I misspoke the first time. We did not find it in syslog. At this time we can't determine if it is in syslog or the web manager's event log but we stumbled on it in the CAS logs. You would think that since "Strict layer 2" is a configurable feature one should be able to view whether or not it is happening in reasonably accessible logs. Thanks Cisco.
You can find it on each CAS: go to "cd /perfigo/logs" directory then look at "perfigo-redirect-log0.log.0" file At this point if you grep for "NAT" you'll see the following entries .. Ex; [EMAIL PROTECTED] logs]# grep NAT perfigo-redirect-log0.log.0 Example: Aug 31, 2008 8:52:09 AM com.perfigo.wlan.web.Util logEvent SEVERE: Possible NAT/Router in path User IP <158.65.scrubbed>, User Name <scrubbed>, Router MAC <00:17:3F:F3:37:81>, User MAC <00:14:A5:AE:74:E6,00:16:D4:0E:83:65> Hope it helps, Greg -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Walt Howd Sent: Friday, September 05, 2008 10:04 AM To: [email protected] Subject: Re: [WIRELESS-LAN] Wireless Router Policy Greg - Can you detail where this information is stored on CCA layer 2 mismatches? Can you access it via the CAM's web interface in the "Event logs" section, or do you need to be logging to an external syslog server? Thanks. Walt On Sep 5, 2008, at 8:35 AM, Scholz, Greg wrote: > CCA has had some level of NAT restriction and what they call "strict > L2" > whereby the server checks the MAC in the header of the users > authentication/assessment packet against the MAC reported by the CCA > client written in the payload of the authentication packet. > > If the MAC of the header is different than the MAC in the payload it > is > restricted from getting on. There are 2 problems with this. > 1) many consumer grade routers/wireless units clone the first mac/ip > that go through it so the unauthorized device looks just like the > computer and it is allowed through. > 2) when it does clone that first device and they work fine, what > happens > to the unsuspecting next door neighbor who's wireless card finds the > offenders router and attempts to go through it? > > Even though it is imperfect we are still using this feature and > finding > mixed results. Most importantly though the syslogs (not the gui > logs) do > show when the event occurs with a fairly detailed entry of what the > packet looked like (e.g. header mac and all client reported macs) so > we > can find them on the network. > > Greg > > > -----Original Message----- > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:[EMAIL PROTECTED] On Behalf Of Mark Berman > Sent: Friday, September 05, 2008 7:58 AM > To: [email protected] > Subject: Re: [WIRELESS-LAN] Wireless Router Policy > > This is basically our position as well. The prohibition is in our > "Computing > Ethics and Responsibilities" policy, which, along with the Privacy > Policy > constitute our AUP. The wording is in the section on tampering and > says: > > > "You may not modify residential computing network services or wiring > or > extend those beyond the area of their intended use. This applies to > all > network wiring, hardware, and cluster and in-room jacks. Gateways and > firewalls designed for home use, such as Cable/DSL routers and > Wireless > Access Points, can disrupt the normal operation of the Williams > network > and > are not allowed." > > A recent upgrade of our Impulse Point policy enforcement appliance > gave > us > the ability to locate and automatically shut down NAT gateways and > we're > about to turn that function on. > > - Mark > -- > Mark Berman, Director for Networks & Systems > Williams College, Office for Information Technology > *** Please consider the environment before printing this message > > > > > -----Original Message----- > From: Tony Fellows [mailto:[EMAIL PROTECTED] > Sent: Thursday, September 04, 2008 10:58 AM > Subject: Re: Wireless Router Policy > > Hi, > > I picked up on this issue because some years ago, I too had a problem > with our small university college and the reluctance of management to > prohibit rogue device connectivity to the central network. So rather > than create a new policy I modified the AUP (acceptable Use Policy) - > which every student and staff member signs up to (electronically) each > new academic year. I submitted clauses in the policy banning any > device from being connected to the central network - which isn't the > property of the university - which hasn't been vetted for use - or > which is deemed unsuitable by IT Services staff. It is pointed out > that disciplinary action will be taken if any device is found to be > illegally connected. > To support these clauses - the security and integrity of the network > was the main mission. To manage data traffic and ensure a level of > bandwidth throttling which is sustainable for all users and services. > > I think a previous contributor from Georgia State - Charles - was spot > on when he implied that without certain controls, central networks > would quickly become unreliable, unruly and unfit for purpose. > > > > Tony Fellows BSc (Binftech) CITP MBCS > Head of IT Services > Newman University College > Birmingham B32 3NT > > Email: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > Tel: 0121 476 1181 ext. 2223 > Mob: 07887 902999 > > > ________________________________ > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv on > behalf of Phillips, Chris > Sent: Thu 04/09/2008 3:23 PM > To: [email protected] > Subject: Re: [WIRELESS-LAN] Wireless Router Policy > > > > Mike, > > > > We are vetting a new Residence Network Policy that, if approved, would > make student routers not acceptable and subject to sanctions including > losing network authentication. > > > > Chris Phillips > > Ass't V.P., Technology > > Univ. of Maryland, Baltimore > > > > ________________________________ > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:[EMAIL PROTECTED] On Behalf Of Martin Jr., > D. Michael > Sent: Thursday, September 04, 2008 8:34 AM > To: [email protected] > Subject: [WIRELESS-LAN] Wireless Router Policy > > > > As we prepare to expand our wireless coverage into our residence > halls, I would like to poll this list to see how many of you have > policies prohibiting the use of student (or other) routers in your > environments? My institution, the University of Montevallo, is a > small public liberal arts university which historically has been > reluctant to "prohibit" almost anything in the past, so we have no > current policies in place to prevent the installation of such devices. > In fact, our Helpdesk manager even approached me yesterday about > assisting students in the setup and configuration of their routers. > Any advice any of you could give on such matters would be greatly > appreciated. > > > > Thanks, > > > > D. Michael Martin, Jr. > > Network Administrator > > University of Montevallo > > ********** Participation and subscription information for this > EDUCAUSE Constituent Group discussion list can be found at > http://www.educause.edu/groups/. ********** Participation and > subscription information for this EDUCAUSE Constituent Group > discussion list can be found at http://www.educause.edu/groups/. > > ********** > Participation and subscription information for this EDUCAUSE > Constituent > Group discussion list can be found at http://www.educause.edu/groups/. > > ********** > Participation and subscription information for this EDUCAUSE > Constituent > Group discussion list can be found at http://www.educause.edu/groups/. > > ********** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at http://www.educause.edu/groups/ > . ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
