Cisco Wireless Control System Configuration Guide, Release 4.0
Managing WCS User Accounts
Downloads: This chapterpdf (PDF - 208.0KB) The complete bookPDF (PDF - 7.37MB) | Feedback

Managing WCS User Accounts

Table Of Contents

Managing WCS User Accounts

Adding WCS User Accounts

Changing Passwords

Deleting WCS User Accounts

Creating Guest User Accounts

Creating a Lobby Ambassador Account

Logging into the WCS User Interface

Managing WCS Guest User Accounts

Adding Guest User Accounts

Viewing and Editing Guest Users

Deleting Guest User Templates


Managing WCS User Accounts


This chapter describes how to manage WCS user accounts. It contains these sections:

Adding WCS User Accounts

Changing Passwords

Deleting WCS User Accounts

Creating Guest User Accounts

Adding WCS User Accounts

Follow these steps to add a new user account to WCS.


Step 1 Start WCS by following the instructions in the "Starting WCS" section.

Step 2 Log into the WCS user interface as Super1.


Note Cisco recommends that you create a new superuser assigned to the SuperUsers group and delete Super1 to prevent unauthorized access to the system.


Step 3 Click Administration > Accounts to display the All Users page.

Step 4 From the Select a command drop-down menu, choose Add User and click GO to display the User administration page.

Step 5 Enter the username and password for the new WCS user account. You must enter the password twice.


Note These entries are case sensitive.


Step 6 Under Groups Assigned to this User, check the appropriate check box to assign the new user account to one of four user groups supported by WCS:

System Monitoring—Allows users to monitor WCS operations.

ConfigManagers—Allows users to monitor and configure WCS operations.

Admin—Allows users to monitor and configure WCS operations and perform all system administration tasks except administering WCS user accounts and passwords.


Note If you choose admin account and log in as such on the controller, you can also see the guest users under Local Net Admin.


SuperUsers—Allows users to monitor and configure WCS operations and perform all system administration tasks including administering WCS user accounts and passwords.

Step 7 Click Submit. The name of the new user account appears on the All Users page and can be used immediately.

Step 8 In the sidebar, click Groups to display the All Groups page.

Step 9 Click the name of the user group to which you assigned the new user account. The Group > User Group page shows a list of this group's permitted operations.

Step 10 Make any desired changes by checking or unchecking the appropriate check boxes.


Note Any changes you make will affect all members of this user group.


Step 11 Click Submit to save your changes or Cancel to leave the settings unchanged.


Changing Passwords

Follow these steps to change the password for a WCS user account.


Step 1 Start WCS by following the instructions in the "Starting WCS" section.

Step 2 Log into the WCS user interface as a user assigned to the SuperUsers group.

Step 3 Click Administration > Accounts to display the All Users page.

Step 4 Click the name of the user account for which you want to change the password.

Step 5 On the User > Username page, enter the new password in both the New Password and Confirm New Password fields.

Step 6 Click Submit to save your changes. The password for this user account has been changed and can be used immediately.


Deleting WCS User Accounts

Follow these steps to delete a WCS user account.


Step 1 Start WCS by following the instructions in the "Starting WCS" section.

Step 2 Log into the WCS user interface as a user assigned to the SuperUsers group.

Step 3 Click Administration > Accounts to display the All Users page.

Step 4 Check the check box to the left of the user account(s) to be deleted.

Step 5 From the Select a command drop-down menu, choose Delete User(s) and click GO.

Step 6 When prompted, click OK to confirm your decision. The user account is deleted and can no longer be used.


Creating Guest User Accounts

You can use the Cisco Lobby Ambassador feature to create guest user accounts in WCS. A guest network provided by an enterprise allows access to the internet for a guest without compromising the security of the host. The web authentication is provided with or without a supplicant or client, so a guest needs to initiate a VPN tunnel to their desired destinations.

The system administrator must first set up a lobby administrator account, also known as a lobby ambassador account. A lobby ambassador account has limited configuration privileges and only allows access to the screens used to configure and manage guest user accounts. The lobby administrator has no access to online help.

This account allows a non-administrator to create and manage guest user accounts on WCS. The purpose of a guest user account is to provide a user account for a limited amount of time. The lobby ambassador is able to configure a specific time frame for the guest user account to be active. After the specified time period, the guest user account automatically expires. This section describes how a lobby ambassador can create and manage guest user accounts on WCS.

This section describes how to perform the following procedures:

Creating a Lobby Ambassador Account

Logging into the WCS User Interface

Managing WCS Guest User Accounts

Creating a Lobby Ambassador Account

Follow these steps to create a lobby ambassador account in WCS.


Note SuperUser privilege is required (by default) to create a lobby ambassador account.



Step 1 Log into the WCS user interface as an administrator.

Step 2 Click Administration > Accounts to display the All Users page.

Step 3 From the Select a command drop-down menu, choose Add User and click GO.

Step 4 On the User page, follow these steps to add a new Lobby Ambassador account.

a. Enter the username.

b. Enter the password. The minimum is 6 characters. Reenter and confirm the password.

c. In the section Groups Assigned to this User, check the LobbyAmbassador check box.

d. Click Submit. When the lobby ambassador is added, it is part of the lobby administrator group. The name of the new lobby ambassador account is listed and can be used immediately.


Logging into the WCS User Interface

When you log in as a lobby ambassador, you have access to the guest user template page in the WCS. You can then configure guest user accounts (through templates).

Follow these steps to log into the WCS user interface through a web browser.


Step 1 Launch Internet Explorer 6.0 or later on your computer.


Note Some WCS features may not function properly if you use a web browser other than Internet Explorer 6.0 on a Windows workstation.


Step 2 In the browser's address line, enter https://wcs-ip-address (such as https://1.1.1.1/login.html), where wcs-ip-address is the IP address of the computer on which WCS is installed. Your administrator can provide this IP address.

Step 3 When the WCS user interface displays the Login window, enter your username and password.


Note All entries are case sensitive.



Note The lobby administrator can only define guest user templates.


Step 4 Click Submit to log into WCS. The WCS user interface is now active and available for use. The Guest Users Templates page is displayed. This page provides a summary of all created Guest User templates.


Note To exit the WCS user interface, close the browser window or click Logout in the upper right corner of the page. Exiting a WCS user interface session does not shut down WCS on the server.



Note When a system administrator stops the WCS server during your WCS session, your session ends, and the web browser displays this message: "The page cannot be displayed." Your session does not reassociate to WCS when the server restarts. You must restart the WCS session.



Managing WCS Guest User Accounts

WCS guest user accounts are managed with the use of templates. This section describes how to manage WCS user accounts and includes the following sections and procedures:

Adding Guest User Accounts

Viewing and Editing Guest Users

Deleting Guest User Templates

Adding Guest User Accounts

Templates are used to create guest user accounts in WCS. After the template is created, it is applied to all controllers that the guest users are allowed access. Follow these steps to add a new guest user account to WCS.


Step 1 Log into the WCS user interface as lobby ambassador.

Step 2 On the Guest User page, choose Add Template from the Select a command drop-down menu and click GO.

Step 3 On the Guest User > New Template page, the lobby ambassador can either manually enter the username/password or will have an option to auto generate a password. If you choose to auto generate, the password field will get populated. Begin with Steps a and b if you are not autogenerating; otherwise, skip to Step c.

a. Enter the guest user name. The maximum is 24 characters.

b. Enter a password twice.


Note Passwords are case sensitive.


c. Select an SSID (WLAN Service Set Identifier) from the drop-down menu. Only those WLANs for which web security is enabled are listed. This is the SSID to which this guest user applies and must be a WLAN that has Layer 3 web authentication policy configured. Your administrator can advise which SSID to use.

d. Enter a description of the guest user account.

e. From the drop-down menus, choose days, hours, or minutes for the lifetime of this guest user account. The valid ranges are 1 to 30 days, 1 to 24 hours, and 5 to 60 minutes. A value of zero (0) implies infinity and will be a permanent account.

Step 4 Click Save to save your changes or Cancel to leave the settings unchanged. When you click Save, the screen refreshes.

Step 5 After successful creation of the template, the username can be applied to a single controller or to multiple controllers based on the selected SSID. Click Apply to Controllers. Check the check box for the controller or Config Group name that the guest user account applies to and click OK. If you do not want to apply to controllers, click Cancel. If you click OK, the Apply to Controllers page refreshes and shows the operation status. If the operation status shows as successful, the guest user account has been completed and can be used immediately.


Note The Account Expiry displays the controller(s) to which the guest user account was applied to and the seconds remaining before the guest user account expires. If you need to update the lifetime parameter for this account, see the "Viewing and Editing Guest Users" section.



Viewing and Editing Guest Users

The lobby ambassador can modify the guest user account template from that template's detail page and apply the modified template to controllers. You can use this edit option to reset the lifetime of a guest account, but you cannot change the username or password. Follow these steps to view the current WCS guest users.


Step 1 Log into the WCS user interface as described in the"Logging into the WCS User Interface" section.

Step 2 In the Account Expiry section, you see a list of controllers which this guest user account template is applied to and the remaining lifetime for each controller. Click an item under the User Name column that you would like to view or edit.

Step 3 On the Guest Users > Template page, you can edit the following items:

SSID: Select an SSID (WLAN Service Set Identifier) from the drop-down menu. This is the SSID to which this guest user applies and must be a WLAN that has Layer 3 web authentication policy configured. Your administrator can advise which SSID to use.

Description: Enter a description of the guest user account.

LifeTime: From the drop-down menus, choose days, hours, or minutes for the lifetime of this guest user account. A value of zero (0) implies infinity and will be a permanent account.

Step 4 Click Save to save your changes or Cancel to leave the settings unchanged. When you click Save, the screen refreshes.

Step 5 Click Apply to Controllers. Check the check box for the controller or Config Group name that the guest user account applies to and click OK. If you do not want to apply to controllers, click Cancel. If you click OK, the Apply to Controllers page refreshes and shows the operation status. If the operation status shows as successful, the guest user account has been completed and can be used immediately.


Note The Account Expiry displays the controller(s) to which the guest user account was applied to and the seconds remaining before the guest user account expires.



Deleting Guest User Templates

During deletion of the guest account, all client stations logged in and using the guest WLAN username will be deleted. Follow these steps to delete a WCS guest user template.


Step 1 Log into the WCS user interface as described in the "Logging into the WCS User Interface" section.

Step 2 On the Guest User page, check the check box to the left of the guest user account(s) to be deleted.

Step 3 From the Select a command drop-down menu, choose Delete Templates and click GO.

Step 4 When prompted, click OK to confirm your decision. The guest user template is deleted and can no longer be used.

The controller sends a notification of a guest account expiry and deletion by invoking a trap. WCS processes the trap and deletes the user account expired from the configuration of that controller. If that guest account is not applied to other controllers, it can be deleted from the templates as well. A notice appears in the event logs also.