suppse ohasairi is one account in AD that belongs to AD groups: network-admin and wireless-users
AD netwrk-admin is mapped to ACS network-admin group. this group is configured with NAR to limit access to some network devices
AD wireless-users is mapped to ACS wireless-users that is configured with adequate airespace attributes and ietf attibutes to let it in vlan 80 (wireless vlan)
now if i put network-admin map the first one, then if ohasairi tries to access wireless network it will not succeed because it will be mapped to network-admin group. and this group is not configured with ietf attributes that let the user in vlan 80!
if i put wireless-users map the first one, then if ohasairi tries to access one network device, i am afraid it will be assigned to vlan 80!
As i asked in my previous post - If the Network Admins are allowed access to the Wireless Network than you should be fine.
Have the network-admin group on the top of the mappings. Configure thier group also with the airespace and vlan attributes. Additionally you would have to permit this group to access the WLC incase that was restricted by the NAR.
Since i do not know your enviornment I cannot see if there are any limitations or make any other suggestions.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...