Return to site

Web Filter For Mac

broken image


  1. Web Filter For Mac Computers
  2. Web Filter For Mac Pro

Free download DETOXIFY - Porn Blocker / Web Filter for PC Windows or MAC from BrowserCam. Family First published DETOXIFY - Porn Blocker / Web Filter for Android operating system(os) mobile devices. However if you ever wanted to run DETOXIFY - Porn Blocker / Web Filter on Windows PC or MAC you can do so using Android emulator. Download Filters for Photos for macOS 10.9 or later and enjoy it on your Mac. ‎15 more FREE filters inside. Filters for Photos brings dozens of high-quality filters right at your fingertips. Apply them to your images and get amazing results instantly. No Photoshop required.

Contents

Introduction

This document explains how to configure MAC filters with wireless LAN controllers (WLCs) with a configuration example. This document also discusses how to authorize lightweight access points (LAPs) against an AAA server.

Prerequisites

Requirements

Ensure that you meet these requirements before you attempt this configuration:

  • Basic knowledge of the configuration of LAPs and Cisco WLCs

  • Basic knowledge of Cisco Unified Wireless Security Solutions

Components Used

The information in this document is based on these software and hardware versions:

  • Cisco 4400 WLC that runs software version 5.2.178.0

  • Cisco 1230AG Series LAPs

  • 802.11 a/b/g wireless client adapter with firmware 4.4

  • Aironet Desktop Utility (ADU) version 4.4

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

What is a boot disc for mac. In addition to this, macOS users also have an option of picking a disk to boot the operating system from.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

MAC Address Filter (MAC Authentication) on WLCs

When you create a MAC address filter on WLCs, users are granted or denied access to the WLAN network based on the MAC address of the client they use. Free vlc for mac download.

There are two types of MAC authentication that are supported on WLCs:

  • Local MAC authentication

  • MAC authentication using a RADIUS server

With local MAC authentication, user MAC addresses are stored in a database on the WLC. When a user tries to access the WLAN that is configured for MAC filtering, the client MAC address is validated against the local database on the WLC, and the client is granted access to the WLAN if the authentication is successful.

By default, the WLC local database supports up to 512 user entries.

The local user database is limited to a maximum of 2048 entries. The local database stores entries for these items:

  • Local management users, which includes lobby ambassadors

  • Local network users, which includes guest users

  • MAC filter entries

  • Exclusion list entries

  • Access point authorization list entries

Together, all of these types of users cannot exceed the configured database size.

In order to increase the local database, use this command from the CLI:

Alternatively, MAC address authentication can also be performed using a RADIUS server. The only difference is that the users MAC address database is stored in the RADIUS server instead of the WLC. When a user database is stored on a RADIUS server the WLC forwards the MAC address of the client to the RADIUS server for client validation. Then, the RADIUS server validates the MAC address based on the database it has. If the client authentication is successful, the client is granted access to the WLAN. Any RADIUS server which supports MAC address authentication can be used.

Configure Local MAC Authentication on WLCs

Complete these steps in order to configure local MAC authentication on the WLCs:

  1. Note: Before you configure MAC authentication, you must configure the WLC for basic operation and register the LAPs to the WLC. This document assumes that the WLC is already configured for basic operation and that the LAPs are registered to the WLC. If you are a new user trying to set up the WLC for basic operation with LAPs, refer to Lightweight AP (LAP) Registration to a Wireless LAN Controller (WLC).

    Note: There is no special configuration needed on the wireless client in order to support MAC authentication.

Configure a WLAN and Enable MAC Filtering

Web

Complete these steps in order to configure a WLAN with MAC filtering:

  1. Click WLANs from the controller GUI in order to create a WLAN.

    The WLANs window appears. This window lists the WLANs configured on the controller.

  2. Click New in order to configure a new WLAN.

    In this example, the WLAN is named MAC-WLAN and the WLAN ID is 1.

  3. Click Apply.

  4. In the WLAN > Edit window, define the parameters specific to the WLAN.

    1. Under Security Policies > Layer 2 Security, check the MAC Filtering check box.

      This enables MAC authentication for the WLAN.

    2. Under General Policies > Interface Name, select the interface to which the WLAN is mapped.

      In this example, the WLAN is mapped to the management interface.

    3. Select the other parameters, which depend on the design requirements of the WLAN.

    4. Click Apply.

The next step is to configure the local database on the WLC with the client MAC addresses.

Refer to VLANs on Wireless LAN Controllers Configuration Example for information on how to configure dynamic interfaces (VLANs) on WLCs.

Configure the Local Database on the WLC with Client MAC Addresses

Complete these steps in order to configure the local database with a client MAC address on the WLC:

  1. Click Security from the controller GUI, and then click MAC Filtering from the left side menu.

    The MAC Filtering window appears.

  2. Click New in order to create a local database MAC address entry on the WLC.

  3. In the MAC Filters > New window, enter the MAC address, Profile Name, Description and the Interface Name for the client.

    Here is an example:

  4. Click Apply.

  5. Repeat steps 2-4 in order to add more clients to the local database.

    Now, when clients connect to this WLAN, the WLC validates the clients MAC address against the local database and if the validation is successful, the client is granted access to the network.

    Note: In this example, only a MAC address filter without any other Layer 2 Security mechanism was used. Cisco recommends that MAC address authentication should be used along with other Layer 2 or Layer 3 security methods. It is not advisable to use only MAC address authentication to secure your WLAN network because it does not provide a strong security mechanism.

Configure MAC Authentication using a RADIUS Server

Complete these steps in order to configure MAC authentication using a RADIUS server. In this example, the Cisco Secure ACS server is used as the RADIUS server.

Configure a WLAN and Enable MAC Filtering

Complete these steps in order to configure a WLAN with MAC filtering:

  1. Click WLANs from the controller GUI in order to create a WLAN.

    The WLANs window appears. This window lists the WLANs configured on the controller.

  2. Click New in order to configure a new WLAN.

    In this example, the WLAN is named MAC-ACS-WLAN and the WLAN ID is 2.

  3. Click Apply.

  4. In the WLAN > Edit window, define the parameters specific to the WLAN.

    1. Under Security Policies > Layer 2 Security, check the MAC Filtering check box.

      This enables MAC authentication for the WLAN.

    2. Under General Policies > Interface Name, select the interface to which the WLAN is mapped.

    3. Under RADIUS servers, select the RADIUS server that will be used for MAC authentication.

      Note: Before you can select the RADIUS server from the WLAN > Edit window, you should define the RADIUS server in the Security > Radius Authentication window and enable the RADIUS server.

    4. Select the other parameters, which depend on the design requirements of the WLAN.

    5. Click Apply.

  5. Click Security > MAC Filtering.

  6. In the MAC Filtering window, choose the type of RADIUS server under RADIUS Compatibility Mode.

    This example uses Cisco ACS.

  7. From the MAC Delimiter pull down menu, choose the MAC delimiter.

    This example uses Colon.

  8. Click Apply.

The next step is to configure the ACS server with the client MAC addresses.

Configure the RADIUS Server with Client MAC Addresses

Complete these steps in order to add a MAC address to the ACS:

  1. Define the WLC as an AAA client on the ACS server. Click Network Configuration from the ACS GUI.

  2. When the Network Configuration window appears, define the name of the WLC, the IP address, the shared secret and the authentication method (RADIUS Cisco Aironet or RADIUS Airespace).

    Refer to the documentation from the manufacturer for other non-ACS authentication servers.

    Note: The shared secret key that you configure on the WLC and the ACS server must match. The shared secret is case sensitive.

  3. From the ACS main menu, click User Setup.

  4. In the User text box, enter the MAC address in order to add to the user database.

    Note: The MAC address must be exactly as it is sent by the WLC for both the username and the password. If authentication fails, check the failed attempts log to see how the MAC is reported by the WLC. Do not cut and paste the MAC address, as this can introduce phantom characters.

  5. In the User Setup window, enter the MAC address in the Secure-PAP password text box.

    Note: The MAC address must be exactly as it is sent by the WLC for both the username and the password. If authentication fails, check the failed attempts log to see how the MAC is reported by the AP. Do not cut and paste the MAC address, as this can introduce phantom characters.

  6. Click Submit.

  7. Repeat steps 2-5 in order to add more users to the ACS database.

    Now, when clients connect to this WLAN, the WLC passes the credentials to the ACS server. The ACS server validates the credentials against the ACS database. If the client MAC address is present in the database, the ACS RADIUS server returns an authentication success to the WLC and the client will be granted access to the WLAN.

Use the CLI to Configure the MAC Filter on WLC

This document previously discussed how to use the WLC GUI to configure MAC filters. You can also use the CLI in order to configure MAC filters on the WLC. You can use these commands in order to configure the MAC filter on WLC:

  • Issue the config wlan mac-filtering enable wlan_id command in order to enable MAC filtering. bEnter the show wlan command in order to verify that you have MAC filtering enabled for the WLAN.

  • config macfilter add command:

    The config macfilter add command lets you add a macfilter, interface, description, and so forth.

    Use the config macfilter add command in order to create a MAC filter entry on the Cisco Wireless LAN controller. Use this command in order to add a client locally to a wireless LAN on the Cisco Wireless LAN controller. Create usb installer for mac. This filter bypasses the RADIUS authentication process.

    Example:

    Enter a static MAC-to-IP address mapping. This can be done to support a passive client, that is, one that does not use DHCP and does not transmit unsolicited IP packets.

  • config macfilter ip-address command

    The config macfilter ip-address command lets you map an existing MAC-filter to an IP address. Use this command in order to configure an IP address into the local MAC filter database:

    Example:

Configure a Timeout for Disabled Clients

You can configure a timeout for disabled clients. Clients who fail to authenticate three times during attempts to associate are automatically disabled from further association attempts. After the timeout period expires, the client is allowed to retry authentication until it associates or fails authentication and is excluded again.

Enter the config wlan exclusionlist wlan_id timeout command in order to configure the timeout for disabled clients. The timeout value can be from 1 to 65535 seconds, or you can enter 0 in order to permanently disable the client.

Verify

Use these commands in order to verify if the MAC filter is configured correctly:

The Output Interpreter Tool (registered customers only) (OIT) supports certain show commands. Use the OIT to view an analysis of show command output.

Web Filter For Mac

Complete these steps in order to configure a WLAN with MAC filtering:

  1. Click WLANs from the controller GUI in order to create a WLAN.

    The WLANs window appears. This window lists the WLANs configured on the controller.

  2. Click New in order to configure a new WLAN.

    In this example, the WLAN is named MAC-WLAN and the WLAN ID is 1.

  3. Click Apply.

  4. In the WLAN > Edit window, define the parameters specific to the WLAN.

    1. Under Security Policies > Layer 2 Security, check the MAC Filtering check box.

      This enables MAC authentication for the WLAN.

    2. Under General Policies > Interface Name, select the interface to which the WLAN is mapped.

      In this example, the WLAN is mapped to the management interface.

    3. Select the other parameters, which depend on the design requirements of the WLAN.

    4. Click Apply.

The next step is to configure the local database on the WLC with the client MAC addresses.

Refer to VLANs on Wireless LAN Controllers Configuration Example for information on how to configure dynamic interfaces (VLANs) on WLCs.

Configure the Local Database on the WLC with Client MAC Addresses

Complete these steps in order to configure the local database with a client MAC address on the WLC:

  1. Click Security from the controller GUI, and then click MAC Filtering from the left side menu.

    The MAC Filtering window appears.

  2. Click New in order to create a local database MAC address entry on the WLC.

  3. In the MAC Filters > New window, enter the MAC address, Profile Name, Description and the Interface Name for the client.

    Here is an example:

  4. Click Apply.

  5. Repeat steps 2-4 in order to add more clients to the local database.

    Now, when clients connect to this WLAN, the WLC validates the clients MAC address against the local database and if the validation is successful, the client is granted access to the network.

    Note: In this example, only a MAC address filter without any other Layer 2 Security mechanism was used. Cisco recommends that MAC address authentication should be used along with other Layer 2 or Layer 3 security methods. It is not advisable to use only MAC address authentication to secure your WLAN network because it does not provide a strong security mechanism.

Configure MAC Authentication using a RADIUS Server

Complete these steps in order to configure MAC authentication using a RADIUS server. In this example, the Cisco Secure ACS server is used as the RADIUS server.

Configure a WLAN and Enable MAC Filtering

Complete these steps in order to configure a WLAN with MAC filtering:

  1. Click WLANs from the controller GUI in order to create a WLAN.

    The WLANs window appears. This window lists the WLANs configured on the controller.

  2. Click New in order to configure a new WLAN.

    In this example, the WLAN is named MAC-ACS-WLAN and the WLAN ID is 2.

  3. Click Apply.

  4. In the WLAN > Edit window, define the parameters specific to the WLAN.

    1. Under Security Policies > Layer 2 Security, check the MAC Filtering check box.

      This enables MAC authentication for the WLAN.

    2. Under General Policies > Interface Name, select the interface to which the WLAN is mapped.

    3. Under RADIUS servers, select the RADIUS server that will be used for MAC authentication.

      Note: Before you can select the RADIUS server from the WLAN > Edit window, you should define the RADIUS server in the Security > Radius Authentication window and enable the RADIUS server.

    4. Select the other parameters, which depend on the design requirements of the WLAN.

    5. Click Apply.

  5. Click Security > MAC Filtering.

  6. In the MAC Filtering window, choose the type of RADIUS server under RADIUS Compatibility Mode.

    This example uses Cisco ACS.

  7. From the MAC Delimiter pull down menu, choose the MAC delimiter.

    This example uses Colon.

  8. Click Apply.

The next step is to configure the ACS server with the client MAC addresses.

Configure the RADIUS Server with Client MAC Addresses

Complete these steps in order to add a MAC address to the ACS:

  1. Define the WLC as an AAA client on the ACS server. Click Network Configuration from the ACS GUI.

  2. When the Network Configuration window appears, define the name of the WLC, the IP address, the shared secret and the authentication method (RADIUS Cisco Aironet or RADIUS Airespace).

    Refer to the documentation from the manufacturer for other non-ACS authentication servers.

    Note: The shared secret key that you configure on the WLC and the ACS server must match. The shared secret is case sensitive.

  3. From the ACS main menu, click User Setup.

  4. In the User text box, enter the MAC address in order to add to the user database.

    Note: The MAC address must be exactly as it is sent by the WLC for both the username and the password. If authentication fails, check the failed attempts log to see how the MAC is reported by the WLC. Do not cut and paste the MAC address, as this can introduce phantom characters.

  5. In the User Setup window, enter the MAC address in the Secure-PAP password text box.

    Note: The MAC address must be exactly as it is sent by the WLC for both the username and the password. If authentication fails, check the failed attempts log to see how the MAC is reported by the AP. Do not cut and paste the MAC address, as this can introduce phantom characters.

  6. Click Submit.

  7. Repeat steps 2-5 in order to add more users to the ACS database.

    Now, when clients connect to this WLAN, the WLC passes the credentials to the ACS server. The ACS server validates the credentials against the ACS database. If the client MAC address is present in the database, the ACS RADIUS server returns an authentication success to the WLC and the client will be granted access to the WLAN.

Use the CLI to Configure the MAC Filter on WLC

This document previously discussed how to use the WLC GUI to configure MAC filters. You can also use the CLI in order to configure MAC filters on the WLC. You can use these commands in order to configure the MAC filter on WLC:

  • Issue the config wlan mac-filtering enable wlan_id command in order to enable MAC filtering. bEnter the show wlan command in order to verify that you have MAC filtering enabled for the WLAN.

  • config macfilter add command:

    The config macfilter add command lets you add a macfilter, interface, description, and so forth.

    Use the config macfilter add command in order to create a MAC filter entry on the Cisco Wireless LAN controller. Use this command in order to add a client locally to a wireless LAN on the Cisco Wireless LAN controller. Create usb installer for mac. This filter bypasses the RADIUS authentication process.

    Example:

    Enter a static MAC-to-IP address mapping. This can be done to support a passive client, that is, one that does not use DHCP and does not transmit unsolicited IP packets.

  • config macfilter ip-address command

    The config macfilter ip-address command lets you map an existing MAC-filter to an IP address. Use this command in order to configure an IP address into the local MAC filter database:

    Example:

Configure a Timeout for Disabled Clients

You can configure a timeout for disabled clients. Clients who fail to authenticate three times during attempts to associate are automatically disabled from further association attempts. After the timeout period expires, the client is allowed to retry authentication until it associates or fails authentication and is excluded again.

Enter the config wlan exclusionlist wlan_id timeout command in order to configure the timeout for disabled clients. The timeout value can be from 1 to 65535 seconds, or you can enter 0 in order to permanently disable the client.

Verify

Use these commands in order to verify if the MAC filter is configured correctly:

The Output Interpreter Tool (registered customers only) (OIT) supports certain show commands. Use the OIT to view an analysis of show command output.

  • show macfilter summary—Displays a summary of all MAC filter entries.

  • show macfilter detail <client MAC Address>—Detailed display of a MAC filter entry.

Here is an example of the show macfilter summary command:

Here is an example of the show macfilter detail command:

Troubleshoot

You can use these commands to troubleshoot your configuration:

Note: Refer to Important Information on Debug Commands before you use debug commands.

  • debug aaa all enable— Provides debugging of all AAA messages.

  • debug mac addr <Client-MAC-address xx:xx:xx:xx:xx:xx>—In order to configure MAC debugging, use the debug mac command.

Here is an example of the debug aaa all enable command:

When a wireless client is not present in the MAC address database on the WLC (local database) or on the RADIUS server tries to associate to the WLAN, that client will be excluded. Here is an example of the debug aaa all enable command for an unsuccessful MAC authentication:

Wireless Clients that Try to Authenticate by MAC Address are Rejected; Failed Authentication Report Shows Internal Errors

When you use ACS 4.1 that runs on a Microsoft Windows 2003 Enterprise server, clients that try to authenticate by the MAC address are rejected. This occurs when an AAA client sends the Service-Type=10 attribute value to the AAA server. This is because of Cisco bug ID CSCsh62641 (registered customers only) . AAA clients affected by this bug include WLCs and switches that use MAC Authentication Bypass.

The workarounds are:

  • Downgrade to ACS 4.0.

    or

  • Add the MAC addresses to be authenticated to a Network Access Protection (NAP) under the internal ACS DB MAC address table.

Not able to add a MAC filter using the WLC GUI

This can happen becaue of the Cisco bug ID CSCsj98722 (registered customers only) . The bug is fixed in 4.2 release of code. If you are running versions earlier than 4.2, you can upgrade the firmware to 4.2 or use these two workarounds for this issue.

  • Use the CLI in order to configure the MAC Filter with this command:

  • From the Web GUI of the controller, choose Any WLAN under the Security tab and enter the MAC address to be filtered.

Silent client not placed in run state

If DHCP required is not configured on the controller, the APs learn the IP address of wireless clients when the wireless clients send out the first IP packet or ARP. If the wireless clients are passive devices, for example, devices that do not initiate a communication, then the APs fails to learn the IP address of the wireless devices. As a result, the controller waits ten seconds for the client to send an IP packet. If there is no response from the packet from the client, then the controller drops any packets to the passive wireless clients. This issue is documented in Cisco bug ID CSCsq46427 (registered customers only)

As a recommended workaround for passive devices like printers, wireless PLC pumps and so forth, you need to set the WLAN for MAC filtering and have AAA override checked in order to allow these devices to be connected.

Web Filter For Mac Computers

A MAC address filter can be created on the controller that maps the MAC address of the wireless device to an IP address.

Note: This requires MAC address filtering to be enabled on the WLAN configuration for Layer 2 Security. It also requires Allow AAA Overide to be enabled in the advance settings of the WLAN configuration.

From the CLI, enter this command in order to create the MAC address filter:

Here is an example:

Related Information

Web Filter For Mac Pro

  • To begin, click on the Apple icon in the top left corner of your screen and select System Preferences. When the System Preferences menu comes up, click the Parental Controls icon in the System row.

    Step 1 - Select 'Parental Controls' under 'System Preferences'
  • The Parental Controls preferences window will open. To maintain security on this window, you will need to click on the lock in the lower left corner of the screen and enter the administrator password. Once you have entered the password, click OK.

    Step 2 - Log in to get access to parental controls
  • To start making changes to the controls, select the username you wish to modify. If you don't have any other users on your computer, you will be shown the 'Open Accounts Preferences…' button. Click there to create new usernames. Once you've created a new username, select the name of the account for which you will set up Parental Controls from the list on the left. Then check the boxes for 'Allow guests to log in to this computer,' and 'Enable parental controls.'

    Step 3 - Select the user whose account you wish to modify
  • Click on the 'Open Parental Controls…' button.

  • If you're not already on the System tab, click to open it. This section gives you access to several options for controlling access to system functions and applications. The majority of these options are purely a matter of parental preference as to whether you would like to enable them. In order to run Covenant Eyes, you will need to have 'Only allow selected applications' checked.

  • Underneath 'Only allow selected applications,' you may select which applications can be accessed in five different categories: iLife, Internet, Widgets, Other, and Utilities. Each category has several application and system options under them. Click the arrow to the left of the category to view the options. For the purposes of Covenant Eyes, it is important to enable at least a web browser and Covenant Eyes.

    • You may choose to activate the entire Internet category. However, it may only be necessary to activate the Internet browser. (For instance, you may disable Mail and iChat.)
    • Under the Other category, you will want to make sure you have selected Covenant Eyes from the list. If not selected it will not allow the user to get online. (Note: The option 'Uninstall Covenant Eyes' is also in the Other category. We recommend leaving this option unchecked so that the user does not have access to uninstall the Covenant Eyes software.)
    Step 6 - Modify system preferences for this user.
  • Once you have completed your selections on the System tab, click on the Content tab for more options. At the top of this section you'll have the choice of activating the portion of the filter that prevents access to profanity in the Mac Dictionary. By checking the box next to 'Hide profanity in Dictionary,' you will limit access to profanity in dictionaries, thesauruses, Wikipedia, and other sources.

  • In the Website Restrictions section, you have three filtering options:

    • Allow unrestricted access to websites – As the name implies, this setting will not filter any websites.
    • Try to limit access to adult websites automatically – Your Mac will automatically filter certain sites. The Administrator of the account can also add a list of sites that are allowed or blocked by clicking Customize.
    • Allow access to only these websites – This option prevents the user from accessing sites other than those you choose and list here. To add sites to the list, click the plus sign (+) under the list. The list does come pre-loaded with several suggested fun and educational sites.
    Step 8 - Choose how much you want to restrict the user's Internet access
  • On the 'Mail & iChat' tab, you can place a limit on chat and e-mail exchanges to the list of addresses you create on this page. The addresses on this list are the only ones that will be allowed to send messages to the account user using Mac mail and iChat. You can add e-mail addresses by clicking on the (+) button. You can also request an e-mail any time someone not on this list attempts to e-mail the user.

    Step 9 - Restrict the people who can contact this Mac user through Mac mail and iChat
  • Under 'Time Limits,' you can set the amount of time that a particular user is allowed to access the computer. In the first two sections, you can set the total amount of time the user is allowed to use the computer (between 30 minutes and 8 hours) on weekdays and weeknights. In the last section, you can set specific times the user is NOT allowed to access the computer. (Note: If you do not make a selection, system users will be allowed unlimited time.)

    Step 10 - Select when and for how long the user is allowed to access the computer
  • Finally, by clicking on the 'Logs' tab, the administrator can view activity logs in four areas: Websites Visited, Websites Blocked, Applications, and iChat. By selecting a time period in the Show activity for field, you can view logs from one day to one year and beyond. The Group by field allows you to sort the information for easier reading.

  • Once you have completed your modifications to the Parental Control Preferences, you will need to make sure you click back on the lock in the lower left. After it has closed, no one will be allowed to make changes without proper authorization.





broken image