Cisco :: 5508 Manage Domain Accounts Is Unnecessary
Jun 12, 2011
So what we do when we get new laptops, we "prime" it by connecting to the lan via a cable, name the machine and join the domain. This way it automatically gets the certificate and is a domain member. After logging on at least once via a cable, we can then disconnect it and join the wireless network.
During a routine audit, they suggest also using MAC address filtering. I think this is overkill and an administrative nightmare. To manage MAC address filtering on the 5508 and then also manage the domain accounts is unnecessary. Also down the road we want to offer a segregated public hotspot (webauth), and I'm not sure if MAC address filtering would affect that or not.
I've read that MAC address filtering is pretty much useless, because it's so easy to change your mac address even in Windows device manager. I know I was able to do it as a test.
is MAC address filtering worth the hassle to implement and manage? Or is our current layered security approach enough?
I've got a WLC5508 (7.0.116.0) that is managed by WCS (7.0.172.0). I set up another WLC5508 with the same code and managed by the same WCS. Now I'd like to export all the 800 guest user accounts with the passwords from the old WLC and import them into the new WLC.
1) I'm using a single subnet eg 192.168.1.0/24 for my wireless clients and i'm assigning them via the DHCP server from the WLC. As the clients are however made up of laptops and scanners, i would like to assign a range from 50-150 for the laptops and 151-250 for the scanners for easier identification. But it seems that from the WLC DHCP menu i'm not able to do this unless i segment them into a different network with different gateways.
2) Is there anyway to change the WLC user accounts password too? I dont seems to be able to find the option unless i delete the account and re-create it with the new password.
is it possible to manage a air-ap1262n with a controller like wlc 5500 or wlc 2500? the official cisco support could not answer me this question for sure. i have found this old guide to upgrade ap´s to lap´s, but there is hothing about the 1260 in it. [URL]
i am a little bit confused!
the cisco documents tells: "at_a_glance_c45-636090.pdf"
A wireless network with standalone access points offers a low-cost, entry-level solution that does not require a controller. It is ideal for small-scale networks with less than 20 access points, and offers base-level wireless functionality with the flexibility to scale and add services over time by adding a controller.
i'm trying to setup a local DNS server to manage small office local-only domain names for our servers. i have the DNS working properly (resolving local machines and using the ISP dns if it can't). so i put the DNS server ip into the "Static DNS 1" field of the router settings. the other 2 static dns fields are empty.the problem is that the router is still using the ISP dns server as the primary and my local dns server as the secondary. i verify this in two places. first, if i go to the "status" tab, DNS 1 shows the ISP server while DNS 2 shows my local DNS server. secondly, if i connect to the wireless device with a linux-based machine, the /etc/resolv.conf file shows the nameserver ips in the same incorrect order.
I want to install a pair of 5508 to manage the whole wireless solution and I have a few questions regarding deployment, Please refer to the topology. The management and ap manager interfaces are conifgured with the same ip address range and thus the same vlan which is 10.160.254.X/24 also all the APs(1,2,3) in that building have the same IP address range for management which will be manually conifgured. The AP's (4 and 5) on the other building have another range of IP address for management and here is the first question. Will the AP's 4 and 5 join the WLC if I manually configure them to point to it? I know I can group interfaces and use them with the same SSID BUT the WLAN vlan in both sides are different and are separated by a router and hence the next question: Can this be done even if they are separated? and if I can, how is this possible, should I configure a dynamic interface in the WLC with an IP of that network even if it doesn't exists on that side? I'm kind of confused with this.
We have our aggregation layer here composed of two N7K with vPC between them. Every access switch is a N5K. Security policies state that we have to filter unnecessary vlans going through the trunk between N5K and N7K. So we use the 'switchport trunk allowed vlan 10,20,30' command. My question is: Do I have to include the native vlan id on this command?
I've been having this issue for quite some time on my Windows 7 SP3 x64 machine. It's a desktop, connected via ethernet to a TP-Link WR740N router, that also provides wireless coverage. My ISP is a local one (the country is Latvia), and it offers a decent 100 MBps up/down optical fiber internet service. Now for the problem - there is only one home network on my computer, that seems to work, and that is 'Network 2'. Whenever I have to reboot the router for whatever reason, it attempts to reconnect, but sometimes reconnects to a 'Network 3' and once even to a 'Network 4' and 'Network 5'. None of these other networks have internet access. I tried to run the diagnostics tool on the issue, and usually it told me that there's a problem with the default gateway. Additionally, twice I've had the issue of the computer completely freezing when connected to one of the Internet-less networks (eg 'Network 3'), and trying to disable the network adapter, forcing a restart that consequently caused a fail boot - from there on I had to use System Restore to actually get my PC to function.
The way I've been fixing it, apart from random rebooting, reconnecting, and hoping for the best (that it decides it wants 'Network 2'), is by putting in the Resource Mini CD that came with my router, and running the Wizard for the WR740N router. It has 4 steps, the 2nd of which is 'Installing the router' (configuring the network adapter), at which point, my internet starts to work (always connects to 'Network 2'). If, I however, decide to continue this process to the step 'Configure router', and attempt to set up my wireless connection, it will begin to reset itself, and once again connect to 'Network 3', leaving me without internet access.
I can�t seem to login to any accounts on the internet (e.g. mail accounts and such). Other than that I don�t have any real problems, except that my internet connection is considerably slower as well. But I can browse the web as usual�
The problem is that whenever I try to log into any place the screen just freezes and gets �non responding� and so I have to close it down. It doesn�t matter which browser I use, I have the same problem anyhow.
I want to set it up so that when you log into any of the ACS 5.2 servers you have to use your AD credentials to log in and define what access you have. Is this possible? If so, how can this be set up?
I'm using ACS 4.2 and was just wondering if it's possible to add user accounts to it by using snmpset? If so, any documentation on what needs to be done? I have the SNMP running on it and get information from the ACS using snmpget.
Have set up a pair of ACS 5.3 servers and have set up device administration authentication be passed through to an RSA server via RADIUS. All works great.
What we want to do is go a step further and set the system up so that ACS Administrators also have to authenticate to the ACS system by RSA via RADIUS (the same as the Device Authentication we've set up) for ACS administration tasks.
Looking at the options available in the ACS Administration setup (administrator accounts etc) there doesn't seem to be an option to authenticate via another method apart from a local administrator account on the ACS.
I am having trouble accessing my Halifax bank accounts online.I can log in, but I cannot access any of my accounts. I have reported this problem to Halifax they have issued me with instructions to check my set up, but this hasn't worked.
How do I setup remote login that would allow 3 or 4 people to login to the same computer.Each person would have their own Windows User Account name, with different privileges.I don't know what software could do this. The computer being connected to would be Windows 7, and there is no special network equipment besides a consumer router.
Each person would have their own Windows User Account name, with differentprivileges.I don't know what software could do this.The computer being connected to would be Windows 7, and there is no special network equipment besides a consumer router.This is a very small business and keeping costs under control is important
I have the RV220W and we are mainly using PPTP for VPN access. I can not add more than 9 PPTP VPN user acounts. When I go to add a tenth account the interface just hangs and stops responding. I can delete a user and then add another user and this works fine. I can also add other types of VPN users.
I am currently running a guest wireless network using 4404 controllers on the wireless side and a 4402 as an anchor controller, all running 7.0.98.0 and all is working fine. Accounts being created via the WCS lobby admin and applied to the 4402.The question I have is, is there any way of restricting the use of an account to 1 device at a time. I am currently seeing evidence of password sharing and my boss would like to make sure that everyone who use the system has their own credentials.
Can I authenticate users/administrators managing ACS5.3 via GUI and CLI against Microsoft AD. I think I heard it from someone from Cisco when a lot of improvements were introduced in ACS5.3 that I can do it. Doesn't seem to be available still
(WLC 4400) which enables employees to browse to a custom made webpage, where they can create an account for company vistors to access the internet. It's important for the employees not use any login credentials, they arrive on a webpage where they specify the login & password which the vistor will enter to browse the internet. Is there any good link to documention about this topic?
We recently switched from Centennial aircard to Verizon aircard (USB760) for our laptop. We have two user accounts on our windows 7 pc. With Centennial we could switch between user accounts without closing sierra wireless manager but when I switch to another user now, a message comes up saying vzaccess manager running in another account and we cannot use the internet until we have shut it down in the account it is running in - which is a pain. I have tried right clicking vzaccess manager in all programs and it does not have a share option. I also went to properties under vzaccess manager and found a setting to share and set it up but it still will not share
All my gmail accounts open normally to the first page, but the mouse cursor just highlights whatever I hit. It will not open to the relevant messages or any other action.The sign out function works, so I can go to my other accounts, but the same problem persists.It had been working fine for several years.All the accounts are fully functional when I use my ipod or go to another desktop.
How do I setup remote login that would allow 3 or 4 people to login to the same computer. Each person would have their own Windows User Account name, with different privileges.I don't know what software could do this. The computer being connected to would be Windows 7, and there is no special network equipment besides a consumer router.his is a very small business and keeping costs under control is important.
Currently the guest wireless users are maintained by WCS 7.0.172.0. I'm having a project to set up another 5508WLC in one location to replace the WLC in use in different location. My concern is regarding the guest user accounts. Can I use the feature of "Save Guest Accounts on Device" in WCS to save all the guest accounts on another WLC? I tried this feature and I got the message of "Successfully saved Guest users to the following respective controller(s) where they were applied". I don't know if it is because there is currently only one WLC in the WCS or the account can only be saved on the original controller where it was created.
I am in the process of upgrading a client's firewalls from 5520s to 5525-Xs. I have 2 independent firewalls that are merging into a single firewall. Both of the source ones have a TON of user accounts defined for remote user VPN, is there any way to move these user accounts with passwords in tact?? The goal is not to have to tell the 250+ users that they need to reset their passwords at once.
I can not setup a new user, or access wireless networks that show on my laptop had a virus and the shop said they removed it but the network has not worked since it a dell inspiron 1525
Verizon recently sent an e-mail to a friend of mine suggesting that she modify the server settings in her Windows Mail (her OS is Vista -- ugh!) to use SSL. It's an easy change (have to change the POP3 port to 995 and the SMTP port to 465, and choose SSL/TLS for encryption).I know nothing about encryption protocols and what advantages they provide over unencrypted e-mail. For example, earlier this week, she received a hacker e-mail (the infamous "shipping confirmation" that appears to come from Amazon.com, but all the links open "redpouch.com", which immediately tries to upload malware to your computer). She (and I) have no idea how the hacker got her e-mail address -- or those of a dozen other addressees all of whom have the domain "verizon.net".It would appear the hacker got into Verizon's server and stole the addresses. Would using SSL make that impossible to do? If not, what extra security does it provide?
I was looking at an XP system that has 4 user accounts. Two are limited accounts and two are admin accounts. The adapter is a DLINK DWA-125 USB adapter.When logged into one of the admin accounts, internet works fine. When logged into one of the limited accounts, internet works fine.If I switch to either of the other accounts, the adapter can't get an IP address. If I switch back to one of the accounts that works, I get an IP right away.
