Guest access to internet

Ok, as it was suggested, I am asking here. :)
Is there a way to prevent users which connect his personal laptops to workplace network, to have no access to internet.
Something like they don't get right DNS, but only domain clients can.
I use DHCP for IPs and clients gets servers IP 192.168.0.1 for DNS and on server DNS i have setup internets DNS.
Point is to prevent users to connect their home laptops to our network and use torrent to download things and using FB.
server is windows 2008 r2, ad clients are windows 7
I never left an open problem....I search, dig and ask, until it's solved....

Hi Blisk1,
Based on your description, the goal is to prevent users to connect their home laptops to your network.
You could try to deploy NAP enforcement for DHCP. Using DHCP enforcement, DHCP servers and NPS can enforce health policy when a computer attempts to lease or renew an IPv4
address. NAP can enforce health policies by inspecting and assessing the health of client computers, restricting network access when client computers are noncompliant with health policy, and remediating noncompliant client computers for unlimited network access.
When create NAP policies with a Wizard in NPS server, to grant or deny access to groups of computers, you could add specific groups to Machine Groups, such as, domain computers.
Checklist: Configure NAP Enforcement for DHCP
http://technet.microsoft.com/en-us/library/cc772356(v=WS.10).aspx
Best Regards,
Tina
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

Similar Messages

Guest access to Internet using ACS (TACACS+ mode)

Hi,
I have ACS 1121 configured in TACACS+ mode. I need guest wired users to go only to internet. I don't have any proxy server or any radius server currently. How can i achieve this?

Hi Blisk1,
Based on your description, the goal is to prevent users to connect their home laptops to your network.
You could try to deploy NAP enforcement for DHCP. Using DHCP enforcement, DHCP servers and NPS can enforce health policy when a computer attempts to lease or renew an IPv4
address. NAP can enforce health policies by inspecting and assessing the health of client computers, restricting network access when client computers are noncompliant with health policy, and remediating noncompliant client computers for unlimited network access.
When create NAP policies with a Wizard in NPS server, to grant or deny access to groups of computers, you could add specific groups to Machine Groups, such as, domain computers.
Checklist: Configure NAP Enforcement for DHCP
http://technet.microsoft.com/en-us/library/cc772356(v=WS.10).aspx
Best Regards,
Tina
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

Guest Access to Internet NOT Working

We have the E3000 Router and the guest internet access DOES NOT work. We occasionally repair other people's PC's and I seriously do not want to allow access to our home network. Can anyone PLEASE give me some fixes to this problem. Recently, we are trying to access through guest, on a Win 7 Dell Notebook. It takes the passcode but no internet connection. Any help would be appreciated. Thank you

What IP address do you get on that wireless computer?
Check the IP address on that computer and make sure that there is no static IP address. You will get IP address like 192.168.33.xxx.
Make sure that your router is running on the latest firmware.

1801W wireless (guest access) config issues

Trying to setup wireless on 1801w ISR. Wired access to Internet and LAN works fine (Vlan1); however, wireless (Vlan2) does not.
Trying to setup wireless "guest" access with Internet access only (no access to LAN).
Wireless will not come up. Dot11Radios show "reset/down".
Below is the wireless config and a couple of troubleshooting commands as well:
dot11 ssid open
   vlan 2
   authentication open
====================================================
!(Sets up DHCP and excluded addresses.)
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 172.16.25.1 172.16.25.99
ip dhcp excluded-address 172.16.25.116 172.16.25.255
ip dhcp pool open
   import all
   network 172.16.25.0 255.255.255.0
   default-router 172.16.25.1
   dns-server 4.2.2.1 4.2.2.1
   lease 3
====================================================
(Turned on integrated routing and bridging.)
bridge irb
====================================================
(Wireless radio interface config.)
interface Dot11Radio0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
ip route-cache flow
encryption vlan 2 mode wep optional
!---(SSID is given as "open")
ssid open
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
station-role root
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Vlan1
description LAN
ip address 192.168.0.100 255.255.255.0
ip nat inside
ip virtual-reassembly
interface Vlan2
description Wireless VLAN
no ip address
bridge-group 1
bridge-group 1 spanning-disabled
interface BVI1
ip address 172.16.25.1 255.255.255.0
ip nat inside
ip virtual-reassembly
bridge 1 protocol ieee
bridge 1 route ip
====================================================
Verifying...
RTR#sho dot11 associations
802.11 Client Stations on Dot11Radio1:
802.11 Client Stations on Dot11Radio0:
SSID [open] : DISABLED, not associated with a configured VLAN
====================================================
RTR#sho ip int brief
Dot11Radio0                unassigned      YES NVRAM reset                 down
Dot11Radio0.1             unassigned      YES unset reset                 down
Dot11Radio1                unassigned      YES NVRAM reset                 down

Your ssid is configured in vlan 2.
But you forgot to configure dot11radio0.2 with under it "encapsulation dot1q 2".
That should allow the radio to broadcast ssid
Nicolas
===
Don't forget to rate answers that you find useful

Guest access to the Internet with Guest Anchor Controller

Hi;
We are doing our initial implementation of an enterprise wireless system. I deployed a WLC 5508 connected to our data center core switch using LAG. The 5508 is configured in FlexConnect mode since it is serving APs deployed to a handful of remote offices. Employee wireless access has been rolled out and is working well.
I am designing guest access. As is typical, I want to enforce a policy that guest wireless traffic is forwarded to the Internet Edge in our DMZ and directed out to the Internet. We do not plan to deploy a Guest Anchor controller in the first phase of the roll out.
What is the best way to enforce forwarding of guest traffic towards the Internet Edge once the guest traffic arrives at the 5508? A guest VLAN between the core switch and the Internet Edge isn't feasible since there is a firewall between the core and DMZ that is configured in Routed mode.
Thanks for the assistance! Glenn Morrison

you'd have to do a VLAN between the core and the firewall for the guest traffic until you get the anchor installed.
HTH,
Steve

WLC Guest Access Internet Routing

Not sure if this the right forum, but i'm wondering if anyone can explain this.
I have a trunk from the wlc to my router with one switch in between.
wlc---trunk----3560---trunk---2821
The interface on the wlc and the 2821 both have an ip address and can ping each other. When a wireless client connects to the guest network they cannot access the internet unless the 3560 switch has an ip address set on the vlan that is trunked from the wlc to the router
wlc(vlan 825 - 10.7.200.2)----trunk-----3560(vlan 825 - 10.7.200.3)-----trunk-----2821(vlan825 - 10.7.200.1)
The gateway for the clients is 10.7.200.1 which is the router. If i take the ip address off of the vlan interface on the 3560 the trunk is still there, but the clients on the guest network cannot get through. The gateway on the interface on the wlc is also set to 10.7.200.1
Any ideas why I need that ip address on the 3560?
Dan.

Hi Dan,
you may send the switch "show tech" and the WLC "show run-config" taken with the problematic config for a quick look.
Regards,
Federico

My wireless internet was blocked by CISCO guest access

My internet service was from AT&T and now it was changed to Timer Warner. But one problem appears every 1 or 2 months. After I click SAFARI, the menu shows:
CISCO GUEST ACCESS
Enter the guest access password to access the internet. Ask the owner if you
don't know the password. The Guest access password can be found using CISCO
connection.
My internet has no relationship with CISCO at all, why it appears? Usually it will last for several days then it will disappear. During the several days, I cannot use this Mac to access internet!
Does anyone know how to solve the problem? Thanks a lot.

Check the Wi-Fi menu to make sure you're connected to your own network, not someone else's. If you are, see below.
1. This procedure is a diagnostic test. It changes nothing, for better or worse, and therefore will not, in itself, solve the problem. But with the aid of the test results, the solution may take a few minutes, instead of hours or days.
Don't be put off by the complexity of these instructions. The process is much less complicated than the description. You do harder tasks with the computer all the time.
2. If you don't already have a current backup, back up all data before doing anything else. The backup is necessary on general principle, not because of anything in the test procedure. Backup is always a must, and when you're having any kind of trouble with the computer, you may be at higher than usual risk of losing data, whether you follow these instructions or not.
There are ways to back up a computer that isn't fully functional. Ask if you need guidance.
3. Below are instructions to run a UNIX shell script, a type of program. As I wrote above, it changes nothing. It doesn't send or receive any data on the network. All it does is to generate a human-readable report on the state of the computer. That report goes nowhere unless you choose to share it. If you prefer, you can act on it yourself without disclosing the contents to me or anyone else.
You should be wondering whether you can believe me, and whether it's safe to run a program at the behest of a stranger. In general, no, it's not safe and I don't encourage it.
In this case, however, there are a couple of ways for you to decide whether the program is safe without having to trust me. First, you can read it. Unlike an application that you download and click to run, it's transparent, so anyone with the necessary skill can verify what it does.
You may not be able to understand the script yourself. But variations of it have been posted on this website thousands of times over a period of years. The site is hosted by Apple, which does not allow it to be used to distribute harmful software. Any one of the millions of registered users could have read the script and raised the alarm if it was harmful. Then I would not be here now and you would not be reading this message. See, for example, this discussion.
Nevertheless, if you can't satisfy yourself that these instructions are safe, don't follow them. Ask for other options.
4. Here's a summary of what you need to do, if you choose to proceed:
☞ Copy a line of text in this window to the Clipboard.
☞ Paste into the window of another application.
☞ Wait for the test to run. It usually takes a few minutes.
☞ Paste the results, which will have been copied automatically, back into a reply on this page.
The sequence is: copy, paste, wait, paste again. You don't need to copy a second time. Details follow.
5. Try to test under conditions that reproduce the problem, as far as possible. For example, if the computer is sometimes, but not always, slow, run the test during a slowdown.
You may have started up in "safe" mode. If the system is now in safe mode and works well enough in normal mode to run the test, restart as usual. If you can only test in safe mode, do that.
6. If you have more than one user, and the one affected by the problem is not an administrator, then please run the test twice: once while logged in as the affected user, and once as an administrator. The results may be different. The user that is created automatically on a new computer when you start it for the first time is an administrator. If you can't log in as an administrator, test as the affected user. Most personal Macs have only one user, and in that case this section doesn’t apply. Don't log in as root.
7. The script is a single long line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, though you may not see all of it in the browser window, and you can then copy it. If you try to select the line by dragging across the part you can see, you won't get all of it.
Triple-click anywhere in the line of text below on this page to select it:
PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/libexec;clear;cd;p=(1222 ' 0.5 0.25 10 1000 15 5120 1000 25000 1 1 0 100 ' 51 25600 4 10 25 5120 102400 1000 25 1000 80 40 500 300 85 25 20480 262144 20 2000 524288 );k=({Soft,Hard}ware Memory Diagnostics Power FireWire Thunderbolt USB Bluetooth SerialATA Extensions Applications Frameworks PrefPane Fonts Displays CFBundleIdentifier 'tsA|[ST]M[HL]' PlistBuddy{,' 2>&1'}' -c Print' 'Info\.plist' 'com\\.apple\\.' -\\t N\\/A 'AES|atr|udit|msa|dnse|ax|ensh|fami|FileS|fing|ft[pw]|gedC|kdu|etS|is\.|alk|ODSA|otp|htt|pcas|ps-lp|rexe|rlo|rsh|smb|snm|teln|upd-[aw]|uuc|vix|webf' OSBundle{Require,AllowUserLoa}d );f=('\n%s'{': ','\n\n'}'%s\n' '\nRAM details\n%s\n' '%s %s\n' '%s\n'"${k[22]}"'%s\n' {Privacy,Mode}': %s\n' '\n   ...and %s more line(s)\n' 'RSSI: %s\nNoise: %s\nTx rate: %s\n' '\nContents of %s\n   '"${k[22]}"'mod date: %s\n   '"${k[22]}"'checksum: %s\n%s\n' '%d MB: %s\n' );b=(com.adobe.{AAM.Updater-1.0{,},AdobeCreativeCloud,CS{4,5}ServiceManager,fpsaud,SwitchBoard{,}} ${k[21]}{aelwriter,{AirPortBaseSt,SafariNotific}ationAgent,FolderActions.enabled,installer.osmessagetracing,mrt.uiagent,ReportCrash.Self,{rp,usb}muxd} com.citrixonline.GoToMeeting.G2MUpdate com.google.keystone.daemon{,} com.microsoft.office.licensing.helper com.oracle.java.{Helper-Tool,JavaUpdateHelper{,}} com.teamviewer.{Helper,teamviewer{,_desktop,_service}} org.macosforge.xquartz.{privileged_{,},}startx );c=(879294308 4071182229 461455494 3627668074 1083382502 1274181950 1855907737 2758863019 1848501757 464843899 2636415542 3694147963 1233118628 2456546649 2806998573 2778718105 842973933 2051385900 3301885676 891055588 998894468 695903914 1443423563 4136085286 3374894509 1051159591 892310726 1707497389 523110921 2883943871 3873345487 );s=(' s/[0-9A-Za-z._]+@[0-9A-Za-z.]+\.[0-9A-Za-z]{2,4}/EMAIL/g;/faceb/s/(at\.)[^.]+/\1NAME/g;/\/Shared/!s/(\/Users\/)[^ /]+/\1USER/g;s/[-0-9A-Fa-f]{22,}/UUID/g;' ' s/^ +//;/de: S|[nst]:/p;' ' {sub(/^ +/,"")};/er:/;/y:/&&$2<'${p[4]} ' s/:$//;3,6d;/[my].+:/d;s/^ {4}//;H;${ g;s/\n$//;/s: (E[^m]|[^EO])|x([^08]|02[^F]|8[^0])/p;} ' ' 5h;6{ H;g;/P/!p;} ' ' ($1~/^Cy/&&$3>'${p[9]}')||($1~/^Cond/&&$2!~/^N/) ' ' /:$/{ N;/:.+:/d;s/ *://;b0'$'\n'' };/^ *(V.+ [0N]|Man).+ /{ s/ 0x.... //;s/[()]//g;s/(.+: )(.+)/ (\2)/;H;};$b0'$'\n'' d;:0'$'\n'' x;s/\n\n//;/Apple[ ,]|Genesy|Intel|SMSC/d;s/\n.*//;/\)$/p;' ' s/^.*C/C/;H;${ g;/No th|pms/!p;} ' '/= [^GO]/p' '{$1=""};1' ' /Of/!{ s/^.+is |\.//g;p;} ' ' BEGIN { FS=":";if(system("sw_vers -productVersion|grep -q ^10\.1")) d="^'"${k[21]}"'launch(d\.peruser\.[0-9]+|ctl\.(Aqua|Background|System))$";} { if($2~/[1-9]/) { $2="status: "$2;printf("'"${f[4]}"'",$1,$2);} else if(!d||$1!~d) print $1;} ' ' { sub(/ :/,"");print|"tail -n'${p[10]}'";} ' ' NR==2&&$4<='${p[7]}' { print $4;} ' ' ($1~"wir"&&$2>'${p[22]}')||($1~"uts"&&$2>'${p[19]}') { print $1" "int($2);} ' '/YLD/s/=/ /p' ' { q=$1;$1="";u=$NF;$NF="";gsub(/ +$/,"");print q":"$0":"u;} ' ' /^ {6}[^ ]/d;s/:$//;/([^ey]|[^n]e):/d;/e: Y/d;s/: Y.+//g;H;${ g;s/ \n (\n)/\1/g;s/\n +(M[^ ]+)[ -~]+/ (\1)/;s/\n$//;/( {8}[^ ].*){2,}/p;} ' 's:^:/:p;' ' !/ /{print};END{if(NR<'{${p[12]},${p[13]}}')printf("^'"${k[21]}"'.+")} ' '|uniq' ' 1;END { if(NR<'{${p[14]},${p[21]}}') printf("^/[Sp]|'${k[21]}'");} ' ' /\.(framew|lproj)|\):/d;/plist:|:.+(Mach|scrip)/s/:.+//p;' '&&echo On' '/\.(bundle|component|framework|kext|mdimporter|plugin|qlgenerator|saver|wdgt)$/p' '/\.dylib$/p' ' /Temp|emac/{next};/(etc|Preferences|Launch[AD].+)\// { sub(".","");print;} END { split("'"${b[*]}"'",b);split("'"${c[*]}"'",c);for(i in b) print b[i]".plist\t"c[i];} ' ' /^\/(Ap|Dev|Inc|Prev)/d;/((iTu|ok).+dle|\.(component|mailbundle|mdimporter|plugin|qlgenerator|saver|wdgt))$/p;' ' $2=="=" { gsub(/[()"]/,"",$3);print $3;} ' ' /^\// { sub("/dev/","",$1);printf("%s: %s\n",$1,$9);} ' '>&-||echo No' '{print $3"\t"$1}' 's/\'$'\t''.+//p' 's/1/On/p' '/Prox.+: [^0]/p' '$2>'${p[2]}'{$2=$2-1;print}' ' BEGIN { M1='${p[16]}';M2='${p[18]}';M3='${p[8]}';M4='${p[3]}';} !/^A/{next};/%/ { getline;if($5<M1) o["CPU"]="CPU: user "$2"%, system "$4"%";next;} $2~/^disk/&&$4>M2 { o[$2]=$2": "$3" ops/s, "$4" blocks/s";next;} $2~/^(en[0-9]|bridg)/ { if(o[$2]) { e=$3+$4+$5+$6;if(e) o[$2]=o[$2]"; errors "e"/s";next;};if($4>M3||$6>M4) o[$2]=$2": in "int($4/1024)", out "int($6/1024)" (KiB/s)";} END { for(i in o) print o[i];} ' ' /r\[0\] /&&$NF!~/^1(0|72\.(1[6-9]|2[0-9]|3[0-1])|92\.168)\./ { print $NF;exit;} ' ' !/^T/ { printf "(static)";exit;} ' '/apsd|BKAg|OpenD/!s/:.+//p' ' (/k:/&&$3!~/(255\.){3}0/)||(/v6:/&&$2!~/A/) ' ' $1=="op" {m=$3};$1~"lN" {N=$2};$1~"lR" {S=$2};$1~"Tx" {T=$2};$1~/^st/ {s=$2};$1~"li"&&$3!~"wpa2" {printf("'"${f[5]}"'",toupper($3))};END { if(S*N*T&&(S-N<'${p[5]}'||T<'${p[20]}')) printf("'"${f[8]}"'",S,N,T);if(s~/^r/&&m!~/^st/) printf("'"${f[6]}"'",m);} ' ' BEGIN { FS=":";} { n=split($3,a,".");sub(/_2[01].+/,"",$3);print $2" "$3" "a[n]$1;} ' ' BEGIN { split("'"${p[1]}"'",m);FS=":";} $2<=m[$1]{next} $1<9 { o[$1]=o[$1]"\n   "$3" (UID "$4"): "$2;} $1==9&&$5!~"^/dev" { o[$1]=o[$1]"\n   "$3" (UID "$4") => "$5" (status "$6"): "$2;} $1==10&&$5 { p="ps -c -ocomm -p"$5"|sed 1d";p|getline n;close(p);if(n) $5=n;o[$1]=o[$1]"\n   "$5" => "$3" UID ("$4"): "$2;} $1~/1[12]/ { o[$1]=o[$1]"\n   "$3" (UID "$4", error "$5"): "$2;} END { u1="Mb/s";u2="per sec";u3="ms/s";u4="KiB/s";u5="%";u6="total";u7="MB";u8="ports";u[1]=u1;u[2]=u1;u[3]=u3;u[4]=u4;u[5]=u5;u[6]=u6;u[7]=u7;u[8]=u8;u[9]=u2;u[10]=u2;u[11]=u2;u[12]=u2;l[1]="Net in";l[2]="Net out";l[3]="I/O wait time";l[4]="I/O requests";l[5]="CPU usage";l[6]="Open files";l[7]="Memory";l[8]="Mach ports";l[9]="File opens";l[10]="Forks";l[11]="Failed forks";l[12]="System errors";for(i in o) print "\n"l[i]" ("u[i]")\n"o[i];} ' ' END{if($3~/[0-9]/)print$3} ' ' BEGIN { L='${p[17]}';} !/^[[:space:]]*(#.*)?$/ { l++;if(l<=L) f=f"\n   "$0;} END { F=FILENAME;if(!F) exit;if(!f) f="\n   [N/A]";"cksum "F|getline C;split(C, A);C=A[1];"stat -f%Sm "F|getline D;"file -b "F|getline T;if(T~/^Apple b/) { f="";l=0;while("'"${k[18]}"' "F|getline g) { l++;if(l<=L) f=f"\n   "g;};};if(T!~/^(AS.+ (En.+ )?text(, with v.+)?$|(Bo|PO).+ sh.+ text ex|XM)/) F=F"\n   '"${k[22]}"'"T;printf("'"${f[9]}"'",F,D,C,f);if(l>L) printf("'"${f[7]}"'",l-L);} ' ' s/^ ?n...://p;s/^ ?p...:/-'$'\t''/p;' 's/0/Off/p' 's/^.{52}(.+) <.+/\1/p' ' /id: N|te: Y/{i++} END{print i} ' ' /kext:/ { split($0,a,":");p=a[1];k[S]='${k[25]}';k[U]='${k[26]}';v[S]="Safe";v[U]="true";for(i in k) { s=system("'"${k[18]}"'\\ :"k[i]" \""p"\"/*/I*|grep -qw "v[i]);if(!s) a[1]=a[1]" "i;};if(!a[2]) a[2]="'"${k[23]}"'";printf("'"${f[4]}"'",a[1],a[2]);next;} !/^ *$/ { p="'"${k[19]}"'\\ :'"${k[16]}"' \""$0"\"/*/'${k[20]}'";p|getline b;close(p);if(b~/ /||b=="") b="'"${k[23]}"'";printf("'"${f[4]}"'",$0,b);} ' '/ en/!s/\.//p' ' NR>=13 { gsub(/[^0-9]/,"",$1);print;} ' ' $10~/$L/&&$9!~"localhost" { sub(/.+:/,"",$9);print $1": "$9|"sort|uniq";} ' '/^ +r/s/.+"(.+)".+/\1/p' 's/(.+\.wdgt)\/(Contents\/)?'${k[20]}'$/\1/p' 's/^.+\/(.+)\.wdgt$/\1/p' ' /l: /{ /DVD/d;s/.+: //;b0'$'\n'' };/s: /{ /V/d;s/^ */- /;H;};$b0'$'\n'' d;:0'$'\n'' x;/APPLE [^:]+$/d;p;' '/^find: /!p;' ' /^p/{ s/.//g;x;s/\nu/:/;s/(\n)c/\1:/;s/\n\n//;p;};H;' ' BEGIN{FS="= "} /Path/{print $2} ' ' /^ *$/d;s/^ */   /;p;' ' s/^.+ |\(.+$$//g;p;' '1;END{if(NR<'${p[15]}')printf("^/(S|usr/(X|li))")}' ' /2/{print "WARN"};/4/{print "CRITICAL"};' ' /EVHF|MACR|^s/d;s/^.+: //p;' ' $3~/^[1-9][0-9]{0,2}(\.[1-9][0-9]{0,2}){2}$/ { i++;n=n"\n"$1"\t"$3;} END{ if(i>1)print n} ' s/{'\.|jnl: ','P.+:'}'//;s/ +([0-9]+)(.+)/\2 \1/p' ' /es: ./{ s/^.+://;b0'$'\n'' };/^ +C.+ted: +[NY]/H;/:$/b0'$'\n'' d;:0'$'\n'' x;/: +N/d;s/\n.+//p;' ' 1d;/:$/b0'$'\n'' $b0'$'\n'' /(D|^ *Loc.+): /{ s/^.+: //;H;};/(B2|[my]): /H;d;:0'$'\n'' x;/[my]: [AM]|m: I.+p$|^\/Vo/d;s/(^|\n) [ -~]+//g;s/(.+)\n(.+)/\2:\1/;s/\n//g;/[ -~]/p;' 's/$/:(0|-(4[34])?)$/p' '|sort'{'|uniq'{,\ -c},\ -nr} ' s/^/'{5,6,7,8}':/;s/ *: */:/g;p;' '/e:/{print $2}' ' /^[(]/{ s/....//;s/$/:/;N;/: [)]$/d;s/\n.+ ([^ ]+).$/\1/;H;};${ g;p;} ' 's/:.+$//p' '|wc -l' /{\\.{kext,xpc,'(appex|pluginkit)'}'\/(Contents\/)?'Info,'Launch[AD].+'}'\.plist$/p' 's/([-+.?])/\\\1/g;p' 's/, /\'$'\n/g;p' ' BEGIN{FS=":"} { printf("'"${f[10]}"'",$1/1048576,$2);} ' ' /= D/&&$1!~/'{${k[24]},${k[17]}}'/ { getline d;if(d~"t") D=D"\n"$1;} END { print D;} ' ' NR>1&&$3!~/0x|\.([0-9]{3,}|[-0-9A-F]{36})$/ { print $3":"$2;} ' '|tail -n'${p[6]} ' $1>1 { $NF=$NF" x"$1;} /\*/ { if(!f) f="\n\t* Code injection";} { $1="";} 1;END { print f;} ' ' s/.+bus /Bus: /;s/,.+[(]/ /;s/,.+//p;' ' { $NF=$NF" Errors: "$1;$1="";} 1 ' ' 1s/^/\'$'\n''/;1s/:/ tree/;/^ +[MPSV].+: ./d;s/:$//;p;' 's/,.+"//p' '|grep -q e:/' '/[^ .]/p' '{ print $1}' );c1=(system_profiler pmset\ -g nvram fdesetup find syslog df vm_stat sar ps crontab kextfind top pkgutil "${k[18]}\\" echo cksum kextstat launchctl smcDiagnose sysctl\ -n defaults\ read stat lsbom 'mdfind -onlyin /' env pluginkit scutil 'dtrace -q -x aggsortrev -n' profiles sed\ -En awk /S*/*/P*/*/*/C*/*/airport networksetup mdutil lsof test osascript\ -e netstat mdls route egrep 'dscl . -read' );c2=(${k[21]}loginwindow\ LoginHook ' /L*/P*/loginw*' "'tell app \"System Events\" to get properties of login items'" 'L*/Ca*/'${k[21]}'Saf*/E* -d 2 -name '${k[20]} '~ $TMPDIR.. $ -flags +sappnd,schg,uappnd,uchg -o ! -user $UID -o ! -perm -600 $' -i '-nl -print' '-F \$Sender -k Level Nle 3 -k Facility Req "'${k[21]}'('{'bird|.*i?clou','lsu|sha'}')"' "-f'%N: %l' Desktop L*/Keyc*" therm sysload boot-args status " -F '\$Time \$Message' -k Sender kernel -k Message CRne '0xdc008012|calling|(complet|enabl)ed|ry HD' -k Message CReq 'bad |Can.t l|corru|dead|fail|GPU |hfs: Ru|inval|Limiti|v_c|NVDA\(|pagin|error|Refus|TCON|tim(ed? ?|ing )o|WARN' " '-du -n DEV -n EDEV 1 10' 'acrx -o%cpu,comm,ruid' "' syscall::recvfrom:return {@a[execname,uid]=sum(arg0)} syscall::sendto:return {@b[execname,uid]=sum(arg0)} syscall::open*:entry {@c[execname,uid,copyinstr(arg0),errno]=count()} syscall::execve:return, syscall::posix_spawn:return {@d[execname,uid,ppid]=count()} syscall::fork:return, syscall::vfork:return, syscall::posix_spawn:return /arg0 < 0/ {@e[execname,uid,arg0]=count()} syscall:::return /errno != 0/ {@f[execname,uid,errno]=count()} io:::wait-start {self->t=timestamp} io:::wait-done /self->t/ { this->T=timestamp - self->t;@g[execname,uid]=sum(this->T);self->t=0;} io:::start {@h[execname,uid]=sum(args[0]->b_bcount)} tick-10sec { normalize(@a,2560000);normalize(@b,2560000);normalize(@c,10);normalize(@d,10);normalize(@e,10);normalize(@f,10);normalize(@g,10000000);normalize(@h,10240);printa(\"1:%@d:%s:%d\n\",@a);printa(\"2:%@d:%s:%d\n\",@b);printa(\"9:%@d:%s:%d:%s:%d\n\",@c);printa(\"10:%@d:%s:%d:%d\n\",@d);printa(\"11:%@d:%s:%d:%d\n\",@e);printa(\"12:%@d:%s:%d:%d\n\",@f);printa(\"3:%@d:%s:%d\n\",@g);printa(\"4:%@d:%s:%d\n\",@h);exit(0);} '" '-f -pfc /var/db/r*/'${k[21]}'*.{BS,Bas,Es,J,OSXU,Rem,up}*.bom' '{/,}L*/Lo*/Diag* -type f -regex .\*[cght] ! -name .?\* ! -name \*ag $ -exec grep -lq "^Thread c" {} \; -exec printf \* \; -o -true $ -execdir stat -f:%Sc:%N -t%F {} \;' '/S*/*/Ca*/*xpc*' '-L /{S*/,}L*/StartupItems -type f -exec file {} +' kMDItemContentTypeTree=${k[21]}{bundle,mach-o-dylib} :Label "/p*/e*/{aut*,{cron,fs}tab,hosts,{[lp],sy}*.conf,mach_i*/*,pam.d/*,ssh{,d}_config,*.local} {/p*,/usr/local}/e*/periodic/*/* /L*/P*{,/*}/com.a*.{Bo,sec*.ap}*t {/S*/,/,}L*/{Lau,Sec}*/*t .launchd.conf" list '-F "" -k Sender hidd -k Nle 3' /Library/Preferences/${k[21]}alf\ globalstate --proxy '-n get default' -I --dns -get{dnsservers,info} -P -m\ / '' -n1 '-R -ce -l1 -n5 -o'{'prt -stats prt','mem -stats mem'}',command,uid' -kl -l -s\ / '--regexp --files '${k[21]}'pkg.*' '+c0 -i4TCP:0-1023' ${k[21]}dashboard\ layer-gadgets '-d /L*/Mana*/$USER' '-app Safari WebKitDNSPrefetchingEnabled' '-Fcu +c0 -l' -m 'L*/{Con*/*/Data/L*/,}Pref* -type f -size 0c -name *.plist.???????' kern.memorystatus_vm_pressure_level '3>&1 >&- 2>&3' '-F \$Message -k Sender kernel -k Message CReq "'{'n Cause: -','(a und|I/O |jnl_io.+)err','USBF:'}'"' -name\ kMDItem${k[16]} -T\ hfs '-n get default' -listnetworkserviceorder :${k[16]} :CFBundleDisplayName $EUID {,'/{S*/,}'}'L*/{,Co*/*/*/L*/}{Cache,Log}s $TMPDIR../C -type f -size +'${p[11]}'M -exec stat -f'%z:%N' {} \;' \ /v*/d*/*/*l*d{,.*.$UID}/* '-app Safari UserStyleSheetEnabled' "-o ',\"name\":\"[^\"]+' L*/A*/Fi*/P*/*/a*.json" users/$USER\ HomeDirectory '{/,}L*/{Con,Pref}* -type f ! -size 0 -name *.plist -exec plutil -s {} \;' ' -F "\$Time \$Sender \$(RefProc): \$Message" -k Level Nle 3 -k Facility R'{'ne "user|','eq "'}'console" -k Message CRne "sandbox ex" ' getenv );N1=${#c2[@]};for j in {0..15};do c2[N1+j]=SP${k[j]}DataType;done;l=({Restricted\ ,Lock,Pro}files POST Battery {Safari,App,{Bad,Loaded}\ kernel,Firefox}\ extensions System\ load boot\ args FileVault\ {2,1} {Kernel,System,Console}\ log Activity SMC Login\ hook 'I/O per process' 'High file counts' UID Daemons Agents XPC\ cache Startup\ items {Admin,Root}\ access Bundles Library\ paths{,' ('{shell,launchd}\)} Font\ issues Firewall Proxies DNS TCP/IP Wi-Fi 'Elapsed time (sec)' {Root,User}\ crontab {Global,User}' login items' Spotlight Memory\ pressure Listeners Widgets Parental\ Controls Prefetching Nets Volumes {Continuity,I/O,iCloud,HID,HCI}\ errors {User,System}\ {caches/logs,overrides} Shutdown\ codes Heat Diagnostic\ reports Bad\ plists Free\ space VM Stylesheet );N3=${#l[@]};for i in {0..8};do l[N3+i]=${k[5+i]};done;F() { local x="${s[$1]}";[[ "$x" =~ ^([\&\|\<\>]|$) ]]&&{ printf "$x";return;};:|${c1[30]} "$x" 2>&-;printf "%s \'%s\'" "|${c1[30+$?]}" "$x";};A0() { Q=6;v[2]=1;id -G|grep -qw 80;v[1]=$?;((v[1]))||{ Q=7;sudo -v;v[2]=$?;((v[2]))||Q=8;};v[3]=`date +%s`;date '+Start time: %T %D%n';printf '\n[Process started]\n\n'>&4;printf 'Revision: %s\n\n' ${p[0]};};A1() { local c="${c1[$1]} ${c2[$2]}";shift 2;c="$c ` while [[ "$1" ]];do F $1;shift;done`";((P2))&&{ c="sudo $c";P2=;};v=`eval "$c"`;[[ "$v" ]];};A2() { local c="${c1[$1]}";[[ "$c" =~ ^(awk|sed ) ]]&&c="$c '${s[$2]}'"||c="$c ${c2[$2]}";shift 2;local d=` while [[ "$1" ]];do F $1;shift;done`;((P2))&&{ c="sudo $c";P2=;};local a;v=` while read a;do eval "$c '$a' $d";done<<<"$v";`;[[ "$v" ]];};A3(){ v=$((`date +%s`-v[3]));};B1() { v=No;! ((v[1]))&&{ v=;P1=1;};};eval "`type -a B1|sed '1d;s/1/2/'`";B3(){ v[$1]="$v";};B4() { local i=$1;local j=$2;shift 2;local c="cat` while [[ "$1" ]];do F $1;shift;done`";v[j]=`eval "{ $c;}"<<<"${v[i]}"`;};B5(){ v[$1]="${v[$1]}"$'\n'"${v[$2]}";};B6() { v=` paste -d: <(printf "${v[$1]}") <(printf "${v[$2]}")|awk -F: ' {printf("'"${f[$3]}"'",$1,$2)} ' `;};B7(){ v=`egrep -v "${v[$1]}"<<<"$v"|sort`;};eval "`type -a B7|sed '1d;s/7/8/;s/-v //'`";C0() { [[ "$v" ]]&&sed -E "$s"<<<"$v";};C1() { [[ "$v" ]]&&printf "${f[$1]}" "${l[$2]}" "$v"|sed -E "$s";};C2() { v=`echo $v`;[[ "$v" != 0 ]]&&C1 0 $1;};C3() { B4 0 0 63&&C1 1 $1;};C4() { echo $'\t'"Part $((++P)) of $Q done at $((`date +%s`-v[3])) sec">&4;};C5() { sudo -k;pbcopy<<<"$o";printf '\n\tThe test results are on the Clipboard.\n\n\tPlease close this window.\n';exit 2>&-;};for i in 1 2;do eval D${i}0'(){ A'$i' $@;C0;};';for j in 2 3;do eval D$i$j'(){ local x=$1;shift;A'$i' $@;C'$j' $x;};';done;done;trap C5 2;o=$({ A0;D10 0 N1+1 2;D10 0 $N1 1;B1;C2 27;B1&&! B2&&C2 28;D12 22 15 63;D10 0 N1+2 3;D10 0 N1+15 17;D13 3 0 N1+3 4;D13 4 0 N1+4 5;D13 N3+4 0 N1+9 59;for i in 0 1 2;do D13 N3+i 0 N1+5+i 6;done;D13 N3+3 0 N1+8 71;D13 62 1 10 7;D13 10 1 11 8;B2&&D13 18 19 53 67;D12 11 2 12 9;D12 12 3 13 10;D12 13 42 70 101 25;D12 65 6 36 13;D12 45 20 52 66;D13 66 7 37 14;D13 17 8 15 38;D10 9 16 16 77 45;C4;B2&&D10 35 49 61 75 76 78 45;B2&&{ D10 28 17 45;C4;};D10 12 40 54 16 79 45;D10 12 39 54 16 80 45;D13 31 25 37 15&&{ B4 0 8 103;B4 8 0;A2 18 74;B6 8 0 3;C3 32;};B2&&D13 19 21 0;B2&&D13 40 10 42;B2&&D12 2 29 35 46;D12 44 34 43 53;D12 25 22 20 32;D12 33 0 N1+14 51;D12 34 21 28 35;D13 35 27 29 36;A1 40 59 81;B3 18;A1 33 60 82;B8 18;B4 0 19 83;A1 27 32 39&&{ B3 20;B4 19 0;A2 33 33 40;B3 21;B6 20 21 3;};C2 36;D13 50 38 5 68;B4 19 0;D23 37 33 34 42;B2&&D13 46 35 45 55;D13 38 32 31 43;B2&&D13 59 4 65 76 91;D13 63 4 19 44 75 95 96;B1&&{ D13 53 5 55 75 69&&D13 51 6 58 31;D13 56 5 56 97 75 98&&D10 0 N1+7 99;D12 55 5 27 84;D13 61 5 54 75 70;D13 14 5 14 12;D13 15 5 72 12;C4;};D13 16 5 73 12;A1 13 44 74 18;C4;B3 4;B4 4 0 85;A2 14 61 89;B4 0 5 19 102;A1 17 41 20;B7 5;C3 8;B4 4 0 88;A2 14 24 89;C4;B4 0 6 19 102;B4 4 0 86;A2 14 61 89;B4 0 7 19 102;B5 6 7;B4 6 6 73 102;B2&&{ A1 18 26 94;B7 6;B4 0 0 11;C3 23;};A1 18 26 94;B7 6;B4 0 0 11;C3 24;D13 60 14 66 92;D13 58 14 67 93;D13 26 4 21 24;D13 42 14 1 62;D13 43 37 2 90 48;D13 41 10 42;D12 48 36 47 25;A1 4 3 60&&{ B3 5;A2 14 61;B4 0 6 21;B4 5 0;A2 14 62;B4 0 0 21;B6 0 6 4;C3 5;};D13 9 41 69 100;D12 67 21 68 35;D12 49 21 48 49;B4 4 22 57 102;A1 21 46 56 74;B7 22;B4 0 0 58;C3 47;D13 54 5 7 75 76 69;D13 52 5 8 75 76 69;D13 57 4 64 76 91;D12 0 4 4 84;D12 1 4 51 84;D13 21 22 9 37;A1 23 18 28 89;B4 0 16 22 102;A1 16 25 33;B7 16;B4 0 0 34;D20 31 47;D13 64 4 71 41;C4;B4 4 12 26 89 23 102;for i in {0..3};do A1 0 N1+10+i 72 74;B7 12;B4 0 0 52;C3 N3+5+i;((i))||C4;done;A1 24 22 29;B7 12;B3 14;A2 39 57 30;B3 15;B6 14 15 4;C3 29;B4 4 13 27 89 65;A1 24 23;B7 13;C3 30;B4 4 0 87;A2 14 61 89 20;B4 0 16;A1 26 50 64;B7 16;C3 6;D13 7 11 6;A3;C2 39;C4;} 4>&2 2>/dev/null;);C5
Copy the selected text to the Clipboard by pressing the key combination command-C.
8. Launch the built-in Terminal application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ Open LaunchPad and start typing the name.
Click anywhere in the Terminal window and paste by pressing command-V. The text you pasted should vanish immediately. If it doesn't, press the return key.
9. If you see an error message in the Terminal window such as "Syntax error" or "Event not found," enter
exec bash
and press return. Then paste the script again.
10. If you're logged in as an administrator, you'll be prompted for your login password. Nothing will be displayed when you type it. You will not see the usual dots in place of typed characters. Make sure caps lock is off. Type carefully and then press return. You may get a one-time warning to be careful. If you make three failed attempts to enter the password, the test will run anyway, but it will produce less information. In most cases, the difference is not important. If you don't know the password, or if you prefer not to enter it, just press return three times at the password prompt. Again, the script will still run.
If you're not logged in as an administrator, you won't be prompted for a password. The test will still run. It just won't do anything that requires administrator privileges.
11. The test may take a few minutes to run, depending on how many files you have and the speed of the computer. A computer that's abnormally slow may take longer to run the test. While it's running, a series of lines will appear in the Terminal window like this:
[Process started]
        Part 1 of 8 done at … sec
        Part 8 of 8 done at … sec
        The results are on the Clipboard.
        Please close this window.
[Process completed]
The intervals between parts won't be exactly equal, but they give a rough indication of progress. The total number of parts may be different from what's shown here.
Wait for the final message "Process completed" to appear. If you don't see it within about ten minutes, the test probably won't complete in a reasonable time. In that case, press the key combination control-C or command-period to stop it. Then go to the next step.
12. When the test is complete, or if you stopped it because it was taking too long, quit Terminal. The results will have been copied to the Clipboard automatically. They are not shown in the Terminal window. Please don't copy anything from there. All you have to do is start a reply to this comment and then paste by pressing command-V again.
At the top of the results, there will be a line that begins with the words "Start time." If you don't see that, but instead see a mass of gibberish, you didn't wait for the "Process completed" message to appear in the Terminal window. Please wait for it and try again.
If any private information, such as your name or email address, appears in the results, anonymize it before posting. Usually that won't be necessary.
13. When you post the results, you might see an error message on the web page: "You have included content in your post that is not permitted," or "You are not authorized to post." That's a bug in the forum software. Please post the test results on Pastebin, then post a link here to the page you created.
14. This is a public forum, and others may give you advice based on the results of the test. They speak only for themselves, and I may not agree with them.
Copyright © 2014, 2015 by Linc Davis. As the sole author of this work, I reserve all rights to it except as provided in the Use Agreement for the Apple Support Communities website ("ASC"). Readers of ASC may copy it for their own personal use. Neither the whole nor any part may be redistributed.

I cannot access the Internet even though I have a wifi connection

I'll bet this question has been asked before, apologies for any redundancy. The facts:
OS 10.9.3, Firefox (though the problem is also true for Safari).
I connect to wifi at me guest house here in Hoi An, Vietnam, but cannot access any websites at all. None of the other guests here have the same problem, for that reason, as well as based on my experience the last two months travelling in this country, I do not think it is the isp.
I've followed all of the suggestions at support.apple.com/kb/HT4628. Some random settings:
Location: Automatic
TCP/IP settings--Configure IPv4 Using DHCP, but no DHCP Client ID.
Configure IPv6: Ling-local only.
DNS server: the same IP as for IPv4
None of the proxies are checked, where it says @Bypass proxy settings for these Hosts & Domains, there ".local, 169.254/16".
And all I do is watch the Firefox rotating symbol go round and round and round.
Thanks for any suggestions.
Lindy

Linc:
Apologies for the slow reply, I've spent the last few days in a remote part of a national park here in Vietnam, the first time I've been in a location without wifi in this wifi-positive country.
Answer to your question: I ran Network Diagnostics three times before I started this discussion thread, and three times got to the message stating that diagnostics could not locate a problem or offer a solution.
End result: all I had to do was log into a different wifi router. The guest house where I had the problem had two routers, and I could not access the Internet from either one. Again, very strange because four other people occupying the same building had no problems.
But when I tried accessing the net from a coffee shop a quarter-mile away, no problem. And no problem from my current hotel.
DNS? A firewall? Until the problem arises again, and hopefully it won't, I will remain clueless.
Thanks for your help.

ISE - Guest Access (without portal)

Hi Guys,
I have a customer who current is using the cwa portal for guest access. Corporate use will be added in the future sometime next year.
Kit involved:
5508 - Internal (Inside Net)
5508 - Anchor (DMZ Net)
ISE - Inside Net
3600 APs
Presently, guest user connects, anchored to DMZ 5508, issued IP address from server in DMZ and DNS redirect to the web portal from same server. guest logs in and internet access through ASA and then content filtering box.
They want a solution whereby they do not have to use the portal for corporate user with their own devices such as ipads. I know BYOD is a possiblity but would involve using a CA server on the inside of the network. This is not something I'm keen as it opens a channel from the guest network directly to their AD infrastructure.
I'm leaning toward PEAP authentication atm using a GoDaddy SSL cert that is already installed. This would bypass the portal system and only involve client devices being configured once.
Is there any other option that would be simple to setup as this is on a limited timescale ?
Cheers,
Nick

Nick,
They want a solution whereby they do not have to use the portal for corporate user with their own devices such as ipads. I know BYOD is a possiblity but would involve using a CA server on the inside of the network. This is not something I'm keen as it opens a channel from the guest network directly to their AD infrastructure.
If you are referring to supplicant provisioning, the scep enrollment request is proxied from ISE and the private key and cert is transferred to the endpoint. This doesnt require your guest network having direct access to AD....just to ISE.
Tarik Admani
*Please rate helpful posts*

Wired guest access with 5508

Hi
I have setup wireless guest access for a customer with a single 5508 and web authentication no problem at all. He then wanted to test wired guest access. The 5508 is currently connected to a single 3560 switch. The wired clients get a DHCP address OK but cannot reslove DNS and thus don't get redirected to teh guest login portal. I have even tried turning of all L3 security to no avail. The setup is as follows
VLAN 101 access points and 5508 management interface
VLAN 102 wired guest access dynamic ingress (L2 config only no SVI on 3560)
VLAN 103 wireless guest dynamic egress nterface L3 network with SVI on switch
VLAN 104 wired guest dynamic egress interface L3 network with SVI on switch
There are two DHCP pools setup on the WLC one for the VLAN 103 and one for the VLAN 104 subnets.
The internet router is also connected to the 3560 on a sepearte VLAN with an SVI. the 3560 has a default route to teh internet router and teh DHCP pools give the DHCP clients a default gateway of the IP address of dynamic interface 103 or 104. The Internet routre can ping the WLC on both these addresses.
LAG is enabled on teh WLC and VLANs 101-104 are trunked to it from the 3560.
I even tried making the wired guest egress interface the same one as for wireless. The wired clientys now got an IP address on the wireless range but still couldnt pass any traffic. It's like the intrenal bridging on teh WLC between VALN 102 and 104 (or 103) is broken. Tried both the lates 6.x and 7.x software on the WLC. Any ideas ? All the problems I can find with this seem to relate to not gettingas far as a DHCP address but that works fine.
Thanks
Pat

Hi
Yes got it resolved. It turns out that the connection from the wired guest access port to the WLC must be L2. That is the switch that the wired guest acces sport is connected and WLC are connected to must be L2 only. We were using a single switch to do the testing and it was also doing the routing for the test LAN. Even though there was no L3 VLAN interface configured for the VLAN that the guest access port was on for some reason this breaks it. Absolu Didnt have chance to work out the exact limitations of this as we simply made the switch L2 only and configured an 802.1Q trunk to the Internet router and made subinterfaces on the router for the wired and wireless egress ports and it worked then. No config change was needed on the WLC at all.
The only thing I can think of is that it's something about the way the WLC joins the wired guest access ingress VLAn and egress VLAN. The WLC isn't a reall router it says so in the documentation. I think the packet coming from the wired access port is being bridged to the egress VLAn not routed and this is what screws it up (remeber with a router the source and destination MAC addresses would be changed with a bridge they aren't). Got to be something along those lines. If you have a bigger newtork with a guest anchor WLC handling this function you dont run into this as the traffic is coming over an EOIP tunnle from the remote WLC so the switch with the guest anchor WLC doesnt see the MAC address of the wired guest PC.

ISE guest access - can't match on Optional Data fields

Hi all
I need to have 2 different types of guest users that will get different level of access with DACL / Airspace ACL
I thought that best way to do that is simply matching one of optional data fields you can setup in Sponsor Portal
Unfortunately as soon as I reference Optional Data field in Authorization rule I get no match. Can't also match on username which would not help anyway.
getting redirected, login, getting redirected again etc.......
This is affecting both wireless and wired.
As soon as I remove that additonal condition from authz rule guest access works fine - getting redirected, log in, surf the internet.
Is this is bug with ISE that you can't match guest optional data fields?

Hi evnafets,
You were right. How silly I am didnt see that small thing- but STILL PROBLEM IS UNSOLVED.
[ore]
java.sql.SQLException: [Microsoft][ODBC Microsoft
Access Driver] Missing ), ], o
r Item in query expression 'Post_Date LIKE
to_date('04-06-2005',' dd/MM/yyyy''.
Like it says, you have a missing ")" character
rs=stmt.executeQuery("SELECT Name FROM
NoticeBoardTable WHERE Post_Date LIKE to_date('"+
date_str+"', 'dd/MM/yyyy' <--HERE NEED A CLOSING
BRACKET ");
When I did this it said to_date function is not available that because Ms-access doesn't have this function. Then I just changed the query to:-
rs=stmt.executeQuery("SELECT Name FROM NoticeBoardTable WHERE Post_Date LIKE "+ date_sql ); . Although it didnt generate any exception, but dont show any record.
But even better would be to use a prepared
statement.
String sql = "SELECT Name FROM NoticeBoardTable
WHERE Post_Date LIKE ?";
PreparedStatement stmt = con.prepareStatement(sql);
stmt.setDate(1, date_sql);
ResultSet rs = stmt.executeQuery();
I had prepared statement in my final servlet, I made this one just to check why its not working on dates. Also on your advice I changed it to prepared statement. It runs fine but didn't show any record with date 04-06-2005 although I have it in my database (not generating any exception).
I print the sql date throuht servlet just to check , its showing 2005-06-04. May be its formate problem.
Thanks
Regards

Guest access with CWA on ISE

Hi support community
we just implemented CWA for wireless guest access using ISE. however we have an issue, the redirect URL is a name, not an IP address, and the guest dhcp scope use public DNS servers, so CWA doesn't work unless we set the company DNS servers.
so my question... is there a way to configure ISE to send the ip address instead the name for redirection in CWA?
Many thanks in advance...

Hi, thanks for answering...
Yes the problem is that public DNS servers obiously can't resolve ISE servers names. Additionaly the guest VLAN has an ACL blocking all the traffic destined to internal resourses with some exceptions (DHCP, DNS and ISE port for CWA).
however, guest can access to some company services, but as if they were located on internet, ie through the public ip address, so if we use internal servers, they resolve the internal ip address and connections fails. the Muhammad suggestions could be the solution for the problem....but now is something to discuss with the DNS server administrator...
thanks

Guest Access in 4.2.112/130 code

I've just upgraded our controllers from 4.1.185 to 4.2.130 and have noticed some new settings and features for Guest access, specifically on the interfaces and the wlans. Can some one point me to an updated guide on the explanation of these new additions and the recommend setup now? Until I see an explanation on paper so as I can fully understand it, I don't want to change my current setup. i.e. Guest Lan, Ingress Interface, Egress Interface.

Here is an even better link:
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00808ed026.shtml
the nutshell....
"A growing number of companies recognizes the need to provide Internet access to its customers, partners, and consultants when they visit their facilities. With the new Wired Guest Access feature support on the Cisco WLAN Controllers that uses Cisco Unified Wireless Software Release 4.2.61.0 and later, IT managers can provide wired and wireless secured and controlled access to the Internet for guests on the same wireless LAN controller.
Guest users must be allowed to connect to designated Ethernet ports and access the guest network as configured by the administrator after they complete the configured authentication methods. Wireless guest users can easily connect to the WLAN Controllers with the current guest access features. In addition, WCS, along with basic configuration and management of WLAN Controllers, provides enhanced guest user services. For customers who have already deployed or plan to deploy WLAN Controllers and WCS in their network, they can leverage the same infrastructure for wired guest access. This provides a unified wireless and wired guest access experience to the end users."

Guest Access with Inter-vlan Mobility

I have a setup as follows
Two datacenters each with one wlc5500, one guest access server and one internet circuit with firewall.
LWAPs connect to the data centres over a WAN.
Each LWAP has two SSIDs one guest with web auth and one private with 802.1x.
Site1 has 40 APs and site2 has 10 APs.
The best scenario would be to have 30 APs on each controller but this means that there would be a mix of APs centrally switched on different VLANs for the guest wlan.
Is there any way to anchor clients that intially associate to WLC1 so that if they roam on to WLC2 they keep the same IP address from datacentre 1. Similarly those that associate to WLC2 keep their IP from datacentre 2 if they roam to WLC1. Finally if either WLC1 or WLC2 fail then all clients re-associate to the active WLC at one DC. All the config guides so far only depict one internet circuit so I can't work out if this is possible yet. So far with both WLCs active the client changes address as they roam to the other WLC.
I would like to avoid creating a L2 link beween DCs if possible

Thanks for looking
(Cisco Controller) >show wlan 3
WLAN Identifier.................................. 3
Profile Name..................................... guest
Network Name (SSID).............................. GUEST
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
NAC-State...................................... Disabled
Quarantine VLAN................................ 0
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ guest-vlan
WLAN ACL......................................... unconfigured
DHCP Server...................................... 10.18.227.10
DHCP Address Assignment Required................. Enabled
--More-- or (q)uit
Quality of Service............................... Silver (best effort)
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... 802.11b and 802.11g only
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Global Servers
Accounting.................................... Global Servers
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
--More-- or (q)uit
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Enabled
ACL............................................. Unconfigured
Web Authentication server precedence:
1............................................... local
2............................................... radius
3............................................... ldap
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
H-REAP Local Switching........................ Disabled
H-REAP Learn IP Address....................... Enabled
Client MFP.................................... Optional but inactive (WPA2 not configured)
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
--More-- or (q)uit
Mobility Anchor List
WLAN ID IP Address Status
(Cisco Controller) >?
(Cisco Controller) >show wln 3
Incorrect usage. Use the '?' or key to list commands.
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >show wlan 3
WLAN Identifier.................................. 3
Profile Name..................................... guest
Network Name (SSID).............................. GUEST
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
NAC-State...................................... Disabled
Quarantine VLAN................................ 0
Number of Active Clients......................... 1
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ guest-vlan
WLAN ACL......................................... unconfigured
DHCP Server...................................... 10.253.128.10
DHCP Address Assignment Required................. Enabled
--More-- or (q)uit
Quality of Service............................... Silver (best effort)
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... 802.11b and 802.11g only
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Global Servers
Accounting.................................... Global Servers
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
--More-- or (q)uit
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Disabled
CKIP ......................................... Disabled
Web Based Authentication...................... Enabled
ACL............................................. Unconfigured
Web Authentication server precedence:
1............................................... local
2............................................... radius
3............................................... ldap
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
H-REAP Local Switching........................ Disabled
H-REAP Learn IP Address....................... Enabled
Client MFP.................................... Optional but inactive (WPA2 not configured)
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled
--More-- or (q)uit
Mobility Anchor List
WLAN ID IP Address Status
(Cisco Controller) >?

Guest Access - Layer 2 security WPA PSK - Layer 3 security web auth

I am not able to test this.
Has anybody configured the CUWN guest access with WPA PSK layer 2 and Web authentication layer 3
If so are there any problems that I should expect
Mark

Mark,
I have setup wireless in two other compainies related to Rail... The biggest issue will be who will support the guest users and will they take the responsibility. Their security team didn't want that and were fine with tunneling the users to either a dmz or seperate Internet connection. Will dhco release the address... Not right away. You can play around with the lease tim and see if your laptop keeps getting the same address or one higher. If the isue is with dhco being used up from association, then don't broadcast the ssid and have the receptionist hand out the ssid with username and password. My clients use a default username and passowrd but changes that every week. They seem to prefer that over changing it every day or have a username passeor for every guest user. They use wcs to print out the guest credentials. Again, the network team has the recepionist doing this, so they made sure that they are not making too much extra work for them or else they would have to be responsible for guest users.
Hope this helps.

Guest access to internet

Similar Messages

Maybe you are looking for