Generate one time authentication for Guest on Cisco WLC

Similar Messages

• NAC guest server with RADIUS authentication for guests issue.

  Hi all,
  We have just finally successfully installed our Cisco NAC guest server. We have version 2 of the server and basically the topology consists of a wism at the core of the network and a 4402 controller at the dmz, then out the firewall, no issues with that. We do however have a few problems, how can we provide access through a proxy without using pak files obviously, and is there a way to specify different proxies for different guest traffic, based on IP or a radius attribute etc.
  The second problem is more serious; refer to the documentation below from the configuration guide for guest nac server v2. It states that hotspots can be used and the Authentication option would allow radius authentication for guests, I’ve been told otherwise by Cisco and they say it can’t be done, has anyone got radius authentication working for guests.
  https://www.cisco.com/en/US/docs/security/nac/guestserver/configuration_guide/20/g_hotspots.html
  -----START QUOTE-----
  Step 7 From the Operation mode dropdown menu, you can select one of the following methods of operation:
  •Payment Provider—This option allows your page to integrate with a payment providing billing system. You need to select a predefined Payment Provider from the dropdown. (Refer to Configuring Payment Providers for details.) Select the relevant payment provider and proceed to Step 8.
  •Self Service—This option allows guest self service. After selection proceed to Step 8.
  •Authentication—This option allows RADIUS authentication for guests. Proceed to Step 9.
  ----- END QUOTE-----
  Your help is much appreciated on this, I’ve been looking forward to this project for a long time and it’s a bit of an anti climax that I can’t authenticate guests with radius (We use ACS and I was hoping to hook radius into an ODBC database we have setup called open galaxy)
  Regards
  Kevin Woodhouse

  Well I will try to answer your 2nd questions.... will it work... yes.  It is like any other radius server (high end:))  But why would you do this for guest.... there is no reason to open up a port on your FW and to add guest accounts to and worse... add them in AD.  Your guest anchor can supply a web-auth, is able to have a lobby admin account to create guest acounts and if you look at it, it leaves everything in the DMZ.
  Now if you are looking at the self service.... what does that really give you.... you won't be able to controll who gets on, people will use bogus info and last but not least.... I have never gotten that to work right.  Had the BU send me codes that never worked, but again... that was like a year ago and maybe they fixed that.  That is my opinion.

• I'm switching from PC to Mac. I'm using my one time switch for Lightroom. I have elements 7. Can I upgrade or do I née to just buy outright?

  I'm switching from PC to Mac. I'm using my one time switch for Lightroom. I have elements 7. Can I upgrade or do I née to just buy outright?

  If you use the organizer, you need to buy the boxed version of PSE 12. You can usually find it at big box stores and online retailers for less than adobe's upgrade price, if you shop around. You need the boxed version because you get a serial  number that works on both platforms, and you will need to install PSE 12 in windows first, upgrade your catalog, then make a full backup to a removable drive and restore from that to the mac, after installing PSE 12 there.
  If you don't use organizer, it doesn't matter.

• Is there a free one time replacement for accidental broke screen on iPad 2?

  Is there a one-time replacement for accidentally broken iPad 2 screen.

  I tried on my less than month old iPad2 64gb.
  I had to make 2 trips (one to schedule appt and one for the "Genius" appointment) for what I knew would be the answer ($349) so kind of frustrating experience -- especially listening to the litany of other relatively mundane problems people were having.  Then made a 3rd appointment to see if the meltdown another custormer next to me was having affected my review with Genius #1.  Same result.  Hard to justify over $1k investment in less than a month.  Genius #2 agreed and suggested to use a screen cover laminate and await next version.
  I did not drop mine -- but it fell over face first while using the smart cover as a stand.  Of course it fell on a granite counter top but the glass shattered/cracked (yet stayed in place).  Still works so using the cellophane envelope to keep glass shards from cutting me.  Looks quite stupid in public.
  Overall not a pleasant experience.  Wasn't expecting a free replacement -- but also not expecting the 2 trips, seemingly discretionary ad hoc Genius review, long wait and the absence of a simple screen replacement/cheaper option.

• WLC to ISE authentication for Guest

  Hi Experts,
  Hope if you could guide me with our setup for Guest users. Below is what we are doing
  a)     Guest connects to SSID
  b)     WLC is being used to redirect Guest HTTP to WLC internal Portal
  c)     WLC forwards guest authentication details to cisco ISE [ISE and WLC radius]
  The guest connects to SSID and does get WLC portal for authentication, when the username and password entered on Cisco ISE i see error message as
  'User Identity not found in any of Identity Store' though it is going through correct Store and the Guest name is certainly configured on Cisco ISE. ISE version is 1.2 and WLC is 7.4, please let me know if i am missing anything here.
  Appreciate your help

  The first method is local web authentication. In this case, the WLC redirects the HTTP traffic to an internal or external server where the user is prompted to authenticate. The WLC then fetches the credentials (sent back via an HTTP GET request in the case of external server) and makes a RADIUS authentication. In the case of a guest user, an external server (such as Identity Services Engine (ISE) or NAC Guest Server (NGS)) is required as the portal provides features such as device registering and self-provisioning. The flow includes these steps:
  Please follow below guide for step by step configuration:
  http://www.cisco.com/en/US/products/ps11640/products_configuration_example09186a0080bead09.shtml

• RADIUS Authentication for Guest users

  Hi,
  I currently use a 4402 WLC located in our DMZ to authenticate Guest users - local authentication is in place.  I would not like to setup RADIUS authentication via a Cisco NAC server.  In order not to affect current guest users, I created a new WLAN and configured with RADIUS server details under WLANs->Edit->Security.  I can associate to new WLAN and obtain a DHCP address no problem, but when I browse to an external website, I do not get prompted for authentication from the RADIUS server.  I don't see any auth requests hitting our firewal, so am assuming the problem is with the WLC config.
  Can anyone provide any details of what config is required?
  Security Policy - Web-Auth
  Security-> L2 - None
  Security-> L3 - Authentication
  Security-> AAA Servers - Auth and Acc server set
  Many thanks
  Liam

  your setup sounds pretty okay. have you got local user accounts set up on the WLC for the test WLAN? if you do, check to see that the priority order for web authentication for the test WLAN prefers the AAA account. you will have to do it directly on your controller as i do not think you have that option in WCS.
  hope that helps

• Authentication for Guest Access

  Hi, we are looking for a solution for either automated daily creation of guest user accounts or a console for clients enter their details which in turn creates the guest account on the controller.
  If we go down the path of automation, policy requires a single username/password for each day, unfortuntely WLC scheduled guest account creation is not an option as the reocurrence doesn't change the password, but it would be a handy feauture if Cisco would like to introduce it in a future release
  The CLI has the option to create 'config netuser add [name] [password] WLANID [X] userType guest lifetime [seconds]' - Can we schedule and email this from the CLI on the controller?
  Appreciate your time.
  Brendan

  Brendan,
  Currently there is no way to automate this process. The process that has been developed is either an admin on the wlc/wcs creates the account or the use of the lobby admin feature. WCS has the lobby admin feature also to create accounts but it isn't intended for guest users to create their own account.
  The wlc doesn't have a schedule to enter a command via the cli, but I bet you can developer some web base guest creation that would send the command to the wlc and remember that command to remove it later.
  Sent from Cisco Technical Support iPhone App

• Can we generate one report tab for each of the prompt values selected in the bobj 4.0 webi report.

  can we generate one report tab which filters
  with each prompt value selected in bobj 4.0 webi report.

  Hi Shrinidhi ,
  It can be achievable with static tabs created for each LOV .But this is not recommended because , object values can change dynamically .
  It is good idea to use section on prompt object in the report .With sections great feature available is in larger report it’s easy to navigate using map. It displays the section tree.You can select the particular LOV to navigate.

• Block one time vendors for PO but allow for RFQ

  Hi Gurus,
  I want to use One time vendor records only for RFQ creation;but it should not be possible to create PO using those one time vendors.
  In case of regular vendors for RM/PM, quality info records in purchasing is active. But this is not the case of indirect purchases.
  Please help.
  Regards,
  krishna

  Hi,
  In XK05 transaction u have the option to block vendor for different application.
  U can block for Purchase order.
  Check in XK05 and block appropriately and check running the scenarios.

• One time charge for an Item in sales order

  Hi:
  The situation we have is that when a order comes in for a part, we need to have a one time charge (installation charge per say). Any subsequent orders for the same part by that customer should not include that charge.
  I can certainly code in user exit (add item to XVBAP when condition is met). Is there a way to do this via configuration?.
  Appreciate your help.
  Thanks.

  I don't think so. The only thing that comes to my mind is a manual condition type that you will assign to the first sales order and not to the subsequent ones. Now the question, whether you choose this approach or a programmatic approach, is how will you determine whether this is the first or subsequent order. Also, if the first order has that item, but was subsequently cancelled or returned, how will you manage that? Imagine going through VBAK and VBAP, every time the customer places the order to figure out if there is an existing order!! After a couple of years, you may be doing archiving of the documents. How will you determine if your customer previously placed an order but was archived or didn't place the order.
  One solution that comes to my mind is a Z table which stores customer number, material number, sales order number and item number. This needs to be updated everytime a sales order is created or changed. Then you can decide if there was a previous order simply querying this database. It can be added as a requirement for pricing to go this table to check for the existance of a previous order and then include or don't include the condition type(for one time installation charge) depending on the result.
  Please reward and close if this response helped you and solved your problem.
  Srinivas

• One-Time Payment for Student Edition CC

  I have the student edition of CS5 and want to go to CC.
  Can a one-time payment be made for the year, rather than monthly credit card billing?
  Thanks.
  JR

  You can buy CC prepaid vouchers, but to my knowledge they are not available with student discounts. Anyway, inquire with S&T support for such specific questions.
  Mylenium

• Can not generate one xsd file  for message type in xi

  Dear Experts.
  I am not able to generate  one XSD file from  message type from XI 3.0, When i select message type and go to XSD tab  then click on export xsd to file, it is generating two xsd files MainSchema.xsd,  Schema1.xsd  into one zip file, but i need only one xsd file to import it into MDM.
  Could you please help
  Thanks and Regards.
  Sravya.
  The following are the two files. MainSchema.xsd,  Schema1.xsd .

  Hi Harsha,
  Thanks lot for the immediate response. Appreciate it.
  Now I am able to generate the one xsd with your inputs , but i am not able to load it into mdm with out any changes in the generated XSD from Message Type. the below is only the original root tag, where modification required.
  Original  Element : MDM_CUST_MASTER_FILE_REQUEST_MT
  ==============
  <xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="urn:abc.com:MDM_Customer_Master_ECC" targetNamespace="urn:abc.com:MDM_Customer_Master_ECC">
  <xsd:element name="MDM_CUST_MASTER_FILE_REQUEST_MT" type="MDM_CUST_MASTER_FILE_REQUEST_DT" />
  etc.
  Case :.When i modify the above element as below  with out xmlns, targetNamespace
  <xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <xsd:element name="MDM_CUST_MASTER_FILE_REQUEST_MT" type="MDM_CUST_MASTER_FILE_REQUEST_DT" />
  I can import xsd into mdm with the above modification.
  The generated XML out put File from mdm is having message type tag like below
  ?xml version="1.0" encoding="UTF-8"?>
  <MDM_CUST_MASTER_FILE_REQUEST_MT> 
  <CUSTOMER> </customer> ...
  note: no namespace for message type
  Result:
  1.When i send this xml file into XI it is failing in message mapping  because it doesn't have namespace attached to it and failing in message mapping.
  Finally i need your help to generate the xsd or data file like below to avoid mapping problem in xi.
  <?xml version="1.0" encoding="UTF-8" ?>
  - <ns0:MDM_CUST_MASTER_FILE_REQUEST_MT xmlns:ns0=urn:abc.com:MDM_Customer_Master_ECC>
  Appreciate your help.
  Thanks and Regards.
  Sravya.

• Local Authentication for Guest accounts created on WCS

  I'm not sure this is technically possible but I have a requirement to set up an SSID on a WLC whereby I can provision guest user accounts from the WCS and have the WLC / SSID authenticate against the guest account created on the WCS. The SSID would not be a web-auth / layer 3 auth model but preferably be able to utilise layer 2 authentication (802.1x) against the account within WCS. Can anyone tell me if this is actually possible?
  Thanks in advance for your help.
  Cheers
  Sent from Cisco Technical Support iPad App

  Ok then .. Sounds like you are already very fimilar with the wlc..
  Lets kick a few ideas around ..
  If you want to use WCS lobby then you cant use radius, becuase WCS will not update radius accounts. But you could use the WLC as a radius server and store the guest account(s) on the WLC. Gives you 802.1X security, WCS loddy admin access and your guest accounts. You can also expire the accounts as well. So you would move the control from radius to the wlc. You can also apply your qos / bandwidth.
  Another option would be to create radius accounts. Set up your guest wlan, point it to radius. You can still apply a global bandwith restriction within the qos profile on the wlc.
  "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
  ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

• ISE wireless web authentication for guest management not redirecting

  Hi forumers'
  I face the problem that after connecting to the wireless guest network, it won't redirect me to the ISE guest portal . This happen on my iPhone. The iPhone is running on iOS 5.0.1
  Whilst on workstation it's working well.
  attach the snapshot of what happen on the iPhone.
  Any clue to torubleshoot? Thanks
  Noel

  Hi
  I still fail whilst i testing on my iPhone.
  I'm not using ISE self-signed certificate, i create CSR and signed by root CA server. So once i try to connect it won't prompt me the "accept ceritficate"
  My WLC local auth certificate verdor certificate is signed by the same root CA server as well.
  So i test on desktop to run safari broswer, it able to redirect to ISE guest portal.
  Can please suggest more troubleshooting guide?
  Thanks
  This is how the outcome for the safari broswer
  Noel

• Source code to generate one-time download URL?

  Done.

  Hello,
  Since this issue is related with web applications, I suggest that you could post to web related forum:
  http://forums.asp.net/
  If you want to know things about IIS, you could post your questions to IIS forum:
  http://forums.iis.net/
  The current forum is for .NET Class Libraries.
  Regards.
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.