AAA Migration
Hi
I have AAA 4.1 on win 2003. I want to migrate it to 4.2. What should be my migration path ? The update files I have are ACS-4.2.1.15. When I try to upgrade it pops the message that I can upgrade to 4.2.1.15 only from 4.2. Please suggest what migration path should I follow?
Thanks
Sheeraz
Hi Sheeraz,
I think you are in a process of upgrading your ACS windows from 4.1.1 to 4.2.1.
ACS version 4.2.1.15 version can only be upgraded over ACS 4.2.0.124 since you are running ACS version 4.1.1 so you need to upgrade first to 4.2.0.124 and then to 4.2.1.15
If you are looking regular version of 4.2.0.124 then you need to open up a TAC case but for evaluation version you may download from below listed link:
http://www.cisco.com/cgi-bin/tablebuild.pl/acs-win-eval
HTH
Regards,
JK
Plz rate helpful posts-
Similar Messages
-
ASA Migration of DHCP Scope to a Server
Hello All,
We migrated the DHCP scope from the ASA to a MS DHCP server with this configuration:
group-policy BV-SSL1 internal
group-policy BV-SSL1 attributes
no address-pools value remotepool4 remotepool2 remotepool3
no intercept-dhcp enable
dhcp-network-scope 10.180.49.0
exit
tunnel-group BVVPN10 general-attributes
no address-pool remotepool2
no address-pool remotepool3
no address-pool remotepool4
dhcp-server 10.182.14.55
exit
tunnel-group BV-SSL general-attributes
no address-pool remotepool2
no address-pool remotepool3
no address-pool remotepool4
dhcp-server 10.182.14.55
exit
no vpn-addr-assign aaa
no vpn-addr-assign local
vpn-addr-assign dhcp
This is running good, until we used all 254 addresses that was specified in the dhcp-network-scope.
My question is should i have specified dhcp-network-scope none to allow for all 3 scopes can be used to hand out IP addresses for the remote users?
Thanks,
KimberlyOkay, that's at least a good start. Can you monitor the ULS logs while you attempt to browse to the site to see what form of error(s) you're getting?
Trevor Seward
Follow or contact me at...
  
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs. -
Error during the migration of Lync 2013 onpremise user to Office 365 Lync
Hi,
I am trying to migrate a Lync 2013 onpremise user to Office 365 Lync in a Hybrid environment.
I am connecting to the Lync server from my machine with the following commands
$lyncOptions = New-PSSessionOption -SkipRevocationCheck -SkipCACheck -SkipCNCheck
$lync = New-PSSession -ConnectionUri https://lyncserver/ocspowershell -SessionOption $lyncOptions -Authentication NegotiateWithImplicitCredential
Import-PSSession $lync
In the next step I am trying to migrate the user to the Office 365 Lync:
Move-CsUser -Identity "username" -Target 'sipfed.online.lync.com' -HostedMigrationOverrideUrl 'https://admin1e.online.lync.com/HostedMigration/hostedmigrationservice.svc'
After that I get a warning message due to to migration to a previous version which I accept.
WARNING: Moving a user from the current version to an earlier version (or to a service version) can cause data loss.
Confirm
Move-CsUser
[Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): y
Then I am getting the following error message:
Can not load Live Id module. Make sure correct version of Live Id Sign-in assistant is installed.
+ CategoryInfo : NotSpecified: (:) [Move-CsUser], CommonAuthException
+ FullyQualifiedErrorId : Microsoft.Rtc.Admin.Authentication.CommonAuthException,Microsoft.Rtc.Management.AD.Cmdle
ts.MoveOcsUserCmdlet
+ PSComputerName : lyncserver
Tried to Google it but found nothing.
As far as I can see it is complaining about the Live ID Sign-in assistant, which is installed (the 64bit version) on my computer but not on the remote server. Does it need to be installed on the server as well?
Thanks for the answers in advance.
Regards,
Akos
Akos_DBThis error related to reporting services, you need to verify that reporting services is installed on these instances.
Secondly, you didn't need to create this instance manually then setup monitoring role. delete this instance from shared storage and try again to setup rule using different instance name and it will create automatic on shared storage.
You can also refer below link
http://windowspbx.blogspot.com/2012/07/aaa-donotpost-install-lync-standard.html
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer" -
Weird error message when trying to use migration assistant?
We gave my mom a Macbook Pro for Mother's Day. While trying to set it up for her using migration assistant pc to mac, her Dell kept coming up with an error message saying msidcrl40.dll is missing?? What the heck does that even mean? Needless to say migration assistant would not run on her computer. We're going to take it to the Apple store tomorrow but does anyone have a suggestion on how we can fix it ourselves so we don't have to head to the store? Can they even help us at the Apple store? I also wanted to them to help us with transfering her Quicken data from her Dell to iBank because I'm scared I'll mess it up.
You can't do that. Instead, just remove "aaa new-model" from the config then try to deploy it. Alternatively, you can try "merge mode," but that will send the whole config back to the device.
-
Still about domain alias and domain migration
Our company is under a domain name transition. Currently, our domain is lab.D.com, and we are moving to aaa.com.During the transition, we wish both domains could work for us for a long time.
I added a domain alias aaa.com for our domain lab.D.com, the ldif shows:
dn: dc=aaa, dc=com, o=internet
objectclass: alias
objectclass: inetDomainAlias
aliasedObjectName: dc=lab, dc=D, dc=com, o=internet
dc: aaa
after restarting msg server, I can send email to [email protected] which is acutually [email protected]
However, this is only half-way to my goal. I wish our emails at receivers' mailboxes were [email protected], not [email protected], if we send emails though loging in web mail typing [email protected] in the user ID box, or by creating [email protected] accounts in MS Outlook.
===> Is there any way to do it?
===> can [email protected] account be created in MS Outlook?
In another post about domain migration, you suggested:
If you want to stop using the old domain, and make the new domain your "default domain", that's a little harder. It involves several steps:
1. changing all the mail addresses.
2. changing the "default domain" settings everywhere.
===> I wonder, how to do it? is there any command? ldapmodify?
as an alternative approach, if we decide to change our email addresses to [email protected] first,
===> will emails sending to either [email protected] or [email protected] arrive at users who are still in the lab.D.com, if I only change all the mail addresses' domian part to aaa.com since I have added domain alias aaa.com?
and, I do not think sending emails from [email protected] to the internet would be a problem, right???
The iMS we use is iPlanet Messaging Server 5.2 (built Feb 21 2002), Directory Server is 4.16 which are very old versions :(
Thanks.I make no claim to be a programmer, nor am I expert
with ldap commands.
I know of no easy way to change all, other than
export to ldif, and use a global change with a text
editor, and then re-import.So, db2ldif -> change in text editor -> ldif2db, right?
Another question here is about Direct LDAP.
I enabled Direct LDAP.
aaa.com is the domain alias to lab.oldD.com (our old domain).
I also have changed user alas' email addresss from alas@ lab.oldD.com to [email protected] and added mailAlternateaddress for alas as [email protected], as you instructed in previous posts.
However, whenever I click "send" either to aaa.com or lab.oldD.com, it shows errors, for examples, - "Returning unknown or illegal alias: [email protected]", "Returning unknown or illegal alias: [email protected]"
The log shows:
19:17:27.62: mmc_address_to_tree: Parsing address.
19:17:27.62: Address: "user@[127.0.0.1]" 0x00000000
19:17:27.62: Right default: honey.lab.oldD.com
19:17:27.62: Parsing address with null fixup.
19:17:27.62: mmc_address_to_tree: Returning.
19:17:27.62: Rewriting: Mbox = "user", host = "[127.0.0.1]", domain = "$*", literal = "", tag = ""
19:17:27.62: Rewrite: "$*", position 0, hash table -
19:17:27.62: Found: "$E$F$U%[email protected]"
// honey is our email server
19:17:27.62: Rewrite failed, not forward.
19:17:27.62: Rewrite: "$*", position 1, hash table -
19:17:27.62: Failed.
19:17:27.62: Rewrite: "$*", position 0, rewrite database -
19:17:27.62: Failed
19:17:27.62: Rewriting: Mbox = "user", host = "[127.0.0.1]", domain = "[127.0.0.1]", literal = "", tag = ""
19:17:27.62: Rewrite: "[127.0.0.1]", position 0, hash table -
19:17:27.62: Failed
19:17:27.62: Rewrite: "[127.0.0.1]", position 0, hash table -
19:17:27.62: Failed.
19:17:27.62: Rewrite: "[127.0.0.1]", position 0, rewrite database -
19:17:27.62: Failed
19:17:27.62: Rewriting: Mbox = "user", host = "[127.0.0.1]", domain = "[127.0.0.]", literal = "1", tag = ""
19:17:27.62: Rewrite: "[127.0.0.*]", position 0, hash table -
19:17:27.62: Failed
19:17:27.62: Rewrite: "[127.0.0.]", position 0, hash table -
19:17:27.62: Failed.
19:17:27.62: Rewrite: "[127.0.0.]", position 0, rewrite database -
19:17:27.62: Failed
19:17:27.62: Rewriting: Mbox = "user", host = "[127.0.0.1]", domain = "[127.0.]", literal = "0.1", tag = ""
19:17:27.62: Rewrite: "[127.0.*.*]", position 0, hash table -
19:17:27.62: Failed
19:17:27.62: Rewrite: "[127.0.]", position 0, hash table -
19:17:27.62: Failed.
19:17:27.62: Rewrite: "[127.0.]", position 0, rewrite database -
19:17:27.62: Failed
19:17:27.62: Rewriting: Mbox = "user", host = "[127.0.0.1]", domain = "[127.]", literal = "0.0.1", tag = ""
19:17:27.62: Rewrite: "[127.*.*.*]", position 0, hash table -
19:17:27.62: Failed
19:17:27.62: Rewrite: "[127.]", position 0, hash table -
19:17:27.62: Failed.
19:17:27.62: Rewrite: "[127.]", position 0, rewrite database -
19:17:27.62: Failed
19:17:27.62: Rewriting: Mbox = "user", host = "[127.0.0.1]", domain = "[]", literal = "127.0.0.1", tag = ""
19:17:27.62: Rewrite: "[]", position 0, hash table -
19:17:27.62: Found: "$E$R${INTERNAL_IP,$L}$U%[$L]@tcp_intranet-daemon"
19:17:27.62: Mapping: name = "INTERNAL_IP", input = "127.0.0.1".
19:17:27.62: Mapping 2 applied to 127.0.0.1
19:17:27.62: Entry #2 matched, pattern "127.0.0.1", template "$Y", match #0.
19:17:27.62: New target ""
19:17:27.62: Exiting...
19:17:27.62: Final result ""
19:17:27.62: Mapping result:
19:17:27.62: New mailbox: "user".
19:17:27.62: New host: "[127.0.0.1]".
19:17:27.62: New route: "tcp_intranet-daemon".
19:17:27.62: New channel system: "tcp_intranet-daemon".
19:17:27.62: Looking up host "tcp_intranet-daemon".
19:17:27.62: - found on channel tcp_intranet
19:17:27.62: mmc_winit('tcp_intranet','[email protected]','') called.
19:17:27.62: mmc_determine_url beginning with pattern , xadr , mbox , subaddress
19:17:27.62: Queue area size 18871794, temp area size 18871794
19:17:27.62: 4717948 blocks of effective free queue space available; setting d
isk limit accordingly.
19:17:27.62: mmc_address_to_tree: Parsing address.
19:17:27.62: Address: "[email protected]" 0x00000000
19:17:27.62: Right default: lab.oldD.com
19:17:27.62: Parsing address with local fixup.
19:17:27.62: mmc_address_to_tree: Returning.
19:17:27.62: Rewriting: Mbox = "alas", host = "newD.com", domain = "$*", literal
= "", tag = ""
19:17:27.62: Rewrite: "$*", position 0, hash table -
19:17:27.62: Found: "$E$F$U%[email protected]"
19:17:27.62: Rewrite failed, not forward.
19:17:27.62: Rewrite: "$*", position 1, hash table -
19:17:27.62: Failed.
19:17:27.62: Rewrite: "$*", position 0, rewrite database -
19:17:27.62: Failed
19:17:27.62: Rewriting: Mbox = "alas", host = "newD", domain = "newD.com", litera
l = "", tag = ""
19:17:27.62: Rewrite: "newD.com", position 0, hash table -
19:17:27.62: Failed.
19:17:27.62: Rewrite: "newD.com", position 0, rewrite database -
19:17:27.62: Failed
19:17:27.62: Rewriting: Mbox = "alas", host = "newD", domain = ".com", literal =
"", tag = ""
19:17:27.62: Rewrite: "*.com", position 0, hash table -
19:17:27.62: Failed
19:17:27.62: Rewrite: ".com", position 0, hash table -
19:17:27.62: Found: "$U%$H$D@TCP-DAEMON"
19:17:27.62: New mailbox: "alas".
19:17:27.62: New host: "newD.com".
19:17:27.62: New route: "TCP-DAEMON".
19:17:27.62: New channel system: "TCP-DAEMON".
19:17:27.62: Looking up host "TCP-DAEMON".
19:17:27.62: - found on channel tcp_local
19:17:27.62: mmc_address_to_tree: Parsing address.
19:17:27.62: Address: "[email protected]" 0x00000000
19:17:27.62: Right default: lab.oldD.com
19:17:27.62: Parsing address with null fixup.
19:17:27.62: mmc_address_to_tree: Returning.
19:17:27.62: Rewriting: Mbox = "alas", host = "newD.com", domain = "$*", literal
= "", tag = ""
19:17:27.62: Rewrite: "$*", position 0, hash table -
19:17:27.62: Found: "$E$F$U%[email protected]"
19:17:27.62: Rewrite failed, not forward.
19:17:27.62: Rewrite: "$*", position 1, hash table -
19:17:27.62: Failed.
19:17:27.62: Rewrite: "$*", position 0, rewrite database -
19:17:27.62: Failed
19:17:27.62: Rewriting: Mbox = "alas", host = "newD", domain = "newD.com", litera
l = "", tag = ""
19:17:27.62: Rewrite: "newD.com", position 0, hash table -
19:17:27.62: Failed.
19:17:27.62: Rewrite: "newD.com", position 0, rewrite database -
19:17:27.62: Failed
19:17:27.62: Rewriting: Mbox = "alas", host = "newD", domain = ".com", literal =
"", tag = ""
19:17:27.62: Rewrite: "*.com", position 0, hash table -
19:17:27.62: Failed
19:17:27.62: Rewrite: ".com", position 0, hash table -
19:17:27.62: Found: "$U%$H$D@TCP-DAEMON"
19:17:27.62: New mailbox: "alas".
19:17:27.62: New host: "newD.com".
19:17:27.62: New route: "TCP-DAEMON".
19:17:27.62: New channel system: "TCP-DAEMON".
19:17:27.62: Looking up host "TCP-DAEMON".
19:17:27.62: - found on channel tcp_local
19:17:27.62: Mapped return address: [email protected]
19:17:27.62: mmc_rrply: Return detailed status information.
19:17:27.62: mmc_rrply: Returning return address and channel OK
19:17:27.62: mmc_wadr(0x001abd40,'','[email protected]') called.
19:17:27.62: Copy estimate before address addition is 1
19:17:27.62: Parsing address [email protected]
19:17:27.62: mmc_address_to_tree: Parsing address.
19:17:27.62: Address: "[email protected]" 0x00000000
19:17:27.62: Right default: lab.oldD.com
19:17:27.62: Parsing address with local fixup.
19:17:27.62: mmc_address_to_tree: Returning.
19:17:27.62: Rewriting: Mbox = "alas", host = "lab.oldD.com", domain = "$*", l
iteral = "", tag = ""
19:17:27.62: Rewrite: "$*", position 0, hash table -
19:17:27.62: Found: "$E$F$U%[email protected]"
19:17:27.62: Match, pattern = "lab.oldD.com", current = "(*domaincheck*)"
19:17:27.62: old state = not checked.
19:17:27.62: Performing domainMap check on lab.oldD.com.
19:17:27.62: Added domainMap result 1 to cache for lab.oldD.com.
19:17:27.62: new state = succeeded.
19:17:27.62: New mailbox: "alas".
19:17:27.62: New host: "lab.oldD.com".
19:17:27.62: New route: "honey.lab.oldD.com".
19:17:27.62: New channel system: "honey.lab.oldD.com".
19:17:27.62: Looking up host "honey.lab.oldD.com".
19:17:27.62: - found on channel l
19:17:27.62: Routelocal flag set; scanning for % and !
19:17:27.62: Address [email protected] requires local processing.
19:17:27.62: Variant #1 = [email protected]
19:17:27.62: Variant #2 = *@lab.oldD.com
19:17:27.62: Checking for [email protected] in the system alias file
19:17:27.62: - not found
19:17:27.62: Checking for *@lab.oldD.com in the system alias file
19:17:27.62: - not found
19:17:27.62: - adding address [email protected] to headers.
19:17:27.62: Copy estimate after address addition is 1
19:17:27.63: mmc_rrply: Return detailed status information.
19:17:27.63: mmc_rrply: Returning unknown or illegal alias: [email protected]
I wonder why?
Thanks. -
SQL Developer 1.5.4 MySQL migration bug
Trying to use SQL Developer 1.5.4 to "Capture" MySQL schema. Getting this Java exception:
java.lang.Exception: java.lang.NullPointerException
at oracle.dbtools.migration.workbench.core.ui.AbstractMigrationProgressRunnable.start(AbstractMigrationProgressRunnable.java:141)
at oracle.dbtools.migration.workbench.core.CaptureInitiator.launch(CaptureInitiator.java:94)
Caused by: java.lang.NullPointerException
at oracle.dbtools.migration.workbench.plugin.MySQL5Capturer.captureColumnDetails(MySQL5Capturer.java:405)
at oracle.dbtools.migration.workbench.plugin.MySQLCapturer.captureObjects(MySQLCapturer.java:195)
Please advise.ok, here is one table that results in the Java exception:
CREATE TABLE user_locations (
user_id int unsigned NOT NULL,
location point not null,
location_source enum ("aaa", "bbb", "ccc") DEFAULT "aaa" NOT NULL,
address varchar(255),
last_update datetime,
UNIQUE (user_id, location(32)),
INDEX (user_id),
INDEX (last_update),
FOREIGN KEY (user_id) REFERENCES users (user_id) on delete cascade on update cascade
)ENGINE=InnoDB DEFAULT CHARSET=utf8; -
Hi Guys,
I am using ISE only one server as primary and as cisco says it has functionality of (ACS+ NAC). I want to enable AAA services on the ISE box rightnow.
I used the ACS earlier and want to configure the same functions on it.
Authentication of devices from ISE when remote login to router/switches/firewalls.
Authorization of commands form ISE based on user login
Accounting of command and login and logout details of user.
I have very basic knowledge in ISE but i used ACS througly.
Please Help in the above issue.
Thanks in Advance
RegardsCan you give any link where is shows TACACS is not supported.
You find that amongst others in the Q&A:
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5712/ps11637/ps11195/qa_c67-658591.html
Can you tell where need to enable these settings for AAA services.
That's a quite complex thing ... Best you start with the ISE policies:
http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_authz_polprfls.html
Then look at the ACS migration-tool:
http://www.cisco.com/en/US/docs/security/ise/1.0.4/migration_guide/ise104_mig_book.html
But don't expect that the tool will migrate your ACS-policies in a usefull way ... There is much handwork involved to end with a good ISE-policy. -
Migrate PPPoE/Virtual-Interface from 7206VXR to ASR 1002
Good Day,
I have been attempting to migrate services from an existing 7206VXR to a recently purchased ASR1002 and could use some help.
My mistake in assuming that the config would be similar to 7206VXR, but there are changes - mainly VRF and cisco-avpair attributes that need added to radius.
Our lab test, with the below ASR config will allow the user to authenticate successfully but does not assign IP address.
User Status
User is online
Last Connection
2012-09-21 10:27:47
Online Time
1 hours, 4 minutes, 15 seconds
Server (NAS)
206.251.40.52 (MAC: )
User Workstation
(MAC: )
User Upload
6.5 Kb
User Download
6.51 Kb
ID
HotSpot
Username
IP Address
Start Time
Stop Time
Total Time
Upload (Bytes)
Download (Bytes)
Termination
NAS IP Address
7837056
[email protected]
2012-09-21 10:27:47
1 hours, 4 minutes, 15 seconds
6.5 Kb
6.51 Kb
206.251.40.52
I have also tried assigning a static IP to the CPE, however the CPE cannot see 199.200.107.1.
No doubt the problem is something simple I appreciate any help or suggestions.
Radius Reply Attributes
Cisco-AVPair += ip:vrf-id=CV_VRF
Cisco-AVPair += ip:ip-unnumbered=Loopback 111 (generates unsupported sub-interface errors when used)
7206VXR Config-
aaa new-model
aaa authentication login default group radius
aaa authentication login con none
aaa authentication login vty line local
aaa authentication login localauth local
aaa authentication ppp default if-needed group radius
aaa authorization network default group radius
aaa authorization network noauth none
aaa accounting update periodic 5
aaa accounting network default
action-type start-stop
group radius
aaa accounting system default
action-type start-stop
group radius
bba-group pppoe 156
virtual-template 156
sessions per-vc limit 65000
sessions per-mac limit 65000
sessions per-vlan limit 65000
interface Loopback0
ip address 10.1.1.3 255.255.255.255
ip ospf network point-to-point
interface GigabitEthernet0/1
no ip address
no ip redirects
duplex full
speed 1000
media-type rj45
no negotiation auto
no cdp enable
interface GigabitEthernet0/1.20
description ROUTER GATEWAY
encapsulation dot1Q 20
ip address 206.251.40.51 255.255.255.248
no cdp enable
interface GigabitEthernet0/2
no ip address
no ip redirects
duplex full
speed 1000
media-type rj45
no negotiation auto
no cdp enable
interface GigabitEthernet0/2.156
encapsulation dot1Q 156
ip address 199.30.185.1 255.255.255.0 secondary
ip address 199.30.186.1 255.255.255.0 secondary
ip address 199.30.187.1 255.255.255.0 secondary
ip address 199.30.184.1 255.255.255.0
pppoe enable group 156
no cdp enable
interface Virtual-Template156
ip unnumbered GigabitEthernet0/2.156
no ip redirects
no ip route-cache cef
peer default ip address pool IP_POOL156
ppp mtu adaptive
ppp authentication pap
ip local pool IP_POOL156 199.30.184.2 199.30.184.254
ip local pool IP_POOL156 199.30.185.2 199.30.185.254
ip local pool IP_POOL156 199.30.186.2 199.30.186.254
ip local pool IP_POOL156 199.30.187.2 199.30.187.254
no ip forward-protocol nd
no ip http server
no ip http secure-server
ip route 199.30.184.0 255.255.252.0 Null0 200
ip prefix-list AS19045 seq 10 permit 199.30.184.0/22
ip radius source-interface GigabitEthernet0/1.20
radius-server host x.x.x.x auth-port 1812 acct-port 1813
radius-server retransmit 1
radius-server timeout 60
radius-server key ********
radius-server vsa send accounting
radius-server vsa send authentication
ASR 1002 Config (attempt)
aaa new-model
aaa group server radius AAA_CV_VRF
server 208.98.188.6 auth-port 1812 acct-port 1813
aaa authentication login default group AAA_CV_VRF
aaa authentication login con none
aaa authentication login vty line local
aaa authentication login localauth local
aaa authentication ppp default if-needed group AAA_CV_VRF
aaa authorization network default group AAA_CV_VRF
aaa authorization network noauth none
aaa accounting update newinfo periodic 60
aaa accounting network default start-stop group AAA_CV_VRF
aaa accounting connection default start-stop group AAA_CV_VRF
aaa accounting system default
action-type start-stop
group AAA_CV_VRF
aaa accounting resource default start-stop group AAA_CV_VRF
aaa session-id common
aaa policy interface-config allow-subinterface
clock timezone MST -7 0
clock summer-time MST recurring
no ip source-route
ip vrf CV_VRF
rd 1:1
virtual-profile if-needed
multilink bundle-name authenticated
bba-group pppoe 111
description TEST
virtual-template 111
sessions per-vc limit 65000
sessions per-mac limit 65000
sessions per-vlan limit 65000
sessions auto cleanup
interface Loopback0
ip address 10.1.1.4 255.255.255.255
ip ospf network point-to-point
interface Loopback111
description TEST
ip vrf forwarding CV_VRF
ip address 199.200.107.1 255.255.255.0
interface GigabitEthernet0/0/2
no ip address
no ip redirects
no negotiation auto
interface GigabitEthernet0/0/2.20
description ROUTER GATEWAY
encapsulation dot1Q 20
ip address 206.251.40.52 255.255.255.248
interface GigabitEthernet0/0/3
no ip address
no ip redirects
no negotiation auto
interface GigabitEthernet0/0/3.111
encapsulation dot1Q 111
ip vrf forwarding CV_VRF
no ip proxy-arp
pppoe enable group 111
interface Virtual-Template111
ip unnumbered GigabitEthernet0/0/3.111
no ip redirects
no ip route-cache cef
peer default ip address pool IP_POOL111
ppp mtu adaptive
ppp authentication pap
router ospf 19045
router-id 10.1.1.4
network 10.1.1.4 0.0.0.0 area 0.0.0.0
network 199.200.107.0 0.0.0.255 area 0.0.0.0
network 206.251.40.48 0.0.0.7 area 0.0.0.0
router bgp 19045
bgp log-neighbor-changes
network 199.200.104.0 mask 255.255.252.0
network 206.251.40.0 mask 255.255.248.0
neighbor 10.1.1.1 remote-as 19045
neighbor 10.1.1.1 description IBGP_PEER_ASR
neighbor 10.1.1.1 update-source Loopback0
neighbor 10.1.1.1 next-hop-self
ip local pool IP_POOL111 199.200.107.2 199.200.107.254
no ip forward-protocol nd
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 206.251.40.49
ip route 199.200.104.0 255.255.252.0 Null0 200
ip prefix-list AS19045 seq 10 permit 199.200.104.0/22
ip radius source-interface GigabitEthernet0/0/2.20
radius-server host x.x.x.x auth-port 1812 acct-port 1813 key ********
radius-server retransmit 1
radius-server timeout 60
radius-server vsa send accounting
radius-server vsa send authentication
Debug Info
*Sep 20 22:03:26.677: [910]PPPoE 1911: AAA get dynamic attrs
*Sep 20 22:03:26.678: [910]PPPoE 1911: O PADT R:6468.0cf7.8546 L:f866.f287.7c83 Gi0/0/3.111
*Sep 20 22:03:26.678: [910]PPPoE 1911: Destroying R:6468.0cf7.8546 L:f866.f287.7c83 111 Gi0/0/3.111
*Sep 20 22:03:26.678: PPPoE: Returning Vaccess Virtual-Access3
*Sep 20 22:03:26.679: [910]PPPoE 1911: AAA get dynamic attrs
*Sep 20 22:03:26.679: [910]PPPoE 1911: AAA account stopped
*Sep 20 22:03:26.679: RADIUS/ENCODE(00000791):Orig. component type = PPPoE
*Sep 20 22:03:26.679: RADIUS(00000791): Config NAS IP: 0.0.0.0
*Sep 20 22:03:26.679: RADIUS(00000791): Config NAS IPv6: ::
*Sep 20 22:03:26.679: RADIUS(00000791): sending
*Sep 20 22:03:26.682: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to down
*Sep 20 22:03:26.682: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to down
*Sep 20 22:03:26.683: RADIUS/ENCODE: Best Local IP-Address 206.251.40.52 for Radius-Server 208.98.188.6
*Sep 20 22:03:26.683: RADIUS(00000791): Sending a IPv4 Radius Packet
*Sep 20 22:03:26.683: RADIUS(00000791): Send Accounting-Request to 208.98.188.6:1813 id 1646/71,len 379
*Sep 20 22:03:26.683: RADIUS: authenticator A6 50 A4 C3 2A 30 AB DA - 59 BF E8 75 8A 91 AA 9B
*Sep 20 22:03:26.683: RADIUS: Acct-Session-Id [44] 10 "00000D51"
*Sep 20 22:03:26.683: RADIUS: Framed-Protocol [7] 6 PPP [1]
*Sep 20 22:03:26.683: RADIUS: Vendor, Cisco [26] 53
*Sep 20 22:03:26.683: RADIUS: Cisco AVpair [1] 47 "ppp-disconnect-cause=Lower Layer disconnected"
*Sep 20 22:03:26.683: RADIUS: User-Name [1] 19 "[email protected]"
*Sep 20 22:03:26.683: RADIUS: Acct-Authentic [45] 6 RADIUS [1]
*Sep 20 22:03:26.683: RADIUS: Vendor, Cisco [26] 32
*Sep 20 22:03:26.683: RADIUS: Cisco AVpair [1] 26 "connect-progress=Call Up"
*Sep 20 22:03:26.683: RADIUS: Vendor, Cisco [26] 31
*Sep 20 22:03:26.683: RADIUS: Cisco AVpair [1] 25 "nas-tx-speed=1000000000"
*Sep 20 22:03:26.683: RADIUS: Vendor, Cisco [26] 31
*Sep 20 22:03:26.683: RADIUS: Cisco AVpair [1] 25 "nas-rx-speed=1000000000"
*Sep 20 22:03:26.683: RADIUS: Acct-Session-Time [46] 6 615
*Sep 20 22:03:26.683: RADIUS: Acct-Input-Octets [42] 6 1040
*Sep 20 22:03:26.683: RADIUS: Acct-Output-Octets [43] 6 1066
*Sep 20 22:03:26.683: RADIUS: Acct-Input-Packets [47] 6 78
*Sep 20 22:03:26.684: RADIUS: Acct-Output-Packets [48] 6 79
*Sep 20 22:03:26.684: RADIUS: Acct-Terminate-Cause[49] 6 admin-reset [6]
*Sep 20 22:03:26.684: RADIUS: Vendor, Cisco [26] 39
*Sep 20 22:03:26.684: RADIUS: Cisco AVpair [1] 33 "disc-cause-ext=Local Admin Disc"
*Sep 20 22:03:26.684: RADIUS: Acct-Status-Type [40] 6 Stop [2]
*Sep 20 22:03:26.684: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
*Sep 20 22:03:26.684: RADIUS: NAS-Port [5] 6 0
*Sep 20 22:03:26.684: RADIUS: NAS-Port-Id [87] 11 "0/0/3/111"
*Sep 20 22:03:26.684: RADIUS: Vendor, Cisco [26] 41
*Sep 20 22:03:26.684: RADIUS: Cisco AVpair [1] 35 "client-mac-address=6468.0cf7.8546"
*Sep 20 22:03:26.684: RADIUS: Connect-Info [77] 8 "CV_VRF"
*Sep 20 22:03:26.684: RADIUS: Service-Type [6] 6 Framed [2]
*Sep 20 22:03:26.684: RADIUS: NAS-IP-Address [4] 6 206.251.40.52
*Sep 20 22:03:26.684: RADIUS: Acct-Delay-Time [41] 6 0
*Sep 20 22:03:26.684: RADIUS(00000791): Started 60 sec timeout
*Sep 20 22:03:26.686: [910]PPPoE 1911: Segment (SSS class): UNBOUND
*Sep 20 22:03:26.686: [910]PPPoE 1911: Vi3 Block vaccess from being freed.
*Sep 20 22:03:26.687: [910]PPPoE 1911: Segment (SSS class): UNPROVISION
*Sep 20 22:03:26.687: [910]PPPoE 1911: failed to remove session from switching hash table.
*Sep 20 22:03:26.694: PPPoE 1911: I PADT R:6468.0cf7.8546 L:f866.f287.7c83 111 Gi0/0/3.111
*Sep 20 22:03:26.758: RADIUS: Received from id 1646/71 208.98.188.6:1813, Accounting-response, len 20
*Sep 20 22:03:26.758: RADIUS: authenticator E3 A2 A1 EE B0 3F 43 1C - 03 B6 84 A8 20 0D B8 90
*Sep 20 22:03:32.713: PPPoE 0: I PADI R:6468.0cf7.8546 L:ffff.ffff.ffff 111 Gi0/0/3.111
*Sep 20 22:03:32.713: Service tag: NULL Tag
*Sep 20 22:03:32.713: PPPoE 0: O PADO, R:f866.f287.7c83 L:6468.0cf7.8546 111 Gi0/0/3.111
*Sep 20 22:03:32.713: Service tag: NULL Tag
*Sep 20 22:03:32.722: PPPoE 0: I PADR R:6468.0cf7.8546 L:f866.f287.7c83 111 Gi0/0/3.111
*Sep 20 22:03:32.722: Service tag: NULL Tag
*Sep 20 22:03:32.722: PPPoE : encap string prepared
*Sep 20 22:03:32.722: [911]PPPoE 1912: Access IE handle allocated
*Sep 20 22:03:32.722: [911]PPPoE 1912: AAA get retrieved attrs
*Sep 20 22:03:32.722: [911]PPPoE 1912: AAA get nas port details
*Sep 20 22:03:32.722: [911]PPPoE 1912: Error adjusting nas port format did
*Sep 20 22:03:32.722: [911]PPPoE 1912: AAA get dynamic attrs
*Sep 20 22:03:32.722: [911]PPPoE 1912: AAA unique ID 792 allocated
*Sep 20 22:03:32.722: [911]PPPoE 1912: AAA method list set
*Sep 20 22:03:32.722: [911]PPPoE 1912: Service request sent to SSS
*Sep 20 22:03:32.723: [911]PPPoE 1912: Created, Service: None R:f866.f287.7c83 L:6468.0cf7.8546 111 Gi0/0/3.111
*Sep 20 22:03:32.723: [911]PPPoE 1912: State NAS_PORT_POLICY_INQUIRY Event SSS MORE KEYS
*Sep 20 22:03:32.724: [911]PPPoE 1912: data path set to PPP
*Sep 20 22:03:32.724: [911]PPPoE 1912: Segment (SSS class): PROVISION
*Sep 20 22:03:32.724: [911]PPPoE 1912: State PROVISION_PPP Event SSM PROVISIONED
*Sep 20 22:03:32.724: [911]PPPoE 1912: O PADS R:6468.0cf7.8546 L:f866.f287.7c83 Gi0/0/3.111
*Sep 20 22:03:32.724: [911]PPPoE 1912 <Gi0/0/3.111:111>: Unable to add line attributes from ANCP
*Sep 20 22:03:32.724: [911]PPPoE 1912: Unable to Add ANCP Line attributes to the PPPoE Authen attributes
*Sep 20 22:03:33.845: RADIUS/ENCODE(00000792):Orig. component type = PPPoE
*Sep 20 22:03:33.845: RADIUS: DSL line rate attributes successfully added
*Sep 20 22:03:33.845: RADIUS(00000792): Config NAS IP: 0.0.0.0
*Sep 20 22:03:33.845: RADIUS(00000792): Config NAS IPv6: ::
*Sep 20 22:03:33.845: RADIUS/ENCODE(00000792): acct_session_id: 3411
*Sep 20 22:03:33.845: RADIUS(00000792): sending
*Sep 20 22:03:33.845: RADIUS/ENCODE: Best Local IP-Address 206.251.40.52 for Radius-Server 208.98.188.6
*Sep 20 22:03:33.845: RADIUS(00000792): Sending a IPv4 Radius Packet
*Sep 20 22:03:33.845: RADIUS(00000792): Send Access-Request to 208.98.188.6:1812 id 1645/56,len 124
*Sep 20 22:03:33.846: RADIUS: authenticator 3E 87 16 F9 FF 1A F8 74 - D6 7F 38 C3 F0 98 6E 6F
*Sep 20 22:03:33.846: RADIUS: User-Name [1] 10 "dcdi.net"
*Sep 20 22:03:33.846: RADIUS: User-Password [2] 18 *
*Sep 20 22:03:33.846: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
*Sep 20 22:03:33.846: RADIUS: NAS-Port [5] 6 0
*Sep 20 22:03:33.846: RADIUS: NAS-Port-Id [87] 11 "0/0/3/111"
*Sep 20 22:03:33.846: RADIUS: Vendor, Cisco [26] 41
*Sep 20 22:03:33.846: RADIUS: Cisco AVpair [1] 35 "client-mac-address=6468.0cf7.8546"
*Sep 20 22:03:33.846: RADIUS: Service-Type [6] 6 Outbound [5]
*Sep 20 22:03:33.846: RADIUS: NAS-IP-Address [4] 6 206.251.40.52
*Sep 20 22:03:33.846: RADIUS(00000792): Started 60 sec timeout
*Sep 20 22:03:34.868: RADIUS: Received from id 1645/56 208.98.188.6:1812, Access-Reject, len 20
*Sep 20 22:03:34.868: RADIUS: authenticator 02 CF 53 0A 6A 62 E5 DB - 2E 96 99 E4 09 D8 2E B1
*Sep 20 22:03:34.868: RADIUS(00000792): Received from id 1645/56
*Sep 20 22:03:34.869: RADIUS/ENCODE(00000792):Orig. component type = PPPoE
*Sep 20 22:03:34.869: RADIUS: DSL line rate attributes successfully added
*Sep 20 22:03:34.869: RADIUS(00000792): Config NAS IP: 0.0.0.0
*Sep 20 22:03:34.869: RADIUS(00000792): Config NAS IPv6: ::
*Sep 20 22:03:34.869: RADIUS/ENCODE(00000792): acct_session_id: 3411
*Sep 20 22:03:34.869: RADIUS(00000792): sending
*Sep 20 22:03:34.870: RADIUS/ENCODE: Best Local IP-Address 206.251.40.52 for Radius-Server 208.98.188.6
*Sep 20 22:03:34.870: RADIUS(00000792): Sending a IPv4 Radius Packet
*Sep 20 22:03:34.870: RADIUS(00000792): Send Access-Request to 208.98.188.6:1812 id 1645/57,len 139
*Sep 20 22:03:34.870: RADIUS: authenticator 8D 12 A1 E3 30 52 B0 F5 - 1C CD 8F 60 49 E9 F4 26
*Sep 20 22:03:34.870: RADIUS: Framed-Protocol [7] 6 PPP [1]
*Sep 20 22:03:34.870: RADIUS: User-Name [1] 19 "[email protected]"
*Sep 20 22:03:34.870: RADIUS: User-Password [2] 18 *
*Sep 20 22:03:34.870: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
*Sep 20 22:03:34.870: RADIUS: NAS-Port [5] 6 0
*Sep 20 22:03:34.870: RADIUS: NAS-Port-Id [87] 11 "0/0/3/111"
*Sep 20 22:03:34.870: RADIUS: Vendor, Cisco [26] 41
*Sep 20 22:03:34.870: RADIUS: Cisco AVpair [1] 35 "client-mac-address=6468.0cf7.8546"
*Sep 20 22:03:34.870: RADIUS: Service-Type [6] 6 Framed [2]
*Sep 20 22:03:34.870: RADIUS: NAS-IP-Address [4] 6 206.251.40.52
*Sep 20 22:03:34.870: RADIUS(00000792): Started 60 sec timeout
*Sep 20 22:03:34.894: RADIUS: Received from id 1645/57 208.98.188.6:1812, Access-Accept, len 44
*Sep 20 22:03:34.894: RADIUS: authenticator AC 92 A9 7C 1F CB 46 6B - F6 68 03 D8 AF 0B F0 F5
*Sep 20 22:03:34.894: RADIUS: Vendor, Cisco [26] 24
*Sep 20 22:03:34.894: RADIUS: Cisco AVpair [1] 18 "ip:vrf-id=CV_VRF"
*Sep 20 22:03:34.894: RADIUS(00000792): Received from id 1645/57
*Sep 20 22:03:34.902: [911]PPPoE 1912: State LCP_NEGOTIATION Event SSS CONNECT LOCAL
*Sep 20 22:03:34.904: [911]PPPoE 1912: Segment (SSS class): UPDATED
*Sep 20 22:03:34.904: [911]PPPoE 1912: Segment (SSS class): BOUND
*Sep 20 22:03:34.904: [911]PPPoE 1912: data path set to Virtual Acess
*Sep 20 22:03:34.905: [911]PPPoE 1912: State LCP_NEGOTIATION Event SSM UPDATED
*Sep 20 22:03:34.905: [911]PPPoE 1912: AAA get dynamic attrs
*Sep 20 22:03:34.906: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to up
*Sep 20 22:03:34.907: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to up
*Sep 20 22:03:34.907: RADIUS/ENCODE(00000792):Orig. component type = PPPoE
*Sep 20 22:03:34.907: RADIUS(00000792): Config NAS IP: 0.0.0.0
*Sep 20 22:03:34.907: RADIUS(00000792): Config NAS IPv6: ::
*Sep 20 22:03:34.907: RADIUS(00000792): sending
*Sep 20 22:03:34.907: [911]PPPoE 1912: State PTA_BINDING Event STATIC BIND RESPONSE
*Sep 20 22:03:34.907: [911]PPPoE 1912: Connected PTA
*Sep 20 22:03:34.908: RADIUS/ENCODE: Best Local IP-Address 206.251.40.52 for Radius-Server 208.98.188.6
*Sep 20 22:03:34.913: RADIUS(00000792): Sending a IPv4 Radius Packet
*Sep 20 22:03:34.913: RADIUS(00000792): Send Accounting-Request to 208.98.188.6:1813 id 1646/72,len 189
*Sep 20 22:03:34.913: RADIUS: authenticator 5B 19 2B 31 5B 6C E7 46 - 5D 69 8D 66 99 13 2E F0
*Sep 20 22:03:34.913: RADIUS: Acct-Session-Id [44] 10 "00000D53"
*Sep 20 22:03:34.913: RADIUS: Framed-Protocol [7] 6 PPP [1]
*Sep 20 22:03:34.913: RADIUS: User-Name [1] 19 "[email protected]"
*Sep 20 22:03:34.913: RADIUS: Vendor, Cisco [26] 32
*Sep 20 22:03:34.913: RADIUS: Cisco AVpair [1] 26 "connect-progress=Call Up"
*Sep 20 22:03:34.913: RADIUS: Acct-Authentic [45] 6 RADIUS [1]
*Sep 20 22:03:34.913: RADIUS: Acct-Status-Type [40] 6 Start [1]
*Sep 20 22:03:34.913: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
*Sep 20 22:03:34.913: RADIUS: NAS-Port [5] 6 0
*Sep 20 22:03:34.913: RADIUS: NAS-Port-Id [87] 11 "0/0/3/111"
*Sep 20 22:03:34.913: RADIUS: Vendor, Cisco [26] 41
*Sep 20 22:03:34.913: RADIUS: Cisco AVpair [1] 35 "client-mac-address=6468.0cf7.8546"
*Sep 20 22:03:34.913: RADIUS: Connect-Info [77] 8 "CV_VRF"
*Sep 20 22:03:34.913: RADIUS: Service-Type [6] 6 Framed [2]
*Sep 20 22:03:34.913: RADIUS: NAS-IP-Address [4] 6 206.251.40.52
*Sep 20 22:03:34.914: RADIUS: Acct-Delay-Time [41] 6 0
*Sep 20 22:03:34.914: RADIUS(00000792): Started 60 sec timeout
*Sep 20 22:03:34.994: RADIUS: Received from id 1646/72 208.98.188.6:1813, Accounting-response, len 20
*Sep 20 22:03:34.994: RADIUS: authenticator 8E E3 AD 24 76 EA C2 53 - AD 0F DD 57 AC 0D F3 BAsho debug
coreASR1002#sho debugging
General OS:
AAA subscriber profile cli debugging is on
PPPoE:
PPPoE protocol events debugging is on
PPPoE protocol errors debugging is on
Radius protocol debugging is on
Radius packet protocol debugging is onGood Day Manuel,
"...client is not getting IP address even though the sessions seems to be up. Is this correct?" Correct.
What I am seeing and suspecting is the problem has to do with 'ip:ip-unnumbered=interface'.
Trying with the ip:ip-unnumbered=Loopback111 or GigabitEthernet0/0/3.111 (for testing) debugging reports "Session creation failed due to full virtual-access interfaces not being supported...", as soon as the attribute is removed in radius the client authenticates but does not get an IP address. I would rather not use Loopback if possible.
GE0/0/3.111 is basically the client egress and GE0/0/2.20 is the ingress/router gateway
Also seeing this debug message, "...Unable to add line attributes from ANCP ... Unable to Add ANCP Line attributes to the PPPoE Authen attributes" which may or may not relate to ip-unnumbered attribute.
I hope the information isn't too much or confusing, sure appreciate the help.
debugging with ip:vrf-id=CV_VRF w/o ip:ip-unnumbered
*Sep 26 17:04:57.395: Vi3 PPP DISC: Lower Layer disconnected
*Sep 26 17:04:57.396: Vi3 PPP: Sending Acct Event[Down] id[5FB]
*Sep 26 17:04:57.396: PPP: NET STOP send to AAA.
*Sep 26 17:04:57.396: Vi3 LCP: O TERMREQ [Open] id 4 len 4
*Sep 26 17:04:57.396: Vi3 LCP: Event[CLOSE] State[Open to Closing]
*Sep 26 17:04:57.396: Vi3 PPP: Phase is TERMINATING
*Sep 26 17:04:57.397: Vi3 PPP: Block vaccess from being freed [0x10]
*Sep 26 17:04:57.398: Vi3 LCP: Event[DOWN] State[Closing to Initial]
*Sep 26 17:04:57.399: Vi3 PPP: Unlocked by [0x10] Still Locked by [0x0]
*Sep 26 17:04:57.399: Vi3 PPP: Free previously blocked vaccess
*Sep 26 17:04:57.399: Vi3 PPP: Phase is DOWN
*Sep 26 17:04:57.400: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to down
*Sep 26 17:04:57.401: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to down
*Sep 26 17:05:03.440: PPP: Alloc Context [38E95CFC]
*Sep 26 17:05:03.440: ppp514 PPP: Phase is ESTABLISHING
*Sep 26 17:05:03.440: ppp514 PPP: Using vpn set call direction
*Sep 26 17:05:03.440: ppp514 PPP: Treating connection as a callin
*Sep 26 17:05:03.440: ppp514 PPP: Session handle[1D0005EB] Session id[514]
*Sep 26 17:05:03.440: ppp514 LCP: Event[OPEN] State[Initial to Starting]
*Sep 26 17:05:03.441: ppp514 PPP LCP: Enter passive mode, state[Stopped]
*Sep 26 17:05:04.522: ppp514 LCP: I CONFREQ [Stopped] id 180 len 10
*Sep 26 17:05:04.522: ppp514 LCP: MagicNumber 0x0669ECAE (0x05060669ECAE)
*Sep 26 17:05:04.522: ppp514 LCP: O CONFREQ [Stopped] id 1 len 18
*Sep 26 17:05:04.522: ppp514 LCP: MRU 1492 (0x010405D4)
*Sep 26 17:05:04.522: ppp514 LCP: AuthProto PAP (0x0304C023)
*Sep 26 17:05:04.522: ppp514 LCP: MagicNumber 0x6ABFFB9F (0x05066ABFFB9F)
*Sep 26 17:05:04.522: ppp514 LCP: O CONFACK [Stopped] id 180 len 10
*Sep 26 17:05:04.522: ppp514 LCP: MagicNumber 0x0669ECAE (0x05060669ECAE)
*Sep 26 17:05:04.522: ppp514 LCP: Event[Receive ConfReq+] State[Stopped to ACKsent]
*Sep 26 17:05:04.525: ppp514 LCP: I CONFACK [ACKsent] id 1 len 18
*Sep 26 17:05:04.526: ppp514 LCP: MRU 1492 (0x010405D4)
*Sep 26 17:05:04.526: ppp514 LCP: AuthProto PAP (0x0304C023)
*Sep 26 17:05:04.526: ppp514 LCP: MagicNumber 0x6ABFFB9F (0x05066ABFFB9F)
*Sep 26 17:05:04.526: ppp514 LCP: Event[Receive ConfAck] State[ACKsent to Open]
*Sep 26 17:05:04.528: ppp514 PPP: Queue PAP code[1] id[15]
*Sep 26 17:05:04.529: ppp514 PPP: Phase is AUTHENTICATING, by this end
*Sep 26 17:05:04.529: ppp514 PAP: Redirect packet to ppp514
*Sep 26 17:05:04.529: ppp514 PAP: I AUTH-REQ id 15 len 31 from "[email protected]"
*Sep 26 17:05:04.529: ppp514 PAP: Authenticating peer [email protected]
*Sep 26 17:05:04.529: ppp514 PPP: Phase is FORWARDING, Attempting Forward
*Sep 26 17:05:04.529: ppp514 LCP: State is Open
*Sep 26 17:05:05.553: ppp514 PPP: Phase is AUTHENTICATING, Unauthenticated User
*Sep 26 17:05:05.553: ppp514 PPP: Sent PAP LOGIN Request
*Sep 26 17:05:05.584: ppp514 PPP: Received LOGIN Response PASS
*Sep 26 17:05:05.584: ppp514 PPP: Phase is FORWARDING, Attempting Forward
*Sep 26 17:05:05.594: Vi3 PPP: Phase is AUTHENTICATING, Authenticated User
*Sep 26 17:05:05.594: Vi3 PAP: O AUTH-ACK id 15 len 5
*Sep 26 17:05:05.595: Vi3 PPP: Phase is UP
*Sep 26 17:05:05.595: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to up
*Sep 26 17:05:05.596: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to up
*Sep 26 17:05:05.606: Vi3 IPCP: I CONFREQ [UNKNOWN] id 44 len 22
*Sep 26 17:05:05.606: Vi3 IPCP: Address 0.0.0.0 (0x030600000000)
*Sep 26 17:05:05.606: Vi3 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)
*Sep 26 17:05:05.606: Vi3 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000)
*Sep 26 17:05:05.606: Vi3 LCP: O PROTREJ [Open] id 2 len 28 protocol IPCP
*Sep 26 17:05:05.606: Vi3 LCP: (0x012C0018030600000000810600000000)
*Sep 26 17:05:05.606: Vi3 LCP: (0x830600000000)
*Sep 26 17:05:05.607: Vi3 IPV6CP: I CONFREQ [UNKNOWN] id 26 len 14
*Sep 26 17:05:05.607: Vi3 IPV6CP: Interface-Id 5421:6C1B:5DCE:401A (0x010A54216C1B5DCE401A)
*Sep 26 17:05:05.607: Vi3 LCP: O PROTREJ [Open] id 3 len 20 protocol IPV6CP (0x011A0010010A54216C1B5DCE401A) debugging w/o ip:vrf-id=CV_VRF w/o ip:ip-unnumbered
*Sep 26 17:13:12.424: Vi3 PPP DISC: Lower Layer disconnected
*Sep 26 17:13:12.424: Vi3 PPP: Sending Acct Event[Down] id[5FE]
*Sep 26 17:13:12.425: PPP: NET STOP send to AAA.
*Sep 26 17:13:12.425: Vi3 LCP: O TERMREQ [Open] id 4 len 4
*Sep 26 17:13:12.425: Vi3 LCP: Event[CLOSE] State[Open to Closing]
*Sep 26 17:13:12.425: Vi3 PPP: Phase is TERMINATING
*Sep 26 17:13:12.426: Vi3 PPP: Block vaccess from being freed [0x10]
*Sep 26 17:13:12.426: Vi3 LCP: Event[DOWN] State[Closing to Initial]
*Sep 26 17:13:12.428: Vi3 PPP: Unlocked by [0x10] Still Locked by [0x0]
*Sep 26 17:13:12.428: Vi3 PPP: Free previously blocked vaccess
*Sep 26 17:13:12.428: Vi3 PPP: Phase is DOWN
*Sep 26 17:13:12.429: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to down
*Sep 26 17:13:12.430: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to down
*Sep 26 17:13:18.485: PPP: Alloc Context [38E95CFC]
*Sep 26 17:13:18.485: ppp515 PPP: Phase is ESTABLISHING
*Sep 26 17:13:18.486: ppp515 PPP: Using vpn set call direction
*Sep 26 17:13:18.486: ppp515 PPP: Treating connection as a callin
*Sep 26 17:13:18.486: ppp515 PPP: Session handle[AC0005EC] Session id[515]
*Sep 26 17:13:18.486: ppp515 LCP: Event[OPEN] State[Initial to Starting]
*Sep 26 17:13:18.486: ppp515 PPP LCP: Enter passive mode, state[Stopped]
*Sep 26 17:13:19.572: ppp515 LCP: I CONFREQ [Stopped] id 181 len 10
*Sep 26 17:13:19.572: ppp515 LCP: MagicNumber 0x171E542B (0x0506171E542B)
*Sep 26 17:13:19.572: ppp515 LCP: O CONFREQ [Stopped] id 1 len 18
*Sep 26 17:13:19.572: ppp515 LCP: MRU 1492 (0x010405D4)
*Sep 26 17:13:19.572: ppp515 LCP: AuthProto PAP (0x0304C023)
*Sep 26 17:13:19.572: ppp515 LCP: MagicNumber 0x6AC78AB2 (0x05066AC78AB2)
*Sep 26 17:13:19.572: ppp515 LCP: O CONFACK [Stopped] id 181 len 10
*Sep 26 17:13:19.572: ppp515 LCP: MagicNumber 0x171E542B (0x0506171E542B)
*Sep 26 17:13:19.572: ppp515 LCP: Event[Receive ConfReq+] State[Stopped to ACKsent]
*Sep 26 17:13:19.576: ppp515 LCP: I CONFACK [ACKsent] id 1 len 18
*Sep 26 17:13:19.576: ppp515 LCP: MRU 1492 (0x010405D4)
*Sep 26 17:13:19.576: ppp515 LCP: AuthProto PAP (0x0304C023)
*Sep 26 17:13:19.576: ppp515 LCP: MagicNumber 0x6AC78AB2 (0x05066AC78AB2)
*Sep 26 17:13:19.576: ppp515 LCP: Event[Receive ConfAck] State[ACKsent to Open]
*Sep 26 17:13:19.579: ppp515 PPP: Queue PAP code[1] id[16]
*Sep 26 17:13:19.601: ppp515 PPP: Phase is AUTHENTICATING, by this end
*Sep 26 17:13:19.601: ppp515 PAP: Redirect packet to ppp515
*Sep 26 17:13:19.601: ppp515 PAP: I AUTH-REQ id 16 len 31 from "[email protected]"
*Sep 26 17:13:19.601: ppp515 PAP: Authenticating peer [email protected]
*Sep 26 17:13:19.601: ppp515 PPP: Phase is FORWARDING, Attempting Forward
*Sep 26 17:13:19.601: ppp515 LCP: State is Open
*Sep 26 17:13:20.625: ppp515 PPP: Phase is AUTHENTICATING, Unauthenticated User
*Sep 26 17:13:20.625: ppp515 PPP: Sent PAP LOGIN Request
*Sep 26 17:13:20.650: ppp515 PPP: Received LOGIN Response PASS
*Sep 26 17:13:20.650: ppp515 PPP: Phase is FORWARDING, Attempting Forward
*Sep 26 17:13:20.657: Vi3 PPP: Phase is AUTHENTICATING, Authenticated User
*Sep 26 17:13:20.657: Vi3 PAP: O AUTH-ACK id 16 len 5
*Sep 26 17:13:20.658: Vi3 PPP: Phase is UP
*Sep 26 17:13:20.658: Vi3 IPCP: Protocol configured, start CP. state[Initial]
*Sep 26 17:13:20.658: Vi3 IPCP: Event[OPEN] State[Initial to Starting]
*Sep 26 17:13:20.658: Vi3 IPCP: O CONFREQ [Starting] id 1 len 10
*Sep 26 17:13:20.658: Vi3 IPCP: Address 199.200.107.1 (0x0306C7C86B01)
*Sep 26 17:13:20.658: Vi3 IPCP: Event[UP] State[Starting to REQsent]
*Sep 26 17:13:20.658: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to up
*Sep 26 17:13:20.660: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to up
*Sep 26 17:13:20.666: Vi3 IPCP: I CONFREQ [REQsent] id 45 len 22
*Sep 26 17:13:20.666: Vi3 IPCP: Address 0.0.0.0 (0x030600000000)
*Sep 26 17:13:20.666: Vi3 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)
*Sep 26 17:13:20.666: Vi3 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000)
*Sep 26 17:13:20.666: Vi3 IPCP AUTHOR: Start. Her address 0.0.0.0, we want 0.0.0.0
*Sep 26 17:13:20.666: Vi3 IPCP AUTHOR: Done. Her address 0.0.0.0, we want 0.0.0.0
*Sep 26 17:13:20.666: Vi3 IPCP: Pool returned 199.200.107.20
*Sep 26 17:13:20.667: Vi3 IPCP: O CONFNAK [REQsent] id 45 len 22
*Sep 26 17:13:20.667: Vi3 IPCP: Address 199.200.107.20 (0x0306C7C86B14)
*Sep 26 17:13:20.667: Vi3 IPCP: PrimaryDNS 208.98.188.81 (0x8106D062BC51)
*Sep 26 17:13:20.667: Vi3 IPCP: SecondaryDNS 8.8.8.8 (0x830608080808)
*Sep 26 17:13:20.667: Vi3 IPCP: Event[Receive ConfReq-] State[REQsent to REQsent]
*Sep 26 17:13:20.667: Vi3 IPV6CP: I CONFREQ [UNKNOWN] id 27 len 14
*Sep 26 17:13:20.667: Vi3 IPV6CP: Interface-Id 096D:2933:E6FE:523D (0x010A096D2933E6FE523D)
*Sep 26 17:13:20.667: Vi3 LCP: O PROTREJ [Open] id 2 len 20 protocol IPV6CP (0x011B0010010A096D2933E6FE523D)
*Sep 26 17:13:20.668: Vi3 IPCP: I CONFACK [REQsent] id 1 len 10
*Sep 26 17:13:20.668: Vi3 IPCP: Address 199.200.107.1 (0x0306C7C86B01)
*Sep 26 17:13:20.668: Vi3 IPCP: Event[Receive ConfAck] State[REQsent to ACKrcvd]
*Sep 26 17:13:20.672: Vi3 IPCP: I CONFREQ [ACKrcvd] id 46 len 22
*Sep 26 17:13:20.672: Vi3 IPCP: Address 199.200.107.20 (0x0306C7C86B14)
*Sep 26 17:13:20.672: Vi3 IPCP: PrimaryDNS 208.98.188.81 (0x8106D062BC51)
*Sep 26 17:13:20.672: Vi3 IPCP: SecondaryDNS 8.8.8.8 (0x830608080808)
*Sep 26 17:13:20.672: Vi3 IPCP: O CONFACK [ACKrcvd] id 46 len 22
*Sep 26 17:13:20.672: Vi3 IPCP: Address 199.200.107.20 (0x0306C7C86B14)
*Sep 26 17:13:20.672: Vi3 IPCP: PrimaryDNS 208.98.188.81 (0x8106D062BC51)
*Sep 26 17:13:20.672: Vi3 IPCP: SecondaryDNS 8.8.8.8 (0x830608080808)
*Sep 26 17:13:20.672: Vi3 IPCP: Event[Receive ConfReq+] State[ACKrcvd to Open]
*Sep 26 17:13:20.689: Vi3 IPCP: State is Open
*Sep 26 17:13:20.691: %FMANRP_ESS-4-FULLVAI: Session creation failed due to Full Virtual-Access Interfaces not being supported. Check that all applied Virtual-Template and RADIUS features support Virtual-Access sub-interfaces. swidb= 0x41F07370, ifnum= 22
*Sep 26 17:13:20.691: Vi3 Added to neighbor route AVL tree: topoid 0, address 199.200.107.20
*Sep 26 17:13:20.691: Vi3 IPCP: Install route to 199.200.107.20
*Sep 26 17:13:20.693: Vi3 PPP DISC: Lower Layer disconnected
*Sep 26 17:13:20.693: Vi3 PPP: Sending Acct Event[Down] id[5FF]
*Sep 26 17:13:20.693: PPP: NET STOP send to AAA.
*Sep 26 17:13:20.694: Vi3 IPCP: Event[DOWN] State[Open to Starting]
*Sep 26 17:13:20.694: Vi3 IPCP: Event[CLOSE] State[Starting to Initial]
*Sep 26 17:13:20.694: Vi3 LCP: O TERMREQ [Open] id 3 len 4
*Sep 26 17:13:20.694: Vi3 LCP: Event[CLOSE] State[Open to Closing]
*Sep 26 17:13:20.694: Vi3 PPP: Phase is TERMINATING
*Sep 26 17:13:20.695: Vi3 PPP: Block vaccess from being freed [0x10]
*Sep 26 17:13:20.695: Vi3 Deleted neighbor route from AVL tree: topoid 0, address 199.200.107.20
*Sep 26 17:13:20.695: Vi3 IPCP: Remove route to 199.200.107.20
*Sep 26 17:13:20.696: Vi3 LCP: Event[DOWN] State[Closing to Initial]
*Sep 26 17:13:20.696: Vi3 PPP: Unlocked by [0x10] Still Locked by [0x0]
*Sep 26 17:13:20.696: Vi3 PPP: Free previously blocked vaccess
*Sep 26 17:13:20.696: Vi3 PPP: Phase is DOWN
*Sep 26 17:13:20.696: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to down
*Sep 26 17:13:20.698: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to down -
LMS 3.2 - Problem with inventory of switches using AAA authentication
Hi all,
we want to migrate our network equpiment from local authentication (telnet password, enable password) to AAA authentication (Cisco ACS server - username, password for priv level 15). The network devices are managed with CiscoWorks 3.2 and inventory works fine when device login credentials are telnet password, enable password.
I have configured a switch for testing the authentication to the ACS server, and tested the logon manually. After the successful test I reconfigured the device credentials in CiscoWorks and checked it by a device export with credentials. The credentials in CW were OK, but from this time CiscoWorks could't pull an inventory of the switch any more. Every inventory job failed.
Any help would be appreciated. Thanks a lot.
Regards
fredJoe,
excuse me, I've made a mistake. It's the malfunction of the configuration *archiving* which depends on telnet services. I have included the trace file of the failed CW archiving job. I can see that CW receives the banner and the username prompt, but doesn't send back any telnet credentials. I have also checked the correctness of the device credentials by a DCR export.
fred -
Cisco ACS 4.2 migration to ACS 5.4 advice
Hello all, we are planning migrating off our ACS 4.2.0.124 ( non appliance ) to ACS 5.4. I'm looking for any advice or tips from anyone that has done the migration.
Is the migration tool intrusive or can it be run at anytime?
I thought about not using the migration tool and do a new install however we have a few hundred MAC address entered for a Mac authenticated SSID as well as about a 100 switches and routers for TACACS.
We have about a half dozen WIreless Controllers that use AAA with a mix of SSID's that are doing WPA2 with Mac authentication, LEAP, and, PEAP. We also use TACACS for routers and switches and AAA for anyconnect users.
Any advice on the migration process would be appreciated.
Thanks,
DanActually I managed to copy/paste from the ACS4.2 to the CSV file. The passwords will not be imported though so you have to reset the password for all users and let them change it.
If I were you I would have use the import utility to migrate users to keep the password then I will update the information of users (including group membership) via update template CSV file.
The migration I used before included few users that I could create on the spot and ask them to reset the password. Most of the data were MAC addresses for MAC auth and IP addresses for TACACS+ AAA clients (switches, routers...etc).
If you have too many users then the migration tool is your friend to get them imported without having to reset the password.
It is also important that you read the migration guide before you use the utility. You'll find valuable information about what will be imported and how. What data will be maintained and what will not.
HTH
Amjad
Rating useful replies is more useful than saying "Thank you" -
Migrate database from UTF-8 to AL32UTF8
We've heard that support for the UTF-8 characterset is going to peter out. Our databases are all in the UTF-8 characterset, so we are considering migrating to AL32UTF8. Any issues we need to consider, or is it simply a case of switching the database characterset? The globalization whitepapers I've read don't seem to address this kind of migration.
Doc ID: Note:123670.1
Subject: Use Scanner Utility before Altering the Database Character Set
Type: BULLETIN
Status: PUBLISHED
Content Type: TEXT/PLAIN
Creation Date: 02-NOV-2000
Last Revision Date: 30-OCT-2003
A) Purpose. ----------- Before altering the character set of a database, check the convertibility of the data before converting. Character set conversions can cause data loss or data corruption. The Character Set Scanner utility provides this 2 features: 1) convertibility check of existing data and potential issues. The Scanner checks all character data in the database including the data dictionary and tests for the effects and problems of changing the character set encoding (characterset). At the end of the scan, it generates a summary and exception report of the database scan. 2) from csscan V1.1 onwards it allows you also to do a check if there is no data in the database that is incorrectly stored. This is used in [NOTE:225938.1] Database Character Set Healthcheck This note gives an example on how the output of the csscan tool looks like and some live examples of how to convert the characterset. Please use the following note: [NOTE:225912.1] Changing the Database Character Set - an Overview as a complete guide to plan the change of the database character set. B) Installation and setup. -------------------------- IMPORTANT: Check for the latest version on technet of the csscan tool for your platform: http://technet.oracle.com/software/tech/globalization/content.html and use this. ( [NOTE:179843.1] Versioning of the Character Set Scanner ) There is one know problem with the characterset scanner for 817: see [BUG:3043474] To install the Character Set Scanner, you must have DBA privileges on the Oracle database. If you encounter "CSS-0xxxx" type errors, first look in the "Character Set Scanner Error Messages " section of above docset. Run csminst.sql to create the needed user and tabels, You can modify the default tablespace for CSMIG by editing the csminst.sql script. Modify the following statement in csminst.sql to assign your preferred tablespace to CSMIG as follows: ALTER USER csmig DEFAULT TABLESPACE tablespace_name; Then run csminst.sql using these commands and SQL statements: cd $ORACLE_HOME/rdbms/admin set oracle_sid=<your SID> sqlplus "system/manager" SQL>spool csminst.log SQL> START csminst.sql check the csminst.log for errors. or for 9i: cd $ORACLE_HOME/rdbms/admin set oracle_sid=<your SID> sqlplus "/ as sysdba" SQL>spool csminst.log SQL> START csminst.sql check the csminst.log for errors. [NOTE:232242.1] Character set migration utility schema not installed in 9i / ORA-942 during csminst.sql Now you can run the scanner against this database. C:\>csscan help=y gives the help screen, we will show here some sample outputs of full database scans using the command line. See also Chapter 11 "Character Set Scanner" of the Oracle9i Database Globalization Support Guide Release 2 (9.2) Part Number A96529-01 C) Character Set Scanner Compatibility. --------------------------------------- see [NOTE:179843.1] Versioning of the Character Set Scanner D) There are 3 possible conversion statuses possible ---------------------------------------------------- *** ***************** *** Scanner statuses *** ***************** The Scanner utility reports 3 types of conversion status for each table and row: 1/ CHANGELESS which leads to consider that the object needs no conversion, the codepoint dous not change between the two charactersets for those characters. 2/ CONVERTIBLE which leads to consider that the object needs conversion by export/import. (the target charactersets is NO binary superset of the source characterset) The character itself is know in both charactersets but has another codepoint This is why the ALTER DATABASE CHARACTER SET <new_character_set>; command is enforcing that the NEW characterset needs to be a BINARY superset of the old one. So you wan't be allowed to use ALTER DATABASE CHARACTER SET <new_character_set>; 3/ EXCEPTIONAL which leads to consider that the data needs manual updates before conversion or that you have invalid data in the database. Note that the scanner cannot "see" what type of character is stored. It can only compare codepoints and look them up in in the characterset conversion lists of oracle. The scanner checks if in the target characterset the codepoint of the source characterset is a valid codepoint, or that there are mappings to another codepoint it has no knowlegde of the character it suppose to represent. This is a problem if you have stored incorrect data in the database by bypassing the NLS layers. But normally this will lead to the reporting of exceptional data. This information is clearly reported in the 2 following reports automatically generated by the Scanner utility. *** *********************************** *** Reports SCAN.TXT and SCAN.ERR *** *********************************** 1/ SCAN.TXT => objects in the data dictionary requiring an action such as renaming a table => application data requiring an action such exporting/importing data to be converted, updating data, rebuilding indexes, modifying column sizes Example [Data Dictionary Conversion Summary] Datatype Changeless Convertible Exceptional Total ---------------- -------------- -------------- -------------- -------------- VARCHAR2 608,343 0 1 608,344 CHAR 2 0 0 2 LONG 29,756 0 0 29,756 CLOB ---------------- -------------- -------------- -------------- -------------- Total 638,101 0 1 638,102 [Application Data Conversion Summary] Datatype Changeless Convertible Exceptional Total ---------------- -------------- -------------- -------------- -------------- VARCHAR2 16 0 0 16 CHAR 2 1 1 4 LONG 0 0 0 0 CLOB 0 0 0 0 ---------------- -------------- -------------- -------------- -------------- Total 18 1 1 20 [Distribution of Convertible Data per Table] USER.TABLE Convertible Exceptional ----------------------------------------- ---------------- ---------------- SYS.OBJ$ 0 1 U1.T_EXCEPTIONAL 0 1 U1.T_CONVERTIBLE 1 0 ----------------------------------------- ---------------- ---------------- [Distribution of Convertible Data per Column] USER.TABLE|COLUMN Convertible Exceptional ----------------------------------------- ---------------- ---------------- SYS.OBJ$|NAME 0 1 U1.T_EXCEPTIONAL|C1 0 1 U1.T_CONVERTIBLE|C1 1 0 ----------------------------------------- ---------------- ---------------- [Indexes to be Rebuilt] USER.INDEX on USER.TABLE(COLUMN) ---------------------------------------------------------------------------- SYS.I_OBJ2 on SYS.OBJ$(NAME) U1.I_T_CONVERTIBLE on U1.T_CONVERTIBLE(C1) --------------------------------------------------------------------------- 2/ SCAN.ERR => lists rowids of rows for which data is to be updated because of an EXCEPTIONAL status Example User : SYS Table : OBJ$ Column: NAME Type : VARCHAR2(30) Number of Exceptions : 1 Max Post Conversion Data Size: 33 ROWID Exception Type Size Cell Data(first 30 bytes) ------------------ ------------------ ----- ------------------------------ AAAAASAABAAAAXjABF exceed column size 33 table_M-H_gM-Erer_drM-Bles_franM-5ais ------------------ ------------------ ----- ------------------------------ User : U1 Table : T_EXCEPTIONAL Column: C1 Type : CHAR(12) Number of Exceptions : 1 Max Post Conversion Data Size: 24 ROWID Exception Type Size Cell Data(first 30 bytes) ------------------ ------------------ ----- ------------------------------ AAAAxDAAFAAAABDAAA exceed column size 24 M-EM-IM-HM-KM-LM-]M-NM-OM-AM-BM-QM-@ ------------------ ------------------ ----- ------------------------------ *** *************************** *** 3 statuses => 3 approaches *** *************************** 1/ When objects are in CHANGELESS status, they need not be converted. Issue the ALTER DATABASE CHARACTER SET statement on the database. This is possible when, and only when, the new character set is a strict superset of the current character set. 2a/ When a lot of objects are in CONVERTIBLE status, the data can be converted, and must be converted by Export: FULL Export + creation of a new database + FULL Import 2b/ When the database is large and only a few tables are in CONVERTIBLE status, whereas all the others are CHANGELESS, prefer the following method: Export selected tables + ALTER DATABASE CHARACTER SET if possible + Import the selected convertible tables (import will convert appropriately) 3/ However, if there are some cases in EXCEPTIONAL status reported, these exceptions must be handled one by one, and fixed first before using any of the above methods to do the conversions. This involves modifying data and/or modify structures to eliminate those exceptions. Again, see [NOTE:225912.1] Changing the Database Character Set - an Overview for more info en on how to deal with exceptional data. E) This are some sample outputs and live examples: -------------------------------------------------- *** Test1 on a WE8ISO8859P9 character set database to be converted to UTF8 1/ Create 4 tables : Table "table_� _gérer_drôles_français": table name is to be converted Table T_STANDARD: no data change required Table T_CONVERTIBLE: data are to be converted Table T_EXCEPTIONAL: data are to be updated before conversion $ NLS_LANG=american_america.WE8ISO8859P9 SQL> connect u1/u1 Connected. SQL> create table "table_� _gérer_drôles_français" (c1 char(16)); Table created. SQL> insert into "table_� _gérer_drôles_français" values ('A'); 1 row created. SQL> create table T_STANDARD (c1 char(12)) ; Table created. SQL> insert into T_STANDARD values ('aeiouaieou'); 1 row created. SQL> create table T_CONVERTIBLE (c1 CHAR(12)); Table created. SQL> create index i_t_convertible on t_convertible(c1) ; Index created. SQL> insert into T_CONVERTIBLE values ('éè� '); 1 row created. SQL> create table T_EXCEPTIONAL (c1 char(12)); Table created. SQL> insert into T_EXCEPTIONAL values ('éè� ùäöüêôîâ'); 1 row created. SQL> select * from T_EXCEPTIONAL; C1 ------------ éè� ùäöüêôîâ SQL> commit; Commit complete. 2/ Run the Character Set Scanner utility to provide report. ----------------------------------------------------------- Before running csscan, be aware of the following parameters: CAPTURE=Y records the ROWID for each cell of data that is problematic; use it only when there are small amounts of problem data because it might "flood" the database if lots of problematic data is expected. The ARRAY and PROCESS parameters for large databases are vital: * ARRAY can be set to a size in bytes which best represents the available real memory at scanner run time; the higher the better. * PROCESS spawns a process for parallel scanning and should be set to the number of available CPU's on the system which is hosting the database. $ csscan system/manager FULL=Y FROMCHAR=WE8ISO8859P9 TOCHAR=UTF8 CAPTURE=Y Character Set Scanner: Release 8.1.7.0.0 - Production on Thu Nov 9 10:36:15 2000 (c) Copyright 2000 Oracle Corporation. All rights reserved. Connected to: Oracle8i Enterprise Edition Release 8.1.7.0.0 - 64bit Production With the Partitioning option JServer Release 8.1.7.0.0 - 64bit Production Enter array fetch buffer size: 10240 > Enter number of scan processes to utilize(1..32): 1 > 4 Enumerating tables to scan... . process 1 scanning SYS.SOURCE$[AAAABAAABAAAADAAAA] . process 2 scanning SYS.SOURCE$[AAAABAAABAAAA8/AAA] . process 3 scanning SYS.TAB$ ...... . process 4 scanning U1.T_EXCEPTIONAL . process 4 scanning U1.table_� gérerdrôles_français . process 4 scanning U1.T_STANDARD . process 4 scanning U1.T_CONVERTIBLE . process 4 scanning SYS.SYN$ .... . process 3 scanning SYS.FILE$ Creating Database Scan Summary Report... Creating Individual Exception Report... Scanner terminated successfully. 3/ Examine the 2 provided reports : scan.txt and scan.err. ---------------------------------------------------------- Report scan.txt --------------- Database Scan Summary Report ... [Scan Summary] Some character type data in the data dictionary are not convertible to the new character set Some character type application data are not convertible to the new character set [Data Dictionary Conversion Summary] Datatype Changeless Convertible Exceptional Total ---------------- -------------- -------------- -------------- ---------------- VARCHAR2 608,343 0 1 608,344 CHAR 2 0 0 2 LONG 29,756 0 0 29,756 ---------------- -------------- -------------- -------------- ---------------- Total 638,101 0 1 638,102 [Application Data Conversion Summary] Datatype Changeless Convertible Exceptional Total ---------------- -------------- -------------- -------------- ---------------- VARCHAR2 18 0 0 18 CHAR 1 1 1 3 LONG 0 0 0 0 ---------------- -------------- -------------- -------------- ---------------- Total 19 1 1 21 [Distribution of Convertible Data per Table] USER.TABLE Convertible Exceptional -------------------------------------------- ---------------- ---------------- SYS.OBJ$ 0 1 U1.T_CONVERTIBLE 1 0 U1.T_EXCEPTIONAL 0 1 -------------------------------------------- ---------------- ---------------- [Distribution of Convertible Data per Column] USER.TABLE|COLUMN Convertible Exceptional -------------------------------------------- ---------------- ---------------- SYS.OBJ$|NAME 0 1 U1.T_CONVERTIBLE|C1 1 0 U1.T_EXCEPTIONAL|C1 0 1 -------------------------------------------- ---------------- ---------------- [Indexes to be Rebuilt] USER.INDEX on USER.TABLE(COLUMN) ------------------------------------------------------------------------------ SYS.I_OBJ2 on SYS.OBJ$(NAME) U1.I_T_CONVERTIBLE on U1.T_CONVERTIBLE(C1) ------------------------------------------------------------------------------ Report scan.err --------------- Database Scan Individual Exception Report ... [Application data individual exceptions] User : SYAR2(30) Number of Exceptions : 1 Max Post Conversion Data Size: 33 ROWID Exception Type Size Cell Data(first 30 bytes) ------------------ ------------------ ----- ------------------------------ AAAAASAABAAAAXjABF exceed column size 33 table_M-H_gM-Erer_drM-Bles_franM-5ais ------------------ ------------------ ----- ------------------------------ User : U1 Table : T_EXCEPTIONAL Column: C1 Type : CHAR(12) Number of Exceptions : 1 Max Post Conversion Data Size: 22 ROWID Exception Type Size Cell Data(first 30 bytes) ------------------ ------------------ ----- ------------------------------ AAAAxDAAFAAAABDAAA exceed column size 22 M-EM-IM-HM-KM-LM-NM-OM-AM-BM-QM-@ ------------------ ------------------ ----- ------------------------------ 4/ Actions to take before character set conversion. --------------------------------------------------- a/ The table named "table_� _gérer_drôles_français" needs to be recreated with another name. SQL> alter table "table_� _gérer_drôles_français" rename to table_a_gerer_droles_francais; Table altered. b/ Export table U1.T_CONVERTIBLE: $ NLS_LANG=american_america.WE8ISO8859P9 $ exp userid=U1/U1 tables=T_CONVERTIBLE . . exporting table T_CONVERTIBLE 1 rows exported Export terminated successfully without warnings. c/ Since the exception refers to a too small column size, enlarge the column size of U1.T_EXCEPTIONAL.C1: SQL> alter table t_exceptional modify (c1 char(24)); Table altered. 5/ Perform another scan check before character set conversion. -------------------------------------------------------------- $ csscan system/manager FULL=Y FROMCHAR=WE8ISO8859P9 TOCHAR=UTF8 CAPTURE=Y => reports scan.txt: Datatype Changeless Convertible Exceptional Total --------------- -------------- -------------- ---------------- ---------------- VARCHAR2 608,344 0 0 608,344 CHAR 2 0 0 2 LONG 29,756 0 0 29,756 --------------- -------------- -------------- ---------------- ---------------- Total 638,102 0 0 638,102 [Application Data Conversion Summary] Datatype Changeless Convertible Exceptional Total ---------------- ---------------- -------------- -------------- ---------------- VARCHAR2 18 0 0 18 CHAR 1 2 0 3 LONG 0 0 0 0 ---------------- ---------------- -------------- -------------- ---------------- Total 19 2 0 21 [Distribution of Convertible Data per Table] USER.TABLE Convertible Exceptional ---------------------------------------------- ---------------- ---------------- U1.T_CONVERTIBLE 1 0 U1.T_EXCEPTIONAL 1 0 ---------------------------------------------- ---------------- ---------------- [Distribution of Convertible Data per Column] USER.TABLE|COLUMN Convertible Exceptional ---------------------------------------------- ---------------- ---------------- U1.T_CONVERTIBLE|C1 1 0 U1.T_EXCEPTIONAL|C1 1 0 ---------------------------------------------- ---------------- ---------------- => in scan.err, no more exception 6/ Last actions to take before character set conversion ------------------------------------------------------- Export table U1.T_EXCEPTIONAL: $ exp U1/U1 tables=T_CONVERTIBLE,T_EXCEPTIONAL Export: Release 8.1.7.0.0 - Production on Thu Nov 9 13:06:53 2000 About to export specified tables via Conventional Path ... . . exporting table T_CONVERTIBLE 1 rows exported . . exporting table T_EXCEPTIONAL 1 rows exported Export terminated successfully without warnings. 7/ Perform character set conversion ------------------------------------ Follow the steps in: [NOTE:66320.1] Changing the Database Character Set or the Database National Character Set but you will get: SQL> alter database character set UTF8; alter database character set UTF8 * ERROR at line 1: ORA-12712: new character set must be a superset of old character set Since the character set UTF8 is not allowed in alter database, use FULL EXPORT , recreate the database with UTF8 character set, FULL IMPORT. See [NOTE:15095.1] Export/Import and NLS Considerations for more info on these steps. 8/ Actions to take after character set conversion. -------------------------------------------------- a/ Check the imported data of tables U1.T_CONVERTIBLE and U1.T_EXCEPTIONAL: Import: Release 8.1.7.0.0 - Production on Thu Nov 9 14:27:54 2000 import done in WE8ISO8859P9 character set and US7ASCII NCHAR character set import server uses UTF8 character set (possible charset conversion) . importing U1's objects into U1 . . importing table "T_CONVERTIBLE" IMP-00019: row rejected due to ORACLE error 1401 IMP-00003: ORACLE error 1401 encountered ORA-01401: inserted value too large for column Column 1 éè� 0 rows imported . . importing table "T_EXCEPTIONAL" IMP-00019: row rejected due to ORACLE error 1401 IMP-00003: ORACLE error 1401 encountered ORA-01401: inserted value too large for column Column 1 éè� ùäöüêôîâ 0 rows imported See [NOTE:119119.1] UTF8 Database Character Set Implications section "2.2.1 Example Export / Import into a UTF-8 Database" why this happens. b/ Change the column width of the tables and reimport the data: SQL> alter table U1.T_CONVERTIBLE modify (C1 CHAR(16)); Table altered. SQL> alter table U1.T_EXCEPTIONAL modify (C1 CHAR(36)); Table altered. $ imp U1/U1 FULL=Y IGNORE=Y Import: Release 8.1.7.0.0 - Production on Thu Nov 9 14:23:18 2000 import done in WE8ISO8859P9 character set and US7ASCII NCHAR character set import server uses UTF8 character set (possible charset conversion) . importing U1's objects into U1 . . importing table "T_CONVERTIBLE" 1 rows imported . . importing table "T_EXCEPTIONAL" 1 rows imported Import terminated successfully without warnings. c/ Check integrity for all CONVERTIBLE and EXCEPTIONAL objects: SQL> select * from U1.TABLE_A_GERER_DROLES_FRANCAIS; C1 ---------------- A SQL> select * from U1.T_CONVERTIBLE; C1 ---------------- éè� SQL> select * from U1.T_EXCEPTIONAL; C1 ------------------------------------ éè� ùäöüêôîâ *** on an US7ASCII database containing WE8ISO8859P1 characters *** to be altered to WE8ISO8859P9 Steps 1 and 2 are identical 3/ Run the Character Set Scanner utility to provide report. ----------------------------------------------------------- The database is US7ASCII but contains some WE8ISO8859P1 characters; then by setting FROMCHAR=WE8ISO8859P1, the scanner treats all cells as if they are from WE8ISO8859P1 and gives a more acurate result. $ csscan USERID=system/manager FULL=Y CAPTURE=Y FROMCHAR=WE8ISO8859P1 TOCHAR=WE8ISO8859P9 ...... . process 4 scanning U1.table_� gérerdrôles_français . process 4 scanning U1.T_STANDARD . process 4 scanning U1.T_CONVERTIBLE . process 4 scanning U1.T_EXCEPTIONAL ......t... Creating Individual Exception Report... Scanner terminated successfully. $ 4/ Examine the 2 provided reports : scan.txt and scan.err. ---------------------------------------------------------- Report scan.txt --------------- Database Scan Summary Report [Data Dictionary Conversion Summary] Datatype Changeless Convertible Exceptional Total --------------- -------------- -------------- -------------- -------------- VARCHAR2 608,314 0 0 608,314 CHAR 2 0 0 2 LONG 29,754 0 0 29,754 --------------- -------------- -------------- -------------- -------------- Total 638,070 0 0 638,070 [Application Data Conversion Summary] Datatype Changeless Convertible Exceptional Total ---------------- -------------- -------------- -------------- -------------- VARCHAR2 14 0 0 14 CHAR 4 0 0 4 LONG 0 0 0 0 ---------------- -------------- -------------- -------------- -------------- Total 18 0 0 18 [Distribution of Convertible Data per Table] USER.TABLE Convertible Exceptional ---------------------------- ------------ ----------- ---------------------------- ------------ ----------- [Distribution of Convertible Data per Column] USER.TABLE|COLUMN Convertible Exceptional ---------------------------- ------------ ----------- ---------------------------- ------------ ----------- [Indexes to be Rebuilt] USER.INDEX on USER.TABLE(COLUMN) -------------------------------------------------- -------------------------------------------------- Report scan.err --------------- Database Scan Individual Exception Report [Application data individual exceptions] 5/ Actions to take before character set conversion. --------------------------------------------------- In this case, execute the ALTER DATABASE CHARACTER SET which does not change the actual character codes, but only changes the character set declaration. To prevent any possible data loss, perform a FULL database backup before altering the database character set. 6/ Perform character set conversion. ------------------------------------ Follow the steps in: [NOTE:66320.1] Changing the Database Character Set or the Database National Character Set 7/ Actions to take after character set conversion. -------------------------------------------------- Check integrity for all EXCEPTIONAL objects: SQL> select * from U1."table_� _gérer_drôles_français"; C1 ---------------- A SQL> select * from U1.T_CONVERTIBLE; C1 ------------ éè� SQL> select * from U1.T_EXCEPTIONAL; C1 ------------ éè� ùäöüêôîâ RELATED DOCUMENTS ----------------- [NOTE:15095.1] Export/Import and NLS Considerations [NOTE:119119.1] UTF8 Database Character Set Implications [NOTE:66320.1] Changing the Database Character Set or the Database National Character Set [NOTE:66320.1] Changing the Database Character Set or the Database National Character Set [NOTE:119119.1] UTF8 database character set implications [BUG:1611255] CHARACTER SET SCANNER GETS SEGMENTATION FAULT WHEN ARRAY AND PROCESS ARE LARGE [NOTE:232242.1] Character set migration utility schema not installed in 9i / ORA-942 during csminst.sql
Joel P�rez -
Migrate data flow from 3.5 to 7.3?
Dear Experts,
After technical had upgrade SAP BW from 3.5 to 7.3, I did test migrating data flow. I found that if I specified "migration project" to another name different from DataStore Object name, I could not find related objects (e.g. transformation or DTP) under that DataStore Object. And the DataStore Object was also inactive version, even the migration was done without error.
For example
- Original DSO name = AAA was showed inactive
- Migration Project name = AAA_Migrated
- After selecting all the objects including process chains and clicking on 'Migration/Recovery' button, status showed with no error (Migration History displayed all green)
- recheck objects in transaction = RSA1
- DSO name = AAA was still showed inactive
I just wonder where all objects under DSO name = AAA were gone?
What happened to the migration project name = AAA_Migrated?
How should I find the migration project name = AAA_Migrated?
How to recover all objects under DSO name = AAA? (Just in case misspelling "migration project")?
If you have similar case mentioned above, could you share any experience how to handle this?
Thank you very much.
-WJ-BW 7.30: Data Flow Migration tool: Migrating 3.x flows to 7.3 flows and also the recovery to 3.X flow
Regards,
Sushant -
Migration to an existing 6i repository
We updated the repository from 1.3.2 to 6 (the repository owner is AAA). At the same time, we created a new 6i target repository (the repository owner is BBB). We now plan to migrate the repository from 6 to 6i.
Two questions:
1. The repositories have different owners. Will that cause a problem or can the repository have more than one owner?
2. Will it cause a problem if there is already an id for a user and that user has objects in the repository?
Thank you in advance.
Kyle
nullKyle,
Repository 6 and 6i can have different owners. Ensure you read the migration section in the install guide. You should be migrating between databases, thus you will need to recreate the database users in the new database. Scripts are provided and documented in the migration guide.
David -
EAP-AUTH-AAA-ERROR: Reply received on stale handle
Hi,
I try to deploy 802.1x EAP-TLS in Lab enviroment with ACS 4.2 and
Cisco IOS Software, C3560 Software (C3560-ADVIPSERVICESK9-M), Version 12.2(46)SE
If I use the PEAP, it is working, but if EAP-TLS, then nothing show in logs on ACS, but error message.
EAP-AUTH-AAA-ERROR: Reply received on stale handle (0x00000000)
If I switch Network Access Profile to another one w/o EAP-TLS then in log I get
12/10/2009 10:23:21 Authen failed [email protected] Default Group XX-XX-XX-XX-XX-XX, other, EAP type not configured
What could be a problem?Problem was solved by migration of whole ACS to another server with 4.2.0.124 Patch 12.
-
Migration problem - cannot REPLY / still showing o...
I've just been migrated - it went very smoothly - well done at that stage.
I then opened my In-Box and found two problems:
1. Major problem - When I click on Reply it creates a new email from me to the sender and shows sender's email (all as before) but it won't let me enter my reply. The mouse marker doesn't show. SOS please!
2. Minor problem - I've changed my email address in an attempt to get away from the 20/30 daily spam emails. I've changed from (1st name).(surname)@btinternet.com to "aaaa.nnn@" etc but when I enter my mailbox, it still says "Hello, old email address". Only a niggle - will it go away by itself?I've probably caused the problem and have made it worse!
I got the Welcome email from BTMail and opened my inbox. At the top were two urgent emails both needing urgent reply. I replied to the first one but when I tried to reply to the second one I got the problem outlined above so I closed it down and posted here.
I've just tried to go back in again but I'm locked out because I forgot to click on the link in my first Welcome email to confirm my email address!
It's telling me that I can't enter my In Box until I click on the link but I can't do that because I can't get in to my In Box to see the blasted thing!!
I tried asking for another email but it still won't let me in. I will not change my email address again so have I an alternative?
PS Presumably the fact that I didn't click on the link has stopped me from replying for a second time - i.e. the system is programmed to allow one reply (to the link).
PPS There's a copy of the Welcome email in my old name inbox but there's no link shown.
Maybe you are looking for
-
ME 9F - P.O Amendment to purchase order not appearing
Hai, Recently we moved from ECC 5 to ECC 6 We face a issue in P.O printout Eg:- When the P.O created & released now the print taken and found okey. (no goods are inwarded) in this condition After taken the printout , Thru ME22N , i am adding 2 more
-
Extract adding space for dateTime elements
I just ran into something a little strange when I use extract on a datetime element it appears that an extra space is added to the begining of the date. example select extract(value(o),'/Person/CreatedDate') from person o Returns <CreatedDate> 2006-0
-
How do I determine JDBC Version? - oracle.jdbc.driver
The following is my path and classpath and script. Path = D:\oracle\ora90\bin; D:\oracle\ora90\Apache\Perl\5.00503\bin\mswin32-x86; C:\Program Files\Oracle\jre\1.1.8\bin; %SystemRoot%\system32; %SystemRoot%; %SystemRoot%\System32\Wbem; C:\Program Fil
-
Hi, where are some good places to learn Java?
Hi all, I'm beginning to learn Java, with a background in c. Can anyone point out a few good web sites or books that would help make the transition? thanks. John p.s. -- is Java's pass by reference the same as pass by address? or by value?
-
hi. I am new to XI. can anyone please tell me about different scenarios, demo examples... etc... regards. Sagar Bhosale.