Ip phone and pc VLAN security issue - ISE 1.0

Similar Messages

• Since HTC is going to start unlocking thier phones and Verizon has no issue with that

  Since HTC is going to start unlocking thier phones and Verizon has no issue with that
  those who have unlocked their phones should have no issues with warranty unless they alter the OEM Rom or install a different rom
  Most people want to root to get rid of all the bloatware
  So we are back to why not let us remove what we want and put this to rest....
  Behold, the Power of the Android Community: HTC to Unlock Future
  Bootloaders
  [Updated: Yes There Will Be] Verizon: There Won’t Be Any Unlocked Devices On Our Network

  budone wrote:
  I think VZW has no issue (if that is actually true) is because if a phone pukes and it has been rooted, their hands are washed of providing a replacement.
  You hit it right on the head, just because they do not lock down bootloaders still does not change that rooting and installing unarthorized firmware or OS violates TOS and voids warrenty which cleans Verizons hands to replace device if it gets damage while doing any of these things to device.

• Cisco ip phone and wired user authenticate form ISE

  Hi dears,
  I configurate wired users from Cisco ISE. The authentication protocol is Eap-fast, the external device is DC. The wired user authenticate from ISE normally. I use labminutes web sites for configuration video.
  Now the customer also want the cisco phone is authenticate from ISE. the physical connection is that: the cable connect to phone from switch. and one cable is connec from phone to pc.(standard physiacl connection.)
  I create new authentication policy and use mab, and  new authorization police.
  The problem is : the phone is authenticate is normally but the wired user want to authenticate but it can not authenticate.
  Can someone provide me a best practice configuration on ise and switch for phone and wired user authentication. or please say the source of problem.
  Thanks.

  interface GigabitEthernet1/0/48
   switchport access vlan 10
   switchport mode access
   switchport voice vlan 14
   ip access-group ACL-ALLOW in
   authentication event fail action next-method
   authentication event server dead action authorize vlan 20
   authentication event server alive action reinitialize
   authentication host-mode multi-auth
   authentication open
   authentication order dot1x mab
   authentication priority dot1x mab
   authentication port-control auto
   authentication periodic
   authentication timer reauthenticate server
   authentication violation restrict
   mab
   dot1x pae authenticator
   dot1x timeout tx-period 10
   spanning-tree portfast
  do you need ISE configuration??

• How to configure SGE2000P with CISCO 7900 phones and data VLAN

  Hello all
  I am having problem setting up SGE2000P switches to work with my default data VLAN and additional voice VLAN. I am configuring it to pick IP address for phones from voice VLAN which is working fine but when I connect a PC on phone port it is also picking up an IP from Voice VLAN while default VLAN is data with different scope of IP.
  Is there any good discussion or documents out there to help me resolve this issue before I pack these switches and purchase ESW 500 series. I have ESW 500 at another client and they are working fine out of the box but this guy is giving me hard time.
  Any suggestions help will be appreciated
  Mo

  HI Muhammed,
  I suggest you contact the Small Business Support Center for some help:
  http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html
  Regards,
  Cindy Toy
  Cisco Small Business Community Manager
  for Cisco Small Business Products
  www.cisco.com/go/smallbizsupport
  twitter: CiscoSBsupport

• I have an issue with my iphone touch screen not responding, apple replaced phone and still having same issue. They say its software, what can I do I need my phone to work

  Touch screen on Iphone slowly, over a few days stopped responding. Went to Genius Bar and was given a new 3GS because they didn't know how to fix the issue. Cool. Went home synced with Macbook Pro (new-12/2010), two days later same issue. This time when I went to Genius Bar they restored the phone to factory settings and instructed me to load as a new phone in Itunes instead of restoring information of the previous phone, which is an option good for when your replacing phone not fixing one Anywho, did everything they told me to do. SAME ISSUE A FEW DAYS LATER. This time I was told the software issue is with my Macbook and I thought this made sense, so I took it in along with the phone. That was yesterday. Phone working intermittently since leaving Apple. I was given instructions that if their "daily" fix didn't work to erase hard-drive and reinstall software that came with the macbook and start fresh. This would definately fix the issue. Extreme yes, but I need use of my phone, especially since we got rid of the house phone and all use cell phones. So last night I did the required erase of hard-drive and re-loaded all software that came with it and Microsoft Office for Mac. Plugged in the phone to set up in itunes and thought that was it. My phone is still not working. Can't answer when I try, can't make calls, etc. What the heck do I do? I'm starting to feel like a major lamo having to keep going back to Genius Bar, but I know enough to know these issues should have been resolved with the steps I've taken. I even went as far as to restore through my husbands computer and same thing. Could there be a problem with Itunes? Could the magnetic stripe in my debit card be hurting the device somehow, although that's a long shot since I have had the same or similar case since getting the phone. Frustrated beyond belief. Apple support not open at this hour so I'm trying my luck here.....
  Thanks for any input.

  restore iPhone as new and start again

• Web Inspector broken by iOS7 on both phone and iOS simulator - MAJOR issue

  Since updating to iOS7 on my phone and updating Xcode web inspector has become useless. The button that allows you to click on assets select and the tree that lets you navigate page assets are completely unresponsive - Is anyone else seeing this issue - the web inspector is not only useless it's effectively halted development - i'm trying to understand how something so significant has got through Apple's ever diminishing quality control....

  Just posted a workaround I found for all but Style inspector here:
  https://discussions.apple.com/message/23137095#23137095
  I agree, MAJOR issue.

• Cisco 877W Dual SSID/VLAN Security Issue

  Hi All
  I have an issue with my 877W that is as fascinating as it is frustrating. I have two SSIDs/VLANs, one for trusted LAN users (PRIVATE), and one for guests (GUEST).  The PRIVATE network is secured from the GUEST nework by zone based firewall. Everything works fine, guest devices cannot access private devices, except for one thing - the BVI interface on the PRIVATE network is always accessible to guest devices, and all services open to attack eg telnet/ssh/http/dns etc. I've tried everything to secure this interface from the guest network, including putting deny any any on physical, BVI and VLAN interfaces
  Am I missing something obvious, or some fundamental architecture of the 877 that would stop this interface being secured? Any help aprreciated!
  P.S config has been pared down to basics below
  version 15.1
  no service pad
  service tcp-keepalives-in
  service tcp-keepalives-out
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname ROUTER
  boot-start-marker
  boot-end-marker
  logging buffered 4096
  enable secret 5 $1$BdpF$r/mAhQGYs8LBlqEpANmke0
  no aaa new-model
  dot11 syslog
  dot11 ssid PRIVATE@123
   vlan 100
   authentication open
   authentication key-management wpa
   wpa-psk ascii 7 046B0A535A15441D2D0C11141A5A5F
  dot11 ssid VISITOR@123
   vlan 200
   authentication open
   authentication key-management wpa
   mbssid guest-mode
   wpa-psk ascii 7 03374C0A08392040420C00
  ip source-route
  no ip dhcp conflict logging
  ip dhcp excluded-address 172.16.1.1 172.16.1.10
  ip dhcp excluded-address 192.168.0.1 192.168.0.10
  ip dhcp pool GUEST
   utilization mark low 70 log
   network 172.16.1.0 255.255.255.0
   dns-server 192.168.0.1 61.9.242.33 61.9.226.33
   default-router 172.16.1.1
  ip dhcp pool PRIVATE
   utilization mark low 70 log
   network 192.168.0.0 255.255.255.0
   dns-server 192.168.0.1 61.9.242.33 61.9.226.33
   default-router 192.168.0.1
  ip cef
  no ipv6 cef
  multilink bundle-name authenticated
  username cisco privilege 15 password 7 073F205F5D1E491713
  policy-map type inspect PM-DENYGUEST
   class class-default
    drop
  zone security GUEST
  zone security PRIVATE
  zone-pair security GUEST-TO-PRIVATE source GUEST destination PRIVATE
   service-policy type inspect PM-DENYGUEST
  bridge irb
  interface ATM0
   no ip address
   shutdown
   no atm ilmi-keepalive
  interface FastEthernet0
   no ip address
  interface FastEthernet1
   switchport access vlan 100
   no ip address
  interface FastEthernet2
   switchport access vlan 100
   no ip address
  interface FastEthernet3
   no ip address
  interface Dot11Radio0
   no ip address
   encryption vlan 100 mode ciphers aes-ccm
   encryption vlan 200 mode ciphers aes-ccm
   broadcast-key vlan 100 change 30
   broadcast-key vlan 200 change 30
   ssid PRIVATE@123
   ssid VISITOR@123
   mbssid
   speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
   station-role root
  interface Dot11Radio0.100
   encapsulation dot1Q 100 native
   zone-member security PRIVATE
   bridge-group 1
   bridge-group 1 subscriber-loop-control
   bridge-group 1 spanning-disabled
   bridge-group 1 block-unknown-source
   no bridge-group 1 source-learning
   no bridge-group 1 unicast-flooding
  interface Dot11Radio0.200
   encapsulation dot1Q 200
   zone-member security GUEST
   bridge-group 2
   bridge-group 2 subscriber-loop-control
   bridge-group 2 spanning-disabled
   bridge-group 2 block-unknown-source
   no bridge-group 2 source-learning
   no bridge-group 2 unicast-flooding
  interface Vlan1
   no ip address
  interface Vlan100
   no ip address
   bridge-group 1
  interface Vlan200
   no ip address
   bridge-group 2
  interface Dialer0
   ip address negotiated
   ip access-group 101 out
   ip nat outside
   ip virtual-reassembly in
   encapsulation ppp
   dialer pool 1
   dialer-group 1
   ppp authentication chap callin
   ppp chap hostname [email protected]
   ppp chap password 7 10580A4F1C4005005B
  interface BVI1
   ip address 192.168.0.1 255.255.255.0
   ip nat inside
   ip virtual-reassembly in
   zone-member security PRIVATE
  interface BVI2
   ip address 172.16.1.1 255.255.0.0
   ip nat inside
   ip virtual-reassembly in
   zone-member security GUEST
  ip forward-protocol nd
  ip http server
  ip http access-class 2
  ip http authentication local
  ip http secure-server
  ip nat inside source list 1 interface Dialer0 overload
  ip route 0.0.0.0 0.0.0.0 Dialer0
  logging trap debugging
  logging 192.168.0.11
  control-plane
  bridge 1 protocol ieee
  bridge 1 route ip
  bridge 2 protocol ieee
  bridge 2 route ip
  line con 0
   exec-timeout 5 0
   no modem enable
   transport output all
  line aux 0
   exec-timeout 0 1
   no exec
   transport output none
  line vty 0 4
   exec-timeout 5 0
   login local
   transport input telnet ssh
   transport output none
  end

  Ignore that. self zone got me. Argh! phew!

• Safari and Firefox crashing - Security issue?

  I was running Safari 2.X.X (I think it was 2.0.4 and Tiger 10.4.X) when Safari started crashing. The crashing was every 10 minutes or so, but eventually Safari crashed almost instantly when opening, even if all I did was open Safari from my Dock.
  I tried using Firefox, but that too, started crashing almost instantly, after being opened.
  I restarted my PowerBook (G4, 1.33) and the problem still remained. I then updated OS X Tiger to 10.4.11 which also upgraded Safari to 3.0.4. After the update, Safari crashed once or twice, but then has been stable for "a while now." However, Firefox still crashes like mad (Edit: Firefox has now remained open and not crashed for a few minutes now).
  Is there anyway a virus/spyware/malware caused this crashing? A search of the Internet seemed to indicate things like corrupt preferences or issues with Input Managers. However, I'd like a little more reassuring, as well as suggestions to why Safari now seems to work ok, but Firefox still crashes.
  Any suggestions or comments?

  I can't speak for Firefox (do you have the latest version?) but
  If your Safari keeps crashing, or if you are updating Safari (or just have):
  Input Managers and other plug-ins from third parties can do as much harm as good. They use a security loophole to reach right into your applications' code and change that code as the application starts up. If you have installed 10.4.11 and Safari is crashing, the very first thing to do is clear out your InputManagers folders (both in your own Library and in the top-level Library), log out and log back in, and try again.
  So, disable all third party add-ons before updating Safari, as they may not have been updated yet for the new version. Add them back one by one. If something goes awry, remove it again and check on the software manufacturer's website for news of an update to match your version of Safari. Remember: Tiger up to 10.4.10 used Safari 2.0.4 or, if you downloaded it, Safari 3.0.3 beta. Safari 10.4.11 uses Safari 3.0.4 which is not a beta. If Safari 3.0.4 on 10.4.11 is not the fastest browser you have ever used, then something is wrong!
  (Trying to revert to Safari 2 when running 10.4.11 can have repercussions, as Safari 3.0.4 uses a completely different webkit on which other applications like iChat, Mail, Dashboard widgets etc also rely.)
  Most errors reported here after an update are due to an unrepaired or undetected inherent fault in the system, and/or a third party ad-on. Add-on that have been frequently mentioned here, among others, for causing such problems are Piclens, Saft, AcidSearch and Pithhelmet. If you have them, trash them and go the developer's sites to see if new versions are available for Safari 3.0.4.
  You should also ensure, if you are running Tiger 10.4.11, that you have downloaded and installed the correct version for your Mac of Security Update 2008-001.
  As Leopard also uses Safari 3.0.4, much of the above may well also apply to Leopard, but is not guaranteed.

• I baked up my iphone and when i had issues with sim lock i got it to finally work isynced my phone with i tunes and lost all apps recently downloaded how do i get it back

  i had to get an internet conection from a friend to download akll my apps evrytime i sync with my pc wich already had itunes all apps except statup are gone only thing left was an i tunes song i brought from itunes  each time i use my apple id pass word it tells me to retry i do this 4 to 5 times and some times have no success my latest issue was my sim locking buy  itself then asking me to put in a sim without a lock  , i only have 1 sim  i brought 2 phones  and have had no issues with the other phone and when i do have the original startup apps i can not move or arange them thru itunes apps and i cannot use sim from other iphone pls help evry1 i ask wouldnt have a clue because there having there own dificulties

  If you also backed up to your computer - you can restore from that backup - to retrieve the files. As far as I know- that should have no bearing on deleting them from iCloud - they should still be in that backup.
  If you used iOS file sharing with your computer - and saved the files to your computer - you can retrieve them from there.
  if the only place that the files were saved to was iCloud, I know of no way to get them back.

• 802.1x with Vlan assignment and IP phone and PC

  I have a Catalyst 4510R and I want to im plement 802.1x with dynamic VLAN assignment via Radius server. I am going to plug to switch ports Cisco IP phones and PCs (PCs are plugged in the IP phone).
  For this implementation I need to configure the switch port in mode trunk because I have voice vlan corresponding IP phone and data vlan corresponding to PC.
  However I have read that I can not enable 802.1x on a trunk port.
  How could I configure this?
  I need that when the PC is authenticated correctly is assigned to his cooresponding data vlan and the IP phone is in the voice vlan.
  Thanks

  You should configure the port as an access port with an aux-vlan. Here's an example:
  interface GigabitEthernet2/2
  switchport access vlan 701
  switchport mode access
  switchport voice vlan 702
  load-interval 30
  qos trust device cisco-phone
  qos trust cos
  auto qos voip cisco-phone
  dot1x pae authenticator
  dot1x port-control auto
  tx-queue 3
  bandwidth percent 33
  priority high
  shape percent 33
  spanning-tree portfast
  spanning-tree bpduguard enable
  service-policy output autoqos-voip-policy
  Hope this helps,

• Having issues with IP Phones and the RV042 Router

  Hello,
  We have recently purchased Ring Central IP  Phones and are having audio issues.  We have a RV042 router with two WAN  connections.  We called Ring Central Tech support and were told that IP  Phones will not work with the RV042 while loading balancing is enabled.   Has anyone ever successfully setup IP Phones with a RV042 router while  having loading balancing enabled?  I configured the port range that the IP Phone use to be bound to WAN 1 but still having problems.  Thanks in advance.
  Loren

  I Have the 5s but my screen keeps freezing up and I have to force restart on my apps!

• Help?! I use multiple Apple ID's to download purchases to my phone and am having trouble getting purchases from them all?!

  Hi, 
  This situation has been causing me much stress and frustration for about a week now and I really hope I can get help here. 
  I got my first iPhone 5 this past June and synced purchases from my mom's computer to my phone and was able to use my own Apple ID to purchase music to my phone just fine. Everything was fine with having purchases from my Apple ID and from my mom's Apple ID on my phone until I recently got my new HP 2000 laptop with Windows 8 and set up an iTunes library under my own Apple ID. Before setting up iTunes on my computer, I cleared out my music library (containing songs purchased from my Apple ID and my mom's) due to an issue with my playlists. I re-synced my phone with my music on my computer and ran into a problem: I had to delete apps and tones bought with my mom's Apple ID. Not caring or thinking I let it delete the few apps and tones I synced from my mom's library. I got all my songs back on my phone and fixed the playlist issue. Everything was good, but I have songs and other purchases on my mom's account that I want on my phone. I read that I can't sync with two libraries though, which is a bummer. So, I decided to just sign in to her account on my phone and re-download purchases right from there. Well, when I tried I got a warning that stated, "this device is already associated with another Apple ID" and it tells me if I want to transfer purchases from her account, I'll have to wait 90 days if I want to re-download purchases from other Apple ID's? What does that mean? Is there away around all this so I can get purchases from other accounts on my phone without running into that warning? Will I be able to get the purchases to my phone at all? 
  I apologize if this is confusing, I'd be more than happy to provide any further clarification to those willing to help me. All replies are very much appreciated. Thank you to those who can help in advance!

  Have you tried signing out and then back in?

• Potential Security Hole with 802.1x and Voice VLANs?

  I have been looking at 802.1x and Voice VLANs and I can see what I think is a bit of a security hole.
  If a user has no authentication details to gain access via 802.1x - i.e. they have not been given a User ID or the PC doesn't have a certificate etc. If they attach a PC to a switchport that is configured with a Voice VLAN (or disconnect an IP Phone and plug the PC direct into the switchport) they can easily see via packet sniffing the CDP packets that will contain the Voice VLAN ID. They can then easily create a Tagged Virtual NIC (via the NIC utilities or driver etc) with the Voice VLAN 802.1q Tag. Assuming DHCP is enabled for the Voice VLAN they will get assigned an IP address and have access to the IP network. I appreciate the VLAN can be locked down at the Layer-3 level with ACL's so any 'non-voice related' traffic is blocked but in this scenario the user has sucessfully bypassed 802.1x authentication and gain access to the network?
  Has anyone done any research into this potential security hole?
  Thanks
  Andy

  Thanks for the reply. To be honest we would normally deploy some or all of the measures you list but these don't around the issue of being able to easily bypass having to authenticate via 802.1x.
  As I said I think this is a hole but don't see any solutions at the moment except 802.1x on the IP Phone, although at the moment you can't do this with Voice VLANs?
  Andy

• The Iphone 4 patch IOS 7.6 is suppose to be a security update but it freezes the phone and doesn't reset. Help I need my phone. What makes the phone go back to normal? There is nothing but a simulated plug in wire and an ITunes icon on a black screen.

  The Iphone 4 patch IOS 7.6 is suppose to be a security update but it freezes the phone and doesn't reset. Help I need my phone. What makes the phone go back to normal? There is nothing but a simulated plug in wire and an ITunes icon on a black screen.

  Hi SDPISMENOW,
  If you are having issues updating or restoring your iPhone after attempting the iOS 7.0.6 update, you may find the following article helpful:
  Apple Support: If you can't update or restore your iOS device
  http://support.apple.com/kb/ht1808
  Regards,
  - Brenden

• I updated some security issues and suddenlly my gmail does not open. it shows 75% of the procees and does not go on

  I updated automatically some security issues in my computer (I don't remember which) and now my gmail will start opening until it reaches 75% and it will not go on opening.
  I can open it Internet explorer but not in Mozila fireworks

  Clear the cache and the cookies from sites that cause problems.
  "Clear the Cache":
  *Tools > Options > Advanced > Network > Cached Web Content: "Clear Now"
  "Remove Cookies" from sites causing problems:
  *Tools > Options > Privacy > Cookies: "Show Cookies"
  Start Firefox in <u>[[Safe Mode|Safe Mode]]</u> to check if one of the extensions or if hardware acceleration is causing the problem (switch to the DEFAULT theme: Firefox/Tools > Add-ons > Appearance/Themes).
  *Don't make any changes on the Safe mode start window.
  *https://support.mozilla.org/kb/Safe+Mode
  *https://support.mozilla.org/kb/Troubleshooting+extensions+and+themes