WLC and preventing access based upon device type

Similar Messages

• Restrict WLAN access based upon device type

  hi,
  i have a requirement to allow only certain device types (Apple Ipad only) on WLAN. Dont want to use individual MAC filters due to administrative overheads. Any suggestions?

  The only way you can just allow one type of device is the use of a profiler. Cisco ISE has a profiler, but you will need to get the advanced license also. I don't know how you would be able to do it any other way unless you manually configure each iPad to allow that device on your network.
  Sent from Cisco Technical Support iPhone App

• Control Authorisation Access based on Planning type in Flexible SOP

  hi,
  How can we control MC93  and MC94 access based on Planning type for different users?i.e only certain Planning types allowed for one user.

  Hello
  I would like to do the same...
  So far the only thing I can find is enhancement MCP20005 which allows you to extend authorization check for planning.  The planning type is available in this function module and if you return subrc ne 0 authorization is denied.
  Hope you find this helpful.
  Thanks,
  Heidi

• Report based upon material type against movement type for a period ?

  i need a inventory report which should be based upon materil type & movement type for a particular period.
  For example- for last monthe how much Raw material has been issued againast production order. i would like report to allow me  ROH and movement type 261/262 and period entry. MB5B does not satisfy my requirements, ist of all there si no material type/secondly it restricts itself if i use movement types
  thanks
  sam

  Hi,
  You can create a small program to get report.
  Input fields Date of posting BUDAT, Movement type BWART (Plant if required).
  Check field BUDAT (Posting Date. Should check based on input date field.) In table MKPF.
  If data falls in required date range. Pick MBLNR-MKPF (Mat doc number).
  Go to table MSEG compare MBLNR-MKPF and MBLNR-MSEG if same pick field MATNR-MSEG (Mat number).
  Go to MARA check MTART-MARA for picked MATNR-MARA (in previous step). Take the material type.
  Add the below fields to out put
  MATNR, MTART, BWART-MSEG (Movt type), ERFMG-MSEG (quantity posted), WERKS-MSEG (Plant received), LOGRT-MSEG (S. Loc received).
  Please take advise from ABAPer regarding prog logic
  Thank you,
  Anand K

• Segmentation based upon BP Type

  Hi
  We have a requirement to do segmentation based upon BP type. But in standard Infosets this option is not available. Please tell me how this can be achieved.
  Thanx & regards
  Hits

  Hi Hitesh,
  BP type is available in the BUT000 table with the field BPKIND
  Create a infoset using direct read of table BUT000 and segment on the attribute BPKIND
  Hope it helps
  Regards,
  Madhu

• Firefox 23.0.1 keeps loading the YouTube page and prevents access to My Profile

  I do not know if this is a problem with the Firefox browser version 23.0.!But the problem of Firefox it keeps loading the YouTube page and even I can not do anything because there was a message saying still loading the YouTube page!
  go to my topic http://support.emsisoft.com/topic/12328-strange-new-problem-in-access-to-youtube/

  here you go
  Application Basics
  Name
  Firefox
  Version
  23.0.1
  User Agent
  Mozilla/5.0 (Windows NT 5.1; rv:23.0) Gecko/20100101 Firefox/23.0
  Build Configuration
  about:buildconfig
  Extensions
  Name
  Version
  Enabled
  ID
  RealDownloader
  1.3.3
  true
  {DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}
  Important Modified Preferences
  Name
  Value
  browser.cache.disk.capacity
  358400
  browser.cache.disk.smart_size.first_run
  false
  browser.cache.disk.smart_size.use_old_max
  false
  browser.cache.disk.smart_size_cached_value
  358400
  browser.places.smartBookmarksVersion
  4
  browser.startup.homepage_override.buildID
  20130814063812
  browser.startup.homepage_override.mstone
  23.0.1
  dom.mozApps.used
  true
  extensions.lastAppVersion
  23.0.1
  network.cookie.prefsMigrated
  true
  places.history.expiration.transient_current_max_pages
  13196
  plugin.disable_full_page_plugin_for_types
  application/pdf
  plugin.importedState
  true
  privacy.sanitize.migrateFx3Prefs
  true
  Graphics
  Adapter Description
  Mobile Intel(R) 945 Express Chipset Family
  Adapter Drivers
  igxprd32
  Adapter RAM
  Unknown
  Device ID
  0x27ae
  Direct2D Enabled
  Blocked for your graphics driver version.
  DirectWrite Enabled
  false (0.0.0.0)
  Driver Date
  2-15-2008
  Driver Version
  6.14.10.4926
  GPU #2 Active
  false
  GPU Accelerated Windows
  0/1 Basic
  Vendor ID
  0x8086
  WebGL Renderer
  Google Inc. -- ANGLE (Mobile Intel(R) 945 Express Chipset Family)
  AzureCanvasBackend
  skia
  AzureContentBackend
  none
  AzureFallbackCanvasBackend
  cairo
  JavaScript
  Incremental GC
  true
  Accessibility
  Activated
  false
  Prevent Accessibility
  0
  Library Versions
  Expected minimum version
  Version in use
  NSPR
  4.10
  4.10
  NSS
  3.15 Basic ECC
  3.15 Basic ECC
  NSSSMIME
  3.15 Basic ECC
  3.15 Basic ECC
  NSSSSL
  3.15 Basic ECC
  3.15 Basic ECC
  NSSUTIL
  3.15
  3.15

• Port Security based on Device Type

  Hi all:
  We need to know whether there is any feature or software that allows to block switch ports for type of devices.
  For instance, we have some switches for IP phones and we do not want to have PCs connected to those ports.
  We know that it can be done using MACs, but, as phones can be moved easily, it implies constant changes on port security.
  Thanks
  Regards

  Apologies if I have not understood the original question, however, can you use port security (max MAC / sticky MAC) to ensure only devices that are currently connected are successful, other violations will result in the port being shutdown.
  You may want to investigate some 802.1x device authentication
  http://www.cisco.com/en/US/products/ps6662/products_ios_protocol_option_home.html
  HTH
  Steve

• Grant access based on application type?

  Hi,
  Is there a way to grant access to just some of the application types attached to a DIR? I would like to limit the users to open the CAD files but they should be able to open the PDF files attached. The idea is to create the PDF file automatically out of the CAD file so I canu2019t put them in different DIRs because that would involve manual work.
  Kind regards,
  Kristoffer Pehrson

  Hi Kristoffer,
  from my point of view maybe the authorization trace could help to find a suitable authorization object for creating your checks. More information on this authorization trace could be found under http://wiki.sdn.sap.com/wiki/display/PLM/AuthorizationTraceintransactionST01
  Useful information on each DMS authorization object can be found under http://wiki.sdn.sap.com/wiki/display/PLM/AuthorizationObjectsin+DMS.
  If no standard authorization object could be useful maybe you can use a BADI like DOCUMENT_AUTH01 or DOCUMENT_MAIN01 to implement an individual check for the application type and so restrict some users to view special applications.
  Best regards,
  Christoph

• Reduced Access Based on Account Type

  Hello,
  I have a client who would like to allow full access to the entire team for their accounts execpt for 2 types. How can I limit the accounts to the owner/manager for the 2 types verses allowing the team to have visibility?
  For instance, account types = to Platinum, Gold, Silver, Bronze are ok for the entire sales team (with the same role) to see. The account types = to Elite and Premier are only visiible to owner and manager.
  Thank you in advance for your assistance,
  Shawnda

  Thanks for your quick reply.
  Will do!
  Thanks,
  Shawnda

• Help required to implement Cisco 2504 WLC and 1042 Access Points

  Hi,
  My name is Vidya Sagar. I am new to Wireless technology. We are planning to implement Wireless in our office. I have given the requirements below. Kindly go through the details and let me know how to start.
  We have purchased Cisco 2504 Wireless Controller (One) and Ciscon 1042 Access Points (Five). At present I am going to use 3 access points only.
  I have attached a simple diagram of our office network. We have more than 30 VLANs configured in Core Switch, we are planning to give wifi access to only 3 VLANs.
  1. VLAN 121 ( IP Segment - 10.52.121.0 /24)
  2. VLAN 116 ( IP Segment - 10.52.116.0 /24)
  3. VLAN 100 ( IP Segment - 192.168.100.0 /24) (Guest)
  Please give me a implementation plan to do this. I would like to use LDAP or ACS for authentication purpose.
  Regards,
  Vidya Sagar

  Lets just do this simple first before you start using ACS as that will require a certificate installed on the ACS for using PEAP.
  So first off, the WLC we will say is in vlan 10. When you are going through the startup wizard, make sure you define the vlan tag to 10 on the management interface. Make sure your virtual interface is an IP address that is not routed in your network, like an out of band IP.
  Make sure the WLC time is correct or use NTP!!!!
  Now you should be able to http or https to the WLC. I would upgrade the code to v7.4 and install the FUS image. Please reference this link for the upgrade procedure. You don't have to upgrade now... I would wait till you get everything working first.
  http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn74.html
  Now I would connect the APs on the same vlan as the WLC for now. Make sure there is dhcp on that subnet. Once the APs have joined, then you can move them to any subnet you want. Since you don't have many APs it would be okay to leave them in the same vlan as the WLC management or out them on any other vlan you choose. The APs will be connected to an access port NOT a trunk port!!!!
  The WLC will need to be connected on a dot1q trunk port only allowing vlans 10,100,116,121. The 2504 running v7.4 will support LAG (etherchannel). Any ways, your switch port should look like this for example only
  Interface gigabit1/0/1
  description WLC2504
  switch port trunk encapsulation dot1q
  switchoort mode trunk
  switch trunk allowed vlans 10,100,116,121
  spanning-tree portfast trunk
  channel-mode group 10 mode on << only for v7.4 if you use lag
  Don't connect all four ports right now, just port one!!!!
  Your Guest vlan, you will need to create an ACL to block traffic from accessing the internal network. You might want to allow dhcp and DNS bit I would leave it open first until you can verify everything is working.
  Now on the WLC you need to create a dynamic interface for vlan 100, 116, and 121. If you click on the Controller tab in the GUI and click on interfaces on the left hand side, that will take you to where you can add/delete/modify your interfaces. When creating these interfaces, make sure you add the dhcp server IP address for the primary and or backup.
  Now that you have your dynamic interfaces created, its time I create your SSID. Now click on the WLAN tab on the GUI and click on WLAN and then on the too right select Create New and then click go. Select WLAN on the drop down menu and then for the profile name I would use the SSID name also for simplicity.lean e the WLAN id to 1 for this and 2 for the next and so on. After defining these and clicking Apply you can now define your SSID. On the General tab, enable the status and leave the radio policy to all for now, you can decide later what you want to use. Choose your interface you wan to place this SSID on and enable Broadcast SSID for now and leave everything else alone. Now click on the Security tab and on the layer 2 Security, leave it at WPA + WPA2, only check WPA2 Policy and for WPA2 encryption choose AES only. Now go to the bottom of that screen and choose PSk. We will do pre shared key for now so you get to understand the setup and make sure everything is working first. Now on the PSK format, choose ASCII and put your pre shared key in the input box. Make this simple to for testing. You don't want to put in symbols or anything like that. When you are don with that, check apply on the top right and test.
  Now you can repeat this with your other SSIDs just to test. Your guest network you can leave open for now to test open authentication.
  Here are some links for the WebAuth feature:
  https://supportforums.cisco.com/docs/DOC-13954
  http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080b1a506.shtml
  Now if you want to use ACS with PEAP, here is some links for that:
  https://supportforums.cisco.com/videos/2499
  http://www.cisco.com/en/US/products/ps10315/products_configuration_example09186a0080bd1100.shtml
  https://www.google.com/url?sa=t&source=web&cd=8&ved=0CFQQtwIwBw&url=http%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DWk_bRdmsQlA&ei=_BEyUeCYM8TdqAHHsICAAw&usg=AFQjCNF8PiVBQK1Kipb4j8AzD153bKtmgA&sig2=smHhNVmCr2of2NzbnDhGmw
  Well that is it, hopefully you can get the wireless up for testing and verifying everything works!
  Sent from Cisco Technical Support iPhone App

• Help please! I have just installed Snow Leopard and now I can't access my gmail account. I can complete the sign in boxes ok but the blue indicator bar freezes and prevents access to my emails.

  I have just installed Snow Leopard, (10.6.3) onto my Macbook Pro and so far it seems to be working fine except that I can't access my gmail account. I can sign in but the blue opening indicator freezes near the end and I can get no further. I'm a bit of a novice at this stuff - help please!

  I would run the combo update to get to 10.6.8 in order to get the latest security updates and so forth. Then run Software Update until you system is current.
  10.6.8 Combo Updater
  G-mail problem.
  Troubleshooting sending and receiving email messages
  Troubleshooting sending email messages
  IMAP or POP setup?

• Have used hotmail for some time. Somehow the web address for hotmail in my computer has a 1/2 page of additional redundant script added to it. It now defaults to this long web address when trying to access and prevents access to messages.

  the script is showing font size and additional size details and is really 3 lines long that repeats itself like 15 times over the length of the address. This is a cable hookup.

  Install ClamXav and run a scan with that. It should pick up any trojans.   
  17" 2.2GHz i7 Quad-Core MacBook Pro  8G RAM  750G HD + OCZ Vertex 3 SSD Boot HD 
  Got problems with your Apple iDevice-like iPhone, iPad or iPod touch? Try Troubleshooting 101

• Report is slow and times out based upon stored procedure

  I have a report that runs off the following stored procedure, because i can not join the tables i need to do a union query or a nested query to return the shipments.  any one know how i can speed this up be chaging the stored procedure to use a nested query on the last portion of the query (under union)?
  SELECT DISTINCT
  dbo.INV_BEG_BALANCE_JAN_JUNE_2010.DIVISION               as COMPANY,
  dbo.INV_BEG_BALANCE_JAN_JUNE_2010.SEASON               AS SEASON,
  dbo.INV_BEG_BALANCE_JAN_JUNE_2010.STYLE               as STYLE,
  dbo.INV_BEG_BALANCE_JAN_JUNE_2010.MONTH_END_DATE                            AS ME_DATE,
  dbo.INV_BEG_BALANCE_JAN_JUNE_2010.BEGINNING_BALANCE                          AS BEG_BAL,
  dbo.INV_BEG_BALANCE_JAN_JUNE_2010.CURRENT_COST          AS CRNT_COST,
  dbo.RECVSKU#.RCQTY                         AS REC_QTY,
  0                              AS SHIP_QTY,
  dbo.RECVSKU#.RCDATE                         AS REC_DATE,
  ''                              AS SHIP_DATE
  FROM        
  dbo.INV_BEG_BALANCE_JAN_JUNE_2010 LEFT OUTER JOIN
  dbo.RECVSKU# ON
  dbo.INV_BEG_BALANCE_JAN_JUNE_2010.SEASON = dbo.RECVSKU#.RCSEAS AND
  dbo.INV_BEG_BALANCE_JAN_JUNE_2010.STYLE = dbo.RECVSKU#.RCSTYL AND
  dbo.INV_BEG_BALANCE_JAN_JUNE_2010.DIVISION = dbo.RECVSKU#.RCDIVN
  WHERE    
  (dbo.INV_BEG_BALANCE_JAN_JUNE_2010.MONTH_END_DATE = '20100228')
  AND (dbo.RECVSKU#.RCDATE >= '20100301') AND (dbo.RECVSKU#.RCDATE <= '20100331')
  AND dbo.INV_BEG_BALANCE_JAN_JUNE_2010.DIVISION = 'AAA'
  union
  SELECT
  dbo.SHIPSKU#.SCDIVN                    AS COMPANY,
  dbo.SHIPSKU#.SCSEAS                    AS SEASON,
  dbo.SHIPSKU#.SCSTYL                    AS STYLE,
  ''                                                       AS ME_DATE,
  0                                                  AS BEG_BALE,
  dbo.MITMAS.MMPUPR                                                        AS CRNT_COST,
  0                                                AS REC_QTY,
  dbo.SHIPSKU#.SCQTY                                                     AS SHIP_QTY,
  ''                         AS REC_DATE,
  dbo.SHIPSKU#.SCDATE                                                      AS SHIP_DATE
  FROM dbo.SHIPSKU#
  LEFT OUTER JOIN dbo.MITMAS ON dbo.SHIPSKU#.SCSKU# = dbo.MITMAS.MMITNO
  WHERE dbo.SHIPSKU#.SCDATE>='20100301' AND dbo.SHIPSKU#.SCDATE <='20100331'
  AND  dbo.SHIPSKU#.SCDIVN = 'AAA'

  hi Sharon,
  if you use a "UNION ALL" instead of a union does that give you better performance?
  jamie

• Ssrs sum based upon a conditional statement

  In an ssrs 2008 r2 report, I have the following code that totals a transaction amount:
  =sum(cdec(Fields!TransactionAmount.Value))
  Now I need to have different total amounts based upon 'payment type'. The payment_types are either 'check', or 'credit' for credit card. Thus can you show me how to change the code I just listed to sum the amount depending upon the payment type?

  You may wish to follow this thread that is exploring a similar question.
  http://social.msdn.microsoft.com/Forums/sqlserver/en-US/12e2cdf4-1fd7-4f2a-ba12-ff5c4ec01eeb/sum-values-based-on-condition-in-ssrs?forum=sqlreportingservices
  To do this in an SSRS expression just insert an IIf:
  =Sum(IIf(Fields!payment_type.Value = "check",cdec(Fields!TransactionAmount.Value),0))
  =Sum(IIf(Fields!payment_type.Value = "credit",cdec(Fields!TransactionAmount.Value),0))
  In the other thread you will see that sometimes it makes sense to do this kind of work in the dataset since dataset queries run on the datasource and often those systems are robust servers that can crunch and return data very quickly.
  "You will find a fortune, though it will not be the one you seek." -
  Blind Seer, O Brother Where Art Thou
  Please Mark posts as answers or helpful so that others may find the fortune they seek.

• How to set up full access and limited access wireless networks to laptops

  Dear Apple,
  I just received my Apple 1 TB Time Capsule. Can someone please help me with a network configuration I want to set up?
  I have a cable modem, and, three computers: a G4 iMAC (system 10.5.5), an Apple MacBook (system 10.5.5), and, a PC laptop.
  The Time Capsule is connect directly to the cable modem.
  Regarding the computers:
  (1) I want the G4 iMAC to connect directly, via an Ethernet cable, to the Time Capsule, WITH FULL ALLOWED ACCESS to the Time Capsule and to the back-up function of the Time Machine feature, and, with allowed access to my HP inkjet printer (class 6110);
  (2) I also want the MacBook laptop to wirelessly link to the Time Capsule via the Airport utility on the laptop, and, WITH FULL ALLOWED ACCESS to the Time Capsule and to the back-up function of the Time Machine feature (using WPA/WPA2 security, and, without the network name visible to third parties), and, WITH allowed access to my HP inkjet printer (class 6110);
  (3) I want the PC laptop to wirelessly link to the Time Capsule (using WEP security), but WITHOUT ACCESS to the Time Machine, WITHOUT access to the back-ups on the iMAC, WITHOUT access to the back-ups on the MacBook, and, WITHOUT access to the inkjet printer --- I only want the PC to use the Time Capsule as a WIRELESS ROUTER so that the PC laptop can access the internet.
  (4) And, finally, I want to specify (Time-Capsule/Time-Machine/server ) access ONLY to the iMAC and the MacBook, so that others cannot gain any access.
  I specifically need help to set up and configure the Time Capsule so that the PC laptop, as stated above, should have limited access to the Time Capsule --- namely, only to access the internet, and, not even be aware of stored data on the Time Capsule, not even be aware of the inkjet printer, and, not even see my WPA network name when the PC scans for wireless devices.
  I also want the iMAC and the MacBook to have access to each other’s data stored on the Time Capsule (like a common server).
  I have an old D-Link DI-624 wireless router that I used before buying the Time Capsule, which is available, if needed. Hopefully, I can configure the Time Capsule so that I would not need the old D-Link.
  Thank you in advance,
  David.

  The basic method for remote access is not changed.
  http://gigaom.com/apple/access-your-time-capsule-over-the-internet/
  You have a few issues.
  The really big one.. the school firewall should not let you connect to home.
  Check the IT admin at your school but if they allow anything but a few protocols like http and https through, they are not doing their job. You cannot afford in a large network to have every Tom Dick and Harry access any open device.. that can introduce viruses and trojans into the network behind the firewall.
  The general method for remote access on large networks is vpn and the TC offers no vpn connection.. just AFP.
  If you intend using 3G wireless stick or the like then you can get access.
  The next issue is static public IP or how to find the TC.. you need some way to find the IP if your ISP does not offer static ip, and the tc has no dyndns client. Since Apple shut down new users for mobileme and will close that service there is no method to find the TC IP without owning your own domain. You would be better placing the TC in bridge behind a router that does offer dyndns and port forward AFP (TCP 548) to it.