We have a scenario where we are Using AP 350's and ACS 3.0. ACS is using an external Windows 2000 database for authentication of the users. For the moment any user that exists in the Windows 2000 user database can log on to the network both via the Wired and the Wireless Lan. What we are hoping to do is restrict the ability to logon over the Wireless Lan to a certain group of users. So basically we want to create a "Wireless User Group" on the ACS and assign only the users that should be able to log on to the network via the WLAN to that group. Users not in this group should only be allowed to log on via the Wired Lan. Is this possible and if so, how do you set it up?
If you're using an external Windows 2000 database, then users will only appear in the CSACS users' list after they have logged on for the first time. You could use the "dial-in permissions" flag within Win2k user properties (and also configure CSACS to recognise it) to differentiate between wired and wireless users. Another possibility could be to set up an NT group for wireless users and map these onto a specific CSACS group, then apply Network Access Restrictions so that only members of that group will be authenticated on the APs. Non-wireless users would need to mapped to a group where authentication on the APs is not permitted. The solution will depend on the type and number of other NASes you have configured with CSACS and how you want your users to access them.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...