AAA authentication on switch
We are configuring 802.1x for wired client. ISE is our AAA server. While configuring, i came across 3 different command sets
1) radius-server host <primary aaa server> auth-port 1812 acct-port 1813
radius-server host <secondary aaa server> auth-port 1812 acct-port 1813
radius server key <shared_key>
2) aaa group server radius < RADIUS group name>
server <Primary Radius Server IP> auth-port 1812 acct-port 1813
server <Secondary Radius Server IP> auth-port 1812 acct-port 1813
3) aaa server radius dynamic-author
client <Primary Server> server-key <radius_key>
client <Secondary Server> server-key <radius_key>
Now, we already created aaa server group in step 2.
what is the significance of step 3. if i don't add client under dynamic-author, what effect it will have on overall configuration. Will CoA affect in posture due to this
Thanks,
Aditya
Hello Aditya-
The commands in step #3 configure the NAD (In your case the switch) to accept CoA (Change of Authorization) which is used for 802.1x based network authentications. If you are only interested in configuring the switch for device administration then you don't need those commands, however, if you are planning on deploying 802.1x then you do need them. For more info check out this link:
http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/whitepaper_C11-731907.html
Thank you for rating helpful posts!
Similar Messages
-
LMS 3.2 - Problem with inventory of switches using AAA authentication
Hi all,
we want to migrate our network equpiment from local authentication (telnet password, enable password) to AAA authentication (Cisco ACS server - username, password for priv level 15). The network devices are managed with CiscoWorks 3.2 and inventory works fine when device login credentials are telnet password, enable password.
I have configured a switch for testing the authentication to the ACS server, and tested the logon manually. After the successful test I reconfigured the device credentials in CiscoWorks and checked it by a device export with credentials. The credentials in CW were OK, but from this time CiscoWorks could't pull an inventory of the switch any more. Every inventory job failed.
Any help would be appreciated. Thanks a lot.
Regards
fredJoe,
excuse me, I've made a mistake. It's the malfunction of the configuration *archiving* which depends on telnet services. I have included the trace file of the failed CW archiving job. I can see that CW receives the banner and the username prompt, but doesn't send back any telnet credentials. I have also checked the correctness of the device credentials by a DCR export.
fred -
AAA authentication is fail on cisco 4505 switch with acs
i am new in AAA . i want to login switch which authentication come from cisco acs 5.1 but i configure both switch and acs 5.1. when i telnet
switch it display % Authentication fails. can anybody help me regurding this issue!!!
on cisco switch end conf:
aaa new-modle
aaa authentication login default group tacacs+
aaa authentication login TACASE group tacacs+
aaa authentication exec default group tacacs+
tacacs-server host 10.10.10.1
tacacs-server key Password!@#
line vty 0 4
login authentication TACASE
on acs 5.1 side i add switch on its vlan ip address which is connect acs 5.1 but
BUT when i login using putty terminal its show % Authentication fails.
Please help me regurding this issue!!!Hi,
what is the error message reported on ACS?
Are you sure that you are using the same key on ACS and cat4k?
Can you configure "ip tacacs source-interface " with the vlan interface you are using as source?
You can also collect these debugs:
- deb aaa authentication
- deb tacacs
Cheers
Marco -
Cisco ISE 1.3 MAB authentication.. switch drop packet
Hello All,
I have C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(55)SE9, RELEASE SOFTWARE (fc1) switch..
and ISE 1.3 versoin..
MAB authentication is working perfectly at ISE end.. but while seeing the same at switch end.. I am seeing switch is droping packet on some ports..
while some ports are working perfectly..
Same switch configuration is working perfectly on another switch without any issue..
Switch configuration for your suggestion..!!
aaa new-model
aaa authentication fail-message ^C
**** Either ACS or ISE is DOWN / Use ur LOCAL CREDENTIALS / Thank You ****
^C
aaa authentication login CONSOLE local
aaa authentication login ACS group tacacs+ group radius local
aaa authentication dot1x default group radius
aaa authorization config-commands
aaa authorization commands 0 default group tacacs+ local
aaa authorization commands 1 default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
aaa authorization network default group radius
aaa accounting dot1x default start-stop group radius
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+ group radius
aaa server radius dynamic-author
client 172.16.95.x server-key 7 02050D480809
client 172.16.95.x server-key 7 14141B180F0B
aaa session-id common
clock timezone IST 5 30
system mtu routing 1500
ip routing
no ip domain-lookup
ip domain-name EVS.com
ip device tracking
epm logging
dot1x system-auth-control
interface FastEthernet0/1
switchport access vlan x
switchport mode access
switchport voice vlan x
authentication event fail action next-method
--More-- authentication host-mode multi-auth
authentication order mab dot1x
authentication priority mab dot1x
authentication port-control auto
authentication violation restrict
mab
snmp trap mac-notification change added
snmp trap mac-notification change removed
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast
ip tacacs source-interface Vlan10
ip radius source-interface Vlan10 vrf default
logging trap critical
logging origin-id ip
logging 172.16.5.95
logging host 172.16.95.x transport udp port 20514
logging host 172.16.95.x transport udp port 20514
snmp-server group SNMP-Group v3 auth read EVS-view notify *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF7F access 15
snmp-server view EVS-view internet included
snmp-server community S1n2M3p4$ RO
snmp-server community cisco RO
snmp-server trap-source Vlan10
snmp-server source-interface informs Vlan10
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
--More-- snmp-server enable traps tty
snmp-server enable traps cluster
snmp-server enable traps entity
snmp-server enable traps cpu threshold
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps flash insertion removal
snmp-server enable traps port-security
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
snmp-server enable traps syslog
snmp-server enable traps mac-notification change move threshold
snmp-server enable traps vlan-membership
snmp-server host 172.16.95.x version 2c cisco
snmp-server host 172.16.95.x version 2c cisco
snmp-server host 172.16.5.x version 3 auth evsnetadmin
tacacs-server host 172.16.5.x key 7 0538571873651D1D4D26421A4F
tacacs-server directed-request
--More-- tacacs-server key 7 107D580E573E411F58277F2360
tacacs-server administration
radius-server attribute 6 on-for-login-auth
radius-server attribute 25 access-request include
radius-server host 172.16.95.y auth-port 1812 acct-port 1813 key 7 060506324F41
radius-server host 172.16.95.x auth-port 1812 acct-port 1813 key 7 110A1016141D
radius-server host 172.16.95.y auth-port 1645 acct-port 1646 key 7 110A1016141D
radius-server host 172.16.95.x auth-port 1645 acct-port 1646 key 7 070C285F4D06
radius-server timeout 2
radius-server key 7 060506324F41
radius-server vsa send accounting
radius-server vsa send authentication
line con 0
exec-timeout 5 0
privilege level 15
logging synchronous
login authentication CONSOLE
line vty 0 4
access-class telnet_access in
exec-timeout 0 0
logging synchronous
--More-- login authentication ACS
transport input ssh24423 ISE has not been able to confirm previous successful machine authentication
Judging by that line and what your policy says, it appears that your authentication was rejected as your machine was not authenticated prior to this connection.
first thing to check is whether MAR has been enabled on the identity source. second thing to check is whether your machine is set to send a certificate for authentication. there are other things you can look at but I'd do those two first.
log off and on or reboot and then see if you at least get a failed machine auth on the operations>authentication page and we can go from there. -
Radius Authentication Cisco Switch
Hi,
I have a cisco 2960 switch and currently trying to setup radius authentication. My microsoft guy does the server side we have matching keys and he says there is no problem on his side, but we still canno get it to work.
Config on switch
aaa new-model
aaa authentication login default group radius local
radius-server host 10.0.0.13 auth-port 1812
radius-server key 0 test
line vty 0 4
login authentication default
switch and radius server are on the same network. I have done a debug and confused on the output. Can anyone point me in the right direction.
I have done a debug aaa authentication and debug radius
AccessSwitch#
RADIUS/ENCODE(00001586):Orig. component type = Exec
RADIUS: AAA Unsupported Attr: interface [221] 4 92269176
RADIUS/ENCODE(00001586): dropping service type, "radius-server attribute 6 on-for-login-auth" is off
RADIUS(00001586): Config NAS IP: 0.0.0.0
RADIUS(00001586): Config NAS IPv6: ::
RADIUS/ENCODE(00001586): acct_session_id: 20
RADIUS(00001586): sending
RADIUS/ENCODE: Best Local IP-Address 10.0.0.56 for Radius-Server 10.0.0.13
RADIUS(00001586): Sending a IPv4 Radius Packet
RADIUS(00001586): Send Access-Request to 10.0.0.13:1812 id 1645/18,len 77
RADIUS: authenticator 7C B1 A0 55 62 45 7B AF - F2 E2 48 4C C3 F0 72 98
RADIUS: User-Name [1] 15 "james.hoggard"
RADIUS: User-Password [2] 18 *
RADIUS: NAS-Port [5] 6 2
RADIUS: NAS-Port-Id [87] 6 "tty2"
RADIUS: NAS-Port-Type [61] 6 Virtual [5]
RADIUS: NAS-IP-Address [4] 6 10.0.0.56
RADIUS(00001586): Started 5 sec timeout
RADIUS: Received from id 1645/18 10.0.0.13:1812, Access-Reject, len 20
RADIUS: authenticator 80 CE C9 C2 D6 30 65 A9 - 07 D8 12 4C 9E 80 A9 3C
RADIUS(00001586): Received from id 1645/18
AAA/AUTHEN/LOGIN (00001586): Pick method list 'default'
RADIUS/ENCODE(00001586): ask "Password: "
RADIUS/ENCODE(00001586): send packet; GET_PASSWORD
Thanks
James.yes, PAP always use plain text and that doesn't provide any kind of security. However, administrative session with radius doesn't support chap/mschap.we can't configure firewall/IOS devices for aministration session like telnet/ssh to authenticate users on mschapv2 authentication method.
If you need secure communication then you may implement TACACS.
TACACS+ and RADIUS use a shared secret key to provide encryption for communication between the client and the server. RADIUS encrypts the user's password when the client made a request to the server. This encryption prevents someone from sniffing the user's password using a packet analyzer. However other information such as username and services that is being performed can be analyzed. TACACS+ encrypts not just only the entire payload when communicating, but it also encrypts the user's password between the client and the server. This makes it more difficult to decipher information about the communication between the client and the server. TACACS+ uses MD5 hash function in its encryption and decryption algorithm.
~BR
Jatin Katyal
**Do rate helpful posts** -
AAA Authentication for Traffic Passing through ASA
I am setting up AAA authentication for traffic that will pass through my ASA. I am having difficulty enabling 'aaa authentication secure-http-client'. Without secure communications enabled access functions as expected. When I enable access, I get prompted for a username/password. The username/password is entered. Authentication passes (show uauth). The requested page (http://www.cisco.com) switches to https://x.x.x.x (a resolved IP address for the site). Eventually (5 seconds), I am asked to accept or deny a certificated. Interestingly, the certificate is for the ASA and not the requested site (http://www.cisco.com).
Am I missing something?
firewall# show run aaa
aaa authentication http console TACACS+ LOCAL
aaa authentication telnet console TACACS+ LOCAL
aaa authentication serial console TACACS+ LOCAL
aaa authentication ssh console TACACS+ LOCAL
aaa authentication enable console TACACS+ LOCAL
aaa authentication match guestnetwork_access guestnetwork RADIUS
aaa authentication secure-http-client
firewall# show access-li guestnetwork_access
access-list guestnetwork_access; 2 elements
access-list guestnetwork_access line 1 extended deny udp 10.255.255.0 255.255.255.0 any eq domain (hitcnt=33)
access-list guestnetwork_access line 2 extended permit ip 10.255.255.0 255.255.255.0 any (hitcnt=412)
firewall# show run aaa-s
aaa-server RADIUS protocol radius
aaa-server RADIUS (inside) host 192.168.250.14
key xxxxx
firewall# show run http
http server enableyour definition for the aaa-server is different to the aaa authentication server-group
try
aaa authentication http console RADIUS LOCAL
aaa authentication telnet console RADIUS LOCAL -
Aaa authentication for https access
I have several Catalyst 3750 switches that I'm running Tacacs on. I set the switch up to be an http server so that some of our admins could administer the switches through the web gui. Is it possible to login to the web console via your Tacacs login (in our case, our Windows username/password)? I found the "ip http authentication aaa" command but this doesn't seem to do it. I just don't want to share the local passwords if I don't have to.
Thanks in advance,
EricMy experience of the web interface is that it uses the local password on the device and not the aaa authentication IDs and passwords.
HTH
Rick -
AAA authentication / Radius-Servers
Hello cisco folks,
Have a technical question I would like to ask. I'm able to setup my 3750e switch to login through a radius server with my company user id and password but would like to be able to set it up that when I log in it drops me on the enable prompt. Right now I have to type >en.
Then the enable password. Thanks in advance.
PaulHi Bro
Yes, this can be achieved in Cisco IOS devices but not in Cisco ASA. In Cisco ASA, you still have to type the "enable" command.
Just ensure you've the configuration shown below, and all should be good;
enable password cisco
aaa new-model
aaa authentication login VTY group radius local
aaa authentication login CONSOLE local
aaa authentication enable default group radius enable
aaa authorization console
aaa authorization config-commands
aaa authorization exec VTY group radius local
username ram privilege 15 password 0 cisco
username cisco privilege 7 password 0 cisco
interface FastEthernet0/0
ip address 10.0.0.2 255.255.255.0
ip route 0.0.0.0 0.0.0.0 10.0.0.1
ip radius source-interface FastEthernet0/0
radius-server host 10.0.0.100 auth-port 1645 acct-port 1646 key cisco
privilege interface level 7 shutdown
privilege interface level 7 ip address
privilege interface level 7 ip
privilege interface level 7 no shutdown
privilege interface level 7 no ip address
privilege interface level 7 no ip
privilege interface level 7 no
privilege configure level 7 interface
privilege configure level 7 shutdown
privilege configure level 7 ip
privilege configure level 7 no interface
privilege configure level 7 no shutdown
privilege configure level 7 no ip
privilege configure level 0 no
privilege exec level 7 configure terminal
privilege exec level 7 configure
privilege exec level 7 undebug ip rip
privilege exec level 7 undebug ip
privilege exec level 7 undebug all
privilege exec level 7 undebug
privilege exec level 7 debug ip rip
privilege exec level 7 debug ip
privilege exec level 7 debug all
privilege exec level 7 debug
line con 0
authorization exec VTY
login authentication VTY
line aux 0
line vty 0 4
authorization exec VTY
login authentication VTY
end
Note: Ensure your user ID in your Radius server has the correct av-pair parameters shell:priv-lvl=15
P/S: if you think this comment is helpful, please do rate it nicely :-) -
AAA configuration on switches 2960
Hi
I have introduced the following configuration of AAA in the switches of series 2950 and works very well,
but when I do the same in switches 2960, the local password does not work and it is obligatory to introduce the switch in the ACS to have management of the switch.
Is needed some additional configuration of AAA in switches 2960?
Thanks.
tacacs-server host y.y.y.y
tacacs-server key xxxxx
aaa new-model
aaa authentication login acceso-consola group tacacs+ line
aaa authentication login acceso-telnet group tacacs+ line
aaa authentication enable default group tacacs+ enable
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
line con 0
exec-timeout 0 0
login authentication acceso-consola
line vty 0 4
login authentication acceso-telnetMaria
Perhaps some clarification of your environment might help us. In particular it would help to understand how you produce the "without ACS" environment.
Clearly the switch is still configured for ACS. And clearly there is connectivity from the switch to the ACS. And the ACS is responding to the authentication request from the switch. I am not sure what the errno 254 represents or what on the ACS server causes it. Perhaps you can help us understand that?
I had a situation at one point that may have been similar to your situation. Our devices were sending requests to ACS. But ACS was not able to communicate with the external DB because one of the services on ACS was not running. ACS responded with an error indicating unable to process. But the IOS devices were not interpreting that as an error that should send them to the backup authentication method.
If you are stopping something on the ACS server then I would suggest that a better test would be to break IP connectivity between the switch and the ACS so that the switch receives no response to its request or to change the configured IP address for the server in the switc and point to some device not running ACS so that the switch receives a port unreachable response to its request. Those would give you a better test of without ACS.
HTH
Rick -
AAA and 3560 Switch + CNA
Hi
Has anyone got this to work?
CNA. (Cisco Networks Assistants) and AAA (Tacacs+) on a 3560 switch.
I cant get the CNA to work in this setup but it works fine on together with 3500XL and 3550 serie switch. With the same parameter.
this is the aaa conf.
aaa authentication login default group tacacs+ local
aaa authentication login no_tacacs enable
aaa authentication enable default enable group tacacs+ none
aaa authorization exec default group tacacs+ local
aaa authorization exec no_tacacs none
aaa authorization commands 15 default group tacacs+ if-authenticated local
aaa authorization commands 15 no_tacacs none
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
ip http server
ip http authentication aaaHi
No. I get the prompt for username and password.
and hit enter. Then nothing happens. It looks like it's trying to build the network but it never get fines. I know it works without the aaa statement. But I cant live with that. -
How to disable AAA on 3750 switch which has got screwed up due to missing of tacacs-server key command in older configuration. I believe RMON mode will not work...
Hi ,
I beleve you are able to log in to the switch. If that is the case then issues these commands,
no tacacs-server host [ip]
no tacacs-server key [key]
no aaa authentication login default group tacacs+ local
no aaa authorization exec default group tacacs+ if-authenticated
no aaa authorization commands 1 default group tacacs+ if-authenticated
no aaa authorization commands 15 default group tacacs+ if-authenticated
no aaa authorization config-commands
If you have accounting also, do the same. And finally
no aaa new-model
But incase you are not able to login to the box using tacacs or local login then you need to do password recovery.
Thanks,
Jagdeep -
ACE 4700 and Cisco ACS aaa authentication
ACE version Software
loader: Version 0.95
system: Version A1(7b) [build 3.0(0)A1(7b)
Cisco ACS version 4.0.1
I am trying to authenticate admin users with AAA authentication for ACE management.
This is what I've done:
ACE-lab/Admin(config)# tacacs-server host 192.168.3.10 key 123456 port 49
warning: numeric key will not be encrypted
ACE-lab/Admin(config)# aaa group server tacacs+ cciesec
ACE-lab/Admin(config-tacacs+)# server ?
<A.B.C.D> TACACS+ server name
ACE-lab/Admin(config-tacacs+)# server 192.168.3.10
can not find the TACACS+ server
specified TACACS+ server not found, please configure it using tacacs-server host ... and then retry
ACE-lab/Admin(config-tacacs+)#
Why am I getting this error? I have full
connectivity between the ACE and the ACS
server. Furthermore, the ACS server
works fine with other Cisco IOS devices.
Please help. Thanks.Thanks. Now I have another problem. I CAN
log into the ACE via tacacs+ account(s).
However, I get error when I try going into
configuration mode:
ACE-lab login: ngx1
Password:
Cisco Application Control Software (ACSW)
TAC support: http://www.cisco.com/tac
Copyright (c) 1985-2007 by Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.
ACE-lab/Admin# conf t
^
% invalid command detected at '^' marker.
ACE-lab/Admin#
The ngx1 account can access other Cisco
routers/switches just fine and can go into
enable mode just fine. Only issue on the ACE.
Any ideas? Thanks. -
TACACS for AAA on Cisco Switch
I have configured our switches for TACACS authentication however it does not seem to be working. I know it is trying as if I remove the secondary login option (local) I am denied access completely but I see no log on the ACS server. Any ideas?, oh and this is going across an any to any VPN
Can you log into your switch, and turn on the debug aaa authentication, and debug tacacs.
Then go ahead and issue a test aaa group.. command to test the authentication, do you see it timing out? Are you using a source interface for this traffic? is that source interface inside the lan to lan intersting traffic? -
Cisco AAA authentication with windows radius server
Cisco - Windows Radius problems
I need to created a limited access group through radius that I can have new network analysts log into
and not be able to commit changes or get into global config.
Here are my current radius settings
aaa new-model
aaa group server radius IAS
server name something.corp
aaa authentication login USERS local group IAS
aaa authorization exec USERS local group IAS
radius server something.corp
address ipv4 1.1.1.1 auth-port 1812 acct-port 1813
key mypassword
line vty 0 4
access-class 1 in
exec-timeout 0 0
authorization exec USERS
logging synchronous
login authentication USERS
transport input ssh
When I log in to the switch, the radius server is passing the corrrect attriubute
***Jan 21 13:59:51.897: RADIUS: Cisco AVpair [1] 18 "shell:priv-lvl=7"
The switch is accepting it and putting you in the correct priv level.
***Radius-Test#sh priv
Current privilege level is 7
I am not sure why it logs you in with the prompt for privileged EXEC mode when
you are in priv level 7. This shows that even though it looks like your in priv exec
mode, you are not.
***Radius-Test#sh run
^
% Invalid input detected at '^' marker.
Radius-Test#
Now this is where I am very lost.
I am in priv level 7, but as soon as I use the enable command It moves me up to 15, and that gives me access to
global config mode.
***Radius-Test#enable
Radius-Test#
Debug log -
Jan 21 14:06:28.689: AAA/MEMORY: free_user (0x2B46E268) user='reynni10'
ruser='NULL' port='tty390' rem_addr='10.100.158.83' authen_type=ASCII service=ENABLE priv=15 vrf= (id=0)
Now it doesnt matter that I was given priv level 7 by radius because 'enable' put me into priv 15
***Radius-Test#sh priv
Current privilege level is 15
Radius-Test#
I have tried to set
***privilege exec level 15 enable
It works and I am no longer able to use 'enable' when I am at prv level 7, but I also cannot get the commands they will need to work.
Even if I try to do
***privilege exec level 7 show running-config (or other variations)
It will allow you to type sh run without errors, but it doest actually run the command.
What am I doing wrong?
I also want to get PKI working with radius.I can run a test on my radius system, will report back accordingly, as it's a different server than where I am currently located.
Troubleshooting, have you deleted the certificate/network profile on the devices and started from scratch? -
Here is the config I have on a switch:
aaa authentication login default group tacacs+ local
aaa authentication login vtylogin group tacacs+ local
aaa authentication login conlogin group tacacs+ enable none
aaa authentication enable default tacacs+ enable
Now here are my issues:
1- When I login from console my login from Tacacs works, but when I type "enable" and try to use my Active Directory password it does not work. Then I try the enable password, it does not work. However if I change the 4th Line to "aaa authentication enable default enable", I can proceed using the enable password.
2- My second issue is when I SSH into the switch, I only want it to use the tacacs server and only use local database when the tacacs is not available. However even when tacacs is available I am still able to log into it using the local user account. I am assuming that is by design? Is there a way to stop that if it is not by design?But it won't use you local database unless your tacacs+ server is unavailable so I really don't see the problem.
If the router uses your local database to authenticate then there is a communication problem with your tacacs+ server so he is using the next method listed in your command which is local database. As I said before do a debug aaa authentication and you will see the router is attempting to communicate with the tacacs+ server and only if it times out then is he going to use an alternative method if it is listed in method list.
Maybe you are looking for
-
Ipod touch 1st generation and icloud
Does iPod Touch support IOS5 and iCloud?
-
Creating Function Module in Generic Extractor?
Hello All DO anyone has steps how to create a Functional Module in Generic Extraction? Pl let me know Many Thanks balaji
-
How to search a string from the database?
how to search a string from the database? starting with some character
-
Here my sample design of the bulk process with limit of row inserted declare n_rows_to_process NUMBER := 1000; CURSOR my_cursor IS select XXXXX BEGIN OPEN my_cursor; loop FETCH my_cursor BULK COLLECT INTO XXXX LIMIT n_rows_to_process FORALL i IN 1 ..
-
Dear experts, i have one zreport which shows the Payroll of employee, I m getting the out put of Single Employe only how can i get all user list employee payroll, Selection screen is GET PERNR My Code which i need to pass all employee NUmber is CALL