One Lobby Ambassador on multiple WLCs

Hello,
I have wireless network with 2 WLCs and I configured a guest access WLAN with web autentication.
I would like to use a LOCAL authentications with lobby ambassador for guest users.
Is there a way to create a user only once in one WLC?
At the moment I have to connect to each wlc with lobby ambassador privilege and create the same user/pwd on each.
Thanks
Johnny

Hi Johnny,
I reckon you only have to create the guest user on the Anchor Controller (that's assuming you have your wireless infrastructure configured that way) as that is the WLC that is doing the authentication.
Hope this helps
Scott

Similar Messages

  • Logging the Lobby Ambassador Activities on WLC

    Dear all,
    we interested in "Logging the Lobby Ambassador Activities on WLC",
    we found resusurces that explain hot to do this using WCS, but we want to konw if it's
    possible without WCS.
    More in general, we give the possibilities to oue employee to create guest account, using
    the Radius to autenticate as Lobby Admin.
    We are intereset to identify who creates the particular guest account, in case of
    incident investigation.
    Thanks, for any suggestion on regard.
    bye

    This is not possible with just the WLC. You would want to look at ISE or NAC Guest Server.

  • Lobby Ambassador - Selecting Profile

    We have a WCS version 5.2.130 and WLC version 4.2.130.0
    Not very familiar with it. The issue here is although the WLC is reachable from WCS, I can't seems to select a profile when we want to create guest users from lobby ambassador. The WLC has been configured with 2 wlans - wlanguest and wlan01 but I can't select this profile to assign the user to.
    Hope someone can shed some light.

    For guest users and lobby admins, the WLAN profiles that can be selected from the WLC are only those that are using WEB-AUTH as security policy.
    Make sure the WLAN profile for guest user is using web-auth on your WLC, that will address your issue.

  • On WLC 'one-to-many' means one VLAN mapped to multiple SSIDs possible?

    Does the Cisco Wireless LAN Controller Architecture includes this feature (configuration possibility)?

    Thanks all for the provided infos. We have now the same requirements for two customers -> One-to-Many (One VLAN mapped to multiple SSIDs).
    Can anybody who has realised such a set up provide some more details how to proceed?
    The link from David describes the other way around, several VLANs mapped to one SSID. By the way, we where able to implement this, but it is only supported in centralized mode, local mode (Flex Connect it doesn't work).
    For any advise how to proceed for "One VLAN mapped to multiple SSIDs" would be very appreciated.
    Thanks Erich

  • 2504 WLC Question - Lobby Ambassador Available?

    I was wondering if the 2504 has the lobby ambassador feature available. Customer requires temp username/passwords for guests managed through web gui. I couldn't find conclusive documentation it was included so I figured I'd check here before calling Cisco.
    Thanks in advance!
    - Mike

    There should be the ability to configure that yes.  Go into the Management and add a user.  In the drop down for the role, there should be Lobby Ambasador/Admin listed there.
    Steve

  • Restricted Lobby Ambassador

    Hi,
    Does anyone know if there is a way to limit a lobby admin user (on WLC or PI) to a specific AP group or WLAN?
    I would like to have o lobby admin who can add guest users just for specific WLANs configured on the WLC.
    I know that the lobby admin can map just one WLAN (vs. Any WLAN) to a guest user when creating his account, but I want to restrict the WLANs that the lobby admin can choose from.
    Thank you,
    Sebastian

    I found that it is possible from PI.
    You can select one SSID under lobby ambassador defaults TAB from Profiles drop down.
    Thank you,
    Sebastian

  • WCS Lobby Ambassador and Monitor User

    I'm running our WCS authentication through ACS with TACACS and it's working fine.  However, I currently have my Help Desk setup with a monitor user so they can login and view WCS, but this does not give them the Lobby Ambassador of course.  How can I get a user to have both WCS and Lobby access with having to login with seperate user identities?

    It's either admin either lobby account, you can not have both, the http pages are completly different and dont intermix.
    Your solution is to have 2 users on your TACACS where one is the admin and one the lobby.
    Here are the step by step config lines:
    http://www.cisco.com/en/US/docs/wireless/wcs/6.0/configuration/guide/6_0admin.html#wpmkr1064288

  • Multiple WLC LobbyAdmins

    Hello,
    My understanding is that I can authorise multiple Lobby Admins on a WLC 4404 using RADIUS. I was wondering is if is possible to create Lobby Admin groups so that a specific Lobby Admin can only grant guest wireless access to specific Mobility Groups?
    I support wireless in multiple facilities and handing off guest access admin duties to department secretaries is ideal, but I only want guests to have wireless access only from the area/building in which they will be visiting.
    Is this possible using a single WiSM (70+ WAPs) or do I need to deploy multiple WLCs?
    Thank you in advance for your help.

    "I only want guests to have wireless access only from the area/building in which they will be visiting."
    I can think of two ways of doing this ...
    1. Create AP Groups. This method allows you to broadcast a specific SSID in a specific area.
    2. Each Lobby Administrator can only see the account created. Lobby Admin 1 can't/won't be able to see accounts created by Lobby Admin 2, for instance.
    Hope this helps.
    3. Lobby Admins must be strict. Do not allow them to create 31-days account (no time limit).

  • Prime Lobby Ambassador defaults scheduling guest users

    Hi.
    I'm actually testing Prime Infrastructure and one important thing there for me is the Lobby Ambassador feature.
    I want to give our colleagues from other sites the possibility to create guest accounts on their own, but with some defaults already set. They should only be able to create accounts with a lifetime of 14 days ( not editable ), but with the possibility to schedule the accounts.
    If I now set the defaults of the Lobby Ambassador to 14 days lifetime and make them not editable, the Lobby Ambassador can’t schedule the guest user. If they choose “Schedule Guest User” from dropdown, they get the message “The creation will be scheduled 5 minutes after the current server time.”
    Is there a way to get that working?
    Best would be to have the defaults partially not editable, so that you can make some things default ( e.g. lifetime, generate password, controller config group ) and some things editable ( e.g. description, disclaimer, scheduling ).
    Regards,
    Sven Lindeke

    I went through this nightmare before as well if memory serves.  Unfortunately, it doesn't appear it's possible.  
    If I'm incorrect, someone please pipe up as I don't believe I was ever able to find a way either.

  • Lobby ambassador can't see controller

    have added a new WLC to the WCS which has the same setup like others
    But when the lobby ambassador wants to add a guest user - he can't find this controller in the choice box
    what is missing?

    Please check if tha tWLC has the GUEST WLAN configured?? if not it will not come is wat i beleive.. on top of that..
    http://www.cisco.com/en/US/partner/docs/wireless/wcs/release/notes/WCS_RN7_0_220.html#wp68364
    7.0.172 WCS does not support 7.0.220 WLC..
    Regards
    Surendra

  • PI 1.3 Lobby Ambassador Defaults where Building stays None?

    When creating local Lobby Ambassador user, the Lobby Ambassador Defaults profile needs to be set.  At the Lobby Ambassador Default page, the Building dropdown stays at "None" with no other selections, although the building has been created in the corresponding Campus.
    PI1.3 won't create the Lobby Ambassador user when Building selection is NONE.
    Any one runs into this problem?

    When creating local Lobby Ambassador user, the Lobby Ambassador Defaults profile needs to be set.  At the Lobby Ambassador Default page, the Building dropdown stays at "None" with no other selections, although the building has been created in the corresponding Campus.
    PI1.3 won't create the Lobby Ambassador user when Building selection is NONE.
    Any one runs into this problem?

  • Lobby Ambassador Profiles in ACS 5.3

    We've set our WCS up to do AAA through our ACS 5.3 which works great. So in order to log into the WCS for Administration or as a Lobby Ambassador (to create guest users etc) the AAA is all done by the ACS, GREAT!
    I have assigned a set of users the Lobby Ambassador role as passed that back through TACACS to the WCS, so those users have their role setup as Lobby Ambassador and are limited from doing anything else, as expected.
    What I want to know is: With normal local AAA on the WCS, when you created a Lobby Ambassador account, you could give the account a set of defaults for any guests accounts created by that Lobby Ambassador account, which was good, so Lobby Ambassadors couldn't set up unlimited time accounts and stuff like that.
    What I want to know now is that since I'm now doing all the AAA on the ACS, is there an attribute I can pass to the WCS in the Shell Profile, along with the roles etc telling the WCS what the guest user creation defaults for the Lobby Ambassador account is, so that we can continue to limit the defaults of any guest account that the Lobby Ambassador accounts create, as it used to be? We'd really like different lobby ambassadors to be able to do different things as well. i.e., Lobby Ambassador X can only create accounts for one region. Lobby Ambassador Y can create Unlimited time accounts where the others can not. We used to do this by assigning different guest user creation defaults to different lobby ambassador accounts on the WCS.
    Help appreciated        

    Hi,
    at the moment the only solution for your requirement is to create local NCS/WCS accounts with exactly the same username as existing in your ACS, no matter what password. Authentication will happen via TACACS+ while the defaults will be taken from the local user account. Please be aware that this mechanism is case sensitive.
    Regards
    Stefan

  • Customize Lobby Ambassador View

    Hi all,
    I have a problem with the following situation:
    - Cisco Prime Infrastructure 2.0 (2.0.0.0.294)
    - Cisco ACS 5.4 (5.4.0.46.0a)
    - 2x Cisco WLAN Controller 5508 in SSO mode
    - x APs 2600 Series
    All devices are configured properly, I can see the WLC on Prime, etc.
    Prime and WLC are added to ACS for TACACS+ Authentication.
    Admin users are able to login to Prime with full feature set (root permission).
    Lobby Ambassadors can also login to Prime for Guest User creation.
    Therefore I have created two Shell Profiles on ACS.
    Now I want to create WLAN Guest User with Lobby Ambassador Account (TACACS-authenticated!).
    I want to customize the Default Guest User Creation page with a company logo and some default settings (WLAN Profile, Apply to Controller List, set "generate password" to fixed, etc.) to fixed values.
    Only thing what Lobby Ambassador can change should be setting the password period (with hours or using calender), guest user name and description.
    If I configure a local user on Prime, I can customize the page.
    However if I use TACACS user, I am not able to use the customized page.
    Can anybody help me with this issue?
    THANKS a lot!!!!
    edit: problem solved by workaround...
    https://supportforums.cisco.com/thread/2201703
    BR, Stefan

    You will not be able to unless you build a back-end that does it and sends the commands to the WLC. Other than that, you can't customize the lobby ambassador page.
    Sent from Cisco Technical Support iPhone App

  • Lobby Ambassador Managment of Users that have expired.

    Hi there all :)
    When you set users up on LA and you set a user to a "controller list", the entry on the listing always shows the account as active from the front menu even if the time has expired.
    You then go into the account and you can see the date has expired, and if you test the account, yes, you cant login.
    Is this a bug?
    I am running WCS version 4.2.62.11.
    Also, I would like a function on LA to allow me to delete all expired users in one go. Is this possible?
    As the above indicates that the users is not expired but active, at the moment, you have to go into every account, check the expiry date and then delete the account one by one.
    Painful?
    Many thx indeed,
    Ken

    Hey Ken,
    Is it time for a beer yet??
    In answer to your first question, I think you are seeing this bug;
    CSCsk17497 Bug Details
    D3WCS:lobby ambassador-guest user account expiry not shown clearly
    Symptom:
    After successful scheduling the Guest account, the detail page for the created account doesn't show the expiry time details.
    Conditions:
    This condition arrives only when the browsed account is the scheduled account.
    Workaround:
    The detail page has the 'start' and 'end' time selection, which can be used for the expiry detail.
    Further Problem Description:
    Status
    Fixed
    Severity
    3 - moderate
    Last Modified
    Any Time
    Product
    Cisco Wireless Control System
    Technology
    1st Found-In
    4.2(47.0)
    Fixed-In
    5.0(28.0)
    Hope this helps bud!
    Rob

  • NCS - lobby ambassador controller list

    Under NCS --> Administration --> Users we have created a specific user to enable guest user access. However, when tinkering with the defaults you can select a controller list. The problem is we only see 5 of our controllers (we have 8).
    Is this a limitation on lobby ambassador? Or is there a way to add additional controllers here?

    When you create the lobby ambassador you specify the defaults.
    You specify the WLAN profile ,user role ...etc.
    If you choose a WLAN profile, then only WLCs that have that WLAN profile will appear.
    Same manner, if you specify user role, only WLCs that has that QoS role configured will appear on the list.
    If you configured both, intersection of both (WLCs that have both the profile and the role) will appear.
    If you choose the default user role and use any profile then you should see all the WLCs on the list.
    HTH
    Amjad

Maybe you are looking for

  • Mail...writing changes to disk...taking forever!

    My Mail has been rendered useless since Mavericks upgrade.  I have installed the initial patch and the most recent Mavericks update.  Same problem persists... Mail takes forever to load Mail is always writing changes to disk I love Mail - but it is u

  • ClassCastExceptions when trying to view documents from a custom document provider

    I have a very basic extension of DefaultDocument that I am using as our document representation. In the recommended strategy #3 we are told that we need to have something that extends DocumentDef, which this fits. However, in the deployment descripto

  • Sybase database error

    this error happened today and when i restart the process it works for awhile and comes back. Nothing was done to the server (5.1.x) for months This is what I get: ERROR Assertion failed: 200601 (7.0.2.1583) Page for requested record not a table page

  • Adobe - inconsistent output on different systems

    Hi, I am converting my smartform output to PDF and this output I am displaying as PDF file in print preview. In some of the PCs, occasionally, the output does not appear in the print preview(Adobe Reader). A pop up box in adobe reader appears that do

  • Not able to register with listener after installing oracle grid infrastrtcure in oracle 11gr2 on windows

    Hi Guru's. I am not able to get listener connectivity after installing Oracle 11gr2 Grid infrastructure on windows on vmware workstation. I register with static ip. Even i recreated the listener and running the listener from Grid home. The output wha