WLC 2504, guest user life time
Hi ,
Cant we create a guest user login with more than 30 days lifetime? In the lifetime field we can enter maximum 99 but it only allows up to 30
any idea?
Thanks.
Hi, no the limit is 30days if the user is created in the WLC.
Info from the user guide = Range: 5 minutes to 30 days
You'd configure a longer lifetime if you use the WCS/NCS.
If you configure 90 days via the WCS/NCS you also see on the WLC 30days but the WCS/NCS will update this unitil the 90days are over.
Kind regards,
Ron
Similar Messages
-
I have a system that I'm trying to tie into WLC (4.1 / 4.2) for wireless guest access. I would like to make it so that when someone creates an account in a registration system I can do a snmpset command to create the person an account on the WLC for wireless access. I have found the OID (.1.3.6.1.4.1.14179.2.5.10.1.1) but am unsure as to how to actually create an entry. Does anyone happen to have an example they can send my way as to how to create a guest user using snmp?
Thanks!Okay so i honesty I got a lot of help from Brad Hanson on this, but to summarise....
-In Local Users are stored in the WLC.
-Once created the timer starts to tick, regards if the user is logged on or not.
-The Local Users can be listed by polling the OID positions:
.1.3.6.1.4.1.14179.2.5.10.1.1 (username)
.1.3.6.1.4.1.14179.2.5.10.1.2 (WLAN)
.1.3.6.1.4.1.14179.2.5.10.1.3 (password)
.1.3.6.1.4.1.14179.2.5.10.1.4 (description)
.1.3.6.1.4.1.14179.2.5.10.1.5 (time left) (100's of seconds)
Example command: snmpwalk -c READSTRING -C c IPADDRESS 1.3.6.1.4.1.14179.2.5.10.1
-The OID positions are unique by extending the OID using the ASCII value of the username specified and the number of characters in that user name
Example User 'Test' is 4 characters long and made up of ASCII 84 = T, 101 = e, 115 = s, 116 = t.
Therefore 'time left' for Test would be OID + ID = .1.3.6.1.4.1.14179.2.5.10.1.5.4.84.101.115.116
-When making a new account remotely user must construct the users name out of ASCII, count the number of characters and in a single SNMP commands set the first five parameters of the new account.
Example. Makes an account called 'z'.
snmpset -c WRITESTRING IPADDRESS .1.3.6.1.4.1.14179.2.5.10.1.24.1.122 i 4 .1.3.6.1.4.1.14179.2.5.10.1.1.1.122 s "z" .1.3.6.1.4.1.14179.2.5.10.1.2.1.122 i 5 .1.3.6.1.4.1.14179.2.5.10.1.3.1.122 s "z" .1.3.6.1.4.1.14179.2.5.10.1.4.1.122 s "maybe" .1.3.6.1.4.1.14179.2.5.10.1.4.1.122 s "z1" .1.3.6.1.4.1.14179.2.5.10.1.5.1.122 i 86400
Spot the '.24' OID is always set to integer 4… this asks the WLC to create a new account and the rest of the parameters are to follow.
-Once the new account is created the you must force it to a Guest Account by setting guest option to integer 1.
Example for user 'z' snmpset -c WRITESTRING IPADDRESS .1.3.6.1.4.1.9.9.515.2.3.1.1.2.1.122 i 1
-NB. Minimum time allowed to be set is 6000 = 60 seconds.
-To delete account OID '.24' to integer 6
Example for user 'z' snmpset -c WRITESTRING IPADDRESS .1.3.6.1.4.1.14179.2.5.10.1.24.1.122 i 6 -
Can't Enable File Sharing for Guest Users on Time Capsule
Hey all,
My roommate has a time capsule that is capable of using a guest network, which my other roommate and I use to connect to the Internet. I have a Mac Mini, Mac Pro, iPhone, iPad, all of which cannot currently communicate with each other due to being on the "guest network."
I have seen instructions for enabling the "allow guest users to communicate with each other" option, but have loaded the roommate's Airport Utility and it does not have that option. He's running OS X 10.7 and has Airport Utility 6.1. There are options to configure the guest network, but nothing about enabling sharing between computers on the guest network.
See:
http://news.goldenweb.it/article.php?l=en&id=27203&group_dir=comp&grouplist=comp .sys.mac&group=comp.sys.mac.comm
This article seems to suggest the option is not even available anymore, which seems very odd to me. Any ideas? Thank you for your help!AirPort Utility 5.6 for Mac OS X Lion
-
Wlc 5508 : guest users to be configured only give access for internal SAP application
Hi,
I have one new requirement with one of the client.
I have wlc 5508 with 6.0 firmware. I need to have one guest wlan which will have access only for internal SAP application.
I have gone through cisco document for internet guest users , where web page will be redirected with user name and password once it is authenticated , we can access internet.
Provided if we have access list configured in wlc ... for internet access only /
what about this mentioned scenario ?
can anybody suggest on the same ?Hi Vinod,
Go for the ACL on any Router or the switch.. i prefer not on the WLC..
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml
Here is the link as well to do it on the WLC
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807810d1.shtml
Lemme know if this answered ur question..
Regards
Surendra -
WLC 2504 Guest Wifi login Page
Hi
Need some help. I have setup guest access on the controller and this is not working at the moment.
DHCP server setup on the controller for the Guest users.
You are able to connect (get ip address from controller) and the browser gets redirected to 1.1.1.1 but then page can not be displayed instead of the login page.
Need to know how to fix this.
Regards
ChrisGeorge:
Thank you for the ratiing.
For this issue, they are getting the web-page and after providing the credentials it is redirecting to the original page.
If there is no DNS available so how the host will resolve the URL IP in order to open the web-page?
This is why I suggested to check DNS.
From the link I posted above I quote:
...........The next step in the process is DNS resolution of the URL in the web browser. When a WLAN client connects to a WLAN configured for web authentication, the client obtains an IP address from the DHCP server. The user opens a web browser and enters a website address. The client then performs the DNS resolution to obtain the IP address of the website. Now, when the client tries to reach the website, the WLC intercepts the HTTP Get session of the client and redirects the user to the web authentication login page.Therefore, ensure that the client is able to perform DNS resolution for the redirection to work. On Windows, choose Start > Run, enter CMD in order to open a command window, and do a “nslookup www.cisco.com" and see if the IP address comes back. ........
If you are using a URL for the virutal interface then lack of DNS will not show you the credentials page at the first place.
If no URL for virutal interface and you get auth page but after entering the credentials it does not successfully redirect one of the main reasons is DNS problem.
You can still comment on this if you see it not accurate.
Regards,
Amjad -
Hi
Need some help. I have setup guest access on the controller and this is not working at the moment.
DHCP server setup on the controller for the Guest users.
You are able to connect (get ip address from controller) and the browser gets redirected to 1.1.1.1 but then page can not be displayed instead of the login page.
Need to know how to fix this.
Regards
ChrisHi,
Is the WLC connected to a Cisco Switch or 3rd party switch ?
For trouble shooting purposes if you disable security are the wireless clients able to go out to the internet ?
If you are workign with VLANS or different subnet on the WLC have you configured the switch with a trunk port and set the same native vlan or untagged vlan as the WLC and make sure that the guest vlan from the switch is able to go out to the internet ? -
Can't access Guest User on Macbook Air
I use the guest user from time to time for presentations. When I now attempt to log as a guest user, I get the message "computer will restart to secure a safari-only guest network." It does not load a desktop. It only allows safari and all other applications are not there. I am not sure if this was after the install of OS X Yosemite 10.10.2. Please advise.
Are you using Apple's Mail program?
Troubleshooting Apple Mail
What does Mail/Window/Connection Doctor Show? If the server is red, select it and look at the Show Details box.
Troubleshooting sending and receiving email messages -
Guest users in WLC are not logged out after pre defined time.
Hi,
My customer wants to create guest users in wireless lan controller. We were successfully able to create that and it worked . But the problem is that to access the internet the users have to change the "proxy server" settings on the internet explorer. As a result the guest users are not logged out automatically after the pre defined amount of time. We enabled " by pass proxy server " settings in internet explorer also, unfortunately it didnt work too.
If we disable the proxy settings in internet explorer customers were logged out, but the problem is that once the customer log in he will change the proxy settings in internet explorer to browse net but wont get disconnect unless and untill he manually change the proxy settings in the internet explorer.
Is there any other way to solve this issue? Can any one provide any alternative solution if possible.
Regards,
BibinCan you explain how your proxy server has anything to do with your wireless access duration?
Does you proxy server have the logic that stops the internet access after a period of time? If so, I assume you turn proxy off in order to web-authenticate? If so, then you just need to tell the browser to not proxy for the virtual IP address of the WLC. You'll never get redirected to the webauth page if you don't send a https request to it (as if, your browser is sending it the IP of your proxy server). -
Cisco WLC 2504 and ways to authenticate users
Hi All,
What is the ways to make user authenticate to WLC 2504 and what is the best and simple way and what is the differences btw each method _i mean for example need radius server or something else to be exist_ ?
and any one can give me case study for this issue
System consist of Cisco 2504 and Cisco LAP 1140
ThanksTo implement radius based authentication is the best practice for the small & enterprise environment.
Information About RADIUS
Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol that provides centralized security for users attempting to gain management access to a network. It serves as a backend database similar to local and TACACS+ and provides authentication and accounting services:
•Authentication—The process of verifying users when they attempt to log into the controller.
Users must enter a valid username and password in order for the controller to authenticate users to the RADIUS server. If multiple databases are configured, you can specify the sequence in which the backend database must be tired.
•Accounting—The process of recording user actions and changes.
Whenever a user successfully executes an action, the RADIUS accounting server logs the changed attributes, the user ID of the person who made the change, the remote host where the user is logged in, the date and time when the command was executed, the authorization level of the user, and a description of the action performed and the values provided. If the RADIUS accounting server becomes unreachable, users are able to continue their sessions uninterrupted.
RADIUS uses User Datagram Protocol (UDP) for its transport. It maintains a database and listens on UDP port 1812 for incoming authentication requests and UDP port 1813 for incoming accounting requests. The controller, which requires access control, acts as the client and requests AAA services from the server. The traffic between the controller and the server is encrypted by an algorithm defined in the protocol and a shared secret key configured on both devices.
You can configure multiple RADIUS accounting and authentication servers.For example, you may want to have one central RADIUS authentication server but several RADIUS accounting servers in different regions. If you configure multiple servers of the same type and the first one fails or becomes unreachable, the controller automatically tries the second one, then the third one if necessary, and so on.
For more Information : http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_security_sol.html#wp2149947 -
WLC 2504 - French characters for guest web login page
Good day,
I have recently installed a WLC 2504 and I have the following issue:
When I modify the text for the web login page (Under security/Web Auth/Web Auth page), if I use french caracters such as (é, è, à, etc...) in the message body, it does not show up correctly on users computers. As we're a bilingual country, I must put a bilingual text message. Are there any settings or workaround out there to rectify this?
We're on version 7.2.103.0
Thanks,
EricThanks Scott, I'll have a look at the documentation.
Right after sending this post, I tried typing the actual HTML code for the character instead and it seems to be working. I'm curious about custom webauth page, we may be able to customize it more than we thought we could do.
Cheers,
Eric -
Cisco WLC 5508 with 3702APs - mobile hotspot for 2000 Guest users
Cisco WLC 5508 with 3702APs - mobile hotspot for 2000 Guest users
I've been given a fantastic "opportunity" by my boss to use our existing wireless infrastructure to provide internet access to potentially upto 2000 VIP guests arriving with BYOD devices, in a very densely populated area for a 3 day event. We are talking an area of approx 200m x 15m. Think of it as an awards ceremony/concert. The solution will also be mobile so we will be using internet breakout from different telcos as it will move to approx 20 countries. The area is also incredibly densely populated with other wifi APs. I did a brief site survey and AirMagnet could detect over 2500 other 'rogue' APs from where I was stood! I hope CleanAir works!
We need a simple authentication method for them to connect with zero admin from our side. We don't want to just offer up a rolling daily PSK as that's a bit amateur and we don't really want the VIP guests sharing the PSK with others during their stay. Ideally they could self-provision by providing an email address.
I know the WLC can handle webauth for local users but I don't think it scales very well. ie I don't think I can offer the account to several hundred people.
Cisco ISE looks a very expansive (and expensive) product but I don't think we need all it's capabilities (do I?). It would be nice to just ask a potential user for their email address and grant them access and email them next year. I've seen Cisco NAC but that looks over the top too for just guest users who will only be accessing a shared internet connection.
I've seen 3rd party supposed software solutions from Kiosk Antamedia etc do they work with Cisco Enterprise WLC solutions?
We'd like to limit users to a certain (low) bandwidth and block (say) torrent traffic to keep the general user experience worthwhile.
Does anybody have any case study documents or experience of such a project? As well as the authentication it's how well the APs will handle the dense potential number of clients trying to connect in such a confined space.
Any suggestions would be gratefully appreciated from the knowledgeable community.
Cheers,
MikeHi Rasika,
We are having WLC 5508 model with software version running 7.4.121.0. AP Models are AIR-CAP2602I.
Normally our WAN links are good even while the issue pertains. We are connected to remote offices over ipsec site to site vpn for WAN. The link latency in WLC between the AP and the controller shows <1ms.
currently the Guest network is using WPA2-PSK auth given in the controller. we are trying to find a option to make the Guest wireless auth local to the office, and see if this solves the problem.
any suggestions,
Thank you,
Arjun -
Guest wireless with WLC 2504, Catalyst 4510R+E and ASA 5510
I need to add guest (internet only) wireless to our existing internal wireless and am looking for advice as to the best practice configuration. Existing infrastructure as follows:
WLC 2504
1142 LAPs
4510R+E
ASA 5510
Existing configuration as follows:
WLC management interface and APs addressed on the 192.168.126.0 /25 network
Internal WLAN mapped to the management interface
Management interface VLAN ID 0 (untagged) and dynamic AP management enabled
WLC port 1 (only) connected to 4510 via trunk with native VLAN set to 7 and allowed VLAN set to 7
4510 connected to ASA inside interface (security level 100)
Switchport on 4510 connected to ASA configured as switchport access VLAN 99 (our internet VLAN)
ASA inside interface NOT configured for subinterfaces and is addressed on the 192.168.121.0 /25 network
What is the best way to add guest wireless to our existing configuration?
Note: I need the guest wireless to be filtered by Websense as our internal wireless is
Any advice would be greatly appreciated!Thank for the reply Scott. The configuration recommendations from Yahya did not work. I set up as he recommended and also added a dhcp scope on the wlc. Client gets dhcp but cannot even ping the wlc much less anything else. Yahya stated above to configure port 2 on the wlc to an access port on my 4510. Aren't all connections from the wlc supposed to be trunk links to the switch? Shouldn't I just leave the management interface on the wlc untagged and add a dynamic interface for each wlan and tag it with the approriate vlan id? And then leave the (one) physical connection on the wlc (port 1) connected to a trunk link on the 4510 that allows the required vlans?
Any input would be greatly appreciated...
JW -
Prime Infra: Add guest user to all WLC's
Hi all,
I have prime infra 2 running, with 2 WLC's v7.4
1 WLC has all the AP's, the other one sits in the same mobility group in case the first one fails (it has no joind AP's when acting as standby).
When I create a guest user in Prime Infra, it only gets created on the WLC with the AP's joined.
So WLC1 has the AP's WLC2 has none -> I create a guest user and it is added to WLC1
I do a failover, WLC1 has no AP's WLC2 has all the AP's, I create a new guest user, it is added only to WLC2
Is there a way that I can add a guest user, and it adds it to the 2 WLC's?
Thanks in advance!Did you install the application in /Applications? If so, then it's available to all users on that machine and they can add it to their Dock, or you can login to each account and add it to their Dock.
When creating new accounts, the template used is the one you get when you first create an account on a new Mac, and that was specified by Apple.
Mulder
If my answer helped solve your problem, please consider awarding some points. Why Reward Points?
iMac G4 700Mhz Mac OS X (10.3.9) -
WLC 2500 and WCCP for Wireless Guest Users
Hi there
I would like to redirect web traffic from WLANs on a Wireless LAN Controller 2500 to a proxy server in a remote site. I'm using ironport proxy server and Cisco 3560 Layer 3 switch. Basically current scenario is:
Wireless Guest Users get authenticated by web-auth through Access Point 3501 HREAP configured. Guest client gets an IP address on VLAN 100 in remote site. Once they connect to VLAN 100, I want all web traffic to be redirected to the proxy server. I know PAC file may be the easier solution however our guest clients want seamless solution for internet. I am not sure whether WCCP is supported for this.
You advice will be highly appreciated.
RegardsFor guest wireless traffic redirect to proxy server
https://supportforums.cisco.com/thread/2126486 -
Hi, after I re-boot the display showed an additional prompt of "Guest User" which I am not to change to main designated user.
Even in Guest User unable to activate n proceed. Help please.When posting in Apple Communties/Forums/Message Boards.......It would help us to know which Mac model you have, which OS & version you're using, how much RAM, etc. You can have this info displayed on the bottom of every post by completing your system profile and filling in the information asked for.
CLICKY CLICK---> https://discussions.apple.com/docs/DOC-3602
CLICKY CLICK-----> Help us to help you on these forums
***This will help in providing you with the proper and/or correct solutions.***
Maybe you are looking for
-
Hook up more than one iPod?
My sisters' computer was broken and she needs more music on her iPod. Is she able to hook up her iPod to my computer and with out deleting my music on iTunes? iBook G4
-
Hi All, We have to create users in our Netweaver, which will be used for login in MII. Currently we are creating one by one. But, is there any way to upload the user list from excel ? Kindly guide us on the same. Thanks, Aravinth
-
SPRUNConversion and historic conversion
Hi All, e are using the SPRUNCONVERSION stored procedure for the historic conversion. We assign an historic currency rate to each single entity but when the SPRUNCONVERSION runs it converts only at the currency rate of the default entity. It works in
-
I'm getting an extra line break after any line that is using the stylesheet? The BR tag works fine if that line isn't using a tag from the stylesheet, but when it does, it produces an extra line. To see what I mean, open a blank flash movie and paste
-
Cannot install new version of itunes, cannot remove old version
cannot install new version of itunes, cannot remove old version