802.1x Radius, how to return allowed ssid(s)

Similar Messages

• SG 300-10 802.1x radius authentication slowness

  We have 802.1x authentication via radius and vlan-id tagging with guest vlan fallback working successfully, but we've noticed that no matter what settings we try for the port, it seems that the switch takes about 20 seconds after the port comes up before it sends the authentication request to the radius server.
  We tried enabling portfast under stp and when the port is connected, it does immediately come up, and the user is pushed to the guest vlan, and then after about 20 seconds the prompt comes up and credentials can be entered and then it will send the request to the radius server. If the credentials are saved, it still takes the same amount of time before it sends those saved credentials. 
  I'm curious if this intended behavior, a limitation of hardware, or a setting on the port I'm missing. We tried lowering the various quiet-period, silence-period, etc timeouts, and are still seeing the same results. All tested os's (OSX, Windows 7+8, Ubuntu + Arch nix) experienced the same results.
  Any advice would be appreciated, thank you!
  See below for our conf:
  net055#show running-config 
  config-file-header
  net055
  v1.3.7.18 / R750_NIK_1_35_647_358
  CLI v1.0
  set system mode switch 
  file SSD indicator encrypted
  ssd-control-start
  ssd config
  ssd file passphrase control unrestricted
  no ssd file integrity control
  ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
  dot1x guest-vlan timeout 30
  vlan database
  default-vlan vlan 3333
  exit
  vlan database
  vlan 1,100,102,104,111
  exit
  voice vlan oui-table add 0001e3 Siemens_AG_phone________
  voice vlan oui-table add 00036b Cisco_phone_____________
  voice vlan oui-table add 00096e Avaya___________________
  voice vlan oui-table add 000fe2 H3C_Aolynk______________
  voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
  voice vlan oui-table add 00d01e Pingtel_phone___________
  voice vlan oui-table add 00e075 Polycom/Veritel_phone___
  voice vlan oui-table add 00e0bb 3Com_phone______________
  dot1x system-auth-control
  hostname net055
  line console
  exec-timeout 30
  exit
  line ssh
  exec-timeout 0
  exit
  encrypted radius-server host 172.16.200.57 key REMOVED= usage dot1.x
  radius-server host source-interface vlan 100
  management access-list mlist2
  permit ip-source 172.16.202.0 mask 255.255.255.0
  permit ip-source 172.16.200.0 mask 255.255.255.0
  exit
  management access-class mlist2
  aaa authentication enable default enable none         
  aaa accounting dot1x start-stop group radius
  enable password level 15 encrypted REMOVED
  no service password-recovery
  no passwords complexity enable
  passwords aging 0
  username REMOVED privilege 15
  username REMOVED privilege 15
  ip ssh server
  ip ssh password-auth
  ip http timeout-policy 1800 https-only
  no ip http server
  tacacs-server timeout 10
  clock timezone EST -5
  clock source sntp
  sntp unicast client enable
  sntp server 172.16.100.95
  ip name-server  8.8.4.4
  interface vlan 100
   ip address 172.16.200.21 255.255.255.0
   no ip address dhcp
  interface vlan 102
   name dev-0-Gnv-202.0
  interface vlan 104
   name gen-0-Gnv-204.0
  interface vlan 111
   name guest-0-Gnv-10-66-61.0
   dot1x guest-vlan
  interface gigabitethernet1
   switchport trunk allowed vlan add 100,102,104,111
  interface gigabitethernet2
   dot1x guest-vlan enable
   dot1x reauthentication
   dot1x timeout supp-timeout 5
   dot1x radius-attributes vlan static
   dot1x port-control auto
   spanning-tree portfast
  interface gigabitethernet3                            
   dot1x guest-vlan enable
   dot1x reauthentication
   dot1x radius-attributes vlan static
   dot1x port-control auto
  interface gigabitethernet4
   dot1x guest-vlan enable
   dot1x reauthentication
   dot1x radius-attributes vlan static
   dot1x port-control auto
  interface gigabitethernet5
   dot1x guest-vlan enable
   dot1x reauthentication
   dot1x radius-attributes vlan static
   dot1x port-control auto
   spanning-tree portfast
  interface gigabitethernet6
   dot1x guest-vlan enable
   dot1x reauthentication
   dot1x radius-attributes vlan static                  
   dot1x port-control auto
   spanning-tree portfast
  interface gigabitethernet7
   dot1x guest-vlan enable
   dot1x max-req 10
   dot1x reauthentication
   dot1x timeout quiet-period 5
   dot1x radius-attributes vlan static
   dot1x port-control auto
  interface gigabitethernet8
   dot1x guest-vlan enable
   dot1x reauthentication
   dot1x radius-attributes vlan static
   dot1x port-control auto
  interface gigabitethernet9
   dot1x guest-vlan enable
   dot1x reauthentication
   dot1x radius-attributes vlan static
   dot1x port-control auto                              
   spanning-tree portfast
  interface gigabitethernet10
   dot1x guest-vlan enable
   dot1x reauthentication
   dot1x radius-attributes vlan static
   dot1x port-control auto
  exit
  ip default-gateway 172.16.200.1

  Forgot to follow up here. 
  This is a known deficiency of how the SG300 line implements 802.1x vs how all other cisco switches implement it (and how other vendors implement it). The support tech said Cisco was unwilling to fix this deficiency (he would never provide a reason why). 
  If you have OSX and 802.1x and dont want it to take >30 seconds for users to get auth'd I would suggest going to another vendor since Cisco has said they will not fix this issue. 

• [UIX] How To: Return multiple values from a LOV

  Hi gang
  I've been receiving a number of queries via email on how to return multiple items from a LOV using UIX thanks to earlier posts of mine on OTN. I'm unfortunately aware my previous posts on this are not that clear thanks to the nature of the forums Q&A type approach. So I thought I'd write one clear post, and then direct any queries to it from now on to save me time.
  Following is my solution to this problem. Please note it's just one method of many in skinning a cat. It's my understanding via chatting to Oracle employees that LOVs are to be changed in a future release of JDeveloper to be more like Oracle Forms LOVs, so my skinning skills may be rather bloody & crude very soon (already?).
  I'll base my example on the hr schema supplied with the standard RDBMS install.
  Say we have an UIX input-form screen to modify an employees record. The employees record has a department_id field and a fk to the departments table. Our requirement is to build a LOV for the department_id field such that we can link the employees record to any department_id in the database. In turn we want the department_name shown on the employees input form, so this must be returned via the LOV too.
  To meet this requirement follow these steps:
  1) In your ADF BC model project, create 2 EOs for employees and departments.
  2) Also in your model, create 2 VOs for the same EOs.
  3) Open your employees VO and create a new attribute DepartmentName. Check “selected in query”. In expressions type “(SELECT dept.department_name FROM departments dept WHERE dept.department_id = employees.department_id)”. Check Updateable “always”.
  4) Create a new empty UIX page in your ViewController project called editEmployees.uix.
  5) From the data control palette, drag and drop EmployeesView1 as an input-form. Notice that the new field DepartmentName is also included in the input-form.
  6) As the DepartmentName will be populated either from querying existing employees records, or via the LOV, disable the field as the user should not have the ability to edit it.
  7) Select the DepartmentId field and delete it. In the UI Model window delete the DepartmentId binding.
  8) From the data controls palette, drag and drop the DepartmentId field as a messageLovInput onto your page. Note in your application navigator a new UIX page lovWindow0.uix (or similar) has been created for you.
  9) While the lovWindow0.uix is still in italics (before you save it), rename the file to departmentsLov.uix.
  10) Back in your editEmployees.uix page, your messageLovInput source will look like the following:
  <messageLovInput
      model="${bindings.DepartmentId}"
      id="${bindings.DepartmentId.path}"
      destination="lovWindow0.uix"/>Change it to be:
  <messageLovInput
      model="${bindings.DepartmentId}"
      id="DepartmentId"
      destination="departmentsLov.uix"
      partialRenderMode="multiple"
      partialTargets="_uixState DepartmentName"/>11) Also change your DepartmentName source to look like the following:
  <messageTextInput
      id=”DepartmentName”
      model="${bindings.DepartmentName}"
      columns="10"
      disabled="true"/>12) Open your departmentsLov.uix page.
  13) In the data control palette, drag and drop the DepartmentId field of the DepartmentView1 as a LovTable into the Results area on your page.
  14) Notice in the UI Model window that the 3 binding controls have been created for you, an iterator, a range and a binding for DepartmentId.
  15) Right click on the DepartmentsLovUIModel node in the UI Model window, then create binding, display, and finally attribute. The attribute binding editor will pop up. In the select-an-iterator drop down select the DepartmentsView1Iterator. Now select DepartmentName in the attribute list and then the ok button.
  16) Note in the UI Model you now have a new binding called DCDefaultControl. Select this, and in the property palette change the Id to DepartmentName.
  17) View the LOV page’s source, and change the lovUpdate event as follows:
  <event name="lovSelect">
      <compound>
          <set value="${bindings.DepartmentId.inputValue}" target="${sessionScope}" property="MyAppDepartmentId" />
          <set value="${bindings.DepartmentName.inputValue}" target="${sessionScope}" property="MyAppDepartmentName" />
      </compound>
  </event>18) Return to editEmployees.uix source, and modify the lovUpdate event to look as follows:
  <event name="lovUpdate">
      <compound>
          <set value="${sessionScope.MyAppDepartmentId}" target="${bindings.DepartmentId}" property="inputValue"/>
          <set value="${sessionScope.MyAppDepartmentName}" target="${bindings.DepartmentName}" property="inputValue"/>     
      </compound>
  </event>That’s it. Now when you select a value in your LOV, it will return 2 (multiple!) values.
  A couple things to note:
  1) In the messageLovInput id field we don’t use the “.path” notation. This is mechanism for returning 1 value from the LOV and is useless for us.
  2) Again in the messageLovInput we supply “_uixState” as an entry in the partialTargets.
  3) We are relying on partial-page-refresh functionality to update multiple items on the screen.
  I’m not going to take the time out to explain these 3 points, but it’s worthwhile you learning more about them, especially the last 2, as a separate exercise.
  One other useful thing to do is, in your messageLovInput, include as a last entry in the partialTargets list “MessageBox”. In turn locate the messageBox control on your page (if any), and supply an id=”MessageBox”. This will allow the LOV to place any errors raised in the MessageBox and show them to the user.
  I hope this works for you :)
  Cheers,
  CM.

  Thanks Chris,
  It took me some time to find the information I needed, how to use return multiple values from a LOV popup window, then I found your post and all problems were solved. Its working perfectly, well, almost perfectly.
  Im always fighting with ADF-UIX, it never does the thing that I expect it to do, I guess its because I have a hard time letting go of the total control you have as a developer and let the framework take care of a few things.
  Anyway, I'm using your example to fill 5 fields at once, one of the fields being a messageChoice (a list with countries) with a LOV to a lookup table (id , country).
  I return the countryId from the popup LOV window, that works great, but it doesn't set the correct value in my messageChoice . I think its because its using the CountryId for the listbox index.
  So how can I select the correct value inside my messageChoice? Come to think of it, I dont realy think its LOV related...
  Can someone help me out out here?
  Kind regards
  Ido

• How many  Exchanges allowed  with  New Every Two ( NET )- Upgrade Program ? Policy change?

  Was I just lucky to get 3 phones before they 'cut me off'?
  Read if you're bored (obviously I am):
  I was eligible in Oct. '09 for my NET uprade. I got a phone, didn't like it better than what I had so I called Verizon to return it.
  They told me the procedure and before I hung up I asked, "How many returns/exchanges are allowed in the NET program?" I SWEAR she said, "As many as you like - Verizon wants you to be happy w/your purchase"....and NO RESTOCKING FEE.
  Fast Forward to June '10. My trusty ol' VX8350 finally cracks @ the hinge - still useable, but not long for this world. I check my online account as I'm still eligible for the NET....i order up an LG Acccolade phone (the brand has treated me well), but the phone is too basic (kinda jumped the gun on ordering it). So back it goes..
  I check my Verizon online account about 2 weeks later, and see my account has NOT been updated to reflect the Accolade was rec'd and I'm still eligible for the NET. I call Customer Service (CS) and after a few minutes, they let me know the phone is rec'd and they can update my account to make me eligible for the NET....and NO RESTOCKING FEE.
  So. after a couple of days, I go back online and order up a CASIO EXILIM - It is the ONLY 'multimedia' phone that doesn't require a 'data plan' for an extra $9.99/month. Verizon changed it back in Jan. '10, IIRC - I was told by a Verizon rep during a 'chat' session(and WTH happened to the online chat??).
  After living w/the phone for a couple weeks, I'm not liking it. Back it goes to Verizon. I look online a couple of days ago, and don't see that I'm eligible for the NET so I call Verizon. After spending a few minutes going over my account the rep verifies that the Casio has been rec'd and that he will transfer me to the department that handles updating my NET status.
  He also notes that I HAVE BEEN CHARGED a RESTOCKING FEE, which he kindly waives. ( I hope!)
  HE VERIFIES THAT I HAVE REC'd and RETURNED 2 PREVIOUS PHONES - and says NOTHING about losing my NET eligibiltity. He even states he's worked w/Verizon 'for quite a while' and defends/explain the reasoning for adding the requirement for a data plan w/most/all the multimedia-type phones, "Due to a bunch of people having huge data bills, we instituted this to make sure the customer doesn't have unintended charges. Verizon had their biggest 'write-off' due to this, as customers had these huge data bills and weren't able to pay them". (OK, riiigghhht) After being on hold for awhile he states their's a Tornado warning @ the office he wanted to tranfer me to, so I just agree to be put in the 'queue' .....after 10 minutes I have to get back to work so I hang up.
  Today, I call and talk to a gal (nice enough) who after reviewing my account AND TALKING TO HER SUPERVISOR tells me her supervisor will not authorize me receiving the NET eligiblity as their policy is only 1 Exchange allowed, per their Return Policy. I argue that I was told differently in the past and I'm not happy w/their CS (for which she aplogizes) - being in CS my self, I don't take it out on the rep...they're just the messenger.
  Was I just lucky to get 3 phones?
  Td

  Customers may exchange unwanted devices / accessories only once within 30 days from the date of purchase.
  The start of the 30-day period for Activate Later Upgrades is based on the date of purchase.
  All device returns (not exchanges) reset the customer's contract, upgrade, and NE2 (New Every Two) dates. 
  A $35 Device Restocking Fee is applied to account

• How to return a profile in Game Center. where you want to enter the old nikneim?

  How to return a profile in Game Center. where you want to enter the old nikneim?

  It's not actually round.  It is slight flattened vertically.
  Anyway...
  I have an Action that places guides at 50% (50pc) vertically and horizontally to give me the exact center of an image file, or you place them manually with View > New Guide.
  After doing that I would place the circular select from that center point using Shift and Alt (Opt) and get it more or less where I wanted it.  Then change the selection into a work path.
  You can use Free Transform to reshape and position that work path by selecting it in the Paths panel.
  Then place your text, and if you still need to fine tune, use Free Transform again, but on the Type layer.
  You could also use Free Transform to reshape the BG graphic to make it round.

• How to return a single datetime from multiple rows of MAX(value) in DAX

  Hi
  I have a Results table with ResultTime, Balance, Equity which is updated with a new row every 5 minutes. I've used SUMX to find opening and closing balances and it has worked so far.
  Res_OpeningBalance:=SUMX(TOPN(1,Results,Results[ResultTime],1),[Balance])
  Res_ClosingBalance:=SUMX(TOPN(1,Results,Results[ResultTime],0),[Balance])
  But when I tried it with dates, the whole thing fell apart.
  Res_MaxBalance_Date:=SUMX(TOPN(1,Results,Results[Balance],0),[ResultTime])
  Since the highest Balance is likely to be represented through many rows due to it lasting more than 5 minutes, ResultTime (which is unique to each row) is summed up and returns messed up dates well into the future. How to return only one date (first or last
  datetime) from the rows where Balance is at max?
  I tried a TOPN of TOPN, but Excel was not amused.
  =SUMX(TOPN(1,Results,Results[Balance],0),TOPN(1,Results,Results[ResultTime],0))
  TIA!
  Re
  Dennis

  I still don't understand RANKX, but I figured it out anyway. I get the correct data by using:
  Res_MaxBalance:=MAX(Results[Balance])
  Res_MaxBalanceDate:=CALCULATE(MAX(Results[ResultTime]),FILTER(Results, Results[Balance]=MAX(Results[Balance])))
  Res_MinBalance:=MIN(Results[Balance])
  Res_MinBalanceDate:=CALCULATE(MAX(Results[ResultTime]),FILTER(Results, Results[Balance]=MIN(Results[Balance])))
  Res_MaxEquity:=MAX(Results[Equity])
  Res_MaxEquityDate:=CALCULATE(MAX(Results[ResultTime]),FILTER(Results, Results[Equity]=MAX(Results[Equity])))
  Res_MinEquity:=MIN(Results[Equity])
  Res_MinEquityDate:=CALCULATE(MAX(Results[ResultTime]),FILTER(Results, Results[Equity]=MIN(Results[Equity])))
  Re
  D

• How to return a html repsonse after form guide rendering in browser?

  How to return a html repsonse after form guide rendering in browser indicating that server has recieved transmission and request is submitted succesfuly?
  I am rendering the form guide in browser using guide invoke service and when i submit the data in browser to server through guide , it is displaying some random number in browser?
  i need to display a resposne that request is submitted successfully?

  how could i define a variable with "html data" ?
  Create a variable of type document and then a service to read the html from where ever it's located. If you put it in LiveCycle, you can use the ReadRessource service. If it's on the file system, you can use the Read Document. If it's in the database, you can use the JDBC service.
  Also, one more doubt where should i use this variable in my process to get the same?
  You want the response once you've submitted the data, so the html is really the result of calling the process that's processing the data. So I would create an output variable of type document on that process.
  Right now it displays a random number in the browser because your submit process is long lived. When a process is long lived (asynchronous), you invoke it and then you get an identifier back. It's kind of a fire and forget. You can use that identifier to check the status of the long lived process, since long lived processes can take hours, days to complete. You don't want your browser to wait that long, hence the identifier.
  However if you change the process to be short lived (synchronous), the browser will wait for the result of the process, which really means the output variables for that process. If your output variable contains html, it'll display html.
  So the key is make you submit process short lived and populate the output variables appropriately.
  Jasmin

• New to mac , when i imported pictures on my account , i noticed the family user account can not view pictures in iPhoto why is this and how do i allow other users on my mac to view the pictures

  how do I allow other users to view pictures in iphoto on my computer?? can only view pictures when signed in administrator account?

  Try Here  >  http://www.apple.com/findouthow/photos/#intro
  More Info Here for the New Mac User...
  Mac essentials   http://support.apple.com/kb/HT2477
  PC to Mac video      http://support.apple.com/kb/VI207
  Find Out How (Video)
  http://www.apple.com/findouthow/mac/

• How do I allow other users on my wifi to print from their computers?

  How do I allow other users on my network (wifi) to print on my printers? 

  Hi there,
  You may find the article below helpful.
  iTunes: How to share music between different accounts on a single computer
  http://support.apple.com/kb/HT1203
  -Griff W.

• How can I allow other users on my macbook to view my iphoto library when th

  How can I allow other users on my macbook to view my iphoto library when they are logged in. I do not have a network, and the users (my family) all log in seperately when they use the computer. Does anyone know? Thank you.

  rdoss
  Welcome to the Apple Discussions.
  If you want others to be able to see the pics, but not add to, change or alter your library, then enable Sharing in your iPhoto (Preferences -> Sharing), leave iPhoto running and use Fast User Switching to open the other account(s). In the other account(s), enable 'Look For Shared Libraries'. Your Library will appear in their source pane.
  Remember iPhoto must be running in both accounts for this to work.
  Regards
  TD

• How do I allow my users to set the option to save a new timezone for future sessions?

  The option to save a newly selected timezone for future sessions has been greyed-out
  in the Calendar Client. How can I allow my users to choose this option?
  <P>
  This is controlled by the settimezone setting on the Calendar Server. By
  default, it is set to FALSE. You can change the value to TRUE in the
  unison.ini settings. The
  Calendar Server must be restarted for the change to take effect.

  Hi,
  Based my research, OOB SharePoint don’t allow anonymous users to contribute contents(Edit, Upload and Add) into list and library.
  This is by design behavior, and it’s a consideration about security in order to help protect your site from potential script injection attacks.
  For anonymous users, only the View Item permission is available for libraries.
  If you want to know more about this, please refer to
  http://office.microsoft.com/en-us/windows-sharepoint-services-help/enable-anonymous-access-HA010113018.aspx
  Hope this helps
  Thanks!
  Stanfford

• How can I allow a user (client) to choose a local image file (on his hard d

  How can I allow a user (client) to choose a local image file (on his hard drive) and modify it using an applet from his browser ? I am trying to develop a web page that enables the user to choose an Image file, manipulate the image using a java applet, and display the results.
  Using Java�s �JFileChooser� does not work when called from a browser, probably due to security privileges issues. On the other hand, I can choose and upload any file using a JavaScript form:
  <FORM METHOD="POST" ENCTYPE="multipart/form-data" ACTION="process.asp">
  <INPUT TYPE=FILE NAME="file1"><BR>
  �
  It seems that I can choose an image file with a Java script form and process an image with an applet. How can I choose a file AND process it locally ?
  (I do not wish to upload the file to the server using JavaScript form and then back to the client�s applet for processing since it will be a tremendous waste of resources).
  Will appreciate any solution.
  Thanks !
  ( my email is: [email protected] )

  "Using Java�s �JFileChooser� does not work when called from a browser, probably due to security privileges issues. "
  You can do this if you sign the applet...

• Our benefit administrator keeps getting an error on adding a social security number that starts with a 9, that is a valid SSN for a spouse, How do we allow this to go through?

  Our benefit administrator keeps getting an error on adding a social security number that starts with a 9, that is a valid SSN for a spouse, How do we allow this to go through?

  To attempt a new chat session...
  For the link below click the Still Need Help? option in the blue area at the bottom and choose the chat option...
  http://helpx.adobe.com/x-productkb/global/service1.html

• How can i allow certain people to reply to forum post?

  Hi all, how do i allow certain group of people to reply to forum post instead of everyone can reply? Any help would greatly appreciated.

  Hello
  You can secure the forum and subscribe group of people to the secure zone , by this only the subscribers will be able to view the forum and reply on posts.
  You can also enable moderation for topics with which only approved topics will be visible on your site.
  For details please refer to this document :
  http://kb.worldsecuresystems.com/kb/forum-topics-posts.html
  Regards,
  Sanjit

• How do I allow access to non admin network users to disk volume?

  I would like to allow access to a specific volume (disk) on one of our networked macs (Mac1) to all users. I've set user accounts on Mac 1 for all network users. These users are "regular" users, not admin. They can access this disk (and all others on Mac1) if I log in as Admin set Users to Admin. If I do this, then users have access to ALL data on all disks. If I do not, leaving them as "regular" users, when they log in they only see public folders. How can I allow access to the one disk volume without making network users admin? I tried changing various settings for the volume in Finder Info (everone else=read/write; ignore permissions) with no luck.
  Thanks
  iMac, ibooks, G5, Tibook   Mac OS X (10.4.4)  

  Your observations are correct - by default, an "admin" user connecting over AFP can choose from available "volumes" (default) or "shares", whereas a non-admin user can only mount "shares".
  By default, the only "shares" on an OS X client machine are the users' "Public" folders, and unlike pre-OS X Macs, it isn't easy to configure your own share points. Apple's official statement is that users wanting this functionality should buy OS X Server.
  However, it is possible to create an arbitrary share point using 3rd party software called "SharePoints" (donationware). I have never used it, but it seems to be well regarded. Alternatively, you can do it manually following the instructions in this hint & comments (especially apw8's):
  http://www.macosxhints.com/article.php?story=20011108161839416
  Once the external drive (or folder on the external drive) is configured as a share point, it should be possible for non-admin users to select and mount it once they connect over AFP.