How it Works
Cisco Systems
Loading...
OL-9141-03
User Manual
18 pgs639.77 Kb0
User Manual
8 pgs203.63 Kb0
Table of contents
Loading...

Cisco Systems OL-9141-03 User Manual

CHA PTER
9
Managing User Accounts
This chapter explains how to create and manage guest user accounts, describes the web authentication process, and provides instructions for customizing the web authentication login window. It contains these sections:
Creating Guest User Accounts, page 9-2
Web Authentication Process, page 9-7
Choosing the Web Authentication Login Window, page 9-9
OL-9141-03
Cisco Wireless LAN Controller Configuration Guide
9-1

Creating Guest User Accounts

Creating Guest User Accounts
The controller can provide guest user access on WLANs. The first step in creating guest user accounts is to create a lobby administrator account, also known as a lobby ambassador account. Once this account has been created, a lobby ambassador can create and manage guest user accounts on the controller. The lobby ambassador has limited configuration privileges and access only to the web pages used to manage the guest accounts.
The lobby ambassador can specify the amount of time that the guest user accounts remain active. After the specified time elapses, the guest user accounts expire automatically.
The local user database is limited to a maximum of 2048 entries and is set to a default value of 512 entries (on the Security > General page). This database is shared by local management users (including lobby ambassadors), net users (including guest users), MAC filter entries, and disabled clients. Together these cannot exceed the configured database size.

Creating a Lobby Ambassador Account

You can create a lobby ambassador account on the controller through either the GUI or the CLI.
Chapter 9 Managing User Accounts

Using the GUI to Create a Lobby Ambassador Account

Follow these steps to create a lobby ambassador account using the controller GUI.
Step 1 Click Management > Local Management Users to access the Local Management Users page (see
Figure 9-1).
Figure 9-1 Local Management Users Page
9-2
Cisco Wireless LAN Controller Configuration Guide
OL-9141-03
Chapter 9 Managing User Accounts
This page lists the names and access privileges of the local management users.
Note You can click Remove to delete any of the user accounts from the controller. However, deleting
Step 2 To create a lobby ambassador account, click New under Management. The Local Management Users >
New page appears (see Figure 9-2).
Figure 9-2 Management > Local Management Users > New Page
Creating Guest User Accounts
the default administrative user prohibits both GUI and CLI access to the controller. Therefore, you must create a user with administrative privileges (ReadWrite) before you remove the default user.
Step 3
Step 4 In the Password and Confirm Password fields, enter a password for the lobby ambassador account.
Step 5 Choose LobbyAdmin from the User Access Mode drop-down box. This option enables the lobby
In the User Name field, enter a username for the lobby ambassador account.
Note Management usernames must be unique because they are stored in a single database.
Note Passwords are case sensitive.
ambassador to create guest user accounts.
Note The ReadOnly option creates an account with read-only privileges, and the ReadWrite option
creates an administrative account with both read and write privileges.
Step 6 Click Apply to commit your changes. The new lobby ambassador account appears in the list of local
management users.
Step 7 Click Save Configuration to save your changes.
OL-9141-03
Cisco Wireless LAN Controller Configuration Guide
9-3
Creating Guest User Accounts

Using the CLI to Create a Lobby Ambassador Account

Enter this command to create a lobby ambassador account using the controller CLI:
config mgmtuser add lobbyadmin_username lobbyadmin_pwd lobby-admin
Note Replacing lobby-admin with read-only creates an account with read-only privileges. Replacing
lobby-admin with read-write creates an administrative account with both read and write privileges.

Creating Guest User Accounts as a Lobby Ambassador

A lobby ambassador would follow these steps to create guest user accounts.
Note A lobby ambassador cannot access the controller CLI interface and therefore can create guest user
accounts only from the controller GUI.
Chapter 9 Managing User Accounts
Step 1 Log into the controller as the lobby ambassador, using the username and password specified in the
“Creating a Lobby Ambassador Account” section above. The Lobby Ambassador Guest Management >
Guest Users List page appears (see Figure 9-3).
Figure 9-3 Lobby Ambassador Guest Management > Guest Users List Page
Step 2
Click New to create a guest user account. The Lobby Ambassador Guest Management > Guest Users List > New page appears (see Figure 9-4).
Figure 9-4 Lobby Ambassador Guest Management > Guest Users List > New Page
9-4
Cisco Wireless LAN Controller Configuration Guide
OL-9141-03
Chapter 9 Managing User Accounts
Step 3 In the User Name field, enter a name for the guest user. You can enter up to 24 characters.
Step 4 Perform one of the following:
• If you want to generate an automatic password for this guest user, check the Generate Password
check box. The generated password is entered automatically in the Password and Confirm Password fields.
If you want to create a password for this guest user, leave the Generate Password check box
unchecked and enter a password in both the Password and Confirm Password fields.
Note Passwords can contain up to 24 characters and are case sensitive.
Step 5 From the Lifetime drop-down boxes, choose the amount of time (in days, hours, minutes, and seconds)
that this guest user account is to remain active. A value of zero (0) for all four fields creates a permanent account.
Default: 1 day
Range: 5 minutes to 30 days
Creating Guest User Accounts
Note The smaller of this value or the session timeout for the guest WLAN, which is the WLAN on
which the guest account is created, takes precedence. For example, if a WLAN session timeout is due to expire in 30 minutes but the guest account lifetime has 10 minutes remaining, the account is deleted in 10 minutes upon guest account expiry. Similarly, if the WLAN session timeout expires before the guest account lifetime, the client experiences a recurring session timeout that requires reauthentication.
Note You can change a guest user account with a non-zero lifetime to another lifetime value at any
time while the account is active. However, to make a guest user account permanent or to change a permanent account to a guest account, you must delete the account and create it again.
Step 6 From the WLAN SSID drop-down box, choose the SSID that will be used by the guest user. The only
WLANs that are listed are those for which Layer 3 web authentication has been configured (under WLAN Security Policies).
Note Cisco recommends that the system administrator create a specific guest WLAN to prevent any
potential conflicts. If a guest account expires and it has a name conflict with an account on the RADIUS server and both are on the same WLAN, the users associated with both accounts are disassociated before the guest account is deleted.
Step 7 In the Description field, enter a description of the guest user account. You can enter up to 32 characters.
OL-9141-03
Cisco Wireless LAN Controller Configuration Guide
9-5
Creating Guest User Accounts
Step 8 Click Apply to commit your changes. The new guest user account appears in the list of guest users on
the Guest Users List page (see Figure 9-5).
Figure 9-5 Lobby Ambassador Guest Management > Guest Users List Page
From this page, you can see all of the guest user accounts, their WLAN SSID, and their lifetime. You can also edit or remove a guest user account. When you remove a guest user account, all of the clients that are using the guest WLAN and are logged in using that account’s username are deleted.
Step 9 Repeat this procedure to create any additional guest user accounts.
Chapter 9 Managing User Accounts

Viewing Guest User Accounts

After a lobby ambassador has created guest user accounts, the system administrator can view them from the controller GUI or CLI.

Using the GUI to View Guest Accounts

To view guest user accounts using the controller GUI, click Security and then Local Net Users under AAA. The Local Net Users page appears (see Figure 9-6).
Figure 9-6 Local Net Users Page
From this page, the system administrator can see all of the local net user accounts (including guest user accounts) and can edit or remove them as desired. When you remove a guest user account, all of the clients that are using the guest WLAN and are logged in using that account’s username are deleted.
9-6
Cisco Wireless LAN Controller Configuration Guide
OL-9141-03
Loading...
+ 12 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use