We are doing a study on our public WiFi to identfy client connections based on wireless Vendor. about 40-50% of the clients wireless Vendors are "unknown". Is there a way to update the list of Vendor mac-addresses in WCS?
View 5 RepliesWe have a L2L VPN with a vendor and our outbound traffic (our local network is 192.168.0.0) NATs over one of our public IP addresses x.x.x.164 to their public IP address 128.x.x.x. In the beginning all our traffic was outbound (port 23) to the vendor and now we need to allow inbound from the vendor to specific 192.168 addresses on our network using port 9100. I’m uncertain as to what I should do to allow their inbound traffic to these IP addresses since we are NATing our entire network over one IP address. Note, the .164 public IP is also used to NAT to other vendors we have L2L VPN with. The VPN terminates to our ASA 5580 version 8.2.
View 5 Replies View RelatedI could get a list of clients on the E3200 wireless (or wired) ports. I have my E3200 setup as a WAP LAN-LAN off a switch and it is not the DHCP server on the network. I can see a list of MACs on the client list, but no client names and no IP addresses. They are definitely named and show up on the WRT54GL (DHCP and NAT) as devices
View 5 Replies View RelatedI have noticed that changes in MAC address filter list are applied only after reboot of router. It is inconvenient.
Router Linksys E4200
Firmware Version: 1.0.03
Operation system on client computer is Windows 7.Can it be resolved in the next version of firmware?
I’m trying to configure EAP-Fast following the guide [URL].But when I try to download the certificate, I receive the follow message: “Error installing certificate.”At logs I see:
*TransferTask: Sep 27 14:00:09.479: %UPDATE-3-CERT_INST_FAIL: Failed to install Webauth certificate. rc = 1
*TransferTask: Sep 27 14:00:09.479: %SSHPM-3-KEYED_PEM_DECODE_FAILED: Cannot PEM decode private key
- Remembering I’m doing Device Certificate.
My environment is:
WLC 2106 Windows 2003 with AD and CA When I try to use line commands I can’t too.
We have a wifi router RV220W and we need to filter the mac address. The problem is that the number of the "allowed" devices is around 50 (not all connected at the same time), but the maximum number of mac address which can be listed in this router for each VLAN is 20, so for the moment we set 3 VLAN, each one with a different mac adderss list. This is very awkward because the area to be covered by the wifi network is large and we need repeaters, but having 3 VLAN we should put 3 repeaters for each point. Is there any way to configure this router in order to have a single VLAN but with a mac address filter list of 3 x 20 mac address?
View 1 Replies View RelatedWe have a three tier network with a centralized core switch and multitple distirbution swithces - all 6506 routers.EAch dist switch is its own PIM SM domain and the RP so we never send multicast between the dist switches and through the core.
We are putting in a centralized server at the core switch which has to provide specific mcast < X Groups > to all servers at the dist level on all dist switches.
So we would like to define the RP <core rp ip> just for the <X groups> on the Core switch and tell all the distribution switch that the core is the RP for just the <XGroups>
If we put these commands on all the switches including the cores will that set the rp just fo the <XGroups> to the <core rp ip > ?Do I have to define the deine an ACL for all groups if i define it for some or will groups not defined by the ACL defualt to the local RP?
do I have to put in the override command ? (We are using MSDP not autorp)
ip pim rp-address <distn rp ip>
ip pim rp-address <core rp ip> 99
ip access-list 99
permit <XGroups > mask
I have a setup using LogMeIn Hamachi and the network type creates a Windows Bridge. I also use the DHCP Reservations List to assign the same IP to specific devices. Well I have the MAC Address for my NIC in the list which works when I am not using the bridge. When using the bridge, of course the MAC address changes and when I try to add it to the list I get the following message in a popup window. The MAC Address is 02:e0:61:05:45:3e I have tried manually entering it, letting the router enter it from the list of computers and just to rule out something stupid, I have tried changing the letters to upper case and removing the colons.
Another issue I can see when this issue is resolved is that I do not believe it will let me add this reservation since I will be using the same IP used by another reservation. My DGL-4500 allowed this if I had the other reservations using the same IP disabled.Below these comments/rants are some feature requests. I have put them last as some of the requests are explained in the comment/rant section.I have read through this list and I have to say that after I purchased the router, which I ordered on-line, I was dreading it, but I have not had issues. It is possible that I am not using features that cause this issue. I believe the issues occur when using certain configurations with the "Enable Advanced DNS Service" enabled. I am not using this service. Since I knew people were having issue s with it, I wanted to see my results leaving that out. I have had this router running since a week before Christmas and I have many Virtual Server entires, QoS and port forwarding entries, https based remote administration, both 5GHz and 2.4GHz networks enabled supporting a/b/g/n(on both networks) and a guest network enabled on both bands all supporting WPA (TKIP and AES). I have 2 Giga wired connections that are always active, a 100Mb connection that is on an off but used almost daily, 2 Laptops that use the 2.4GHz network daily and one is 802.11g 54Mb and the other is 802.11n 150Mb and they are on at the same time almost daily, a printer that is on and used multiple times a week that uses 802.11g and a game system that uses 802.11a this device is used daily. Most devices are on and used at the same time daily and we have a good deal of regular Internet traffic and moderate other network traffic during these times. At night all computers are backed up over the network and most of the other network devices are off or not during this time. Other than having to reboot my Internet hardware provided by my ISP, I have not had issues. The router has been rebooted for config changes and I usually cycle it when I cycle the Internet hardware. Point is, so far no issues, good performance and it works and I have of course had other devices connected using the guest network and I have been testing features, performance, etc.
What's up with having so much variation in how features work across routers?e.g. My DHCP Reservation issue above. This router does not work with a setup like my DGL-4500.This router allows a preset amount of services like QoS and Virtual Server entries while the DGL-4500 just lets you add entries. Now maybe there is a limit and it just looks like there is no limit. Of course, there is at least a limit that is reached when you have used a certain amount of memory with the configuration.so many routers while leaving gaps and the lack of feature explanation and comparison?I switched to this router because I wanted a dual band setup which my DGL-4500 does not provide. That leads to the issue of the new way D-Link deals with dual-band. When I purchased the router it did not list that you had to choose 2.4GHz or 5GHz or it is not simultaneous dual-band. I was duped because I used to install DWL-7100AP for people that needed better wireless options for home businesses and small businesses and that provides simultaneous dual-band and back then if it was dual-band it was simultaneous. But I am disappointed in some of the features lost like WISH support and a few options here and there which do not seem like they are specific to gaming routers and this router is more on the mid range and low high range end of consumer, prosumer, home business and lower traffic small business routers, so why is it missing these features and why does it have the limitations I listed in the "variation in how features work" section above?
Other examples of lack of feature clarity are with Game Fuel, HD FUEL and Intelligent QoS. Isn't Game Fuel Intelligent QoS of some sort. Now from the example provided in the overview for the DGL-4500, Game Fuel optimizes game performance, but it does not say this is automatic or if it works along with the rules you set in the Game Fuel section which is the same as the QoS Engine section in the DIR-825. The difference is that the DIR-825 has a "Enable QoS Engine" option while the DGL-4500 has an "Enable Game Fuel" option. It seems that Intelligent QoS does what Game Fuel does, but expands that to VOIP, Media Streaming, etc. and it may be more automatic. HD Fuel in the only place I have seen it mentioned seems to refer to the combination of Intelligent QoS and the inclusion of 5GHz wireless support. Of course there is no version and feature documentation and in fact while the overview of the DIR-825 talks about gaming with Intelligent QoS, but if you bring up a comparison of routers, the chart has no in the gaming section for the DIR-825. I can't say I have noticed better or worse gaming performance with the DIR-825 compared with the DGL-4500, but given the shear lack of documentation on how to use Game Fuel and Intelligent QoS properly, who knows if I have this setup correctly. I will say the QoS Engine section in the DIR-825 is easier to use than the Game Fuel section in the DGL-4500.
1) The ability to reduce the brightness of the status lights, set them to solid if enabled with brightness options and to set them to off with an option to have some very faint light to show that the router is on. Of course I should be able to set different options to be applied at specific times.
2) Add the applicable features missing from the DIR-825 that are found in the DGL-4500 and applicable features from other routers. Also, get them all so they work the same on each router and let get the best from them all and make that the standard. e.g. In my DHCP reservation example above don't set the standard to the limitations of the DIR-825, but make the DGL-4500 function set or better function set of all routers combined for each feature the standard with-in router categories. e.g. the DIR-825, DGL-4500 and DIR-855 would be in the high end router category for consumer, prosumer, home business and lower traffic small business routers.
3) For DHCP reservations, you should not be limited to the DHCP IP Address Range.
4) On the log-in screen, get a better captcha and fix the tab order.
5) Add a log-out option in the web interface.
6) Allow for a next hop option in the DCHP server section. It would be cool, if there could be a list of IPs allows one to be enabled at a time.
7) Allow different DHCP server settings for each network. There are 5 on the DIR-825. Wired, 2.4GHz regular, 2.4GHz Guest, 5GHz regular and 5GHz Guest. Would be nice if you could set a couple of VLANs on the Ethernet ports and then have different DHCP setings for each VLAN.
For guest wireless networks, allow rules to be set to allow access to certain services on the network. E.g. I may want to allow printing. So allow a single port or multiple ports with easy settings for consecutive port ranges to be opened to an IP, IP range or all IPs and allow all ports for an IP or range of IPs. Of course, leave the allow full access option.
8a) Allow users to set rule sets that can be enabled/disabled like the full access option.
8b) Allow a control that can be set in the rule sets that controls if the wireless devices can talk to each other and another that controls if they can access devices on the wired network and another that controls if the wireless devices can access the Internet.
8c) Allow rules above to be limited to be applied to specific MAC Addresses.
8d) These options would be good to have for the non-guest wireless networks and wired network as well.
I keep getting some additional IP addresses logging onto my home network that have an address outside what should be allowed by the router. The server is running at 192.168.2.1 and is set to only allow clients from 192.168.2.2 - 192.168.2.10 so a total of 9 clients should be allowed on.The problem is that something keeps logging in with an address of 192.168.169.2 or 3 etc. Sometimes more than one device at a time.I have assumed that it is some automated or virtual client as I'm pretty certain my network has not been breached. I have a 9 character password with a relatively random alphanumeric combination, although I haven't tried changing the password (I live in a share house with with a bunch of devices using wireless, so I haven't yet bothered). What I don't understand is how it has connected with the xx.xx.169.xx range at all. I have a Belkin 'Share' Wireless N Modem Router and at some stage there was a 'guest' network but that has since been disabled and I still am seeing the extra address. I have attached a screen shot of the DHCP client list on the router.The following is a list of devices that may be on the network at times, I'm thinking one of these may be responsible for the problem:
Windows Vista Desktop - Only LAN device
PS3
Macbook
Epson wireless printer
Android HTC Desire Mobile Phone
Laptops running various Windows versions (XP, Vista and 7)
A few thoughts I had:
- the android phone is capable of running a wireless hotspot, may have to look into it to see if if has been operating as an access point into the Belkin router, but assumed this wouldn't bring up clients connected to the phone on the home router.
- The desktop has PS3 Media server installed to stream video to the PS3 over the network (not that I have ever managed to get it to work), however this is not ever open on the desktop.
I want to block the sql port access of my server to all except few of my ip addresses while access list on Cisco Router IOS how do i do that.
View 3 Replies View RelatedI'm configuring a 5505 for a remote office. Until they are assigned a static ip by the provider I will have to use the providers dhcp address. How do I construct an access list for the outside interface using the external address if I don't know it yet? is there a commnd that will insert the ip address in to the access list once one is assigned?
View 5 Replies View RelatedI am using cisco 1841 LAN router, I need to block MAC address i have applied the command access-list 1102 deny 0000.0000.0000.0000 mac address..... but it does not work.
View 24 Replies View RelatedOur ASA is a 5580 version 8.1(2) and is the L2L VPN peer for a handful of remote offices including a L2L VPN with a vendor who will provide a service for these remote offices. I have two questions/issues:We will need to provide this vendor access to the remote office network(s) only on port 9100 (printing to specific printers at these offices). I know there is an issue with L2L VPNs ability to see each other but if there is a global command allowing all to see each other that would be bad as we have others and don’t want all to see each other.The remote offices are using CIDR 172.20.0.0/16 so each one is assigned for example 172.20.3 the next office is 172.20.4 and so on. For the crypto map access list for this vendor can we use 172.20.0.0/16 or do we need to specify each individual network?
View 3 Replies View RelatedI have cisco3750 (core), 3550,3548, 2960, HP Procurve 2510 series, Extreme e250 series swiches running in my network. Now all are running by default. How can I deploy rstp here? Or which is the best loopdetection protocol is best here ? I have aroung 40 vlans . (not looking for PVST )
View 9 Replies View RelatedJust finishing up a small install of a 5508 controller and WCS.Approx 30 AP's across 2 buildings.2 WLANS - 1 prod wpa2 and 1 guest which is completely open to internet only.Our security group is asking if there is a way to determine who is accessing the Prod WLAN. Currently it is setup to work with eap and the users AD account which is working well.I noticed under the client tab in WCS that there is a Vendor name and it shows me intel and even RIM when someone with their Blackberry is connected. BUT when we connect via an IPAD it show "unknown" as vendor name. Is there a way to get the IPAD to register under the vendor name ?
View 1 Replies View RelatedI am trying to give a vendor VPN access so that they can remotely monitor and diagnose their installed heating and cooling equipment. I dont know where to start and I apologize in advance for my ignorance. I am technically savvy but i have no Cisco knowledge base.
It is a PIX 506e firewall with PIX v6.3.
We have a 7609 in production network and I am trying to find out the SFP vendor plugged in module WS-X6724-SFP."show inventory raw" gives me the SN but not the vendor name. "show hw-module subslot 1/1" shows The indicated slot/subslot number is empty. Any commands which can show the SFP vendor?
View 1 Replies View RelatedI'm using Cisco ACS 3.3 for RADIUS. How to do I make Vendor-Specific attribute available? (Attribute number 26, format: OctetString) The online help makes reference to it, but does not tell you how to make it available.
View 9 Replies View RelatedWhat is the difference between open protocols and vendor specific protocols?
View 1 Replies View RelatedI tried many different things to get the accurate answer for my issue. I wanted to know, will i face any connectivity or looping issue in the network if i connect Broacade SAN switch on a cisco 6500 switch.Also need to know to maintain a DATA DOMAIN which SAN switch is better? Cisco or other vendor.
View 2 Replies View RelatedI have arequirement where in I need to allow only specific vendor made desktops/laptops to be connected to the switch and block the rest. Say I want only the HP made Laptops to be connected on the Network. and block all other vendors. such as dell, ibm etc.
I am having Catalyst 4500 switches in My network. i tried using the mac access list using the permit and deny statement and then mapping the access list to the vlan access map and then filter using the vlan id. But this doesnt work on cat 4500....the same I tested for 2950 switch and it works perfectly. are there any restrictions on 4500 or any extra configuration has to be done.
I have a 5505 between a vendor router & my company network, vendor is not able to access devices on internal network. I am also not able to access the firewall via asdm
View 10 Replies View RelatedI have a Fujitsu Lifebook Series E that used to connect to the internet but will not connect now. It will not recognize or list any wireless connections available. Actually, I can't even pull up an empty list of wireless connections available. It does have a local area connection but it says a network cable is unplugged. I know it may be a faulty wireless card but I don't know how to test it or, if it is bad, where the find it to replace it.
View 14 Replies View Relatedi can't find my wireless network in the list. It shows me networks from my are but not my one. I know my one works and has no problem as my sister can use her laptop wirelessly
View 19 Replies View RelatedI have a WCS v.7.0.230.0 and four controllers v.7.0.235.3 (on two WiSMs). I have a problem now where when adding/modifying guest users the controller list shows only three controllers. I don't know when this started happening or why but no matter what I do (including removing the controller and adding it again) I can't get the controller list to be fully populated with all four controllers. I've attached an image of what I'm seeing.Other functionality appears to be normal, for example I can add "mac filtering" addresses to all four controllers with no problem, APs can register to the affected WLC etc.
View 2 Replies View RelatedWe have enabled web Auth for our public access on Cisco WLC 2504. It works fine. However, if a wireless user opens his email with download pictures website, he can’t get the picture download until he accept the web policy. Our users complaint about that.
"Our application makes requests to the internet to check for and download pictures, etc. The problem is that web requests are not permitted until a user has opened his/her web browser and attempted to go somewhere (e.g. google) so that your security system can redirect them to the authorization form where they must click the “accept” button. If the user has not done this yet, any functionality in our app that requires an internet connection won’t work because the security system is blocking the requests. Unfortunately, since they’re not in a web browser at the time, it doesn’t redirect them to the authorization page - the request simply fails since a redirect doesn’t have an effect on the application like it would a web browser. My remedy would be, if possible, to whitelist web requests to the server(s) where our code and/or images will live and let them get around that restriction. Otherwise, users won’t understand why the app isn’t working unless they try and open a web browser first – which is probably not something I’d expect them to do. With this solution, you could still ensure that nobody is accessing the internet at large without accepting your terms – but they could access your website as well as our application’s functionality seamlessly."
Can we setup whitelist or something like that on WLC?
I'm doing a project on trilateration in which is required to list the BSSID and power levels from the APs, since we have alot of Cisco Aironet 1100 deploye here, could this be a choice ?
My first try is to get these values using snmp, but so far had no luck finding the right MIB. I don't think the console might be useful, will it ?
I know I'm assuming alot, that the Aironet enables for a 'iwlist' dump, and that these values can be retrieved through snmp. But seems something reasonable for them to have, even if I haven't found it.
Every day or two my landlord's router just seems to disappear altogether . just seems to turn itself off randomly. Unplugging to reset results in good, clear signal for a while, but the problem always comes back. It affects all connected machines (not sure if it makes any difference if a macnine is connected via wire.)
View 4 Replies View RelatedMy wireless router will no longer appear on the list of available networks, but it can find others. My partner's laptop will find it instantly! So it's obviously something on my computer.
OS: Vista Ultimate
Internet Provider: Sky
Country: UK
I recently added several devices to my wireless-g network: Xbox 360, an HTC Smart phone, and an old laptop my buddy gave me (in addition to the 2 desktops that were already on the network). Since doing this, I've had occasional buffering problems when streaming music or video, even when I'm only using 1 of the devices. I suspect that the Xbox (or maybe phone) is downloading updates in the background, even when it's turned off, and that is consuming bandwidth. Is there any way I can see a list of devices that are connected to the network and maybe even the amount of data being transmitted to/from each so I can find the culprit. when I play online, it says that my NAT settings are not open and that this makes it take longer to connect to other players. What are the risks involved in loosening the NAT restrictions?
View 1 Replies View RelatedI've got a strange problem here. In the office, my OEAP 600 can join WLC if there is no MAC authentication. When i enable MAC authentication at WLC, AP will fail to register. However, I try it at home and it works with both MAC authentication enable or disable. I suspect it is because of firewall in my office, but there shouldn't have any different in discovery and joining procedure for AP with MAC authentication enable or disable.
View 18 Replies View RelatedWe are thinking of buying a WAP321 to use for captive portal.
Is it possible to configure it so that multiple guests and use the same username and password simultaneously?
If we have 10 guests in the office we don't want to configure 10 usernames for them to use.
I need to know for shure if the aps listed below are compatible with 5508 controller version 7.1.91.0
the ap's are
AIR-LAP1242AG-E-K9
AIR-LAP1242G-E-K9
AIR-CAP3501E-E-K9
AIR-CAP3502E-E-K9
AIR-LAP1231G-E-K9
of course I checked release notes [URL]