Cisco Guest NAC access reports

We have just deployed the Cisco Wireless Guest NAC sponsor server. We are running version 2.0.2. I have created different sponsor user groups and one of the groups allows full access to reporting and audit logs. All of the reports seem to be working properly except for the "Access Reports." There are user accounts that have been created and users have successfully logged in; however, the report always shows "No data" no matter what date range I choose. I have attached a screenshot.
Additional information:
Our DMZ controller is a Radius client to the NAC. This Cisco controller is running version 6.0.196. I have checked the firewall for any denied traffic from the NAC server to the DMZ controller and the communication is open. We allow port 1812 between the controller and NAC.

FlexConnect with Split tunneling may work.
Read about this feature & see how that can be used in your branch setup. Here is the Ciscolive presentation slides the above came from.
BRKEWN-2016: Architecting Network for Branch Offices with Cisco Unified Wireless
HTH
Rasika
**** Pls rate all useful responses ****

Similar Messages

Cisco Guest Wireless Access Solution - Local Printing

Hi,
Does Cisco have a solution that provides printing for a guest WLAN. Cisco Guest wireless deployment solutions recommend terminating the guest WLAN on an anchor controller in the DMZ which causes issues when needed to print locally as the print traffic will need to traverse the DMZ anchor controller causing excessive WAN link usage.
Is there a better solution to enable a guest WLAN to print locally?

FlexConnect with Split tunneling may work.
Read about this feature & see how that can be used in your branch setup. Here is the Ciscolive presentation slides the above came from.
BRKEWN-2016: Architecting Network for Branch Offices with Cisco Unified Wireless
HTH
Rasika
**** Pls rate all useful responses ****

Access Reporting on NAC Guest (NGS) 2.0.4

I am trying to set up access reporting on a NAC Guest server, I have enabled access logging in the admin area and also allowed the Sponsor profile to view access reports. But when actually trying to have a look at these reports I am getting nothing.
The Install and Config guide is not very helpful on this so any pointers would be great.
Thanks

I am trying to set up access reporting on a NAC Guest server, I have enabled access logging in the admin area and also allowed the Sponsor profile to view access reports. But when actually trying to have a look at these reports I am getting nothing.
The Install and Config guide is not very helpful on this so any pointers would be great.
Thanks

My wireless internet was blocked by CISCO guest access

My internet service was from AT&T and now it was changed to Timer Warner. But one problem appears every 1 or 2 months. After I click SAFARI, the menu shows:
CISCO GUEST ACCESS
Enter the guest access password to access the internet. Ask the owner if you
don't know the password. The Guest access password can be found using CISCO
connection.
My internet has no relationship with CISCO at all, why it appears? Usually it will last for several days then it will disappear. During the several days, I cannot use this Mac to access internet!
Does anyone know how to solve the problem? Thanks a lot.

Check the Wi-Fi menu to make sure you're connected to your own network, not someone else's. If you are, see below.
1. This procedure is a diagnostic test. It changes nothing, for better or worse, and therefore will not, in itself, solve the problem. But with the aid of the test results, the solution may take a few minutes, instead of hours or days.
Don't be put off by the complexity of these instructions. The process is much less complicated than the description. You do harder tasks with the computer all the time.
2. If you don't already have a current backup, back up all data before doing anything else. The backup is necessary on general principle, not because of anything in the test procedure. Backup is always a must, and when you're having any kind of trouble with the computer, you may be at higher than usual risk of losing data, whether you follow these instructions or not.
There are ways to back up a computer that isn't fully functional. Ask if you need guidance.
3. Below are instructions to run a UNIX shell script, a type of program. As I wrote above, it changes nothing. It doesn't send or receive any data on the network. All it does is to generate a human-readable report on the state of the computer. That report goes nowhere unless you choose to share it. If you prefer, you can act on it yourself without disclosing the contents to me or anyone else.
You should be wondering whether you can believe me, and whether it's safe to run a program at the behest of a stranger. In general, no, it's not safe and I don't encourage it.
In this case, however, there are a couple of ways for you to decide whether the program is safe without having to trust me. First, you can read it. Unlike an application that you download and click to run, it's transparent, so anyone with the necessary skill can verify what it does.
You may not be able to understand the script yourself. But variations of it have been posted on this website thousands of times over a period of years. The site is hosted by Apple, which does not allow it to be used to distribute harmful software. Any one of the millions of registered users could have read the script and raised the alarm if it was harmful. Then I would not be here now and you would not be reading this message. See, for example, this discussion.
Nevertheless, if you can't satisfy yourself that these instructions are safe, don't follow them. Ask for other options.
4. Here's a summary of what you need to do, if you choose to proceed:
☞ Copy a line of text in this window to the Clipboard.
☞ Paste into the window of another application.
☞ Wait for the test to run. It usually takes a few minutes.
☞ Paste the results, which will have been copied automatically, back into a reply on this page.
The sequence is: copy, paste, wait, paste again. You don't need to copy a second time. Details follow.
5. Try to test under conditions that reproduce the problem, as far as possible. For example, if the computer is sometimes, but not always, slow, run the test during a slowdown.
You may have started up in "safe" mode. If the system is now in safe mode and works well enough in normal mode to run the test, restart as usual. If you can only test in safe mode, do that.
6. If you have more than one user, and the one affected by the problem is not an administrator, then please run the test twice: once while logged in as the affected user, and once as an administrator. The results may be different. The user that is created automatically on a new computer when you start it for the first time is an administrator. If you can't log in as an administrator, test as the affected user. Most personal Macs have only one user, and in that case this section doesn’t apply. Don't log in as root.
7. The script is a single long line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, though you may not see all of it in the browser window, and you can then copy it. If you try to select the line by dragging across the part you can see, you won't get all of it.
Triple-click anywhere in the line of text below on this page to select it:
PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/libexec;clear;cd;p=(1222 ' 0.5 0.25 10 1000 15 5120 1000 25000 1 1 0 100 ' 51 25600 4 10 25 5120 102400 1000 25 1000 80 40 500 300 85 25 20480 262144 20 2000 524288 );k=({Soft,Hard}ware Memory Diagnostics Power FireWire Thunderbolt USB Bluetooth SerialATA Extensions Applications Frameworks PrefPane Fonts Displays CFBundleIdentifier 'tsA|[ST]M[HL]' PlistBuddy{,' 2>&1'}' -c Print' 'Info\.plist' 'com\\.apple\\.' -\\t N\\/A 'AES|atr|udit|msa|dnse|ax|ensh|fami|FileS|fing|ft[pw]|gedC|kdu|etS|is\.|alk|ODSA|otp|htt|pcas|ps-lp|rexe|rlo|rsh|smb|snm|teln|upd-[aw]|uuc|vix|webf' OSBundle{Require,AllowUserLoa}d );f=('\n%s'{': ','\n\n'}'%s\n' '\nRAM details\n%s\n' '%s %s\n' '%s\n'"${k[22]}"'%s\n' {Privacy,Mode}': %s\n' '\n   ...and %s more line(s)\n' 'RSSI: %s\nNoise: %s\nTx rate: %s\n' '\nContents of %s\n   '"${k[22]}"'mod date: %s\n   '"${k[22]}"'checksum: %s\n%s\n' '%d MB: %s\n' );b=(com.adobe.{AAM.Updater-1.0{,},AdobeCreativeCloud,CS{4,5}ServiceManager,fpsaud,SwitchBoard{,}} ${k[21]}{aelwriter,{AirPortBaseSt,SafariNotific}ationAgent,FolderActions.enabled,installer.osmessagetracing,mrt.uiagent,ReportCrash.Self,{rp,usb}muxd} com.citrixonline.GoToMeeting.G2MUpdate com.google.keystone.daemon{,} com.microsoft.office.licensing.helper com.oracle.java.{Helper-Tool,JavaUpdateHelper{,}} com.teamviewer.{Helper,teamviewer{,_desktop,_service}} org.macosforge.xquartz.{privileged_{,},}startx );c=(879294308 4071182229 461455494 3627668074 1083382502 1274181950 1855907737 2758863019 1848501757 464843899 2636415542 3694147963 1233118628 2456546649 2806998573 2778718105 842973933 2051385900 3301885676 891055588 998894468 695903914 1443423563 4136085286 3374894509 1051159591 892310726 1707497389 523110921 2883943871 3873345487 );s=(' s/[0-9A-Za-z._]+@[0-9A-Za-z.]+\.[0-9A-Za-z]{2,4}/EMAIL/g;/faceb/s/(at\.)[^.]+/\1NAME/g;/\/Shared/!s/(\/Users\/)[^ /]+/\1USER/g;s/[-0-9A-Fa-f]{22,}/UUID/g;' ' s/^ +//;/de: S|[nst]:/p;' ' {sub(/^ +/,"")};/er:/;/y:/&&$2<'${p[4]} ' s/:$//;3,6d;/[my].+:/d;s/^ {4}//;H;${ g;s/\n$//;/s: (E[^m]|[^EO])|x([^08]|02[^F]|8[^0])/p;} ' ' 5h;6{ H;g;/P/!p;} ' ' ($1~/^Cy/&&$3>'${p[9]}')||($1~/^Cond/&&$2!~/^N/) ' ' /:$/{ N;/:.+:/d;s/ *://;b0'$'\n'' };/^ *(V.+ [0N]|Man).+ /{ s/ 0x.... //;s/[()]//g;s/(.+: )(.+)/ (\2)/;H;};$b0'$'\n'' d;:0'$'\n'' x;s/\n\n//;/Apple[ ,]|Genesy|Intel|SMSC/d;s/\n.*//;/\)$/p;' ' s/^.*C/C/;H;${ g;/No th|pms/!p;} ' '/= [^GO]/p' '{$1=""};1' ' /Of/!{ s/^.+is |\.//g;p;} ' ' BEGIN { FS=":";if(system("sw_vers -productVersion|grep -q ^10\.1")) d="^'"${k[21]}"'launch(d\.peruser\.[0-9]+|ctl\.(Aqua|Background|System))$";} { if($2~/[1-9]/) { $2="status: "$2;printf("'"${f[4]}"'",$1,$2);} else if(!d||$1!~d) print $1;} ' ' { sub(/ :/,"");print|"tail -n'${p[10]}'";} ' ' NR==2&&$4<='${p[7]}' { print $4;} ' ' ($1~"wir"&&$2>'${p[22]}')||($1~"uts"&&$2>'${p[19]}') { print $1" "int($2);} ' '/YLD/s/=/ /p' ' { q=$1;$1="";u=$NF;$NF="";gsub(/ +$/,"");print q":"$0":"u;} ' ' /^ {6}[^ ]/d;s/:$//;/([^ey]|[^n]e):/d;/e: Y/d;s/: Y.+//g;H;${ g;s/ \n (\n)/\1/g;s/\n +(M[^ ]+)[ -~]+/ (\1)/;s/\n$//;/( {8}[^ ].*){2,}/p;} ' 's:^:/:p;' ' !/ /{print};END{if(NR<'{${p[12]},${p[13]}}')printf("^'"${k[21]}"'.+")} ' '|uniq' ' 1;END { if(NR<'{${p[14]},${p[21]}}') printf("^/[Sp]|'${k[21]}'");} ' ' /\.(framew|lproj)|\):/d;/plist:|:.+(Mach|scrip)/s/:.+//p;' '&&echo On' '/\.(bundle|component|framework|kext|mdimporter|plugin|qlgenerator|saver|wdgt)$/p' '/\.dylib$/p' ' /Temp|emac/{next};/(etc|Preferences|Launch[AD].+)\// { sub(".","");print;} END { split("'"${b[*]}"'",b);split("'"${c[*]}"'",c);for(i in b) print b[i]".plist\t"c[i];} ' ' /^\/(Ap|Dev|Inc|Prev)/d;/((iTu|ok).+dle|\.(component|mailbundle|mdimporter|plugin|qlgenerator|saver|wdgt))$/p;' ' $2=="=" { gsub(/[()"]/,"",$3);print $3;} ' ' /^\// { sub("/dev/","",$1);printf("%s: %s\n",$1,$9);} ' '>&-||echo No' '{print $3"\t"$1}' 's/\'$'\t''.+//p' 's/1/On/p' '/Prox.+: [^0]/p' '$2>'${p[2]}'{$2=$2-1;print}' ' BEGIN { M1='${p[16]}';M2='${p[18]}';M3='${p[8]}';M4='${p[3]}';} !/^A/{next};/%/ { getline;if($5<M1) o["CPU"]="CPU: user "$2"%, system "$4"%";next;} $2~/^disk/&&$4>M2 { o[$2]=$2": "$3" ops/s, "$4" blocks/s";next;} $2~/^(en[0-9]|bridg)/ { if(o[$2]) { e=$3+$4+$5+$6;if(e) o[$2]=o[$2]"; errors "e"/s";next;};if($4>M3||$6>M4) o[$2]=$2": in "int($4/1024)", out "int($6/1024)" (KiB/s)";} END { for(i in o) print o[i];} ' ' /r\[0\] /&&$NF!~/^1(0|72\.(1[6-9]|2[0-9]|3[0-1])|92\.168)\./ { print $NF;exit;} ' ' !/^T/ { printf "(static)";exit;} ' '/apsd|BKAg|OpenD/!s/:.+//p' ' (/k:/&&$3!~/(255\.){3}0/)||(/v6:/&&$2!~/A/) ' ' $1=="op" {m=$3};$1~"lN" {N=$2};$1~"lR" {S=$2};$1~"Tx" {T=$2};$1~/^st/ {s=$2};$1~"li"&&$3!~"wpa2" {printf("'"${f[5]}"'",toupper($3))};END { if(S*N*T&&(S-N<'${p[5]}'||T<'${p[20]}')) printf("'"${f[8]}"'",S,N,T);if(s~/^r/&&m!~/^st/) printf("'"${f[6]}"'",m);} ' ' BEGIN { FS=":";} { n=split($3,a,".");sub(/_2[01].+/,"",$3);print $2" "$3" "a[n]$1;} ' ' BEGIN { split("'"${p[1]}"'",m);FS=":";} $2<=m[$1]{next} $1<9 { o[$1]=o[$1]"\n   "$3" (UID "$4"): "$2;} $1==9&&$5!~"^/dev" { o[$1]=o[$1]"\n   "$3" (UID "$4") => "$5" (status "$6"): "$2;} $1==10&&$5 { p="ps -c -ocomm -p"$5"|sed 1d";p|getline n;close(p);if(n) $5=n;o[$1]=o[$1]"\n   "$5" => "$3" UID ("$4"): "$2;} $1~/1[12]/ { o[$1]=o[$1]"\n   "$3" (UID "$4", error "$5"): "$2;} END { u1="Mb/s";u2="per sec";u3="ms/s";u4="KiB/s";u5="%";u6="total";u7="MB";u8="ports";u[1]=u1;u[2]=u1;u[3]=u3;u[4]=u4;u[5]=u5;u[6]=u6;u[7]=u7;u[8]=u8;u[9]=u2;u[10]=u2;u[11]=u2;u[12]=u2;l[1]="Net in";l[2]="Net out";l[3]="I/O wait time";l[4]="I/O requests";l[5]="CPU usage";l[6]="Open files";l[7]="Memory";l[8]="Mach ports";l[9]="File opens";l[10]="Forks";l[11]="Failed forks";l[12]="System errors";for(i in o) print "\n"l[i]" ("u[i]")\n"o[i];} ' ' END{if($3~/[0-9]/)print$3} ' ' BEGIN { L='${p[17]}';} !/^[[:space:]]*(#.*)?$/ { l++;if(l<=L) f=f"\n   "$0;} END { F=FILENAME;if(!F) exit;if(!f) f="\n   [N/A]";"cksum "F|getline C;split(C, A);C=A[1];"stat -f%Sm "F|getline D;"file -b "F|getline T;if(T~/^Apple b/) { f="";l=0;while("'"${k[18]}"' "F|getline g) { l++;if(l<=L) f=f"\n   "g;};};if(T!~/^(AS.+ (En.+ )?text(, with v.+)?$|(Bo|PO).+ sh.+ text ex|XM)/) F=F"\n   '"${k[22]}"'"T;printf("'"${f[9]}"'",F,D,C,f);if(l>L) printf("'"${f[7]}"'",l-L);} ' ' s/^ ?n...://p;s/^ ?p...:/-'$'\t''/p;' 's/0/Off/p' 's/^.{52}(.+) <.+/\1/p' ' /id: N|te: Y/{i++} END{print i} ' ' /kext:/ { split($0,a,":");p=a[1];k[S]='${k[25]}';k[U]='${k[26]}';v[S]="Safe";v[U]="true";for(i in k) { s=system("'"${k[18]}"'\\ :"k[i]" \""p"\"/*/I*|grep -qw "v[i]);if(!s) a[1]=a[1]" "i;};if(!a[2]) a[2]="'"${k[23]}"'";printf("'"${f[4]}"'",a[1],a[2]);next;} !/^ *$/ { p="'"${k[19]}"'\\ :'"${k[16]}"' \""$0"\"/*/'${k[20]}'";p|getline b;close(p);if(b~/ /||b=="") b="'"${k[23]}"'";printf("'"${f[4]}"'",$0,b);} ' '/ en/!s/\.//p' ' NR>=13 { gsub(/[^0-9]/,"",$1);print;} ' ' $10~/$L/&&$9!~"localhost" { sub(/.+:/,"",$9);print $1": "$9|"sort|uniq";} ' '/^ +r/s/.+"(.+)".+/\1/p' 's/(.+\.wdgt)\/(Contents\/)?'${k[20]}'$/\1/p' 's/^.+\/(.+)\.wdgt$/\1/p' ' /l: /{ /DVD/d;s/.+: //;b0'$'\n'' };/s: /{ /V/d;s/^ */- /;H;};$b0'$'\n'' d;:0'$'\n'' x;/APPLE [^:]+$/d;p;' '/^find: /!p;' ' /^p/{ s/.//g;x;s/\nu/:/;s/(\n)c/\1:/;s/\n\n//;p;};H;' ' BEGIN{FS="= "} /Path/{print $2} ' ' /^ *$/d;s/^ */   /;p;' ' s/^.+ |\(.+$$//g;p;' '1;END{if(NR<'${p[15]}')printf("^/(S|usr/(X|li))")}' ' /2/{print "WARN"};/4/{print "CRITICAL"};' ' /EVHF|MACR|^s/d;s/^.+: //p;' ' $3~/^[1-9][0-9]{0,2}(\.[1-9][0-9]{0,2}){2}$/ { i++;n=n"\n"$1"\t"$3;} END{ if(i>1)print n} ' s/{'\.|jnl: ','P.+:'}'//;s/ +([0-9]+)(.+)/\2 \1/p' ' /es: ./{ s/^.+://;b0'$'\n'' };/^ +C.+ted: +[NY]/H;/:$/b0'$'\n'' d;:0'$'\n'' x;/: +N/d;s/\n.+//p;' ' 1d;/:$/b0'$'\n'' $b0'$'\n'' /(D|^ *Loc.+): /{ s/^.+: //;H;};/(B2|[my]): /H;d;:0'$'\n'' x;/[my]: [AM]|m: I.+p$|^\/Vo/d;s/(^|\n) [ -~]+//g;s/(.+)\n(.+)/\2:\1/;s/\n//g;/[ -~]/p;' 's/$/:(0|-(4[34])?)$/p' '|sort'{'|uniq'{,\ -c},\ -nr} ' s/^/'{5,6,7,8}':/;s/ *: */:/g;p;' '/e:/{print $2}' ' /^[(]/{ s/....//;s/$/:/;N;/: [)]$/d;s/\n.+ ([^ ]+).$/\1/;H;};${ g;p;} ' 's/:.+$//p' '|wc -l' /{\\.{kext,xpc,'(appex|pluginkit)'}'\/(Contents\/)?'Info,'Launch[AD].+'}'\.plist$/p' 's/([-+.?])/\\\1/g;p' 's/, /\'$'\n/g;p' ' BEGIN{FS=":"} { printf("'"${f[10]}"'",$1/1048576,$2);} ' ' /= D/&&$1!~/'{${k[24]},${k[17]}}'/ { getline d;if(d~"t") D=D"\n"$1;} END { print D;} ' ' NR>1&&$3!~/0x|\.([0-9]{3,}|[-0-9A-F]{36})$/ { print $3":"$2;} ' '|tail -n'${p[6]} ' $1>1 { $NF=$NF" x"$1;} /\*/ { if(!f) f="\n\t* Code injection";} { $1="";} 1;END { print f;} ' ' s/.+bus /Bus: /;s/,.+[(]/ /;s/,.+//p;' ' { $NF=$NF" Errors: "$1;$1="";} 1 ' ' 1s/^/\'$'\n''/;1s/:/ tree/;/^ +[MPSV].+: ./d;s/:$//;p;' 's/,.+"//p' '|grep -q e:/' '/[^ .]/p' '{ print $1}' );c1=(system_profiler pmset\ -g nvram fdesetup find syslog df vm_stat sar ps crontab kextfind top pkgutil "${k[18]}\\" echo cksum kextstat launchctl smcDiagnose sysctl\ -n defaults\ read stat lsbom 'mdfind -onlyin /' env pluginkit scutil 'dtrace -q -x aggsortrev -n' profiles sed\ -En awk /S*/*/P*/*/*/C*/*/airport networksetup mdutil lsof test osascript\ -e netstat mdls route egrep 'dscl . -read' );c2=(${k[21]}loginwindow\ LoginHook ' /L*/P*/loginw*' "'tell app \"System Events\" to get properties of login items'" 'L*/Ca*/'${k[21]}'Saf*/E* -d 2 -name '${k[20]} '~ $TMPDIR.. $ -flags +sappnd,schg,uappnd,uchg -o ! -user $UID -o ! -perm -600 $' -i '-nl -print' '-F \$Sender -k Level Nle 3 -k Facility Req "'${k[21]}'('{'bird|.*i?clou','lsu|sha'}')"' "-f'%N: %l' Desktop L*/Keyc*" therm sysload boot-args status " -F '\$Time \$Message' -k Sender kernel -k Message CRne '0xdc008012|calling|(complet|enabl)ed|ry HD' -k Message CReq 'bad |Can.t l|corru|dead|fail|GPU |hfs: Ru|inval|Limiti|v_c|NVDA\(|pagin|error|Refus|TCON|tim(ed? ?|ing )o|WARN' " '-du -n DEV -n EDEV 1 10' 'acrx -o%cpu,comm,ruid' "' syscall::recvfrom:return {@a[execname,uid]=sum(arg0)} syscall::sendto:return {@b[execname,uid]=sum(arg0)} syscall::open*:entry {@c[execname,uid,copyinstr(arg0),errno]=count()} syscall::execve:return, syscall::posix_spawn:return {@d[execname,uid,ppid]=count()} syscall::fork:return, syscall::vfork:return, syscall::posix_spawn:return /arg0 < 0/ {@e[execname,uid,arg0]=count()} syscall:::return /errno != 0/ {@f[execname,uid,errno]=count()} io:::wait-start {self->t=timestamp} io:::wait-done /self->t/ { this->T=timestamp - self->t;@g[execname,uid]=sum(this->T);self->t=0;} io:::start {@h[execname,uid]=sum(args[0]->b_bcount)} tick-10sec { normalize(@a,2560000);normalize(@b,2560000);normalize(@c,10);normalize(@d,10);normalize(@e,10);normalize(@f,10);normalize(@g,10000000);normalize(@h,10240);printa(\"1:%@d:%s:%d\n\",@a);printa(\"2:%@d:%s:%d\n\",@b);printa(\"9:%@d:%s:%d:%s:%d\n\",@c);printa(\"10:%@d:%s:%d:%d\n\",@d);printa(\"11:%@d:%s:%d:%d\n\",@e);printa(\"12:%@d:%s:%d:%d\n\",@f);printa(\"3:%@d:%s:%d\n\",@g);printa(\"4:%@d:%s:%d\n\",@h);exit(0);} '" '-f -pfc /var/db/r*/'${k[21]}'*.{BS,Bas,Es,J,OSXU,Rem,up}*.bom' '{/,}L*/Lo*/Diag* -type f -regex .\*[cght] ! -name .?\* ! -name \*ag $ -exec grep -lq "^Thread c" {} \; -exec printf \* \; -o -true $ -execdir stat -f:%Sc:%N -t%F {} \;' '/S*/*/Ca*/*xpc*' '-L /{S*/,}L*/StartupItems -type f -exec file {} +' kMDItemContentTypeTree=${k[21]}{bundle,mach-o-dylib} :Label "/p*/e*/{aut*,{cron,fs}tab,hosts,{[lp],sy}*.conf,mach_i*/*,pam.d/*,ssh{,d}_config,*.local} {/p*,/usr/local}/e*/periodic/*/* /L*/P*{,/*}/com.a*.{Bo,sec*.ap}*t {/S*/,/,}L*/{Lau,Sec}*/*t .launchd.conf" list '-F "" -k Sender hidd -k Nle 3' /Library/Preferences/${k[21]}alf\ globalstate --proxy '-n get default' -I --dns -get{dnsservers,info} -P -m\ / '' -n1 '-R -ce -l1 -n5 -o'{'prt -stats prt','mem -stats mem'}',command,uid' -kl -l -s\ / '--regexp --files '${k[21]}'pkg.*' '+c0 -i4TCP:0-1023' ${k[21]}dashboard\ layer-gadgets '-d /L*/Mana*/$USER' '-app Safari WebKitDNSPrefetchingEnabled' '-Fcu +c0 -l' -m 'L*/{Con*/*/Data/L*/,}Pref* -type f -size 0c -name *.plist.???????' kern.memorystatus_vm_pressure_level '3>&1 >&- 2>&3' '-F \$Message -k Sender kernel -k Message CReq "'{'n Cause: -','(a und|I/O |jnl_io.+)err','USBF:'}'"' -name\ kMDItem${k[16]} -T\ hfs '-n get default' -listnetworkserviceorder :${k[16]} :CFBundleDisplayName $EUID {,'/{S*/,}'}'L*/{,Co*/*/*/L*/}{Cache,Log}s $TMPDIR../C -type f -size +'${p[11]}'M -exec stat -f'%z:%N' {} \;' \ /v*/d*/*/*l*d{,.*.$UID}/* '-app Safari UserStyleSheetEnabled' "-o ',\"name\":\"[^\"]+' L*/A*/Fi*/P*/*/a*.json" users/$USER\ HomeDirectory '{/,}L*/{Con,Pref}* -type f ! -size 0 -name *.plist -exec plutil -s {} \;' ' -F "\$Time \$Sender \$(RefProc): \$Message" -k Level Nle 3 -k Facility R'{'ne "user|','eq "'}'console" -k Message CRne "sandbox ex" ' getenv );N1=${#c2[@]};for j in {0..15};do c2[N1+j]=SP${k[j]}DataType;done;l=({Restricted\ ,Lock,Pro}files POST Battery {Safari,App,{Bad,Loaded}\ kernel,Firefox}\ extensions System\ load boot\ args FileVault\ {2,1} {Kernel,System,Console}\ log Activity SMC Login\ hook 'I/O per process' 'High file counts' UID Daemons Agents XPC\ cache Startup\ items {Admin,Root}\ access Bundles Library\ paths{,' ('{shell,launchd}\)} Font\ issues Firewall Proxies DNS TCP/IP Wi-Fi 'Elapsed time (sec)' {Root,User}\ crontab {Global,User}' login items' Spotlight Memory\ pressure Listeners Widgets Parental\ Controls Prefetching Nets Volumes {Continuity,I/O,iCloud,HID,HCI}\ errors {User,System}\ {caches/logs,overrides} Shutdown\ codes Heat Diagnostic\ reports Bad\ plists Free\ space VM Stylesheet );N3=${#l[@]};for i in {0..8};do l[N3+i]=${k[5+i]};done;F() { local x="${s[$1]}";[[ "$x" =~ ^([\&\|\<\>]|$) ]]&&{ printf "$x";return;};:|${c1[30]} "$x" 2>&-;printf "%s \'%s\'" "|${c1[30+$?]}" "$x";};A0() { Q=6;v[2]=1;id -G|grep -qw 80;v[1]=$?;((v[1]))||{ Q=7;sudo -v;v[2]=$?;((v[2]))||Q=8;};v[3]=`date +%s`;date '+Start time: %T %D%n';printf '\n[Process started]\n\n'>&4;printf 'Revision: %s\n\n' ${p[0]};};A1() { local c="${c1[$1]} ${c2[$2]}";shift 2;c="$c ` while [[ "$1" ]];do F $1;shift;done`";((P2))&&{ c="sudo $c";P2=;};v=`eval "$c"`;[[ "$v" ]];};A2() { local c="${c1[$1]}";[[ "$c" =~ ^(awk|sed ) ]]&&c="$c '${s[$2]}'"||c="$c ${c2[$2]}";shift 2;local d=` while [[ "$1" ]];do F $1;shift;done`;((P2))&&{ c="sudo $c";P2=;};local a;v=` while read a;do eval "$c '$a' $d";done<<<"$v";`;[[ "$v" ]];};A3(){ v=$((`date +%s`-v[3]));};B1() { v=No;! ((v[1]))&&{ v=;P1=1;};};eval "`type -a B1|sed '1d;s/1/2/'`";B3(){ v[$1]="$v";};B4() { local i=$1;local j=$2;shift 2;local c="cat` while [[ "$1" ]];do F $1;shift;done`";v[j]=`eval "{ $c;}"<<<"${v[i]}"`;};B5(){ v[$1]="${v[$1]}"$'\n'"${v[$2]}";};B6() { v=` paste -d: <(printf "${v[$1]}") <(printf "${v[$2]}")|awk -F: ' {printf("'"${f[$3]}"'",$1,$2)} ' `;};B7(){ v=`egrep -v "${v[$1]}"<<<"$v"|sort`;};eval "`type -a B7|sed '1d;s/7/8/;s/-v //'`";C0() { [[ "$v" ]]&&sed -E "$s"<<<"$v";};C1() { [[ "$v" ]]&&printf "${f[$1]}" "${l[$2]}" "$v"|sed -E "$s";};C2() { v=`echo $v`;[[ "$v" != 0 ]]&&C1 0 $1;};C3() { B4 0 0 63&&C1 1 $1;};C4() { echo $'\t'"Part $((++P)) of $Q done at $((`date +%s`-v[3])) sec">&4;};C5() { sudo -k;pbcopy<<<"$o";printf '\n\tThe test results are on the Clipboard.\n\n\tPlease close this window.\n';exit 2>&-;};for i in 1 2;do eval D${i}0'(){ A'$i' $@;C0;};';for j in 2 3;do eval D$i$j'(){ local x=$1;shift;A'$i' $@;C'$j' $x;};';done;done;trap C5 2;o=$({ A0;D10 0 N1+1 2;D10 0 $N1 1;B1;C2 27;B1&&! B2&&C2 28;D12 22 15 63;D10 0 N1+2 3;D10 0 N1+15 17;D13 3 0 N1+3 4;D13 4 0 N1+4 5;D13 N3+4 0 N1+9 59;for i in 0 1 2;do D13 N3+i 0 N1+5+i 6;done;D13 N3+3 0 N1+8 71;D13 62 1 10 7;D13 10 1 11 8;B2&&D13 18 19 53 67;D12 11 2 12 9;D12 12 3 13 10;D12 13 42 70 101 25;D12 65 6 36 13;D12 45 20 52 66;D13 66 7 37 14;D13 17 8 15 38;D10 9 16 16 77 45;C4;B2&&D10 35 49 61 75 76 78 45;B2&&{ D10 28 17 45;C4;};D10 12 40 54 16 79 45;D10 12 39 54 16 80 45;D13 31 25 37 15&&{ B4 0 8 103;B4 8 0;A2 18 74;B6 8 0 3;C3 32;};B2&&D13 19 21 0;B2&&D13 40 10 42;B2&&D12 2 29 35 46;D12 44 34 43 53;D12 25 22 20 32;D12 33 0 N1+14 51;D12 34 21 28 35;D13 35 27 29 36;A1 40 59 81;B3 18;A1 33 60 82;B8 18;B4 0 19 83;A1 27 32 39&&{ B3 20;B4 19 0;A2 33 33 40;B3 21;B6 20 21 3;};C2 36;D13 50 38 5 68;B4 19 0;D23 37 33 34 42;B2&&D13 46 35 45 55;D13 38 32 31 43;B2&&D13 59 4 65 76 91;D13 63 4 19 44 75 95 96;B1&&{ D13 53 5 55 75 69&&D13 51 6 58 31;D13 56 5 56 97 75 98&&D10 0 N1+7 99;D12 55 5 27 84;D13 61 5 54 75 70;D13 14 5 14 12;D13 15 5 72 12;C4;};D13 16 5 73 12;A1 13 44 74 18;C4;B3 4;B4 4 0 85;A2 14 61 89;B4 0 5 19 102;A1 17 41 20;B7 5;C3 8;B4 4 0 88;A2 14 24 89;C4;B4 0 6 19 102;B4 4 0 86;A2 14 61 89;B4 0 7 19 102;B5 6 7;B4 6 6 73 102;B2&&{ A1 18 26 94;B7 6;B4 0 0 11;C3 23;};A1 18 26 94;B7 6;B4 0 0 11;C3 24;D13 60 14 66 92;D13 58 14 67 93;D13 26 4 21 24;D13 42 14 1 62;D13 43 37 2 90 48;D13 41 10 42;D12 48 36 47 25;A1 4 3 60&&{ B3 5;A2 14 61;B4 0 6 21;B4 5 0;A2 14 62;B4 0 0 21;B6 0 6 4;C3 5;};D13 9 41 69 100;D12 67 21 68 35;D12 49 21 48 49;B4 4 22 57 102;A1 21 46 56 74;B7 22;B4 0 0 58;C3 47;D13 54 5 7 75 76 69;D13 52 5 8 75 76 69;D13 57 4 64 76 91;D12 0 4 4 84;D12 1 4 51 84;D13 21 22 9 37;A1 23 18 28 89;B4 0 16 22 102;A1 16 25 33;B7 16;B4 0 0 34;D20 31 47;D13 64 4 71 41;C4;B4 4 12 26 89 23 102;for i in {0..3};do A1 0 N1+10+i 72 74;B7 12;B4 0 0 52;C3 N3+5+i;((i))||C4;done;A1 24 22 29;B7 12;B3 14;A2 39 57 30;B3 15;B6 14 15 4;C3 29;B4 4 13 27 89 65;A1 24 23;B7 13;C3 30;B4 4 0 87;A2 14 61 89 20;B4 0 16;A1 26 50 64;B7 16;C3 6;D13 7 11 6;A3;C2 39;C4;} 4>&2 2>/dev/null;);C5
Copy the selected text to the Clipboard by pressing the key combination command-C.
8. Launch the built-in Terminal application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ Open LaunchPad and start typing the name.
Click anywhere in the Terminal window and paste by pressing command-V. The text you pasted should vanish immediately. If it doesn't, press the return key.
9. If you see an error message in the Terminal window such as "Syntax error" or "Event not found," enter
exec bash
and press return. Then paste the script again.
10. If you're logged in as an administrator, you'll be prompted for your login password. Nothing will be displayed when you type it. You will not see the usual dots in place of typed characters. Make sure caps lock is off. Type carefully and then press return. You may get a one-time warning to be careful. If you make three failed attempts to enter the password, the test will run anyway, but it will produce less information. In most cases, the difference is not important. If you don't know the password, or if you prefer not to enter it, just press return three times at the password prompt. Again, the script will still run.
If you're not logged in as an administrator, you won't be prompted for a password. The test will still run. It just won't do anything that requires administrator privileges.
11. The test may take a few minutes to run, depending on how many files you have and the speed of the computer. A computer that's abnormally slow may take longer to run the test. While it's running, a series of lines will appear in the Terminal window like this:
[Process started]
        Part 1 of 8 done at … sec
        Part 8 of 8 done at … sec
        The results are on the Clipboard.
        Please close this window.
[Process completed]
The intervals between parts won't be exactly equal, but they give a rough indication of progress. The total number of parts may be different from what's shown here.
Wait for the final message "Process completed" to appear. If you don't see it within about ten minutes, the test probably won't complete in a reasonable time. In that case, press the key combination control-C or command-period to stop it. Then go to the next step.
12. When the test is complete, or if you stopped it because it was taking too long, quit Terminal. The results will have been copied to the Clipboard automatically. They are not shown in the Terminal window. Please don't copy anything from there. All you have to do is start a reply to this comment and then paste by pressing command-V again.
At the top of the results, there will be a line that begins with the words "Start time." If you don't see that, but instead see a mass of gibberish, you didn't wait for the "Process completed" message to appear in the Terminal window. Please wait for it and try again.
If any private information, such as your name or email address, appears in the results, anonymize it before posting. Usually that won't be necessary.
13. When you post the results, you might see an error message on the web page: "You have included content in your post that is not permitted," or "You are not authorized to post." That's a bug in the forum software. Please post the test results on Pastebin, then post a link here to the page you created.
14. This is a public forum, and others may give you advice based on the results of the test. They speak only for themselves, and I may not agree with them.
Copyright © 2014, 2015 by Linc Davis. As the sole author of this work, I reserve all rights to it except as provided in the Use Agreement for the Apple Support Communities website ("ASC"). Readers of ASC may copy it for their own personal use. Neither the whole nor any part may be redistributed.

Guest user cann't access report when using xdo_user_name

when i added xdo_user_name into the sql, the report could no be accessed by Guest user via URL.
Firstly, create a very simple report.
i have set Guest user could access Guest folder and create a report under this folder.
1.data model:
select 'a' XDO_USER_NAME,
'b' XDO_USER_ROLES
FROM DUAL
2.generate a RTF template.
3.view this report
4.get link of this report
5.log out and access this report via URL by Guest
6. access this report successfully.
Secondly, update the data model:
select :xdo_user_name XDO_USER_NAME,
:xdo_user_roles XDO_USER_ROLES
FROM DUAL
access this report via URL by Guest user again, get error message:
The report cannot be rendered because of an error, please contact the administrator.

These bind variables are bounded to the user logged in, and these are not available for guest, thats why you get these errors.
log an support ticket for this, Oracle support/team will help you on this, if they think its nice functionality.

Cisco Wireless NAC Appliance - Design Practices ??

Hi,
I have a new Cisco WIreless NAC appliance, the purpose of which is to manage the Guest users access to network. I have been searching for some best practices related to the design of this appliance but havent found one.
Can anybody help me in sharing his design experience or any docuement which would be guiding in deciding over the design / placement of this NAC device in network.
Thank You.

Hi,
there is nothing such as "Wireless Nac appliance".
The question is "do you have the NAC Guest Server" or the "Nac appliance Server and Nac appliance Manager (CAS/CAM)" ?
Because those are just not the same at all.
Then on the wireless side, do you have autonomous APs or a WLC ?
Sorry to ask, but there's just so many possibilities you could be asking that we need to clarify.
My bet is that you are either looking for this :
http://www.cisco.com/en/US/partner/products/ps6128/products_configuration_example09186a0080a138cc.shtml
or for this :
http://www.cisco.com/en/US/partner/docs/security/nac/guestserver/configuration_guide/20/g_hotspots.html#wp1092277
Nicolas
===
Don't forget to rate answers that you find useful

Cisco 1142 Wireless access point intermittently will not authenticate

Hi all,
We have a Cisco 1142 standalone access point, and from time to time I will come into the office and it will not authenticate any users to either our guest or corporate networks. I then have to go in and reboot the access point. After that, it begins to work. Any advice? Here's my configuration below:
Current configuration : 6450 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname cisco-chiap01
logging monitor errors
enable secret 5 $1$fsD8$CU42/3/Up5AAlL4hQWvvg0
aaa new-model
aaa group server radius rad_eap
server 172.17.16.12 auth-port 1645 acct-port 1646
server 172.17.21.10 auth-port 1812 acct-port 1813
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
server 172.17.21.10 auth-port 1812 acct-port 1813
aaa group server radius rad_eap2
server 172.17.16.12 auth-port 1645 acct-port 1646
server 172.17.21.10 auth-port 1812 acct-port 1813
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login eap_methods2 group rad_eap2
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
login on-failure log
login on-success log
dot11 syslog
dot11 vlan-name Admin vlan 100
dot11 vlan-name DevNetwork vlan 20
dot11 vlan-name Guest vlan 150
dot11 vlan-name Network vlan 16
dot11 ssid DevNetwork
vlan 20
authentication open eap eap_methods2
authentication network-eap eap_methods2
authentication key-management wpa version 2
dot11 ssid Guest
vlan 150
authentication open
authentication key-management wpa version 2
guest-mode
mbssid guest-mode
wpa-psk ascii 7 142407060101380B013A3A2670435642
information-element ssidl advertisement
dot11 ssid Network
vlan 16
authentication open eap eap_methods2
authentication network-eap eap_methods2
authentication key-management wpa version 2
username monkeyman privilege 15 secret 5 $1$ZZ7C$rqimu2FNONdfeacMNGAD/.
bridge irb
interface Dot11Radio0
no ip address
ip helper-address 172.17.19.10
no ip route-cache
encryption mode ciphers aes-ccm
encryption vlan 16 mode ciphers aes-ccm
encryption vlan 150 mode ciphers aes-ccm
encryption vlan 20 mode ciphers aes-ccm
ssid DevNetwork
ssid Guest
ssid Network
antenna gain 0
parent timeout 120
speed 5.5 11.0 basic-6.0 9.0 12.0 36.0 48.0 54.0
packet retries 128 drop-packet
channel 2462
station-role root
rts threshold 512
rts retries 128
interface Dot11Radio0.11
encapsulation dot1Q 11
no ip route-cache
interface Dot11Radio0.16
encapsulation dot1Q 16 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
bridge-group 20 subscriber-loop-control
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
bridge-group 20 spanning-disabled
interface Dot11Radio0.150
encapsulation dot1Q 150
no ip route-cache
bridge-group 150
bridge-group 150 subscriber-loop-control
bridge-group 150 block-unknown-source
no bridge-group 150 source-learning
no bridge-group 150 unicast-flooding
bridge-group 150 spanning-disabled
interface Dot11Radio1
no ip address
ip helper-address 172.17.19.10
no ip route-cache
encryption vlan 16 mode ciphers aes-ccm
encryption vlan 150 mode ciphers aes-ccm
encryption vlan 20 mode ciphers aes-ccm
ssid DevNetwork
ssid Guest
ssid Network
antenna gain 0
traffic-metrics aggregate-report
dfs band 3 block
mbssid
parent timeout 120
speed 6.0 12.0 basic-24.0 36.0 48.0 54.0
channel width 40-above
channel dfs
station-role root access-point
interface Dot11Radio1.11
encapsulation dot1Q 11
no ip route-cache
interface Dot11Radio1.16
encapsulation dot1Q 16 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio1.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
bridge-group 20 subscriber-loop-control
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
bridge-group 20 spanning-disabled
interface Dot11Radio1.150
encapsulation dot1Q 150
no ip route-cache
bridge-group 150
bridge-group 150 subscriber-loop-control
bridge-group 150 block-unknown-source
no bridge-group 150 source-learning
no bridge-group 150 unicast-flooding
bridge-group 150 spanning-disabled
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
interface GigabitEthernet0.11
encapsulation dot1Q 11
no ip route-cache
interface GigabitEthernet0.16
encapsulation dot1Q 16 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface GigabitEthernet0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
no bridge-group 20 source-learning
bridge-group 20 spanning-disabled
interface GigabitEthernet0.100
encapsulation dot1Q 100
ip address 192.168.100.3 255.255.255.0
no ip route-cache
bridge-group 100
no bridge-group 100 source-learning
bridge-group 100 spanning-disabled
interface GigabitEthernet0.150
encapsulation dot1Q 150
no ip route-cache
bridge-group 150
no bridge-group 150 source-learning
bridge-group 150 spanning-disabled
interface BVI1
ip address 172.17.16.251 255.255.255.0
no ip route-cache
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface GigabitEthernet0
access-list 1 permit 172.17.16.1
access-list 1 remark Admin network access
access-list 1 permit 192.168.100.0 0.0.0.255
radius-server attribute 32 include-in-access-req format %h
radius-server host 172.17.21.10 auth-port 1812 acct-port 1813 key 7 047958071C3561410D4A44
radius-server host 172.17.16.12 auth-port 1645 acct-port 1646 key 7 08045E471A48574446
radius-server host 172.17.21.10 auth-port 1645 acct-port 1646 key 7 1320051B185D56797F
radius-server timeout 15
radius-server vsa send accounting
bridge 1 route ip
line con 0
line vty 0 4
access-class 1 in
end

When the issue occurs does that affect both 2.4GHz & 5GHz devices ? I would see which band operating devices affected.
I noticed you have set CH11 under Radio 0 statically. I would prefer to configure it as below so AP can change the channel depend on the environment.
int d0
channel least-congested
HTH
Rasika
**** Pls rate all useful responses ****

Guest Internet access in the Enterprise

We have set up guest internet access in our enterprise using GRE tunneling with a PIX. I'm trying to determine the best way to do authentication for users on this guest network.
I think I can do RADIUS (using ACS) with the PIX as an NAS. Question is can I use a different type of server (such as MS IAS)? Can I use either one to utilize an existing MS Active Directory database?
If I use radius on the pix for authentication, a login prompt pops up when a user tries to use the web. Is there a way to redirect users to a web page first and have the login embedded on the page? This is done in hotels now and I don't know if there's a Cisco solution for this.

The following documents lists all the supported Databases,
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs33/user/d.htm

How-do-i-configure-guest-wifi-access-using-2504-wlc-fortigate-utm-l3-device

Dear All
I have a 2504 Wireless Controller with multiple radios attached. I currently have a "private" WLAN configured (taking ip from windows server based DHCP of Range 192.1681.0/24 ) and working, but I need to add a Guest/Public WLAN which should take the IP from Other DHCP Configured on Fortigate UTM of range 172.16.0.0/24.
We have one SG300 switch in the office and the rest are basic switches.
Our firewall/router is a Fortigate UTM 240D
Find the attached network diagram for the issue.
Is there a SIMPLE way to enabling guest access that doesn't require VLANS (or are VLANS easier than I'm making them)?
Thanks.
- See more at: https://supportforums.cisco.com/discussion/12473186/how-do-i-configure-guest-wifi-access-using-2504-wlc-fortigate-utm-l3-device#sthash.aj1XcWI0.dpuf

Complete these steps in order to configure the devices for this network setup:
http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-vlan/70937-guest-internal-wlan.html
Configure Dynamic Interfaces on the WLC for the Guest and Internal Users
Create WLANs for the Guest and Internal Users
Configure the Layer 2 Switch Port that Connects to the WLC as Trunk Port

ASA 5510 Guest Internet Access

I have a subnet for guest network access, both wired and wireless. We have a Netgear ProSafe that is trunked to a Cisco 2901 performing 'Router-on-a-Stick'. For most internal traffic, it all stays behind the ASA. But for guest traffic, I have a route-map that sets the next-hop address as the outside interface of the ASA. The question is, how can I still permit those users to access our internal DNS servers? Do I need any particular NAT translations, exemptions, DNS doctoring, hairpinning, etc.? I have an ACL on the inside interface that permits traffic from the guest networks to our internal DNS servers, and then the next ACL line denies any other traffic from the guest networks to any of our internal networks.
Regards,
Scott

Hello Scott,
Your ASA will need to have a route for both networks
You also will need the following command:
-same-security-traffic permit intra-interface
The thing is that the packets from the guest vlan will go directly to the ASA as its default gateway, then packets will be routed to the Router on stick and finally to the DNS server, the reply will go from the DNS to the Router on stick and then directly to the Guest user.
Nat exemption will look like this:
access-list nonat permit ip 192.168.14.0 255.255.255.0 host 192.168.11.6
access-list nonat permit ip 192.168.14.0 255.255.255.0 host 192.168.11.4
nat (inside) 0 access-list nonat
Please give it a try, also please provide packet tracer
packet-tracer input inside udp 192.168.14.10 1025 192.168.11.4 53
Regards,
Julio
Rate helpful posts

Guest Portal Access using ISE

I’m having an issue setting up the Guest Port Access for our wireless network.
I’m trying to setup an SSID anchored in the DMZ for internet access only. The authentication to this would be granted via the ISE Guest Access Portal.
I’ve got the SSID created and tested working with no authentication.
When I enable the Guest Portal (per these instructions http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bba10d.shtml), I can login and create a guest account. Have the guest go to the portal, login, hit ‘I accept’, but then instead of redirecting them to whatever page they tried to access, it sends them back to the guest login page (with still no access to the network resources).
Am I missing a simple setting somewhere? Please let me know if this should be reposted in the security/ISE forum instead of here.
Thanks,
Pete

Is this related?
11036
ERROR
RADIUS
The Message-Authenticator RADIUS attribute is invalid.
A RADIUS packet having an invalid Message-Authenticator attribute has been received. Make sure that the client device is compatible with AD Agent, has been configured properly, and is functioning properly. Make sure that the same RADIUS shared secret has been properly configured, both in the client device and in AD Agent.
Reference: http://www.cisco.com/en/US/docs/security/ibf/setup_guide/ibf10_log_msgs.html

Guest Wireless access over WAN

Hello Everyone,
We have around 45 remote location , all are connected with GRE Tunnels.
44 location have there own WLC which are managed by NCS and ISE in HQ , All 44 location have Wireless access for Guest and INternal Staff.
Now my Question is :
One location(45th) have only 10 users and I dont want to put a WLC there.
How can I provide the Guest wireless access on this location over WAN from HQ.
We can buy APs.
Please give me some ideas to solve this problem.
Here I am attaching my default plan :
Thanks

You just configure the access point in FlexConnect mode and then on the guest SSID you would central switch the WLAN. Central switching tunnels back traffic to the WLC and local switching drops traffic off at the local site. Here are some guides to look at.
https://supportforums.cisco.com/docs/DOC-24082
http://www.cisco.com/en/US/products/ps11635/products_tech_note09186a0080b7f141.shtml
Sent from Cisco Technical Support iPhone App

WLC+Anchor+Guest NAC

Hello all
I have few basic clarifications on these components.. i have a network, with LWAPP's and WLC on one site - say site A. lets consider only the guest SSID, access as of now.. The Anchor guest controller is positioned on a DMZ segment on Site B. Site A & B are connected through a routed network. I also have a NAC guest server, on Site C. Now, i want to integrate all these components. As per my knowledge following is the traffic flow:
1) When guest users access their SSID, they are mapped to the anchor controller in DMZ, throu mobililty groups.. the WLC then initiates a EoIP tunnel to DMZ controller.. Firewall rules allow,all reuired ports (IP 97, 16666 UDP etc), and end to end ip communication happens.
2) Upon the reuest, the Anchor controller provides an Ip address from DHCP configured locally. In this case, will the default gateway of the PC's be Anchor DMZ controller's WLAN IP or will it be local to Site A (say L3 switch) ?
3) Then when the user tries to access any site, he is given a web authentication portal, which is linked to the radius server/nac guest server. during authentication, dmz controller again tries speaking to the nac guest server in site c. hence the firewall has to alow for UDP 1812/1813 radius ports..
4) after authentication, the user browses internet. Now, what will be the ip packet flow in this instance. Will all traffic be first tunneled across LWAPP to the controller, and from there EoIP'ed to the Anchor ? Anchor then forwards it to the internet gateway, through DMZ ? as asked before, will the default gateway of the PC's be the WLAN IP of the anchor ? if there are too many users, will I create many WLAN SSID's for guests, for Site A ?
Sorry for the long post..
Raj

Greg
Thanks again.. that was useful too. One last query.. and this was grilling my head:
1) how does the guest vlan egress work ? I have a WLC on a new DMZ of PIX, with /27 subnet.. This WLAN is used only for EoIP communication.. now, when the guest user gets a DHCP IP, what IP pool should i define here ? since the default route is going to be towards the PIX, it should be one among the 4 interfaces, right now ? or should I have another interface or VLAN dmz for the egress traffic from WLC ? SRND says something about dynamic interfaces, but not been explained at all :(
2) will the foreign WLC talk to the Anchor controller 1 & 2, in load balancing mode ? why i'm asking is, if the dhcp is defined on Anchor 1 and if the request goest to anchor 2, then it will be an issue.. otherwise is it advicible to split up dhcp scopes between the two Anchors ? say 1-127 in one anchor and 128-254 on other ?
3) Lastly.. about guest nac servers.. i have 2 of them in place.. will the guest database be replicated between them , like what ACS does ? if so, is the replication bidirectional ? If lobby admin creates an account, it will be good if he just creates in one box, and the other box replicates it ..
Thanks for all your answers.. it has been really useful to me.. and i think will be useful for anyone who works on Anchor+guest+foreign WLC designs :)
Raj

Verifying data coming from Cisco Unified CCX Historical Reports

Good afternoon
I (along with a number of other colleagues) are heavily involved in a project to take data from a wide variety of different sources and merge it all into one system so that we can report on it in a joined-up manner.
The project comprises a number of different types of data source (such as Telephony or CRM). Within each data source type, we have various suppliers of those products. In the case of telephony data (which I'm looking into at the moment), the eventual aim is to make it possible to take data from any of the telephony platforms in use across our business (currently AVAYA, Alcatel and Cisco) and report on it in a uniform way, thus negating the need for an end-user to know what the Cisco definition of AHT is (for example).
The switch I'm currently looking at is a managed switch, meaning that we don't have any sort of direct access to the back-end database(s). We could probably get it, but I suspect that the company that manages it for us would probably charge a small fortune for that. In view of this, I'm working with a number of the standard reports in the Cisco Unified CCX system. My plan (at the moment anyway) is to identify the reports that we can use that will best provide details of all calls into and out of our contact centres. I'd be looking to get the exact details of each individual call, which could then be rolled up into manageable intervals (such as 15-minute or 30-minute).
Before I go much further, I'd like to be clear on something: I'm a database developer rather than a telecoms engineer so if I ask something that appears to be obvious then I apologise in advance. I've got quite a bit of experience of working with the CTI system that sits on top of our AVAYA platform, but it's proving to be a bit of a wrench effectively "un-learning" that system so that I can make room in my head for the Cisco solution.
So, what I've learned (or have guessed) so far is this:
When I run the Application Performance Analysis report, the Application Names that are returned are effectively the Call Routes that are set up in the system. Each Call Route can be fed by one or more Called Number (which I understand to essentially be a DDI);
The Application Summary Analysis report shows the same Application Name information as is shown in the Application Performance Report. However this report also shows the Called Number, thus providing slightly more information about the individual DDI being answered;
My next plan is to try and run an Agent-level report so that I can see exactly which calls each agent handled. This is where I've run into problems: I ran the CSQ - Agent Summary report for the whole of 17th October. I then ran the Agent Detail report for the same period, and ran it out to CSV so that I could "play" with the data. The CSQ - Agent Summary Report shows that a particular agent on a particular CSQ Name (ID) handled a total of 29 calls. However, if I filter the Agent Detail report for that agent and CSQ, I get a total of 30 calls and for the life of me am unable to identify where the missing call is coming from. Initially I'd thought it might be bacause the CSQ in question has two separate DDIs but as far as I can see, this is making no difference.
I NEED to be 100% sure that when I'm importing the data from the Cisco reports into our system, I am then able to mimic the types of reports that are coming from Cisco, with the same figures. Therefore, if anyone can help me, I'll be extremely grateful.
TIA
Ian Henderson

The "Cisco Unified CCX Historical Reports Scheduler" sits in my startup folder but seems like it doesn't "run" at startup. So I ran a "test":
- Manually right-clicked the "Cisco Unified CCX Historical Reports Scheduler" icon in the startup folder and chose "Run as Administrator"
I didn't log off or reboot PC and the reports are running again. I checked the "properties" of the icon and I did make sure it was already set to "Run this program as an Administrator" under the "Compatibility" tab.
Not sure why it's not working...
Thank you for any help you can provide....

Corporate responsibility for logging guest Internet access

Hi all
Can anyone tell me what the requirement is in the uk for logging guest Internet access for guest users at my co
Company ? Is it lawful requirement ?

The following documents lists all the supported Databases,
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs33/user/d.htm

Cisco Guest NAC access reports

Similar Messages

Maybe you are looking for