ACL - configuration help

Similar Messages

• 4500 IOS-XE: Crash on ACL configuration

  Hi All ,
  We have recently migrated from standalone to VSS on our C4500 switches with Sup 7-E.
  but the switch crashes every time we edit or modify the ACL with below error message :
  %SYS-3-BADBLOCK: Bad block pointer 
  %SYS-6-MTRACE: mallocfree: addr, pc
  %SYS-6-BLKINFO: Corrupted next pointer blk
  %SYS-6-MEMDUMP: 0x7E043FF8
  We noticed that there is a new bug for this issue i.e
  CSCun33897 Symptom:
  A Catalyst 4500 series switch running IOS-XE may unexpectedly reboot when ACL configuration is applied to an interface.
  but there is no fix available yet.
  Please let me know if anyone had this kind of issue. Appreciate your suggestion and feedback on this issue .
  Current used Image : cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin .
  Thanks in advance .

  its seems to be closely matching to the bug you mentioned
  If you upload crashinfo i can look it and try to confirm.
  Regards
  Naveen
  ***rate if it is helpful***

• Acl configuration

  Hello everyone,
  I have a doubt about the ACL configuring in my ASA
  I have this acl witch it means that 10.10.11.2 can do www to the host 10.10.10.1
  access-list 100 extended permit tcp host 10.10.11.2 host 10.10.10.1 eq www
  and 
  access-list 100 extended permit tcp host 10.10.10.1 eq www host 10.10.11.2 (hitcnt=31)
  witch it means that the host 10.10.10.1 can make www to the host 10.10.11.2
  the host 10.10.10.1 can't do www to the host 10.10.11.2, but the host 10.10.11.2 can do, and the second ACL have hits.
  is ti right?
  Thanks.

  If you want to allow hosts 10.10.10.1 to hit 10.10.11.2 on www then you should change the syntax to:
  access-list 100 extended permit tcp host 10.10.10.1 host 10.10.11.2 eq www
  Your original syntax:
  access-list 100 extended permit tcp host 10.10.10.1 eq www host 10.10.11.2
  By placing the "eq www" after the source IP, you are telling the ASA that the source port is 80/www. Instead, you want the destination port to be "80/www" and as a result, you need to place is after the destination IP. 
  Also, you can always use the "packet-tracer" command to see exactly what is blocking your traffic :)
  Thank you for rating helpful posts!

• 1941W configuration help needed

  Our Deployment Scenario:-
  1941W Gigabit Ethernet 0/0 is connected to the PPOE connection of the ISP.
  Gigabit Ethernet 0/1 is connected to the wired LAN
  I have created 2 wireless radio Cisco_Kamran_BGN which is operating at 2.4 Ghz Devices and Cisco_Kamran_A which is operating at 5Ghz Devices.
  I have created 2 VLans for the Wireless.
  Vlan 10 for Cisco_Kamran_A        192.168.10.x
  Vlan 11 for Cisco _Kamran_BGN   192.168.11.X
  The problem is the Wireless users are not getting the IP address from the respective DHCP server which has been configured on the Router.
  Can please any from the community help me and show me where I am missing the configuration.
  Please find my router  & ap configuration below.
  Router Configuration
  Router#
  sh run
  Building configuration...
  Current configuration : 3022 bytes
  ! No configuration change since last restart
  version 15.1
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname Router
  boot-start-marker
  boot-end-marker
  enable secret 5 $1$TdQt$npYeaf/W0kRElcfMggzJ31
  no aaa new-model
  service-module wlan-ap 0 bootimage autonomous
  no ipv6 cef
  ip source-route
  ip cef
  ip dhcp excluded-address 192.168.1.1 192.168.1.50
  ip dhcp excluded-address 192.168.10.1 192.168.10.10
  ip dhcp excluded-address 192.168.11.1 192.168.11.10
  ip dhcp pool DHCP
  network 192.168.1.0 255.255.255.0
  default-router 192.168.1.1
  dns-server 195.229.241.222 213.42.20.20
  ip dhcp pool Cisco_Kamran_A
  network 192.168.11.0 255.255.255.0
  default-router 192.168.11.1
  dns-server 195.229.241.222 213.42.20.20
  ip dhcp pool Cisco_Kamran_BGN
  network 192.168.10.0 255.255.255.0
  default-router 192.168.10.1
  dns-server 195.225.241.222 213.42.20.20
  multilink bundle-name authenticated
  crypto pki token default removal timeout 0
  license udi pid CISCO1941W-E/K9 sn FCZ1553C1VK
  hw-module ism 0
  redundancy
  bridge irb
  interface Embedded-Service-Engine0/0
  no ip address
  shutdown
  interface GigabitEthernet0/0
  ip address 192.168.1.1 255.255.255.0
  ip nat inside
  ip virtual-reassembly in
  duplex auto
  speed auto
  interface wlan-ap0
  description Service module interface to manage the embedded AP
  ip unnumbered GigabitEthernet0/0
  arp timeout 0
  no mop enabled
  no mop sysid
  interface GigabitEthernet0/1
  no ip address
  duplex auto
  speed auto
  pppoe enable group global
  pppoe-client dial-pool-number 1
  interface Wlan-GigabitEthernet0/0
  description Internal switch interface connecting to the embedded AP
  switchport mode trunk
  no ip address
  interface Vlan1
  no ip address
  interface Vlan10
  ip address 192.168.10.1 255.255.255.0
  ip access-group DSL_ACCESSLIST in
  ip nat inside
  ip virtual-reassembly in
  interface Vlan11
  ip address 192.168.11.1 255.255.255.0
  ip access-group DSL_ACCESSLIST in
  ip nat inside
  ip virtual-reassembly in
  interface Dialer1
  ip address negotiated
  ip nat outside
  ip virtual-reassembly in
  encapsulation ppp
  dialer pool 1
  ppp authentication pap callin
  ppp pap sent-username xxxxxx password 0 xxxxxx
  ppp ipcp route default
  ip forward-protocol nd
  no ip http server
  no ip http secure-server
  ip nat inside source list DSL_ACCESSLIST interface Dialer1 overload
  ip access-list extended DSL_ACCESSLIST
  permit ip 192.168.0.0 0.0.255.255 any
  control-plane
  line con 0
  password xxxxxx
  login
  line aux 0
  line 2
  no activation-character
  no exec
  transport preferred none
  transport input all
  transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
  stopbits 1
  line 67
  no activation-character
  no exec
  transport preferred none
  transport input all
  transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
  line vty 0 4
  password xxxxxx
  login
  transport input all
  scheduler allocate 20000 1000
  end
  Router#
  Router#
  Router#
  Access Point Configuration
  ap#
  ap#
  ap#
  sh run
  Building configuration...
  Current configuration : 2603 bytes
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname ap
  enable secret 5 $1$JxdQ$a2/00bWJuhUKP9QLC94YD/
  no aaa new-model
  dot11 syslog
  dot11 ssid Cisco_Kamran_A
     authentication open
     authentication key-management wpa
     guest-mode
     wpa-psk ascii 7 1045081417161C5A555C7A7B
  dot11 ssid Cisco_Kamran_BGN
     authentication open
     authentication key-management wpa
     guest-mode
     wpa-psk ascii 7 020D05561907017015165949
  username Cisco password 7 14341B180F0B
  bridge irb
  interface Dot11Radio0
  description 802.11bgn radio
  no ip address
  no ip route-cache
  encryption mode ciphers aes-ccm
  broadcast-key change 3600
  ssid Cisco_Kamran_BGN
  antenna gain 0
  station-role root
  bridge-group 11
  bridge-group 11 subscriber-loop-control
  bridge-group 11 block-unknown-source
  no bridge-group 11 source-learning
  no bridge-group 11 unicast-flooding
  bridge-group 11 spanning-disabled
  interface Dot11Radio1
  description 802.11a radio
  no ip address
  no ip route-cache
  encryption mode ciphers aes-ccm
  ssid Cisco_Kamran_A
  antenna gain 0
  no dfs band block
  channel dfs
  station-role root
  bridge-group 10
  bridge-group 10 subscriber-loop-control
  bridge-group 10 block-unknown-source
  no bridge-group 10 source-learning
  no bridge-group 10 unicast-flooding
  bridge-group 10 spanning-disabled
  interface GigabitEthernet0
  description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
  no ip address
  no ip route-cache
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  interface GigabitEthernet0.10
  description 802.11a bridge
  encapsulation dot1Q 10
  no ip route-cache
  bridge-group 10
  bridge-group 10 subscriber-loop-control
  bridge-group 10 block-unknown-source
  no bridge-group 10 source-learning
  no bridge-group 10 unicast-flooding
  bridge-group 10 spanning-disabled
  interface GigabitEthernet0.11
  description 802.11bgn bridge
  encapsulation dot1Q 11
  no ip route-cache
  bridge-group 11
  bridge-group 11 subscriber-loop-control
  bridge-group 11 block-unknown-source
  no bridge-group 11 source-learning
  no bridge-group 11 unicast-flooding
  bridge-group 11 spanning-disabled
  interface BVI1
  ip address dhcp client-id GigabitEthernet0
  no ip route-cache
  ip http server
  no ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  bridge 1 route ip
  line con 0
  no activation-character
  line vty 0 4
  login local
  end
  ap#
  ap#
  ap#

  Hi Stepehen,
  Did the configuration as per your advice  but i am getting the below mentioned error which i have highlighted it in red. Please advice what needs to be done.
  Home
  Re: 1941W configuration help needed
  created by Stephen Rodriguez in Getting     Started with Wireless - View the full discussion
  conf t
  interface     Dot11Radio0
  no ssid     Cisco_Kamran_BGN
  no encryption mode     ciphers aes-ccm
  exit
  interface     Dot11Radio1
  no encryption mode     ciphers aes-ccm
  no ssid     Cisco_Kamran_A
  exit
  dot11 ssid     Cisco_Kamran_A
  vlan 10
  dot11 ssid     Cisco_Kamran_BGN
  vlan 11
  exit
  interface     Dot11Radio0
  encryption vlan 11     mode ciphers aes
  ssid     Cisco_Kamran_BGN
  exit
  interface     dot11radio0.1
  encapsulation     dot1q 1 native
  bridge-group 1
  interface     dot11radio 0.11
  encapsulation     dot1q 11
  bridge-group 11
  Configuration of     subinterfaces and main interface
  within the same bridge     group is not permitted
  exit
  interface     Dot11Radio1
  encryption vlan 10     mode ciphers aes-ccm
  ssid     Cisco_Kamran_A
  interface     dot11radio1.1
  encapsulation     dot1q 1 native
  bridge-group 1
  interface     dot11radio1.10
  encapuslation     dot1q 10
  bridge-group 10
  Configuration of subinterfaces and main     interface
  within the same bridge     group is not permitted
  end
  wr
  Reply to this message by going to Home
  Start a new discussion in Getting Started with Wireless at Home

• SLM2024 ACL configuration

  I have a question on how to setup an ACL configuration on the SLM2024.  I originally got this switch to just be able to monitor network ups/downs on the ports.  and this has worked great in diagnosing the problems I was having originally.  Now however I have to setup something on here that I have never had to do, and am unsure how to do it.
  I have a computer that sends out a UDP broadcast that is causing our Xerox Phaser network printer to shutdown if it sees the broadcast.  The Phaser is designed in a way that if it sees something on the network it thinks is harmful it will shut itself off to protect itself.  and on startup if it sees something harmful it will not startup, it will go into an infinite restart loop.
  After fully testing everything I can think of I got it down to a piece of software on the computer that sends the UDP broadcast.  If this software is not running the printer works fine.  Unfortunately the software needs to run 24/7, and we need to print.
  Both the computer and printer have static ip addresses.  and basically all I want to do is setup an ACL (at least thats what others have told me) to block communication between those two ip addresses so that the printer won't see the UDP broadcast anymore.
  So my question is, would an ACL block that traffic?  and if so how do I set it up?  I looked in the manuals that came with the switch, and i'm not really seeing any information on how to do it.  If anyone can give me some insight into what I need to do I would greatly appreciate it.
  Thanks

  I have a question on how to setup an ACL configuration on the SLM2024.  I originally got this switch to just be able to monitor network ups/downs on the ports.  and this has worked great in diagnosing the problems I was having originally.  Now however I have to setup something on here that I have never had to do, and am unsure how to do it.
  I have a computer that sends out a UDP broadcast that is causing our Xerox Phaser network printer to shutdown if it sees the broadcast.  The Phaser is designed in a way that if it sees something on the network it thinks is harmful it will shut itself off to protect itself.  and on startup if it sees something harmful it will not startup, it will go into an infinite restart loop.
  After fully testing everything I can think of I got it down to a piece of software on the computer that sends the UDP broadcast.  If this software is not running the printer works fine.  Unfortunately the software needs to run 24/7, and we need to print.
  Both the computer and printer have static ip addresses.  and basically all I want to do is setup an ACL (at least thats what others have told me) to block communication between those two ip addresses so that the printer won't see the UDP broadcast anymore.
  So my question is, would an ACL block that traffic?  and if so how do I set it up?  I looked in the manuals that came with the switch, and i'm not really seeing any information on how to do it.  If anyone can give me some insight into what I need to do I would greatly appreciate it.
  Thanks

• Need configuration help on producing dial tone

  Hello Experts,
  I have a Cisco 2921 router with VWIC3-2MFT-T1/E1 card. On this card we have T1-CAS digital line connected. We have been provided with a set of DID numbers. We have a requirement where, when we dial a DID, the router should provide a dial tone, and should allow the user to dial to extension numbers. Not sure if this is feasible. If at all possible, will need to some configuration help.
  Thanks
  Arabinda

  Sure it's possible. What's the T1 connected to? The router will offer two-stage dialing (aka dial tone) when the incoming POTS dial-peer does not have the 'direct-inward-dial' command on it. The router will accept any input and search for an outbound dial-peer (or ephone-dn for locally registered DNs) to match. Be careful if the T1 is connected to the PSTN as this is a toll fraud risk. You need to use CoR to reign in what outbound dial-peers are available to it.
  Dial Peer Basics:
  http://www.cisco.com/en/US/tech/tk652/tk90/technologies_tech_note09186a008010ae1c.shtml
  Class of Restrictions:
  http://www.cisco.com/en/US/tech/tk652/tk90/technologies_configuration_example09186a008019d649.shtml
  Please remember to rate helpful responses and identify helpful or correct answers.

• Multiple ethernet network adaptors + MySQL/php5: configuration help needed

  I would be grateful if someone could give me some advice on how to configure multiple ethernet adapters under OS X 10.5.6
  I have set up my system to work nicely with two ethernet network adapters, each with its own fixed IP. This bit works just fine. The machine supports two separate servers - a mail server and the OS X Apache2 server. I have configured the mail server to only listen to one of the IPs, and the Apache2 server to listen to the other (via httpd.conf). The system also has MySQL and php5 installed / enabled, and these services are only used by the Apache2 server.
  The problem I have is that when I start the machine, initially the php5 system cannot connect reliably to the MySQL database system. The fix I have found is to temporarily make the ethernet adapter connected to the mail server 'inactive'. While this is so, the php5/MySQL connection to Apache2 works. Curiously, once an initial connection between php5 and MySQL has been made, subsequently I can make the mail server's ethernet adapter active again without further problems.
  I initially thought this might be due to 'service order' issues - but changing the service order (e.g. putting the Apache adapter 'above' the mail adapter in the service order does not help. The fix only works by making the mail adapter inactive temporarily.
  I suspect that there is some configuration change I can make to clarify the setup I have. The MySQL and Apache installations only need to talk to the Apache server - but I am not sure how to record this configuration in the OS X system.
  Thanks in advance for any assistance that you can provide.
  Message was edited by: Gavin Lawrie

  Hi Stepehen,
  Did the configuration as per your advice  but i am getting the below mentioned error which i have highlighted it in red. Please advice what needs to be done.
  Home
  Re: 1941W configuration help needed
  created by Stephen Rodriguez in Getting     Started with Wireless - View the full discussion
  conf t
  interface     Dot11Radio0
  no ssid     Cisco_Kamran_BGN
  no encryption mode     ciphers aes-ccm
  exit
  interface     Dot11Radio1
  no encryption mode     ciphers aes-ccm
  no ssid     Cisco_Kamran_A
  exit
  dot11 ssid     Cisco_Kamran_A
  vlan 10
  dot11 ssid     Cisco_Kamran_BGN
  vlan 11
  exit
  interface     Dot11Radio0
  encryption vlan 11     mode ciphers aes
  ssid     Cisco_Kamran_BGN
  exit
  interface     dot11radio0.1
  encapsulation     dot1q 1 native
  bridge-group 1
  interface     dot11radio 0.11
  encapsulation     dot1q 11
  bridge-group 11
  Configuration of     subinterfaces and main interface
  within the same bridge     group is not permitted
  exit
  interface     Dot11Radio1
  encryption vlan 10     mode ciphers aes-ccm
  ssid     Cisco_Kamran_A
  interface     dot11radio1.1
  encapsulation     dot1q 1 native
  bridge-group 1
  interface     dot11radio1.10
  encapuslation     dot1q 10
  bridge-group 10
  Configuration of subinterfaces and main     interface
  within the same bridge     group is not permitted
  end
  wr
  Reply to this message by going to Home
  Start a new discussion in Getting Started with Wireless at Home

• Quick upload not configured Help

  Quick upload not configured Help Why and how do I configure? Host ?, username, password?

  I have exactly the same question, using almost the same system: MacBook Pro, OS X Mountain Lion (10.8.3).
  What to do? I cannot find an answer for how do I configure? Host, Username? Password?

• How to do JAAS and J2EE Deployment Descriptor ACL : Please help

  I am trying to develop a Single sign on application using EJB's, JAAS,
  ACL, struts and JSP to Log in with a form authenticate (using
  j_security_check to hook into the web.xml security) then pull a user
  from a database and use the roles defined there for authorization in
  the rest of the system?
  The examples on the web are from java clients to RMI, they also sit
  alone. They dont say how to hook them into weblogic. They say to use
  JAAS but they have just JAAS examples! No hooking of it into an EJB,
  servlet, etc! They also dont show how to hook that code into web
  server to use it as your security module!
  What Settings/configuration I need to make in the web server for JAAS
  to work. How the logic proceeds to authorization after form is
  submitted using j_security_check. and to further logic in the
  application. How is it then integrated with the Struts action forms.
  Help, I'm at a loss. They recommend using JAAS but their documentation
  and examples do not explain how. We have a complex real world product
  and need examples of
  the same. Can somebody provide me a working real-life example which
  really work and give me some pointers to proceeds that will be really
  helpful.
  Thanks in advance for the help.

  I am trying to develop a Single sign on application using EJB's, JAAS,
  ACL, struts and JSP to Log in with a form authenticate (using
  j_security_check to hook into the web.xml security) then pull a user
  from a database and use the roles defined there for authorization in
  the rest of the system?
  The examples on the web are from java clients to RMI, they also sit
  alone. They dont say how to hook them into weblogic. They say to use
  JAAS but they have just JAAS examples! No hooking of it into an EJB,
  servlet, etc! They also dont show how to hook that code into web
  server to use it as your security module!
  What Settings/configuration I need to make in the web server for JAAS
  to work. How the logic proceeds to authorization after form is
  submitted using j_security_check. and to further logic in the
  application. How is it then integrated with the Struts action forms.
  Help, I'm at a loss. They recommend using JAAS but their documentation
  and examples do not explain how. We have a complex real world product
  and need examples of
  the same. Can somebody provide me a working real-life example which
  really work and give me some pointers to proceeds that will be really
  helpful.
  Thanks in advance for the help.

• Clearing an Dynamic Cluster -HSRP and Dynamic Cluster -NAT ACL configuration

  I am trying to upgrade a 2950-24 Catalyst Switch that wa previously configured with both Dynamic HSRP and NAT  ACL as shown in the following extract below.
  I would like to remove this configuration but it is proving so difficult, this is because, I dont understand how the configuration got here in the first place, please  help
  =========================================================
  SW1#show access-list
  Extended IP access list CMP-NAT-ACL
      Dynamic Cluster-HSRP deny   ip any any
      Dynamic Cluster-NAT permit ip any any
  =========================================================
  interface Vlan1
   ip address 192.168.87.2 255.255.255.0
   no ip route-cache
  ip http server
  ip access-list extended CMP-NAT-ACL
   dynamic Cluster-HSRP deny   ip any any
   dynamic Cluster-NAT permit ip any any
  line con 0
   exec-timeout 0 0
  line vty 0 4

  I am trying to upgrade a 2950-24 Catalyst Switch that wa previously configured with both Dynamic HSRP and NAT  ACL as shown in the following extract below.
  I would like to remove this configuration but it is proving so difficult, this is because, I dont understand how the configuration got here in the first place, please  help
  =========================================================
  SW1#show access-list
  Extended IP access list CMP-NAT-ACL
      Dynamic Cluster-HSRP deny   ip any any
      Dynamic Cluster-NAT permit ip any any
  =========================================================
  interface Vlan1
   ip address 192.168.87.2 255.255.255.0
   no ip route-cache
  ip http server
  ip access-list extended CMP-NAT-ACL
   dynamic Cluster-HSRP deny   ip any any
   dynamic Cluster-NAT permit ip any any
  line con 0
   exec-timeout 0 0
  line vty 0 4

• About 2950 acl configuration

  I have a c2950 and want to config acl. I enter INTERFACE MODE and issue IP ACCESS-GROUP command ,But system prompt no this command . how can I do. Please help me . Issuing show ver command.Message as fallows.
  Cisco Internetwork Operating System Software
  IOS (tm) C2950 Software (C2950-I6K2L2Q4-M), Version 12.1(22)EA6, RELEASE SOFTWARE (fc1)
  Copyright (c) 1986-2005 by cisco Systems, Inc.
  Compiled Fri 21-Oct-05 02:22 by yenanh
  Image text-base: 0x80010000, data-base: 0x80676000
  ROM: Bootstrap program is C2950 boot loader
  tycib_sw29_f2office2 uptime is 3 minutes
  System returned to ROM by power-on
  System image file is "flash:/c2950-i6k2l2q4-mz.121-22.EA6.bin"
  This product contains cryptographic features and is subject to United
  States and local country laws governing import, export, transfer and
  use. Delivery of Cisco cryptographic products does not imply
  third-party authority to import, export, distribute or use encryption.
  Importers, exporters, distributors and users are responsible for
  compliance with U.S. and local country laws. By using this product you
  agree to comply with applicable laws and regulations. If you are unable
  to comply with U.S. and local laws, return this product immediately.
  A summary of U.S. laws governing Cisco cryptographic products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
  If you require further assistance please contact us by sending email to
  [email protected].
  cisco WS-C2950-24 (RC32300) processor (revision R0) with 19973K bytes of memory.
  Processor board ID FOC0935Z7SN
  Last reset from system-reset
  Running Standard Image
  24 FastEthernet/IEEE 802.3 interface(s)
  32K bytes of flash-simulated non-volatile configuration memory.
  Base ethernet MAC Address: 00:15:62:63:5D:C0
  Motherboard assembly number: 73-5781-13
  Power supply part number: 34-0965-01
  Motherboard serial number: FOC09343GDK
  Power supply serial number: DAB0930DP48
  Model revision number: R0
  Motherboard revision number: A0
  Model number: WS-C2950-24
  System serial number: FOC0935Z7SN
  Configuration register is 0xF

  Hi There,
  Your switch WS-C2950-24, is a switch with standard image i.e SMI. This image doenot support ACL's and that's why its not working. You should have a 2950 with EMI to run ACLs. This switch is not upgradable to EMI so you really cannot use ACLs on this :(.
  http://www.cisco.com/en/US/products/hw/switches/ps628/products_data_sheet09186a00801cfb71.html
  regards,
  -amit singh

• Windows 2008 Server Configuration - Help

  Hello All,
  I am not an expert in configuring servers and I have just started to learn. Please forgive me if I am doing something funny!
  I have a router with static IP address and DHCP enabled on the router. The router had the following configuration as shown below and the clients were obtaining IP address from the router and using the internet without a problem.
  Router Configutaion:
  Basic Setting:
  IP Address : 122.165.60.160 (My Wan Static IP)
  IP Subnet Mask : 255.255.252.0
  Gateway IP: 122.165.60.1
  DNS Address:
  Primary DNS : 203.145.184.32
  Secondary DNS: 203.145.184.13
  Lan TCP/IP Setup:
  IP Address: 192.168.2.1 (Router IP)
  IP Subnet Mask: 255.255.255.0
  DHCP Enabled:
  Statring IP : 192.168.2.11 
  Ending IP: 192.168.2.100
  Now, I have installed Windows 2008 R2 Server with Active Directory, DNS and DHCP, IIS. I have created a few users and did nothing more than that in the server.
  Server IP Settings
  Server IP: 192.168.2.5
  Subnet : 255.255.255.0
  Gateway : 192.168.2.1
  DNS: 127.0.0.1
  And when I tried to join the domain i created... corp.globe.com the clients were not able to find the domain I therefore changed the following settings in the router.
  DNS Address:
  Primary DNS : 203.145.184.32
  Secondary DNS: 192.168.2.5 (Server IP)
  After this change the clients were able to join the domain and login as well. However the clients were getting the IP from the router. I am facing a lot of problems as listed below.
  1. I am not able to ping the clients using the computer name from the server.
  2. Clients cannot ping other clients or server using name. (Suppose if I try... PING SYS1 .... It looks like it is trying to ping some 92.x.x.xx IP address) even if SYS1 IP address is 192.168.2.13
  3. Clients can access Internet, but I cannot browse anything in the server.
  Please help me in the configuration, or point me to some guide which describes the same. I tried to set up and enable the DHCP server using Windows 2008 machine and I disabled it DHCP on the router, clients where able to get the IP address from Windows 2008
  server, but they were not able to use internet. Please advise.
  Thanks for your time.

  Hi,
  And you cannot ping the clients using the computer name from the server?
  Did you turn off the firewall on server and client?
  If you are having problems connecting to Active Directory and you have already successfully verified network connectivity, there might be a name resolution problem. For more and detail information, please refer to:
  http://technet.microsoft.com/en-us/library/cc961921.aspx
  Regards.
  Vivian Wang

• Automatic payment program configuration help u0096 Very urgentu0085

  Hi all,
  We have couple of house banks for a company code and have ranked them as 1 and 2 for the payment method (example: Check) so, how would or where can the user has an option to choose a house bank to pay his vendors. I saw that in the vendor master we can maintain the house bank however, that ignores the ranking maintained in the configuration and will always pick that back for processing the payments for that vendor but, we do not want to maintain in the vendor master.
  Hence, can anyone tell me how that ranking thing works meaning how would SAP or why would SAP choose the second or third ranked bank in processing the payments? As far as I know we do not use the parameter house bank in F110 then where can we control what bank to use to process the payments for the vendors?
  Your help in this regard is highly appreciated and rewarded with points
  Thanks in advance
  Kumar

  Hi Kumar,
  I think this setting is given in the T.Code "FBZP" under the heading Bank determination, wherein you have a selection "Available Amounts", I think if the amounts in that particular House Bank is exhausted, it will shift to the next House Bank in the Ordering level. You can just give it a try.
  Regards
  Sridhar

• SFTP adapter Configuration help:

  Dear All,
  I am trying to configure SFTP (seeburger) in sap PI.
  I want to know how to connect SFTP adapter of seeburger with an SSH sever. (I have installed free SSH Server in my laptop).
  How to connect using SFTP SETTING as
  AUTHENTICAION Method: Private Key authorisation
  how to generate/use private key.
  Please Advice,
  Prakash
  Edited by: senthilprakash selvaraj on Jan 20, 2010 6:42 AM

  Dear All,
  I have installed SSH server and genreated the RSA key in Visual admin and i have configured the SFTP adater properly.
  Now i have a different issue.
  In Communication channel monitoring once i start the channel(SFTP) i am not getting any message. Its just saying Channel started and thats it. nothin else is coming.  not even throwing any error. what should i do. why its happing like that.
  I Tried with Authentication mode as Private Key as well as Password. in both configurations are proper.
  also i tried refreshing the cache..no use.
  Please help,
  Senthilprakash

• Small configure help please? I have 3 300-28 switches, I want to connect them and avoid stp (stp setup)

  HI!
  I have a small network. I have 3 300-28 cisco switches. I already connected my 3 servers  and clients with the switch 1 and now I want to add more clients and I need to add my other two switches in the network. Please guide me with the simple configuration So I can connect them all and avoid loop (stp). Thanks

  Hi Nagaraja Thanthry!
  Thanks for your reply. I am implementing it tomorrow. By just conecting the switches together at trunk ports  will there be no loop? I don't want my network chowk. I hope it will work well. I might need further help, please reply.
  1. I will do setting on all switches. Assign IP addresses to switches (to Vlan 1 default).
  2. Set one port (e.g 28) as trunk and all others as Access on all three switches.
  3. Then I will connect the switches with each other at trunk ports. Hope there will be no loop in this setting.
  4. Do I need to set any setting for stp in switches ?
  Please reply one by one thanks.
  I am using 192.168.0.1 255.255.255.0 IP range.
  Best Regards,