Wireless OOB - Users remains in Quarantine VLAN after posture

Similar Messages

• Wireless Guest Users once authenticated, are able to connect again after disconnection

                     Wireless Guest Users once authenticated, are able to connect again after disconnection .Clients should not able to connect after the restart or by disabling and enabling the WIFI adapter. But as of now clients are connecting to network . How we can configure this feature in WLC ?

  IIRC, if your reboot, disable the adapter or disconnect from the wireless, as long as the session timer or the idle timer does not timeout, then you are still considered as authenticated. If you logout, the wlc logs you off and you will have to log back in. The wierd thing is with iPhones or iPads, they go to sleep mode and you have to log back in to access the guest network. The workaround was to increase the idle timers to a certain acceptable limit to prevent this from happening.
  If you disconnect from the guest SSID and leave your client off the network until the idle timer expires, do you get prompted for a login or do you have access again?
  Sent from Cisco Technical Support iPhone App

• WLC 2500 and WCCP for Wireless Guest Users

  Hi there
  I would like to redirect web traffic from WLANs on a Wireless LAN Controller 2500 to a proxy server in a remote site. I'm using ironport proxy server and Cisco 3560 Layer 3 switch. Basically current scenario is:
  Wireless Guest Users get authenticated by web-auth through Access Point 3501 HREAP configured. Guest client gets an IP address on VLAN 100 in remote site. Once they connect to VLAN 100, I want all web traffic to be redirected to the proxy server. I know PAC file may be the easier solution however our guest clients want seamless solution for internet. I am not sure whether WCCP is supported for this.               
  You advice will be highly appreciated.
  Regards

  For guest wireless traffic redirect to proxy server
  https://supportforums.cisco.com/thread/2126486

• MAB user failed to land correct Authorization policy after posture success

  Hi,
  We have MAB user who authenticates via webportal using domain username/password and get the NAC web agent download and do the posture.
  After posture is complated (say success/passed), the user is landing on Defaul Policy which is DenyAccess.
  I have change the gestportal setting with enabling Vlan DHCP Release and CoA, but there is no luck. I have similar rules for wired dot1x and its working fine after posture part, only different is they are MAB users and authenticated via webportal and belongs to different user group in AD.
  What we could see on the switch, once you authenticated, it get the Web Redirect and when the user authenticates in get the NAC web agent direct and after posture completed it again go back to Web portal redirection and giving error saying both dot1x and MAB failed,
  Attached is the switch logs and ISE configuration and failed logs.
  If someone has clue on this or has come across this issue, please update me.
  Thanks in advance.

  Instead of using the Wired_MAB prefix in your first three authorisation rules, refer to the Endpoint Identity Group instead. The reason you get Deny Access is because the event you're looking for isn't a MAC Auth event, and therefore those rules get skipped. Using the Endpoint Identity Group will allow you to evaluate the MAC Address and will get your rules working as required.
  Sent from Cisco Technical Support iPad App

• Making user policies stay in effect after logout

  We enforce highly restrictive Windows group policies on our student users. Sometimes, a student is able to login offline, so they don't get the restrictive policy. In ZDM 7, we had the ability to make a user policy stay in effect after logout, which would keep the restrictions turned on until a user with less restrictions logged in. Is there a way to do this in ZCM 11? I looked in ZCC, and I can't see any option for this. FYI, we are using ZCM 11.2.2 MU 2.
  Rick P.
  Walla Walla Public Schools

  Originally Posted by craig_wilson
  Kevin,
  Whoever told you that was clueless about GPOs.
  User GPOs are removed at Logout.
  Device GPOs are removed at Shutdown.
  They are removed by Re-Applying the "Blank" GPOs located in
  %zenworks_home%\bin\cachefiles\Orginal_GPO
  (Or something like that w/o looking.)
  These will only exist if a GPO is in place.
  It would be possible to replace those GPO files with your locked down
  files so when User/Machine GPOs are replaced with the "Blank" one, they
  are actually using a Strong GPO.
  On 2/15/2013 7:06 PM, RPummel wrote:
  >
  > kjhurni;2247277 Wrote:
  >> I was told the policies were cached and would remain in effect unless a
  >> new user with a DIFF policy logged in.
  >>
  >> I'll have to dig up my old emails as this was like over a year ago.
  >
  > This may be the theory, but it is not what we have observed in
  > practice.
  >
  > Rick
  >
  >
  Craig Wilson - MCNE, MCSE, CCNA
  Novell Knowledge Partner
  Novell does not officially monitor these forums.
  Suggestions/Opinions/Statements made by me are solely my own.
  These thoughts may not be shared by either Novell or any rational human.
  Thanks Craig. Too bad it doesn't remain in effect on logout. Seems like a glaring security hole, IMO compared to how MS does it. OR how ZFD used to do it.
  Guess an RMS is in order?

• Wireless OOB NACissue : OOB Error: connected device client_MAC not found.

  Dear all,
  I've deployed wireless OOB NAC. Some user can login normally, but some other user can not login. The error message is OOB Error: connected device <client_MAC> not found. This only happen at some PC user.
  Does anybody have any idea?
  Thanks

  Dear all,
  When some wireless user cannot login, i usually issue command clear mac address-table dynamic on the switches then the problem is solved temporarily. I wonder why this was happened. Is there any parameter that i need to tune in NAC or WLC or switches?

• How can I add new content in iDVD to a DVD-RW disc which has ample remaining free space? After preparing the new video for burning and clicking on Burn to iDVD, I get a window saying the disc's already recorded and that I can either Erase or Eject.

  How can I add new content in iDVD to a DVD-RW disc with a video previously successfully recorded on it? (The disc has ample remaining free space.)
  After preparing the new video for burning and clicking in the File menu on Burn to iDVD, I get a window saying the disc's already recorded and that I can either Erase or Eject. My assumption has been that iDVD would automatically find the free space and continue with the new recording from there. I'd be grateful if anyone can shine light on this.

  There are, but not with a DVD written as a movie disk. It must be closed when completed, or it doesn't work.
  Apple's built in Burn utility also automatically closes any data CD, DVD or Blu-ray disk you burn. Doesn't matter how much space is unused, you can't use it. You'd have to use a more advanced disk creation app, such as Toast Titanium. I then have the option of choosing to write the data as a session:
  I can keep doing this until the disk is full. If I've written five sessions to the disk, when I put it in the drive, five CD/DVD icons will appear on the desktop since the OS will treat each session as if they are separate physical disks. At any point you choose Write Disk when writing a group of data, that means you're closing the disk, and again can't add anything after that. So if I had written two sessions, and the third was Write Disk, it's over. I can't put anything else on that disk.

• [SOLVED] systemd/cron as user: timer doesn't start after boot

  Hello,
  I've tried to follow the wiki's systemd/cron functionality article to have a systemd service to run hourly.
  Everything seems to be working ok, except that the hourly timer doesn't start automatically : I have to issue a
  systemctl --user timer-hourly.timer start
  command every time I start the machine to get the timer running.
  Can you help me understand what I'm missing to get the (user) timer to start automatically after boot?
  Thanks!
  My setup consists of the following files:
  /home/myuser/.config/systemd/user:
  drwxr-xr-x 2 myuser users 4096 Jun 25 17:30 basic.target.wants/
  -rw-r--r-- 1 myuser users 217 Jun 25 10:08 db_backup.service
  -rw-r--r-- 1 myuser users 232 Jun 25 10:08 test.service
  -rw-r--r-- 1 myuser users 61 Jun 19 12:14 timer-hourly.target
  drwxr-xr-x 2 myuser users 4096 Jun 25 10:10 timer-hourly.target.wants/
  -rw-r--r-- 1 myuser users 134 Jun 19 12:14 timer-hourly.timer
  /home/myuser/.config/systemd/user/basic.target.wants/:
  lrwxrwxrwx 1 myuser users 50 Jun 25 10:08 timer-hourly.timer -> /home/myuser/.config/systemd/user/timer-hourly.timer
  /home/myuser/.config/systemd/user/timer-hourly.target.wants/:
  lrwxrwxrwx 1 myuser users 49 Jun 13 15:51 db_backup.service -> /home/myuser/.config/systemd/user/db_backup.service
  lrwxrwxrwx 1 myuser users 44 Jun 25 10:10 test.service -> /home/myuser/.config/systemd/user/test.service
  timer-hourly.timer:
  [Unit]
  Description=Hourly Timer
  [Timer]
  OnBootSec=5min
  OnCalendar=hourly
  Unit=timer-hourly.target
  [Install]
  WantedBy=basic.target
  timer-hourly.target:
  [Unit]
  Description=Hourly Timer Target
  StopWhenUnneeded=yes
  test.service:
  [Unit]
  Description=Run a test (echo) job every hour
  Wants=timer-hourly.timer
  [Service]
  Nice=19
  IOSchedulingClass=2
  IOSchedulingPriority=7
  ExecStart=/usr/bin/python /home/myuser/test_service.py
  [Install]
  WantedBy=timer-hourly.target
  db_backup.service:
  [Unit]
  Description=Backups databases
  Wants=timer-hourly.timer
  [Service]
  Nice=19
  IOSchedulingClass=2
  IOSchedulingPriority=7
  ExecStart=/home/myuser/source/db_backups/db_backup.sh
  [Install]
  WantedBy=timer-hourly.target
  test_service.py is a simple python script that appends the current time to a file, to check if the service is being run by the timer. (it is after I start the timer after boot, and runs correctly every hour)
  db_backup.sh is a script that dumps a database into a text file in a mercurial repository, commits the change and pushes it to backup locations.
  Last edited by fede (2014-06-25 21:06:09)

  Have you tried this:
  systemctl --user enable timer-hourly.timer

• How to get remaining time for baton after setting timeOut property

  Hello,
  Is it possible to get the remaining time for baton after setting timeOut, or do I have to maintain a separate Timer for that?
  Been following this excellent tutorial here http://tv.adobe.com/watch/adc-presents/create-shared-forms-in-livecycle-collaboration-serv ice/

  Thanks Nigel, before reading your reply, I came up with something like this, but it seems extending the Baton class is not enough, as I would need my own BatonProperty as well that uses this extended Baton class...
  Also attempted to get some help here http://stackoverflow.com/questions/7116814/actionscript3-lccs-how-to-access-property-paren t-class-protected-var/7116882#7116882
  Could this be made into a feature request for Baton and BatonProperty, se we could easily get the remaining time please?   I guess I can wait for a future release.
  /custom as file /
  package com.mysite.BatonExtender
       import com.adobe.rtc.sharedModel.Baton;
       import flash.events.TimerEvent;
       public class BatonExtender extends Baton
            public function BatonExtender()
            super();
            _autoPutDownTimer.addEventListener(TimerEvent.TIMER,countDown);    
            trace("CURRENT TIMER:"+_autoPutDownTimer.currentCount);
            trace("BATONEXTENDER added");
            public function countDown(p_evt:TimerEvent):void {
                 trace("TRACING START countDown....");
                 if (_autoPutDownTimer.running) {
                      trace(_autoPutDownTimer.currentCount);
                      //sharedTimer.value = String(90 - _autoPutDownTimer.currentCount);
                 trace("TRACING END....");

• I installed the CC trial with an error window saying: Could not create the file '/Users/dranim/Library/Preferences/Adobe/After Effects/13.2/dummy'.  That was the first window.   Heres the second: After Effects can't continue: unexpected failure during app

  I installed the CC trial with an error window saying: Could not create the file '/Users/dranim/Library/Preferences/Adobe/After Effects/13.2/dummy'.  That was the first window.   Heres the second: After Effects can’t continue: unexpected failure during application startup  I paid for the month subscription of 29.99. It claims it is downloading again?! Am I missing something here? Why is this process so complicated? I need to get this resolved asap and start working.

  I originally had Adobe Photoshop Extended, then upgraded to the Production Suite. I ran the Adobe Cleaner, and that uninstalled most Adobe products, including my existing Adobe install, and then I re-installed everything with the same error code. Since CS4 came with CS5, I've installed AE CS4, but would really like to upgrade because I'm new to Creative Suite, and not sure how CS4 integrates with CS5...CS4 After Effects installed perfectly. I do have a 64 bit system, and installing to an OCZ Vertex 2....every other suite installs perfectly, except AE. And I think that is the coolest program in the Suite. I thank you all so much for taking the time to help, I really want to get AECS5 running...I did try to install after doing the recommended items Adobe suggests for Exit Codes 6 and 7, including turning off many startups...
  I'm baffled....
  Ben

• Wireless guest users cannot ping if ACL is applied

  Hi friends,
  This is the first time I am trying my hands on wireless gears. I have 2500 WLC and 1142 AP (which I converted from Standalone to LAP).
  I have a layer 3 POE switch where i am using port 1 for the WLC which is a trunk port.
  Port 2 is for the AP using access vlan 111
  Port 3 is trunk port going to a router where i am running dhcp server for the VLANs which are as follow:
  VLAN 110 -Corp Wireless (10.1.110.0/24)
  VLAN 111 - AP-Mgmt (10.1.111.0/24)
  VLAN 999 - Guest (10.1.101.0/24)
  I wanted to block the traffic from the Guest VLAN 999 but when i apply the ACL on the Guest Interface created on the WLC, I dont see any pings going across and neither I see any hit counts on the deny statement as if the ACL is never applied.
  Can some one guide me to the right direction if i am missing anything??
  Thanks,
  Mohit

  rdvorak wrote:Put the ACL on the WLAN not on the interface.
  But applying the ACL to the interface will affect all WLANs that utilize that interface!!!
  Rating useful replies is more useful than saying "Thank you"

• Does the SI_ID for 'User Folders' and 'Users' remains same in CMC?

  Does the SI_ID for 'User Folders' and 'Users' remains same across the environments. For my CMS it is coming as 18 and 19 respectively.
  String siName = "User Folders"; // Users
  IInfoObjects rpts = iStore.query("SELECT SI_ID FROM CI_INFOOBJECTS, CI_SYSTEMOBJECTS WHERE SI_NAME='"+ siName +"'");
  IInfoObject iObj = (IInfoObject)rpts.get(0);
  System.out.println("iObj.getTitle() = " + iObj.getTitle());
  System.out.println("iObj.getID() = " + iObj.getID());
  Any reference text/link for better understanding on this will help a lot.
  Thanks & Regards

  Typically I believe anything that is created by BOE when you install the product stays consistent across multiple environments that were deployed the same.
  You probably should ask in the other [BOE forum|Business Intelligence Solution Architecture;  just to confirm.
  Jason

• Users cannot access removable devices after you enable and then disable a Group Policy setting in Windows 7 64 Bit

  Users cannot access removable devices after you enable and then disable a Group Policy setting on Windows 7 64 bit machines.
  on the 32 bit machines I was able to apply this hotfix
  http://support2.microsoft.com/kb/2738898
  But it will not install on 64 bit machines. 
  Is there a hotfix for 64 bit?  If not, what is the work around?
  Thanks!
  Robert

  Select "Show hotfixes for all platforms and languages", then download x64 hotfix:
  Please take a moment to Vote as Helpful and/or Mark as Answer where applicable. Thanks.

• Netboot user profiles are not persitent after reboot

  Hello,
  we are migrated our environment to Mountain Lion Server and Netboot Clients also with Mountain Lion. User profiles are located on the Server.
  If Users change some profile settings like default browser or standart application for opening files, these settings are persistent until the user reboot the machine. After that, all settings reverted to default. User permissions looks like it should. Also if some settings would be changed inside Safari proberties like search machine or startup page, these settings will be stay after the reboot. :-( Some other not.
  Any sugestions where i have to look?
  Thanks and regards.
  Joris

  Hey Brian,
  we use Netboot ... yes but every User which is log in to the netboot client get an own Network Home Directory mapped.
  I know that changes on the OS not stay persistant inside the Netboot OS. But changes on the UserProfiles, like default Browser or somthing else, are also reseted after the reboot. I think they should saved in the UserProfiles and stay persistant if the user log in again after the reboot?
  Regards

• PSE remains active in background after exit. How can I stop the program completely?

  PSE remains active in background after exit. How can I stop the program completely?
  Is there any command line option to force PSE to stop completely after exiting the GUI?
  Opening the Windows Task Manager and killing the PSE process is not a solution!
  (Context: I want to start PhotoshopElementsEditor.exe from another program with an image filename as command line argument. This other program waits in background until PhotoshopElementsEditor.exe has finished and pops up again after that. Since PhotoshopElementsEditor.exe continues to run silently in background, the other program will never come back.)

  Hi - having the same problem with PSE process not ending on exit. Have you had any luck in resolving the issue?
  Any advice would be appreciated. TIA