Trunk configuration (VTP) between 3750 and 2811

Hi,
I have a stack of 6 Cisco Catalyst 3750G with 6 VLANs acting as a VTP server and want to establish a trunk link to my Cisco 2811 router equiped with a switching module 16 ports. Can I set the 2811 as a VTP client to propagate the VLAN info from the 3750 and configure one of the port on the switching module of the 2811 as a trunk encapsulated DOT1q and will I be able to route to the outside world.
Thank you

I beleive the switching cards support vtp and that should be possible.
Table 2. Features Supported on Cisco EtherSwitch Modules
EtherSwitch Network Modules (NM-16ESW and NMD-36ESW)
EtherSwitch HWICs (HWIC-4ESW and HWICD-9ESW)
EtherSwitch Service Modules (NME-16ES-1G, NME-16ES-1G-P, NME-X-23ES-1G, NME-X-23ES-1G-P, NME-XD-48ES-2S-P, and NME-XD-24ES-1S-P)
VLANs
Multiple VLANs per Switch
Yes (varies by chassis; maximum of 64 on Cisco 3845)
Yes (maximum of 15 on any chassis)
Yes (maximum of 1,024 per switch or stack)
VLANs in 4,000 Range
No
No
Yes
IEEE 802.1Q Tagged and Untagged VLANs
Yes
Yes
Yes (802.1Q and Inter-Switch Link [ISL])
VLAN Trunking Protocol (VTP) Support for Client, Server, and Transparent Modes
Yes
Yes
Yes

Similar Messages

VTP Between 3750 and 2811

Hey All,
I'm attempting to create a trunk between a 3750 and a Cisco 2811 router (with a 16 port switching module NM-16-ESW). I'm using an etherchannel trunk between the two. I'm trying to configure VTP on the 3750 (server) and make the 2811 a client. Below is a copy of the configs and output from relevant commands. Any clue why I'm not seeing vlans on the 2811?
2811 Router Config:
interface Port-channel1
switchport mode trunk
nterface FastEthernet1/14
switchport mode trunk
channel-group 1 mode on
interface FastEthernet1/15
switchport mode trunk
channel-group 1 mode on
MPLS-TEST#sh vlans
No Virtual LANs configured.
MPLS-TEST#sh vtp status
VTP Version : 2
Configuration Revision : 1
Maximum VLANs supported locally : 256
Number of existing VLANs : 6
VTP Operating Mode : Client
VTP Domain Name : VTP
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xE7 0x0F 0xE8 0x89 0x47 0xAE 0x7E 0x7B
Configuration last modified by <IP of 3750> at 3-1-93 00:06:05
3750 Config and Shows:
interface Port-channel1
switchport trunk encapsulation dot1q
switchport mode trunk
interface FastEthernet1/0/47
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode on
interface FastEthernet1/0/48
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode on
sw-upstairs#sh vtp status
VTP Version : 2
Configuration Revision : 1
Maximum VLANs supported locally : 1005
Number of existing VLANs : 6
VTP Operating Mode : Server
VTP Domain Name : VTP
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xE7 0x0F 0xE8 0x89 0x47 0xAE 0x7E 0x7B
Configuration last modified by <IP of VLAN 1> at 3-1-93 00:06:05
Local updater ID is 134.178.220.224 on interface Vl1 (lowest numbered VLAN interface found)
sw-upstairs#sh vlan
VLAN Name Status Ports
1 default active Fa1/0/1, Fa1/0/2, Fa1/0/3
Fa1/0/4, Fa1/0/5, Fa1/0/6
Fa1/0/7, Fa1/0/8, Fa1/0/9
Fa1/0/10, Fa1/0/11, Fa1/0/12
Fa1/0/13, Fa1/0/14, Fa1/0/15
Fa1/0/16, Fa1/0/17, Fa1/0/18
Fa1/0/19, Fa1/0/20, Fa1/0/21
Fa1/0/22, Fa1/0/23, Fa1/0/24
Fa1/0/25, Fa1/0/26, Fa1/0/27
Fa1/0/28, Fa1/0/29, Fa1/0/30
Fa1/0/31, Fa1/0/32, Fa1/0/33
Fa1/0/34, Fa1/0/35, Fa1/0/36
Fa1/0/37, Fa1/0/38, Fa1/0/39
Fa1/0/40, Fa1/0/41, Fa1/0/42
Fa1/0/43, Fa1/0/44, Fa1/0/45
Fa1/0/46, Gi1/0/1, Gi1/0/2
Gi1/0/3, Gi1/0/4
5 INTERNET active
I'm baffled why these vlans aren't showing on my 2811. Any ideas?
Thanks,
Mike

Hey All,
Thanks for the input! I was actually able to solve the issue. It appears that "sh vlans" is different on an IOS router than an IOS switch. On the router it shows sub-interface ISL/dot1q trunks to a switch. This is obviously different for me as I have a switching card. In order to see VTP in action on the router and verify it was working I actually needed to view it through the VLAN database. See below:
MPLS-TEST#vlan database
MPLS-TEST(vlan)#show
VLAN ISL Id: 1
Name: default
Media Type: Ethernet
VLAN 802.10 Id: 100001
State: Operational
MTU: 1500
VLAN ISL Id: 5
Name: INTERNET
Media Type: Ethernet
VLAN 802.10 Id: 100005
State: Operational
MTU: 1500
VLAN ISL Id: 10
Name: INTERNET-DMZ
Media Type: Ethernet
VLAN 802.10 Id: 100010
State: Operational
MTU: 1500
VLAN ISL Id: 20
Name: PRODUCTION
Media Type: Ethernet
VLAN 802.10 Id: 100020
State: Operational
MTU: 1500
VLAN ISL Id: 25
Name: LAPTOPS
Media Type: Ethernet
VLAN 802.10 Id: 100025
State: Operational
MTU: 1500
VLAN ISL Id: 30
Name: NETWORK-DISTRIBUTION
Media Type: Ethernet
VLAN 802.10 Id: 100030
State: Operational
MTU: 1500
VLAN ISL Id: 250
Name: BGP-ROUTING
Media Type: Ethernet
VLAN 802.10 Id: 100250
Certainly is confusing and left me scratching my head. Thanks for the help though! I through this up on my blog too so someone in the future isn't chasing his/her tail
-Mike
http://cs-mars.blogspot.com

Is it possible to Configure VPC Between N5010 and 6513

Hello Gents,
Please let me know if we can configure VPC Between N5010 and 6513(coreswitch).
IF Yes, Does it have any loops or abnormal traiffc behaviour ?
Please refer the attached mail for current network diagram
1) I would like to establish VPC Between N5010 and Cisco 6513 switch
2) if yes, Does the upstream devices above 6513 core switch will forward the traffic from all the
6513 ports connected to N5000 ports or 6513 will send traffic from one up link and block other
uplink ports as part of STP.
3) Is VSS on 6513 is required for Point #1
Please refer some links on this as well.
Appreciate your quick response.
Thanks and Regards,
KA.

Hi Karim ,
You can use this one - you can consider your 6k the FEX as in this example
http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/configuration_guide_c07-543563.html
On the portchannel to 6k will not configure :
"switchport mode fex-fabric"
"fex associate 100"
This configuration in indended to be used with FEX.
Regards
Dan

What are the configuration need between R3 and XI when we use RFC sync adap

hi,
What are the configuration need between R3 and XI when we use RFC sync adapter.
Regards
siva.

if its the sender adapter ref:
RFC adapter
Sender- /people/michal.krawczyk2/blog/2005/03/29/configuring-the-sender-rfc-adapter--step-by-step
Receiver;
http://help.sap.com/saphelp_nw04/helpdata/en/c8/e80440a832e369e10000000a155106/content.htm
Also;
trouble shooting rfc/soap -
/people/shabarish.vijayakumar/blog/2008/01/08/troubleshooting--rfc-and-soap-scenarios-updated-on-20042009

Comparison between 3750 and 3750-metro

hi folks,
is there any links which will provide me on the comparison between 3750 and 3750-metro? for exapmple, isis is not support on 3750 but it support on 3750-metro. The product information from cisco site is insufficient in term of the main differences :p
rgd
josh.w

Hi Josh,
The Cisco Catalyst 3750 Metro Series is built for Metro Ethernet access in a customer location, enabling the delivery of more differentiated Metro Ethernet services. These switches feature bidirectional hierarchical QoS and Traffic Shaping, intelligent 802.1Q tunneling with class-of-service (CoS) mutation, VLAN translation, MPLS, EoMPLS, and Hierarchical Virtual Private LAN Service (H-VPLS) support, and redundant AC or DC power. They are ideal for service providers seeking to deliver profitable business services, such as Layer 2, Layer 3, and MPLS VPNs, in a variety of bandwidths and with different SLAs.
The metro switches have the PXF chips (which allow hierarchical QoS on the 2 "WAN" GigE ports, so several logical links can share a connection, and have soft bandwidth limits).
For more details on 3750-M switches have a look at this link
http://www.cisco.com/en/US/products/hw/switches/ps5532/products_qanda_item09186a00801eb822.shtml
HTH
Ankur
*Pls rate all helpfull post

How to configure SingleSignOn between GRC and BOBJ 4.1

How to configure SingleSignOn between GRC and BOBJ 4.1?
We have configured the System entitlement in BOBJ CMC. But didn't do anything on the GRC system.
User can login from BOBJ to GRC with password but not with SSO.
We haven't configured SNC . I don't this for this simple flow, we need to have SNC.
We haven't set up the Trust certificate exchange as well between BOBJ and GRC.
Please help us to know what are the mandatory settings need to be done to create a Relational connection for a ERP/GRC system from BOBJ client tool IDT?
thanks,
Tilak

How to configure SingleSignOn between GRC and BOBJ 4.1?
We have configured the System entitlement in BOBJ CMC. But didn't do anything on the GRC system.
User can login from BOBJ to GRC with password but not with SSO.
We haven't configured SNC . I don't this for this simple flow, we need to have SNC.
We haven't set up the Trust certificate exchange as well between BOBJ and GRC.
Please help us to know what are the mandatory settings need to be done to create a Relational connection for a ERP/GRC system from BOBJ client tool IDT?
thanks,
Tilak

Key Configuration differences between SAP and ORACLE Financials

Hello,
After spending good 7 years in SAP related projects recently I started working in ORACLE Applications. I used to be an ORACLE programmer years back. To my surprise the same ORACLE Forms are still very much the heart of the ORACLE UI.
Then I thought what will be the key differences between ORACLE and SAP in terms of configuration elements. While I know a bunch of configuraion items in SAP , I am not sure about the same in ORACLE world. I am not even sure some of the configuration items that are available in SAP exists in ORACLE.
Does anyone know both sides of the coin ? The terminology and design ?
SAP has
Client,Company code, Business area, Functional Area, GL, Posting Key, Document Type.
I am trying to get the details of the equivalents of these in ORACLE.
Does anyone know it ?
For e.g , when you post to AP or AR in SAP , GL is updated automatically. In ORACLE you post to a AP Book or AR Book then Run a batch to move them to GL Book.
ORACLE uses SQLLoader to load data . You can write a PL SQL and update the tables directly, which is not the case in SAP. For dataloads and conversions, SAP uses BDC's ( though XI can be used but its slow).For ORACLE its the good old SQL and PlSQL combo.
What are the equivalents of the configuration elements in ORACLE world ?
Also what are the major differences between these two in terms of designing a financial system.
Does any one know ?

Genie,
I agree that a case is made on how well these two ERPs solve the day to day tasks before a company chooses one of these two. But my question is aimed at finance to begin with. You are going to need a general ledger for any company or government regardless of ERP. And how well you can drive the ledger to map your business is the key here.
The way ledger is built is around a business area ,company or country and is very tighly designed in SAP. I would like to know if there is any equivalent of the configuration items in ORACLE. I am more interested in terminology of ORACLE.
For example ,
SAP ====> ORACLE
GL ==> Book In ORACLE
Document Number ===> Invoice Number
Posting Period in SAP ==> Posting period In ORACLE
Most of the terms are finance terms , so they are common ( eg. an account number is an account number in ORACLE and SAP ) between two systems. I am interested in any specific thing that is available in ORACLE but not in SAP and vice verse.
thanks for the link you have provided.
Its very useful.

Configuration steps between PS and FICO

Dear All ,
Pl anybody tell me , how to create a link between PS and FI , kindly write the configuration steps releated PS and FI integration .
Thanks in Advance

Amit
This thread is now locked. Your question has already been answered - see thread
PS integration with other modules
Muzamil - thanks for your comment.

Link between 3750 and 4908 (Lx, monomode fiber)

Hello,
I have a new swtich a C3750 and a 4908 works very well.
I try to link a 3750 and a 4908, my results :
- Port of 3750 and 4908 is up when I put "speed nonegociate" . And juste few packets arrive to the 4908 and I can't ping the 4908.
- Port of 3750 is up with "speed nonegociate", and the port of 4908 stays down....
- Port of 3750 and 4908 stay down without "speed nonegociate" ... :(
You can see the 3750's config in attachments.
Ps : Sorry for my english, i'm a french student :)
Thank in advance

Hi
In recent past i had tried interfacing 3750 installed with LX SFP with third party SFPs installed in Lucent DSLAMs with speed nonegotiate on the cisco 3750 side.
We did face some kinda wierd problems after the lucent DSLAMs get rebooted or sometimes even we disconnect and reconnect the fiber it happened that we failed to get the link(connectivity).
So i would suggest to go for an original Cisco SFP make to avoid all these intermittent issues which can result in unecessary downtimes..
regds

How to configure link between 2921 and SM-D-ES3G-48-P EtherSwitch Service Module

hi,
I can't do that like the procedure given by Cisco.
http://www.cisco.com/en/US/partner/docs/routers/access/interfaces/software/feature/guide/eesm_sw.html#wp1942894
Cisco Procedure :
interface gi10/0
ip address x.x.x.x x.x.x.x
service-module gigabitethernet 1/0 session
My result :
R2921-8CPITR-1(config)#int gi 1/1
R2921-8CPITR-1(config-if)#ip address 2.2.2.2 255.255.255.192
% IP addresses may not be configured on L2 links.
R2921-8CPITR-1(config-if)
R2921-8CPITR-1(config)#interface gigabitEthernet 1/1.1 ?
% Unrecognized command
R2921-8CPITR-1(config)#interface gigabitEthernet 1/1 ?
<cr>
R2921-8CPITR-1(config)#
the session is not possible also ?
R2921-8CPITR-1#service-module gigabitEthernet 1/1 sess
 ^
% Invalid input detected at '^' marker.
R2921-8CPITR-1#
The routeur said that it's not a L3 port, so how to configure it to allow communication between the 2921 and the card ?
Is there a bug with that version I'm in 15.1(4)M4 ????
R2921-8CPITR-1#sh ver
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.1(4)M4, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Tue 20-Mar-12 18:57 by prod_rel_team
ROM: System Bootstrap, Version 15.0(1r)M15, RELEASE SOFTWARE (fc1)
R2921-8CPITR-1 uptime is 19 hours, 21 minutes
System returned to ROM by power-on
System restarted at 16:00:45 GAB Fri Sep 14 2012
System image file is "flash0:c2900-universalk9-mz.SPA.151-4.M4.bin"
Last reload type: Normal Reload
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Cisco CISCO2921/K9 (revision 1.0) with 479232K/45056K bytes of memory.
Processor board ID FGL1618119E
6 Gigabit Ethernet interfaces
2 terminal lines
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash 0 (Read/Write)
License Info:
License UDI:
Device# PID SN
*0 CISCO2921/K9 FGL1618119E
Technology Package License Information for Module:'c2900'
Technology Technology-package Technology-package
 Current Type Next reboot
ipbase ipbasek9 Permanent ipbasek9
security None None None
uc None None None
data None None None
Configuration register is 0x2102
R2921-8CPITR-1#

Same issue here.
I just waited a few minutes and the interface went down and back up, this time it was a L3 interface.
My guess is that it was booting the switch module IOS, and it detected it until it was fully booted:
Apr 11 05:26:52.091: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to down
Apr 11 05:26:52.091: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to down
Apr 11 05:26:52.091: %LINK-3-UPDOWN: Interface GigabitEthernet0/2, changed state to down
Apr 11 05:26:52.091: %LINK-3-UPDOWN: Interface GigabitEthernet1/0, changed state to up
Apr 11 05:26:52.795: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
Apr 11 05:26:53.091: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down
Apr 11 05:26:53.091: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down
Apr 11 05:26:53.091: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/2, changed state to down
Apr 11 05:26:53.091: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0, changed state to up
Apr 11 05:27:46.895: %LINK-5-CHANGED: Interface Embedded-Service-Engine0/0, changed state to administratively down
Apr 11 05:27:46.895: %LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to administratively down
Apr 11 05:27:46.947: %LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to administratively down
Apr 11 05:27:47.031: %LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state to administratively down
Apr 11 05:27:47.083: %LINK-5-CHANGED: Interface GigabitEthernet1/0, changed state to administratively down
Apr 11 05:27:47.895: %LINEPROTO-5-UPDOWN: Line protocol on Interface Embedded-Service-Engine0/0, changed state to down
Apr 11 05:27:48.083: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0, changed state to down
Apr 11 05:27:49.283: %IP-5-WEBINST_KILL: Terminating DNS process
Apr 11 05:27:52.499: %LINK-3-UPDOWN: Interface GigabitEthernet1/1, changed state to up
Apr 11 05:27:53.087: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C2951 Software (C2951-UNIVERSALK9-M), Version 15.1(4)M5, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Tue 04-Sep-12 16:50 by prod_rel_team
Apr 11 05:27:53.255: %SNMP-5-COLDSTART: SNMP agent on host Router is undergoing a cold start
Apr 11 05:27:53.499: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1, changed state to up
Apr 11 05:28:21.435: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
Apr 11 05:29:22.091: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1, changed state to down
Apr 11 05:29:22.095: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
Router>en
Router#sh ip int brief
Interface IP-Address OK? Method Status Protocol
Embedded-Service-Engine0/0 unassigned YES unset administratively down down
GigabitEthernet0/0 unassigned YES unset administratively down down
GigabitEthernet0/1 unassigned YES unset administratively down down
GigabitEthernet0/2 unassigned YES unset administratively down down
GigabitEthernet1/0 unassigned YES unset administratively down down
GigabitEthernet1/1 unassigned YES unset up down
Vlan1 unassigned YES unset down down
Router#
Apr 11 05:29:46.106: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1, changed state to upconf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int g1/0
Router(config-if)#ip add 1.1.1.1 255.255.255.0
Router(config-if)#no shut
Router(config-if)#
Apr 11 05:30:09.046: %LINK-3-UPDOWN: Interface GigabitEthernet1/0, changed state to up
Apr 11 05:30:10.046: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0, changed state to up
Router(config-if)#end

About configuration replicate between r3 and crm

hi gurus, i want to ask you a basic question, is the situation described right:
1, some configuration should be done in r3 and should be transfered to crm;
2, some can be done in crm and should be transfered to r3;
3, some should be done in both crm and r3, but can only do it seperately and manully;
4, some can be done in just r3 or crm and need not be transfered to the other one.
and one further question is how can i know the configuration in r3 should or can be tranfered to crm? i mean, i know there is a tcode to do the transfer, but how can i identify the item is the item i should transfer?
i am not a crm consultant, the question is perhaps not to the point. but really hope you gurus give some help.
thank you.

Hi Daniel,
Let me try to answer your questions
1, some configuration should be done in r3 and should be transfered to crm;
Yes, for example pricing conditions
2, some can be done in crm and should be transfered to r3;
No, I dont think we transfer config from CRM to R/3.
3, some should be done in both crm and r3, but can only do it seperately and manully;
Yes
4, some can be done in just r3 or crm and need not be transfered to the other one
Yes
There are middleware objects which are used to download the R/3 config to CRM.I dont think there is a standard way to find out which config needs to be downloaded.
Regards,
Madhu

Configuration/relationship between PermSize and HeapMemory

Is there any recomended relationship between PermSize memory and Heap Memory?
I'm having a few "java.lang.OutOfMemoryError: PermGen space. I'm using tomcat 5.5 and jre 1.5 with 64 bits and debian lenny. The heap memory is 16-24 Gb.
What -XX:MaxPermSize should I use?

poroto20 wrote:
Is there any recommended relationship between PermSize memory and Heap Memory?No
I'm having a few "java.lang.OutOfMemoryError: PermGen space.
I'm using tomcat 5.5 and jre 1.5 with 64 bits and debian lenny.
The heap memory is 16-24 Gb.
What -XX:MaxPermSize should I use?The default is only 64m or possibly 30% larger.
If you have enough memory just go with MaxPermSize=1G, then monitor the usage with something like visualgc (part of jvmstat).

Configure IPsec between PIX and ADSL router

Hi,
We want to create IPsec between PIX @ Point A and ASA(which is behind ADSL router) @ Point B.
Point A PIX ----> Internet -- cloud -- Internet <---- ADSL Router <---ASA Point B
Please guide me or share usefull link for same.
Thanks & Regards,
Dhaval Dikshit

IPSec should only be an option if the WLC has a crypto card installed. IIRC, only the 4400 supported the crypto card, and it went EoS shortly after the airespace acquisition.
HTH,
Steve
Please remember to rate helpful posts or to mark the question as answered so that it can be found later.

802.1x between Switch 3750 and ACS 4.2 Authentication faild --need help

I configured the Switch 3750 and ACS for 802.1x authentication.
when I used the windows as the 802.1x client, it prompted "click here to enter user name and pasword for the network " as normal.
The problem is that after I entered username and password (i am sure i enter the identical username and password as in ACS) the authentication failed,
What is the most possibly problem?
Thx in advance!!!
The configuration is Sw3750 is:
aaa new-model
aaa authentication login default local
aaa authentication enable default line
aaa authentication dot1x default group radius
aaa authorization network default group radius
dot1x system-auth-control
interface GigabitEthernet1/0/18
description Link to test 802.1x
switchport access vlan 119
switchport mode access
dot1x pae authenticator
dot1x port-control auto
spanning-tree portfast
radius-server host 10.1.1.333 auth-port 1645 acct-port 1646
radius-server source-ports 1645-1646
radius-server key keepopen0
In the ACS:
Network Configuration -->aaa client ip address: 10.1.119.1(the vlan 119's ip address), shared secret: keepopen0
user setup -->real name:test1, password: test1.
Attached is the debug information

What do you see in acs failed attempts?

ESS/MSS sso configure between java and abap instance

Dear Gurus,
I want to configure sso between java and abap instance for ESS/MSS. I couldnt find any guide for it, could you please help me gurus ?
Other question is, is there any specific role for ESS/MSS users in JAVA instance. I want to create users and assign this role to them.
Best Regards

Hi Kemal,
Hope you are doing good.
There should be a / in the ITS path before SAP.
Basically the entry that you have mentioned here should be accessible via browser as well. For eg in your case:
http://<its hist name>/sap/bc/gui/sap/its/webgui should be accessible over browser.
I also think you have put in a extra space in "w ebgui". It should be "webgui".
If the connector settings are working, then we can be sure that system connection is fine. You do not need to configure ITS settings.
Also for SSO, refer the SAP note:1083421 and configure the SS0 settings again.
Please run the SSO2 wizard and then make the automatic connection to
the abap server. This will solve any inconsistencies on the server
due to manual interventions.
Most likely reason for the error is that certificates were loaded
manually rather than using SSO wizard.
More help:
<http://wiki.sdn.sap.com/wiki/display/EP/Troubleshooting+SSO+between+AS-ABAP+and+AS-JAVA>
The SSO enabling parameters should be set on the R/3 server.
SSO Logon Ticket-> login/accept_sso2_ticket and login/create_sso2_ticket
More info:
<http://help.sap.com/saphelp_nw04/Helpdata/EN/22/41c43ac23cef2fe10000000a114084/frameset.htm>
Thank you and have a nice day :).
Kind Regards,
Hemanth
SAP AGS

Trunk configuration (VTP) between 3750 and 2811

Similar Messages

Maybe you are looking for