Cisco :: 2821 Does WLC6 Filter DHCP
Feb 21, 2012
I have Cisco 2821 with NM-AIR-WLC6-K9 installed. And number of AIR-AP1131AG-E-K9. Now I set up trivial task to make WLC6 to work as bridge between on of WLANs and one of VLANs on a network segment. I have already attained the following: all is working fine while I use on my test notebook statically assgned IP-address. Broadcasts as ARP-requests are going through the network free. But as soon as I change IP assigning method I hear nothing on DHCP's side. Notebook is unable to acquire address through DHCP. But when I assing IP-address to vlan20 interface on WLC6 and set up correct DHCP-server all works fine again. Now with DHCP. But I don't want use IP on vlan20! [code]
View 8 Replies
ADVERTISEMENT
Dec 27, 2011
a power analyzer in my network is sending some packets that are unexpected and incorrectly recognized as DHCPOFFERS. As a workaround, I would like to filter those packets with my Cisco switch 3750.Suppose IP_POWER_ANALYZER is the ip address, what could be the best choice
1. deny udp any IP_POWER_ANALYZER eq bootpc
2. deny udp any IP_POWER_ANALYZER eq bootpc; deny udp IP_POWER_ANALYZER any eq bootps
3. deny udp any eq bootpc IP_POWER_ANALYZER eq bootps
View 2 Replies
View Related
Aug 21, 2012
The wireless client can't get the DHCP address when I enable the On-MAC-Filter-failure, MAC Filtering and Web Auth. Client can get the DHCP address when I only enable the Web Auth in the same WLAN SSID. The WiSM verion is v7.0.235.0. [code]
View 1 Replies
View Related
Apr 21, 2011
Upgrading to 7.0.116 crashes the controller.
Then
***** send signal 15 to 365 (info/pid = 1) *****
[<c0103785>] dump_stack+0x15/0x20 (12)
[<c01200a7>] send_signal+0xd7/0x1a0 (44)
[Code].....
Not happy. 7.0.98 is buggy and 7.0.116 fixes these bugs but can not load. Can not go to 6.0 as using clean air AP. STUCK...
View 7 Replies
View Related
Jul 13, 2012
Will NME-AIR-WLC6-K9 work in Cisco 2811 Router?
View 3 Replies
View Related
Mar 2, 2012
I have NM-AIR-WLC6-K9 in Cisco 2821. Is there opprotunity to retreive configuration via SNMP as from Cisco Catalyst 2960?
View 1 Replies
View Related
Nov 1, 2011
We currently have a very small basic wireless network setup and we are looking to extend access to our connectivity to guests. What we would like to do is being able to configure a Guest V LAN on the wireless connection that would display a disclaimer on the terms of use prior to granting access to the network. We are currently using a pair of AP1142N access points connected back into a Cisco 6509 w/ Sup 720. The access points are not lightweight access points as the small number of access points we are managing did not warrant the need for centralized configuration.
We happen to have an unused Cisco 2811 router lying around and found a used NM-AIR-WLC6 on E bay that appears to be the most inexpensive wireless controller that I can find. Will this support a captive portal?
Is there a way to implement a captive portal without a wireless LAN controller? Are there devices that can placed into our network that would provide captive portal services to both wireless and specified wired switch ports (or inline to an entire switch of wired ports)?
We do not need any type of authentication with the captive portal, just simply a disclaimer with the terms of use. If there is a way to do it without additional devices that would require authentication, we would consider a guest/guest username/password combination to accomplish this.
View 1 Replies
View Related
Nov 11, 2012
I have some DHCP trouble since I subnetted my network with a 2921. My clinets are in 172.16.2.0/23 and DHCP servers are in 172.16.5.0/24.Sometimes, randomly I guess, I get NACK from my DHCP server, and if I look into DHCP logs I got something like this:
15,11/09/12,09:52:27,NACK,172.16.3.172,switchE51D12.host.com,A0CF5BE51D12,,0,6,,,,,,,,
15,11/09/12,09:52:28,NACK,172.16.3.172,switchE51D12.host.com,A0CF5BE51D12,,0,6,,,,,,,,
15,11/09/12,09:52:29,NACK,172.16.3.172,switchE51D12.host.com,A0CF5BE51D12,,0,6,,,,,,,,
[code]....
View 6 Replies
View Related
Apr 3, 2012
Have a client wanting to hand out public ip addresses to all clients from a PFSense Firewall terminating the internet connection.
How do I allow the Cisco Switches currently in place, configured with private ip addresses in the 10.10.x.x ranges and Vlans, where the main 3550 layer 3 has defined dhcp scopes for each vlan, to relay dhcp requests from all vlans to the PFSense firewall?
I assume I would take off the currently defined dhcp scopes for the vlans and configure each vlan/switch with the ip helper address and specify the PFSense firewall and that Nat would have to be disabled onthe firewall?
View 1 Replies
View Related
Jan 31, 2013
Using ACS 5.2, under Network Resources>Network Devices and AAA Clients>, I can only filter by:
Name
NDG:Location
NDG:Device Type
Description
How can I find a device by its IP Address? or how can I enable this option?
On this link:[URL] I read the following: ''Network Device Filters—Based on the AAA client that processes the request. A network device can be identified by its IP address, by the device name that is defined in the network device repository, or by the NDG'.....
How could I do this on my ACS server?
View 5 Replies
View Related
Jan 12, 2011
I have hw-550-3G modem and I like to know how to setup Mac, IP filter.To allow only the Mac, address in the list using the internet.
View 3 Replies
View Related
Apr 16, 2012
[URL]
I'm at task 6
Am I wrong but the only way to filter external routes - type 5 - is with a stub area, and area 0 can't be a stub? As far as I know OSPF can't filter on the route tag, so should I be filtering with a route-map?
View 19 Replies
View Related
Sep 22, 2012
My main goal i want to filter certain sites including facebook not to be accessible within the network and block all torrets including maliciuos site. I was advised to get Cisco ASA 5505 which i already got a quote. But now i want to know if is the ASA 5505 good enough for this purpose, is there anything additional required to succesfully overcome my main goal?
View 5 Replies
View Related
May 29, 2013
Most of our VPN connections are done with our Cisco 3030 and the internet goes out the ASA. We are able to filter all web traffic by doing a a span port for web traffic.
When we move VPN connections to the ASA we will loose the ability to span web traffic becuase its coming in and going out the same interface on the ASA. We will loose the ability to filter web traffic when this happens.
How we can filter web traffic on VPN connections on the ASA. We are using websense. I know there is some integration that can be done with the ASA and websense but it doesn't have all the capabilities as doing a span port for websense to monitor.
View 1 Replies
View Related
Aug 6, 2012
is there any way to apply hostname or object network in the syntax? The command gives the option to use hostname or A.B.C.D but doesn't accept the hostname PIX1(config)# filter url except 0.0.0.0 0.0.0.0 ?configure mode commands/options: Hostname or A.B.C.D The address of foreign/external host which is destination for connections requiring filtering Can an FQDN be used as a foreign/external host?
View 3 Replies
View Related
Feb 6, 2013
I've got a PIX running 7.2(4) with its outside interface on the Internet. The only thing this PIX is doing is acting as the endpoint for an IPSEC LAN-to-LAN tunnel with an Internet-connected ASA on another network.
I'd like to filter inbound Internet traffic to this PIX so that only the designated ASA can attempt to establish an IPSEC connection -- in other words, I want to prevent any other device on the Internet from even being able to attempt to establish an IPSEC connection to the PIX. As far as I know (and have seen), this can't be done with an access-list on the outside interface, since that access-list doesn't apply to traffic to the PIX itself.
View 3 Replies
View Related
Aug 1, 2011
I am working on a Perl script to be ran on our different subnets to see what hosts are down (and make the assumption that if the host is down the IP address is free to be used). This is not being ran on a Linux system, so I can't use grep to filter out everything except down hosts. I know there are modules for Nmap that would make this task easier, but my plan is to install Nmap to our network monitoring server, compile the script for Windows, and have it create the report for what addresses are down. I don't want each person running the script to have to have all the modules installed, etc. Or can you compile the script with the modules in it?
View 6 Replies
View Related
Jan 12, 2013
I work at a boarding high school at nights and as such I have a lot of free time. However the internet here is very restricted due to obvious concerns about children and unrestricted access. I have private internet at my room on campus but its too far away to connect to. I was wondering if it would be possible to setup my laptop/tablet to connect to my home computer and access the internet through them without restriction. And if so how would I go about doing that?
View 2 Replies
View Related
Jul 27, 2012
We have our aggregation layer here composed of two N7K with vPC between them. Every access switch is a N5K. Security policies state that we have to filter unnecessary vlans going through the trunk between N5K and N7K. So we use the 'switchport trunk allowed vlan 10,20,30' command. My question is: Do I have to include the native vlan id on this command?
View 10 Replies
View Related
Jan 10, 2012
We are currently installing RV-042 V3 Dual WAN VPN Routers for a Customer with an HQ Office & 3 Branch Offices. The Customer recently requested to use the WEB Filter feature available in the RV-042 V3 Router to do the followng : - " Block all the HTTP Traffic Except for the company Website " We tried all the Combinations between " Access Rules " & " Content Filtering " available under the " Firewall " but we always reach the result that either to Allow ALL HTTP Tarffic to All Websites or to Block ALL HTTP Traffic.
how to Block all HTTP Traffic except for certain URL ( Using the URL Name NOT the IP Address ).
View 3 Replies
View Related
Sep 30, 2012
We have Cisco ASA 5520 with csc ssm 10 (product ver. Trend Micro InterScan for Cisco CSC SSM 6.6.1125.0)in Web>Global settings> URL filtering > Rules > Communications and Search> Social Networking category is set to block during work time and allow during leisure time(see the attachement), but rule for this category won't work. I mean social networking sites are always remain allowed.
View 2 Replies
View Related
Mar 20, 2012
Is it possible to filter remote access VPN traffic on a PIX 501 (like you can on an ASA?)
View 1 Replies
View Related
Jul 2, 2012
We have a corporate site with a Cisco ASA 5580 (8.1), a remote office with a Cisco ASA 5510 (8.2) with a L2L VPN to corporate. A vendor has a L2L VPN to the corporate ASA with access to the remote office across the VPNs (hairpinning). The corporate office accesses an application at the vendor on port 23. Everything is working with regards to the vendor accessing resources to the remote office and the corporate office accessing the application at the vendor. Our goal now is to restrict the vendor to port 23 from the corporate network and port 9100 to the remote office. On the corporate ASA I setup a VPN filter and applied to the vendor's L2L vpn but when I apply the filter (see below) all traffic stops to the vendor such as telnet.
View 6 Replies
View Related
Jul 19, 2011
I have two wireless networks configured in the AP1200, both SSIDs are configured with WPA.
SSID 01: configured whit WPA
SSID 02: configured whit WPA
I have configured the access-list number 700, and I would like to apply to a single network. Achieving the following:
SSID 01 : WPA + Mac Filter, using the ACL number 700.
SSID 02: WPA
How I can apply the list 700 to the first SSID only ??
View 5 Replies
View Related
Mar 19, 2013
I need some clarification on the differences between a VPN-Filter v an Interface filter.I am using an ipsec crypto tunnel between our site using ASA 5525 and a remote client who are using a Palo Alto Firewall. I have applied a vpn-filter on the tunnel for these sites but I am being told that an interface filter would have been more simplier.
View 9 Replies
View Related
Feb 28, 2013
I have two Cisco 1260 autonomous access point setup with WPA2-PSK. They are up and running. In that configuration it is Personal security since the security is only provided by the shared key. I'd like to add MAC filtering so in my open authentification I just scroll down to "with MAC filtering" and save. Doing that crash everything and switch to Enterprise security which need to have a Radius server (the shared key is not saved anymore and by using a device I now see 802.1x security).
View 1 Replies
View Related
Aug 28, 2012
I wanted to ask if there is a collection filter in the ISE similar to ACS 5.3, where I can filter out unwanted syslogs.
View 2 Replies
View Related
Jul 10, 2011
I have 2 ACE4710 in HA enviroment, they receive connection from Internet. What I need to configure is following:
The ACE have configured two URL, with the same port and VIP Address, for example:
URL-1: www.xxxxx.com
URL-2: www.xxxxx.com/Admin
VIP Address: 10.10.10.10
Port: 8443
All clients point to unique VIP and Port configured, I need to know if I can apply any filter or rule that allows me to distinguish when a customer goes to the URL1 or URL2.If any client try to access to URL-2, your traffic must be deny.In summary, from Internet I should be able to go only to URL-1.
View 3 Replies
View Related
Mar 3, 2013
I am using an ASA 5510 firewall in routed mode.How can I filter incoming traffic by mac address on the AS 5510 ? I have already setup a static access rule for rdp users on the outside to access a terminal server on the inside.Now, i would like to further limit access from specific computers only.
View 7 Replies
View Related
Jun 11, 2012
I would like to create custom reports using the Report Designer (Reports -> Report Designer -> Syslog) and filter certain syslogs from being seen when I run the report like permitted ACL entries, 802.1x successful authentications. It seems like there is only the option of displaying what you want to see, not what you don't want to see.
View 6 Replies
View Related
May 21, 2011
Does ASA 5500 has stateless filter to drop packet even when 3-way handshake is finished
For example,
1: 3-way handshake is done
2:client send data to server
3:I apply a statless filter to the incoming interface to drop the packet from the client
View 3 Replies
View Related
May 21, 2013
I have a wireless sytem with a WLC 4400 and several 1522 Access Points. They don't actually function as Access Points because I'm using radio communication only for backhaul. There are no clients connected to the Access Points. All traffic on the network comes from the devices connected on the LANs that are bridged through the APs ethernet port.
I would like to create filters to allow only certain devices to be able to transmit over the radio link. I've used this in the past on 1310 units and it was very easy to do via GUI. This filter could be either by IP or MAC Addresses. IP would be better for me.
View 1 Replies
View Related
May 30, 2011
I have a Cisco ASA 5500 as the main router with a DIR-655 as a wireless access point behind it. DHCP is turned off on the 655 as the ASA is providing DHCP. This worked great for about a year and now suddenly, without any changes, I'm having problems. The only thing that connects without a problem is a laptop, which shows up on the device list with an IP. Other devices have problems. iPhones connect, show an IP on the device itself, but when listed in the connected list on the 655 show no IP. The connection is super slow. An Airport Express will connect, but again, shows no IP in the connected list on the 655. Using the ethernet cable from the Airport Express, nothing can get an IP. I can live with the iPhone not connecting, but the Airport Express not connecting is a major problem. Any reason why this would just stop working one day?
View 2 Replies
View Related
