Filtering IPv4

Is it possible to filter out all IPv4 traffic to completely isolate a device such that onlyIPv6 traffic is allowed? The goal is to prevent any IPv4 traffic from flowing through a device. If this can be done, can it be configured on a router and switch or just one or the other? Has anyone configured this?

Sorry this is a very old thread, but yes thats very easy when writing access-list use this:
any , any4 , and any6 —
any specifies both IPv4 and IPv6 traffic;
any4 specifies only IPv4 traffic; and
any6 specifies any IPv6 traffic.

Similar Messages

Filtering/Dropping IPv6 on IPv4-only Devices?

Hi All -
Got an interesting requirement that (for something seemingly simple) has been remarkably challenging to locate a solution for...
Having a problem with random IPv6 traffic showing up on the enterprise LAN from time to time and freaking out certain network-connected devices that don't know how to process it (CPU 100%, etc.). So I'm looking for a way to filter/drop that IPv6 traffic at the network edge. I can certainly set the core 6500's not route (or even ignore) IPv6, but that still doesn't stop it from running around WITHIN a VLAN.
Is there a way that a IPv4-only device can identify IPv6 traffic (by a protocol type code or something along that line) so that it can be filtered/dropped before it even makes it onto the backbone?
Thanks in advance!
Mike

Mike-
Good question! The first thing I thought of was VACL's, but VACLs w/IPv6 are not supported on the 6000 series switch.
http://www.cisco.com/en/US/tech/tk389/tk814/technologies_configuration_example09186a00808122ac.shtml#vacl
Are the 6500's your access layer? Are they your L3 gateway? Is it possible for you to find the device(s) running IPv6 and correct them?

Context Directory Agent ipv4 and ipv6 mappings

I have the context directory agent 1.0 patch 2 installed and running. It works good mostly. We have a duel stack running ipv6 and ipv4 on our workstations. They connect to the AD with ipv6, so the mapping is for ipv6. Is there a way to get the ipv4 mappings?
We need to map both addresses for the Web Filtering on the CX.

Same question.

IPhones not taking ipv4 addresses on Unified Wireless (WLC 5508 and AP 3602)

This is a really odd one...
Earlier this week we started having issues with our BYOD wireless network (802.1x, WPA2+AES) but only with Apple devices (iphone and ipad). Employees with Android or Windows phones are not having any problems at all.
A brief summary of what's observable for the issue:
Radius authentication succeeds (PASS observable in ACS logs)
IPhone status viewed on both controllers (foreign anchor in DMZ as well as corporate WLC) shows phone associated.
Debug client output shows an IPv4 address is actually being assigned to the phone however it appears to ignore it and restart the DHCP request process so debug output shows what looks to be a loop of DHCP request and offer stages.
Infrastructure notes
Cisco WLC 5508s are all running 7.4.121.0 (tried rolling back to 7.2.110.0 .....didn't help)
APs are all 3602I-N-K9
DHCP for the BYOD network is running on the anchor in the DMZ however this was temporarily moved to a switch (had no effect).
Any ideas?
DHCP Loop:
*mmListen: Apr 30 11:44:50.476: a4:c3:61:7a:1a:4f 0.0.0.0 RUN (20) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 15206 Local Bridging Vlan = 93, Local Bridging intf id = 12
*mmListen: Apr 30 11:44:50.476: a4:c3:61:7a:1a:4f 0.0.0.0 RUN (20) Successfully plumbed mobile rule (IPv4 ACL ID 255, IPv6 ACL ID 255)
*pemReceiveTask: Apr 30 11:44:50.476: a4:c3:61:7a:1a:4f Set bi-dir guest tunnel for a4:c3:61:7a:1a:4f as in Export Anchor role
*pemReceiveTask: Apr 30 11:44:50.476: a4:c3:61:7a:1a:4f 0.0.0.0 Added NPU entry of type 1, dtlFlags 0x4
*pemReceiveTask: Apr 30 11:44:50.476: a4:c3:61:7a:1a:4f Pushing IPv6: fe80:0000:0000:0000: 0c00:0c94:459e:a9db , and MAC: A4:C3:61:7A:1A:4F , Binding to Data Plane. SUCCESS !!
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP received op BOOTREQUEST (1) (len 308,vlan 92, port 13, encap 0xec05)
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP selecting relay 1 - control block settings:
                        dhcpServer: 172.24.13.251, dhcpNetmask: 0.0.0.0,
                        dhcpGateway: 0.0.0.0, dhcpRelay: 172.24.16.251 VLAN: 93
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP selected relay 1 - 172.24.13.251 (local address 172.24.16.251, gateway 172.24.16.254, VLAN 93, port 13)
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP transmitting DHCP DISCOVER (1)
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP   op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP   xid: 0x7e549f4a (2119475018), secs: 0, flags: 0
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP   chaddr: a4:c3:61:7a:1a:4f
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP   ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP   siaddr: 0.0.0.0, giaddr: 172.24.16.251
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP selecting relay 2 - control block settings:
                        dhcpServer: 172.24.13.251, dhcpNetmask: 0.0.0.0,
                        dhcpGateway: 0.0.0.0, dhcpRelay: 172.24.16.251 VLAN: 93
*DHCP Socket Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP selected relay 2 - NONE
*DHCP Proxy Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP received op BOOTREPLY (2) (len 572,vlan 0, port 0, encap 0x0)
*DHCP Proxy Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP sending packet in EoIP tunnel to foreign 10.65.31.8 (len 346)
*DHCP Proxy Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP transmitting DHCP OFFER (2)
*DHCP Proxy Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP   op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*DHCP Proxy Task: Apr 30 11:44:50.479: a4:c3:61:7a:1a:4f DHCP   xid: 0x7e549f4a (2119475018), secs: 0, flags: 0
*DHCP Proxy Task: Apr 30 11:44:50.480: a4:c3:61:7a:1a:4f DHCP   chaddr: a4:c3:61:7a:1a:4f
*DHCP Proxy Task: Apr 30 11:44:50.480: a4:c3:61:7a:1a:4f DHCP   ciaddr: 0.0.0.0, yiaddr: 172.24.16.102
*DHCP Proxy Task: Apr 30 11:44:50.480: a4:c3:61:7a:1a:4f DHCP   siaddr: 0.0.0.0, giaddr: 0.0.0.0
*DHCP Proxy Task: Apr 30 11:44:50.480: a4:c3:61:7a:1a:4f DHCP   server id: 0.0.0.0 rcvd server id: 172.24.13.251
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP received op BOOTREQUEST (1) (len 308,vlan 92, port 13, encap 0xec05)
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP selecting relay 1 - control block settings:
                        dhcpServer: 172.24.13.251, dhcpNetmask: 0.0.0.0,
                        dhcpGateway: 0.0.0.0, dhcpRelay: 172.24.16.251 VLAN: 93
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP selected relay 1 - 172.24.13.251 (local address 172.24.16.251, gateway 172.24.16.254, VLAN 93, port 13)
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP transmitting DHCP DISCOVER (1)
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP   op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP   xid: 0x7e549f4a (2119475018), secs: 1, flags: 0
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP   chaddr: a4:c3:61:7a:1a:4f
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP   ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP   siaddr: 0.0.0.0, giaddr: 172.24.16.251
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP selecting relay 2 - control block settings:
                        dhcpServer: 172.24.13.251, dhcpNetmask: 0.0.0.0,
                        dhcpGateway: 0.0.0.0, dhcpRelay: 172.24.16.251 VLAN: 93
*DHCP Socket Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP selected relay 2 - NONE
*DHCP Proxy Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP received op BOOTREPLY (2) (len 572,vlan 0, port 0, encap 0x0)
*DHCP Proxy Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP sending packet in EoIP tunnel to foreign 10.65.31.8 (len 346)
*DHCP Proxy Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP transmitting DHCP OFFER (2)
*DHCP Proxy Task: Apr 30 11:44:51.649: a4:c3:61:7a:1a:4f DHCP   op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*DHCP Proxy Task: Apr 30 11:44:51.650: a4:c3:61:7a:1a:4f DHCP   xid: 0x7e549f4a (2119475018), secs: 0, flags: 0
*DHCP Proxy Task: Apr 30 11:44:51.650: a4:c3:61:7a:1a:4f DHCP   chaddr: a4:c3:61:7a:1a:4f
*DHCP Proxy Task: Apr 30 11:44:51.650: a4:c3:61:7a:1a:4f DHCP   ciaddr: 0.0.0.0, yiaddr: 172.24.16.102
*DHCP Proxy Task: Apr 30 11:44:51.650: a4:c3:61:7a:1a:4f DHCP   siaddr: 0.0.0.0, giaddr: 0.0.0.0
*DHCP Proxy Task: Apr 30 11:44:51.650: a4:c3:61:7a:1a:4f DHCP   server id: 0.0.0.0 rcvd server id: 172.24.13.251
*DHCP Socket Task: Apr 30 11:44:53.754: a4:c3:61:7a:1a:4f DHCP received op BOOTREQUEST (1) (len 308,vlan 92, port 13, encap 0xec05)
*DHCP Socket Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP selecting relay 1 - control block settings:
                        dhcpServer: 172.24.13.251, dhcpNetmask: 0.0.0.0,
                        dhcpGateway: 0.0.0.0, dhcpRelay: 172.24.16.251 VLAN: 93
*DHCP Socket Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP selected relay 1 - 172.24.13.251 (local address 172.24.16.251, gateway 172.24.16.254, VLAN 93, port 13)
*DHCP Socket Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP transmitting DHCP DISCOVER (1)
*DHCP Socket Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP   op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*DHCP Socket Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP   xid: 0x7e549f4a (2119475018), secs: 3, flags: 0
*DHCP Socket Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP   chaddr: a4:c3:61:7a:1a:4f
*DHCP Socket Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP   ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP   siaddr: 0.0.0.0, giaddr: 172.24.16.251
*DHCP Socket Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP selecting relay 2 - control block settings:
                        dhcpServer: 172.24.13.251, dhcpNetmask: 0.0.0.0,
                        dhcpGateway: 0.0.0.0, dhcpRelay: 172.24.16.251 VLAN: 93
*DHCP Socket Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP selected relay 2 - NONE
*DHCP Proxy Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP received op BOOTREPLY (2) (len 572,vlan 0, port 0, encap 0x0)
*DHCP Proxy Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP sending packet in EoIP tunnel to foreign 10.65.31.8 (len 346)
*DHCP Proxy Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP transmitting DHCP OFFER (2)
*DHCP Proxy Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP   op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*DHCP Proxy Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP   xid: 0x7e549f4a (2119475018), secs: 0, flags: 0
*DHCP Proxy Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP   chaddr: a4:c3:61:7a:1a:4f
*DHCP Proxy Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP   ciaddr: 0.0.0.0, yiaddr: 172.24.16.102
*DHCP Proxy Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP   siaddr: 0.0.0.0, giaddr: 0.0.0.0
*DHCP Proxy Task: Apr 30 11:44:53.755: a4:c3:61:7a:1a:4f DHCP   server id: 0.0.0.0 rcvd server id: 172.24.13.251
*DHCP Socket Task: Apr 30 11:44:58.594: a4:c3:61:7a:1a:4f DHCP received op BOOTREQUEST (1) (len 308,vlan 92, port 13, encap 0xec05)
*DHCP Socket Task: Apr 30 11:44:58.594: a4:c3:61:7a:1a:4f DHCP selecting relay 1 - control block settings:
                        dhcpServer: 172.24.13.251, dhcpNetmask: 0.0.0.0,
                        dhcpGateway: 0.0.0.0, dhcpRelay: 172.24.16.251 VLAN: 93
*DHCP Socket Task: Apr 30 11:44:58.594: a4:c3:61:7a:1a:4f DHCP selected relay 1 - 172.24.13.251 (local address 172.24.16.251, gateway 172.24.16.254, VLAN 93, port 13)
*DHCP Socket Task: Apr 30 11:44:58.594: a4:c3:61:7a:1a:4f DHCP transmitting DHCP DISCOVER (1)
*DHCP Socket Task: Apr 30 11:44:58.594: a4:c3:61:7a:1a:4f DHCP   op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*DHCP Socket Task: Apr 30 11:44:58.594: a4:c3:61:7a:1a:4f DHCP   xid: 0x7e549f4a (2119475018), secs: 8, flags: 0
*DHCP Socket Task: Apr 30 11:44:58.594: a4:c3:61:7a:1a:4f DHCP   chaddr: a4:c3:61:7a:1a:4f
*DHCP Socket Task: Apr 30 11:44:58.594: a4:c3:61:7a:1a:4f DHCP   ciaddr: 0.0.0.0, yiaddr: 0.0.0.0
*DHCP Socket Task: Apr 30 11:44:58.594: a4:c3:61:7a:1a:4f DHCP   siaddr: 0.0.0.0, giaddr: 172.24.16.251
*DHCP Socket Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP selecting relay 2 - control block settings:
                        dhcpServer: 172.24.13.251, dhcpNetmask: 0.0.0.0,
                        dhcpGateway: 0.0.0.0, dhcpRelay: 172.24.16.251 VLAN: 93
*DHCP Socket Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP selected relay 2 - NONE
*DHCP Proxy Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP received op BOOTREPLY (2) (len 572,vlan 0, port 0, encap 0x0)
*DHCP Proxy Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP sending packet in EoIP tunnel to foreign 10.65.31.8 (len 346)
*DHCP Proxy Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP transmitting DHCP OFFER (2)
*DHCP Proxy Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP   op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*DHCP Proxy Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP   xid: 0x7e549f4a (2119475018), secs: 0, flags: 0
*DHCP Proxy Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP   chaddr: a4:c3:61:7a:1a:4f
*DHCP Proxy Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP   ciaddr: 0.0.0.0, yiaddr: 172.24.16.102
*DHCP Proxy Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP   siaddr: 0.0.0.0, giaddr: 0.0.0.0
*DHCP Proxy Task: Apr 30 11:44:58.595: a4:c3:61:7a:1a:4f DHCP   server id: 0.0.0.0 rcvd server id: 172.24.13.251
*DHCP Socket Task: Apr 30 11:45:07.059: a4:c3:61:7a:1a:4f DHCP received op BOOTREQUEST (1) (len 308,vlan 92, port 13, encap 0xec05)
*DHCP Socket Task: Apr 30 11:45:07.059: a4:c3:61:7a:1a:4f DHCP selecting relay 1 - control block settings:
                        dhcpServer: 172.24.13.251, dhcpNetmask: 0.0.0.0,

Thanks Scott, here you go...
On Foreign:
WLAN Identifier.................................. 2
Profile Name..................................... BAI-Beta
Network Name (SSID).............................. BAI-Beta
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Disabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status ....................... Disabled
   DHCP ......................................... Disabled
   HTTP ......................................... Disabled
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 42
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 86400 seconds
User Idle Timeout................................ 300 seconds
--More-- or (q)uit
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... CHTWLC
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
mDNS Status...................................... Enabled
mDNS Profile Name................................ default-mdns-profile
DHCP Server...................................... Default
DHCP Address Assignment Required................. Enabled
Static IP client tunneling....................... Disabled
PMIPv6 Mobility Type............................. none
Quality of Service............................... Bronze
Per-SSID Rate Limits............................. Upstream      Downstream
Average Data Rate................................   0             0
Average Realtime Data Rate.......................   0             0
Burst Data Rate..................................   0             0
Burst Realtime Data Rate.........................   0             0
Per-Client Rate Limits........................... Upstream      Downstream
Average Data Rate................................   0             0
Average Realtime Data Rate.......................   0             0
--More-- or (q)uit
Burst Data Rate..................................   0             0
Burst Realtime Data Rate.........................   0             0
Scan Defer Priority.............................. 5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Disabled
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
   Authentication................................ 172.24.13.20 1812
   Accounting.................................... Disabled
   Dynamic Interface............................. Disabled
   Dynamic Interface Priority.................... wlan
Local EAP Authentication......................... Disabled
--More-- or (q)uit
Security
   802.11 Authentication:........................ Open System
   FT Support.................................... Disabled
   Static WEP Keys............................... Disabled
   802.1X........................................ Disabled
   Wi-Fi Protected Access (WPA/WPA2)............. Enabled
      WPA (SSN IE)............................... Disabled
      WPA2 (RSN IE).............................. Enabled
         TKIP Cipher............................. Disabled
         AES Cipher.............................. Enabled
                                                               Auth Key Management
         802.1x.................................. Enabled
         PSK..................................... Disabled
         CCKM.................................... Disabled
         FT-1X(802.11r).......................... Disabled
         FT-PSK(802.11r)......................... Disabled
         PMF-1X(802.11w)......................... Disabled
         PMF-PSK(802.11w)........................ Disabled
      FT Reassociation Timeout................... 20
      FT Over-The-DS mode........................ Enabled
      GTK Randomization.......................... Disabled
      SKC Cache Support.......................... Disabled
--More-- or (q)uit
      CCKM TSF Tolerance......................... 1000
   WAPI.......................................... Disabled
   Wi-Fi Direct policy configured................ Disabled
   EAP-Passthrough............................... Disabled
   CKIP ......................................... Disabled
   Web Based Authentication...................... Disabled
   Web-Passthrough............................... Disabled
   Conditional Web Redirect...................... Disabled
   Splash-Page Web Redirect...................... Disabled
   Auto Anchor................................... Enabled
   FlexConnect Local Switching................... Disabled
   flexconnect Central Dhcp Flag................. Disabled
   flexconnect nat-pat Flag...................... Disabled
   flexconnect Dns Override Flag................. Disabled
   FlexConnect Vlan based Central Switching ..... Disabled
   FlexConnect Local Authentication.............. Disabled
   FlexConnect Learn IP Address.................. Enabled
   Client MFP.................................... Optional
   PMF........................................... Disabled
   PMF Association Comeback Time................. 1
   PMF SA Query RetryTimeout..................... 200
   Tkip MIC Countermeasure Hold-down Timer....... 60
AVC Visibilty.................................... Disabled
--More-- or (q)uit
AVC Profile Name................................. None
Flow Monitor Name................................ None
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Assisted Roaming Prediction Optimization......... Disabled
802.11k Neighbor List............................ Disabled
802.11k Neighbor List Dual Band.................. Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID     IP Address            Status
2           172.24.13.251        Up
802.11u........................................ Disabled
MSAP Services.................................. Disabled
On Anchor:
WLAN Identifier.................................. 1
Profile Name..................................... BAI-Beta
Network Name (SSID).............................. BAI-Beta
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Disabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status ....................... Disabled
   DHCP ......................................... Disabled
   HTTP ......................................... Disabled
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum number of Associated Clients............. 0
Maximum number of Clients per AP Radio........... 200
Number of Active Clients......................... 48
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 86400 seconds
User Idle Timeout................................ 300 seconds
--More-- or (q)uit
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... CHADWLC01
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ bai-beta
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
mDNS Status...................................... Enabled
mDNS Profile Name................................ default-mdns-profile
DHCP Server...................................... Default
DHCP Address Assignment Required................. Enabled
Static IP client tunneling....................... Disabled
PMIPv6 Mobility Type............................. none
Quality of Service............................... Bronze
Per-SSID Rate Limits............................. Upstream      Downstream
Average Data Rate................................   0             0
Average Realtime Data Rate.......................   0             0
Burst Data Rate..................................   0             0
Burst Realtime Data Rate.........................   0             0
Per-Client Rate Limits........................... Upstream      Downstream
Average Data Rate................................   0             0
Average Realtime Data Rate.......................   0             0
--More-- or (q)uit
Burst Data Rate..................................   0             0
Burst Realtime Data Rate.........................   0             0
Scan Defer Priority.............................. 5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Disabled
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
   Authentication................................ 172.24.13.20 1812
   Accounting.................................... Disabled
   Dynamic Interface............................. Disabled
   Dynamic Interface Priority.................... wlan
Local EAP Authentication......................... Disabled
--More-- or (q)uit
Security
   802.11 Authentication:........................ Open System
   FT Support.................................... Disabled
   Static WEP Keys............................... Disabled
   802.1X........................................ Disabled
   Wi-Fi Protected Access (WPA/WPA2)............. Enabled
      WPA (SSN IE)............................... Disabled
      WPA2 (RSN IE).............................. Enabled
         TKIP Cipher............................. Disabled
         AES Cipher.............................. Enabled
                                                               Auth Key Management
         802.1x.................................. Enabled
         PSK..................................... Disabled
         CCKM.................................... Disabled
         FT-1X(802.11r).......................... Disabled
         FT-PSK(802.11r)......................... Disabled
         PMF-1X(802.11w)......................... Disabled
         PMF-PSK(802.11w)........................ Disabled
      FT Reassociation Timeout................... 20
      FT Over-The-DS mode........................ Enabled
      GTK Randomization.......................... Disabled
      SKC Cache Support.......................... Disabled
--More-- or (q)uit
      CCKM TSF Tolerance......................... 1000
   WAPI.......................................... Disabled
   Wi-Fi Direct policy configured................ Disabled
   EAP-Passthrough............................... Disabled
   CKIP ......................................... Disabled
   Web Based Authentication...................... Disabled
   Web-Passthrough............................... Disabled
   Conditional Web Redirect...................... Disabled
   Splash-Page Web Redirect...................... Disabled
   Auto Anchor................................... Enabled
   FlexConnect Local Switching................... Disabled
   flexconnect Central Dhcp Flag................. Disabled
   flexconnect nat-pat Flag...................... Disabled
   flexconnect Dns Override Flag................. Disabled
   FlexConnect Vlan based Central Switching ..... Disabled
   FlexConnect Local Authentication.............. Disabled
   FlexConnect Learn IP Address.................. Enabled
   Client MFP.................................... Optional
   PMF........................................... Disabled
   PMF Association Comeback Time................. 1
   PMF SA Query RetryTimeout..................... 200
   Tkip MIC Countermeasure Hold-down Timer....... 60
AVC Visibilty.................................... Disabled
--More-- or (q)uit
AVC Profile Name................................. None
Flow Monitor Name................................ None
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Assisted Roaming Prediction Optimization......... Disabled
802.11k Neighbor List............................ Disabled
802.11k Neighbor List Dual Band.................. Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
Multicast Buffer................................. Disabled
Mobility Anchor List
WLAN ID     IP Address            Status
1           172.24.13.251        Up
802.11u........................................ Disabled
MSAP Services.................................. Disabled

DHCP reservation & DNS for content filtering

Hi All,
I am working around with server 2008 for quite a while and facing a problem as below,
1.DHCP reservation error
Server Ip:192.168.0.254 (configured as DNS server for local use only with AD & DHCP)
DHCP scope: 192.168.0.100 to 192.168.0.200 excluded 192.168.0.100 to 192.168.0.110
earlier the same scope was 192.168.0.10 to 192.168.0.100. I was facing a error when I make a IP reservation against a MAC number error was " The unique identifier may not be correct do you want to use the identifier anyway" when I click yes "DHCP
server received a message from a client that is not valid" and by this error I am not able to make any reservations now against MAC numbers.
The same error was also on the earlier scope and that's why changed to a new scope but did not work. Any solutions will me much appreciated
2.DNS fine tuning.
I have an open DNS account on which my WAN IP number is configured to do a content filtering. I have two LAN ports with the below IP number
Local : 192.168.0.254 ( configured with no gateway and DNS as loopback (127.0.0.1)
ISP: 192.168.0.253 (with ISP gateway and DNS as loop back adapter & open DNS)
I have did a content filtering and things are working fine. But I got to open up some machines out of this content filtering and when I try to give the IP number in this below fashion.
192.168.0.115
255.255.255.0
192.168.0.1
DNS
192.168.0.254
ISP DNS to avoid filtering
I find that 192.168.0.254 does the resolving and things are still filtered as per the schedule. Is there a way where we can configure 192.168.0.254 (Local DNS server) to stop resolving web requests and only cater to resolving local names for connectivity.
I do know its too long but solutions for the same will be help me out to solve it. Thanks in advance.
Regards,
Vaschell

Hello,
I have found something strange on the DHCP reservation. When I try to add a MAC number out of the network its able to make out a reservation.
Is there any way to clear the MAC number cache or something else which I can try.
A copy of the ipconfig /all for the server is below,
C:\Users\Administrator>ipconfig /all
Windows IP Configuration
   Host Name . . . . . . . . . . . . : server
   Primary Dns Suffix . . . . . . . : xyzabc.com
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : xyzabc.com
Ethernet adapter LOCAL:
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Intel(R) I210 Gigabit Network Connectio
#2
   Physical Address. . . . . . . . . : 00-1E-67-A4-F4-DC
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.0.254(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 127.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter ISP:
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Intel(R) I210 Gigabit Network Connectio
   Physical Address. . . . . . . . . : 00-1E-67-A4-F4-DB
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.0.253(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 127.0.0.1
                                       208.67.222.222
                                       208.67.220.220
   NetBIOS over Tcpip. . . . . . . . : Enabled
PPP adapter RAS (Dial In) Interface:
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : RAS (Dial In) Interface
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.0.205(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter Local Area Connection* 8:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : isatap.{0602F6CF-4B32-491F-994A-3C0952D
B54}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 9:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : isatap.{6A14710B-A078-4AF9-BD7A-989767F
377}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 11:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 12:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
C:\Users\Administrator>
Thanks,
Vaschell

Privacy Enhancing Filtering Proxy Chain for OS X

A privacy enhanced web proxy is a nearly essential tool on the modern web: it blocks ads, malicious scripts, and conceals information used to track you around the web. I've provided a quick setup below in case it's useful to others. This will build a privatizing squid:privoxy proxy chain that works with any browser, and can be used by anyone on your LAN, including and especially secure VPN logins and ssh tunnels. In my experience, this setup is a lot more capable and effective than using a simple adblocking Firefox Add-On. There's a world of difference between reading ad-filled web pages with and without a filtering proxy server. I've also included information for a polipo proxy that can be used with Tor for full anonymity, as well as a script for ssh tunnelling
Install Xcode and Macports
Install squid, privoxy, and polipo:
$ sudo port selfupdate
$ sudo port install squid privoxy polipo
$ sudo port load squid privoxy polipo
Configure the squid/privoxy/polipo config files shown below, then relaunch the proxies and test to make sure they're up:
$ sudo launchctl unload -w /Library/LaunchDaemons/org.macports.Squid.plist
$ sudo launchctl load -w /Library/LaunchDaemons/org.macports.Squid.plist
$ sudo launchctl unload -w /Library/LaunchDaemons/org.macports.Privoxy.plist
$ sudo launchctl load -w /Library/LaunchDaemons/org.macports.Privoxy.plist
$ sudo launchctl unload -w /Library/LaunchDaemons/org.macports.Polipo.plist
$ sudo launchctl load -w /Library/LaunchDaemons/org.macports.Polipo.plist
$ nmap -p 3128,8118,8123 localhost
Starting Nmap 5.51 ( http://nmap.org ) at 2012-02-07 11:47 EST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00013s latency).
PORT     STATE SERVICE
3128/tcp open squid-http
8118/tcp open privoxy
8123/tcp open polipo
Now web applications can use your filtering web proxy chain. If you use the config files below, websites will not know where you came from (HTTP_REFERER header is forged), and will not know your User Agent (also forged), and read access is block to several HTTP header fields. Ads are filtered. Your connection looks like this:
Application <--port 3128--> Squid <--port 8118--> Privoxy <----> Internet
Configure your network to add an option to route your web traffic through this proxy. System Preferences>Network>Wi-Fi/Ethernet/...>Locations:>Edit Locations...> Gear icon, Duplicate Location, Advanced...>Proxies> Check boxes for HTTP and HTTPS web proxies with proxy server localhost:3128.
While you're at it, configure your OS and browsers to block Adobe flash cookies. Read this WSJ article series to understand how this impacts your privacy.
System Preferences>Flash Player>Block all sites from storing information, using your camera and microphone, and networking with peers. Also Delete all data and go to this Adobe Flash Player Settings web page and block all sites from storing information, using your camera and microphone, and networking with peers.
Firefox/Safari>DO NOT ALLOW third party cookies, request not to be tracked
Firefox Add-Ons: NoScript (blocks/manages JavaScript), Beef TACO (blocks/manages flash cookies), BetterPrivacy (blocks/manages flash cookies), and the EFFs HTTPS Everywhere.
You can also download the Tor anonymous proxy chain for both OS X and iOS devices. This will run a little polipo proxy natively on mobile devices.
Here are the config file settings. Search through the config file too see the appropriate location for these settings. Turn off http_access and icp_access (squid), permit-access (privoxy), and allowedClients (polipo) if you do not want everyone on your LAN to be able to use the proxy. Double check that you're not running an open web proxy on the internet.
$ sudo vi /opt/local/etc/squid/squid.conf
# See http://www.privoxy.org/user-manual/config.html
# Define Privoxy as parent proxy (without ICP)
cache_peer 127.0.0.1 parent 8118 7 no-query
http_access allow localnet
icp_access allow localnet
via off
# old 'http_anonymizer standard'
header_access From deny all
# forge Referer in Privoxy
# header_access Referer deny all
header_access Server deny all
# forge User-Agent in Privoxy
# header_access User-Agent deny all
header_access WWW-Authenticate deny all
header_access Link deny all
# more privacy
header_access Cache-Control deny all
header_access Proxy-Connection deny all
header_access X-Cache deny all
header_access X-Cache-Lookup deny all
header_access Via deny all
header_access Forwarded-For deny all
header_access X-Forwarded-For deny all
header_access Pragma deny all
header_access Keep-Alive deny all
shutdown_lifetime 10 seconds
# See http://www.privoxy.org/user-manual/config.html
# Define ACL for protocol FTP
acl ftp proto FTP
# Do not forward FTP requests to Privoxy
always_direct allow ftp
# See http://www.privoxy.org/user-manual/config.html
# Forward all the rest to Privoxy
never_direct allow all
dns_nameservers 10.0.1.2 10.0.1.1
forwarded_for off
$ sudo vi /opt/local/etc/privoxy/config
forward /      .
$ sudo vi /opt/local/etc/privoxy/match-all.action
+change-x-forwarded-for{block} \
+deanimate-gifs{last} \
+filter{refresh-tags} \
+filter{img-reorder} \
+filter{banners-by-size} \
+filter{webbugs} \
+filter{jumping-windows} \
+filter{ie-exploits} \
+hide-from-header{block} \
+hide-referrer{conditional-block} \
+session-cookies-only \
+set-image-blocker{pattern} \
/ # Match all URLs
# See http://www.christianschenk.org/blog/enhancing-your-privacy-using-squid-and-privo xy/
+hide-referrer{conditional-forge} \
+hide-user-agent{Mozilla/5.0} \
/ # Match all URLs
$ sudo vi /opt/local/etc/privoxy/user.action
# fix bing's travel site, others
{ -block }
ads1.msn.com/
.bing.com/travel/jsxc\.vjs\?
.onecause.com
.apple.com
.go.com
# sourceforge
{ -block -filter -deanimate-gifs}
.sourceforge.net
.dell.com
# expedia
{ -hide-user-agent }
.expedia.com
# don't filter downloads
{-filter -deanimate-gifs}
/.*\.iso(\?|$)
/.*\.mp3(\?|$)
/.*\.mp4(\?|$)
/.*\.mov(\?|$)
/.*\.mpg(\?|$)
/.*\.ogg(\?|$)
/.*\.aac(\?|$)
/.*\.zip(\?|$)
/.*\.pdf(\?|$)
/.*\.dmg(\?|$)
/.*\.tar(\?|$)
/.*\.gz(\?|$)
/.*\.dat(\?|$)
$ sudo vi /opt/local/etc/privoxy/config
proxyAddress = "0.0.0.0"    # IPv4 only
allowedClients = 127.0.0.1, 10.0.1.0/16

This configuration looks great and I was try to apply for my laptop. Unfortunatly I'm not an expert, and I have problem with config file settings for squid.config.
I was installing squid (at first 2.7 version but later 3.1, because being able to use the GUI squidMan)), Privoxy and polipo with sucess with MacPorts. Using also MacPort to get nmap.and proxies look to be up :
Starting Nmap 6.01 ( http://nmap.org ) at 2012-08-23 21:59 PHT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00046s latency).
PORT     STATE SERVICE
3128/tcp open squid-http
8118/tcp open privoxy
8123/tcp open polipo
Configure the network was not a problem (just an interrogation about FTP proxy ?)
To edit and add lines and save match-all.action,user.action
was fine also. I don't know why the command sudo vi /opt/local/etc/privoxy/config is repeat twice one to add forward / and later
proxyAddress = "0.0.0.0"    # IPv4 only
allowedClients = 127.0.0.1, 10.0.1.0/16
I was add these 3 lines anyway, the main problem being I guess to put properly configurations for squid.conf
Here below the template gave by SquidMan,(easier for me getting the main lines!) I just have modified Privoxy as parent proxy but I was not able to manage properly where adding these settings.( getting error about localhost ie).
Could you kindly past them in this template ? I guess it will fix my configuration ! thank you in advance.
Sincerly,
Franck
# WARNING - do not edit this template unless you know what you are doing
# the parent cache
cache_peer 127.0.0.1 parent 8118 7 no-query no-digest no-netdb-exchange default
# disk and memory cache settings
cache_dir ufs %CACHEDIR% %CACHESIZE% 16 256
maximum_object_size %MAXOBJECTSIZE%
# store coredumps in the first cache dir
coredump_dir %CACHEDIR%
# the hostname squid displays in error messages
visible_hostname %VISIBLEHOSTNAME%
# log & process ID file details
cache_access_log %ACCESSLOG%
cache_log %CACHELOG%
cache_store_log %STORELOG%
pid_filename %PIDFILE%
# Squid listening port
http_port %PORT%
# Access Control lists
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl manager proto cache_object
acl SSL_ports port 443
acl Safe_ports port 80                    # http
acl Safe_ports port 21                    # ftp
acl Safe_ports port 443                    # https
acl Safe_ports port 70                    # gopher
acl Safe_ports port 210                    # wais
acl Safe_ports port 1025-65535          # unregistered ports
acl Safe_ports port 280                    # http-mgmt
acl Safe_ports port 488                    # gss-http
acl Safe_ports port 591                    # filemaker
acl Safe_ports port 777                    # multiling http
acl CONNECT method CONNECT
%ALLOWEDHOSTS%
%DIRECTHOSTS%
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# protect web apps running on the proxy host from external users
http_access deny to_localhost
# rules for client access go here
http_access allow localhost
%HTTPACCESSALLOWED%
# after allowed hosts, deny all other access to this proxy
# don't list any other access settings below this point
http_access deny all
# specify which hosts have direct access (bypassing the parent proxy)
%ALWAYSDIRECT%
always_direct deny all
# hierarchy stop list (squid-recommended)
hierarchy_stoplist cgi-bin ?
# refresh patterns (squid-recommended)
refresh_pattern ^ftp:                    1440          20%          10080
refresh_pattern ^gopher:          1440          0%          1440
refresh_pattern -i (/cgi-bin/|\?) 0          0%          0
refresh_pattern .                    0          20%          4320

IPv4 multicast broken in EA6900-v1.1 ? (IGMP report suppression)

After upgrading from EA6900-v1.0 to v1.1 (both with same SW=1.1.42.161129),
we observed that IPv4 multicast starts to fail (group membership expires).
Does anybody know about the internal architecture in these Routers (e.g. any unmanaged internal switches)?
It works fine if everything is wired.
However if host1 is connected to wired and host2 is connected to 2.4G wireless,
we see that Bonjour multicast gets forwarded but PTP multicast only in one direction.
We believe this could be related to a IGMP feature called "IGMP Report Suppression", where a host not will send "IGMP Report" (aka Join mcast group), if it receives an "IGMP Report" for the same group "recently". In that case it believes a peer within same hub already has subscribed.
Our theory is that in this mixed wired/wireless setup the Router might not forward PTP multicast traffic between wired and wireless when nobody send Report "on the other side".
However in that case we don't understand why it still seems to forward "IGMP Report" to "the other side"...
Bonjour uses 224.0.0.251 (within "Local Network Control Block") and PTP uses 224.0.1.129 (outside that block).
Routers might have different forwarding rules for these two ranges, see below.
http://www.iana.org/assignments/multicast-addresses/multicast-addresses.xhtml
"Local Network Control Block (224.0.0.0 - 224.0.0.255 (224.0.0/24))"
http://www.ietf.org/proceedings/50/I-D/idmr-snoop-00.txt
"It is suggested that all multicast packets in the range 224.0.0.1 through 224.0.0.255 are forwarded on all ports."
/Mads

Internally AFAIK the WLAN and LAN ports are bridged and packets shouldn't be filtered. 2.4Ghz and 5Ghz are isolated from each other unfortuately on the EA6900. WAN to LAN\WLAN is different. I think in that case IGMP won't work because IGMP Proxy module would have to be installed.
Please remember to Kudo those that help you.
Linksys
Communities Technical Support

Packet-capture filters

Has anyone successfully used a source-port or destination-port filter in a packet-capture command on a waas? Anytime I try to filter on any port # I capture no packets. If I however remove the port # and run a packet-capture I capture packets and see the traffic my filter should have caught. I'm not sure if I'm looking at a bug since it seems straightforward.
packet-capture interface gigabitEthernet 0/0 source-port 1494 file-size 50000 capctx
Cisco Wide Area Application Services (universal-k9) Software Release 5.1.1d (build b7 Aug 19 2013)
Version: oe7571-5.1.1d.7
thank you,
Bill

Thank you Srinivasa. I tried the tcpdump, but get the same behavior. As soon as I remove the filter all the packets come pouring in. I've tried different ports such as 445, but with the same results, 0 packets.
pa-harr-0-7571a#tcpdump -i eth0 -s 3200 tcp port 1494 -w ctxcapnew.pcap
Note : The tcpdump and tethereal CLIs are planned to be deprecated in a future release. The use of 'packet-capture' CLI is recommended.
tcpdump: Setting virtual memory/file size limit to 524288000
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 3200 bytes
0 packets captured
12 packets received by filter
0 packets dropped by kernel
pa-harr-0-7571a#tcpdump -i eth0 -s 3200 -w ctxcapnew1.pcap
Note : The tcpdump and tethereal CLIs are planned to be deprecated in a future release. The use of 'packet-capture' CLI is recommended.
tcpdump: Setting virtual memory/file size limit to 524288000
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 3200 bytes
225215 packets captured
225222 packets received by filter
0 packets dropped by kernel
Update on this:
tethereal seems to be the only utility that works with a filter. The command below performed as expected, which is odd since it's advertised as working with 4.0 and earlier and I'm running 5.1.1d where I'm warned that tethereal and tcpdump are soon to be deprecated; hopefully not before the issue with packet-capture not working with filters is resolved.
tethereal -i eth0 -s 1600 -w dump.cap -R "tcp.port == 1494"

Advertising ipv4 routes via ipv6 bgp peers

Hello,
I have established IPV6 bgp sessions with ipv6 prefix-list filter. But ipv4 routes were advertised over this bgp session. Do I I need special configuration under address family or ipv4 prefix-list filters required ?
Note : the config was IBGP between 7200 routers and 6509 core switches.
Thank you all
Nael

Hi Nael,
This is because address-family ipv4 unicast gets activated by default when you configure a new neighbor in BGP. You either need to configure "no bgp default ipv4-unicast" or go under address-family ipv4 unicast and do a "no neighbor" for the ipv6 neighbor.
Hope this helps

Unregistered Multicast Filtering vs. NDP Protocol for IP V6 Ping SG300

Hi everybody,
we are running several switches of the SG 300 Series all with Firmware sx300_fw-14088.
We are having a setup that uses a lot of Multi Cast so we use the IGMP Feature of the Switch and enable unregistered multicast filtering.
However: if we enable unregistered multicast filtering, we cannot get a Ping V6 to work. We know, that the basis is the NDP protocol to resolve mac addresses to IP v6.
It seems as if the switch thinks that the multicast based NDP protocotol is unregistered multicast.
Any suggestions?
an example configuration configuration is attached to this mail:

There are strict rules to map L3 IPv6 Addresses and L3 IPv4 addresses to L2 Mac Addresses. At the end those Mac Addresses are Multicast addresses independent of their roots (IPv6 or IPv4). Of course you are able to keep them separate from each other (00-01-FF vs. 33-33-FF), but both have the I/G-Bit set to 1 and for a Switch those addresses are multicasts.
It might be that you are using the default Multicast properties: Forwarding Method for IPv6 and Forwarding Method for IPv4 equals MAC Group address. Therefore, the Switch should use the Multicast Mac addresses as an IGMP Snooping filter as well. The Multicast Mac Address which is used in ICMP Type 135 (Neighbor Solicitation) of course is not registered via IGMP and will get blocked. This is only a guess, but it should be worth the effort to Switch the forwarding method to IP Group address.
Cheers,
@gar

Linksys mac filtering

I've looked all around the net and can't find an answer to this question.
Presently, my home wireless network is two PCs running Win XP (SP1) using a Linksys router (Wireless G) with MAC filtering enabled. When I get my Macbook, I'd also like it to access the internet and home network wirelessly.
My question is, do Macbooks have MAC address that I can identify and enter into the MAC filter list? Or, how does it connect?
You can imagine that Googling "Macbooks with MAC address" gives quite a strange result...

Yes the MB will have a MAC address. Simply open the Network preferences (System Preferences), select the Built-in Ethernet port and click on the Configure button. In the dialog click on the Ethernet tab. You will see listed Ethernet ID: followed by the MAC address.
To configure the Airport card simply select the Airport port from the Show dropdown menu, click on the TCP/IP tab and set the Configure IPv4 dropdown menu to DHCP and click on the Apply button. Click on the Airport tab and put a checkmark in the box labeled "Show Airport status in menubar." Click on the Apply button. Use the Options button for additional configuration options for the Airport card.
Why reward points?(Quoted from Discussions Terms of Use.)
The reward system helps to increase community participation. When a community member gives you (or another member) a reward for providing helpful advice or a solution to their question, your accumulated points will increase your status level within the community.
Members may reward you with 5 points if they deem that your reply is helpful and 10 points if you post a solution to their issue. Likewise, when you mark a reply as Helpful or Solved in your own created topic, you will be awarding the respondent with the same point values.

Using NULL and NOT NULL in prompted filters

Dear all,
While trying to grap the concept of prompted filters in sap bo web intelligence, I had a question whether why we cannot use NULL and NOT NULL while creating a prompted filters in our report.

HI,
'Is Null' and 'Not Null' are the predefined functions in webi which only eliminate the null values or considering only null values.
'Is Null' and 'Not Null' are itself predefined functions that why you are not getting prompts.
Null values are standard across the databases so this is defined as a function in webi to specific eliminate the null values.
If something is not standard then there is option in the webi to use different operator with static values or with prompts.
More more information on Null see the Null wiki page.
Null (SQL) - Wikipedia, the free encyclopedia
Amit

Interactive report column filters to display differently than column values

Greetings...
We use images a lot in our interactive reports to provide a visual representation to a status, or something locked for update, or what-have-you. By default, when a user clicks the column heading of a column which contains images, the drop-down list that shows up displays the actual images, which is nice for the user to identify exactly which thing they want to filter on. The problem is when the user selects on of the options in the filtering drop-down, the resulting condition that is displayed under the interactive report search bar is the HTML code of the image. I'd like something else to display there because showing the user the HTML code is atrocious.
I didn't think what I want is possible, but then I came across the Page Locks page within ApEx (page 4000:291 in ApEx 4.0.1) which displays a list of all the pages of an application and whether they are locked or not. It also allows you to bulk lock or bulk unlock a bunch of pages. That page uses an interactive report with a column called "Status" which contains images that represent whether the page is locked or not. When you click the "Status" column heading to filter, instead of seeing the images of an open and closed lock, you see the words "Page Locked" and "Page Unlocked." And even better... when you select on of them, the condition that is displayed to the user is very user-friendly.
Can someone tell me how this is done so I can replicate it in my own apps?
Shane.

Why not create the IR using the text you require e.g. 'Lock', 'Unlock' and then use JQuery to replace the text in the report with the image you want. All the filters should then show the plain text and the report will display the image. e.g.
http://apex.oracle.com/pls/apex/f?p=46801:1
Here's what I did:
Firstly make sure the IR has a region template.
Then create a Dynamic Action with the following attributes:
1. Advanced
2. Event: After Refresh
3. Selection Type: Region
4. Region: [select the IR Region]
5. Action: Execute JS Code
6. Fire on page load: [checked]
7. Code:
$('td [headers="TEST"]').each(function(index) {
if ($(this).text() == 'Lock') {
$(this).empty().html('<img src="/i/htmldb/icons/locked_small.gif" alt="Lock" />');
else {
$(this).empty().html('<img src="/i/htmldb/icons/unlocked_small.gif" alt="Unlock" />');
});Where TEST is the column name.
That's it, this may also be of interest:
http://simonhunt.blogspot.com/2011/10/adjusting-interactive-report-column.html
I hope it helps
Shunt

View Criteria - how to show the VO filtered differently at a time

My requirement is something like this-
I have a detailsVO which is a join of say employee and department table
I need to show the VO in such a way that-
department1
detailsVO <filtered rows for department1)
department2
detailsVO <filtered rows for department2)
department3
detailsVO <filtered rows for department3)
Here each filtered VO is to be show in different UI table
How do I achieve this? Any suggestions? If I use a VOCriteria with :BindDepartment, how do I bind the same detailsVO to show the details?
Please advise.

How about using a tree table?
Or you may want to look at http://tompeez.wordpress.com/2011/12/29/jdeveloper-11-1-2-1-cascading-tables/ which uses two cascading tables.
Timo

SSRS 2008 R2 Report - Sum Totals of a Filtered Group

I'm at a loss here, so any help will me much appreciated. I will do my best to explain, but if you need additional information, please let me know:
I have a very large dataset of patient data. Specifically for the numbers I need, I have a patient number field, a county field, a 1 or 0 for LastYear field, and a 1 or 0 for CurrentYear field.
Example:
PtNo    County PY CY
45676 Scott     0    1
45322 Cape     1     0
47686  North     0     1
The thing I am shooting for on my report is, "Volume growth in 3 counties (+20 cases)."
I created a group and grouped by County (group name County) and I included a group filter to only include "total cases of CY" are greater than "total cases of PY" to narrow my data to only counties that had a higher current year sum
than previous year sum.
Example:
County PY    CY Difference
Scott    141 143     2
Cape     90    98      8
North    78     88    10
All is working well, except I don't need to see the Counties themselves, I just need the 3 counties and a difference of 20.
I explored online and found tutorials that said to right click on the field and select "Add Total" but this total did not have my filter in it and gave me everyone. I also tried adding a row outside the group and used the RunningValue function
(i.e. RunningValue(Fields!FYTD_Current_Year.Value, Sum, "County"))  but it gave me a message that states "The Value expression for the text box 'Textbox456' has a scope parameter that is not valid for an aggregate function. The scope
parameter must be set to a string constant that is equal to either the name of a containing data region or the name of a dataset."
When I move the row with the RunningValue function inside the group, it runs but I get the same information repeated twice for each county with no final total.
So I am not sure how to go about getting my values I need for my report. Anybody know how to resolve this?
Thanks,
Cyndi
cpemtp1

Hi Cyndi,
Based on my understanding, you specify a filter condition in group properties. Then you want to sum the filtered values for each field.
In this scenario, we need to specify a filter condition on group level. If we use sum() function out of group, the expression will calculate the total values on dataset level instead of group level. So we can’t simply use expression to achieve this goal.
However, we can use custom code to record the filtered values for each field, then we can calculate the total based on these values. Please refer to the steps and screenshots below:
1. Add the custom code below into the report:
Public Shared Value1 as Integer=0
Public Shared Function GetValue1(Item as Integer) as Integer
value1= value1 + Item
return Item
End Function
Public Shared Function GetTotal1()
return value1
End Function
Public Shared Value2 as Integer=0
Public Shared Function GetValue2(Item as Integer) as Integer
value2= value2 + Item
return Item
End Function
Public Shared Function GetTotal2()
return value2
End Function
2. Design the tablix like below:
3. The result looks like below:
If you have any question, please feel free to ask.
Best regards,
Qiuyun Yu

Filtering IPv4

Similar Messages

Maybe you are looking for