I was wondering if the 2504 has the lobby ambassador feature available. Customer requires temp username/passwords for guests managed through web gui. I couldn't find conclusive documentation it was included so I figured I'd check here before calling Cisco.
View 2 RepliesI'm crazy with this version of ACS, it is totally diferent than ACS 4.2, which is familiar for me and seems to difficult to config for me.Although I have red a lot of post about problems with the integration WCS 7.0 and ACS 5.2 using TACACs+ for admin or lobby access to the web portal I can't do login into WCS as Lobby ambassador using ACS 5.2 because always show me the error "User has no usergroups assigned".Steps I followed:
- I create a "shell profile" with the custom attributes of the group "lobby ambassador".
- In default device admin / authorization, I create a rule matching this "shell profile".
I see lot os Hit counts and passed in logs, but the message written previously.In ACS 4.2 I had to create the custom attribute "HTTP" and string "Wireless- WCS" to work with, but now I don't know if it is necessary and I don't know how to do it.
We've set our WCS up to do AAA through our ACS 5.3 which works great. So in order to log into the WCS for Administration or as a Lobby Ambassador (to create guest users etc) the AAA is all done by the ACS, GREAT!
I have assigned a set of users the Lobby Ambassador role as passed that back through TACACS to the WCS, so those users have their role setup as Lobby Ambassador and are limited from doing anything else, as expected.
What I want to know is: With normal local AAA on the WCS, when you created a Lobby Ambassador account, you could give the account a set of defaults for any guests accounts created by that Lobby Ambassador account, which was good, so Lobby Ambassadors couldn't set up unlimited time accounts and stuff like that.
What I want to know now is that since I'm now doing all the AAA on the ACS, is there an attribute I can pass to the WCS in the Shell Profile, along with the roles etc telling the WCS what the guest user creation defaults for the Lobby Ambassador account is, so that we can continue to limit the defaults of any guest account that the Lobby Ambassador accounts create, as it used to be? We'd really like different lobby ambassadors to be able to do different things as well. i.e., Lobby Ambassador X can only create accounts for one region. Lobby Ambassador Y can create Unlimited time accounts where the others can not. We used to do this by assigning different guest user creation defaults to different lobby ambassador accounts on the WCS.
I have two 5508 WLCs. Both have APs attached to them. If I create a guest account with the lobby administrator on one, will that user account be able to log in to the network if the client is attached to the ohter WLC? So far, I have found that I need to create the same user on both WLC's, in order to have the user login.
View 2 Replies View RelatedHow to configure a LobbyAdmin account for WLC 7.0 on a 5.1 ACS? I'm very new to ACS 5. How to configure it.
I've got the ACS policy working that allows me to login to the WLC using a user account with full rights but the Lobby admin account can login with full rights as well. I've tried setting the custome attributes in the shell profiles with role0-mandatory-LobbyAmbassador, task0-Mandatory-Configure Guest User and task1-Mandatory-Lobby Ambassador User Preferences but it still doesn't work.
I was wondering if there is a way to limit the ability of the "lobby admin" account to only be able to give out 24 hour wireless access? The situation is this, we are going to move the roles of guest wireless over to our lobby administrators, but we are afraid they might break policy and give out 30 day wireless access so they dont have to keep renewing guest access each day. We want to limit access to 24 hour "tokens" for all guest unless its a unique situation.
View 2 Replies View RelatedAny way to create multiple lobby admin account on ACS and each account will have access to only specific WLANs on the WLC?
View 6 Replies View RelatedWhy do need Cisco NAC guest server when we have WLC 5508 already configured. The Guest user access can be given by the WLC itself too. We can create users in WLC also and grant access to the user to access internet for specific time frame. My query is - what is so different in Cisco NGS that it is considered good in terms of Guest users access. What are the advatages of NGS.
View 4 Replies View RelatedIs there a module or way to create a Guest Access Lobby on the ASA 5525? We currenly leverage the WLC to do this for us, but are moving to a routed access enviornment which is causing some issues. We would like to offload the guest access responsibility to the ASA if possible.
View 1 Replies View RelatedWe currently have about 8 WLC 4400 series controllers deployed around the company, one of these controllers is acting as an Achor controller for GUEST wifi access for visitors to the company, as a result of this we have many users with "LobbyAdmin" access to setup users.
We have recently introduced a Cisco WCS to manage these devices but its not fully implemented/active to see all WLC's.I need to be able to report on the LobbyAdmin users to see who is setting up accounts and for who etc. Currently access to the WLC/WCS is done via Local admin accounts. All accounts for the LobbyAdmin people are setup on our anchor controller.
I have added the anchor controller for this to the WCS system but when looking in Administration/AAA/Groups the LobbyAdmin groups shows No Members.Is there a way that i can import the Lobby Admin names from the anchor WLC to the WCS so i can do reports/audit checks on these users?
Why a 2504 Poe? If it can not be used for AP.
View 10 Replies View RelatedI'm planning to upgrade our WLC 2504 from 7.2.111.3 to 7.4.100.0 but the cisco site says "WLC Version 7.4.100.0 will need Prime Infrastructure Version 1.3 to be managed, Version 1.3 is not yet available to download at this point of time" Is it something about NCS? we have only 1 cisco WLC 2504 and 6 1142APs.. Also let me know is it possible to go directly from 7.2 to 7.4 ?
View 8 Replies View Relatedwhat is the maximum number of APs supported on Cisco 2504 WLC?According to the Data Sheet it is 75:
[URL]
But according to the config guide it is 50:
[URL]
I believe the correct number is 50, but I just want to be sure.Is this a software limitation?
I've problem with a WLC 2504. Some Clients like phones and Thin Clients get an IP 0.0.0.0.Software Version is 7.0.235.0. Test with a Laptop seams to be OK. Some printers also got an 0.0.0.0.Around 30% are not OK. also had the log: Impersonation of AP with Base Radio MAC 00:yy:yy:yy:yy:yyusing source address of 00:xx:xx:xx:xx:xx has been detected by the AP with MAC Address: 00:yy:yy:yy:yy:yy on its 802.11b/g radio whose slot ID is 0 The problem is, I cannot go to 7.2 version because I have 2 x AP 1231 and 2 x 1242 AP's.1231 AP's are not anymore supported in 7.2 Version.
View 14 Replies View RelatedI have two WLC 2504 controllers. These controllers are for two different buildings. But they share a VLAN, and network address range. How can I control the access points to the register selected only at a specific controller.
Example:
AP 1 -> WLC 1
AP 2 -> WLC 2
AP 3 -> WLC 1
Since the buildings also broadcast in different SSID. The two controllers are in a mobility group.
If we update our ios on WLC do we have to add the certificate for AP's again or we don't need to do that.
View 4 Replies View RelatedSome time ago I updated a WLC, model 2504, from version 7.3 to 7.4.100.0. I also update the FUS (Field Upgrade Software) to the latest release, 1.8.0.0. Now I need to downgrade the WLC back to 7.3 version.
My doubt is: Can I just take the normal processes and downgrade the WLC back to 7.3, even with the FUS in version 1.8.0.0?
I'm new in installing WIFI, I have WLC 2504 using 7.4.100.0. I have AP 1600 (AIR-CAP1602E-E-K9)
I installed the WLC and AP in a cisco poe switch, wlc and ap are in the same subnet and can ping ap from WLC, but the AP cannot join the wlc. i have this error message
(Cisco Controller) >show ap join stats detailed 00:06:f6:d6:03:f0
Sync phase statistics
- Time at sync request received............................ Not applicable
- Time at sync completed................................... Not applicable
I currently have a single 2504 Controller managing 50 AP's. I am adding a Second 2504 AP Controller with 15 Lic to manage an additional 10 AP's. My current 2504 has each port configured for my four subnets that and it is managing AP's in 4 buildings. Should I configure the new 2504 the same way so that it can see all four sites? All so if the main 2504 goes down can the second 2504 take over even thou we will be out of lic?
View 7 Replies View RelatedI have a problem in join my ap1130ag in my wlc 2504 i activate dhcp internel (172.19.1.50 ----> 172.19.1.60) in wlc and this wlc affected address for ap1130ag (172.19.1.51) wlc and ap1130ag is connected with switch 2960 (port 17,18) this port the switche is configured in trunk mod allowed all vlan then my wlc not detected ap1130ag?
View 4 Replies View RelatedI've got a 1524 ap and it wont join my 2540 WLC. The messages I see in the WLC is RADIUS authorization is pending for the AP. I've added the MAC address of the ap under AP Policies using MIC. I dont have a radius server either so not sure how to tackle this one.When I run debug capwap events enale under the wlc I see the following messages:Discarding discovery request in LWAPP from AP supporting CAPWAP.
View 35 Replies View RelatedWe have a 2504 on version 7.2.103.0 and 15 of the 1131 AG's.In short we cannot get the access points to register against the WLC, they seem to be caught up in a boot loop. They are seen on the WLC with a status of downloading, then once they have downloaded (Seen via CLI) I get an error message things I can confirm are The Country code is set to GB All ports are in Native VLAN Access points are ETSI type. It stops and restarts at syslog output DTLS-3-BAD-RECORD: Erroneous record recieved from x.x.x.x: Duplicate (replayed) record.
View 26 Replies View RelatedCan a 2504 WLC on a remote site provide guest access on one SSID, drop taht out locally on that site and provide corporate access on a second WLC that it then tunnls to a 5508 at the main corporate site ?
View 4 Replies View Relatedupgrade on the wireless controller 2504 from 7.0 to 7.4 is direct upgrade.My customer faced problem by upgrading the software 7.0 to 7.4 directly and the image hang.how should proceed recover the image 7.4/
View 7 Replies View RelatedI would like to get it clarified, that Cisco WLC 2504 running the code ( 7.2.110.0 ) does support IPv6 or not ?
From Cisco Documents they are asking to enable IPv6 support under WLAN > Edit Page, and Enabling mulicast on Ethernet Multicast Mode under Controller > General.
But from the GUI am not able to find the above two field, Even in Interface i created under Controller > interface is not accepting IPv6 address. I am able to configure IPv6 ACL .
Is any deployment document is available to show different scenarios with configuration.
Note - Am using Access point AIR-LAP1262N-N-k9
Currently I am using WLC 2504 with Software version 7.0.220.0. I am having some issues with Windows 8 clients they can't connect and I read on couple of review that wlc needs upgrade software.
I checked and latest versin is 7.4. Can I go to this version directly or I have to jump step by step.
I am trying to TFTP an image to a Cisco 2504 WLC. The management interface is 10.1.1.1 /24 and I have my PC connected to a port on the WLC with the IP address 10.1.1.10. However, I still do not have connectivity between the PC and WLC.
View 3 Replies View RelatedI am about to deploy a load of Aironet LWAPs into my organization. I've configured the WLC 2504 and have a couple of the APs working at our main site. I just needed to plug them in, and they worked perfectly, straight out the box. But I just want to know the following:
1 - will the same apply if I connect an AP at a remote site? Remote sites are on different subnets and connected via IPSEC. Will the remote APs just find the WLC?
2 - is there anything I need to set up especially on the WLC in order to make this work?
3 - what happens if the IPSEC connection drops?
My customer is seeing these Errors coming up on one of his 2504 WLC's (ver7.3) The MAC's and IP addresses Mentioned seem to be completely fictitious as the customers IP plan is way off these subnets and the vendor lookup tool cant resolve the MAC addresses.I can confirm that there is no conflict.I've seen them appear on other 2504's across his network on seperate occasions.
View 4 Replies View RelatedI have a 2504 WLC and 1042 ap's. Everything worked great in my test enviroment (of course). Now when I want to deploy the wireless, the ap's are not getting and ip for the windows dhcp server.
I have option 43 configured in dhcp, sub option 241>ip address of the controller
I have my A record in dns, cisco-capwap-controller.
*Mar 1 00:03:17.050: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does not have an Ip !!
Not in Bound state.
*Mar 1 00:03:27.050: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does not have an Ip !!
*Mar 1 00:03:27.054: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.
*Mar 1 00:03:37.054: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does not have an Ip !!
*Mar 1 00:03:47.054: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does not have an Ip !!
*Mar 1 00:03:57.054: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does not have an Ip !!
*Mar 1 00:04:07.054: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does not have an Ip !!
Not in Bound state.
We have a WLC 2504, since a few months, it was working fine, we have a guest Wlan configure with web authentication and the DHCP scope for this in the WLC. The problem today is that its no redirecting the web browser to 1.1.1.1, we try it with 3 laptops and they recieve a correct IP from the DHCP but still can not get redirect to the web authentication portal. Have the default configuration Internal (Default).
In laptops we check the firewall, dont have a proxy activate and have google DNS.. 4.2.2.2 8.8.8.8. In fact this laptops connected to this ssid before.
Can I set up a guest wifi connection on my Cisco WLC 2504 if I already have WLANs set up inside my corporate network? I want to use port 4 and connect it directly to my ISP so that it is outside of the corporate network. I set up an interface with a valid IP from the ISP and created a "Contractor" WLAN to use that interface.
View 6 Replies View RelatedI am trying to configure WLC 2504 with the following setup:
- three WLAN SSIDs
- management/ap-manager interface on VLAN 10
- guest WLAN on dynamic interface VLAN 20
- main WLAN on dynamic interface VLAN 30
- WLAN for tablet and smartphone devices VLAN 40
At this point switch trunking is configured and three WLANs are mapped to three dynamic different interfaces. I can see all associated APs (which are on the same subnet as management interface on VLAN 10), and can ping each of the APs as well as gateways on L3 switch Catalyst 3750-x. Also, on the WLC interface I see that all WLANs are enabled and SSIDs are set to broadcast, all AP radio is in 'up' mode. DHCPs are configured on management interface and on all dynamic interfaces. L3 switch gateways all have ip helper-address pointing to main DHCP. 'sh vlan' and 'sh int trunk' commands on the connected switches show correct settings.
However, I see absolutely no any SSIDs to connect to on any PC or Mac computer I tested.