Logging the Lobby Ambassador Activities on WLC

Similar Messages

• One Lobby Ambassador on multiple WLCs

  Hello,
  I have wireless network with 2 WLCs and I configured a guest access WLAN with web autentication.
  I would like to use a LOCAL authentications with lobby ambassador for guest users.
  Is there a way to create a user only once in one WLC?
  At the moment I have to connect to each wlc with lobby ambassador privilege and create the same user/pwd on each.
  Thanks
  Johnny

  Hi Johnny,
  I reckon you only have to create the guest user on the Anchor Controller (that's assuming you have your wireless infrastructure configured that way) as that is the WLC that is doing the authentication.
  Hope this helps
  Scott

• WLC audit reports on Lobby ambessador activities

  Is there any way that we can get an audit trail report on the activities of user "Lobby ambesador" from wither WLC or WCS ?

  Hi Nalaka,
  Hope all is well :)
  Maybe this is what you are looking for;
  Logging the Lobby Ambassador Activities
  The following activities are logged for each lobby ambassador account:
  •Lobby ambassador login: WCS logs the authentication operation results for all users.
  •Guest user creation: When a lobby ambassador creates a guest user account, WCS logs the guest user name.
  •Guest user deletion: When a lobby ambassador deletes the guest user account, WCS logs the deleted guest user name.
  •Account updates: WCS logs the details of any updates made to the guest user account. For example, increasing the life time.
  Follow these steps to view the lobby ambassador activities.
  Note You must have superuser status to open this window.
  Step 1 Log into the Navigator or WCS user interface as an administrator.
  Step 2 Click Administration > AAA, then click Groups in the left sidebar menu to display the All Groups window.
  Step 3 On the All Groups windows, click the Audit Trail icon for the lobby ambassador account you want to view. The Audit Trail window for the lobby ambassador displays.
  This window enables you to view a list of lobby ambassador activities over time.
  •User: User login name
  •Operation: Type of operation audited
  •Time: Time operation was audited
  •Status: Success or failure
  Step 4 To clear the audit trail, choose Clear Audit Trail from the Select a command drop-down menu and click GO.
  http://www.cisco.com/en/US/docs/wireless/wcs/4.2/configuration/guide/wcsmanag.html#wp1076868
  http://www.cisco.com/en/US/docs/wireless/technology/guest_access/technical/reference/4.1/GAccess_41.html#wp1001609
  Hope this helps!
  Rob

• Lobby Ambassador - WCS Logging of Guest Account Creation

  Hello all,
  If I am user "admin-ken" and I setup an guest user account "guestuser1" via the WCS controller templates > Guest User (which takes me into lobby ambassador), is there a log file that indicates that "admin-ken" had setup "guestuser1" guest account?
  Many thx indeed,
  Kind regards,
  Ken

  HiKen,
  Hope all is well :)
  Maybe this is what you are looking for;
  Logging the Lobby Ambassador Activities
  The following activities are logged for each lobby ambassador account:
  •Lobby ambassador login: WCS logs the authentication operation results for all users.
  •Guest user creation: When a lobby ambassador creates a guest user account, WCS logs the guest user name.
  •Guest user deletion: When a lobby ambassador deletes the guest user account, WCS logs the deleted guest user name.
  •Account updates: WCS logs the details of any updates made to the guest user account. For example, increasing the life time.
  Follow these steps to view the lobby ambassador activities.
  Note You must have superuser status to open this window.
  Step 1 Log into the Navigator or WCS user interface as an administrator.
  Step 2 Click Administration > AAA, then click Groups in the left sidebar menu to display the All Groups window.
  Step 3 On the All Groups windows, click the Audit Trail icon for the lobby ambassador account you want to view. The Audit Trail window for the lobby ambassador displays.
  This window enables you to view a list of lobby ambassador activities over time.
  •User: User login name
  •Operation: Type of operation audited
  •Time: Time operation was audited
  •Status: Success or failure
  Step 4 To clear the audit trail, choose Clear Audit Trail from the Select a command drop-down menu and click GO.
  http://www.cisco.com/en/US/docs/wireless/wcs/4.2/configuration/guide/wcsmanag.html#wp1076868
  http://www.cisco.com/en/US/docs/wireless/technology/guest_access/technical/reference/4.1/GAccess_41.html#wp1001609
  Hope this helps!
  Rob

• 2504 WLC Question - Lobby Ambassador Available?

  I was wondering if the 2504 has the lobby ambassador feature available. Customer requires temp username/passwords for guests managed through web gui. I couldn't find conclusive documentation it was included so I figured I'd check here before calling Cisco.
  Thanks in advance!
  - Mike

  There should be the ability to configure that yes.  Go into the Management and add a user.  In the drop down for the role, there should be Lobby Ambasador/Admin listed there.
  Steve

• WCS Lobby Ambassador audit report for a specific period of time

  Hi all,
  I know there is an WCS audit report for each lobby ambassador activities. But the problem is that I see only activities from Nov 9 to the present. I don't know what the reason is, whether somebody erased that information before Nov 9 or something else happened.
  Is there any option to manually configure a specific period of time, for example obtain all activities for last 3 months?
  Thanks for any hint.
  Jozef

  Hi Koti,
  What error did you meet when you used audit report from Oct 16 to Oct 31?
  Please check the log file to find more information about this issue. The path of the log file is: C:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\LOGS. You can check the log file whose modified date is from Oct 16 to Oct 31.
  In addition, please deactivate and reactivate Reporting feature at site collection level.
  A similar post for your reference:
  http://sharepointknowledgebase.blogspot.com/2012/07/unexpected-error-when-trying-to-view.html#.VG2cFouUeog
  About audit log report, please take a look at:
  https://support.office.com/en-us/article/Configure-audit-settings-for-a-site-collection-a9920c97-38c0-44f2-8bcb-4cf1e2ae22d2?ui=en-US&rs=en-US&ad=US
  Best Regards,
  Wendy
  Wendy Li
  TechNet Community Support

• Lobby ambassador can't see controller

  have added a new WLC to the WCS which has the same setup like others
  But when the lobby ambassador wants to add a guest user - he can't find this controller in the choice box
  what is missing?

  Please check if tha tWLC has the GUEST WLAN configured?? if not it will not come is wat i beleive.. on top of that..
  http://www.cisco.com/en/US/partner/docs/wireless/wcs/release/notes/WCS_RN7_0_220.html#wp68364
  7.0.172 WCS does not support 7.0.220 WLC..
  Regards
  Surendra

• Lobby Ambassador Profiles in ACS 5.3

  We've set our WCS up to do AAA through our ACS 5.3 which works great. So in order to log into the WCS for Administration or as a Lobby Ambassador (to create guest users etc) the AAA is all done by the ACS, GREAT!
  I have assigned a set of users the Lobby Ambassador role as passed that back through TACACS to the WCS, so those users have their role setup as Lobby Ambassador and are limited from doing anything else, as expected.
  What I want to know is: With normal local AAA on the WCS, when you created a Lobby Ambassador account, you could give the account a set of defaults for any guests accounts created by that Lobby Ambassador account, which was good, so Lobby Ambassadors couldn't set up unlimited time accounts and stuff like that.
  What I want to know now is that since I'm now doing all the AAA on the ACS, is there an attribute I can pass to the WCS in the Shell Profile, along with the roles etc telling the WCS what the guest user creation defaults for the Lobby Ambassador account is, so that we can continue to limit the defaults of any guest account that the Lobby Ambassador accounts create, as it used to be? We'd really like different lobby ambassadors to be able to do different things as well. i.e., Lobby Ambassador X can only create accounts for one region. Lobby Ambassador Y can create Unlimited time accounts where the others can not. We used to do this by assigning different guest user creation defaults to different lobby ambassador accounts on the WCS.
  Help appreciated        

  Hi,
  at the moment the only solution for your requirement is to create local NCS/WCS accounts with exactly the same username as existing in your ACS, no matter what password. Authentication will happen via TACACS+ while the defaults will be taken from the local user account. Please be aware that this mechanism is case sensitive.
  Regards
  Stefan

• Customize Lobby Ambassador View

  Hi all,
  I have a problem with the following situation:
  - Cisco Prime Infrastructure 2.0 (2.0.0.0.294)
  - Cisco ACS 5.4 (5.4.0.46.0a)
  - 2x Cisco WLAN Controller 5508 in SSO mode
  - x APs 2600 Series
  All devices are configured properly, I can see the WLC on Prime, etc.
  Prime and WLC are added to ACS for TACACS+ Authentication.
  Admin users are able to login to Prime with full feature set (root permission).
  Lobby Ambassadors can also login to Prime for Guest User creation.
  Therefore I have created two Shell Profiles on ACS.
  Now I want to create WLAN Guest User with Lobby Ambassador Account (TACACS-authenticated!).
  I want to customize the Default Guest User Creation page with a company logo and some default settings (WLAN Profile, Apply to Controller List, set "generate password" to fixed, etc.) to fixed values.
  Only thing what Lobby Ambassador can change should be setting the password period (with hours or using calender), guest user name and description.
  If I configure a local user on Prime, I can customize the page.
  However if I use TACACS user, I am not able to use the customized page.
  Can anybody help me with this issue?
  THANKS a lot!!!!
  edit: problem solved by workaround...
  https://supportforums.cisco.com/thread/2201703
  BR, Stefan

  You will not be able to unless you build a back-end that does it and sends the commands to the WLC. Other than that, you can't customize the lobby ambassador page.
  Sent from Cisco Technical Support iPhone App

• NCS - lobby ambassador controller list

  Under NCS --> Administration --> Users we have created a specific user to enable guest user access. However, when tinkering with the defaults you can select a controller list. The problem is we only see 5 of our controllers (we have 8).
  Is this a limitation on lobby ambassador? Or is there a way to add additional controllers here?

  When you create the lobby ambassador you specify the defaults.
  You specify the WLAN profile ,user role ...etc.
  If you choose a WLAN profile, then only WLCs that have that WLAN profile will appear.
  Same manner, if you specify user role, only WLCs that has that QoS role configured will appear on the list.
  If you configured both, intersection of both (WLCs that have both the profile and the role) will appear.
  If you choose the default user role and use any profile then you should see all the WLCs on the list.
  HTH
  Amjad

• WCS Lobby Ambassador and Monitor User

  I'm running our WCS authentication through ACS with TACACS and it's working fine.  However, I currently have my Help Desk setup with a monitor user so they can login and view WCS, but this does not give them the Lobby Ambassador of course.  How can I get a user to have both WCS and Lobby access with having to login with seperate user identities?

  It's either admin either lobby account, you can not have both, the http pages are completly different and dont intermix.
  Your solution is to have 2 users on your TACACS where one is the admin and one the lobby.
  Here are the step by step config lines:
  http://www.cisco.com/en/US/docs/wireless/wcs/6.0/configuration/guide/6_0admin.html#wpmkr1064288

• New to Cisco Lobby Ambassador

  I want to be able to tie the registering users into the visitor registration section of a segregated guest network. I want to have a link that would appear in the front end after you register a visitor which would direct you to this program which is the lobby ambassador. Any non guest user could be able to register a guest and be provided a temp logon for the guest for a period of time.
  Anyone has an idea of how I can achieve this using a Cisco lobby ambassador

  You should be able to expand it to something bigger.  On the controller go to Security, AAA, General.  Increase this number, it will require a reboot.  I'm not sure the maximum you can increase it to (could be controller dependent).

• Lobby Ambassador- Guest User Creation

  Hi all,
  I am currently implementing the use of the lobby ambassador for guest account creation, however I am looking to see if some features exist. I would like to be able to tie into AD to create lobby ambassador's to have further control of who can and cannot create guest accounts. I am also looking if there is a way to put restrictions on the time frame a guest account can remain active for when created by the lobby ambassador. An example of what I am trying to do is to not have a guest account created by an ambassador to go over a day for it's time frame.
  Thanks in advance,
  Chris

  Yes and yes. From WCS you can pull the role for lobby admin and use that to create the group with the proper attributes.
  Then on the WCS you build the template you want them to use. There you can create the restrictions of how long.
  Steve
  Sent from Cisco Technical Support iPhone App

• Prime Lobby Ambassador defaults

  I can't figure out if it's possible to standardize the configuration for Guest User creation for users who are authenticated using RADIUS and assigned to the Lobby Ambassador group.
  Any help?
  Thanks!

  I went through this nightmare before as well if memory serves.  Unfortunately, it doesn't appear it's possible.  
  If I'm incorrect, someone please pipe up as I don't believe I was ever able to find a way either.

• Prime Lobby Ambassador defaults scheduling guest users

  Hi.
  I'm actually testing Prime Infrastructure and one important thing there for me is the Lobby Ambassador feature.
  I want to give our colleagues from other sites the possibility to create guest accounts on their own, but with some defaults already set. They should only be able to create accounts with a lifetime of 14 days ( not editable ), but with the possibility to schedule the accounts.
  If I now set the defaults of the Lobby Ambassador to 14 days lifetime and make them not editable, the Lobby Ambassador can’t schedule the guest user. If they choose “Schedule Guest User” from dropdown, they get the message “The creation will be scheduled 5 minutes after the current server time.”
  Is there a way to get that working?
  Best would be to have the defaults partially not editable, so that you can make some things default ( e.g. lifetime, generate password, controller config group ) and some things editable ( e.g. description, disclaimer, scheduling ).
  Regards,
  Sven Lindeke

  I went through this nightmare before as well if memory serves.  Unfortunately, it doesn't appear it's possible.  
  If I'm incorrect, someone please pipe up as I don't believe I was ever able to find a way either.