802.1x per host authentication under one port with multi-host access by switch
In the situation with multi-host access to one port of Cisco 2960 Lan Lite by another simple L2 switch, is it possible that we could control per user access by authentication for each?
What happens if I connect to the switch (which already has some trusted devices) a untrusted device?
What happens if I connect to the switch (which already has some untrusted device) a trusted device?
If I use "authentication violation protect" traffic will be blocked only by an untrusted device or all devices connected via a simple L2 switch?
I read the manual, but it is not made detailed clarity.
Please tell me the right way.
I will be very grateful for your advice!
Hello,
In the situation with multi-host access to one port of Cisco 2960 Lan Lite by another simple L2 switch, is it possible that we could control per user access by authentication for each?
Yes, that's why multi-host mode exists
What happens if I connect to the switch (which already has some trusted devices) a untrusted device? If it's on single host the port will go into error-disabled as the violation of just one client per port has been triggered.
What happens if I connect to the switch (which already has some untrusted device) a trusted device?Same thing than before if being on single mode.
If I use "authentication violation protect" traffic will be blocked only by an untrusted device or all devices connected via a simple L2 switch?
Only for the unknown client MAC address, the trusted devices will be able to comunicate.
For more information about Core and Security Networking follow my website at http://laguiadelnetworking.
Any question contact me at [email protected]
Cheers,
Julio Carvajal Segura
Similar Messages
-
802.1x per host authentication under one port with multi-host access by hub
Dear,
While multi-host connect to one port by hub, it seems that in multi-host mode, after one host passed the authentication, the port change state to up, and the other hosts do not need to authenticate any more. And in single host mode, only one host could access to the network under one port.
In the situation with multi-host access to one port by hub, is it possible that we could control per user access by authentication for each?
We did some test on 3550, it seems that the 3550 doesnot support what we need. And what about 4506?
Thanks!Multiauthentication Mode
Available in Cisco IOS Release 12.2(33)SXI and later releases, multiauthentication (multiauth) mode allows one 802.1X/MAB client on the voice VLAN and multiple authenticated 802.1X/MAB/webauth clients on the data VLAN. When a hub or access point is connected to an 802.1X port (as shown in Figure 60-5), multiauth mode provides enhanced security over the multiple-hosts mode by requiring authentication of each connected client. For non-802.1X devices, MAB or web-based authentication can be used as the fallback method for individual host authentications, which allows different hosts to be authenticated through different methods on a single port.
Multiauth also supports MDA functionality on the voice VLAN by assigning authenticated devices to either a data or voice VLAN depending on the data that the VSAs received from the authentication server.
Release 12.2(33)SXJ and later releases support the assignment of a RADIUS server-supplied VLAN in multiauth mode, by using the existing commands and when these conditions occur:
•The host is the first host authorized on the port, and the RADIUS server supplies VLAN information.
•Subsequent hosts are authorized with a VLAN that matches the operational VLAN.
•A host is authorized on the port with no VLAN assignment, and subsequent hosts either have no VLAN assignment, or their VLAN information matches the operational VLAN.
•The first host authorized on the port has a group VLAN assignment, and subsequent hosts either have no VLAN assignment, or their group VLAN matches the group VLAN on the port. Subsequent hosts must use the same VLAN from the VLAN group as the first host. If a VLAN list is used, all hosts are subject to the conditions specified in the VLAN list.
•After a VLAN is assigned to a host on the port, subsequent hosts must have matching VLAN information or be denied access to the port.
•The behavior of the critical-auth VLAN is not changed for multiauth mode. When a host tries to authenticate and the server is not reachable, all authorized hosts are reinitialized in the configured VLAN.
NOTE :
•Only one voice VLAN is supported on a multiauth port.
•You cannot configure a guest VLAN or an auth-fail VLAN in multiauth mode.
for more information :
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/dot1x.html -
I upgraded from Dreamweaver CS4 to CS6. but now when I want to upload I get "an TFP error occured - cannot make connection to host". I spent hours with the host technician and we cant find the error. I reinstalled DW4 and it connects to host perfectly. Anyone else seen this problem?
Mac OS 10.8.5
None of these issues are causing the error in DW CS6. We have double checked all of them and we have everything exactly right. Also I have exactly the same SiteSetup in DW CS4 and that works perfectly well. Could there must be factor in 6 that didn't exist in 4? Something that isnt in the SiteSetup but in some hidden dialog box ?
I can also upload to my host using Fetch, a third party FTP. And as I said DW CS4 works fine. So the problem is not with my host, its with DW CS6 in particular.Thank you Jon, that fixed it perfectly. You have saved me from going crazy. The only difference I see now is in "Server Name" it changed what I had entered (my ftp address) to "Remote Server"; which seems odd -- but it works! Although I know there maybe also some other dialog box I have never seen
Of course I saw that menu item "Import" and but I thought thats obviously not for me: "Why would I want to import an entire website?". I did not however see "Export the selected site" for thats only a tiny icon in the footer. However I would have thought the same: "Why would I want to export my entire website?".
An observation: I've seen this problem in a lot of Adobe software, the menu-names of items are obscure, non descriptive. What would be better would be for the menu names or popups to say "Export Site Setup settings" and "Import Site Setup settings" -
Howto work on ONE repository with multi-user
hi guyz, im new in using warehouse builder. i got a problem in using a single repository (with one target database and one source) which is used by multiple user to design a lot of dimensions n cubes.
is it possible 2 do it? if yes, how? cuz my frenz and i were trying 2 design and then deployed / saved the dimensions n cubes simultaneously but it juz ended with data lost (dimensions and cubes dat already made). is there any solution 4 it???
thx guyz...Firstly, you should set up an OWB user for each user if you haven't already done so rather than use a shared user id.
Secondly, you should make one person responsible for controlling the changes to the dimensions/cubes and allocating who will make the changes, when they will be made and when they will be deployed. You need control within your project/data warehouse team, you can't expect OWB to do this part for you.
You may also want to have separate OWB projects to split the work up a bit but this can add additional complications with e.g. process flows.
Lastly, you may also want to consider separate projects per environment e.g. DEV, QA, LIVE.
Si -
Updating one table with mult. table where clause
I'm having problems with my update statement. I want to update one table that has a mulitple table where clause. Not sure how to accomplish this. Here is what I have so far.
update lawson.apvenmast a
set vendor_status = 'I'
where ((select * from apinvoice i
where i.due_date <= TO_DATE('20011231', 'YYYYMMDD') and
i.vendor = a.vendor)
((apvenmast.ven_class = 'INS') or
(apvenmast.ven_class = 'REF')));
Am I on the right track?
thanks in advance for any help.
Lisa MearsA lot is missing.
where ((select * from apinvoice iA where clause should be like
where <something> IN (select <something> from ...)
((apvenmast.ven_class = 'INS') or
(apvenmast.ven_class = 'REF')));Where does this belong? There is no AND or OR with these two lines.
Check your table aliases too. -
One Master with Multi Details on separate tabs
Hi all,
I'm trying to figure out how to get a single master record on the main page and then below that 5 tabs with a separate detailed table on each tab.
I'm trying to modify the "page with 2 level tabs" template, but unfortunately I am not familiar with the syntax and everything keeps breaking. Would anyone be able to share the syntax to do this?
Also I am creating multiple detailed tabular forms - are there any shortcuts on how to do this? Or do I just have to manually create each detail after the first?
Thanks!
JenHello,
Take a look at this example http://htmldb.oracle.com/pls/otn/f?p=11933:55
It has inpage tabs based off of regions
Carl -
Port with multi-vlan for voice and data??
Hi guys,
I've a situation where my VOIP and DATA on a different segments. Voice is 10.x.x.x riding on VLAN 701. And my data is 192.x.x.x riding on VLAN 100.
The problem occur when our receptionist PC have a software installed for call forwarding for our general line. This software need to be on the same vlan with the IP Phone vlan which is 701. If I put her PC on those vlan, she can't access
to our LAN which is vlan 100. So she can't check her email etc.
Can I know what is the options I have? Can I configured multi-vlan for her PC on the switch? We are using Cisco PoE 3560 switch. Thanks.Hi,
on the L3 switch, you should have an IP address for both VLAN 701 and 100. So, the L3 switch is doing inter-VLAN routing.
This means, unless you have ACL blocking traffic, any device will be able to reach any other device, even on a different VLAN.
And, no matter where you put voice and applications, everything will work anyway. -
802.1x Blocking port (many deviсes to one port)
Hello!
On ports of the Cisco 3750 there is authentication on 802.1x (Mab). I connect the "stupid" switch (that doesn't work with 802.1x) to port and logs of Radius-server and Cisco show that it was authenticated. Then I connect the device (laptop or PC) to the "stupid" switch, then the port is blocked. However PC passes authentication at direct connection to the Cisco.
I know that in 802.1x is provided blocking of port at connection of many MAC-addresses to one port.
"Stupid" switch must be in vlan, and the devices (that are connected to switch) must be in the same vlan. Maybe they must be authenticated on Radius-server or maybe I have to create ACL with their MAC-addresses...
How it can be solved? Help me, please.
P.S. Multi-auth is enabled.Hi,
Along with all the other bits and pieces to invoke 802.1x on the switch
May be try adding this to the interface to "stupid"
interface gigabitethernet2/0/1
description *** LINK TO STUPID ***
dot1x port-control auto
dot1x host-mode multi-host
end
from the 12.2.55 config guide
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/12-2_55_se/configuration/guide/scg3750/sw8021x.html#wp1271507
Regards
Alex -
Difference between 802.1x multi-host and 802.1x multi-auth
Hi,
This is a bit confusing for me. Does someone has an easy explanation?
What I understand and looked up for the moment (correct me if I'm wrong):
802.1x multi-host: Good for an AP or a phone setup. Port becomes authorized as soon as one client is authenticated. In this situation the AP or the phone. Aftherwards pc's have access without any further 802.1x action.
802.1x multi-auth: Multiple devices are allowed to independently authenticate through the same port. More secure? Is this good for next setup: I have a 802.1x port on the managed 24p switch, but the customer decides to plug in a non-managed 8p cheap switch on his desk where different pc's will be plugged in. So I have a 802.1x port on the Cisco switch connected to a non-managed 8p switch. I suppose 802.1x multi-host configuration is not a secure option here.
I don't know if I am clear enough. Don't hesitate to ask if not.
Thanks for your reply.You are right with your understanding.
Multi-Host is a valid solution if a power-user for example is using many VMs on his PC. After authenticating initially, all VMs can communicate with the network.
Multi-Auth is more secure because each MAC address accessing the network is controlled.
A very good overview on 802.1x and the configuration can be found on the Cisco IOS Quick Reference Guide for IBNS. -
How to configurate system for two database under one server
Hi Friends,
I installed abd created A database by oracle 10GR4 in window 32 bit 2003.
it works.
Then i created other B database by DBCA under this server.
When I shutdown immediate database.
it works well. But I can not startup mount ot startup A database again,
I got below message as
SQL> startup mount;
ORA-24324: service handle not initialized
ORA-01041: internal error. hostdef extension doesn't exist
SQL> startup;
ORA-24324: service handle not initialized
ORA-01041: internal error. hostdef extension doesn't exist
SQL> startup;
ORA-24324: service handle not initialized
ORA-01041: internal error. hostdef extension doesn't exist
From EM, I saw as
A listen Status Up
LISTENER
Oracle Home
C:\oracle\product\10.2.0\db_1\BIN
Location
C:\oracle\product\10.2.0\db_1\BIN\network\admin
BUT agent connect Status
Failed
Details ORA-12505: TNS:listener does not currently know of SID given in connect descriptor (DBD ERROR: OCIServerAttach)
A database instance down
Host salerpt.net
Port 1521
SID SALERPT
Oracle Home C:\oracle\product\10.2.0\db_1\BIN
Also I try to connect as
SQL> connect sys/salel@salerpt as sysdba;
ERROR:
ORA-12514: TNS:listener does not currently know of service requested in connect
descriptor
Form EM, I saw listen start up.
Then I stop it. then restart it
I can saw B db listen and can not see A db listen.
also
I saw that other B database works.
My listen info as***************
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(SID_NAME = PLSExtProc)
(ORACLE_HOME = C:\oracle\product\10.2.0\db_1\BIN)
(PROGRAM = extproc)
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1))
(ADDRESS = (PROTOCOL = TCP)(HOST = SALERPT.NET)(PORT = 1521))
I check physical, two database use one common bin directory .
I do not have any experience to handle two database under one oracle server.
How to check and configurate DB server system?
Thanks for help.
Edited by: user589812 on Jan 4, 2009 8:17 AMJim,
Before starting the database A, did you set ORACLE_SID=A from command line? You can run as many instances you want from single server provided you enough memory, processing power. Also try starting your instances usign window services and check and post some lines from alert.log for database A.
tnsnames.ora entry
DATABASE_A =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = salesrpt.net)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = DATABASE_A)
DATABASE_B =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = salesrpt.net)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = DATABASE_B)
)Regards
Edited by: OrionNet on Jan 5, 2009 10:55 AM -
Hi
We have a multi-server BizTalk environment. We have an Orchestration with multiple call orchestrations in it. Each called orchestration is calling a web service through a 2 way Send Port (which is hosted in IIS on each BizTalk server in our multi server
environment). We have to ensure that each called orchestration is calling these web services on the same IIS server.
I could create a dedicated host instance that the Send Port runs under to run only on one server but then this means that all our DBase traffic is happening on one server. We also thought about using the load balancer some how to achieve this through sticky
sessions etc.
This is all necessary because we are using Entity Framework exposed through web services and we need to manage transactions.
Any ideas on how we may achieve this. I have inserted a picture to try and show the scenario
Biztalk DeveloperHaha, Entity Framework strikes again! But seriously, that is a rather odd architectural requirement, double check first. But anyway...
Try this: Configure the Send Port URI to point to something like http://localservicehost/[yourEFService]
Then in the local hosts file (the DNS/IP hosts file), define localservicehost to the local IP address where the service is listening.
That way, the connection will always be made to the local machine. Essentially the same as localhost. -
FlexConnect Access Point - Wired 802.1X or MAB Authentication
Hi all,
We are piloting wired 802.1X but have hit a snag - FlexConnect AP switchport configuration requires the port be configured as trunk, with the native VLAN for management and access VLAN(s) for client data.
I know 802.1X cannot be configured on trunk port, but how can we configure MAB on trunk ports such as these?
Otherwise, is there another way we can authenticate these FlexConnect APs on a switch using ISE?
Thanks in advance.
Regards,
Stephen.Hi Stephen. You are correct, 802.1x should not be configured on a trunk port. Moreover, you would run into an issue with clients if you are running local switching mode. Here is the flow:
1. AP, authenticates via MAB and profiling
2. Client authenticates via PEAP/EAP-TLS, etc
3. Now the client's traffic is locally switched, thus, the client mac address is showing on the same port where the AP is connected. The NAD (Switch) sees this new mac address and it is expecting it to perform 802.1x or MAB based authentication. The supplicant, however, does not know that and as far it is concerned it was already authenticated.
So I have ran into this issue in my deployments and you have the following options (listed in preference order):
1. Eliminate FlexConnect :)
2. Utilize AutoSmartPorts where:
- If an AP is connected, then 802.1x configuration is removed, port-security is enabled and locked to a single MAC address and trunk configuration is enabled
- If the AP is removed, then port is configured as standard access port, port-security is removed and 802.1x is configured
More info on auto smart ports:
http://www.cisco.com/c/en/us/td/docs/switches/lan/auto_smartports/15-0_1_se/configuration/guide/asp_cg.html
3. You can configure the port in a "multi-host" mode where after the first device is authenticated all subsequent devices are allowed on the network.
Hope this helps!
Thank you for rating helpful posts! -
Sf-300 48port failing 802.1x reauthentication and not re-initialising ports
Hi,
I have an issue with the sf-300 switch model, which i am depolying in lapsafe trolleys. The approach is to wake the laptops from the guest VLAN (20) with WOL have them authenticate with 802.1x and use DVA to put the ports in VLAN14 so updates can be pushed to them over night.
I have configured 802.1x, guest vlan and DVA which works initially, all host wake from WOL, the laptops successfully authenticate and are assigned to the VLAN (14). This remains stable for a time then the hosts fail reauthentication. I have also noticed that when a host is disconnected from a port and patched into another port the initial port remains in the authenticated state and the new port authenticates the client but the hostnames are missing on the 'authenticated hosts' page of the GUI, DVA fails. The ports display a port-failure message for a time then moves to failed reauthentication.
The only way I can get it to work again is to reboot the box. From the logs I can see the macs of laptops being rejected and I can also see attribute 26 being ignored. See log below. I am unsure as to why host are initially authenticated but reauthentication fails, is it not the same process?.
I have 11 of these switches and have configured 6 which all display the same behaviour. These switches are not CISCO I do not understand why they have badged them. The protocols/standards are implemented differently. If you incuded 'general ports' as an answer in a CISCO exam you would fail. There are also other issues I have noticed with these boxes, I am not impressed!!!.
Kind Regards
Daniel2147483217 2011-May-12 12:44:15 Informational %AAA-I-CONNECT: New http connection for user wayne, source 10.163.102.24 destination 10.167.152.131 ACCEPTED
2147483218 2011-May-12 12:39:31 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft
2147483219 2011-May-12 12:36:46 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483220 2011-May-12 12:22:12 Informational %AAA-I-DISCONNECT: http connection for user wayne, source 10.163.102.24 destination 10.167.152.131 TERMINATED
2147483221 2011-May-12 12:19:42 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483222 2011-May-12 12:19:03 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft, aggregated (2)
2147483223 2011-May-12 12:18:02 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft
2147483224 2011-May-12 12:16:34 Informational %AAA-I-CONNECT: New http connection for user wayne, source 10.163.102.24 destination 10.167.152.131 ACCEPTED
2147483225 2011-May-12 12:02:38 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483226 2011-May-12 11:45:34 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483227 2011-May-12 11:39:50 Warning %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 60:eb:69:a2:c3:7b was rejected on port e21
2147483228 2011-May-12 11:39:31 Informational %SEC-I-PORTAUTHORIZED: Port e30 is Authorized
2147483229 2011-May-12 11:39:31 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft
2147483230 2011-May-12 11:38:48 Informational %AAA-I-DISCONNECT: http connection for user wayne, source 10.163.102.24 destination 10.167.152.131 TERMINATED
2147483231 2011-May-12 11:30:57 Informational %AAA-I-CONNECT: New http connection for user wayne, source 10.163.102.24 destination 10.167.152.131 ACCEPTED
2147483232 2011-May-12 11:28:30 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483233 2011-May-12 11:21:24 Informational %AAA-I-DISCONNECT: http connection for user wayne, source 10.163.102.24 destination 10.167.152.131 TERMINATED
2147483234 2011-May-12 11:19:18 Informational %AAA-I-CONNECT: New http connection for user wayne, source 10.163.102.24 destination 10.167.152.131 ACCEPTED
2147483235 2011-May-12 11:19:03 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft, aggregated (2)
2147483236 2011-May-12 11:18:02 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft
2147483237 2011-May-12 11:11:26 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483238 2011-May-12 10:54:22 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483239 2011-May-12 10:37:18 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483240 2011-May-12 10:34:23 Informational %AAA-I-DISCONNECT: http connection for user wayne, source 10.163.102.24 destination 10.167.152.131 TERMINATED
2147483241 2011-May-12 10:21:25 Informational %AAA-I-CONNECT: New http connection for user wayne, source 10.163.102.24 destination 10.167.152.131 ACCEPTED
2147483242 2011-May-12 10:20:14 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483243 2011-May-12 10:19:03 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft, aggregated (2)
2147483244 2011-May-12 10:18:01 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft
2147483245 2011-May-12 10:03:10 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483246 2011-May-12 09:46:06 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483247 2011-May-12 09:29:02 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483248 2011-May-12 09:19:02 Informational %SEC-I-PORTAUTHORIZED: Port e26 is Authorized
2147483249 2011-May-12 09:19:02 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft, aggregated (1)
2147483250 2011-May-12 09:18:13 Informational %SEC-I-PORTAUTHORIZED: Port e27 is Authorized
2147483251 2011-May-12 09:18:13 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft, aggregated (1)
2147483252 2011-May-12 09:18:06 Note %COPY-N-TRAP: The copy operation was completed successfully
2147483253 2011-May-12 09:18:01 Informational %SEC-I-PORTAUTHORIZED: Port e48 is Authorized
2147483254 2011-May-12 09:18:01 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft
2147483255 2011-May-12 09:17:56 Informational %COPY-I-FILECPY: Files Copy - source URL flash://startup-config destination URL flash://mirror-config
2147483256 2011-May-12 09:17:14 Warning %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 60:eb:69:a2:ba:fb was rejected on port e27
2147483257 2011-May-12 09:17:07 Warning %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 60:eb:69:a2:bf:f4 was rejected on port e23
2147483258 2011-May-12 09:17:05 Warning %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 60:eb:69:a2:bf:34 was rejected on port e25
2147483259 2011-May-12 09:16:56 Warning %STP-W-PORTSTATUS: e26 of instance 0: STP status Forwarding
2147483260 2011-May-12 09:16:53 Warning %STP-W-PORTSTATUS: e27 of instance 0: STP status Forwarding
2147483261 2011-May-12 09:16:52 Informational %LINK-I-Up: e26
2147483262 2011-May-12 09:16:50 Warning %LINK-W-Down: e26
2147483263 2011-May-12 09:16:48 Informational %LINK-I-Up: e27
2147483264 2011-May-12 09:16:46 Warning %LINK-W-Down: e27
2147483265 2011-May-12 09:16:46 Warning %STP-W-PORTSTATUS: e23 of instance 0: STP status Forwarding
2147483266 2011-May-12 09:16:46 Warning %STP-W-PORTSTATUS: e48 of instance 0: STP status Forwarding
2147483267 2011-May-12 09:16:43 Warning %STP-W-PORTSTATUS: e25 of instance 0: STP status Forwarding
2147483268 2011-May-12 09:16:42 Informational %LINK-I-Up: e23
2147483269 2011-May-12 09:16:42 Informational %LINK-I-Up: e48
2147483270 2011-May-12 09:16:40 Warning %LINK-W-Down: e48
2147483271 2011-May-12 09:16:40 Warning %LINK-W-Down: e23
2147483272 2011-May-12 09:16:39 Informational %LINK-I-Up: e25
2147483273 2011-May-12 09:16:38 Warning %STP-W-PORTSTATUS: e26 of instance 0: STP status Forwarding
2147483274 2011-May-12 09:16:37 Warning %LINK-W-Down: e25
2147483275 2011-May-12 09:16:36 Warning %STP-W-PORTSTATUS: e27 of instance 0: STP status Forwarding
2147483276 2011-May-12 09:16:34 Informational %LINK-I-Up: e26
2147483277 2011-May-12 09:16:32 Warning %LINK-W-Down: e26
2147483278 2011-May-12 09:16:32 Informational %LINK-I-Up: e27
2147483279 2011-May-12 09:16:30 Warning %LINK-W-Down: e27
2147483280 2011-May-12 09:16:29 Warning %STP-W-PORTSTATUS: e23 of instance 0: STP status Forwarding
2147483281 2011-May-12 09:16:27 Warning %STP-W-PORTSTATUS: e48 of instance 0: STP status Forwarding
2147483282 2011-May-12 09:16:26 Warning %STP-W-PORTSTATUS: e25 of instance 0: STP status Forwarding
2147483283 2011-May-12 09:16:24 Informational %LINK-I-Up: e23
2147483284 2011-May-12 09:16:23 Warning %LINK-W-Down: e23
2147483285 2011-May-12 09:16:22 Informational %LINK-I-Up: e48
2147483286 2011-May-12 09:16:22 Informational %LINK-I-Up: e25
2147483287 2011-May-12 09:16:20 Warning %LINK-W-Down: e48
2147483288 2011-May-12 09:16:20 Warning %LINK-W-Down: e25
2147483289 2011-May-12 09:11:58 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483290 2011-May-12 08:54:54 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483291 2011-May-12 08:37:50 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483292 2011-May-12 08:20:46 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483293 2011-May-12 08:20:25 Warning %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 60:eb:69:a2:c3:94 was rejected on port e20 , aggregated (1)
2147483294 2011-May-12 08:20:07 Warning %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 60:eb:69:a2:c3:94 was rejected on port e20
2147483295 2011-May-12 08:20:07 Warning %SEC-W-PORTUNAUTHORIZED: Port e20 is unAuthorized
2147483296 2011-May-12 08:16:58 Warning %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 60:eb:69:a2:5c:b1 was rejected on port e2
2147483297 2011-May-12 08:16:58 Warning %SEC-W-PORTUNAUTHORIZED: Port e2 is unAuthorized
2147483298 2011-May-12 08:03:42 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483299 2011-May-12 08:00:04 Warning %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 60:eb:69:a2:be:13 was rejected on port e19
2147483300 2011-May-12 08:00:04 Warning %SEC-W-PORTUNAUTHORIZED: Port e19 is unAuthorized
2147483301 2011-May-12 07:46:38 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483302 2011-May-12 07:40:23 Warning %SEC-W-PORTUNAUTHORIZED: Port e18 is unAuthorized
2147483303 2011-May-12 07:40:22 Warning %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 60:eb:69:a2:c3:23 was rejected on port e5 , aggregated (1)
2147483304 2011-May-12 07:40:10 Warning %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 60:eb:69:a2:b4:b9 was rejected on port e28
2147483305 2011-May-12 07:40:10 Warning %SEC-W-PORTUNAUTHORIZED: Port e28 is unAuthorized
2147483306 2011-May-12 07:40:04 Warning %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 60:eb:69:a2:c3:23 was rejected on port e5
2147483307 2011-May-12 07:40:04 Warning %SEC-W-PORTUNAUTHORIZED: Port e5 is unAuthorized
2147483308 2011-May-12 07:29:34 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483309 2011-May-12 07:19:49 Informational %SEC-I-PORTAUTHORIZED: Port e20 is Authorized
2147483310 2011-May-12 07:19:49 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft, aggregated (1)
2147483311 2011-May-12 07:19:34 Warning %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 60:eb:69:a2:c2:19 was rejected on port e43
2147483312 2011-May-12 07:19:34 Warning %SEC-W-PORTUNAUTHORIZED: Port e43 is unAuthorized
2147483313 2011-May-12 07:16:22 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft
2147483314 2011-May-12 07:12:30 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483315 2011-May-12 06:59:46 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft
2147483316 2011-May-12 06:55:26 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483317 2011-May-12 06:39:46 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft
2147483318 2011-May-12 06:38:22 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483319 2011-May-12 06:21:18 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483320 2011-May-12 06:19:16 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft, aggregated (1)
2147483321 2011-May-12 06:16:22 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft
2147483322 2011-May-12 06:04:14 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483323 2011-May-12 05:59:46 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft
2147483324 2011-May-12 05:47:10 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483325 2011-May-12 05:39:46 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft
2147483326 2011-May-12 05:30:06 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483327 2011-May-12 05:19:15 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft, aggregated (1)
2147483328 2011-May-12 05:16:22 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft
2147483329 2011-May-12 05:13:02 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483330 2011-May-12 04:59:45 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft
2147483331 2011-May-12 04:58:57 Warning %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 60:eb:69:a2:c3:25 was rejected on port e47
2147483332 2011-May-12 04:58:57 Warning %SEC-W-PORTUNAUTHORIZED: Port e47 is unAuthorized
2147483333 2011-May-12 04:55:58 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483334 2011-May-12 04:39:46 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft
2147483335 2011-May-12 04:38:54 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483336 2011-May-12 04:21:50 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483337 2011-May-12 04:19:15 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft, aggregated (1)
2147483338 2011-May-12 04:16:22 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft
2147483339 2011-May-12 04:04:46 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483340 2011-May-12 03:59:45 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft, aggregated (1)
2147483341 2011-May-12 03:58:39 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft
2147483342 2011-May-12 03:47:42 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483343 2011-May-12 03:39:46 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft
2147483344 2011-May-12 03:30:38 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483345 2011-May-12 03:19:15 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft, aggregated (1)
2147483346 2011-May-12 03:16:22 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft
2147483347 2011-May-12 03:13:34 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483348 2011-May-12 02:59:45 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft, aggregated (1)
2147483349 2011-May-12 02:58:39 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft
2147483350 2011-May-12 02:56:30 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483351 2011-May-12 02:41:10 Warning %STP-W-PORTSTATUS: e48 of instance 0: STP status Forwarding
2147483352 2011-May-12 02:41:06 Informational %LINK-I-Up: e48
2147483353 2011-May-12 02:41:04 Warning %LINK-W-Down: e48
2147483354 2011-May-12 02:39:46 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft
2147483355 2011-May-12 02:39:26 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483356 2011-May-12 02:34:30 Warning %STP-W-PORTSTATUS: e45 of instance 0: STP status Forwarding
2147483357 2011-May-12 02:34:25 Informational %LINK-I-Up: e45
2147483358 2011-May-12 02:34:23 Warning %LINK-W-Down: e45
2147483359 2011-May-12 02:22:22 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483360 2011-May-12 02:19:15 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft, aggregated (1)
2147483361 2011-May-12 02:16:21 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft
2147483362 2011-May-12 02:15:55 Warning %STP-W-PORTSTATUS: e2 of instance 0: STP status Forwarding
2147483363 2011-May-12 02:15:51 Informational %LINK-I-Up: e2
2147483364 2011-May-12 02:15:49 Warning %LINK-W-Down: e2
2147483365 2011-May-12 02:05:18 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483366 2011-May-12 01:59:45 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft, aggregated (1)
2147483367 2011-May-12 01:58:39 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft
2147483368 2011-May-12 01:48:14 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483369 2011-May-12 01:39:45 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft
2147483370 2011-May-12 01:31:10 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483371 2011-May-12 01:19:15 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft
2147483372 2011-May-12 01:14:06 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483373 2011-May-12 00:59:45 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft, aggregated (1)
2147483374 2011-May-12 00:58:38 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft
2147483375 2011-May-12 00:57:02 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483376 2011-May-12 00:39:58 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483377 2011-May-12 00:39:45 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft
2147483378 2011-May-12 00:39:16 Warning %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 60:eb:69:a2:b7:9a was rejected on port e24
2147483379 2011-May-12 00:39:16 Warning %SEC-W-PORTUNAUTHORIZED: Port e24 is unAuthorized
2147483380 2011-May-12 00:22:54 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483381 2011-May-12 00:19:14 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft
2147483382 2011-May-12 00:05:50 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483383 2011-May-11 23:59:45 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft, aggregated (1)
2147483384 2011-May-11 23:58:38 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft
2147483385 2011-May-11 23:48:46 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483386 2011-May-11 23:39:46 Informational %SEC-I-PORTAUTHORIZED: Port e18 is Authorized
2147483387 2011-May-11 23:39:45 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft, aggregated (1)
2147483388 2011-May-11 23:38:50 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft
2147483389 2011-May-11 23:31:42 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483390 2011-May-11 23:19:14 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft
2147483391 2011-May-11 23:14:38 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483392 2011-May-11 22:59:45 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft, aggregated (1)
2147483393 2011-May-11 22:58:38 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft
2147483394 2011-May-11 22:57:34 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483395 2011-May-11 22:40:30 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483396 2011-May-11 22:39:45 Informational %SEC-I-PORTAUTHORIZED: Port e5 is Authorized
2147483397 2011-May-11 22:39:45 Informational %SEC-I-PORTAUTHORIZED: Port e28 is Authorized
2147483398 2011-May-11 22:39:44 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft, aggregated (1)
2147483399 2011-May-11 22:38:49 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft
2147483400 2011-May-11 22:23:26 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483401 2011-May-11 22:19:14 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft
2147483402 2011-May-11 22:06:22 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483403 2011-May-11 21:59:45 Informational %SEC-I-PORTAUTHORIZED: Port e19 is Authorized
2147483404 2011-May-11 21:59:45 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft, aggregated (1)
2147483405 2011-May-11 21:58:38 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft
2147483406 2011-May-11 21:49:18 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483407 2011-May-11 21:39:44 Informational %SEC-I-PORTAUTHORIZED: Port e2 is Authorized
2147483408 2011-May-11 21:39:44 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft, aggregated (1)
2147483409 2011-May-11 21:38:49 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft
2147483410 2011-May-11 21:32:14 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483411 2011-May-11 21:20:02 Warning %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 60:eb:69:a1:93:3f was rejected on port e7
2147483412 2011-May-11 21:19:14 Informational %SEC-I-PORTAUTHORIZED: Port e43 is Authorized
2147483413 2011-May-11 21:19:14 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft
2147483414 2011-May-11 21:15:10 Debug %SNTP-D-NTPBADVER: NTP server version not compatible
2147483415 2011-May-11 20:58:38 Warning %AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor id is not Microsoft
2147483416 2011-May-11 20:58:06 Debug %SNTP-D-NTPBADVER: NTP server version not compatible -
One armed bandit and one port to another
I was trying to setup a CSS in one-armed bandit mode for the first time per the URL below. But I want to be able to have arbitrary ports on the "real" servers. E.g. use https://hooty.com as the VIP but on the backend take you to hoot1.hooty.com port 8443 say while http://hooty.com would direct you to hoot1.hoot.com port 8080. Must the port number on the VIP equal the port number on the real server in one-armed-bandit mode?
http://www.cisco.com/warp/public/117/one_armed_bandit.html
group Servers1
vip address 26.19.98.45
add destination service oldwww:80
active
group Servers2
vip address 26.19.98.45
add destination service oldwww:443
css-n1-1(config)# group Servers2
css-n1-1(config-group[Servers2])# active
%% An active source group with that address already existsThe port number of the vip does not have to to be the same as the real server.
You can set the port you want for the real server with the 'port' command under the service definition.
This is true for one-armed or any other type of setup.
The problem in your config is that you can't create 2 groups using the same vip ip address.
So, simply configure all your servers under one group.
ie:
group Servers1
vip address 26.19.98.45
add destination service oldwww:80
add destination service oldwww:443
active
Gilles. -
Two devices under one apple ID, how do I keep my privacy?
I have two devices under one apple ID, my sister's iPhone 4s and my own iPod touch 5. iMessages and FaceTime requests etc are being sent to both devices instead of the specific one it's meant to be sent to. For example, I am recieving the iPhone's iMessages on my iPod as well, when they are meant to be only sent to the iPhone. Also, will safari history and bookmarks/app downloads and passwords etc be shown on both devices as well?
Remember this construct:
One Apple ID per individual; one device per Apple ID. If you have two devices you should have an Apple ID for each unless you want both devices to draw from the same iTunes Library. This is your situation now.
If you open iTunes and select one device to configure, then go through the configuration options for Apps, Music, etc. and select what you want synched to that device. Repeat the process for your other device. This is the best you can do to keep each device's configuration different.
Maybe you are looking for
-
Oracle 10g 2 problem install on Solution manager
Hi, I'm installing Sap Solution Manager 4 on Red Hat Enterprise Linux ES release 4 (Nahant Update 5) with Oracle 10g 10.2.0.1.0. I have an Oracle error message : /oracle/SM1/102_64/lib32//libnls10.a(lxecg2e.o)(.text+0x681): In function `lxecg2e': : u
-
Hi Experts, XXXX payment run from February 11 did not carry out. I made the mistake of trying to carry it out instead of deleting the proposal. Now, the vendor for AMEX payments in XXXX are blocked for payments because the payment run would not carr
-
Installing/Partitioning Windows 7 32-bit on Macbook Pro 13"
Hey all you tech people.... I currently have a macbook pro 13" and want to installl windows 7 for my hacking purposes and games. If I do this how much space would you guys suggest partitioning to the windows portion of the HDD. Would you guys suggest
-
Can I connect a Storedge DDS-3 to a Windows 2000 system?
Hello, I can buy at a good price a Sun StorEdge DDS-3 12-24gb 4mm tape drive, and i was wondering if i can install it in a computer with the windows 2000 professional. Many thanks! Miguel Andrade
-
Can we run payroll for retiree or with held person, how
Hi, All I Have a doubt can we run payroll for "retiree or withheld person", how points will be rewarded Thanks in advance