Port security and 802.1x (ISE)
Hi everyone,
I'm implemmenting ISE in a network with Port Security enabled.
According the book Cisco ISE for BYOD and Secure Unified Access Port-security is not compatible with 802.1x.
I want to know what is the affectation of to have Port-security and 802.1x enabled on the same SW Port.
Someone?
Thanks!
Hi Neno,
Thanks for the reply.. As we checked the port is going in error-disable with by phone mac address wherein phone is connected 24/7 and machine connects from phone.
Please find below logs from switch -
Oct 1 09:21:11: %AUTHMGR-5-START: Starting 'dot1x' for client (e804.62eb.b435) on Interface Gi5/30 AuditSessionID AC1232470000E906E5392F07 ======Phone MAC
Oct 1 09:21:12: %AUTHMGR-5-START: Starting 'dot1x' for client (0026.b9eb.28ec) on Interface Gi5/30 AuditSessionID AC1232470000E907E53931BF ======Laptop MAC
Oct 1 09:21:12: %AUTHMGR-5-START: Starting 'dot1x' for client (0026.b9eb.28ec) on Interface Gi5/30 AuditSessionID AC1232470000E908E539329B
Oct 1 09:21:12: %DOT1X-5-SUCCESS: Authentication successful for client (0026.b9eb.28ec) on Interface Gi5/30 AuditSessionID AC1232470000E908E539329B
Oct 1 09:21:12: %AUTHMGR-7-RESULT: Authentication result 'success' from 'dot1x' for client (0026.b9eb.28ec) on Interface Gi5/30 AuditSessionID AC1232470000E908E539329B
Oct 1 09:21:12: %EPM-6-POLICY_REQ: IP 0.0.0.0| MAC 0026.b9eb.28ec| AuditSessionID AC1232470000E908E539329B| AUTHTYPEDOT1X| EVENT APPLY
Oct 1 09:21:12: %EPM-6-IPEVENT: IP 0.0.0.0| MAC 0026.b9eb.28ec| AuditSessionID AC1232470000E908E539329B| AUTHTYPE DOT1X| EVENT IP-WAIT
Oct 1 09:21:13: %AUTHMGR-5-SECURITY_VIOLATION: Security violation on the interface GigabitEthernet5/30, new MAC address (e804.62eb.b435) is seen.AuditSessionID Unassigned
Oct 1 09:21:13: %PM-4-ERR_DISABLE: security-violation error detected on Gi5/30, putting Gi5/30 in err-disable state
Oct 1 09:21:13: %AUTHMGR-5-START: Starting 'dot1x' for client (e804.62eb.b435) on Interface Gi5/30 AuditSessionID AC1232470000E909E53935F3
Oct 1 09:21:13: %EPM-6-POLICY_REQ: IP 0.0.0.0| MAC 0026.b9eb.28ec| AuditSessionID AC1232470000E908E539329B| AUTHTYPEDOT1X| EVENT REMOVE
Oct 1 09:21:13: %PM-4-ERR_DISABLE: STANDBY:security-violation error detected on Gi5/30, putting Gi5/30 in err-disable state
Can you guide us how to fix this one
Regards
Pranav
Similar Messages
-
Is there really any true need for port-security on Nexus 1000v for vethernet ports? Can a VM be assigned a previously used vethernet port that would trigger a port-security action?
If you want to prevent admins or malicious users from being able change the mac address of a VM then port-security is a useful feature. Especially in VDI environments where users might have full admin control of the VM and can change the mac of the vnic.
Now about veths ports. A veth gets assigned to a VM and stays with that VM. A veth is only released when either the nic on the VM is deleted or the nic is assigned to another port-profile on the N1KV or a port-group on a vSwitch or VMware DVS. Now when the veth is released it does not retain any of the piror information. It's freed up and added to a pool of available veths. When a veth is needed for a VM in either the same port-profile or a different port-profile the free veth will be grabbed and initialized. It does not retain any of the previous settings.
So assigning a VM to a previsously used veth port should not trigger a violation. The MAC should get learned and traffic should be able to flow. -
Dot1x with port security and redundant radius servers
I have a strange issue with my dot1x port authentication. I have two radius servers configured in my switch for redundancy, and on my switchport I have a Cisco IP phone and a PC. Testing redundnacy with the radius servers, when I have both servers active and running, the port authentication works fine for both phone and pc. When I fail the radius servers in the configuration, by disconnecting the NIC on it, the switch goes to the surviving radius server and authenticates, (I can see it in the running log) both the phone and PC get an access-accept, but only the phone works on the network and the port light stays amber showing it's blocking for the pc. Strange, since it showed an accept on the radius server.
This only seems to happen when the first one on the list is failed. When the second one is failed, it obviously won't need to try it, so there's not an issue. Any ideas?
Here's the setup and configs:
freeradius 2.1.12-4
cisco 3560
Switch Ports Model SW Version SW Image
* 1 52 WS-C3560G-48PS 12.2(53)SE2 C3560-IPBASEK9-M
aaa new-model
aaa authentication dot1x default group radius
aaa authorization network default group radius
interface GigabitEthernet0/1
switchport access vlan 100
switchport mode access
switchport voice vlan 110
authentication event no-response action authorize vlan 901
authentication host-mode multi-domain
authentication port-control auto
authentication periodic
authentication violation protect
mab
dot1x pae authenticator
dot1x timeout quiet-period 10
dot1x timeout tx-period 1
no mdix auto
spanning-tree portfast
radius-server host 10.90.1.88 auth-port 1645 acct-port 1646 key 7 xxx
radius-server host 10.90.1.85 auth-port 1645 acct-port 1646 key 7 xxx
Here's an authentication string from the radius server:
(there are two mac address. The first one 00.13 is the PC and the second 30.37 is the phone)
rad_recv: Access-Request packet from host 10.90.100.7 port 1645, id=204, length=160
User-Name = "001372b639a6"
User-Password = "001372b639a6"
Service-Type = Call-Check
Framed-MTU = 1500
Called-Station-Id = "9C-AF-CA-23-D9-01"
Calling-Station-Id = "00-13-72-B6-39-A6"
Message-Authenticator = 0xfeef777a8033c24934306b3cce78c8f1
NAS-Port-Type = Ethernet
NAS-Port = 50001
NAS-Port-Id = "GigabitEthernet0/1"
NAS-IP-Address = 10.90.100.7
Wed Sep 18 10:48:06 2013 : Info: # Executing section authorize from file /etc/raddb/sites-enabled/default
Wed Sep 18 10:48:06 2013 : Info: +- entering group authorize {...}
Wed Sep 18 10:48:06 2013 : Info: ++[preprocess] returns ok
Wed Sep 18 10:48:06 2013 : Info: ++[chap] returns noop
Wed Sep 18 10:48:06 2013 : Info: ++[mschap] returns noop
Wed Sep 18 10:48:06 2013 : Info: ++[digest] returns noop
Wed Sep 18 10:48:06 2013 : Info: [suffix] No '@' in User-Name = "001372b639a6", looking up realm NULL
Wed Sep 18 10:48:06 2013 : Info: [suffix] No such realm "NULL"
Wed Sep 18 10:48:06 2013 : Info: ++[suffix] returns noop
Wed Sep 18 10:48:06 2013 : Info: [eap] No EAP-Message, not doing EAP
Wed Sep 18 10:48:06 2013 : Info: ++[eap] returns noop
Wed Sep 18 10:48:06 2013 : Info: [sql] expand: %{User-Name} -> 001372b639a6
Wed Sep 18 10:48:06 2013 : Info: [sql] sql_set_user escaped user --> '001372b639a6'
Wed Sep 18 10:48:06 2013 : Debug: rlm_sql (sql): Reserving sql socket id: 3
Wed Sep 18 10:48:06 2013 : Info: [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '001372b639a6' ORDER BY id
Wed Sep 18 10:48:06 2013 : Debug: rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '001372b639a6' ORDER BY id
Wed Sep 18 10:48:06 2013 : Info: [sql] User found in radcheck table
Wed Sep 18 10:48:06 2013 : Info: [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = '001372b639a6' ORDER BY id
Wed Sep 18 10:48:06 2013 : Debug: rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radreply WHERE username = '001372b639a6' ORDER BY id
Wed Sep 18 10:48:06 2013 : Info: [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = '001372b639a6' ORDER BY priority
Wed Sep 18 10:48:06 2013 : Debug: rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = '001372b639a6' ORDER BY priority
Wed Sep 18 10:48:06 2013 : Debug: rlm_sql (sql): Released sql socket id: 3
Wed Sep 18 10:48:06 2013 : Info: ++[sql] returns ok
Wed Sep 18 10:48:06 2013 : Info: ++[expiration] returns noop
Wed Sep 18 10:48:06 2013 : Info: ++[logintime] returns noop
Wed Sep 18 10:48:06 2013 : Info: ++[pap] returns updated
Wed Sep 18 10:48:06 2013 : Info: Found Auth-Type = PAP
Wed Sep 18 10:48:06 2013 : Info: # Executing group from file /etc/raddb/sites-enabled/default
Wed Sep 18 10:48:06 2013 : Info: +- entering group PAP {...}
Wed Sep 18 10:48:06 2013 : Info: [pap] login attempt with password "001372b639a6"
Wed Sep 18 10:48:06 2013 : Info: [pap] Using clear text password "001372b639a6"
Wed Sep 18 10:48:06 2013 : Info: [pap] User authenticated successfully
Wed Sep 18 10:48:06 2013 : Info: ++[pap] returns ok
Wed Sep 18 10:48:06 2013 : Info: # Executing section post-auth from file /etc/raddb/sites-enabled/default
Wed Sep 18 10:48:06 2013 : Info: +- entering group post-auth {...}
Wed Sep 18 10:48:06 2013 : Info: ++[exec] returns noop
Sending Access-Accept of id 204 to 10.90.100.7 port 1645
Wed Sep 18 10:48:06 2013 : Info: Finished request 0.
Wed Sep 18 10:48:06 2013 : Debug: Going to the next request
Wed Sep 18 10:48:06 2013 : Debug: Waking up in 4.9 seconds.
Wed Sep 18 10:48:11 2013 : Info: Cleaning up request 0 ID 204 with timestamp +77
Wed Sep 18 10:48:11 2013 : Info: Ready to process requests.
rad_recv: Access-Request packet from host 10.90.100.7 port 1645, id=205, length=160
User-Name = "3037a616cd49"
User-Password = "3037a616cd49"
Service-Type = Call-Check
Framed-MTU = 1500
Called-Station-Id = "9C-AF-CA-23-D9-01"
Calling-Station-Id = "30-37-A6-16-CD-49"
Message-Authenticator = 0xc9173e759dd759b9d414d192783e8a8e
NAS-Port-Type = Ethernet
NAS-Port = 50001
NAS-Port-Id = "GigabitEthernet0/1"
NAS-IP-Address = 10.90.100.7
Wed Sep 18 10:48:13 2013 : Info: # Executing section authorize from file /etc/raddb/sites-enabled/default
Wed Sep 18 10:48:13 2013 : Info: +- entering group authorize {...}
Wed Sep 18 10:48:13 2013 : Info: ++[preprocess] returns ok
Wed Sep 18 10:48:13 2013 : Info: ++[chap] returns noop
Wed Sep 18 10:48:13 2013 : Info: ++[mschap] returns noop
Wed Sep 18 10:48:13 2013 : Info: ++[digest] returns noop
Wed Sep 18 10:48:13 2013 : Info: [suffix] No '@' in User-Name = "3037a616cd49", looking up realm NULL
Wed Sep 18 10:48:13 2013 : Info: [suffix] No such realm "NULL"
Wed Sep 18 10:48:13 2013 : Info: ++[suffix] returns noop
Wed Sep 18 10:48:13 2013 : Info: [eap] No EAP-Message, not doing EAP
Wed Sep 18 10:48:13 2013 : Info: ++[eap] returns noop
Wed Sep 18 10:48:13 2013 : Info: [sql] expand: %{User-Name} -> 3037a616cd49
Wed Sep 18 10:48:13 2013 : Info: [sql] sql_set_user escaped user --> '3037a616cd49'
Wed Sep 18 10:48:13 2013 : Debug: rlm_sql (sql): Reserving sql socket id: 2
Wed Sep 18 10:48:13 2013 : Info: [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '3037a616cd49' ORDER BY id
Wed Sep 18 10:48:13 2013 : Debug: rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '3037a616cd49' ORDER BY id
Wed Sep 18 10:48:13 2013 : Info: [sql] User found in radcheck table
Wed Sep 18 10:48:13 2013 : Info: [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = '3037a616cd49' ORDER BY id
Wed Sep 18 10:48:13 2013 : Debug: rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radreply WHERE username = '3037a616cd49' ORDER BY id
Wed Sep 18 10:48:13 2013 : Info: [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = '3037a616cd49' ORDER BY priority
Wed Sep 18 10:48:13 2013 : Debug: rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = '3037a616cd49' ORDER BY priority
Wed Sep 18 10:48:13 2013 : Debug: rlm_sql (sql): Released sql socket id: 2
Wed Sep 18 10:48:13 2013 : Info: ++[sql] returns ok
Wed Sep 18 10:48:13 2013 : Info: ++[expiration] returns noop
Wed Sep 18 10:48:13 2013 : Info: ++[logintime] returns noop
Wed Sep 18 10:48:13 2013 : Info: ++[pap] returns updated
Wed Sep 18 10:48:13 2013 : Info: Found Auth-Type = PAP
Wed Sep 18 10:48:13 2013 : Info: # Executing group from file /etc/raddb/sites-enabled/default
Wed Sep 18 10:48:13 2013 : Info: +- entering group PAP {...}
Wed Sep 18 10:48:13 2013 : Info: [pap] login attempt with password "3037a616cd49"
Wed Sep 18 10:48:13 2013 : Info: [pap] Using clear text password "3037a616cd49"
Wed Sep 18 10:48:13 2013 : Info: [pap] User authenticated successfully
Wed Sep 18 10:48:13 2013 : Info: ++[pap] returns ok
Wed Sep 18 10:48:13 2013 : Info: # Executing section post-auth from file /etc/raddb/sites-enabled/default
Wed Sep 18 10:48:13 2013 : Info: +- entering group post-auth {...}
Wed Sep 18 10:48:13 2013 : Info: ++[exec] returns noop
Sending Access-Accept of id 205 to 10.90.100.7 port 1645
Cisco-AVPair = "device-traffic-class=voice"
Wed Sep 18 10:48:13 2013 : Info: Finished request 1.
Wed Sep 18 10:48:13 2013 : Debug: Going to the next request
Wed Sep 18 10:48:13 2013 : Debug: Waking up in 4.9 seconds.
Wed Sep 18 10:48:18 2013 : Info: Cleaning up request 1 ID 205 with timestamp +84
Wed Sep 18 10:48:18 2013 : Info: Ready to process requests.
Thanks!802.1X support requires an authentication server that is configured for Remote Authentication Dial-In User Service (RADIUS). 802.1X authentication does not work unless the network access switch can route packets to the configured RADIUS server.
Please check the below links which can be helpful in configurations:
Link-1
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/50sg/configuration/guide/dot1x.html -
Difference Between Layer 2 Security and WPA & WPA2 Parameters
Hello Everyone, thank you everyone to read me again.
I have one questions about security WLAN configuration. I created one SSID when I configured the tab security I see this:
I'm not an expert how you can see but I thought that when you use WPA + WPA2 you will use an PSK to join the network.
I see I can use 802.1X in layer 2 security.
I don't really understand what the difference betwen this options. I mean if I use 802.1X for layer 2 security I need to stablish a WEP KEY?
IF I use a WPA +WPA2 for layer 2 security and 802.1X for Auth Key Managment I need to use a Radius?
Exist any documentation about this options?Look at it this way.
WPA+TKIP
Uses pre shared key and is not supported by 802.11n
WPA2+AES
Also uses pre shared key and is supported by 802.11n
WPA+TKIP or WPA2+AES and 802.1x
Requires a radius server or the use of LDAP
Also requires a certificate
Server side certificate for PEAP and a server and client side certificate for EAP-TLS.
You also want to only use either WPA/TKIP or WPA2/AES, not both and don't mix and match.
Sent from Cisco Technical Support iPhone App -
i've managed to set up port security and i need to lock the ports down by one mac well after going through each port step by step all the mac's are in the table but it shows them as dynamic address's i thought they were supposed to be static secure? i also thought that setting up port security would make so if someone changed ports on the switch that it would cause a security violation i havent been able to create a security violation yet.
Hi,
How have you configured this on your switch ports, all you need to do to restrict the port to a single MAC address is:
switchport port-security
switchport port-security violation restrict
When you look at the CAM table for a specific port, the MAC address learned on that port should be listed as static and not dynamic.
my_switch#sh mac-address-table int fa 2/0/7
Mac Address Table
Vlan Mac Address Type Ports
134 0003.47a4.db43 STATIC Fa2/0/7
Total Mac Addresses for this criterion: 1
EDIT: You can also issue the following command:
my_switch#sh port-security int fa 2/0/7
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Restrict
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : 0003.47a4.db43:134
Security Violation Count : 0
This shows the max allowed MACs on the port, the MAC that has been allowed and the port status as Secure_up
I believe that's all you need to do.
HTH
Paddy -
Problem with hp laser jet 9050 mfp and port security
Hello,
I activaded the port-security configuration in all the printers that we have. I've noticed that all the printers send an ethernet package that includes the same mac address 1a3c.30a9.5a8f in all the cases and this makes the port go to shutdown. I have changed the configuration to a restrict mode to avoid the shutdown in the printers.
But it keeps sending the message. So I want to know if its the switch doesn't know how to interpretate it or if its a problem with the printer?
The switch i have is a Catalyst 4500-RE and here it's a log from the issue.
Nov 11 12:40:22 CENTRAL: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 1a3c.30a9.5a8f on port GigabitEthernet4/24.
Nov 11 12:01:45 CENTRAL: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 1a3c.30a9.5a8f on port GigabitEthernet3/25.
Nov 11 12:03:58.757 CENTRAL: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 1a3c.30a9.5a8f on port FastEthernet7/16.
Thanks for the help.Hi,
this address has got the U/L bit set and even flipping the bit doesn't get any result in the IEE OUI database.
Can you post sh port-security address output.
Regards.
Alain -
What's listening on port 454 and 455 in Azure? Warning flagged by security scan
We are about to go live with an Azure Website and, as a precaution, did a security scan on the IP address that has been allocated to us.
There were a number of low severity warnings listed which we're not too worried about, however the scan did flag that something appears to be listening on port 454 and 455, and supports TLS1.0.
RESULTS:
Available non CBC cipher Server's choice SSL version
RC4-SHA DES-CBC3-SHA TLSv1
Does anyone know what this is? I can't find it obviously listed anywhere. If it's not necessary, can I switch it off? And if it is necessary, can I set it to require a more secure protocol?
We're hosted in the "Australia East" datacentre, in case that's relevant.
Crossposted to Stack Overflow here:
http://stackoverflow.com/questions/27807505/whats-listening-on-port-454-and-455-in-azure-warning-flagged-by-security-scanHello Michael,
These ports are used for internal communication in Azure Websites infrastructure. They are not site specific and you cannot turn them off. It is safe to ignore them.
Thanks,
Petr -
NAC and switchport port-security
Dear,Friends
I have NAC working on Out-Of-Band Vitual Gateway.
When I Enable Port Security on the CAM, this don't work very well.
I need allow two mac-address for interface, one workstation and one phone.
The first User is authenticated and placed in the correct VLAN according to the group. Total MAC Addresses increases the workstation and the phone correctly.
Switch#sh port-security interface gigabitEthernet 1/24
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 2
Total MAC Addresses : 2
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : fcfb.fbca.2c65:89
Security Violation Count : 0
After if I:
- change of user
- bounce the interface
- plug another workstation on interface
Anything happens, and port remains on Access VLAN.
Somebody Know How Can I fix this problem?
RegardsCould you please elaborate on your question? I don't understand what's exactly the problem.
-
Port-security MAC address restrictions and flexconnect
Hi - has anyone else seen this issue?
We use port-security on flexconnect ports limiting the maximum mac addresses to 100. The ports are configured so that the native vlan is the AP management vlan and we tag the wireless client vlan.
Recently we had an issue where we were seeing MAC address restriction violations on the ports connected to AP's. Although we could not see the violations happen in realtime they were in the switch logs. In Cisco Prime we checked the client counts on the AP's and they were less than 10 at that time the error occurred.
We then increased the max mac addresses to 200 and still saw the same issue. Removing port-security seemed to fix the problem.
This was the model and version of the switches.
WS-C2960X-24PS-L 15.0(2)EX4 C2960X-UNIVERSALK9-M
Has anyone else had this?
Any help much appreciated.Hi - has anyone else seen this issue?
We use port-security on flexconnect ports limiting the maximum mac addresses to 100. The ports are configured so that the native vlan is the AP management vlan and we tag the wireless client vlan.
Recently we had an issue where we were seeing MAC address restriction violations on the ports connected to AP's. Although we could not see the violations happen in realtime they were in the switch logs. In Cisco Prime we checked the client counts on the AP's and they were less than 10 at that time the error occurred.
We then increased the max mac addresses to 200 and still saw the same issue. Removing port-security seemed to fix the problem.
This was the model and version of the switches.
WS-C2960X-24PS-L 15.0(2)EX4 C2960X-UNIVERSALK9-M
Has anyone else had this?
Any help much appreciated. -
Using secure port only and disabling port 389
Hello everyone,
I'd like to know if it is possible to run LDAPS port 636 and stop LDAP port 389. Will this have bad results with other applications like messaging server, administration server,.... and if this is feasible without any drawback, how can we do that?
Thank you very much for your helpScott,
AccessHW.zip should work for WinXP according to what I have read..(though it may vary with SP1 or 2 or updated drivers etc.) If it does work for you...that would be the easiest way to communicate via your port in XP.
-Brett -
Port Security based on Device Type
Hi all:
We need to know whether there is any feature or software that allows to block switch ports for type of devices.
For instance, we have some switches for IP phones and we do not want to have PCs connected to those ports.
We know that it can be done using MACs, but, as phones can be moved easily, it implies constant changes on port security.
Thanks
RegardsApologies if I have not understood the original question, however, can you use port security (max MAC / sticky MAC) to ensure only devices that are currently connected are successful, other violations will result in the port being shutdown.
You may want to investigate some 802.1x device authentication
http://www.cisco.com/en/US/products/ps6662/products_ios_protocol_option_home.html
HTH
Steve -
NAT port-forwarding and WAN side IP addresses
I have my Airport Extreme setup to forward port 21 to an FTP server on the LAN side of my network. The AE is connected via DSL to my ISP.
When a client from the WAN side connects to my server, the server's LOGS don't list the IP of the client, rather it says the client connected from my assigned WAN IP. For example (fake ip's):
Client ----> AE ----> FTP-SERVER
130.129.12.3 76.99.89.3 10.0.1.2
Log states client connected
from IP: 76.99.89.3
My previous Linksys router, with the same DSL modem and ISP, would report the client as connecting from 130.129.12.3.
Am I missing something in how I am configureing my AE? Or, is this how the AE manages port-forwarding and there's nothing I can do about it?
I used to use firewall rules to control access to the FTP server, i.e. rules set on the server. This can't be done anymore with the AE operating as it does.Seems to me that the NAT translation in the Airport 802.11n is such that it does not use the incoming IP of clients connecting from the WAN side to a computer on the LAN side. The ingoing and outgoing packets reach their respective destinations, it is just that the AE uses some kind of non-standard routing (at least not that I am used to working with).
This is bad because it prevents the use of some forms of access controls on BSD and Linux servers on the LAN side, TCP Wrappers and iptables for example. This can create obvious security problems when WAN ports are set to forward to such a LAN client. We are already getting hit with robot-like script attacks on our server, this was a problem with our Linksys router, but with the above mentioned tools and scripts we were able to block abusive clients.
Perhaps an Apple can work on resolving this issue in a future firmware release, at least make it an option... Anyone from Apple out there?
jmj -
My 'Security and Privacy' settings won't open
Ever since installing OS X Mountain Lion, when I click on 'Security and Privacy' under 'Settings,' it just continues to say 'Loading Security & Privacy' but nothing loads. I cannot get into it at all (screen shot below)...
Does anyone have any ideas on what is going on?I called Apple and they had me re-install Mountain Lion. As of now, the 'Security and Privacy' setting is working again, but I did check out the console like you advised. Here is what was there after I cleared the display and went back in again:
8/7/12 7:18:07.000 PM bootlog[0]: BOOT_TIME 1344381487 0
8/7/12 7:18:51.000 PM kernel[0]: PMAP: PCID enabled
8/7/12 7:18:51.000 PM kernel[0]: Darwin Kernel Version 12.0.0: Sun Jun 24 23:00:16 PDT 2012; root:xnu-2050.7.9~1/RELEASE_X86_64
8/7/12 7:18:51.000 PM kernel[0]: vm_page_bootstrap: 863197 free pages and 144419 wired pages
8/7/12 7:18:51.000 PM kernel[0]: kext submap [0xffffff7f8073e000 - 0xffffff8000000000], kernel text [0xffffff8000200000 - 0xffffff800073e000]
8/7/12 7:18:51.000 PM kernel[0]: zone leak detection enabled
8/7/12 7:18:51.000 PM kernel[0]: standard timeslicing quantum is 10000 us
8/7/12 7:18:51.000 PM kernel[0]: standard background quantum is 2500 us
8/7/12 7:18:51.000 PM kernel[0]: mig_table_max_displ = 74
8/7/12 7:18:51.000 PM kernel[0]: corecrypto kext started!
8/7/12 7:18:51.000 PM kernel[0]: Running kernel space in FIPS MODE
8/7/12 7:18:51.000 PM kernel[0]: Plist hmac value is 735d392b68241ef173d81097b1c8ce9ba283521626d1c973ac376838c466757d
8/7/12 7:18:51.000 PM kernel[0]: Computed hmac value is 735d392b68241ef173d81097b1c8ce9ba283521626d1c973ac376838c466757d
8/7/12 7:18:51.000 PM kernel[0]: corecrypto.kext FIPS integrity POST test passed!
8/7/12 7:18:51.000 PM kernel[0]: corecrypto.kext FIPS AES CBC POST test passed!
8/7/12 7:18:51.000 PM kernel[0]: corecrypto.kext FIPS TDES CBC POST test passed!
8/7/12 7:18:51.000 PM kernel[0]: corecrypto.kext FIPS AES ECB AESNI POST test passed!
8/7/12 7:18:51.000 PM kernel[0]: corecrypto.kext FIPS AES XTS AESNI POST test passed!
8/7/12 7:18:51.000 PM kernel[0]: corecrypto.kext FIPS SHA POST test passed!
8/7/12 7:18:51.000 PM kernel[0]: corecrypto.kext FIPS HMAC POST test passed!
8/7/12 7:18:51.000 PM kernel[0]: corecrypto.kext FIPS ECDSA POST test passed!
8/7/12 7:18:51.000 PM kernel[0]: corecrypto.kext FIPS DRBG POST test passed!
8/7/12 7:18:51.000 PM kernel[0]: corecrypto.kext FIPS POST passed!
8/7/12 7:18:51.000 PM kernel[0]: AppleACPICPU: ProcessorId=1 LocalApicId=0 Enabled
8/7/12 7:18:51.000 PM kernel[0]: AppleACPICPU: ProcessorId=2 LocalApicId=1 Enabled
8/7/12 7:18:51.000 PM kernel[0]: AppleACPICPU: ProcessorId=3 LocalApicId=4 Enabled
8/7/12 7:18:51.000 PM kernel[0]: AppleACPICPU: ProcessorId=4 LocalApicId=5 Enabled
8/7/12 7:18:51.000 PM kernel[0]: AppleACPICPU: ProcessorId=5 LocalApicId=0 Disabled
8/7/12 7:18:51.000 PM kernel[0]: AppleACPICPU: ProcessorId=6 LocalApicId=0 Disabled
8/7/12 7:18:51.000 PM kernel[0]: AppleACPICPU: ProcessorId=7 LocalApicId=0 Disabled
8/7/12 7:18:51.000 PM kernel[0]: AppleACPICPU: ProcessorId=8 LocalApicId=0 Disabled
8/7/12 7:18:51.000 PM kernel[0]: calling mpo_policy_init for TMSafetyNet
8/7/12 7:18:51.000 PM kernel[0]: Security policy loaded: Safety net for Time Machine (TMSafetyNet)
8/7/12 7:18:51.000 PM kernel[0]: calling mpo_policy_init for Sandbox
8/7/12 7:18:51.000 PM kernel[0]: Security policy loaded: Seatbelt sandbox policy (Sandbox)
8/7/12 7:18:51.000 PM kernel[0]: calling mpo_policy_init for Quarantine
8/7/12 7:18:51.000 PM kernel[0]: Security policy loaded: Quarantine policy (Quarantine)
8/7/12 7:18:51.000 PM kernel[0]: Copyright (c) 1982, 1986, 1989, 1991, 1993
8/7/12 7:18:51.000 PM kernel[0]: The Regents of the University of California. All rights reserved.
8/7/12 7:18:51.000 PM kernel[0]: MAC Framework successfully initialized
8/7/12 7:18:51.000 PM kernel[0]: using 16384 buffer headers and 10240 cluster IO buffer headers
8/7/12 7:18:51.000 PM kernel[0]: IOAPIC: Version 0x20 Vectors 64:87
8/7/12 7:18:51.000 PM kernel[0]: ACPI: System State [S0 S3 S4 S5] (S3)
8/7/12 7:18:51.000 PM kernel[0]: AppleIntelCPUPowerManagement: Turbo Ratios 0024
8/7/12 7:18:51.000 PM kernel[0]: AppleIntelCPUPowerManagement: (built 23:03:24 Jun 24 2012) initialization complete
8/7/12 7:18:51.000 PM kernel[0]: PFM64 (36 cpu) 0xf10000000, 0xf0000000
8/7/12 7:18:51.000 PM kernel[0]: [ PCI configuration begin ]
8/7/12 7:18:51.000 PM kernel[0]: Sleep failure code 0x00000000 0x31000000
8/7/12 7:18:51.000 PM kernel[0]: console relocated to 0xf10030000
8/7/12 7:18:51.000 PM kernel[0]: PCI configuration changed (bridge=3 device=2 cardbus=0)
8/7/12 7:18:51.000 PM kernel[0]: [ PCI configuration end, bridges 7 devices 16 ]
8/7/12 7:18:51.000 PM kernel[0]: [ PCI configuration begin ]
8/7/12 7:18:51.000 PM kernel[0]: PCI configuration changed (bridge=3 device=2 cardbus=0)
8/7/12 7:18:51.000 PM kernel[0]: [ PCI configuration end, bridges 8 devices 22 ]
8/7/12 7:18:51.000 PM kernel[0]: mbinit: done [64 MB total pool size, (42/21) split]
8/7/12 7:18:51.000 PM kernel[0]: Pthread support ABORTS when sync kernel primitives misused
8/7/12 7:18:51.000 PM kernel[0]: rooting via boot-uuid from /chosen: EF7397DF-6793-3508-9EEF-D0678915DB72
8/7/12 7:18:51.000 PM kernel[0]: Waiting on <dict ID="0"><key>IOProviderClass</key><string ID="1">IOResources</string><key>IOResourceMatch</key><string ID="2">boot-uuid-media</string></dict>
8/7/12 7:18:51.000 PM kernel[0]: com.apple.AppleFSCompressionTypeZlib kmod start
8/7/12 7:18:51.000 PM kernel[0]: com.apple.AppleFSCompressionTypeDataless kmod start
8/7/12 7:18:51.000 PM kernel[0]: com.apple.AppleFSCompressionTypeZlib load succeeded
8/7/12 7:18:51.000 PM kernel[0]: com.apple.AppleFSCompressionTypeDataless load succeeded
8/7/12 7:18:51.000 PM kernel[0]: AppleIntelCPUPowerManagementClient: ready
8/7/12 7:18:51.000 PM kernel[0]: FireWire (OHCI) Lucent ID 5901 built-in now active, GUID e80688fffee52076; max speed s800.
8/7/12 7:18:51.000 PM kernel[0]: Got boot device = IOService:/AppleACPIPlatformExpert/PCI0@0/AppleACPIPCI/SATA@1F,2/AppleIntelPchS eriesAHCI/PRT0@0/IOAHCIDevice@0/AppleAHCIDiskDriver/IOAHCIBlockStorageDevice/IOB lockStorageDriver/TOSHIBA MK5065GSXF Media/IOGUIDPartitionScheme/Untitled@2
8/7/12 7:18:51.000 PM kernel[0]: BSD root: disk0s2, major 1, minor 2
8/7/12 7:18:51.000 PM kernel[0]: Kernel is LP64
8/7/12 7:18:51.000 PM kernel[0]: USBMSC Identifier (non-unique): 000000009833 0x5ac 0x8403 0x9833
8/7/12 7:18:51.000 PM kernel[0]: hfs: created HFBT on Macintosh HD
8/7/12 7:18:08.844 PM com.apple.launchd[1]: *** launchd[1] has started up. ***
8/7/12 7:18:08.844 PM com.apple.launchd[1]: *** Shutdown logging is enabled. ***
8/7/12 7:18:51.298 PM com.apple.launchd[1]: (com.apple.automountd) Unknown key for boolean: NSSupportsSuddenTermination
8/7/12 7:18:51.305 PM launchctl[2]: com.apple.RemotePairTool: Already loaded
8/7/12 7:18:55.431 PM com.apple.SecurityServer[16]: Session 100000 created
8/7/12 7:18:55.501 PM configd[19]: ioctl(SIOCGIFCAP) failed: Device not configured
8/7/12 7:18:55.501 PM configd[19]: ioctl(SIOCGIFCAP) failed: Device not configured
8/7/12 7:18:55.503 PM configd[19]: setting hostname to "MALORIE-JANASEKs-MacBook-Pro.local"
8/7/12 7:18:55.508 PM configd[19]: network changed.
8/7/12 7:18:55.684 PM com.apple.SecurityServer[16]: Entering service
8/7/12 7:18:55.827 PM UserEventAgent[11]: Captive: [mySCCopyWiFiDevices:162] WiFi Device Name == NULL
8/7/12 7:18:55.000 PM kernel[0]: AGC: 3.2.6, HW version=1.9.21, flags:0, features:20600
8/7/12 7:18:56.398 PM hidd[63]: Posting 'com.apple.iokit.hid.displayStatus' notifyState=1
8/7/12 7:18:56.482 PM fseventsd[64]: could not open <</.fseventsd/fseventsd-uuid>> (No such file or directory)
8/7/12 7:18:56.638 PM coreservicesd[37]: FindBestLSSession(), no match for inSessionID 0xfffffffffffffffc auditTokenInfo( uid=0 euid=0 auSessionID=100000 create=false
8/7/12 7:18:56.000 PM kernel[0]: macx_swapon SUCCESS
8/7/12 7:18:56.998 PM com.apple.launchd[1]: (com.apple.bsd.dirhelper) Throttling respawn: Will start in 10 seconds
8/7/12 7:18:57.489 PM fseventsd[64]: log dir: /.fseventsd getting new uuid: 8DB7FF89-E45E-423B-953C-0DF895D2D798
8/7/12 7:18:57.728 PM hidd[63]: void __IOHIDLoadBundles(): Loaded 0 HID plugins
8/7/12 7:18:57.000 PM kernel[0]: Waiting for DSMOS...
8/7/12 7:18:58.024 PM awacsd[73]: Starting awacsd connectivity-77 (Jun 20 2012 15:40:49)
8/7/12 7:18:58.445 PM digest-service[88]: label: default
8/7/12 7:18:58.445 PM digest-service[88]: dbname: od:/Local/Default
8/7/12 7:18:58.446 PM digest-service[88]: mkey_file: /var/db/krb5kdc/m-key
8/7/12 7:18:58.446 PM digest-service[88]: acl_file: /var/db/krb5kdc/kadmind.acl
8/7/12 7:18:58.884 PM awacsd[73]: InnerStore CopyAllZones: no info in Dynamic Store
8/7/12 7:18:59.191 PM aosnotifyd[91]: bootstrap_look_up failed (44e)
8/7/12 7:18:59.000 PM kernel[0]: BTCOEXIST off
8/7/12 7:18:59.000 PM kernel[0]: BRCM tunables:
8/7/12 7:18:59.000 PM kernel[0]: pullmode[1] txringsize[ 256] reapmin[ 32] reapcount[ 128]
8/7/12 7:18:59.000 PM kernel[0]: highWaterMark: VO[ 192] VI[ 192] BE[ 192] BK[ 192]
8/7/12 7:18:59.923 PM systemkeychain[92]: done file: /var/run/systemkeychaincheck.done
8/7/12 7:19:00.076 PM digest-service[88]: digest-request: uid=0
8/7/12 7:19:00.000 PM kernel[0]: Previous Shutdown Cause: 5
8/7/12 7:19:02.780 PM rpcsvchost[131]: sandbox_init: com.apple.msrpc.netlogon.sb succeeded
8/7/12 7:19:02.785 PM digest-service[88]: digest-request: init request
8/7/12 7:19:02.791 PM digest-service[88]: digest-request: init return domain: BUILTIN server: MALORIE-JANASEKS-MACBOOK-PRO
8/7/12 7:19:04.780 PM apsd[75]: CGSLookupServerRootPort: Failed to look up the port for "com.apple.windowserver.active" (1102)
8/7/12 7:19:04.780 PM apsd[75]: CGSLookupServerRootPort: Failed to look up the port for "com.apple.windowserver.active" (1102)
8/7/12 7:19:07.472 PM mDNSResponder[55]: mDNSResponder mDNSResponder-379.27 (Jun 20 2012 15:40:55) starting OSXVers 12
8/7/12 7:19:07.477 PM appleeventsd[69]: main: Starting up
8/7/12 7:19:07.694 PM stackshot[45]: Timed out waiting for IOKit to finish matching.
8/7/12 7:19:07.681 PM com.apple.usbmuxd[41]: usbmuxd-268.5 on Apr 5 2012 at 15:33:48, running 64 bit
8/7/12 7:19:08.356 PM digest-service[88]: digest-request: uid=0
8/7/12 7:19:08.356 PM digest-service[88]: digest-request: init request
8/7/12 7:19:08.357 PM digest-service[88]: digest-request: init return domain: TATE-S-IPOD server: MALORIE-JANASEKS-MACBOOK-PRO
8/7/12 7:19:11.803 PM configd[19]: network changed: DNS*
8/7/12 7:19:11.960 PM mDNSResponder[55]: D2D_IPC: Loaded
8/7/12 7:19:11.960 PM mDNSResponder[55]: D2DInitialize succeeded
8/7/12 7:19:12.011 PM locationd[59]: NOTICE,Location icon should now be in state 0
8/7/12 7:19:12.000 PM kernel[0]: fNumVRAMBlocks is 4
8/7/12 7:19:13.000 PM kernel[0]: NVDANV50HAL loaded and registered.
8/7/12 7:19:13.886 PM awacsd[73]: Exiting
8/7/12 7:19:14.000 PM kernel[0]: IOBluetoothUSBDFU::probe
8/7/12 7:19:14.000 PM kernel[0]: IOBluetoothUSBDFU::probe ProductID - 0x8218 FirmwareVersion - 0x0041
8/7/12 7:19:14.000 PM kernel[0]: [BroadcomBluetoothHCIControllerUSBTransport][start] -- completed
8/7/12 7:19:14.783 PM apsd[75]: CGSLookupServerRootPort: Failed to look up the port for "com.apple.windowserver.active" (1102)
8/7/12 7:19:15.000 PM kernel[0]: [AGPM Controller] build GPUDict by Vendor8086Device0046
8/7/12 7:19:15.000 PM kernel[0]: [AGPM Controller] build GPUDict by Vendor10deDevice0a29
8/7/12 7:19:16.350 PM UserEventAgent[11]: WirelessAirPortDeviceNameCopy(): no BSD interface name found for object 16395
8/7/12 7:19:16.350 PM UserEventAgent[11]: Captive: [mySCCopyWiFiDevices:162] WiFi Device Name == NULL
8/7/12 7:19:16.355 PM UserEventAgent[11]: WirelessAirPortDeviceNameCopy(): no BSD interface name found for object 15887
8/7/12 7:19:16.356 PM UserEventAgent[11]: Captive: [mySCCopyWiFiDevices:162] WiFi Device Name == NULL
8/7/12 7:19:16.359 PM loginwindow[58]: Login Window Application Started
8/7/12 7:19:16.000 PM kernel[0]: DSMOS has arrived
8/7/12 7:19:16.000 PM kernel[0]: [IOBluetoothHCIController][staticBluetoothHCIControllerTransportShowsUp] -- Received Bluetooth Controller register service notification
8/7/12 7:19:16.000 PM kernel[0]: [IOBluetoothHCIController][start] -- completed
8/7/12 7:19:16.000 PM kernel[0]: BCM5701Enet: Ethernet address c4:2c:03:0a:3d:d4
8/7/12 7:19:16.000 PM kernel[0]: AirPort_Brcm4331: Ethernet address e4:ce:8f:75:d9:a9
8/7/12 7:19:16.000 PM kernel[0]: IO80211Controller::dataLinkLayerAttachComplete(): adding AppleEFINVRAM notification
8/7/12 7:19:16.000 PM kernel[0]: IO80211Interface::efiNVRAMPublished():
8/7/12 7:19:16.000 PM kernel[0]: [IOBluetoothHCIController::setConfigState] calling registerService
8/7/12 7:19:18.000 PM kernel[0]: AirPort: Link Down on en1. Reason 1 (Unspecified).
8/7/12 7:19:18.000 PM kernel[0]: en1::IO80211Interface::postMessage bssid changed
8/7/12 7:19:18.137 PM airportd[154]: _processDLILEvent: en1 attached (up)
8/7/12 7:19:18.165 PM BBDaemon[77]: IOBSDNameMatching returned a NULL dictionary.
8/7/12 7:19:18.165 PM BBDaemon[77]: IOBSDNameMatching returned a NULL dictionary.
8/7/12 7:19:18.165 PM BBDaemon[77]: IOBSDNameMatching returned a NULL dictionary.
8/7/12 7:19:18.165 PM BBDaemon[77]: IOBSDNameMatching returned a NULL dictionary.
8/7/12 7:19:18.000 PM kernel[0]: createVirtIf(): ifRole = 1
8/7/12 7:19:18.000 PM kernel[0]: in func createVirtualInterface ifRole = 1
8/7/12 7:19:18.000 PM kernel[0]: AirPort_Brcm4331_P2PInterface::init name <p2p0> role 1 this 0xffffff80293e5400
8/7/12 7:19:18.000 PM kernel[0]: AirPort_Brcm4331_P2PInterface::init() <p2p> role 1
8/7/12 7:19:18.000 PM kernel[0]: Created virtif 0xffffff80293e5400 p2p0
8/7/12 7:19:19.564 PM digest-service[88]: digest-request: uid=0
8/7/12 7:19:19.564 PM digest-service[88]: digest-request: init request
8/7/12 7:19:19.566 PM digest-service[88]: digest-request: init return domain: MACBOOKPRO server: MALORIE-JANASEKS-MACBOOK-PRO
8/7/12 7:19:20.000 PM kernel[0]: [ffffff8027ac6800][BNBTrackpadDevice::init][75.15] init is complete
8/7/12 7:19:20.000 PM kernel[0]: [ffffff8027ac6800][BNBTrackpadDevice::handleStart][75.15] returning 1
8/7/12 7:19:20.000 PM kernel[0]: [ffffff8029184c00][AppleMultitouchHIDEventDriver::start] entered
8/7/12 7:19:20.000 PM kernel[0]: [ffffff8027b85c00][AppleMultitouchDevice::start] entered
8/7/12 7:19:22.048 PM mds[54]: (Normal) FMW: FMW 0 0
8/7/12 7:19:22.051 PM WindowServer[140]: Server is starting up
8/7/12 7:19:22.124 PM UserEventAgent[11]: Captive: [HandleNetworkInformationChanged:2435] nwi_state_copy returned NULL
8/7/12 7:19:22.240 PM WindowServer[140]: Session 256 retained (2 references)
8/7/12 7:19:22.240 PM WindowServer[140]: Session 256 released (1 references)
8/7/12 7:19:22.290 PM WindowServer[140]: Session 256 retained (2 references)
8/7/12 7:19:22.335 PM WindowServer[140]: init_page_flip: page flip mode is on
8/7/12 7:19:23.311 PM com.apple.launchd[1]: (com.apple.smb.preferences) Throttling respawn: Will start in 7 seconds
8/7/12 7:19:23.311 PM com.apple.launchd[1]: (com.apple.smb.preferences) Throttling respawn: Will start in 7 seconds
8/7/12 7:19:23.591 PM com.apple.launchd[1]: (com.apple.smb.preferences) Throttling respawn: Will start in 6 seconds
8/7/12 7:19:24.343 PM WindowServer[140]: mux_initialize: Mode is dynamic
8/7/12 7:19:24.000 PM kernel[0]: en1: 802.11d country code set to 'US'.
8/7/12 7:19:24.000 PM kernel[0]: en1: Supported channels 1 2 3 4 5 6 7 8 9 10 11 36 40 44 48 52 56 60 64 100 104 108 112 116 120 124 128 132 136 140 149 153 157 161 165
8/7/12 7:19:24.924 PM WindowServer[140]: GLCompositor enabled for tile size [256 x 256]
8/7/12 7:19:24.924 PM WindowServer[140]: CGXGLInitMipMap: mip map mode is on
8/7/12 7:19:24.976 PM WindowServer[140]: WSMachineUsesNewStyleMirroring: false
8/7/12 7:19:24.976 PM WindowServer[140]: Display 0x042728c0: GL mask 0x5; bounds (0, 0)[1440 x 900], 39 modes available
Main, Active, on-line, enabled, built-in, boot, Vendor 610, Model 9ca3, S/N 0, Unit 0, Rotation 0
UUID 0x0000061000009ca300000000042728c0
8/7/12 7:19:24.977 PM WindowServer[140]: Display 0x1a48a351: GL mask 0x2; bounds (1440, 0)[1920 x 1080], 72 modes available
Active, on-line, enabled, Vendor 469, Model 23f1, S/N 5f11, Unit 1, Rotation 0
UUID 0x00000469000023f100005f1100000000
8/7/12 7:19:24.986 PM WindowServer[140]: Created shield window 0x7 for display 0x042728c0
8/7/12 7:19:24.992 PM WindowServer[140]: Created shield window 0x8 for display 0x1a48a351
8/7/12 7:19:25.201 PM WindowServer[140]: hw_mirror_device_if_possible: driver picks 0x1a48a351 as primary
8/7/12 7:19:25.217 PM WindowServer[140]: Display 0x1a48a351: GL mask 0x2; bounds (0, 0)[1440 x 900], 72 modes available
Hardware mirror of 0x42728c0; Main, Active, on-line, enabled, Vendor 469, Model 23f1, S/N 5f11, Unit 1, Rotation 0
UUID 0x00000469000023f100005f1100000000
8/7/12 7:19:25.217 PM WindowServer[140]: Display 0x042728c0: GL mask 0x5; bounds (0, 0)[1440 x 900], 39 modes available
Master in mirror set; on-line, enabled, built-in, boot, Vendor 610, Model 9ca3, S/N 0, Unit 0, Rotation 0
UUID 0x0000061000009ca300000000042728c0
8/7/12 7:19:25.217 PM WindowServer[140]: CGXPerformInitialDisplayConfiguration
8/7/12 7:19:25.217 PM WindowServer[140]: Display 0x1a48a351: MappedDisplay Unit 1; Vendor 0x469 Model 0x23f1 S/N 24337 Dimensions 20.51 x 11.54; online enabled, Bounds (0,0)[1440 x 900], Rotation 0, Resolution 1
8/7/12 7:19:25.217 PM WindowServer[140]: Display 0x042728c0: MappedDisplay Unit 0; Alias(0, 0x5); Vendor 0x610 Model 0x9ca3 S/N 0 Dimensions 13.03 x 8.15; online enabled built-in, Bounds (0,0)[1440 x 900], Rotation 0, Resolution 1
8/7/12 7:19:25.218 PM WindowServer[140]: CGXMuxBoot: Boot normal
8/7/12 7:19:26.000 PM kernel[0]: MacAuthEvent en1 Auth result for: 00:22:a4:25:0c:d1 MAC AUTH succeeded
8/7/12 7:19:26.000 PM kernel[0]: wlEvent: en1 en1 Link UP virtIf = 0
8/7/12 7:19:26.000 PM kernel[0]: AirPort: Link Up on en1
8/7/12 7:19:26.000 PM kernel[0]: en1: BSSID changed to 00:22:a4:25:0c:d1
8/7/12 7:19:26.000 PM kernel[0]: en1::IO80211Interface::postMessage bssid changed
8/7/12 7:19:26.000 PM kernel[0]: AirPort: RSN handshake complete on en1
8/7/12 7:19:28.107 PM configd[19]: network changed: v4(en1+:192.168.1.70) DNS+ Proxy+ SMB
8/7/12 7:19:28.128 PM configd[19]: setting hostname to "tate-s-ipod"
8/7/12 7:19:28.271 PM UserEventAgent[11]: Captive: en1: Not probing '2WIRE999' (protected network)
8/7/12 7:19:28.277 PM configd[19]: network changed: v4(en1!:192.168.1.70) DNS Proxy SMB
8/7/12 7:19:29.032 PM airportd[154]: _doAutoJoin: Already associated to “2WIRE999”. Bailing on auto-join.
8/7/12 7:19:29.379 PM ntpd[85]: proto: precision = 1.000 usec
8/7/12 7:19:30.016 PM digest-service[88]: digest-request: uid=0
8/7/12 7:19:30.016 PM digest-service[88]: digest-request: init request
8/7/12 7:19:30.018 PM digest-service[88]: digest-request: init return domain: MACBOOKPRO server: TATE-S-IPOD
8/7/12 7:19:30.236 PM UpdateSettingsTool[42]: CGSLookupServerRootPort: Failed to look up the port for "com.apple.windowserver.active" (1102)
8/7/12 7:19:32.226 PM genatsdb[185]: ########## genatsdb Sandboxed. ##########
8/7/12 7:19:32.435 PM WindowServer[140]: GLCompositor: GL renderer id 0x01022612, GL mask 0x00000003, accelerator 0x00003e6b, unit 0, caps QEX|QGL|MIPMAP, vram 256 MB
8/7/12 7:19:32.516 PM WindowServer[140]: GLCompositor: GL renderer id 0x01022612, GL mask 0x00000003, texture units 8, texture max 8192, viewport max {8192, 8192}, extensions FPRG|NPOT|GLSL|FLOAT
8/7/12 7:19:32.516 PM WindowServer[140]: GLCompositor: GL renderer id 0x01024300, GL mask 0x00000004, accelerator 0x00003917, unit 2, caps QEX|QGL|MIPMAP, vram 288 MB
8/7/12 7:19:32.520 PM WindowServer[140]: GLCompositor: GL renderer id 0x01024300, GL mask 0x00000004, texture units 8, texture max 8192, viewport max {8192, 8192}, extensions FPRG|NPOT|GLSL|FLOAT
8/7/12 7:19:32.520 PM WindowServer[140]: **DMPROXY** (2) Found `/System/Library/CoreServices/DMProxy'.
8/7/12 7:19:32.526 PM WindowServer[140]: **DMPROXY** (2) Found `/System/Library/CoreServices/DMProxy'.
8/7/12 7:19:32.802 PM loginwindow[58]: **DMPROXY** Found `/System/Library/CoreServices/DMProxy'.
8/7/12 7:19:33.158 PM WindowServer[140]: Created shield window 0x9 for display 0x1a48a351
8/7/12 7:19:33.158 PM WindowServer[140]: Display 0x1a48a351: MappedDisplay Unit 1; ColorProfile { 1, "Default(sRGB IEC61966-2.1)"}; TransferFormula (1.000000, 1.000000, 1.000000)
8/7/12 7:19:33.158 PM WindowServer[140]: Display 0x1a48a351: MappedDisplay Unit 1; ColorProfile { 1, "Default(sRGB IEC61966-2.1)"}; TransferFormula (1.000000, 1.000000, 1.000000)
8/7/12 7:19:33.164 PM WindowServer[140]: Created shield window 0xa for display 0x042728c0
8/7/12 7:19:33.164 PM WindowServer[140]: Display 0x042728c0: MappedDisplay Unit 0; ColorProfile { 1, "Default(sRGB IEC61966-2.1)"}; TransferFormula (1.000000, 1.000000, 1.000000)
8/7/12 7:19:33.165 PM WindowServer[140]: Display 0x042728c0: MappedDisplay Unit 0; ColorProfile { 1, "Default(sRGB IEC61966-2.1)"}; TransferFormula (1.000000, 1.000000, 1.000000)
8/7/12 7:19:33.385 PM WindowServer[140]: Created shield window 0xb for display 0x1a48a351
8/7/12 7:19:33.385 PM WindowServer[140]: Display 0x1a48a351: MappedDisplay Unit 1; ColorProfile { 2, "ASUS VH232H"}; TransferFormula (1.000000, 1.000000, 1.000000)
8/7/12 7:19:33.385 PM WindowServer[140]: Display 0x1a48a351: MappedDisplay Unit 1; ColorProfile { 2, "ASUS VH232H"}; TransferFormula (1.000000, 1.000000, 1.000000)
8/7/12 7:19:33.386 PM WindowServer[140]: Display 0x1a48a351: MappedDisplay Unit 1; ColorProfile { 2, "ASUS VH232H"}; TransferFormula (1.000000, 1.000000, 1.000000)
8/7/12 7:19:33.392 PM WindowServer[140]: Created shield window 0xc for display 0x042728c0
8/7/12 7:19:33.393 PM WindowServer[140]: Display 0x042728c0: MappedDisplay Unit 0; ColorProfile { 3, "Color LCD"}; TransferTable (256, 3)
8/7/12 7:19:33.393 PM WindowServer[140]: Display 0x042728c0: MappedDisplay Unit 0; ColorProfile { 3, "Color LCD"}; TransferTable (256, 3)
8/7/12 7:19:33.393 PM WindowServer[140]: Display 0x042728c0: MappedDisplay Unit 0; ColorProfile { 3, "Color LCD"}; TransferTable (256, 3)
8/7/12 7:19:33.407 PM WindowServer[140]: Unable to open IOHIDSystem (e00002bd)
8/7/12 7:19:33.000 PM kernel[0]: virtual bool IOHIDEventSystemUserClient::initWithTask(task_t, void *, UInt32): Client task not privileged to open IOHIDSystem for mapping memory (e00002c1)
8/7/12 7:19:33.481 PM launchctl[195]: com.apple.findmymacmessenger: Already loaded
8/7/12 7:19:33.624 PM com.apple.SecurityServer[16]: Session 100005 created
8/7/12 7:19:34.287 PM BezelServices 235.55[58]: -[DriverServices sendPreferencesToDevice:resetDefaults:] error: classPrefID (null), classPrefs (null)
8/7/12 7:19:34.340 PM com.apple.launchd[1]: (com.apple.smb.preferences) Throttling respawn: Will start in 6 seconds
8/7/12 7:19:34.342 PM com.apple.launchd[1]: (com.apple.smb.preferences) Throttling respawn: Will start in 6 seconds
8/7/12 7:19:34.430 PM airportd[154]: _doAutoJoin: Already associated to “2WIRE999”. Bailing on auto-join.
8/7/12 7:19:34.597 PM com.apple.launchd[1]: (com.apple.smb.preferences) Throttling respawn: Will start in 6 seconds
8/7/12 7:19:35.143 PM hidd[63]: CGSShutdownServerConnections: Detaching application from window server
8/7/12 7:19:35.143 PM hidd[63]: CGSDisplayServerShutdown: Detaching display subsystem from window server
8/7/12 7:19:35.285 PM loginwindow[58]: Login Window Started Security Agent
8/7/12 7:19:35.930 PM UpdateSettingsTool[42]: [Warning] Bad response from daemon for setup info
8/7/12 7:19:35.980 PM SecurityAgent[210]: This is the first run
8/7/12 7:19:35.980 PM SecurityAgent[210]: MacBuddy was run = 0
8/7/12 7:19:40.606 PM digest-service[88]: digest-request: uid=0
8/7/12 7:19:40.606 PM digest-service[88]: digest-request: init request
8/7/12 7:19:40.607 PM digest-service[88]: digest-request: init return domain: MACBOOKPRO-3DD4 server: TATE-S-IPOD
8/7/12 7:19:45.121 PM coreaudiod[203]: 2012-08-07 07:19:45.121034 PM [AirPlay] Started browsing for _airplay._tcp.
8/7/12 7:19:45.122 PM coreaudiod[203]: 2012-08-07 07:19:45.121605 PM [AirPlay] Started browsing for _raop._tcp.
8/7/12 7:19:45.727 PM UserEventAgent[196]: cannot find useragent 1102
8/7/12 7:20:04.417 PM genatsdb[185]: *GENATSDB* FontObjects generated = 729
8/7/12 7:20:17.111 PM com.apple.launchd.peruser.501[225]: (com.apple.mdworker.bundles[231]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 7:20:17.132 PM com.apple.launchd.peruser.501[225]: (com.apple.distnoted.xpc.agent[232]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 7:20:17.138 PM com.apple.launchd.peruser.501[225]: (com.apple.cfprefsd.xpc.agent[234]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 7:20:17.141 PM distnoted[232]: # distnote server agent absolute time: 130.071035547 civil time: Tue Aug 7 19:20:17 2012 pid: 232 uid: 501 root: no
8/7/12 7:20:18.157 PM com.apple.SecurityServer[16]: Session 100007 created
8/7/12 7:20:18.157 PM com.apple.SecurityServer[16]: Session 100008 created
8/7/12 7:20:42.852 PM com.apple.launchd.peruser.501[225]: (com.apple.mdworker.shared.04000000-0000-0000-0000-000000000000[237]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 7:21:01.000 PM kernel[0]: considerRebuildOfPrelinkedKernel com.apple.iokit.IOGraphicsFamily triggered rebuild
8/7/12 7:21:12.534 PM com.apple.kextcache[238]: Kernel file /mach_kernel does not contain requested arch: i386
8/7/12 7:21:57.603 PM com.apple.kextcache[238]: Created prelinked kernel /System/Library/Caches/com.apple.kext.caches/Startup/kernelcache.
8/7/12 7:22:10.361 PM com.apple.launchd.peruser.501[225]: (com.apple.mdworker.bundles[241]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 7:22:34.673 PM com.apple.launchd.peruser.501[225]: (com.apple.mdworker.shared.04000000-0000-0000-0000-000000000000[253]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 7:22:55.243 PM com.apple.SecurityServer[16]: Session 100009 created
8/7/12 7:24:26.662 PM com.apple.launchd.peruser.501[225]: (com.apple.mdworker.bundles[278]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 7:25:27.508 PM com.apple.launchd.peruser.501[225]: (com.apple.mdworker.bundles[285]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 7:27:28.314 PM com.apple.launchd.peruser.501[225]: (com.apple.mdworker.bundles[306]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 7:28:36.382 PM com.apple.launchd.peruser.501[225]: (com.apple.mdworker.shared.04000000-0000-0000-0000-000000000000[318]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 7:32:38.798 PM com.apple.launchd.peruser.501[225]: (com.apple.mdworker.bundles[334]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 7:34:23.054 PM WindowServer[140]: Created shield window 0xf for display 0x1a48a351
8/7/12 7:34:23.059 PM WindowServer[140]: Created shield window 0x10 for display 0x042728c0
8/7/12 7:34:23.161 PM WindowServer[140]: device_generate_desktop_screenshot: authw 0x0(0), shield 0x0(0)
8/7/12 7:34:23.171 PM WindowServer[140]: device_generate_lock_screen_screenshot: authw 0x0(0), shield 0x0(0)
8/7/12 7:34:39.379 PM com.apple.launchd.peruser.501[225]: (com.apple.mdworker.bundles[338]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 7:35:24.000 PM kernel[0]: hibernate image path: /var/vm/sleepimage
8/7/12 7:35:24.000 PM kernel[0]: sizeof(IOHibernateImageHeader) == 512
8/7/12 7:35:24.000 PM kernel[0]: AirPort_Brcm43xx::powerChange: System Sleep
8/7/12 7:35:24.000 PM kernel[0]: kern_open_file_for_direct_io(0) took 88 ms
8/7/12 7:35:24.000 PM kernel[0]: Opened file /var/vm/sleepimage, size 4294967296, partition base 0x0, maxio 400000 ssd 0
8/7/12 7:35:24.000 PM kernel[0]: hibernate image major 1, minor 0, blocksize 512, pollers 4
8/7/12 7:35:24.000 PM kernel[0]: hibernate_alloc_pages flags 00000000, gobbling 0 pages
8/7/12 7:35:24.000 PM kernel[0]: hibernate_setup(0) took 0 ms
8/7/12 7:35:29.000 PM kernel[0]: hibernate_page_list_setall start 0xffffff808325c000, 0xffffff808327b000
8/7/12 7:35:29.000 PM kernel[0]: hibernate_page_list_setall time: 214 ms
8/7/12 7:35:29.000 PM kernel[0]: pages 584829, wire 181477, act 58256, inact 0, cleaned 0 spec 15, zf 1047, throt 0, could discard act 54144 inact 17641 purgeable 8394 spec 263855 cleaned 0
8/7/12 7:35:29.000 PM kernel[0]: hibernate_page_list_setall found pageCount 240795
8/7/12 7:35:29.000 PM kernel[0]: IOHibernatePollerOpen, ml_get_interrupts_enabled 0
8/7/12 7:35:29.000 PM kernel[0]: IOHibernatePollerOpen(0)
8/7/12 7:35:29.000 PM kernel[0]: encryptStart 13230
8/7/12 7:35:29.000 PM kernel[0]: writing 239262 pages
8/7/12 7:35:29.000 PM kernel[0]: encryptEnd a76d800
8/7/12 7:35:29.000 PM kernel[0]: image1Size 0xe3ba800, encryptStart1 0x13230, End1 0xa76d800
8/7/12 7:35:29.000 PM kernel[0]: encryptStart e3ba800
8/7/12 7:35:29.000 PM kernel[0]: encryptEnd 142e4400
8/7/12 7:35:29.000 PM kernel[0]: PMStats: Hibernate write took 4574 ms
8/7/12 7:35:29.000 PM kernel[0]: all time: 4574 ms, comp bytes: 980324352 time: 779 ms 1199 Mb/s, crypt bytes: 275268048 time: 427 ms 614 Mb/s,
8/7/12 7:35:29.000 PM kernel[0]: image 338576384, uncompressed 980324352 (239337), compressed 331378416 (33%), sum1 31fae30e, sum2 b24f226a
8/7/12 7:35:29.000 PM kernel[0]: wired_pages_encrypted 132776, wired_pages_clear 47243, dirty_pages_encrypted 59318
8/7/12 7:35:29.000 PM kernel[0]: hibernate_write_image done(0)
8/7/12 7:35:29.000 PM kernel[0]: sleep
8/7/12 8:22:46.695 PM WindowServer[140]: handle_will_sleep_auth_and_shield_windows: no lock state data
8/7/12 8:22:46.697 PM WindowServer[140]: handle_will_sleep_auth_and_shield_windows: no lock state data
8/7/12 8:22:46.000 PM kernel[0]: Wake reason: EHC2
8/7/12 8:22:46.000 PM kernel[0]: AirPort_Brcm43xx::powerChange: System Wake - Full Wake/ Dark Wake / Maintenance wake
8/7/12 8:22:46.000 PM kernel[0]: Previous Sleep Cause: 5
8/7/12 8:22:46.000 PM kernel[0]: The USB device HubDevice (Port 1 of Hub at 0xfa000000) may have caused a wake by issuing a remote wakeup (2)
8/7/12 8:22:46.000 PM kernel[0]: wlEvent: en1 en1 Link DOWN virtIf = 0
8/7/12 8:22:46.000 PM kernel[0]: AirPort: Link Down on en1. Reason 8 (Disassociated because station leaving).
8/7/12 8:22:46.000 PM kernel[0]: en1::IO80211Interface::postMessage bssid changed
8/7/12 8:22:46.000 PM kernel[0]: en1: 802.11d country code set to 'X0'.
8/7/12 8:22:46.000 PM kernel[0]: en1: Supported channels 1 2 3 4 5 6 7 8 9 10 11 36 40 44 48 52 56 60 64 100 104 108 112 116 120 124 128 132 136 140 149 153 157 161 165
8/7/12 8:22:46.000 PM kernel[0]: The USB device Apple Internal Keyboard / Trackpad (Port 2 of Hub at 0xfa100000) may have caused a wake by issuing a remote wakeup (3)
8/7/12 8:22:46.000 PM kernel[0]: HID tickle 156 ms
8/7/12 8:22:47.685 PM hidd[63]: MultitouchHID: device bootloaded
8/7/12 8:22:49.822 PM configd[19]: network changed: v4(en1-:192.168.1.70) DNS- Proxy- SMB
8/7/12 8:22:49.823 PM configd[19]: setting hostname to "MALORIE-JANASEKs-MacBook-Pro.local"
8/7/12 8:22:49.000 PM kernel[0]: en1: 802.11d country code set to 'US'.
8/7/12 8:22:49.000 PM kernel[0]: en1: Supported channels 1 2 3 4 5 6 7 8 9 10 11 36 40 44 48 52 56 60 64 100 104 108 112 116 120 124 128 132 136 140 149 153 157 161 165
8/7/12 8:22:51.000 PM kernel[0]: MacAuthEvent en1 Auth result for: 00:22:a4:25:0c:d1 MAC AUTH succeeded
8/7/12 8:22:51.000 PM kernel[0]: wlEvent: en1 en1 Link UP virtIf = 0
8/7/12 8:22:51.000 PM kernel[0]: AirPort: Link Up on en1
8/7/12 8:22:51.000 PM kernel[0]: en1: BSSID changed to 00:22:a4:25:0c:d1
8/7/12 8:22:51.000 PM kernel[0]: en1::IO80211Interface::postMessage bssid changed
8/7/12 8:22:51.000 PM kernel[0]: AirPort: RSN handshake complete on en1
8/7/12 8:22:51.955 PM configd[19]: network changed: v4(en1+:192.168.1.70) DNS+ Proxy+ SMB
8/7/12 8:22:51.966 PM UserEventAgent[11]: Captive: en1: Not probing '2WIRE999' (protected network)
8/7/12 8:22:51.970 PM configd[19]: network changed: v4(en1!:192.168.1.70) DNS Proxy SMB
8/7/12 8:22:51.985 PM configd[19]: setting hostname to "tate-s-ipod"
8/7/12 8:22:52.391 PM airportd[346]: _doAutoJoin: Already associated to “2WIRE999”. Bailing on auto-join.
8/7/12 8:22:52.421 PM airportd[346]: _doAutoJoin: Already associated to “2WIRE999”. Bailing on auto-join.
8/7/12 8:22:52.445 PM airportd[346]: _doAutoJoin: Already associated to “2WIRE999”. Bailing on auto-join.
8/7/12 8:23:06.672 PM WindowServer[140]: Received display connect changed for display 0x42728c0
8/7/12 8:23:06.673 PM WindowServer[140]: Received display connect changed for display 0x1a48a351
8/7/12 8:23:06.780 PM WindowServer[140]: Created shield window 0x11 for display 0x1a48a351
8/7/12 8:23:06.780 PM WindowServer[140]: handle_will_sleep_auth_and_shield_windows: no lock state data
8/7/12 8:23:07.333 PM WindowServer[140]: Display 0x1a48a351: GL mask 0x2; bounds (0, 0)[1920 x 1080], 72 modes available
Hardware mirror of 0x42728c0; Main, Active, on-line, enabled, OpenGL-accel, Vendor 469, Model 23f1, S/N 5f11, Unit 1, Rotation 0
UUID 0x00000469000023f100005f1100000000, ColorProfile { 2, "ASUS VH232H"}
8/7/12 8:23:07.334 PM WindowServer[140]: GLCompositor: GL renderer id 0x01022612, GL mask 0x00000003, accelerator 0x00003e6b, unit 0, caps QEX|QGL|MIPMAP, vram 256 MB
texture units 8, texture max 8192, viewport max {8192, 8192}, extensions FPRG|NPOT|GLSL|FLOAT
8/7/12 8:23:07.334 PM WindowServer[140]: Display 0x003f003c: GL mask 0x5; bounds (0, 0)[1 x 1], 1 modes available
Master in mirror set; off-line, enabled, boot, Vendor ffffffff, Model ffffffff, S/N ffffffff, Unit 0, Rotation 0
UUID 0xffffffffffffffffffffffff003f003c, ColorProfile { 3, "Color LCD"}
8/7/12 8:23:07.656 PM WindowServer[140]: Created shield window 0x12 for display 0x1a48a351
8/7/12 8:23:07.656 PM WindowServer[140]: Created shield window 0x13 for display 0x003f003c
8/7/12 8:23:07.657 PM WindowServer[140]: Display added
8/7/12 8:23:07.657 PM WindowServer[140]: Display removed
8/7/12 8:23:07.682 PM WindowServer[140]: Display 0x1a48a351: GL mask 0x2; bounds (0, 0)[1920 x 1080], 72 modes available
Main, Active, on-line, enabled, OpenGL-accel, Vendor 469, Model 23f1, S/N 5f11, Unit 1, Rotation 0
UUID 0x00000469000023f100005f1100000000, ColorProfile { 2, "ASUS VH232H"}
8/7/12 8:23:07.683 PM WindowServer[140]: GLCompositor: GL renderer id 0x01022612, GL mask 0x00000003, accelerator 0x00003e6b, unit 0, caps QEX|QGL|MIPMAP, vram 256 MB
texture units 8, texture max 8192, viewport max {8192, 8192}, extensions FPRG|NPOT|GLSL|FLOAT
8/7/12 8:23:07.683 PM WindowServer[140]: Display 0x003f003c: GL mask 0x5; bounds (2944, 0)[1 x 1], 1 modes available
off-line, enabled, boot, Vendor ffffffff, Model ffffffff, S/N ffffffff, Unit 0, Rotation 0
UUID 0xffffffffffffffffffffffff003f003c, ColorProfile { 3, "Color LCD"}
8/7/12 8:23:08.782 PM WindowServer[140]: **DMPROXY** (2) Found `/System/Library/CoreServices/DMProxy'.
8/7/12 8:23:08.925 PM WindowServer[140]: Display 0x1a48a351: MappedDisplay Unit 1; ColorProfile { 2, "ASUS VH232H"}; TransferFormula (1.000000, 1.000000, 1.000000)
8/7/12 8:23:08.979 PM WindowServer[140]: Display 0x1a48a351: MappedDisplay Unit 1; ColorProfile { 2, "ASUS VH232H"}; TransferFormula (1.000000, 1.000000, 1.000000)
8/7/12 8:23:09.657 PM WindowServer[140]: **DMPROXY** (2) Found `/System/Library/CoreServices/DMProxy'.
8/7/12 8:23:09.691 PM WindowServer[140]: Display 0x1a48a351: MappedDisplay Unit 1; ColorProfile { 2, "ASUS VH232H"}; TransferFormula (1.000000, 1.000000, 1.000000)
8/7/12 8:23:09.708 PM WindowServer[140]: Display 0x1a48a351: MappedDisplay Unit 1; ColorProfile { 2, "ASUS VH232H"}; TransferFormula (1.000000, 1.000000, 1.000000)
8/7/12 8:23:14.978 PM ALSPlugin 235.55[63]: LuxDisplayBacklightManager::updateALSIdleTimer Failed to get current linear brightnes
8/7/12 8:23:45.219 PM SecurityAgent[210]: User info context values set for maloriejanasek
8/7/12 8:23:45.393 PM CVMServer[172]: Check-in to the service com.apple.cvmsCompAgent_x86_64 failed. This is likely because you have either unloaded the job or the MachService has the ResetAtClose attribute specified in the launchd.plist. If present, this attribute should be removed.
8/7/12 8:23:46.856 PM SecurityAgent[210]: Login Window login proceeding
8/7/12 8:23:47.491 PM CVMServer[172]: Check-in to the service com.apple.cvmsCompAgent_x86_64 failed. This is likely because you have either unloaded the job or the MachService has the ResetAtClose attribute specified in the launchd.plist. If present, this attribute should be removed.
8/7/12 8:23:47.506 PM loginwindow[58]: Login Window - Returned from Security Agent
8/7/12 8:23:47.565 PM CVMServer[172]: Check-in to the service com.apple.cvmsCompAgent_x86_64 failed. This is likely because you have either unloaded the job or the MachService has the ResetAtClose attribute specified in the launchd.plist. If present, this attribute should be removed.
8/7/12 8:23:47.636 PM loginwindow[58]: USER_PROCESS: 58 console
8/7/12 8:23:47.714 PM airportd[360]: _doAutoJoin: Already associated to “2WIRE999”. Bailing on auto-join.
8/7/12 8:23:47.784 PM com.apple.launchd.peruser.501[225]: (com.apple.launchctl.Aqua[361]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:47.867 PM com.apple.launchd.peruser.501[225]: (com.apple.ReportCrash) Falling back to default Mach exception handler. Could not find: com.apple.ReportCrash.Self
8/7/12 8:23:47.870 PM com.apple.launchd.peruser.501[225]: (0x7f89b3d004b0.anonymous.loginwindow[58]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:47.872 PM loginwindow[58]: Connection with distnoted server was invalidated
8/7/12 8:23:47.873 PM com.apple.launchd.peruser.501[225]: (com.apple.universalaccessd[362]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:47.876 PM com.apple.launchd.peruser.501[225]: (com.apple.ServiceManagement.LoginItems[363]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:48.046 PM com.apple.launchd.peruser.501[225]: (com.apple.tccd[365]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:48.350 PM WindowServer[140]: **DMPROXY** (2) Found `/System/Library/CoreServices/DMProxy'.
8/7/12 8:23:48.367 PM com.apple.launchd.peruser.501[225]: (com.apple.talagent[369]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:48.367 PM com.apple.launchd.peruser.501[225]: (com.apple.Dock.agent[370]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:48.389 PM com.apple.launchd.peruser.501[225]: (com.apple.SystemUIServer.agent[371]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:48.475 PM WindowServer[140]: Display 0x1a48a351: MappedDisplay Unit 1; ColorProfile { 2, "ASUS VH232H"}; TransferFormula (1.000000, 1.000000, 1.000000)
8/7/12 8:23:48.501 PM com.apple.launchd.peruser.501[225]: (com.apple.Finder[372]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:48.760 PM com.apple.launchd.peruser.501[225]: (com.apple.pboard[374]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:48.854 PM com.apple.launchd.peruser.501[225]: ([0x0-0x30030].activateSettings[375]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:50.667 PM com.apple.launchd.peruser.501[225]: (com.apple.fontd[381]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:51.234 PM com.apple.launchd.peruser.501[225]: (com.apple.NetworkBrowserAgent[384]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:51.329 PM NetworkBrowserAgent[384]: Starting NetworkBrowserAgent
8/7/12 8:23:52.192 PM com.apple.launchd.peruser.501[225]: (com.apple.FontWorker[385]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:52.196 PM com.apple.launchd.peruser.501[225]: (com.apple.cvmsCompAgent_x86_64[386]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:52.267 PM genatsdb[387]: ########## genatsdb Sandboxed. ##########
8/7/12 8:23:52.514 PM com.apple.launchd.peruser.501[225]: (com.apple.UserEventAgent-Aqua[390]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:52.515 PM com.apple.launchd.peruser.501[225]: (com.apple.SocialPushAgent[391]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:52.516 PM com.apple.launchd.peruser.501[225]: (com.apple.parentalcontrols.check[393]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:52.516 PM com.apple.launchd.peruser.501[225]: (com.apple.PCIESlotCheck[392]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:52.518 PM com.apple.launchd.peruser.501[225]: (com.apple.mdmclient.agent[396]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:52.518 PM com.apple.launchd.peruser.501[225]: (com.apple.notificationcenterui.agent[394]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:52.519 PM com.apple.launchd.peruser.501[225]: (com.apple.mrt.uiagent[395]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:52.519 PM com.apple.launchd.peruser.501[225]: (com.apple.isst[397]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:52.519 PM com.apple.launchd.peruser.501[225]: (com.apple.imagent[398]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:52.520 PM com.apple.launchd.peruser.501[225]: (com.apple.helpd[399]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:52.520 PM com.apple.launchd.peruser.501[225]: (com.apple.FTCleanup[400]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:52.520 PM com.apple.launchd.peruser.501[225]: (com.apple.coreservices.appleid.authentication[401]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:52.520 PM com.apple.launchd.peruser.501[225]: (com.apple.warmd_agent[388]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:52.520 PM com.apple.launchd.peruser.501[225]: (com.apple.CalendarAgent[402]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:52.521 PM com.apple.launchd.peruser.501[225]: (com.apple.assistantd[403]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:52.521 PM com.apple.launchd.peruser.501[225]: (com.apple.usernoted[389]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:52.521 PM com.apple.launchd.peruser.501[225]: (com.apple.apsctl[404]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:52.521 PM com.apple.launchd.peruser.501[225]: (com.apple.afpstat-qfa[405]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:52.522 PM com.apple.launchd.peruser.501[225]: (com.rim.BBLaunchAgent[406]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:52.523 PM com.apple.launchd.peruser.501[225]: (com.google.keystone.system.agent[407]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:52.524 PM com.apple.launchd.peruser.501[225]: (com.flipvideo.FlipShareAutoRun[408]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:52.525 PM com.apple.launchd.peruser.501[225]: (com.adobe.AAM.Startup-1.0[410]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:52.525 PM com.apple.launchd.peruser.501[225]: (com.adobe.CS5ServiceManager[409]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:52.991 PM com.apple.launchd.peruser.501[225]: (com.apple.afpstat-qfa[405]) Exited with code: 2
8/7/12 8:23:53.483 PM com.apple.launchd.peruser.501[225]: ([0x0-0x34034].com.flexibits.fantastical[414]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:53.000 PM kernel[0]: CODE SIGNING: cs_invalid_page(0x1000): p=407[GoogleSoftwareUp] clearing CS_VALID
8/7/12 8:23:54.029 PM com.apple.launchd.peruser.501[225]: (com.apple.accountsd[416]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:54.437 PM coreservicesd[37]: SendFlattenedData, got error #268435460 (ipc/send) timed out from ::mach_msg(), sending notification kLSNotifyApplicationCreation to notificationID=166
8/7/12 8:23:54.483 PM WindowServer[140]: CGXDisableUpdate: UI updates were forcibly disabled by application "SystemUIServer" for over 1.00 seconds. Server has re-enabled them.
8/7/12 8:23:54.549 PM WindowServer[140]: reenable_update_for_connection: UI updates were finally reenabled by application "SystemUIServer" after 1.07 seconds (server forcibly re-enabled them after 1.00 seconds)
8/7/12 8:23:54.704 PM com.apple.launchd.peruser.501[225]: ([0x0-0x37037].com.getdropbox.dropbox[417]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:55.351 PM com.apple.launchd.peruser.501[225]: (com.apple.mrt.uiagent[395]) Exited with code: 255
8/7/12 8:23:56.113 PM com.apple.launchd.peruser.501[225]: (com.apple.java.InstallOnDemandAgent[419]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:56.151 PM com.apple.launchd.peruser.501[225]: (com.adobe.CS5ServiceManager[409]) Exited with code: 97
8/7/12 8:23:57.047 PM com.apple.launchd.peruser.501[225]: (com.apple.quicklook[422]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:23:57.524 PM com.apple.launchd.peruser.501[225]: (com.apple.CoreLocationAgent[423]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:24:01.217 PM blued[72]: kBTXPCUpdateUserPreferences gConsoleUserUID = 501
8/7/12 8:24:01.275 PM SystemUIServer[371]: *** WARNING: -[NSImage compositeToPoint:operation:fraction:] is deprecated in MacOSX 10.8 and later. Please use -[NSImage drawAtPoint:fromRect:operation:fraction:] instead.
8/7/12 8:24:01.278 PM SystemUIServer[371]: *** WARNING: -[NSImage compositeToPoint:fromRect:operation:fraction:] is deprecated in MacOSX 10.8 and later. Please use -[NSImage drawAtPoint:fromRect:operation:fraction:] instead.
8/7/12 8:24:01.683 PM GoogleSoftwareUpdateDaemon[426]: -[KeystoneDaemon logServiceState] GoogleSoftwareUpdate daemon (1.1.0.3659) vending:
com.google.Keystone.Daemon.UpdateEngine: 2 connection(s)
com.google.Keystone.Daemon.Administration: 0 connection(s)
8/7/12 8:24:01.771 PM GoogleSoftwareUpdateDaemon[426]: -[KSUpdateEngine updateProductID:] KSUpdateEngine updating product ID: "com.google.Keystone"
8/7/12 8:24:02.038 PM GoogleSoftwareUpdateDaemon[426]: -[KSCheckAction performAction] KSCheckAction checking 1 ticket(s).
8/7/12 8:24:02.473 PM GoogleSoftwareUpdateDaemon[426]: -[KSUpdateCheckAction performAction] KSUpdateCheckAction starting update check for ticket(s): {(
<KSTicket:0x25e1a0
productID=com.google.Keystone
version=1.1.0.3659
xc=<KSPathExistenceChecker:0x25e130 path=/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/>
serverType=Omaha
url=https://tools.google.com/service/update2
creationDate=2011-10-10 19:40:24
>
Using server: <KSOmahaServer:0x554200
engine=<KSDaemonUpdateEngine:0x1050b30>
params={
EngineVersion = "1.1.0.3659";
ActivesInfo = {
"com.google.talkplugin" = {
LastRollCallPingDate = 2012-08-07 07:00:00 +0000;
"com.google.Keystone" = {
LastRollCallPingDate = 2012-08-07 07:00:00 +0000;
LastActivePingDate = 2012-08-07 07:00:00 +0000;
LastActiveDate = 2012-08-08 00:23:58 +0000;
"com.google.Chrome" = {
LastRollCallPingDate = 2012-08-07 07:00:01 +0000;
LastActiveDate = 2012-08-07 18:09:13 +0000;
LastActivePingDate = 2012-08-07 07:00:01 +0000;
UserInitiated = 0;
IsSystem = 1;
OmahaOSVersion = "10.8.0_i486";
Identity = KeystoneDaemon;
AllowedSubdomains = (
".omaha.sandbox.google.com",
".tools.google.com",
".www.google.com",
".corp.google.com"
>
8/7/12 8:24:02.478 PM GoogleSoftwareUpdateDaemon[426]: -[KSUpdateCheckAction performAction] KSUpdateCheckAction running KSServerUpdateRequest: <KSOmahaServerUpdateRequest:0x55a760
server=<KSOmahaServer:0x554200>
url="https://tools.google.com/service/update2"
runningFetchers=0
tickets=1
activeTickets=0
rollCallTickets=0
body=
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<o:gupdate xmlns:o="http://www.google.com/update2/request" protocol="2.0" version="KeystoneDaemon-1.1.0.3659" ismachine="1">
<o:os platform="mac" version="MacOSX" sp="10.8.0_i486"></o:os>
<o:app appid="com.google.Keystone" version="1.1.0.3659" lang="en-us" installage="302" brand="GGLG">
<o:updatecheck></o:updatecheck>
</o:app>
</o:gupdate>
>
8/7/12 8:24:04.563 PM com.apple.launchd.peruser.501[225]: (com.apple.pbs[434]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:24:05.170 PM com.apple.launchd.peruser.501[225]: (com.apple.storeagent[438]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:24:06.890 PM com.apple.launchd.peruser.501[225]: ([0x0-0x3f03f].com.apple.AppleSpell[440]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:24:09.994 PM WindowServer[140]: CGXDisableUpdate: UI updates were forcibly disabled by application "Fantastical" for over 1.00 seconds. Server has re-enabled them.
8/7/12 8:24:12.749 PM com.apple.launchd.peruser.501[225]: (com.apple.FontWorker[449]) Could not setup Mach task special port 8: (os/kern) invalid argument
8/7/12 8:24:13.401 PM GoogleSoftwareUpdateDaemon[426]: -[KSUpdateCheckAction(KSServerUpdateRequestDelegate) serverRequest:fetchedWithResponse:] KSUpdateCheckAction received KSServerUpdateResponse: <KSOmahaServerUpdateResponse:0x25fcc0
server=<KSOmahaServer:0x554200>
url="https://tools.google.com/service/update2"
status=200
tickets=1
activeTickets=0
rollCallTickets=0
data=
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod">
<daystart elapsed_seconds="62653"></daystart>
<app appid="com.google.Keystone" status="ok">
<updatecheck status="noupdate"></updatecheck>
</app>
</gupdate>
>
8/7/12 8:24:15.128 PM GoogleSoftwareUpdateDaemon[426]: -[KSUpdateCheckAction(PrivateMethods) finishAction] KSUpdateCheckAction found updates: {( )}
8/7/12 8:24:15.355 PM GoogleSoftwareUpdateDaemon[426]: -[KSPrefetchAction performAction] KSPrefetchAction no updates to prefetch.
8/7/12 8:24:15.356 PM GoogleSoftwareUpdateDaemon[426]: -[KSMultiUpdateAction performAction] KSSilentUpdateAction had no updates to apply.
8/7/12 8:24:15.358 PM GoogleSoftwareUpdateDaemon[426]: -[KSMultiUpdateAction performAction] KSPromptAction had no updates to apply.
8/7/12 8:24:15.361 PM GoogleSoftwareUpdateDaemon[426]: -[KSUpdateEngine(PrivateMethods) updateFinish] KSUpdateEngine update processing complete.
8/7/12 8:24:15.491 PM GoogleSoftwareUpdateDaemon[426]: -[KSUpdateEngine updateAllProducts] KSUpdateEngine updating all installed products.
8/7/12 8:24:15.494 PM GoogleSoftwareUpdateDaemon[426]: -[KSCheckAction performAction] KSCheckAction checking 2 ticket(s).
8/7/12 8:24:16.731 PM GoogleSoftwareUpdateDaemon[426]: -[KSUpdateCheckAction performAction] KSUpdateCheckAction starting update check for ticket(s): {(
<KSTicket:0x12507f0
productID=com.google.talkplugin
version=3.3.3.8675
xc=<KSPathExistenceChecker:0x124cf80 path=/Library/Application Support/Google/GoogleTalkPlugin.app>
serverType=Omaha
url=https://tools.google.com/service/update2
creationDate=2011-10-10 19:40:24
>,
<KSTicket:0x124cf40
productID=com.google.Keystone
version=1.1.0.3659
xc=<KSPathExistenceChecker:0x1250670 path=/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/>
serverType=Omaha
url=https://tools.google.com/service/update2
creationDate=2011-10-10 19:40:24
>
Using server: <KSOmahaServer:0x10557d0
engine=<KSDaemonUpdateEngine:0x1050b30>
params={
EngineVersion = "1.1.0.3659";
ActivesInfo = {
"com.google.talkplugin" = {
LastRollCallPingDate = 2012-08-07 07:00:00 +0000;
"com.google.Keystone" = {
LastRollCallPingDate = 2012-08-07 07:00:00 +0000;
LastActivePingDate = 2012-08-07 07:00:00 +0000;
LastActiveDate = 2012-08-08 00:23:58 +0000;
"com.google.Chrome" = {
LastRollCallPingDate = 2012-08-07 07:00:01 +0000;
LastActiveDate = 2012-08-07 18:09:13 +0000;
LastActivePingDate = 2012-08-07 07:00:01 +0000;
UserInitiated = 0;
IsSystem = 1;
OmahaOSVersion = "10.8.0_i486";
Identity = KeystoneDaemon;
AllowedSubdomains = (
".omaha.sandbox.google.com",
".tools.google.com",
".www.google.com",
".corp.google.com"
>
8/7/12 8:24:16.733 PM GoogleSoftwareUpdateDaemon[426]: -[KSUpdateCheckAction performAction] KSUpdateCheckAction running KSServerUpdateRequest: <KSOmahaServerUpdateRequest:0x1055d70
server=<KSOmahaServer:0x10557d0>
url="https://tools.google.com/service/update2"
runningFetchers=0
tickets=2
activeTickets=0
rollCallTickets=0
body=
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<o:gupdate xmlns:o="http://www.google.com/update2/request" protocol="2.0" version="KeystoneDaemon-1.1.0.3659" ismachine="1">
<o:os platform="mac" version="MacOSX" sp="10.8.0_i486"></o:os>
<o:app appid="com.google.talkplugin" version="3.3.3.8675" lang="en-us" installage="302" brand="GGLG">
<o:updatecheck></o:updatecheck>
</o:app>
<o:app appid="com.google.Keystone" version="1.1.0.3659" lang="en-us" installage="302" brand="GGLG">
<o:updatecheck></o:updatecheck>
</o:app>
</o:gupdate>
>
8/7/12 8:24:17.831 PM UserEventAgent[390]: cannot find fw daemon port 1102
8/7/12 8:24:19.098 PM GoogleSoftwareUpdateDaemon[426]: -[KSUpdateCheckAction(KSServerUpdateRequestDelegate) serverRequest:fetchedWithResponse:] KSUpdateCheckAction received KSServerUpdateResponse: <KSOmahaServerUpdateResponse:0x565610
server=<KSOmahaServer:0x10557d0>
url="https://tools.google.com/service/update2"
status=200
tickets=2
activeTickets=0
rollCallTickets=0
data=
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-
Default security policy 802.1x
Folks,
I just installed a 2100 controller and added a WLAN. I noticed that the default L2 security policy is 802.1x which is using WEP 104 keys. My question is where do we define the wep key on the controller. does that mean no client will be able to connect to the AP, unless he adds the key to the SSID?Does 802.1x always require a radius server? With a fully redundant network implementation I could see a Windows Radius server being the weakest link.
For port security for a project I am working on I am searching for the best solution. I will shutdown unused ports. Allow only one mac-address (need to learn how to do this). I am also researching the cost effectiveness of implementing 802.1x security.
James -
Physical port security on Cisco switching
We have a security problem I would like to resolve. Like most sites our wired network has live ports that periodically, non corporate PCs and laptops connect up to without our knowledge. In our network we do not filter for valid MAC addresses although Ive learned this is a poor approach to security as MAC can be changed in about 10 seconds.
I would like a solution that would validate corporate systems and let them through the Cisco layer 3 switching and block out all other devices which attempt connection. We do not currently have IDS or IPS and are not likely to in short term.
Is there a hardware or software or combination solution out there that works well for this ?
Thank youSteve
2 solutions spring to mind
1) 802.1x authentication. Microsoft XP/Vista has built in 802.1x supplicant and Cisco switches support Network EAP used to pass the 802.1x messages. What you also need is an authentication server such as Cisco Secure ACS server although Microsoft IAS server also supports 802.1x.
Basically before a client is allowed access to the network they have to authenticate to the network with valid credentials otherwise the port is shutdown.
2) NAC - Network Admission Control. This goes one step further than 1) whereby the client is also checked to see if it conforms to company policy eg. does it have the right virus checker on it etc.. and if it doesn't the client can be quarantined.
A search on Cisco's website for both NAC and 802.1x will provide a lot of useful links.
Jon
Maybe you are looking for
-
how to I get my ipod touch onto my computer with windows 8
-
Web page error (spry widget) photo gallery - Help :(
Hi, I am having an error on my website that states: SpryPanelSet.js requires SpryWidget.js SpryFadingPanels.js requires SpryPanelSet.js SpryImageSlideShow.js requires SpryWidget.js SpryPanelAndZoomPlugin.js requires SpryImageSlideShow.js I have poste
-
OWSM Policy Binding Disabled for proxy/business server with SOAP 1.1
Hi, I am using 11pPS2. In osb, i created a proxy service with soap 1.1. and business proxy with soap 1.1 Now I click Policies tab of each service, In Service Policy Configuration, OWSM Policy Bindings is disabled to choose. So I can't attach any OWSM
-
This may be a silly one for ya but I am having a brain fart now. I am doing a dynamic form where the form questions are created fro a database. The different field names are dynamic variables generated via itererations (++) from the database table. T
-
How do I build an air application from swf?
I have a simple SWF that I have built in FlashPro 5.5 published for AIR 2.6 player It has multi-touch functionality designed for a kiosk installation on MacMini with a magic trackpad when I publish/test (F12) it from SDK, the trackpad functions perfe