SNMP web authenticated users wlc 5508

Hello everyone,
I am using web authentication with my Wlc 5508 and I would like to check all users currently connected (ip, login used, MAC address, ...) with SNMP.
I am using an external web server and my client are authenticated with ldap.
I know I can receive these information with traps, but I would like to create a short program which will check all users when I click on a button.
Can anyone help me ?
Thanks a lot for your answers.

Hello Julien,
Thank you for the info. +5 for solving your own problem.
Regards,
Amjad
Rating useful replies is more useful than saying "Thank you"

Similar Messages

  • How many web authentication users do 2125 support?

    when 2125 use local database for web authentication. how many web authentication users do 2125 support?

    thank you very much!!
    醉生梦死谁成气,拓马长枪定乾坤
    Date: Fri, 19 Aug 2011 01:10:43 -0600
    From: [email protected]
    To: [email protected]
    Subject: - Re: how many web authentication users do 2125 support?
    Cisco Support Community
    Re: how many web authentication users do 2125 support? created by pcroak in Getting Started with Wireless - View the full discussion
    Hello Yuliang,
    The maximum number of local database accounts that could be created is 2048. You can configure the size of the local database with the command:
    config database size <512-2048>
    NOTE: This local database count is shared between the following entries:
    MAC filters (clients)
    AP MIC/SSC (AP authorization list)
    Dynamic Interfaces
    Management users
    Local net users
    Excluded Clients
    If you are asking about the number of simultaneous wireless clients, I believe the 2125 supports 350 active wireless clients.
    -Patrick Croak
    Wireless TAC
    Reply to this message by going to Cisco Support Community
    Start a new discussion in Getting Started with Wireless at Cisco Support Community

  • Users with a https home page are not redirected when using web-passthrough on WLC 5508

    I have a Cisco 5508 running version 7.0.116.0.  This controller hosts an open public wifi that requires users to accept a terms agreement via a Web-Passthrough setup that redirects them to the terms splash page.  For most people this works without any issue.  However, if a user has their homepage for their default browser set to a https site, such as https://www.google.com, then they are never redirected to the terms splash page.  The page will just spin and spin until finally they get a timeout error.
    Has anyone else had this experience?  If so did you find a solution or is this some sort of short coming of the controller?
    Any and all comments/information is appreciated!
    Thanks,
    Jim

    This is a known issue (see bug ID CSCar04580).
    CSCar04580 Bug Details
    web auth (redirect) doesn't work when client users a https url
    Symptom:A client whose home page is an HTTPS (HTTP over SSL, port 443) one will never
    be redirected by Web Auth to the web authentication dialog. Therefore, such
    a client will not know to authenticate, and will fail to connect to the
    network.
    Workaround:The client should attempt to open any HTTP (port 80) web page.

  • SNMP TRAP ON Secondary WLC 5508

    Hi I'm Louis,
    I work on 2 WLC 5508 with version 7.4 and Prime Infrastructure 1.3
    We have activate AP SSO to work with a primary and secondary controller.
    We have added the controller to Prime infrastructure and activated SNMP.
    We receive correctly the alarms on Prime.
    But when we work on Primary WLC, and the secondary crash we haven't got information about that. No SNMP received.
    That is normal ?
    Thx for your reply
    Regards

    I find this, in Monitoring and Troubleshooting the Redundancy States
    http://www.cisco.com/en/US/docs/net_mgmt/prime/infrastructure/1.2/user/guide/chgdevconfig.html
    On my primary controller, in SNMP => Trap Log , I can see :
    RF failure notification ErrorType: 34 Reason :Lost Peer, Moving to Active-No-Peer State! => When I unplug RP link
    RF progress notification unitId: -1407319963 peerUnitId :14 unitState: -1407319863 peerUnitState :5
    RF progress notification unitId: -1407319963 peerUnitId :14 unitState: -1407319863 peerUnitState :9  => When I plug the RP link.
    So I can see the trap on my controller but there is nothing in Prime ...

  • SNMP "Access Point" Lightweight WLC 5508

    Hello
    It is possible to configure SNMP in an AP lightweight with WLC 5508 to get some information with snmpwalk as a AP Serial number?
    Thanks for your help
    Regards

    It is possible to configure SNMP in an AP lightweight with WLC 5508 to get some information with snmpwalk as a AP Serial number?
    Yes and no. 
    The details of the S/N are all found in the WLC.  So if you need to do an SNMPwalk, do it on the WLC.

  • Web authentication on WLC fails to redirect when we enter URL i browser

    I have a problem with a customer of mine. We have deployed two new WLC5508 running r7.0.116.0 and AP1142s, also WCS with r7.0.172. When we setup a "Guest Access" we ran into trouble .....
    The problem is that we can associate to the SSID/AP and get an ip-adress. When we open the web-browser we do not get redirected to the virtual interface but instead the _hostname_ of the WLC. Like this:
    https://cisco6a19c4/login.html?redirect=nyttintranet.sem10.se/
    I we manually replace "cisco6a19c4" with 1.1.1.1 it works as it should, the login page appears, we login and can access the internet.We have tested and disabled web-auth on the ssid an everything works, we can directly go out on the internet, DNS works without any problems.
    A little more info:
    2x WLC5508 runnnig r7.0.116.0 and APs are 1142
    WLCs connected to Cat4503 via LAG
    Guest network (VLAN) is transfered from WLC via the trunk to the Cat4503 and then connected on a access-port to a separate broadband-router, then to the inetrnet.
    DHCP to guest-users from separate broadband-router which is def gwy and "DNS".
    On the virtual interfaces no hostname is configured.
    ANY ideas??!?!?!???
    Best Regards
    Göran Blomqvist

    Ooop....  waddyaknow....  As it turned out, one of the WLC _did have_ a name configured under the virtual interface, of course it was NOT the one that "our" AP was associated with....
    That has now been corrected and the guest access is working as intended......
    (Oh, yes we tried  with 3 PCs and 2 smartphones when we discovered the 'malfunction'....)
    Thanx for the mental push Stefan!!
    Regards
    Göran

  • WLC web authentication ACL to allow internet surfing only

    Hi forumers'
    I would like to restrict web authentication user to access to my other network devices. web authentication user only cna goto internet, that's all.
    according to my attachment, am i writing the right ACL syntax and apply this at the web authentication interface?
    i also try on this ACL at my core switch but seem not success.
    ip access-list extended ACL-VLAN-20
    permit tcp 172.16.20.0 0.0.0.255 host 1.1.1.1
    permit tcp 172.16.20.0 0.0.0.255 host 2.1.1.1
    permit tcp 172.16.20.0 0.0.0.255 any eq 80
    permit tcp 172.16.20.0 0.0.0.255 any eq 443
    deny tcp 172.16.20.0 0.0.0.255 172.16.1.0 0.0.0.31
    deny tcp 172.16.20.0 0.0.0.255 host 172.16.1.100
    int vlan 20
    ip access-group ACL-VLAN-20 in
    any problem with it?
    well, as long as can block web authenticaiton user only goto internet then serve my purpose
    thanks
    Noel

    This should work
    deny ip 172.16.20.0 0.0.0.255 172.16.1.0 0.0.0.31    (deny all IP traffic from guest to internal)
    permit udp 172.16.20.0 0.0.0.255 any eq 53              (or list the specific servers you want them to use)
    permit tcp 172.16.20.0 0.0.0.255 any eq 80               (allows HTTP but only outside as the deny stops internal)
    permit tcp 172.16.20.0 0.0.0.255 any eq 443             (allows HTTPS but only outside as the deny stops internal)
    but you need to add a permit for UDP 53, so that the client can talk to DNS as well, as added above.  I also put the deny the access to the internal resources higher in the list, otherwise they are allowed to access your internal HTTP/HTTPS servers.  If you want to allow that, it's better to permit the explicit servers
    You don't necessarily need to allow the 1.1.1.1 and 2.1.1.1 assuming one these are your virtual interface address
    When you do the ACL on the WLC, you need to do the inverse ACL as well.  So you need to allow teh 172.16.20.0 and the any to 172.16.20.0
    But I'd recommend that you put the ACL on the L3, that way it's easily visible to all the network engineers incase there are issues.
    HTH,
    Steve

  • Having trouble with web authentication in 5504

    Hi everybody,
    We´re experiencing a trouble with our Wireles LAN solution. We have a WLC 5504, a ACS 4.2 and APs 1131AG.
    After deploying the solution and doing some tests we noticed when a user attempted to connect by wireless network there was too much delay since they clicked ie (internet explorer) until web authentication into WLC was shown. the delay was around 3 minutes. This issue also ocurrs despite of doing a test from my laptop that was next to one access point, then, I moved to another access point and the result was the same, a laptop problem is ruled out.
    Has anybody ever had this kind of trouble? , How could I reduce this time?, is it possible?, Which part of configuration shoud I check?
    Regards,
    Manuel

    Friends,
    I´ve made a mistake. Our WLC is a 4404.  
    Regards,
    Manuel

  • Wirless controller with web authentication

                       hi all,
    i am having wirless controller cisco 2500 series. i want to know how many web authentication users i can create in the 2500 series controller with time out option for each users.
    i know it will support the web authentication for internet access for the users but i need to know how many it will accept at a time with hours specification.
    thanks
    cyril

    Database Size on the WLC - The local user database is limited to a maximum of 2048 entries.
    The local database on the WLC stores entries for these items
    Local management users (including lobby ambassadors)
    Local network users (including guest users)
    MAC filter entries
    Exclusion list entries
    Access point authorization list entries
    http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080a49cd7.shtml

  • Repeated wlc 5508 client web authentication

    I'm trying to troubleshoot a situation where many of our guest wireless users are repeatedly being prompted to reauthenticate via the web interface.  the session timeout is set to 4 hours, however, many times a client is presented with a web authentication screen right in the middle of browsing at random times.
    I do have several system log entries, but cannot find the specific entries in the Error code reference for the WLC.  For example, I don't find anything on %AAA-3-VALIDATE_GUEST_SESSION_FAILED: file_db.c:4022 Guest user session validation failed for guest1. Index provided is out of range..
    I'm running a WLC 5508 with 7.0.98.0 and have read through all of the release notes, error code references, etc., and don't see anything regarding this issue.
    The WCS screenshot shows a good example of how often this occurs!  Is the client actually re-associating with the AP (which in turn would require a web reauth)?  Not sure if I'm barking up the wrong tree - focusing on web auth when I may actually need to be focusing on AP association...
    I do have a TAC case opened up, but was wondering if anyone has experienced this before?
    Sorry for the rambling...

    Rene,
    I did several things and at least one of them seemed to resolve the issue:
    These notes are directly from my TAC case and I will try to provide a little more information [in brackets].
    1.       Upgrade WLC to 7.0.98.218 [self explanatory]
    2.       Upgrade WCS to 7.0.172.0 [current version, as of this note]
    3.       Increase DHCP scope time on ASA from default (30 minutes) to 4
    days [DHCP running external from the WLC]
    4.       Remove TKIP from the WLAN - only allow AES [had both configured but tech advised to only use AES]
    5.       Increased session timeout from 14400 seconds to 64800 seconds
    (4 hours to 18 hours) [don't think this helped resolve the issue, but it certainly was more convenient for our longer-term guests]
    I think that the TKIP and/or DHCP setting was integral as part of the resolution.  I upgraded the WLC because the version that I was running didn't have the web-auth debug option, so I'm not sure that that actually contributed to the resolution.
    Good Luck,
    Rob.

  • Cisco WLC 5508 simultaneous Web Auth Users logins?

    Hi there,
    We have 2 WLC5508 (7.2.111.3) with several SSID's.
    One of them is configured as Passthrough with an external splash server. Works fine.
    Now we want to use the "On MAC Filter failure".
    If the client MAC-adresse is configured under MAC Filtering on the WLC, the authentication is done without WebAuth.
    If MAC-adress is not known, the client will be redirect to the external WebAuth server for authentication.
    To keep the Passthrough functionality for the user, we hardcoded an username&password in the splash-page.
    So, every client WebAuth uses the same username&password for authentication against the WLC.
    User Login Policies is set to unlimited.
    So far so good, it seems to work, but I have read, that Cisco 5500 controllers supports only 150 simultaneous Web Auth Users logins.
    The two WLC's have abount 100-170 clients connected.
    Question:
    - Will these be an issue with the 150 simultaneous logins, despited when usin only one user for all Wifi-clients?
    - Can the user WebAuth be done with a Cisco ISE like Passthrough, no username&password should be entered by the user.
      If yes, some guide information wolud be great.
    - When successfully authenticated, a logout screen shows on the Windows client. Can this be hidden some how?
    Thanks for the answers ;-)
    Kind regards,
    Norbert

    Question:
    - Will these be an issue with the 150 simultaneous logins, despited when usin only one user for all Wifi-clients?
    > I believe this means at the same time... I have clients doing the same thing with hundreds or more of guest users
    - Can the user WebAuth be done with a Cisco ISE like Passthrough, no username&password should be entered by the user.
      If yes, some guide information would be great.
    > ISE is really used to login with a username and password and to be able to profile.  You would need to ask that on the Security forum to get their input if this is something then would do or just leave it on the WLC
    - When successfully authenticated, a logout screen shows on the Windows client. Can this be hidden some how?
    > Not really... some machines with popup blocker does block this and you don't see the logout, but you can't remove this.
    Thanks,
    Scott
    *****Help out other by using the rating system and marking answered questions as "Answered"*****

  • Wlc 5508 : guest users to be configured only give access for internal SAP application

    Hi,
    I have one new requirement with one of the client.
    I have wlc 5508 with 6.0 firmware. I need to have one guest wlan which will have access only for internal SAP application.
    I have gone through cisco document for internet guest users , where web page will be redirected with user name and password once it is authenticated , we can access internet.
    Provided if we have access list configured in wlc ...  for internet access only /
    what about this mentioned scenario ?
    can anybody suggest on the same ?

    Hi Vinod,
    Go for the ACL on any Router or the switch.. i prefer not on the WLC..
    http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml
    Here is the link as well to do it on the WLC
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807810d1.shtml
    Lemme know if this answered ur question..
    Regards
    Surendra

  • WLC 5508 And Third Party SSL for Web Authenticaiton

    Hello,
    We are using WLC 5508 and currently the authentication process is via Customized WebAuth. As you know that with the WebAuth the authentication process won't work unless you launch Web Browser and you will be redirected to the Authentication Page where you type your username and password. This is a bit fuzzy for most of the users and what I'm thinking is to use different authentication mechanism where the user will automatically be prompted upon connecting to any SSID. I have read that Public/Thrid Party certificate will do this and any client can accept the public certificate.
    Anyone can elaborate on this approach?
    Regards, 

    With machines that are not part of the domain, typicall if you still want to secure them usin 802.1x, you would leverage a radius server and users would be told of the SSID to connect to and enter their AD credentials.  Of course, if you use AD credentials, users will now join all their other devices to that SSID. This is where ISE comes in and you can profile devices. Even though the WLC with v7.6 can profile, it's not a full fledge profiler.  Depending on how well you know radius, you can leverage a portal page also and depending on the AD group a user is a member of, you can out them is a specific Vlan or if you leverage interface groups.  You can do many things, but you need to really know radius and client types to figure out what can and work well in your environment. Radius alone to someone who hasn't played with it, can take days to setup without help. 
    Every client I setup radius for is different and it comes down to how their users are setup in AD, what devices they have and the requirements. 
    Scott

  • Web authentication different user same client

    Hi,
    We are currently building a guest WLAN. The authentication works with LDAP via web authentication. Users can log on via smartphones and Windows laptops. Now we have a little problem with the Windows laptops, discovered in the testing phase. When user A is successful logon to the laptop through web authentication and then log off the laptop. User B can simply work under the same credentials of user A, without problems. This is not desirable, another user must then log in to the laptop with own credentials.
    The WLC 5508 remember the client MAC address, not the user.
    Any tips?
    Thank you!

    When the user logs off the session remains active on the WLC.
    We have the "User Idle Timeout" set on 100000 sec. Unchecked the "Enable Session Timeout". This to logout users after a certain time via a time trigger. Guests 24 hours, students half year, staff 1 year. (If the WLC not often need to restart).
    For non domain devices this is not a problem, since users are not dependent on the Windows domain then.
    How can we debug users, lets say user A en B on one laptop?

  • Web Authentication on HTTP Instead of HTTPS in WLC 5700 and WS-C3650-48PD (IOS XE)

    Hello,
    I have configured a Guest SSID with web authentication (captive portal).
    wlan XXXXXXX 2 Guest
     aaa-override
     client vlan YYYYYYYYY
     no exclusionlist
     ip access-group ACL-Usuarios-WIFI
     ip flow monitor wireless-avc-basic input
     ip flow monitor wireless-avc-basic output
     mobility anchor 10.181.8.219
     no security wpa
     no security wpa akm dot1x
     no security wpa wpa2
     no security wpa wpa2 ciphers aes
     security web-auth
     security web-auth parameter-map global
     session-timeout 65535
     no shutdown
    The configuration of webauth parameter map  is :
    service-template webauth-global-inactive
     inactivity-timer 3600 
    service-template DEFAULT_CRITICAL_VOICE_TEMPLATE
     voice vlan
    parameter-map type webauth global
     type webauth
     virtual-ip ipv4 1.1.1.1
     redirect on-success http://www.google.es
    I need to  login on web authentication on HTTP instead of HTTPS.
    If I  login on HTTP, I will not receive certificate alerts that prevent the users connections.
    I saw how to configure it with 7.x relesae but I have IOS XE Version 03.03.05SE and I don´t know how to configure it.
    Web Authentication on HTTP Instead of HTTPS
    You can login on web authentication on HTTP instead of HTTPS. If you login on HTTP, you do not receive certificate alerts.
    For earlier than WLC Release 7.2 code, you must disable HTTPS management of the WLC and leave HTTP management. However, this only allows the web management of the WLC over HTTP.
    For WLC Release 7.2 code, use the config network web-auth secureweb disable command to disable. This only disables HTTPS for the web authentication and not the management. Note that this requires a reboot of the controller !
    On WLC Release 7.3 and later code, you can enable/disable HTTPS for WebAuth only via GUI and CLI.
    Can anyone tell me how to configure web authentication on HTTP instead of HTTPS with IOS XE?
    Thanks in advance.
    Regards.

    The documentation doesn't provide very clear direction, does it?
    To download the WLC's default webauth page, browse to the controller's Security > Web Login Page. Make sure the web authentication type is Internal (Default). Hit the Preview button. Then use your browser's File > Save As... menu item to save the HTML into a file. Edit this to your liking and bundle it and any graphics images up into a TAR archive, then upload via the controller's COMMAND page.

Maybe you are looking for

  • Cannot uninstall, update, or open Adobe Reader 9.3.1

    I am running Windows XP 32-bit.  I recently updated to Adobe Reader X and want to uninstall Adobe Reader 9.3.1, but cannot. I have tried uninstalling using Add/Remove Programs, I have tried updating to 9.3.2 by downloading the appropriate update file

  • My nano wont come up on iTunes or my computer

    I just got my nano yesterday and i plug it into my computer and it shows up and downloads the software that came on the CD that came with it. However now it wont show up anywhere. I have looked through the Forums and everyone seems to be saying "oh u

  • How can I make my bookmarks appear on the left like they did in much older versions? I don't like the "new look".

    I've been using Firefox since it was Firebird. I like the way my bookmarks appeared on the left, but I *HATE* the way they look in newer versions. On my own machine, they still look like they did before, even tho I've upgraded to 22. But on other mac

  • ALV: Right Button Click and Context Menu

    Hi Experts, I have to implement an ALV which should act on a right button click and show a context menu. Is this possible? I found only events for "on_double_click" or "on_link_click" and is it possible to show a context menu? Thanks in advanced. Bes

  • Download trial version Acrobat Pro 9

    Hi Tryng to download trial version Acrobat Pro 9 with no success - download manager instantly registers an error with no further information.  How hard can it be? Yes, I've been through the download help link... Cheers...