I'm trying to configure MAB on a Cisco 3560G to work with FreeRADIUS.
I have been assured that my RADIUS configuration is fine and the server is functioning properly.
This is my current switch config:
Header 1
!
version 12.2
no service pad
[Code].....
I am trying to get a NAC demo running and am having some issues with a Layer 2 OOB, Virtual GW configuration. Currently I have 3560G switches and would like to assign ports to a vlan based on user roles.
My Auth VLAN is 110 and maps to VLAN 11
Guest VLAN is 11 (172.16.1.0/24)
Employee VLAN is 1
NAS Mgmt VLAN is 20 - CAS is 10.10.20.5 (this ip is setup on both eth0 and eth1 per documentation for L2 OOB Virtual GW)
NAM Mgmt VLAN is 30 - CAM is 10.10.30.5
Untrusted (Eth1) switchport is setup as a trunk allowing only vlan 110 and has a native vlan 999 to blackhole traffic.
Trusted (Eth0) switchport is setup as a trunk allowing vlan 1, 11, 20 and has a native vlan 998 to blackhole traffic.
I also setup a Managed Subnet on the CAS with IP 172.16.1.254 and VLAN 110.Switchport controlled by NAC is access vlan 110. When a machine connects an snmp trap is sent to CAM and is forced into vlan 110. If I try to put the port in another vlan CAM puts it back to 110 immediately. This all seems to be working well.The machine connected to the port gets a DHCP address from VLAN 11. When I initiate traffic from this machine, everything is blocked. If I open a web browser I do not get an authentication page. I also installed CCA 4.1.10 on the machine but it does not find a discovery host and the Login option is grayed out. The only way to get this machine to send traffic is to add a filter for it and force it to the ALLOW option. I did setup a default web login page but I seem to be missing something to get authentication to work. I am running version 4.1.8 with a demo license. The host running CCA is Windows Vista.
Im stuck working on a moderm, its a speed touch 536 (old school) i cannot get past a password.. Im trying to set this bad girl up with a router, setting up routers in my specialty.Im trying to bridge the modern but on the setup page there is a password, i dont know if its factory or what.. ive tried many of common passwords for networking like (admin/admin, Admin/ Admin, Admin/Password) ive tried everything i can think of. so i need a way to bypass the security. Flashing the software maybe?Ive found a software uploader for it, but i cant find the original firmware for the modern.
View 3 Replies View Relatedwe are provided wifi connections. But most of the sites are blocked by cyberoam. way to bypass this (NOTE)ultrasurf and freegate too failed...
View 2 Replies View RelatedI am currently running a Windows 2003 Server Edition and I have an issue, we run a small piece of software for controlling the nights takings which connects to the tills database on the network.This piece of software is not password protected and is held in a safe, however it has come to our attention that an employee may have taken possession of a copy of this application and we need to block the application been run on the network.Now this is were it gets difficult, I know to stop the application I could just use the Software Restriction Policy with Hash Rules which would solve that. However the problem is that sometimes people WILL need to run this software on the network and not get blocked.These people may not have their own accounts etc so I am trying to workout a way that we can allow someone to bypass the software restriction policy with a password prompt, is this possible or is their another way around this issue?
View 1 Replies View RelatedCharter tech came today to solve my problem of my new modem not working, he fixed the Modem but i think he did something to the lan proxy settings after.I'm trying to set up my Belkin wireless G router but i do not have the orginal CD. What should my address be under the "Use a Proxy server for your LAN" checkbox and what is the port and should i check off the bypass proxy server for local address box?
View 4 Replies View RelatedCurrently using WCCP with squid for content filtering. One of our sites we connect to needs to see the connection coming from our public IP address, not the proxy server IP. I've created a acl in squid for direct lookup, but the website gets angry with the X-Forwarder-Header squid attaches to each packet. Is there a way in a cisco ASA 5505 to bypass wccp for a specific public ip address or url?
View 4 Replies View RelatedNot sure if this is a problem with the switch or the wireless AP connected to the switch, but I have a couple of 3560's, one is a 3560G and the other is a 3560, both have phones and wireless ap's connected to them. The ap's on both of these switches continue to loose there ip address and thus disconnect from the controller. This happens about once a week, but the odd thing is that the phones never loose there ip address. All of my other 3560s and 3560g's that have AP's and phones connected are working fine.
View 2 Replies View Relatedi have a situation where i have a deployed asa5505 running 8.4.1.The client has an existing mail server that is located on their lan and has Port Nat's configured for the normal mail ports, 25,110,993,587 etc.
This works fine for mail inbound and for any user popping mail off the server externally or visiting the webmail interface from outside the network.However when users inside the LAN try to connect through the ASA back inbound to the IP on the External Interface of the ASA they are unable to do so.
One solution i came up with is Split DNS. and well this works it rely's on the users not changing their dns servers.I was wondering if it's possible to do some sort of NAT that rewrites traffic destined for the above ports on the external IP to the Internal LAN Ip instead.
I am setting up ssh on my 871 router and I get prompted for only a password. I have typed in the correct password and it doesnt let me in. I also have telnet enabled and with telnet I do get prompted for both username and password and I am able to login. I would like to setup ssh so that it used the local username and password. This is what my vty has.
line vty 0 4
access-class 23 in
privilege level 15
login
transport input telnet ssh
I'm working with Cisco ASDM 6.1 for pix. I want some of ip addresses are not shunned thus provide a list of addresses which should not be shunned in threat detection, but some of ip addresses are shunned yet.
View 1 Replies View RelatedMy security key is not working to connect laptop, ipod.
View 2 Replies View RelatedI read somewhere that the security log could be set to display web address vs dns address. How do i adjust this?
View 1 Replies View RelatedIs it possible to configure cisco router like C3800 or catalyst switches like C4500 or C2960 to filter traffic based on allowable mac addresses only? I would like only to allow those devices that belongs to the domain, meaning if a user connects a computer or any devices that concerns network which I have not allowed the mac addresses, it will be denied access to the network. However, any of the allowable devices could able to use any port of the switch, meaning I dont want to associate an allowable Mac Address to a physical port on the switch.
View 2 Replies View RelatedI have problem with the Lan-to-Lan VPN tunnel.the VPN working fines since 9 months ago without any problems.Suddenly got the problem!,In last two days we faced problem the VPN down.in first time the problem in phase-2.. but after that in phase-1... in latest no data packet received to their side.
View 1 Replies View RelatedI am having some challenges on my DMZ network.My servers and Cisco Switches in the DMZ are picking the mac address of the Firewall(Cisco ASA).I have put some static arp entries on the Firewall and switches but the servers and users on the DMZ are still receiving the mac address of the Firewall.How can i stop the Firewall from changing the mac addresses of the devices on the network.My ASA is a 5520 and i have 2960Switches.
View 4 Replies View Relatedwhy I would be getting traffic on my outside interface that has a destination address which is not my assigned outside address? I recently set up my ASA 5505 on the network and gave it an available outside address of say 192.x.x.250 on interface vlan 100. When I assign vlan 100 to e0/0 and bring the port up, I start seeing lots of traffic pour into the ASDM Syslog with various destinations belonging to my subnet but that are not actually destined for my specific outside address of 192.x.x.250.They are showing a destination of say 192.x.x.85 or 192.x.x.29.
View 3 Replies View RelatedI am running v6.3.1172.4 of InterScan for Cisco CSC SSM. The previous administrator has left and I need to change the email address that email notifications go to. I click "Administration", then I click "Notification Settings" and type over the previous admin's email address.
When I click the "Save" button, I get:
The email address entered was not recognized. Verify the syntax and try again.
I did an ISE 1.1.1 installation on a VMWare with ESX 5.0. After installation I am not able to login with my credentials(username admin, password XXXX) I can ping my ISE server after initial installation but I can not ping my ISE server after full installation.I did the installation several times and even did it on a VM with differrent VMversion.
View 3 Replies View RelatedI am using an 831 router and am trying to get DDNS to work. Here is the debug output:
RESS_ASSIGN: Interface Ethernet1 assigned DHCP address 67.162.204.242, mask 255.255.254.0, hostname testlab831.xxxxxx.com
00:53:06: DYNDNSUPD: Adding DNS mapping for testlab831.xxxxxxxx.com <=> 67.162.204.242
00:53:06: DYNDNSUPD: Sleeping for 3 seconds waiting for interface Ethernet1 configuration to settle
00:53:09: HTTPDNS: Update add called for testlab831.xxxxxxxx.com <=> 67.162.204.242
00:53:09: HTTPDNS: Update called for testlab831.xxxxxxxx.com <=> 67.162.204.242
[code]....
what the problem is with the "Call returned Connection time out for update testlab831.xxxxxx.com <=>" line.
I'm running an exchange server beings my 2800 router and its all working well i have setup NAT and OWA is working well when external and on the internet but when the phones are on the internal wireless OWA isn't working and if u telnet the external ip on that forwarded port it doesn't forward i believe this is the fact the port forward rule "ip nat inside source static tcp 10.0.100.7 443 interface Dialer0 443" is for the dialer interface only and as I'm internal nothing but I'm show to forward any request on that port.. ill include the config below
!!no logging buffered!aaa new-model!!aaa authentication ppp default local!!!!!aaa session-id common!clock timezone WST 8 0clock calendar-valid!dot11 syslogip source-route!!ip cef!ip dhcp excluded-address 10.0.200.1 [code]......
I have a Linksys WRT54G router.I am trying to set up my internet connection so only my approved MAC Addresses can connect.I set everything up. I purposely excluded my laptop from the list to see if I did it right and I guess I didn't because my laptop is still able to connect to my network.
View 7 Replies View RelatedWe have a custom web application which is heavily relying on javascript. We're trying to access it via the webportal but this application does not load correctly (it barely shows a white page).
the link is [URL] and SUBIF-ISP2 is the public interface facing the internet. This is the rule as displayed by the CLI:
proxy-bypass interface SUBIF-ISP2 path-mask oursubdirectory target [URL]
Despite having this command in place, nothing changes. I tried multiple combinations adding the xml and hostname rewrite or changing the interface but nothing, the page is the same like if this rule was not applied.
I have configured 3355 NAC appliances in HA pair everything is running fine.But not able to Login through GUI (Virtual IP) which is used during the configuration of HA pair.
View 1 Replies View RelatedI have tried everything including removing the system, changing the network settings, using cmd.exe, ect. they all say access denied and theres no possible way to get around this.
View 2 Replies View RelatedHow can I bypass the proxy of my school? I cannot access my emails since I am in the UK and my email is provided with a server in China, namely 163.com; the email means a lot to me as it is the only way I can keep in touch with my friends from my old school.
View 1 Replies View RelatedI have network consists of more then 20 cisco 2950/2960/3700 switches. I have configured port security in my switches. initially when i configured on my switches it worked fine....even for copule of months it worked fine. but suddenly it start creating issues and now i am not able to implement port security on switches. the configuration is same but there is no effect now. Same switches were fine but now even having same configuration it is not working. please see the configuration: [code]
View 5 Replies View RelatedI have a problem viewing my security cam on my android IP cam app.I forwarded port on my router to my security cam then fixed security cam to have a static IP but my computer being on DHCP, after reboot changed IP, so I lost connection to android IP cam app.I read on a forum,that If your camera is using DHCP,setup your router so that it always gives the same static IP address for the camera based on it's MAC address but where do you set this up a Linksys E1000 router & on Samsung Y? so I can view my security cam on my android IP cam app.?
View 9 Replies View RelatedA N600 Router Model F9J1102v1 router first installed in July 2012 with WPA-PSK, MAC Address Filtering and "Self Healing" enabled would not allow a new PC to connect via an RJ45 port. Belkin support ask for the unit to be reset to factory settings which is done and the Security system re-enabled again. Valid MAC Addresses start to be added and midway a PC is discovered in the Network without its MAC address added. Closer scrutiny reveals that another unknown device has also found a way into the router and that the 'Block' option on the MAC list is also failing to work. Anyone think of what one should do with this security shambles other than turn the thing off quick?
View 7 Replies View RelatedOur customer has a Cisco ME3600X with the IOS me 360x-universalK9-mz.122-52.EY3.They are saying that is not possible to configure the "switchport port-security mac-address sticky" in the interfaces and want to know whether any additional license is needed.As far as I know there isn't any extra license to activate this feature and also I believe the ME3600 switch should have this feature with the universal IOS, isn't that right?
View 1 Replies View RelatedI have Westell Ultraline series3 modem/router , the problem is i can only connect to the router/internet if i enter the IP address and DNS manually , which is not much of a problem except I have a vonage phone and can't type the ip address in it , so here's how the settings looks like , let me know what i should be changing
[IMG]file:///C:/Users/GL/Pictures/Network.png[/IMG][IMG]file:///C:/Users/GL/Pictures/Network.png[/IMG]
How to bypass router to modem when the router has a built in modem? So my wireless router has a modem built into it, or is it the other way around: modem with built in router. I'm not sure...But anyway, because I am having such difficulties with the ps3 online, I have been told by many people to try bypassing the router straight to the modem.
View 2 Replies View RelatedIn my campus they restricted our download speed to 30kbps by registering our laptop in gateway.example.com. It is so ridiculous to download in such a low speed.Even if pages are not opening.
View 1 Replies View Related