Wireless guest-net IP before login

Similar Messages

• Wireless active and connected before login

  Hi,
  I have been trying to get wireless connected before I login into my Mac in order to be autheticated by Active Directory.
  As the MAC didn't come with an integrated LAN port i am only able to use the wireless connection.
  Thank you

  I'm trying to figure this out as well. I may have another step in the solution for you.
  In the network preference pane of system preferences click on Airport on the left.
  Click Advanced...
  Click on 802.1x at the top.
  Click the plus sign and then click Add Login Window Profile.
  This should allow you to create a 802.1x profile that will pre-authenticate with your Directory Service. (I'm working with Active Directory) I have left the username and password blank in the profile so that the user will be the one authenticating.
  My problem now is that it seems to pre-authenticate 802.1x for me but it says that the server's certificate is invalid. If I set 802.1x up for an individual user I can 'Always Trust' the certificate but I don't know how to do it at login.
  I'm testing this on a MacBook running 10.5.6

• Wireless Guest Net

  We are running a 4400 - Version 4.2.176 for our guest network.
  My question is Does the Web authentication/Login  page have to
  be  secure https? Can it be http? 

  Hi,
  I would say it is possible, I found an idea here:
  If you have HTTPS enabled on the controller the webauth login page  should use SSL.  Just go under Management - HTTP and make sure you have  HTTPS enabled.  If you don't have it enable the webauth page would not  be encrypted.
  From:
  https://supportforums.cisco.com/message/3121202#3121202
  regards,
  Sebastian

• HT4772 Is there a way to connect to 802.1X wirelessly before login?

  Users need to query AD before login but can not do so because it can't connect to the network until you've logged in.

  It depends on your wireless infrastructure. I have done this with a lion server running radius with Airport basestations.
  The key is setting up pre-shared keys between the basestations and the laptops. If you have Airports and a lion server I would look into the radius set-up.
  Otherwise I would look into pre-sharing keys with your existing wireless infrastructure.
  Ben

• Automatic connection to wireless before login?

  Hi all,
  Can anyone tell me how to make my Mac Mini (old PowerPC version) connect to a wireless network at startup, before the user is required to log in? It is running OS X 10.5.8 with a standard configuration.
  I have tried playing with the network settings, but it does not seem to associate itself with the wireless network until after a user account has logged in. (Once I do log in, though, wireless association happens quickly and normally.)
  Any ideas?
  Thanks!
  - Essd

  Ugh! I was hoping to avoid having to do some UNIX hacking, but since no one else has piped up, I figured out a semi-reasonable way to do it.
  In /Library/LaunchDaemons, create a file called "com.example.airport.plist" and place the following in it:
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/
  PropertyList-1.0.dtd">
  <plist version="1.0">
  <dict>
  <key>Debug</key>
  <false/>
  <key>Label</key>
  <string>com.example.airport</string>
  <key>KeepAlive</key>
  <false/>
  <key>ProgramArguments</key>
  <array>
  <string>/Users/YOURUSERNAMEHERE/bin/join-wifi.sh</string>
  </array>
  <key>RunAtLoad</key>
  <true/>
  </dict>
  </plist>
  This tells it to run the script /Users/YOURUSERNAMEHERE/bin/join-wifi.sh at start-up. Obviously, replace YOURUSERNAMEHERE with your OS X username so that this corresponds to a folder off your home directory.
  Then, in your home directory, make sure that you have a "bin" folder for storing scripts. Create a file therein called join-wifi.sh that contains this:
  #!/bin/bash
  networksetup -setairportpower en1 on
  networksetup -setairportnetwork en1 your-network-name-goes-here 'your-WPA-key-goes-here'
  In this last file, replace the your-network-name-goes-here with the name of the wireless network, and replace your-WPA-key-goes-here with your wireless network's password.
  The next time you reboot, it should join the wireless network automatically.
  That did it for me, but I sure wish there were a more elegant solution!
  - essd

• Unified wireless guest access

  Hi I need help in configuring unified wireless guest access. i have followed the guide
  http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob41dg/ch10GuAc.html#wp999843.
  But the problem is it still does not work. what i dont get is that the interface for the Guest SSID for the foreign controller is management, does this mean that i have to get an IP address first from the management segment before i can get an IP from the anchor WLC?
  my setup is that i have an anchor controller which is on a different LAN from where my foreign WLC is. the anchor WLC has the DHCP scope and the local net user database. I have already join the two WLC to each other's mobility group. also i have configured the mobility anchor on the WLAN(SSID) of the foreign controller.
  Another thing is that the AP im trying to use is on a different site from where my controller is. Im not sure if this is the one causing problem.
  Can someone help point out my mistake.

  Its rare that I have a difference in opinion from both of you guys but let me share with you an issue I had.
  If you map the foreign controller to the management interface and the tunnel breaks for whatever reason the clients will get dumped on the management interface, even though the WLAN is anchored to the DMZ controller.
  I know this becuase I seen this for my self when I had anchor issues.
  I opened a tac case and it was suggested to use a "dummy interface" on the foreign controller. I forget who I spoke to, this is over a year now. But I then followed up witha Cisco SE on the Advance Wireless team and he commented this is what they do as well. And to add further, a large hospital system here in the Tex Med center had Cisco advance team install their controllers and they too had dummy interfaces for the foreign controllers for guest.
  Just my 2 cents ... Add a dummy interface call he dummy_guest_interface and tie it to 222.222.222.222 or something like ... no need to add anything on the wired.

• Win 7/Z580: Black screen on boot up, before login screen?

  Win 7/Z580: Black screen on boot up, before login screen?
  =======================================
  I find some interesting posting in this forum. Thanks for keeping this forum to help windows/Lenovo community. I like to pick up the brain of this forum to resolve the black screen issue. I am not sure, whether it caused by virus. I use Microsoft Security Essentials. I am not able to run this in command prompt.
  I started my laptop this morning & login screen showed up. Once I entered my login credentials, I heard the sound that usually plays once a login is successful, but I ended up with a black screen. After this occurred, I had to hold down the power button to manually shut down the computer. Once I started it up again, I was prompted to do a system repair, which eventually ended up with all successful outcomes, but I now have a black screen with a cursor before the login screen now. I have no idea what caused this to happen. My laptop is a Lenovo Ideapad Model Z580 (500 GB HD, 6GB RAM).
  I am not able to get into safe mode or any other mode, which all leads to a black screen described above. I am able to use the "Repair Your computer" tools after pressing F8 during booting only . All other options leads to Black screen with cursor in the middle
  Last Known Good Configuration leads to same
  Enable Low Resolution Video (640x480) leads to same My Z580 is not responding to CTRL+ALT+DEL Windows Logo keys as well.
  **** I tried SAFE Mode. It loaded couple of drivers and paused at CLASSPNP.SYS load. It went to Black screen with cursor at center.
  I am able to invoke control pannel from Command prompt of working PC by typing control.
  Z580 PC is not responding to control from command prompt (under Repair Your computer)  either.
  Z580 is able to use the "Repair Your computer" tools after pressing F8 during booting .
  Under local user login it provided Start Repair option. As I pick this option, I got the following. Problem signature
  Startup repair offline
  1 - 6.1.7600.16385
  2 -
  6.1.7600.16385
  3 - unknown
  4 - 21200332
  5 - autofailover
  6 -
  4
  7 - NoRootCause
  os v - 6.1.7600.2.1.0.2561
  locale id – 1033
  Under Admin user login, it provided system recovery options. It is not picking up the recovery point created a while ago.
  Windows Memory Diagnostics is not launching and shows a black screen without cursor.
  I am able to get into command prompt. I tried the following there.
  I am not able to run cmd as admin
  I reviewed the past posting of this forum on this subject.
  Windows 7 boots to an unresponsive black screen with mouse cursor...
  System File Checker: Run sfc /scannow & analyze its logs in Windows 7 / 8
  Windows Resource Protection could not start the repair service
  How to analyze the log file entries that the Microsoft Windows Resource Checker (SFC.exe) program generates in Windows Vista
  Force SFC to Run in Windows 7
  Windows Resource Protection found corrupt files but was unable to fix some of them
  SFC /SCANNOW showed up
  "Windows Resource Protection could not start the repair service
  I did "net start trustedinstaller"
  "Windows Resource Protection detected pending repair restart the computer"
  I ran repair options using sfc /scannow /offbootdir=x:\ /offwindir=D:\windows
  and got "Windows Resource Protection found corrupt files but was unable to fix some of them "
  I did findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >sfcdetails.txt I will be glad to attach the zip file that contain CBS.LOG & [SR] tag extract (xxx.txt).
  I did not any find ERRORS there, SFC ended with message saying "found corrupt files but was unable to fix some of them" . It is misleading. There is no [SR] tag pointing to corrupt files. Does SFC through false positive like this?
  I ran chkdsk. ResultsFile verification completed.
  0 bad file records processed.
  0 EA records processed.
  CHKDSK is verifying indexes (stage 2 of 5)...
  Index verification completed.
  0 unindexed files scanned.
  0 unindexed files recovered.
  Windows has checked the file system and found no problems.
  0 KB in bad sectors.
  Failed to transfer logged messages to the event log with status 50.
  It is puzzling me.
  Thanks for helping.

  I tried these steps 8/7/2015. I ran chkdsk. Results for D:\
  File verification completed.
  0 bad file records processed.
  0 EA records processed.
  CHKDSK is verifying indexes (stage 2 of 5)...
  Index verification completed.
  0 unindexed files scanned.
  0 unindexed files recovered.
  Windows has checked the file system and found no problems.
  0 KB in bad sectors.
  Failed to transfer logged messages to the event log with status 50.
  Updated on 8/7
  ============
  Here are my HDD config:
  Volume ### Ltr Label Fs Type Status Info
  Volume 0 F WDO_Media64 UDF DVD- Healthy
  Volume 1 C NTFS Partition Healthy
  Volume 2 D Windows7_OS NTFS Partition Healthy
  Volume 3 E LENOVO NTFS Partition Healthy
  Volume 4 G FAT Removable Healthy
  Volume 5 LENOVO_PART NTFS Partition Healthy Hidden
  I ran CHKDSK /F /X for C, D, E. All resluted to "Windows has checked the file system and found no problems."
  F8 ===> Repair Computer===> Command Prompt ===> Works OK
  F8 ===> Repair Computer===> Start up Repair ==> Results into "Startup repair could not detect a problem"
  F8 ===> Repair Computer===> System Restore ===> "No restore points has been created on yout computer system drive"
  F8 ===> Repair Computer===> System Image Recovery ===> "Windows cannot find a system impage on this computer"
  F8 ===> Repair Computer===> windows Memory Diagnostiyics ===> "Black screen with Cursor in the middle"
  After getting into Command prompt
  I run net user
  User accounts for \\
  Administrator Guest
  The command completed with one or more errors
  It did not list other users in my laptop. I do not know why? I tried under F8 ===> Repair Computer===> Command Prompt ===> Works OK
  Here is the result:
  - Boot with Last Known Good Configuration (F8 menu) ===> Black screen with cursor in the middle
  - Restore to a prior date (System Restore) - System Restore ====> Already reported in previous reply
  - Try a clean startup Troubleshoot Application Conflicts by Performing a Clean Startup results in
  Clean Start up
  D:\Windows\System32>runas /user:administrator msconfig
  Enter the password for administrator:
  Attempting to start msconfig as user "MININT-84TH5FG\administrator" ...
  RUNAS ERROR: Unable to run - msconfig
  1060: The specified service does not exist as an installed service.
  - Try loading defaults in BIOS - F2 ==> f9 ==> f10 ===> Black screen with cursor in the middle
  Check if explorer.exe is running and start from CTRL+ALT+DEL (task manager - new task) ===> CTRL+ALT+DEL not responding
   Is anybody in this forum point me to fix? Thanks for looking into this issue. 

• Wireless guest access

  Hi Guys, I have a wireless requirement from a customer and the customer is looking for the below: 1. Wireless guest access that requires user to input email into the captive portal. But the email address must be verified that it contains certain selected domain names (e.g. example.com or example.org). Any other domain names will be rejected. 2. Customer is looking to add their own logo and change the formatting of the captive portal. Questions: 1. For email verification, does this feature come straight from the WLC standalone box or must ISE be purchased? 2. If the WLC is able to do this without ISE, any online guides that is able to do this? 3. For security reasons, am I able to limit the number of concurrent users using this captive portal? 4. How do a configure the age-out for each connected users after they have successfully logged into the captive portal? 5. Can I customize the captive portal page on the WLC and how do I go about doing it?

  Hi Mohanak,
  It looks like the formatting ran out. Anyway, not sure if we are on the right topic here but let me get this straight. Customer has a Cisco 2504 Wireless LAN Controller. So, they would like to achieve the below features:
  1. Wireless guest access that requires user to input email into the captive portal. But the email address must be verified that it contains certain selected domain names (e.g. example.com or example.org). Any other domain names will be rejected.
  2. Customer is looking to add their own logo and change the formatting of the captive portal.
  So, some of the questions I have are:
  Questions:
  1. There is a configuration on the WLC that allows guest users to login using email verification only. Does this feature come straight from the WLC standalone box or must ISE be purchased.
  2. If the WLC is able to do this without ISE, is the WLC able to check if the inputted field is a valid email? And can I configure in such a way a particular domain is allowed? (e.g. example.com is permitted but example.org and anything else is reject).
  3. For security reasons, am I able to limit the number of concurrent users using this captive portal?
  4. How do a configure the age-out for each connected users after they have successfully logged into the captive portal?
  5. Can I customize the captive portal page on the WLC and how do I go about doing it?

• Wireless Guest Tracking

  I am looking for how to track the number of wireless guest users that have used wireless during a month. I see the enterprise guest management options but that is real overkill in this situation because I only have two 1200 series autonomous APs that we want to track guest usage on.

  If you are on the technical side of things you could modify the piece of code that I wrote for a WLC to create guest accounts.  I am currently working on logging of the users that are created with this code.  Then you could simply add up the users and and have date and times.  Find the code here: https://sourceforge.net/projects/simple-swag/   The original intention of the code was a simple way for administrators to provide simple Lobby Ambassidor like function to a simple web interface and then provide customized guest user instruction page.  In the background it uses ssh to talk to the controller and setup the account. Its written in PHP so feel free to try your hand at it.

• Wireless Guest in UC 540

  Hello,
  I would like to add a wireless guest to a UC 540
  A couple of questions, how can I point DHCP to guest ?
  I need a route to the public gateway ?
  Need assistance with an ACL
  Thanks  for any help
  Thuis is what I am planning to add:
  dot11 ssid guest
  vlan 99
  authentication open
  authentication key-management wpa
  wpa-psk ascii 0 porkguest
  interface Dot11Radio0/5/0.99
  encapsulation dot1Q 1 native
  bridge-group 99
  bridge-group 99 subscriber-loop-control
  bridge-group 99 spanning-disabled
  bridge-group 99 block-unknown-source
  no bridge-group 99 source-learning
  no bridge-group 99 unicast-flooding
  interface Dot11Radio0/5/0
  no ip address
  encryption vlan 99 mode ciphers aes-ccm
  ssid guest
  interface Vlan99
  ip address
  bridge-group 99
  ip route 192.168.99.0 new gateway
  ip dhcp excluded-address 192.168.99.1 192.168.99.3
  ip dhcp pool guest
     network 192.168.99.0 255.255.255.0
     dns-server 8.8.8.8 4.2.2.2
     no domain-name

  Just came back from a 6-week holiday in Europe.  I'm actually surprised how "well known" the Cisco brand is (not!).  For example, we went to Venice and stayed in the island of Lido.  It'a big, big hotel but when I looked up there was this big and ugly Zyxel wifi router.  This wifi router was servicing around 25 metres length and both sides of the hall.
  If you want to keep it low-cost, the cheapest I can think of is Cisco 1130 which you can get from Cisco Refurbished Equipment BU.
  However, before you go and consider this, I would seriously look at your internet bandwidth.  0.6 Mbps is not a nice speed to do anything.  Trust me, I know because I used to have 256 kbps UL/32 kbps DL home internet and it was a pain.
  What I'm saying is, maybe spending money on the wireless is not going to help because your internet speed is slow.  You'll get more complaints from guest about slow internet speeds than the lack of wireless.

• Wireless Guest Users once authenticated, are able to connect again after disconnection

                     Wireless Guest Users once authenticated, are able to connect again after disconnection .Clients should not able to connect after the restart or by disabling and enabling the WIFI adapter. But as of now clients are connecting to network . How we can configure this feature in WLC ?

  IIRC, if your reboot, disable the adapter or disconnect from the wireless, as long as the session timer or the idle timer does not timeout, then you are still considered as authenticated. If you logout, the wlc logs you off and you will have to log back in. The wierd thing is with iPhones or iPads, they go to sleep mode and you have to log back in to access the guest network. The workaround was to increase the idle timers to a certain acceptable limit to prevent this from happening.
  If you disconnect from the guest SSID and leave your client off the network until the idle timer expires, do you get prompted for a login or do you have access again?
  Sent from Cisco Technical Support iPhone App

• Does WAP4410N support Wireless Guest access solution?

  Does the Linksys AP (WAP4410N) support Wireless Guest access solution?

  Hi - I've got a WAP4410N which I'd like to use to provide wireless guest access, and I've had a look through the configuration pages and manual, and understand:
  1) I've got to add a virtual SSID (although I'd like to know where the DHCP settings are as I don't believe the WAP4410N has DHCP capabilities)
  2) I need to ensure that traffic can't hop across the multiple SSIDs
  What I'd like to know is whether the WAP4410N can be set up to display a terms and conditions page which users have to "OK" or whether it can host a login page that can be administered by someone to allow access - kind of like hotels use to ensure that not everyone can automatically connect?  I don't mind if there has to be a secondary piece of software hosted on a server someone, but I'd like to prevent people from being able to automatically connect straight to our connection and would also like to limit them in some way, at very least the bandwidth that the connection allows, at best the sites they can visit too.
  Any thoughts greatly appreciated,
    Andy

• SA 540 and DMZ Issue for Wireless Guest Access

  I have hooked up a Wireless AP into the Optional Port setup as DMZ on the SA 540.  My goal is to provide internet access to wireless guest users without giving them access to the entire LAN.     The internet access for the wireless guest users is painfully slow.   It takes 5 minutes to access Google.   Has anybody else had issues with slowness.    I am able to successfully ping websites and retrieve their IP address, but it won't connect to any websites via web browsers.   Just to humor myself,  I configured firewall rules to allow DMZ full access to the LAN and WAN.   I am still having the same results.   Any thoughts and suggestions?

  Hi,
  I'm not the one with the AP problem, I just have the same issue with the DMZ port. I think you have to forget about the whole AP issue here since the problem is with the DMZ port on the SA500.
  I have my Web and Mail server set up on the DMZ port, I can ping and resolve Domain names to the outside world, but trying to reach anything with a browser takes foreeever. On, eg. www.apple.com I just get a few lines from their web page (so there is a connection) and then it halts to a stop (takes about 5 min).
  I also tried to move my laptop to the DMZ, just to make sure there is no problem with the server, and it has the same issue.
  To summarize, I have about 16 Mb connection on my LAN and on my DMZ i can't even load a full web page.
  Firmware 1.0.39
  BTW, when I upgraded the firmware it wiped my configuration, but it kept my firewall rules in place, even though they weren't shown in the Firewall table. e.g. I could still access my DMZ from my LAN. I had to hard reset the router from the hardware reset button on the router before that changed and the router was completely reset.

• Restrict Wireless Guest Internet Access

  I am implementing a wireless guest solution for Internet access. I would like to restrict these users to Internet access only. I undestand the concept of configuring a seperate vlan for them but how can I restrict them to Internet only. I also have remote campuses that I would like to setup as well. I have an ASA 5520 for my firewall and am using metro ethernet from the main campus to the remote campuses. Thanks for any help.

  Hello,
  I have found the simplest way of doing this is to apply an access list to the radio sub-interface for the vsitor vlan.
  Set the access-list to allow any dhcp requests, deny any to a private network and permit any.
  You could do it back at the ASA but there is a chance of the traffic getting onto the network first.
  HTH.
  Andy.

• ISE 1.2 and Posture Report Before Login

  Hi everyone,
  Is it possible for the ISE 1.2 NAC/Posture agent to submit a posture report before user login on a Windows desktop system?
  We're trialling ISE 1.2, performing machine based authentication using EAP-TLS/Certificates. On top of this we are also using the posture agent and do not grant access until a 'compliant' posture report is received.
  Currently when a desktop powers up the posture status is 'pending' and this does not change until the user logs in, the NAC agent submits a successful posture report. This can take quite a few minutes leaving the user in a state of limbo where they have logged in to the computer but they must wait for the posture report.
  I see the NacAgent service runs as system, but the NACAgentUI.exe does not and only starts with the user logs in.
  Thanks,
  Mark

  That is correct, the nac agent is unaware of what policies exist in your ISE design. It's sole purpose is to start when the services allow it to do so and then send the information about the services and AV information it can gather so ISE can make a decision on whether the client is compliant or not compliant, it can then take direction on how to remeidate the client when it fails. There is nothing you can configure from ISE that will allow you to run the nac agent before user login.
  In the end when the nac agent makes into the anyconnect secure mobility client you might have hope there since there are some start before login vpn features, but I do not see the nac agent adopting this any time soon. You should however still work with your Cisco Account team on doing some research with the BU on your behalf, this could benefit alot of nac customers.
  thanks,
  Tarik Admani
  *Please rate helpful posts*