Cisco :: 4402 WLC - Restrict Lobby Admin
May 12, 2011
I was wondering if there is a way to limit the ability of the "lobby admin" account to only be able to give out 24 hour wireless access? The situation is this, we are going to move the roles of guest wireless over to our lobby administrators, but we are afraid they might break policy and give out 30 day wireless access so they dont have to keep renewing guest access each day. We want to limit access to 24 hour "tokens" for all guest unless its a unique situation.
View 2 Replies
ADVERTISEMENT
Jan 23, 2012
How to configure a LobbyAdmin account for WLC 7.0 on a 5.1 ACS? I'm very new to ACS 5. How to configure it.
I've got the ACS policy working that allows me to login to the WLC using a user account with full rights but the Lobby admin account can login with full rights as well. I've tried setting the custome attributes in the shell profiles with role0-mandatory-LobbyAmbassador, task0-Mandatory-Configure Guest User and task1-Mandatory-Lobby Ambassador User Preferences but it still doesn't work.
View 18 Replies
View Related
Jan 25, 2012
Any way to create multiple lobby admin account on ACS and each account will have access to only specific WLANs on the WLC?
View 6 Replies
View Related
Apr 15, 2012
Why do need Cisco NAC guest server when we have WLC 5508 already configured. The Guest user access can be given by the WLC itself too. We can create users in WLC also and grant access to the user to access internet for specific time frame. My query is - what is so different in Cisco NGS that it is considered good in terms of Guest users access. What are the advatages of NGS.
View 4 Replies
View Related
Jan 26, 2011
We currently have about 8 WLC 4400 series controllers deployed around the company, one of these controllers is acting as an Achor controller for GUEST wifi access for visitors to the company, as a result of this we have many users with "LobbyAdmin" access to setup users.
We have recently introduced a Cisco WCS to manage these devices but its not fully implemented/active to see all WLC's.I need to be able to report on the LobbyAdmin users to see who is setting up accounts and for who etc. Currently access to the WLC/WCS is done via Local admin accounts. All accounts for the LobbyAdmin people are setup on our anchor controller.
I have added the anchor controller for this to the WCS system but when looking in Administration/AAA/Groups the LobbyAdmin groups shows No Members.Is there a way that i can import the Lobby Admin names from the anchor WLC to the WCS so i can do reports/audit checks on these users?
View 2 Replies
View Related
Feb 14, 2013
I have two 5508 WLCs. Both have APs attached to them. If I create a guest account with the lobby administrator on one, will that user account be able to log in to the network if the client is attached to the ohter WLC? So far, I have found that I need to create the same user on both WLC's, in order to have the user login.
View 2 Replies
View Related
Aug 28, 2012
I'm crazy with this version of ACS, it is totally diferent than ACS 4.2, which is familiar for me and seems to difficult to config for me.Although I have red a lot of post about problems with the integration WCS 7.0 and ACS 5.2 using TACACs+ for admin or lobby access to the web portal I can't do login into WCS as Lobby ambassador using ACS 5.2 because always show me the error "User has no usergroups assigned".Steps I followed:
- I create a "shell profile" with the custom attributes of the group "lobby ambassador".
- In default device admin / authorization, I create a rule matching this "shell profile".
I see lot os Hit counts and passed in logs, but the message written previously.In ACS 4.2 I had to create the custom attribute "HTTP" and string "Wireless- WCS" to work with, but now I don't know if it is necessary and I don't know how to do it.
View 5 Replies
View Related
Jul 14, 2012
We've set our WCS up to do AAA through our ACS 5.3 which works great. So in order to log into the WCS for Administration or as a Lobby Ambassador (to create guest users etc) the AAA is all done by the ACS, GREAT!
I have assigned a set of users the Lobby Ambassador role as passed that back through TACACS to the WCS, so those users have their role setup as Lobby Ambassador and are limited from doing anything else, as expected.
What I want to know is: With normal local AAA on the WCS, when you created a Lobby Ambassador account, you could give the account a set of defaults for any guests accounts created by that Lobby Ambassador account, which was good, so Lobby Ambassadors couldn't set up unlimited time accounts and stuff like that.
What I want to know now is that since I'm now doing all the AAA on the ACS, is there an attribute I can pass to the WCS in the Shell Profile, along with the roles etc telling the WCS what the guest user creation defaults for the Lobby Ambassador account is, so that we can continue to limit the defaults of any guest account that the Lobby Ambassador accounts create, as it used to be? We'd really like different lobby ambassadors to be able to do different things as well. i.e., Lobby Ambassador X can only create accounts for one region. Lobby Ambassador Y can create Unlimited time accounts where the others can not. We used to do this by assigning different guest user creation defaults to different lobby ambassador accounts on the WCS.
View 1 Replies
View Related
Jan 16, 2012
I was wondering if the 2504 has the lobby ambassador feature available. Customer requires temp username/passwords for guests managed through web gui. I couldn't find conclusive documentation it was included so I figured I'd check here before calling Cisco.
View 2 Replies
View Related
Sep 23, 2012
Is there a module or way to create a Guest Access Lobby on the ASA 5525? We currenly leverage the WLC to do this for us, but are moving to a routed access enviornment which is causing some issues. We would like to offload the guest access responsibility to the ASA if possible.
View 1 Replies
View Related
Sep 1, 2012
Does LMS 4.1 support some way of restricting access to its web GUI to specific IP list?
View 2 Replies
View Related
Nov 16, 2011
i am having an office so i dont want people to browse during working hours from 8to4.
View 1 Replies
View Related
Mar 6, 2011
In our neighborhood we have about 10 residents on a LAN controlled by 1 resident. For connection I have a LAN modem which connects wirelessly to an aerial at resident 1. I have 2 computers one with Win 7 Ultimate and one with XP SP3. Thinking incorrectly that I was setting up a home network, in trying to get my 2 PC's to talk to one another I have permissions set up for everyone on both machines. However I have discovered that now all 10 residents can see my 2 PC's. While I can see both PC's from either machine, in trying to change the "Everyone" to restrict access to the names of each of the 2 pcs only, I can only see users and Administrator on that particular machine only and cannot add a user/name of the other PC. How can I stop the other residents from seeing my machine but allow me to see either of my machines from one another?
View 5 Replies
View Related
Apr 23, 2011
. In our neighborhood we have about 10 residents on a LAN controlled by 1 resident. For connection I have a LAN modem which connects wirelessly to an aerial at resident 1. I have 2 computers one with Win 7 Ultimate and one with XP SP3. Thinking incorrectly that I was setting up a home network, in trying to get my 2 PC's to talk to one another I have permissions set up for everyone on both machines. However I have discovered that now all 10 residents can see my 2 PC's. While I can see both PC's from either machine, in trying to change the "Everyone" to restrict access to the names of each of the 2 pcs only, I can only see users and Administrator on that particular machine only and cannot add a user/name of the other PC.
View 2 Replies
View Related
May 13, 2013
I have joined my ACS box to the domain and can auth users in active directory groups. I thought about this somewhat and would prefer to only use AD users in ACS groups. Is this possible, I can only seem to do local users in local groups and AD users in AD groups.Many people have access to AD so I don't want anyone to be able to move users in and out of AD groups and get access to equipment.
View 5 Replies
View Related
Feb 26, 2011
To restrict the drive c
View 1 Replies
View Related
Feb 17, 2011
is it possible for me to do this on our Windows 2003 network with XP and Windows 7 clients?
View 2 Replies
View Related
Nov 18, 2011
i have DSL router in my home using wifi by it... it is on sharing by DHCP mode. and my question is how to restrict bandwidth to other users? like full access to one use and 50-60 kbps to another user?
View 1 Replies
View Related
Oct 20, 2012
is it possible to restrict the Remote Access VPN to ASA based on the Source Public IP , if so how ?
here I am not talking about the VPN-Filter under group-policy . I Want to restrict the access from specified source IP ( Public IP)
View 1 Replies
View Related
Sep 13, 2011
Client: CISCO VPN Client
VPN server: Cisco Concentrator 3020 OS v 4.7
I want to get away from configuring split tunneling for security reasons. With Split tunneling and I am able to specify to which subnets the clients have access to. I do it defining "Network Lists"
When I modify the group and select "tunnel everything" under "client config" tab, the users then can access all subnets in the LAN. When I select this option the "Split tunneling network list" is grayed out
End goal is to make all traffic go thru the tunnel but be able to resctrict access to speficic subnets.
View 1 Replies
View Related
Dec 13, 2012
Is it possible to deny VPN access to specific AD accounts?
Currently setup with 5520, LDAP authentication for VPN users.
View 3 Replies
View Related
Feb 1, 2012
I'm paying for a 50 mbs connection. So what should I expect to have as a general connection speed? I know it changes depending on where you are and where your downloading from etc. But I have this old killxenos nic that might be restricting my download speed? Im getting about 3mbs. Ive gotta be able to get more then that right? Like don't tell me I'm paying for 50 but I only get 3.
View 5 Replies
View Related
Jan 9, 2011
How to restrict my Router by putting in a Pass word so my neighbours could be stopped using my highspeed internet and thus makinit weaker for my household.
View 3 Replies
View Related
May 28, 2011
got myself the Netgear internal PCI wifi adapter today & it works just fine on my Windows XP SP3 desktop.
The only problem I have is the question of restricting access to kids @ home. If it was an external USB adapter, I could have just taken it away but the concern is the device being an internal & always available one. The user configuration on the PC is such that there is 1 main administrator (The actual windows "administrator" account) that no one uses. Apart from that,
- 1 user with admin privileges (me)
- 1 limited account for the kid
- 1 admin privilege account for the kid again (for purposes like installation of games which require an admin account as mandatory)
I would like for the wifi PCI card to work only when I login to my account. There must be someway by which I could disable the device or make the internet inaccesible in the other accounts,, (but pls bear that 1 of the account that the kid uses also has admin privilege)
I tried disabling the device from control panel but in vain.. (tried something like the sys admins do in corporates ..) disabling the usb ports on the PC's in my office..!
View 14 Replies
View Related
Feb 28, 2012
sir i have my router and i want to restrict it to my personal pc.
View 3 Replies
View Related
Jul 10, 2011
i am using the home network in here all system have a internet but i am want only one system using the internet in hole network How i am change
View 2 Replies
View Related
Jul 31, 2012
We're planning to ope a coffee house for teens at my church. We want the internet to be accessible to them but want to restrict what sites they can access so homework, games, etc. can be accessed but not the stuff rated for violent, rrisky behaviors.
View 1 Replies
View Related
Sep 29, 2012
How to restrict inernet access in wire lan. There is 10 nos. system are connected with lan. For lan connection we are using D-link ethernet switch.
View 1 Replies
View Related
Mar 2, 2012
How to restrict internet particular user account in pc
View 1 Replies
View Related
Aug 30, 2011
Have a new DIR-825 setup at home for coverage to another part of the house. I want to completely restrict clients using this WAP from accessing a couple internal IP's (that I use for work-related things). Restriction meaning filesharing, ping, RDP, etc - everything. Can this be done on the router side?
View 3 Replies
View Related
Oct 12, 2011
We will be opening a shop with a number of computers available to the public connected to the Web via one ISP with fixed IP using a RV220W router.
We wish to restrict web access to our company's web site only, say 'OurCompany.com'; how can we code this in the router?
View 4 Replies
View Related
Jul 5, 2011
I would like to restrict Internet traffic (HTTP & HTTPS) for Inside Users with an ASA 5505. I would like to setup a proxy-like system where a User/Password must be entered before the User can actually browse the web.
I know that this can be done with an additional RADIUS/TACACS+ Server. Is this also possible without any external AAA Server, so with User/PW stored on the ASA locally only?
View 1 Replies
View Related
Apr 15, 2013
We have purchased an RV110W and I need to restrict internet access to the entire internet with the exception of 4 websites that are required for employees to do their jobs. I need to do this on 3 specific machines, not the entire network. I have looked at the internet access and schedule management pages of the router and just can seem to figure out how to do this.
View 8 Replies
View Related
