Cisco Wireless :: 5508 - Allowing User To Access Internet After Entering Email Address
May 25, 2013
I have 5508 controller in my lab. I am working on a project to set up a public internet but with some condition.
- User should able to connect to the SSID without any authentication.
- Once user will connec to the SSID it should redirect to an external URL which indicates terms and condition and email address field.
- User should enter his/her email address in email addrss filed and click I accept button.
- Once that is done then he/she is allowed to access internet.
We are not sure how can we achive this as I do not know what should be the return value for WLC to allow that user to go through or what should be the settings on the WLC to redirect to the page.
I have seen a settings on web authentication for external URL but I guess it is only for username passwor or Radius authentication. While in this case I do not want to use any authentication just an accept buttor or Decline button and all good to go.
I would like to authorize a friend in my house to access my wifi I was told to go to http://192.1.1 and enter the MAC address of my friend. However on the site I was unable to enter the information into the box - how can I authorize my friend to use my wifi?
Our customer has an ASA5520 Security appliance, I have already config the remote vpn in asa , user can logon via internet by vpn client and can access internal network,customer hope us can make some configuration if the remote user logon asa by vpn and notify them someone login their vpn by email .
Region : Ireland Model : TD-W8960N Hardware Version : V4 Firmware Version : TD-W8960N ISP : Vodafone Ireland
I am having a rather annoying problem. I run a small hotel (just 3 floors) and my modem gives a strong enough signal to provide wireless access to everybody in the house however I'm finding that a lot of people, whilst they can connect to the modem, cannot browse online. Connection just times out when they open their browsers.Recently a guest gave me his laptop and asked me if I could do anything with it. I'm by no means an expert when it comes to this kind of thing so I chanced my arm by putting his MAC address into the CP's Wireless/MAC Filter page. He connected immediately and was able to go online much to my relief.
Thing is, I don't want to have to do this for every guest that comes through my door! Is there any way everybody who has a laptop can connect without me manually entering their MAC addresses? MAC restrict mode is set to 'disabled' but I thought that would allow everybody unrestricted access?
In my Wireless network, I have two appliances WLC 5508 running version 188.8.131.52.I have a WCS running version 184.108.40.206, deployed on a windows 2003 server.I've imported the two WLCs in my WCS in order to centralize the monitoring and the configuration tasks.Now I'm facing an issue when I want to create a guest user from the WCS, rather than creating this user access on each WLC. The creation of the user account is working good, the replication is done on the both WLCs, but on one of my WLC the guest user account is deleted after one hour(around).On the second WLC, the same user account remains during all its life time.In attachment a screen shot of the advanced parameter of the guest user.You can see that the user was created on the both WLC but is only active on one ... and unfortunately the wrong because the AP is associated with the other WLC.
My Netgear wireless router had been working just fine and then inexplicably stopped allowing wireless internet access. My modem is fine. I contacted my internet service provider, and no luck. I unplugged the router's power source and plugged it back it in. Still not working. I switched the power on and off. Nothing. I do not know what to try next.
We have just bought 4 WAP4410N. These units will be handling wireless network at the edge of our network, only allowing for Internet access.We will be creating two SSID's, one for employees and another for guests, with different wireless password rotation policies, intended to be changed automatically by an application using SSH.Is it possible in any way to create another SSH user just for this purpose? I do feel unconfortable using the management user for this (call it paranoia!). The same with having SSH accessible from the wireless end. Any way I can tweak sshd and having it persist between reboots? Also, another issue is that we have the AP's configured for e-mailing the log however we don't receive it. Connectivity and sending has been tested with snmpc on console and everything seems to be OK.
Abruptly internet access disappeared. It's a router issue, none of the computers here can connect. Further, I can't access the router through a browser - 192.168.0.1 results in a "Firefox cannot connect" message. I've tried resetting the DNS to no avail. I'm typing via cell phone and it's annoying, but I'm willing to try about anything.
I just bought the 655, mainly for school/Xbox. My parents use it also, but I bought it for myself mainly (shh). I set it up correctly and got connected, but suddenly I wasn't allowed Internet access. The router connects to my laptop, but won't get Internet access. I called customer service and he didn't know what to do. We tried everything he knew and nothing worked. I don't want to return the router cause I read it was very good, but I need internet for school. I have Rev. A and F/W 2.00.
I'm a college student working on a lab involving a Cisco PIX 501 Firewall.
My project involves 1 computer and a firewall. My goal is to use the firewall to allow access to the internet for that computer which uses a static IP 192.168.1.5 and ONLY for that IP address. The firewall is connected to the internet.
I have the computer hooked up to the firewall with the serial and using hyper terminal to enter commands. I think I need to use access lists in order to deny traffic on those ports for those particular hosts. I can't figure out exactly how I need to set it up.
What I need to do is permit internet access for 192.168.1.5 alone. Any other IP should not be able to access the internet.
access-list 1 permit tcp host 192.168.1.5 any eq 80 access-group 1 in interface inside
I cannot access the internet using the computer with 192.168.1.5. The goal is to be able to access with that IP and no other.
Belkin N450 Router. I want to restrict Internet access completely but allow LAN access to a shared drive for a particular computer on my wireless network. I have gone into the web based set up page and under access controls have enabled and added this computer to the list. I have blocked http, https, ftp and nntp. I don't know if this is enough. The reason I am asking is that I am in Iraq right now and I want to allow my fellow team members access to the wireless for using viber on their iphones but one cat even though he has hardwired internet wants to continuously suck off my wireless for his computer to download stuff since I paid for faster internet. I am trying to do this quietly and still allow him access to the shared drives on the LAN. Sooooo If I block him just outright will he still have access to the drives or do I need to pick and choose like I did above and if I need to pick and choose did I miss anything other then pop3 email and imap?
Installed new N600 router and every box in the house can access the internet - except for my Vista powered laptop. My network shows up as Unidentified network with 'locla only' access. Ben scouring message boards all day. Can't find a solution at Microsoft.
At present I have a WLC5508 as a guest anchor in a DMZ and a web-auth passthrough WLAN configured. There is a custom web bundle providing a terms and conditions page.
We want to start to capture the minimum data from a user that logs onto the guest wireless ( email address ) and would like to use the check email function on the controller - BUT - at the same time move from using the web bundle locally hosted splashpage on the controller to an external web server provided splashpage / walled garden.
From my understanding not sure that this is possible as the email check function is only valid in passthrough I think.
At first I use ACS 4.2 to create static ip address user for remote access VPN,It's easy,just configuration it at user set>Client IP Address Assignment>Assign static IP address,but when I use ACS 5.2 I can't find it.I try to add IPv4 address attribute to user by read "ACS 5.2 user guide" ,it says this: [code] I do this,but it's not work.When I use EasyVPN client to connect ASA 5520,user could through authentication but will not get that static IP address which I configuration on Internal Users.so,what should I do,if anyboby knows how to use ACS 5.2 to create a static ip address user for remote access VPN.
At first I use ACS 4.2 to create static ip address user for remote access VPN,It's easy,just configuration it at user set>Client IP Address Assignment>Assign static IP address,but when I use ACS 5.2 I dont't know how to do it.
I try to add IPv4 address attribute to user by read "ACS 5.2 user guide" ,it says this:
Step 1Add a static IP attribute to internal user attribute dictionary: Step 2Select System Administration > Configuration > Dictionaries > Identity > Internal Users. Step 3Click Create. Step 4Add static IP attribute. Step 5Select Users and Identity Stores > Internal Identity Stores > Users. Step 6Click Create. Step 7Edit the static IP attribute of the user.
I just do it,but it's not work.When I use EasyVPN client to connect ASA 5520,user could success to authentication but will not get the static IP address which I configure on Internal Users,so the tunnel set up failed.I try to Configure a IP pool on ASA for ACS users get IP address,and use EasyVPN client to connect ASA , everything is OK,user authenticate successed.but when I kill IP pool coufigurations and use the "add a static IP address to user "configurations,EzVPN are failed. how to use ACS 5.2 to create a static ip address user for remote access VPN?
From the WAP4410N admin pages or console you can enable e-mail alerts. You have to set the essential TO address and mail server address. Where can I put the FROM address ? From what I can see it uses the hostname value as from address. The hostname in my case is ap02. Then you could try setting a mail address in the hostname field, but thats not allowed.
My network topology consists of 3 directly connected routers where the central router contains sensitive data and i need to block traffic from ENTERING the LAN adjoined to that router. My issue is creating an access list to DENY traffic from entering the network connected to Fa0/1 but ALLOW traffic to exit from that network. I am using one class C network which is subnetted 7 times to provide me with the required LAN's.
I've got a new 5508 wireless lan controller and can ping the ip address of the management interface, but can't access the GUI at the management interface's ip address. I can access the GUI on the service-port interface. No static routes in the controller; trunk appears to be set up correctly.
I am running a 5508 WLC with 10 Access Point. we need to allow Internet Access to Guest. 10MB DSL Internet is dedicated for Guest. This link is terminated on a regular ADSL modem without being part of our network. We want all Guest Internet traffic to reach the ADSL Router. where should I create the Guest VLAN / where the DHCP for Guest users should be created. what is the best practise for similar setup.
Our Network is simple ISP_Reuter-------ASA_Firewall--------------4505------------LAN-switch 2950
ADSL_modem------------ users connect via wireless but restricted to certain area only.
I have a user authentication issue with our WLAN deployment. My issue relates to the guest access WLAN. First a brief descrition of our setup. We have a local WLC in the branch office (5508) with two SSIDs configured, CorpNet for the internal network and GuestNet of external guest access. We also have a WLC (5508) in the DMZ to provide the guest access. We are using Cisco ISE server to authenticate guest users via a web portal.
The authentication process works as it should. An external client gets an IP in the DMZ and is redirected to the web portal to authenticate their account. When they do they are able to access and browse the internet. No problems. My issue is that if we disable their account (ie suspend or delete it) in ISE it does not seem to terminate the users session and they can continue to have internet access. What I would like to happen is that when the account is disabled in ISE then the associated device's access to the internet is removed.
I've got a WLC5508 (220.127.116.11) that is managed by WCS (18.104.22.168). I set up another WLC5508 with the same code and managed by the same WCS. Now I'd like to export all the 800 guest user accounts with the passwords from the old WLC and import them into the new WLC.
I just set up my e2000 on a PC using Windows 7. I am additionally trying to set up additional devices on the network. The two that I am currently working with are:Dell Latitude d240 running Windows XP.HTC Evo smartphone running Android
I can't get these on the network through the e2000. They can access the internet through the e2000 but only as a guest and therefore don't have the same level of security. What do I need to do to successfully put the above devices on the network?
1) I'm using a single subnet eg 192.168.1.0/24 for my wireless clients and i'm assigning them via the DHCP server from the WLC. As the clients are however made up of laptops and scanners, i would like to assign a range from 50-150 for the laptops and 151-250 for the scanners for easier identification. But it seems that from the WLC DHCP menu i'm not able to do this unless i segment them into a different network with different gateways.
2) Is there anyway to change the WLC user accounts password too? I dont seems to be able to find the option unless i delete the account and re-create it with the new password.
how to set WLC 5508 to allow single create web authentication user account to get connected in a same time. i found that i can use the same username and password combo to be login in 2 machine in the same time.
I work at a campus and use the WCS to control access to my network for staff and only internet access for students. The Staff are assigned Username/password thru active directory and the student uses another SSID with only WPA --a password for all. I was tasked with adding more securing for students -- by adding a user/password. I do not want them connecting to my Active Directory for two reason--security risk and I have too many to input (over 1000). So, I wanted to use our internal database to validate users. I create a webpage with "WebAuth" that opens my logon page from my site and validates the login fields against the database. It works and this allows the user to navigate thru my website but not outside the site. If they try an outside url it redirect them to my logon script. I now understand why, so I'm looking for code I can add to my logon page that would allow me to redirect me to the controller's (once users are authenticated by my database) to call the WCS controller so I can enter a preset username/password so the policy management file would allow them access. I presently use "External" and don't know if "Custom" would work. Finding a way in using a database instead of adding one person at a time?
got an old computer to use from a family member and it is not alowing me to connect to the internet. it shows all my wireless connections but wont alow me to connect and use the internet. how do i fix this problem?
I have 2 Cisco 5508 Wireless LAN Controllers.They are NOT connected to a WCS.Is there a way to configure the 5508's to send email notifications when an AP drops off line?Is not is this functionality available with either a WCS or new NCS?
have a Cisco 5508 controller (version 22.214.171.124) that when I enable global multicast mode it will work for an hour or two and then it will kill the network. All internet both wired and wireless, access to server everything dead. I then have to directly connect to the service port and disable the global multicast mode. Then two reasons for enabling it are Docs2Go and LanSchool both require multicast to be enabled. I have it enabled on our wired network and it works OK there. ted.