Firewall considerations ZfH Access point to MGT server
Hi there,
According to the TID10095278 the ZfH access point talks to the ZfH
Management server on port 2398. I presume the Access point does all the
initiating to the Management Server.
I know to can use HTTP encapsulation on port 80 but I've never got that to
work.
In the case where you want to locate an Access point on the public side of
a firewall and the Management Server on the private side. I presume an
inbond rule of 2398 needs to be allowed using TCP.
In the paragraph in the TID "In some cases the ZfH will send a UDP packet
to the Access Points over port 2398, but this is to optimize some things,
and will work correctly if this packet isn't delivered correctly." I'm
presuming this means from the handheld to the access point.
Does anyone have any thoughts on this?
Thanks,
Fred.
Fred,
It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
- Check all of the other support tools and options available at http://support.novell.com in both the "free product support" and "paid product support" drop down boxes.
- You could also try posting your message again. Make sure it is posted in the correct newsgroup. (http://support.novell.com/forums)
If this is a reply to a duplicate posting, please ignore and accept our apologies and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/
Similar Messages
-
IOS Access Point Bombards TACACS+ Server with Requests
Problem: When using the web GUI to manage an IOS access point such as the AP350, AP1100, or AP1200, and when using TACACS+ to authenticate the HTTP accesses, the access point will send numerous authentication requests to the TACACS+ server for each web page accessed.
Workaround given by cisco was to use single-connection tacacs server.
My question:
How to implement this command? Is it as below
"tacacs-server host x.x.x.x single-connection port 49 key test".
I've tried using this command but still getting numerous authentication request.
Any help?
regards,
GaneshWe experienced similar problems. We were instructed to use local authentication at the current time. Something about HTTP requiring authentication for each part of the page that accesses data. The configuration line is:
ip http authentication local
The single connection did not help. We were also advised that if we required ACS HTTP authentication to use RADIUS because it scaled better than TACACS and would not be as impacted as TACACS. If neither of these are an option, another workaround is to, disable logging "passed authentications". We tested this and it prevented our ACS server from pegging the cpu, memory and I/O write queues. We opted for local authentication because the lack of "passed authentication" logs impacted our troubleshooting.
Good Luck
Gerry -
is there a way to use the access point as a dhcp server?
No The AP is a layer 2 bridge innetwork terms, (not to be confused with the WLAN bridge products.) Think of it as a hub with one ethernet ports and allow mutilple wireless devices
You will need to have a DHCP server on the ethernet side to provide DHCP to your wireless clients -
Cisco 1242AG Access Point proper configuration
Hello everyone,
Here is the situation:
Recently we decide to create a small WLAN in our business.We choose the Cisco AIR-AP1242AG-E-K9 with 2x2.4GHz 2.2dbi Swivel Dipole Antenna.
For better managability a new routable VLAN (ID:20) added to our Router with IP 192.168.55.1 and SNET 255.255.255.0
Next, I made the followings configurations in the autonomous AP through WEB Console:
Static IP:192.20.10.35, SNET:255.255.254.0, GWY:192.20.10.200
VLAN1 (Native) and VLAN20 (Radio0-802.11g) added into Services.
I set the Encryption Mode to None for VLAN1 and Cipher AES CCMP for VLAN20
Into Server Manager I defined a new RADIUS server 192.20.10.35 (AP IP) and a shared secret and left the default ports for Authentication and Accounting (1645 and 1646). Also, in Default Server Priorities section I set as Priotity 1 both for EAP and MAC authentication the Access Point IP (Radius Server) 192.20.10.35.
In Local RADIUS Server General Set-Up, I add as current network access server (AAA client) the same IP and shared secret like the ones I use during RADIUS server configuration above. Into Enable Authentication Protocols I left checked only the LEAP and MAC. Also, into Individual Users section 2 new users created with text passwords.
Into SSID Manager a new hidden SSID created for interface Radio0-802.11g, associated with VLAN20 and into Client Authentication Settings section I left as accepted Method Open Authentication with MAC authentication and EAP. Also, I left the Use Defaults option both for EAP and MAC Authentication Servers in Server Priorities Section and finally into Client Authenticated Key Management section I choose Mandatory for Key Management and checked the Enable WPA option.
I can ping both the AP and VLAN20 IPs from any PC which is a member of the native VLAN
As wireless clients I use 2 Motorola MC5574 with Windows Mobile 6.1 professional. Both of them have a Jedi WLAN adapter configured with the followings:
IPs:192.168.55.10 and 192.168.55.11
SNET:255.255.255.0
GWY:192.168.55.1
Also, a unique profile has been created on each one of them to be used for AP association-authentication. Each profile has been configured for WPA2 Enterprise with AES and LEAP and the predefined user credentials (those defined into AP for Individual Users)
The problem:
Clients association with AP is always succesful but, Authentication fails and I can't ping from the clients AP IP, VLAN20 IP, neither each other.
What am I missing here? I'm sure that it is somenthing quite simple but although I tried several different setups (i.e. WPA2-PSK, WPA-PSK even with TKIP) I always end up without a proper solution for ping inability.
Thank you in advance for any helpHello Madhuri,
below is the latest run config output from the access point
Building configuration...
Current configuration : 3743 bytes
! Last configuration change at 03:56:04 +0200 Sun Nov 28 2010 by Cisco
! NVRAM config last updated at 03:58:07 +0200 Sun Nov 28 2010 by Cisco
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname RCT_THP_AP1
enable secret 5 $1$26u0$emaUzNvvihCCZeKeooQ8M0
aaa new-model
aaa group server radius rad_eap
server 192.20.10.35 auth-port 1645 acct-port 1646
aaa group server radius rad_mac
server 192.20.10.35 auth-port 1645 acct-port 1646
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
clock timezone +0200 2
ip name-server 192.20.11.2
dot11 ssid RCTHP
vlan 20
authentication open mac-address mac_methods eap eap_methods
authentication key-management wpa
power inline negotiation prestandard source
username Cisco password 7 00271A150754
username 00236867a192 password 7 101E594B56414A5D5B057B7276
username 00236867a192 autocommand exit
username 00236867a19b password 7 091C1E5B4A534F445C0D557329
username 00236867a19b autocommand exit
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 20 mode ciphers aes-ccm
ssid RCTHP
channel 2462
station-role root
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
bridge-group 20 subscriber-loop-control
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
bridge-group 20 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
no dfs band block
channel dfs
station-role root
interface Dot11Radio1.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface FastEthernet0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 20
no bridge-group 20 source-learning
bridge-group 20 spanning-disabled
interface BVI1
ip address 192.20.10.35 255.255.254.0
no ip route-cache
ip default-gateway 192.20.10.200
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
snmp-server view dot11view ieee802dot11 included
snmp-server community public view dot11view RO
snmp-server contact IS
radius-server local
no authentication eapfast
nas 192.20.10.35 key 7 03130807055F2C1F
user motomob1 nthash 7 15315B29557B0D767E111074455E332022000F0D0A725C223B300C7A0E760A0371
user motomob2 nthash 7 075E716D6C2F49514636532A5C0B0A067C1567003224335553047F0C710058263E
radius-server attribute 32 include-in-access-req format %h
radius-server host 192.20.10.35 auth-port 1645 acct-port 1646 key 7 120E561B115B0157
radius-server vsa send accounting
bridge 1 route ip
line con 0
line vty 0 4
sntp server 192.20.10.2
sntp broadcast client
end
Regards
Vasilis -
I need helping configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.
I have attempted to configure rdp access but it does not seem to be working for me Could I please ask someone to help me modify my current configuration to allow this? Please do step by step as I could use all the help I could get.
I need to allow the following IP addresses to have RDP access to my server:
66.237.238.193-66.237.238.222
69.195.249.177-69.195.249.190
69.65.80.240-69.65.80.249
My external WAN server info is - 99.89.69.333
The internal IP address of my server is - 192.168.6.2
The other server shows up as 99.89.69.334 but is working fine.
I already added one server for Static route and RDP but when I try to put in same commands it doesnt allow me to for this new one. Please take a look at my configuration file and give me the commands i need in order to put this through. Also please tell me if there are any bad/conflicting entries.
THE FOLLOWING IS MY CONFIGURATION FILE
Also I have modified IP information so that its not the ACTUAL ip info for my server/network etc... lol for security reasons of course
Also the bolded lines are the modifications I made but that arent working.
ASA Version 7.2(4)
hostname ciscoasa
domain-name default.domain.invalid
enable password DowJbZ7jrm5Nkm5B encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Vlan1
nameif inside
security-level 100
ip address 192.168.6.254 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 99.89.69.233 255.255.255.248
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
object-group network EMRMC
network-object 10.1.2.0 255.255.255.0
network-object 192.168.10.0 255.255.255.0
network-object 192.168.11.0 255.255.255.0
network-object 172.16.0.0 255.255.0.0
network-object 192.168.9.0 255.255.255.0
object-group service RDP tcp
description RDP
port-object eq 3389
object-group service GMED tcp
description GMED
port-object eq 3390
object-group service MarsAccess tcp
description MarsAccess
port-object range pcanywhere-data 5632
object-group service MarsFTP tcp
description MarsFTP
port-object range ftp-data ftp
object-group service MarsSupportAppls tcp
description MarsSupportAppls
port-object eq 1972
object-group service MarsUpdatePort tcp
description MarsUpdatePort
port-object eq 7835
object-group service NM1503 tcp
description NM1503
port-object eq 1503
object-group service NM1720 tcp
description NM1720
port-object eq h323
object-group service NM1731 tcp
description NM1731
port-object eq 1731
object-group service NM389 tcp
description NM389
port-object eq ldap
object-group service NM522 tcp
description NM522
port-object eq 522
object-group service SSL tcp
description SSL
port-object eq https
object-group service rdp tcp
port-object eq 3389
access-list outside_1_cryptomap extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 192.168.0.0 255.255.0.0
access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-data
access-list outside_access_in extended permit udp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-status
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group RDP
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ftp
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ldap
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq h323
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq telnet
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq www
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group SSL
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM522
access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM1731
access-list outside_access_in extended permit tcp 173.197.144.48 255.255.255.248 host 99.89.69.334 object-group RDP
access-list outside_access_in extended permit tcp any interface outside eq 3389
access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333
access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333 object-group rdp
access-list outside_access_in extended permit tcp any host 99.89.69.333 object-group rdp
access-list out_in extended permit tcp any host 192.168.6.2 eq 3389
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp 99.89.69.334 3389 192.168.6.1 3389 netmask 255.255.255.255
static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 99.89.69.338 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 192.168.6.0 255.255.255.0 inside
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer 68.156.148.5
crypto map outside_map 1 set transform-set ESP-3DES-MD5
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 1
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
tunnel-group 68.156.148.5 type ipsec-l2l
tunnel-group 68.156.148.5 ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
prompt hostname context
Cryptochecksum:f47dfb2cf91833f0366ff572eafefb1d
: end
ciscoasa(config-network)#Unclear what did not work. In your original post you include said some commands were added but don't work:
static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
and later you state you add another command that gets an error:
static (inside,outside) tcp 99.89.69.333 3389 192.168.6.2 3389 netmask 255.255.255.255
You also stated that 99.89.69.333 (actually 99.89.69.233, guessing from the rest of your config and other posts) is your WAN IP address.
The first static statement matches Cisco's documentation, which states that a static statement must use the 'interface' directive when you are trying to do static PAT utilizing the IP address of the interface. Since 99.89.69.333 is the assigned IP address of your WAN interface, that may explain why the second statement fails.
Any reason why you are using static PAT (including the port number 3389) instead of just skipping that directive? Static PAT usually makes sense when you need to change the TCP port number. In your example, you are not changing the TCP port 3389. -
Can an iMac serve as a wireless access point server?
I have a current iMac with standard built in wireless capability but I'm on the net with wires (RJ45 twisted pair ethernet CAT5 cables). Can my iMac serve as a wireless access point for a new device in the house (Nintendo Wii)? Is there a setting I can turn on, or software that can be downloaded to have the iMac act as a server instead of just a client on a wireless network? I know that it's best to have dedicated hardware do this, but I'm looking for a software solution to use while I decide what to buy.
Currently I have a DSL connection and a star style home network. The DSL modem has an ethernet cable to a hub, and our 2 macs connect with wires to the hub. (I have an older DSL modem that has no wireless capability, I know that upgrading the DSL connection involves a new modem that includes wireless, but the phone company makes no guarantees about supporting Macs, so I have to do some research first.)
-KenIf your iMac connects to internet from ethernet cable, you can use airport to share the connection wirelessly by creating a network from airport, then go to system preference > sharing > internet and enable internet sharing. But if you already have a wireless router, Mac should be compatible, there is nothing inherently different between iMac's airport and PC's wireless card.
For Wii, I have no experience myself but there are plenty of posts on this forum, like this one: http://discussions.apple.com/thread.jspa?messageID=4528652�
(linked to http://www.virtualmatt.com/?p=7) -
Access Point not visible in UMS server for Application using UMS adapter
Email Driver Properties for email is configured in UMS and works fine which means its able to poll for any incoming Email from the Configured Account.
Now i am builiding a soa Composite application and and using UMS adapter to receive that incoming mail and process it further.
I have succesfully deployed that application in my soa server but it doesn't show any access point for that application.
I have followed oracle Documentation (section 11.2.3.3)
http://docs.oracle.com/cd/E28280_01/integration.1111/e10231/ums_adapter.htm
how to get that Access point configured for application ?
Please Help.
Thanks in Advance
DivyanshuThanks for the reply.
I had readded the access points after phone reset, so they are available under internet destination but none of the apps are able to see them.
I also saw 3-4 processes listed under panic tab in KillMe application, not sure if being inside panic tab means that the processes crashed, i hope it's not a hardware related problem. -
a tech company just set up a wifi network in my house and does not use my existing TC; how do I get it in the network to serve as backup for my iMac? (I don't need it as a wifi access point anymore) thanks
Just bridge the TC and plug it by ethernet into the main router.
Bridge in v5 airport utility.
In v6 it is under network.. change it from DHCP and NAT to Off bridge mode.
Turn off the wireless. -
Unable to get ip address from DHCP server for Aironet 1130AG Access Point
I have a network in which DHCP server is enabled. I have read the installation guide also there it is mentioned that 1130G Access point will not have any staic ip assigned to it.So it will automatically get the ip from the DHCP server from the network. I have connected that from the network but it is unable to get the ip address from the same. The same thing i have configured in the netgear it is coming fine. I have seen the sonic wall and used the IPSU tool also from checking the ip address from Mac Address but i am not able to get the same. Please provide me some tips to check where i am wrong in configuration because the first web page also not coming because of the ip address.
narendra,
I would suggest that the AP be connected to a laptop or desktop pc that would run a local dhcp server with a small scope setup...plenty of free ones on the web(this pc would obviously not be connected to your currnet network). This way you can watch the dhcp server hand the AP it's address (this can take a few minutes). Once you have the address use it to access the GUI and give the AP a static address (I find it good pratice to give all my autonomous AP's static addresses for ease of troubleshooting)...Hope that helps. -
Radius local server and wireless access points
Hello to all,
I would like to ask a question related to radius server. I have a Allied telesis core switch and i configure the radius server locally, also i configure the port1.0.7 for dot1x and i am using dynamic vlan. If i connect my laptop to port 1.0.7 i can get the correct ip from the dhcp server. If i connect an access point to the same port , how i should configure the dot1x ? for multiple hosts? I know i am using allied telessis but the config is very similar to the cisco: take a look:
(Radius and nas config)
radius-server host 127.0.0.1 key awplus-local-radius-server
aaa authentication dot1x default group radius
aaa authentication auth-web default group radius
crypto pki trustpoint local
crypto pki enroll local
radius-server local
server enable
nas 127.0.0.1 key awplus-local-radius-server
group Andrew
attribute NAS-Identifier andrew
attribute Tunnel-Medium-Type IEEE-802
attribute Tunnel-Private-Group-Id 10
attribute Tunnel-Type VLAN
user andrew encrypted password wh8q0J2oYSn0y4cynksNCqfbaUtRGv/E6JaJrW+s3Zs= group Andrew
(port config)
interface port1.0.7
switchport
switchport mode access
auth-web enable
dot1x port-control auto
auth host-mode multi-supplicant
auth dynamic-vlan-creation
I tried with auth-web and without but no luck. If someone have a sample config how to configure the dot1x to be able to use access point please paste it.
Thanks
AndrewI'm not sure if the Autonomous APs have the option for AAA Override. On the WLC, I can go into the BSSID, Security, Advanced, and there's a checkbox that I would check to allow a Radius server to send back the VLAN.
I did a little research and it looks like the 1300 may give this option but instead is defined as "VLAN Override". I've found the release notes for 12.3(7)JA5 (not sure what version you're running) that give mention and a link to configuring EAP on page 4: http://www.ciscosystems.ch/en/US/docs/wireless/access_point/1300/release/notes/o37ja5rn.pdf
Hope this helps -
Scale out file server client access point using public nic
Thoughts on this one.
I have a Scale Out File Server cluster with a Client Access Point. Whenever i talk to the Client Access Point it uses the public nics.
If i talk to the Scale Out File Server directly it uses the private like i want it to. How can i get the Client Access Point using the private nics?Hi JustusIV,
Could you tell us why you want to modify the CAP use the “private” network, the CAP is used for client access, your clients may can’t access your cluster if modify your CAP
use private network, if you want know how to modify the CAP of a cluster you can refer the following KB:
Modify Network Settings for a Failover Cluster
http://technet.microsoft.com/en-us/library/cc725775.aspx
More information:
Understanding Access Points (Names and IP Addresses) in a Failover Cluster
http://technet.microsoft.com/en-us/library/cc732536.aspx
Windows Server 2008 Failover Clusters: Networking (Part 4)
http://blogs.technet.com/b/askcore/archive/2010/04/15/windows-server-2008-failover-clusters-networking-part-4.aspx
Hope this helps.
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Hello...
I need a little help configuring this Airport Extreme as a Wireless Access point, serving a bunch of iPads via the schools LAN connection for which traffic is routed through a Web Proxy Server. I've been told to set it up as a bridge as the PC LAN and Proxy are providing NAT but can't seem to crack it.
The WiFi side of things is up and running, we can all see and connect to the AP.
I'm told that it was working fine before the school break in the summer, then something was changed and the position of the AP altered.
The Web Proxy Server is normally accesses from the PC's via the following address... IP > 10.12.14.122 // PORT > 3128
I'm not certain where the Proxy settings need to go in the new 'simple' Airport Utility, can't see a place for Port at all?!?
(I've taken the AP home, tried it on my home network and it works fine, so we know its all OK and its down to config).
Here are some screen images of the settings as they are, that do not work.
(I was trying a few different settings hence the screens like Static/DHCP etc.)
Any help is greatly appreciated.Hi Daniel,
>>Now when I go on a client site my internet access on the host laptop is via a web proxy on a LAN connection.
"LAN connection" means physical NIC (Realtek PCIe GBE Family Controller) ?
" web proxy " means adding a proxy server IP in IE ?
Bounding the NIC (Realtek PCIe ) to external virtual switch then connect all VMs to that external virtual switch ,still can not access ?
Best Regards
Elton Ji
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Syslog server for access points
Hello,
On the controller, when you look at an access points config. There is the syslog server for the access point with the default ip address of 255.255.255.255. I was wondering if there was any way to disable the syslog server for the access points. The only thing I've found so far is that the ip address of the syslog server can be changed.
Thanks,i am not sure if "no" command works.
but on 5.2 ver
config logging trap disable global
disbale/ enable is the key to set the ip address for syslog server -
Dynamic VLAN Assignment with RADIUS Server and Aironet Access Points
Hi Guys,
I would like to go for "Dynamic VLAN Assignment with RADIUS Server and Aironet Access Points 1300". I want the AP to broadcast only 1 SSID. The client find the SSID ->put in his user credential->Raudius athentication->assign him to an specific vlan based on his groupship.
The problem here is that I don't have a AP controller but only configurable Aironet Access Points 1300. I can connect to the radius server, but I am not sure how to confirgure the AP's port, radio port, vlan and SSID.
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml#switch
I go through some references:
3.5 RADIUS-Based VLAN Access Control
As discussed earlier, each SSID is mapped to a default VLAN-ID on the wired side. The IT administrator may wish to impose back end (such as RADIUS)-based VLAN access control using 802.1X or MAC address authentication mechanisms. For example, if the WLAN is set up such that all VLANs use 802.1X and similar encryption mechanisms for WLAN user access, then a user can "hop" from one VLAN to another by simply changing the SSID and successfully authenticating to the access point (using 802.1X). This may not be preferred if the WLAN user is confined to a particular VLAN.
There are two different ways to implement RADIUS-based VLAN access control features:
1. RADIUS-based SSID access control: Upon successful 802.1X or MAC address authentication, the RADIUS server passes back the allowed SSID list for the WLAN user to the access point or bridge. If the user used an SSID on the allowed SSID list, then the user is allowed to associate to the WLAN. Otherwise, the user is disassociated from the access point or bridge.
2. RADIUS-based VLAN assignment: Upon successful 802.1X or MAC address authentication, the RADIUS server assigns the user to a predetermined VLAN-ID on the wired side. The SSID used for WLAN access doesn't matter because the user is always assigned to this predetermined VLAN-ID.
extract from: Wireless Virtual LAN Deployment Guide
http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00801444a1.html
==============================================================
Dynamic VLAN Assignment with RADIUS Server and Wireless LAN Controller Configuration Example
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml#switch
==============================================================
Controller: Wireless Domain Services Configuration
http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801c951f.shtml
Any help on this issue is appreicated.
Thanks.I'm not sure if the Autonomous APs have the option for AAA Override. On the WLC, I can go into the BSSID, Security, Advanced, and there's a checkbox that I would check to allow a Radius server to send back the VLAN.
I did a little research and it looks like the 1300 may give this option but instead is defined as "VLAN Override". I've found the release notes for 12.3(7)JA5 (not sure what version you're running) that give mention and a link to configuring EAP on page 4: http://www.ciscosystems.ch/en/US/docs/wireless/access_point/1300/release/notes/o37ja5rn.pdf
Hope this helps -
Packet Data Access Point Names vs real data server...
I am trying to activate an application that requires GPRS.
I currently can get EGPRS and assume that will do the same but faster. But I have a question that may not pertain to this but as I am new at this I will ask it here. From reading I see that the settings of packet data appear to have more to do with setting up phone as a modem to use. So I don't know truly if this has any bearing on my problem with the software registering to complete the setup of it.
However my web access which is unlimited month to month internet access which allows me to go anywhere on web (not a walled garden) also uses this GPRS or EDGE version of GPRS. I am in the USA with T-Mobile. Phone is set to use GSM. The screen where it concerns connectivity says that I have Access Points which were configured by T-Mobile sms file they sent me twice. I actually have 5 names under Access Points.
1)MMS = wap.voicestream.com
2)T-Mo WEB = Internet.voicestream2.com with small i in settings
3)T-Mo WEB(01) - this from 2nd sms copy same
4)T-Mobile Internet = Internet.voicestream2.com with small i in settings too.
5)t-zones this is their wall garden = wap.voicestream.com
ok since I can browse the web anywhere and download the application I don't know why I cannot register it. But it states it needs an internet connection before activation through authentication, or basically registering it to use.
So I am trying to do this after verifying that I have an internet connection with the too connection arrows symbols on phone screen showing internet connectivity with E over them currently by starting a browser first as the application doesn't seem to do this for me when trying to activate it.
E
--> where the lines are solid. Ok here is my issue here.
The arrows are not coming up correctly in this forum anyway I get what shows I have EGPRS connectivity, I don't know if the application is sensitive to using GPRS only but will find out. I doubt it. The GPRS would show the arrows with an antennae above. I am talking about the indicators from what the pdf and book say.
Below Access Points on the menu in settings for connection is Packet data.
Packet data has to variables
1) when needed , or when available
2) Access point
Access point is blank. Should I enter one of T-Mobiles names in the list above this under Access Points such as
T-Mobile Internet or should I put the server name in specifically internet2.voicestream.com?
I set the Data Call setting to Unlimited to make sure if its using this process it doesn't turn off after the 5 minute default on the next setting.
Any ideas why this gprs app is not activating itself and making the gprs internet connection with the pin I was provided? I had to use the pin just to download it and install it.that will work. You only need to change if you need to have always on (highly unlikley) or if you are using modem dial up and need to specify access point for that.
If you using Nokia One Touch access then you don't even need to define access point in this menu as that application will take care of it for you.
All other network aware applications will use access point settings as defined in settings menu.
Maybe you are looking for
-
How do i fix this issue: iTunes was unaable to load data class information from Sync Services. Reconnect or try again later.
-
Issues with Web reporting..
hi all, we are currently facing a requirement of the client which requires that the printing of the report should automatically be either that of a portrait or a landscape without any user intervention. is this possible??? and is it also possible to
-
Message "No Dynpro found" after generating a Dynpro by "GENERATE DYNPRO"
Hello together, after I generate a dynpro in my report by using the GENERTATE DYNPRO-Command; i want to call this dynpro with call subscreen sub including sub-repid sub-dynnr. but SAP shows the message "DYNPRO_NOT_FOUND" although the SY-SUBRC is 0 af
-
Hi Forum I'm trying to create a standby database, but rman was returning this error: Recovery Manager: Release 10.2.0.3.0 - Production on Sun Sep 9 14:57:57 2007 Copyright (c) 1982, 2005, Oracle. All rights reserved. connected to target database: ARS
-
Hi all, i've tried to create a JTree with a single-tree-selection-model, but the point that only one node is expanded doesn't work: (it's from the tutorial example about jTrees) //Create a tree that allows one selection at a time. final JTree tree =