how to set WLC 5508 to allow single create web authentication user account to get connected in a same time. i found that i can use the same username and password combo to be login in 2 machine in the same time.
View 4 RepliesI have setup ACS 5.2 in my lab and have it completely funcation with Downloadable ACLs, Dynamic VLANs and the identity store on the backend is Active Directory. I need it to lock a user account in AD if there are to many auth attempts. I have gone into AD and set a max login attempts to 3 but if I continue to fail authentication (on purpose) using radius auth, it never locks out my AD account? I am using the Anyconnect 3.0 with NAM as the supplicant installed on my workstation. I have also configured the switchport that I am connect to with the following commands. I tried the dot1x max-reauth-req 3 command and that didn't really do anything for me either. What am I missing here?
switchport mode access ip access-group 10 in authentication event fail action authorize vlan 40 authentication event no-response action authorize vlan 40 authentication host-mode multi-host authentication priority dot1x mab authentication port-control auto authentication timer reauthenticate 10 authentication timer inactivity 20 authentication violation protect mab dot1x pae authenticator dot1x timeout quiet-period 5 dot1x timeout tx-period 5 dot1x max-req 3 spanning-tree portfast
I have a laptop with 2 user account (one for me - administrator and the other for my eleven year old son). Connection is wireless. Until a few months ago everything was working fine and then the problems started: my son could no longer connect on the internet with Explorer and Google Chrome but I managed to connect it via Firefox. And it worked until yesterday. As of yesterday he can no longer connect to the internet even with Firefox. I tried again as an administrator to reinstall Google Chrome, but the icon is shown only on my user account. I took a completely new browser - Opera, but fails to connect. When I go to Diagnose & Repair connection problems - shows no problems. On my account everything is working properly. OS is Windows Vista Home Premium
View 2 Replies View RelatedI working with guest accounts on a WLC 5508.if there is possibilty to print out the account information directly from the controller. If possible how to print out this accounts ?
View 3 Replies View RelatedWe currently have ACS 5.4 and Cisco WLC 5508's deployed. We have wireless lobby admin accounts that can login and successfully create and modify guest wireless accounts. What we are trying to do, however, is give the lobby admins the ability to create wireless accounts with lifetimes longer than 30 days. Currently our setup will only allow the creation of permanent accounts (by entering all 0's in the lifetime fields) or accounts that last up to thirty days.
View 4 Replies View RelatedI have a WLAN with 5 1200 Series AP (A/G) configured for Fast Roaming using the Cisco supplied documentation. Can I use one user name for all of my devices to connect to the Internal Radius Server? This would be similar to having a passphrase for WPA.
View 3 Replies View RelatedI have two 5508 WLCs. Both have APs attached to them. If I create a guest account with the lobby administrator on one, will that user account be able to log in to the network if the client is attached to the ohter WLC? So far, I have found that I need to create the same user on both WLC's, in order to have the user login.
View 2 Replies View Relatedhow many unsucessful attempts a user has to access the LMS application prior to the account being locked? Is this configurable?
View 3 Replies View Relatedwhy datacard isn't connecting of my laptop in guest account?
View 1 Replies View Relatedi have cisco ACS 5.2 and want to create user account for technician, with only certain commands.
View 3 Replies View RelatedHow to restrict internet particular user account in pc
View 1 Replies View RelatedI have an ACS 5.2 server integrated with Active directory . Now i need to create an internal user account to login to some radisu devices using internal user database .I have near about 600 users all are authenticating through AD .
View 3 Replies View Relatedhow to limit bandwidth only for user account in window 7...My PC has 2 account ..one is admin and other is user ..i need to limit the bandwidth only for user account ,do I need a software for this.
View 3 Replies View RelatedWhile I was at school there was a system in place where by you had to enter a user name and password to access the internet. Every student had a data limit like 3GB per month for example. I remember it had something to do with a proxy. I would like to recreate this system on my office LAN as some staff members have been downloading a lot slowing down the (very expensive) Internet connection. Limiting each users data will discourage large downloads.
View 1 Replies View RelatedI am just wondering if it is possible to have two user accounts in Cisco RV042 V3 (Firmware: v4.1.1.01-sp (Dec 6 2011 20:03:18). User accounts to mean that one user can access the router with an administrative level access can do all the changes and management of the router's configurations and settings while another user can only do viewing of the system summary tab and connect and manage the simple configuration to connection to the ISP in both WANs, like setting up the connection type and release/renew the ip address for dynamic ip assigned by the ISP DHCP server.
View 1 Replies View RelatedWe had a power outage that kicked off our server and our network switch (2008R2, Cisco2960), before we could get it back up, a user was able to log into his laptop.
The user used the domain login - not the local machine account - he obviously wasn't able to access any shared resources, but how did he log in with a domain account, when the server and switch were both off?
I am setting up a Cisco 5508 wireless controller and was looking for some feedback or assistance. Basically I already have my guest SSID configured and functioning. Created an interface group containing my vlans and applied the created ACL "Guest Policy - internet only", which is also working.I want to setup a second SSID called "staffstudent" and use RADIUS for authentication. I have already created two separate network policies on the radius server: staff and student. Each only allows certain user groups. I want to be able to differentiate on the controller side which profile they are logging in on and then apply the correct ACL. I have two currently configured: one for staff and one for student. It appears to me that since you have to apply the ACL at the interface level I cannot use both since my interface is accepting both staff and students. Is there a way I can filter them using RADIUS so that when they login RADIUS can return a "student" value and then apply the correct ACL? Same for staff?
View 2 Replies View RelatedWe are installing a set of 5508 controllers at one site in Tennessee. At another divisional site we have another controller that covers that division.
Both sites utilize the same DNS structure and would like to use the DNS entry CISCO- CAPWAP- CONTROLLER entry for bringing new AP onto the controllers at their sites, how would we go about configuring this?
I have a WLC 2106 and 1242AG.it's a hotspot configuration.So in WLC, under controller tab, i have set my ap-manager ip, my management ip, my virtual ip (1.1.1.1) and my hotspot network range ip.I set also a DHCP range for the hotspot network.
In Wlans tab, i set my hotspot wlan, with no layer 2 security and for layer 3, i set none for layer 3 security and i use web policy authentication.I use local authentication and i created under security menu, under AAA tab, 3 local net users.
From pc number 1, i get ip from dhcp, and i have authentication web page, authentication is ok and i can surf on web.From pc number2, when user 1 from pc 1 is connected, i get ip from dhcp but i have not the authentication web page, i have not DNS resolution.when i try https:1.1.1.1/login.html, i have no answer.
And when user 1 is de-authenticated, the user 2 can surf on web.So only one user can surf at the same time. not good for a Hotspot.
I would like to create a additional user vpn on a 55010 where the user authenticates with the firewall and not the radius server.This user should NOT be able to log on to the firewall, but only be able to authenticates with the vpn client.I'm correct that the command "username abc123 password abc234 privilege 0" ?Also for this remote vpn how to I make sure the user only authencates with this password?
View 3 Replies View RelatedWe have installed ACS 4.1 as authentication server for wireless SSID. Need to create list of ACS user expired on specific date.Is it possible to create report in ACS 4.1 as per user account expiry date?
View 3 Replies View RelatedWe have some older Honeywell Dolphin 7900 Series Handhelds that have issues with wireless communication. Very unreliable communication. One recommendation from Honeywell is to disable the G standard and only allow B. Basically have a WLAN that is solely b radio enabled. I see that their are options to go B/G only or A only, but no options in the radio policy to go B only.
We are using WCS 7.0.240 and the controller is a WLC 5508 running the same code revision.
Is this doable on a single WLAN while leaving G available on other WLAN's?
I would like to be able to have a few "guest" users on the Wireless network for visitors. Is there any method to have a prompt for "Username / password"? I would like the user accounts to have different expiry periods if this is possible. My current config is attached. The SSID "test" appears on the network. The SSID "test111" does not appear.
View 1 Replies View RelatedI have a situation where a user needs more than one office extend AP in his home. My office extend controller is a 5508 running 7.0.220.0. Are there any issues NATing multiple OE APs to a single address? My initial lab results indicate that each of the AP's associate with the controller and establish a DTLS tunnel. I see the SSIDs get pushed to the AP and then it seems to restart the process never being fully operational. Is there a workaround that will allow me to run mutliple OE APs?
View 12 Replies View RelatedI have a customer who has 2 NCS servers; 1 residing at their corporate site and the other residing at their local site. They have a WLC2504 controller at the local site. They would like to connect both ncs servers to to the local WLC. Is it possible to connect 2 ncs servers to a single controller? Can WLC configuration databases on two different NCSs be the same? How can you prevent 1 NCS from overwritting the other?
View 5 Replies View RelatedE2000 has the guest account feature. Not sure if all guests shares the same login credentials. I would like to have guests account use seperate logins. Is this feature available? Another thing, I read the manual and it is indicated that only up to 10 maximum guest acccounts is allowed. I am looking for more than 10 - kinda like a hotspot software.
I've been looking everywhere. I've seen hotspot system, ddwrt, chillspot, etc. But it's complicated as firmware needed to be flashed.
How many wireless clients can connect to a single WAP321 Access Point?
View 2 Replies View RelatedI tried searching through the threads but didn't see anything on this. Recently bought the E4200 so that when guests come by they can use a separate network instead of mine. I have guest network set up for one user but I am able to connect more than one computer to the guest network.
View 9 Replies View RelatedFound you on Google and prays that the regulars here will take pity on a former Juniper admin. I've got a brand new shop to handle that is all Cisco including CUCM 8.x and I have zero Call Manager experience. How to enable international calling for a single user
[code]...
brief flow/steps for making sure a user can dial international? I figured it was as easy as making sure their DN CSS had the ability to do so, but apparently not.
I am having an issue with the user VPNs. For users connected via the AnyConnect VPN client, all of their Internet traffic goes out their local Internet connection, since I am using split tunneling. However, I need a specific public IP address to go through the VPN tunnel and out the DIA at the main office, rather than the user's local internet connection. I managed to have this IP address go through the tunnel to the ASA at the main office, but it appears that it gets blocked somewhere there, or maybe the return traffic gets blocked. I am using an ASA 5520 at the main office, with software version 8.3.
View 3 Replies View RelatedActually not randomly. It's normally after weekly reboots. This causes the Great Plains DB to be locked to 1 person, so other people get errors.
Sometimes I can just unrestrict access, other times it's grayed out and I have to drop the DB and restart the services to take it out of single user mode.
SQL 2k3.
I have a user authentication issue with our WLAN deployment. My issue relates to the guest access WLAN. First a brief descrition of our setup. We have a local WLC in the branch office (5508) with two SSIDs configured, CorpNet for the internal network and GuestNet of external guest access. We also have a WLC (5508) in the DMZ to provide the guest access. We are using Cisco ISE server to authenticate guest users via a web portal.
The authentication process works as it should. An external client gets an IP in the DMZ and is redirected to the web portal to authenticate their account. When they do they are able to access and browse the internet. No problems. My issue is that if we disable their account (ie suspend or delete it) in ISE it does not seem to terminate the users session and they can continue to have internet access. What I would like to happen is that when the account is disabled in ISE then the associated device's access to the internet is removed.
We've recently boughten new equipment to upgrade/replace some of our aging wireless hardware. We're moving to a pair of 5508 controllers and changing over to ACS 5.4. Currently we're just doing MAC filtering with ACS 4.2 and local users. I'd like to move most of our SSIDs to some type of AD authentication. Are there any all encompassing guides that layout the design behind that? So far I haven't had much luck finding one!
Also, would it be possible to maintain some of the local ACS users/MAC filtering? We have some mechanical equipment that connects to our network (separate SSID) but cannot join a domain.