Wlc 5508 : guest users to be configured only give access for internal SAP application
Hi,
I have one new requirement with one of the client.
I have wlc 5508 with 6.0 firmware. I need to have one guest wlan which will have access only for internal SAP application.
I have gone through cisco document for internet guest users , where web page will be redirected with user name and password once it is authenticated , we can access internet.
Provided if we have access list configured in wlc ... for internet access only /
what about this mentioned scenario ?
can anybody suggest on the same ?
Hi Vinod,
Go for the ACL on any Router or the switch.. i prefer not on the WLC..
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml
Here is the link as well to do it on the WLC
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807810d1.shtml
Lemme know if this answered ur question..
Regards
Surendra
Similar Messages
-
Configuring the authentication scheme for a web application
Hi all,
We have a requirement to configure the authentication scheme for a web application where some set of users should access the application using basic LDAP (userid/password) authentication and some using digital certificate authentication.
Since the deployment descriptor (web.xml) allows only one directive for auth-method in logic-config, we want to know if there is any other way to achieve this requirement. We are thinking of a custom login module approach. But we are not able to figure out how to configure the auth-method at runtime from the login servlet.
Please let us know if there is any other approach to achieve this.
I will be thankful if any body shares any specific solution to this issue.This forum is probably not the correct one to ask in. It's more related to the web container than Java Programming.
Kaj -
i am having iphone3gs and ipod4s, is it possible the application that i have purchased in my iphone can be available in my i pod by doing payment only one time for the same application in my i phone...if yes,plz let me know hw it is possible..
Open the App Store on your device.
Make sure you are signed in with the same account used for the original purchase.
Tap on Purchased from the bottom navigation bar.
On iPhone or iPod touch, tap Updates from the bottom navigation bar, then tap Purchased.
Locate the app in your Purchased tab.
Tap the download button (cloud symbol)
See also: http://support.apple.com/kb/HT2519?viewlocale=en_US&locale=en_US -
How to i configure multiple JBoss caches for standard lone application
how to i configure multiple JBoss caches for standard long application running on single JVM..Please advice and provide me sample code if any..
Thanks
NAgs[http://www.jboss.org]
Locking this thread. -
WLC 2504, guest user life time
Hi ,
Cant we create a guest user login with more than 30 days lifetime? In the lifetime field we can enter maximum 99 but it only allows up to 30
any idea?
Thanks.Hi, no the limit is 30days if the user is created in the WLC.
Info from the user guide = Range: 5 minutes to 30 days
You'd configure a longer lifetime if you use the WCS/NCS.
If you configure 90 days via the WCS/NCS you also see on the WLC 30days but the WCS/NCS will update this unitil the 90days are over.
Kind regards,
Ron -
I have a system that I'm trying to tie into WLC (4.1 / 4.2) for wireless guest access. I would like to make it so that when someone creates an account in a registration system I can do a snmpset command to create the person an account on the WLC for wireless access. I have found the OID (.1.3.6.1.4.1.14179.2.5.10.1.1) but am unsure as to how to actually create an entry. Does anyone happen to have an example they can send my way as to how to create a guest user using snmp?
Thanks!Okay so i honesty I got a lot of help from Brad Hanson on this, but to summarise....
-In Local Users are stored in the WLC.
-Once created the timer starts to tick, regards if the user is logged on or not.
-The Local Users can be listed by polling the OID positions:
.1.3.6.1.4.1.14179.2.5.10.1.1 (username)
.1.3.6.1.4.1.14179.2.5.10.1.2 (WLAN)
.1.3.6.1.4.1.14179.2.5.10.1.3 (password)
.1.3.6.1.4.1.14179.2.5.10.1.4 (description)
.1.3.6.1.4.1.14179.2.5.10.1.5 (time left) (100's of seconds)
Example command: snmpwalk -c READSTRING -C c IPADDRESS 1.3.6.1.4.1.14179.2.5.10.1
-The OID positions are unique by extending the OID using the ASCII value of the username specified and the number of characters in that user name
Example User 'Test' is 4 characters long and made up of ASCII 84 = T, 101 = e, 115 = s, 116 = t.
Therefore 'time left' for Test would be OID + ID = .1.3.6.1.4.1.14179.2.5.10.1.5.4.84.101.115.116
-When making a new account remotely user must construct the users name out of ASCII, count the number of characters and in a single SNMP commands set the first five parameters of the new account.
Example. Makes an account called 'z'.
snmpset -c WRITESTRING IPADDRESS .1.3.6.1.4.1.14179.2.5.10.1.24.1.122 i 4 .1.3.6.1.4.1.14179.2.5.10.1.1.1.122 s "z" .1.3.6.1.4.1.14179.2.5.10.1.2.1.122 i 5 .1.3.6.1.4.1.14179.2.5.10.1.3.1.122 s "z" .1.3.6.1.4.1.14179.2.5.10.1.4.1.122 s "maybe" .1.3.6.1.4.1.14179.2.5.10.1.4.1.122 s "z1" .1.3.6.1.4.1.14179.2.5.10.1.5.1.122 i 86400
Spot the '.24' OID is always set to integer 4… this asks the WLC to create a new account and the rest of the parameters are to follow.
-Once the new account is created the you must force it to a Guest Account by setting guest option to integer 1.
Example for user 'z' snmpset -c WRITESTRING IPADDRESS .1.3.6.1.4.1.9.9.515.2.3.1.1.2.1.122 i 1
-NB. Minimum time allowed to be set is 6000 = 60 seconds.
-To delete account OID '.24' to integer 6
Example for user 'z' snmpset -c WRITESTRING IPADDRESS .1.3.6.1.4.1.14179.2.5.10.1.24.1.122 i 6 -
GRC 10 Guest Users - how to configure ARQ?
I've been trying to find a solution to this and am not clear if End User Login is the answer or not.
I want to set up GRC 10/10.1 so that users who don't have an account can request access for a new account. In GRC 5.3, it was possible to direct the users to the GRC CUP URL and it would have a request form.
How do I get that functionality enabled in GRC 10/10.1?
Thanks,
SantoshHi Santosh
I realised you closed this and Alessandro already advised you existing link to refer to. Here's another one that goes a bit more into detail relating to the system user and technical configuration
End User Login Page -- GRC 10
The key thing to making this work is to identify a data source for your users to authenticate against.
Regards
Colleen -
Itunes says i must enter passcode on iphone but iphone only gives option for emergency calls
My sim card is inserted and when I turn the iphone on it only gives the option for emergncy calls, when i connect to itunes it says the phone is locked and i need to enter the passcode on the phone but i cannot enter pass cose on phone as it doesnt give me the option.
Any ideas?
ThanksYou're gonna have to force the phone into recovery mode:
Turn your phone off. If you cannot turn off your phone using the slider, press and hold the Sleep/Wake and Home buttons at the same time. When your phone turns off, release the Sleep/Wake and Home buttons. Then, leave the USB cable connected to your computer, but NOT your phone, itunes running, press & hold the home button while connecting the USB cable to your dock connector, continue holding the home button until you see “Connect to iTunes” on the screen. You may now release the home button. iTunes should now display that it has detected your phone in recovery mode, if not quit and reopen iTunes. If you still don’t see the recovery message repeat these steps again. iTunes will give you the option to restore from a backup or set up as new. -
WLC 5508 Guest termination Tunnel
Hi to all,
I've a question regarding Guest Wireless Access: can the WLC5508 do Guest Termination Tunnel as they do the WLC440X??? I suppose yes...or better say I hope yes ;-)
What about the AP support? Can I mix as is possible with the 440X where the internal WLC are licensed for 50 AP and the external one for only 12???
Thanks for a feedback!It sounds like you're running into the same project as me. I have all 4402's and was considering upgrading to a 5508 for our headquarters. This happens to be our guest anchor as well. To ensure that mobility will work, which is a requirement for guest, carefully read the version 6 release notes. In a nutshell though, I've found that this will work with 4.2 code and up to version 6 on a 5508. I'd check the release notes to be exactly sure of the 4.2 release though. 4.2.205.0 has been working well for me. I don't have our 5508 yet, but I'll provide an update once it gets here. In a perfect world, having the same version 6 release on the 4402's and the 5508 will ensure you don't have anchor / mobility problems.
As far as the different AP licenses go on the controllers, this will only affect the size of the network you can have at each site (because it restricts the number of AP's, ie. 25 versus 12). You can definitely use guest on a 50 AP controller with a 12AP controller at the other site. They don't have to match... -
Cisco WLC 5508 Guest Authentification issue
Hi ..
I have one interface setup to a Cisco 2921 router connected to a Cable modem.
DHCP is on the 2921.
when I connect to the ssid for my guest i'm redirected to the authentification portal 1.1.1.1 .
I'm putting valide credential and when pressing the submit button .. it just go anywhere.
I have setup another SSID with a psk and it's working fine.. getting ip and able to browse internet.
From what i have read... it's apparently DNS issue on my router.. but what should I check.My client has ip like that
Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connection
Physical Address. . . . . . . . . : 40-2C-F4-ED-AD-FB
IPv4 Address. . . . . . . . . . . : 192.168.6.36
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.6.1
DNS Servers . . . . . . . . . . . : 24.200.241.37
24.200.243.189
DNS are the one from my service provider -
Where do you turn this option off? i have looked under security and did not see any thing. Thanks
Wlans -> Security -> Layer 3. ?
Sent from Cisco Technical Support iPad App -
I just recently come into a problem on a dell all-in-one, where the computer has been updated to windows 8.1 and doesn't show users, only a blue screen with the power options and accessibility options and here is how I fixed it.
Note: you will lose your desktop apps
1. Turn on computer and let load to the blue screen with the options
2. While holding down shift click on the power button and then click restart (while still holding shift)
3. Hold shift until the advanced recovery options comes up
4. click on Troubleshoot>Refresh your PC
5.Enter password for user account
6. Let it do its magicHi,
Thanks for your sharing. And it will benifit others who encounter the similar issue as yours.
This issue can be caused by corrupted winlogon components.
You are right to refresh to repair the system.
Kate Li
TechNet Community Support -
Users with same configurations - one has access not the other
Hi all,
I have a real mysterious problem.
On the same computer, installed with "Cisco VPN Client v5.0.07.0410", one user can connect to the VPN and not the other. Both users uses the same Dynamic Access Policies on our ASA firewall. We are certain that the users entered the correct name and password. But one can enter in our network and the other gets an "Authentication failed" message directly in the "User Authentication" window.
Has someone an idea to help us solve this problem ?
I provide you here a log file of the problem (IKE.log level 3), if you think you need an other, please ask.
In this log, I have the feeling that the cause (and maybe the solution) is around event 293, but......not sure.
Thanks in advanceHi Balthazer,
Please send us the following outputs from the ASA. Run a conditional debug for the specific user who is facing the issue.
debug crypto condition [username string]
debug cry isa sa 200
deb cry ips sa 200
Also, you have mentioned that you are using DAP policy. Can you share the DAP policy with us.
Regards,
Abhishek Purohit
CCIE-S- 35269 -
How to configure CISCO ASA 5510 for internal remote desktop ?
Helo,I have a client that want to install new ASA (5510) in their network.
and then I did some experiment to implement it. the topology is like this :
--------configuration---------
2800 router :
interface FastEthernet0/0
ip address 172.16.1.1 255.255.255.0
duplex auto
speed auto
interface FastEthernet0/1
ip address 192.168.11.3 255.255.255.0
duplex auto
speed auto
ip route 192.168.12.0 255.255.255.0 172.16.1.2
1841 router :
interface FastEthernet0/0
ip address 172.16.1.2 255.255.255.0
duplex auto
speed auto
interface FastEthernet0/1
ip address 192.168.12.1 255.255.255.0
duplex auto
speed auto
ip route 0.0.0.0 0.0.0.0 172.16.1.1
ASA 5510 :
: Saved
: Written by enable_15 at 19:21:31.639 UTC Mon Sep 13 2010
ASA Version 8.2(1)
hostname ciscoasa
enable password **** encrypted
passwd ***** encrypted
names
name 192.168.12.0 Branch
dns-guard
interface Ethernet0/0
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.11.1 255.255.255.0
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
shutdown
no nameif
no security-level
no ip address
management-only
boot system disk0:/asa821-k8.bin
ftp mode passive
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list inside_access_in extended permit ip 192.168.11.0 255.255.255.0 Branch 255.255.255.0
access-list inside_access_in extended permit ip 192.168.11.0 255.255.255.0 any
access-list inside_access_in extended permit ip Branch 255.255.255.0 192.168.11.0 255.255.255.0
tcp-map mssmap
synack-data allow
invalid-ack allow
seq-past-window allow
urgent-flag allow
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-621.bin
asdm location Branch 255.255.255.0 inside
no asdm history enable
arp timeout 14400
static (inside,inside) 192.168.11.2 192.168.11.2 netmask 255.255.255.255
static (inside,inside) 192.168.12.2 192.168.12.2 netmask 255.255.255.255
access-group inside_access_in in interface inside
route inside Branch 255.255.255.0 172.16.1.1 1
timeout xlate 3:00:00
timeout conn 10:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username ***** password ***** encrypted
class-map mymap
match access-list inside_access_in
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
policy-map myPolicy
class mymap
set connection advanced-options mssmap
service-policy global_policy global
service-policy myPolicy interface inside
prompt hostname context
Cryptochecksum:a605d94f29924e5267644dd0f4476145
: end
I can successfully ping from host 192.168.12.2 to 192.168.11.2, but I can't do remote desktop from those host.
then I use wireshark to capture packet in my computer and it says that TCP ACKed Lost Segment.
"1373","164.538081","192.168.11.2","192.168.12.2","TCP","47785 > ms-wbt-server [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=2"
"1374","164.538993","192.168.12.2","192.168.11.2","TCP","[TCP ACKed lost segment] ms-wbt-server > 47785 [RST, ACK] Seq=1 Ack=1407706213 Win=0 Len=0"
I can guarantee that both computers are remote desktop enabled and all firewall have been disabled.
please help, any suggest would be great .
thanks .
sincerley yours
-IAN WIJAYA-ear Ian_benderaz,
Thank god i am not alone on this ,
Me too having the exact same problem , i can ping to the host ,but no remote desktop .
Somebody please help me on this , how enable remote desktop on asa 5505
Thanks -
Read only access for objects in application designer
I want to apply read only access to all the objects in application designer. I would like to know how we can do this.
Jayaprakash TedlaJayaprakash,
On 8.48 :
1. Create a PERMISSION LIST
1.1 leave empty the navigator homepage
1.2 leave unchecked Can Start Application Server? and Allow Password to be Emailed?
1.3 On Pages tab, leave it empty
1.4 On PeopleTools tab, check Application Designer Access, then click on Definition Permissions, Tools Permissions Miscellaneous and Permissions, and put there the rights as well as you want. You can put Read Only on all component in one shot by clicking on the button, or one by one by choosing in the listbox for each type of components.
1.5 leave all other tab blank
2. Create a ROLE, and add the permission list created on step 1.
3. Create the user, and give the role created on step 2.
4. Open Application Designer, connect there with the new user, and enjoy on read-only access.
Hope this help,
Nicolas.
Maybe you are looking for
-
I recently got a macbook air and want to transfer some books from my Adobe Digital Edition Library that is on my Apple iMac onto my new Macbook Air. Anyone know how to do this?
-
HP Pavilion dv7-6c09tx windows 8.1 pro issues
Hello! I've just decided to upgrade my HP Pavilion dv7-6c09tx Entertainment Notebook PC to Win 8.1 pro.. Bit of an effort to say the least! Installed all drivers here: http://h10025.www1.hp.com/ewfrf/wc/softwareCategory?os=4132&lc=en&cc=au&dlc=en&sw_
-
I bought my macbook air that came with os x lion and ilife 11, in ilife it comes with movie, i updated iMovie from the mac app store. I did some editing after that but now, today, i can't find iMovie?!? i don't know where it is! i searched for it on
-
Cannot find older CAN-2.0 .vi's in labview 2009
Hi, I'm trying to use a (rather old) Series 1 PCMCIA-CAN/2 card in Labview 2009. I've installed latest NI-CAN driver that supports this old card (NI-CAN 2.0, I think), but I don't see any of the can.llb vi's in the functions palette. The CAN-2.0 d
-
Hi ~ are there any way there is a SP I can copy a SQL logins with all: server roles, users mapping of database, database role......etc... using TSQL ....