E4200v2: Local Management Access via Wireless ALWAYS Enabled

I just found a slightly unsettling bug in the E4200v2 (running the latest firmware 2.0.36 build 126507).
Administration > Local Management Access > Access via Wireless ... set to DISABLED.
HOWEVER, when I attempted to access the web interface on a handy iPAD I had absolutely no problem getting through to the web interface (after providing username and passsword).
Limiting access to wired clients seems like a simple a prudent measure ... which is why this option is there for the paranoid among us.
This seems like a black-and-white bug. Comments welcome. Fix in the next firmware revisio even more welcome.

It was mentioned in another thread that disabling wireless management does indeed disable http access over port 80. However, if you're using https access--which uses port 443, that access is not blocked. So for anyone who wants to disable wireless management access, you need to enable management access via http only, and then disable the wireless access. That combination will indeed work.
I have confirmed this on my own router and can now only manage via wired connections over http.
Strange bug/oversight!

Similar Messages

Transparent Tunneling and Local Lan Access via VPN Client

Remote users using Cisco VPN 4.2 connect successfully to a Cisco Pix 515 (ver. 6.3). The client is configured to allow Transparent Tunneling and Local Lan access, but once connected to the Pix, these two options are disabled. What configuration changes are required on the Pix to enable these options? Any assistance will be greatly appreciated.
Mike Bowyer

Hi Mike,
"Transparent Tunneling" and "Local Lan Access" are two different things. "Transparent Tunneling" is dealing with establishing an IPSec Tunnel even if a NAT device is between your client and the VPN-Headend-Device. "Local LAN Access" is dealing with access to devices in the LAN your VPN-Client-Device is connected to.
What do you mean exactly with "disabled once the connection is made" ?
You can check the local LAN Access by having a look at the Route-Table of the VPN-Client:
Right Click the yellow VPN-lock Icon in System-Tray while the VPN-Connection is active and select "Statistics ...". Have a look at the second register page "route details".
Are any local LAN routes displayed when your are connected ?
And - always remember two important restrictions the Online Help of the VPN-Client is mentioning:
1: This feature works only on one NIC card, the same NIC card as the tunnel.
2: While connected, you cannot print or browse the local LAN by name; when disconnected, you can print and browse by name.
Carsten
PS: Removing Split Tunnel won't enable local LAN access as all traffic would be sent into the IPSec tunnel.

Sync fail - files accessed via app always older versions

Hi, I have a 2TB My Cloud device and various Android devices running the My Cloud App. I have the app set to auto-sync every 120mins however when accessed via the app my files are always older versions, often by a couple of months. The time stamp suggests sync has occured but when I open the file it is clearly an older version. No other error messages or obvious issues. Any ideas? ThanksStuart

Welcome to the WD Community,
If you access the drive directly from a pc, are you able to see the recent versions of the files?
Have you tried reinstalling the app?

Net access via wireless PC - possible?

I have a Power PC Mac Mini (as well as an eMac) that I'll be taking on an extended holiday with me. I also have a laptop pc with a wi-fi card, whereas my mac mini has no wireless capablility. Now, my question is, is it possible connect to the net on my Mini by using the wi-fi capabilities of the laptop PC, with my mac mini networked via an ethernet cable to the laptop? I was under the impression that you can 'piggy back' this way, but I could use some confirmation.
Thanks in advance
Mr.Gone
Mac Mini 1.25gHz 1gig Ram & eMac 1.42gHz 1.25Gig RAM Mac OS X (10.4.7)

Hi Simon,
yes, it is possible to do this. First, you have to configure your PC to access the internet wirelessly. Then you have to enable internet sharing and DHCP on your PC. Last, connect your Mac via ethernet, open System Preferences > Network, select "Built-In-Ethernet" and set it to use DHCP.
-Petra

Mx880 connected to LAN. Cannot access via wireless. ???

I have an end user on campus who has a Canon MX880 multi-function printer/copier/scanner, etc. I have it configured to a specific IP address, and connected to the college LAN via data cable, data drop. The drop is good, I have tested with a laptop. I manually set the IP4 settings on the MX880, and can ping the printer when connected via ethernet to LAN. As soon as I try to get on the the college wireless LAN, I can't ping it. I took another laptop, disconnected the data cable from the printer, plugged it into the laptop, and manually config'd the laptop to the same manual IP4 settings as the printer is set to. This time, from the other laptop, I can ping connected to the printer port wirelessly or when ethernet connected. So there is nothing wrong with the campus wired or wireless network. It's only when I try and ping the MX880, via the campus wireless network, that I have a problem. Again, I have the MX880 ethernet connected to a data drop. I have the LAN settings enabled, and IP4 manually set. I can ping the printer IP address when ethernet connected from somewhere else on the network, but I can't when I'm using the campus wireless network. And again, If I use two laptops, one used in place of the printer, but set to same IP settings, I have no problem pinging the IP address via LAN or campus wireless. Any ideas???

Most public networks (like the ones on a college campus) have built in firewalls that prevent communication between devices. They're designed primarily to give a device internet access but not to let 2 devices on the network talk to each other for security purposes (so the guy in the dorm next to you can't hack your computer). Trying to use the printer with a public network probably wont work.

Not able to get internet access via wireless

When connected via hardwired or sprint pcs card and am able to access internet with not issues. When connected via airport I cannot. When checking the settings of airport everything looks correct (ip, router, netmask, etc.). Went to Apple store they played with the laptop and it started working, they made no changes they said. Got home with laptop and again no internet. My Windows based laptops/pc are able to use the same wireless access point and access the internet with out issue.
Is there away to reset airport? or some mac tools to help identify the issue?

Robert Jenkin wrote:
Is there away to reset airport? or some mac tools to help identify the issue?
You might try resetting your connection settings using the steps listed in this message:
http://discussions.apple.com/thread.jspa?messageID=10695921&start=1
They're not guaranteed to solve the problem, but they'll only take you a minute or so to try.

Conneced to wireless router but no internet access via wireless

I don't recall the physical connections being directly attached to the router. The router in question is a Linksys WRT54G/GL/GS. My initial thought was since we rolled out Voip fairly recently one of our phones might have ganked the IP address, but that is not the case. Each of them have their own IP addresses and I don't see any conflicts. I am also able to ping the router and log into it remotely from my office, which is in a different city. Could it possibly be a firmware issue?

Hi Everyone,
One of my offices' routers is broadcasting but has no internet access. The office does have internet if you hardwire in but outside of that nothing has worked so far in regards to the WiFi. I have power cycled the router and modem to no avail and DHCP is enabled but no one can get online via WiFi. It seemed to just up and decide one morning that it was not going to allow internet access.
This topic first appeared in the Spiceworks Community

Local bean access via JNDI returns a proxy object?

Hi,
I am using JBoss, and trying to access a local bean from another bean. One would think simple enough no, with the following code adequate:
Context initialContext = new InitialContext();
CartHome cartHome = (CartHome) initialContext.lookup(“java:comp/env/ejb/cart”);Which returns the home interface, right, but no in fact a $Proxy77 is returned. Can anyone tell me why this is? Or a solution please.
Thanks in advance.
Mike

Thanks, it works. But do you think calling the executeQuery from a backing bean is against any ADF related coding standards? Should that call be only in Application Module? Please comment.

Cisco 2504 Management Via Wireless

I have a 2504 connected via a 2960S switch to an ASA5505.
Wireless is working well - wireless clients get their IP addresses from the 2504 and wired clients from the ASA (different ranges from the same subnet).
One issue though is I cannot access the web interface of the 2504 when connected to wireless, only wired. Everything else is accessible on wireless and I can ping the management address of the 2504 but the page fails to load in a browser.
I've had a look for an obvious setting but can't see one - am I missing something.
Thanks

HI,
First you must enable the management over wireless:
Via GUI:
Management > Mgmt Via Wireless page and check the Enable Controller Management to be accessible from Wireless Clients check box.
Via CLI:
config network mgmt-via-wireless enable
Regards
Dont forget to rate helpful posts

X220 - Access Connections Wireless issue - Driver disconnected while associating

I am trying to connect to our wireless network at work. I have verified that my settings are correct with the other X220s that we have connecting to our network. When the connections fails and I select "help me fix this" I get four error messages.
Thanks in advance if anybody has any ideas.
Connection status:  Not connected
Cause:  The driver disconnected while associating.
Error code:  229378
Recommended actions:
The selected wireless network is out of range or unavailable. Move to a location that is closer to the access point and try again.
Verify that the encryption settings (WEP/TKIP/AES) specified in this profile match those expected by the wireless network.
Verify that the wireless adapter in your computer has not been restricted from accessing the radio channels being used by the wireless network.
Verify that the wireless network name (SSID) is specified correctly. The SSID is case sensitive.
If the problem persists, contact your network administrator and provide the troubleshooting information below.
Adapter Details
Adapter name  Intel(R) WiFi Link 1000 BGN
Adapter type  Wireless LAN
Adapter speed  54 Mbps
Driver/Firmware version  14.0.1.2/ N/A
Adapter status  Enabled
Connection Status  Not connected
Disable unused cards?  No
TCP/IP Settings
DHCP enabled?  Yes
Append parent suffixes of the primary DNS suffix?  No
Register connection's DNS suffix in registration?  No
Register connection's DNS suffix in DNS registration?  Yes
Enable LMHOSTS Lookup?  No
NetBIOS setting  "Default"
Wireless Settings
Network name (SSID)  Harvest
Connection type  Access point
Wireless mode  Auto
Security encryption  802.1x/WPA2/AES/EAP
Internet Settings
IE Settings
Home page  http://www.fyifdi.com/default.aspx
Proxy settings
Automatically detect settings?  No
Use automatic configuration script?  No
Bypass proxy for local addresses?  No
System Information
System model  42872VU
BIOS version  8DET46WW (1.16 )
Operating system version  Windows 7, Service pack 1
Access connections version  5.85
Access Point scan list
Network name (SSID)              Wireless mode MAC address                   Signal strength Channel
EnGenius1                        802.11g        00:02:6F:6E:C5:6A              23%            1
                                 802.11g        30:37:A6:C8:5B0              48%            11
                                 802.11g        00:23:33:21:9B:80              95%            1
                                 802.11g        00:14:A8:7E:60:40              25%            3
Duket Architects Planners        802.11g        00:21:29:92:57:B9              25%            6
Global Settings
Network
Allow Windows users without administrator privileges to create and apply location profiles  ->No
Allow the wireless LAN radio to be turned off when inactive  -> Yes
Enable autodeletion of unused profiles  -> No
Disable the Peer to Peer community feature  -> Yes
Allow selection of location profiles with Fn+F5 On Screen Display menu  -> Yes
Notifications
Show ThinkVantage Access Connections status icon in task tray  -> No
Show wireless status icon in task tray  -> No
Display the progress indicator window when a profile is being applied  -> Yes
Show Access connections Gauge in task bar  -> Yes
Preferences
Enable sound effects  -> No
Enable animations  -> Yes
Do not show balloon tips from the Access Connections system tray icon  -> Yes
Do not show balloon tips from the Access connections Gauge  -> Yes
Automatic location profile switching list
Include Ethernet connections in automatic switching and prompt me to save Ethernet ports  -> No
Preferred Location Of WLAN  -> No
When no other connections are available, connect through Wireless WAN or WiMAX  -> No
Wireless priority list
Selection    Priority     Location profile name                                            Connection order                 Connection details
Yes                 1     Harvest                                                          Wireless LAN                     SSID: Harvest
Log File
Debug Log is disabled
Solved!
Go to Solution.

I share your pain with same Intel WiFi Link 1000 bgn. After many, many hours yesterday I am now solidly running Wireless N at 144 Mbps on a LinkSys E4200, 99% reception from 30 feet away.
Previous to yesterday I could not get 'N' to work at all.
First, if you have a newer dual frequency Router, this Intel adapter only supports 2.4ghz..
1. I am using Access Connections 5.85, Windows 7
2. Router: 2.4 Ghz Network Mode: Mixed
3. On my LinkSys router Channel: Auto NEVER worked for either 'G' or 'N'. I picked channel 4 by chance and things got better. No further experiments.
3. Channel Width: Auto (20mhz or 40mhz).
4. Earlier forums indicate WPA2-P and AES must be selected. That's what I am running.
5. Numerous references to "power" conflicts. Set all Power Management to Maximum Power.
(Control Panel -> Device Manager ->Network Adapters -> Intel WiFi Link 1000 bgn -> Power Management)
(Access Connections -> Wireless Settings -> 4. Advanced Configuration-> Maximum Performance)
If you followed these steps, Wireless G should be working stabily for you now.
Now for the secret sauce to make Wireless N work: go to http://communities.intel.com/message/82098#82098
See Feb 3, 2010 post How to get 5100 AGN to connect at N speed?
I am indebted to this guy.
Save the instructions! For some reason my EDGE 14 wireless totally quit this week and that's what sent me down this wireless rabbit hole again. At least this time I was able to make N mode work for the first time.
Frustrated but relieved,
Lew

Can't access management interface via vpn connection

Hi all,
I can't seem to be able to manage my ASA 5510 when I connect via vpn. My asa sits at a remote colo, and from my office i can connect fine. I have it configured as management-access (dmz), bc as of now we are just doing some staging and all the servers are in the dmz interface.
When i connect with the vpn client, in the routes it sees 192.168.1.0 255.255.255.0 which is the management network/interface.
For some reason I can't get access to 192.168.1.1 to use the ASDM.
Here is how i did my vpn via CLI
isakmp enable outside
isakmp identity address
isakmp policy 10
authentication pre-share
encryption des
hash md5
group 2
lifetime 86400
ip local pool vpnpool 10.1.1.2-10.1.1.10
access-list split_tunnel standard permit 192.168.200.0 255.255.255.0
access-list split_tunnel standard permit 192.168.100.0 255.255.255.0
access-list split_tunnel standard permit 192.168.1.0 255.255.255.0
group-policy xxxxx internal
group-policy xxxxx attributes
dns value
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split_tunnel
username xxxxx password
username xxxxxx attributes
vpn-group-policy xxxx
username xxxxxx password
username xxxxxx attributes
vpn-group-policy xxxx
username xxxx password
username xxxx attributes
vpn-group-policy xxxx
tunnel-group xxxx type ipsec-ra
tunnel-group xxxx general-attributes
address-pool vpnpool
tunnel-group xxxx ipsec-attributes
pre-shared-key
access-list vpnra permit ip 192.168.200.0 255.255.255.0 10.1.1.0 255.255.255.0
access-list vpnra permit ip 192.168.100.0 255.255.255.0 10.1.1.0 255.255.255.0
access-list vpnra permit ip 192.168.1.0 255.255.255.0 10.1.1.0 255.255.255.0
nat (inside) 0 access-list vpnra
nat (dmz) 0 access-list vpnra
nat (management) 0 access-list vprna
crypto ipsec transform-set md5des esp-des esp-md5-hmac
crypto dynamic-map dynomap 10 set transform-set md5des
crypto map vpnpeer 20 ipsec-isakmp dynamic dynomap
crypto map vpnpeer interface outside
Any help would be much appreciated

it seems like you are missing a line:
management-access "interface"
http://www.cisco.com/en/US/docs/security/asa/asa71/command/reference/m_711.html#wp1631964

Vista Ultimate: Local Network Access Only (Wired and Wireless)

Alright, I am not very experienced working with Windows Vista, and I'm having serious trouble solving this problem. I've been searching for solutions for two days and not found anything that works.
The computer is a Compaq Presario A900 running Windows Vista Ultimate (Service Pack 2). My brother used the computer's wireless internet connection for four years without problems, but lost all internet access when he returned home a couple months ago. The
computer will connect to any network, but has the message "Unidentified Network - Access: Local Only".
The computer first had the problem trying to connect to the Internet through an iPhone's Wifi connection. It happened again on the wireless network at my home. I took the computer to work to test it with a wired connection and had the same result.
I originally thought this was only a wireless problem and completely uninstalled and reinstalled the Atheros wireless card drivers.
I have completely disabled the Windows Firewall and removed all Anti-Virus (Avira free was installed - Norton is not on the computer). I have tried Safe Mode with Networking, and it does not fix the problem.
I ran a Fix-It yesterday that was supposed to fix specific registry errors, but that did not solve the problem either.
I also found a solution on this website that involved enabling sharing. One user said it fixed the problem, but it did not solve it for me.
The only thing I am certain of is that this cannot be a problem with the router. All three places I have connected have various other computers connected constantly: The iPhone regularly connects a different Windows Vista-powered laptop, Windows XP Desktop,
and Windows 7 netbook to the Internet. My wireless router successully connects a Windows XP Desktop, Windows 7 laptop, and Macbook. Obviously, the wired connection at work successfully connects over a dozen computers.
I'm out of ideas on this one...thanks.

Hi,
I've been having a similar problem; am not able to connect via wifi at our new home, but am able to connect easily at an internet cafe. Obviously, I'd like the convenience of getting connected at home! :) Getting "unidentified networK"
and local only access. Also had the same problem with the yellow ethernet cable & LAN, but finally found a partial fix online somehow so am at home using the internet now. But it is still a PITA, because every time I step away to take
a break from the computer, it goes to "sleep" and loses the connection, so I have to do a restart to get the internet connection back. And it would be much nicer to get the Wifi problem fixed, so I can move around the house to a more comfy spot rather
than being shackled in the corner by the yellow cable! :D
I will attach a screenshot of the ipconfig as suggested above, but am not all that savvy, so would appreciate step-by-step instruction how to solve this problem. I've tried a lot of suggestions, but nothing has worked yet... hoping someone here can help. Thanks
in advance! :)
oops! edit to add: grrrr, it wouldn't let me include the screenshot unless I verify my account, which I have not figured out how to do yet... another hurdle!

Accessing iphoto library on external drive via wireless

I'm running out of room on my macbook so I moved my iphoto library to an external drive (after reading other posts on how to accomplish this, copied to the external drive and connected without a problem). However, i'm accessing the external drive wirelessly from my airport extreme and now iphoto is painfully slow - it takes several seconds for each photo to resolve properly. Any suggestions for the best way to manage? Do i need to keep older photos in a library on the external drive and a library for more current ones i want to access regularly on my local? I don't think i want to have multiple libraries but the performance this way is driving me crazy.

Welcome to the Apple Discussions.
A strong warning: If you're trying to edit the Library (that is, make albums, move photos around, keyword, make books or slideshows etc.) or edit individual photos in it via Wireless be very careful. Dropouts are a common fact of wireless networking, and should one occur while the app is writing to the database then your Library will be damaged. Simply, I would not do this with my Libraries.
A wired connection is the best way to have your Library on an external.
Regards
TD

Disabling Management via Wireless - is there any point?

Hey guys.
Firstly, yes, I do know that allowing management of controllers over an unsecured WLAN is a bad idea (although even that would be SSL-secured by default, but open to brute-forcing I'd guess).
Secondly, let's assume that Management via Dynamic Interfaces is disabled too (why anyone would want to enable that is a bit beyond me too?).
This 1 little tickbox manages to justify an entire page in the GUI, so it definitely looks pretty darn important!
The problem is that in a multi-controller environment the only controller that knows you're connecting over wireless is the one that you're connecting through. Any other controller will be happy to accept the management connection on it's management interface address because it sees it as coming from the wired network. To prevent this from happening I think you could do either of two things...
1) Apply a CPU ACL that blocks the client IP ranges, which will work equally well for wireless and wired-side connections, i.e. it's the equivalent of the "management via wireless" setting but works for all controllers simultaneously. You'd have to remember to keep this updated though if ever your WLANs and client ranges change.
2) Put the management interfaces of all controllers in an isolated management VLAN (which will potentially complicate all your supporting services access, e.g. DHCP/RADIUS/etc.). That'll stop the undesirable "wired" access on the n-1 controllers and then the mgmt-via-wireless will take care of the wireless access to the other 1 controller.
So the setting seems rather pointless on it's own in anything other than in a single-controller environment. I'm sure I've read somewhere that the controllers do tell each other about their current clients (for things like CCKM and rogue management), so wouldn't it be cool if this centralised awareness logic was applied to management connections?
What are the experiences out there with this feature? Is it generally seen as worthwhile, or does it really need some extra planning and possible augmentation via other features to be of any value?
In general, other than popular paranoia about wireless being "less secure" than wired access, what are the compelling reasons for denying management via wireless? As I mentioned above, even over a completely non-secured WLAN you'd still have SSL/SSH security if you configure your allowed management protocols right.
Thanks,
Justin

Yes "It makes the auditors happy" is definitely a good and valid reason.
I've just co-incidentally come across this in the 5.0.148 release notes:
http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn501480.html#wp234100
"Preventing Clients from Accessing the Management Network on a Controller
To prevent or block a wired or wireless client from accessing the management network on a controller (from the wireless client dynamic interface or VLAN), the network administrator should ensure that there is no route through which to reach the controller from the dynamic interface or use a firewall between the client dynamic interface and the management network."
That makes sense, but do many folks out there do it that way? Generally there's not much control between the management VLAN and the users' VLAN because the latter is usually where the wireless-supporting services reside.

Management via wireless after H-REAP config

Hi,
Before I turned on H-REAP, created dynamic interfaces and did all the trunking to the AP's I could https to our controller on the management interface from the wireless network. After I put the config in place for the new SSID's, H-REAP etc.. I can't get to it from the wireless network. I can get to it from the local LAN. Any ideas??
Thanks.

Hi Mike,
I'm trying to understand your question here ... If you have H-REAP enabled, you are UNABLE to HTTP/HTTPS into the WLC even when "Mgmt Via Wireless" is ticked (enabled)? What firmware are you using?
I am asking because I am using 5.2.178.0 and Cisco has confirmed that there is a bug (CSCsz06335). With "Mgmt Via Wireless" is ticked (enabled) the bug ALLOWS you to manage the WLC via Wireless.
This problem is only evident in the 5.2.178.0 version.
According to Cisco TAC, a new firmware should be made available by early June 2009.
Hope this helps.

E4200v2: Local Management Access via Wireless *ALWAYS* Enabled

Similar Messages

Maybe you are looking for

E4200v2: Local Management Access via Wireless ALWAYS Enabled