Setting the access-list on a IDSM blade
I have a IDSM blade for a 6500 series switch. I need to modify the administrative access-list from the CLI so I can get into it remotely and with CME
I see in the config entries like this
access-list 192.168.100.10/32
I assume this is the section for authorized hosts to access the IDSM
but I can't figure out how to add an entry?
any advice would be great
on the console you can add entries the following way:
in conf-mode:
service host
network-settings
access-list 10.10.10.0/24 ! or whatever you want to add
exit
exit
answer "yes" to apply changes
exit
!(ready)
Sent from Cisco Technical Support iPad App
Similar Messages
-
How to set the output list in alv
hai all,
i have copied the standard alv program into customized and the out put of customized have changed . but the output listy of this customized program is to be changed like standard program . please tell me how to do this i have setting the current layout of it . it will display only for time been whemni come out of that program it will change .Hi,
After changing the layout to desired output. Save the layout and set it as default. Then it will work for every time.
Thanks
Chandra -
Screen size and font size unreadable to set the access permissions for Flash Player.
I can increase my screen view size to make everything appear larger but the screen on Adobe website to manage the use of the Flash Player has very tiny writing that DOES NOT increase in size when I increase the size of my screen view. It is not use user friendly nor compliant with common standards of web pages being accessible for people who have visual disablilities. The font size looks like 6pt.
What does it take to make this giant company allow the window size of the settings to be enlarged or magnified?They will stay on the screen. However, Process Monitor is only intended for advanced users. It is recommended that users try to navigate to the troublesome registry key using regedit, and see if they can access it or not without an error. This is far easier than trying to use Process Monitor, which is very complicated.
I used Process Monitor to confirm that it was just that key which was causing the problem, and not others. Process Monitor is not to be confused with the new Resource Monitor which is accessible via Task Manager in Windows 7 (and possibly Vista). If you must experiment (and Process Monitor is very useful for diagnosing many deep-level problems if you know what you're looking for) Process Monitor can be downloaded from here:
http://technet.microsoft.com/en-us/sysinternals/bb896645
It replaces the older Sysinternals "FileMon" and "RegMon". For those interested in the technical side, I had to setup a number of filters to be able to get the results display as in the screenshot. First of all to just show Registry events. Then to just show events from the manual Flash activeX installer executable. The I added a filter to show only non-successfull results. And finally, for the purposes of the screenshot, added a filter to just show those with "Access Denied", since other non-critical errors are also picked up due to missing keys because installation has not yet been fully completed I guess. When experimenting, most of these filters were applied using the "is not" boolean logic, which will make sense if you experiment with the program.
Without adding any filters, it picks up so many events (hundreds per second) that it's otherwise unusable. e.g. 40,000 events within the first few seconds of opening the program. For this reason, I recommend simply using Regedit to diagnose the problem with the particular Flash registry key. -
How many computers can be written into the access list?
I remember the old ABS allowed pretty many computers, much over the normal amount of 20. Does anybody know how many computers can be written into the new ABSE n?
Please be aware that MAC address filtering (access control) provides no security at all. All of the wireless traffic is sent unencrypted allowing anyone monitoring it to read your data.
MAC address filtering ONLY prevents unlisted MAC addresses from connecting to your base station. However the MAC addresses are broadcast between connected clients and the base station. Therefore anyone monitoring your wireless traffic can learn the allowed MAC addresses. After they learn an allowed MAC address, they can clone that address and connect to your base station. -
I have a 3rd generation iPod Touch and just did the update to IOS 5. Now I can't connect to my Netgear wifi router. My iPhone connects fine along with all of my other laptops etc. I have the router set with WPA-PSK [TKIP] security and an access list. I've confirmed the mac address is included on that list and that the password is correct. Under choses netwrok I select the network and it just goes into a spin. I have tried removing the password and the access list settings and it still will not complete the connection to the router thus no internet access. The routers firmware is also up to date. This thing worked fine before this update and I've already tried to restore from backup. Any ideas or is the wifi nic bad in this thing with the new apple firmware update? Any fix?
Thanks Bob, I don't know why but it all of a sudden worked a few days later. It's a mystery but at least problem solved.
-
IP address is not on the target's allowable access list.
when trying to deploy a lvlib or downloading code from a PC to a FP controller I get this error message "Access denied: This host computer's IP address is not on the target's allowable access list.". I have added the PC's IP address from within Max on the access list of the FP target (althoug default is full access to everyone). This did not help, I still get the same error message. Both systems are on the same IP segment.
sincerely
søren h. jensenHello,
Short of time right now, but I had the same problem: Here is a dump of my own notes on how I solved the pbolem (not necessary to reinstall software):
I attempted to update these data with Measurement & Automation Explorer (MAX) using the "FieldPoint Access Control" panel in MAX: I set "*" and Read/Write and pressed "Apply": MAX Claims it has updated the Access Rightsm, but we are still unable to Deploy the CFP from the Project Explorer.
SOLUTION:
Use WS_FTP-PRO (or any FTP Client) and access the IP Address of the FieldPoint using anonymous login.
Transfer the file ni-rt.ini from the root of c:\ on the Fieldpoint to the local PC and edit the settings as shown below.
FTP the file back to the Fieldpoint.
Set the following settings in "server.tcp.access" and "RTTarget.IPAccess":
server.tcp.access=""+*""
NOTE: Double Quotes here
RTTarget.IPAccess="+*"
NOTE: Single Quotes here
+* means every IP address can access.
It turned out that MAX had left the following (probably illegal) values in the fields:
"""" and ""
Geir Ove -
Avpair on the end of access-list
Hello,
It is possible, on router web authentication (or proxy authentication), to add the avpairs received from a radius server (the aaa), on the end of the access-list, instead of on the beggining?
Tanks.
Pisco
Universidade do Algarve
PortugalThanks to Frank and Kevin
Kevin
Let me see if i got it.
When i create the 2 LOV through a query, you said i should use a bind variable in the where clause of that query and the value of that variable would be the value selected of the first LOV, right? Then, How and where can i set an automatic refresh to yes?
In order to do query, i still need to have the information needed (country, states, cities) stored on a table? if not, what other way i can get the information and populate the lists?
Frank,
i guess i should detect a list change with the trigger when-list-changed. Am i right?
I still have to stored all the information eithr on a database or on a record group, am i right?
Which would be a better way to do it?
Thanks -
A possible bug related to the Cisco ASA "show access-list"?
We encountered a strange problem in our ASA configuration.
In the "show running-config":
access-list inside_access_in remark CM000067 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:http_access
access-list inside_access_in remark CM000458 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:https_access
access-list inside_access_in remark test 11111111111111111111111111 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security
access-list inside_access_in extended permit tcp host 1.1.1.1 host 192.168.20.86 eq 81 log
access-list inside_access_in remark CM000260 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:netbios-dgm
access-list inside_access_in remark CM006598 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:netbios-ns
access-list inside_access_in remark CM000220 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:netbios-ssn
access-list inside_access_in remark CM000223 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:tcp/445
access-list inside_access_in extended permit tcp 172.31.254.0 255.255.255.0 any eq www log
access-list inside_access_in extended permit tcp 172.31.254.0 255.255.255.0 any eq https log
access-list inside_access_in extended permit udp 172.31.254.0 255.255.255.0 any eq netbios-dgm log
access-list inside_access_in extended permit udp 172.31.254.0 255.255.255.0 any eq netbios-ns log
access-list inside_access_in extended permit tcp 172.31.254.0 255.255.255.0 any eq netbios-ssn log
access-list inside_access_in extended permit tcp 172.31.254.0 255.255.255.0 any eq 445 log
access-list inside_access_in remark CM000280 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:domain
access-list inside_access_in extended permit tcp object 172.31.254.2 any eq domain log
access-list inside_access_in extended permit udp object 172.31.254.2 any eq domain log
access-list inside_access_in remark CM000220 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:catch_all
access-list inside_access_in extended permit ip object 172.31.254.2 any log
access-list inside_access_in remark CM0000086 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:SSH_internal
access-list inside_access_in extended permit tcp 172.31.254.0 255.255.255.0 interface inside eq ssh log
access-list inside_access_in remark CM0000011 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:PortRange
access-list inside_access_in extended permit object TCPPortRange 172.31.254.0 255.255.255.0 host 192.168.20.91 log
access-list inside_access_in remark CM0000012 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:FTP
access-list inside_access_in extended permit tcp object inside_range range 1024 45000 host 192.168.20.91 eq ftp log
access-list inside_access_in remark CM0000088 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:PortRange
access-list inside_access_in extended permit ip 192.168.20.0 255.255.255.0 any log
access-list inside_access_in remark CM0000014 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:DropIP
access-list inside_access_in extended permit ip object windowsusageVM any log
access-list inside_access_in extended permit ip any object testCSM-object
access-list inside_access_in extended permit ip 172.31.254.0 255.255.255.0 any log
access-list inside_access_in remark CM0000065 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:IP
access-list inside_access_in extended permit ip host 172.31.254.2 any log
access-list inside_access_in remark CM0000658 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security
access-list inside_access_in extended permit tcp host 192.168.20.95 any eq www log
In the "show access-list":
access-list inside_access_in line 1 remark CM000067 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:http_access
access-list inside_access_in line 2 remark CM000458 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:https_access
access-list inside_access_in line 3 remark test 11111111111111111111111111 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security
access-list inside_access_in line 4 extended permit tcp host 1.1.1.1 host 192.168.20.86 eq 81 log informational interval 300 (hitcnt=0) 0x0a 3bacc1
access-list inside_access_in line 5 remark CM000260 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:netbios-dgm
access-list inside_access_in line 6 remark CM006598 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:netbios-ns
access-list inside_access_in line 7 remark CM000220 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:netbios-ssn
access-list inside_access_in line 8 remark CM000223 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:tcp/445
access-list inside_access_in line 9 extended permit tcp 172.31.254.0 255.255.255.0 any eq www log informational interval 300 (hitcnt=0) 0x06 85254a
access-list inside_access_in line 10 extended permit tcp 172.31.254.0 255.255.255.0 any eq https log informational interval 300 (hitcnt=0) 0 x7e7ca5a7
access-list inside_access_in line 11 extended permit udp 172.31.254.0 255.255.255.0 any eq netbios-dgm log informational interval 300 (hitcn t=0) 0x02a111af
access-list inside_access_in line 12 extended permit udp 172.31.254.0 255.255.255.0 any eq netbios-ns log informational interval 300 (hitcnt =0) 0x19244261
access-list inside_access_in line 13 extended permit tcp 172.31.254.0 255.255.255.0 any eq netbios-ssn log informational interval 300 (hitcn t=0) 0x0dbff051
access-list inside_access_in line 14 extended permit tcp 172.31.254.0 255.255.255.0 any eq 445 log informational interval 300 (hitcnt=0) 0x7 b798b0e
access-list inside_access_in line 15 remark CM000280 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:domain
access-list inside_access_in line 16 extended permit tcp object 172.31.254.2 any eq domain log informational interval 300 (hitcnt=0) 0x6c416 81b
access-list inside_access_in line 16 extended permit tcp host 172.31.254.2 any eq domain log informational interval 300 (hitcnt=0) 0x6c416 81b
access-list inside_access_in line 17 extended permit udp object 172.31.254.2 any eq domain log informational interval 300 (hitcnt=0) 0xc53bf 227
access-list inside_access_in line 17 extended permit udp host 172.31.254.2 any eq domain log informational interval 300 (hitcnt=0) 0xc53bf 227
access-list inside_access_in line 18 remark CM000220 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:catch_all
access-list inside_access_in line 19 extended permit ip object 172.31.254.2 any log informational interval 300 (hitcnt=0) 0xd063707c
access-list inside_access_in line 19 extended permit ip host 172.31.254.2 any log informational interval 300 (hitcnt=0) 0xd063707c
access-list inside_access_in line 20 remark CM0000086 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:SSH_internal
access-list inside_access_in line 21 extended permit tcp 172.31.254.0 255.255.255.0 interface inside eq ssh log informational interval 300 (hitcnt=0) 0x4951b794
access-list inside_access_in line 22 remark CM0000011 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:PortRange
access-list inside_access_in line 23 extended permit object TCPPortRange 172.31.254.0 255.255.255.0 host 192.168.20.91 log informational interval 300 (hitcnt=0) 0x441e6d68
access-list inside_access_in line 23 extended permit tcp 172.31.254.0 255.255.255.0 host 192.168.20.91 range ftp smtp log informational interval 300 (hitcnt=0) 0x441e6d68
access-list inside_access_in line 24 remark CM0000012 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:FTP
access-list inside_access_in line 25 extended permit tcp object inside_range range 1024 45000 host 192.168.20.91 eq ftp log informational interval 300 0xe848acd5
access-list inside_access_in line 25 extended permit tcp range 12.89.235.2 12.89.235.5 range 1024 45000 host 192.168.20.91 eq ftp log informational interval 300 (hitcnt=0) 0xe848acd5
access-list inside_access_in line 26 extended permit ip 192.168.20.0 255.255.255.0 any log informational interval 300 (hitcnt=0) 0xb6c1be37
access-list inside_access_in line 27 remark CM0000014 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:DropIP
access-list inside_access_in line 28 extended permit ip object windowsusageVM any log informational interval 300 (hitcnt=0) 0x22170368
access-list inside_access_in line 28 extended permit ip host 172.31.254.250 any log informational interval 300 (hitcnt=0) 0x22170368
access-list inside_access_in line 29 extended permit ip any object testCSM-object (hitcnt=0) 0xa3fcb334
access-list inside_access_in line 29 extended permit ip any host 255.255.255.255 (hitcnt=0) 0xa3fcb334
access-list inside_access_in line 30 extended permit ip 172.31.254.0 255.255.255.0 any log informational interval 300 (hitcnt=0) 0xe361b6ed
access-list inside_access_in line 31 remark CM0000065 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:IP
access-list inside_access_in line 32 extended permit ip host 172.31.254.2 any log informational interval 300 (hitcnt=0) 0xed7670e1
access-list inside_access_in line 33 remark CM0000658 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security
access-list inside_access_in line 34 extended permit tcp host 192.168.20.95 any eq www log informational interval 300 (hitcnt=0) 0x8d07d70b
There is a comment in the running config: (line 26)
access-list inside_access_in remark CM0000088 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:PortRange
This comment is missing in "show access-list". So in the access list, for all the lines after this comment, the line number is no longer correct. This causes problem when we try to use line number to insert a new rule.
Has anybody seen this problem before? Is this a known problem? I am glad to provide more information if needed.
Thanks in advance.
show version:
Cisco Adaptive Security Appliance Software Version 8.4(4)1
Device Manager Version 7.1(3)
Compiled on Thu 14-Jun-12 11:20 by builders
System image file is "disk0:/asa844-1-k8.bin"
Config file at boot was "startup-config"
fmciscoasa up 1 hour 56 mins
Hardware: ASA5505, 512 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW016 @ 0xfff00000, 2048KB
Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.06
Number of accelerators: 1Could be related to the following bug:
CSCtq12090: ACL remark line is missing when range object is configured in ACL
Fixed in 8.4(6), so update to a newer version and observe it again.
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni -
Help: set the list item when scrollbar scrolls
i need help regording how to set the listbox list item to be selected (i.e. item to be highlighted) when the vertical scrollbar scrolls.
Hi Shreyas,
You can insert the code below into the NewForm.aspx page of the list via a Script Editor web part:
<script type="text/javascript">
_spBodyOnLoadFunctionNames.push("ready");
function ready()
//12/04/2015 - 18/04/2015
var sd = "";
var ed = "";
var d = new Date();
//get start date of the week
d.setDate(d.getDate() - d.getDay());
sd = convertDate(d);
//get end date of the week
d.setDate(d.getDate() + (6 - d.getDay()));
ed = convertDate(d);
//populate the string into the Title field
var title = document.querySelector("input[title='Title']");
title.value = sd+" - "+ed;
function convertDate(inputFormat) {
function pad(s) { return (s < 10) ? '0' + s : s; }
var d = new Date(inputFormat);
return [pad(d.getDate()), pad(d.getMonth()+1), d.getFullYear()].join('/');
</script>
It will populate the “Title” field with the text like “12/04/2015 - 18/04/2015” based on current date when adding a new item in this list in the NewForm.aspx page:
Here are two links about how to add code into page via Content Editor Web Part:
http://blogs.msdn.com/b/sharepointdev/archive/2011/04/14/using-the-javascript-object-model-in-a-content-editor-web-part.aspx
http://sharepointadam.com/2010/08/31/insert-javascript-into-a-content-editor-web-part-cewp/
Thanks
Patrick Liang
TechNet Community Support
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
[email protected] -
Need to understand the nat with access-list
Please let me know what it means as it is configured on our ASA
global (mtaas) 5 10.224.128.4
nat (outside) 5 access-list EXIDE-MTAAS-PAT
access-list EXIDE-MTAAS-PAT extended permit ip host 1.1.1.4 host 10.224.128.250
access-list EXIDE-MTAAS-PAT extended permit ip 10.0.0.0 255.0.0.0 host 10.224.128.250
access-list EXIDE-MTAAS-PAT extended permit ip host 1.1.1.4 host 10.224.128.244
access-list EXIDE-MTAAS-PAT extended permit ip 10.0.0.0 255.0.0.0 host 10.224.128.244Hi,
The configuration you mention in your post does the following:
Its a Policy PAT for traffic entering from networks behind "outside" to networks behind "mtaas"
Traffic that matches the access-list will get PAT translated (Port Address Translation) to the IP address of 10.224.128.4
The access-list tells what traffic needs to be translatedIn this case ANY IP traffic coming from source networks 10.0.0.0/8 and 1.1.1.4/32 will get translated WHEN they try to connect to the hosts 10.224.128.250 and 10.224.128.244
This Policy PAT configuration looks like a configuration for some VPN connection you have on the firewall. Its made so that the connections taken from the VPN connection get PATed to an IP address thats part of the destination network.
- Jouni -
Is correct the next access list?
I have the next vlan configuration:
interface Vlan1
ip address 172.23.8.1 255.255.252.0
no ip unreachables
no ip directed-broadcast
interface Vlan5
ip address 172.23.60.1 255.255.255.0
no ip unreachables
no ip directed-broadcast
In the Vlan 1 I Have the Server 172.23.11.24 and I need that the Ip address of the PLC 172.23.60.1-15 (VLan 5) communicate with the Server 172.23.11.24 (Vlan 1) only and with the ports TCP and UPD specific.
The SERVER 172.23.11.24 should be connected with the remainder of the network and with the Ports TCP and UDP that be required to have communication 172.23.60.1-5
In Attachment are the listing of ports and protoclos TCP / UDP of the Applications that run in the SERVER and the ones that handles the PLC. This information was supplied by Rockwell
In the Board 1788-ENBT is the PLC that are utilizing and the Remainder are applications that run in the Servant, except 17xx that are models of PLc.
I am going to configure the following list of access, ?This correct one?
interface Vlan5
ip address 172.23.60.1 255.255.255.0
ip access-group Control_Plc_Sub_electricas in
no ip unreachables
no ip directed-broadcast
ip access-list extended Control_Plc_Sub_electricas
permit tcp 172.23.60.0 0.0.0.15 host 172.23.11.24 eq 44818
permit udp 172.23.60.0 0.0.0.15 host 172.23.11.24 eq 44818
permit tcp host 172.23.11.24 172.23.60.0 0.0.0.15 eq 44818
permit udp host 172.23.11.24 172.23.60.0 0.0.0.15 eq 44818
permit udp host 172.23.11.24 172.23.60.0 0.0.0.15 eq 2222
permit tcp 172.23.60.0 0.0.0.15 host 172.23.11.24 eq 27000
permit tcp 172.23.60.0 0.0.0.15 host 172.23.11.24 eq 1234
permit tcp 172.23.60.0 0.0.0.15 host 172.23.11.24 eq 1330
permit tcp 172.23.60.0 0.0.0.15 host 172.23.11.24 eq 1331
permit tcp 172.23.60.0 0.0.0.15 host 172.23.11.24 eq 1332
permit tcp 172.23.60.0 0.0.0.15 host 172.23.11.24 eq 3060
permit tcp 172.23.60.0 0.0.0.15 host 172.23.11.24 eq 6543
permit tcp 172.23.60.0 0.0.0.15 host 172.23.11.24 eq 7600
permit tcp 172.23.60.0 0.0.0.15 host 172.23.11.24 eq 7700
permit tcp 172.23.60.0 0.0.0.15 host 172.23.11.24 eq 7710
permit tcp 172.23.60.0 0.0.0.15 host 172.23.11.24 eq 7720
permit tcp 172.23.60.0 0.0.0.15 host 172.23.11.24 eq 7721
permit tcp 172.23.60.0 0.0.0.15 host 172.23.11.24 eq 7722
permit tcp 172.23.60.0 0.0.0.15 host 172.23.11.24 eq 7723
permit tcp 172.23.60.0 0.0.0.15 host 172.23.11.24 eq 135Hello,
When checking your access list, it seems to me that the access-list is used as "in" for VLAN 5, i.e. "in" towards the VLAN.
I understand this to be traffic from the PLCs towards the switch.
Therefore the lines starting with "permit tcp/udp host 172.23.11.24" seem unnecessary, as no such traffic will enter the switch via vlan 5 (unless vlan 5 is also defined on a trunk towards some other switch behind which the server is situated.
If you want to control outgoing traffic also, a separate access-list is needed.
You can apply this list in the outgoing direction on Vlan 5, or, alternately, develop an access list for the incoming vlan where the server is situated. -
I set an access control on all my computers by mistake, how do I reset it?
I thought I was restricting my child from accessing the internet, but I locked myself and my whole family out of the time capsule router. I set the access to weekends between 9 am and Noon. Do I have to wait until next weekend to reset everything? The time capsule is on, shows green, but does not show up in any device. I am trying to get into settings, but it does not recognize my password! It keeps locking me out!!! I tried a soft reset of the time capsule, but it won't let me in to change settings! HELP!
I am running two macbook pros, one being the primary system, two iPads, a pc desktop, a chromebook, and an iPod if any of that helps. I am writing this at a neighbors.
Any ideas would be greatly appreciated.
Thanks in advance......It is possible, but you will have to identify the MAC Address or AirPort ID of these devices that you want to assign specific allowed connection times, and I know of no way to do this other than by process of elimination
So, you have to turn off all wireless devices except your MacBook, open AirPort Utility, and see what the ID is for your MacBook and write that down for reference.
Then start up the Chromebook and find that ID, then the second MacBook, IPod, and Kindle one at at time. You are looking for a 12 character ID in the form of xx : xx : xx : xx : xx : xx.
What operating system is your MacBook using so we can provide more tips on how to do this?
Once you have a list of all the correct IDs or MAC Addresses for devices that you want to control, you can set up connection rules for each of these separate devices.
The devices that do not have rules will be able to connect to the network at all times...or they will be governed by the first default rule if you change that from Unlimited to something else. -
Access List and Conflict Resolution Problem!
My configuration for Allow and Deny is not allowing me to load images and CSS files through the gateway on a URLScraper channel.
I'm trying to figure out how to control access to resources using the Access List service, and I'm running into trouble. The Sun ONE Portal Server, Secure Remote Access 6.0 Administrator's Guide (Doc 816-6421-10) states:
Setting the Conflict Resolution Level
You can set the priority level for the dynamic attributes. If a user inherits multiple attribute templates, say from an organization and a role assignment, and there is a template conflict between the attributes in the two templates, the template with the highest priority is inherited. There are seven settings available ranging from Highest to Lowest.
See the Administration Guide, iPlanet Directory Server Access Management Edition for more details on conflict resolution.
Unfortunately the referenced Adminstration Guide for DSAME contains exactly 0 occurances of the word "conflict" in its 136 pages, so that reference was less than helpful. Chapter 17 of that document (Doc 816-5620-10) describes URL Policy Agent Attributes, which sheds some light on what the URL Deny and URL Allow settings mean. The key sentence is, "An empty Deny list will allow only those resources that are allowed by the Allow list."
So, I've set up my Access List services as follows:
o URL Deny is blank on all Access Lists
o URL Allow set as follows
---- isp
------- http://portal.acme.com/portal/* (company name changed to protect the guilty!)
---- acme.com organization
------- Conflict Resolution: Highest
------- http://portal.acme.com/portal/* (same as above)
---- Acme Customers Role - shared role for all Acme customers
------- Conflict Resolution: Medium
------- http://www.acme.com/*
------- http://support.acme.com/*
------- http://support2.acme.com/*
---- RoadRunner role - specific role for a specific customer
------- Conflict Resolution: Medium
------- http://roadrunnerinfo.acme.com/*
The Desktop services in each of the above two roles includes channels from the hosts in the URL Allow lists.
The behavior I'm seeing with this configuration is that the desktop channels include information from the scraped HTML, and the URLs are rewritten for the included images and CSS files and such. However, the gateway is denying access to the images referenced by the rewritten URL. That is, an image with a URL of https://portal.acme.com/http://roadrunnerinfo.acme.com/images/green.gif shows up as a broken image on the desktop. Attempting to access the URL to the image directly results in an "Access to this resource is denied !! Contact your administrator" error message.
If I set the conflict resolution on the acme.corp organization to Medium (or anything lower than the two role conflict resolution levels) results in the same error message as soon as the customer logs in (no desktop rendered). The same error occurs if I set the conflict resolution in the two roles to Highest (same as the top level organization), again with no desktop rendered on login.
If I put all the above referenced URLs in the acme.com organization Access List service, then I am successfully able to fetch all the resources (images, CSS, etc.) in the URLScraper HTML. Likewise if I put "*" in that Access List. However, this is less than ideal, as it would potentially allow other customers to view data that isn't theirs (Wile E. Coyote user should not be able to get to Road Runner data, and vice versa, and neither one of them should get at Acme private information!).
So, what am I doing wrong? Also, does anyone have any leads on where I can read up on how Access Lists and conflict resolution are supposed to work, since Sun neglected to include a valid reference in the Administrator's Guide, Portal Server 6.0 SRA?
Thanks!
-mattDid you ever get anywhere with this. My experiments seem to inidicate that you cannot successfully combine Access and Deny directives, across roles or organizational defaults and a role.
-
Port Forwarding & Access List Problems
Good morning all,
I am trying to set up port forwarding for a Webserver we have hosted here on ip: 192.168.0.250 - I have set up access lists, and port forwarding configurations and I can not seem to access the server from outside the network. . I've included my config file below, any help would be greatly appreciated! I've researched a lot lately but I'm still learning. Side note: I've replaced the external ip address with 1.1.1.1.
I've added the bold lines in the config file below in hopes to forward port 80 to 192.168.0.250 to no avail. You may notice I dont have access-list 102 that i created on any interfaces. This is because whenever I add it to FastEthernet0/0, our internal network loses connection to the internet.
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname pantera-office
boot-start-marker
boot-end-marker
no logging buffered
enable secret 5 $1$JP.D$6Oky5ZhtpOAbNT7fLyosy/
aaa new-model
aaa authentication login default local
aaa session-id common
dot11 syslog
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1 192.168.0.150
ip dhcp excluded-address 192.168.0.251 192.168.0.254
ip dhcp pool private
import all
network 192.168.0.0 255.255.255.0
dns-server 8.8.8.8 8.8.4.4
default-router 192.168.0.1
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip domain name network.local
multilink bundle-name authenticated
crypto pki trustpoint TP-self-signed-4211276024
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4211276024
revocation-check none
rsakeypair TP-self-signed-4211276024
crypto pki certificate chain TP-self-signed-4211276024
certificate self-signed 01
3082025A 308201C3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34323131 32373630 3234301E 170D3132 30383232 32303535
31385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32313132
37363032 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B381 8073BAC2 C322B5F5 F9595F43 E0BE1A27 FED75A75 68DFC6DD 4C062626
31BFC71F 2C2EF48C BEC8991F 2FEEA980 EA5BC766 FEBEA679 58F15020 C5D04881
1D6DFA74 B49E233A 8D702553 1F748DB5 38FDA3E6 2A5DDB36 0D069EF7 528FEAA4
93C5FA11 FBBF9EA8 485DBF88 0E49DF51 F5F9ED11 9CF90FD4 4A4E572C D6BE8A96
D61B0203 010001A3 8181307F 300F0603 551D1301 01FF0405 30030101 FF302C06
03551D11 04253023 82217061 6E746572 612D6F66 66696365 2E70616E 74657261
746F6F6C 732E6C6F 63616C30 1F060355 1D230418 30168014 31F245F1 7E3CECEF
41FC9A27 62BD24CE F01819CD 301D0603 551D0E04 16041431 F245F17E 3CECEF41
FC9A2762 BD24CEF0 1819CD30 0D06092A 864886F7 0D010104 05000381 8100604D
14B9B30B D2CE4AC1 4E09C4B5 E58C9751 11119867 C30C7FDF 7A02BDE0 79EB7944
82D93E04 3D674AF7 E27D3B24 D081E689 87AD255F B6431F94 36B0D61D C6F37703
E2D0BE60 3117C0EC 71BB919A 2CF77604 F7DCD499 EA3D6DD5 AB3019CA C1521F79
D77A2692 DCD84674 202DFC97 D765ECC4 4D0FA1B7 0A00475B FD1B7288 12E8
quit
username pantera privilege 15 password 0 XXXX
username aneuron privilege 15 password 0 XXXX
archive
log config
hidekeys
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key xxxx address 2.2.2.2
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to 2.2.2.2
set peer 2.2.2.2
set transform-set ESP-3DES-SHA
match address 100
interface FastEthernet0/0
description $ETH-WAN$
ip address 2.2.2.2 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map SDM_CMAP_1
interface FastEthernet0/1
description $ETH-LAN$
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
interface Serial0/0/0
no ip address
shutdown
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 1.1.1.1
no ip http server
ip http authentication local
no ip http secure-server
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.0.254 20 1.1.1.1 20 extendable
ip nat inside source static tcp 192.168.0.254 21 1.1.1.1 21 extendable
ip nat inside source static tcp 192.168.0.252 22 1.1.1.1 22 extendable
ip nat inside source static tcp 192.168.0.252 25 1.1.1.1 25 extendable
ip nat inside source static tcp 192.168.0.250 80 1.1.1.1 80 extendable
ip nat inside source static tcp 192.168.0.252 110 1.1.1.1 110 extendable
ip nat inside source static tcp 192.168.0.250 443 1.1.1.1 443 extendable
ip nat inside source static tcp 192.168.0.252 587 1.1.1.1 587 extendable
ip nat inside source static tcp 192.168.0.252 995 1.1.1.1 995 extendable
ip nat inside source static tcp 192.168.0.252 8080 1.1.1.1 8080 extendable
ip nat inside source static tcp 192.168.0.249 8096 1.1.1.1 8096 extendable
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 remark CCP_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.0.0 0.0.0.255 10.0.100.0 0.0.0.255
access-list 101 remark CCP_ACL Category=2
access-list 101 remark IPSec Rule
access-list 101 deny ip 192.168.0.0 0.0.0.255 10.0.100.0 0.0.0.255
access-list 101 permit ip 192.168.0.0 0.0.0.255 any
access-list 102 remark Web Server ACL
access-list 102 permit tcp any any
snmp-server community public RO
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps ds1
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps envmon
snmp-server enable traps flash insertion removal
snmp-server enable traps icsudsu
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps ds0-busyout
snmp-server enable traps ds1-loopback
snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config
snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up
snmp-server enable traps disassociate
snmp-server enable traps deauthenticate
snmp-server enable traps authenticate-fail
snmp-server enable traps dot11-qos
snmp-server enable traps switch-over
snmp-server enable traps rogue-ap
snmp-server enable traps wlan-wep
snmp-server enable traps bgp
snmp-server enable traps cnpd
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps entity
snmp-server enable traps resource-policy
snmp-server enable traps event-manager
snmp-server enable traps frame-relay multilink bundle-mismatch
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps msdp
snmp-server enable traps mvpn
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface-old
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps pppoe
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps syslog
snmp-server enable traps l2tun session
snmp-server enable traps l2tun pseudowire status
snmp-server enable traps vtp
snmp-server enable traps aaa_server
snmp-server enable traps atm subif
snmp-server enable traps firewall serverstatus
snmp-server enable traps isakmp policy add
snmp-server enable traps isakmp policy delete
snmp-server enable traps isakmp tunnel start
snmp-server enable traps isakmp tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps ipsla
snmp-server enable traps rf
route-map SDM_RMAP_1 permit 1
match ip address 101
control-plane
line con 0
logging synchronous
line aux 0
line vty 0 4
scheduler allocate 20000 1000
end
Any/All help is greatly appreciated! I'm sorry if I sound like a newby!
-EvanHello,
According to the config you posted 2.2.2.2 is your wan ip address and 1.1.1.1 is the next hop address for your wan connection. The ip nat configuration for port forwarding should look like
Ip nat inside source static tcp 192.168.0.250 80 2.2.2.2 80
If your provider assigns you a dynamic ipv4 address to the wan interface you can use
Ip nat inside source static tcp 192.168.0.250 80 interface fastethernet0/0 80
Verify the settings with show ip nat translation.
Your access list 102 permits only tcp traffic. If you apply the acl to an interface dns won't work anymore (and all other udp traffic). You might want to use a statefull firewall solution like cbac or zbf combined with an inbound acl on the wan interface.
Best Regards
Lukasz -
I was looking at the settings and turn on the phone setting where a voice says the fuction and i cant get back to it to turn it off. i cant scroll to get back to the setting to turn it off.
1. Triple-click the line below to select it:
~/.Trash
2. Right-click or control-click the highlighted line and select
Services ▹ Show Info
from the contextual menu.* An Info dialog should open.
3. The dialog should show "You can read and write" in the Sharing & Permissions section. If that's not what it shows, click the padlock icon in the lower right corner of the window and enter your password when prompted. Use the plus- and minus-sign buttons to give yourself Read & Write access and "everyone" No Access. Delete any other entries in the access list.
4. In the General section, uncheck the box marked Locked if it's checked.
5. From the action menu (gear icon) at the bottom of the dialog, select Apply to enclosed items and confirm.
6. Close the Info window and test.
*If you don't see the contextual menu item, copy the selected text to the Clipboard (command-C). Open a TextEdit window and paste into it (command-V). Select the line you just pasted and continue as above.
Remove the Norton/Symantec product by following the instructions on either of these pages:
Uninstalling your Norton product for Mac
Removing Symantec programs for Macintosh
If you have a different version of the product, the procedure may be different. Back up all data before making any changes.
From the Safari menu bar, select
Safari ▹ Preferences... ▹ Privacy ▹ Remove All Website Data
and confirm. Consider installing an ad-blocker and/or a selective cookie block such as the "Ghostery" Safari extension.
Maybe you are looking for
-
Issues :- after creating sales order mail goes to customer
Hello everybody , my requriment is that after creating the sales order , the sales order number goes to the customer so how can i solve this requriment i tryed to find out user-exit but i didn't get proper EXIT point . please help me out ASAP
-
Error message during BEx analyzer execute
Using BEx analyzer, system show error message like below: Variable 0P_FVAEX could not be replaced; Program error in class SAPMSSY1 mehtod: UNCAUGHT_EXCEPTION System error in program CL_RSR_REQUEST and form TEXT_ELEMENTS_GET:VARIABLES_SUBMIT(see long
-
How to create a linked server to SQL in Oracle?
I am able to create a linked server to Oracle in SQL.. But I do not know the steps to create a linked server too SQL in Oracle. How to create a linked server to SQL in Oracle? After creating the linked server to SQL, I would like to create triggers i
-
Indesign cs6 Indesign CC difference... just CS7?
I updated my Indesign cs6 and noticed Indesign CC also in the list? what is the difference is it just CS7? sorry probally a silly question but seeing 2 indesigns confused me and iam hesitant to install it cheers
-
I've drawn shapes many times with the "write on" behavior. All of a sudden, it's not working. Here's the problem. "Write On" completes drawing and then reverses a little bit on the last frame. I included frame shots. If anyone can help, I would appre