SMB Pro AP541 - guest access solution

Similar Messages

• WLC based mobility-anchor guest access solution

  Hi everybody,
  My new setup with WLC baesed guest access solution is working well. I am using web based login authentication for wired & wireless solution. And everything is running through out the WLC. The WLC is granting access to is the internet for the guests. My question is how about printers and other devices that cannot make web based authentication. How can i get them to work in the same setup?
  best regards,
  Sahin

  For wired, you simply need to configure mac aut bypass on the printer switchports and point that to the ACS.
  If it's accepted, the port will go in the printer vlan, if not, you can chose the behavior (block access, put in another vlan, etc ...).
  For wireless, you need to enable "mac filtering" on the SSID, so it's best to create a separate SSID for the printers then because you want to authenticate those by mac address and you don't want that for the other clients probably.
  You can then also point the mac filtering towards ACS on the wlc.
  From there you can either have the macs stored locally on ACS or in your ACtive Directory or wherever you want.

• Does WAP4410N support Wireless Guest access solution?

  Does the Linksys AP (WAP4410N) support Wireless Guest access solution?

  Hi - I've got a WAP4410N which I'd like to use to provide wireless guest access, and I've had a look through the configuration pages and manual, and understand:
  1) I've got to add a virtual SSID (although I'd like to know where the DHCP settings are as I don't believe the WAP4410N has DHCP capabilities)
  2) I need to ensure that traffic can't hop across the multiple SSIDs
  What I'd like to know is whether the WAP4410N can be set up to display a terms and conditions page which users have to "OK" or whether it can host a login page that can be administered by someone to allow access - kind of like hotels use to ensure that not everyone can automatically connect?  I don't mind if there has to be a secondary piece of software hosted on a server someone, but I'd like to prevent people from being able to automatically connect straight to our connection and would also like to limit them in some way, at very least the bandwidth that the connection allows, at best the sites they can visit too.
  Any thoughts greatly appreciated,
    Andy

• Windows 7 and Wireless Guest Access

  Dear All, one of my Customers uses 4400 based Guest Access Solution with L3 Webauth. With XP everything works Fine. Since the Migration to Windows 7, Guest Access is not working correctly. It takes a long time to get an IP Address via DHCP, sometimes it idles to 169.xxx. If an IP Address is provided, the Redirect will not work. Has anybody seen similar Problems with Win7 or a Solution?
  Regards, Michael

  Found a solution for the "Boot Camp x64 is unsupported on this computer model" message. Here is the link: http://www.techulous.com/hardware/how-to-apple-boot-camp-64-bit-for-windows-7-on -unsupported-macs.html
  Everything works ( for ) now. Yay!

• Ask the Experts: Wired Guest Access

  Sharath K.P.
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions on wired guest access with expert Sharath K.P. Wired guest access enables guest users to connect to the guest access network from a wired Ethernet connection designated and configured for guest access. Sharath K.P. is a Customer Support Engineer specialized in wireless and switching technologies at the Technical Assistance Center in Cisco Bangalore. He has been troubleshooting wireless and switching networks and management tools since 2009. Sharath has a bachelor's degree in Electrical Electronics Engineering from P.E.S College of Engineering (PESCE), VTU at Belgaum. India. He holds CCNP certifications in R&S and Wireless.
  Remember to use the rating system to let Sharath know if you have received an adequate response. 
  Sharath might not be able to answer each question due to the volume expected during this event.
  Remember that you can continue the conversation on the Wireless and Mobility sub-community discussion forum shortly after the event. This event lasts
  through January 27, 2012. Visit this forum often to view responses to your questions and the questions
  of other community members.

  Hi Daniel ,
  Wonderful observation and great question .
  Yes, we dont find any recommendation or inputs in Cisco Docs on scenarios  where  we  have multiple foriegn WLC's present .When we go through the Cisco Doc available for Wired Guest Access
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00808ed026.shtml
  Two separate solutions are available to the customers:
  A single WLAN controller (VLAN Translation mode) - the access switch  trunks the wired guest traffic in the guest VLAN to the WLAN controller  that provides the wired guest access solution. This controller carries  out the VLAN translation from the ingress wired guest VLAN to the egress  VLAN.
  Two WLAN controllers (Auto Anchor mode) - the access switch trunks  the wired guest traffic to a local WLAN controller (the controller  nearest to the access switch). This local WLAN controller anchors the  client onto a DMZ Anchor WLAN controller that is configured for wired  and wireless guest access. After a successful handoff of the client to  the DMZ anchor controller, the DHCP IP address assignment,  authentication of the client, etc. are handled in the DMZ WLC. After it  completes the authentication, the client is allowed to send/receive  traffic.
  So  as per Cisco best pratices using multiple foreign controllers for the same wired guest VLAN is not supported and the results will be unpredictable
  I do understand the confusion regarding such scenario's as this( Multiple foriegn WLC's) is a very general setup which customer would like to deploy .
  We have already opened a bug for the same (Little late though )
  BUG ID :CSCtw44999
  The WLC Config Guide should clarify our support for redundancy options for wired guest
  Symptom:
  Do not trunk a wired guest VLAN to multiple foreign controllers.  This is not supported, and will
  generate unpredictable results.
  Some of the other tthat changes we will be making as a part of doc correction would be
  http://www.cisco.com/en/US/docs/wireless/controller/7.0MR1/configuration/guide/cg_user_accts.html#wp1066125
  1. The WiSM2 needs to be added as a supported controller.  (Not sure about the 7500, check with PM)
  2. Where it says "Do not attempt to trunk a guest VLAN on the Catalyst 3750G ...", this should read:
  "Do not trunk a wired guest VLAN to multiple foreign controllers.  This is not supported, and will
  generate unpredictable results."
  3. Add at least a line mentioning support for multiple anchors for a guest wired LAN.
  Now  if you already have such deployments , ther criteria would be that nearest WLC on the broadcast domain (Layer 2) would  respond to the client associtation request .
  Cisco Controller) >Tue Sep 11 13:27:42 2007: 00:0d:60:5e:ca:62 Adding mobile on Wired Guest 00:00:00:00:00:00(0)
  Tue Sep 11 13:27:42 2007: 00:0d:60:5e:ca:62 apfHandleWiredGuestMobileStation (apf_wired_guest.c:121) Changing state for mobile
  00:0d:60:5e:ca:62 on AP 00:00:00: 00:00:00 from Idle to Associated .
  I hope the above explanation could clarify your doubts to certain extent and also keep you
  informed on Cisco's  roadmap on this feature .
  Regards ,
  Sharath K.P.

• Guest Access 5.0 WCS Software

  I am a little confused on the last two features for Guest Access Features. Anybody can explain in depth what these mean.
  1. LDAP Web Authentication Support for Guest Access
  2. Support for Proprietary Guest Access Solutions
  http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps6521/product_bulletin_cisco_unified_wireless_network_software_release_5.0_ps6366_Products_Bulletin.html
  Thank You,
  Reginald Bailey

  Hey Anteaus,
  Welcome to the BlackBerry Support Community Forums.
  Since the BlackBerry Desktop Manager is causing conflicts with the network connections, I would highly suggest that you perform a clean uninstall of Desktop Manager.
  Here is the link to a knowledge base article that explains all the steps for a clean uninstall.
  http://www.blackberry.com/btsc/KB02206
  Once you perform all of the steps in that article, then proceed with re-installing BlackBerry Desktop Manager.
  The link to download BlackBerry Desktop Manager is available at:
  http://na.blackberry.com/eng/services/desktop/
  -ViciousFerret
  Come follow your BlackBerry Technical Team on Twitter! @BlackBerryHelp
  Be sure to click Like! for those who have helped you.
  Click  Accept as Solution for posts that have solved your issue(s)!

• Secure Guest Access with AP541's

  My customer would like to have a secure guest wireless environment using AP541N's. When a guest laptop connects to the wireless I need the user to be redirected to a guest secure zone where they can only access the Internet after entering a password. I read in the AP541 docuemntation that this device is suitable for customers who plan to have secure guest access "in the future" - does this mean the feature is not available today but planned for the future ? If it is available today is there a config guide ?
  Thanks

  to George Stefanick
  Could you provide url of documentation how to implement third solution -
  Take one of the ports from the WLC and plug it into the FW,
  especialy configuration of WLC.

• I installed Windows 7 in my Macbook pro, I can access Windows data in Mac, but I can't copy and delete it. and the same case while i am working in Windows. Could you please guide me if there is any solution, where I could copy/paste/delete my data.

  I installed Windows 7 in my Macbook pro, I can access Windows data in Mac, but I can't copy and delete it. and the same case while i am working in Windows. Could you please guide me if there is any solution, where I could copy/paste/delete my data.

  OS X can natively read NTFS of Windows, but not write to it.
  Windows can't read or write to HFS+ of OSX, and that's a good thing from a security standpoint.
  Ideally if you share files between operating systems you should have a FAT/MSDOS formated USB key or hard drive. (exFAT external drive if any of your files are over 4GB in size) both these formats are universal for OS X or Windows.
  If you install software into Windows and OS X to read each others formats, then you have to pay to update/upgrade it deal with headaches.
  If you swtich between Windows and OS X a lot, don't need full hardware performance for Windows, you may consider installing virtual machine software like VMFusion or Parallels which can take a copy of your Windows in Bootcamp and place it into OS X as a file then run that copy of Windows in a window in OS X like so.
  Advantage here is you run most of your light weight Windows programs like this at the same time as OS X.
  Benefit is you can run just about any Windows or Linux version and OSX server editions (not client versions)
  Bootcamp only allows Windows 7, that's it now.
  You'll also be interested in two fre pieces of software, Carbon Copy Cloner and Winclone on macupdate.com.
  CCC clones OS X partition and Winclone clones the Bootcamp partition. Valuable for you.
  Good Luck

• SMB Guest Access allowed but greyed out so cant turn it off

  Hi guys
  I have recently installed 10.6 snow leopard server to setup as a file server. It will be host to a mix of mac and windows clients.
  I have installed and setup SMB service:
  Role: Primary Domain Controller
  By default, Allow Guest Access is ticked and greyed out. I want to disable it but I can click the box??
  Any suggestions?
  Thanks.
  Rik.

  I was in the same boat. Found the answer in Terminal (I'm assuming you know what you're doing there):
  You can verify the settings by typing (NOTE: the serveradmin command must be run as root):
            serveradmin settings smb
  Look for a line reading:
            smb:map to guest = "Bad User"
  This indicates Guest Access is ON.
  To disable guest access in SMB:
           serveradmin settings smb:map to guest = "Never"
  I had to quit and reopen the Server Admin app before the change showed in the GUI.
  -Axiom

• Windows 7 Guest Access to SMB Share

  I have a 10.8 server setup. I have a share that is available via both AFP and SMB. I have guest access turned on.  Why can't I access this share as a guest using Windows 7?  Am I doing something wrong? 
  Windows 7 client is bound to an AD domain, but the Mac Server is not, it is stand alone.
  How can I access the guest SMB share with Windows 7 client?
  Thanks!

  If lagagnon's suggestion doesn't work, I would say try this:
  [global]
  client lanman auth = no
  client ntlmv2 auth = yes
  Where I work we are on an Active Directory in which *only* NTLMv2 is allowed to authenticate, and Samba clients must explicitly set "client ntlmv2 auth = yes" in order for them to connect to shares.

• My wireless internet was blocked by CISCO guest access

  My internet service was from AT&T and now it was changed to Timer Warner. But one problem appears every 1 or 2 months. After I click SAFARI, the menu shows:
  CISCO GUEST ACCESS
  Enter the guest access password to access the internet. Ask the owner if you
  don't know the password. The Guest access password can be found using CISCO
  connection.
  My internet has no relationship with CISCO at all, why it appears? Usually it will last for several days then it will disappear. During the several days, I cannot use this Mac to access internet!
  Does anyone know how to solve the problem? Thanks a lot.

  Check the Wi-Fi menu to make sure you're connected to your own network, not someone else's. If you are, see below.
  1. This procedure is a diagnostic test. It changes nothing, for better or worse, and therefore will not, in itself, solve the problem. But with the aid of the test results, the solution may take a few minutes, instead of hours or days.
  Don't be put off by the complexity of these instructions. The process is much less complicated than the description. You do harder tasks with the computer all the time.
  2. If you don't already have a current backup, back up all data before doing anything else. The backup is necessary on general principle, not because of anything in the test procedure. Backup is always a must, and when you're having any kind of trouble with the computer, you may be at higher than usual risk of losing data, whether you follow these instructions or not.
  There are ways to back up a computer that isn't fully functional. Ask if you need guidance.
  3. Below are instructions to run a UNIX shell script, a type of program. As I wrote above, it changes nothing. It doesn't send or receive any data on the network. All it does is to generate a human-readable report on the state of the computer. That report goes nowhere unless you choose to share it. If you prefer, you can act on it yourself without disclosing the contents to me or anyone else.
  You should be wondering whether you can believe me, and whether it's safe to run a program at the behest of a stranger. In general, no, it's not safe and I don't encourage it.
  In this case, however, there are a couple of ways for you to decide whether the program is safe without having to trust me. First, you can read it. Unlike an application that you download and click to run, it's transparent, so anyone with the necessary skill can verify what it does.
  You may not be able to understand the script yourself. But variations of it have been posted on this website thousands of times over a period of years. The site is hosted by Apple, which does not allow it to be used to distribute harmful software. Any one of the millions of registered users could have read the script and raised the alarm if it was harmful. Then I would not be here now and you would not be reading this message. See, for example, this discussion.
  Nevertheless, if you can't satisfy yourself that these instructions are safe, don't follow them. Ask for other options.
  4. Here's a summary of what you need to do, if you choose to proceed:
  ☞ Copy a line of text in this window to the Clipboard.
  ☞ Paste into the window of another application.
  ☞ Wait for the test to run. It usually takes a few minutes.
  ☞ Paste the results, which will have been copied automatically, back into a reply on this page.
  The sequence is: copy, paste, wait, paste again. You don't need to copy a second time. Details follow.
  5. Try to test under conditions that reproduce the problem, as far as possible. For example, if the computer is sometimes, but not always, slow, run the test during a slowdown.
  You may have started up in "safe" mode. If the system is now in safe mode and works well enough in normal mode to run the test, restart as usual. If you can only test in safe mode, do that.
  6. If you have more than one user, and the one affected by the problem is not an administrator, then please run the test twice: once while logged in as the affected user, and once as an administrator. The results may be different. The user that is created automatically on a new computer when you start it for the first time is an administrator. If you can't log in as an administrator, test as the affected user. Most personal Macs have only one user, and in that case this section doesn’t apply. Don't log in as root.
  7. The script is a single long line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, though you may not see all of it in the browser window, and you can then copy it. If you try to select the line by dragging across the part you can see, you won't get all of it.
  Triple-click anywhere in the line of text below on this page to select it:
  PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/libexec;clear;cd;p=(1222 ' 0.5 0.25 10 1000 15 5120 1000 25000 1 1 0 100 ' 51 25600 4 10 25 5120 102400 1000 25 1000 80 40 500 300 85 25 20480 262144 20 2000 524288 );k=({Soft,Hard}ware Memory Diagnostics Power FireWire Thunderbolt USB Bluetooth SerialATA Extensions Applications Frameworks PrefPane Fonts Displays CFBundleIdentifier 'tsA|[ST]M[HL]' PlistBuddy{,' 2>&1'}' -c Print' 'Info\.plist' 'com\\.apple\\.' -\\t N\\/A 'AES|atr|udit|msa|dnse|ax|ensh|fami|FileS|fing|ft[pw]|gedC|kdu|etS|is\.|alk|ODSA|otp|htt|pcas|ps-lp|rexe|rlo|rsh|smb|snm|teln|upd-[aw]|uuc|vix|webf' OSBundle{Require,AllowUserLoa}d );f=('\n%s'{': ','\n\n'}'%s\n' '\nRAM details\n%s\n' '%s %s\n' '%s\n'"${k[22]}"'%s\n' {Privacy,Mode}': %s\n' '\n   ...and %s more line(s)\n' 'RSSI: %s\nNoise: %s\nTx rate: %s\n' '\nContents of %s\n   '"${k[22]}"'mod date: %s\n   '"${k[22]}"'checksum: %s\n%s\n' '%d MB: %s\n' );b=(com.adobe.{AAM.Updater-1.0{,},AdobeCreativeCloud,CS{4,5}ServiceManager,fpsaud,SwitchBoard{,}} ${k[21]}{aelwriter,{AirPortBaseSt,SafariNotific}ationAgent,FolderActions.enabled,installer.osmessagetracing,mrt.uiagent,ReportCrash.Self,{rp,usb}muxd} com.citrixonline.GoToMeeting.G2MUpdate com.google.keystone.daemon{,} com.microsoft.office.licensing.helper com.oracle.java.{Helper-Tool,JavaUpdateHelper{,}} com.teamviewer.{Helper,teamviewer{,_desktop,_service}} org.macosforge.xquartz.{privileged_{,},}startx );c=(879294308 4071182229 461455494 3627668074 1083382502 1274181950 1855907737 2758863019 1848501757 464843899 2636415542 3694147963 1233118628 2456546649 2806998573 2778718105 842973933 2051385900 3301885676 891055588 998894468 695903914 1443423563 4136085286 3374894509 1051159591 892310726 1707497389 523110921 2883943871 3873345487 );s=(' s/[0-9A-Za-z._]+@[0-9A-Za-z.]+\.[0-9A-Za-z]{2,4}/EMAIL/g;/faceb/s/(at\.)[^.]+/\1NAME/g;/\/Shared/!s/(\/Users\/)[^ /]+/\1USER/g;s/[-0-9A-Fa-f]{22,}/UUID/g;' ' s/^ +//;/de: S|[nst]:/p;' ' {sub(/^ +/,"")};/er:/;/y:/&&$2<'${p[4]} ' s/:$//;3,6d;/[my].+:/d;s/^ {4}//;H;${ g;s/\n$//;/s: (E[^m]|[^EO])|x([^08]|02[^F]|8[^0])/p;} ' ' 5h;6{ H;g;/P/!p;} ' ' ($1~/^Cy/&&$3>'${p[9]}')||($1~/^Cond/&&$2!~/^N/) ' ' /:$/{ N;/:.+:/d;s/ *://;b0'$'\n'' };/^ *(V.+ [0N]|Man).+ /{ s/ 0x.... //;s/[()]//g;s/(.+: )(.+)/ (\2)/;H;};$b0'$'\n'' d;:0'$'\n'' x;s/\n\n//;/Apple[ ,]|Genesy|Intel|SMSC/d;s/\n.*//;/\)$/p;' ' s/^.*C/C/;H;${ g;/No th|pms/!p;} ' '/= [^GO]/p' '{$1=""};1' ' /Of/!{ s/^.+is |\.//g;p;} ' ' BEGIN { FS=":";if(system("sw_vers -productVersion|grep -q ^10\.1")) d="^'"${k[21]}"'launch(d\.peruser\.[0-9]+|ctl\.(Aqua|Background|System))$";} { if($2~/[1-9]/) { $2="status: "$2;printf("'"${f[4]}"'",$1,$2);} else if(!d||$1!~d) print $1;} ' ' { sub(/ :/,"");print|"tail -n'${p[10]}'";} ' ' NR==2&&$4<='${p[7]}' { print $4;} ' ' ($1~"wir"&&$2>'${p[22]}')||($1~"uts"&&$2>'${p[19]}') { print $1" "int($2);} ' '/YLD/s/=/ /p' ' { q=$1;$1="";u=$NF;$NF="";gsub(/ +$/,"");print q":"$0":"u;} ' ' /^ {6}[^ ]/d;s/:$//;/([^ey]|[^n]e):/d;/e: Y/d;s/: Y.+//g;H;${ g;s/ \n (\n)/\1/g;s/\n +(M[^ ]+)[ -~]+/ (\1)/;s/\n$//;/( {8}[^ ].*){2,}/p;} ' 's:^:/:p;' ' !/ /{print};END{if(NR<'{${p[12]},${p[13]}}')printf("^'"${k[21]}"'.+")} ' '|uniq' ' 1;END { if(NR<'{${p[14]},${p[21]}}') printf("^/[Sp]|'${k[21]}'");} ' ' /\.(framew|lproj)|\):/d;/plist:|:.+(Mach|scrip)/s/:.+//p;' '&&echo On' '/\.(bundle|component|framework|kext|mdimporter|plugin|qlgenerator|saver|wdgt)$/p' '/\.dylib$/p' ' /Temp|emac/{next};/(etc|Preferences|Launch[AD].+)\// { sub(".","");print;} END { split("'"${b[*]}"'",b);split("'"${c[*]}"'",c);for(i in b) print b[i]".plist\t"c[i];} ' ' /^\/(Ap|Dev|Inc|Prev)/d;/((iTu|ok).+dle|\.(component|mailbundle|mdimporter|plugin|qlgenerator|saver|wdgt))$/p;' ' $2=="=" { gsub(/[()"]/,"",$3);print $3;} ' ' /^\// { sub("/dev/","",$1);printf("%s: %s\n",$1,$9);} ' '>&-||echo No' '{print $3"\t"$1}' 's/\'$'\t''.+//p' 's/1/On/p' '/Prox.+: [^0]/p' '$2>'${p[2]}'{$2=$2-1;print}' ' BEGIN { M1='${p[16]}';M2='${p[18]}';M3='${p[8]}';M4='${p[3]}';} !/^A/{next};/%/ { getline;if($5<M1) o["CPU"]="CPU: user "$2"%, system "$4"%";next;} $2~/^disk/&&$4>M2 { o[$2]=$2": "$3" ops/s, "$4" blocks/s";next;} $2~/^(en[0-9]|bridg)/ { if(o[$2]) { e=$3+$4+$5+$6;if(e) o[$2]=o[$2]"; errors "e"/s";next;};if($4>M3||$6>M4) o[$2]=$2": in "int($4/1024)", out "int($6/1024)" (KiB/s)";} END { for(i in o) print o[i];} ' ' /r\[0\] /&&$NF!~/^1(0|72\.(1[6-9]|2[0-9]|3[0-1])|92\.168)\./ { print $NF;exit;} ' ' !/^T/ { printf "(static)";exit;} ' '/apsd|BKAg|OpenD/!s/:.+//p' ' (/k:/&&$3!~/(255\.){3}0/)||(/v6:/&&$2!~/A/) ' ' $1=="op" {m=$3};$1~"lN" {N=$2};$1~"lR" {S=$2};$1~"Tx" {T=$2};$1~/^st/ {s=$2};$1~"li"&&$3!~"wpa2" {printf("'"${f[5]}"'",toupper($3))};END { if(S*N*T&&(S-N<'${p[5]}'||T<'${p[20]}')) printf("'"${f[8]}"'",S,N,T);if(s~/^r/&&m!~/^st/) printf("'"${f[6]}"'",m);} ' ' BEGIN { FS=":";} { n=split($3,a,".");sub(/_2[01].+/,"",$3);print $2" "$3" "a[n]$1;} ' ' BEGIN { split("'"${p[1]}"'",m);FS=":";} $2<=m[$1]{next} $1<9 { o[$1]=o[$1]"\n   "$3" (UID "$4"): "$2;} $1==9&&$5!~"^/dev" { o[$1]=o[$1]"\n   "$3" (UID "$4") => "$5" (status "$6"): "$2;} $1==10&&$5 { p="ps -c -ocomm -p"$5"|sed 1d";p|getline n;close(p);if(n) $5=n;o[$1]=o[$1]"\n   "$5" => "$3" UID ("$4"): "$2;} $1~/1[12]/ { o[$1]=o[$1]"\n   "$3" (UID "$4", error "$5"): "$2;} END { u1="Mb/s";u2="per sec";u3="ms/s";u4="KiB/s";u5="%";u6="total";u7="MB";u8="ports";u[1]=u1;u[2]=u1;u[3]=u3;u[4]=u4;u[5]=u5;u[6]=u6;u[7]=u7;u[8]=u8;u[9]=u2;u[10]=u2;u[11]=u2;u[12]=u2;l[1]="Net in";l[2]="Net out";l[3]="I/O wait time";l[4]="I/O requests";l[5]="CPU usage";l[6]="Open files";l[7]="Memory";l[8]="Mach ports";l[9]="File opens";l[10]="Forks";l[11]="Failed forks";l[12]="System errors";for(i in o) print "\n"l[i]" ("u[i]")\n"o[i];} ' ' END{if($3~/[0-9]/)print$3} ' ' BEGIN { L='${p[17]}';} !/^[[:space:]]*(#.*)?$/ { l++;if(l<=L) f=f"\n   "$0;} END { F=FILENAME;if(!F) exit;if(!f) f="\n   [N/A]";"cksum "F|getline C;split(C, A);C=A[1];"stat -f%Sm "F|getline D;"file -b "F|getline T;if(T~/^Apple b/) { f="";l=0;while("'"${k[18]}"' "F|getline g) { l++;if(l<=L) f=f"\n   "g;};};if(T!~/^(AS.+ (En.+ )?text(, with v.+)?$|(Bo|PO).+ sh.+ text ex|XM)/) F=F"\n   '"${k[22]}"'"T;printf("'"${f[9]}"'",F,D,C,f);if(l>L) printf("'"${f[7]}"'",l-L);} ' ' s/^ ?n...://p;s/^ ?p...:/-'$'\t''/p;' 's/0/Off/p' 's/^.{52}(.+) <.+/\1/p' ' /id: N|te: Y/{i++} END{print i} ' ' /kext:/ { split($0,a,":");p=a[1];k[S]='${k[25]}';k[U]='${k[26]}';v[S]="Safe";v[U]="true";for(i in k) { s=system("'"${k[18]}"'\\ :"k[i]" \""p"\"/*/I*|grep -qw "v[i]);if(!s) a[1]=a[1]" "i;};if(!a[2]) a[2]="'"${k[23]}"'";printf("'"${f[4]}"'",a[1],a[2]);next;} !/^ *$/ { p="'"${k[19]}"'\\ :'"${k[16]}"' \""$0"\"/*/'${k[20]}'";p|getline b;close(p);if(b~/ /||b=="") b="'"${k[23]}"'";printf("'"${f[4]}"'",$0,b);} ' '/ en/!s/\.//p' ' NR>=13 { gsub(/[^0-9]/,"",$1);print;} ' ' $10~/\(L/&&$9!~"localhost" { sub(/.+:/,"",$9);print $1": "$9|"sort|uniq";} ' '/^ +r/s/.+"(.+)".+/\1/p' 's/(.+\.wdgt)\/(Contents\/)?'${k[20]}'$/\1/p' 's/^.+\/(.+)\.wdgt$/\1/p' ' /l: /{ /DVD/d;s/.+: //;b0'$'\n'' };/s: /{ /V/d;s/^ */- /;H;};$b0'$'\n'' d;:0'$'\n'' x;/APPLE [^:]+$/d;p;' '/^find: /!p;' ' /^p/{ s/.//g;x;s/\nu/:/;s/(\n)c/\1:/;s/\n\n//;p;};H;' ' BEGIN{FS="= "} /Path/{print $2} ' ' /^ *$/d;s/^ */   /;p;' ' s/^.+ |\(.+\)$//g;p;' '1;END{if(NR<'${p[15]}')printf("^/(S|usr/(X|li))")}' ' /2/{print "WARN"};/4/{print "CRITICAL"};' ' /EVHF|MACR|^s/d;s/^.+: //p;' ' $3~/^[1-9][0-9]{0,2}(\.[1-9][0-9]{0,2}){2}$/ { i++;n=n"\n"$1"\t"$3;} END{ if(i>1)print n} ' s/{'\.|jnl: ','P.+:'}'//;s/ +([0-9]+)(.+)/\2 \1/p' ' /es: ./{ s/^.+://;b0'$'\n'' };/^ +C.+ted: +[NY]/H;/:$/b0'$'\n'' d;:0'$'\n'' x;/: +N/d;s/\n.+//p;' ' 1d;/:$/b0'$'\n'' $b0'$'\n'' /(D|^ *Loc.+): /{ s/^.+: //;H;};/(B2|[my]): /H;d;:0'$'\n'' x;/[my]: [AM]|m: I.+p$|^\/Vo/d;s/(^|\n) [ -~]+//g;s/(.+)\n(.+)/\2:\1/;s/\n//g;/[ -~]/p;' 's/$/:(0|-(4[34])?)$/p' '|sort'{'|uniq'{,\ -c},\ -nr} ' s/^/'{5,6,7,8}':/;s/ *: */:/g;p;' '/e:/{print $2}' ' /^[(]/{ s/....//;s/$/:/;N;/: [)]$/d;s/\n.+ ([^ ]+).$/\1/;H;};${ g;p;} ' 's/:.+$//p' '|wc -l' /{\\.{kext,xpc,'(appex|pluginkit)'}'\/(Contents\/)?'Info,'Launch[AD].+'}'\.plist$/p' 's/([-+.?])/\\\1/g;p' 's/, /\'$'\n/g;p' ' BEGIN{FS=":"} { printf("'"${f[10]}"'",$1/1048576,$2);} ' ' /= D/&&$1!~/'{${k[24]},${k[17]}}'/ { getline d;if(d~"t") D=D"\n"$1;} END { print D;} ' ' NR>1&&$3!~/0x|\.([0-9]{3,}|[-0-9A-F]{36})$/ { print $3":"$2;} ' '|tail -n'${p[6]} ' $1>1 { $NF=$NF" x"$1;} /\*/ { if(!f) f="\n\t* Code injection";} { $1="";} 1;END { print f;} ' ' s/.+bus /Bus: /;s/,.+[(]/ /;s/,.+//p;' ' { $NF=$NF" Errors: "$1;$1="";} 1 ' ' 1s/^/\'$'\n''/;1s/:/ tree/;/^ +[MPSV].+: ./d;s/:$//;p;' 's/,.+"//p' '|grep -q e:/' '/[^ .]/p' '{ print $1}' );c1=(system_profiler pmset\ -g nvram fdesetup find syslog df vm_stat sar ps crontab kextfind top pkgutil "${k[18]}\\" echo cksum kextstat launchctl smcDiagnose sysctl\ -n defaults\ read stat lsbom 'mdfind -onlyin /' env pluginkit scutil 'dtrace -q -x aggsortrev -n' profiles sed\ -En awk /S*/*/P*/*/*/C*/*/airport networksetup mdutil lsof test osascript\ -e netstat mdls route egrep 'dscl . -read' );c2=(${k[21]}loginwindow\ LoginHook ' /L*/P*/loginw*' "'tell app \"System Events\" to get properties of login items'" 'L*/Ca*/'${k[21]}'Saf*/E* -d 2 -name '${k[20]} '~ $TMPDIR.. \( -flags +sappnd,schg,uappnd,uchg -o ! -user $UID -o ! -perm -600 \)' -i '-nl -print' '-F \$Sender -k Level Nle 3 -k Facility Req "'${k[21]}'('{'bird|.*i?clou','lsu|sha'}')"' "-f'%N: %l' Desktop L*/Keyc*" therm sysload boot-args status " -F '\$Time \$Message' -k Sender kernel -k Message CRne '0xdc008012|calling|(complet|enabl)ed|ry HD' -k Message CReq 'bad |Can.t l|corru|dead|fail|GPU |hfs: Ru|inval|Limiti|v_c|NVDA\(|pagin|error|Refus|TCON|tim(ed? ?|ing )o|WARN' " '-du -n DEV -n EDEV 1 10' 'acrx -o%cpu,comm,ruid' "' syscall::recvfrom:return {@a[execname,uid]=sum(arg0)} syscall::sendto:return {@b[execname,uid]=sum(arg0)} syscall::open*:entry {@c[execname,uid,copyinstr(arg0),errno]=count()} syscall::execve:return, syscall::posix_spawn:return {@d[execname,uid,ppid]=count()} syscall::fork:return, syscall::vfork:return, syscall::posix_spawn:return /arg0 < 0/ {@e[execname,uid,arg0]=count()} syscall:::return /errno != 0/ {@f[execname,uid,errno]=count()} io:::wait-start {self->t=timestamp} io:::wait-done /self->t/ { this->T=timestamp - self->t;@g[execname,uid]=sum(this->T);self->t=0;} io:::start {@h[execname,uid]=sum(args[0]->b_bcount)} tick-10sec { normalize(@a,2560000);normalize(@b,2560000);normalize(@c,10);normalize(@d,10);normalize(@e,10);normalize(@f,10);normalize(@g,10000000);normalize(@h,10240);printa(\"1:%@d:%s:%d\n\",@a);printa(\"2:%@d:%s:%d\n\",@b);printa(\"9:%@d:%s:%d:%s:%d\n\",@c);printa(\"10:%@d:%s:%d:%d\n\",@d);printa(\"11:%@d:%s:%d:%d\n\",@e);printa(\"12:%@d:%s:%d:%d\n\",@f);printa(\"3:%@d:%s:%d\n\",@g);printa(\"4:%@d:%s:%d\n\",@h);exit(0);} '" '-f -pfc /var/db/r*/'${k[21]}'*.{BS,Bas,Es,J,OSXU,Rem,up}*.bom' '{/,}L*/Lo*/Diag* -type f -regex .\*[cght] ! -name .?\* ! -name \*ag \( -exec grep -lq "^Thread c" {} \; -exec printf \* \; -o -true \) -execdir stat -f:%Sc:%N -t%F {} \;' '/S*/*/Ca*/*xpc*' '-L /{S*/,}L*/StartupItems -type f -exec file {} +' kMDItemContentTypeTree=${k[21]}{bundle,mach-o-dylib} :Label "/p*/e*/{aut*,{cron,fs}tab,hosts,{[lp],sy}*.conf,mach_i*/*,pam.d/*,ssh{,d}_config,*.local} {/p*,/usr/local}/e*/periodic/*/* /L*/P*{,/*}/com.a*.{Bo,sec*.ap}*t {/S*/,/,}L*/{Lau,Sec}*/*t .launchd.conf" list '-F "" -k Sender hidd -k Nle 3' /Library/Preferences/${k[21]}alf\ globalstate --proxy '-n get default' -I --dns -get{dnsservers,info} -P -m\ / '' -n1 '-R -ce -l1 -n5 -o'{'prt -stats prt','mem -stats mem'}',command,uid' -kl -l -s\ / '--regexp --files '${k[21]}'pkg.*' '+c0 -i4TCP:0-1023' ${k[21]}dashboard\ layer-gadgets '-d /L*/Mana*/$USER' '-app Safari WebKitDNSPrefetchingEnabled' '-Fcu +c0 -l' -m 'L*/{Con*/*/Data/L*/,}Pref* -type f -size 0c -name *.plist.???????' kern.memorystatus_vm_pressure_level '3>&1 >&- 2>&3' '-F \$Message -k Sender kernel -k Message CReq "'{'n Cause: -','(a und|I/O |jnl_io.+)err','USBF:'}'"' -name\ kMDItem${k[16]} -T\ hfs '-n get default' -listnetworkserviceorder :${k[16]} :CFBundleDisplayName $EUID {,'/{S*/,}'}'L*/{,Co*/*/*/L*/}{Cache,Log}s $TMPDIR../C -type f -size +'${p[11]}'M -exec stat -f'%z:%N' {} \;' \ /v*/d*/*/*l*d{,.*.$UID}/* '-app Safari UserStyleSheetEnabled' "-o ',\"name\":\"[^\"]+' L*/A*/Fi*/P*/*/a*.json" users/$USER\ HomeDirectory '{/,}L*/{Con,Pref}* -type f ! -size 0 -name *.plist -exec plutil -s {} \;' ' -F "\$Time \$Sender \$(RefProc): \$Message" -k Level Nle 3 -k Facility R'{'ne "user|','eq "'}'console" -k Message CRne "sandbox ex" ' getenv );N1=${#c2[@]};for j in {0..15};do c2[N1+j]=SP${k[j]}DataType;done;l=({Restricted\ ,Lock,Pro}files POST Battery {Safari,App,{Bad,Loaded}\ kernel,Firefox}\ extensions System\ load boot\ args FileVault\ {2,1} {Kernel,System,Console}\ log Activity SMC Login\ hook 'I/O per process' 'High file counts' UID Daemons Agents XPC\ cache Startup\ items {Admin,Root}\ access Bundles Library\ paths{,' ('{shell,launchd}\)} Font\ issues Firewall Proxies DNS TCP/IP Wi-Fi 'Elapsed time (sec)' {Root,User}\ crontab {Global,User}' login items' Spotlight Memory\ pressure Listeners Widgets Parental\ Controls Prefetching Nets Volumes {Continuity,I/O,iCloud,HID,HCI}\ errors {User,System}\ {caches/logs,overrides} Shutdown\ codes Heat Diagnostic\ reports Bad\ plists Free\ space VM Stylesheet );N3=${#l[@]};for i in {0..8};do l[N3+i]=${k[5+i]};done;F() { local x="${s[$1]}";[[ "$x" =~ ^([\&\|\<\>]|$) ]]&&{ printf "$x";return;};:|${c1[30]} "$x" 2>&-;printf "%s \'%s\'" "|${c1[30+$?]}" "$x";};A0() { Q=6;v[2]=1;id -G|grep -qw 80;v[1]=$?;((v[1]))||{ Q=7;sudo -v;v[2]=$?;((v[2]))||Q=8;};v[3]=`date +%s`;date '+Start time: %T %D%n';printf '\n[Process started]\n\n'>&4;printf 'Revision: %s\n\n' ${p[0]};};A1() { local c="${c1[$1]} ${c2[$2]}";shift 2;c="$c ` while [[ "$1" ]];do F $1;shift;done`";((P2))&&{ c="sudo $c";P2=;};v=`eval "$c"`;[[ "$v" ]];};A2() { local c="${c1[$1]}";[[ "$c" =~ ^(awk|sed ) ]]&&c="$c '${s[$2]}'"||c="$c ${c2[$2]}";shift 2;local d=` while [[ "$1" ]];do F $1;shift;done`;((P2))&&{ c="sudo $c";P2=;};local a;v=` while read a;do eval "$c '$a' $d";done<<<"$v";`;[[ "$v" ]];};A3(){ v=$((`date +%s`-v[3]));};B1() { v=No;! ((v[1]))&&{ v=;P1=1;};};eval "`type -a B1|sed '1d;s/1/2/'`";B3(){ v[$1]="$v";};B4() { local i=$1;local j=$2;shift 2;local c="cat` while [[ "$1" ]];do F $1;shift;done`";v[j]=`eval "{ $c;}"<<<"${v[i]}"`;};B5(){ v[$1]="${v[$1]}"$'\n'"${v[$2]}";};B6() { v=` paste -d: <(printf "${v[$1]}") <(printf "${v[$2]}")|awk -F: ' {printf("'"${f[$3]}"'",$1,$2)} ' `;};B7(){ v=`egrep -v "${v[$1]}"<<<"$v"|sort`;};eval "`type -a B7|sed '1d;s/7/8/;s/-v //'`";C0() { [[ "$v" ]]&&sed -E "$s"<<<"$v";};C1() { [[ "$v" ]]&&printf "${f[$1]}" "${l[$2]}" "$v"|sed -E "$s";};C2() { v=`echo $v`;[[ "$v" != 0 ]]&&C1 0 $1;};C3() { B4 0 0 63&&C1 1 $1;};C4() { echo $'\t'"Part $((++P)) of $Q done at $((`date +%s`-v[3])) sec">&4;};C5() { sudo -k;pbcopy<<<"$o";printf '\n\tThe test results are on the Clipboard.\n\n\tPlease close this window.\n';exit 2>&-;};for i in 1 2;do eval D${i}0'(){ A'$i' $@;C0;};';for j in 2 3;do eval D$i$j'(){ local x=$1;shift;A'$i' $@;C'$j' $x;};';done;done;trap C5 2;o=$({ A0;D10 0 N1+1 2;D10 0 $N1 1;B1;C2 27;B1&&! B2&&C2 28;D12 22 15 63;D10 0 N1+2 3;D10 0 N1+15 17;D13 3 0 N1+3 4;D13 4 0 N1+4 5;D13 N3+4 0 N1+9 59;for i in 0 1 2;do D13 N3+i 0 N1+5+i 6;done;D13 N3+3 0 N1+8 71;D13 62 1 10 7;D13 10 1 11 8;B2&&D13 18 19 53 67;D12 11 2 12 9;D12 12 3 13 10;D12 13 42 70 101 25;D12 65 6 36 13;D12 45 20 52 66;D13 66 7 37 14;D13 17 8 15 38;D10 9 16 16 77 45;C4;B2&&D10 35 49 61 75 76 78 45;B2&&{ D10 28 17 45;C4;};D10 12 40 54 16 79 45;D10 12 39 54 16 80 45;D13 31 25 37 15&&{ B4 0 8 103;B4 8 0;A2 18 74;B6 8 0 3;C3 32;};B2&&D13 19 21 0;B2&&D13 40 10 42;B2&&D12 2 29 35 46;D12 44 34 43 53;D12 25 22 20 32;D12 33 0 N1+14 51;D12 34 21 28 35;D13 35 27 29 36;A1 40 59 81;B3 18;A1 33 60 82;B8 18;B4 0 19 83;A1 27 32 39&&{ B3 20;B4 19 0;A2 33 33 40;B3 21;B6 20 21 3;};C2 36;D13 50 38 5 68;B4 19 0;D23 37 33 34 42;B2&&D13 46 35 45 55;D13 38 32 31 43;B2&&D13 59 4 65 76 91;D13 63 4 19 44 75 95 96;B1&&{ D13 53 5 55 75 69&&D13 51 6 58 31;D13 56 5 56 97 75 98&&D10 0 N1+7 99;D12 55 5 27 84;D13 61 5 54 75 70;D13 14 5 14 12;D13 15 5 72 12;C4;};D13 16 5 73 12;A1 13 44 74 18;C4;B3 4;B4 4 0 85;A2 14 61 89;B4 0 5 19 102;A1 17 41 20;B7 5;C3 8;B4 4 0 88;A2 14 24 89;C4;B4 0 6 19 102;B4 4 0 86;A2 14 61 89;B4 0 7 19 102;B5 6 7;B4 6 6 73 102;B2&&{ A1 18 26 94;B7 6;B4 0 0 11;C3 23;};A1 18 26 94;B7 6;B4 0 0 11;C3 24;D13 60 14 66 92;D13 58 14 67 93;D13 26 4 21 24;D13 42 14 1 62;D13 43 37 2 90 48;D13 41 10 42;D12 48 36 47 25;A1 4 3 60&&{ B3 5;A2 14 61;B4 0 6 21;B4 5 0;A2 14 62;B4 0 0 21;B6 0 6 4;C3 5;};D13 9 41 69 100;D12 67 21 68 35;D12 49 21 48 49;B4 4 22 57 102;A1 21 46 56 74;B7 22;B4 0 0 58;C3 47;D13 54 5 7 75 76 69;D13 52 5 8 75 76 69;D13 57 4 64 76 91;D12 0 4 4 84;D12 1 4 51 84;D13 21 22 9 37;A1 23 18 28 89;B4 0 16 22 102;A1 16 25 33;B7 16;B4 0 0 34;D20 31 47;D13 64 4 71 41;C4;B4 4 12 26 89 23 102;for i in {0..3};do A1 0 N1+10+i 72 74;B7 12;B4 0 0 52;C3 N3+5+i;((i))||C4;done;A1 24 22 29;B7 12;B3 14;A2 39 57 30;B3 15;B6 14 15 4;C3 29;B4 4 13 27 89 65;A1 24 23;B7 13;C3 30;B4 4 0 87;A2 14 61 89 20;B4 0 16;A1 26 50 64;B7 16;C3 6;D13 7 11 6;A3;C2 39;C4;} 4>&2 2>/dev/null;);C5
  Copy the selected text to the Clipboard by pressing the key combination command-C.
  8. Launch the built-in Terminal application in any of the following ways:
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  ☞ Open LaunchPad and start typing the name.
  Click anywhere in the Terminal window and paste by pressing command-V. The text you pasted should vanish immediately. If it doesn't, press the return key.
  9. If you see an error message in the Terminal window such as "Syntax error" or "Event not found," enter
  exec bash
  and press return. Then paste the script again.
  10. If you're logged in as an administrator, you'll be prompted for your login password. Nothing will be displayed when you type it. You will not see the usual dots in place of typed characters. Make sure caps lock is off. Type carefully and then press return. You may get a one-time warning to be careful. If you make three failed attempts to enter the password, the test will run anyway, but it will produce less information. In most cases, the difference is not important. If you don't know the password, or if you prefer not to enter it, just press return three times at the password prompt. Again, the script will still run.
  If you're not logged in as an administrator, you won't be prompted for a password. The test will still run. It just won't do anything that requires administrator privileges.
  11. The test may take a few minutes to run, depending on how many files you have and the speed of the computer. A computer that's abnormally slow may take longer to run the test. While it's running, a series of lines will appear in the Terminal window like this:
  [Process started]
          Part 1 of 8 done at … sec
          Part 8 of 8 done at … sec
          The results are on the Clipboard.
          Please close this window.
  [Process completed]
  The intervals between parts won't be exactly equal, but they give a rough indication of progress. The total number of parts may be different from what's shown here.
  Wait for the final message "Process completed" to appear. If you don't see it within about ten minutes, the test probably won't complete in a reasonable time. In that case, press the key combination control-C or command-period to stop it. Then go to the next step.
  12. When the test is complete, or if you stopped it because it was taking too long, quit Terminal. The results will have been copied to the Clipboard automatically. They are not shown in the Terminal window. Please don't copy anything from there. All you have to do is start a reply to this comment and then paste by pressing command-V again.
  At the top of the results, there will be a line that begins with the words "Start time." If you don't see that, but instead see a mass of gibberish, you didn't wait for the "Process completed" message to appear in the Terminal window. Please wait for it and try again.
  If any private information, such as your name or email address, appears in the results, anonymize it before posting. Usually that won't be necessary.
  13. When you post the results, you might see an error message on the web page: "You have included content in your post that is not permitted," or "You are not authorized to post." That's a bug in the forum software. Please post the test results on Pastebin, then post a link here to the page you created.
  14. This is a public forum, and others may give you advice based on the results of the test. They speak only for themselves, and I may not agree with them.
  Copyright © 2014, 2015 by Linc Davis. As the sole author of this work, I reserve all rights to it except as provided in the Use Agreement for the Apple Support Communities website ("ASC"). Readers of ASC may copy it for their own personal use. Neither the whole nor any part may be redistributed.

• ISE with CWA and wired guest access via WLC Anchor

  Can an Anchor WLC (WLCa) provide a wired guest LAN service if the wlan guest access is using CWA?
  We are deploying a WLAN only ISE solution (it is a full license ISE though) but they just want a few wired guest ports.  I was hoping to add L2 switch to the DMZ where the WLCa is and that the L2 switch wouldnt need any other config as the WLCa just bridges the wired to the wlan vlan.  This Im sure i have done before.
  So now I have set wiredguest the same as i have done before ISE and my wired clients get an IP address, but when they redirect, the URL they get is different, and the redirect just doesnt work.
  It comes out as:
  https://my_ise_ip:8443/guestportal/Login.action?switch_url=https://my_ise_host/login.html&wlan=my_wired_guest_lan&redirect=www.google.co.uk
  So does my simple L2 only switch need an ISE config on it or should the WLCa be handling or the redirection just as it would for a wlan device.

  The ISE never receives an auth entry, so i dont believe the redirect is working for the wired client.  So even though the clients browser gets a redirect url which fails connection, the client info in the WLCa doesnt have a redirect ACL listed like a wlan client would

• WLC and ISE guest access COA

  We are migrating to ISE for guest access and are having problems with the COA being delivered after a successful authentication.  ISE attempts to send it but nothing changes on the WLC.  The message in ISE is Dynamic Authorization failed and a message that ISE didn't receive a response from the NAD, verify communication.  What is odd is the original guest request comes in from the IP address of the service port on the WLC but anything doing with the COA is seen from the management.  I have both IP's defined for the device in ISE.  I am about to do a session reauthentication within ISE and the WLC applies the changes.  I have verified that RFC 3576 is enabled, but the show radius rfc3576 stats shows no values.  The WLC is running 7.6.130.  I have attempted to debug on the WLC side to see if the message is even being delivered but non the debugs i have attempted seem to offer any good information.
  Anyone have any suggestions?  
  Thanks,
  Joe

  Hi Joe,
  I dont really know what you are trying to do with the COA , as it is used in the CWA solution and BYOD solution as well. But even before trying that , I would advise you to go step by step and solve the n/w issue first. You are able to see the request from service port which should not happen because then the incoming/outgoing traffic takes different path. You must be facing this situation as you might have some network routes matching ISE subnet/Ip address in the GUI>Controller>Network routes as there is no need of those routes. If the service port needs to be used during controller down scenario then use a laptop in the same subnet of Service port ip and connect to the service port.
  Regards
  Dhiresh
  **Please rate helpful posts**

• ISE - Guest Access (without portal)

  Hi Guys,
  I have a customer who current is using the cwa portal for guest access. Corporate use will be added in the future sometime next year.
  Kit involved:
  5508 - Internal (Inside Net)
  5508 - Anchor (DMZ Net)
  ISE - Inside Net
  3600 APs
  Presently, guest user connects, anchored to DMZ 5508, issued IP address from server in DMZ and DNS redirect to the web portal from same server. guest logs in and internet access through ASA and then content filtering box.
  They want a solution whereby they do not have to use the portal for corporate user with their own devices such as ipads. I know BYOD is a possiblity but would involve using a CA server on the inside of the network. This is not something I'm keen as it opens a channel from the guest network directly to their AD infrastructure.
  I'm leaning toward PEAP authentication atm using a GoDaddy SSL cert that is already installed. This would bypass the portal system and only involve client devices being configured once.
  Is there any other option that would be simple to setup as this is on a limited timescale ?
  Cheers,
  Nick

  Nick,
  They want a solution whereby they do not have to use the portal for  corporate user with their own devices such as ipads. I know BYOD is a  possiblity but would involve using a CA server on the inside of the  network. This is not something I'm keen as it opens a channel from the  guest network directly to their AD infrastructure.
  If you are referring to supplicant provisioning, the scep enrollment request is proxied from ISE and the private key and cert is transferred to the endpoint. This doesnt require your guest network having direct access to AD....just to ISE.
  Tarik Admani
  *Please rate helpful posts*

• Wired Guest Access

  Hi!
  I enabled Wired Guest Access to connect Wired Ethernet Users to WLC. It doesn't explained on user guide how WLC does? If WLC strips 802.3 frame and encapsultes it with 802.11 or not. Any way, I couldn't redirect the ethernet flux to WLC and then to the external controller authenticator (Captive portal authentication).  Need a help!
  Cheers!

  In order to provide the wired guest access, the designated ports in the layer-2 access layer switch need to be configured on the guest VLAN by the administrator. The guest VLAN must be separate from any other VLANs that are configured on this switch. The guest VLAN traffic is trunked to the nearest WLAN local controller. The local controller tunnels the guest traffic across a EoIP tunnel to a DMZ Anchor controller. This solution requires at least two controllers.
  Here is the URL for the Wired Guest Access using Cisco WLAN Controllers Configuration
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00808ed026.shtml#ancwlan