Jabber Guest Server Download

Hi all,
I will install jabber guest to run a demo on a customer, where can i download the jabber guest server iso file ?
Thanks
patcbr600

Hi - the question is answered in this thread:
https://supportforums.cisco.com/discussion/12243866/jabber-guest
Mike

Similar Messages

  • Jabber Guest server Local SSL certificate

    Hi , trying to download a local ssl certificate from jabberguest server and issued a 'generate a new self signed certificate' request. system shows 'a certificate signing request is being created, please wait' . unfortunetly its been like that for 2 days now - even after rebooting the server it still reports the same. (version is 10.5.3.115)....any advice appreciated.....TIA , Jeff

    Jeff,
    I had a look at my Jabber Guest server this morning and oddly enough I found the same thing as you did. I'm not sure when the server got into this state however I can say it has been fully functional. Anyway, there are two options that you generally should have.
    1) "Generate a New Self-Signed Certificate"
    2) "Create a New Certificate Signing Request"
    To restore these options I had to run the certificate scripts through the root of the system.
    1) cd /opt/cisco/webcommon/scripts/
    2) ./createcsr.sh   (This is for the Cert Signing Request)
    3) ./selfsigned.sh  (This is for the Self Sign)
    After running each script you'll need to run through the general certificate questions.
    I hope this helps.
    -P

  • Jabber GUest Server 10.5 Install and deploy

    HI,
    I try  to install and deploy my first jabber guest Server 10.5 .What I see is that I should use a secure sip trunk to the ucm ? is this really needed ?,because if I use secure sip trunk I have to install certs
    Could I deploy it without secure sip trunk ? and only use self cert between expressway c and e ?
    Thanks for your Information
    Josef

    Hi Josef,
    It is fine to configure SIP trunk on UCM to be non-secure. 
    Between C and E you just need to make sure there are CA-signed certs installed.  Doesn't matter which CA, could be your own.
    Hope this helps.
    Mike

  • Jabber Guest Software is missing

    Dear All,
    I could not find Jabber Guest Server software under downloads page. I would appreciate if one else also verify this.
    Regards,

    Dear Jaime,
    Thank you for your reply. But l am struggling to find Jabber Guest software on downloads page.
    Are you able to find Jabber Guest software on Cisco downloads page?
    Regards,

  • My first Jabber Guest link not working

    So I believe I have everything set up correctly for Jabber Guest, but when I browse to the link I created I either get the Expressway Edge login page, or if I'm logged in to the Exp I get "The requested URL /call/8888 was not found on this server."  Maybe I'm confused on how the domains are supposed to work together, but shouldn't I be able to use the FQDN of the Expressway Edge in my Jabber Guest links?  Thanks!  Mike

    From the Cisco Jabber Guest Server 10.0 Installation and Configuration Guide:
    The Cisco Expressway-E administrator currently uses port 80 and therefore, incoming requests from the Cisco Jabber Guest client to Cisco Expressway-E on port 80 need to be remapped to port 9980 using a firewall (or similar) in front of Cisco Expressway-E.
    The Cisco Expressway-E administrator currently uses port 443 and therefore, incoming requests from the Cisco Jabber Guest client to Cisco Expressway-E on port 443 need to be remapped to port 9443 using a firewall (or similar) in front of Cisco Expressway-E.

  • Customize Jabber Guest

    Is it possible to customize Jabber Guest in any way?  One thing in particular I'm looking to do is enable a way for users to enter their name prior to joining a call so that multiple Jabber Guest users can be distinguished in a call.  Is that possible with Jabber Guest or do I need to use Jabber SDK?
    Thanks, Mike

    Hi Mike,
    This would require some custom development using the Jabber Guest API.  At a high level, when the user enters their name, you would use that information to create a link on-the-fly using the Jabber Guest API (populating Caller Name with the name they entered), and then load their special link so they can click on it and start the call. 
    For more information on the Jabber Guest API look here:  https://developer.cisco.com/site/jabber-guestsdk/documents/guest-server-api/
    We also have some sample code which shows how you might do this on the web client, at link above, go to drop-down menu Downloads | Jabber Guest SDK for Web demo. 
    Similar approach would work for mobile clients as well. 
    Mike

  • NAC Guest Server and WLC's

    Just wanted to know if this will work or not...
    I was looking at a design from a client and they had two CAM and CAS plus a Guest server. My client wants to use the equipment above for guest access. The problem I'm having is that I'm building a wireless network with guest anchor WLC's in the DMZ. So my wireless users will be tunneled to the DMZ controller. Also, the WLC can have a splash page uploaded to it and also authenticate users locally in the DB. They don't want any remediation, just authentication.... is this a waste of money or would would actually implement this?

    I've some (very) basic questions.
    Let's say guest vlan = x
    1)vlan x should be created on the foreign controllers as on the anchor controller, with the same properties
    2)on the anchor controller a dynamic interface has to be created acting as default gateway for the guest clients.
    3)it's advised to place the guest server in the guest vlan? Eg. Somewhere in the server farm?
    4)Once traffic coming from the guests is arrived at the anchor controller. (I know to less of WLC ;)) Will it forwarded with as source IP, the IP of the anchor controller towards the anchor default gateway (firewall or internet router?)
    4)authentication: user connect to SSID guest and opens a browser. The user is redirected and a login page is displayed. Is this page downloaded from the anchor controller? I think it is and pushed via WCS. So Guest NAC server has nothing to deal with this page? Correct?
    The anchor controller polls the nac guest server with the given credentials. Anchor controller forwards the credentials to the NAC guest server. The NGS replies with authenticated or not. If authenticated. The guest can browse. Probably on regular base, the anchor controller will poll the NAC guest in order to check if he's still authenticated and if enabled pass information to the NAC guest for accounting. Is this somehow ok?
    I've found to open the following ports in the firewall:
    UDP 97 for EoIP
    UDP 16666 for intercontroller traffic
    and 1812/1813 for Radius.
    Thanks in advance

  • What is call manager doing with Jabber guest if you have no endpoints registered to Call manager?

    Our Call  Manager deployment is in it's VERY early stages. We have a Telepresence infrastructure at the moment (VCS Control and Expressway). All of our TP endpoints and Jabber Telepresence clients are registered to the VCS. What is going on that the Jabber guest and VCS server need call manager for? I know it's REQUIRED in the manual and I saw a slide somewhere that said using Jabber Guest without Call manager is NOT SUPPORTED.
    Realistically though, I might not get permission to build a SIP trunk between the new Call manager and VCS for some time..so...supported or not will it work without call  manager or is there something going on that's critical on call manager to make it work regardless of the fact that there is nothing registered to CUCM?
    thanks!

    Hi Douglas,
    As you've gathered this configuration is not supported, and hence we don't actively test it or document it.  That said, it should work fine
    Mike

  • NAC Guest Server 2.0.5

    Hello Everybody,
    We have NAC Guest Server version 2.0.5, our customer has two requeriments, one of them is to assign manually password to a new account, the second is change the state inactive of the account to active state. As I saw in this version, i can't do it.
    Is possible to do both requeriments on a later release of NAC Guest Server?
    Thanks

    Sri,
    You are right this isnt well documented. My guess is that you will download the same upgrade file from cco for the upgrade to 2.0.3 and then follow the same steps. However, that is something that should be documented. Can you open a TAC case and have them file a documentation bug for this.
    Thanks,
    Tarik Admani
    *Please rate helpful posts*

  • Wired WebAuth with NAC Guest Server

    Hi,
    I am trying to get wired WebAuth working with NAC Guest Server. In the switch_login.html file example, what should be changed for this line:
    ngsOptions.actionUrl = https://1.1.1.1/;
    Should this be an IP address on the switch? Shoul I have this pointing to the success.html page like this:
    ngsOptions.actionUrl = "https://1.1.1.1/success.html";
    When I log on, and accept the AUP, my browser just sits there trying to access Https://1.1.1.1/?redirect-url=blah blah blah
    Thanks,
    Peter

    FYI,
    In my case I WAS getting the switch_login.html web page being displayed, but after entering credentials and submitting the Acceptable Use Policy page, I did NOT 'see' any radius traffic between the switch (C2960S 12.2(55)SE3) and the ACS 5.3 radius server?!.
    I used the sample .html docs that you can find on the NAC Guest Server in the 'samples' folder on that server. I used WCP app to copy them to my PC/laptop before modifying where relevant and copying to flash on switch and to the wireless 'hotspot' folders on the NGS.
    I went through the following document in url below line by line, paragraph by paragraph and found that I had left out the following command in the configuration:
    aaa authentication login default group radius
    see doc at:
    http://www.cisco.com/en/US/docs/solutions/Enterprise/Security/TrustSec_1.99/WebAuth/WebAuth_Dep_Guide.html#wp392553
    So I added it in and I am now seeing the radius debug traffic being redirected to the ACS by the switch when a user submits the credentials.
    aaa new-model
    aaa authentication login default group radius
    aaa authentication login VTY-USER-LOGIN local
    aaa authentication dot1x default group radius
    aaa authorization console
    aaa authorization exec EXEC-LOCAL local
    aaa authorization network default group radius
    aaa authorization auth-proxy default group radius
    aaa accounting auth-proxy default start-stop group radius
    aaa accounting dot1x default start-stop group radius
    with debug radius enabled:
    Feb  1 13:36:09 PST: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/4, changed state to down
    TEST-802.1X#
    Feb  1 13:36:10 PST: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/4, changed state to down
    TEST-802.1X#
    Feb  1 13:36:18 PST: %AUTHMGR-5-START: Starting 'dot1x' for client (848f.69f0.fcc7) on Interface Gi1/0/4 AuditSessionID 0AA7404A0000054E16335518
    TEST-802.1X#
    Feb  1 13:36:20 PST: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/4, changed state to up
    Feb  1 13:36:21 PST: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/4, changed state to up
    TEST-802.1X#
    Feb  1 13:36:27 PST: %DOT1X-5-FAIL: Authentication failed for client (848f.69f0.fcc7) on Interface Gi1/0/4 AuditSessionID
    Feb  1 13:36:27 PST: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (848f.69f0.fcc7) on Interface Gi1/0/4 AuditSessionID 0AA7404A0000054E16335518
    Feb  1 13:36:27 PST: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (848f.69f0.fcc7) on Interface Gi1/0/4 AuditSessionID 0AA7404A0000054E16335518
    Feb  1 13:36:27 PST: %AUTHMGR-5-START: Starting 'mab' for client (848f.69f0.fcc7) on Interface Gi1/0/4 AuditSessionID 0AA7404A0000054E16335518
    Feb  1 13:36:27.367 PST: RADIUS/ENCODE(0000058E):Orig. component type = DOT1X
    Feb  1 13:36:27.367 PST: RADIUS(0000058E): Config NAS IP: 10.167.64.74
    Feb  1 13:36:27.367 PST: RADIUS/ENCODE(0000058E): acct_session_id: 1421
    Feb  1 13:36:27.367 PST: RADIUS(0000058E): sending
    Feb  1 13:36:27.367 PST: RADIUS(0000058E): Send Access-Request to 10.167.77.70:1645 id 1645/14, len 211
    Feb  1 13:36:27.372 PST: RADIUS:  authenticator 2E F0 62 2D 43 D9 7D 2A - 7C 88 0A 52 B9 6E 78 A8
    Feb  1 13:36:27.372 PST: RADIUS:  User-Name           [1]   14  "848f69f0fcc7"
    Feb  1 13:36:27.372 PST: RADIUS:  User-Password       [2]   18  *
    Feb  1 13:36:27.372 PST: RADIUS:  Service-Type        [6]   6   Call Check                [10]
    Feb  1 13:36:27.372 PST: RADIUS:  Framed-MTU          [12]  6   1500                     
    Feb  1 13:36:27.372 PST: RADIUS:  Called-Station-Id   [30]  19  "20-37-06-C8-68-84"
    Feb  1 13:36:27.372 PST: RADIUS:  Calling-Station-Id  [31]  19  "84-8F-69-F0-FC-C7"
    Feb  1 13:36:27.372 PST: RADIUS:  Message-Authenticato[80]  18 
    Feb  1 13:36:27.372 PST: RADIUS:   11 20 B4 9A B6 E2 56 30 AC EC 43 CD 17 13 3E 14             [  V0C>]
    Feb  1 13:36:27.372 PST: RADIUS:  EAP-Key-Name        [102] 2   *
    Feb  1 13:36:27.372 PST: RADIUS:  Vendor, Cisco       [26]  49 
    Feb  1 13:36:27.372 PST: RADIUS:   Cisco AVpair       [1]   43  "audit-session-id=0AA7404A0000054E16335518"
    Feb  1 13:36:27.372 PST: RADIUS:  NAS-Port-Type       [61]  6   Ethernet                  [15]
    Feb  1 13:36:27.372 PST: RADIUS:  NAS-Port            [5]   6   50104                    
    Feb  1 13:36:27.372 PST: RADIUS:  NAS-Port-Id         [87]  22  "GigabitEthernet1/0/4"
    Feb  1 13:36:27.372 PST: RADIUS:  NAS-IP-Address      [4]   6   10.167.64.74             
    Feb  1 13:36:27.372 PST: RADIUS(0000058E): Started 5 sec timeout
    Feb  1 13:36:27.377 PST: RADIUS: Received from id 1645/14 10.167.77.70:1645, Access-Reject, len 38
    Feb  1 13:36:27.377 PST: RADIUS:  authenticator 68 CE 3D C8 C3 BC B2 69 - DB 33 F5 C0 FF 30 D6 33
    Feb  1 13:36:27.377 PST: RADIUS:  Message-Authenticato[80]  18 
    Feb  1 13:36:27.377 PST: RADIUS:   82 3D 31 0A C7 A2 E0 62 D5 B7 6B 26 B8 A0 0B 46            [ =1bk&F]
    Feb  1 13:36:27.377 PST: RADIUS(0000058E): Received from id 1645/14
    Feb  1 13:36:27 PST: %MAB-5-FAIL: Authentication failed for client (848f.69f0.fcc7) on Interface Gi1/0/4 AuditSessionID 0AA7404A0000054E16335518
    Feb  1 13:36:27 PST: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'mab' for client (848f.69f0.fcc7) on Interface Gi1/0/4 AuditSessionID 0AA7404A0000054E16335518
    Feb  1 13:36:27 PST: %AUTHMGR-7-FAILOVER: Failing over from 'mab' for client (848f.69f0.fcc7) on Interface Gi1/0/4 AuditSessionID 0AA7404A0000054E16335518
    Feb  1 13:36:27 PST: %AUTHMGR-5-START: Starting 'webauth' for client (848f.69f0.fcc7) on Interface Gi1/0/4 AuditSessionID 0AA7404A0000054E16335518
    Feb  1 13:36:27 PST: %AUTHMGR-7-RESULT: Authentication result 'success' from 'webauth' for client (848f.69f0.fcc7) on Interface Gi1/0/4 AuditSessionID 0AA7404A0000054E16335518
    Feb  1 13:36:27 PST: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (848f.69f0.fcc7) on Interface Gi1/0/4 AuditSessionID 0AA7404A0000054E16335518
    Feb  1 13:36:27.933 PST: RADIUS/ENCODE(0000058E):Orig. component type = DOT1X
    Feb  1 13:36:27.933 PST: RADIUS(0000058E): Config NAS IP: 10.167.64.74
    Feb  1 13:36:27.933 PST: RADIUS(0000058E): sending
    Feb  1 13:36:27.933 PST: RADIUS(0000058E): Send Accounting-Request to 10.167.77.70:1646 id 1646/151, len 100
    Feb  1 13:36:27.933 PST: RADIUS:  authenticator D0 F0 04 F3 A5 08 90 BE - A9 07 8D 32 1B 0E 93 AC
    Feb  1 13:36:27.933 PST: RADIUS:  Acct-Session-Id     [44]  10  "0000058D"
    Feb  1 13:36:27.933 PST: RADIUS:  Framed-IP-Address   [8]   6   10.167.72.52             
    Feb  1 13:36:27.933 PST: RADIUS:  Acct-Authentic      [45]  6   RADIUS                    [1]
    Feb  1 13:36:27.933 PST: RADIUS:  Acct-Status-Type    [40]  6   Start                     [1]
    Feb  1 13:36:27.933 PST: RADIUS:  NAS-Port-Type       [61]  6   Ethernet                  [15]
    Feb  1 13:36:27.933 PST: RADIUS:  NAS-Port            [5]   6   50104                    
    Feb  1 13:36:27.933 PST: RADIUS:  NAS-Port-Id         [87]  22  "GigabitEthernet1/0/4"
    Feb  1 13:36:27.933 PST: RADIUS:  Service-Type        [6]   6   Framed                    [2]
    Feb  1 13:36:27.933 PST: RADIUS:  NAS-IP-Address      [4]   6   10.167.64.74             
    Feb  1 13:36:27.933 PST: RADIUS:  Acct-Delay-Time     [41]  6   0                        
    TEST-802.1X#
    Feb  1 13:36:27.938 PST: RADIUS(0000058E): Started 5 sec timeout
    Feb  1 13:36:27.938 PST: RADIUS: Received from id 1646/151 10.167.77.70:1646, Accounting-response, len 20
    Feb  1 13:36:27.938 PST: RADIUS:  authenticator C2 DC 8D C7 B1 35 67 D9 - 28 2B 56 E4 4A 1E AD 65
    At this point the user enters the credentials on the switch_login.html page and the clicks Submit on the Acceptable Use Policy splash page.
    TEST-802.1X#
    Feb  1 13:36:41.413 PST: RADIUS/ENCODE(0000058F):Orig. component type = AUTH_PROXY
    Feb  1 13:36:41.413 PST: RADIUS(0000058F): Config NAS IP: 10.167.64.74
    Feb  1 13:36:41.413 PST: RADIUS/ENCODE(0000058F): acct_session_id: 1422
    Feb  1 13:36:41.413 PST: RADIUS(0000058F): sending
    Feb  1 13:36:41.413 PST: RADIUS(0000058F): Send Access-Request to 10.167.77.70:1645 id 1645/15, len 176
    Feb  1 13:36:41.413 PST: RADIUS:  authenticator 6D 34 7E D6 34 B5 CB AC - 09 1F AC 5A 34 97 7D 6B
    Feb  1 13:36:41.413 PST: RADIUS:  User-Name           [1]   11  "testuser1"
    Feb  1 13:36:41.413 PST: RADIUS:  User-Password       [2]   18  *
    Feb  1 13:36:41.413 PST: RADIUS:  Calling-Station-Id  [31]  14  "ip|G
    Feb  1 13:36:41.413 PST: RADIUS:  Service-Type        [6]   6   Outbound                  [5]
    Feb  1 13:36:41.413 PST: RADIUS:  Message-Authenticato[80]  18 
    Feb  1 13:36:41.413 PST: RADIUS:   F8 4D 85 64 05 5E C9 1D D8 11 B2 A3 1A 3A 76 E0             [ Md^:v]
    Feb  1 13:36:41.413 PST: RADIUS:  Vendor, Cisco       [26]  49 
    Feb  1 13:36:41.418 PST: RADIUS:   Cisco AVpair       [1]   43  "audit-session-id=0AA7404A0000054E16335518"
    Feb  1 13:36:41.418 PST: RADIUS:  NAS-Port-Type       [61]  6   Ethernet                  [15]
    Feb  1 13:36:41.418 PST: RADIUS:  NAS-Port            [5]   6   50104                    
    Feb  1 13:36:41.418 PST: RADIUS:  NAS-Port-Id         [87]  22  "GigabitEthernet1/0/4"
    Feb  1 13:36:41.418 PST: RADIUS:  NAS-IP-Address      [4]   6   10.167.64.74             
    Feb  1 13:36:41.418 PST: RADIUS(0000058F): Started 5 sec timeout
    Feb  1 13:36:41.424 PST: RADIUS: Received from id 1645/15 10.167.77.70:1645, Access-Accept, len 173
    Feb  1 13:36:41.424 PST: RADIUS:  authenticator 28 48 DE B5 1A 0A 71 5A - 3B 8B 7A 12 FB EA 01 58
    Feb  1 13:36:41.424 PST: RADIUS:  User-Name           [1]   11  "testuser1"
    Feb  1 13:36:41.424 PST: RADIUS:  Class               [25]  28 
    Feb  1 13:36:41.424 PST: RADIUS:   43 41 43 53 3A 78 62 63 2D 61 63 73 2F 31 31 36  [CACS:xbc-acs/116]
    Feb  1 13:36:41.424 PST: RADIUS:   34 37 33 32 33 39 2F 31 36 36        [ 473239/166]
    Feb  1 13:36:41.424 PST: RADIUS:  Session-Timeout     [27]  6   3600                     
    Feb  1 13:36:41.424 PST: RADIUS:  Termination-Action  [29]  6   1                        
    Feb  1 13:36:41.424 PST: RADIUS:  Message-Authenticato[80]  18 
    Feb  1 13:36:41.424 PST: RADIUS:   10 80 26 5D 02 C5 15 0C A8 16 AA 35 14 C9 4F 14              [ &]5O]
    Feb  1 13:36:41.424 PST: RADIUS:  Vendor, Cisco       [26]  19 
    Feb  1 13:36:41.429 PST: RADIUS:   Cisco AVpair       [1]   13  "priv-lvl=15"
    Feb  1 13:36:41.429 PST: RADIUS:  Vendor, Cisco       [26]  65 
    Feb  1 13:36:41.429 PST: RADIUS:   Cisco AVpair       [1]   59  "ACS:CiscoSecure-Defined-ACL=#ACSACL#-IP-GuestACL-4eefc9a0"
    Feb  1 13:36:41.429 PST: RADIUS(0000058F): Received from id 1645/15
    Feb  1 13:36:41.439 PST: RADIUS/ENCODE(0000058F):Orig. component type = AUTH_PROXY
    Feb  1 13:36:41.439 PST: RADIUS(0000058F): Config NAS IP: 10.167.64.74
    Feb  1 13:36:41.439 PST: RADIUS(0000058F): sending
    Feb  1 13:36:41.439 PST: RADIUS/ENCODE(00000000):Orig. component type = INVALID
    Feb  1 13:36:41.444 PST: RADIUS(00000000): Config NAS IP: 10.167.64.74
    Feb  1 13:36:41.444 PST: RADIUS(00000000): sending
    Feb  1 13:36:41.450 PST: RADIUS(0000058F): Send Accounting-Request to 10.167.77.70:1646 id 1646/152, len 119
    Feb  1 13:36:41.450 PST: RADIUS:  authenticator 23 E3 DA C3 06 5B 37 20 - 67 E2 96 C5 90 1C 71 33
    Feb  1 13:36:41.450 PST: RADIUS:  Acct-Session-Id     [44]  10  "0000058E"
    Feb  1 13:36:41.450 PST: RADIUS:  Calling-Station-Id  [31]  14  "10.167.72.52"
    Feb  1 13:36:41.450 PST: RADIUS:  User-Name           [1]   11  "testuser1"
    Feb  1 13:36:41.450 PST: RADIUS:  Acct-Authentic      [45]  6   RADIUS                    [1]
    Feb  1 13:36:41.455 PST: RADIUS:  Acct-Status-Type    [40]  6   Start                     [1]
    Feb  1 13:36:41.455 PST: RADIUS:  NAS-Port-Type       [61]  6   Ethernet                  [15]
    Feb  1 13:36:41.455 PST: RADIUS:  NAS-Port            [5]   6   50104                    
    Feb  1 13:36:41.455 PST: RADIUS:  NAS-Port-Id         [87]  22  "GigabitEthernet1/0/4"
    Feb  1 13:36:41.455 PST: RADIUS:  Service-Type        [6]   6   Outbound                  [5]
    Feb  1 13:36:41.455 PST: RADIUS:  NAS-IP-Address      [4]   6   10.167.64.74             
    Feb  1 13:36:41.455 PST: RADIUS:  Acct-Delay-Time     [41]  6   0                        
    Feb  1 13:36:41.455 PST: RADIUS(0000058F): Started 5 sec timeout
    Feb  1 13:36:41.455 PST: RADIUS(00000000): Send Access-Request to 10.167.77.70:1645 id 1645/16, len 137
    Feb  1 13:36:41.455 PST: RADIUS:  authenticator 02 B0 50 47 EE CC FB 54 - 2A B6 14 23 63 86 DE 18
    Feb  1 13:36:41.455 PST: RADIUS:  NAS-IP-Address      [4]   6   10.167.64.74             
    Feb  1 13:36:41.455 PST: RADIUS:  User-Name           [1]   31  "#ACSACL#-IP-GuestACL-4eefc9a0"
    Feb  1 13:36:41.455 PST: RADIUS:  Vendor, Cisco       [26]  32 
    Feb  1 13:36:41.455 PST: RADIUS:   Cisco AVpair       [1]   26  "aaa:service=ip_admission"
    Feb  1 13:36:41.455 PST: RADIUS:  Vendor, Cisco       [26]  30 
    Feb  1 13:36:41.455 PST: RADIUS:   Cisco AVpair       [1]   24  "aaa:event=acl-download"
    Feb  1 13:36:41.455 PST: RADIUS:  Message-Authenticato[80]  18 
    Feb  1 13:36:41.455 PST: RADIUS:   15 EC 10 E7 2F 67 33 DD BC B5 AE 11 E3 C3 19 E1               [ /g3]
    Feb  1 13:36:41.455 PST: RADIUS(00000000): Started 5 sec timeout
    Feb  1 13:36:41.455 PST: RADIUS: Received from id 1646/152 10.167.77.70:1646, Accounting-response, len 20
    Feb  1 13:36:41.455 PST: RADIUS:  authenticator AB 0F 81 95 71 A9 61 E0 - 5B B5 D3 2E 8D A2 68 98
    Feb  1 13:36:41.460 PST: RADIUS: Received from id 1645/16 10.167.77.70:1645, Access-Accept, len 560
    Feb  1 13:36:41.460 PST: RADIUS:  authenticator 64 53 94 79 CF CD 05 B0 - ED 12 5C 5B A0 AB 4F FA
    Feb  1 13:36:41.460 PST: RADIUS:  User-Name           [1]   31  "#ACSACL#-IP-GuestACL-4eefc9a0"
    Feb  1 13:36:41.460 PST: RADIUS:  Class               [25]  28 
    Feb  1 13:36:41.460 PST: RADIUS:   43 41 43 53 3A 78 62 63 2D 61 63 73 2F 31 31 36  [CACS:xbc-acs/116]
    Feb  1 13:36:41.460 PST: RADIUS:   34 37 33 32 33 39 2F 31 36 38        [ 473239/168]
    Feb  1 13:36:41.460 PST: RADIUS:  Message-Authenticato[80]  18 
    Feb  1 13:36:41.460 PST: RADIUS:   A1 E6 37 EB 60 3A 28 35 92 56 C5 A9 27 7D 2C E9         [ 7`:(5V'},]
    Feb  1 13:36:41.460 PST: RADIUS:  Vendor, Cisco       [26]  38 
    Feb  1 13:36:41.460 PST: RADIUS:   Cisco AVpair       [1]   32  "ip:inacl#1=remark **Allow DHCP"
    Feb  1 13:36:41.460 PST: RADIUS:  Vendor, Cisco       [26]  57 
    Feb  1 13:36:41.460 PST: RADIUS:   Cisco AVpair       [1]   51  "ip:inacl#2=permit udp any eq bootpc any eq bootps"
    Feb  1 13:36:41.460 PST: RADIUS:  Vendor, Cisco       [26]  37 
    Feb  1 13:36:41.460 PST: RADIUS:   Cisco AVpair       [1]   31  "ip:inacl#3=remark **Allow DNS"
    Feb  1 13:36:41.460 PST: RADIUS:  Vendor, Cisco       [26]  47 
    Feb  1 13:36:41.460 PST: RADIUS:   Cisco AVpair       [1]   41  "ip:inacl#4=permit udp any any eq domain"
    Feb  1 13:36:41.460 PST: RADIUS:  Vendor, Cisco       [26]  61 
    Feb  1 13:36:41.460 PST: RADIUS:   Cisco AVpair       [1]   55  "ip:inacl#5=remark **Deny access to Corporate Networks"
    Feb  1 13:36:41.460 PST: RADIUS:  Vendor, Cisco       [26]  53 
    Feb  1 13:36:41.460 PST: RADIUS:   Cisco AVpair       [1]   47  "ip:inacl#6=deny ip any 10.0.0.0 0.255.255.255"
    Feb  1 13:36:41.460 PST: RADIUS:  Vendor, Cisco       [26]  45 
    Feb  1 13:36:41.460 PST: RADIUS:   Cisco AVpair       [1]   39  "ip:inacl#7=remark **Permit icmp pings"
    Feb  1 13:36:41.460 PST: RADIUS:  Vendor, Cisco       [26]  38 
    Feb  1 13:36:41.460 PST: RADIUS:   Cisco AVpair       [1]   32  "ip:inacl#8=permit icmp any any"
    Feb  1 13:36:41.460 PST: RADIUS:  Vendor, Cisco       [26]  50 
    TEST-802.1X#
    Feb  1 13:36:41.460 PST: RADIUS:   Cisco AVpair       [1]   44  "ip:inacl#9=remark **Permit everything else"
    Feb  1 13:36:41.460 PST: RADIUS:  Vendor, Cisco       [26]  37 
    Feb  1 13:36:41.460 PST: RADIUS:   Cisco AVpair       [1]   31  "ip:inacl#10=permit ip any any"
    Feb  1 13:36:41.465 PST: RADIUS(00000000): Received from id 1645/16
    TEST-802.1X#
    TEST-802.1X#
    TEST-802.1X# 
    interface config looks like:
    interface GigabitEthernet1/0/4
    description **User/IPphone/Guest
    switchport access vlan 702
    switchport mode access
    switchport voice vlan 704
    ip access-group PRE-AUTH in
    srr-queue bandwidth share 1 30 35 5
    queue-set 2
    priority-queue out
    authentication event fail action next-method
    authentication event server dead action authorize
    authentication host-mode multi-auth
    authentication open
    authentication order dot1x mab webauth
    authentication priority dot1x mab webauth
    authentication port-control auto
    authentication fallback WEB_AUTH_PROFILE
    mab
    mls qos trust device cisco-phone
    mls qos trust cos
    dot1x pae authenticator
    dot1x timeout tx-period 3
    auto qos voip cisco-phone
    spanning-tree portfast
    service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY

  • NAC Guest Server

    Hi Guru,
    Do we need Cisco NAC appliance or Wireless controller with Cisco NAC Guest Server, or Cisco NAC Guest server can work independently?
    Is there any way to implement Cisco NAC Guest server without NAC appliance or wireless LAN controller?
    Best Regards,
    Ahmed Shahzad.    

    Hi, Tiago,
    I read through the doc you mentioned above and able to get NGS working with ACS via internal database or AD for wired web-auth. Which means, when I plugged a guest PC onto the network, open a broswer, enter either a ACS internal user ID or a domain user ID, the web-auth will work and download the dACL from ACS.
    BTW, I am using switch to intercept HTTP and send them to NGS for web login.
    However, when I tried to enter a Guest ID which got created by NGS, it always failed. And I have the following questions, where the document is not clear.
    1) The sample login page in NGS reference to an IP "1.1.1.1" and the document says it should NOT be used anywhere but needs to be resolvable. What does that mean?
    2) The sample login page in NGS has a HTML code to add "NGS" as the realm which will show as "ngs\guestusername" in the ACS failed log. Why do we need to add that?
    3) The sample login page in NGS use "@" as the realm seperator. What happen if I use email address as username in NGS, which is the default setting?
    4) The sample login page in NGS uses "https://1.1.1.1", can we change that to HTTP? Does it requires crypto image for the switch?
    I am getting different type of error in ACS, one is 11014 RADIUS packet contains invalid attribute(s), one is Authentication against RADIUS Token server failed.
    Please help

  • Guest Server and LDAPS

    I've recently setup our NAC Guest Server and cannot get Secure LDAP to work. The config guide says you can use ldap://server or ldaps://server. When I use ldap://server it works but doesn't when I change it to ldaps. Our LDAP server has a Verisign cert. Any ideas?
    Thanks,
    -Dusty

    I've some (very) basic questions.
    Let's say guest vlan = x
    1)vlan x should be created on the foreign controllers as on the anchor controller, with the same properties
    2)on the anchor controller a dynamic interface has to be created acting as default gateway for the guest clients.
    3)it's advised to place the guest server in the guest vlan? Eg. Somewhere in the server farm?
    4)Once traffic coming from the guests is arrived at the anchor controller. (I know to less of WLC ;)) Will it forwarded with as source IP, the IP of the anchor controller towards the anchor default gateway (firewall or internet router?)
    4)authentication: user connect to SSID guest and opens a browser. The user is redirected and a login page is displayed. Is this page downloaded from the anchor controller? I think it is and pushed via WCS. So Guest NAC server has nothing to deal with this page? Correct?
    The anchor controller polls the nac guest server with the given credentials. Anchor controller forwards the credentials to the NAC guest server. The NGS replies with authenticated or not. If authenticated. The guest can browse. Probably on regular base, the anchor controller will poll the NAC guest in order to check if he's still authenticated and if enabled pass information to the NAC guest for accounting. Is this somehow ok?
    I've found to open the following ports in the firewall:
    UDP 97 for EoIP
    UDP 16666 for intercontroller traffic
    and 1812/1813 for Radius.
    Thanks in advance

  • Cisco Jabber Guest Licensing

    What are the licensing requirments for jabber guest.
    I understand that it needs its own server and all with Expressway Edge and Core in place.
    However, it there a specfic licensing required for Jabber guest

    Sean,
    From what I've read, there will be a seperate license requirement for Jabber Guest... more that likely it will be based on concurrent guest sessions.
    Mind you, this is the only source I could find:
    http://www.pcworld.com/article/2057100/cisco-beefs-up-enterprise-collaboration-tools.html
    Here's the data sheet for Jabber Guest:
    http://www.cisco.com/en/US/products/ps13410/index.html
    Gareth

  • Deploying Jabber guest

    Hi All,
    Just i want to confirm, should jabber requires separate vm, will jabber guest works on IM&Presence server...is there any integration required 

    Jabber Guest is its own virtual machine and requires dedicated Expressway C/E virtual machines separate from MRA for time being.
    Chris

  • Jabber guest

    Hello Team, 
    I am trying to download  jabber guest. Team do you know where its hiding?
    Cheers

    Hi, you need to order Jabber Guest to get the OVA, see the Cisco UC applications Ordering Guide for more details:
    http://www.cisco.com/web/partners/downloads/partner/WWChannels/technology/ipc/downloads/ucapps_og.pdf
    Mike

Maybe you are looking for

  • JSF and GET parameters

    Hi, This might be an age old question - but I can't seem to find a nice elegant solution - is there any support in JSF for GET parameters? Are there any plans for this to be included? What can I do in the meantime?

  • Drop down menu not working iPad, or does it?

    Dear Adobe, Just (alomost) finished a website for een friend of mine. Created a drop down menu but it doesn't work on the iPad. My site is: www.pro-beautycare.nl (menubar "spraytan") However, on adobekb.com / stie of the day there are several sites w

  • How to Repeat Slideshow WITH Soundtrack?

    I've made a 3-minute slideshow, accompanied by a music soundtrack over most of it. The iMac will be used to present the slideshow automatically over an 8-hour day. I'd like to either loop it or have it restart after an idle minute. I've found that if

  • Lens correction for Hasselblad V series lenses

    Lightroom does not provide lens correction for Hasselbald V series lenses, e.g. Carl Zeiss Planar 2,8/80. Hasselblad Phocus program does but Lightroom ignores Phocus metadata in FFF files imports. Is there any posssibility to achieve lens correction

  • MDM 3.0: error when deleting a Standard Address

    Hi, when loading delections in MDM 3.0, the function module BUPA_ADDRESS_REMOVE can't delete addresses if in the table BUT021_FS the field XDFADU is = 'X'. This means that I can't delete a Standard Address. Do you know how can I by-pass this problem?