Block clients from individual wlan
I have 5508 with 2 WLANS (corp, guest) I would like to be able to block certain users via MAC address from CORP but not guest.
Can this be done.
CORP is using WPA2+AES
GUEST is using Web Auth ( guest is not setup as a "guest vlan" in the config, just a regular wlan.
TIA
Hello,
Like Viren said mac-address filtering is not the most secure way as they can be easily spoofed.
Why don't you try Peer-to-peer blocking.
Peer-to-peer blocking is applied to individual WLANs, and each client inherits the peer-to-peer blocking setting of the WLAN to which it is associated. Peer-to-Peer enables you to have more control over how traffic is directed. For example, you can choose to have traffic bridged locally within the controller, dropped by the controller, or forwarded to the upstream VLAN.
For more on this you can ckeck the following short cisco doc:
http://www.cisco.com/en/US/docs/wireless/controller/7.4/configuration/guides/wlan/config_wlan_chapter_01010.html
Similar Messages
-
Our school is running OSX on a G4 with about 21 computers and as teachers we share the network with different grade users. Is there a way we can block the internet from others users, the other grades are giving the password to the internet and it upsets the atmosphere of the room when the other teacher is teaching. We are using workgroup manager.
G4 Mac OS X (10.4)WRT54GL (192.168.10.0/24, NAT, DHCP)==========LAN (192.168.1.0/24, gateway 192.168.1.1+other computers)...
If the WRT54GL is 192.168.10.x and your LAN is 192.168.1.1, then computer's connecting to the WRT54GL will not access the resources/computer's connected to the 192.168.1.1(LAN) Network as they are running different individual networks... -
Client in same WLAN cannot ping eachother
WiFi clients in same WLAN(ssid) cannot ping eachother.
AP's are in Flexconnect mode, WiFi clients are able to access network and internet etc, but not able to ping eachother.
whereas, Lan devices from same network are able to ping these wifi client.
There is no firewall or ACL as such in WLC or local switch. Also Peer-to-Peer blocking is 'disabled'.
Also i'm able to see client arp entries in WLC and local switch.
What could be causing this issue, and how can we resolve this?
Pls comment.Did you check if WiFi clients are able to ping LAN Devices on the same network or not?
-
Dear All,
We are having an infrastructure setup of around 500 client computers managed through group policy.
Recently the domain controllers have been migrated from Windows Server 2003 to Server 2008 R2.
Since this account requires extremely strict environment, we need to figure the solution for restricting the users from access anything locally.
It would be great if you can assist me with the following query.
How to restrict users logged on Windows 7 clients from accessing Windows Explorer and browsing other systems in the network through Group Policy with a domain controller running on Windows Server 2008 r2 ?
Can we disable Network Tab on the left hand pane ?
explorer.exe is blocked already, but users are able to enter the Windows Explorer by clicking on the name which is visible on the Start Menu.> * explorer.exe is blocked already, but users are able to enter the
> Windows Explorer by clicking on the name which is visible on the
> Start Menu.
You cannot block explorer.exe when you do not replace the shell - the
desktop you see effectively IS explorer.exe...
Your requirement sounds like you need a custom shell:
http://gpsearch.azurewebsites.net/#2812
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
SRM 5.0 - Non-replication of Blocked Vendors from R/3 to EBP
Hi Team,
We are using SAP SRM 5.0 for e-procurement.
Issue:
The R/3 vendor is transferred to SRM for creation of bidder ID for e-procurement. Presently there is no check/warning message in the system while transferring blocked vendor from R/3 to SRM using BBPGETVD.
The blocked vendor while bidding using e-procurement portal gets a warning message that the 'User is blocked or archived'. With this warning message, the panic situation arises and the bidder gets confused while bidding.
Solution:
BADI BBP_TRANSDATA_PREP was implemented. The Error message u2018Vendor is blockedu2019 was given in case of block vendor of SAP R/3 not getting replicated in SAP SRM. This did not work as the message appearing during BBPGETVD was actually the original Message of Message class BBP_BUPA Message No: 030
Original: u201CAll backend descriptions are already assigned in the systemu201D
It was changed to: u201CVendor is already transferred or blockedu201D.
This was tested and was working fine as the Vendor replication was being done individually and not in lots.
The unblocked ones were getting replicated. The blocked ones and the ones that had already got replicated were throwing up the warning message: u201CVendor is already transferred or blockedu201D.
About 5-8 Vendors both blocked and unblocked behaved as was desired. On further testing it was found that the blocked Vendors instead of throwing up the message were moving on to the next screen/stage for transferring of Vendors. On checking it was found that certain Vendors (Blocked) are appearing in an internal table and as such the required warning message is not appearing.
We are unable to comprehend where from are these Blocked Vendors appearing in the internal table?
Alternatively do kindly suggest if there are any other solutions for this issue by way of configuration change or some other method.
Thanks.
Best regards,
VijayHello Vijay,
Make use of the EEWB transaction for the BO vendor replication. You have an abiltiy to set your own attributes on which/what kind of data you want to replicate into SRM from ECC.
All the best.
Regards,
Mani -
What is wrong with my non-blocking client?
I have two classes here, my abstract base class SingleSocketHandler, and its concrete subclass SingleSocketHandlerImpl. The subclass implements the protocol and parsing of my server.
For some reason, my server is not receiving the packet my client sends to it, and my client is getitng nothing in return (which makes sense, the server is supposed to respond to the logon packet). I make it non-blocking AFTER logon, so I knwo that this is not a problem. Can you see why my server is not receiving the packet my client writes to it? Did I not configure some setting with the SocketChannel that enables it to write? I am sort of unfamiliar with the java.nio.channels package, so the problem may be related to a setting in the SocketChannel or whatnot that I haven't configured.
NOTE: My chat server works fine with my blocking, multi-threaded test clients. Just not for my non-blocking client. The original problem for my blocking clients was that once the server stopped sending them data, they'd get caught in the in.read() loop and never get out of it. That's why I turned to non-blocking.
Just to remind you, my question is: why isn't my client sending the logon packet AND/OR my server receiving+responding to it?
public abstract class SingleSocketHandler extends Thread
/* Subclasses must implement these methods
/* Even though they're not a (public) interface */
/** <------------------------------- */
abstract void parse(int num);
abstract void parseNext();
abstract void doLogon();
/** -------------------------------> */
private SocketChannel sock;
/* Queues for in and out buffers */
private LinkedList <ByteBuffer> qIn;
private LinkedList <ByteBuffer> qOut;
/* Server info */
private String hostname;
private int port;
/* Flags */
protected int flags;
protected final int LOGGED_ON = 0x01;
* Default Constructor
protected SingleSocketHandler()
initQs();
* Constructor that sets socket info
* @param hostname
* @param port
* @param connect
protected SingleSocketHandler(String hostname, int port, boolean connect)
initQs();
if (connect)
connect(hostname, port);
else
setSocket(hostname, port);
* Switches off between reading and writing
protected void handleIO()
try
sock.configureBlocking(false);
} catch (IOException e)
// TODO
readInBuffers(1);
writeOutBuffers(1);
* Read in specified number of buffers into in queue
* Call for parsing
* @param num
protected void readInBuffers(int num)
Reporter.println("READING BUFFER");
for (int i = 0; i < num; i++)
ByteBuffer header = ByteBuffer.allocate(ProtocolCheck.HEADER_LEN);
try
Reporter.println("Reading header...");
sock.read(header);
Reporter.println("Read header.");
} catch (IOException e)
// TODO
/* Only add packet to in queue if it has a valid header */
if (ProtocolCheck.validHeader(header.array()))
Reporter.println("valid header");
ByteBuffer packet = ByteBuffer.allocate(ProtocolCheck.findPacketLen(header.array()));
packet.put(header);
try
Reporter.println("Reading rest of packet...");
sock.read(packet);
Reporter.println("Read packet.");
} catch (IOException e)
// TODO
addInBuffer(packet);
* Write out specified number of buffers from out queue
* And remove from out queue
* @param num
protected void writeOutBuffers(int num)
Reporter.println("WRITING BUFFER");
int i = 0;
while (qOut.size() > 0 && i < num)
try
sock.write(nextOutBuffer());
Reporter.println("Wrote buffer.");
} catch (IOException e)
// TODO
i++;
* Returns and removes next buffer from in queue
* @return ByteBuffer
protected ByteBuffer nextInBuffer()
return qIn.remove();
* Returns and removes next buffer from out queue
* @return ByteBuffer
protected ByteBuffer nextOutBuffer()
return qOut.remove();
* Sees if there is anohter in buffer
* @return boolean
protected boolean hasNextInBuffer()
return qIn.size() > 0;
* Sees if there is another out buffer
* @return ByteBuffer
protected boolean hasNextOutBuffer()
return qOut.size() > 0;
* Add a buffer to in queue
* @param b
public void addInBuffer(ByteBuffer b)
qIn.add(b);
* Add a buffer to in queue
* @param b
public void addInBuffer(Bufferable b)
qIn.add(b.getByteBuffer());
* Add a buffer to out queue
* @param b
public void addOutBuffer(ByteBuffer b)
qOut.add(b);
* Add a buffer to out queue
* @param b
public void addOutBuffer(Bufferable b)
qOut.add(b.getByteBuffer());
* Instantiate queues
protected void initQs()
qIn = new LinkedList <ByteBuffer> ();
qOut = new LinkedList <ByteBuffer> ();
* Set socket info then call connect()
* @param hostname
* @param port
public void connect(String hostname, int port)
setSocket(hostname, port);
connect();
* Connect to server
public void connect()
try
sock = SocketChannel.open();
sock.configureBlocking(true);
sock.connect(new InetSocketAddress(hostname, port));
while (!sock.finishConnect())
} catch (IOException e)
// TODO
* Disconnect from server
public void disconnect()
try
sock.close();
} catch (IOException e)
// TODO
* Set socket info without connecting
* @param hostname
* @param port
public void setSocket(String hostname, int port)
this.hostname = hostname;
this.port = port;
* @return state of connection
public boolean isConnected()
return (sock != null && sock.isConnected());
* @return state of being logged on
public boolean isLoggedOn()
return (sock != null && (flags & LOGGED_ON) == LOGGED_ON);
public final class SingleSocketHandlerImpl extends SingleSocketHandler
private UserDatabase <User> users;
* Constructor that does not set socket info
public SingleSocketHandlerImpl(UserDatabase <User> users)
super();
this.users = users;
* Constructor that does set socket info
* @param hostname
* @param port
* @param connect
public SingleSocketHandlerImpl(String hostname, int port, boolean connect, UserDatabase <User> users)
super(hostname, port, connect);
this.users = users;
* Thread's run method (base class extends Thread)
public void run()
doLogon();
while (isConnected() && isLoggedOn())
handleIO();
* Parses specified number of buffers from in queue
* @param num
/* (non-Javadoc)
* @see client.SingleSocketHandler#parseNext()
@Override
protected void parse(int num)
Reporter.println("Parse(int num) called.");
int i = 0;
while (hasNextInBuffer() && i < num)
parseNext();
i++;
/* (non-Javadoc)
* @see client.SingleSocketHandler#parseNext()
@Override
protected void parseNext()
Reporter.println("Parsing!");
if (!hasNextInBuffer())
Reporter.println("NO IN BUFFER.");
return;
/* Get buffer to work with */
ByteBuffer inBuffer = nextInBuffer();
byte[] data = inBuffer.array();
/* Decide what to do based on message ID */
byte msgid = data[1];
switch (msgid) {
case 0x01:
Reporter.println("0x01 packet.");
/* Determine success of login */
byte success = data[3];
if (success == (byte) 1)
flags |= LOGGED_ON;
Reporter.println("Logged on!");
else
flags &= ~LOGGED_ON;
Reporter.println(" <eChat> Unable to logon. Check the hostname and port settings.");
break;
case 0x02:
/* Parse out text message */
byte[] txtmsgbytes = new byte[data.length - 3];
System.arraycopy(data, 3, txtmsgbytes, 0, txtmsgbytes.length);
String txtmsg = new String(txtmsgbytes);
Reporter.println(txtmsg);
break;
case 0x03:
System.out.println("Packet ID not yet handled.");
break;
case 0x04:
System.out.println("Packet ID not yet handled.");
break;
default:
System.out.println("validID() method is buggy.");
* I make it non-blocking after logon sequences
/* (non-Javadoc)
* @see client.SingleSocketHandler#doLogon()
@Override
protected void doLogon()
Reporter.println("DOING LOGON!");
User myUser = users.getCurr();
addOutBuffer(new ScpLogon(myUser.getUsername(), myUser.getPassword()));
writeOutBuffers(1);
readInBuffers(1);
parseNext();
}Oh, if this helps, this is what gets output to my GUI. I did a lot of outputs for debugging purposes.
[3:29:27 PM]: Connecting...
[3:29:27 PM]: Connected!
[3:29:27 PM]: Logging on...
[3:29:27 PM]: DOING LOGON!
[3:29:27 PM]: WRITING BUFFER
[3:29:27 PM]: Wrote buffer.
[3:29:27 PM]: READING BUFFER
[3:29:27 PM]: Reading header... -
Spamcop blocks email from @tiscali.co.uk addresses to hpeprint.com
Printing to [email protected] works fine from @gmail.com and @hotmail.com addresses but Spamcop blocks email from @tiscali.co.uk addresses (TalkTalk webmail)
I am using HP Connected HP 8600 pro
I get a delivery status notification failure in my inbox
Header :
Delivery Status Notification (Failure)
From:Mail Delivery System [[email protected]][add contact]
Contents :
The following message to <[email protected]> was undeliverable.
The reason for the problem:
5.1.0 - Unknown address error 554-'5.7.1 Service unavailable; Client host [62.24.202.76] blocked using bl.spamcop.net; Blocked - see h t t p :/ /www.spamcop.net/bl.shtml?62.24.202.76'
I have tried 2 different @tiscali.co.uk addresses and get same error with each
I have checked the phpeprint.com address and it is the same for all my all mail accounts
Other than making all users have hotmail accounts, is there a solution.
Any advice please.
ChrisPrinting to [email protected] works fine from @gmail.com and @hotmail.com addresses but Spamcop blocks email from @tiscali.co.uk addresses (TalkTalk webmail)
I am using HP Connected HP 8600 pro
I get a delivery status notification failure in my inbox
Header :
Delivery Status Notification (Failure)
From:Mail Delivery System [[email protected]][add contact]
Contents :
The following message to <[email protected]> was undeliverable.
The reason for the problem:
5.1.0 - Unknown address error 554-'5.7.1 Service unavailable; Client host [62.24.202.76] blocked using bl.spamcop.net; Blocked - see h t t p :/ /www.spamcop.net/bl.shtml?62.24.202.76'
I have tried 2 different @tiscali.co.uk addresses and get same error with each
I have checked the phpeprint.com address and it is the same for all my all mail accounts
Other than making all users have hotmail accounts, is there a solution.
Any advice please.
Chris -
Why is gmail blocking me from sending email with a "pages" document attached?
Why is gmail blocking me from sending email with a "pages" document attached? I've checked the document for viruses with "MacKeeper" and it's clean.
Google reads your emails, in case you did not know that. Unless you are sending an email containing content Google can extract and add to its vast database of personal information, Google has no use for it.
Google Mail is becoming progressively useless. It won't accept .zip attachments, at least not the last time I tried, it will eventually prevent you from using an email client unless you visit their web mail interface, and it will disable your account if you attempt to log in from someplace Google deems is not where Google thinks you ought to be.
Gmail is worth every cent you paid.
Get rid of MacKeeper. It is capable of doing nothing beneficial and will only cause problems. -
Adobe Acrobat licensing moved from individual PCs to CITRIX server
Hello Adobe Community,
We are migrating our users away from individual desktops to thin clients running CITRIX. We have 6-8 licenses for Adobe Acrobat Std assigned to individuals which need to be ported over to their installs on the server. Is there an easy way to do this without having to purchase new licenses?If these are individual licenses then no, you will need to contact Adobe and get a Volume license for the total licenses that will be used for your server.
-
Blocking clients with repeating failed attempts in ACS 5.4
Hi
I use my ACS to authenticate clients from both LNS ans wireless.
There are always users with wrong configuration that repeat the authentication process and fail thousands time and 'hammer' the ACS servers.
Is there a way to block repeated failed attempts?
Thanks!
Naor.Hi, and thanks for the quick reply! Few questions:
That will prevent clients from re-authenticating for 15 minutes?
If so, how client will be able to roam on campus? that requires re-authentication...
Naor. -
Deleting the client immediatly since WLAN is changed
Hello; I recently upgraded our 5508s to 7.0.98 I am now seeing this mesage on the primary WLC while running adebug on a client *apfMsConnTask_1: Sep 29 11:05:36.114: Deleting the client immediatly since WLAN is changed. anyone know what this means?
ThanksJohn,
Have you figured out a solution from your problem? Did the fast ssid change work?
In my scenario I disabled it as I would see clients connecting from one SSID to another but retaining their ip address from the 1st ssid.
This is bad (or I've missed something) if you have different firewall rule sets for these 2 SSID's.
Regards,
Craig -
Blocking Client MAC Addresses at Sup720/WLSM?
I want to block client MAC addresses at the central 6500, where the WLSM is located. Is there any solution like "dot11 association mac-list" at the accesspoints? I tried an "access-expression" on the tunnelinterface, but it did not work. Any suggestions?
Here is an example of config
switch(config)# mac access-list extended ARP_Packet
Switch(config-ext-nacl)# permit host 0000.861f.3745 host 0006.5bd8.8c2f 0x806 0x0
Switch(config-ext-nacl)# end
Issue the vlan access-map map_ name command and the action drop command, which is the action to perform.
The vlan access-map map_ name command uses the MAC access list that you created to block ARP traffic from the hosts.
Switch(config)# vlan access-map block_arp 10
Switch (config-access-map)# action drop
Switch (config-access-map)# match mac address ARP-Packet
Add an additional line to the same VLAN access map to forward the rest of the traffic.
Switch(config)# vlan access-map block_arp 20
Switch (config-access-map)# action forward
Choose a VLAN access map and apply it to a VLAN interface.
Issue the VLAN filter vlan_access_map_name vlan-list vlan_number command.
Switch(config)# vlan filter block_arp vlan-list 2 -
I have a game but it only for one apple id and one divece but someone i dont know id play that game and using my apple id and i want to know if u can block them from using ur apple id and also erase all the games they downlode with the apple id
There probably is, but it requires that you be able to use punctuation and write in sentences so that we can understand exactly what you want.
You can block others from using your Apple ID by changing your password. There is no way to erase what was already downloaded on to someone else's device, for obvious reasons, -
How do I block people from texting me in "iMessage" / "Messages" on the iPad?
AARRGGGGHHHH!!
People are "texting" me on my iPad and I can't make it stop. HELP!!
I can't believe ... I'm absolutely dumb-founded ... that Apple provides no way to block harassing users. This is NOT related to a wireless/cellular carrier, this is on my wifi-only iPad.You really have to wonder why the feature of blocking someone is not available. It would be simple to implement. Harrassing text messages, imessages, whatever you want to call them give an abuser a way to contact someone who does not want any contact. This can result in psychological damage, even in some cases suicide. If I am receiving unwanted messages from someone, I don't see why I can't just hit a button that says block. The message then can be diverted to a folder, and if I want to unblock them I should be allowed. There is not one reason I can imagine why I should not have this power. It's ridiculous and unfortunate that in this age of bullying and stalking, we aren't allowed this modicum of control over our privacy. So just when you think you have forgotten someone, or someone you love has finally removed an abusive person from their lives and moved on, all that person has to do is suddenly decide to text you day and night so that you cannot do anything but think about them. Why oh why is there no block messages from this person button as there is in virtually every social networking website? I am flabbergasted. And of course if you have a data plan and someone wants to send you spam, they can actually eat into your data usage against your will. I have to deny my family the ability to send me iMessages by completely disabling it because one nutcase won't leave me alone? Again, where is our control over our privacy? I'm frustrated over this issue, and after seeing what happened to Amanda Todd I don't see why it's not mandatory that this feature be added to every instant messaging platform. "Block User" I'm completely blown away now that I've researched this issue and I hope other people rally behind a change. How hard would it be for a 45kb update to iMessage with the ability to block users? Someday Apple is going to get sued when something terrible happens all because they refused to listen to reason. We need cotrol of our lives, and especially where teenagers are concerned. They need to be able to block unwanted attention from people who found a way into their personal lives. Go to youtube and look up Amanda Todd. It's tragic and Apple is going to do nothing about it. Anybody who is living through this sort of nightmare knows how insane it is that we cannot simply hit "block user". I also am dumbfounded!
-
I am using a work laptop and have the same problem. When I try to change the "configure proxy", they only available option is "use this proxy server for all protocols". Could it be that my system administrator blocked me from changing it since they don't want us to use Firefox.
== User Agent ==
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.4; FNGP_SYS)Start Firefox in [[Safe Mode]] to check if one of your add-ons is causing your problem (switch to the DEFAULT theme: Tools > Add-ons > Themes).
See [[Troubleshooting extensions and themes]] and [[Troubleshooting plugins]]
If it does work in Safe-mode then disable all your extensions and then try to find which is causing it by enabling one at a time until the problem reappears.
You can use "Disable all add-ons" on the ''Safe mode'' start window.
You have to close and restart Firefox after each change via "File > Exit" (on Mac: "Firefox > Quit")
Maybe you are looking for
-
Why can't I simply drag music from my external hard drive to my ipod classic?
Why can't I simply drag music from my external hard drive to my ipod classic using my mac?
-
Error while starting disp+work
Hello Friends, I am getting the following error while starting thesystem.Please help me in solving the problem. I have seen this problem has happened for many people but no solution provided. Points rewarded for helpfull answers. error from dev_disp:
-
it is a scenario where iam not able to get the logic pls help me, A new material is launched, so company wants to give a special offer for the first 5 customers and after which only a particular number range (ex: 3500- 3800), system should give 5% di
-
UTF-8 and *.jsp, *.jspf files with NitorX 419
Hello I hava a problem for setting the encoding of the JSP files in eclipse 3.1rc3 and NitroX 419. I am using tiles (but i am not sure that they are properly recognized). And I want to create one fragment file eg. one for body element in tiles. I am
-
Font not showing up in Photoshop CS4 for Windows
I have fonts that I've installed in both my Windows XP and Windows 7 PCs. They show up in the Control Panel - Fonts and open, they show up in Word, but do not show up in Photoshop CS4. I see in the CS4 Mac forums that there is a way to register a f