Block client MAC on VLAN

Similar Messages

• Blocking Client MAC Addresses at Sup720/WLSM?

  I want to block client MAC addresses at the central 6500, where the WLSM is located. Is there any solution like "dot11 association mac-list" at the accesspoints? I tried an "access-expression" on the tunnelinterface, but it did not work. Any suggestions?

  Here is an example of config
  switch(config)# mac access-list extended ARP_Packet
  Switch(config-ext-nacl)# permit host 0000.861f.3745 host 0006.5bd8.8c2f 0x806 0x0
  Switch(config-ext-nacl)# end
  Issue the vlan access-map map_ name command and the action drop command, which is the action to perform.
  The vlan access-map map_ name command uses the MAC access list that you created to block ARP traffic from the hosts.
  Switch(config)# vlan access-map block_arp 10
  Switch (config-access-map)# action drop
  Switch (config-access-map)# match mac address ARP-Packet
  Add an additional line to the same VLAN access map to forward the rest of the traffic.
  Switch(config)# vlan access-map block_arp 20
  Switch (config-access-map)# action forward
  Choose a VLAN access map and apply it to a VLAN interface.
  Issue the VLAN filter vlan_access_map_name vlan-list vlan_number command.
  Switch(config)# vlan filter block_arp vlan-list 2

• WLC - How to block a single client MAC address?

  Hi Sir,
  On a WLC (software version 4.1.185.0), how to block a single client MAC address?
  I thought of using the SECURITY -> Disabled Clients. Is it right?
  There are currently 250 users connected to the WLC. MAC Filtering is not a scalable solution because as I understand it, we have to specify all the legitimate MAC addresses in the local database.
  Thank you.
  B.Rgds,
  Lim TS

  Hi Lim,
  As you have discovered, the Mac filtering on the WLC is an Allow (based on Mac address) rather than what you need which is a Deny (based on Mac address). I have not tried this feature but I think you are on the right track in using the Exclusion List (Blacklist) feature. Have a look;
  Use SECURITY > AAA > Disabled Client then click New or MONITOR > Clients then click Disable to navigate to this page.
  This page allows you to manually Exclusion List (blacklist) a client by MAC address.
  Add the MAC Address and an optional Client Description for the client to be disabled.
  Note When you enter a client MAC address to be disabled, the Operating System checks that the MAC address is not one of the known Local Net clients ( Local Net Users), Authorized clients ( MAC Filtering), or Local Management users ( Local Management Users) MAC addresses. If the entered MAC address is on one of these three lists, the Operating System does not allow the MAC address to be manually disabled.
  Hope this helps! Let us know.
  Rob

• .blocking host in same VLAN

  Is it possible to block access from one host to another host (in one direction only), both in the same vlan.
  I read about acl blocking using mac id and tried it too, but could not succed.
  the switch used is 6509

  Rajesh
  Take a look at this config guide:
  <http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a0080403fec.html#wp1177176>
  hth,
  Ajaz Nawaz

• How to make 2 clients on same VLAN communicate to each other when tunnel-loop-prevention is enabled?

  Requirement:
  How to make two clients on same VLAN communicate to each other when tunnel-loop-prevention is enabled on tunneled-node configuration at controller?
  Whenever we enable tunnel-loop-prevention on controller while we configure tunneled-node, the communication between two tunneled-node client on same VLAN is blocked or dropped.
  If the tunneled-node clients are of different VLANs then they can communicate between them even when the tunnel-loop-prevention is enabled on the controller.
  Solution:
  To make two tunneled-node client on same VLAN to communicate between them, we need to enable "local-proxy-arp" for the interface VLAN on the controller.
  Once it is enabled now the tunneled-node clients on same VLAN can communicate between each other. 
  Configuration:
  To enable "local-proxy-arp":
  Get to the interface of the VLAN on the controller
  Example :
  (config)#interface vlan 5
  (config)#ip local-proxy-arp
  To enable tunnel loop prevention on controller
  (config)# tunnel-loop-prevention
  Verification
  Show commands:
  To check if tunnel-loop-prevention is enabled or disabled
  #show tunneled-node config
  Tunnelded node Server: Enabled
  Tunnel Loop Prevention: Enabled
  To check if local-proxy-ap is enabled:
  #show interface vlan 5
  Look for in the output "ProxyARP enable"

  streetfi8er wrote:
  Server ready,waiting for client:
  Exception in thread "New THREAD" java.lang.NullPointerException
       at server4$server4Thread.run(server4.java:88)
  Failed to accept client
  when i run the second client programme on different a console in the same system i get the error that:
  Unknown HostOK, I'm no socket programming expert; but I can see a few potential problems with what you've written.
  1. First off, which line is line 88? Line numbers would be useful. Also, indenting your code properly would make it easier to read.
  2. Your 'while(!str.equalsIgnoreCase("close"))' will always fail with a NullPointerException because 'str' is initially set to null.
  3. Your 'while(true)' loop worries me. How does it exit? Relying on an exception is usually very bad practise.
  4. You are not handling SecurityExceptions. While it's unlikely to happen on your machine; it could easily happen on another.
  5. It might be worth indicating the actual exception thrown in your "Failed to accept client" message. accept() can throw three different types of IOException.
  6. All the threads you create will be called "New THREAD", which doesn't provide much value.
  HIH
  Winston

• HT4061 My gateway PC is locked up after itunes update.  When i restarted the computer for the hangers to take effect. Now my pc is locked up.  It gives me a client Mac address and no boot file name received.  What happened, and how do I get my pc back?

  jute way pc locked up after iTunes update.   It says client Mac address 001320 be ad 25 .  PXE E53  No boot file name received
  pXE MOF.  Exiting Broadcom PXE. ROM .  How do I unlock my pc?

  jute way pc locked up after iTunes update.   It says client Mac address 001320 be ad 25 .  PXE E53  No boot file name received
  pXE MOF.  Exiting Broadcom PXE. ROM .  How do I unlock my pc?

• HT4061 I downloaded an iTunes update on my HP.  PC and restarted the computer for the hangers to take effect. Now my pc is locked up.  It gives me a client Mac address and no boot file name received.  What happened, and how do I get my pc back?

  I downloaded an iTunes update and when ashen I restarted my pc it locked up.  It says client Mac address 001320bead25,   PXE E53  No boot file name received.  PXE MOF.  Exiting Broadcom pie rom.   How do I get my pc back!

  When you installed iTunes on your work computer, then connected your iPad to that computer, it wiped what was on the iPad, then put the iTunes library (nothing) from the work computer onto the iPad. You can try copying the iTunes folder from your home computer over to your work computer, but since the apps were bought with a different account, they may not load or update properly.

• How to turn on and off pop up blocker on mac notebooks

  how to turn on and off pop up blocker on mac notebooks?

  Safari / Preferences / Security. It's a checkbox.

• Print servers for 30 client Mac Mini Lab

  I have a 30 client Mac Mini lab with printing done by 2 networked HP Officejet 8600+ printers w/ 128mb memory.  I would like to have a print server that will speed up the printing(kindergarteners can be impatient).  A dozen years or so ago there were separate print servers that managed print requests and gave you only 1 queue to keep track of, but I haven't found one lately for 10.5.  Will simply routing print requests to our current document server(PowerMac, Intel 2, 500gb) and giving it the 8600s' IP addresses give me the speed boost I need?

  Okay, I have been able to recreate the error message by changing the Security Options for the Windows print queue (located in Properties > Ports > Configure Port). By default, the printer queue is set to use an anonymous account for the connection. When I changed the setting to use the "Windows logon name and password", I would get the error "Returning IPP client-error-not-authorized for Print-Job". This message was found in the cups error log, the print queue did not show an error - simply the job would not appear in the print queue and therefore there was no print.
  The only problem I then encountered was when I changed the setting back to use the anonymous account, the error continued to occur - again only showing in cups. The only way I could resolve this was to delete the Windows queue, reset the printing system on the Mac and re-add the Canon printer (in my case an iP6000D). Then when I added the printer again on Win7 using the Bonjour Printer Wizard, I was able to print without error.
  So, I suggest you first check that the anonymous account is being used on the Vista PC. If it is, then remove the Windows queue and reset the printing system on the Mac. To reset the printing system, Control-click on the Print & Fax > Printer list and select the reset pop-up. This will delete the Mac queue but not the driver. Now you can add the printer again on the Mac and once that is complete, go back to the PC and add the printer again.
  One final note. My printer is using v10.26.x of the Canon driver. Version 10.19 was part of the default 10.6.0 install and can be updated to the same v10.26 by downloading the Canon Printer Driver Update v2.2.
  Pahu

• How do you make sure the cluster keeps clients macs in it?

  every time the client macs are turned off then back on again they don't rejoin the cluster so each time i have to go around manually and join every mac to the cluster. There must be someway of making them stay in the cluster or be able to at least send a unix command to make them automatically join the cluster???

  You may need to remake the cluster.
  Also i've found that a cluster will work best with machines and software of the same spec. Make sure all the same software including pro-apps updates are running.
  QT will need to be up to date on all computers with the same QT components also.
  Failing that you might want to start from scratch using Digital Rebellions compressor repair, which is an awesome piece of freeware.
  Regards,
  SJ

• How to setup Wireless Clients MAC+Active Directory based acess

  Dear Gents,
  I want to setup Wireless Clients MAC+Active Directory based acess on AP 1242 standalone Wireless series .
  Steps i have configured :
  1) SSID manger  under Open authentication : Selected with EAP.
  2) under advacned Radius : s
  MAC Address  Authentication
  MAC Addresses Authenticated by:
  Authentication Server Only
  3) Server Manger : Current server list
  added the radius ip address 10.1.200.x
  EAP  Authentication
  MAC  Authentication
  Accounting
  Priority  1:  < NONE >10.113.253.1010.1.200.23410.8.200.1510.15.200.15
  Priority  1: < NONE >10.113.253.1010.1.200.23410.8.200.1510.15.200.15
  Priority  1: < NONE >10.113.253.1010.1.200.23410.8.200.1510.15.200.15
  Priority  2:  < NONE >10.113.253.1010.1.200.23410.8.200.1510.15.200.15
  Priority  2:  < NONE >10.113.253.1010.1.200.23410.8.200.1510.15.200.15
  Priority  2:  < NONE >10.113.253.1010.1.200.23410.8.200.1510.15.200.15
  Priority  3:  < NONE >10.113.253.1010.1.200.23410.8.200.1510.15.200.15
  Priority  3:  < NONE >10.113.253.1010.1.200.23410.8.200.1510.15.200.15
  Priority  3: < NONE >10.113.253.1010.1.200.23410.8.200.1510.15.200.15
  From ACS - Radius  we have choose a Group x( named as Mac-address group )
  All the wireless Client ( laptops ) mac-address are added as add username option and enter username
  as mac-address & enter the mac-address as pwd second option of password TAB.

  Hi Akber,
  I think you didnt understood what i was trying to say here :-( No problem..I will explain my theory again.Your requirment is to autheticate user from ACS internal database (you have already added the MAC address as the username on your ACS internal database) as well as from ACS external database (in your case this is AD).
  What i was saying is when when authetication request comes to raidus server it checks its internal database and if it find a valid username and password (here it will the MAC address and password which you have entered to the ACS database) the ACS will not query the external database (in your case the AD) for authetication.
  You can not have ACS to look in to both MAC and AD database at the same time.
  Hope this clears your doubt.
  Regards
  Najaf

• Netboot drives not showing up on post start up of client macs

  Hello I just had a question regarding netboot my images works fine its just that when I boot up my client computers and hold the alt key to see available drives it does not show any of the netboot or netinstall drives. But when I open a clients computer and press N it boots up on the default image I have selected. is there any way that I can see the drives when I press the alt key when I startup a clients mac to select which netboot image to load? Forgot to mention when I startup a clients computer on there own hard drive and go to the system preferences and check the startup volumes all my volumes appear there no problem
  thank you

  See:
  http://support.apple.com/kb/HT1533
  It does not do everything we might like but it is documented.

• OS X Server 4 - Time Machine Restore of client Mac

  Can anyone confirm that a client Mac when booted into its Recovery HD is able to perform a full system Restore over the network from a Time Machine back up on OS X Server 4 (Yosemite)? Are the user's login credentials accepted and a list of back ups with dates presented to choose from?
  OS X Server 2.2.5 (Mountain Lion) works fine, but OS X Server 3.2.2 (Mavericks) has always given me fits where the client Mac's login credentials would result in the following error.
  "There was a problem connecting to the server "sever.local. The server may not exist or it is unavailable at this time. Check the server name or IP address, check your network connection, and then try again"
  I was told by Apple Support back on 7/16/2014 Engineering was aware of the issue, but had no ETA for a solution. At the time I was running OS X Server 3.1 but each and every update since then including the most current Mavericks version (3.2.2) has had the above issue. I'm just wondering if Apple fixed it in OS X Server 4.x.x.

  Launch the Console application in any of the following ways:
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  ☞ Open LaunchPad. Click Utilities, then Console in the icon grid.
  Make sure the title of the Console window is All Messages. If it isn't, select All Messages from the SYSTEM LOG QUERIES menu on the left. If you don't see that menu, select
  View ▹ Show Log List
  from the menu bar.
  Click the Clear Display icon in the toolbar. Then try the action that you're having trouble with again. Select any messages that appear in the Console window. Copy them to the Clipboard by pressing the key combination command-C. Paste into a reply to this message by pressing command-V.
  When posting a log extract, be selective. In most cases, a few dozen lines are more than enough.
  Please do not indiscriminately dump thousands of lines from the log into this discussion.
  Important: Some private information, such as your name, may appear in the log. Anonymize before posting.

• Accessing user's local Time Machine backup on client Mac?

  I'm trying to configure a file server with backup for local Macs.
  I've set up file sharing, users and groups in Server.app and it works as intended – after logging to the server, users see their home folders and other shared folders where they store their files.
  The idea is to use Time Machine backups on the server Mac. I've enabled it on the server and used a separate hard drive. It works well, and I can enter the Time machine from the server.
  Now, is it possible for users on client Macs connected to and working on the server volume to access Time Machine backups of their files?
  Thanks!

  Yes, I'm using OS X Mavericks Server. There's a shared volume "Design Work" where clients keep their files. It's backed up to a separate volume "Backup" via Time Machine. What I would like to do is to let clients access Time Machine backup of their files (stored on "Design Work" volume on the server) without the need to physically go to the server computer. Is that at all possible?
  I've tried to follow this instruction but it doesn't seem to work. I can select the shared TM backup from a client via "browse other backup disks" option but I can't see the files on "Design Work" share, just local files.

• Cisco WLC Client MAC address backup to new Controller & ISE

  Hi All,
  We have an existing 4400 controller with MAC filtering for clients configured. Right Now, we are migrating to 5500 WLC and ISE setup.
  We want to use MAC filtering due to company policies on the new Controller as well as ISE.
  Is there a way (from GUI/CLI) that we can export the client MAC Addresses into an Excel file from existing WLC to new WLC & ISE?
  Thanks,
  CJ

  On the CLI issue a show macfilter summary and then import that into excel or a text editor.
  Sent from Cisco Technical Support iPhone App