Block guest mDNS traffic on business LAN

Similar Messages

• Blocking all IGMP traffic

  Hello,
  I?m hoping someone may have the answer to this. I am trying to block ALL types of IGMP traffic on a particular interface on at 3560-24-TS-S.
  We have a Summit 5i switch acting as a core switch for 400 users which all (VLAN 3) participate in a multicast group sourced from one of the servers on the same VLAN 3. All the equipment is managed via VLAN 3. From this Summit 5i core switch we have an untagged hand off to a Cisco 3560 - 24-TS-S which also has 400 DIFFERENT users participating in a multicast group sourced from a server physically connected to this Cisco switch but on VLAN 6. All equipment on this switch is also managed via VLAN 3. The problem I believe is that this handoff between the Summit 5i and the Cisco 3560 are having IGMP querying conflicts and it?s causing multicast troubles on both VLAN 3 and VLAN 6. I did setup the port as protected, blocked "unknown" unicast, multicast traffic and issued a no IP IGMP snooping vlan 3. But still having troubles.
  I am using IGMP v2 and source filtering is not available until v3 so I am not sure how to block ALL IGMP traffic to try and help isolate this as 2 separate networks but still being managed on the same.
  Any help is greatly appreciated...
  Regards,
  Robert

  You can try this and control the IGMP queries on a given interface.
  http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/12225see/scg/swmcast.htm#wp1177268
  To disable groups on an interface, use the no ip igmp access-group interface configuration command.
  This example shows how to configure hosts attached to a port as able to join only group 255.2.2.2:
  Switch(config)# access-list 1 255.2.2.2 0.0.0.0
  Switch(config-if)# interface gigabitethernet0/1
  Switch(config-if)# ip igmp access-group 1
  HTH-Cheers,
  Swaroop

• RV110W Blocks all inbound traffic

  I have a RV110W that's been in service since Dec 2012. All Everything is working fine except every month or so the firewall starts blocking all inbound traffic. It does not respond to remote management access. If I reboot the firewall (pwr off/on) everything works correctly for the next month or so and then it begins blocking all inbound traffic again. Local access to the Internet and VPN tunneling are not affected. When it's working, all my rules and port forwarding work correctly. Anybody seen this before?

  Hi David,
  Please call the Small Business Support Center and speak with an engineer. The phone numbers for the support center is located here: https://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html
  Regards,
  Cindy Toy
  Cisco Small Business Community Manager
  for Cisco Small Business Products
  www.cisco.com/go/smallbizsupport
  twitter: CiscoSBsupport

• How to block a page (from a business job searching website) from appearing on my screen without me searching for it?

  How to block a page (from a business job searching website) from appearing on my screen without me searching for it?

  Look under:
  System preferences > Network > WiFi > ( Advanced ) > DNS
  System Preferences > Network > Ethernet > ( Advanced ) > DNS
  There should be two or more IP addresses there.
  Those addresses should be EXACTLY the ones your current ISP provided when you signed up for service. They do not start with 85 or 86 -- those are hacker sites.
  If you are in the US, you could also use OpenDNS:
  208.67.222.222
  208.67.220.220

• Block / Deny ICMP Traffic cisco asa 5512-x

  hi expert
  I have cisco asa 5512x for configure as firewall and sslvpn.
  my customer want block/Deny icmp traffic from interface outside without block anything.
  i've configure form cli :
  icmp deny any outside
  but from outside can't open sslvpn url and asdm.

  Hi,
  Access for the Anyconnect/ASDM does not depend on the ICMP permit/deny commands on the ASA device.
  If you want to block the Pings to the ASA interface use the command:-
  icmp deny any outside etc.
  What do you mean by "i can ping from outside." Plzz explain.
  Thanks and Regards,
  Vibhor Amrodia

• Block all incoming traffic and Active FTP

  Will setting the firewall to Block all incoming traffic break Active FTP Connections?
  The firewall will normally dynamically create exceptions for the Connection using the Application Layer Gateway, but will the profile override these?

  Hi TribleTrouble,
  Do you have any issue about FTP active mode?
  If the clients are part of your domain, push the FTP firewall rules via GPO to your clients allowing FTP inbound sockets
  netsh advfirewall firewall add rule name="File Transfer Program" protocol=TCP profile=domain Program=C:\Windows\System32\ftp.exe dir=in action=allow
  netsh advfirewall firewall add rule name="File Transfer Program" protocol=UDP profile=domain Program=C:\Windows\System32\ftp.exe dir=in action=allow
  For Windows 7, the entire networking stack was rewritten and several security measures were taken to further secure Windows.
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Blocking all ipv6 traffic

  Good morning -  I have an issue that has happened twice - and I need some advice.  I have a 4506 running version 12.2(46)SG. We recently encountered an issue where I BELIEVE the issue to be IPV6 sending out a broadcast storm, and completely flooded the core switch  - bad enough that I couldn't even console into the device.  After removing all connections that were plugged in when the switch went down.  After everything was back up, we found that it was a laptop with ipv6 enabled - exactly the same scenario as last time.  What we found after the first incident was that a faulty NIC driver caused the ipv6 broadcast storm.
  At any rate, as we do not use IPv6 for anything at all, I want to block all IPv6 traffic.  I know there are different ways to do it, but I'm reaching out to see what ideas you may have also...
  Thx in advance for any input!

  Joel,
  If VACLs with IPv6 ACLs are supported on your platform then I would probably use VACLs, as they allow a filter to be applied flatly to the entire VLAN. Your other option would be to configure per-port ACLs which is cumbersome and bloats the configuration unnecessary.
  With IPv6 ACLs, be sure to block ICMPv6 explicitly. As far as I remember, some ICMPv6 messages are allowed even if they are not explicitly permitted in the ACL (usually the RD and ND messaging).
  If your platform allowed filtering all incoming packets by MAC ACLs, yet another way would be to use VACLs with MAC ACLs, blocking all traffic with the EtherType of 0x86DD. However, newer platforms apply MAC ACLs only to non-IP traffic so they would have no effect on frames carrying IPv6 packets. You need to consult the documentation to your device.
  In any way, VACLs would be my personal preferred choice at this point.
  Best regards,
  Peter

• Block internet traffic but allow LAN traffic

  Hi,
  I have a WAP54G. Is it possible to set it so that when someone accesses the device, they can only access my local network (no internet access).
  Thanks,
  JT

  There are a few ways to do this.
  In your router, you can block a computer's Internet access by MAC address or by LAN IP address.  I would suggest blocking by MAC address.
  Obtain the MAC address of the offending computer.  Then enter your router and go to the "Security" tab, "Filter" subtab.  Click on "Edit MAC filter setting"  and enter the MAC address of the offending computer.  Click on "Apply".  You might also need to return to the "Security-Filter" page and click on "Save settings".  Reboot the router.
  Alternatively, you could block by LAN IP address, but this might interfere with the computer's ability to access other wireless systems, at home or while traveling.  If you do this, you would need to go into the offending computer, and assign it a fixed LAN IP address.  Then enter the router (same page as above), and in "Filter IP address range" just enter his IP address, for example  192.168.1.12  (or whatever fixed LAN IP address you gave him).  Then click on "Save settings".
  Note that if he is computer savvy, it may not take him long to figure out how to bypass these roadblocks.  IP addresses can be easily changed.  MAC addresses can be faked.
  The problem that you are having is similar to the "my teen is running wild on the Internet" problem.  Many parents have found that router settings only work to control young children, who don't know much about computers.  Older kids are better controlled using software products installed on the offending computer  (I assume you own his work computer.)    There are several parental control products on the market.  I am not personally familiar with them, but when I did a search, "Safe Eyes" and "ContentWatch ContentProtect" were rated well.  These programs can be used to limit the web sites visited, or stop Internet access entirely, or on a schedule. 

• CoreSync.exe blocks all network traffic while (slowly) syncing my Creative Cloud files

  Hello folks,
  Since the latest Creative Cloud update (I'm using version 1.9.0.465 as of this writing), I've been unable to successfully sync my Creative Cloud Files folder.
  First things first, as other forum users have posted elsewhere, when the update installed itself, my Creative Cloud Files folder was moved from my chosen location to its default location (C:\Users\MyUserName) and I've been unable to put it back where I wanted it.
  However, more pressingly, I noticed that every time I booted my computer, neither my wife nor I were able to access the Internet.  After a couple days' trial and error I realized that Creative Cloud was trying (unsuccessfully) to sync about seven files (totaling about 750MB) to the cloud, and anytime the sync was actively working, my network access was completely blocked.  Even the Creative Cloud desktop app itself couldn't access the Internet to authenticate my apps or Typekit fonts.
  I have managed to get much smaller files (1MB, 5MB, up to 15MB) to sync successfully, however this takes a really long time, and no one on my network can manage to load a web page on their device until the sync is complete.
  Right now I've got syncing paused, and everything on my network is working fine.
  For some additional info, I've attached a screen grab of my Networking tab from Task Manager:
  The big spikes in that graph are me and my wife loading up tons of web content-- YouTube videos, a million tabs of who-knows-what, all acting normally.  Then I hit Resume on CC's sync operation, my activity line clamps way down, and no one can load any Internet content anywhere.  After that, I released my computer's IP address from the command prompt, at which point Creative Cloud Desktop returned a connection failure, and I quit the app.  When I renewed my IP address, I noticed our network access was still blocked, even though Creative Cloud was not running.  I traced the problem back to CoreSync.exe, which had continued running even after I'd quit Creative Cloud.  The moment I ended the CoreSync.exe process, everything was back to normal... until I restarted the Creative Cloud app, which in turn restarted CoreSync.exe.  It was only after pausing CC's sync operation that we were able to use the Internet again.
  So!  To sum up, here are my two issues:
  Syncing is entirely broken, and prevents everyone on my network from using the Internet while CC spins its wheels.
  For some reason, following the same update, I'm unable to change the location of my Creative Cloud Files folder.
  Some things I've tried:
  Uninstalling & reinstalling the Creative Cloud Desktop app-- no change
  Clearing my archived files on creative.adobe.com in case there was some weird argument happening between my live/syncing files and my archived files-- no change
  Manually adding CoreSync.exe to my Windows Firewall whitelist-- no change
  Finally, I can recreate this issue on my second computer, running the same version of Creative Cloud but running off wireless instead of Ethernet.  Same symptoms-- feed it a file to sync, and everyone's Internet access is gone until the sync operation [eventually] finishes.
  I'm completely stumped and very frustrated.  I rely heavily on CC's file syncing feature, and as it's the only cloud storage product I'm actually paying for, I'm not willing to abandon it for another service like DropBox.  I'm willing to try just about anything-- and in the meantime I'm just wishing Creative Cloud Desktop app updates weren't compulsory; the last build I'd installed here was working perfectly fine.
  My basic system specs in case it's helpful:
  Windows 7 Professional x64 SP1
  2x Intel Xeon E5-2670 @ 2.6GHz
  64GB DDR3 RAM
  nVidia Quadro 4000
  Any insights would be incredibly appreciated!  Thanks in advance.

  Heyo Dave,
  Thanks so much for your reply and suggestions.  Here's what I've discovered after some more noodling.
  I'm no networking guy, but I can't seem to find anything about my modem or router that would explain why my upstream traffic is being throttled using CC-- especially since it's all the same hardware I was using last week before I updated CC.
  In addition, I've tried test uploading a couple of files using DropBox, Google Drive, and WeTransfer.com, and neither process interrupts Internet use on my network.
  With all that said, I did go in and pull back my Transfer Speed settings in CC from Maximum to Low, and that made a big difference!  Syncing continued to work, and our other network requests were working just fine.  I managed to get my upload speed set as high as Medium; High and Maximum both kill my network within seconds of being set.
  So I'm not sure what was done to the CC application in this release to supposedly enable us to "Sync Files and Fonts faster" (from the release notes), but whatever it is, it's got my uploads capping at 100Kbps (compared to a minimum 350Kbps using Google Drive) unless no one in my home wants to check their email for the next hour.  That's a significant bummer for me, as my After Effects projects regularly swell to ~50MB toward the end of a project.
  I'd like to submit a big report here, since really the only variable at play in this situation was the Creative Cloud update.  However, unfortunately it looks like the bug report form is down...  I'll have to try again later.
  In the meantime, if there are any other suggestions for experiments I can run on this beast, I'm happy to oblige and report back in case other folks with similar issues can get some relief!
  Thanks again,
  Jared

• EA6100 AC1200 Blocking Guest internet access during specific times?

  I see that you can disable guest internet access for specific times but only for specific devices. What I want to do is turn off Guest access for all devices during specific times. 
  I am using this in an environment  where I will have different guests at different times with different devices and can't go in to block each one each time. 

  I think your only option at this time is to manually disable the Guest Wireless network when wanted.
  Please remember to Kudo those that help you.
  Linksys
  Communities Technical Support

• Block documents due to missing business partner

  Hello to everyone,
  I have problem with blocked documents in GTS due the missing external business partner account. I have to give for every blocked document, the business partner account manually in order to release the document. Eventhough the vendor master record has been correctly maintained, also on purchasing organization, I can not understand why the business partner account is missing in GTS. In Screedshot you can see first line is always blocked with block sign.
  Can anybody help me to find the solution for that ?  Thanks in advance.
  Please see attached screenshot (unfortunately avaliable in German language only, I hope you would understand).

  Hi Aman,
  Thanks for your replay. I have again tested the Business parter transfer by changing in name field. The data was transfered sucessfully from R/3 to GTS.
  Regards,
  Iftikhar

• Guest Wireless traffic redirect to Proxy Server

  I have Guest WLAN and i want to redirect all the traffice to Proxy Server. We use Cisco Ironport.
  Cisco proxy Ironport has the ip 10.X.X.X.
  We also have NCS Server. Can anybody tells me where i can configure this
  best regards and thanks in advance

  Muzaffar:
  If you have web-auth configured you may have problems with the redirection if the users are using manual proxy server configured.
  For that, you better enable WebAuth proxy redirection on wireless controller.
  Here is the config example
  http://www.cisco.com/en/US/products/ps10315/products_configuration_example09186a0080b8a909.shtml
  HTH
  Amjad

• How can we block AirDrop or AFP on a LAN?

  We have a wireless network that is open to students (which requires their School ID/Password) and when on it users can openly see other users home folders. Obviously students have turned on filesharing on their own for at home or elsewhere and forgot. We are now sending emails to those students that have their laptops wide open to others but from a security stand point the college would like to block AirDrop & AFP on the LAN. The open wireless is just for internet access and not to connect to other devices, shares etc.
  Thank you,
  Carter

  TCP port 548 is needed for AFP file sharing, blocking this port should get the job done. Keep in mind that AirDrop is available to them regardless, even if they are not connected to the student network. AirDrop is capable of creating a direct connection with another Mac using it's AirPort card so managing/controlling that will be very difficult.
  Education is more work but will be more useful for the students in the long run. It's far more valuable for them to know what kind of issues/risks they may be opening their Macs up to rather than just blocking AFP. Even if AFP is blocked, continuing with those emails or some other form of awareness/education on the subject is recommended.

• Block internal network traffic

  I would like to allow external internet access when connected to the WLAN but block people from accessing the LAN. My current set up is the modem then a firewall then a switch and then the Linksys WRT54GL wireless router. I've tried blocking all ports except for 80 and 443 but that doesn't work. Any ideas?

  The WRT is a consumer router built to make home networking for people easier. There is no way to do what you want to do with a WRT. For really secure client separation you'll need a proper wireless access point which supports at least VLANs, and a managed VLAN switch. Then you are free to control access of clients in your network.
  Any access restrictions you can set up in the WRT are only for the WAN-LAN connection (where the router sits). The LAN on the ethernet level is a simply unprotected ethernet LAN. There router is not doing much on that side.

• Voice traffic in a LAN

  hi all!
  can i priority voice traffic in a campus LAN ? we have 2950 EI switch on the access an 3550 on the core layer with vlans...i search a configuration example
  many thanks for the answers!

  Yes you can. If you're running IOS 12.1(12c)EA1 or above on your switches, the easiest way to configure QoS is with the "autoqos" command. Please see the following link for details.
  http://www.cisco.com/en/US/tech/tk543/tk759/tk879/technologies_white_paper0900aecd800a8561.shtml
  Hope this helps. If so, please rate the post.
  Brandon