Client Identifier and MAC addresses

Similar Messages

• ISE and WLC 5508 IP and MAc address

  Hi!
  Is it possible that we recibe IP address and Mac address Client at the same time in ISE ?
  The wlc permits choose radius Call station ip type MAC or IP, but not both.
  Thanks you,

  If you are using dot1x then no, the mac address is sent since the client does not receive an ip address till authetication succeeds.
  Sent from Cisco Technical Support Android App

• Arp aging time on router and mac address aging time on switches set close t

  Hi,
  appreciate some advice on the following:
  what is the benefit of setting arp aging time on router and mac address aging time on switches close to each other?
  Thanks,
  Christina

  Hi,
  based on the below output, do you think implementing it will benefit? Thanks.
  C2950#sh int fa0/43
  FastEthernet0/43 is up, line protocol is up (connected)
  Hardware is Fast Ethernet, address is 000d.5e11.4e2b (bia 000d.5e11.4e2b)
  MTU 1500 bytes, BW 100000 Kbit, DLY 1000 usec,
  reliability 255/255, txload 7/255, rxload 2/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s
  input flow-control is off, output flow-control is off
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 933000 bits/sec, 149 packets/sec
  5 minute output rate 2981000 bits/sec, 263 packets/sec
  2819781393 packets input, 3782332886 bytes, 0 no buffer
  Received 266693 broadcasts (0 multicast)
  0 runts, 0 giants, 0 throttles
  0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
  0 watchdog, 0 multicast, 0 pause input
  0 input packets with dribble condition detected
  4015025747 packets output, 2328228393 bytes, 0 underruns
  0 output errors, 0 collisions, 2 interface resets
  0 babbles, 0 late collision, 0 deferred
  0 lost carrier, 0 no carrier, 0 PAUSE output
  0 output buffer failures, 0 output buffers swapped out
  C2950#

• WLC+LAP+ACS4.0 achieving 802.1x PEAP and MAC address authentication ?

  How to configure WLC + LAP + ACS4.0, achieving username and password authentication and MAC address at the same time

  This might help with the PEAP:
  http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00807917aa.shtml
  MAC Authentication
  Add a MAC Address to ACS
  Complete these steps:
  1. From the ACS main menu, click on the User Setup button.
  2. In the User text box, enter the MAC address to add to the user database.
  Note: The MAC address must be exactly as it is sent by the AP for both the username and the password. If authentication fails, check the failed attempts log to see how the MAC is being reported by the AP. Do not cut and paste the MAC address, as this can introduce phantom characters.
  3. On the User Setup screen, enter the MAC address in the Secure-PAP password text box.
  Note: The MAC address must be exactly as it is sent by the AP for both the username and the password. If authentication fails, check the failed attempts log to see how the MAC is being reported by the AP. Do not cut and paste the MAC address, as this can introduce phantom characters.
  4. Check the Separate (CHAP/MS-CHAP) box.
  5. Enter a password for CHAP/MS-CHAP (this password should be different from the MAC address).
  6. Click Submit.

• How to set the IP and MAC address in C program?

  My working environment is Sun250 Server, Solaris 7 operating system. I encountered a problem ---- How to set the IP and MAC address in C program to make the system change it IP & MAC at runtime?
  Any idea is welcome! Thanks!

  Hi
  As a simplest possible solution, you can use the system command
  to run ifconfig that can set both the mac address and the IP address of the system. You will have to use setuid though.
  Or you can use the DLPI calls ( do a man DLPI or search for a
  Sun documentation on the same at http://soldc.sun.com) to write
  a pure C program.
  HTH
  Shridhar

• How to get imei number and mac address of mobile device on adf mobile

  Hi experts,
  I need to get imei number and mac address of device (supposed to be works on both android and iphone) on adf mobile
  bgrds

  Hi,
  Adf mobile support phonegap api. Version must be 2.0(you can check it by below code snippet) You can just reach uuid from both platform via cordova. Espescially, IOS restriction limits you to get device infos that you mentioned, but you can get uuid.
     getCordovaVersion = function ()
          var cordovaVersion = device.cordova;
          return cordovaVersion;
      getDeviceUUID = function ()
          var uuid = device.uuid;
          return uuid;

• SG300 inter-VLAN routing and MAC address changes in incoming packets

  Hello
  I have SG300-20 working in Layer3 mode
  VLAN1 is not used
  Internet gateway is in VLAN211
  Clients are in other VLANs
  Switch is default gateway for clients and itself has internet gateway as default route.
  MAC address of switch is XX:XX:XX:XX:XX:63
  When client sends trafic to Internet destination MAC address in outgoing packets is XX:XX:XX:XX:XX:63
  But in incoming packets source MAC address is XX:XX:XX:XX:XX:69
  Why does it change? And how can I setup switch to use only XX:XX:XX:XX:XX:63 MAC address?

  Hi Robert,
  I'd like to pick up this old thread because we have a huge problem with the behavior of the SG300 router/switch regarding the "spoofed" MAC source addresses. We have connected this switch to another router which has some special routing capabilities. It routes certain IP packets directly to MAC addresses which it learned from snooping on special traffic.
  When connected to a SG300 router with an Ethernet base address of XX:XX:XX:XX:XX:48 we receive packets with Ethernet source addresses like e. g. XX:XX:XX:XX:XX:49 or XX:XX:XX:XX:XX:4D (depending on which hardware port they came from). Our special router "learns" these MAC addresses and tries to send associated outgoing packets directly to these addresses using e. g. XX:XX:XX:XX:XX:49 as the MAC destination address.
  Our problem is that the SG300 does not forward the packet if the MAC destination address is not equal to the switch's Ethernet base address (XX:XX:XX:XX:XX:48 in our case). This renders the SG300 series useless for our systems.
  Is there new firmware available which fixes this problem for us? We don't care which MAC source address the SG300 uses in incoming packets we receive, but we expect that the SG300 handles packets correctly for outgoing packets we send with this MAC address as the destination address.
  Thanks,
  Chris

• ACS v4.1 PEAP and MAC Address Validation

  I would like to authenticate to a ACS server via both 802.1x (PEAP) and to also validate the MAC Address of the user. Can both of these be done? I have 802.1x (PEAP) working to the ACS and Active Directory but now I would like to add the MAC Address of the laptops. Can I use Network Access Profiles and add the MAC-address under MAC-Authentication bypass?
  Your assistance is appreciated.

  I seem to have figured my way out of this. The reason for the short dot1x timer is that we are using MAB to authenticate the client MAC, so we actually WANT the dot1x authentication to timeout as quickly as possible for the secondary (MAB) authentication to execute.
  I'm also suffering from the age-old problem of interpreting the logic of a config originally implemented by someone else. I'm wondering if all the dot1x commands we have are actually necessary in our situation.
  What I have found when comparing new switches to old is that on the 3750s, show authentication sessions for an interface only shows mab as a runnable method, while on the 3850s it lists dot1x, mab and webauth (in that order). Using authentication order mab and authentication priority mab on an interface of the 3850 seems to do the trick. With debug mab turned on you can see the mab authentication working and the switch then allows the interface to pass traffic. Just as importantly, it blocks the port if I try using a client whose MAC is not in the ACS database.
  Appreciate your help.

• Cisco ACS 5.1 and MAC address identification/quarantining

  A client is rolling out ACS 5.1, with the eventual intent of customization network access based on Active Directory credentials (user/group, etc) – ACL’s and VLAN restrictions will be implemented as part of a “2nd phase” deployment.   For NOW, all they want is the ability to isolate devices connecting to the network by MAC address, meaning: if it’s a recognized MAC address (corporate asset), then allow full access through the port.  If it’s NOT a recognized MAC address (non-corporate asset), then place it in the guest network/VLAN.
  I’m familiar with ACS operation, configuration of policies and authorization rules, and MAC Authentication Bypass (for devices that should not have to authenticate to gain access).  What I don’t know for sure (and haven’t yet been able to find), is if ACS has the ability to react simply to the MAC address and quarantine that host into a guest network.
  Please confirm, and as always, reference links/docs are appreciated.

  Hi,
  The goal you want to achieve is possible but not with MAB.
  What you want can easily be done if you do machine authentication rather then MAB.
  With machine authentication you can have something called Machine Access Restriction, which mean that both machine and user authentication has to be done, for the user to have access to the network.
  In this scenario, whenever a user tries to log in via dot1x, the ACS checks the machine on which the user is logging in, and the user authentication is only successfull if the machine authentication was successfull.
  For this to work you have to register the machines in the domain as well as the users.
  Machines that do not exist on the domain, will fail machine authentication, and no user will be allowed to login in that machine.
  To configure this on the ACS you simply have to go to the Authorization part of the Access Policy, clic "Customize" and add the "Condition" "Was machine authenticated", as I show in the image below:
  Then, you create a new Rule and this Condition will be available:
  On the client side you need to make sure that they do dot1x machines authentication.
  This allows you a very fast way of securing both machines and users, so that only trusted machines (that exist in the domain) are allowed on the network and users can only access network by logging in from a trusted machine.
  HTH,
  Tiago
  If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

• Same device name has multiple IPs and MAC addresses - my fix

  Router: Cisco Linksys EA4500 (N900)
  Cloud Firmware: 2.1.139.145204 (no, I don't plan to update this version to the latest)
  Cable Modem Service
  So I was playing around with Oracle's VirtualBox (it's kinda like VMware, or Microsoft's HyperV) on my primary LAN-wired desktop in my home network, to create Virtual Machines (VMs, hereafter) to technically preview Microsoft's Windows 10 (may be released next year), and a couple of my other Windows installations.
  I ended up launching VMs with the same hostname, but with different MAC addresses (and thus, different IP addresses).
  The Linksys cloud firmware displayed all those MAC-IP combinations under the same hostname icon in its Smart WiFi Tools' Device List.
  Some people here have complained about this issue, and I'd like to say this has never happened to me before (using the EA4500 for over a year), and I have about 15 devices connecting to my router, a minimum of 5 online at any one time.
  With this kind of situation, you can't individually address each of those affected machines for Parental Controls and other configuration options.
  What I did to solve the problem:
  1. Ensure every VM has a unique name (change hostname in Windows Control Panel).
  (this can be challenging since a cloned VM will initially start with the same name as its master, and the problem will already occur. Once the problem occurs, just renaming the hostname and rebooting the device/VM will not solve the problem. Would be nice if it did)
  2. Get all duplicated devices off the network.
  3. Execute a "ipconfig /flushdns" from the command prompt.
  4. Delete any device (click on the x in the Device List icon) when it goes offline in the Smart WiFi Device List.
  5. Ensure no duplicates exist under Connectivity, Local Network, DHCP Reservations (I use DHCP reservation for a number of my devices so they are guaranteed a fixed local IP)
  6. Hit Refresh (more than once! ) under Troubleshooting, Status to get a list of devices with non-duplicate MAC addresses.
  7. Do the same after clicking on the DHCP client table button on the same page.
  8. Reboot the router (this step was not necessary some times, but I'd do it just to be safe).
  9. Now add the devices back onto your network one at a time.
  If there are no more hostname duplications, the VM devices with their unique MAC addresses should create new icons in the Device List page as they connect to the home network.
  Hope the above helps somebody.

  For which version of Mail and OS?

• Time Capsule Set Up - SSID Broadcast and MAC Address filtering

  How does one set up TC for MAC address filtering, and also to disable SSID broadcast? Apple store salesman assured me I could do both, but had no idea how. I can't find anything in the set up. I am used to looking at Linksys routers, so maybe it is buried somewhere.

  Selecting only "Timed Access" doesn't really fully activate MAC Address filtering. Even you have that enabled any wireless client can join the network (provided they know the password, if you have any and the SSID, if disabled). You also need to do this:
  In the AirPort Utility > Manual Setup > Access screen, the MAC address of the TC (defined as "default") is always listed. Select that and press "Edit" and on the next page, under ".... set the default network time limits" select No Access from the drop down list and then that will prevent computers that aren’t on the access control list from accessing the AirPort network. Is this what you wanted?
  This is applicable to the new TC (I didn't have a old one, so can't comment) and it's undocumented. It took me hours to figure out. Hope this helps!!!

• DHCP reservation BAD_Address and Mac Address changes.

  Ok.  I understand about Bad_Address and the things that can cause it.  That said, I am using Window 2003 and we are running DHCP.  Yesterday we had a series of short power outages.  Some were right after the other (1 or 2 seconds) others
  were 10 to 40 seconds in between.  The server (of course) has a UPS and so does most of our infrastructure (switches etc).
  But it seems that one type of Printer that we have, were all switched to bad_address and they could not pick up their reserved IP address.  Some of them seemed to remember their IP and are still functional, even though their reservation says bad_address. 
  I assume they will fail either at lease renewal or the next time they are power cycled.  What surprised me was that these bad_address entries' reservations were changed to have an invalid MAC address.
  All of them start with a 0 or a 1 and are only 8 characters long.  0401150a, 1701150a, 1901150a, hmmm.   i see a pattern forming.  They all have unique first 3 characters, but everything after that is 1150a.  That led me to figuring
  out what this number is.  It's an inverted hexadecimal representation of the ip address that is being complained about.  Why would the DHCP server replace the MAC with this convoluted string?   Is this covered in any manual?  
  I am pretty sure it's not in the DHCP RFC. 
  Not sure why it was having the problem, unless somehow the printers were powering and made the DHCP request then discovered that the old lease information was kept somehow (remember, some of the outages were very brief) after the request had gone out. 
  But that, and nothing else I can think of makes sense.  And it only happens on one model of our printer.  At least so far.  And this isn't the first time we've seen it happen this way. 
  Any ideas appreciated.
  Chris

  Hi Chris,
  Firstly, it seems that the Unique ID of the DHCP Reservations are inverted to the IP addresses in hex. And, the most possible cause is IP conflict.
  For example:
  0401150a -> 04 01 15 0a (hex) -> 4 1 15 10 (decimal) -> 10.15.1.4 (IP address)
  Meanwhile, I agree with the possible cause as you said, however, would you please kindly let us know the following:
  1. How many DHCP Servers do you have? Or, is the DHCP Server multihomed?
  2. Do the printers have multiple NICs?
  3. Are the printers both statically configured and have DHCP Reservations in the DHCP Server?
  4. DO other DHCP clients in the same scope have the same issue?
  5. Is there any trace in DHCP log?
  In addition, if Conflict detection is enabled in your DHCP Server, please disable it and see how it works.
  Also, please check if you can get some clues from this TechNet Thread:
  DHCP server bad address issue
  In addition, as the issue only occur with the same model of printers, it is worth to contact the vendor for their insight on it.
  Hope this helps.
  Jeremy Wu
  TechNet Community Support

• Keep losing my wireless and mac addresses wont hold

  For some reason, i could not delete or add any mac addresses to the aebs, which i have been using for the past couple years, so i did a hard reset on the unit. Now i have not added any security yet and the aebs keeps dropping my wireless connections. Any ideas?

  To perform a Factory Default Reset......
  Pull the power plug from the back of the AirPort Extreme
  Wait 2-3 minutes
  Hold in the reset button and keep holding it for 10-12 seconds while you plug the power back in to the Extreme
  Release the reset button after the 10-12 hold period and allow 25-30 seconds for the Extreme to come back up to a slow blinking amber light
  Before you start to reconfigure the Extreme again, power down your modem for 5-10 minutes, then restart it.

• Looking for my computer name and mac address.  Where do i find them?

  I think this should be straightforward.  Where would I find my Mac Address and name of my computer?  I want to tether with my phone and need to give my phone this info.
  Thanks in Advance.
  Deb

  Your Computer Name is found in the Sharing preferences at the top. For your MAC address open Network preferences, select your desired port such as Wireless then click on the Advanced button. Click on the Hardware tab. You will find it there.

• Bind interfaces and mac addresses

  I have a server with arch linux installed.
  The server has 2 interfaces, and my problem is that sometimes, whenever I reboot the server, I find that the interface names switch - I.E., what was eth0 is now eth1 and vice versa...
  Of course, this is a major connectivity problem, which forces me to reboot again, and hope that this time Arch will "get it right"...
  I also have several centos/redhat servers in which i found it pretty simple to just add the HWADDR to the ifcfg.ethX file, but i couldn't find anyplace where i can bind the interfaces to a specific mac address in Arch...
  Anyone had the same problem before?

  attila wrote:
  These may be in a future version of Arch's network scripts
  I use udev to get a specific name for my network:
  KERNEL=="eth*", SYSFS{address}=="MAC_ADRESS", NAME="lan"
  This works about a half year without any problems so i hope there will be a warning before doing this because than perhaps i have to change my configuration.
  the udev method will continue to work as long as udev doesnt change it's syntax. the method i've suggested will not replace it, rather it will work alongside it.
  James