My firmware is 1.35NA and have a schedule established. When I try to add a policy for access control, I can select a policy name but when I hit "next", I get an error stating "Internet Explorer has stopped working" and wants to close. I was able to add policies previously but can not any more.
View 3 RepliesI have set up a zone-based policy firewall with HA on two 2911 routers as per the Cisco security configuration guide, for an active/passive LAN-LAN cluster. All works as expected, but there is one problem I find: when the control link between the two devices fails, they go into an active/active state as each member assumes it's the last surviving member. The ARP entries for the Virtual IPs on the neighboring devices point to the device that last claimed the active role (usually the standby device). This works in a way, just sessions don't get synched anymore (control link is the same as data link). Now when the link comes back up, the preemtion works and the active, former standby device goes back to standby. But the ARP entries on the neighboring devices still point to the standby device and nothing goes (also sessions established during the active/active state are lost due to resync with the now active member).
This is a single point of failure and what I need is a way to mitigate that. Under:
redundancy
application redundancy
group 1
control <interface> protocol 1
only one control interface is allowed. Other manufacturers with similar functionality provide for the possibilty of a backup control link, for example the internal LAN interface or a dedicated backup link.
How would I go about that? Maybe use a port-channel for the control/data link (but I'm out of interfaces)?
Configuration: VM with ACS 5.4 with patch 3. (upgraded from 5.2.0.26 patch 10)When I go on "System Administration" - "Administrators" - "Administrative Access Control" - "Authorization", I got this error:
What I tried:
"acs backup" on this server and shutdown
Install an ACS 5.4 with patch 3 on new VM --> I don't have the problem on GUI
"acs restore" to restore my configuration on new server --> I got this problem again...
I want to use this feature...After this error, others pages generate this error: I have to reload server or restart management service to get him back...How could I solve this? (I don't want to reconfigure manually the server )
I have tried to setup access control by setting up a policy that restricts certain MAC addresses during a period during the day from certain websites. I set up the website filter and a schedule and selected them for the policy. Instead of blocking just the websites on the filter list during the time setup in the schedule, it blocks all websites all the time.I made sure that I setup the policy to 'block some access' NOT 'block all access'.The only thing that seems to work is that only the computers with the MAC address selected are effected.
View 3 Replies View RelatedI may be doing it incorrectly, but I'm trying to configure web access rules. I first set up access control and tell it to use the website filter. I've tried configuring it by both MAC address and IP address (separately, not simultaneously), but it still allows the listed sites in the web filter to get through. Is there something else I need to block or am I not doing something correctly? The network is on DHCP reservation, so IP addresses are always the same. MAC addresses, as I mentioned, don't work, either and they are fixed and logged in the router.
View 9 Replies View RelatedDIR655 with 1.33NA firmware. I'm trying to determine how to block access to the internet for a specific LAN computer when the user knows how to change a MAC address. I don't want to turn MAC control on and grant only to listed computers - the list doesn't accommodate enough MAC addresses, and the client has wireless and wired since it's a laptop. I also don't want to set static IPs on all of the devices since some cannot accommodate that feature.I'm thinking that reserving an IP address isn't ultimately the solution either, since assigning the IP isn't going to work if the MAC changes. how to use access control under these circumstances?
View 1 Replies View RelatedI have a new DIR-655 and have successfully added three access policies. I am trying to add a fourth, and have gone through the wizard making all the necessary entries. After saving, I get back to the list of existing policies, but the one I just added does not appear.
View 2 Replies View RelatedI have 60+ website domains to allow on my network using Website Fitering. Is it possible to expand it or is there another router out there that has a large amount of domain allowing or blocking?
View 1 Replies View RelatedWhen attempting to configure access controls from the advanced menu I enable the access control checkbox. I then follow the configuration wizard completing each step as directed by the wizard. When I complete the wizard and try to save the rule I get the following error message regardless of how I complete the wizard. "Name can not be empty string". Yes, cannot is misspelled in the message. I have tried every combination of choices in the wizard and many combinations of naming the rule to no avail.
This did work properly on a previous firmware version, probably 1.04 or 1.05. I have not tried back loading to the previous versions to see where it did or did not work. I don't know how well the router goes back and don't really care to reload all the settings again by hand if the automatic recovery doesn't work.I want to use this feature to control what hours certain machines on the network have access to the internet.
I'm trying to block internet access to a range of IP addresses using the Access Control function of the DIR-655 router. Unfortunately, the router does not allow me to block a range of IPs. Instead, I can only create policies based upon individual IPs or MAC addresses. I have over 60 machines I want to block Internet access and I'd hate to have to type them in individually. How do I go about blocking all Internet access (HTTP/FTP/email/everything) for a range of IP addresses? They will have to be able to continue to use the internal LAN.
View 3 Replies View RelatedI would like to use the web access control that is on the DIR-615 along with my 2Wire modem/wireless router. Is this possible? If not is is possible to put the 2Wire modem into bridge mode and purchase a second wireless modem to run along side the DIR-615 that I have so that I can have two separate wireless networks that have two different web access controls in place?
View 1 Replies View RelatedI want to do what I thought would have been a simple enough task - block my kids phone/computer after certain hours. Instead of blocking the specified MAC address(es), all my computers does not have internet access. As soon as I disable the policy, internet access is on again. Here's what I did:
[code]...
Trying to set up a simple schedule for keeping the kids from staying up all night. I'd had this working on a Linksys WRT54G till it bit the dust. I just want it to block internet after midnight. My problem is that the schedule is triggering the block unpredictably.?
View 3 Replies View RelatedI have in my possession three E2000 and I wanted to buy 3 more, but the model seems to not be on sale anymore so I bought his successor the E2500.In the E2000 I used the Internet Policy menu to block internet access of certain computer by entering their mac address.In the E2500, they seem to have removed this menu to replace it with a Parental Control menu, which offers far fewer options, basically you can only block a computer that is connected to the router, you can not block a pc by the ip or by his mac address.Is there a way to have a menu similar to Internet policy in the E2500? A hidden menu, or a different firmware?
View 1 Replies View RelatedI have a situation where I have tenants connecting to my wireless network and paying towards the internet bill. I am able to control this by using MAC filtering, but I have just realised that this only works for wireless clients.
Is there a way to replicate this for the router's Lan ports? Or possibly even just disable Lan access. The router model is a D-link DSL-2750U.
Region : Austria
Model : TL-MR3420
Hardware Version : V2
Firmware Version :
ISP :
I'd like to make exception keywords in the Access Control but I don't know how I could possibly do this. E.g. I have put in the keyword "apple" to be blocked, so if a domain has the keyword "apple" in it, it will be automatically blocked. What can I do, however, if I want to make an exception for the domain "appletree.com"? I haven't found any way to make an exception to specific domains or keywords.
I have several laptops at home that connect via wireless connection tot he DIR_655. Using the MAC address of those laptops, I want to prevent them from going to certain websites.Under 'Advanced" and "Website Filter", I addes several domain names (websudoku.com for example). I selected "DENY computersaccess to ONLY these sites". I then saved settings.I then went to "Access Control". I clicked on "Enable Access Control".I clicked on "Add Policy" to cdreate a new policy for one of the laptops.When I boot the laptop and go to one of the websites, it still allows me access. The URL/domain name is correct.
View 5 Replies View RelatedRegion : UnitedStates
Model : TL-WDR4300
Hardware Version : V1
Firmware Version : 3.13.23 Build 121225 Rel.37950n
ISP :
Setting up access control for one PC. I just want to block all internet access to one PC during a certain time. It seems like my only options in the Access Control page in the GUI is to block websites or domains.
Region : UnitedStates
Model : TL-WDR3600
Hardware Version : V1
Firmware Version : TL-WDR3600_V1_120820
ISP : Cox cable
It doesn't matter how I set it up, once the policy is enabled nothing can get through. This is the same for "deny" or "allow" as default. Is there bug with this new firmware TL-WDR3600_V1_120820??
For some reason I can't get Access Control/Webaccess Filters working on my Dir-655 w/ 1.35NA. I've tried it with MAC and IP Address without any success. I've also enabled/disabled/enabled DNS Relay, recreated the rules, recreated the filters, etc. Nothing.
View 14 Replies View RelatedI'm trying to set up a website filter on my DIR-601. I created a policy for 2 MAC addresses, with a schedule from 10AM-6PM, selected "Block some websites", and disabled logging. Under website filter, I added some entries, and selected "DENY computers access to ONLY these sites". When the policy is enabled, and I try to access one of the blocked websites, it gets blocked correctly ("The URL access was denied by administrator.") However, for all other websites, I get "server unexpectedly dropped the connection" errors, eg "Safari can�t open the page [URL] because the server unexpectedly dropped the connection. This sometimes occurs when the server is busy. Wait for a few minutes, and then try again." or in Chrome "No data received. Unable to load the webpage because the server sent no data." This happens with ALL non-blocked websites. I'm using hardware version A1, firmware version 1.01NA.
View 2 Replies View RelatedI've just bought all-in-one router X2000.And I found that in the parental control [ADD] windows does not show every device's name.It shows only 3 of 20 devices (ex. My-nb, PCaccount, PChuman, but the others show "Network device").
View 1 Replies View RelatedI Have a Firewall ASA 5505 with asa 8.4(2) asdm 6.4(5) I have only one Public IP services and need to publish on the Internet
External User (Internet) -> Calls connection on port 22 Internal server 192.168.1.124
External User (Internet) -> Calls connection on port 80 of the Internal 192.168.1.124 server or other server the same inside.
In the first moment I'm just testing the access port 22.I had it working in version 8.2 but after I updated to 8.4 does not work, I've tested several different configurations.
Configuration (see asa5505_config.txt file)
object network remoto_ssh
host 189.120.190.229
object network linux_ssh
host 192.168.1.124
nat (inside,outside) static remoto_ssh
access-list outside_access_in line 1 extended permit tcp any object linux_ssh eq ssh
ERROR: Address 189.120.190.229 overlaps with outside interface address.
ERROR: NAT Policy is not downloaded
Have spa module on 6509E experience that error:
!
sh log | b crash
SLOT 3: Aug 18 12:52:10 CST: %CARDMGR-2-ESF_DEV_ERROR: An error has occurred on
Ingress ESF Engine: Control Store Parity Error
SLOT 3: Aug 18 12:52:10 CST: %ESF_CRASHINFO-2-WRITING_CRASHINFO: Writing crashin
fo to disk0:crashinfo.esf_20110818-175210
[Code]....
I am trying to add 89,462+ access list rules to an ASA 5510 running 8.2(5). I have added all the rules to an object group and when I try to apply the access list to an interface it gives me the following error:
ERROR: Cannot add policy to rule engine ERROR: Unable to assign access-list wan-out to interface wan
I have not tried not using an object group and just putting the rules in the access list. I want to be able to add to these rules if needed easily.
I think it's clear that i have exceeded the rule limit for the ASA. So my question is, what is the rule limit for an ASA 5510 and which ASA could I purchase that would handle this amount of rules?
I have configured the primary firewall every thing seem to be fine, And we have configured fail over device while config is getting replicated to the fail over device we are getting below error.
ERROR: Cannot add policy to rule engine
ERROR: Unable to assign access-list LAN_out to interface inside
IOS and Model are same.But all the config got replicated from primary to secondary but except the one access group command.
access-group LAN_out in interface inside.
I've had my DIR 615 router for quite some time. The hardware version is C1, firmware 3.01 originally. It's been fine for the most part (asides from connection issues now and then with the internet - which we rectified by unplugging modem and/or router). A couple nights ago we had a storm and the next morning the router would not connect to the internet. I tried unplugging the router and modem a number of times but could never establish a connection. The internet globe LED was originally orange but after I cut off the power, it never came back on. I tried a number of different cables between the modem and router and could not fix the issue. I bypassed the router totally and the internet works fine. After a lot of failed attempts, I decided to reset the router and reinstall it with the disc. I followed the instructions and kept getting error 322 that the router could not be found. I tried 3 different computers and 5 different wires to fix the problem but to no avail. I kept encountering the same error on each computer. Since the router can't be seen, I must bypass it totally to get any internet access so trying the online setup doesn't work because I can't connect to the router and then to the modem since there is no internet access. So now I'm stuck. I'm not sure if my router is damaged from the storm. All other lights work (LAN and wireless icon) but I can't get any internet access through the router. I'm not sure if I should just go buy another router or not. The installation checks out fine until connecting power to the router and then it can't be found.
I am running windows 7 and vista on different computers and laptops and used setup 4.1.7141.2
I have a Cisco 3945 Router and when we try to add the same into the Cisco Works it gives me an error saying " CM0056 Config fetch failed for 192.168.xx.xx Cause: CM0204 Could not create DeviceContext for 1238 Cause: CM0206 Could not get the config transport implementation for 192.168.xx.xx Cause: UNKNOWN Action: Check if required device packages are available in RME. Action: Check if protocol is supported by device and required device package is installed.
We are using LMS version 2.6. Any info on the latest router 3945 with support or not.
This is what the Log shows when I try adding a 4404 to NCS
[2012-09-11 12:37:04,199] [ICE Service[ 1]Thread: 7] [inventory] [INFO ] - Complete inventory for deviceid 11020009 at Tue Sep 11 12:37:04 EST 2012. Total time taken to collect inventory in milliseconds = 1304
[2012-09-11 13:48:41,707] [http-443-10] [inventory] [INFO ] - Device with id 11020010 is managed state now, initial inventory collection started
[2012-09-11 13:48:41,768] [http-443-10] [inventory] [INFO ] - Initial inventory collection completed for device with id 11020010 without exception
[2012-09-11 13:48:41,822] [ICE Service[ 1]Thread: 8] [inventory] [INFO ] - Enter collect inventory for deviceid 11020010 at Tue Sep 11 13:48:41 EST 2012
[2012-09-11 13:48:41,960] [ICE Service[ 1]Thread: 8] [inventory] [INFO ] - Called InventoryCollectorEngineXdeImpl.call()for device ID = 11020010.
[2012-09-11 13:48:42,045] [ICE Service[ 1]Thread: 8] [inventory] [INFO ] - Invoking FeatureRunner [returned result: mib2-bootstrap] for MNE collection of device: 11020010)
[2012-09-11 13:48:42,159] [ICE Service[ 1]Thread: 8] [inventory] [ERROR] - 192.168.12.77 No matching device profile found.......
[code]....
I was trying to configure copp on one of 6500 sup-2T. Is it ok to add customized policies to the default copp "policy-default-autocopp".When I created my own customized policy using policy-map, I get following error
control-plane service-policy input policy-custom
error: failed to install policy map policy-custom
Day before yesterday my Laptop [Dell Studio] has suddenly stopped working and i have to shut it down forcefully. Then i logged in again but my wireless was not working, i have googled the solutions and tried to start the WLAN Autocofig service but its throwing an error : 1053 : The service did not respond to the start or control request in a timely manner.I have Windows 7 installed on my system.Suddenly the speed of my laptop reduced drastically. Now its taking almost 12 mins to start instead of 2 mins.I have also removed some lines from the test files from the registry as mentioned in the below website as a resolution, but its not working.Unable to connect to wireless networks on Windows 7 Enterprise laptop. I dont have OS [Operating system's] CD as it was pre-installed on my laptop when i bought it.
View 2 Replies View RelatedIs there I can customize the error page which is shown when someone visits a blocked site
View 3 Replies View RelatedI am using D-Link DIR-615, I need to ask is it possible that i change the error page "Forbidden Web Access" ? I have blocked some websites and i dont want ppl know that it is blocked by router because in D-Link default error msg it is clearly mentioned that " This page is not included in the router's Allowed Web Site List". Is it possible that i redirect error page to some other site? or change error message?
View 2 Replies View Related