Cisco AAA/Identity/Nac :: 6509 - Detect And Block Unauthorized Devices / Users In Network
Sep 25, 2012
we have Cisco 6509 as a access switch in our network. Each user has an IP phone and a computer. we are going to implement 802.1X for end users by next month. I need to check all the users activity in the network like if someone plug an access point to the network or a router.I just checked Cisco NAC and how to detect those activities on the network.
I need to get more details on Cisco NAC or other products for that purpose. also what is the difference between Cisco NAC and application like Microsoft TMG?
is it agent less or I have to install something on computers? is it working as a default router for users computers?
View 1 Replies
ADVERTISEMENT
Jul 18, 2011
i have distributed my internet through lan by router .but i think that, that user whom i have gave my net is forwarding to other users too through hub.
View 1 Replies
View Related
Jan 20, 2012
If it's possible, how do you protect/block a unauthorized DHCP SOHO router with NAT form a Cisco 3750?
View 16 Replies
View Related
Oct 3, 2012
I am attempting to block all FTP traffic on port 21 from the servers in my network, and only allow FTP from one server to go out.
I have created the following ACL
access-list 101 Permit ip any any
access-list 101 Permit 21 1.1.1.1 0.0.0.0 any
access-list 101 Deny 21 any any
and have applied it to my truck VPN that goes up to my firewall
int Vlanxxx
ip access-group 101 out
But when i test ftp is still allowed by all servers.
View 6 Replies
View Related
May 10, 2011
I am trying to export our network devices from ACS and I can't find out where it is exporting it. Under ACS 5.2 "Network ResourcesNetwork Devices and AAA Clients" you get the list of your network devices and at the bottom of the page there is an export button. When you click it you are given an option to password protect it which I didn't check the box and I pressed Start Export. The window flickers like it processed the request, but nothing happens. There isn't any pop-up to download the CSV. I have also tried setting up a software repo thinking it might just send it to that, but it didn't work either.
View 2 Replies
View Related
Nov 10, 2011
I am not sure what I am trying to do is possible, so I thought I would pose the question on here. In ACS 5.3, I would like to use an RSA server and AD to authenticate my network devices. So when I log into a router or switch I would enter my AD username, be prompted for my RSA token, then when I enable be prompted for my AD password, or visa versa. how to write an access policy to achive this?
View 2 Replies
View Related
Apr 20, 2011
how can i see unauthorized dhcp servers in my network
View 1 Replies
View Related
May 12, 2012
Simply put, a wireless network was set up with a network name and password in a senior community of primarily beginner users. Recently the name and password became changed to that of a community member named, let's say, "Joe". After addressing the router several times to change things back - only to find that the network name reverted to Joe - I changed the router password from admin to a unique pw and I confirmed that Remote Management was off. Next day... it was Joe again
View 3 Replies
View Related
Sep 13, 2012
How many newtork devices can Cisco Secure ACSv4.1 support is there any limit on the same? How to get the Specs of Cisco Secure ACSv4.1 on the above grounds...
View 2 Replies
View Related
May 28, 2012
i have acs 5.2 i need to create a network admin policy to our nx-os devices such as nexus switches, how this will be done on acs 5.2?
View 0 Replies
View Related
Nov 1, 2012
In short, I had the following problem in the past but it solved itself when people physically left the area. Now they are back, the problem is occurring and this time I have as many router settings as I can find to maybe aid in the solution.This is the problem:We have a wireless network where the physical equipment is not available to users and yet, the local network name and password continues to be changed wirelessly FROM say, "ABC network" with network password "ABC secret password" to "Jimmy's Network" and network password "some new string of letters and numbers". (we know who Jimmy is but will not approach him until we learn if this situation is inadvertent on his part or more purposeful, which we doubt as of now)Cisco Lynksys Wireless-N Home Router WRT120N[CODE]
View 1 Replies
View Related
Oct 4, 2012
Is there an easy way to detect NAT devices - specifically home wireless routers like those from NetGear or D-Link or Linksys - on my network? I've shut down the ones that are easy to find by looking at the hostnames on the DHCP server, walking around with my phone and capturing the MAC address of the AP then finding a matching MAC address one number higher or lower. But there are still more out there evading me and I need to shut them down.I've read about a method using SFlow/Netflow, but my old Cisco 3750 and 2950 switches don't support that. I've read about a plugin for a Linux based firewall, but I use a Cisco ASA.
View 10 Replies
View Related
Feb 22, 2013
I have installed ACS 5.4 and we are looking to authenticate our Anyconnect users with ACS via Active Directory. I think I have the correct commands in our ASA ( we had ACS 4 and authenticated our anyconnect users ).
I also have configured ACS to use Active Directory and installed the server side cert in ACS. I'm just uncertain how to program ACS to use the security group that I have setup in Active Directory.
View 6 Replies
View Related
May 20, 2013
I am using ASA5505 and I would like to block certain websites such as facebook.com on some users only
View 3 Replies
View Related
Jan 30, 2012
I wish to block some url that users have access through my LAN .That's i wish to block icmp,access towards such sites, i wish to block icmp because dns will resolve the domain and they can access through ip address.what i have in place is a cisco 2800 series routers,
View 7 Replies
View Related
Dec 8, 2012
My EA6500 are not displaying all the connected network devices on in the GUI. How do i force this? Is it a bug? How can I make sure all my devices are showing in the GUI?
View 5 Replies
View Related
Jan 18, 2012
I have a Linksys Wireless-G WRT54GS with SpeedBooster.When I turn on 3 devices on Wi-Fi ( for instance 2 Apple MAC Computers, 1 Windows PC, and a wi-fi printer ), in other words 3 to 4 devices, everything works fine. BUT when I add another device later in the day ( lets say an iPad ), the iPad is not able to access the wi-fi connection. I get a message saying that another device is already using the connection.If I reset the router, then the iPad will be able to get in along with 2 or 3 other devices. If I try an extra device, I get the same problem.What can be causing this? I was under the impression that the router can handle an unlimited amount of wi-fi devices.
View 4 Replies
View Related
Aug 26, 2012
We've got Workgroup LAN at our office and the Server is configured by the OS “Windows Server 2008 R2”. Most of the users use OS Windows XP-Service Pack-2. Now, I want to see the Internet surfing status/activities done by any particular user/users at any time from the Server. You know that, some people enter into restricted sites which impose severe negative impact on the network. If I could trace from the Server any user of doing this, I shall block his Internet connection from the Server.
View 1 Replies
View Related
Apr 8, 2012
For the past few days my laptop (Sony Vaio VGN-CR353) suddenly unable to detect/find my home wireless network but my other devices (ipad2/ipod) can detect my own wireless network. My laptop can however still can detect my neighbours' wireless network.
View 1 Replies
View Related
Jul 14, 2010
Got servers in vlan 10 ip range 10.0.0.0 and servers in vlan 20 ip range 20.0.0.0 at the same layer 3 switch. (c6509 sup720)I would like to block TCP traffic initiated from Vlan 20 to Vlan 10. But the servers in Vlan 10 needs to be able to open an TCP connections to Vlan 20 did test with the ACL thats blocking (ack/established/syn) but unable to get it to work.Or it works both directions or is works non directions.
View 4 Replies
View Related
Jul 1, 2011
We have ASA 5520 with CSC-SSM 20 and we want to block https traffic but when we are blocking https traffic http traffic going to block but user are able to open website.
View 1 Replies
View Related
May 2, 2011
Noticed several devices have connected through my home network previously. Not sure how it is done,currently these inactive devices are displayed, i would like to know how can i block them from the firewall just in case it is connecting again?
View 3 Replies
View Related
Jan 15, 2011
I have a linksys wrt54g router. i need to block all devices except one from plugging in a wired device into the back of the router. i tried the mac filtering, but i didnt work. Is that for wireless only?I can also block local ips (192.168.1.x), and was going to go that route and only allow my local computer but i was afraid if i restarted my router or computer the ip would change and i would be locked out.
View 2 Replies
View Related
Feb 23, 2012
I've came across IP address that aren't enough for some users in the company. The IP addresses are more than enough to cater to the user's notebook or PC. However, some users does not know that there are actually limits to the IP we have, so quite a number of them actually uses their mobile / pads to tap the company's wireless.
I was wondering if i could restrict that particular user from tapping onto the network. I know it sounds a bit impossible because DHCP doesnt have that smart function to block whoever we sees deemed as a "nuisance".
View 29 Replies
View Related
Aug 22, 2011
I am trying to allow a block of 7 or 8 devices to access the internet all the time. Two other devices I would like to allow internet access during a set time range. Finally I would like to block internet access to all devices not in one of the above groups. I need to use MAC addressing to identify the allowed devices. I was able to do this with my old WRT-54G but the DIR-825 is giving me trouble.My main problem occurs when I try to block access to "Other Machines". When I do that all devices on my network are cut off the internet.
View 5 Replies
View Related
Mar 29, 2013
I want to setup a simple VPN to allow users to access the office via the iOS (iPad/iPhone) devices. I assume I do this through:
VPN>IPsec>Basic VPN Setup
BUT, what do I enter for the "Endpoint Information" and "Secure Connection Remote Accessibility"?
View 1 Replies
View Related
Nov 29, 2011
which current SB routers support these features known from RVL200 and RV0XX v. 1.X?:
Block MAC address on the list with wrong IP address
Block MAC address not on the list
View 1 Replies
View Related
Dec 20, 2012
how do I block IP/Internet Adresses for ALL users without adding the sites manually per user in the Parental Control panel? I want to block a certain IP/internet adress for all users but can't find this feature within my EA6500 anywhere?Is this a firmware bug? Has linskys forgotten that some sites want to blocked for all users and how do I do it all in one?
View 1 Replies
View Related
Apr 11, 2012
My question is if I do not want to purchase any additional switches can I connect the devices to the 6509 and put them in their own separate vlans?I am a little fuzzy about the physical connections needed to make this design work as it is.
View 9 Replies
View Related
Jun 24, 2012
Is it possible to export internal ACS users from an ACS 4.x Windows (On ESXi), solution to an ACS 5.x solution. All I want to be able to do is export usernames and passwords out of the 4.x solution and then import them into the 5.x solution. I thought maybe the CSUtil program be used ?
View 3 Replies
View Related
Jan 19, 2013
I have a 2wire 2700hg-d (Qwest/Centurylink) router serving 3 or 4 computers. Is there a way I can either block or monitor porn viewing activity of users through the router?
View 2 Replies
View Related
Feb 9, 2012
We have remote users that dial-in over ISDN to a Cisco 2911. We have configured AAA to pass the authentication off to a RADIUS server. Once successfully authenticated, the router permits the users to access a single web server. However, we need to do some testing in our test environment, but unfortunately we don't have an ISDN line to test with. We have created a little environment in our LAB using a 2911, a switch, a RADIUS server & web server. I was hoping that we could simply create a "user" VLAN off the back of the 2911 to simulate our remote users, and access the web site from the test usr PC's over the LAN. I was hoping that the 2911 would be able to intercept the connection and pass the authentication off to the RADIUS server (as it does with the PPP ISDN traffic). But I cannot find anyway to do this, because I can only configure AAA to offload either PPP traffic or telnet/ssh connections to the router itself.
In summary what I want is for a user to access an internal web site over a LAN interface of a 2911 - but have the 2911 authenticate the user via a remote RADIUS server first. Is there a way to configure a 2911 (or any router!) to do this?Is the answer to configure port-based authentication (802.1X) on the switch?
View 3 Replies
View Related
Mar 19, 2012
How to configure the ACS5.0 radius for remote access VPN authentication.
And how could I implement the IP Pools for the VPN users.
View 4 Replies
View Related
