WLC SNMP Guest User Creation

Unanswered Question
Dec 11th, 2007

I have a system that I'm trying to tie into WLC (4.1 / 4.2) for wireless guest access. I would like to make it so that when someone creates an account in a registration system I can do a snmpset command to create the person an account on the WLC for wireless access. I have found the OID (.1.3.6.1.4.1.14179.2.5.10.1.1) but am unsure as to how to actually create an entry. Does anyone happen to have an example they can send my way as to how to create a guest user using snmp?


Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (2 ratings)
Loading.
bhhanson Thu, 02/11/2010 - 18:40

ever solve this? hoping not to have to reinvent it.


addendum..  Figured it out.  Not that difficult.

you have the right base OID.

just set the values:


first translate the username to numberic as this becomes the tail of the OID form is . numberchars.letter1.letter2.letter3..... (these are decimal values of the ASCII characters).


then for OIDs:


.1.3.6.1.4.1.14179.2.5.10.1.24. set it to 4 (create and go)

then ... .10.1.2. set it to the wlan

then .10.1.3. to the password

then .10.1.4. to the description if desired

then .10.1.5. to the session timeout if desired- if zero it will be a permanent guest account


=

yeah the OID's could change, but thinking the product has stable now and it is less likely they would mess with them.


I started to implement this by having it dynamically generate this for a user as they logged on.  Not sure I wil go with it tho as I'm not sure I even want users to have passwords.. we just want to record their names and know they agree to the terms.


probably going to use a general username/password on the system (perhaps with a changing password).


Brad

Okay so i honesty I got a lot of help from Brad Hanson on this, but to summarise....




-In Local Users are stored in the WLC.


-Once created the timer starts to tick, regards if the user is logged on or not.


-The Local Users can be listed by polling the OID positions:


.1.3.6.1.4.1.14179.2.5.10.1.1 (username)

.1.3.6.1.4.1.14179.2.5.10.1.2 (WLAN)

.1.3.6.1.4.1.14179.2.5.10.1.3 (password)

.1.3.6.1.4.1.14179.2.5.10.1.4 (description)

.1.3.6.1.4.1.14179.2.5.10.1.5 (time left)  (100's of seconds)


Example command: snmpwalk -c READSTRING -C c IPADDRESS  1.3.6.1.4.1.14179.2.5.10.1


-The OID positions are unique by extending the OID using the ASCII value of the username specified and the number of characters in that user name

Example User 'Test' is 4 characters long and made up of ASCII 84 = T, 101 = e, 115 = s, 116 = t.

Therefore 'time left' for Test would be OID + ID = .1.3.6.1.4.1.14179.2.5.10.1.5.4.84.101.115.116


-When making a new account remotely user must construct the users name out of ASCII, count the number of characters and in a single SNMP commands set the first five parameters of the new account.

Example. Makes an account called 'z'.

snmpset -c WRITESTRING IPADDRESS .1.3.6.1.4.1.14179.2.5.10.1.24.1.122 i 4  .1.3.6.1.4.1.14179.2.5.10.1.1.1.122  s "z"  .1.3.6.1.4.1.14179.2.5.10.1.2.1.122 i 5 .1.3.6.1.4.1.14179.2.5.10.1.3.1.122 s "z"  .1.3.6.1.4.1.14179.2.5.10.1.4.1.122 s "maybe" .1.3.6.1.4.1.14179.2.5.10.1.4.1.122 s  "z1" .1.3.6.1.4.1.14179.2.5.10.1.5.1.122 i 86400


Spot the '.24' OID is always set to integer 4… this asks the WLC to create a new account and the rest of the parameters are to follow.


-Once the new account is created the you must force it to a Guest Account by setting guest option to integer 1.

Example for user 'z'  snmpset -c WRITESTRING IPADDRESS .1.3.6.1.4.1.9.9.515.2.3.1.1.2.1.122 i 1


-NB. Minimum time allowed to be set is 6000 = 60 seconds.


-To delete account OID '.24' to integer 6

Example for user 'z' snmpset -c WRITESTRING IPADDRESS  .1.3.6.1.4.1.14179.2.5.10.1.24.1.122 i 6

mlitka Tue, 01/18/2011 - 13:48

Nice work!  I used this and it worked perfectly.  Thanks for the explanation and info.  Makes scripting this password change a lot easier..

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode