ACL list

Similar Messages

• 6513 ACL List ION Routing Process

  Hello everyone I have a question about ION Routing Process that seems to show up on the 6513 cisco switch.
  Ok question, when I do a show access-list Test-ACL
  It will show me Test-ACL list then right after that with ION Routing Process the next line starts with all of the ACL lists that are on the device.
  We have two 6513 and they both do this but when i check out two 6509 they dont do this.
  Also check on 3750e too dont do this
  Can anyone explain this to me ?

  Craig
  What you are asking for can be done but it will be a bit tedious. You describe having 20 entries in the topology table and you want to control which one gets placed into the routing table. To do that you can either make the composite metric of the one entry more attractive or you can make the composite metric of the other 19 less attractive.
  When you use an offset list you add to the metric of an entry. It will not make any entry be more attractive but it can make other entries less attractive. So you could configure an offset list identifying the route in question and apply some offset (100 should work for example). Then you would need to apply this offset to the 19 neighbors who are advertising the route.
  HTH
  Rick

• Getting error in Enterprise Manager trying to look at ACL list

  I get the following error in Enterprise Manager when I try to view the {XML Database ACL files} under SYS.
  ORA-31011: XML parsing failed ORA-19202: Error occurred in XML processing LPX-00200: could not convert from encoding UTF-8 to WINDOWS-1252 Error at line 1 I'm trying to get the ACL enabled for sending email and was hoping this would show me a list of the current ACLs.

  I don't know about the error but alternatively you can get the list via DBA_NETWORK_ACLS and DBA_NETWORK_ACL_PRIVILEGES views.

• ACL-list syntax error in PIX after upgrade, need urgent help!

  Hello everyone
  We have a setup including Cisco ACS + a VPN 3005 Concentrator and a PIX 515E (7.2.4)
  We upgraded the PIX version from 7.0 to 7.2.4 and suddenly our downloadable access-list was getting refused when users authenticated against the ACS.
  When debuging radius in the PIX we found that entering this line in the downloadable access-list give error and stop the users of getting the ACL.
  "deny ip any 192.168.0.0 0.0.255.255"
  PIX refused to process their auth request when encountering this line.
  Fine we said, we changed the ACL syntax to this : deny ip any 192.168.0.0 255.255.0.0
  This made the PIX process the ACL.
  We were happy for awhile until VPN users started to complain.
  It seems that the VPN 3005 cant deal with the syntax we entered in the PIX!
  The VPN 3005 doesnt seem to be able to handle the acl line "deny ip any 192.168.0.0 255.255.0.0" !
  It can only handle "deny ip any 192.168.0.0 0.0.255.255" !
  Which the PIX cant handle..
  I'm a loss at what to do here..
  We got VPN users who cant surf now with these ACL problems.
  What can I do? Anyone else encountered this?
  We upgraded the VPN 3005 to the lastest SW version
  Really need some help here guys!
  Thanks

  I don't think Cisco ever changed anything on the PIX. It uses subnet masks from day one AFAIK and VPN Conc uses wildcard masks like IOS. You can use the acl-netmask-convert command on the ASA to fix this issue. This way you define a willdcard ACL on the ACS/AAA server and then use this command on the ASA to use the same downloadable ACL for both devices (PIX,VPNC).
  http://www.cisco.com/en/US/docs/security/asa/asa81/command/ref/a2.html#wp1622944
  Please Rate if helpful.
  Regards
  Farrukh

• ORA-24247: Netzwerkzugriff von Access Control-Liste (ACL) abgelehnt

  Hi,
  I am trying to send email in APEX but all the emails are in APEX mail queue with error status,
  ORA-24247: Netzwerkzugriff von Access Control-Liste (ACL) abgelehnt
  I already configured smtp server in manage instance. Please suggest me why the error is happening.
  Thanks & Regards,
  Sagarika

  Probably you need to add the SMTP server address to the ACL list. There are numerous resources showing how to do that. Google on "how to create acl in oracle" and you will get many links showing up. This one is explaining a how to quite good:
  http://www.oracleflash.com/36/Oracle-11g-Access-Control-List-for-External-Network-Services.html
  Denes Kubicek
  http://deneskubicek.blogspot.com/
  http://www.apress.com/9781430235125
  http://apex.oracle.com/pls/apex/f?p=31517:1
  http://www.amazon.de/Oracle-APEX-XE-Praxis/dp/3826655494
  -------------------------------------------------------------------

• SSL VPN Problem - ACL Parse Error

  Hi there.
  Testing some features in Cisco ASA SSL VPN(Clientless).
  But when i connect to the portal, trying to login i get the following error, anybody seen this before?
  It works if i ADD a ACL to the DAP, but dosn't if there is only a WEBACL applied??
  It also works if i remove my "check" in "ssl-client" box in the global_policy  (Group Policy).
  6|Mar 20 2014|16:45:09|716002|||||Group <global_policy> User <[email protected]> IP <X.X.X.X> WebVPN session terminated: ACL Parse Error.
  7|Mar 20 2014|16:45:09|720041|||||(VPN-Primary) Sending Delete WebVPN Session message user [email protected], IP X.X.X.X to standby unit
  4|Mar 20 2014|16:45:09|716046|||||Group <global_policy> User <[email protected]> IP <X.X.X.X> User ACL <testcustomer_attribute> from AAA dosn't exist on the device, terminating connection.
  7|Mar 20 2014|16:45:09|720041|||||(VPN-Primary) Sending Create ACL List message rule DAP-web-user-E4EAC90F, line 1 to standby unit
  7|Mar 20 2014|16:45:09|720041|||||(VPN-Primary) Sending Create ACL Info message DAP-web-user-E4EAC90F to standby unit
  6|Mar 20 2014|16:45:09|734001|||||DAP: User [email protected], Addr X.X.X.X, Connection Clientless: The following DAP records were selected for this connection: testcustomer_common_dap
  7|Mar 20 2014|16:45:09|734003|||||DAP: User [email protected], Addr X.X.X.X: Session Attribute aaa.cisco.tunnelgroup = common_tunnelgroup
  7|Mar 20 2014|16:45:09|734003|||||DAP: User [email protected], Addr X.X.X.X: Session Attribute aaa.cisco.username2 =
  7|Mar 20 2014|16:45:09|734003|||||DAP: User [email protected], Addr X.X.X.X: Session Attribute aaa.cisco.username1 = [email protected]
  7|Mar 20 2014|16:45:09|734003|||||DAP: User [email protected], Addr X.X.X.X: Session Attribute aaa.cisco.username = [email protected]
  7|Mar 20 2014|16:45:09|734003|||||DAP: User [email protected], Addr X.X.X.X: Session Attribute aaa.cisco.grouppolicy = global_policy
  7|Mar 20 2014|16:45:09|734003|||||DAP: User [email protected], Addr X.X.X.X: Session Attribute aaa.radius["11"]["1"] = testcustomer_attribute
  6|Mar 20 2014|16:45:09|113008|||||AAA transaction status ACCEPT : user = [email protected]
  6|Mar 20 2014|16:45:09|113009|||||AAA retrieved default group policy (global_policy) for user = [email protected]
  6|Mar 20 2014|16:45:09|113004|||||AAA user authentication Successful : server =  X.X.X.X : user = [email protected]

  If you have implemented SSLVPN i18n then I think you are hitting bug.

• WGM no longer able to create ACL

  I have created some users and wanted to adjust ACL settings - but when I try to drag&drop a user into the ACL list, it just does not work.
  Has anyone an idea where I can look ?
  I even have removed all created users (maybe I had made a mistake there), but still the same. I'm not able to create a ACL.

  I have solved the problem by myself:
  ACL were not enabled, or better said, they were disabled for unknown reason.
  I enabled it by opening WGM, tab "Sharing", "All", click at the volume and enabling "Enable disk quotas on this volume" and "Enable ACL on this volume".
  But I ask me, why they were disabled ? Have I just missed to enable them overall (I try to configure two servers and so may have really mixed up things) ? I thought that both (quotas and ACL) are enabled by default, aren't ?
  I tried to created some users via the WGM and got some error messages, may this be affiliated with ?
  Can anyone explain the different permissions in my previous post of the /Users directories ? Here I'm quite sure that I haven't changed them, at least not without knowledge.
  I look forward to any hints on this ghost issue

• Edit ACL on Endpoint - Cannot save changes - Save greyed out

  I have a trial subscription to Azure. I created my first Windows 2012 VM. I can successfully access the VM remotely.
  I'm attempting to add ACLs to the Endpoints. In this example it is an HTTP Endpoint.
  The ACL statement is accepted, like so
  Order | Name  | Action  | Remote Subnet
   1      | Namex | Permit | 192.168.28.0/19
  (Altered Remote Subnet)
  I have no option to Save the edits. It is greyed out. If I attempt to move on to a different menu, I get a warning about unsaved edits will be lost. When I click away and click back, the ACL is lost.
  I basically have no method to save even the simplest of ACL statements. What am I doing wrong?
  Thanks for helping.
  David

  Hi Dave,
  Thanks for posting here.
  I tried to reproduce the issue on my machine, I tried editing the ACL which was created and made some modifications to the previously created ACL and I had the option to save it.
  Without making any modifications to the ACL list, you may not get the option to "Save" it will be greyed out.
  I have attached the screenshot for your reference.
  Note: You can also create ACL endpoints on the old Azure portal (www.manage.windowsazure.com)
  Ref:
  http://azure.microsoft.com/en-us/documentation/articles/virtual-machines-set-up-endpoints/
  Hope this help you.
  Girish Prajwal

• WLC 2106 CPU ACL Preventing Client from Getting DHCP traffic

  Hi,
  Here is my portion of ACL List applied on the Controller CPU.
  - permit 192.168.1.0/24 0.0.0.0 UDP DHCPServer DHCPCLient Any Outbound
  - Permit 0.0.0.0 192.168.1.0/24 UDP
  DHCPClient DHCPServer Any Inbound
  The DHCP server is connected to a Cisco Switch on different VLAN.
  When I enable the CPU ACL. The client couldn't get any IP address.
  But when I disable the CPU ACL. the clients have no problem getting the IP Address.
  what could be wrong here?many thanks

  If your DHCP server is on a different subnet than your clients, then you'll have to set up a helper address so that clients can cross L3 to reach the DHCP server.
  Apply the following command to the router interface facing the client:
  ip helper-address

• Every user can read any file while ACL mass change in progress

  Hi!
  We're having some strange things happening here. Maybe someone can help us what exactly is/was going on here.
  1. We have to add an additional user in the NTFS ACL list for all file shares in our company (about XXXTB)
  2. We're using Windows Explorer to accomplish that.
  3. Every user can read in directories he/she has NO ACCESS RIGHTS to while the changes are being applied.
  4. Files are also readable but at least still not writeable.
  5. Affected folders and files change over time.
  Has someone experienced the same issue? Does the Windows Explorer reset the ACL lists before changing them? Is there some weird caching going on?

  I unfortunately can't send you a screenshot as this would be a violation of our company rules.
  I can however ensure you that we never have any normal user or group besides the very guarded admin group that has read permissions in all folders. I'm also sure that the colleague was only adding the additional account for the indexing service and did that
  by adding the permission via the properties tab in Windows Explorer. I restate that this is a very large data dir with about 6 Terrabytes of data the change was made to. The rest of our data was safe.
  We guard our rights very closely as any unauthorized access that isn't fixed within minutes will cause a security incident that has to be documented by our department chief. As such was the case here.
  As we've got no answer here yet, I can conclude that this is not a very common problem.

• ACL on JNDI tree or elements in it

  Hello
  I am trying to find out how I can secure information in the JNDI tree.
  The documentation led me to believe using the t3 naming service I could
  protect anything under acl.<i>perm</i>.weblogic.jndi.<i>path</i>
  but this does not seem to be the case. I assumed path was the jndi
  path name... I have been unable to find documentation on what I
  can attach ACL to in the JNDI tree - though I have seen a few
  posted on deja, example from filerealm.properties,
  #acl.list.weblogic.jndi.weblogic.ejb=system
  #acl.modify.weblogic.jndi.weblogic.rmi=system
  #acl.lookup.weblogic.jndi.weblogic.fileSystem=system
  There seems to be <b>no</b> definitive list though in the BEA documentation.
  Can anyone refer me to docs on what JNDI elements can attach ACL?
  Or how I can protect things in the JNDI tree? I get the impression,
  that I must manually implement ACL support for remote objects
  I add into the tree. I have also not found good information
  on this.
  not helpful
  anything searched with JNDI and ACL
  http://e-docs.bea.com/wls/docs61/adminguide/cnfgsec.html
  not very helpful
  http://e-docs.bea.com/wls/docs61/security/prog.html#1043942

  Hi,
  Check this debug in ur environment.
  -Dweblogic.jndi.retainenvironment=true
  this should show you the path.
  Regards,
  Kal.

• SQLException: Access not allowed (problem with ACL)

  Hi, I'm getting the following error when I start my Weblogic (7.0) server.
  java.sql.SQLException: weblogic.common.ResourceException: Access not allowed
  I followed these steps to Provide the necessary ACl permisiions:
  1.     Compatibility Security => ACLs
  Create a new ACL:
  name : weblogic.jdbc.connectionPool.yourPoolname
  permission : admin
  group : Administrators
  2. Create a new Connection Pool:
  ACL Name : weblogic.jdbc.connectionPool.yourPoolname
  In 'Target' tab, choose server and click the Apply button.
  I even checked fileRealm.properties, the user admin123 (the user name with which I start the server), is included in all the connectionpool ACL lists. I restarted the server to pick the new changes but it still gives the same errors.
  Please help,
  Thanks

  You need to create the correct ACL for the DataSource following this procedure in the Administration Console:
  1. Compatibility Security => ACLs
  Create a new ACL:
  name : weblogic.jdbc.connectionPool.yourPoolname
  permission : admin
  group : Administrators
  2. Compatibility => click Refresh button
  3. Services => JDBC => Connection Pool
  Create a new Connection Pool:
  ACL Name : weblogic.jdbc.connectionPool.yourPoolname
  In 'Target' tab, choose server and click the Apply button.
  4. Services => JDBC => Data Sources
  You can create a new Data Source using this connection pool successfully
  Regards,
  Prasanna Yalam

• Attatching ACL's to the Document Programatically (Agent or Override)

  Hi all,
  I want to attatch an ACL dynamically to a Document when it is
  getting uploaded in the Repository. The ACL will be selected
  depending upon in which folder the Document is getting uploaded.
  I can see 3 solutions for this.
  1) develop an agent
  2) develop an override.
  3) change the web UI so that i'll get only the required ACL from
  the ACL list.
  Pls provide some expert comments and if possible briefly how to
  develop the following.
  Expecting early replies.
  With warm Regards,
  Shantanu..

  Urgent problem
  I managed to make my agent (based on the code submitted by Shantanu above) and add it to IFS. But I fear it isn't working quite right.
  I seem to experience situations where something unexpected happens - the file doesn't always get the ACL applied and in the log a error is noted (I've put some log statements in in order to debug the agent).
  When it works I get something like this:
  16:27 Auto_ACL_Agent: Event received for Create
  16:27 Auto_ACL_Agent: Processing Create event for a DOCUMENT object.
  16:27 Auto_ACL_Agent: Setting ACL and Owner for /home/aboegh/niels.txt
  16:27 Auto_ACL_Agent: 2865612AC25644F6BBF465CEE3BACB69 created a new object
  16:27 Auto_ACL_Agent: Updating Owner
  16:27 Auto_ACL_Agent: Updating ACL
  16:27 Auto_ACL_Agent: ACL and Owner updated OK
  16:28 Auto_ACL_Agent: Event received for Create
  When the event arrives the document object is located and is parent as well. If the parent exist and has a different ACL the new document is assigned the ACL of its parent.
  But this is what I get When it fails:
  16:38 Auto_ACL_Agent: Event received for Create
  16:38 Auto_ACL_Agent: Processing Create event for a DOCUMENT object.
  16:38 Auto_ACL_Agent: getAnyFolderPath() returned null?
  16:38 Auto_ACL_Agent: Setting ACL and Owner for null
  16:38 Auto_ACL_Agent: Exception at processEvent
  16:38 Auto_ACL_Agent: null
  16:38 Auto_ACL_Agent: DocPath = null
  Here I get the event (a new file has been created) but when I handle the event I'm unable to retrieve a path to the object for initiated the event!
  This shouldn't happen. But maybe this is impossible to avoid? Is it because agents run asynchronously?
  Or I have missed something else?

• WLC 5508 ACL

  For secuirty purposes I have created ACL for new SSIDs and looks like it does not work correctly. 
  10.2.25.0 is the interface of new SSID
  trying to get access to 10.2.115.0 which are APPLE TVs 
  basically when I take off the ACL all is working, when I applied the ACL list I cannot conect from vlan 25 to 115.
  Any help appreciated. Thank You.

  Hi,
  better a late reply than no reply at all ...
  The CPU ACL actually filters traffic that is destined to one of the WLC ip addresses, so it works on all interfaces, but does not filter all types of traffic. Only traffic that is destined to the WLC itself.
  So if you apply a CPU ACL, it is likely you need to either allow capwap ports or allow everything in the subnet where APs are.
  Regards,
  Nicolas

• What ACLs need to be defined to dynamically create connection pools?

  Hi,
  What ACLs do I need to define in order to dynamically (i.e. programatically)
  create connection pools? I've spent several hours reading doc
  and searching on the web but found nothing.
  I have defined the following:
  weblogic.allow.admin.weblogic.jdbc.connectionPoolcreate=someId
  But I still get the following exception when I try to invoke jdbc.createPool(aWeblogicPoolProperties);//jdbc
  is an instance of weblogic.jdbc.common.JdbcServices:
  java.lang.SecurityException: User "guest" does not have Permission
  "modify" based on ACL "weblogic.jndi.weblogic.jdbc.connectionPool"
  Can someone PLEASE list the ACLs I'd need to define for this to
  work?
  Thanks much,
  Andrew

  I'd like to know the answer to your question as well.
  On page 4-7 of the Programming WebLogic JDBC, the manual says to "modify the following
  ACLs to set up security configuration that supports the dynamic creation of connection
  pools.
  * acl.admin.dynapool
  * acl.admin.weblogic.jdbc.connectionPoolcreate
  * acl.modify.weblogic.jndi.weblogic.jdbc.connectionPool
  * acl.lookup.weblogic.jndi.weblogic.jdbc.connectionPool
  * acl.reserve.dynapool"
  These ACL's are not in my ACL list on my WLS6.1. So how can I modify these when
  they don't exist for me?
  thanks,
  Dennis
  "Andrew" <[email protected]> wrote:
  >
  Hi,
  What ACLs do I need to define in order to dynamically (i.e. programatically)
  create connection pools? I've spent several hours reading doc
  and searching on the web but found nothing.
  I have defined the following:
  weblogic.allow.admin.weblogic.jdbc.connectionPoolcreate=someId
  But I still get the following exception when I try to invoke jdbc.createPool(aWeblogicPoolProperties);//jdbc
  is an instance of weblogic.jdbc.common.JdbcServices:
  java.lang.SecurityException: User "guest" does not have Permission
  "modify" based on ACL "weblogic.jndi.weblogic.jdbc.connectionPool"
  Can someone PLEASE list the ACLs I'd need to define for this to
  work?
  Thanks much,
  Andrew