My company has chosen to allow our employees to bring in and use their own personal electronic devices such as i Pads, i Phones, tablet PC's, etc... We intend to allow them to access our network with these devices. My question is if an employee decides to enable a WiFi hotspot on an iPhone, i Pad or other device and then share out that network connection we have provided to them to allow other devices to tether to it, how do we prevent or mitigate this issue with our W LAN environment?
Our current environment consists of 4400 series WLC's and 1131, 1231 and 1242 series AP's using version 7.098.218 code. We plan on migrating to 5500 series WLC's and 3500 series AP's but this will not happen overnight.
We have a Sonicwall NSA 3500. We have a seperate interface for LAN and WLAN. The WLAN is set up on a Sonicpoint. Right now, the LAN gives out 10.10.99.x addresses, the WLAN gives out 10.10.100.x addresses. What is the best way to get these two interfaces to give out addresses on the same scheme, ie both LAN and WLAN giving out 10.10.99.x addresses?
I currently have WLC 5508 and a few campuses with LAP 1142, each with 2-3 vlan. Now one of our campuses have a building thas is a bit far away and needs network (wired). We can't get fiber or TP-cable there in a good way. So the plan is to get two 1262 or 3500 with AIR-ANT5160NP-R antennas and get a wireless link working between the campus and the building. And then connect one of the AP's to a switch in the other building to provide it with wired network.
The problem is that I can't find information on how to do it. Should both APs be in autonomus mode? I probably only need to have 1 VLAN in the other building but I am not sure yet. Is there a problem with transfering several VLAN over the WLAN-link?
I have my wlc 4400 configured with a secure wlan and a guest wlan. The guest wlan is switching traffic at the wlc to a separate guest-wlan interface. When a guest is associated and authenticated, they can access the management console of the wlc which is in a different subnet. As I understand, the wlc does not route traffic. So how could this be happening? the guest subnet and the subnet the wlc management interface is in are different and separated by a firewall. I have also tried applying access lists in the wlc to each interface without luck. How can i stop the wlc from providing access to guest wlan users?
I have 2 WLAN controllers, a 4400 series and 5500 series controller. The 4400 series has 100 seat limit on it, with 74 Access Points currently connected. The 5500 series has a 250 max, but we bought it with only 50 licenses, and it is max'd out at 50.The 5500 controller is the controller that has a DNS entry so that the Access Points will know to find that controller as they're being added. BUT, because we've reached our limit of 50 licenses, I'd like to be able to set the 4400 series controller to be the controller that new Access Points try to connect to. By going back to the 4400 as the controller that new Access Points connect to buys me time to plan for more licenses on next years budget for the 5500 controller.
I recently upgraded our controllers to the latest version 7 software, as I read this was one of the requirements to get them to connect. But I am not having any luck getting into a controller. Normally I plug them in to the network, they pop into the controller listed as something like AP5057.a844.xxxx and then I can finish configuring them, but a static IP on them, etc. This is the first of this model AP I have tried to deploy, so I am wondering what is different with these. or what I might be missing in the default config in the WLAN controllers. Niether of which are set to "Master" either.
I am planning to get the following Hardware;AIR-CT5508-50-K9 5508 Series Controller for up to 50 APs AIR-LAP1262N-E-K9 802.11a/g/n Ctrlr-based AP; Ext Ant; E Reg Domain..During my design, i am considering to get the following security features.I don't have WCS and Mobility Services Engine (MSE). Managing Access Points at remote/WAN office.wIPS configuration (without WCS and MSE)How Rouge APs will be detected and Prevented. Can Automated prevention be implemented.Is wIPS (with WLC 5508) support to detect and prevent Rouge AP.Is Proxy Redirection supported on WLC so that the traffic from Wireless clients will automatically be redirected to Proxy (without adding the proxy in explorers of Wireless Clients).
We have two multilayer switches and only one ASA 5520. I'd like to connect ASA in the way described on the picture: each redundant interface includes two physical ones, which are connected to different switches
My question is what kind of link it is necessary to have between switches to make this idea work? I'd have subinterfaces like Re1.100, Re2.200 and so on for my traffic.
I understand that correct design approach is to have two redundant firewalls with failover but we cannot purchase the second one yet.
I have some doubts about the best solution for the design of a mini data center.In the data center there is a 6500 with FWSM module installed, there are some vlans created, all of them in the fwsm module. For example, a back end server to communicate with a server in the front end must always pass through the firewall. My question is, all these flows passing in the firewall does not degrade the speed of communication?What is the best practice, just pass the communications with the WAN in the firewall, and the vlan communication between front end and back end is only set up in 6500?
I have 3 4400 WLC's that implemented at 1 main site within a mobility group. I am looking at implementing wired guest authentication with a splash page for username and password access. I have followed the documents and suggestions about how to configure it. I created a layer 2 vlan (700) and then created a VLAN (151) that wired guests will get an IP address from. I then configured a WLAN with the ingress interface being VLAN 700 and the egress interface being VLAN 151.
All of my controllers are running code 7.0.116.0. When I go to do a test scenario with a wired client, I have the switchport setup for VLAN 151, which they get an IP address from, but when they try to go to the Internet, they don't get the splash page. Why I am not getting a splash page or even if this scenario is possible?
I have some doubts about the best solution for the design of a mini data center.In the data center there is a 6500 with FWSM module installed, there are some vlans created, all of them in the fwsm module. For example, a back end server to communicate with a server in the front end must always pass through the firewall. My question is, all these flows passing in the firewall does not degrade the speed of communication?What is the best practice, just pass the communications with the WAN in the firewall, and the vlan communication between front end and back end is only set up in 6500?
I am running Cisco ACS 5.1 802.1x with certificate based authentication for Wired and Wireless connections. The issue that I am having is that when a user comes in from home with their laptop the wireless connection works, they pass the authentication and have network access fine. But when the plug the laptop into a docking station the LAN connection fails and gets put in the Auth Failure Vlan. A reboot of the phone/ shut/no shut fixes this, but I really need to find a resolution.This is an intermittent fault and only effects users with both LAN and WLAN enabled. Running ACS 5.1.0.44, all Cisco 3750s - c3750-ipservicesk9-mz.122-55.SE.Certificates are issues by group policy and only using computer authentication.
I am implementing wireless lan controller for a customer's site. This site uses Cisco WLC2112 and AIR-LAP1041. I configure via start-up wizard and WLAN security configuration. The client joining via WLAN seems to work fine, able to browse Internet. But when adding a shared printer or sharing files, the machine's unable to find the computer name. When test pinging, it replies when pinging by IP only. This is not happened when using a LAN wire.
I would like to setup a 2504 to have one Guest WLAN and one Staff WLAN with a controller port for each WLAN connected to different devices.
I would prefer to connect the WLC Guest port to an ASA 5510 and the WLC Staff port to an internal 2960S switch. Will this work? I haven't setup a 2500 series controller previously.
I want to create a network with a bunch of routers and switches to be used as a test network for company employees to remotely login and learn networking.I don't want this network to interfere with the rest of the network in any way.I am basically trying to create a stub network or a passive network!!
Currently I'm with a pure Cisco shop, running every LAN Switched infrastructure (even in the HQ datacenter) with PVST+, I'm noticing in the documentation I've read and labs I've created that RSTP is... great, and I've observed that even the uplinkfast functionality seems to be build in by just enabling rapid-pvst. Of course I'll propose a migration plan, document the network, diagram it entirely and provide effective steps to implement the change, but that's assumed from any get'go.
i am using L3MPLS VPN services from a provider.They are doing QOS, like my Voice, Data, ICMP. all traffic is classified in their network and take different paths.Now sometime when we face voice issues, simple ICMP ping , TCP ping, will not give me insight if there are any packet losses, since Voice packets are taking someother path with in MPLS cloud due to DSCP marking of Voice pack to 46.is there any tool in which i can change DSCP value of my packets and test out network response? or any monitoring tool that can do this by default?i am looking for freeware at the moment or trial
question 1. in the typical active directory environment and doing wireless/wired 802.1x authentication on endpoints, should ACS join as a domain computer?
question 2. for the endpoint (domain computer) join the domain, in this case is the endpoint will trust the ACS ( also domain computer) ?
question 3. what if there's a GPO policy to install the rootCA certificate toward the endpoints. In this case, ACS should issue the CSR and let the domain CA to signed as the identity certificate? Am i correct?
I am using the "File exist"-check in my Dynamic Access Policies to be sure that VPN-computers are corporate. I would like to place the file in each users %APPDATA%-directory, but it seem that the ASA cannot use variables when specifying the path? Is there a way to do this or do I have to use a absolute path in the check?I am running a ASA 5520 with sw 8.4(1).
Today, we have a server running SNA that connects to router via the following. Vitrual Server --> Nexus 1000v ---->Nexus 7010 ---->2800 series router.We are trying to move server to new environment where it is Virtual Server ----> Nexus 1000v ----- Fabric Interconnect-----Nexus 55xx-----Nexus 7010-----2800 router.
Need securing a wireless environment in a hotel? The SSID has to be broadcast of course but how can we protect guests from man in the middle attacks, etc.? Currently the environment is all AP1200s with no hardware upgrades in the near future. There is also a 2811 router in place but nothing else. We would love to be able to force users to authenticate with a password in order to get out to the Internet as well.
I was asked to mount ACESMs on each of the CAT6K switches of a VSS cluster (one ACESM on each individual switch).On a non-VSS environment, the "svclc module <slot> vlan-group <group>" command is used to bind the VLAN group to the module on a certain slot. But now I am facing a VSS scenario, I will need to combine switch and slot in order to reference each of the individual modules...
How do I "index" each of the ACESMs in a VSS cluster? ¿Is there an extension of the aforementioned command to be able to combine switch and slot information?
I am looking to slowly migrate some of our wireless devices (Aironet 1231 and 1232's) to the Wireless N spec - 1260's.I currently have four AP locations that I want to upgrade first before anywhere else. At the minute, these four AP's work on the 2.4Ghz G band.
how the new 1260's will work in the mixed environment. I believe I will need to purchase the 1262 (which is the dual band version) so that I can operate the AP in both the 2.4Ghz G band range and the 5Ghz N range at the same time, is this correct?If I was to purchase the 1261 (which is the single band version), will I only be able to operate in either th 2.4Ghz or 5Ghz, but not at the same time?
For the mixed environment, would you suggest the dual band version? Can I place the same SSID on multiple Radios if this is the case? Following example: Say I have the SSID called 'Company' - this at the minute is operating on the G band 2.4Ghz range. If I was to purcahse the dual band 1262, could I put this SSID on both the G radio and the N radio? Would clients with an N adapter automatically connect to the 5Ghz range (N Radio) and legacy G and B adapters automatically connect to the 2.4Ghz (G Radio)?
During BOYD implementation we faced some problems with Android devices:
1) The Netwrok Setup Assistant (NSA) download process corrupts during the self-provisioning process (captured on 4.1.1 and 4.2.2 version) 2) If NSA is already installed, the network setup process (downloading profile, certificate) stops at last step: connecting to network, meanwhile the connection itself successfully establishes. This bug is captured on 4.2.2 version, 4.1.1 is ok.
Google ACL is configured according to TrustSec docs and permits all traffic to google networks 173.194.0.0/16 and 74.125.0.0/16.
Just upgraded our WCS server to the 7.x code over the weekend. Turned up the first 3500 series AP's today. The AP's have been up for about an hour. I am seeing the Air Quality graphs on WCS. On the Worst 802.11a/n and 802.11b/g/n Interferers windows, I am see a WCS System Error Page message but only in those windows. I have gone over the documentation and dont see that I need to enable anything else on WCS.
I am currently finalising my project in Uni and in the project planning section is asks if there are any ethical considerations to be made in my project. I am conducting penetration testing on a VIRTUAL network simulator (GNS3) using Metasploit toolkit. I am guessing I will need permission to download these tools onto the university network, would that count as an ethical consideration? If not, what would I say in this section? note, all of the data I am using in the project was created by myself, and there is no other human participation.
I have a small business environment that uses a domain controller and supports about 50+ PCs. Starting this morning multiple computers have lost their ability to obtain an IP address. We have rebooted our domain controller and tried various fixes on local machines with no luck.
I have a peachtree application installed on a standalone system and needs three other systems to connect to the shared folder to work but each time I click on show workgroup computers, it shows me a blank page on one and only shows the other system on the other.Hence when i try to connect to the peachtree folder, it give error that the system is not accessible?
I'm trying to use RDC to connect to my home PC from work. I've tested everything on my laptop from another network and the connection works fine but the same settings don't seem to work when I'm at work.
I'm pretty sure I have everything set up correctly. Using the default port forwarded to the desired computer.
I got a $7 per month plan on a server and I have a problems with FTP connection. I am trying to upload a 20MB file with multiple folders and files in it and the connection is very choppy and I literally was not able to do that since yesterday.
I'm having some serious sound problem with some 2950 Cisco switches that I have in my CCNA lab these switches sound like a jet I've gone in and made sure the fans are clean and I even replaced one they still are too loud. So I have a few options I can run them without a fan which I really don't want to do but I want to look at two other options. The first option would be to put a heat sink on the chip that's producing heat I also thought about cutting a whole in the top and mounting a 120mm fan.
