NAC 4.6 MAC filter port configuration issue

Similar Messages

• Anti-relay filter configuration issues

  Configuration issues with the anti-relay filter in Messaging Server 4.1x.
  The following information addresses common questions about configuration issues
  with the anti-relay filter in Messaging Server 4.1x:<BR>
  <P>
  <OL>
  <LI><B>Question:</B><BR>
  What is the difference between the delivery
  and submission
  options?<BR>
  <P>
  <B>Answer:</B><BR>
  The submission option
  allows specified users to send email to any email address in the world.
  These users are typically internal users.
  <P>
  The delivery option
  allows specified users to receive email from anybody. These users
  are also typically internal users.
  <P>
  A standard filter will appear something as follows:<BR>
  <P>
  # This is the anti-relay config file written by Jay at iPlanet
  # The first section sets default conditions
  resolvehostnames:0
  useauthinfo:0
  advertiseauthinfo:1
  # This section sets domains to be delivered to by anybody
  delivery:*@my.domain.com
  # This section sets domains that can send any place
  submission:129.12.4.*
  <P>
  <P>
  <LI><B>Question:</B><BR>
  The delivery
  option works properly. However, why doesn't the
  submission option
  appear to be allowing emails from specified users to pass through?
  <P>
  <B>Answer:</B><BR>
  The problem with the submission behavior could be due to the setting of the
  the resolvehostnames
  parameter. If this parameter is turned on
  (resolvehostnames:1),
  then <I>all</I> entries in this configuration file must be fully qualified
  host names. Although wildcards will work, you cannot specify IP
  addresses with this configuration setting.
  <P>
  <P>
  <LI><B>Question:</B><BR>
  Is it possible to allow people outside of my network to connect to the server
  and send mail out?
  <P>
  <B>Answer:</B><BR>
  Yes. To allow outside users to connect to the server and send mail
  to any address, without granting the same privilege to the rest of the world,
  activate the authenticated SMTP portion of the filter via the
  useauthinfo option.
  Setting this parameter to "1" (i.e., useauthinfo:1
  ) will require a user who is not in a
  submission address and who is attempting to send email to an address not in
  the delivery range to authenticate with a user ID and password.
  </OL>
  <P>
  For additional information on the anti-relay filter, please refer to the
  Messaging Server 4.1 Administrator's Guide at<BR>
  <P>
  http://docs.iplanet.com/docs/manuals/messaging/nms41/ag/ubefiltr.htm#1073677

  Prashant:
  Are you using a UBE filter to configure domain-based anti-relayinging? We had better luck with the anti-relay plug-in. There is some info on this (for 4.15) at
  http://docs.sun.com/source/816-6044-10/ubefiltr.htm#1069973
  You have to enable the plug-in using configutil, per the above. The anti-relay plug-in is controlled by antirelay.conf. Be aware that the pattern matching rules are very limited, and not well documented. Fortunately, the source code to the plug-in is included, and you can see what it is doing. To pass the tests we had to add a hard-coded test for a "%" in the source and recompile:
  *** antirelay.c.orig Thu Oct 31 04:42:13 2002
  --- antirelay.c Thu Oct 31 04:22:07 2002
  *** 934,939 ****
  --- 934,940 ----
  * Weight must be non-zero to begin with so that matches on just "*"
  * will work.
  + if( strchr(text,'%') != NULL ) return ABORT;
  weight = TRUE;
  for ( ; *p; text++, p++) {
  if (*text == '\0' && p != '')
  Not a really elegant hack, but we didn't need a fully functional regex engine.

• Post Moved Mac Port Forwarding Issues

  Post Moved to Other BB Queries http://community.bt.com/t5/Other-BB-Queries/Mac-Port-Forwarding-issues/td-p/550779
  If you want to say thanks for a helpful answer,please click on the Ratings star on the left-hand side If the reply answers your question then please mark as ’Mark as Accepted Solution’

  Does this help...?
  http://community.bt.com/t5/Other-BB-Queries/Port-forwarding-and-Loopback-DO-work-YMMV/m-p/538328

• HT3258 I have installed Mac 10.8 having issues w/HP 2605dn printer. I have done the updates as required still have issues getting it to print on network. It prints fine on USB port, but I need it networked, what gives?

  I have installed Mac 10.8 having issues w/HP 2605dn printer. I have done the updates as required still have issues getting it to print on network. It prints fine on USB port, but I need it networked, what gives?

  Thanks for your reply, this puts my mind (what's left of it) at rest. Now to sort out the new printer broblems since installing   oldMags

• Cisco ISE & 3750 Switch MAB configuration Issue

  Hi,
  I am writting in response to MAB issue which I noticed a few days ago and I am still not able to undestand what exactly happend. First of all I would like to say that I configured MAB authentication and according to the MAC the ISE configure a VLAN. All worked well: the test computer can change VLAN based on its MAC. The problem appear when I cut the connection to ISE server. Accourding to configuration the switch authorize the new device to VLAN 11 (critical VLAN) That is fine ! When the ISE server is up again I had a configuration which should reauthorize all ports assign in critical VLAN. But why that is not happend ??? It looks as the switch didn't notice that the RADIUS (ISE) was up and working again.
  Here is the test switch configuration :
  interface FastEthernet0/22
  switchport access vlan 10
  switchport mode access
  authentication event fail action next-method
  authentication event server dead action authorize vlan 11
  authentication event server alive action reinitialize
  authentication order mab dot1x
  authentication priority mab dot1x
  authentication port-control auto
  authentication periodic
  authentication violation restrict
  mab     
  dot1x pae authenticator
  spanning-tree portfast
  spanning-tree bpduguard enable
  snmp-server community ISE-Test RO
  snmp-server community ISE-Test1 RW
  snmp-server trap-source FastEthernet0/24
  radius-server attribute 6 on-for-login-auth
  radius-server attribute 8 include-in-access-req
  radius-server attribute 25 access-request include
  radius-server dead-criteria time 5 tries 3
  radius-server host 192.168.98.10 auth-port 1812 acct-port 1813 key cisco123
  radius-server vsa send accounting
  radius-server vsa send authentication
  Thank you in advanced! I hope that this issue might be intersting!
  Martin

  Can you confirm that you have the following syntax in your NAD:
  aaa server radius dynamic-author
  client 192.168.98.10 server-key AAA_Secret
  Also, it would be nice to have the complete aaa/radius config. If esear post your whole config here.
  Last but not the elast, you can try moving to 15.x code. I had issues in the past with 12.x code and 802.1x

• 802.1x peap mschap v2 with MAC Filter + IP Address Permanent

  Hi my name is Ivan, i have an issue
  I have one cisco wlc 5508 with  ios 7.4.100 with a ssid is working with 802.1x peap mschap v2 with mac filter, and I need configure in the web page of the WLC Security > Mac Filter, a MAC and one IP Address permanent to the users.
  I have a service dhcp into the wlc to this profile.
  This configuration works fine for 3 or 4 days. At the  fifth day , my users renew the ip address, and they can not surfing to internet, because in my firewall i have a policy to the users with exactly ip address, for example.
  MAC Filter - IP Address A - UserA
  My policy say:
  PolicyUserA - Internet
  Please, i can establish an filter mac associate to one ip address permanent to one user, when service dhcp in the cisco wlc is active?
  I possible to do it?.
  How can i do it?

  Hi Ivan,
  You can not map the mac-ip address pairs on the WLC DHCP.
  The WLC has a limited DHCP server functionalities. You better to use an external DHCP server with full functionalities and then you can configure the DHCP server to provide the same IP address everytime to each client in your network.
  HTH
  Amjad
  Rating useful replies is more useful than saying "Thank you"

• Wireless Guest Network, iPADS and MAC Filteing

  Hello, I have a question regarding our wireless guest network and using iPADs
  Our wireless network consist of (3) 5508 WLC’s running 6.0.188. 2 internal WLC and 1 external anchor WLC for guest.  Presently we are only using one of the internal controllers for users the second is only used for fail over.  The anchor controller is set up as the DHCP server for guest. We also have a Cisco NAC Guest Server in the DMZ for guest authentication.
  We have (10) iPads that need Internet access though our guest portal. We do not want these iPADs to have to enter any credentials just pass through to the internet. We do not want any other device to be able to connect to this SSID.  Here’s my question; Getting to the Internet is no problem however when I try to set up a MAC filter just for these devices, they never receive an IP address and never get connected.  I have tried setting the filter on both the internal controller and the anchor controller identically and in about every combination I can think of.  Does anyone know how to set up a MAC filter on a guest network configured as per Cisco’s recommendation?  I also plan to use WPA2 and 802.1x once I get the MAC filter to work.  Any help would be appreciated.
  Thank You
  John

  Not all layer 2 and layer 3 security mechanisms are compatible. Refer to this doc
  http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080987b7c.shtml#matrix
  What security settings have you configured. The settings also need to be identical on both the internal and anchor controller.

• Mac Mini Internet Connection Issues

  In recent weeks the success of my Mac Mini being able to access the Internet and my home network is abissmal.
  I have intermittant forced access at best, I have power cycled my router and modem from Time Warner. I have tested both WIFI and Eithernet to no avail
  When I use the diagnostics it shows it is not connected, then it will repair connect and when I switch a page in my browser or go to use Skype, BOOM lost connection.  This is occuring on both WI FI and Ethernet.
  I have read in MAC Forums and on Google that other's have had similar issue.
  Info I can add
  LinkSys Wireless G router
  Also have a WII console an iPhone and Android phone and MacBookPro sharing this connection.
  It is nly in the last few weeks it has presented any troubles. I have done a spyware/malware virus check bought MacKeeper cleaned up all files. Short fo taking it in for service (I have only had it since early December)
  Is in a router DNS issue, a MAC Mini Issue, a network issue. I am thinking I should have saved more cash and got an iMac.
  Thanks

  Have you tried changing channels on your Router?
  Open Keychain Access in Utilities, use Keychain First Aid under the Keychain Menu item, then either check the Password under that item, change it, or delete it and start over.
  Make a New Location, Using network locations in Mac OS X ...
  http://support.apple.com/kb/HT2712
  http://docs.info.apple.com/article.html?artnum=106653
  The Interface that connects to the Internet, needs to be drug to the top of System Preferences>Network>Show:>Network Port Configurations and checked ON.
  10.5.x/10.6.x/10.7.x instructions...
  System Preferences>Network, click on the little gear at the bottom next to the + & - icons, (unlock lock first if locked), choose Set Service Order.
  The interface that connects to the Internet should be dragged to the top of the list.
  Try putting these numbers in Network>TCP/IP>DNS Servers, for the Interface you connect with...
  208.67.222.222
  208.67.220.220
  Then Apply. For 10.5/10.6 Network, highlight Interface>Advanced button>DNS tab>little + icon.
  Might add the IP of your Router to DNS also.

• Can't use MAC Filter and have Blinking Red Link Light on WRE54G

  I just added a WRE54G V3 extender to my WRT54G V8,  I have download the most recent firmware on both products.  My network in using WPA and after fixing all the typo associated with setting all that up I still could not establish wireless connectivity.  I am/was using MAC Filters on the WRT54G and had added and triple checked the WRE54Gs Mac address,, but until I disabled the Mac Filter I could not connect to the network.  I would like to get that issue resolved.  Secondly even with the MAC Filter disabled the Link Light blinks red at a regular interval.  It does appear that I have connectivity, but the light just blinks away.  If this is normal I could not find any reference is the written materal.  Thanks for any advice you might have.
  Message Edited by ecanon on 04-16-2008 01:31 PM

  Sorry to appear toltake so long to get back to this, but I did post a message in reply somewhere ????, but it doesnt appear here??? and then I got tied up on some personal stuff.
  Anyway, I followed all the advice I could find on this thread (thanks to everyone who has posted to any question on this thread) and after starting completely over reseting everything and basically configuring the RE with everything else turned off and then powering up everything starting with the router, I got everything up and running using WAP and all.
  The only issue left is when I enable MAC filtering on the router to allow only the MAC addresses in the list access to the network the RE goes belly up.  Disable Mac filtering and it comes right back up.  I have triple checked the Mac address I entered on the list.  The only reference to the RE's MAC address is on the sticker on the back.  I can't find that verified anywhere in the configuration screens on the RE.
  If I could get his working I could count my security as good as it gets and go on about my business.
  Thanks again to all for helping me get this far.

• NAC guest server and guest proxy filtering issue.

  Hi all
  Continuing our issues log for the NAC guest server install, our toplogy and issue is as follows:
  We have a guest NAC server and a 4404 anchor controller successfully deployed in the DMZ, the anchor WLC has a mobilty anchor which is a WISM on the corporate network, DHCP services for guest clients are issued with no problems from the WLC in the DMZ. The first port of the DMZ controller is located on the DMZ and the second port directly connects to the firewall interface.
  All works correctly, DNS, DHCP, NTP, SNMP etc all work fine through the firewall.
  What options do I have to filter Internet access in this scenario, we have Websense and Nokia firewalls, don't think I can use WCCP as I have nowhere to place it, the second connection on the WLC is directly connected to the firewal so nowhere to intercept the traffic, our security team has tried some tricks on the Nokia to try to redirect the traffic on the firewall using a type of redirect, WPAD, I can't see as an option. Any ideas. If I place the second interface into the DMZ, could I use WCCP that way maybe, but won't traffic still have to go to the firewall??
  options please ??

  Well you will need to use a 3rd party certificate..  Here is a link to generate and install a 3rd party certificate on the WLC for the use with Web-Auth:
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml
  Here is a link for the NGS:
  http://tools.cisco.com/search/display?url=http%3A%2F%2Fwww.cisco.com%2Fen%2FUS%2Fdocs%2Fsecurity%2Fnac%2Fappliance%2Fconfiguration_guide%2F410%2Fcas%2Fcas41ug.pdf&pos=1&strqueryid=2&websessionid=RK88fQNWy8TCDUakpNGLOqZ
  The applicances are using a self generated Cisco certificate which of course is not a trusted certificate store in most of all operating systems.  So using a 3rd party certificate like RapidSSL, Verisign, etc will eliminate the certificate issue.

• Port Forwarding To Two Macs with Port 22 limitations

  This is another port forwarding/port 22 issue and I've look around and not seen an answer to my specific problem.  I work for a business that has an in-house ad system that runs on a Mac Mini.  I have been accessing that Mac Mini remotely because we set up port forwarding through the Linksys rounter that is at the business using port 22.  This is the only port that works for this connection to the mini and the software.
  We are now adding a second Mac Mini to send the ads to a different set of monitors.  I can't set up port forward to the new mini on the same port so I don't know how to connect to this mini remotely.  Is there a way to get into the first mini through port 22 and then somehow communite to the second one through the first?  Is there another way to do port forwarding...or have the linksys router switch from one mini to the other when a request comes in?  There will only be one remote computer trying to reach either Mac Mini so there will never be simultaneous traffic coming in.  Any help would be appreciated!
  The linksys router is critical to the business becasue a host of other devices are forwarded though it as well.
  Thank you.

  klara wrote:
  Having set up my IP camera with HH4 successfully, I've now got another one and would like to set it up as well. I gave it a unique, static IP address which my router can see fine. When I try to set up port forwarding, I get a message saying:
  "The game or application you’ve selected conflicts with an application (IP Cam 1) you’ve already assigned to another device. Please remove the other application or select the same device."
  I am not being given the option to select the same device.
  I'm now wondering if port forwarding to two identical devices actually works in principle with HH4? Has anyone else done this?
  If in the Home Hub 4 A you go to
  Advanced Settings
  Firewall
  Port Fowarding
  Manage Games and Applications 
  You get the following statement:
  "Each game or application can be assigned to only one device on your home network"
  I would think that the only way round your problem is to have each Camera running a different application or the same application with a different name.  
  Does the remote browser app need to know the application name  or just the device name ?
  If you think about how Port Forwarding needs to function you need a way whereby  the remote user needs to be able to tell the Hub what Camera to talk to.  

• Problem with connetction to wrt54g2 via wireless connection with WPA/WPA2 & wireless MAC filter

  Hello,
  I'm Alexey from Novosibirsk, Russia.
  I have a problem with connection to wrt54g2 from my DELL D630 notebook via wireless connection. When I setup WPA/WPA2 in wireless security and wireless MAC filter I can't connect from notebook to WRT - in Windows I see that dynamic IP address from WRT is not assigned. When I switch off security mode to disable always OK, but I need a wireless security between DELL and WRT.
  Connection via cable Ethernet port is OK.
  Can You help me?

  Have you tried the different laptop...?
  Download 1.71 MB the firmware for WRT54G2 v1 and reflash the router's firmware.After reflashing/upgrading the router's firmware,reset the router for 30 seconds and reconfigure the router from scratch. 

• Configuration issue on 1231G AP

  Hi,
  I configured one vlan and trying to authenticate it through radius server.My objective is when a internal users want to connect through this SSID they just put username and password and authenticate through Radius server. Another vlan is getting authenticated through mac address that i need to manually put in AP.
  Can any one please tell me where i ma making mistake.
  Thanks
  Saurabh

  Hi Surabh,
  bridge irb
  You need to create  dot11 ssid
  vlan x
  vlan y
  then  under interface radio 0/1 create subinterfaces
  create encapsulation
  bridge group command
  similarly create on  gi 0  sub interfaces
  create encapsulation
  bridge group command
  Bridge route ip
  interface bvi ip address
  ip default gateway
  connect AP to switch port  configured as trunk
  check  your aaa commands
  radius server  shared secret  command is required
  https://supportforums.cisco.com/docs/DOC-14496
  check this document  link
  and that should help you
  -Srini

• Deleted CDMA USB Modem from Port Configurations... Can't get it back!

  A while back, I was trying out a wireless USB CDMA modem. I didn't really like it and was mainly just using it for testing purposes, and after I was done with it I deleted the port configuration out of my Network Config, thinking A) I'd never need it again and B) It would repopulate or at least be able to be recreated if I wanted to use it again.
  Well, this weekend I'm out of town in an area where I don't have an internet connection regularly and need the ability to connect without relying on WIFI. So I reactivated the USB modem and went on my way. As soon as I put the card in, though, nothing happens. Normally the card would automatically detect and even open up its own connection software in the title bar. This time, nothing. So I boot into Windows and test it out there: works fine. Detects, connects, loads webpages, everything. So it's not the card.
  I go back into OS X and see if there's anyway to manually add it. I check in System Profiler, and sure enough, under USB the card is recognized. Not in modems, though, but I can't remember if it populated there before. Anyway, I go into Network Config, try to add a port, but the only things available are the typical Ethernet, Airport, Bluetooth, etc. No USB, no CDMA modem, nothing I need.
  So what I'm thinking is, when I deleted the old CDMA modem setting in Network Port Configs, its pretty much permanently deleted it. My question is, is there any way for me to manually get it back? I really could use the benefit of this card at the moment.
  Thanks for any help,
  Bryan

  I had not heard of that brand. Out here we get a lot of stuff from China and Korea.
  After I wrote that last night, I had a closer look at my settings and the CDMA modem I have is shown in the Network Configurations panel -- yours is not, you say.
  Sorry, if I was not clear about the point concerning Bluetooth. That panel provides a list of ALL modem drivers, so I was suggesting that you had a look in there, in case there might be a suitable modem driver you could use.
  I had two of these modems (one was stolen) the first used that Null modem driver while the other used a Huawei driver that I had to work hard to make the local company find.
  I just looked at the Franklin Support pages and as you say, they do not appear to have a driver listed for Macs, only the user guide.
  As a late thought, and not wishing to sound funny at all: have you tried the other USB port? With one of the CDMA modems I had it would work perfectly in one port but in the other the computer never recognised it.
  Message was edited by: Graham K. Rogers

• WRT160N wireless MAC Filter settings reset on their own

  I recently purchased and setup a WRT160N router.  Having no real problems with router - it works fine with exception of the MAC filter settings.  I most often access the router config from an XP machine (used to initially setup the router) which is wired, as well as from a VISTA notebook that is wireless.  I am noticing that when I check the MAC filter settings, the previous setup is missing - meaning that all MAC addresses are gone, and the filtering option is removed.
  I have set this up numerous times, and VERIFIED that I click on save at the bottom of the page, verify I have enable checked, etc.  I am wondering if there is something I'm missing - the settings don't appear to "stay" - the filtering option simply disappears and returns to disabled.  I may answer my own question here (or point myself in the right direction), but is there a dependancy on some other setting that is causing my filter to "disappear" on me?

  Have you tried to reset your Router and Re-configure all the settings back on your Router? If not then Reset your Router and re-configure all the settings. If still doesn't work, then you need to upgrade the firmware of your Router. Download the latest firmware for your Router from the Linksys website, Go to http://www.linksysbycisco.com/US/en/support/wrt160n/downloads and select the proper version number of your Router and download and save the firmware on your computer.
  Login to the Routers GUI and click on the Administration tab and below click on the sub tab "Firmware Upgrade" and click on the browse button and select the firmware file and click on upgrade...Once the firmware upgrade is successful... Then you need to Press and hold the reset button for 30 seconds...Release the reset button...Unplug the power cable from your router, wait for 30 seconds and re-connect the power cable...Now re-configure your router...