Cisco Wireless :: 5508 - Export Guest User Accounts To New WLC
Dec 19, 2012
I've got a WLC5508 (7.0.116.0) that is managed by WCS (7.0.172.0). I set up another WLC5508 with the same code and managed by the same WCS. Now I'd like to export all the 800 guest user accounts with the passwords from the old WLC and import them into the new WLC.
(WLC 4400) which enables employees to browse to a custom made webpage, where they can create an account for company vistors to access the internet. It's important for the employees not use any login credentials, they arrive on a webpage where they specify the login & password which the vistor will enter to browse the internet. Is there any good link to documention about this topic?
1) I'm using a single subnet eg 192.168.1.0/24 for my wireless clients and i'm assigning them via the DHCP server from the WLC. As the clients are however made up of laptops and scanners, i would like to assign a range from 50-150 for the laptops and 151-250 for the scanners for easier identification. But it seems that from the WLC DHCP menu i'm not able to do this unless i segment them into a different network with different gateways.
2) Is there anyway to change the WLC user accounts password too? I dont seems to be able to find the option unless i delete the account and re-create it with the new password.
In my Wireless network, I have two appliances WLC 5508 running version 7.0.116.0.I have a WCS running version 7.0.172.0, deployed on a windows 2003 server.I've imported the two WLCs in my WCS in order to centralize the monitoring and the configuration tasks.Now I'm facing an issue when I want to create a guest user from the WCS, rather than creating this user access on each WLC. The creation of the user account is working good, the replication is done on the both WLCs, but on one of my WLC the guest user account is deleted after one hour(around).On the second WLC, the same user account remains during all its life time.In attachment a screen shot of the advanced parameter of the guest user.You can see that the user was created on the both WLC but is only active on one ... and unfortunately the wrong because the AP is associated with the other WLC.
When a guest user first trys to access the "guest" WLAN, they are presented with a "certificate page" before the web athentication page / login is presented. The WLC forces an internal redirect to https://1.1.1.1 causing the certificate page to appear. Can this be bypassed? I am runiing 5508 with 7.0.220.0.
I am running a guest wireless network on a Cisco 5508 WLC with 6.0.202.0 code. My syslog is filling up with the following error message:
WLC: *May 15 12:32:59.244: %AAA-3-VALIDATE_GUEST_SESSION_FAILED: file_db.c:3968 Guest user session validation failed for guest_user10. Index provided is out of range..
The user that is assigned to the guest_user10 account works fine and has no idea this error is occurring.
This error message is occuring exactly every 15 minutes 24x7.
I believe I have a rogue user who has setup a device to try and login to the guest network automatically, every 15 minutes with the guest_user10 credentials. I need to track this device down. I need a way to find either the MAC or IP address of the device that is causing this error message. I have tried turning on AAA debugging on the controller but I dont get anything more than the above error. I have also tried using WCS to look at the client history but it only show the normal activity.
I am currently running a guest wireless network using 4404 controllers on the wireless side and a 4402 as an anchor controller, all running 7.0.98.0 and all is working fine. Accounts being created via the WCS lobby admin and applied to the 4402.The question I have is, is there any way of restricting the use of an account to 1 device at a time. I am currently seeing evidence of password sharing and my boss would like to make sure that everyone who use the system has their own credentials.
Currently the guest wireless users are maintained by WCS 7.0.172.0. I'm having a project to set up another 5508WLC in one location to replace the WLC in use in different location. My concern is regarding the guest user accounts. Can I use the feature of "Save Guest Accounts on Device" in WCS to save all the guest accounts on another WLC? I tried this feature and I got the message of "Successfully saved Guest users to the following respective controller(s) where they were applied". I don't know if it is because there is currently only one WLC in the WCS or the account can only be saved on the original controller where it was created.
I can not setup a new user, or access wireless networks that show on my laptop had a virus and the shop said they removed it but the network has not worked since it a dell inspiron 1525
How can I limit bandwidth speed of guest accounts? Or are there free softwares available to do something like that? It's kinda like the hotspot softwares - where we can set hourly, daily, monthly allowances and see a report on their connectivity.
We are planning to setup a new WLAN using Cisco 2504 WLAN Controller and 1142N Access Point.Is it possible to create individual user accounts for the users those who all are connecting to this WLAN Network by using the 2504 WLAN Controller ?
How to export Air Quality reports from a 5508? I'm pretty sure I have read that we can not look back in time at the Air Quality report from the WLC, but can from NCS. If NCS was in the picture, can the Air Qaulity Report somehow be exported?
I've seen a discussion about importing mac addresses into the mac filter db on a cisco controller but is there a way to export the mac filter db? I have a Cisco 5508.
How do I setup remote login that would allow 3 or 4 people to login to the same computer.Each person would have their own Windows User Account name, with different privileges.I don't know what software could do this. The computer being connected to would be Windows 7, and there is no special network equipment besides a consumer router.
Each person would have their own Windows User Account name, with differentprivileges.I don't know what software could do this.The computer being connected to would be Windows 7, and there is no special network equipment besides a consumer router.This is a very small business and keeping costs under control is important
We recently switched from Centennial aircard to Verizon aircard (USB760) for our laptop. We have two user accounts on our windows 7 pc. With Centennial we could switch between user accounts without closing sierra wireless manager but when I switch to another user now, a message comes up saying vzaccess manager running in another account and we cannot use the internet until we have shut it down in the account it is running in - which is a pain. I have tried right clicking vzaccess manager in all programs and it does not have a share option. I also went to properties under vzaccess manager and found a setting to share and set it up but it still will not share
How do I setup remote login that would allow 3 or 4 people to login to the same computer. Each person would have their own Windows User Account name, with different privileges.I don't know what software could do this. The computer being connected to would be Windows 7, and there is no special network equipment besides a consumer router.his is a very small business and keeping costs under control is important.
I have the RV220W and we are mainly using PPTP for VPN access. I can not add more than 9 PPTP VPN user acounts. When I go to add a tenth account the interface just hangs and stops responding. I can delete a user and then add another user and this works fine. I can also add other types of VPN users.
I want to export the ACS local user's records.Then import to other ACS5.3 server.But the export file not the user's password record.I cannot import it well....
I am in the process of upgrading a client's firewalls from 5520s to 5525-Xs. I have 2 independent firewalls that are merging into a single firewall. Both of the source ones have a TON of user accounts defined for remote user VPN, is there any way to move these user accounts with passwords in tact?? The goal is not to have to tell the 250+ users that they need to reset their passwords at once.
I was looking at an XP system that has 4 user accounts. Two are limited accounts and two are admin accounts. The adapter is a DLINK DWA-125 USB adapter.When logged into one of the admin accounts, internet works fine. When logged into one of the limited accounts, internet works fine.If I switch to either of the other accounts, the adapter can't get an IP address. If I switch back to one of the accounts that works, I get an IP right away.
So what we do when we get new laptops, we "prime" it by connecting to the lan via a cable, name the machine and join the domain. This way it automatically gets the certificate and is a domain member. After logging on at least once via a cable, we can then disconnect it and join the wireless network.
During a routine audit, they suggest also using MAC address filtering. I think this is overkill and an administrative nightmare. To manage MAC address filtering on the 5508 and then also manage the domain accounts is unnecessary. Also down the road we want to offer a segregated public hotspot (webauth), and I'm not sure if MAC address filtering would affect that or not.
I've read that MAC address filtering is pretty much useless, because it's so easy to change your mac address even in Windows device manager. I know I was able to do it as a test.
is MAC address filtering worth the hassle to implement and manage? Or is our current layered security approach enough?
I´m wondering if it`s possible to export the defualt web auth portal(web login page) via tftp to a computer from the Cisco WLC 5508 and then modify it and then import that customized portal to the WLC 5508?
The design is typical Cisco unified wireless solution. In such a implementation, is the traffic from the guest user who has successfully authenticated via WEB-AUTH encrypted? If so, what is the standard used, AES128 or TKIP?
E2000 has the guest account feature. Not sure if all guests shares the same login credentials. I would like to have guests account use seperate logins. Is this feature available? Another thing, I read the manual and it is indicated that only up to 10 maximum guest acccounts is allowed. I am looking for more than 10 - kinda like a hotspot software.
I've been looking everywhere. I've seen hotspot system, ddwrt, chillspot, etc. But it's complicated as firmware needed to be flashed.
I want to prevent guest from doing peer - peer communication on my Guest (5508) controllers. Is this a feature on the WLC or only by applying an ACL on the router interface?
Is it possible to provide wireless guest access over the WAN from another office via the WLC. I have WLC 5508 in a central office and have other remote offices that have one Access Point in each office that are autonomous; I will be converting these to LWAPP. Is it possible to route guest traffic back to the WLC then forward this traffic out to the internet? How would I route this traffic out as well? install a secondary WLC in the DMZ and use anchor points. I only have one WLC
, I have a requirement by a customer that they will want to monitor the guest wireless access. Currently, we are proposing a Cisco Wireless Controller 5508 together with APs and the setup would be a dedicated VLAN for guest. I am wondering if Cisco ISE together with Cisco MSE would be sufficient?
Stuff to monitor and log are:
1. Guest username (I guess this would be self sponsored) 2. Company name 3. Websites accessed 4. Time, date and duration. 5. Logs are to be kept for 3 months at least.
I'm looking to implement guest WiFi access with web authentication on one of our 5508 WLC (currently deployed within a sandbox environment), but looking for some assistance. The WLC currently has a single connection from port 1 to the 'Test Site 2' switch. This is a dot1q trunk. On the WLC, the interface (for port 1) is configured as follows: [code] Currently, I have one WLAN configured with the profile name 'Guest Test 1', it's enabled and broadcasting the SSID. Security is L3 only with web authentication configured. The WLAN is configured to use the interface names "guest_wifi".
The issue is that when a client connects to the WLAN, it receives an IP address okay (10.99.254.x address), but doesn't seem to be able to contact the WLC to get the web authentication page. Eventually, the WLC terminates the connection due to an authentication failure.does it sound like I'm taking the correct approach here? The idea is that clients connect to the guest WLAN, which puts them on VLAN 99 and routes traffic through to the ASA and then onto the internet.