Cisco :: To Configure MAC Based ACLs With AIR-SAP1602I

May 19, 2013

I  want to buy an AIR-SAP1602I-E-K9 and I don't know if I can configure a MAC-BASED ACL with this AP, because I must permit the access of the wireless netwok only to determined wireless devices.

View 4 Replies


ADVERTISEMENT

Cisco Wireless :: Can AIR-SAP1602I Convert To Ctrlr-based AP

Apr 17, 2013

AIR-SAP1602I is a Standalone AP (Fat-AP), can we convert it to Ctrlr-based AP(Thin-AP) via install another IOS ?!In contrast, can we convert AIR-CAP1602I to be a Standalone AP ?!

View 5 Replies View Related

Cisco :: ACLs To Limit Ports With Client - Based VPN Tunnel

Jun 16, 2011

I have a customer I've built a webvpn tunnel for.Users on this tunnel need to have http access to a server at 10.1.1.12 and nothing else.That's fine, but in order for name resolution to work properly they need to be able to send DNS requests to 10.1.1.9.I'm working with two different access lists, my non access list (nat 0) and my split tunnel access list. I can't specify ports in the nat 0 access list, but I did try writing my split tunnel access list as follows:

-access-list split permit ip host 10.1.1.12 172.16.4.0 255.255.255.0
-access-list split permit udp host 10.1.1.9 eq 53 172.16.4.0 255.255.255.0

When I do that users can access the 10.1.1.9 dns server, but they can hit it on anything (ping, 3389, etc.).I'm trying to figure out how I can limit them so they will only be able to pull dns but nothing else.They have the Any connect Essentials license, so unfortunately a clientless VPN is not an option. Is there some other access list I can interpose that will limit things the way I want?

View 2 Replies View Related

Cisco Switching/Routing :: Configure NX7000 To Log ACLs Hits On Remote Server

Nov 4, 2011

How should I configure NX7000 to log acl's hits on a remote syslog server.

View 10 Replies View Related

Cisco Wireless :: 2504 -configure MAC Authentication With Certificate Based

Jan 8, 2013

I have cisco 2504 WLAN controller with 7.4 IOS. My query is can I configure the MAC authentication with certificate based. And without using any external servers like Radius, ACS and LDAP.
 
May I know, If there is a option on WLC…

View 4 Replies View Related

Cisco WAN :: Configure Policy Based Route On 2811 Router?

Jan 19, 2013

configuring policy based route for my cisco router?Basically, I have a 2811 cisco router with 2 ADSL ports. 1 port is for iiNet line and another port is for Telstra line.I want to configure a policy based route on the router so that:Any traffic coming from 1 internal IP (i.e. 172.16.x.1) will go through iinet line (i.e. Dialer 0) interface.Any traffic from rest of the office will go through the Telstra line (i.e. Dialer 1) interface. Is there any easy way to configure this policy based route?

View 8 Replies View Related

Cisco Firewall :: Configure MAC Address Based Routing In ASA 5540?

May 10, 2012

I have a network setup where two servers from inside need to communicate with a remote network via 2 VPN gateways. The destinations are same. However, the chalange is each server need to follow it's own VPN gateway. Since i can't configure PBR (policy based routing) in ASA, can i configure something like MAC Address based routing. I can't use destination based routing since the remote network are reachable from the both VPN Gateways.

View 1 Replies View Related

How To Configure IP Subnet-based VLANs Using Nortel 8600

May 25, 2011

How to configure dynamic VLANs (IP subnet-based) using Nortel JDM? My company is now using port based VLAN and it wastes a lot of time reconfiguring the port to its VLAN everytime their devices moved from one place to another place. So I think using IP subnet-based VLAN might solve the problem?

View 1 Replies View Related

Cisco WAN :: 2431 - Configure IAD So That Phones Are Routed Based On Destination Network

Jul 12, 2012

Our ISP has set up a Cisco 2431-16fxs IAD (dual WAN) in one of our locations. It is used to connect the devices (PCs and SIP phones) on our LAN to internet (via 1st WAN port) and ISP's MPLS-based voip network (via 2nd WAN port).
 
We have 2 LAN subnets - the first subnet (PCs) requires internet access only, so it goes out via the 1st WAN port. The 2nd subnet (SIP phones) is connected the MPLS network (via 2nd WAN port).
 
We would like to have the SIP phones (that connects to MPLS-based network 192.168.1.x) to be able to access the internet. Is it possible to configure the IAD so that the phones are routed based on destination network; i.e. anything to 192.168.1.x via 2nd WAN port, anything else to the internet via the 1st WAN port?

View 1 Replies View Related

Cisco Wireless :: AIR-SAP1602I.EK9 - How To Monitor Load On AP

Feb 4, 2013

What would be the best option to monitor the load on AP live? Is there a GUI tool for this or should I use command line interface? I was hoping that CNA would do this, but the AIR-SAP1602I.EK9 does not seem to be supported by the CNA. CCP seems to be another application, would this do what I want? 

View 1 Replies View Related

Cisco Wireless :: AIR-SAP1602I 5Ghz DB Maximum?

Apr 25, 2013

On a 1602 autonomous AP in the US, should the maximum DB power level be 22DB or 17DB? According to the datasheet it shows 22DB when all 3 antennaes are in use although I am only showing 17DB as the allowed maximum even though all 3 are enabled.
 
Antenna:                        Rx[a b c ]
Tx[a b c  ofdm all]
Internal
Gain [Allowed 8, Reported 0, Configured 0, In Use 8]  (dBi x 2)

[Code]....

View 11 Replies View Related

Cisco Wireless :: Connecting AIR-SAP1602I-A-K9 To Network

Mar 25, 2013

I have successfully setup the Cisco 2504 (AIR-CT2504-K9).
 
Trying to add 2 Access Points (AIR-SAP1602I-A-K9).  I created static IPs for both in the router (RV180).  The Access Points are connected to the PoE ports on the Cisco Switch (SG200-08P).  The 2504 is connect to one of the non-PoE ports on the SG200.  The SG200 is then connected to another switch (SF302-8P), which is connected to the Router (RV180), which is connected to the cable modem (Cisco DCM3000).
 
I am able to ping both of the access points from within the LAN, but they do not show-up on the 2504 console. 

View 3 Replies View Related

Cisco AAA/Identity/Nac :: Configure IEEE 802.1x Port-based Authentication On Switches / Preferable 2960 Series

Aug 14, 2011

I want to configure IEEE 802.1x port-based authentication on cisco switches, preferable 2960 series. Which models support this feature?. I have try with some older switches but it doesn't works properly on everyone. I have upgraded them whitout better results, there is namely an issue with TLS handshaking on some switches which produces authentication to fail.

View 1 Replies View Related

Cisco Wireless :: SAP1602i - Setup For AP Running In Autonomous Mode For Clients?

Apr 25, 2013

I am trying to have a setup where the AP running in autonomous mode also act dhcp server for the wireless clients.The only thing is that the vlan is switched across to the wired network.

So basically i am having 2 vlans, one for mgmt and other for data (for wireless clients) and both vlans are trunked to the switch.
[CODE]...

View 1 Replies View Related

Cisco Switching/Routing :: How To Configure Policy Based Routing On 3750

Jan 28, 2013

In our datacenter we have a 3750 stack with IP base image.  I have enabled PBR and reloaded the switch.  Show sdm prefer says i am using default template.  The reason i want to use PBR is that we have 2 firewalls on the same work and want to be able to have granular control over which gateway out of the network they use but still be able to access all internal resouces accross wan and locally.

Created access list to identify traffic:
 
access-list 10 permit 10.2.3.59 (test workstation on vlan 3)
 
Created policy:
 
route-map TestASA permit 10
match ip address 10
set ip next-hop 10.2.0.3
 
Assigned policy to the user vlan3:
 
ip policy route-map TestASA
 
Results:It changed the default gateway to the above gateway but i could not access any resources on any other vlan, could not access resouces accross wan. 

View 16 Replies View Related

Add A Dos Based Computer To A Windows Based Network?

Jan 18, 2012

How do I...add a dos based computer to a network running windows 2003

View 1 Replies View Related

Cisco :: ACS 5.2 Downloadable ACLs For WLC

Jun 19, 2011

I'd like to set up a downloadable ACL from my ACS 5.2 server to be applied for users authenticating for just one of my SSIDs / WLANs.
 
I intend to use this primarily for mobile devices to allow them to go to any of my physical locations, connect to the same WLAN regardless of location and then get the same downloaded ACLs (filtered based off  of destination port and address) applied in each case.

View 3 Replies View Related

Cisco :: Configuring ACLs For HSRP

Feb 13, 2013

I'm screwing around with HSRP running between two L3 interfaces of routers. I placed an inbound and outbound ACL on the same interface on both of these routers specifying to "permit ip any host 224.0.0.2" Why am I only seeing counters ticking for the inbound ACL of both of these routers? Is it an order of operations thing?

View 3 Replies View Related

Cisco Firewall :: ASA 8.2 Getting ACLs Loss

Jan 23, 2013

I'm almost afraid to post since my stuff is so OLD! I have a 350 Series PCI Wireless LAN Adapter in my old WinXP, not wireless-ready Compaq.I live off the grid, no landlines and have been using a Franklin CDU680 USB air card to connect to the Internet. The air card doesn't like my Compaq - occasionally crashes it. I thought to put the air card in a router to solve the problem and communicate with the router using the Cisco 350. Bought a Cradle Point router from my ISP and plugged in the Franklin.  Then spent the next 5 days trying to get the Cisco 350 to associate with the router.I now have a profile with the router's SSID in it that according to the ACU's status report is associated with that SSID. Problem is that there is no Internet connection.

View 4 Replies View Related

Cisco :: IPS Configures Router's ACLs Thing?

Mar 18, 2011

This "IPS configures your router's ACLs" thing seems like a bad idea to me, other than letting it be it out of line and reducing your IPS's load abit doesn't really seem to really give you any real benefits..

View 1 Replies View Related

Cisco :: Implement ACLs In Layer3 Switch?

Oct 15, 2012

Is it possible to implement ACLs in layer3 switch??

View 4 Replies View Related

Cisco Firewall :: ASA 5505 - Static NAT And ACLs

May 25, 2011

Currently a customer has all theLAN devices using a router as the Default Gateway. The router also do the Dynamic NAT to the internet access and has NAT/PAT rules to publish some services like HTTP and FTP. As I know the router will permit all the incoming traffic in all its interfaces without restrictions at less there is an ACLs that restrict the incoming traffic on an specific interface.Now the customer has bought a brand new ASA and wants to use it as the default gateway for the entiery LAN. This means, the ASA will have the internet connection and will be the responsible for the NAT/PAT process.

I have configured the NAT/PAT rules already following the current router configuration, but I need to know if I have to configure ACLs allowing the incoming traffic on th Outside interface for the services I NATed.

View 1 Replies View Related

Cisco Firewall :: ASA5510 Post And Pre 8.3 NAT And ACLs

Aug 30, 2012

In the near future I plan on updating all of my firewalls to 8.4, currently we're on a mix of 8.0 and 8.2. I've heard that if your equipment is on 8.2 there's an auto-conversion feature when upgrading to 8.3. However, I do not want to rely on that and am trying my hand at re-writing the NAT and ACLs myself. Attached is my pre 8.3 ASA 5510 config (santized) and a document that shows the particular sections pre 8.3 and what I think they should be after the upgrade.

View 1 Replies View Related

Cisco VPN :: VPN Filter Vs Interface ACLs On ASA 5525

Mar 19, 2013

I need some clarification on the differences between a VPN-Filter v an Interface filter.I am using an ipsec crypto tunnel between our site using ASA 5525 and a remote client who are using a Palo Alto Firewall.  I have applied a vpn-filter on the tunnel for these sites but I am being told that an interface filter would have been more simplier.

View 9 Replies View Related

Cisco Firewall :: ASA 5510 - Multiple V LAN's And ACLs

Feb 27, 2013

I'm having a bit of trouble determining the best way to do this... I have 12 V LAN's set up (sub interfaces on a redundant group of two NICs) on my ASA 5510.  On several of these, I want them to be able to access the internet but not access other V LAN's. 

By default, they have a rule like "any to any less secure", and since the outside interface has a lower security level, this works great.  But if I create an ACL on the interface, this rule disappears.  I can restore internet access by adding an "any to any" or "(this interface's sub net) to any" rule, but this seems to imply that it allows access to any v LAN.  Do I have to create a set of "deny" rules for each V LAN, on each V LAN, followed by an any-any rule to allow internet access, or is there a cleaner approach?

View 2 Replies View Related

Cisco Firewall :: Configuring ACLs 3560 In A Lab

Dec 27, 2011

In my lab setup i configured Cisco 3560 switch.

VLAN 20 and VLAN 30 i configured.
VLAN 20 interface IP : 192.168.20.1/24
VLAN 30 interface IP : 192.168.30.1/24.
Inter-vlan communication is happening fine.
 
For testing for purpose i configured extended ACLs. Here is my requirement: I want to stop communication from VLAN 30 to VLAN 20 but not vice-versa.
 
Here i configured like this:
 
access-list 111 deny ip 192.168.20.0 0.0.0.255 192.168.30.0 0.0.0.255
access-list 111 permit ip any any
applied ACL in VLAN 30 interface 'in' direction.
ip access-group 111 in
 
In this scenario, communication is stopping in both directions. If i ping from one of the IP VLAN 20 to one of the ip of VLAN 30, i was gettng Requested time out. And if i ping from one of the IP VLAN 20 to VLAN 30 interface IP, i was able get pinging.
 
From VLAN 30 to VLAN 20, i was getting destination host unreachable from VLAN 30 ip( Its fine as its my requirement). So, solution needed to communicate from VLAN 20 to VLAN 30.

View 1 Replies View Related

Cisco Switching/Routing :: 3750G ACLs Not Working

Sep 17, 2012

I am trying to create an ACL that walls off a VLAN and only allows it to the internet. This is on a 3750G, currently the 3750G I am attempting this on is in a stack. I have another 3750G that is a standalone.
 
The first way I attempted this was to create two access-lists: access-list 101 permit tcp 10.249.1.0 0.0.0.255 any eq 80 access-list 102 permit tcp any 10.249.1.0 0.0.0.255 established
 
Let's call the 10.249.1.0 VLAN 2. I applied this to the VLAN2 interface, 101 out, 102 in. It didn't work. If I place a deny statement with nothing else, that works.
 
The second attempt was this: access-list 101 deny ip 10.249.1.0 0.0.0.255 any access-list 101 permit ip any any
 
I applied this to a VLAN I wanted to block VLAN2's traffic from reaching, let's call that one VLAN 3.
 
This lets all traffic from any VLAN (including the one I'm trying to block). If I remove the "permit ip any any", then all VLANs are denied. Which I understand is correct due to the implied deny all. What I don't understand is why it isn't applying the ACL to the specific VLAN.

View 3 Replies View Related

Cisco Firewall :: ASA 5505 ACLs On Ethernet Interfaces

Aug 18, 2011

It is my understanding that ACLs can only be bound to logical interfaces using the access-group command. However, is it possible to somehow apply ACLs simply based on the ASA's local Ethernet interface? For instance, consider the following:
 
Device A with IP 192.168.1.1/24 is connected to Ethernet0/0 on the ASA. Device B with IP 192.168.1.2/24 is connected to Ethernet0/1 on the ASA.
 
Since both devices are in the same subnet and presumably the same VLAN, is it possible to manipulate the traffic to and from physical Ethernet interfaces using ACLs in this manner?
 
My predicament is fairly simple:
 
Internet --- ASA --- ROUTER
|
DMZ
 
In addition to NAT, VPN, and various other tricks, my ASA is also routing traffic from my internal LAN and the Internet to servers in the DMZ configured on the ASA. Due to a combination of Internet and DMZ traffic, my relatively slow ASA is struggling to route and thus becoming a bottleneck. My router is comparatively modest in terms of functionality when compared to the ASA but it is fast. My ideal solution would be to somehow harness the ASA's filtering capabilities for my DMZ but use the router to get traffic to and from my internal LAN into the DMZ without using the ASA to route it.
 
Additionally, it is worth noting that my DMZ is fairly restrictive so using protected or isolated ports would not quite work for me.

View 1 Replies View Related

Cisco WAN :: 6509-E / ACLs Missing After Reload Switch?

Jan 1, 2012

We had an power shutdown activity last week, due to which one of the core switch was turned off and ON .After the core switch was turned ON, we had found some of the ACLs missing which were bounded in VLANs. We had given write command before this power shutdown activity.We need to find the root cause for the same.
 
Switch Model-WS-CISCO-6509-E.

View 3 Replies View Related

Cisco AAA/Identity/Nac :: Dynamic ACLs On 2960S Switch Using ACS 5.2

Apr 20, 2011

I am testing a ACS 5.2 in our lab environment, I am testing port security for policy based VLAN and ACL assignment. The problem I am having is with the 2960S switches; in my current setup it is working but it doesn't seem to me like it is the way that it should be working. I have a downloadable ACL in the ACS defined and associated to an Access policy and it is working correctly. The problem is, from what I understand, I have to assign a default ACL on the switchport? So what I have assigned on the switchport is ip access-group 10 in. The downloadable ACL from the ACS is also called 10. Do I really need to match the ACL on the switchport with the ACL name I have created in ACS? That doesn't seem like it's dynamic if that is the case? What is the ACL that I should apply to the switch port (if any) in order for the downloadable acls that I configure in the ACS to work no matter what port the user is patched into?

View 2 Replies View Related

Cisco Wireless :: 5508 Single SSID / Two ACLs

Jul 16, 2012

I am setting up a Cisco 5508 wireless controller and was looking for some feedback or assistance.  Basically I already have my guest SSID configured and functioning.  Created an interface group containing my vlans and applied the created ACL "Guest Policy - internet only", which is also working.I want to setup a second SSID called "staffstudent" and use RADIUS for authentication.  I have already created two separate network policies on the radius server: staff and student.  Each only allows certain user groups.  I want to be able to differentiate on the controller side which profile they are logging in on and then apply the correct ACL.  I have two currently configured:  one for staff and one for student.  It appears to me that since you have to apply the ACL at the interface level I cannot use both since my interface is accepting both staff and students.  Is there a way I can filter them using RADIUS so that when they login RADIUS can return a "student" value and then apply the correct ACL?  Same for staff?

View 2 Replies View Related

Networking :: Cisco 2621 ACLs Blocking All Deployments

May 9, 2011

How would I go about only allowing the traffic that I have acl's set for and blocking any other traffic?

Just as an example say I have an acl that allows traffic from 192.168.1.0 to 192.168.2.10,How would I go about setting it up so that no other traffic can occur such as http traffic from 192.168.3.20 to 192.168.1.10

I'm hoping there's a way to deny everything and then only allow what I want. It would seem crazy if I would have to deny every single protocol from every possible action.

View 3 Replies View Related

Cisco Firewall :: ASA 5505 - Bypassing ACLs Online

Sep 22, 2011

I implemented an ASA5505 on an access switch on a network with a single data vlan1.  When I put the device online, none of my ACL's were being matched. 

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved