Cisco Wireless LAN Controller Configuration Guide, Release 7.5
Configuring Local Network Users on the Controller
Downloads: This chapterpdf (PDF - 1.18MB) The complete bookPDF (PDF - 17.88MB) | The complete bookePub (ePub - 4.41MB) | Feedback

Configuring Local Network Users on the Controller

Configuring Local Network Users on the Controller

Information About Local Network Users on Controller

You can add local network users to the local user database on the controller. The local user database stores the credentials (username and password) of all the local network users. These credentials are then used to authenticate the users. For example, local EAP may use the local user database as its backend database to retrieve user credentials.


Note


The controller passes client information to the RADIUS authentication server first. If the client information does not match a RADIUS database entry, the RADIUS authentication server replies with an authentication failure message. If the RADIUS authentication server does not reply, then the local user database is queried. Clients located in this database are granted access to network services if the RADIUS authentication fails or does not exist.


Configuring Local Network Users for the Controller (GUI)


    Step 1   Choose Security > AAA > Local Net Users to open the Local Net Users page.
    Note   

    If you want to delete an existing user, hover your cursor over the blue drop-down arrow for that user and choose Remove.

    Step 2   Perform one of the following:
    • To edit an existing local network user, click the username for that user. The Local Net Users > Edit page appears.

    • To add a local network user, click New. The Local Net Users > New page appears.

    Step 3   If you are adding a new user, enter a username for the local user in the User Name text box. You can enter up to 24 alphanumeric characters.
    Note   

    Local network usernames must be unique because they are all stored in the same database.

    Step 4   In the Password and Confirm Password text boxes, enter a password for the local user. You can enter up to 24 alphanumeric characters.
    Step 5   If you are adding a new user, select the Guest User check box if you want to limit the amount of time that the user has access to the local network. The default setting is unselected.
    Step 6   If you are adding a new user and you selected the Guest User check box, enter the amount of time (in seconds) that the guest user account is to remain active in the Lifetime text box. The valid range is 60 to 2,592,000 seconds (30 days) inclusive, and the default setting is 86,400 seconds.
    Step 7   If you are adding a new user, you selected the Guest User check box, and you want to assign a QoS role to this guest user, select the Guest User Role check box. The default setting is unselected.
    Note   

    If you do not assign a QoS role to a guest user, the bandwidth contracts for this user are defined in the QoS profile for the WLAN.

    Step 8   If you are adding a new user and you selected the Guest User Role check box, choose the QoS role that you want to assign to this guest user from the Role drop-down list.
    Step 9   From the WLAN Profile drop-down list, choose the name of the WLAN that is to be accessed by the local user. If you choose Any WLAN, which is the default setting, the user can access any of the configured WLANs.
    Step 10   In the Description text box, enter a descriptive title for the local user (such as “User 1”).
    Step 11   Click Apply to commit your changes.
    Step 12   Click Save Configuration to save your changes.

    Configuring Local Network Users for the Controller (CLI)

    • Configure a local network user by entering these commands:

      • config netuser add username password wlan wlan_id userType permanent description description—Adds a permanent user to the local user database on the controller.

      • config netuser add username password {wlan | guestlan} {wlan_id | guest_lan_id} userType guestlifetime seconds description description—Adds a guest user on a WLAN or wired guest LAN to the local user database on the controller.

        Note


        Instead of adding a permanent user or a guest user to the local user database from the controller, you can choose to create an entry on the RADIUS server for the user and enable RADIUS authentication for the WLAN on which web authentication is performed.


      • config netuser delete username
        • username—Deletes a user from the local user database on the controller.

          Note


          Local network usernames must be unique because they are all stored in the same database.


    • See information related to the local network users configured on the controller by entering these commands:

      • show netuser detail username—Shows the configuration of a particular user in the local user database.
      • show netuser summary—Lists all the users in the local user database.

    • Save your changes by entering this command:

      save config