.cisco.com/thread/2201703
    BR, Stefan

    You will not be able to unless you build a back-end that does it and sends the commands to the WLC. Other than that, you can't customize the lobby ambassador page.
    Sent from Cisco Technical Support iPhone App

  • Lobby Ambassador Managment of Users that have expired.

    Hi there all :)
    When you set users up on LA and you set a user to a "controller list", the entry on the listing always shows the account as active from the front menu even if the time has expired.
    You then go into the account and you can see the date has expired, and if you test the account, yes, you cant login.
    Is this a bug?
    I am running WCS version 4.2.62.11.
    Also, I would like a function on LA to allow me to delete all expired users in one go. Is this possible?
    As the above indicates that the users is not expired but active, at the moment, you have to go into every account, check the expiry date and then delete the account one by one.
    Painful?
    Many thx indeed,
    Ken

    Hey Ken,
    Is it time for a beer yet??
    In answer to your first question, I think you are seeing this bug;
    CSCsk17497 Bug Details
    D3WCS:lobby ambassador-guest user account expiry not shown clearly
    Symptom:
    After successful scheduling the Guest account, the detail page for the created account doesn't show the expiry time details.
    Conditions:
    This condition arrives only when the browsed account is the scheduled account.
    Workaround:
    The detail page has the 'start' and 'end' time selection, which can be used for the expiry detail.
    Further Problem Description:
    Status
    Fixed
    Severity
    3 - moderate
    Last Modified
    Any Time
    Product
    Cisco Wireless Control System
    Technology
    1st Found-In
    4.2(47.0)
    Fixed-In
    5.0(28.0)
    Hope this helps bud!
    Rob

  • Can't setup a Lobby Ambassador account??

    I've just installed a new WLC4402 (50AP) and am trying to set up guest WLAN access.
    So far I have a seperate VLAN and WLAN configured and have secured the VLAN to allow only access to the internet after web-auth.
    I go to the 'Management> Local Management Users> New Page'
    But the only types of account available are 'Read/Write' and 'Read Only', Should the 'lobby Ambassador' be listed here, or am I missing something?
    All the best to all the Forum users for the season.
    Dan

    Hi Dan,
    It should be there if you are running 4.0+ software. If you are running 4.0+ then you could try adding the user via CLI to see if it's an option:
    config mgmtuser lobby-admin
    If you are running 3.2 or earlier, then that's the problem.
    -Ben

  • Restricted Lobby Ambassador

    Hi,
    Does anyone know if there is a way to limit a lobby admin user (on WLC or PI) to a specific AP group or WLAN?
    I would like to have o lobby admin who can add guest users just for specific WLANs configured on the WLC.
    I know that the lobby admin can map just one WLAN (vs. Any WLAN) to a guest user when creating his account, but I want to restrict the WLANs that the lobby admin can choose from.
    Thank you,
    Sebastian

    I found that it is possible from PI.
    You can select one SSID under lobby ambassador defaults TAB from Profiles drop down.
    Thank you,
    Sebastian

  • Apple Devices on 2504 WLC with 5 APs

    Hi All,
    I have just setup 5 APs (1042) with a 2504 WLC, I have connected these devices in my home lab and will be deploying this later in a live environment. The WLC/APs will reside on the 192.168.210.x/24 subnet with the controller being on x.x.210.5 and the gateway (including the DHCP Server) being on x.x.210.1/24.
    Here is my issue, I have configured my WLAN to use WPA+WPA2 with AES & TKIP using a Preshared Key but I am finding associating to the wireless network very slow on my Windows PC and, even worse, now connection from my iPad (I should mention the Windows PC is stable once connected). 
    I can see both devices seen by the APs when I look at the client list:
    MAC Address       AP Name           Status        WLAN/RLAN      Auth Protocol         Port Wired PMIPV6 Role
    08:ed:b9:48:19:cd SD-2f.55          Associated    1              Yes  802.11n(5 GHz)   1    N/A   No     Local
    98:fe:94:7f:7c:1a GSD-39:49         Associated    1              Yes  802.11n(5 GHz)   1    N/A   No     Local
    The iPad (98:fe...) doesn't get an IP address
    (Cisco Controller) >*DHCP Socket Task: Jul 14 17:35:20.006: 98:fe:94:7f:7c:1a DHCP Forwarding DHCP packet (332 octets)                  -- packet received on direct-co
    ect port requires forwarding to external DHCP server. Next-hop is 192.168.210.1
    *DHCP Socket Task: Jul 14 17:36:04.184: 98:fe:94:7f:7c:1a DHCP received op BOOTREQUEST (1) (len 308,vlan 0, port 1, encap 0xec03)
    *DHCP Socket Task: Jul 14 17:36:04.184: 98:fe:94:7f:7c:1a DHCP selecting relay 1 - control block settings:
                            dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
                            dhcpGateway: 0.0.0.0, dhcpRelay: 192.168.210.5  VLAN: 0
    *DHCP Socket Task: Jul 14 17:36:04.184: 98:fe:94:7f:7c:1a DHCP selected relay 1 - 192.168.210.1 (local address 192.168.210.5, gateway 192.168.210.1, VLAN 0, port 1)
    *DHCP Socket Task: Jul 14 17:36:04.184: 98:fe:94:7f:7c:1a DHCP selecting relay 2 - control block settings:
                            dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
                            dhcpGateway: 0.0.0.0, dhcpRelay: 192.168.210.5  VLAN: 0
    *DHCP Socket Task: Jul 14 17:36:04.184: 98:fe:94:7f:7c:1a DHCP selected relay 2 - NONE
    *DHCP Socket Task: Jul 14 17:36:04.184: 98:fe:94:7f:7c:1a DHCP selecting relay 1 - control block settings:
                            dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
                            dhcpGateway: 0.0.0.0, dhcpRelay: 192.168.210.5  VLAN: 0
    *DHCP Socket Task: Jul 14 17:36:04.184: 98:fe:94:7f:7c:1a DHCP selected relay 1 - 192.168.210.1 (local address 192.168.210.5, gateway 192.168.210.1, VLAN 0, port 1)
    *DHCP Socket Task: Jul 14 17:36:04.184: 98:fe:94:7f:7c:1a DHCP transmitting DHCP DISCOVER (1)
    *DHCP Socket Task: Jul 14 17:36:04.184: 98:fe:94:7f:7c:1a DHCP   op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
    *DHCP Socket Task: Jul 14 17:36:04.184: 98:fe:94:7f:7c:1a DHCP   xid: 0x359ad7fb (899340283), secs: 25, flags: 0
    *DHCP Socket Task: Jul 14 17:36:04.184: 98:fe:94:7f:7c:1a DHCP   chaddr: 98:fe:94:7f:7c:1a
    *DHCP Socket Task: Jul 14 17:36:04.184: 98:fe:94:7f:7c:1a DHCP   ciaddr: 0.0.0.0,  yiaddr: 0.0.0.0
    *DHCP Socket Task: Jul 14 17:36:04.184: 98:fe:94:7f:7c:1a DHCP   siaddr: 0.0.0.0,  giaddr: 192.168.210.5
    *DHCP Socket Task: Jul 14 17:36:04.185: 98:fe:94:7f:7c:1a DHCP sending REQUEST to 192.168.210.1 (len 346, port 1, vlan 0)
    *DHCP Socket Task: Jul 14 17:36:04.185: 98:fe:94:7f:7c:1a DHCP selecting relay 2 - control block settings:
                            dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
                            dhcpGateway: 0.0.0.0, dhcpRelay: 192.168.210.5  VLAN: 0
    (Cisco Controller) >*DHCP Socket Task: Jul 14 17:36:04.185: 98:fe:94:7f:7c:1a DHCP selected relay 2 - NONE
    *DHCP Socket Task: Jul 14 17:36:28.457: 08:ed:b9:48:19:cd DHCP received op BOOTREQUEST (1) (len 308,vlan 0, port 1, encap 0xec03)
    I hope someone can guide me in the right direction as I wonder if my configuration is incorrect.  Thanks in advance.
    Additional Info:
    ---------------Show Interface ---------------
    Interface Configuration
    Interface Name................................... management
    MAC Address...................................... f0:29:29:89:1d:80
    IP Address....................................... 192.168.210.5
    IP Netmask....................................... 255.255.255.0
    IP Gateway....................................... 192.168.210.1
    External NAT IP State............................ Disabled
    External NAT IP Address.......................... 0.0.0.0
    VLAN............................................. untagged
    Quarantine-vlan.................................. 0
    Active Physical Port............................. 1
    Primary Physical Port............................ 1
    Backup Physical Port............................. Unconfigured
    DHCP Proxy Mode.................................. Global
    Primary DHCP Server.............................. 192.168.210.1
    Secondary DHCP Server............................ Unconfigured
    DHCP Option 82................................... Disabled
    ACL.............................................. Unconfigured
    mDNS Profile Name................................ Unconfigured
    AP Manager....................................... Yes
    Guest Interface.................................. No
    L2 Multicast..................................... Disabled
    Interface Name................................... virtual
    MAC Address...................................... f0:29:29:89:1d:80
    IP Address....................................... 1.1.1.1
    Virtual DNS Host Name............................ Disabled
    AP Manager....................................... No
    Guest Interface.................................. No
    ---------------Show port summary---------------
    Port Summary
               STP   Admin   Physical   Physical   Link   Link
    Pr  Type   Stat   Mode     Mode      Status   Status  Trap     POE
    1  Normal  Forw Enable  Auto       100 Full   Up     Enable  N/A
    2  Normal  Disa Enable  Auto       Auto       Down   Enable  N/A
    3  Normal  Disa Enable  Auto       Auto       Down   Enable  Enable  (Power Off)
    4  Normal  Disa Enable  Auto       Auto       Down   Enable  Disable

    Thanks,
    I am making sure that I do that , but still to no avail.  I am going to mess about with the 'Global', 'Enabled', 'Disabled' parameters (in the Controller - Interface -DHCP Information section) to see if that makes any difference. 

Maybe you are looking for

  • N96: photo upload via iphoto (Mac), please help!

    I created folders in iphoto, but when I opload them to my phone (N96), they are all in one folder ('All') and not in the folders I organized. Since it concerns many images, I find it too much work to do this once they are in my phone. Any way to orga

  • IOS for iPad 3.2.1

    What is so critical about this update? Why not wait until iOS for iPad 4.0 is released in 3 - 4 months?

  • Allow cell contents to cross page

    Is it possible to allow text in a cell to run over more than 1 page? I have a table with 2 columns and 16 rows, which MUST fit in to 3 A4 pages; unfortunately, it is currently 5 pages long, as all cells are kept on a single page.

  • SAP Business Connector Error

    Guys, Do you know what this error in SAP Business Connector means: Missing or Invalid Parameter:Sender Any help would be appreciated. Thanks, Sathya

  • Weblogic9.2 Opensso Access Manager 7.5

    Hi, I configured the Access Manager in weblogic9.2. I downloaded the Agent from Sun for weblogic 9.2. Then I deployed the sampleApplication that comes with the agent and configured users, role etc according to the Readme.txt. I am always getting Inva