Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3061
Views
0
Helpful
2
Replies

Guest account character limitations

Go to solution
Mats Nilson
Level 1
Level 1

‎03-02-2012 03:52 AM - edited ‎07-03-2021 09:42 PM

Hi guys.

Im looking in the behaviour and the guest user account limitations.

In Europe and Nordic countries many people use special characters for thier names etc.

Norway - ÆØÅ; Sweden - ÄÖÅ and so on.

Since these characters are basically the same ascii character I guess this will go wrong when authenticating.

What charater sets are allowed?

Very little is documented about this in config guides etc.

- Can anyone bring some light into this I wold apreciate this.

Sincere Regards

Mats Nilson

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Justin Kurynny
Level 4
Level 4

‎03-03-2012 01:23 AM

Mats,

According to the WLC FAQ, "all the special characters" are supported, but I think this is taken to mean the base ASCII character set and not extended ANSI, Unicode, etc. character sets. As a test, I tried creating usernames with some of the extended characters you put in your post and while the usernames were created and displayed correctly in the database, I was unable to log in with them (login error). (WLC 2504 v.7.0.230.0).

From Cisco's Q&A:

Q. How do I configure a local database on the wireless LAN controller (WLC)? What are the special characters that can be used for the local net user username and passwords?
A. The local user database stores the credentials (username and password) of all the local network users. These credentials are then used to authenticate the users. You can configure local network users either through the GUI or the CLI. You can enter up to 24 alphanumeric characters. All the special characters can be used when you configure username and passwords though CLI, but the single quote character cannot be used when you configure username and password through GUI.

Reference: http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a008064a991.shtml

Here's what shows up in my controller logs during testing. Fail for test user ÄÖÅ, but success for user localUser2 (both using identical passwords without special or extended characters):

*emWeb: Mar 03 00:58:44.484: %PEM-1-WEBAUTHFAIL: pem_api.c:5068 Web
authentication failure for station xx::xx
*emWeb: Mar 03 00:58:44.483: %AAA-5-AAA_AUTH_NETWORK_USER: aaa.c:1170
Authentication failed for network user 'ÄÖÅ'
...
*emWeb: Mar 03 01:00:12.022: %AAA-5-AAA_AUTH_NETWORK_USER: aaa.c:1388
Authentication succeeded for network user 'localUser2'
*emWeb: Mar 03 01:00:12.021: %APF-6-USER_NAME_CREATED: apf_ms.c:5743
Username entry (localUser2) with length (10) created for mobile xx::xx 
*emWeb: Mar 03 00:59:56.927: %AAA-6-DB_ADD_USER: file_db.c:2508 Adding
user 'localUser2' to AAA database.

Justin

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Justin Kurynny
Level 4
Level 4

‎03-03-2012 01:23 AM

Mats,

According to the WLC FAQ, "all the special characters" are supported, but I think this is taken to mean the base ASCII character set and not extended ANSI, Unicode, etc. character sets. As a test, I tried creating usernames with some of the extended characters you put in your post and while the usernames were created and displayed correctly in the database, I was unable to log in with them (login error). (WLC 2504 v.7.0.230.0).

From Cisco's Q&A:

Q. How do I configure a local database on the wireless LAN controller (WLC)? What are the special characters that can be used for the local net user username and passwords?
A. The local user database stores the credentials (username and password) of all the local network users. These credentials are then used to authenticate the users. You can configure local network users either through the GUI or the CLI. You can enter up to 24 alphanumeric characters. All the special characters can be used when you configure username and passwords though CLI, but the single quote character cannot be used when you configure username and password through GUI.

Reference: http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a008064a991.shtml

Here's what shows up in my controller logs during testing. Fail for test user ÄÖÅ, but success for user localUser2 (both using identical passwords without special or extended characters):

*emWeb: Mar 03 00:58:44.484: %PEM-1-WEBAUTHFAIL: pem_api.c:5068 Web
authentication failure for station xx::xx
*emWeb: Mar 03 00:58:44.483: %AAA-5-AAA_AUTH_NETWORK_USER: aaa.c:1170
Authentication failed for network user 'ÄÖÅ'
...
*emWeb: Mar 03 01:00:12.022: %AAA-5-AAA_AUTH_NETWORK_USER: aaa.c:1388
Authentication succeeded for network user 'localUser2'
*emWeb: Mar 03 01:00:12.021: %APF-6-USER_NAME_CREATED: apf_ms.c:5743
Username entry (localUser2) with length (10) created for mobile xx::xx 
*emWeb: Mar 03 00:59:56.927: %AAA-6-DB_ADD_USER: file_db.c:2508 Adding
user 'localUser2' to AAA database.

Justin
0 Helpful

Go to solution
Mats Nilson
Level 1
Level 1
In response to Justin Kurynny

‎03-06-2012 08:20 AM

Thanks Justin for investigating.

I did find that the acual entries in the guest anchors had the US Ascii corresponding values instead of the original letters.

BTW will ISE be able to handle different ascii codes?

It could be a wway forward

BR

Mats

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card