WLC 2504, guest user life time

                   Hi ,
                    Cant we create a guest user login with more than 30 days lifetime? In the lifetime field we can enter maximum 99 but it only allows up to 30
                        any idea?
                    Thanks.

Hi, no the limit is 30days if the user is created in the WLC.
Info from the user guide = Range: 5 minutes to 30 days
You'd configure a longer lifetime if you use the WCS/NCS.
If you configure 90 days via the WCS/NCS you also see on the WLC 30days but the WCS/NCS will update this unitil the 90days are over.
Kind regards,
Ron

Similar Messages

  • WLC SNMP Guest User Creation

    I have a system that I'm trying to tie into WLC (4.1 / 4.2) for wireless guest access. I would like to make it so that when someone creates an account in a registration system I can do a snmpset command to create the person an account on the WLC for wireless access. I have found the OID (.1.3.6.1.4.1.14179.2.5.10.1.1) but am unsure as to how to actually create an entry. Does anyone happen to have an example they can send my way as to how to create a guest user using snmp?
    Thanks!

    Okay so i honesty I got a lot of help from Brad Hanson on this, but to summarise....
    -In Local Users are stored in the WLC.
    -Once created the timer starts to tick, regards if the user is logged on or not.
    -The Local Users can be listed by polling the OID positions:
    .1.3.6.1.4.1.14179.2.5.10.1.1 (username)
    .1.3.6.1.4.1.14179.2.5.10.1.2 (WLAN)
    .1.3.6.1.4.1.14179.2.5.10.1.3 (password)
    .1.3.6.1.4.1.14179.2.5.10.1.4 (description)
    .1.3.6.1.4.1.14179.2.5.10.1.5 (time left)  (100's of seconds)
    Example command: snmpwalk -c READSTRING -C c IPADDRESS  1.3.6.1.4.1.14179.2.5.10.1
    -The OID positions are unique by extending the OID using the ASCII value of the username specified and the number of characters in that user name
    Example User 'Test' is 4 characters long and made up of ASCII 84 = T, 101 = e, 115 = s, 116 = t.
    Therefore 'time left' for Test would be OID + ID = .1.3.6.1.4.1.14179.2.5.10.1.5.4.84.101.115.116
    -When making a new account remotely user must construct the users name out of ASCII, count the number of characters and in a single SNMP commands set the first five parameters of the new account.
    Example. Makes an account called 'z'.
    snmpset -c WRITESTRING IPADDRESS .1.3.6.1.4.1.14179.2.5.10.1.24.1.122 i 4  .1.3.6.1.4.1.14179.2.5.10.1.1.1.122  s "z"  .1.3.6.1.4.1.14179.2.5.10.1.2.1.122 i 5 .1.3.6.1.4.1.14179.2.5.10.1.3.1.122 s "z"  .1.3.6.1.4.1.14179.2.5.10.1.4.1.122 s "maybe" .1.3.6.1.4.1.14179.2.5.10.1.4.1.122 s  "z1" .1.3.6.1.4.1.14179.2.5.10.1.5.1.122 i 86400
    Spot the '.24' OID is always set to integer 4… this asks the WLC to create a new account and the rest of the parameters are to follow.
    -Once the new account is created the you must force it to a Guest Account by setting guest option to integer 1.
    Example for user 'z'  snmpset -c WRITESTRING IPADDRESS .1.3.6.1.4.1.9.9.515.2.3.1.1.2.1.122 i 1
    -NB. Minimum time allowed to be set is 6000 = 60 seconds.
    -To delete account OID '.24' to integer 6
    Example for user 'z' snmpset -c WRITESTRING IPADDRESS  .1.3.6.1.4.1.14179.2.5.10.1.24.1.122 i 6

  • Can't Enable File Sharing for Guest Users on Time Capsule

    Hey all,
    My roommate has a time capsule that is capable of using a guest network, which my other roommate and I use to connect to the Internet. I have a Mac Mini, Mac Pro, iPhone, iPad, all of which cannot currently communicate with each other due to being on the "guest network."
    I have seen instructions for enabling the "allow guest users to communicate with each other" option, but have loaded the roommate's Airport Utility and it does not have that option. He's running OS X 10.7 and has Airport Utility 6.1. There are options to configure the guest network, but nothing about enabling sharing between computers on the guest network.
    See:
    http://news.goldenweb.it/article.php?l=en&id=27203&group_dir=comp&grouplist=comp .sys.mac&group=comp.sys.mac.comm
    This article seems to suggest the option is not even available anymore, which seems very odd to me. Any ideas? Thank you for your help!

    AirPort Utility 5.6 for Mac OS X Lion

  • Wlc 5508 : guest users to be configured only give access for internal SAP application

    Hi,
    I have one new requirement with one of the client.
    I have wlc 5508 with 6.0 firmware. I need to have one guest wlan which will have access only for internal SAP application.
    I have gone through cisco document for internet guest users , where web page will be redirected with user name and password once it is authenticated , we can access internet.
    Provided if we have access list configured in wlc ...  for internet access only /
    what about this mentioned scenario ?
    can anybody suggest on the same ?

    Hi Vinod,
    Go for the ACL on any Router or the switch.. i prefer not on the WLC..
    http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml
    Here is the link as well to do it on the WLC
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807810d1.shtml
    Lemme know if this answered ur question..
    Regards
    Surendra

  • WLC 2504 Guest Wifi login Page

    Hi
    Need some help. I have setup guest access on the controller and this is not working at the moment.
    DHCP server setup on the controller for the Guest users.
    You are able to connect (get ip address from controller) and the browser gets redirected to 1.1.1.1 but then page can not be displayed instead of the login page.
    Need to know how to fix this.
    Regards
    Chris

    George:
    Thank you for the ratiing.
    For this issue, they are getting the web-page and after providing the credentials it is redirecting to the original page.
    If there is no DNS available so how the host will resolve the URL IP in order to open the web-page?
    This is why I suggested to check DNS.
    From the link I posted above I quote:
    ...........The next step in the process is DNS  resolution of the URL in the web browser. When a WLAN client connects to  a WLAN configured for web authentication, the client obtains an IP  address from the DHCP server. The user opens a web browser and enters a  website address. The client then performs the DNS resolution to obtain  the IP address of the website. Now, when the client tries to reach the  website, the WLC intercepts the HTTP Get session of the client and  redirects the user to the web authentication login page.Therefore, ensure that the client is able to perform DNS resolution for the redirection to work. On Windows, choose Start > Run, enter CMD in order to open a command window, and do a “nslookup www.cisco.com" and see if the IP address comes back. ........
    If you are using a URL for the virutal interface then lack of DNS will not show you the credentials page at the first place.
    If no URL for virutal interface and you get auth page but after entering the credentials it does not successfully redirect one of the main reasons is DNS problem.
    You can still comment on this if you see it not accurate.
    Regards,
    Amjad

  • WLC 2504 Guest Wifi

    Hi
    Need some help. I have setup guest access on the controller and this is not working at the moment.
    DHCP server setup on the controller for the Guest users.
    You are able to connect (get ip address from controller) and the browser gets redirected to 1.1.1.1 but then page can not be displayed instead of the login page.
    Need to know how to fix this.
    Regards
    Chris

    Hi,
    Is the WLC connected to a Cisco Switch or 3rd party switch ?
    For trouble shooting purposes if you disable security are the wireless clients able to go out to the internet ?
    If you are workign with VLANS or different subnet on the WLC have you configured the switch with a trunk port and set the same native vlan or untagged vlan as the WLC and make sure that the guest vlan from the switch is able to go out to the internet ?

  • Can't access Guest User on Macbook Air

    I use the guest user from time to time for presentations. When I now attempt to log as a guest user, I get the message "computer will restart to secure a safari-only guest network." It does not load a desktop. It only allows safari and all other applications are not there. I am not sure if this was after the install of OS X Yosemite 10.10.2. Please advise.

    Are you using Apple's Mail program?
    Troubleshooting Apple Mail
    What does Mail/Window/Connection Doctor Show? If the server is red, select it and look at the Show Details box.
    Troubleshooting sending and receiving email messages

  • Guest users in WLC are not logged out after pre defined time.

    Hi,
      My customer wants to create guest users in wireless lan controller. We were successfully able to create that and it worked . But the problem is that to access the internet the users have to change the "proxy server" settings on the internet explorer. As a result the guest users are not logged out automatically after the pre defined amount of time. We enabled " by pass proxy server " settings in internet explorer also, unfortunately it didnt work too.
      If we disable the proxy settings in internet explorer customers were logged out, but the problem is that once the customer log in he will change the proxy settings in internet explorer to browse net  but wont get disconnect unless and untill he manually change the proxy settings in the internet explorer.
      Is there any other way to solve this issue? Can any one provide any alternative solution  if possible.
    Regards,
    Bibin

    Can you explain how your proxy server has anything to do with your wireless access duration?
    Does you proxy server have the logic that stops the internet access after a period of time? If so, I assume you turn proxy off in order to web-authenticate? If so, then you just need to tell the browser to not proxy for the virtual IP address of the WLC.   You'll never get redirected to the webauth page if you don't send a https request to it (as if, your browser is sending it the IP of your proxy server).

  • Cisco WLC 2504 and ways to authenticate users

    Hi All,
         What is the ways to make user authenticate to WLC 2504 and what is the best and simple way and what is the differences btw each method _i mean for example need radius server or something else to be exist_ ?
         and any one can give me case study for this issue
    System consist of Cisco 2504 and Cisco LAP 1140
    Thanks

    To implement radius based authentication is the best practice for the small & enterprise environment.
    Information About RADIUS
    Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol that provides centralized security for users attempting to gain management access to a network. It serves as a backend database similar to local and TACACS+ and provides authentication and accounting services:
    •Authentication—The process of verifying users when they attempt to log into the controller.
    Users must enter a valid username and password in order for the controller to authenticate users to the RADIUS server. If multiple databases are configured, you can specify the sequence in which the backend database must be tired.
    •Accounting—The process of recording user actions and changes.
    Whenever a user successfully executes an action, the RADIUS accounting server logs the changed attributes, the user ID of the person who made the change, the remote host where the user is logged in, the date and time when the command was executed, the authorization level of the user, and a description of the action performed and the values provided. If the RADIUS accounting server becomes unreachable, users are able to continue their sessions uninterrupted.
    RADIUS uses User Datagram Protocol (UDP) for its transport. It maintains a database and listens on UDP port 1812 for incoming authentication requests and UDP port 1813 for incoming accounting requests. The controller, which requires access control, acts as the client and requests AAA services from the server. The traffic between the controller and the server is encrypted by an algorithm defined in the protocol and a shared secret key configured on both devices.
    You can configure multiple RADIUS accounting and authentication servers.For example, you may want to have one central RADIUS authentication server but several RADIUS accounting servers in different regions. If you configure multiple servers of the same type and the first one fails or becomes unreachable, the controller automatically tries the second one, then the third one if necessary, and so on. 
    For more Information : http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_security_sol.html#wp2149947

  • WLC 2504 - French characters for guest web login page

    Good day,
    I have recently installed a WLC 2504 and I have the following issue:
    When I modify the text for the web login page (Under security/Web Auth/Web Auth page), if I use french caracters such as (é, è, à, etc...) in the message body, it does not show up correctly on users computers. As we're a bilingual country, I must put a bilingual text message. Are there any settings or workaround out there to rectify this?
    We're on version 7.2.103.0
    Thanks,
    Eric

    Thanks Scott, I'll have a look at the documentation.
    Right after sending this post, I tried typing the actual HTML code for the character instead and it seems to be working. I'm curious about custom webauth page, we may be able to customize it more than we thought we could do.
    Cheers,
    Eric

  • Cisco WLC 5508 with 3702APs - mobile hotspot for 2000 Guest users

    Cisco WLC 5508 with 3702APs - mobile hotspot for 2000 Guest users
    I've been given a fantastic "opportunity" by my boss to use our existing wireless infrastructure to provide internet access to potentially upto 2000 VIP guests arriving with BYOD devices, in a very densely populated area for a 3 day event. We are talking an area of approx 200m x 15m. Think of it as an awards ceremony/concert. The solution will also be mobile so we will be using internet breakout from different telcos as it will move to approx 20 countries. The area is also incredibly densely populated with other wifi APs. I did a brief site survey and AirMagnet could detect over 2500 other 'rogue' APs from where I was stood! I hope CleanAir works!
    We need a simple authentication method for them to connect with zero admin from our side. We don't want to just offer up a rolling daily PSK as that's a bit amateur and we don't really want the VIP guests sharing the PSK with others during their stay. Ideally they could self-provision by providing an email address.
    I know the WLC can handle webauth for local users but I don't think it scales very well. ie I don't think I can offer the account to several hundred people.
    Cisco ISE looks a very expansive (and expensive) product but I don't think we need all it's capabilities (do I?). It would be nice to just ask a potential user for their email address and grant them access and email them next year. I've seen Cisco NAC but that looks over the top too for just guest users who will only be accessing a shared internet connection.
    I've seen 3rd party supposed software solutions from Kiosk Antamedia etc do they work with Cisco Enterprise WLC solutions?
    We'd like to limit users to a certain (low) bandwidth and block (say) torrent traffic to keep the general user experience worthwhile.
    Does anybody have any case study documents or experience of such a project? As well as the authentication it's how well the APs will handle the dense potential number of clients trying to connect in such a confined space. 
    Any suggestions would be gratefully appreciated from the knowledgeable community.
    Cheers,
    Mike

    Hi Rasika,
    We are having WLC 5508 model with software version running 7.4.121.0. AP Models are AIR-CAP2602I.
    Normally our WAN links are good even while the issue pertains. We are connected to remote offices over ipsec site to site vpn for WAN. The link latency in WLC between the AP and the controller shows  <1ms.
    currently the Guest network is using WPA2-PSK auth given in the controller. we are trying to find a option to make the Guest wireless auth local to the office, and see if this solves the problem. 
    any suggestions,
    Thank you,
    Arjun

  • Guest wireless with WLC 2504, Catalyst 4510R+E and ASA 5510

    I need to add guest (internet only) wireless to our existing internal wireless and am looking for advice as to the best practice configuration. Existing infrastructure as follows:
    WLC 2504
    1142 LAPs
    4510R+E
    ASA 5510
    Existing configuration as follows:
    WLC management interface and APs addressed on the 192.168.126.0 /25 network
    Internal WLAN mapped to the management interface
    Management interface VLAN ID 0 (untagged) and dynamic AP management enabled
    WLC port 1 (only) connected to 4510 via trunk with native VLAN set to 7 and allowed VLAN set to 7
    4510 connected to ASA inside interface (security level 100)
    Switchport on 4510 connected to ASA configured as switchport access VLAN 99 (our internet VLAN)
    ASA inside interface NOT configured for subinterfaces and is addressed on the 192.168.121.0 /25 network
    What is the best way to add guest wireless to our existing configuration?
    Note: I need the guest wireless to be filtered by Websense as our internal wireless is
    Any advice would be greatly appreciated!

    Thank for the reply Scott. The configuration recommendations from Yahya did not work. I set up as he recommended and also added a dhcp scope on the wlc. Client gets dhcp but cannot even ping the wlc much less anything else. Yahya stated above to configure port 2 on the wlc to an access port on my 4510. Aren't all connections from the wlc supposed to be trunk links to the switch? Shouldn't I just leave the management interface on the wlc untagged and add a dynamic interface for each wlan and tag it with the approriate vlan id? And then leave the (one) physical connection on the wlc (port 1) connected to a trunk link on the 4510 that allows the required vlans?
    Any input would be greatly appreciated...
    JW

  • Prime Infra: Add guest user to all WLC's

    Hi all,
    I have prime infra 2 running, with 2 WLC's v7.4
    1  WLC has all the AP's, the other one sits in the same mobility group in case the first one fails (it has no joind AP's when acting as standby).
    When I create a guest user in Prime Infra, it only gets created on the WLC with the AP's joined.
    So WLC1 has the AP's WLC2 has none -> I create a guest user and it is added to WLC1
    I do a failover, WLC1 has no AP's WLC2 has all the AP's, I create a new guest user, it is added only to WLC2
    Is there a way that I can add a guest user, and it adds it to the 2 WLC's?
    Thanks in advance!

    Did you install the application in /Applications? If so, then it's available to all users on that machine and they can add it to their Dock, or you can login to each account and add it to their Dock.
    When creating new accounts, the template used is the one you get when you first create an account on a new Mac, and that was specified by Apple.
    Mulder
    If my answer helped solve your problem, please consider awarding some points. Why Reward Points?
    iMac G4 700Mhz   Mac OS X (10.3.9)  

  • WLC 2500 and WCCP for Wireless Guest Users

    Hi there
    I would like to redirect web traffic from WLANs on a Wireless LAN Controller 2500 to a proxy server in a remote site. I'm using ironport proxy server and Cisco 3560 Layer 3 switch. Basically current scenario is:
    Wireless Guest Users get authenticated by web-auth through Access Point 3501 HREAP configured. Guest client gets an IP address on VLAN 100 in remote site. Once they connect to VLAN 100, I want all web traffic to be redirected to the proxy server. I know PAC file may be the easier solution however our guest clients want seamless solution for internet. I am not sure whether WCCP is supported for this.               
    You advice will be highly appreciated.
    Regards

    For guest wireless traffic redirect to proxy server
    https://supportforums.cisco.com/thread/2126486

  • Hi, I am not able to log in after re-boot which appear with additional prompt of guest user for the first time.

    Hi, after I re-boot the display showed an additional prompt of "Guest User" which I am not to change to main designated user.
    Even in Guest User unable to activate n proceed.  Help please.

    When posting in Apple Communties/Forums/Message Boards.......It would help us to know which Mac model you have, which OS & version you're using, how much RAM, etc. You can have this info displayed on the bottom of every post by completing your system profile and filling in the information asked for.
    CLICKY CLICK---> https://discussions.apple.com/docs/DOC-3602
    CLICKY CLICK-----> Help us to help you on these forums
    ***This will help in providing you with the proper and/or correct solutions.***

Maybe you are looking for

  • Hook up more than one iPod?

    My sisters' computer was broken and she needs more music on her iPod. Is she able to hook up her iPod to my computer and with out deleting my music on iTunes? iBook G4    

  • User Creation in Netweaver

    Hi All, We have to create users in our Netweaver, which will be used for login in MII. Currently we are creating one by one. But, is there any way to upload the user list from excel ? Kindly guide us on the same. Thanks, Aravinth

  • SPRUNConversion and historic conversion

    Hi All, e are using the SPRUNCONVERSION stored procedure for the historic conversion. We assign an historic currency rate to each single entity but when the SPRUNCONVERSION runs it converts only at the currency rate of the default entity. It works in

  • CSS and BR?

    I'm getting an extra line break after any line that is using the stylesheet? The BR tag works fine if that line isn't using a tag from the stylesheet, but when it does, it produces an extra line. To see what I mean, open a blank flash movie and paste

  • Cannot install new version of itunes, cannot remove old version

    cannot install new version of itunes, cannot remove old version