WLC Guest Account Configuration

Similar Messages

• WLC - guest account multiple users

  Hi,
  I have been looking at guest access features of the WLC and I can see the ability to specificy an account duration as a Lobby Ambassador but does the WLC support multiple logins per guest account?
  I.e. I want to create a single guest account for use by 100 users. Is there any way to achieve this or would I need to create 100 individual guest user accounts?
  Many thanks,
  Paul.

  Paul,
  If you have WCS available, you can import a .csv file that contains the proper information for usernames/passwords:
  http://www.cisco.com/en/US/docs/wireless/wcs/7.0/configuration/guide/7_0temp.html#wp1102820
  Example file would look like:
  Username   Password   Profile     Description
    User1      Cisco      Any Profile Net User 1
    User2      Cisco                  Net User 2
    User3      Cisco      Internal    Net User 3
  The other option I can think of would be to build a list of command line configurations for the WLC, and manipulate the list with your already created usernames/passwords in a text editor. The command to configure a guest user on the WLC CLI is:
  config netuser add wlan userType [lifetime ] [description ]
  Thanks,
  -Patrick

• Guest account issues

  After having fully restored my Mac HD, I played a bit with the Guest Account (following this http://www.macosxhints.com/article.php?story=20080205095429448 guide). In my previous installation I had my Guest Account configured using the above guide, but didn't back it up so had to start again the tweak. However this time I did something *ridiculously smart*: after all settings were changed through Server Admin Tools, I changed the Guest Account name to something else, which screwed it up completely. For i.e., when I try to log in it Leopard pops up an error message since it can't find the "guest folder where it's usually stored". Also, I can't log out.
  My aim now is to restore the Guest Account back to how it was by default, since just disable and re-enable the account as is wouldn't do the job.
  Any suggestion?

  V.K. wrote:
  ridiculously smart indeed.
  V.K. wrote:
  run the following terminal command
  sudo ls /var/db/dslocal/nodes/Default/users/
  post back with the results and we'll proceed from there.
  $ sudo ls /var/db/dslocal/nodes/Default/users/
  WARNING: Improper use of the sudo command could lead to data loss
  or the deletion of important system files. Please double-check your
  typing when using sudo. Type "man sudo" for more information.
  To proceed, enter your password, or type Ctrl-C to abort.
  Password:
  Account1.plist _jabber.plist _svn.plist
  Account2.plist _lp.plist _teamsserver.plist
  *Guest.plist * _mailman.plist _tokend.plist
  _amavisd.plist _mcxalr.plist _unknown.plist
  _appowner.plist _mdnsresponder.plist updatesharing.plist
  _appserver.plist _mysql.plist _uucp.plist
  _ard.plist _pcastagent.plist _windowserver.plist
  _atsserver.plist _pcastserver.plist _www.plist
  _calendar.plist _postfix.plist _xgridagent.plist
  _clamav.plist _qtss.plist _xgridcontroller.plist
  _cvs.plist _sandbox.plist daemon.plist
  _cyrus.plist _securityagent.plist frontrow.plist
  _devdocs.plist _serialnumberd.plist nobody.plist
  _eppc.plist _spotlight.plist root.plist
  _installer.plist _sshd.plist
  Thanks very much for your help!

• Can't remove wcs guest account if account has expired on wlc

  Hi. I am running wcs 4.1.91.0. I'm using Lobby Ambassoador functionality. I've found that if you create a guest acount using wcs with a limited lifetime, then after that lifetime period, you cannot delete the guest account from wcs as the account has already expired on the wlc. You get no error message in wcs -it just shows a JavaVoid error message at the bottom of the browser. I'm assuming wcs is trying to delete the account from the wlc but cant because the account is no longer on the wlc. Has this been resolved in a later version of wcs yet??

  Here is the URL Cisco Guest Access Using the Cisco Wireless LAN Controller follow the configuration guide it will help you manage the guest account in WLC :
  http://www.cisco.com/en/US/docs/wireless/technology/guest_access/technical/reference/4.1/GAccess_41.html#wp1001402

• Prime Infrastructure 2.0 can not create the guest account on WLC 5508

  The PI can manage the WLC which means the connection between them is ok, but I am not able to create the guest account on it. The WLC has guest SSID with web auth configured correctly..
  Any idea why?
  Thanks!

  raymond,
  that's good to know that it required :
  1) not only a RW community string
  2) but also as well ssh credentials
  i too would have thought option 1) would be all that was required but it doesn't appear that way w/ your response.
  the only way i'll go to add devices in is by doing both SNMP RW and ssh at the same time.
  now we know
  thanks for pointing this out

• Prime 1.3 and WLC 7.6 Can I push guest accounts?

  Hi all
  My Customer needs to update the WLC to 7.6 (from 7.4) due to 3700 APs, but does not use the ac or other new features (yet).
  He has a Prime 1.3 update 4, where the guest Account are created.
  Can he, after the WLC Upgrade  to 7.6.130.0 still see the WLC from Prime 1.3 and Push guest accounts to the WLC?
  The migration to PI 2.1 will be planned.
  Thanks
  Willem

  Cisco Prime 1.3 doesn't support 7.6 please check the compatibility matrix
  Table 4 Cisco Prime Infrastructure and Cisco Wireless Release Compatibility Matrix
  Cisco Prime Infrastructure
  Cisco WLC
  Cisco MSE
  ISE
  Remarks
  Update 4 for 1.3.0.20
  Update 1 for 1.3.0.20
  1.3.0.20
  7.4.121.0
  7.4.110.0
  7.4.100.60
  7.4.100.0
  7.3.112.0
  7.3.101.0
  7.2.115.2
  7.2.111.3
  7.2.110.0
  7.2.103.0
  7.0.250.0
  7.0.240.0
  7.0.235.3
  7.0.235.0
  7.0.230.0
  7.1.91.0
  7.0.220.0
  7.0.116.0
  7.0.98.218
  7.0.98.0
  7.4.121.0
  7.4.110.0
  7.4.100.0
  7.3.101.0
  7.2.110.0
  7.2.103.0
  7.0.240.0
  7.0.230.0
  7.0.220.0
  7.0.201.204
  7.0.112.0
  7.0.105.0
  1.0
  1.1
  1.2

• Cisco WLC local net user - guest account

  Hello,
  We have a 2504 Cisco WLC.  I am creating Local Net Users for one of the WLANs that uses Web Auth and the Local Database.
  My one question is, what does a "guest account" do differently than a non guest account besides the ability to create the lifetime of the account?  I mean, it seems both give access to the WLAN so I am failing to see the difference between the two.
  Any help is greatly appreciated.

  A guest acct can only login to a webauth WLAN. A normal netuser can login to any WLAN that you allow or all. Including 802.1x if that WLAN is allowed to chek the local db
  Steve
  Sent from Cisco Technical Support iPhone App

• WLC Guest Access Randomly and Print

  Hi all, in my company have asked me a solution where automatically creates the guest account with username and password randomly. Is this solution possible to implement? With only the WLC?    p.s. you also know which models \ brands of printers allow you to press a button and print a receipt(with user\password) that can be integrated with the WLC??  Thank you.

  Hi Marco,
  WCS is software of license. right. But it is now being replaced by NCS; its elder brother, which is an appliance. I think WCS now is out of sale and NCS is what is available (not sure).
  No modifications need to be done on WLC. you only add the WLC to the WCS (or NCS). This needs correct SNMP information to be configured on both sides.
  If you have some programming experience you may implement the random username/password implementation yourself. Just capture the traffic when WCS send an SNMP packet to the WLCs to create the guest account. Whenever you want to create a user you specify same packet but change the usrename and the password and send the same packet to the WLC. Of course you need the sender IP address to the SNMP community list in the WLC.
  For the printer part it is a bit harder. your program should be integrated with the printer and prapare the layout that will be printed.
  HTH
  Amjad

• Schedule a reccuring Guest account

  Hello
  We have recently rolled out a wireless lan using WLCs and Prime Infrastructure 1.3.
  We have the lobby accounts working with creating guest accounts for web auth users.
  We are looking at having an account permanantly set to allow access on the guest WLAN, but would like this account to automatically reset it's password to something autogenerated every week (or month). The new credentials would then be emailled to a certain email address.
  I haven't been able to find an obvious way to configure this. Can this be done?

  Hello,
  To schedule a recurring guest user account in NCS, follow these steps:
  Step 1 Log in to the NCS user interface as lobby ambassador.
  Step 2 Choose Schedule Guest User from the Guest User page.
  Note You can also schedule guest users from the Configure > Controller Template Launch Pad > Security > Guest User option.
  Step 3 On the Guest Users > Scheduling page, enter the guest username. The maximum is 24 characters.
  Step 4 Select  the check box to generate a username and password on every schedule. If  this is enabled, a different password is supplied for each day (up to  the number of days chosen). If this is disabled (unselected), one  password is supplied for a span of days. The generation of a new  password on every schedule is optional.
  Step 5 Select  a Profile ID from the drop-down list. This is the SSID to which this  guest user applies and must be a WLAN that has Layer 3 authentication  policy configured. Your administrator can advise which Profile ID to  use.
  Step 6 Enter a description of the guest user account.
  Step 7 Choose limited or unlimited.
  •Limited:  From the drop-down list, choose days, hours, or minutes for the  lifetime of this guest user account. The maximum is 35 weeks.
  –Start time: Date and time when the guest user account begins.
  –End time: Date and time when the guest user account expires.
  •Unlimited: This user account never expires.
  •Days of the week: Select the check box for the days of the week that apply to this guest user account.
  Step 8 Choose Apply To  to restrict a guest user to a confined area by selecting a campus,  building, or floor so that when applied, only those controllers and  associated access points are available. You can use AP grouping to  enforce access point level restrictions that determine which SSIDs to  broadcast. Those access points are then assigned to the respective  floors. You can also restrict the guest user to specific listed  controllers or a configuration group, which is a group of controllers  that has been preconfigured by the administrator.
  From the drop-down lists, choose one of the following:
  •Controller List: select the check box for the controller(s) to which the guest user account is associated.
  •Indoor Area: choose the applicable campus, building, and floor.
  •Outdoor Area: choose the applicable campus and outdoor area.
  •Config group: choose the configuration group to which the guest user account belongs.
  Step 9 Enter  the e-mail address to send the guest user account credentials. Each  time the scheduled time comes up, the guest user account credentials are  e-mailed to the specified e-mail address.
  Step 10 Review the disclaimer information. Use the scroll bar to move up and down.
  Step 11 Click Save to save your changes or Cancel to leave the settings unchanged.
  Follow these steps to schedule a recurring guest user account in WCS.
  Step 1 Log in to the WCS user interface as lobby ambassador.
  Step 2 Choose Schedule Guest User from the Guest User page.
  Note You can also schedule guest users from the Configure > Controller Template Launch Pad > Security > Guest User option.
  Step 3 On the Guest Users > Scheduling page, enter the guest user name. The maximum is 24 characters.
  Step 4 Select  the check box to generate a username and password on every schedule. If  this is enabled, a different password is supplied for each day (up to  the number of days chosen). If this is disabled (unselected), one  password is supplied for a span of days. The generation of a new  password on every schedule is optional.
  Step 5 Select  a Profile ID from the drop-down list. This is the SSID to which this  guest user applies and must be a WLAN that has Layer 3 authentication  policy configured. Your administrator can advise which Profile ID to  use.
  Step 6 Enter a description of the guest user account.
  Step 7 Choose limited or unlimited.
  •Limited:  From the drop-down list, choose days, hours, or minutes for the  lifetime of this guest user account. The maximum is 35 weeks.
  –Start time: Date and time when the guest user account begins.
  –End time: Date and time when the guest user account expires.
  •Unlimited: This user account never expires.
  •Days of the week: Select the check box for the days of the week that apply to this guest user account.
  Step 8 Choose Apply To  to restrict a guest user to a confined area by selecting a campus,  building, or floor so that when applied, only those controllers and  associated access points are available. You can use AP grouping to  enforce access point level restrictions that determine which SSIDs to  broadcast. Those access points are then assigned to the respective  floors. You can also restrict the guest user to specific listed  controllers or a configuration group, which is a group of controllers  that has been preconfigured by the administrator.
  From the drop-down lists, choose one of the following:
  •Controller List: select the check box for the controller(s) to which the guest user account is associated.
  •Indoor Area: choose the applicable campus, building, and floor.
  •Outdoor Area: choose the applicable campus and outdoor area.
  •Config group: choose the configuration group to which the guest user account belongs.
  Step 9 Enter  the e-mail address to send the guest user account credentials. Each  time the scheduled time comes up, the guest user account credentials are  e-mailed to the specified e-mail address.
  Step 10 Review the disclaimer information. Use the scroll bar to move up and down.
  Step 11 Click Save to save your changes or Cancel to leave the settings unchanged.

• How do I set up a guest account using the AirPort Express  2nd Generation?

  I Just purchased a new 2nd Generation AirPort Express.  The features list and the set-up guide says that I should be able to set up a guest account, but nowhere have I found how to do this.  I am running AirPort Utility 5.6 on my MacBook Air under Lion and I even get a message that I should not make updates using version 5.6 because it is not the appropriate version for the 2nd generation AirPort Express. Software Update says there's nothing new for me. When I search the Apple support site there is not even a version of AirPort Utility 5.6.1 for Lion though there is one for Snow Leopard.  Even when I installed that version on my Mac Mini running Snow Leopard, I could see no way to create a guest account.
  I came across a YouTube video describing a demonstrating how to set up the guest account on Time Capsule and the AirPort Exteme. There it's quite obvious because in the General section there is a tab for setting up the guest account.  There is no such tab in either version 5.6 of the AirPort Utility I'm running under Lion or version 5.6.1 running under Snow Leopard.
  What am I missing?
  -Bill

  Apple assumes that you are connecting the AirPort Express to a simple modem....not a modem/router or gateway type of device......that provides both modem and router functions in one enclosure.
  If you have the AirPort Express connected to a gateway device, the Express is detecting that another router is present on the network, so the Express operates in Bridge Mode to prevent the conflicts that would normally occur when two routers are on the same network.
  Open AirPort Utility 5.6, select the AirPort Express and click Manual Setup
  Click the Internet icon, then click the Internet Connection tab
  If the Connection Sharing setting is currently configured to "Off (Bridge Mode)", the Guest Network cannot be enabled with the type of "modem" that you have without breaking some basic networking rules.

• Using AirPort Time Capsule as an external drive with access to files by guest account

  Is it possible to use my AirPort Time Capsule as an external drive with access to files by a guest account?
  I would like to store a large number of folders containg photographs on my AirPort Time Capsule and allow anyone with a password to access the photographs - at the time of viewing the Time Capsule would be connected to the internet but I wouldn't want users to actually access anything other than the files on the Time Capsule - is this possible?  if so any help in configuring it would be really helpful.

  No it is not possible.. Guest is just that.. a guest that is allowed permission to access the internet but none of the local files.
  To give a person access to the TC they must have password to access your normal network..
  From there it is up to you how you do this.. people cannot actually access files on your computers unless you give them share and password permissions for that.. you can even setup accounts on the TC although I recommend against it.. if you want shared photos anyway. All security on a TC is illusion.. merely pressing the reset and it is all blown away.. so if you are concerned about security don't put stuff on the TC people should not access.. or like your TM backups ensure they are encrypted.
  A person can then access you TC and the photos.. but what else on the network??

• ISE doesnt send Guest accounts via Email

  HI
  I have come across an issue in ISE1.1.2.
  once i create a guest account, and click on email, i get the below error
  i have patched version 1.1.2 to the latest patch 3
  i have also configured teh sponsor portal customisation email address.
  ISE reports "Internal Error encountered. Please contact administrator or help desk"
  anyone have any suugestions?

  Hi Neno
  i have configured an SMTP server on ISE admin, i have created a default email address ( [email protected]). i have got an email address in the customization page of teh sponsor portal ( [email protected]).
  One thing i just tried was when i create a guest user with an email address of [email protected] , that worked fine. but if i configure a guest user with an email address of [email protected] , this is when i get the error message.

• Settings for guest account

  i admin some macs at the local university's art education. we've got six macs and 45 students. FCS, CS4 and PRO TOOLS, along with various open source software. for the upcoming semester, we've decided that each student is no longer allowed to store their files on the internal disks. the solution i was going for, was using the guest account. each student will no longer log into their account, but hook up their private external disk to save their files to.
  the problem is, i can't configure the looks and behaviors of the guest account. for example, i would like to add the app icons they'll be working with to the dock, i'd like to set the right clicking on the mighty mouse to be a secondary click, separate pro tools shortcuts from osx exposé/dashboard, change privileges to the shared folders etc.
  but every log out / log in, these settings are restored to a default.
  is there any way i can override this default?
  or is there a better way to organize this altogether?

  iColor wrote:
  that's great.
  it seems i cannot actually set all the preferences. like the obvious right secondary mouse click, appearance and energy saving. or could i, clicking 'preferences', then details' and adding something to the list?
  but dock customization is a 'start'.
  if i want to manage accounts on other macines on the local network, what do i enter instead of 'localhost'?
  I don't think you can do this at all unless you run OS X server. I could be wrong and the IP address of the remote computer might work but I never tried that myself.
  i recently bought apple remote desktop, - the workgroup manager seems to be a great addition to that. almost as it should be integrated in it.
  thank you again
  Message was edited by: V.K.

• Enable A Guest Account So We Could Save Restriction Settings

  How about a setting that will enable at boot up an option to log in main user (admin) or Guest account? And in the main user's restriction settings allow you to configure what apps the guest account can access. Then all you would have to do is set that 4 character password prompt for main user and allow guest to log in without a password. Then depending on your restriction settings you could make this thing a little bit more secure for families and multiple users. Any app purchases would still be under main user and need a password. I think this is doable. So say we all! ?

  I guess I don't see it as a personal device. Since it has the ability to replace what most users use a laptop for. iPhone's size was holding it back from being the netbook killer. Now we have the larger version the iPad. iPad's OS has already started of on it's own path from the iPhone OS. So why not just put some chrooted dummy guest account option in it. So the multiple user household can have some way to save restriction settings and protect the main account.
  My kids (5 and 3)are very good with my old G4 iBook and 1st Gen iPhone. Although there was that one time my son pulled all the keys off the iBook and the iPhone has been dropped like a hundred times on the hardwood but it still works.
  If iPad is going to be a wonderful tool to help educate my kids since I didn't have to show my kids how to work the iPhone. They just figured it out. I hope some good EDU apps come out soon.

• Can't use guest account in safe mode

  i have a late 2008 unibody macbook 2.4.
  my wife has a late 2007 imac.
  when i apply update i boot into safe mode and update from there.
  on my wife's computer i can select the guest account and update from there.
  on my macbook however, when i try to enter the guest account the display 'shakes and quakes' and doesn't allow me to use the guest accounts.
  we are currently 'up-to-date' with updates (10.5.7 etc).
  we have zero problems in general.
  the settings appear to be the same on both computers (as regards accounts).
  anyone have a clue, why i can use guest on the imac, but not on the macbook.
  thanks a bunch.

  excellent points greg, but not applicable here.
  there are 3 accounts guest, me, admin.
  the guest is 'factory stock', the admin is 'factory stock' w/pass, and mine is mine.
  as i stated i can use guest in safe mode on my wife's imac, which is configured identically.
  there are zero passwords on our guest accounts.
  additonally, all permissions on both computers 'check-out' ok per disk utility.
  ps....i update only in safe mode so that nothing will interfer/hinder a proper update. we always download and install directly rather than using the 'automatic' update via software update.