WCS Guest access account creation - options
Hi,
I'm looking in to different options for creating guest access accounts and need some help. I'm new to the product and bascially have been asked if there are any other options that the Web GUI to create account. We would like trigger the creation of an account using work flow. Saw that there are We services availble with NAC but not sure how the products relate
It's a new setup - so assume the latest verion of WCS is being used.
Thanks
Alex
couple of thoughts as I'm going through the process of setting up guest access right now.
1) use RADIUS and maintain the accounts through a RADIUS solution that provides the UI you desire.
2) another thread somewhere here pointed to http://sourceforge.net/projects/simple-swag/ which is a web-based user account creator.
3) use an external authentication page and perform the auth there.
we don't require guests to have accounts but we do limit when it is available at our various locations.
Similar Messages
-
Scheduling WCS Guest User Accounts
Hi all,
I am question concerning scheduling WCS guest user accounts. I would appreciate having opportunity to schedule WCS guest account as a lobby ambassador. I know it is possible to do that but only in case that you allow (as administrator) for the user "lobby ambassador" set up "lifetime" to unlimited. If you set up a limited lifetime in "Defaults for creating Guest User accounts", the lobby ambassador is not able to schedule WCS guest account because this options is missing.
Is it possible to do that without this restriction?
The second issue is the email which consists of the guest user account credentials. Each time the scheduled time comes up, the guest user account credentials are emailed to the specified email address.
Is it possible to send the credentials right after creating the guest user account and not when the scheduled time comes up which can be a week later?
JozefNo this should not be done because, the credentials are pushed by WCS to the controller only when the time comes.
Once the WLC confirms the user is created, then WCS goes ahead and send you the credentials.
Technically this could be added to WCS, it would be a PERs : Personnal Enhancement Request to be filed from your System Engineer, Account / Sales team -
Hello,all.
I would like to ask about Guest Access account lifetime on Prime Infrastructure.
As my customer said, When you create Guest account on one by one ,you can set the account lifetime for 364 days. however, when you create it by using CSV file, you can set it only for 35weeks.
is it correct?Step 7 Choose limited or unlimited.
•Limited—From the drop-down list, choose days, hours, or minutes for the lifetime of this guest user account. The maximum is 35 weeks.
–Start time—Date and time when the guest user account begins.
–End time—Date and time when the guest user account expires.
•Unlimited—This user account never expires.
•Days of the week—Select the check box for the days of the week that apply to this guest user account.
refer
http://www.cisco.com/c/en/us/td/docs/wireless/prime_infrastructure/1-3/configuration/guide/pi_13_cg/manag.html -
Guest Access - Easy creation of Guest-Vouchers
Hi
I have previous used WCS together with my WLC 2504 to create guest-users.
Employees in the corporation can through their AD-Credentials log into WCS, and create guest users for the Wifi-Network.
The WCS solution for creation guest users is however to complicated and many users choose to call our helpdesk insted of self-service. Other users create guest accounts and set them to never-expire, I then manually have to clean up in the never-expire accounts later..
We have 20 departments arround the contry, some bigger than others and therefore we don't have an reception in every department. Every employee should therefore be able to create guest-accounts themselves.
I've tried to use "Captive Portal" by Pfsense but it just issue a lot of vouchers there need to be printed and distributed to the departments, its a kind old-fashion.
The optimal solution would be a internal website where employees can log into. Here they could type their guests mobilephone number, and a 8 hour voucher wold be send by sms. Easy and end-user friendly.
Another solution could be a website that create an 8 our voucher with one-click and then print the voucher (insted of sms)
In WCS the users have to choose add-user - profile - controller list - expire time - etc etc before the login is created...
Can anyone recommend a good solution for this, not to expensive. We don't got guest that often.
Best Regards, Steffen.ISE have rich Guest management features built in to it. ISE guest services enable you to provide secure network access to guests such as visitors, contractors, consultants, and customers.Cisco ISE provides web-based and mobile portals to provide on-boarding for guests (and even employees) to your company’s network and internal resources and services.
From the Admin portal, you can create and edit guest and sponsor portals, configure guest access privileges by defining their guest type, and assign sponsor privileges for creating and managing guest accounts.
Check the following link for more information
http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_01111.html -
Our current wirleess infrastructure consist of a WCS/WLC and AP's.
We currently have guest access and use the lobby ambassdor feature on the WCS .The Guest users are currentlty created manually by the lobby ambassdor manually
There was request that came internally to automate the entire process and reduces the time required to create the guest users .
Our requirement would be to create a set of 50 users with random password created by the WCS and then push this credentials to the WLC's .
Our lobby ambassdor would take print out of these user/password details and put in an envelope and give out to the guest users when requested.
The users list will only be valid for a day and for the next day we create another set of 50 users .
The credentials should only be active for 3 hours from the time they log in which means if a user logins at 9 AM he session should only be active for 3 hours.
Iam looking at insights on how we can acheive the same using WCS or any third paty guest access applications or i can also look at developing my own application with some kind of an API that can talk with WCS.
TIA
Sandeep/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}
Nicolas - You are right, all my requirements can be met by the NAC Guest server . I had been going through the documentation of this product for the past few days.
Couple of thoughts that came into my mind is that all the features that i was looking at is all software based , it has no dependency on hardware .
Since we already use WCS for lobby ambassador, why did Cisco not integrate the same features on WCS and went and put it in the NAC .
I agree there is a strong correlation between NAC and Guest access But Iam not able to justify in getting a new product /Hardware for doing advanced Guest access .
We bought the WCS primarily for the Guest access and guest account management and controller management was secondary .
I don't understand Cisco strategy as to putting pieces of the same feature in multiple devices and customer having to purchase different hardware for the different features of the same technology.
I understand that this is not a forum to comment but just thought of penning down my views .However i will have a talk with the Cisco SE on the same.
Thanks for your help- Regards -
WLC/WCS Guest Access and Audit trail
I am currently using WLC version 4.2.112.0 and WCS version 5.0.56.2 and am looking for a way to keep an audit trail for assigned Guests rather than for the LobbyAdministrator creation and deletion of accouts...is this a feature of the WCS?
I know that i could use AD and use accounting portion of AAA of the radius server but is this function available on the WCS?@Jacobt777 Thank you so much. Your solution took me about two seconds and the problem is fixed.
Should have checked this forum an hour ago when I was about ready to throw the phone against the wall, but i love my iphone too much. -
Lobby Ambassador - WCS Logging of Guest Account Creation
Hello all,
If I am user "admin-ken" and I setup an guest user account "guestuser1" via the WCS controller templates > Guest User (which takes me into lobby ambassador), is there a log file that indicates that "admin-ken" had setup "guestuser1" guest account?
Many thx indeed,
Kind regards,
KenHiKen,
Hope all is well :)
Maybe this is what you are looking for;
Logging the Lobby Ambassador Activities
The following activities are logged for each lobby ambassador account:
â¢Lobby ambassador login: WCS logs the authentication operation results for all users.
â¢Guest user creation: When a lobby ambassador creates a guest user account, WCS logs the guest user name.
â¢Guest user deletion: When a lobby ambassador deletes the guest user account, WCS logs the deleted guest user name.
â¢Account updates: WCS logs the details of any updates made to the guest user account. For example, increasing the life time.
Follow these steps to view the lobby ambassador activities.
Note You must have superuser status to open this window.
Step 1 Log into the Navigator or WCS user interface as an administrator.
Step 2 Click Administration > AAA, then click Groups in the left sidebar menu to display the All Groups window.
Step 3 On the All Groups windows, click the Audit Trail icon for the lobby ambassador account you want to view. The Audit Trail window for the lobby ambassador displays.
This window enables you to view a list of lobby ambassador activities over time.
â¢User: User login name
â¢Operation: Type of operation audited
â¢Time: Time operation was audited
â¢Status: Success or failure
Step 4 To clear the audit trail, choose Clear Audit Trail from the Select a command drop-down menu and click GO.
http://www.cisco.com/en/US/docs/wireless/wcs/4.2/configuration/guide/wcsmanag.html#wp1076868
http://www.cisco.com/en/US/docs/wireless/technology/guest_access/technical/reference/4.1/GAccess_41.html#wp1001609
Hope this helps!
Rob -
Disabling the unlimited Lifetime option in Cisco WCS Guest User Creation
Is there a way to disable the unlimited Lifetime option in Cisco WCS Guest User Add/Schedule tab.If i make those fields uneditable, it just takes out the option to schedule any meetings in future.Using Cisco WCS version 7.0.220.0.
i'm also searching for an solution to disable the unlimited lifetime button for the Lobby Ambassador.
could it that Cisco introduces this maybe a future release?
couldn't be that there are only few people who are disappointed with this solution.
My Customer is thinking now that cisco isn't the right solution for him. -
Problem when WCS creates user guest access on the WLCs
Hello,
In my Wireless network, I have two appliances WLC 5508 running version 7.0.116.0.
I have a WCS running version 7.0.172.0, deployed on a windows 2003 server.
I've imported the two WLCs in my WCS in order to centralize the monitoring and the configuration tasks.
Now I'm facing an issue when I want to create a guest user from the WCS, rather than creating this user access on each WLC.
The creation of the user account is working good, the replication is done on the both WLCs, but on one of my WLC the guest user account is deleted after one hour(around).
On the second WLC, the same user account remains during all its life time.
In attachment a screen shot of the advanced parameter of the guest user.
You can see that the user was created on the both WLC but is only active on one ... and unfortunately the wrong because the AP is associated with the other WLC.
Any idea about this issue?
By advance thanks.Thank you for sharing the info. I am glad that your issue is now fixed
Sent from Cisco Technical Support iPad App -
Hello All,
I am encountering an issue in which I find only when guest accounts are created by sponsor through the sponsor portal, guess access is granted. If I manually add guest account in the same guest role via the administrative UI, instead of guest access authz profile is hit, ISE goes through supplicant provisioning flow. I know that I do have enable self provisioning flow but why would it kick in for guest user created by admin? I see many bugs dealing with guest portal flows but failed in finding one exactly matching to my senario. Any insight is greatly appreciated. version 1.2.
FadiYou can create and manage guest user accounts to provide temporary network access for guests. If you have numerous guest user accounts whose account information is stored in an external database, you can import this information to expedite the account creation process.
Please Check the below guide for user’s creations:
http://www.cisco.com/en/US/docs/security/ise/1.1/sponsor_guide/ise_sponsor_chp2.html -
Can't remove wcs guest account if account has expired on wlc
Hi. I am running wcs 4.1.91.0. I'm using Lobby Ambassoador functionality. I've found that if you create a guest acount using wcs with a limited lifetime, then after that lifetime period, you cannot delete the guest account from wcs as the account has already expired on the wlc. You get no error message in wcs -it just shows a JavaVoid error message at the bottom of the browser. I'm assuming wcs is trying to delete the account from the wlc but cant because the account is no longer on the wlc. Has this been resolved in a later version of wcs yet??
Here is the URL Cisco Guest Access Using the Cisco Wireless LAN Controller follow the configuration guide it will help you manage the guest account in WLC :
http://www.cisco.com/en/US/docs/wireless/technology/guest_access/technical/reference/4.1/GAccess_41.html#wp1001402 -
ISE Guest Email Notification (Guest account creation)
When a guest user creates an account in ISE, it sends a system generated email with the username/password. It says "Welcome to the Guest Portal, your username ise xxx and password is yyy." Is there anywhere in ISE (1.2) to change this text, especially the name 'Guest Portal'? I thought it was in language templates > Configure Miscellaneous Items > Portal Name. But I changed this to the portal name, and it was not reflected in the email. Thanks.
Josh,
Right now, it's pretty limited. Here is the template to be used for formatting the email notifications:
E-Mail Notification Template
The following is an example of the login information for the body of an e-mail in an English language template:
Welcome to the Guest Portal, your username is $username$ and password is $password$
The $username$ and $password$ strings will be replaced with the username and password values from the Guest User account.
In the e-mail body, you can use special variables to provide the details for the created guest account. When using these variables, you must use all uppercase or all lowercase letters, and you cannot mix them. For example, the string for username can be either $USERNAME$ or $username%, but it cannot be $UserName$.
You can use these variables in the e-mail notification template:
•$USERNAME$ = The username created for the guest.
•$PASSWORD$ = The password created for the guest.
•$STARTTIME$ = The time from which the guest account will be valid.
•$ENDTIME$ = The time at which the guest account will expire.
•$FIRSTNAME$ = The first name of the guest.
•$LASTNAME$ = The last name of the guest.
•$EMAIL$ = The e-mail address of the guest.
•$TIMEZONE$ = The time zone of the user.
•$MOBILENUMBER$ = The mobile number of the guest.
•$OPTION1$ = Optional field for editing.
•$OPTION2$ = Optional field for editing.
•$OPTION3$ = Optional field for editing.
•$OPTION4$ = Optional field for editing.
•$OPTION5$ = Optional field for editing.
•$DURATION$ = Duration of time for which the account will be valid.
•$RESTRICTEDWINDOW$ = The time window during which the guest is not allowed to log in.
•$TIMEPROFILE$ = The name of the time profile assigned.
This dicument is found here:
http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_custom_portals.html#wp1015657
ISE v1.3 should have some improvements and quite possibly some HTML tags.
Charles Moreton -
ISE guest access - can't match on Optional Data fields
Hi all
I need to have 2 different types of guest users that will get different level of access with DACL / Airspace ACL
I thought that best way to do that is simply matching one of optional data fields you can setup in Sponsor Portal
Unfortunately as soon as I reference Optional Data field in Authorization rule I get no match. Can't also match on username which would not help anyway.
getting redirected, login, getting redirected again etc.......
This is affecting both wireless and wired.
As soon as I remove that additonal condition from authz rule guest access works fine - getting redirected, log in, surf the internet.
Is this is bug with ISE that you can't match guest optional data fields?Hi evnafets,
You were right. How silly I am didnt see that small thing- but STILL PROBLEM IS UNSOLVED.
[ore]
java.sql.SQLException: [Microsoft][ODBC Microsoft
Access Driver] Missing ), ], o
r Item in query expression 'Post_Date LIKE
to_date('04-06-2005',' dd/MM/yyyy''.
Like it says, you have a missing ")" character
rs=stmt.executeQuery("SELECT Name FROM
NoticeBoardTable WHERE Post_Date LIKE to_date('"+
date_str+"', 'dd/MM/yyyy' <--HERE NEED A CLOSING
BRACKET ");
When I did this it said to_date function is not available that because Ms-access doesn't have this function. Then I just changed the query to:-
rs=stmt.executeQuery("SELECT Name FROM NoticeBoardTable WHERE Post_Date LIKE "+ date_sql ); . Although it didnt generate any exception, but dont show any record.
But even better would be to use a prepared
statement.
String sql = "SELECT Name FROM NoticeBoardTable
WHERE Post_Date LIKE ?";
PreparedStatement stmt = con.prepareStatement(sql);
stmt.setDate(1, date_sql);
ResultSet rs = stmt.executeQuery();
I had prepared statement in my final servlet, I made this one just to check why its not working on dates. Also on your advice I changed it to prepared statement. It runs fine but didn't show any record with date 04-06-2005 although I have it in my database (not generating any exception).
I print the sql date throuht servlet just to check , its showing 2005-06-04. May be its formate problem.
Thanks
Regards -
How to create guest access in wireless by WISM and WCS and ACS?
dear sir
i neeed to know the steps of how we can make guest access to our network like hotels by using our WISM v 7.0.220 and wireless control system and ACS ?You need to define your requirements a little bit. The WLC can do WebAuth and an employee can access either the WLC or WCS to put in the username and password credentials, but you would need to figure out what's best for you.
Here is a support doc that you can reference.
https://supportforums.cisco.com/docs/DOC-13954
Sent from Cisco Technical Support iPhone App -
CPI 1.2 WLAN Guest Access, multiple account
Hello All
Is it possible with the CPI 1.2 built-in WLAN guest access functionality to create a WLAN guest account that can simultaneously by severall users?
Or if that is the normal behaviour, is it possible to restrict one guest user to one computer?
Thanks,
PatrickTo answer my own question, this is done under:
Configure - Templates - Controller Template Launch Pad (if you are working with templates), then Security - User Login Policies and here it's the setting "Maximum Number of Concurrent Logins for a single user name". Set it to 0 for unlimited times the same username.
Sadly that means that I can not restrict it per guest user, but only global.
Maybe you are looking for
-
Email in gmail doesn't show up in mac mail app
I was looking for a specific email and searched the mail app by date and keywords and couldn't find it. Then I went to gmail on chrome and searched for it using the same keywords and found it. Why doesn't it show up in the mail app?
-
It seemed to me as a common problem with Inspector..
..what I wanted to do is to synchronize an image file with an mp3 file and upload it to youtube. I've managed to export the file as a quicktime .mov file, but there were pops and clicks in the audio. After some searching I've found a possible solutio
-
Prevent editing of a PDF file saved/exported from Preview?
I would like to create a PDF file that is viewable without a password but should not be editable either in Preview or any other software. What is happening now? I created a PDF file by placing rectangle boxes on confidential info as shown below. I sa
-
Workshop 6 Bug with STLport hash_map operator []
Using hash_map<string, string>:operator[] in a debug build crashes; in release, it doesn't. This must be a compiler bug, yes? Here's how to reproduce it. <PRE> [valhalla:~/test] $ cat t.c #include <string> #include <hash_map> using namespace std; mai
-
Hi I have a Nikon D810 and Lightroom 4, I cannot import RAW pictures
How can i import Nikon D810 Raw in Lightroom 4