802.1x per host authentication under one port with multi-host access by hub

Similar Messages

• 802.1x per host authentication under one port with multi-host access by switch

  In the situation with multi-host access to one port of Cisco 2960 Lan Lite by another simple L2 switch, is it possible that we could control per user access by authentication for each?
  What happens if I connect to the switch (which already has some trusted devices) a untrusted device?
  What happens if I connect to the switch (which already has some untrusted device) a trusted device?
  If I use "authentication violation protect" traffic will be blocked only by an untrusted device or all devices connected via a simple L2 switch?
  I read the manual, but it is not made ​​detailed clarity.
  Please tell me the right way.
  I will be very grateful for your advice!

  Hello,
  In the situation with multi-host access to one port of Cisco 2960 Lan Lite by another simple L2 switch, is it possible that we could control per user access by authentication for each?
  Yes, that's why multi-host mode exists
  What happens if I connect to the switch (which already has some trusted devices) a untrusted device? If it's on single host the port will go into error-disabled as the violation of just one client per port has been triggered.
  What happens if I connect to the switch (which already has some untrusted device) a trusted device?Same thing than before if being on single mode.
  If I use "authentication violation protect" traffic will be blocked only by an untrusted device or all devices connected via a simple L2 switch?
  Only for the unknown client MAC address, the trusted devices will be able to comunicate.
  For more information about Core and Security Networking follow my website at http://laguiadelnetworking.
  Any question contact me at [email protected]
  Cheers,
  Julio Carvajal Segura

• Howto work on ONE repository  with multi-user

  hi guyz, im new in using warehouse builder. i got a problem in using a single repository (with one target database and one source) which is used by multiple user to design a lot of dimensions n cubes.
  is it possible 2 do it? if yes, how? cuz my frenz and i were trying 2 design and then deployed / saved the dimensions n cubes simultaneously but it juz ended with data lost (dimensions and cubes dat already made). is there any solution 4 it???
  thx guyz...

  Firstly, you should set up an OWB user for each user if you haven't already done so rather than use a shared user id.
  Secondly, you should make one person responsible for controlling the changes to the dimensions/cubes and allocating who will make the changes, when they will be made and when they will be deployed. You need control within your project/data warehouse team, you can't expect OWB to do this part for you.
  You may also want to have separate OWB projects to split the work up a bit but this can add additional complications with e.g. process flows.
  Lastly, you may also want to consider separate projects per environment e.g. DEV, QA, LIVE.
  Si

• Updating one table with mult. table where clause

  I'm having problems with my update statement. I want to update one table that has a mulitple table where clause. Not sure how to accomplish this. Here is what I have so far.
  update lawson.apvenmast a
  set vendor_status = 'I'
  where ((select * from apinvoice i
  where i.due_date <= TO_DATE('20011231', 'YYYYMMDD') and
  i.vendor = a.vendor)
  ((apvenmast.ven_class = 'INS') or
  (apvenmast.ven_class = 'REF')));
  Am I on the right track?
  thanks in advance for any help.
  Lisa Mears

  A lot is missing.
  where ((select * from apinvoice iA where clause should be like
  where <something> IN (select <something> from ...)
  ((apvenmast.ven_class = 'INS') or
  (apvenmast.ven_class = 'REF')));Where does this belong? There is no AND or OR with these two lines.
  Check your table aliases too.

• One Master with Multi Details on separate tabs

  Hi all,
  I'm trying to figure out how to get a single master record on the main page and then below that 5 tabs with a separate detailed table on each tab.
  I'm trying to modify the "page with 2 level tabs" template, but unfortunately I am not familiar with the syntax and everything keeps breaking. Would anyone be able to share the syntax to do this?
  Also I am creating multiple detailed tabular forms - are there any shortcuts on how to do this? Or do I just have to manually create each detail after the first?
  Thanks!
  Jen

  Hello,
  Take a look at this example http://htmldb.oracle.com/pls/otn/f?p=11933:55
  It has inpage tabs based off of regions
  Carl

• Port with multi-vlan for voice and data??

  Hi guys,
  I've a situation where my VOIP and DATA on a different segments. Voice is 10.x.x.x riding on VLAN 701. And my data is 192.x.x.x riding on VLAN 100.
  The problem occur when our receptionist PC have a software installed for call forwarding for our general line. This software need to be on the same vlan with the IP Phone vlan which is 701. If I put her PC on those vlan, she can't access
  to our LAN which is vlan 100. So she can't check her email etc.
  Can I know what is the options I have? Can I configured multi-vlan for her PC on the switch? We are using Cisco PoE 3560 switch. Thanks.

  Hi,
  on the L3 switch, you should have an IP address for both VLAN 701 and 100. So, the L3 switch is doing inter-VLAN routing.
  This means, unless you have ACL blocking traffic, any device will be able to reach any other device, even on a different VLAN.
  And, no matter where you put voice and applications, everything will work anyway.

• 802.1x Blocking port (many deviсes to one port)

  Hello!
  On ports of the Cisco 3750 there is authentication on 802.1x (Mab). I connect the "stupid" switch (that doesn't work with 802.1x) to port and logs of Radius-server and Cisco show that it was authenticated. Then I connect the device (laptop or PC) to the "stupid" switch, then the port is blocked. However PC passes authentication at direct connection to the Cisco.
  I know that in 802.1x is provided blocking of port at connection of many MAC-addresses to one port. 
  "Stupid" switch must be in vlan, and the devices (that are connected to switch) must be in the same vlan. Maybe they must be authenticated on Radius-server or maybe I have to create ACL with their MAC-addresses...
  How it can be solved? Help me, please.
  P.S. Multi-auth is enabled.

  Hi,
  Along with all the other bits and pieces to invoke 802.1x on the switch
  May be try adding this to the interface to "stupid"
  interface gigabitethernet2/0/1
  description *** LINK TO STUPID ***
  dot1x port-control auto
  dot1x host-mode multi-host
  end
  from the 12.2.55 config guide
  http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/12-2_55_se/configuration/guide/scg3750/sw8021x.html#wp1271507
  Regards
  Alex

• How to configurate system for two database under one server

  Hi Friends,
  I installed abd created A database by oracle 10GR4 in window 32 bit 2003.
  it works.
  Then i created other B database by DBCA under this server.
  When I shutdown immediate database.
  it works well. But I can not startup mount ot startup A database again,
  I got below message as
  SQL> startup mount;
  ORA-24324: service handle not initialized
  ORA-01041: internal error. hostdef extension doesn't exist
  SQL> startup;
  ORA-24324: service handle not initialized
  ORA-01041: internal error. hostdef extension doesn't exist
  SQL> startup;
  ORA-24324: service handle not initialized
  ORA-01041: internal error. hostdef extension doesn't exist
  From EM, I saw as
  A listen Status Up
  LISTENER
  Oracle Home          
  C:\oracle\product\10.2.0\db_1\BIN
  Location          
  C:\oracle\product\10.2.0\db_1\BIN\network\admin
  BUT agent connect Status          
  Failed
  Details          ORA-12505: TNS:listener does not currently know of SID given in connect descriptor (DBD ERROR: OCIServerAttach)
  A database instance down
  Host     salerpt.net
  Port 1521
  SID SALERPT
  Oracle Home C:\oracle\product\10.2.0\db_1\BIN
  Also I try to connect as
  SQL> connect sys/salel@salerpt as sysdba;
  ERROR:
  ORA-12514: TNS:listener does not currently know of service requested in connect
  descriptor
  Form EM, I saw listen start up.
  Then I stop it. then restart it
  I can saw B db listen and can not see A db listen.
  also
  I saw that other B database works.
  My listen info as***************
  SID_LIST_LISTENER =
  (SID_LIST =
  (SID_DESC =
  (SID_NAME = PLSExtProc)
  (ORACLE_HOME = C:\oracle\product\10.2.0\db_1\BIN)
  (PROGRAM = extproc)
  LISTENER =
  (DESCRIPTION_LIST =
  (DESCRIPTION =
  (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1))
  (ADDRESS = (PROTOCOL = TCP)(HOST = SALERPT.NET)(PORT = 1521))
  I check physical, two database use one common bin directory .
  I do not have any experience to handle two database under one oracle server.
  How to check and configurate DB server system?
  Thanks for help.
  Edited by: user589812 on Jan 4, 2009 8:17 AM

  Jim,
  Before starting the database A, did you set ORACLE_SID=A from command line? You can run as many instances you want from single server provided you enough memory, processing power. Also try starting your instances usign window services and check and post some lines from alert.log for database A.
  tnsnames.ora entry
  DATABASE_A =
    (DESCRIPTION =
      (ADDRESS = (PROTOCOL = TCP)(HOST = salesrpt.net)(PORT = 1521))
      (CONNECT_DATA =
        (SERVER = DEDICATED)
        (SERVICE_NAME = DATABASE_A)
  DATABASE_B =
    (DESCRIPTION =
      (ADDRESS = (PROTOCOL = TCP)(HOST = salesrpt.net)(PORT = 1521))
      (CONNECT_DATA =
        (SERVER = DEDICATED)
        (SERVICE_NAME = DATABASE_B)
    )Regards
  Edited by: OrionNet on Jan 5, 2009 10:55 AM

• FlexConnect Access Point - Wired 802.1X or MAB Authentication

  Hi all,
  We are piloting wired 802.1X but have hit a snag - FlexConnect AP switchport configuration requires the port be configured as trunk, with the native VLAN for management and access VLAN(s) for client data.
  I know 802.1X cannot be configured on trunk port, but how can we configure MAB on trunk ports such as these?
  Otherwise, is there another way we can authenticate these FlexConnect APs on a switch using ISE?
  Thanks in advance.
  Regards,
  Stephen.

  Hi Stephen. You are correct, 802.1x should not be configured on a trunk port. Moreover, you would run into an issue with clients if you are running local switching mode. Here is the flow:
  1. AP, authenticates via MAB and profiling
  2. Client authenticates via PEAP/EAP-TLS, etc
  3. Now the client's traffic is locally switched, thus, the client mac address is showing on the same port where the AP is connected. The NAD (Switch) sees this new mac address and it is expecting it to perform 802.1x or MAB based authentication. The supplicant, however, does not know that and as far it is concerned it was already authenticated.
  So I have ran into this issue in my deployments and you have the following options (listed in preference order):
  1. Eliminate FlexConnect :)
  2. Utilize AutoSmartPorts where:
  - If an AP is connected, then 802.1x configuration is removed, port-security is enabled and locked to a single MAC address and trunk configuration is enabled
  - If the AP is removed, then port is configured as standard access port, port-security is removed and 802.1x is configured
  More info on auto smart ports:
  http://www.cisco.com/c/en/us/td/docs/switches/lan/auto_smartports/15-0_1_se/configuration/guide/asp_cg.html
  3. You can configure the port in a "multi-host" mode where after the first device is authenticated all subsequent devices are allowed on the network.
  Hope this helps!
  Thank you for rating helpful posts!

• One armed bandit and one port to another

  I was trying to setup a CSS in one-armed bandit mode for the first time per the URL below. But I want to be able to have arbitrary ports on the "real" servers. E.g. use https://hooty.com as the VIP but on the backend take you to hoot1.hooty.com port 8443 say while http://hooty.com would direct you to hoot1.hoot.com port 8080. Must the port number on the VIP equal the port number on the real server in one-armed-bandit mode?
  http://www.cisco.com/warp/public/117/one_armed_bandit.html
  group Servers1
  vip address 26.19.98.45
  add destination service oldwww:80
  active
  group Servers2
  vip address 26.19.98.45
  add destination service oldwww:443
  css-n1-1(config)# group Servers2
  css-n1-1(config-group[Servers2])# active
  %% An active source group with that address already exists

  The port number of the vip does not have to to be the same as the real server.
  You can set the port you want for the real server with the 'port' command under the service definition.
  This is true for one-armed or any other type of setup.
  The problem in your config is that you can't create 2 groups using the same vip ip address.
  So, simply configure all your servers under one group.
  ie:
  group Servers1
  vip address 26.19.98.45
  add destination service oldwww:80
  add destination service oldwww:443
  active
  Gilles.

• Two devices under one apple ID, how do I keep my privacy?

  I have two devices under one apple ID, my sister's iPhone 4s and my own iPod touch 5. iMessages and FaceTime requests etc are being sent to both devices instead of the specific one it's meant to be sent to. For example, I am recieving the iPhone's iMessages on my iPod as well, when they are meant to be only sent to the iPhone. Also, will safari history and bookmarks/app downloads and passwords etc be shown on both devices as well?

  Remember this construct:
  One Apple ID per individual; one device per Apple ID. If you have two devices you should have an Apple ID for each unless you want both devices to draw from the same iTunes Library. This is your situation now.
  If you open iTunes and select one device to configure, then go through the configuration options for Apps, Music, etc. and select what you want synched to that device. Repeat the process for your other device. This is the best you can do to keep each device's configuration different.

• How many sockets can be opened to one port

  Hi All,
  There is a service installed on port 4444 of our server. In order to do some work with that service we open sockets to it with socket:localhost:4444. The thing we are finding is that it is quiet expensive to initialise these socket connections per request to our website and I'd like to pool connections. I have implemented a pool but currently this closing the connection when returning to the pool. I would actually like them to stayalive in the pool but I do not know if I can have many sockets open to one port?
  Thanks!

  You are unlikely to get an exact answer.
  The first limit you'll probably run into is the number of file descriptors that can be open at a time. This depends on your OS and configured per-process limits.
  Socket buffers use memory. Amount of memory, allowed process size (if your OS enforces that with in-kernel buffers), and size of send/receive buffers give another limit.
  Other OS-dependent limits, such as a max global file descriptor count, may exist.
  TCP/IPv4 (if you use that) connections are defined by a 4-tuple {source address, source port, destination address, destination port}. As long as source address&port are unique, the same destionation address&port can be used. So theoretically you could have some two hundred trillion connections to a port (32 bit addresses * 16 bit ports minus non-allowed addresses.)
  In practical terms: check max file descriptor count. A few dozen to a few hundred should be ok for web server -class systems. Try and see what works.

• Windows 7 Wireless Logon - Problems with 802.1X Machine & User Authentication

  Hello All,
  We’ve had difficulty with our Windows 7 clients authenticating to our wireless network. I’m hoping someone out there has experienced the same thing and can offer some help.
  Some info about our environment:
  Single Windows 2008 R2 domain with 6 DCs
  MS Radius server
  Aruba wireless controllers
  The Problem:
  The client computer boots,
  Auths as machine (802.1X successful)
  User enters creds
  User auth (802.1X successful)
  To this point, everything is working normally. Next is where it gets weird.
  During the logon process, there is another machine auth
  2-5 minutes later another User auth
  OS is up and usable (connected to wireless network); however, no homefolder is mapped and GPP didn’t apply properly.
  From what I understand, after the user has logged in, Windows never attempts another machine authentication. When the user logs out, Windows can attempt it.
  Can anyone offer some insight to what is causing this? I have logs available if anyone is interested.
  Thanks in advance for any help you can offer!
  Brett
  -- Brett

  I did a network trace to gain more insight. I don’t understand why after 802.1X auth is successful on port 1, it then initiates 802.1X auth on port 2.
  Can you offer any insight?
  10487    3:50:19 PM 8/23/2012    63.0340126                                                         
  ONEX_MicrosoftWindowsOneX                ONEX_MicrosoftWindowsOneX:Port(1 (0x1)): Authentication Starting   {ONEX_MicrosoftWindowsOneX:126, NetEvent:5}
  10867    3:50:19 PM 8/23/2012    63.3403904                                                         
  ONEX_MicrosoftWindowsOneX                ONEX_MicrosoftWindowsOneX:Port(1 (0x1)): Time taken for this authentication = 281 (0x119) ms               
  {ONEX_MicrosoftWindowsOneX:126, NetEvent:5}
  Then >>>
  11718    3:50:35 PM 8/23/2012    79.3196653                                                         
  ONEX_MicrosoftWindowsOneX                ONEX_MicrosoftWindowsOneX:OneXDestroySupplicantPort     {ONEX_MicrosoftWindowsOneX:126, NetEvent:5}
  11938    3:50:36 PM 8/23/2012    80.0530315                                                         
  ONEX_MicrosoftWindowsOneX                ONEX_MicrosoftWindowsOneX:Finished initializing a new port with id=2 (0x2) and friendly name=Dell Wireless 1504 802.11b/g/n (2.4GHz)         
  {ONEX_MicrosoftWindowsOneX:126, NetEvent:5}
  11959    3:50:36 PM 8/23/2012    80.0556734                                                         
  ONEX_MicrosoftWindowsOneX                ONEX_MicrosoftWindowsOneX:OneXStartAuthentication           {ONEX_MicrosoftWindowsOneX:126,
  NetEvent:5}
  11964 3:50:36 PM 8/23/2012
  80.0557074 svchost.exe (1036)
  ONEX_MicrosoftWindowsOneX ONEX_MicrosoftWindowsOneX:Port(2 (0x2)): Starting a new 802.1X authentication (MSM initiated)
  11965 3:50:36 PM 8/23/2012
  80.0557333 svchost.exe (1036)
  ONEX_MicrosoftWindowsOneX ONEX_MicrosoftWindowsOneX:Port(2 (0x2)): Authentication Starting
  -- Brett

• 802.1X Novell Chap authentication problems

  Ok, I've got FreeRadius up and authenticating successfully to eDir with
  LDAP. If I boot workstation only and use the built in Microsoft
  supplicant, etc. PEAP MSCHAP, I can authenticate to my access point
  using my edir credentials. Then I can click on the Novell client and log
  into the network.
  If I turn on the Novell Client 491sp4 802.1X support which puts in the
  Novell Chap as the authentication method it stops working. The
  Freeradius server shows the error <no password attribute> just as if my
  Universal Password wasn't set. But it is because it works with MSChap as
  the authentication method.
  I've applied all the Microsoft KB patches for WiFi I can find listed
  here in the listserv. Even the one that you have to submit to MS to
  receive 923154. I've set supplicant mode to 3 in the registry. I'm
  really at a loss.
  I'd just love to have the Novell Client do single sign on to our WPA
  protected wireless. Any advise is greatly appreciated. I see some of you
  have it working with minor problems. Can you help this long time Netware
  user since 2.X in college get it going too?
  Thanks in advance.
  -Nyle

  Nyle F. Landas wrote:
  > If I turn on the Novell Client 491sp4 802.1X support which puts in the
  > Novell Chap as the authentication method it stops working. The
  > Freeradius server shows the error <no password attribute> just as if my
  > Universal Password wasn't set. But it is because it works with MSChap as
  > the authentication method.
  Addendum: I've got it so if I log into Workstation only, it will
  authenticate using the Novell MSCHAP. It just won't authenticate with
  the Novell Client so that I have a single sign on.
  The error from the client changes but most of the time I get - "802.1X
  Found no connections to authenticate" Sometimes I get "802.1X
  Authentication failed. Timeout waiting for Authentication to finish.
  Logging into workstation only."
  If I set SuppliantMode to 3 it also won't even authenticate when I log
  in as workstation only. If I delete that key it will at least work at
  the workstation only.
  Again I believe I've applied all KB from Microsoft. Did I miss something
  simple? HELP, Please......
  -Nyle

• Idoc mapping to group similar items under one idoc

  Hi,
  I have a file to multiple idoc scenario.
  My Source structure:
  Msg type
     Data Type
            Header (1)  (field1, field 2, field 3 etc)
            ITEM( 0 to U)  (field X, field Y, field Z etc)
  Target structure:
  Idoc Type
       IDOC (1 to U)
       Begin
       Idoc Ports (1) (field a1, field a2, field a3 etc)
       Idoc_HDR (1) (field1, field Y, field 3 etc)
             Idoc_ITM (1 to 99999999)  (field X, field Z etc)
  Idocs are generated only for some ITEM lines of source and so the value of field X is used and mapped to IDOC node using createif.
  Rest of the mapping is done normally and works fine and creating multiple idocs if there are multiple ITEM lines in the source file. This mapping is doesn't work if I want to create multiple Idoc-ITMs
  My requirement is to create multiple Idoc_ITM nodes under one parent IDOC node for for all ITEMs relating to one "field Y" of source. At the moment I am creating 4 idocs for the below example, but I want 3 like below:
  For example:
  Source file:
  Country, city, date
  emp1, department1, roleA
  emp2, department1, roleB
  emp3, department2, roleC
  emp4, department3, roleC
  Required Target file:
  IDOC 1
  Idoc_HDR
    Country, department1, date
    Idoc_ITM
    emp1, department1, roleA
    Idoc_ITM
    emp2, department1, roleB
  IDOC 2
  Idoc_HDR
    Country, department2, date
    Idoc_ITM
    emp3, department2, roleC
  IDOC 3
  Idoc_HDR
    Country, department3, date
    Idoc_ITM
    emp4, department3, roleC
  How can achieve it please?
  Many thanks.
  Ramesh.

  Hi Muni,
  The source and required target xmls are here: I made it a bit simpler for better understanding and space.
  If you want the xml of the source message structure, I can send that too.
  Source:
  <?xml version="1.0" encoding="UTF-8"?>
  <ns0:expense_source_msg xmlns:ns0="http://dtsp.com/postexpense">
     <Online_Expenses>
        <Expenses_Header>
           <Constant/>
           <BatchDate>20140320<BatchDate/>
           <Record_Count/>
           <Amount_Total/>
        </Expenses_Header>
        <Expenses_Item>
           <Employee_ID>test1<Employee_ID/>
           <Employee_Name>RAMESH<Employee_Name/>
           <price>10.00<price/>
           <Org_Unit>z1<Org_Unit/>
           <Type>Price<Type/>   
        </Expenses_Item>
        <Expenses_Item>
           <Employee_ID>test2<Employee_ID/>
           <Employee_Name>ANKIT<Employee_Name/>
           <price>20.00<price/>
           <Org_Unit>z2<Org_Unit/>
           <Type>Price<Type/>   
        </Expenses_Item>
        <Expenses_Item>
           <Employee_ID>test3<Employee_ID/>
           <Employee_Name>SIVA<Employee_Name/>
           <price>30.00<price/>
           <Org_Unit>z2<Org_Unit/>
           <Type>Price<Type/>   
        </Expenses_Item>
     </Online_Expenses>
  Required Target:
  </ns0:concur_online_expense_source_msg>
  <?xml version="1.0" encoding="UTF-8"?>
  <ZFI204_AR_INV01>
     <IDOC BEGIN="1">
        <EDI_DC40 SEGMENT="EDI_DC40">
           <TABNAM>EDI_DC40</TABNAM>
           <DIRECT>2</DIRECT>
           <IDOCTYP>ZFI204_AR_INV01</IDOCTYP>
           <MESTYP>ZFI204_AR_INV</MESTYP>
           <RCVPRN/>
        </EDI_DC40>
        <Z1ZFI204_HDR SEGMENT="Z1ZFI204_HDR">
           <DOCUMENT_TYPE>KX</DOCUMENT_TYPE>
           <DOCUMENT_DATE>20140320</DOCUMENT_DATE>
           <POSTING_DATE>20140320</POSTING_DATE>
           <COMPANY_CODE>z1</COMPANY_CODE>    
           <Z1ZFI204_ITM SEGMENT="Z1ZFI204_ITM">
              <NET_INVOICE_AMOUNT>10.00</NET_INVOICE_AMOUNT>
              <EMPLOYEE_NAME>RAMESH</EMPLOYEE_NAME>
              <EMPLOYEE_NUMBER>test1</EMPLOYEE_NUMBER>
           </Z1ZFI204_ITM>
        </Z1ZFI204_HDR>
     </IDOC>
     <IDOC BEGIN="1">
        <EDI_DC40 SEGMENT="EDI_DC40">
           <TABNAM>EDI_DC40</TABNAM>
           <DIRECT>2</DIRECT>
           <IDOCTYP>ZFI204_AR_INV01</IDOCTYP>
           <MESTYP>ZFI204_AR_INV</MESTYP>
           <RCVPRN/>
        </EDI_DC40>
        <Z1ZFI204_HDR SEGMENT="Z1ZFI204_HDR">
           <DOCUMENT_TYPE>KX</DOCUMENT_TYPE>
           <DOCUMENT_DATE>20140320</DOCUMENT_DATE>
           <POSTING_DATE>20140320</POSTING_DATE>
           <COMPANY_CODE>z2</COMPANY_CODE>    
           <Z1ZFI204_ITM SEGMENT="Z1ZFI204_ITM">
              <NET_INVOICE_AMOUNT>20.00</NET_INVOICE_AMOUNT>
              <EMPLOYEE_NAME>ANKIT</EMPLOYEE_NAME>
              <EMPLOYEE_NUMBER>test2</EMPLOYEE_NUMBER>
           </Z1ZFI204_ITM>
           <Z1ZFI204_ITM SEGMENT="Z1ZFI204_ITM">
              <NET_INVOICE_AMOUNT>30.00</NET_INVOICE_AMOUNT>
              <EMPLOYEE_NAME>SIVA</EMPLOYEE_NAME>
              <EMPLOYEE_NUMBER>test3</EMPLOYEE_NUMBER>
           </Z1ZFI204_ITM>
        </Z1ZFI204_HDR>
     </IDOC>
  </ZFI204_AR_INV01>