LRT214 Access Policy using MAC address

Similar Messages

• Blocking wireless access by using Mac Address

  Hello,
  I've got a cisco 1240AG K9 AP plugged into a DSL router. It has a factory config with DHCP enabled and one SSID. This AP is set up for open, unsecure internet access in our dining areas. Problem is, I have office PCs in the vicinity jumping on it to get out throughout the day. Is there a way to put their mac addresses in and block them? I do not want to enable any kind of authentication/security as this is supposed to be open for outside users at lunch.
  Thanks for any help.

  I could do that, but the problem is, this AP is more geared at letting outside clients here on business jump onto the internet. I really don't want to have to get their mac addresses to allow access...I wasn't sure if the mac filtering could work backwards to block traffic instead of allow it.

• Many warnings : prevented from using mac address because it is pinned to port

  Hi
  I am seeing my system log flooded (several per second) with event 28 warnings such as :
  Port 'SWITCHPORT-SM-DB9DCFC7-E98D-438C-8998-CC0D9C14ED2B-1-1' was prevented from using MAC address '00-15-5D-00-B2-05' because it is pinned to port 'A0724966-695B-4552-B'.
  Source : VMSMP
  The environment is 2 X hyper-v 2008 r2 hosts. both have 4 NICs, 3 nics are connected to virtual switches and management OS is not allowed to share the network adapter, and then 1 NIC is obviously used by the host/mgmt OS and no virtual switch connected to
  it. I am seeing the warnings on both hosts.
  No load balancing or NIC teaming.
  All VM's have their MAC addresses assigned dynamically and I cannot see any conflicting MAC addresses.
  The warnings are logged for all or most of the MAC addresses and alternate between different "SWITCHPORT-SM-etc,etc" names.
  Performance doesn't seem to be degraded, I've run continuous pings for more than an hour with no packet loss, just a single packet spike every now and then. Network access seems fine, Backup Exec 2012 jobs are succeeding, albeit somewhat slower than what
  it was.
  I don't know when it started, since these warnings have flooded out all else.
  At first I thought it had something to do with a VM that I moved from one host to the other, where I copied the VHD accross and then created a new VM and assigned the original IP address to the new virtual NIC in the new VM. I then uninstalled the old hidden
  NIC and restarted the VM in question, but that didn't stop the warnings.
  Any ideas what could be causing this, or any tips on where I should start looking to isolate the cause ?

  Got it fixed by creating new virtual switches, moving all VMs over to them, and afterwards deleting all the old virtual switches.
  Still no idea what the cause could have been. How bizarre...

• Device in the data base getting PXE aborted --unable to find machine using Mac address /resouce iD

  hi
  when I deploy osd to my unknown collection iam getting PXE aborted  ..earlier we used to delete machines from sccm
  by searching query based on Mac address .and clear last pxe advertisement option , but iam finding certain machines getting PXE aborted  shows device in data base when we search these machines using mac address /resouce iD unable to find in sccm or
  sccm data base . I have found some blogs where unknown collection parameters are changed to decommissioned value from "o" to "1"
  but unable to build new unknown collection , its very difficult to delete machines from SCCM console every time when pxe aborted . machines are getting pxe aborted some way its known to SCCM ,its difficult to import machines every time before machines are
  image .is there any permanent solution to override pxe aborted ,even systems are known to SCCM ,we are in sccm 2012 infrastructure
  hoping a positive replay from all technical leads
  thanks in advance
  ankith

  Hi,
  "is there any permanent solution to override pxe aborted ,even systems are known to SCCM ,we are in sccm 2012 infrastructure"
  I think there is not a permanent solution.  
  It could help if you first run the configuration manager report to locate a particular MAC address.
  Best Regards,
  Joyce
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Creating access policy using OIM 11g APIs

  Is there a way to create an access policy using API? I see that there is AccessPolicyService but it only supports evalutePoliciesForUser. I need a way to add and modify policies.
  I'm using OIM 11.1.1.5
  Edited by: DJ on May 21, 2012 11:53 AM

  FYI, I hope the following links might be helpful, if you did not come across them before:
  OIM API for Create Access Policy:
  http://otndnld.oracle.co.jp/document/products/id_mgmt/idm_904/doc_cd/javadocs/operations/Thor/API/Operations/tcAccessPolicyOperationsIntf.html
  Example Code for OIM API Creation of Access Policy
  http://learnidm.blogspot.co.uk/2011_08_01_archive.html
  Thanks,
  Krish.

• Cisco Aironet 1240 AG Access Point - configure Mac Address using Telnet

  Hi there,
  I’ve got a problem hopefully someone can help me with. I have the above mentioned AP and it is configured, working well and providing wireless access to several laptops on our domain.
  The thing is I can’t get access to the web-based interface to add new laptops Mac addresses to the AP as I currently have them secured with local list Mac address authentication but my user name and password when entered in the web browser login dialog box won’t allow me in although strangely it does allow me to login using the same credentials when I telnet into the AP.
  Does anyone know why I can’t get logged in using the web interface even though the user name and password does appear to be correct as I can telnet in? Also if you have any suggestions how I could sort this without having to perform the password recovery procedure, as I don’t want all the config on the AP wiped and want to avoid having the set the whole thing up again.
  As I workaround if anyone knows what the commands are to allow me to add the Mac addresses of the new laptops so they are added to the local list Mac address authentication list so the new laptops are secured that would be great.
  Thanks in anticipation,
  Tony

  Your AP is probably configured to use the enable secret as the password. Try entering nothing for the username, and enter your enable secret for the password ('Cisco' by default).
  If that doesn't work, post your running-config and we'll be able to see why it's doing that. It's a standard configuration, and no worries because wiping the AP won't be necessary since you can successfully Telnet in.
  Jeff

• Filter access points by MAC address

  I've got a constant problem with ad-hoc networks (set up accidentally by various users around me--I am a faculty in residence living on a college campus) with the same SSID as the (unsecured) network that I am trying to connect to with my PB G4 running 10.4.3. When the signal strength from the ad-hoc is stronger than from the real access point, only the ad-hoc shows up in my Airport drop down menu (i.e., all the entries are listed as "Computer to computer"). I can connect to the access point via iStumbler, but it's a nuisance to do that every time and anyway my PB keeps on dropping that connection in favor of the stronger signal of the ad-hoc.
  I'd like to be able to do one or more of the following:
  (1) Prohibit my PB from connecting to ad-hoc networks even if they happen to have the same SSID as my preferred network. (And, no, none of the options in the Network control panel seem to help.) I would have no problem with completely forbidding my PB from connecting to ad-hoc networks as I have no need for such connections for my PB.
  (2) Employ a whitelist of MAC addresses that I want to allow my PB to connect to. (A blacklist is not as useful, since the MAC address of the ad-hoc keeps on changing. But I suppose I could run some script in the background that logs the ad-hocs current MAC address and feeds it into the blacklist.)
  (3) Find out the machine name (which is typically a student's name) or other identifying info of the machine that is originating the ad-hoc network, so I can talk to the person who is originating the network (it violates campus policy, and is a nuisance to a lot of people). I tried locating the network source with a directional antenna, but failed. (We've got a high density here, and I thought I talked to all the folks around where the signal seemed strongest.)
  Thanks for any suggestions!
  Alex Pruss

  Chances are, there is no bug.
  You likely have the Default Rule in Timed Access set to Unlimited. So, any device that provides the password will be allowed to connect at all times.
  If you do not want a device to be able to connect by simply entering the password, you must first change the Default Rule to No Access. Then, a device will only be allowed to connect if your have an entry using the MAC address of the device and the time period specified that it will be allowed to connect.

• Access Connection - Prefer MAC address problem

  Hey
  My specifications:
  Windows Vista
  Access Connection v5.31
  After updating access connection I'm not able to prefer MAC addresses for my profiles anymore.
  Edit profile> Wireless settings> Advanced configuration (settings)>
  Preferred access point MAC address.-
  This box is grayed out and you're not able to write in the box anymore.
  Am I doing something wrong or is this feature just disabled for this version?
  Also I remember having seen an old version being able to prefer 5 MAC addresses for one profile
  Thank you!
  / jerian

  Welcome to the Apple discussions.
  Is the mac address you're using the one you see when you click on the blue apple, about this mac, more info, network, and scroll down to the mac address? Is it possible there's a mixup between the letter O and zero when entering the mac address?

• How do I set timed access for specific mac addresses?

  My daughter tends to stay up late on social media long after we've asked her to go to bed, so I'd like to use the AirPort Utility to just shut off her internet access during set hours. It looks fairly straightforward to set up, however, I don't know how to find her MAC address for her iPod. Can anyone enlighten me?

  iPods, IPhones, and iPads do not have a MAC Address.
  On the iPod home screen, tap Settings
  Scroll down and tap General
  Tap About
  Scroll down to locate the Wi-Fi Address
  Use the WiFi Address of an iPod, iPhone, or iPad in place of the MAC Address when you are setting up rules in Timed Access.

• Networking question; How to use MAC address to find out IP address.

  Hi there,
  I want to discover the IP address of an attached device (Netgear switch) on my network. I know it's MAC address – can I use this to get the IP address?
  Thanks in advance

  Short for Media Access Control address, a hardware address that uniquely identifies each node of a network. In IEEE 802 networks, the Data Link Control (DLC) layer of the OSI Reference Model is divided into two sublayers: the Logical Link Control (LLC) layer and the Media Access Control (MAC) layer. The MAC layer interfaces directly with the network medium. Consequently, each different type of network medium requires a different MAC layer.
  On networks that do not conform to the IEEE 802 standards but do conform to the OSI Reference Model, the node address is called the Data Link Control (DLC)
  I have a feeling you might have the term MAC Address confused
  Depending on the device you are using it may be that you can type in 192.168.1.1 and hit return key, and it will give you the Router Utility and this can give you the assigned IP Addresss to external devices, if the router is used.
  Don

• C831 uses mac address as user name

  Hi!
  I'm trying to use this guide called Cisco IOS Easy VPN Remote with 802.1x Authentication, except I don't want to use the VPN part of it, I just want to seperate the users on a wired network based on their logon credentials, and this is the only example of this i've found.
  Anyway, the router (I use a C831) seems to send the mac address of the client as both username and password during the authentication instead of the credentials that is typed in in Windows.
  The Freeradius log looks like this (I have also tried ACS 4.0):
  rad_recv: Access-Request packet from host 10.10.118.1:1645, id=18, length=90
  User-Name = "001422dc7ca0"
  User-Password = "001422dc7ca0"
  Called-Station-Id = "0014.a863.1e32"
  Calling-Station-Id = "0014.22dc.7ca0"
  NAS-IP-Address = 10.10.118.1
  This of course causes me not to be able to use any user name I want to, and thus rendering such things useless.
  Anyone know what could be causing this?
  I'm attaching my C831 config.
  And btw, as you will see from the config, I have stated that the radius connection shall be done on port 1812, yet it say port 1645 in the Freeradius log.. strange.

  I have configured a cisco aironet 1100 for MAC authentication to a freeradius server and I am seeing the requests come in in the radius logs with username/password as macaddress/macaddress. Similar to the issue posted here. The Orinico AP2000 aps work as expected sending macaddress/sharedkey. I'm beating my head off the wall trying to figure out how to get the aironet 1100 to send macaddress/sharedkey as well. Anyone?

• Use TCP, UDP, or other to communicate with UUT using MAC address instead of IP address

  I want to verify that the Ethernet port on my UUT works. 
  My plan was to ping the UUT and verify that I got a response.  However, the UUTs will come to test with an IP that I cannot use on the network.  [Please don't ask me to explain why -- the IT group has their rules, and rules are rules after all . . . ] 
  I can query the UUT (via the serial port) for it's MAC address.  But I cannot find any LabView VIs, or DOS executables which use the MAC address as a parameter to invoke a response from the device.
  Does anybody have an idea of how I can verify the UUT Ethernet port without having to divorce myself from the company network and set up my own private network?  [Oh and by the way, before somebody suggests it, the IT group won't let me put a 2nd network card in my PC -- rules are rules after all . . . .]

  I wouldn't worry too much about the address shown in the Remote Management tab.  The ARDAgent process, which is what is listening on his computer for connections from Remote Desktop, binds to all active network interfaces and ultimately that's all that matters. Of out curiosity though, to what IP address does the "unknown-b8-8d-##-##-##-##.home" dns name resolve?  Is it the WAN address?  I can't imagine it resolves to a private address like a 192.168.
  In any event, let's focus back on the network structure. Does the BT router have both a hard wired LAN ethernet port as well as a WiFi radio for LAN connections?  My guess is yes. I am also assuming that he does *not* have another router attached to the BT LAN ethernet port like an Airport basestation that is serving the WiFi connections.  Typically, the LAN ethernet port is given, via DHCP, a real Internet accessible address but the addresses served via DHCP for wireless clients are private network addresses only.  It's seems unlikely to me that the router is automatically forwarding incoming connections to a private network address on the WiFi network.  But if he plugs his Mac in to the ethenert LAN port on the BT router then you should be able to connect directly to the address given to it via DHCP because it *should* be a real Internet accessible address.

• Using .mac address for iTunes purchases

  Hello,
  I am really wanting to use my .mac email address (and Apple ID) for iTunes purchases. I just recently switched completely over from a Windows PC and purchased a new iMac (Woo-Hoo!). To go with the new iMac, I purchased a .mac account right before it changed to mobileMe. I will be using this .mac address a lot over the next several months, and wanted to consolidate all of my usernames, logins, Apple ID's, etc., into the one .mac address and username.
  If I understand correctly, I can't transfer stuff that I've purchase on my old Apple ID to my .mac - which is a bit inconvenient, but not too bad since I only purchased a few songs. I plan on purchasing a lot more iTunes stuff now that I have the iMac.
  My main concern is, what happens if I decide not to renew my .mac account a year or two from now, and all my purchased music is under that Apple ID? I'm a bit afraid of this because who knows if I'll still need .mac a couple years down the road. I still want to be able play the music I bought and paid for.
  Sorry to ramble, but all this ID, and login, and username stuff is a bit confusing for a longtime PC user like myself. But I'm learning quick.
  Thanks,
  RJ

  R72Sully wrote:
  My main concern is, what happens if I decide not to renew my .mac account a year or two from now, and all my purchased music is under that Apple ID? I'm a bit afraid of this because who knows if I'll still need .mac a couple years down the road. I still want to be able play the music I bought and paid for.
  Hi RJ.
  First of all... Congratulations on your new toy! They are great!
  Okay,
  If you don't keep your account active at any point from here on out, you will lose your ability to use the @mac address and would subsequently have to use the @me name instead. As you know, it is no longer dotmac, but MobileMe.
  If you want to be able to play the music you've purchased you can still have an iTunes account, but you would need to change your account info to reflect your current information. Oh and as always, back up, back up, back up
  I know it can be confusing for us just starting out. But don't worry! Before you know it you'll be amazed at how simple and straightforward most of it is. And FUN!
  All The Best-
  mwn

• MDT Database - Auto Computer Name Using MAC Address

  I am trying to build a MDT server which will auto name any computer by using the MAC Address of the Network Card, I have read lots of articles and there isn't a definitive answer but I am looking for a simple answer which will work. I have tried all sorts
  of things customising the Customsettings.ini and the unattend.ini and the database.
  These are the settings I am looking at .
  Can anyone please advise me how to get MDT to query the database and output the computer name using one of these variables.
  %OSDComputername%
  %Computername%
  Can you please help.

  Hi Walkermescc,
  Since it is related to SQL database, our help might be limited. I suggest you refer to this article and it might be helpful.
  http://blogs.technet.com/b/deploymentguys/archive/2011/08/05/dynamic-computer-naming-in-zti-deployments-using-mdt-and-configmgr.aspx
  If you need more support about MDT and Database, you could post your issue to the MDT forum and there might be more suggestion for you. 
  MDT server forum:
  https://social.technet.microsoft.com/Forums/en-US/home?forum=mdt
  Regards

• Using NAR to restrict access by MAC address

  Hello All,
  We have a solution where home users connect via ATM onto our network. Currenty their radius requests are passed onto Cisco ACS 3.3 and they are authenticated using RSA SecurID Fobs to an ACE server.
  I am trying to look at an alternative to using a SecurID fob and restrict the end user's access based on MAC address.
  I found this on the online documentation for ACS 3.3
  "About Non-IP-based NAR Filters
  A non-IP-based NAR filter (that is, a DNIS/CLI-based NAR filter) is a list of permitted or denied "calling"/"point of access" locations that you can use in restricting a AAA client. However, by entering an IP address in place of the CLI you can use the non-IP-based filter even when the AAA client does not use a Cisco IOS release that supports CLI or DNIS. In another exception to entering a CLI, you can enter a MAC address to permit or deny; for example, when you are using a Cisco Aironet AAA client. The format of what you specify in the CLI box—CLI, IP address, or MAC address—must match the format of what you receive from your AAA client. You can determine this format from your RADIUS Accounting Log."
  If I specify a clients MAC in any of the non IP NAR options (CLI, Port, DNIS)access is refused. I am using radius IETF and the only time I can see the MAC in the radius accounting logs is when I turn on the option to log cisco-av-pair. Nothing is being logged under CLI or DNIS, so I don't think I can restrict access based on MAC using a non IP NAR. Has anyone implemented what is referred to in the documentation above? Is it just applicable to cisco Aironet? Any ideas?
  Thanks.

  A NAR is a definition, which you make in Cisco Secure ACS, of additional conditions that must be met before a user can access the network. Cisco Secure ACS applies these conditions using information from attributes sent by your AAA clients. So it is not device specific.