802.1x Radius, how to return allowed ssid(s)
How does one setup the Radius server to return the allowed SSID for that user.
In this case FreeRadius will be used.
Cisco suggested that to avoid VLAN hopping, one should have the 802.1X RADIUS server return a list of permissible SSIDs for each authenticated user.
I have read documention for how to setup the RADIUS user attributes for VLAN ID assignment but have not found any docs for the Radius SSID assignments.
Suggestions are welcome,
Rene
To prevent client devices from associating to the access point using an unauthorized SSID, create a list of authorized SSIDs that clients must use on your RADIUS server.For more refer the following URL
http://www.cisco.com/en/US/products/ps5853/products_configuration_guide_chapter09186a008043ac56.html#wp1054061
Similar Messages
-
SG 300-10 802.1x radius authentication slowness
We have 802.1x authentication via radius and vlan-id tagging with guest vlan fallback working successfully, but we've noticed that no matter what settings we try for the port, it seems that the switch takes about 20 seconds after the port comes up before it sends the authentication request to the radius server.
We tried enabling portfast under stp and when the port is connected, it does immediately come up, and the user is pushed to the guest vlan, and then after about 20 seconds the prompt comes up and credentials can be entered and then it will send the request to the radius server. If the credentials are saved, it still takes the same amount of time before it sends those saved credentials.
I'm curious if this intended behavior, a limitation of hardware, or a setting on the port I'm missing. We tried lowering the various quiet-period, silence-period, etc timeouts, and are still seeing the same results. All tested os's (OSX, Windows 7+8, Ubuntu + Arch nix) experienced the same results.
Any advice would be appreciated, thank you!
See below for our conf:
net055#show running-config
config-file-header
net055
v1.3.7.18 / R750_NIK_1_35_647_358
CLI v1.0
set system mode switch
file SSD indicator encrypted
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
dot1x guest-vlan timeout 30
vlan database
default-vlan vlan 3333
exit
vlan database
vlan 1,100,102,104,111
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
dot1x system-auth-control
hostname net055
line console
exec-timeout 30
exit
line ssh
exec-timeout 0
exit
encrypted radius-server host 172.16.200.57 key REMOVED= usage dot1.x
radius-server host source-interface vlan 100
management access-list mlist2
permit ip-source 172.16.202.0 mask 255.255.255.0
permit ip-source 172.16.200.0 mask 255.255.255.0
exit
management access-class mlist2
aaa authentication enable default enable none
aaa accounting dot1x start-stop group radius
enable password level 15 encrypted REMOVED
no service password-recovery
no passwords complexity enable
passwords aging 0
username REMOVED privilege 15
username REMOVED privilege 15
ip ssh server
ip ssh password-auth
ip http timeout-policy 1800 https-only
no ip http server
tacacs-server timeout 10
clock timezone EST -5
clock source sntp
sntp unicast client enable
sntp server 172.16.100.95
ip name-server 8.8.4.4
interface vlan 100
ip address 172.16.200.21 255.255.255.0
no ip address dhcp
interface vlan 102
name dev-0-Gnv-202.0
interface vlan 104
name gen-0-Gnv-204.0
interface vlan 111
name guest-0-Gnv-10-66-61.0
dot1x guest-vlan
interface gigabitethernet1
switchport trunk allowed vlan add 100,102,104,111
interface gigabitethernet2
dot1x guest-vlan enable
dot1x reauthentication
dot1x timeout supp-timeout 5
dot1x radius-attributes vlan static
dot1x port-control auto
spanning-tree portfast
interface gigabitethernet3
dot1x guest-vlan enable
dot1x reauthentication
dot1x radius-attributes vlan static
dot1x port-control auto
interface gigabitethernet4
dot1x guest-vlan enable
dot1x reauthentication
dot1x radius-attributes vlan static
dot1x port-control auto
interface gigabitethernet5
dot1x guest-vlan enable
dot1x reauthentication
dot1x radius-attributes vlan static
dot1x port-control auto
spanning-tree portfast
interface gigabitethernet6
dot1x guest-vlan enable
dot1x reauthentication
dot1x radius-attributes vlan static
dot1x port-control auto
spanning-tree portfast
interface gigabitethernet7
dot1x guest-vlan enable
dot1x max-req 10
dot1x reauthentication
dot1x timeout quiet-period 5
dot1x radius-attributes vlan static
dot1x port-control auto
interface gigabitethernet8
dot1x guest-vlan enable
dot1x reauthentication
dot1x radius-attributes vlan static
dot1x port-control auto
interface gigabitethernet9
dot1x guest-vlan enable
dot1x reauthentication
dot1x radius-attributes vlan static
dot1x port-control auto
spanning-tree portfast
interface gigabitethernet10
dot1x guest-vlan enable
dot1x reauthentication
dot1x radius-attributes vlan static
dot1x port-control auto
exit
ip default-gateway 172.16.200.1Forgot to follow up here.
This is a known deficiency of how the SG300 line implements 802.1x vs how all other cisco switches implement it (and how other vendors implement it). The support tech said Cisco was unwilling to fix this deficiency (he would never provide a reason why).
If you have OSX and 802.1x and dont want it to take >30 seconds for users to get auth'd I would suggest going to another vendor since Cisco has said they will not fix this issue. -
[UIX] How To: Return multiple values from a LOV
Hi gang
I've been receiving a number of queries via email on how to return multiple items from a LOV using UIX thanks to earlier posts of mine on OTN. I'm unfortunately aware my previous posts on this are not that clear thanks to the nature of the forums Q&A type approach. So I thought I'd write one clear post, and then direct any queries to it from now on to save me time.
Following is my solution to this problem. Please note it's just one method of many in skinning a cat. It's my understanding via chatting to Oracle employees that LOVs are to be changed in a future release of JDeveloper to be more like Oracle Forms LOVs, so my skinning skills may be rather bloody & crude very soon (already?).
I'll base my example on the hr schema supplied with the standard RDBMS install.
Say we have an UIX input-form screen to modify an employees record. The employees record has a department_id field and a fk to the departments table. Our requirement is to build a LOV for the department_id field such that we can link the employees record to any department_id in the database. In turn we want the department_name shown on the employees input form, so this must be returned via the LOV too.
To meet this requirement follow these steps:
1) In your ADF BC model project, create 2 EOs for employees and departments.
2) Also in your model, create 2 VOs for the same EOs.
3) Open your employees VO and create a new attribute DepartmentName. Check selected in query. In expressions type (SELECT dept.department_name FROM departments dept WHERE dept.department_id = employees.department_id). Check Updateable always.
4) Create a new empty UIX page in your ViewController project called editEmployees.uix.
5) From the data control palette, drag and drop EmployeesView1 as an input-form. Notice that the new field DepartmentName is also included in the input-form.
6) As the DepartmentName will be populated either from querying existing employees records, or via the LOV, disable the field as the user should not have the ability to edit it.
7) Select the DepartmentId field and delete it. In the UI Model window delete the DepartmentId binding.
8) From the data controls palette, drag and drop the DepartmentId field as a messageLovInput onto your page. Note in your application navigator a new UIX page lovWindow0.uix (or similar) has been created for you.
9) While the lovWindow0.uix is still in italics (before you save it), rename the file to departmentsLov.uix.
10) Back in your editEmployees.uix page, your messageLovInput source will look like the following:
<messageLovInput
model="${bindings.DepartmentId}"
id="${bindings.DepartmentId.path}"
destination="lovWindow0.uix"/>Change it to be:
<messageLovInput
model="${bindings.DepartmentId}"
id="DepartmentId"
destination="departmentsLov.uix"
partialRenderMode="multiple"
partialTargets="_uixState DepartmentName"/>11) Also change your DepartmentName source to look like the following:
<messageTextInput
id=DepartmentName
model="${bindings.DepartmentName}"
columns="10"
disabled="true"/>12) Open your departmentsLov.uix page.
13) In the data control palette, drag and drop the DepartmentId field of the DepartmentView1 as a LovTable into the Results area on your page.
14) Notice in the UI Model window that the 3 binding controls have been created for you, an iterator, a range and a binding for DepartmentId.
15) Right click on the DepartmentsLovUIModel node in the UI Model window, then create binding, display, and finally attribute. The attribute binding editor will pop up. In the select-an-iterator drop down select the DepartmentsView1Iterator. Now select DepartmentName in the attribute list and then the ok button.
16) Note in the UI Model you now have a new binding called DCDefaultControl. Select this, and in the property palette change the Id to DepartmentName.
17) View the LOV pages source, and change the lovUpdate event as follows:
<event name="lovSelect">
<compound>
<set value="${bindings.DepartmentId.inputValue}" target="${sessionScope}" property="MyAppDepartmentId" />
<set value="${bindings.DepartmentName.inputValue}" target="${sessionScope}" property="MyAppDepartmentName" />
</compound>
</event>18) Return to editEmployees.uix source, and modify the lovUpdate event to look as follows:
<event name="lovUpdate">
<compound>
<set value="${sessionScope.MyAppDepartmentId}" target="${bindings.DepartmentId}" property="inputValue"/>
<set value="${sessionScope.MyAppDepartmentName}" target="${bindings.DepartmentName}" property="inputValue"/>
</compound>
</event>Thats it. Now when you select a value in your LOV, it will return 2 (multiple!) values.
A couple things to note:
1) In the messageLovInput id field we dont use the .path notation. This is mechanism for returning 1 value from the LOV and is useless for us.
2) Again in the messageLovInput we supply _uixState as an entry in the partialTargets.
3) We are relying on partial-page-refresh functionality to update multiple items on the screen.
Im not going to take the time out to explain these 3 points, but its worthwhile you learning more about them, especially the last 2, as a separate exercise.
One other useful thing to do is, in your messageLovInput, include as a last entry in the partialTargets list MessageBox. In turn locate the messageBox control on your page (if any), and supply an id=MessageBox. This will allow the LOV to place any errors raised in the MessageBox and show them to the user.
I hope this works for you :)
Cheers,
CM.Thanks Chris,
It took me some time to find the information I needed, how to use return multiple values from a LOV popup window, then I found your post and all problems were solved. Its working perfectly, well, almost perfectly.
Im always fighting with ADF-UIX, it never does the thing that I expect it to do, I guess its because I have a hard time letting go of the total control you have as a developer and let the framework take care of a few things.
Anyway, I'm using your example to fill 5 fields at once, one of the fields being a messageChoice (a list with countries) with a LOV to a lookup table (id , country).
I return the countryId from the popup LOV window, that works great, but it doesn't set the correct value in my messageChoice . I think its because its using the CountryId for the listbox index.
So how can I select the correct value inside my messageChoice? Come to think of it, I dont realy think its LOV related...
Can someone help me out out here?
Kind regards
Ido -
Was I just lucky to get 3 phones before they 'cut me off'?
Read if you're bored (obviously I am):
I was eligible in Oct. '09 for my NET uprade. I got a phone, didn't like it better than what I had so I called Verizon to return it.
They told me the procedure and before I hung up I asked, "How many returns/exchanges are allowed in the NET program?" I SWEAR she said, "As many as you like - Verizon wants you to be happy w/your purchase"....and NO RESTOCKING FEE.
Fast Forward to June '10. My trusty ol' VX8350 finally cracks @ the hinge - still useable, but not long for this world. I check my online account as I'm still eligible for the NET....i order up an LG Acccolade phone (the brand has treated me well), but the phone is too basic (kinda jumped the gun on ordering it). So back it goes..
I check my Verizon online account about 2 weeks later, and see my account has NOT been updated to reflect the Accolade was rec'd and I'm still eligible for the NET. I call Customer Service (CS) and after a few minutes, they let me know the phone is rec'd and they can update my account to make me eligible for the NET....and NO RESTOCKING FEE.
So. after a couple of days, I go back online and order up a CASIO EXILIM - It is the ONLY 'multimedia' phone that doesn't require a 'data plan' for an extra $9.99/month. Verizon changed it back in Jan. '10, IIRC - I was told by a Verizon rep during a 'chat' session(and WTH happened to the online chat??).
After living w/the phone for a couple weeks, I'm not liking it. Back it goes to Verizon. I look online a couple of days ago, and don't see that I'm eligible for the NET so I call Verizon. After spending a few minutes going over my account the rep verifies that the Casio has been rec'd and that he will transfer me to the department that handles updating my NET status.
He also notes that I HAVE BEEN CHARGED a RESTOCKING FEE, which he kindly waives. ( I hope!)
HE VERIFIES THAT I HAVE REC'd and RETURNED 2 PREVIOUS PHONES - and says NOTHING about losing my NET eligibiltity. He even states he's worked w/Verizon 'for quite a while' and defends/explain the reasoning for adding the requirement for a data plan w/most/all the multimedia-type phones, "Due to a bunch of people having huge data bills, we instituted this to make sure the customer doesn't have unintended charges. Verizon had their biggest 'write-off' due to this, as customers had these huge data bills and weren't able to pay them". (OK, riiigghhht) After being on hold for awhile he states their's a Tornado warning @ the office he wanted to tranfer me to, so I just agree to be put in the 'queue' .....after 10 minutes I have to get back to work so I hang up.
Today, I call and talk to a gal (nice enough) who after reviewing my account AND TALKING TO HER SUPERVISOR tells me her supervisor will not authorize me receiving the NET eligiblity as their policy is only 1 Exchange allowed, per their Return Policy. I argue that I was told differently in the past and I'm not happy w/their CS (for which she aplogizes) - being in CS my self, I don't take it out on the rep...they're just the messenger.
Was I just lucky to get 3 phones?
TdCustomers may exchange unwanted devices / accessories only once within 30 days from the date of purchase.
The start of the 30-day period for Activate Later Upgrades is based on the date of purchase.
All device returns (not exchanges) reset the customer's contract, upgrade, and NE2 (New Every Two) dates.
A $35 Device Restocking Fee is applied to account -
How to return a profile in Game Center. where you want to enter the old nikneim?
How to return a profile in Game Center. where you want to enter the old nikneim?
It's not actually round. It is slight flattened vertically.
Anyway...
I have an Action that places guides at 50% (50pc) vertically and horizontally to give me the exact center of an image file, or you place them manually with View > New Guide.
After doing that I would place the circular select from that center point using Shift and Alt (Opt) and get it more or less where I wanted it. Then change the selection into a work path.
You can use Free Transform to reshape and position that work path by selecting it in the Paths panel.
Then place your text, and if you still need to fine tune, use Free Transform again, but on the Type layer.
You could also use Free Transform to reshape the BG graphic to make it round. -
How to return a single datetime from multiple rows of MAX(value) in DAX
Hi
I have a Results table with ResultTime, Balance, Equity which is updated with a new row every 5 minutes. I've used SUMX to find opening and closing balances and it has worked so far.
Res_OpeningBalance:=SUMX(TOPN(1,Results,Results[ResultTime],1),[Balance])
Res_ClosingBalance:=SUMX(TOPN(1,Results,Results[ResultTime],0),[Balance])
But when I tried it with dates, the whole thing fell apart.
Res_MaxBalance_Date:=SUMX(TOPN(1,Results,Results[Balance],0),[ResultTime])
Since the highest Balance is likely to be represented through many rows due to it lasting more than 5 minutes, ResultTime (which is unique to each row) is summed up and returns messed up dates well into the future. How to return only one date (first or last
datetime) from the rows where Balance is at max?
I tried a TOPN of TOPN, but Excel was not amused.
=SUMX(TOPN(1,Results,Results[Balance],0),TOPN(1,Results,Results[ResultTime],0))
TIA!
Re
DennisI still don't understand RANKX, but I figured it out anyway. I get the correct data by using:
Res_MaxBalance:=MAX(Results[Balance])
Res_MaxBalanceDate:=CALCULATE(MAX(Results[ResultTime]),FILTER(Results, Results[Balance]=MAX(Results[Balance])))
Res_MinBalance:=MIN(Results[Balance])
Res_MinBalanceDate:=CALCULATE(MAX(Results[ResultTime]),FILTER(Results, Results[Balance]=MIN(Results[Balance])))
Res_MaxEquity:=MAX(Results[Equity])
Res_MaxEquityDate:=CALCULATE(MAX(Results[ResultTime]),FILTER(Results, Results[Equity]=MAX(Results[Equity])))
Res_MinEquity:=MIN(Results[Equity])
Res_MinEquityDate:=CALCULATE(MAX(Results[ResultTime]),FILTER(Results, Results[Equity]=MIN(Results[Equity])))
Re
D -
How to return a html repsonse after form guide rendering in browser?
How to return a html repsonse after form guide rendering in browser indicating that server has recieved transmission and request is submitted succesfuly?
I am rendering the form guide in browser using guide invoke service and when i submit the data in browser to server through guide , it is displaying some random number in browser?
i need to display a resposne that request is submitted successfully?how could i define a variable with "html data" ?
Create a variable of type document and then a service to read the html from where ever it's located. If you put it in LiveCycle, you can use the ReadRessource service. If it's on the file system, you can use the Read Document. If it's in the database, you can use the JDBC service.
Also, one more doubt where should i use this variable in my process to get the same?
You want the response once you've submitted the data, so the html is really the result of calling the process that's processing the data. So I would create an output variable of type document on that process.
Right now it displays a random number in the browser because your submit process is long lived. When a process is long lived (asynchronous), you invoke it and then you get an identifier back. It's kind of a fire and forget. You can use that identifier to check the status of the long lived process, since long lived processes can take hours, days to complete. You don't want your browser to wait that long, hence the identifier.
However if you change the process to be short lived (synchronous), the browser will wait for the result of the process, which really means the output variables for that process. If your output variable contains html, it'll display html.
So the key is make you submit process short lived and populate the output variables appropriately.
Jasmin -
how do I allow other users to view pictures in iphoto on my computer?? can only view pictures when signed in administrator account?
Try Here > http://www.apple.com/findouthow/photos/#intro
More Info Here for the New Mac User...
Mac essentials http://support.apple.com/kb/HT2477
PC to Mac video http://support.apple.com/kb/VI207
Find Out How (Video)
http://www.apple.com/findouthow/mac/ -
How do I allow other users on my wifi to print from their computers?
How do I allow other users on my network (wifi) to print on my printers?
Hi there,
You may find the article below helpful.
iTunes: How to share music between different accounts on a single computer
http://support.apple.com/kb/HT1203
-Griff W. -
How can I allow other users on my macbook to view my iphoto library when th
How can I allow other users on my macbook to view my iphoto library when they are logged in. I do not have a network, and the users (my family) all log in seperately when they use the computer. Does anyone know? Thank you.
rdoss
Welcome to the Apple Discussions.
If you want others to be able to see the pics, but not add to, change or alter your library, then enable Sharing in your iPhoto (Preferences -> Sharing), leave iPhoto running and use Fast User Switching to open the other account(s). In the other account(s), enable 'Look For Shared Libraries'. Your Library will appear in their source pane.
Remember iPhoto must be running in both accounts for this to work.
Regards
TD -
How do I allow my users to set the option to save a new timezone for future sessions?
The option to save a newly selected timezone for future sessions has been greyed-out
in the Calendar Client. How can I allow my users to choose this option?
<P>
This is controlled by the settimezone setting on the Calendar Server. By
default, it is set to FALSE. You can change the value to TRUE in the
unison.ini settings. The
Calendar Server must be restarted for the change to take effect.Hi,
Based my research, OOB SharePoint don’t allow anonymous users to contribute contents(Edit, Upload and Add) into list and library.
This is by design behavior, and it’s a consideration about security in order to help protect your site from potential script injection attacks.
For anonymous users, only the View Item permission is available for libraries.
If you want to know more about this, please refer to
http://office.microsoft.com/en-us/windows-sharepoint-services-help/enable-anonymous-access-HA010113018.aspx
Hope this helps
Thanks!
Stanfford -
How can I allow a user (client) to choose a local image file (on his hard d
How can I allow a user (client) to choose a local image file (on his hard drive) and modify it using an applet from his browser ? I am trying to develop a web page that enables the user to choose an Image file, manipulate the image using a java applet, and display the results.
Using Java�s �JFileChooser� does not work when called from a browser, probably due to security privileges issues. On the other hand, I can choose and upload any file using a JavaScript form:
<FORM METHOD="POST" ENCTYPE="multipart/form-data" ACTION="process.asp">
<INPUT TYPE=FILE NAME="file1"><BR>
�
It seems that I can choose an image file with a Java script form and process an image with an applet. How can I choose a file AND process it locally ?
(I do not wish to upload the file to the server using JavaScript form and then back to the client�s applet for processing since it will be a tremendous waste of resources).
Will appreciate any solution.
Thanks !
( my email is: [email protected] )"Using Java�s �JFileChooser� does not work when called from a browser, probably due to security privileges issues. "
You can do this if you sign the applet... -
Our benefit administrator keeps getting an error on adding a social security number that starts with a 9, that is a valid SSN for a spouse, How do we allow this to go through?
To attempt a new chat session...
For the link below click the Still Need Help? option in the blue area at the bottom and choose the chat option...
http://helpx.adobe.com/x-productkb/global/service1.html -
How can i allow certain people to reply to forum post?
Hi all, how do i allow certain group of people to reply to forum post instead of everyone can reply? Any help would greatly appreciated.
Hello
You can secure the forum and subscribe group of people to the secure zone , by this only the subscribers will be able to view the forum and reply on posts.
You can also enable moderation for topics with which only approved topics will be visible on your site.
For details please refer to this document :
http://kb.worldsecuresystems.com/kb/forum-topics-posts.html
Regards,
Sanjit -
How do I allow access to non admin network users to disk volume?
I would like to allow access to a specific volume (disk) on one of our networked macs (Mac1) to all users. I've set user accounts on Mac 1 for all network users. These users are "regular" users, not admin. They can access this disk (and all others on Mac1) if I log in as Admin set Users to Admin. If I do this, then users have access to ALL data on all disks. If I do not, leaving them as "regular" users, when they log in they only see public folders. How can I allow access to the one disk volume without making network users admin? I tried changing various settings for the volume in Finder Info (everone else=read/write; ignore permissions) with no luck.
Thanks
iMac, ibooks, G5, Tibook Mac OS X (10.4.4)Your observations are correct - by default, an "admin" user connecting over AFP can choose from available "volumes" (default) or "shares", whereas a non-admin user can only mount "shares".
By default, the only "shares" on an OS X client machine are the users' "Public" folders, and unlike pre-OS X Macs, it isn't easy to configure your own share points. Apple's official statement is that users wanting this functionality should buy OS X Server.
However, it is possible to create an arbitrary share point using 3rd party software called "SharePoints" (donationware). I have never used it, but it seems to be well regarded. Alternatively, you can do it manually following the instructions in this hint & comments (especially apw8's):
http://www.macosxhints.com/article.php?story=20011108161839416
Once the external drive (or folder on the external drive) is configured as a share point, it should be possible for non-admin users to select and mount it once they connect over AFP.
Maybe you are looking for
-
Hi all, I'm having issues working with VISA in LabVIEW. Previously, I've used Peek/Poke VIs (before they were VISA VIs) that allowed me to read and write directly to registers at a given Windows address. I have a new, custom PCI Express board that us
-
Regarding (oops) Interface
hi, could u plz tell me can we create instance for Interface, if it is possible how?
-
Dear Experts, We have maintained condition record for BED, Scess and SHcess in our company. Now, a new requirement has come up to maintain automatic as well as manual condition types for excise duties. Whenever we enter the manual excise condition ty
-
Illustrator show not enough memory to open file,
but the file is only under 200k, my PC config is 16G Win 7, 1TB HD
-
I get an error message in my Yahoo fianance portfolio when I click on message board.
When I am in Yahoo Finance, My Portfolio, I can not go into message board for any of my stock symbols. I get this message. Error while retrieving the data (Error Code: MBHo_404404_1MBBa_INVALID_STATUS) Please help.