WLC SNMP Guest User Creation

I have a system that I'm trying to tie into WLC (4.1 / 4.2) for wireless guest access. I would like to make it so that when someone creates an account in a registration system I can do a snmpset command to create the person an account on the WLC for wireless access. I have found the OID (.1.3.6.1.4.1.14179.2.5.10.1.1) but am unsure as to how to actually create an entry. Does anyone happen to have an example they can send my way as to how to create a guest user using snmp?
Thanks!

Okay so i honesty I got a lot of help from Brad Hanson on this, but to summarise....
-In Local Users are stored in the WLC.
-Once created the timer starts to tick, regards if the user is logged on or not.
-The Local Users can be listed by polling the OID positions:
.1.3.6.1.4.1.14179.2.5.10.1.1 (username)
.1.3.6.1.4.1.14179.2.5.10.1.2 (WLAN)
.1.3.6.1.4.1.14179.2.5.10.1.3 (password)
.1.3.6.1.4.1.14179.2.5.10.1.4 (description)
.1.3.6.1.4.1.14179.2.5.10.1.5 (time left) (100's of seconds)
Example command: snmpwalk -c READSTRING -C c IPADDRESS 1.3.6.1.4.1.14179.2.5.10.1
-The OID positions are unique by extending the OID using the ASCII value of the username specified and the number of characters in that user name
Example User 'Test' is 4 characters long and made up of ASCII 84 = T, 101 = e, 115 = s, 116 = t.
Therefore 'time left' for Test would be OID + ID = .1.3.6.1.4.1.14179.2.5.10.1.5.4.84.101.115.116
-When making a new account remotely user must construct the users name out of ASCII, count the number of characters and in a single SNMP commands set the first five parameters of the new account.
Example. Makes an account called 'z'.
snmpset -c WRITESTRING IPADDRESS .1.3.6.1.4.1.14179.2.5.10.1.24.1.122 i 4 .1.3.6.1.4.1.14179.2.5.10.1.1.1.122 s "z" .1.3.6.1.4.1.14179.2.5.10.1.2.1.122 i 5 .1.3.6.1.4.1.14179.2.5.10.1.3.1.122 s "z" .1.3.6.1.4.1.14179.2.5.10.1.4.1.122 s "maybe" .1.3.6.1.4.1.14179.2.5.10.1.4.1.122 s "z1" .1.3.6.1.4.1.14179.2.5.10.1.5.1.122 i 86400
Spot the '.24' OID is always set to integer 4… this asks the WLC to create a new account and the rest of the parameters are to follow.
-Once the new account is created the you must force it to a Guest Account by setting guest option to integer 1.
Example for user 'z' snmpset -c WRITESTRING IPADDRESS .1.3.6.1.4.1.9.9.515.2.3.1.1.2.1.122 i 1
-NB. Minimum time allowed to be set is 6000 = 60 seconds.
-To delete account OID '.24' to integer 6
Example for user 'z' snmpset -c WRITESTRING IPADDRESS .1.3.6.1.4.1.14179.2.5.10.1.24.1.122 i 6

Similar Messages

Guest user creation via API

I think I read somewhere there is an API for creating guest users on a WCS/WLC.
I am looking for a way to intergrating the creation into a intranet page.
Can somebody confirm such API and maybe point to a place to find it?

That is great news.
I ende up sniffing the traffic from the WCS to the WLC with wireshark and saw the reuqiered SNMP OID's for making a guest user.
So I have made a little (ugly) perl script that make a guest user on the WLC, send a email to a sponsor and send a SMS via kannel.
Ugly, but its cover our need for now.
But a API will make life (and the perl script) alot nicer.
Thanks for the info.

Wlc 5508 : guest users to be configured only give access for internal SAP application

Hi,
I have one new requirement with one of the client.
I have wlc 5508 with 6.0 firmware. I need to have one guest wlan which will have access only for internal SAP application.
I have gone through cisco document for internet guest users , where web page will be redirected with user name and password once it is authenticated , we can access internet.
Provided if we have access list configured in wlc ... for internet access only /
what about this mentioned scenario ?
can anybody suggest on the same ?

Hi Vinod,
Go for the ACL on any Router or the switch.. i prefer not on the WLC..
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml
Here is the link as well to do it on the WLC
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807810d1.shtml
Lemme know if this answered ur question..
Regards
Surendra

WLC 2504, guest user life time

                   Hi ,
                    Cant we create a guest user login with more than 30 days lifetime? In the lifetime field we can enter maximum 99 but it only allows up to 30
                        any idea?
                    Thanks.

Hi, no the limit is 30days if the user is created in the WLC.
Info from the user guide = Range: 5 minutes to 30 days
You'd configure a longer lifetime if you use the WCS/NCS.
If you configure 90 days via the WCS/NCS you also see on the WLC 30days but the WCS/NCS will update this unitil the 90days are over.
Kind regards,
Ron

WCS 4.1.91 Guest User creation error

When I try to add a guest user using my LobbyAmbassador operator account, I consistently get an error stating "End date can not be older than start date".
The user is a limited life time, and we are trying to set end time using calendar, setting life to 48 hours basically. Just this week I upgraded to WCS4.1.91 and WLC4400's wo 4.1.185.0.
Thanks in advance for your help.

Hi Darcy,
It looks like you are hitting this bug;
CSCsi79726 Bug
Creating scheduled user - message confusing -end date
Symptom:Cannot create scheduled guest users with the lobby ambassador because of error "the end date cannot be older than the start date"
Conditions:version 4.1.83.0
Workaround:Upgrade to version 4.1.91.0
Further Problem Description:The creation is failing because
of the difference between the server and the client times. Initially user UI's
are populated by considering server times and user selections are evaluated
against client timings. The lifetime calculated is invalid because of
difference between client and the server timings.
It looks like WCS 4.1.91 was supposed to fix this issue, so if it is still happening you should really open a TAC case :(
Hope this helps!
Rob

WCS - Guest User Creation

Hello. I have a question related to the Lobby Ambassador login in WCS and creating user accounts in an environment using a guest Anchor controller. Specifically, if a 'lobby ambassador' is logged into WCS from 2 timezones away (anchor is in same location as WCS) creating a user, they will see the local time of the WCS (for start/stop times), correct? Is there a way to make it present the local time to the lobby ambassador so they don't have to figure out the correct start/stop times for their location?
Hopefully this question makes sense.
Thank you for your time and assistance,
Jeff

Lobby admins created guest users are always in the WCS timezone. If controllers are in another timezone, the lobby admin needs to adjust the time accordingly while creating guest users.

Disabling the unlimited Lifetime option in Cisco WCS Guest User Creation

Is there a way to disable the unlimited Lifetime option in Cisco WCS Guest User Add/Schedule tab.If i make those fields uneditable, it just takes out the option to schedule any meetings in future.Using Cisco WCS version 7.0.220.0.

i'm also searching for an solution to disable the unlimited lifetime button for the Lobby Ambassador.
could it that Cisco introduces this maybe a future release?
couldn't be that there are only few people who are disappointed with this solution.
My Customer is thinking now that cisco isn't the right solution for him.

Lobby Ambassador- Guest User Creation

Hi all,
I am currently implementing the use of the lobby ambassador for guest account creation, however I am looking to see if some features exist. I would like to be able to tie into AD to create lobby ambassador's to have further control of who can and cannot create guest accounts. I am also looking if there is a way to put restrictions on the time frame a guest account can remain active for when created by the lobby ambassador. An example of what I am trying to do is to not have a guest account created by an ambassador to go over a day for it's time frame.
Thanks in advance,
Chris

Yes and yes. From WCS you can pull the role for lobby admin and use that to create the group with the proper attributes.
Then on the WCS you build the template you want them to use. There you can create the restrictions of how long.
Steve
Sent from Cisco Technical Support iPhone App

Lobby Ambassador - WCS Logging of Guest Account Creation

Hello all,
If I am user "admin-ken" and I setup an guest user account "guestuser1" via the WCS controller templates > Guest User (which takes me into lobby ambassador), is there a log file that indicates that "admin-ken" had setup "guestuser1" guest account?
Many thx indeed,
Kind regards,
Ken

HiKen,
Hope all is well :)
Maybe this is what you are looking for;
Logging the Lobby Ambassador Activities
The following activities are logged for each lobby ambassador account:
â¢Lobby ambassador login: WCS logs the authentication operation results for all users.
â¢Guest user creation: When a lobby ambassador creates a guest user account, WCS logs the guest user name.
â¢Guest user deletion: When a lobby ambassador deletes the guest user account, WCS logs the deleted guest user name.
â¢Account updates: WCS logs the details of any updates made to the guest user account. For example, increasing the life time.
Follow these steps to view the lobby ambassador activities.
Note You must have superuser status to open this window.
Step 1 Log into the Navigator or WCS user interface as an administrator.
Step 2 Click Administration > AAA, then click Groups in the left sidebar menu to display the All Groups window.
Step 3 On the All Groups windows, click the Audit Trail icon for the lobby ambassador account you want to view. The Audit Trail window for the lobby ambassador displays.
This window enables you to view a list of lobby ambassador activities over time.
â¢User: User login name
â¢Operation: Type of operation audited
â¢Time: Time operation was audited
â¢Status: Success or failure
Step 4 To clear the audit trail, choose Clear Audit Trail from the Select a command drop-down menu and click GO.
http://www.cisco.com/en/US/docs/wireless/wcs/4.2/configuration/guide/wcsmanag.html#wp1076868
http://www.cisco.com/en/US/docs/wireless/technology/guest_access/technical/reference/4.1/GAccess_41.html#wp1001609
Hope this helps!
Rob

Cisco WLC 5508 with 3702APs - mobile hotspot for 2000 Guest users

Cisco WLC 5508 with 3702APs - mobile hotspot for 2000 Guest users
I've been given a fantastic "opportunity" by my boss to use our existing wireless infrastructure to provide internet access to potentially upto 2000 VIP guests arriving with BYOD devices, in a very densely populated area for a 3 day event. We are talking an area of approx 200m x 15m. Think of it as an awards ceremony/concert. The solution will also be mobile so we will be using internet breakout from different telcos as it will move to approx 20 countries. The area is also incredibly densely populated with other wifi APs. I did a brief site survey and AirMagnet could detect over 2500 other 'rogue' APs from where I was stood! I hope CleanAir works!
We need a simple authentication method for them to connect with zero admin from our side. We don't want to just offer up a rolling daily PSK as that's a bit amateur and we don't really want the VIP guests sharing the PSK with others during their stay. Ideally they could self-provision by providing an email address.
I know the WLC can handle webauth for local users but I don't think it scales very well. ie I don't think I can offer the account to several hundred people.
Cisco ISE looks a very expansive (and expensive) product but I don't think we need all it's capabilities (do I?). It would be nice to just ask a potential user for their email address and grant them access and email them next year. I've seen Cisco NAC but that looks over the top too for just guest users who will only be accessing a shared internet connection.
I've seen 3rd party supposed software solutions from Kiosk Antamedia etc do they work with Cisco Enterprise WLC solutions?
We'd like to limit users to a certain (low) bandwidth and block (say) torrent traffic to keep the general user experience worthwhile.
Does anybody have any case study documents or experience of such a project? As well as the authentication it's how well the APs will handle the dense potential number of clients trying to connect in such a confined space.
Any suggestions would be gratefully appreciated from the knowledgeable community.
Cheers,
Mike

Hi Rasika,
We are having WLC 5508 model with software version running 7.4.121.0. AP Models are AIR-CAP2602I.
Normally our WAN links are good even while the issue pertains. We are connected to remote offices over ipsec site to site vpn for WAN. The link latency in WLC between the AP and the controller shows <1ms.
currently the Guest network is using WPA2-PSK auth given in the controller. we are trying to find a option to make the Guest wireless auth local to the office, and see if this solves the problem.
any suggestions,
Thank you,
Arjun

Guest users in WLC are not logged out after pre defined time.

Hi,
My customer wants to create guest users in wireless lan controller. We were successfully able to create that and it worked . But the problem is that to access the internet the users have to change the "proxy server" settings on the internet explorer. As a result the guest users are not logged out automatically after the pre defined amount of time. We enabled " by pass proxy server " settings in internet explorer also, unfortunately it didnt work too.
If we disable the proxy settings in internet explorer customers were logged out, but the problem is that once the customer log in he will change the proxy settings in internet explorer to browse net but wont get disconnect unless and untill he manually change the proxy settings in the internet explorer.
Is there any other way to solve this issue? Can any one provide any alternative solution if possible.
Regards,
Bibin

Can you explain how your proxy server has anything to do with your wireless access duration?
Does you proxy server have the logic that stops the internet access after a period of time? If so, I assume you turn proxy off in order to web-authenticate? If so, then you just need to tell the browser to not proxy for the virtual IP address of the WLC. You'll never get redirected to the webauth page if you don't send a https request to it (as if, your browser is sending it the IP of your proxy server).

Prime Infra: Add guest user to all WLC's

Hi all,
I have prime infra 2 running, with 2 WLC's v7.4
1 WLC has all the AP's, the other one sits in the same mobility group in case the first one fails (it has no joind AP's when acting as standby).
When I create a guest user in Prime Infra, it only gets created on the WLC with the AP's joined.
So WLC1 has the AP's WLC2 has none -> I create a guest user and it is added to WLC1
I do a failover, WLC1 has no AP's WLC2 has all the AP's, I create a new guest user, it is added only to WLC2
Is there a way that I can add a guest user, and it adds it to the 2 WLC's?
Thanks in advance!

Did you install the application in /Applications? If so, then it's available to all users on that machine and they can add it to their Dock, or you can login to each account and add it to their Dock.
When creating new accounts, the template used is the one you get when you first create an account on a new Mac, and that was specified by Apple.
Mulder
If my answer helped solve your problem, please consider awarding some points. Why Reward Points?
iMac G4 700Mhz Mac OS X (10.3.9)

Guest User SNMP Traps

Hi all,
I run into a confusing behavior. When I use the Lobby Amabassador to add/delete an Guest User with limited life time I get a SNMP Trap (thats what i want) but when I add an Guest User with unlimited life time I never got a SNMP trap, wether the user is added or deletet by the Lobby Ambassador.
I dubble-checked that, with and without Lobby Ambassador Defaults, but I found no reason for that behavior.
Do you have any ideas? Maybe run into the same problem?
Thanks
Best regards
Peter

Hi Peter,
Please flag this as resolved if it answered your question. Future readers of this forum will then be able to benefit from our collective intelligence. Thanks.
Best,
Paul

WLC 2500 and WCCP for Wireless Guest Users

Hi there
I would like to redirect web traffic from WLANs on a Wireless LAN Controller 2500 to a proxy server in a remote site. I'm using ironport proxy server and Cisco 3560 Layer 3 switch. Basically current scenario is:
Wireless Guest Users get authenticated by web-auth through Access Point 3501 HREAP configured. Guest client gets an IP address on VLAN 100 in remote site. Once they connect to VLAN 100, I want all web traffic to be redirected to the proxy server. I know PAC file may be the easier solution however our guest clients want seamless solution for internet. I am not sure whether WCCP is supported for this.
You advice will be highly appreciated.
Regards

For guest wireless traffic redirect to proxy server
https://supportforums.cisco.com/thread/2126486

WCS 6 Guest User bulk creation

I am using the csv import feature to create guest ID's when I add a guest, but when I try to schedule a guest there is no option for importing a file. I would think that scheduling in advance would be more useful if you could do it in bulk. Is there a way to scedule users with a csv file?
Thanks,
Gene

There is currently no way to import via .csv for schedule guest users. You could open a PERS with your account team if it is a business need.

WLC SNMP Guest User Creation

Similar Messages

Maybe you are looking for