Cisco :: WLC 4402 And LWAP 1510 / Access Control List?
Aug 18, 2011
We have WLC 4402 and LWAP 1510In access control list menu, all needed rule added and the last rule deny any to any We use Ethernet bridging on LWAP and some clients connect with wire network that associated with Ethernet bridge LWAP, Now when deny rule applied the client that connect with wired network couldn't established VPN connection or another service to the routing and remote server, I create rule that permit any to routing and remote server.
I am copying files form one server to another using Bightserv ARCserve Backup, now the files copy over however the access control list to the files isn't.Does anybody no away around this?
I've been working on an application recently that practice ACL configuration, and since finishing I figured it should be put on the internet as there wasnt much more work to do to make it suitable for a website. It allows you to practice both standard and extended ACL configuration by generating a random number of ACL actions for you to configure, and provides the correct config to compare yours against to see if you were correct. It also emulates a router at a very basic level to allow practice when there is no equipment available.
I have an extended acl on my VLAN interface in bound and it is working like I need it to, securing one side of my network from the other allowing only what I want from my desktops to my servers. The acls look something like this:
Traffic is initiated from vlan100 not from vlan70 then back through so an established rule does not work. Also there are many more ports open in my inbound acl but this is simplified for ease of reading.I want to make sure if I place both an inbound and outbound rule on my vlan and that it is in the right place, both on the same vlan.
I have a sip gateway (AS5400) that is used to connect sip providers to our internal voice network.Internal gateway (10.1.1.2 LAN) -- SIP trunk -- AS5400 (10.1.1.3 LAN/ 8.23.23.43 WAN) -- SIP trunk -- Internet SIP Provider We encountered the following problem :A SIP call from internal gateway to the sip provider could establish but was muted on our side (sip provider could hear us)On the WAN interface of the AS5400, there is a ACL that filter traffic IN coming from SIP Provider
interface GigabitEthernet0/0 ip address 8.23.23.43 255.255.255.224 ip access-group 101 in
I log the deny on this ACL and I saw some udp packets denied with LAN addresses !*Mar 3 15:24:44.001: %SEC-6-IPACCESSLOGP: list 101 denied udp 10.1.1.3(0) -> 10.1.1.2 (0), 1 packet I did not bind anything on the sip config.When I changed the ACLs, calls went well.Why do I see LAN packets on the WAN interface ?
I am having some issues with creating an ACL for my gateway router.I want to block external access to my network 192.168.1.0/24 from internet so i set up the ACL on the WAN port of my 7200 router asI am using named extened access list -
{ deny ip any 192.168.1.0 0.0.0.255 log permit ip any any } and i applied this inbound accesslist on the WAN port of router as "ip access-group acl-in in"
Now i have blocked the external traffic to my network 192.168.1.0/24 but the issue i am having is i am also unable to reach outside now. All i want is to block external traffic on the router WAN port but allow internal traffic to outside. Did i miss anything in the access list?
I have an ASA pair configured to replace a router that hosts a collection of IPSec Tunnels. Tunnels appear to work. I am lab'ing some additional controls that I would like to implement. On the Production Router that i plan to replace with the ASA's the current Tunnels are all wide open (all traffic allowed to pass). I was hoping to lock things down a little without having to reconfigure all of the Tunnels. My though was that an ACL on the Inside Interface blocking selected traffic Out (so into the LAN) should not impact the stability of the Tunnels but allow me to restrict some traffic from entering the LAN. One port that I was attempting to block is RDP 3389. When this ACL is applied to the inside interface it does not block Port 3389 at all. What am I missing? Is it that the trffic is being allowed because it is coming through one of my 'open' Tunnels?
Shouldn't IPSec Tunnel traffic be processed by the Inside Interface ACL just like all other traffic?
We have a 4402 Wireless Controller. However, our AP's are from another manufacturer (Meraki MP12). Is it possible that the 4402 can "control" the Meraki MP12?
I'm trying to limit my kids' access to the internet during the night, since I caught them plugging their laptops and the Xbox into the router's Ethernet ports late at night so they could circumvent the wireless guest access. The problem is, I only have 5 available control slots and the list of devices I browse to choose from is vague at best. Half of the devices listed in parental controls say "Network Device" and the other half say "iPhone" or "iPad". Isn't there an easy way to choose the correct devices to restrict, like by IP or MAC address? And if not, why is this so confusing and difficult? I have a family of 10 in my house and everyone is connecting with their own phn or 3 iPads, 2 laptops, 2 desktop PCs, 1 Xbox and 1 PS3.I tried limiting the DHCP Reservation list, but that seems to only affect the wireless access, not the 4 ethernet port connections.
have just set up a WLC 4402 as a Guest WLAN controller on the DMZ of our network. I have successfully managed to get our internal controllers to connect to it, with the exception of 1. it says the control path is up but the data path is down. the other 14 controllers worked fine, and in testing the last one was OK but it is now not working properly. the 2 controllers can ping each other but just won't create the data tunnel. there is a firewall in the middle but that has been set up to allow traffic between the 2 groups of controllers to be unrestricted.
the internal controllers are 4404's and all controllers are running the same version of code. 5.1.151.0.
I am trying to allow telnet to port 551 but i couldn't get it to work.I am using a cisco 1720 router running on IOS 12.2.I am using the below commands to set the access list to allow access to port 551 using remote telnet to the Cisco router.hostname R1!interface ethernet0ip access-group 102 in!access-list 102 permit tcp any any eq 551.After i enter the above command the router will disconnect me and i will not be able to connect to it for awhile. Once the router is up i am still unable to telnet to port 551.
We have a small office and already have a firewall in place that uses content filtering. I am looking for a low cost wireless access point that I can place behind my firewall that will allow me to control access by a username and password list, not just the passkey.
Does this exist without having to go to an Aruba or Ruckus type enterprise WIFI product?
I used mixed mesh 1510 and 1520. WLC version is 4.1.192.35M (Mesh).During 2year WLC is no problem. But, recently WLC's current client error.Normally user is 20. But, these day, user is 2500 and normal client is not assoiate.2500 user's status is probing and WLAN profile is unknown. probing client is not automatically disappear.We are locate isolated area. So, wireless user is a few. But, wired user is very many.after WLC reboot, status is OK.
I have a cisco WLC 4402, i have a problem with people trying to log into wlc 4402 GUI console with wrong pass. Are there any ways that I can allow certain IP to go to or see the log in page of WLC?
We had our wireless mesh network running with 4400 Controller and 1510 A.Ps. Now that we have bought new 5508 Controller (with SW: 7.2) and 3600 Indoor APs, we are unable to add legacy APs on our new controller. After a wild googling I have found that for 1510 APs i need to be on SW ver: 4.0. But that will lead into another situation i-e I wont be able to have my 3600 APs on WLAN Controller.
I just bought a Studio 17 (1749). Got it all configured. It is a beauty. It has the DW 1501 Wireless-N WLAN Half-Mini Card.
The computer detects the 2.4 GHZ network seamlessly. It is unable to detect the 5 GHZ network.
I have a NETGEAR RangeMax Dual Band Wireless-N Router.
I have no problems connecting to this router with a Studio 15 laptop that I bought in December 2009. The Studio 15 can detect both the 2.4 and 5 GHZ seamlessly. I also have no problems connecting at 270 MB with a work Lenovo XP laptop with a Netgear Wireless-N USB stick.
Received my new 1510 mini wireless card card today for install in Inspiron 1525 running Vista 32bit.Laptop sees new device but cannot located driver. Run the disk that Dell sent, get message 'No compatible hardware found program will end'
Device manager shows yellow explanation mark under network tab..Have downloaded 6 or 7 different version of the driver but no joy.
We have two WLC 4402 WLC in active-active mode in our setup. The issue we see is that a user/laptop gets connected and gets the ip address but there will be no network access. We see a yellow exclamation sign at this time in network icon in tray and we can not ping gateway at this point. We have run debugs at this time for the machine and we could see that was in "RUN" state its only that the machine can not access network.
We have a 4402 wlc setup for guest network access. We are using the local net users to provide access to our guests. We have an issue where if a user signs in through the web, sometimes but not always, they are then forced to keep signing back in almost every 30-60 seconds.
We have a WLC 4402, with interface Management, AP-Manager, and only the ap-manager interface is enabled for dynamic AP Management, how can i enable the dynamic AP Management for management interface also. Because i couldn't access WLC from via wireless, only able to access it via wired.
We are forced to rush a installation of a WLC 5508 various reasons in a testing lab. I eventually want to configure RADIUS and such but cannot do it at this immediate time. What I would like to do is implement straight forward MAC filtering. The problem I am having is the controller allows either any W LAN or only one W LAN, and a interface setting. I need to have each MAC be able to access several W LAN's but not all of them. Can anyone point me to a article or give me a quick idea of what I can do.I have basic W LAN's configured and have MAC filtering generally working. I cannot just use a user authentication because each user may have 20-30 devices, but not all of these devices should be allowed on all W LAN's and I do not want to rely on the user.
We are expanding our wireless infrastructure by adding further access points AIR-AP1242AG-E-K9.We use four WLC 4402 running version 6.0.188.0 as a fail over pair.What is the maximum limit the WLC can handle ?What is the recommended limit one WLC can handle ?We can divide the load on the controllers but in case of a failover one WLC will manage all access points.
I need Some information for Connecting my New Access point ( Cisco AIRLAP 1242AG) with WLC(4402) ControllerIn our network set up we have two WLC(4402) we needs to Connect this New Accesspoint To one of our WLC,My Access point is brand New. I need to Know what all i have to do inorder to connect this AP to the controller (from Acesspoint perspective & WLC perspective),I need to Know what I need to do in AP to connect to the Controller,Do i need to Assign Static IP Address forAP or after connecting to the switch it automatically gets ip from DHCP and regsiter with controller??
I have a 4402 and recently I have not been able to access the device via the service-port interface. The service-port has an IP Address and it is connected to an access port in the Vlan which I am coming from, however it cannot even ping it's gateway, which as mentioned is within the same network. When I am at the console of the controller I can ping the service-port interface IP that I have assigned, just nothing else.
I am working in an environment with 6 4402 all running 6.0.119.4 code and WCS 6.0.196.0. I keep getting an alert from WCS that the controllers cannot be reached "Controller '10.x.x.x' is unreachable. - Controller Name: 'Name'"
Now when I go to access the WLC through HTTPS I have no access at all but controller still responds to ICMP, HTTP, Telnet, SSH. I know I should have HTTP and Telnet disabled but since HTTPS keeps failing I would have no way to get into the controller. Is this a known issue in the 6.0.199.4 code? should I consider upgrading? The only fix I have found to work is to disable HTTPS reboot controller enable HTTPS and reboot again.
We recently deployed ACS 5.3 on a VM, while the main purpose of implementation was to control access (authentication/authorization) on network devices; Can we use the same user to authenticate users' access to our wired network? So only users with a valid credentials on our Windows AD can have access to the network?
Using Microsoft IAS as the auth server, how do I get the ASA (v.8.2.1) to take different user groups defined in AD, and control access to different group policies on the VPN? We're setting up the ASA for many different vendors, and need to control access for each vendor with different policy.
For example, Vendor one is in AD group Vendor1 and will only be permitted access to a specific group of defined IPs in our network. Vendor two is in AD group Vendor2 and will only be permitted access to a different group of defined IPs in our network from Vendor1.
I have setup clientless SSL VPN on my ASA. User authentication is done by RADIUS using ACS 5.2, I have created two portal one for IT department and the other for auditing department but the user in auditing if the select IT group from the drop down list they can login to it, my question is how can I make them login to their group only and prevent them from accessing other groups ?
I have a 1395 Wlan mini-card in my dell vostro 1510 version A21 and it has stopped allowing internet access. it says limited or no access and when i ran the connection diagnostices it failed the authentication.last time the software was update was october 6, 2008.
need an access point configured in the user minimum because I was looking and some had up to 49 LAP connections at the same time. I have a WLC 4402 VERSION 7.0.98
