How to restrict AP client-to-client traffic in same SSID

Similar Messages

• How to restrict the user for re-submitting the same form

  Hi All,
  I would like to know, How to restrict a user for re-submitting the same page.
  I have a jsp page with submit button... and should not allow the user to save the same data again ..
  Anil

  Try the followings. If user disable cookies, this will not work. You need to modify to detect such situation!
  String processed = "mycooke";
  Cookie[] cookies = request.getCookies();
  Cookie c = null;
  if (cookies!=null) {
     for (int i=0; i < cookies.length; i++) {
         if (cookies.getName.equals(processed)) {
  c = cookies[i];
  break;
  if (c!=null) {
  // already processed.
  // send error message and exit.
  // set cookie;
  c = new Cookie(processed , "yourdata");
  c.setMaxAge(-1);
  response.addCookie(c);
  // process as it is the first;

• Configured Nacs- how to restrict AAA client access by specified Password

  Hi all
  i hav given the below config in AAA Client& added the Client in User,Group, the NAR is configured for all Clients ,
  But my requirement is restrict AAA client access by specified Password
  aaa new-model
  aaa group server tacacs+ NACS_Group1
  server 10.x.x.x
  server 10.y.y.y
  aaa authentication login default group NACS_Group1 local
  aaa authentication enable default group NACS_Group1 enable
  aaa authorization config-commands
  aaa authorization exec default group NACS_Group1 if-authenticated
  aaa authorization exec NACS_Group1 group tacacs+ local
  aaa authorization commands 1 default group tacacs+ if-authenticated
  aaa authorization commands 15 default group tacacs+ if-authenticated
  aaa accounting commands 1 default start-stop group tacacs+
  aaa accounting commands 15 default start-stop group tacacs+

  You use the Network Access Restrictions table in the Advanced Settings area of User Setup to set NARs in three ways:
  Apply existing shared NARs by name.
  Define IP-based access restrictions to permit or deny user access to a specified AAA client or to specified ports on an AAA client when an IP connection has been established.
  Define CLI/DNIS-based access restrictions to permit or deny user access based on the CLI/DNIS that is used.
  Note: You can also use the CLI/DNIS-based access restrictions area to specify other values. See the Network Access Restrictions section for more information.

• How to set six WRT300N wireless router use the same SSID

  I have six WRT300N wireless router and cannot setting shared the same SSID....
  Somebody can help me?

  please explain like how are you trying to set up these routers..... even if you set up these routers using the same ssid , they won't communicate with each other wirelessly....

• How to restrict multiple executions of a report by same user

  During month end closing user execute multiple sessions of the same report. In order to improve system performance want to put restriction on such executions espcially for system exhaustive reports. So user can execute report second time once first job is over.
  In background this can be done but how to achive this for foreground jobs. Kindly resolve.
  thanks
  anya

  Hi Eileen,
  Please go through these threads
  Reporting authorization
  Authorisation Variable
  Creation of variable in BEx from user authorization
  Authorization variable
  Variable filled Authorizations
  Khaja

• How to auto-switch Wi-Fi network for the same SSID?

  Hi. In my testing, iPad will auto-switch to antoher same SSID Wi-Fi network when the signal become weak. My question is : What is the condition of auto-swith for iPad?

  Question again！

• Howto block p2p traffic of clients connected to the same ssid on different wlc

  Hi all,
  I use two wlc 4400 (4.2.x version) with a mobility domain and one ssid, both wlc are connected to a cisco l2 switch infrastructure. On the wlc I use the p2p blocking action 'drop' (http://www.cisco.com/en/US/docs/wireless/controller/5.2/configuration/guide/c52wlan.html#wp1209597) to isolate the clients from each other. Does anybody know if only unicast traffic is blocked or also multicast and broadcast traffic like arp requests?
  Concerning blocking p2p traffic of clients connected to the same ssid but different controllers I found the following statement in the LAP FAQs (http://www.cisco.com/en/US/products/hw/wireless/ps430/products_qanda_item09186a00806a4da3.shtml):
  ===
  Q. In autonomous APs, Public Secure Packet Forwarding (PSPF) is used to avoid client devices associated to this AP from inadvertently sharing files with other client devices on the wireless network. Is there any equivalent feature in Lightweight APs?
  A. The feature or the mode that performs the similar function of PSPF in lightweight architecture is called peer-to-peer blocking mode. Peer-to-peer blocking mode is actually available with the controllers that manage the LAP. If this mode is disabled on the controller (which is the default setting), it allows the wireless clients to communicate with each other through the controller. If the mode is enabled, it blocks the communication between clients through the controller. It only works among the APs that have joined to the same controller. When enabled, this mode does not block wireless clients terminated on one controller from the ability to get to wireless clients terminated on a different controller, even in the same mobility group.
  ===
  Does anybody know what's the best practise to prevent this inter wlc client traffic? I already read about using acls on the wlc dynamic interfaces, or private vlans on the l2 switch vlans where the dynamic interfaces are connected to. Is it allowed to completely isolate the wlc from each other on these dynamic interfaces with acls or private vlans or do the wlc need to see each other on this interfaces (e.g. heart beat)?
  Many thanks in advance,
  Thorsten

  Hi Sasha,Thorsten
  The bug is Junked and I believe which is what you are running into with your tests:
  CSCtr60787    WLC P2P Blocking Set to Forward-UpStream Doesn't Work.
  Bugtoolkit : http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs
  To answer your original query :
  ACL is only solution to block client communication on same ssid between 2 wlcs. 5508 works better with ACLs then 44xx platform.
  ARP requests will be forwarded to upstream router just like any other traffic. WLC won't proxy arp for clients on same vlan.
  Gateway arp's I believe should be handled by WLC . ( Don't quote me on this but I am pretty sure it is ) ..If it was not, then how would client know about gw ?
  Multicast traffic is not applicable for p2p.
  Your ACL can be as simple as this for the scenario :
  WLC 1 - clientvlan = 10
  WLC 2 - clientvlan = 10
  and you want to restrict users from wlc1-wlc1, wlc1-wlc2, wlc2-wlc2 for same vlan10.
  Basically in that case the ACL should look like on both WLCs :
  1. Permit statement to talk to gateway.
  2. Deny to subnet.
  3. Permit all.
  4. If DHCP/DNS other services are on same subnet then you would need to add a permit
  statement before the deny.
  5. Attach the ACL to SSID or dymanic interface.
  Thanks..Salil
  CSCtr60787    WLC P2P Blocking Set to Forward-UpStream Doesn't Work.

• How to restrict users working on Windows 7 clients from accessing Windows Explorer and other systems in the network through Group Policy with a domain controller running on Windows Server 2008 r2

  Dear All,
  We are having an infrastructure setup of around 500 client computers managed through group policy.
  Recently the domain controllers have been migrated from Windows Server 2003 to Server 2008 R2.
  Since this account requires extremely strict environment, we need to figure the solution for restricting the users from access anything locally.
  It would be great if you can assist me with the following query.
  How to restrict users logged on Windows 7 clients from accessing Windows Explorer and browsing other systems in the network through Group Policy with a domain controller running on Windows Server 2008 r2 ?
  Can we disable Network Tab on the left hand pane ?
  explorer.exe is blocked already, but users are able to enter the Windows Explorer by clicking on the name which is visible on the Start Menu.

  >   * explorer.exe is blocked already, but users are able to enter the
  >     Windows Explorer by clicking on the name which is visible on the
  >     Start Menu.
  You cannot block explorer.exe when you do not replace the shell - the
  desktop you see effectively IS explorer.exe...
  Your requirement sounds like you need a custom shell:
  http://gpsearch.azurewebsites.net/#2812
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• How to restrict executing tcodes in transaction tab for master clients

  This question applies SOLMAN project implementation tools: SOLAR01, SOLAR02 and so on.
  Our ERP2005 development U50 system has two clients:
  One is master client 101 where all customizing should take place  but no transactions are allowed
  second client 102 works as sandbox client where new customizing can be test and master data and transaction are allowed.
  Only U50/101 is defined in Solution manager SMSY in system role 'development system'. Currently U50/102 is not defined in Solution manager to any system role at all.
  As configuration should take place via Solution manager,  the consultants use SOLAR01 and SOLAR02 in system role 'development system' meaning that they are connected to U50/101 if want to execute transactions in transaction tabs or IMG nodes in Configuration nodes.
  But U50/101 is our MASTER client and no transactions nor most master data are allowed in there. We want to keep it clean. How can I avoid tcodes being executed in system role 'development'. I want to allow consultants use tcodes if they change to system role 'quality system'. But they might forget to change the system role before executing the transaction.
  Is there an option in Solution manager Project implementation tools that do not allow tcode launch from transaction tabs when system role is 'development system'.
  Of course I can restrict tcode execution with authorizations in satellite systems, but then I would need to disable authorizations for each tcode possibly being used. So I don't like that option.
  br: Kimmo

  Okay, I'll continue dialog with myself. I found solution how to assign other clients on one system to other system roles, which are so-called 'customer roles'.
  See solution manager help:
  http://help.sap.com/saphelp_sm40/helpdata/en/3b/8be61c54d22945837fd69861d21a08/content.htm
  I did not know until know, that system roles are actually customizable. The roles with letter P,D,C,T,E, etc. are reserved for SAP but you can create your own system roles into table SMSY_ROLES. You would not do it with SM30, but from tcode SMSY and following menu Utilities-System Settings->tab:System Roles. Switch to change mode. Roles with 0-9 are available for "customer roles". Choose role type and write your own description ( like: Sandbox client in development system ).
  Now the new role is available in SMSY. But You cannot see it yet in SOLAR_PROJECT_ADMIN/System Landscape tab. In there you must press button 'System role assignment' and in the opening window add your own 0-9 role defined earlier and save. Now you see your new role in 'system landscape' tab and you can assign systems to it like you had done with SAP standard roles.
  Now users using implementation tools can change their current system role to your new 'customer role'.
  But what it comes to my original problem (see title), that still remains. I have debugged the tcode execution from transaction tabs and don't see any possible way to avoid tcodes being executed for an unwanted system role. An Enhancement Spot ( =new BADI) can of cource be used for making custom rule for my requirement.
  I'll make this thread answered. Hope you joined my self-dialog.
  Keywords: DEFINE EDIT SYSTEM CUSTOMER ROLES SMSY_ROLES
  br: Kimmo

• How to connect different clients of same SAP Instance

  Hi,
  I have a question abour CPS 7, Basic- / Free of Charge  Version
  I know that this version is restricted to have only  one SAP Instance per Isolation Goup, but how about different clients of the same Instance ?
  Is it necessary to create an  Isolation Group for each client of the same instance ?
  We actually have 1 isolation group with 1 Instance and 1client .
  Trying to create a second XBP Connection to another client fails then saving the changes with error:
  "JCS-102120: SAP System DI1.DI1_045 should be isolated but is not. Show error details"
  I didnt find a concrete statement in the Installation - and in the Admin Guide.
  Regards
  Frank

  Hi Frank,
  This is correct, there is one client per isolation group. The free version works similar in this respect to SM36/SM37: jobs are defined in each client individually and independently.
  Regards,
  Anton.

• Hello , FMS is how to prevent the client into a large number of bytes?

  Hello , FMS how to prevent the client to pass a large number of bytes , such as one person put a 1G file in the argument , I also silly to receive ?Although there Client.setBandwidthLimit ( ) limit his maximum traffic per second , but is there a way , one more than the maximum amount of bytes to disconnect his.I assume that methods to determine the length is also obtained all of his transfer is finished , in order to determine out of it .

  How to limit the size of the parameters of the method.I wrote a method in the main.asc then the client NetConnection.call assignment, but if the client is malicious to upload very large data, how to limit it, I view the document did not find the clues, I hope that those parameters up to100KB.

• AP WLC Client Traffic Query

  Hi Experts,
  I was trying to find any documentation explaining how return traffic works for wifi client data traffic in a capwap AP WLC architecture where the APs are in local mode (no HREAP) but was unable to find any detailed references for this.  I am specifically interested to find out if return traffic goes directly back to the client or whether it still goes via the WLC. 
  Some docs state that all traffic goes via the WLC-AP tunnel.  If this is the case then this means the WLC is performing NAT on the client traffic.  This assumption would also support the need for anchors in a roaming-mobility design.  The thing is i can't find any excerpts stating that NAT is indeed being performed by the WLC.
  Hope you could enlighten me on this.
  Thanks in advance.

  All traffic to and from a client will traverse the WLC and CAPWAP tunnel.
  NAT is not performed by the WLC for any client traffic.  The WLC is a layer 2 devices that needs to have all the client vlan's trunked to it.
  HTH,
  Steve
  Please remember to rate useful posts, and mark questions as answered

• WCS 6.0 client traffic reports

  I've looked around in the reports trying to find one that generates the Client Traffic report on the Home page under the Client tab. It is just a plain and simple graph that shows how much bandwidth has been used. I've only seen reports that show how much bandwidth a client has used or each individual wlc. I just need an overall bandwidth usage. Does anyone know how to create this graph via Reports or any other way?
  Thanks
  Brock

  How about this:
  Reports > Report Launch Pad > Client > Client Summary > Client Summary Report Details
  Customize the report and only include:
  Number of Sessions - Required
  Number of Users - Required
  Total Traffic (MB)
  Total Throughput (Mbps)

• How to load a client file in a clob using sqlcl

  How to load a client file in a clob using sqlcl

  You don't "load" jars. If it's on the classpath, you can obtain individual resources from it using various methods on either Class or ClassLoader. Do you mean "how to add a jar to the classpath at runtime"? Can't be done without using a classloader, typically URLClassLoader or a subclass thereof. Why you want to not use the proven method is beyond me. Presumably because you don't understand classloading. In which case, forget it.

• How to create cross-client variant?

  Hi Experters:
  Can someone tell me how create cross-client variant in ECC6.0?
  in 4.6, we can define the client or define cross-client transaction variant,
  how to create cross-client variant in ECC6.0?
  Regareds,

  Hi,
  In se93 there is a check box cross-client .
  The Cross-client switch identifies which transaction variants are cross-client and which are client-specific. If the switch is set, the transaction variant is cross-client. If the switch is not set, the transaction variant is client-specific.
  A client-specific transaction variant can only exist in the client where it was created. The field contents of the transaction variant only have to be available in the particular client. A cross-client transaction variant is available in the system regardless of which client is currently active. The field contents of the transaction variant have to be available in all clients.
  http://****************/Tutorials/ABAP/TransactionVariant/Create.htm