Cisco WLC Whitelist for Guest Access? and securing guest-access?

Similar Messages

• Hi can anyone help my gf try to sign in to her iPhone 3 in the app store and when she put stuff in they ask for bank details and security what do that mean

  hi can anyone help my gf got iPhone 3 and she did and id but when she put it in to login it ask for bank details and security code what do that mean

  That means you input your billing information.  And the security code is the three digit code ont he back of your credit card.

• Any suggestions?  I'm looking for a comfortable and secure drawer to house my keyboard (wired, with number pad) and magic tracker.

  Any suggestions?  I'm looking for a comfortable and secure drawer to house my keyboard (wired, with number pad) and magic tracker.

  Apples wireless magic trackpad
  http://www.apple.com/magictrackpad/

• Routed network using VRF and WLC Webaccess for Guest LAN

  I have a guest lan that uses a seperate VRF on my network. That guest LAN needs to get services and access the internet via the WLC.
  I cannot assign an IP address on the ingress port of the WLC which doesn't allow me to setup an IP-Helper or a next hop for traffic via the WLC. Since the ingress and egress are on different vlan's somehow i need to route the traffic to the egress.
  Using the VRF doesn't allow me to create a route like "ip route VRF Guest 0.0.0.0 0.0.0.0 gig 1/5" or "ip route VRF Guest 0.0.0.0 0.0.0.0 vlan 5"
  Any ideas?                    

  Does the L3 interface on your router or L3 switch look anything like this?
  interface Vlan119
  description GUEST VLAN
  ip vrf forwarding GUEST
  ip address 172.16.254.2 255.255.252.0
  ip helper-address 172.16.255.1
  no ip redirects
  no ip proxy-arp
  glbp 119 ip 172.16.254.1
  glbp 119 timers 2 7
  glbp 119 priority 150
  glbp 119 preempt delay minimum 600
  glbp 119 authentication md5 key-string 7 1326431F1B1917232203
  glbp 119 forwarder preempt delay minimum 3600
  load-interval 30
  end
  This is an edited version of an L3 interface in a 6509 hosting a WiSM.  The WiSM guest interface is in this subnet.  The helper points to NAC.  Clients in this subnet are NAT'd to public IPs when heading out to the Internet.

• Cisco Network Assistant for multiple access

  Hi All,
     hopefully this is the right place to post this.  We've been looking into Cisco Network Assistant for our "help desk" (all 3 of them) and I was wondering if it is possible to configure CNA for a shared environment..  With that I mean the application will run on a Windows Terminal Server and all 3 users should be able to access it.  Currently I've only seen it running localy and each user has to create or import the setting from another user.  This is fine until something changes in the enviorenment and that changes are only saved in the local users configuration. 
  any ideas if something like this is possible with CNA?
  Thanks,
  Dan

  You may have already figured out then where CNA stores it's localized files - in %userdir%/.networkassistant (hidden from view by default).
  You could probably hack the system by manually copying (or scripting a copy) between the respective help desk users' directories but it would be an unsupported setup.
  You'd also potentially face problems of revision synchronization in the event of multiple users making independent changes - whose is the "right one"?

• Configuring Airptort Extreme for Optimum Speed and security 802.11n

  Hello,
  I am running a Airport Extreme 802.11n with a Macbook Pro Core 2Duo, I would like to configure the Airport Extreme to run in the fastest and most secure mode.
  Since I plan on only running .N devices I do not need backwards compatibility with other wireless device.
  What advanced settings can I make to the Airport in order to achieve the best wireless transfer rates and security (including firewall security)
  Thank you so much in advance!
  -Noah

  Thanks so much for the response.
  In terms of the firewall test I was running it from
  my Macbook Pro core duo 2 via Wireless 5ghz 802.11N
  Airport Extreme connection, I ran the firewall test
  from the grc.com Guards up firewall test (Test all
  ports) it showed that my system was not fully
  stealthed and responded to pings. I am trying to
  figure out how to best secure my network, I currently
  have WPA2 with 25character letters and numbers set on
  the router, as well as having my MacbookPro firewall
  set to on.
  Any suggestions for this setup?
  Thanks again!
  Get an even better 63-character WPA "strong" passcode (Maximum WPA Security is 63 characters/504 bits)). See these sites for generating one:
  http://www.yellowpipe.com/yis/tools/WPA_key/generator.php
  http://www.speedguide.net/wlan_key.php

• WLC ACL For Internet Access Only

  I've implemented  Cicso ISE 3495's with the advanced subscription license.  I've built my policy sets, and authorization profiles.  It all works great!  Here's the issue that I'm having.  I have internal employees who bring in their own devices (BYOD).  I want to allow them onto the secured SSID that I've created, but only want to give them access to the intra/internet.  I've created an ACL (EmpInternetOnly) on the WLC.  Here are my rules:
  I can get to the intranet, with no issue (ACL lines 1-4).  I can't get to the internet whatsoever.  I see everything falling down to the deny statement.  When I remove the deny statement (ACL line 14), and put a permit all, then the internet works with no issue.  Am I missing something here?  I've researched this topic on several message boards, but can't find an answer.  I've tried to run the acl debug, on the controller, but do not see any output when I run it.  It might be because I don't understand the proper format of how to set it up.  Any and all replies would be much appreciated!  Thanks!
  Steve

• ***WLC AAA for admin access***

  I am trynig to set up radius authentication for access onto the WLC for management, ssh/telnet and GUI. The RADIUS settings are correct to the IAS server, and the management tab is selected within the RADIUS properties page.
  The provider order was changed to include radius before local, and the admin account was created in AD. When I now tried to telnet/SSH onto the command line of the WLC, i could see from the radius log that i was been succesfully authenticated, but it would not let me onto the cmd line??? it just returns me to the username prompt?
  Any isead what im missing?

  Complete these steps in order to add the WLC as an AAA client in the ACS.
  From the ACS GUI, choose the Network Configuration tab.
  Under AAA Clients, click Add Entry.
  In the Add AAA Client window, enter the WLC host name, the IP address of the WLC, and a shared secret key. See the example diagram under step 5.
  From the Authenticate Using drop-down menu, choose RADIUS .
  Click Submit + Restart in order to save the configuration.

• Cisco FlexConnect flow for guest.

  Hi all,
  We are planning to upgrade our wireless infrastructure and I need some verification on the configuration. Our current setup is the following:
  We have 2 WiSMs on the HO as active/backup and one 4400 series as an anchor. All access points are in HREAP with the interface configured as access (not trunk). It is local switching and central authentication.           
  We are planning to upgrade the wireless and instead of using anchor controller, we will use another interface on the 5508 controllers for the guest. This is a separate interface.
  The question is: Can the guest traffic go thgouth the AP to the guest without re-configuring every AP to trunk?
  TIA,
  Nicos Nicolaides       

  Thank you,
  So basically for everyone to understand the question in the future,
  our setup has the controller on a layer 3 network,
  we have multiple SSIDs (more than 2),
  All of our APs are configured in access mode.
  So you can configure each SSID to be either CAPWAP or FlexConnect right?

• What is the best cisco ip phone for call manager and ipcc practicals

                     Hi i have recently started my training on Cisco Call Manger and CCIE voice from a leading cisco voice training institute (http://networkerszone.com/), and am working on 7900 series phones, is there any other phone that i should use or this is fine.

  Naval,
  7900 phones are good enough for both CUCM & UCCE. UCCE however doesnt support all models of 7900 series, please refer UCCE Compatibility Matrix for supported phone models.
  You may also use CIPC as agent phone.
  GP.
  Pls rate the post if it helps !!

• Cisco wlc 5508 with 30 Vlan

  Hello
  i need your help
  i want to configure Cisco WLC 5508 whith 03 vlans, 3750 as core swich
  - management Vlan
  - local-user vlan
  - Guest Vlan
  i want to know all steps or config to do on WLC 
  thx

  Hi,
  Just check this.
  It may help u.
  Wireless LAN Controller and Lightweight Access Point Basic Configuration Example
  http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/69719-wlc-lwap-config.html
  http://rscciew.wordpress.com/2014/01/22/configure-dynamic-interface-on-wlc/
  Webauth for guest users:
  http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/69340-web-auth-config.html
  http://rscciew.wordpress.com/2014/06/19/wlc-webauth-configuration/
  Regards

• Need Information of cisco WLC 5508 LAG Interface

  HI
  We have cisco WLC 5508 in our network and right now ,this WLC is connected to two ports of each core switches.Both CORP and GUEST SSID are configured on this WLC.
  Now we want to segregate the trafffic og GUEST to on core switches from WLC. SO my question is ,how can we achieve this without using guest anchor controller ?
  Can i use one interfcae cisco WLC 5508 and connect it to the firewall or any device ?
  Thanks
  Puneet

  Hi
  Thanks ...I am using WLC as a DHCP server for Guest.
  So  i want to know ,is there any requirement that GUEST subnet should be pingable from WLC management IP address.
  my topology is here...
  Corp network and management network are reachable however management metwork is not pinagble from guest netowrk.

• PHP/MySQL updates within OS X S and Security updates?

  Hey All,
  Does anyone know of a link that will provide any info about PHP, PHP plug-in, or MySQL updates that are included in the Server OS or security updates, or any other software updates? This way I won't have to read through all of Apple's support articles for all OS and security updates.
  Updating a bunch of web servers from OS X S 10.6.3 to OS X 10.6.6
  Thank you in advance!

  Great news thanks!

• Generate one time authentication for Guest on Cisco WLC

  Hi All
  Sorry for my question, because I just started to work with Cisco WLC.
  I have created some WLAN for local users with authentication by 802.1x + Radius by certificate.
  For Guest I used PSK with MAC-filtering.
  But I see that is not comfortable for Guests, each time they come and want to access our wireless, we have to come and get their MAC.
  I checked on Internet and find that the wireless solution for Hotel, Resorts are very easy.
  I also googled and see that Cisco WLC support Lobby Ambassador to generate Guest username/password. But as I checked, this username/password might only use with Web-Auth, this method is not comfortable for Guest who don't know they have to go to Web-Auth to do authentication (e.g: when they only get pop3 email, or vpn, ... not use browsers)
  Could I use this method (or another method) for creating one time Guest wireless username/password or Guest PSK that can be used for authentication when Guests click to Wireless-SSID name only (no need to open web browser to do Web-Auth).
  Regards
  Hai

  Hi Choudhary
  Thank you much for your information
  Could I reconfirm about my concern.
  With Cisco WLC, I can use WebAuth with Guest user only
  If I want to use Guest user for authentication when guests connect to SSID (not by WebAuth, I means use Layer 2 security only, not Layer 3), I will have to use additional Radius Server.
  And if I understand right, could you please recommend me software based Radius Server with support generate one time username/password for Guest, because I checked IAS/NPS on windows server may not have this function (ISE is not appropriate for us at this time, due to high expense)
  Regards
  Hai

• WLC as a Mobility Anchor for guest access - Management on DMZ or not DMZ

  When using Guest Access Cisco recommend a Mobility Anchor Controller be placed on a DMZ and the guest access wireless Lan is tunneled to this controller.  This means that 2 DMZ subnetworks are required - one for the management interface and one for the wireless lan's dynamic interface itself.
  I am trying to see if there are any disadvantages/security risks using 2 physical ports on the controller (no LAG) and placing one on a corporate network inside the firewall for management and to terminate the mobility anchor tunnel, and one outside the firewall on a DMZ for the wireless lan's dynamic interface.
  Advantages that I see are that no tunnels need to go though a firewall, management of the WLC is kept completely inside the corporate network, protected by the firewall and not left on the DMZ.
  Thanks.

  OK, so to recap;
  - place the 2nd WLC in the DMZ with only 1 port (set for dynamic AP management)?
  - Then Anchor the guest SSID (on it's DMZ IP instead of management IP as is now)
  And to make that kind of anchoring work, I have to open ports below on the firewall.. right?
  UDP port 16666 for inter-WLC  communication, and IP protocol ID 97 Ethernet in IP for client traffic.
  and:
  •TCP 161 and 162 for SNMP 
  •UDP 69 for TFTP 
  •TCP 80 or 443 for HTTP, or HTTPS for GUI access 
  •TCP 23 or 22 for Telnet, or SSH for CLI access
  Thanks to confirm that