Help to configure Anyconnect

Similar Questions

• I need help for configuring security for my wireless again.

  Need a help for my Wi - Fi Protected Access set up again... somehow I deleted it while trying to access the networks wireless outside my house.

  original title: Wi - Fi Protected Access

  Hi dmcangus,

  See the Microsoft articles below for more information on WPA wireless security.

  Configure Security Wireless WPA for home networks

  http://Windows.Microsoft.com/en-us/Windows-XP/help/networking/configure-WPA-wireless-security

  Overview of upgrading security Wi - Fi Protected Access (WPA) in Windows XP

  http://support.Microsoft.com/kb/815485

• Help please - configuration VPN AnyConnect crossed

  Hi there, forgive me if I missed all the protocols forum because this is my first post.

  I am trying to configure an AnyConnect VPN and I think it's nearly there, but not enough yet. When I connect from an outside network, it gives me the following error '... No address is available for an SVC connection. I checked the pools of addresses and what I see, they are assigned to the profile. I'm doing it also crossed, I all VPN traffic through this router... traffic LAN and remote Internet sometimes when I'm on the unfamiliar wifi hotspots. I tried to get this to work for more than 1 week with a lot of different forums to scouring. I have included my config running for anyone to help me with. I appreciate a lot of the answers to get me on the right track. Thank you.

  Update 15 minutes later: I posted my SSLVPN IP pool to the DefaultWebVPNGroup and it connected but I was unable to browse the web or ping network resources. I would like to disable the "DefaultWebVPNGroup" without any consequences for the installation program. What I still have to disable?

  -------------------------------------------------------------------------------

  Output from the command: 'show running-config '.

  : Saved

  :

  ASA Version 8.4 (2)

  !

  ciscoasa hostname

  activate 8Ry2YjIyt7RRXU24 encrypted password

  2KFQnbNIdI.2KYOU encrypted passwd

  names of

  !

  interface Ethernet0/0

  switchport access vlan 2

  !

  interface Ethernet0/1

  !

  interface Ethernet0/2

  !

  interface Ethernet0/3

  !

  interface Ethernet0/4

  !

  interface Ethernet0/5

  !

  interface Ethernet0/6

  !

  interface Ethernet0/7

  !

  interface Vlan1

  nameif inside

  security-level 100

  192.168.123.1 IP address 255.255.255.0

  !

  interface Vlan2

  nameif outside

  security-level 0

  IP address dhcp setroute

  !

  boot system Disk0: / asa842 - k8.bin

  passive FTP mode

  DNS lookup field inside

  DNS domain-lookup outside

  DNS server-group DefaultDNS

  Server name 208.67.220.220

  name-server 208.67.222.222

  permit same-security-traffic intra-interface

  network obj_any object

  subnet 0.0.0.0 0.0.0.0

  object-group service DM_INLINE_SERVICE_1

  the purpose of the ip service

  the purpose of the tcp destination eq https service

  the purpose of the tcp destination eq pptp service

  the purpose of the service tcp destination eq www

  object-group service DM_INLINE_SERVICE_2

  the purpose of the ip service

  the purpose of the tcp destination eq https service

  the purpose of the tcp destination eq pptp service

  outside_access_in list extended access allowed object-group DM_INLINE_SERVICE_1 all 192.168.123.0 255.255.255.0

  inside_access_in list extended access allow the object-group 192.168.123.0 DM_INLINE_SERVICE_2 255.255.255.0 any

  allow a standard ACL1 access list

  ACL1 list standard access allowed 192.168.123.0 255.255.255.0

  access-list nat0 extended 192.168.123.0 allowed any ip 255.255.255.0

  pager lines 24

  Enable logging

  asdm of logging of information

  Within 1500 MTU

  Outside 1500 MTU

  mask 192.168.132.50 - 192.168.132.60 255.255.255.0 IP local pool SSLVPNpool

  ICMP unreachable rate-limit 1 burst-size 1

  ASDM image disk0: / asdm - 645.bin

  don't allow no asdm history

  ARP timeout 14400

  NAT (exterior, Interior) source Dynamics one interface

  NAT (inside, outside) source Dynamics one interface

  inside_access_in access to the interface inside group

  Access-group outside_access_in in interface outside

  Route outside 0.0.0.0 0.0.0.0 76.x.x.1 1

  Timeout xlate 03:00

  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

  timeout tcp-proxy-reassembly 0:01:00

  Floating conn timeout 0:00:00

  dynamic-access-policy-registration DfltAccessPolicy

  identity of the user by default-domain LOCAL

  Enable http server

  http 192.168.1.0 255.255.255.0 inside

  http 192.168.123.0 255.255.255.0 inside

  No snmp server location

  No snmp Server contact

  Server enable SNMP traps snmp authentication linkup, linkdown cold start

  Crypto ipsec transform-set ikev1 ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

  Crypto ipsec transform-set ikev1 ESP-DES-SHA esp - esp-sha-hmac

  Crypto ipsec transform-set ikev1 SHA-ESP-3DES esp-3des esp-sha-hmac

  Crypto ipsec transform-set ikev1 esp ESP-DES-MD5-esp-md5-hmac

  Crypto ipsec transform-set ikev1 ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

  Crypto ipsec transform-set ikev1 ESP-3DES-MD5-esp-3des esp-md5-hmac

  Crypto ipsec transform-set ikev1 ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

  Crypto ipsec transform-set ikev1 ESP-AES-128-SHA aes - esp esp-sha-hmac

  Crypto ipsec transform-set ikev1 ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

  Crypto ipsec transform-set ikev1 ESP-AES-128-MD5-esp - aes esp-md5-hmac

  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 define ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5

  IKEv1 crypto policy 10

  authentication crack

  aes-256 encryption

  sha hash

  Group 2

  life 86400

  IKEv1 crypto policy 20

  authentication rsa - sig

  aes-256 encryption

  sha hash

  Group 2

  life 86400

  IKEv1 crypto policy 30

  preshared authentication

  aes-256 encryption

  sha hash

  Group 2

  life 86400

  IKEv1 crypto policy 40

  authentication crack

  aes-192 encryption

  sha hash

  Group 2

  life 86400

  IKEv1 crypto policy 50

  authentication rsa - sig

  aes-192 encryption

  sha hash

  Group 2

  life 86400

  IKEv1 crypto policy 60

  preshared authentication

  aes-192 encryption

  sha hash

  Group 2

  life 86400

  IKEv1 crypto policy 70

  authentication crack

  aes encryption

  sha hash

  Group 2

  life 86400

  IKEv1 crypto policy 80

  authentication rsa - sig

  aes encryption

  sha hash

  Group 2

  life 86400

  IKEv1 crypto policy 90

  preshared authentication

  aes encryption

  sha hash

  Group 2

  life 86400

  IKEv1 crypto policy 100

  authentication crack

  3des encryption

  sha hash

  Group 2

  life 86400

  IKEv1 crypto policy 110

  authentication rsa - sig

  3des encryption

  sha hash

  Group 2

  life 86400

  IKEv1 crypto policy 120

  preshared authentication

  3des encryption

  sha hash

  Group 2

  life 86400

  IKEv1 crypto policy 130

  authentication crack

  the Encryption

  sha hash

  Group 2

  life 86400

  IKEv1 crypto policy 140

  authentication rsa - sig

  the Encryption

  sha hash

  Group 2

  life 86400

  IKEv1 crypto policy 150

  preshared authentication

  the Encryption

  sha hash

  Group 2

  life 86400

  Telnet timeout 5

  SSH timeout 5

  Console timeout 0

  interface ID client DHCP-client to the outside

  dhcpd dns 208.67.220.220 208.67.222.222

  dhcpd outside auto_config

  !

  dhcpd address 192.168.123.150 - 192.168.123.181 inside

  dhcpd allow inside

  !

  a basic threat threat detection

  host of statistical threat detection

  statistical threat detection port

  Statistical threat detection Protocol

  Statistics-list of access threat detection

  no statistical threat detection tcp-interception

  WebVPN

  allow inside

  allow outside

  AnyConnect image disk0:/anyconnect-win-2.5.3054-k9.pkg 1

  AnyConnect image disk0:/anyconnect-macosx-i386-2.5.3054-k9.pkg 2

  AnyConnect enable

  internal group SSLVPN strategy

  SSLVPN group policy attributes

  client ssl-VPN-tunnel-Protocol

  Split-tunnel-policy tunnelall

  by default no

  the address value SSLVPNpool pools

  WebVPN

  AnyConnect Dungeon-Installer installed

  time to generate a new key 30 AnyConnect ssl

  AnyConnect ssl generate a new method ssl key

  AnyConnect ask flawless anyconnect

  attributes of Group Policy DfltGrpPolicy

  value of server DNS 208.67.220.220 208.67.222.222

  client ssl-VPN-tunnel-Protocol

  username Vxxxxx ZyAw6vc2r45CIuoa encrypted password

  username Vxxxxx attributes

  VPN-group-policy SSLVPN

  client ssl-VPN-tunnel-Protocol

  admin password 61Ltj5qI0f4Xy3Xwe26sgA user name is nt encrypted privilege 15

  username Sxxxxx qvauk1QVzYCihs3c encrypted password privilege 15

  Sxxxxx attributes username

  VPN-group-policy SSLVPN

  client ssl-VPN-tunnel-Protocol

  tunnel-group SSLVPN type remote access

  tunnel-group SSLVPN General attributes

  address (inside) SSLVPNpool pool

  address pool SSLVPNpool

  Group Policy - by default-SSLVPN

  tunnel-group SSLVPN webvpn-attributes

  allow group-alias SSLVPN_users

  !

  !

  !

  World-Policy policy-map

  class class by default

  Statistical accounting of user

  !

  service-policy-international policy global

  context of prompt hostname

  no remote anonymous reporting call

  call-home

  Profile of CiscoTAC-1

  no active account

  http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address

  email address of destination [email protected] / * /

  destination-mode http transport

  Subscribe to alert-group diagnosis

  Subscribe to alert-group environment

  Subscribe to alert-group monthly periodic inventory

  monthly periodicals to subscribe to alert-group configuration

  daily periodic subscribe to alert-group telemetry

  Cryptochecksum:989735d558c9b1f3a3a8d7cca928c046

  : end

  ----------------------------------------------------------------------------------------------------

  Thanks again to all.

  To access the internal resources of VPN, here's what needs to be configured for NAT:

  obj-SSL-pool of network objects

  192.168.132.0 subnet 255.255.255.0

  object obj-Interior-LAN network

  192.168.123.0 subnet 255.255.255.0

  Static NAT obj-Interior-LAN obj-Interior-LAN destination source (indoor, outdoor) obj-SSL-pool static obj-SSL-pool

  I also advise you to remove the following statement of the NAT:

  NAT (exterior, Interior) source Dynamics one interface

  If you want all traffic internet VPN to be routed to the tunnel, then here's the NAT config:

  object obj-SSL-internet network

  192.168.132.0 subnet 255.255.255.0

  dynamic NAT interface (outdoors, outdoor)

  And finally, you cannot disable the group policy by default 'DefaultWebVPNGroup '. So that when you log-in, you chose

  SSLVPN_users group of tunnel, which will apply SSLVPN automatically group policy that you have configured explicitly that.

  I hope this helps.

• Configuration AnyConnect helps Juniper SRX

  Hello and thanks for reading.

  This is a new Setup and I need support. I have not supported in TAC, but it has not proved effective.

  Internet - > Cisco ASA-> Juniper SRX-> extreme L3 SW-> APC

  What I've done so far is to install the latest images AnyConnect - anyconnect-macosx-i386 - 3.1.09013 - k9.pkg

  and running asa916-6 - k8.bin

  Please help with the Setup, with the IP space indicated, I have the last byte available for space public.184,.185, I drew the network in question. See photo.

  Untitled.PNG

  

  On the certificate, you can browse to your ASA outside interface and, using your browser ability inspection certificate, download the certificate to your local host. You can then import this certificate in the trusted root certificate authority (CA) store (or the equivalent on the non-windows hosts) and it will be not reliable for future connections. This may or may not be feasible by the technical knowledge of end users. For this reason and others, most enterprise deployments choose to use a problems of certificate by an established CA.

  For the issue of the domain, you must add your local domain if you / them to be added to the DNS suffix search list when a VPN connection is established.

• 32L4333DG TV - need help with configuring WLAN

  I bought a flat 32L4333DG of Toshiba, but cannot configure the wireless connection.
  Help me please.

  Message was edited: assignment has been translated

  What's the problem? Have you read the instructions in the manual how to connect WiFi TV?

  There are 3 different methods to configure the WLan configuration:

  _1) easy Setup (WPS) _
  + If the AP is WPS compatible, this method can be used. +
  + WPS is a standard of the industry, designed to facilitate the wireless LAN connection and security settings. WPS automatically configures all the wireless settings. +
  + NOTE: WEP encryption is perhaps not able to configure through easy implementation. +

  _2) assisted Setup (installation using notification s AP information) _
  + Name network, authentication and encryption are decided according to the information provided by the AP. You can manually set the security key. +
  + The security key must conform to these conditions: +.
  + TKIP/AES: ASCII 8-63 or 64 Hex characters +.
  + WEP: codes ASCII 13 5 or 10 or 26 Hex characters +.
  + There's a key ID to set for the WEP encryption. +

  _3 _) manual configuration (manual entry of all parameters)
  + Some types of encryption are only compatible with specific authentication types. +
  + When authentication is an open system, only WEP or none is compatible. +
  + When authentication is shared key, WEP is compatible. +
  + When authentication is WPA - PSK or WPA2-PSK, TKIP or AES is compatible. +

  + When the inconsistent authentication/encryption pairings are detected, a warning message will be displayed and no connection attempt will be until the conflict is resolved. +

  + There's a key ID to set for the WEP encryption. +

• Help text Configuration file reading

  Need help...

  I try to do a VI that will read a simple text configuration file.  The file will have entries like:

  URL = 192.168.0.1

  Port = 9000

  What I want to do is read the line and 'analyze' in 2 channels.  Then, based on the content of the first string (the part before the = sign), do something with the second part (after the =).

  I managed to open the file using "File open/create/replace" and but will have problems reading "Scan From File" to pull strings (it seems to define a mistake when I read in the first line, although my probes show that I had two channels).

  Anyway, once I have my 2 strings, it is a simple 'case' as the structure that I can use to search through all my "pre-defined first?

  Do not build something new. Just use the file Config screws - check under file IO functions. They will do exactly what you want.

  Mike...

• HP C4580 not scan to PC. I need help to configure my Netgear router please :)

  Hello

  I've read here, the threads that talk about this printer prints only not to or from a PC - my problem is that the C4580 go scan from my PC, but will not scan to PC.

  I found an answer from someone who has had the same problem earlier this year, but I do not understand what to do.

  Here's the answer:

  "I have ordered mine entering the settings from my router (Netgear) page and setting the built-in firewall rules. "The internal firewall was blocking the printer, I could print, scan using the computer, just could not scan from the printer to the computer.

  Also, I have a Netgear router, but could do with help on how to do the same thing as the person above.

  Thanks in advance for any help!

  Sorry, I don't need help after all

  It was not the router requires a configuration, it is the firewall that was a block that should be changed to "allow".

  My "all-in-one" now does everything it is supposed to do

• RE: router wrt310n - need help for configuring wireless security

  I can get wireless if the router is not secure, but cannot configure wpa and wireless security.  Instructions followed on linksys tutorial but still connect wirelessly if I select wpa security.   In addition, I can't find a way to change the ssid, the pages of router do not match documentation.  The version of my router is v1.  Is this obsolete, I know that there is a v2.  Any help will be appreciated.

  Please follow these steps to configure the wireless settings and try to connect to the wireless network.

  Open an Internet Explorer browser on your computer (desktop) wired page. In the address bar type - 192.168.1.1 and press ENTER... Let the empty user name & password use admin lowercase...

  For wireless settings, follow these steps: -.
  Click on the Wireless tab
  -Here, select manual configuration... Wireless network mode must be mixed...
  -Provide a unique name in the name box of the wireless network (SSID) in order to differentiate your network from your network of neighbors...

  -Fix the Radio band to wide - 40 MHz and change the broad Channel 9 and channel Standard 11 - 2, 462 GHz... Wireless SSID broadcast should be enabled, and then click on save settings...
  Please take note of the name of the wireless network (SSID) because it's the network identifier...
  For wireless security: -.
  Click the sub-tab under wireless > Wireless Security...
  Change the mode of WPA wireless security, encryption, select AES... Password input your desired WPA key. For example, MySecretKey, this will serve as your network key whenever you connect to your wireless network. Do NOT give this key to anyone.

  NOTE: The password must be more than 8 characters...

  Click the settings advanced wireless
  Change the interval of tag to 75 > change the Fragmentation threshold to 2304 change the RTS threshold to 2307 > click 'save settings '...
  Now let's see if you can locate your wireless network and try to connect...

  IF YOU ARE NOT ABLE TO CONNECT TO THE RADIO

• Need help to configure the VLAN on a powerconnect 5448

  Hello world

  I am currently working on 2 switches PowerConnect 5448 but I'm completely lost in configuring VLAN.

  My bow:

  

  My needs are:

  -J' have 2 different networks that need to be isolated in different VLANS

  -I want to port 11-14 to use for network backup, all others must be used for the production network.

  -This 2 networks must pass through the port 48 (fiber)

  How can I configure this kind of network on the powerconnect interface (or via telnet)?

  My understood are the following, I have to create 2 different VLAN tag all ports, switch to safe mode all ports of the entitlement each port to the VLAN voted. Am I wrong?

  How the fiber port?

  Thanks in advance for your help on this matter.

  Since your 2 VLAN need not communicate with each other, you should be able to get this working.

  The easiest way to do this would be to have your production on VLAN 1 and VLAN 2 second network.

  Assign an IP address to the switch with the command IP #.

  Assign a default gateway with the # ip default-gateway command.

  Create a VLAN 2:

  Database console (config) # vlan

  Console (config - vlan) # vlan 2

  Set 11-14 ports to access the mode for VLAN 2

  Console # switchport mode access

  Console # switchport access vlan 2

  Set 48 on trunk or general mode ports.

  Console # switchport mode Trunk

  console # permit trunk switchport vlan add 2

  You should get pretty close to a work environment. You may encounter some problem with VLAN 2 contacting 192.168.1.0, maybe just need to put it up and test.

  Here are a few links to software packages and manuals that can help.

  Firmware.

  http://Dell.to/1tz8tW0

  Manuals.

  http://Dell.to/1yqV4DJ

  Keep us on how will your configuration.

• Help to configure the router Cisco 1941

  Help!

  I just bought a router cisco 1941, I understand, it came with the Cisco CP, but I don't know how get you to the part where I can use it.

  Also, how can I connect to the router directly without using the HyperTerminal console, all I want to be able to do is configure the address IP of the ISP and my IP address so I can use it for surfing the internet.

  Help, please.

  Hello

  Thanks for the screenshots and show the output! You will need a few lines of command for CCP to work:

  Configure the terminal

  username username privilege 15 secret PASSWORD

  IP http server

  local IP authentication

  Sent by Cisco Support technique iPad App

• Please help to configure the router for internet connection 871W!

  Hello world!

  I just started styding for CCNA, so I'm totally new to Cisco stuff. Recently bought a router 871W and spent two days in a row trying to configure internet connection with no luck! I use the port console for the configs and SDM/CCP. Would be greateful if someone could tell me how to do simple configs of internet connection. I googled everything but it's still confusing. I can't assing all-IP ports FA 0-3. I used instead of the VLAN. But all tutorials use FA0 and when I try to assign an IP address to FA0 it gives me some L2 cannot be assigned or something... :/ And I am also confused at what address IP use for WAN.

  I connected the cable between the Modem and the LAN of the PC port and copied some IP addresses which I think I have to use to configure the router for internet connection. And here they are:

  ISP IP: 76.114.54.255

  SUBNET: 255.255.248.0

  GATEWAY: 76.114.48.1

  DHCP: 69.252.97.4

  DNS: 75.75.75.75

  75.75.76.76

  If you can, please help! Thank you!

  Hi david,

  Looks like your 871w can not get a dynamic IP address: % unknown DHCP problem... No possible allocation

  you could ask your ISP to perform a reset/clear MAC add and try again?

  also, kindly post lastest "show run".

  Edit: just to see you've updated your screenshot. could you add command under 4

  Mac-add 0001.4af9.8b83

• Helps to configure a Cisco 4402 wireless controller

  Hello

  I need help setting up a Cisco 4402 Wireless Controller. I want to have users automatically connect to the wireless network, but not to have access to all the resources network until they open a web browser and provide their domain user name and password or a guest account provided by the receptionist.

  I tried many different configurations but can't seem to make it work properly. More time then not when I put on the WIFI network security it causes my wireless network to disappear from the list of wireless avaialbe.

  Here's my network configures:

  1 - 4402 wireless LAN Controller

  2 - Aironet 1130AG antennas

  1 - 5510 cisco ASA

  1 - 4503 core Router\Switch

  8-2960G switches

  Windows domain Server 2003 with RADIUS running on the domain controller.

  Thanks in advance for the help.

  Glad you got it working...

• Need help with configuration of VLAN SF300-24

  Hello

  Let me Preface this with the fact that networking is certainly not my point hard, so here, any help is greatly appreciated.

  I'm trying to segment on a virtual desktop on its own VIRTUAL local network infrastructure using a Cisco SF300-24 Layer 3 switch. I can get the switch to connect to the network with the assigned VLAN 1 an IP address on the subnet of the network (192.168.16.X), but I can't get anything this is set up VLAN 20 (192.168.20.X subnet) to connect past the VLAN 20 (192.168.20.254) gateway IP. The ports assigned to 20 VLAN are defined to access the mode if it matters.

  Here is a diagram to illustrate what it looks like, as there is another (L2) switch involved.

  

  So I'm not really sure what I am missing here since all settings seem simple enough.

  Hi Simon, I recommend you remove any server active directory and essentially remove all safety factors. This will give the idea of where to start.

  If you take a quite basic set, 2 Windows 7 workstations without a Firewall window activated, they both work as expected.

  It must be remembered that in firewalls, even if they are able to respond to ICMP if the request is from a different subnet, they will not be because he is recognized as a network abroad. You must know the network on these computers or make sure the computer does not care.

  You may be able to do this by simply adding additional subnets on the advanced configuration of the network card (if it does not take too much address space) as an example.

  Or well, as you have discovered that you can add routes, which is a bit heavy and inconvienent, but effective.

  -Tom
  Please mark replied messages useful

• Need help with configuration on cisco vpn client settings 1941

  Hey all,.

  I just bought a new router 1941 SRI and need help with the configuration of the parameters of the VPN client. Orders aspect a little different here, as I'm used to the configuration of ASA and PIX for vpn, routers not...

  If anyone can help with orders?

  I need the installation:

  user names, authentication group etc.

  Thank you!

  Take a peek inside has the below examples of config - everything you need: -.

  http://www.Cisco.com/en/us/products/ps5854/prod_configuration_examples_list.html

  HTH >

  Andrew.

• WLC 5508 + AP 3502i + help ACS configuration

  Hello

  I have a Cisco 5508 WLAN controller and three Access Points 3502i Cisco a Cisco ACS 5.2. I need to set up a simple wireless authentication system where a user is prompted to enter a user name and password in a web portal before you can access on the wireless LAN.  Usernames and passwords are available in a CSV file and would need to be entered in the TAS.

  I read several guides from Cisco, including the WLC configuration guide, but I'm still confused.  If anyone can please give me advice on how I could set this up, I would really appreciate it.

  Thanks to a bouquet.

  Well first of all set up a ssid for Webauth.

  http://www.Cisco.com/en/us/Tech/tk722/tk809/technologies_configuration_e...

  I would also first start by creating a local user on the WLC net and try to get this to work first. The link I posted has this info. With the help of ACS is a little tricky but can be done. The WLC has of a Hall admin function that can help if you need someone else enter the user name and password. I tend to use ACS for all internal authentication.

  Sent by Cisco Support technique iPhone App