Cisco :: WLC 7.0 - Configure Lobby Admin With ACS 5.1
Jan 23, 2012
How to configure a LobbyAdmin account for WLC 7.0 on a 5.1 ACS? I'm very new to ACS 5. How to configure it.
I've got the ACS policy working that allows me to login to the WLC using a user account with full rights but the Lobby admin account can login with full rights as well. I've tried setting the custome attributes in the shell profiles with role0-mandatory-LobbyAmbassador, task0-Mandatory-Configure Guest User and task1-Mandatory-Lobby Ambassador User Preferences but it still doesn't work.
View 18 Replies
ADVERTISEMENT
May 12, 2011
I was wondering if there is a way to limit the ability of the "lobby admin" account to only be able to give out 24 hour wireless access? The situation is this, we are going to move the roles of guest wireless over to our lobby administrators, but we are afraid they might break policy and give out 30 day wireless access so they dont have to keep renewing guest access each day. We want to limit access to 24 hour "tokens" for all guest unless its a unique situation.
View 2 Replies
View Related
Jan 25, 2012
Any way to create multiple lobby admin account on ACS and each account will have access to only specific WLANs on the WLC?
View 6 Replies
View Related
Apr 15, 2012
Why do need Cisco NAC guest server when we have WLC 5508 already configured. The Guest user access can be given by the WLC itself too. We can create users in WLC also and grant access to the user to access internet for specific time frame. My query is - what is so different in Cisco NGS that it is considered good in terms of Guest users access. What are the advatages of NGS.
View 4 Replies
View Related
Jan 26, 2011
We currently have about 8 WLC 4400 series controllers deployed around the company, one of these controllers is acting as an Achor controller for GUEST wifi access for visitors to the company, as a result of this we have many users with "LobbyAdmin" access to setup users.
We have recently introduced a Cisco WCS to manage these devices but its not fully implemented/active to see all WLC's.I need to be able to report on the LobbyAdmin users to see who is setting up accounts and for who etc. Currently access to the WLC/WCS is done via Local admin accounts. All accounts for the LobbyAdmin people are setup on our anchor controller.
I have added the anchor controller for this to the WCS system but when looking in Administration/AAA/Groups the LobbyAdmin groups shows No Members.Is there a way that i can import the Lobby Admin names from the anchor WLC to the WCS so i can do reports/audit checks on these users?
View 2 Replies
View Related
Feb 14, 2013
I have two 5508 WLCs. Both have APs attached to them. If I create a guest account with the lobby administrator on one, will that user account be able to log in to the network if the client is attached to the ohter WLC? So far, I have found that I need to create the same user on both WLC's, in order to have the user login.
View 2 Replies
View Related
Nov 3, 2012
Here is my Desktop Specs:
Windows XP Svc Pack 3
Mainboard :Asus P5KPL-CM
Network Card :Atheros AR8121/AR8113 PCI-E Ethernet Controller
Current Router - LinkSys BEFSR41 (Hardwired, CATV cable)
Static IP - 192.168.1.100, 255.255.255.0, Gateway 192.168.1.1
Problem: I purchased a new GB router, Dlink DIR825, wireless and 4 ports, and cannot connect to it to set it up. I need to get into it to change its IP address from 192.168.0.1 to 192.168.1.1 and to make a few other changes. I have 6 different ethernet cables, all of which work with my desktop as well as my laptop. I can get into the new Dlink router just fine with my laptop so it is not a bad port on the new Dlink. The cables work with my existing router and my new router using my laptop so it isn't a cable problem.My internet connection is Hughesnet (DISH) which uses the 192.168.0.1 address, the same as the new router. So here is what I have tried:
1. Powered down Hughes router, new router, and old router.
2. Removed cable from Hughes router to old Linksys.
3. Changed static IP on desktop from 192.168.1.100 to 192.168.0.50 and Gateway to 192.168.0.1.
4. Rebooted
5. Connected ethernet cable from desktop to Port 1 on new router.
6. Powered up new router.
7. Brought up Browser and entered the 192.168.0.1. Nothing happens. The Port light on the new switch shows the connection properly and the other lights are on properly, except for the Internet light which I haven't hooked up yet.
The above does not work so I powered down everything and then:
1. Connected the cable from the Hughes internet modem to the Internet port on the new modem.
2. Powered up Hughes modem and waited for all lights to come on.
3. Then powered up new router and waited for all lights to come on. This time the Internet light came on like it should.
4. Powered up my desktop.
5. Brought up Browser and entered the 192.168.0.1. Nothing happens. I expected this since there would be a conflict with the 2 modems having same IP.
Next I tried to basically set my desktop to use DHCP and removed the cable from the Hughes modem to the new router. Powered down everything then brought them up one at a time, Hughes modem, router, and PC. Still not able to connect to the new router.I also used my laptop to set the new router to 192.168.1.1 and reset my static IP to the original 192.168.1.100, 255.255.255.0, Gateway 192.168.1.1. Still nothing and I couldn't even ping the router.
View 7 Replies
View Related
Aug 5, 2012
how to configure ACS 5.2 for device administration of Checkpoint firewalls and security management servers?
View 4 Replies
View Related
Aug 28, 2012
I'm crazy with this version of ACS, it is totally diferent than ACS 4.2, which is familiar for me and seems to difficult to config for me.Although I have red a lot of post about problems with the integration WCS 7.0 and ACS 5.2 using TACACs+ for admin or lobby access to the web portal I can't do login into WCS as Lobby ambassador using ACS 5.2 because always show me the error "User has no usergroups assigned".Steps I followed:
- I create a "shell profile" with the custom attributes of the group "lobby ambassador".
- In default device admin / authorization, I create a rule matching this "shell profile".
I see lot os Hit counts and passed in logs, but the message written previously.In ACS 4.2 I had to create the custom attribute "HTTP" and string "Wireless- WCS" to work with, but now I don't know if it is necessary and I don't know how to do it.
View 5 Replies
View Related
Jul 14, 2012
We've set our WCS up to do AAA through our ACS 5.3 which works great. So in order to log into the WCS for Administration or as a Lobby Ambassador (to create guest users etc) the AAA is all done by the ACS, GREAT!
I have assigned a set of users the Lobby Ambassador role as passed that back through TACACS to the WCS, so those users have their role setup as Lobby Ambassador and are limited from doing anything else, as expected.
What I want to know is: With normal local AAA on the WCS, when you created a Lobby Ambassador account, you could give the account a set of defaults for any guests accounts created by that Lobby Ambassador account, which was good, so Lobby Ambassadors couldn't set up unlimited time accounts and stuff like that.
What I want to know now is that since I'm now doing all the AAA on the ACS, is there an attribute I can pass to the WCS in the Shell Profile, along with the roles etc telling the WCS what the guest user creation defaults for the Lobby Ambassador account is, so that we can continue to limit the defaults of any guest account that the Lobby Ambassador accounts create, as it used to be? We'd really like different lobby ambassadors to be able to do different things as well. i.e., Lobby Ambassador X can only create accounts for one region. Lobby Ambassador Y can create Unlimited time accounts where the others can not. We used to do this by assigning different guest user creation defaults to different lobby ambassador accounts on the WCS.
View 1 Replies
View Related
Jan 16, 2012
I was wondering if the 2504 has the lobby ambassador feature available. Customer requires temp username/passwords for guests managed through web gui. I couldn't find conclusive documentation it was included so I figured I'd check here before calling Cisco.
View 2 Replies
View Related
Sep 23, 2012
Is there a module or way to create a Guest Access Lobby on the ASA 5525? We currenly leverage the WLC to do this for us, but are moving to a routed access enviornment which is causing some issues. We would like to offload the guest access responsibility to the ASA if possible.
View 1 Replies
View Related
Oct 14, 2012
I have installed LMS4.2.2 on Windows 2008 server and am unable to login via the 'admin' username. I get "Invalid Username or Password. Please try again" error message. I can successfully login using Windows AD username and password.
I have reset the password for 'admin' username with the following:
!
nmsroot�inperl.exe resetpasswd.pl admin
Server has been rebooted PRE and POST password reset.
View 2 Replies
View Related
Jun 5, 2011
We created the admin account during the setup and were able to log into the Web GUI, but we can't use this admin to access the CLI by using ssh, always said permission denied.
View 3 Replies
View Related
Nov 12, 2011
Any way to get access to facebook yahoo and gmail on bounded network by admin and also using fortigourd by them.
View 1 Replies
View Related
Oct 30, 2011
I followed this simple procedure to turn my DIR-655 into an access point: url...and it all worked except when I go to url... (which is where I left the router's IP address set) I don't get the DIR-655's admin login GUI, just a timeout. Since my main Linksys router is on 192.168.1.1, and my cable modem is at 192.168.100.1, and the DHCP addresses handed out by the Linksys router is from 192.168.1.100 to 192.168.1.149, getting to 192.168.0.1 should not be a problem. Functionally, the DIR-655 makes a great access point, wired and wireless are working very well, and I don't see any reason why I can't get to the web GUI admin page.I should be able to get to the DIR-655 router via the WAN port, as suggested in the procedure above, but I'd really really like to be able to get to it without having to connect a cable to the DIR-655 WAN port.
View 5 Replies
View Related
Dec 12, 2012
I have a DLink N300 (DIR 615), firmware 9.02NA.I've been trying to log into the "admin" but was only able to once. When I did get it everything was greyed out so I couldn't make any changes.
View 1 Replies
View Related
Jan 6, 2013
i'm having some trouble logging in as admin. I leave the password section blank as directed but it comes up as "incorrect password". I then tried the same using the "User" and it worked just fine but i cant change any of my settings.
View 6 Replies
View Related
Jan 28, 2012
I just bought the Dir-655 with 2.00 firmware. I am having trouble with my NAT on my game system and I have tried everything but I have everything setup on my router where it needs to be. I read somewhere, where a guy was having my same trouble and he upgraded his firmware to 2.03na. I have tried with no success whatsoever.
Downloading the file from the d-link website with no problems. But i keep getting the same message when i try to upgrade the router saying the file may be corrupt, the router is to busy, or I am not logged in as an Admin. I am the only one using the internet and I am logged into my router as the admin. it wont even start uploading the firmware to my router..
View 9 Replies
View Related
Jul 25, 2012
I am attempting to configure Radius for use with a Cisco router for the first time. I have read a few tutorials online for setting up administrative access to the router using active directory accounts. On the surface this doesnt seem to over complicated. My question is: Is it possible to have one Cisco IOS router set up with radius authentication for administrative access AND have the same router set up for VPN clients who will be authenticated via the same Radius server? The router I am using is a Cisco ISR 2911 and the IOS version is "Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.1(4)M2".
View 1 Replies
View Related
Oct 20, 2011
Just purchased a RV082 and once I switched a bunch of users over to it I can no longer access the web admin section. I have tried using both IE and Firefox and have used multiple workstations. I get to the login screen but it doesn't get any further. I am running the latest firmware v4.0.4.2-tm. It works for a while then just stops. The only fix is to turn off the device and back on and then it starts working again.
I've seen this issue on other small business cisco devices and had to stop using this because of this issue and switch to a higher grade cisco product but was hoping that this particular issue would have been resolved now across cisco's products.
View 7 Replies
View Related
Jul 7, 2011
I want to set it up so that when you log into any of the ACS 5.2 servers you have to use your AD credentials to log in and define what access you have. Is this possible? If so, how can this be set up?
View 1 Replies
View Related
Feb 27, 2011
I am trying to configure ACS 5.1 to authenticate SSL VPNs on an ASA5500 and aslo to provide admin access to the ASA5500 both via radius.I want to authenticate the VPN against a SeureID appliance and the admin login against a different database (using internal for testing but will use LDAP in the end).I cant seem to get the ACS to distinguish between the two authentication types. If I create a rule that says match protocol radius I can point that at either database but if I try saying match radius and service type 5 it doesnt match the VPN and falls through to the default authentication service. I have also tried matching service type 6 for admin and that doesnt seem to work either.In the end what I want to acheive is to authenticate teh ASA5500 VPN against the SecureID appliance and then admin access to all devices on teh newtork (a mixture of Cisco, F5 and Juniper) to active directory via LDAP where if the user is a member of the "admin" group they get access.I was intending to use specific devices for the ASA5500s (there aretwo) and then creat a device group based on IP address range for everything else.
View 4 Replies
View Related
Mar 11, 2013
No connection via IE of any flavour
Chrome shows Error 113 (net::ERR_SSL_VERSION_OR_CIPHER_MISMATCH): Unknown error
I have 30 machines here, none of which have a serial port.
View 1 Replies
View Related
Jan 6, 2011
I just purchased a WAP4410N A V02 and am unable to logon using the default credentials (admin/admin). Using the default IP, 192.168.1.245, I can get to the login page, I simply cannont log in.power reset the WAPheld the reset button for 30 seconds while powered on then power reset the WAPheld the reset button on for 30 seconds while powered on, powered off the WAP for 30 seconds then powered the WAP back ontried using admin and blank as the usernametried using admin, password and blank for the password All without success.
View 1 Replies
View Related
Jun 2, 2013
Trying to setup Three networks all with different IP ranges.I assume I can create a new VLAN and associate that VLAN with one of the four available ports.
Port 1 can have 192.168.1.1 - 254, Port 2 can have 192.168.2.1 - 254 and Port 3 can have 10.0.1.1 - 254.
But the Admin guide I just downloaded is NOT for 10.0.4.10. It shows Networking > LAN > VLAN Configuration.My screens show Networking > LAN > VLAN Membership.
So I am not sure how to make Port 2 associate with VLAN98 ( I created VLAN98 and 99 for the other two networks). There is a membership table that you can Tag or untag for each of the four ports - is that it ?
View 2 Replies
View Related
Apr 23, 2012
Do you know if it's possible to use ACS 5.x in such manner that the admin users (so not the end users, but the administrator users of ACS) are authenticated against and external database, like Active Directory?
View 2 Replies
View Related
Sep 4, 2011
Our main ASA5510 is set up to failover to a second 5510, and is using the management port for that purpose. All of the other LAN ports are in use.
Currently we can manage the ASA using ASDM5.2 from and device on the LAN.
We are now going through PCI Compliance, and one of the vunerability scans has picked up the fact that the firewall appears to accept connections on SSL v2. However, if I try to set SSL to use v3 or TLS v1 only (as we don't use webVPN), I get a message that I will no longer be able to use ASDM to manage the firewall as changing to SSL v3 will 'prevent ASDM from establishing a secure connection with the ASA'
So does this mean that the ASA does use / accept SSL v2? The help files say that it will accept 'hellos' in v2 but will then try to negotiate to SSLv3 or TLS v1. It doesn't give more details about what happens next, but I would have assumed that if it can't negotiate to one of the later protocols it will drop the connection - is this correct? If that's the case I may be able to get PCI to accept it.
However, if this is not acceptiable and I have to switch to SSL v3, what options do I now have of administering the ASA through a GUI?
View 1 Replies
View Related
Jun 12, 2012
brand new RV042 client (tried MacOS and Win7 on two laptops) will get IP from DHCP and shows correct IPs for gateway etc. - however entering the IP 192.168.1.1 to access web admin does not work (tried current versions of Firefox, safari and Firefox); browser is not offline router was reset to factory setting (by pressing reset for over 30sec) ping on IP above works
hardware broken?
View 3 Replies
View Related
Nov 11, 2012
Let's suppose I'm connected to a network whose admin asked in a friendly way not to download anything but certain things he specified.He never came to my machine or setup any kind of client to it. The question now is, is there any chance he knows what I download???Does he know the name and the extension of the file I download if I use Utorrent and magnet links?
View 2 Replies
View Related
May 30, 2012
I was trying to get into my router to give it a reboot yesterday, but was unable to get into the console. I used the username/password I've used for over a year (it was also auto saved) but it would not let me in. I went through all the steps to do a hard reset/restore default settings and it wouldn't let me. I had to access the boot loader to reload firmware, and that worked out just fine.
Now, I still cannot get access to the administration console with the default username (blank) and password (admin). I've tried moving my PC to ports 1-4 and none work.
I was about to give up on the router but I tried connecting from my iPhone and everything works just fine. I was even able to change my SSID and WPA key again.
Would this be a hardware issue, or could there be something in Windows 7 that's affecting it? I have disabled the windows firewall and AVG and still can't get any access from either Firefox or IE.
A couple of times I was able to get onto the first page of the console through IE, but if i tried clicking anything else it would ask for the username/password again and not connect. Now it won't even let me in once.
View 6 Replies
View Related
Jul 3, 2012
Moved into a new place, set up a connection. Server provider gives only one mac address, they set it on my router. They say that it should be working, make a restart and that's it. I did that but still no connection. Moreover, I cannot connect through the router at all and therefore cannot access router admin page to configure it either. Now what to do? Password for the router is correct. Even when I take down all the security, still I cannot connect.To be more specific, at first I could enter the router admin page, but since I didn't know how to configure it properly, I made some mistake. I think I choose setting "configure wireless network" and changed something there. After that I cannot access the admin page or connect through the router.
View 1 Replies
View Related
Jul 20, 2012
I have lost my router wordpass admin.
View 1 Replies
View Related
