Layer 3 Web redirect without MD DNS Server
Hello there
Actually, I want to configure layer 3 web redirect and i dont have any DNS server. I tried to use the core switch to resolve the name into ip through the comment ip host webauth 1.1.1.1 but it did not work, I am using the DHCP currently local on the controller any suggestions?
Thanks,
Elie
Can you elaborate on what you are trying to do?
Unless you've specified a DNS name on your Virtual Interface, webauth with redirect the client to the IP address of your Virtual Interface. Generally speaking you only put a DNS name on the Interface if you are using a certificate... For you to have a valid certificate, I would suspect it has a valid domain, and therefor you should be able to make a DNS entry global for that domain pointing webauth.domain.com back to 1.1.1.1......
But if all you're trying to accomplish is webauth without a dns lookup resolving 1.1.1.1, then this should already be in place if you haven't put a name on the Virtual Interface.
Similar Messages
-
Does Apple host business web pages without the OSX Server?
Does anyone know if Apple hosts business web pages other than what you would get with the iWeb app and MobileMe without the OSX Server?
I would suggest using a third party hosting service "I use IX Web Hosting. MobileMe simply does a domain mask. IX Web Hosting offers reasonable pricing, unlimited bandwidth, & dedicated IP addresses just to name a couple features.
-
Set up web with an external dns server
hi i have bought a mac server. and i am new to configure them, I have hosted dns with a company called speednames and I have plans to host several domains there. but I would like to put them to point to the server because I want to install joomla on the domains. on one of the domains, I still want to have the mail to run on speednames. the rest of the domains mail part i would like to point to the server. do somebody have a guide to do that
Your DNS MX (mail exchange) record goes to Speednames, and your DNS translation(s) go to your own static IP address(es), and your static IP names are (at your external firewall) NAT'd and port-forwarded to your server.
The DNS MX entry is the identity of the host where your in-bound mail for the domain is sent, and the other DNS translations are where (all) other queries go.
Here are some details of [external (outside the firewall) DNS|http://labs.hoffmanlabs.com/node/1594] and [internal (inside your firewall) DNS set-up|http://labs.hoffmanlabs.com/node/1436]. -
DNS server required for default route
I'm trying to find out if Apple is aware of this requirement, as it is problematic for network engineers.
The summary of the problem is that without a DNS server configured, mavericks will not activate the default route. So if you configure a DHCP scope without a DNS server, your Mac will not be able to have IP connectivity outside it's local subnet.
I blogged the details of this bug/feature: http://transmitfailure.blogspot.com/2014/02/mac-os-x-mavericks-dns-server-requir ed.html
I'd really like to hear from Apple, just to say if this is intended or not. The commenter said this is happening on 10.9.2 as well as the 10.9.1 I tested.You're very unlikely to receive a direct response on that from Apple through these discussions.
https://bugreport.apple.com may get something. -
How to configure DNS server to redirect all web traffic to one external website?
I'd like to use the DNS service on my OS X Server as a way to force all all web traffic to one specific, external website. Not quite sure how to go about configuring it, though - any recommendations?
(BTW, this is, obviously, not our primary DNS server; I intend to silently update the preferred DNS server for users who fail to complete their timesheets in order to force the issue)Web clients don't generate uniquely-identifiable DNS queries; there's no SRV request or related traffic that you could select on and spoof. So if you do implement this, everything querying the spoofing DNS server will get the spoofed host, or you'll have to spot specific queries that are likely web queries; Facebook, Google, Bing, etc.
If you still want to implement this, then I'd probably replace the DNS server with a runt DNS server (maybe hack dnsmasq or maraDNS, or create yourself a trivial DNS server) and have that always return the specified IP address. This avoids having to hack BIND to be universally authoritative, which is probably on par with hacking a simpler DNS server to always return a fixed IP address, and the latter is probably easier to undo.
A firewall can spot TCP port 80 and port 443 traffic, unlike a DNS server. Firewalling outbound port 80 traffic is more typical of these requests, and either trap that traffic to a specific web page based on the capabilities of the firewall, or the web proxy approach that Camelot suggests. There are folks that tie access into the web proxies into external authentication and related; that'd be able to do what you want. Web proxies are usually combined with firewall blocks, as most sites want only the web proxy to have external access, too. But this is also rather more pieces than a DNS redirect, too. -
How to resolve network issue or dns to access web page on snow leopard server?
I have my network setup like as follows:
internet > router 1 > ethernet ports > switch > router 2
I have a mac osx snow leopard server connected to "router 1", but it is so slow when accessing a web page hosted on the server from a browser on a workstation connected to either router 1 or router 2?
Is there a problem with my network setup or maybe because I changed the name to newservername.local?@Jeff and @Camelot,
I think it is a DNS issue. I completely reset the DNS settings on server and the local name with the steps below, but now cannot access the site hosted on the server at all
I used a modified version of http://www.mkahn.com/2010/09/configuring-dns-on-mac-os-x-10-6-snow-leopard-serve r-for-hosting/ to reset the server set
1. Stop DNS Service in Server Admin
2. Close Server Admin
3. Obtain 10.6 DNS Default files (below)
4. Overwrite the DNS files with DNS Default files:
/etc/dns/loggingOptions.conf.apple
/etc/dns/options.conf.apple
/etc/dns/publicView.conf.apple
/var/named/named.ca/etc/named.conf
/var/named/named.local
/var/named/localhost.zone
5. Restart your server
All machines have 1ms ping responses within the network including this snow leopard server that I am trying to setup. There is another test web server that return pages instantly within this network so I doubt it is a network issue, but a DNS issue. -
DMZ - DNS Server, Mail Server, Web Server, FTP Server
Hi,
I am looking at a router to support around 20-30 people. I have a DNS Server, Mail Server, Web Server, FTP Server (all on one box (PC). I was wondering how everyones experiences with DMZ and port forwarding have been with these protocols with Airport and supporting a group of this size? Do you forsee issues? Will the new Airport handle these requirements better?
ThanksA record for mail.mydomain.com going for ip 199.99.99.999
MX record for mail.mydomain.com with destionation as mail.mydomain.com
That doesn't quite make sense. There must be an A record for "server.mydomain.com" or you wouldn't be able to reach it at all. You want the MX record to point to that. -
Web page redirection without auth on WLC
Customer wants to have users on their guest WLAN get redirected to an acceptable usage policy page without having to authenticate when connecting to the network. We're using WLC4400's. I know it can be done using external elements, but can the controller redirect or display without requiring web authentication first?
TIA,
DaveYou can use a web passthrough so the user connecting via your guest wlan is required to read the acceptable usage policy. We did this at a hot spot I setup. Under your WLAN configuration, select none for Layer2 and Layer3 security, then check the Web Policy box,and select passthrough. Then all you have to do is configure your Web Login Page (Security->Web Login Page). Place whatever verbage you require in this page to display on the users first attempt to use the web after connecting to your guest wlan. Enabling Web Policy and Passthrough gives the user only an accept button and nothing else. This basically is web authentication without having to enter any credentials.
Hope this helps.
RB -
My domain add WWW will redirect to DNS server's Domain, IE works ok,What's the reason
I have a website, and I had added both @ and WWW A record on host. I set the domain as the home page, They all work ok in IE, WWW failed work in Firefox. What are the reasons?
//My domian is http://www.hey-deals.com, hey-deals.com works fine, but http://www.hey-deals.com cannot work in Firefox! It redirect to DNS server's domain, how to set?
Thanks!I have Windows capability but have never used it. I can't imagine anyone using anything other than Pages for Word Processing, etc. I use Safari and Firefox for Browsing. I use Safari primarily and Firefox occassionally. I have not used Internet Explorer for years and years. In fact, I was sort of surprised when I learned that some people do still use Internet Explorer.
I wasn't sure whether or not there was an Ultra-Safe way to go about checking to discover whether or not Apple Users had to worry about a problem with this particular bug.
Although there IS a link provided in the Denver Post's on-line version of this particular news article, I hated to click on a strange link - even if it was provided by the local newspaper. It is just as easy for the local newspaper to be fooled by bogus links as it is for anyone else to be fooled.
My understanding from friends is that there are a whole lot of local newspapers - all across the country - who are currently running this news article - or an article very similar to it.
So it would seem to me that a whole lot of Apple users all across the country might suddenly be wondering whether or not they have anything to worry about - and whether or not there was an Ultra-Safe way for Apple users to check all of this out.
I contacted my service provider about this issue but, so far, have not heard anything back from them.
Thanks for the response.
Sincerely,
Hannah -
DNS lookups without DNS server
Hi Community,
some user in a German forum are reporting a functional DNS resolution without a configured DNS name server. Is there a hidden feature in the actual Snow Leopard release which make this possible?
Thx & Bye TomKiwi Graham wrote:
Sounds like an oxymoron to me - doing a DNS lookup without DNS?
Yes, I agree.
It is certainly possible to store a set of local mappings, but it'd be a subset of the domain universe and it'd also be static. So further resolution would have to go out to a DNS server.
I thought that maybe it could be possible that there is an internal fallback server configured. But it seems that it isn't, because should this be a fact, more user should know this.
More information?
No sorry. I asked both user to make a tcpdump on port 53 to determine the answering DNS server but I got no response. But thanks for your attention
Bye Tom -
Is that possbile to install CMWS 1.5 without DNS server
Hi Guys , we try to do some PoC work for CMWS1.5 , but we do not have DNS server in LAB yet , just want to know is that possible to install CMWS 1.5 without DNS server ?
Best regards
Zhen ShuHi Zhen Shu,
Unfortunately, DNS is required to deploy CWMS. The deployment can't complete without successful communication with DNS server and resolving the systems hostnames.
-Dejan -
Running DNS without os x server
Understanding that the Apple GUI is very usefull, I am looking to create a lean, fast caching DNS server. This server would be used to resolve DNS only, no hosting of domains, just fast resolution. I have been able to scrape together on the internet some basic instructions showing how to setup a Linux or Unix DNS server, but I would like to have something more specific 10.4 workstation. It seems that the file locations are different in the Mac OS, and I expect other things are different??..
Has anyone done this?
I am just trying to avoid spending an additional 500.00 just to run DNS, which is included in your standard workstation release. I have no problem with the command line, I just want a little feedback first.
Thanks
n/a Mac OS X (10.4.4)
Mac OS X (10.4.4)If you've got the instructions on setting this up on another Unix or Linux distribution then the rules are the same - they're all running BIND and the BIND rules don't change with each OS.
The only difference is in the default location of the files, but even that can be changed. All of them are likely to use /etc/named.conf as the main configuration file, and you can set options in there for any directory on disk for local zone files (the default is /var/named/). Setting up the recursion/caching options won't be any different. -
How a router can resolve dns without ip name-server command?
Hello everyone,
A question about the command "ip name-server *.*.*.*"
If I didn't put in the DNS server, the router can still resolve the domain name. You can see the domain server is 255.255.255.255.
Why does this happens?
R4#ping www.cisco.com
Translating "www.cisco.com"...domain server (255.255.255.255) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 184.31.192.170, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
R4#Hi,
There is a name server inside the LAN. Before searhing in the DNS server, it checks the name server in the LAN to reduce the time for searching. The name server of the LAN is like a cache which stores the results coming from the DNS server.
So, it is name server of the LAN which is resolving the IP address.
Thank you.
* please rate the helpful posts. -
Redirect all DNS requests for a certain domain to a specific DNS Server
Hello,
I have setup a home lab to do some Microsoft training on. My lab domain name is "demo.lab". What I want to do is configure my cisco router to forward any dns requests to demo.lab to my Active Directory Server.
For example
If I ping mail.demo.lab, I want that reqest to be forwarded to my lab domain controller (dc01.demo.lab).
I have configured a SOA record on the Cisco router like so, but it still does not foward the reqest on (10.10.10.10 is the IP address of dc01.demo.lab).
ip dns primary demo.lab soa 10.10.10.10 postmaster.demo.lab
Any clues as to what i'm missing?
Thanks
PeterHi Karsten,
Yep my computer had the router as its primary DNS Server. The config you supplied worked! Thanks very much :)
Hi Cisco Freak,
Yep my AD server was also a DNS server. Yes that was one option, but I just didn't want to keep changing my DNS as my laptop goes to/from work with me. The config that Karsten supplied worked though.
Hi Terry,
Thanks for the link. I believe I had configured it correctly as per that docuemnt, but it didn't work for some reason. Still go reference material though.
The other option would have been to configure the router to use my AD server as its primary name server host like so;
ip name-server 10.10.10.10
ip name-server 8.8.8.8
The only problem would be that if/when my DC is offline, there would be a small delay when doing DNS requests, and since my internet is shared with my house mate, I didn't want to disrupt her too much.
Thanks again for your help!
Cheers
Peter -
Hello,
We configured the web authentication in wlc 5508with ISE for the guest traffic. When client tries to connect it redirects to the different URL. That means the specified URL (that is default redirection page of ISE) 'https://<ISE IP>:8443/guestportal/portal.jsp' but client is getting redirected to
'https://<ISE>:8443/guestportal/login.action?switch_url=https://<virtual IP>/login.html&wlan...'. And finally page cannot be displayed now error message i am getting.
Why it happens..? Any quick help would be really appreciated
Moreover i have doubts on the below points.
1) Should both the Anchor and the foriegn controllers be configured for web auth security or only anchor ..?
2) When external web redirection, the client has to get the DNS resolved entry for the Specified URL or WLC knows to take it to the external web page..?
3) Any special configuration has to be done on ISE?
Thanks for your time
KVS
Message was edited by: Prasan VenkyHello,
How to Make an External (Local) Web Authentication Work with an External Page
As already briefly explained, the utilization of an external WebAuth server is just an external repository for the login page. The user credentials are still authenticated by the WLC. The external web server only allows you to use a special or different login page. Here are the steps performed for an external WebAuth:
The client (end user) opens a web browser and enters a URL.
If the client is not authenticated and external web authentication is used, the WLC redirects the user to the external web server URL. In other words, the WLC sends an HTTP redirect to the client with the website's spoofed IP address and points to the external server IP address. The external web authentication login URL is appended with parameters such as the AP_Mac_Address, the client_url (www.website.com), and the action_URL that the customer needs to contact the switch web server.
The external web server URL sends the user to a login page. Then the user can use a pre-authentication access control list (ACL) in order to access the server. The ACL is only needed for the Wireless LAN Controller 2000 series.
The login page takes the user credentials input and sends the request back to the action_URL, such as http://1.1.1.1/login.html, of the WLC web server. This is provided as an input parameter to the customer redirect URL, where 1.1.1.1 is the virtual interface address on the switch.
The WLC web server submits the username and password for authentication.
The WLC initiates the RADIUS server request or uses the local database on the WLC, and then authenticates the user.
If authentication is successful, the WLC web server either forwards the user to the configured redirect URL or to the URL the client entered.
If authentication fails, then the WLC web server redirects the user back to the customer login URL.
Note: If the access points (APs) are in FlexConnect mode, a preauth ACL is irrelevant. Flex ACLs can be used to allow access to the web server for clients that have not been authenticated.
For more details, please refer to the following:
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a0080bf7d89.shtml#redirect
Maybe you are looking for
-
SQL error forced rollback and connection loss with OLE item in forms 6i
We are running forms 6i client server on a Oracle Database 10g Enterprise Edition Release 10.1.0.3.0 - 64bit. We have a form that has 1 base table block that contains an OLE item where the user can create or edit a Microsoft Word document then save t
-
HT201272 purchased app is missing
My app is completely missing from my purchased apps tab. I have a receipt from where I purchased it. How can I get it redownloaded on my phone. The app is Keeper back up, I paid $9.99 for it and it is gone. Any ideas on how to get it back.
-
My Mac desktop is incredibly slow after I installed Yosemite - any suggestions?
My Mac desktop is incredibly slow after I installed Yosemite - any suggestions? Thanks
-
Approval Workflow does not update the Content Approval status if started automatically
Hi, I'm using a simple Approval Workflow associated with Content Approval on site pages. It works fine when I set it to be started manually (by using Allow this workflow to be manually started by an authenticated user with Edit Item permissions opti
-
School iPad - Prevent student from sending PDF in iBooks
I am desperate to disable the option of sending PDF files from inside our Student's iPad device. We badly need to prevent our cadets from sending our Aviation Charts & documents (that we developed in PDF format) to external entities. If only there is