Cisco Wireless :: Restriction SSID Per User With ACS 5.x Version
Sep 15, 2011
I would like to ask some question on WLAN technology, which I using WiSM version 2. And i get requirement that user must be restrict with SSID, so, i found that it can do it on ACS version 4.x via NAR for SSID-based authentication feature. Then, is it possible to do restriction on ACS Version 5.x?
I have 4 autonomous AP 1142 with 2 ssids : SSID10,vlan10 & SSID20,vlan 20.I use ACS 4.2 in order to authenticate users (EAP-FAST). How can i restrict access base on ssid or on vlan?I want users that connect to SSID 10 to not have access to SSID 20 and the opposite.
We are using ASA 5510 Version 7.2(4) at our organisation. The requirement is we need to give an access to a user with limited access so that he can run only specific commands on configuration mode. We don't have Cisco TACACS server instead of that we are using a microsoft radius server.
While I was at school there was a system in place where by you had to enter a user name and password to access the internet. Every student had a data limit like 3GB per month for example. I remember it had something to do with a proxy. I would like to recreate this system on my office LAN as some staff members have been downloading a lot slowing down the (very expensive) Internet connection. Limiting each users data will discourage large downloads.
We have configured ACS 5.1 for autenticating wireless users with active directory, which is working fine now.But we would like implement that single user should be authenticated through ACS . If any user try to access WLAN from multi system will be notified with multi login access restriction.Can we implement this policy in acs, if possible what are the exact configuration changes we have to implement.
I am trying to create a user restriction to allow one user to access only two networks (10.192.3.0 and 10.192.5.0) I have range of networks but I want to permit only two networks for limited user and full access for the admins. I know this was possible with ACS 3.3 but I am not too sure if this is also applicable with ACS 5.2.
I have created new ssid and i want to associate only one IP address with this SSID, so that only this user will be allowed to connect to AP. I have controller 5500 series.
I have manually configured the E2000 and set the admin password. When I was trying to log back in, I could not. I reset and reconfigured and set the password again. I still could not log in using "admin" and the password I set up. I thought I was losing my mind. Just on a hunch, I used the SSID name instead of "admin", then entered the password that worked. I am able to login, but I need the username to be admin, not the SSID. Has anyine else had this issue? Any way to change the administrator name back to admin??
We have been deploying 3502 APs remotely to locations with full T1s that backhaul to where I sit at HQ. Both the foreign and anchor controller are here at my location.
I am seeking to rate limit per user the bandwidth each client will get on the guest internet ssid. As you know this traffic is encapsulated in capwap between the AP and the controller so I cant use a standard ACL on the switch or router.
We are trying to keep the guest internet access usage in check on the T1 at any given site so the other ssid's & local lan traffic is not overly competing for the bandwidth.
I found the place to edit the default profiles in the controller but the documentation really isnt clear on best practices.
So I put it to you my fellow wireless engineers to suggest how you are implementing bandwidth management on your wireless guest internet.
McAffee scan of acs 1113 appliance running the 4.2 build 124 patch 12 version reports that a medium vulnerability exists because the system has SSH version 1. Any way to specify only version 2 or turn off SSH?
We have 4 SSID's established for our staff, students, Guests and Providers. CISCO / ARUBA Managed APs with a centralized CISCO Controller. Can I restrict access by the first letter in the username so that usernames that begin with x will ONLY connect to the Staff SSID if in range and usernames starting with y ONLY connect to the student SSID?
My Wireless-N Home Router WRT120N with version 1.0.07 seems to have a problem blocking Sites through scheduling with Access Restriction "Allow" ...I notice that... when I enable access restriction, with policy and some range of computers connecting to my router , and set it to "allow" from "monday - friday" from "8am-6pm" .. with a purpose of blocking some social networking sites, example facebook, It works perfectly fine. But when the "scheduled" time comes ( before 8am and after 6pm ).. I cannot access the internet.. router is working, it detects my modem.. but no internet connection. It always happen before and after the "scheduled time" before the configured access restriction takes over. I have to disable the Access Restriction to continue our internet access.
target 192.168.0.21following are rules of access restriction on WRT54G1.rule A- 07:00am~10:00am,internet access allowed, keyword blocked such as Facebook,mail.2.rule B- 10:05am~10:00am,internet access allowed, no keyword blocked.but 192.168.0.21 fails to access internet after rule A expired.
we upgraded our router from WRT54G V5.0 to WRT110. before we dont have any issues using the ACCESS RESTRICTION from WRT54G but now on WRT110 we encounter a GLOBAL BUG. we are blocking the website like Youtube, Friendster, Facebook etc. on the EDIT LIST TAB we specify 4 IP Address that will not going to access the said websites. The problem is...all Computers (about 15 PC) that are using the Internet cannot access the said website also but we did not enter the other IP's.
I tested this with my laptop by setting its access restriction/parental control to always not access the internet. But still my laptop can still search through Wikipedia. Is this because of the router firmware? By the way I'm using the latest Connect cloud firmware.
I have a WRT110 and in the access restriction settings section the time is in military. I try to set the restriction from 11:30 pm to 6:00 am. I cannot because it tells me the second time "6:00 am" has to be larger than the first. I don't understand a way around this.
All the documentation for this router shows the Access Restriction tab in the router configuration menu. It's the same as other linksys routers. The current version of the firmware doesn't have this functionality. Was it removed?
Is it possible to assign a single ssid to multiple interface groups by assigning the ssid to multiple AP groups?
I have buildings geographically dispersed that are configured with multiple vlans in interface groups so that I can maintain an addressing scheme of dhcp assigned addresses per building. Each building is also further grouped as AP groups. I'd like to know if by assigning the same wlan ssid to each of the AP groups, will I maintain addressing integrity for each building? I'm thinking it will work.
Do the buildings have to be outside AP range of each other to avoid problems?
I have set up access restriction times for my son (we have wireless access for all systems). I use the MAC address on his systems. Xbox, Kindle Fire and his Laptop. The MAC address are Correct. Here is the problem:
I set the "allow" and times from 6pm - 11:00 pm (while on xmas vacation) - the system works for a while he is shut off as i would like but....
After a period of time the entire house goes off line. I have to reboot the power on e2000 router and then disable the access restrictions. System then works. Problem is repeatable. What is the deal. I have updated firmware already. Otherwise the system works great. Never dies. Just when i set access restricions for a SPECIFIC time it kills entiore houese. BTW i can deny him outright 24/7 and the system idsables his access fine. Its just when i set specific times
There are 10, 50 and unlimited users profiles for the ASA 5505, reason for that restriction? Does that mean for example that only 10 users can go through a 10-user 5505?
Router 2811 got 3 Interfaces. One Interface connected to INTERNETProvider, Second Interface connected to Sales_Dept, Third Interface connected to Business_Dept. Internet Bandwidth in Total is 8MB. I need assistance to allocate 6MB total bandwidth to Sales_Dept and 2MB total to Business_Dept Sales_dept has 48port switch 2960, Business_Dept 24 port switch 2960. Gateway for users is the 2811 Router and both are on different subnets
I am using a network switch to share my broadband between four PCs.Among these PCs, one is for students. Is it possible that I can do the following 2 things from modem whose page can be accessed through 192.168.1.1;
1. Restrict some website like Facebook, Youtube etc
I am a restaurant owner and have a wireless network set-up via DLink DSL 2730U router. Now some times I get customers who demand to use the network and they use it for free which I find irritating. I have found one solution of 'Guests/Virtual Point' but I need to limit the time (say 15 minutes) for which they can use the network.
I've my ACS linked with AD to give administration access to few network devices and I've created an access policy to link my AD groups with those network devices and command sets.
Unfortunately I found I can use any user from my AD to login to my devices. Only LOGIN, the authorization definition is restricting the command set for those users.
How can I restrict the LOGIN to an specific AD group?
I get that to avoid fragmenting the packets we need to reduce the MTU to 1492, fine, but should the MTU restriction be applied at the virtual-template (server)/dialer (client) or on the physical ethernet interfaces?If I apply it to one or the other, which takes precedence? Should I just apply it to both the virtual/dialer interfaces and the ethernet interfaces?
i have asa 5520 configured as VPN Gateway to terminate remote access vpn , i have question , how can i restrict the access to only 1 range of public source IPs to access my corporate via RA ,is this possible?if so how to configure it?
my client insisting to set a dscp value of 56 (= CS7 , the highest priority) for their video packet without any bandwith restriction in the input of fast ethernet port and PPP Multilink serial output port of the 7513 router. What will be the outcome at time of video streaming and video conference ? As this dscp value CS7 is the highest priority and reserved for network only.we are using ospf routing (some of the network is connected through this multilink port via ospf routing), also this ethernet is connected to various statice routed ip network via cisco asa and cisco 4507. The keep alive ospf neighbor router will be lost or not?