Permit mac-address only port 80 on access-point 1240
Hi,
how can I permit forward an mac-address which connect at access-point only
surf in Internet ?
Does anyone advice me an a configurations or document about ?
Best regards
Lorenzo
hiiiii...
permit
Similar Messages
-
Using printer's ethernet port as an access point
Hi there,
I have an HP LaserJet Pro 200 color MFP M276nw wirelessly connected to my network. I also have an HP LaserJet 5P, which was connected to my network / wireless router via an ethernet cable using a D-Link DP-301P+ print server. Don't judge...I love that old dinosaur and I use it exclusively for all black and white printing, and it has an envelope feeder. I moved and it's no longer possible for me to have my router in the same room as my printers.
Is it possible to use the HP LaserJet Pro 200 color MFP M276nw's ethernet port as an access point for the HP LaserJet 5P using the Link DP-301P+?
Thank you in advance for your help.Hi,
Sounds very interesting, 3:30AM now (I'm watching FIFA games), I will talk with my Networks guys when they come to work and update later.
Regards.
Updated: Talking with the Network guy, he said this may noy work and his recommendation: use LAN over power.
BH
**Click the KUDOS thumb up on the left to say 'Thanks'**
Make it easier for other people to find solutions by marking a Reply 'Accept as Solution' if it solves your problem. -
Hi
I search a tools to detect on witch switch and on witch port are connected a client by his mac address ( in a cluster switch environement as well on standalone switch)
I must rebuild my patch pannel diagramm and detect free port and free outlet in our sites)
thanksI think there is a tool called Location manager to track to which port a device is connected to.But I have seen this used in wireless environment.Not sure about its usage in locating client.But I think this can also be used to locate client pc.
-
Using a mac's wireless card as an access point and hiding the SSID
Is it possible to create a wireless network on a mac that my iphone and laptop can connect to, and hide the ssid for the network and add wep protection? I really need to know how to do this.
Welcome to Apple's discussion forums!
Hiding the SSID doesn't necessarily make your network any more secure, especially if you're only using WEP. From what I understand, the SSID is broadcasted every time a computer makes a connection anyway, so hiding it really doesn't accomplish anything that can't be outsmarted by some simple SSID interception software. You really need to be using WPA2 or at least WPA in order to get a reasonable level of security.
Your Mac can only host with WEP-based security. That's acceptable for small file transfers between Macs on a temporary basis, but if you want to have a home network with some real security, you either need to buy a wireless router with WPA2 or use Ethernet. Ethernet is preferable. -
Will SFP Switch Port Power an Access Point?
I want to hook a Wireless 1142 N Access Point up to our Cisco 3560 Powered Switch on one of the gig SFP ports.
1) Are the SFP Ports powered just like the standard ports?
2) If I connect a 1000Base-T Ethernet Gbic into the SFP Slot, will it transmit the power from the switch to the Access Point to power the AP?Unfortunately a SFP port is an un-powered port.
-
Access Point 1240 Support for BBSM5.3
Hello,
I have 3 ap 1240 for install with bbsm 5.3, but when I add the access-point to the bbsm , the bbsm does not recognise has a valid access-point.
Does any one know in what version of bbsm is supported ap1240.
ThanksHello there,
I have a customer who has a BBSM 5.3A which is running the latest patch (5332) and it cannot discover 1242 series AP's as valid network elements. They get the following:
2009/01/07 12:01:53 Pinging X.X.X.X...
2009/01/07 12:01:53 X.X.X.X is ACTIVE
2009/01/07 12:02:18 X.X.X.X: not a Network Element or SNMP password is not ******
2009/01/07 12:02:18
2009/01/07 12:02:18 Pinging X.X.X.X...
2009/01/07 12:02:23 X.X.X.X: no response
2009/01/07 12:02:23
2009/01/07 12:02:23 Pinging X.X.X.X...
2009/01/07 12:02:23 X.X.X.X is ACTIVE
2009/01/07 12:02:47 X.X.X.X: not a Network Element or SNMP password is not ******
2009/01/07 12:02:47
2009/01/07 12:02:47 Pinging X.X.X.X...
2009/01/07 12:02:47 X.X.X.X is ACTIVE
2009/01/07 12:03:12 X.X.X.X: not a Network Element or SNMP password is not ******
2009/01/07 12:03:12
2009/01/07 12:03:12 Pinging X.X.X.X...
2009/01/07 12:03:12 X.X.X.X is ACTIVE
2009/01/07 12:03:37 X.X.X.X: not a Network Element or SNMP password is not ******
They have assured me that the SNMP info is correct as they have checked it several times but the BBSM still doesn't recognise the 1242's. I know that the document link above specifies that 1200's are supported but don't Cisco class the old 1200's, 1230's and 1242's as different? Also, the BBSM didn't recognise some of their 2960-24 switches as valid network elements either but they selected the object type themselves from the list.
Thanks in advance.
Leigh -
i have 1240 access point with radio interface 802.11A/G up ...but i'm getting error while creating vlan that i can't creat it because the radio is not installed ...
can some one support me if he face same issue pleaseCan you please post the output to the following commands:
1. sh version; and
2. sh ip interface brief -
Repeater Access Point 1240 works like WGB client
Hello, i have a problem. In my Network i have 5 Access Point. 4 Aironet 350 and 1 Aironet 1242. IOS for aironet 350 is12.2(13)JA1, E .
Ios for Aironet 1242 is 12.4(10b)JDA3.
Then .. I have an Access Point 350 configured as Access Point/root while all the other Access Point are configured as Repeater/non root.
My problem is that the Cisco Aironet 1242 is the last Access point in the chain, but not work fine.
all the Wifi client connected to Aironet 1242 not access to wired LAN.
I not ping all the Wifi client connected to Aironet 1242.
p.s.
My Aironet 1242 is seen in the association table of the its parent Access point like WGB_CLIENT.
any suggestionHi,
here is the link which mat help you!!
http://www.cisco.com/en/US/products/hw/wireless/ps430/products_configuration_example09186a00805b9b87.shtml
Regards
Surendra -
How to configure IP Address filter in Controller based Access Points ?
Dear Team,
Configuration:
i have 5508 series controller and joined the two Thin APs to the controller. WLAN controller is connected to PC where Multicast receiver is running for two Multicast IP addresses (IP1: 230.1.1.1, IP2: 230.1.1.2). Multicast sender is running for two IP addresses on Station.
Requirement:
When Station is associated to AP1, AP1 should block the multicast packets going to AP2 and vice versa . That is AP1 should be configured to block multicast packets going to 230.1.1.2 and AP2 should be configured to block multicast packets going to 230.1.1.1.
Thanks,
HarshaI believe you could apply ACLs and check if that helps.
For more details about configuring ACLs, please refer to the following link:
http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_0110101.html#task_AA3AFA57D51647478E0C3511137C165E
Hope that helps. -
Blocking all MAC addresses except for the ones you allow
I have a Cisco Aironet 1200 Access Point. I want to block all MAC addresses from accessing the access point, except for the ones I've allowed. First I went to the Address Filters page and clicked on Allowed, then listed all the MAC address I want to be able to access the access point. Then I went to the Ethernet Advanced page, and set the Default Multicast Address Filter to Disallowed, and the Default Unicast Address Filter to Disallowed. Then I went to the AP Radio: Internal Advanced page, clicked on the Advanced Primary SSID Setup link, and set the Default Unicast Address Filter to Disallowed. Accept Authentication Type is set to Open with Shared and Network-EAP cleared, and the Require EAP check boxes are all cleared.
When using a computer whose MAC address is not listed on the Address Filters page, I am still able to connect to the network through the access point. I am also able to connect to the access point from any pc on my network by entering its IP address in Internet Explorer.
What do I need to do to block any pc without a listed MAC address from connecting to the access point?
Thanks, JeffHere's the instructions and URL on how to create an MAC based filter:
Follow these steps to create a MAC address filter:
Step 1 Follow the link path to the Address Filters page.
Step 2 Type a destination MAC address in the New MAC Address Filter: Dest
MAC Address field. You can type the address with colons separating the character pairs
(00:40:96:12:34:56, for example) or without any intervening characters (004096123456, for example).
Note If you plan to disallow traffic to all MAC addresses except
those you specify as allowed, put your own MAC address in the list of allowed MAC
addresses. If you plan to disallow multicast traffic, add the broadcast MAC address
(ffffffffffff) to the list of allowed addresses.
Step 3 Click Allowed to pass traffic to the MAC address or click Disallowed
to discard traffic to the MAC address.
Step 4 Click Add. The MAC address appears in the Existing MAC Address
Filters list. To remove the MAC address from the list, select it and click Remove.
Step 5 Click OK. You return automatically to the Setup page.
Step 6 Click Advanced in the AP Radio row of the Network Ports section at
the bottom of the Setup page for the radio you want to configure. The AP Radio Advanced page appears. -
Understanding Wireless Mac Address
Hi,
I would like to know te range of mac address used for only Cisco Wireless, and I would appreciate to know how the ap and the controler assign the virtual mac address they use and how to get them from the WLC gui.
WLC - 4400
AP - Air1131
ThanksAs you add SSIDs (Service Set Identification(s)) to an access point each BSSID (Basic Service Set Identifier) receives a virtual mac address. This allows for wireless network segmentation as well as for wireless clients to communicate via LAYER 2 with each access point BSSID.
A Cisco access point takes the base radio mac address and then virtualizes the mac address as additional SSIDs are added. What is interesting is how the virtual MAC addresses are selected. Pay very close attention to the 2.4GHz and 5 GHz radios and BSSIDs.
BASE RADIO MAC ADDRESS
You can find the base radio mac address under WIRELESS->Select Access Point
Virtualized BSSID(s)
I configured a controller with 16 SSIDs. Each SSID named as 01,02,03,04,05,06, 07,08,09,10,11,12,13,14,15 and 16. I then enabled both the 2.4 GHz and 5 GHz radios. Cisco WLC access points have a limit of 16 SSIDs on each radio.
I then fired up AirMagnet WiFi Analyzer Pro to conduct a capture.
Note: The access point base radio mac address ends in A9:10.
2.4 GHz – Notice the first SSID ‘01’ is assigned the BASE RADIO MAC ADDRESS A9:10. The second SSID is appended with a .11 and so on.
5GHz – Notice the sixteenth SSID ‘16’ is assigned the BASE RADIO MAC ADDRESS A9:10. The fifteenth SSID is appended with a .11 and so on.
NOTE: The VIRTUAL MAC ADDRESSES get reused by the access point on both the 2.4GHz and the 5GHz radios.
Virtualized BSSID Assignment
Keep in mind, the assignment or order in which the virtual mac addresses are assigned in the above example has nothing to do with the WLAN IDs that are configured in the WLC. Rather, the virtual mac addresses are assigned in order by how the SSID is assigned to the access point. -
I'm working from a boat in a harbor in which the ISP has deployed numerous access points around the periphery. All the access points share the same SSID and each is configured to use either channel 1, 6 or 11. From my location, there are over a dozen of these access points "visible" (based on the the output of WiFi Scanner) with a range of RSSI and S/N values that vary over time.
The ISP has told me that the quality of my connection should be "perfectly fine" for any access point with an RSSI value better than -75, but I know from experience that my connection quality is miserable (i.e. < 50Kbps download) for almost all of these, including those with RSSI values better than -75. There is at least one exception, however, which gives me on the order of 2Mbps download, which is "great" in this context.
I've tried using a more powerful USB antenna plugged into my MacBook Air (mid 2011), but as far as I can tell, it really doesn't make much difference. Neither does my location within the boat. The overriding factor seems to be which access point I happen to connect up to.
I should point out that the closest access points are about 75 yards away, with many of them being several hundred yards away or more. I'm guessing that even though the signal strength of some of the distant access points is causing them to get "chosen" some times, the results are unacceptable due to the distance.
I'm hoping that I can determine, through experimentation, which access point(s) provide(s) acceptable performance and then configure my Mac to limit my connection to those points through whatever mechanism I need to use (e.g. channel, MAC id, etc.).Establishing a wireless connection with a client computer is left to the access point for various reasons. One reason that your Mac may not connect to the strongest access point is that it may have reached a limit of the number of clients it can serve, leaving it unable to accept a connection with another. The limit may not be very large.
Suppose that happens, and your Mac establishes a connection with a more distant access point having a weaker signal. Then, suppose a client drops off the network. Doesn't this mean your Mac will switch to the stronger access point? Not necessarily. The throughput delivered to and from your Mac would have to drop below a threshold specified in the AP for it to drop the client, leaving your Mac free to connect with another one. The reason for this is to prevent rapid switching from one AP to another in an area in which two signals are of approximately equal quality. If that were to occur the frequent and repetitive handshaking between the two devices would slow throughput to zero.
In an environment in which several access points are broadcasting the same SSID, Apple provides no insight as to how it determines which access point to choose. This is the reason I suspect this "choice" is a function of the router, or access point. The connection originates with it, not the Mac.
Now, what would solve your dilemma would be to determine a way to control the access point with which your Mac connects, by specifying the access point's unique MAC address for example. In this happy circumstance, you could maintain an editable "whitelist" or "blacklist" of the harbor's access points and be able to choose which among them you prefer.
I do not believe OS X maintains such a record of MAC addresses though, only those of the routers it uses. If I am correct about that, such a solution is unlikely to exist. Don't let that discourage you from searching for one though... I would concentrate on something like "selecting access point by specific MAC address".
I did find this patent application though:
Roaming Network Stations Using A Mac Address Identifier To Select New Access Point
Perhaps it's a start -
Cat 2960 shows mac address port as "Drop"
Hi all
I am configuring a Cat 2960 port for connecting a VOIP phone, authenticated by MAB. On connecting the phone, I get the port authenticated and assigned to the correct VLAN, with LLDP-MED advertising the correct voice vlan. However, I then see no traffic from the phone on the switch. I can see the MAC address of the phone is learned in the right VLANs, but the mac address is showing as "Drop", which normally means the address is statically configured to be blocked. There is no static mac address table blocking configured on the switch. Can anyone suggest why this is happening?
Switch Version
Switch Ports Model SW Version SW Image
* 1 50 WS-C2960-48TC-L 15.0(1)SE3 C2960-LANBASEK9-M
Port configuration
interface FastEthernet0/1
description "Standard user port"
switchport access vlan 9
switchport mode access
network-policy 1
no logging event link-status
srr-queue bandwidth share 5 10 40 55
priority-queue out
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication timer reauthenticate server
mab eap
mls qos trust dscp
no snmp trap link-status
macro description vanilla_port
dot1x pae authenticator
dot1x timeout tx-period 3
dot1x timeout supp-timeout 3
spanning-tree portfast
end
LLDP-MED network-policy
network-policy profile 1
voice vlan 835
Authentication (debug radius) result
Jul 30 11:42:19.600: %AUTHMGR-5-START: Starting 'mab' for client (0004.f297.6668) on Interface Fa0/1 AuditSessionID 0AF0042200000063616A0592
Jul 30 11:42:19.650: %MAB-5-SUCCESS: Authentication successful for client (0004.f297.6668) on Interface Fa0/1 AuditSessionID 0AF0042200000063616A0592
Jul 30 11:42:19.650: %AUTHMGR-7-RESULT: Authentication result 'success' from 'mab' for client (0004.f297.6668) on Interface Fa0/1 AuditSessionID 0AF0042200000063616A0592
Jul 30 11:42:20.682: %AUTHMGR-5-SUCCESS: Authorization succeeded for client (0004.f297.6668) on Interface Fa0/1 AuditSessionID 0AF0042200000063616A0592
Resulting Switchport config - voice vlan is 835
CLBdg640Test-AS2960-0#show int fa0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 9 (NATIVE-DISCARD)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: 835 (VOICE)
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
LLDP neighbor info showing voice vlan 835
CLBdg640Test-AS2960-0#sh lldp neighbors fa0/1 detail
Chassis id: 0.0.0.0
Port id: 0004.f297.6668
Port Description - not advertised
System Name - not advertised
System Description - not advertised
Time remaining: 3558 seconds
System Capabilities: T
Enabled Capabilities: T
Management Addresses - not advertised
Auto Negotiation - supported, enabled
Physical media capabilities:
100base-T2(HD)
100base-TX(FD)
100base-T4
10base-T(FD)
Media Attachment Unit type - not advertised
Vlan ID: - not advertised
MED Information:
MED Codes:
(NP) Network Policy, (LI) Location Identification
(PS) Power Source Entity, (PD) Power Device
(IN) Inventory
Inventory information - not advertised
Capabilities: NP
Device type: Endpoint Class III
Network Policy(Voice): VLAN 835, tagged, Layer-2 priority: 5, DSCP: 46
PD device, Power source: PSE, Power Priority: High, Wattage: 6.5
Location - not advertised
Total entries displayed: 1
MAC address table showing "Drop" port for learned address in VLAN 835
CLBdg640Test-AS2960-0#sh mac address-table address 0004.f297.6668
Mac Address Table
Vlan Mac Address Type Ports
9 0004.f297.6668 STATIC Fa0/1
835 0004.f297.6668 DYNAMIC Drop
Total Mac Addresses for this criterion: 2Thanks for updating the problem raarons!
-
AP 2700 - 2 MAC addresses - problem with joining to the WLC
Hi,
I had a problem with joining my new AP 2700 to the controller. I've found workaround but I would like to ask you if you know if this behavior is a some kind of bug or maybe feature :)
I have DHCP server which assigns IP address base on the binding MAC address with the IP address. Without binding, IP won't be assigned so I added MAC address from the AP sticker (MAC and SN number is on the sticker at the back of each AP) to the DHCP, connected AP to the switch port which was configured exactly the same way like other ports on this switch where older AP are working fine and.... nothing. IP address was not assigned. There was no DHCP request in the DHCP server logs.
During the investigation I've found that AP present 2 MAC addresses on the switch interface:
switch#sh mac address-table interface fa1/1
Mac Address Table
Vlan Mac Address Type Ports
11 58f3.54c1.2cb3 DYNAMIC Fa1/1
11 58f3.54c1.2cb4 DYNAMIC Fa1/1
The first one (58f3.54c1.2cb3) is a "sticker" MAC address but the second one (58f3.54c1.2cb4) is something new. Looking in to the DHCP logs I've found log that this second MAC address (58f3.54c1.2cb4) tried to get IP address but it was not possible because this MAC was not binding with any IP address so DHCP server refuse. I added this second MAC (58f3.54c1.2cb4) to the DHCP server, AP get IP address, join to the WLC, download software, reboot and ... this MAC address disappear.
switch#sh mac address-table interface fa1/1
Mac Address Table
Vlan Mac Address Type Ports
11 58f3.54c1.2cb3 DYNAMIC Fa1/1
Software I had on the AP before joining to the WLC was:
Version :
Cisco IOS Software, C2700 Software (AP3G2-RCVK9W8-M), Version 15.2(4)JB5, RELEASE SOFTWARE (fc1)
now I have (after downloaded from the WLC)
Version :
Cisco IOS Software, C2700 Software (AP3G2-K9W8-M), Version 15.2(4)JB6, RELEASE SOFTWARE (fc1)
Do anyone know what happen?(WLC1) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.6.130.0
Bootloader Version............................... 1.0.20
Field Recovery Image Version..................... 7.6.95.16
Firmware Version................................. FPGA 1.7, Env 1.8, USB console 2.2
Build Type....................................... DATA + WPS
System Name...................................... WLC1
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
Redundancy Mode.................................. Disabled
IP Address....................................... 10.10.10.10
Last Reset....................................... Software reset
System Up Time................................... 25 days 2 hrs 53 mins 5 secs
System Timezone Location.........................
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180
Configured Country............................... US - United States
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +44 C
External Temperature............................. +22 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Disabled
Number of WLANs.................................. 6
Number of Active Clients......................... 25
Burned-in MAC Address............................ XX:XX:XX:XX:XX:XX
Power Supply 1................................... Present, OK
Power Supply 2................................... Present, OK
Maximum number of APs supported.................. 25
(WLC1) >show time
Time............................................. Thu Apr 9 13:51:00 2015
Timezone delta................................... 0:0
Timezone location................................
NTP Servers
NTP Polling Interval......................... 3600
Index NTP Key Index NTP Server NTP Msg Auth Status
1 0 10.10.10.11 AUTH DISABLED
It's look like AP doesn't allow for console login or commands it just only show activity. After rebooting the WLC I get information:
Cisco IOS Software, C2700 Software (AP3G2-RCVK9W8-M), Version 15.2(4)JB5, RELEASE SOFTWARE (fc1) -
User + Mac Address Authorization Policy
Hi,
Is there any option to bind a user who is authorized correctly from external identity with the mac-address of his workstation ?
The point is to give him access to the network only from a specific Workstation and denied him from any other workstation.
Thanks1. ISE 1.2 is having the role of Radius
2. Really i don't know I guess the binding should be happen before the login as i don't want the user to login from any other PC.
The key point on this scenario is a user to login on the corporate wired network only from his PC (User+MAC) and denied from any other PC.
If you want describe me both ways to understand which might fit in my case.
3. The PC has the native supplicant of Windows and authenticated through PEAP MS CHAPv2
Thanks in advance
Maybe you are looking for
-
Problem with keeping session active in WEB
Hi, We are using only web repoting and when these web reports are excuted and left idle for some time then any further operation on the report output after 10 mins give out a error and doesnt proceed further. As i understnd this has got something to
-
I have the 8500 All-in-One (a909n) printer, just purchased and received about 2 weeks ago. I have worked with the 8500 series printers for quite a few years but have never had this problem before with the margins screwing up and not printing the marg
-
Does InDesign collect fonts of placed psd files? If not, are there any 3rd party programs taat anyone knows of to do this? Thanx.
-
ID and PackageFamilyName of Windows viewer
According to this page http://blog.adrianroselli.com/2013/01/app-store-meta-tags.html it's possible to have smart banner on your website simillar to iOS https://developer.apple.com/library/ios/documentation/AppleApplications/Reference/SafariWe bConte
-
Dear All, While doing 122 in migo system is asking for goods issue indicator.What is the indicator we have to give here. Regards,