I have WLC 5508 which is integrated to ACS 4.2 and MS AD. User Groups are mapped on ACS. Each groups is assigned to a SSID. Now, I want to restrict user of each group to come up with the corresponding SSID. I have 4 x SSIDs & Groups as
I have configured Shared NARs for each Group with CLI as ANY and DNIC as corresponding SSID. For a user, who is a member of single group is authenticated successfully. But if a user is member of multiple groups, I am getting following error.
EAP Type Name
Network Device Group
Users Access Filtered
No Filters activated.
Following are the screenshots of what I have configured on ACS on Shared NAR
I have mapped 2 of the Shared NARs on User's Advanced settings to allow if any of the NARs results in permit.
Following is the group mappings for the domain.
Further, I have also configured NARs on each group for the users who member of only one group. That is working fine. But whenever a user who is member of 2 groups tries to authenticate, I am getting the mentioned error. Looking forward for help.
The user wlan.test01 is getting the right group VIP_AD_GROUP. However, it seems your NAR setting are configured on user and group setup both. You need to disable NAR on the user wlan.test01 by editing the user and unchecking "only allow network access when" the third screen shot shows that settings. Only enable NAR on groups like you have configured in first and second screen shots for VIP and CORP. Disable it on user setup and try again it should work without any issues.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...