Wlc 5508 : guest users to be configured only give access for internal SAP application

Similar Messages

• Configuring the authentication scheme for a web application

  Hi all,
  We have a requirement to configure the authentication scheme for a web application where some set of users should access the application using basic LDAP (userid/password) authentication and some using digital certificate authentication.
  Since the deployment descriptor (web.xml) allows only one directive for auth-method in logic-config, we want to know if there is any other way to achieve this requirement. We are thinking of a custom login module approach. But we are not able to figure out how to configure the auth-method at runtime from the login servlet.
  Please let us know if there is any other approach to achieve this.
  I will be thankful if any body shares any specific solution to this issue.

  This forum is probably not the correct one to ask in. It's more related to the web container than Java Programming.
  Kaj

• HT204053 i am having iphone3gs and ipod4s, is it possible the application that i have purchased in my iphone can be available in my i pod by doing payment only one time for the same application in my i phone...if yes,plz let me know hw it is possible

  i am having iphone3gs and ipod4s, is it possible the application that i have purchased in my iphone can be available in my i pod by doing payment only one time for the same application in my i phone...if yes,plz let me know hw it is possible..

  Open the App Store on your device.
  Make sure you are signed in with the same account used for the original purchase.
  Tap on Purchased from the bottom navigation bar.
  On iPhone or iPod touch, tap Updates from the bottom navigation bar, then tap Purchased.
  Locate the app in your Purchased tab.
  Tap the download button (cloud symbol)
  See also: http://support.apple.com/kb/HT2519?viewlocale=en_US&locale=en_US

• How to i configure multiple JBoss caches for standard lone application

  how to i configure multiple JBoss caches for standard long application running on single JVM..Please advice and provide me sample code if any..
  Thanks
  NAgs

  [http://www.jboss.org]
  Locking this thread.

• WLC 2504, guest user life time

                     Hi ,
                      Cant we create a guest user login with more than 30 days lifetime? In the lifetime field we can enter maximum 99 but it only allows up to 30
                          any idea?
                      Thanks.

  Hi, no the limit is 30days if the user is created in the WLC.
  Info from the user guide = Range: 5 minutes to 30 days
  You'd configure a longer lifetime if you use the WCS/NCS.
  If you configure 90 days via the WCS/NCS you also see on the WLC 30days but the WCS/NCS will update this unitil the 90days are over.
  Kind regards,
  Ron

• WLC SNMP Guest User Creation

  I have a system that I'm trying to tie into WLC (4.1 / 4.2) for wireless guest access. I would like to make it so that when someone creates an account in a registration system I can do a snmpset command to create the person an account on the WLC for wireless access. I have found the OID (.1.3.6.1.4.1.14179.2.5.10.1.1) but am unsure as to how to actually create an entry. Does anyone happen to have an example they can send my way as to how to create a guest user using snmp?
  Thanks!

  Okay so i honesty I got a lot of help from Brad Hanson on this, but to summarise....
  -In Local Users are stored in the WLC.
  -Once created the timer starts to tick, regards if the user is logged on or not.
  -The Local Users can be listed by polling the OID positions:
  .1.3.6.1.4.1.14179.2.5.10.1.1 (username)
  .1.3.6.1.4.1.14179.2.5.10.1.2 (WLAN)
  .1.3.6.1.4.1.14179.2.5.10.1.3 (password)
  .1.3.6.1.4.1.14179.2.5.10.1.4 (description)
  .1.3.6.1.4.1.14179.2.5.10.1.5 (time left)  (100's of seconds)
  Example command: snmpwalk -c READSTRING -C c IPADDRESS  1.3.6.1.4.1.14179.2.5.10.1
  -The OID positions are unique by extending the OID using the ASCII value of the username specified and the number of characters in that user name
  Example User 'Test' is 4 characters long and made up of ASCII 84 = T, 101 = e, 115 = s, 116 = t.
  Therefore 'time left' for Test would be OID + ID = .1.3.6.1.4.1.14179.2.5.10.1.5.4.84.101.115.116
  -When making a new account remotely user must construct the users name out of ASCII, count the number of characters and in a single SNMP commands set the first five parameters of the new account.
  Example. Makes an account called 'z'.
  snmpset -c WRITESTRING IPADDRESS .1.3.6.1.4.1.14179.2.5.10.1.24.1.122 i 4  .1.3.6.1.4.1.14179.2.5.10.1.1.1.122  s "z"  .1.3.6.1.4.1.14179.2.5.10.1.2.1.122 i 5 .1.3.6.1.4.1.14179.2.5.10.1.3.1.122 s "z"  .1.3.6.1.4.1.14179.2.5.10.1.4.1.122 s "maybe" .1.3.6.1.4.1.14179.2.5.10.1.4.1.122 s  "z1" .1.3.6.1.4.1.14179.2.5.10.1.5.1.122 i 86400
  Spot the '.24' OID is always set to integer 4… this asks the WLC to create a new account and the rest of the parameters are to follow.
  -Once the new account is created the you must force it to a Guest Account by setting guest option to integer 1.
  Example for user 'z'  snmpset -c WRITESTRING IPADDRESS .1.3.6.1.4.1.9.9.515.2.3.1.1.2.1.122 i 1
  -NB. Minimum time allowed to be set is 6000 = 60 seconds.
  -To delete account OID '.24' to integer 6
  Example for user 'z' snmpset -c WRITESTRING IPADDRESS  .1.3.6.1.4.1.14179.2.5.10.1.24.1.122 i 6

• GRC 10 Guest Users - how to configure ARQ?

  I've been trying to find a solution to this and am not clear if End User Login is the answer or not.
  I want to set up GRC 10/10.1 so that users who don't have an account can request access for a new account.  In GRC 5.3, it was possible to direct the users to the GRC CUP URL and it would have a request form.
  How do I get that functionality enabled in GRC 10/10.1?
  Thanks,
  Santosh

  Hi Santosh
  I realised you closed this and Alessandro already advised you existing link to refer to. Here's another one that goes a bit more into detail relating to the system user and technical configuration
  End User Login Page -- GRC 10
  The key thing to making this work is to identify a data source for your users to authenticate against.
  Regards
  Colleen

• Itunes says i must enter passcode on iphone but iphone only gives option for emergency calls

  My sim card is inserted and when I turn the iphone on it only gives the option for emergncy calls, when i connect to itunes it says the phone is locked and i need to enter the passcode on the phone but i cannot enter pass cose on phone as it doesnt give me the option.
  Any ideas?
  Thanks

  You're gonna have to force the phone into recovery mode:
  Turn your phone off. If you cannot turn off your phone using the slider, press and hold the Sleep/Wake and Home buttons at the same time. When your phone turns off, release the Sleep/Wake and Home buttons. Then, leave the USB cable connected to your computer, but NOT your phone, itunes running, press & hold the home button while connecting the USB cable to your dock connector, continue holding the home button until you see “Connect to iTunes” on the screen. You may now release the home button. iTunes should now display that it has detected your phone in recovery mode, if not quit and reopen iTunes. If you still don’t see the recovery message repeat these steps again. iTunes will give you the option to restore from a backup or set up as new.

• WLC 5508 Guest termination Tunnel

  Hi to all,
  I've a question regarding Guest Wireless Access: can the WLC5508 do Guest Termination Tunnel as they do the WLC440X??? I suppose yes...or better say I hope yes ;-)
  What about the AP support? Can I mix as is possible with the 440X where the internal WLC are licensed for 50 AP and the external one for only 12???
  Thanks for a feedback!

  It sounds like you're running into the same project as me. I have all 4402's and was considering upgrading to a 5508 for our headquarters. This happens to be our guest anchor as well. To ensure that mobility will work, which is a requirement for guest, carefully read the version 6 release notes. In a nutshell though, I've found that this will work with 4.2 code and up to version 6 on a 5508. I'd check the release notes to be exactly sure of the 4.2 release though. 4.2.205.0 has been working well for me. I don't have our 5508 yet, but I'll provide an update once it gets here. In a perfect world, having the same version 6 release on the 4402's and the 5508 will ensure you don't have anchor / mobility problems.
  As far as the different AP licenses go on the controllers, this will only affect the size of the network you can have at each site (because it restricts the number of AP's, ie. 25 versus 12). You can definitely use guest on a 50 AP controller with a 12AP controller at the other site. They don't have to match...

• Cisco WLC 5508 Guest Authentification issue

  Hi ..
  I have one interface setup to a Cisco 2921 router connected to a Cable modem.
  DHCP is on the 2921.
  when I connect to the ssid for my guest i'm redirected to the authentification portal 1.1.1.1 .
  I'm putting valide credential and when pressing the submit button .. it just go anywhere.
  I have setup another SSID with a psk and it's working fine.. getting ip and able to browse internet.
  From what i have read... it's apparently DNS issue on my router.. but what should I check.

  My client has ip like that
     Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connection
     Physical Address. . . . . . . . . : 40-2C-F4-ED-AD-FB
       IPv4 Address. . . . . . . . . . . : 192.168.6.36
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . : 192.168.6.1
     DNS Servers . . . . . . . . . . . : 24.200.241.37
                                         24.200.243.189
  DNS are the one from my service provider

• Wlc 5508 Guest logon page

  Where do you turn this option off? i have looked under security and did not see any thing.  Thanks

  Wlans -> Security -> Layer 3. ?
  Sent from Cisco Technical Support iPad App

• {Solved} Windows 8.1 Doesn't show users when windows loads, only shows options for accessibility and shutdown/restart

  I just recently come into a problem on a dell all-in-one, where the computer has been updated to windows 8.1 and doesn't show users, only a blue screen with the power options and accessibility options and here is how I fixed it.
  Note: you will lose your desktop apps
  1. Turn on computer and let load to the blue screen with the options
  2. While holding down shift click on the power button and then click restart (while still holding shift)
  3. Hold shift until the advanced recovery options comes up
  4. click on Troubleshoot>Refresh your PC
  5.Enter password for user account
  6. Let it do its magic

  Hi,
  Thanks for your sharing. And it will benifit others who encounter the similar issue as yours.
  This issue can be caused by corrupted winlogon components.
  You are right to refresh to repair the system.
  Kate Li
  TechNet Community Support

• Users with same configurations - one has access not the other

  Hi all,
  I have a real mysterious problem.
  On the same computer, installed with "Cisco VPN Client v5.0.07.0410", one user can connect to the VPN and not the other. Both users uses the same Dynamic Access Policies on our ASA firewall. We are certain that the users entered the correct name and password. But one can enter in our network and the other gets an "Authentication failed" message directly in the "User Authentication" window.
  Has someone an idea to help us solve this problem ?
  I provide you here a log file of the problem (IKE.log level 3), if you think you need an other, please ask.
  In this log, I have the feeling that the cause (and maybe the solution) is around event 293, but......not sure.
  Thanks in advance

  Hi Balthazer,
  Please send us the following outputs from the ASA. Run a conditional debug for the specific user who is facing the issue.
  debug                      crypto                      condition [username                  string]
  debug cry isa sa 200
  deb cry ips sa 200
  Also, you have mentioned that you are using DAP policy. Can you share the DAP policy with us.
  Regards,
  Abhishek Purohit
  CCIE-S- 35269

• How to configure CISCO ASA 5510 for internal remote desktop ?

  Helo,I have a client that want to install new ASA (5510) in their network.
  and then I did some experiment to implement it. the topology is like this :
  --------configuration---------
  2800 router :
  interface FastEthernet0/0
  ip address 172.16.1.1 255.255.255.0
  duplex auto
  speed auto
  interface FastEthernet0/1
  ip address 192.168.11.3 255.255.255.0
  duplex auto
  speed auto
  ip route 192.168.12.0 255.255.255.0 172.16.1.2
  1841 router :
  interface FastEthernet0/0
  ip address 172.16.1.2 255.255.255.0
  duplex auto
  speed auto
  interface FastEthernet0/1
  ip address 192.168.12.1 255.255.255.0
  duplex auto
  speed auto
  ip route 0.0.0.0 0.0.0.0 172.16.1.1
  ASA 5510 :
  : Saved
  : Written by enable_15 at 19:21:31.639 UTC Mon Sep 13 2010
  ASA Version 8.2(1)
  hostname ciscoasa
  enable password **** encrypted
  passwd ***** encrypted
  names
  name 192.168.12.0 Branch
  dns-guard
  interface Ethernet0/0
  shutdown
  no nameif
  no security-level
  no ip address
  interface Ethernet0/1
  nameif inside
  security-level 100
  ip address 192.168.11.1 255.255.255.0
  interface Ethernet0/2
  shutdown
  no nameif
  no security-level
  no ip address
  interface Ethernet0/3
  shutdown
  no nameif
  no security-level
  no ip address
  interface Management0/0
  shutdown
  no nameif
  no security-level
  no ip address
  management-only
  boot system disk0:/asa821-k8.bin
  ftp mode passive
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  access-list inside_access_in extended permit ip 192.168.11.0 255.255.255.0 Branch 255.255.255.0
  access-list inside_access_in extended permit ip 192.168.11.0 255.255.255.0 any
  access-list inside_access_in extended permit ip Branch 255.255.255.0 192.168.11.0 255.255.255.0
  tcp-map mssmap
    synack-data allow
    invalid-ack allow
    seq-past-window allow
    urgent-flag allow
  pager lines 24
  logging enable
  logging asdm informational
  mtu inside 1500
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-621.bin
  asdm location Branch 255.255.255.0 inside
  no asdm history enable
  arp timeout 14400
  static (inside,inside) 192.168.11.2 192.168.11.2 netmask 255.255.255.255
  static (inside,inside) 192.168.12.2 192.168.12.2 netmask 255.255.255.255
  access-group inside_access_in in interface inside
  route inside Branch 255.255.255.0 172.16.1.1 1
  timeout xlate 3:00:00
  timeout conn 10:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http 0.0.0.0 0.0.0.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  username ***** password ***** encrypted
  class-map mymap
  match access-list inside_access_in
  class-map inspection_default
  match default-inspection-traffic
  policy-map global_policy
  class inspection_default
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect skinny 
    inspect esmtp
    inspect sqlnet
    inspect sunrpc
    inspect tftp
    inspect sip 
    inspect xdmcp
  policy-map myPolicy
  class mymap
    set connection advanced-options mssmap
  service-policy global_policy global
  service-policy myPolicy interface inside
  prompt hostname context
  Cryptochecksum:a605d94f29924e5267644dd0f4476145
  : end
  I can successfully ping from host 192.168.12.2 to 192.168.11.2, but I can't do remote desktop from those host.
  then I use wireshark to capture packet in my computer and it says that TCP ACKed Lost Segment.
  "1373","164.538081","192.168.11.2","192.168.12.2","TCP","47785 > ms-wbt-server [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=2"
  "1374","164.538993","192.168.12.2","192.168.11.2","TCP","[TCP ACKed lost segment] ms-wbt-server > 47785 [RST, ACK] Seq=1 Ack=1407706213 Win=0 Len=0"
  I can guarantee that both computers are remote desktop enabled and all firewall have been disabled.
  please help, any suggest would be great .
  thanks .
  sincerley yours
  -IAN WIJAYA-

  ear Ian_benderaz,
  Thank god i am not alone on this ,
  Me too having the exact same problem , i can ping to the host ,but no remote desktop .
  Somebody please help me on this , how enable remote desktop on asa 5505 
  Thanks 

• Read only access for objects in application designer

  I want to apply read only access to all the objects in application designer. I would like to know how we can do this.
  Jayaprakash Tedla

  Jayaprakash,
  On 8.48 :
  1. Create a PERMISSION LIST
  1.1 leave empty the navigator homepage
  1.2 leave unchecked Can Start Application Server? and Allow Password to be Emailed?
  1.3 On Pages tab, leave it empty
  1.4 On PeopleTools tab, check Application Designer Access, then click on Definition Permissions, Tools Permissions Miscellaneous and Permissions, and put there the rights as well as you want. You can put Read Only on all component in one shot by clicking on the button, or one by one by choosing in the listbox for each type of components.
  1.5 leave all other tab blank
  2. Create a ROLE, and add the permission list created on step 1.
  3. Create the user, and give the role created on step 2.
  4. Open Application Designer, connect there with the new user, and enjoy on read-only access.
  Hope this help,
  Nicolas.