im having a problem on my DIR-655, i just recently updated my DIR 655 2.03NA(which is no problem at all) to 2.10NA, & im having problem on my GUEST ZONE wireless network everytime i connect my Iphone 4 to it every second 10 seconds it goes on & off & i try to connect to the main wireless network it was working fine any causes to this?
View 14 RepliesI have disabled the internal DHCP/DNS server in the routers firmware. I have enabled the wireless guest access SSID. A client associating with the Guest Wireless Access will obtain a DHCP address from the server in the LAN zone, but cannot resolve DNS as the firewall prevents traffic to flow from the Guest zone to the LAN zone, as it should.Is there a way to enable the DHCP server and DNS server in the routers firmware, but only on the Guest Zone? Is it possible to get the Guest Zone to have a different subnet?Tech support has hung up on me twice now.
View 5 Replies View RelatedI'm wondering if there is a way to prioritize traffic on the router's main WiFi over the guest zone or if there is a way to limit the bandwidth on the guest zone.
Ideally, I'd like to keep a locked primary WiFi for high-speed usage (I know, nothing it really ever secure) and an open guest zone for low-speed usage to whomever wants it. As far as I can tell, the DIR-655 doesn't support this kind of configuration.
I recently picked up a 655 with hardware version A2 and flashed to the latest firmware. I have a HotBrick router. I only want to use the 655 as an access point AND especially to use the Guest Access or Guest Zone feature to allow visitors to bring their laptops and not virus up my network. My home network is open among a few computers for things like SageTV, file serving, etc.I can get the 655 to function just fine as a standard access point by following the instructions to turn off UPNP, DHCP, etc. as outlined in the manual. I then enable the Guest Access/Zone feature, and of course give it a different SSID name, make sure it's on 24 hours a day, that it is enabled, etc.
But, none of my computers can access the internet via the Guest Account feature, just the regular wireless portion. They show connecting to the Guest Account name, etc. but no internet. I've disabled every security feature I know of to test this. Again, the "regular" WAP tests great, but no Guest Account, which is really important and one of the main reasons I bought the unit.I'm wondering - does the Guest Account feature only work if the 655 is the main router, has DHCP enabled, etc.? Does it have to be the one and only router? If so, I'm in trouble, because I can't really give up my HotBrick due to failover features, etc.
I recently changed my ssid name from the default "dlink" to a more unique one. The problem is that the router is still broadcasting the default ssid along with the new one. Guest zone is disabled and the new ssid is hidden. But the default ssid is not hidded. Using wpa2 with aes, hardware ver. A1/A2 Firmware ver 1.21. How to remove the "dlink" ssid?
View 4 Replies View RelatedHave DIR-655, HW A3, F/W 1.10. On the Advanced tab, there is no Guest Zone option. Can this be fixed with a firmware update? If so, which one?
View 2 Replies View RelatedI am thinking of getting the DAP-1522 access point but I wondered. Can I set it to broadcast on 5GHz for my laptop and ipad, so they can stream video. Then set the guest zone to broadcast on 2.4GHz just for my lame printer, my printer does not have LAN and only wireless b & g. If I do put the printer on the guest zone and I enable routing between zones, will my laptop be able to print to my printer?
View 1 Replies View Related207.NA Firmware, B1 Hardware in use on a DIR-655, Time Warner Cable setup. Nothing to do with Revision, cordless phones,I saw this asked once before specifically here, but it was never answered.After several attacks via our cable network and neighbors, we've HAD to turn on MAC filtering. There are TONS of devices attached normally so two situations popped up:
#1: What happens when you max out the authorized MAC address listings? Does the page get longer when you save/reboot it? Do I have to do it manually from there forward and where can I get down to the core programming level to edit the code and put the MAC's that are around and on 100% of the time to open up the plug-in list on the GUI?
#2: Guest Zone - we NEED a way to have random guests get on our Network with a different password we can randomly change to prevent the outside abuse, etc. but am I understanding what little else has been posted that the MAC filtering also covers the Guest Zone and therefore I have to stick them in there before they could simply log on with the current password? Is there any way to change/stop that without eliminating MAC filtration as a whole?
I am fortunate enough to have unlimited interwebs through my DSL ISP, and I occasionally have guests that come by who would like to use it on their mobile devices.My problem is that when my Guest Zone is enabled there is no internet access. Otherwise the Zone functions 'normally' devices within the zone can view each other, but not outside.It is important for me that the Guest Zone doesn't see any of the devices within my Host Zone.
DIR-655 - Rev B 2.03NA
Connection: PPoE
Reconnect mode: On Demand
Wireless Mode: Mixed G/N
I have a Cisco 2901 which terminates a Class C address pool. I have split the Class C address pool into 3 sub-nets and 2 zones and created a non-addressable pool (private pool):
dmz-zone : x.x.x.0 TO x.x.x.127 (x.x.x.0/25)
in-zone: x.x.x.128 TO x.x.x.159 (x.x.x.128/27) & x.x.x.160 TO x.x.x.191 (x.x.x.160/27)
private-zone: 192.168.x.0 TO 192.168.x.255 (192.168.x.0/24)
I have configured private-zone NAT to use address pool x.x.x.161 TO x.x.x.189 within the in-zone.
Within the:
dmz-zone - are servers for : DNS, Syslog, SIP & HTTP/HTTPS in-zone - is a SMTP mail server which is behind VPN Gateway/NAT, TomCat (Application Server) and PostgreSQL Server private-zone - is where all standard users are operating from and they can access the SIP & HTTP/HTTPS servers within dmz-zone My problem is that I cannot seem to configure the ZBFW to allow the dmz-zone HTTP/HTTP server to redirect to in-zone TomCat server.
I do not want to make the TomCat server generally visible and am instead using the Apache proxy/ajp13 to connect from dmz-zone server to in-zone server.However I cannot seem to get anything (including icmp) to work from dmz-zone to in-zone.
I have Policy:
POLICY-DMZ-IN (dmz-zone to in-zone) which has:
any any udp/tcp inspect
any any icmp inspect
unmatched traffic DROP/LOG
But I still cannot get anything from dmz-zone to in-zone...Could the POLICY-DMZ-IN be being overridden by other dmz-zone to out-zone policies?
NOTE: I have routing rules for each of various sub-nets and all out-zone to dmz-zone, out-zone to in-zone and private-zone to out-zone, in-zone and dmz-zone routing works ok, so it appears problem is with ZBFW not routing table.
I'm trying to find a document in Design Zone about configuring a Wireless AP and I wasn't able to find it. I have a good experience configuring switches, routers and firewalls in CLI and this is the first that I have my hands on APs (1240 AG).
View 2 Replies View RelatedI have set up a zone-based policy firewall with HA on two 2911 routers as per the Cisco security configuration guide, for an active/passive LAN-LAN cluster. All works as expected, but there is one problem I find: when the control link between the two devices fails, they go into an active/active state as each member assumes it's the last surviving member. The ARP entries for the Virtual IPs on the neighboring devices point to the device that last claimed the active role (usually the standby device). This works in a way, just sessions don't get synched anymore (control link is the same as data link). Now when the link comes back up, the preemtion works and the active, former standby device goes back to standby. But the ARP entries on the neighboring devices still point to the standby device and nothing goes (also sessions established during the active/active state are lost due to resync with the now active member).
This is a single point of failure and what I need is a way to mitigate that. Under:
redundancy
application redundancy
group 1
control <interface> protocol 1
only one control interface is allowed. Other manufacturers with similar functionality provide for the possibilty of a backup control link, for example the internal LAN interface or a dedicated backup link.
How would I go about that? Maybe use a port-channel for the control/data link (but I'm out of interfaces)?
I've been fighting the Rev A4 HW and 1.3x firmware stability issues. I would like to try the 1.21 firmware, but I use the guest network feature. The unofficial backrev'in instruction look to be a PITA... and I just would like make sure the guest network feature exists in the 1.2x firmware before I got through the trouble.
View 2 Replies View RelatedI have a wired DLink DGL-4100 as my main router and DHCP server. Attached to this, I have a hard-wired Linksys WRT610N which is acting as a dual-band access point. All are on network 192.168.1.0/24.I would like to create a second "guest" wifi network using a spare DLink DIR655 router. Guest clients should have access to Internet but absolutely NO access to machines and resources on the 192.168.1.0/24 network.I connected the DLink DIR655 WAN port to one of the Linksys LAN ports (since it is basically a switch). I configured the DLink DIR655 with LAN IP 192.168.2.1, activated its DHCP to give out 192.168.2.100-105. I set the DLink DIR655 WAN Internet Connection Type as Dynamic IP (DHCP). The DLink DGL4100 assigns an IP to the DIR655 on the WAN side (e.g. 192.168.1.200).With this setup, wireless clients on the DLink DIR655 2.0/24 network get assigned an IP on the 2.0 network. They can access the Internet. However they can still see all the 1.0/24 clients. how come the networks aren't isolated?How should I set this up properly?Do I need to use the DMZ setting on the DLink DGL4100?I know I could get rid of the Linksys and use the Guest Access feature on the DLink DIR655. However I would like to use the Linksys for its dual band feature.
View 4 Replies View RelatedOn the Dap1522 access point, in access point mode, would it be possible to have the following 2 features implemented?
1) Ability to simultaneously broadcast on the 2.4GHZ AND 5GHZ band.
2) Ability to specify a guest network.
Is there any way to access the router's configuration pages (192.168.0.1) via the Guest wireless network when routing between the zones is disabled?
Here's the story:
I am using my landlords wireless internet, but I administer the router myself. The router is 'upstairs' and i am 'downstairs' and he has his computer plugged into it plus one wireless laptop. He knows nothing about computers and is vulnerable to downloading viruses (and other ****) and I don't want my computers to be on the same 'network' as his.
I had a brilliant idea that since I am 100% wireless, I can make a guest network, put all my computers on that network and disable routing between them. Now all of my computers (some connected through a wireless bridge) can not see his computers at all (perfect!). The only problem now is I can no longer access the router config pages at 192.168.0.1!
Is there any way I can segregate my computers from his and also access the router config? I've tried accessing the WAN IP for the remote admin pages from inside the NAT, but it still blocks it.
I have a DIR-825 (hardware rev B1, v2.06 firmware) with 2 guest networks active (one on each frequency). I recently attached a laptop to the network using the computer's PCI NIC, with the wireless card completely turned off. Much to my surprise, Windows (7 Pro) indicated that I was connected to the 2.4GHz guest network. The only place in the router's configuration where the indicated name appears is in the "Guest zone" configuration page, where it asks for an SSID to use for the "wireless guest zone". Not only that, but it was the only connection that I could get for the computer, unless I turned the wireless card back on. That's also interesting because no other computer on the network, connected via cable, displays any "named" connection when viewing the networking properties. They simply show "Network" as their connection.
View 1 Replies View RelatedAny problems with the guest network on the ea4500 with the cloud firmware? I am losing guest clients after about 24 hours and the re-authentication fails. you enter the guest password and nothing happens until you reboot the router.
View 2 Replies View RelatedRegion : UnitedStates
Model : TL-WDR3600
Hardware Version : V1
Firmware Version : TL-WDR3600_V1_130320
ISP :
Has anyone gotten the Guest Network feature to work from the new firmware TL-WDR3600_V1_130320?I have my WDR3600 setup as an access point:TPLINK with static IP address connected via ethernet cord from the LAN port and connected to the main Verizon FIOS router which distributes DHCP IP addresses to the netwrok. Can not get the Guest Network feature to work - I see the guest SSID I created but when I connect to it, the IP address assigned is in the 169. range meaning it does not get to my main router.It may be because I have the TPLINK setup as an access point, so are there any people who have gotten Guest Network work either with the TPLINK as the main router or as an access point?
I'm having a few problems at the moment with a zone based firewall setup. The more I looked into the problems the more I question whether I need the ZBF or not.My network is pretty simple. 1 Internet connection and 1 LAN interface and a few site to site vpns to the router.So what do people think to having this kind of set up and not using a ZBF?
View 11 Replies View RelatedI've seen you can configure stateful failover between two routers running ip inspect classic firewall: url...Can the same be done yet for zone-firewall? I cannot find any documentation on it.
View 1 Replies View RelatedI have my webserver (30.30.30.50) located at DMZ zone. The public IP of my webserver is (119.2.116.191). From outside i can ping my webserver using public IP thats fine.The issue out here is, if i want to ping my webserver using public IP from Internal LAN then i cannot ping but i can ping my webserver using private IP.I am using ASA5520. [code]
View 2 Replies View Relatedsome of my switches (3750s) are on the right time and some are not. i have them all pointed to the same DC for NTP and they all say they are synchronized. is it possible to have the switches pole the DC for the right time and update?
View 4 Replies View RelatedI'm sure this is simple to resolve. I just bought a new Cisco 2901 ISR Router. How do I configure the Cisco 2901 ISR Router for Zone Firewall? The "zone" command is not recognized and does not show up in the "?" list in config or user modes -
View 4 Replies View RelatedI'm trying to setup a zone behind my firewall with complete publicly routeable IP addresses for 3 servers. The reason I'm doing this is I am in the network setup stage of an OCS implementation, and OCS connections don't behave well with NAT.
My device is a ASA5520. I have an internal zone, and a dmz zone. These are done via standard NAT configurations.
My question is this:
Is it possible to setup connectivity to the outside with internal servers that have Public IP's directly on their NIC's? Another little detail of interest is that this ip space is seperate than the one that's on current Outside interface facing our ISP. However we own both address space.
I have a 2800 router connecting a small office to the Internet. I am using zone-based firewall to provide protection. The small office also needs to connect to another office. The 2800 is at the small office and an ASA at HQ. I successfully established the VPN connection and have allowed Internet access for the small office. The purpose of this post is my zone-base fw policy doesn't appear to be as secure as it could be.
2800 - I have defined two zones (inside and outside). Traffic from the inside to the outside is inspected expect for the traffic to the other office. I allow traffic to the other office to "pass" zbfw. Because the traffic "passes" zbfw, I have to "pass" the same traffic for the outside to in policy. The ASA has "sysopt" to allow VPN traffic to bypass the outside_acl. Do routers and zone-based firewall have a similar feature?
I have a 3845 ISR that I have been managing for a couple years that has a traditional ACL based config. We just purchased a new 3845 for redundancy and it arrived with the zone based config from Cisco. Any opinions on whether I should take the existing router to a zone based config or should I configure the new router with traditional ACL config that I am more comforatable with?
View 1 Replies View RelatedI am looking to add a new DMZ zone to our network with have a standard 1941 (1x LAN / 1 x WAN port) and so I need a 3rd routable L3 interface to create the DMZ.
Is the HWIC-1FE what I am looking for or is there another way to do this?
I have a Cisco 1811 router running the 15.1(3)T IOS. I am having some difficulty with the current zone based firewall and the SSL VPN.
When a user connects, they are put into Virtual-Template 1 which has a zone based assignment of "sslvpn". However the traffic report for the users is listed as being blocked by the zone based firewall in the outbound direction(office out to the wan zone).
Is it possible to allow certain websites to bypass the web authentication pages, so that they do not need to authenticate to get to our own website, but do have to if they wish to go anywhere else?Looking at a 5508 model at the moment
View 4 Replies View RelatedI want to prevent guest from doing peer - peer communication on my Guest (5508) controllers. Is this a feature on the WLC or only by applying an ACL on the router interface?
View 2 Replies View RelatedWasn't sure the format for time zone when installing eval copy of Prime Infra 1.3. Set for UTC now and need to change to CST6CDT. Not sure how to change it.
View 3 Replies View Related-1x Cisco ASA5540
-1x Catalyst 3750x-48T (L3 Core Switch)
Id like to seek expertise on validating a simple firewall setup.
Do i trunk core switch traffic to the cisco ASA OR assign L3 link instead? It is basic understanding that the Cisco ASA is usually use for protection from our internet zone.A typical Cisco ASA setup would consist of outside, inside, dmz zone.
L3 core switch consist of 20 VLANS20 vlan needs to be blocked from each other. Eg Wireless Vlan does not have access to Server Vlan etc etc.
what is the best practise to filter ip address within vlan from reaching each other.Should i trunk all my vlan to the Cisco firewall? (For easy vlan restrictions: but is that best practise?)Or do ACL on the core switch itself? but what if i have tons of servers ip that needs specific ports blocking or etc.How would i be able to manage all my ACL on the core switch.