Aironet 1200 LWAPP Conversion and WLC Authorization Issues

Similar Messages

• Automatic Conversion in BW Authorization Issue

  Hi All,
  I am having issue in assigning authorization.
  Below is the scenario:
  ZFunction Code is authorization relevant.
  Created 2 authorization object and restricted each with function code 312 and 313.
  Authorization created as I-EQ-312 and I-EQ-313.
  Created 2 roles for each authorization object.
  Assigned these 2 roles to a user. When I execute the query with the user id. It displays no authorization.
  When I check in the logs, it shows that it is automatically converting the condition to Between (BT) and checking function code greater than 311 and 314.
  Not able to understand the reason for this conversion.
  Searched on SCN for solution but could not find any helpful link.
  So posting the query.
  Will appreciate your quick reply in resolving the issue.
  Attached are screenshot of authorization and logs for reference.
  Regards,
  new2sapbw

  Hi All,
  Sorry for the late reply.
  The issue has been resolved.
  Changes done to resolve the issue:
  1) Authorization variable created had Variable Represents (under details tab) as "Several Single Values". Changed it to "Selection Option".
  Reason being, Several Single value does not interpret values given in an order as individual values. It converts into between condition/range. Example, Fun code 312, 313, 314 are considered as Between 312 to 314.
  2) We already had a exclude restriction on the info object/characteristic. After adding the authorization variable of type Selection option, we were not able to save the query and were getting "SELOPT error does not allow any further selections".
  Reason being when using authorization of type selection option, we cannot add any further manual restriction.
  Resolved this by dragging the info object to "Characteristic restrictions" area in filter tab and restricting it with authorization object.
  dragging the info object again into "Default values" area in filter tab and restricting it with exclude restriction.
  By doing above two steps resolved the issue.
  Thanks a lot for all your valuable inputs.
  Regards,
  new2sapbw

• File Content Conversion and Empty file issue

  Hello,
  The issue is :
  I have configured a file sender adapter with file Content Conversion. I have 2 kinds of records Header and Items.
  i have defined the 'Key Field Name' based on the first character of each line of my flat file and the values associated :
  Header.keyFieldValue = 1
  Item.keyFieldValue = 2
  Flat file example :
  1;Headerfield1;Headerfield2
  2;ItemField1;ItemField1;ItemField1;ItemField1;
  2;ItemField1;ItemField1;ItemField1;ItemField1;
  2;ItemField1;ItemField1;ItemField1;ItemField1;
  and everything works fine !
  But now imagine you receive a bad file like this :
  xxxxx;ohhohoh;llllll
  y;sdfsdfs;zezerz;zerzer
  e;zerzerze;zezerzerzer
  The result is : IS receive nothing and no alert is generated ?!!!???
  What i have seen is that the adapter doesn't find any corresponding value for keyFieldValue so it consider that the flat file is empty and i do nothing, the file is archived and that's all no alert is generated ????
  But i want to receive an alert for checking that the processed flat file was not correct !
  If anybody has an idea, it will be great !
  Regards,
  Vincent

  Hi Vincent.
  Sometimes it really #!@#%%#.. me off when customers excepts that XI will solve their whole organization interfacing problems (and the world hunger as well...:)...
  even when it comes to the responsible systems that creates the file(sometimes with bugs and problems even before XI came to the org.).as in every developed application or out of the box one, the application has to take care of its outputs and deal with errors. when it cant deliver what other systems expects her to  it has to inform some one...
  When it comes to the Adapter frame work XI expects the system in its landscape to be responsible for the data they send (well formed and with the defined  structure...IDocs,XML,flat files).
  as mentioned in my colleagues previous postings you can take care of data verification during mapping and so..
  I belive it is possible to monitor the incoming file before it is parsed to XML (not sure it is the right way to) and maybe we'll get a solution to that in the future (today we can monitor the comm. channel wether its  configures well or not,maybe it will be possible in the future to alert when an incoming file is empty)
  Regards.
  Nimrod

• Data Conversion and Derived Column issues

  I have a strange issue occurring with one of my SSIS packages. 
  What needs to happen:
  I have to read data from a table that stores a field in NCHAR(40)
  Send it through a Data Cleansing SSIS Component that forcefully outputs the data at a cleansed state as DT_STR(50)
  Update the same source table with cleansed data - Using an UPSERT third party tool
  Of course, I can't update the tables that stores data in NCHAR(40) with data from DT_STR(50), so I'm trying to use the Data Conversion Component, the Derived Column Component or a combination of, to set the data to DT_WSTR as well as to set the correct length,
  from 50 to 40.
  The Data Conversion Component fails when I try to set the incoming data (DT_STR(50)) to DT_WSTR(40):
  [Data Conversion [186]] Error: Data conversion failed while converting column "MD_Address1" (97) to column "_MD_Address1" (190).  The conversion returned status value 2 and status text
  "The value could not be converted because of a potential loss of data.".
  Now I tried the same thing with the Derived Column Component, converting the data from the DQS component from (DT_STR(50)) to DT_WSTR(40) and there's the error message:
  [Derived Column [196]] Error: The "Derived Column" failed because truncation occurred, and the truncation row disposition on "Derived Column.Inputs[Derived Column Input].Columns[_MD_Address1]"
  specifies failure on truncation. A truncation error occurred on the specified object of the specified component.
  I also tried a combination of Data Conversion (From DT_STR(50) to DT_WSTR(50)) and a Derived Column just casting to the correct size, but that didn't work either. 
  Every time I try to change the size, one of the components fail. 
  It appears that my issue has nothing to do with the data types, but the actual data length.
  Why can't SSIS CAST my input from 50 to 40?
  What do I need to do to cast/convert data from DT_STR(50) to DT_WSTR(40)?

  Hi IgorSantos_FL,
  It is the expected behavior when we try to convert DT_STR(50) (means maximum 50 characters in the value) to DT_WSTR(40) (means maximum 40 characters in the value). However, the truncation issue should not occur if you convert DT_STR(50) to
  DT_WSTR(50). Could you post the error message that you received when converting DT_STR(50) to DT_WSTR(50)? It may be a different issue.
  Regards,
  Mike Yin
  TechNet Community Support

• HCM Process and Forms - Authorization issue

  Hi Experts,
  I have to developed one HCM process and forms for leave request. Workflow is assigned to the form. When I test the Process with in the R/3 using Txn 'HRASR_TEST_PROCESS' I got the Error,  Work Item Not Found; Workflow Not Started" and "Process Object Not Created".
  Then I tested the same Process with the user who is having SAP_ALL role and now the workflow is triggered and can able to see the work item in the portal UWL. With SAP_ALL everything was fine.
  But my client will not give SAP_ALL role to all users. So I need to find, what are the roles and authorization objects need to execute the HCM process and forms.
  I checked the Help documentation, and I found P_ASRCONT is needed for HCM forms and process. So I assigned to the user but still, the forms getting error.
  Thanks,
  Helps will be highly appreciated.

  Thanks for your reply.
  Transactions su53,st01 and st05 didn't help.
  Any tables or specific transaction for HCM process and forms will be helpful.
  Thanks.

• Cisco Aironet 1200 LAP Issues - LAP to Autonomous Mode

  Greetings! After purchasing 4 of the Cisco Aironet 1200 G Series WAPs, I'm now running into a slight issue with them.
  I received these last week with the understanding that if I didn't have the Cisco controller device, I could convert them from being the Lightweight Access Point, back to Autonomous mode with an IOS.
  With this, I checked the documentation that came with the device and found the "Upgrading Autonomous Cisco Aironet Access Points to Lightweight Mode" or http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Wireless%20-%20Mobility&topic=Getting%20Started%20with%20Wireless&needs_authentication=yes&CommCmd=MB%3Fcmd%3Dadd_discussion%26mode%3Dshow%26needs_authentication%3Dyes%26location%3D.ee7c7c3.
  From there, I followed the instructions listed under Converting a Lightweight Access Point Back to Autonomous Mode. Before the rename of the file, I checked the device and found AIR-LAP1242G-A-K9 for the Model No.
  One of the Cisco Certified admins here was able to obtain the latest build for the IOS for the device or c1240-k9w7-tar.123-8.JEB1.tar. Per the instructions, I renamed the file to coincide with the model of the device.
  I followed the instructions from there, and it looked as if everything was going well. However, after the upgrade, I'm running into an issue with the following:
  File "flash:/c1200-k9w7-mx.123-8.JEB1/c1200-k9w7-mx.123-8.JEB1" uncompressed and installed, entry point: 0x3000
  executing...
  At this point, the device just locks up. All lights are lit green on the device. According do the documentation, it should reboot and from there, I should be able to access the web interface by IP.
  I've tried to perform the upgrade again using the same IOS build, but the same thing happens with the lock up.
  At this point, I'm assuming the issue is with the build of the IOS that I have and I may have to look at getting an older build. However, before doing so, I thought I would post something here to see if anyone had an idea.
  I may have needed to refine my searching of the forums, but wasn't able to find anything in relation to my issue. If there is something out there, I do apologize for the post and will happily refer to any current information.
  If you need any further information in relation to this, please let me know. Any assistance is greatly appreciated. Thank you!

  Hi Jeffrey,
  Reverting the Access Point Back to Autonomous Mode
  Have a look at Step 3
  http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00804fc3dc.html#wp161272
  You can convert an access point from lightweight mode back to autonomous mode by loading a Cisco IOS Release that supports autonomous mode (Cisco IOS release 12.3(7)JA or earlier). If the access point is associated to a controller, you can use the controller to load the Cisco IOS release. If the access point is not associated to a controller, you can load the Cisco IOS release using TFTP.
  Using a TFTP Server to Return to a Previous Release
  Follow these steps to revert from LWAPP mode to autonomous mode by loading a Cisco IOS release using a TFTP server:
  Step 1 The static IP address of the PC on which your TFTP server software runs should be between 10.0.0.2 and 10.0.0.30.
  Step 2 Make sure that the PC contains the access point image file (such as c1200-k9w7-tar.122-15.JA.tar for a 1200 series access point) in the TFTP server folder and that the TFTP server is activated.
  Step 3 Rename the access point image file in the TFTP server folder to c1200-k9w7-tar.default for a 1200 series access point, c1130-k9w7-tar.default for an 1130 series access point, and c1240-k9w7-tar.default for a 1240 series access point.
  Step 4 Connect the PC to the access point using a Category 5 (CAT5) Ethernet cable.
  Step 5 Disconnect power from the access point.
  Step 6 Press and hold MODE while you reconnect power to the access point.
  Step 7 Hold the MODE button until the status LED turns red (approximately 20 to 30 seconds) and then release.
  Step 8 Wait until the access point reboots, as indicated by all LEDs turning green followed by the Status LED blinking green.
  Step 9 After the access point reboots, reconfigure it using the GUI or the CLI.
  From this doc;
  http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00804fc3dc.html#wp161272
  Hope this helps!
  Rob

• TACACS Authorization of Web Interface on Aironet 1200 AP

  I have the Aironet 1200 AP setup to authenticate and perform authorization for the CLI via TACACS. That is working fine.
  However, the web interface is failing "ip http authentication". (Slight caveat - it works for a local user in the local AP DB - it does not work when it goes to CiscoSecure ACS to authenticate/authorize).
  I can get to some pages (prompt and pass authentication), but certain pages (e.g. Services>>SNMP) where configuration steps are taken cause a second prompt is presented, username and password is provided, and it fails.
  This is only evident from the output of a "debug ip http authentication"
  What do I need to configure in ACS to make this work?
  Relevant portion of config:
  aaa authentication login default group tacacs+ local
  aaa authentication enable default group tacacs+ enable
  aaa authorization exec default group tacacs+ local
  no ip http server
  ip http authentication aaa
  ip http secure-server
  Sep 7 13:40:59.885: HTTP AAA picking up console Login-Authentication List name: default
  Sep 7 13:40:59.885: HTTP AAA picking up console Exec-Authorization List name: default
  Sep 7 13:40:59.909: HTTP: Authentication failed for level 15
  Sep 7 13:41:06.757: HTTP AAA picking up console Login-Authentication List name: default
  Sep 7 13:41:06.757: HTTP AAA picking up console Exec-Authorization List name: default
  Sep 7 13:41:06.780: HTTP: Authentication failed for level 15
  This document appears to describe a scenario similar to mine, but is for http - not HTTPS:
  Local Authentication for HTTP Server Users
  http://www.cisco.com/en/US/customer/tech/tk59/technologies_configuration_example09186a0080178a51.shtml#tac-win
  Any ideas what I may be missing here?
  Thanks,
  Jeff

  I found the answer was to use a more specific "ip http authentication" statement. Specifically,it required the following:
  CiscoSecure ACS:
  Group Settings
  Shell (exec)
  Priv Level = 15
  On the AP:
  had to enable:
  ip http authentication aaa login-authentication AP_Web (Named Method List)

• 7921 and aironet 1200 problem

  I have set up a network consist of 2 7921 wireless phones and an aironet 1200 AP. I'm able to scan the network and get connected to the network using my laptop, however, the wireless phones keep prompting 'Locating Network Services' then 'Connection Failed'. My aironet 1200 is running on 802.11G. Is there any steps that I have miss out or is there any competability issue between aironet 1200 and 7921 wireless phones.thanks =]

  something is wrong with your flash...you could try to blow it out and install IOS, if the AP will allow you to perform the ctrlZ function during startup. Since you have a VX works code 11.42 the Mode button doesn't work yet.
  Read this
  http://www.cisco.com/en/US/products/hw/wireless/ps430/products_tech_note09186a008019fea0.shtml#without
  and see if this works for you. you will need the 'Upgrade to IOS image v.3' first and then you go from there to a flavor of IOS.
  It's an arduous process and may not work anyway, so time might be more important that buying another AP, but give it a shot...

• 1140 and 4400 WLC detection issues.

  I am not able to get our 4400 WLC to detect a new AIR-AP1142N-A-K9. (1140 series).
  I have given the interface bvi1 an ip address and subnet mask that the controller should pick up.
  The software version of the 4400 WLC is 7.0.230.0.
  The software version of the AIR-AP1142N-A-K9 is C1140-K9W7-M.
  I am able to connect older AIR-LAP1242AG-A-K9 units without any problem using the LWAPP commands but this unit does not seem to support these commands?

  I obtained the Wireless LAN LWAPP Upgrade and Recovery Image for 1140 Series (c1140-rcvk9w8-tar.124-21a.JA2.tar) and issued the following command:
  "archive download-sw /force-reload /overwrite tftp://TFTPSERVER/c1140-rcvk9w8-mx"
  I receive the following error:
  "%tar checksum error in fd 0 ERROR: Failed to extract from archive file tftp://TFTPSERVER/c1140-rcvk9w8-mx"
  Is this the correct image?

• I have Iphone 5 and have an issue with deleting part of the messages in Imessage conversation. The trash button is not displayed to delete part of the imessage. I see only delete all option. Is it a bug?

  I have Iphone 5 and have an issue with deleting part of the messages in Imessage conversation. The trash button is not displayed to delete part of the imessage. I see only delete all option. Is it a bug?

  Hi An Iphone user,
  If you are having issues deleting a specific message from an iMessage conversation (not seeing the Trash icon), you may want to double-check that you are following the steps outlined in the following article:
  How do I delete a message?
  To delete a message, tap and hold the message bubble, then tap More.
  Tap Delete All to delete all the messages. Or tap to select the messages you want to delete, then tap .
  After you delete a message, you can recover it only by restoring from a backup.
  Send messages with your iPhone, iPad, or iPod touch - Apple Support
  Regards,
  - Brenden

• Authorization Issue with Custom Pending Value Object and Anonymous Users

  Hi,
  I am just converting my demo from version 7.1 to 7.2. I am not doing upgrade. The demo uses a custom pending value object USER_REQUEST. The idea is that new employee goes to Java AS as anonymous user and enters her details and store where she will work. After submitting request there is an approval process using custom entry type USER_REQUEST. If the request is approved then IdM converts USER_REQUEST into MX_PERSON entry. This works nice in 7.1 but I am having problems with replicating this in 7.2. I created new UI task accessible by anonymous that creates new USER_REQUEST entry. I also assigned role idm.anonymous with UME action idm_anonymous to UME built in group Anonymous users.
  My problem is with the field STORE. This field is a reference field to another custom entry type STORE (this entry type will be used in context based assignment). Every new employee must selects a store where she will work. The problem is when user clicks on button "Select". Web dynpro terminates and returns authorization error. I also tested this with entry type MX_ROLE. I added attribute MXREF_MX_ROLE and same issue. So it seems that just assigning UME action idm_anonymous is not enough to list objects from identity store. I found a workaround for this issue. When I assign also UME action idm_authenticated to Anonymous users then it does not dump and I get a pop up window where I can search for store. It does not seem right to assign idm_authenticated to anonymous users.
  Another issue is with display task for entry type USER_REQUEST. I assigned a display task to entry STORE and I set that Anonymous have access to this task in Access control tab. I assigned default value to the field store. So when a user opens page she can see a hyper link to display already assigned store. When user clicks on this hyper link it opens a new pop up window and user must authenticate against Java AS. After successful authentication the display task for entry STORE is displayed. I would assume that anonymous user can display it without authentication.
  So to me it seems like authorization checks have been changed in 7.2 versions and are more strict for anonymous tasks. Hence my question is how can I implement my scenario. Am I missing some configuration or what's the proper solution to my two issues? I don't count assigning idm_authenticated to Anonymous users as a solution. This workaround does not solve my second issue.
  Thanks

  Some of the folks from Trondheim labs check, but rather infrequently.  There's another person who I guess is in consulting that also checks from time to time.
  Sorry I can't help you with your main question...
  Matt

• Getting started with aironet 1200 and radius

  Hi,
  Does anyone has a manual how to configure some aironet 1200 AP's with the use of a radius server?
  The best would be a manual from start (reset to factory defaults) to a working solution.
  The built-in radius server or a windows 2008r2 radius server are both possible for me.
  I have tried both, buth did not succeed. (unknown EAP type and unknown username in the radius log)
  Kind regards,
  Ernst

  i talk with a rep and i heard the new good news...there is no c sharp interface for berkeley db on handheld devices yet, it will be released later.
  imagine one having problems executing a simple select statement due to the first release bugs...
  dissapointing...
  good article rekounas once again, your blog was very helpfull especially on my first steps in the olite universe, please keep it up
  Edited by: vasileios on 03-Sep-2010 05:24

• Latest Skype update - issue with lost conversations and contacts

  Can anybody help with this problem?The new Skype layout looks like a classical Microsoft Office sotware (scroll-down menus from the top bar) and in spite of what was announced before installing the update, the damage to the history of conversations and contacts is massive!!!

  MMy iPhone was synced with my computer and the cloud. After re syncing, pics and contacts remain in cloud and computer but won't sync to my iPhone. Even my IT guy at work is stumped! I would love to have all my pics and contacts back on my phone. I have not yet updated my iPad d air because I'm afraid the same thing will happen.

• Ask the Expert: Cisco BYOD Wireless Solution: ISE and WLC Integration

  With Jacob Ideji, Richard Hamby  and Raphael Ohaemenyi   
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about  the new Identity Solutions Engine (ISE) and Wireless LAN Controller (WLC) hardware/software, integration, features, specifications, client details, or just questions about  Cisco's Bring-your-own device (BYOD) solution with cisco Experts Richard Hamby, Jacob Ideji, and Raphael Ohaemenyi. The interest in BYOD (Bring You Own Device) solutions in the enterprise has grown exponentially as guests and company users increasingly desire to use personal devices to access .  Cisco BYOD enhances user experience and productivity while providing security, ease-of-administration, and performance. The heart of the Cisco wireless BYOD solution is Identity Solutions Engine (ISE) utilizing the Cisco Unified Wireless portfolio.  Starting with ISE v1.1.1MR and WLC (Wireless LAN Controller) code v7.2.110.0 and higher, end-to-end wireless BYOD integration is reality. 
  Jacob Ideji is the technical team lead in the Cisco authentication, authorization and accounting (AAA) security team in Richardson, Texas. During his four years of experience at Cisco he has worked with Cisco VPN products, Cisco Network Admission Control (NAC) Appliance, Cisco Secure Access Control Server, and Dot1x technology as well as the current Cisco Identity Services Engine. He has a total of more than 12 years experience in the networking industry. Ideji holds CCNA, CCNP, CCSP, CCDA, CCDP, and CISM certifications from Cisco plus other industry certifications.
  Richard Hamby  works on the Cisco BYOD Plan, Design, Implement (PDI) Help Desk for Borderless Networks, where he is the subject matter expert on wireless, supporting partners in the deployment of Cisco Unified Wireless and Identity Services Engine solutions. Prior to his current position, Hamby was a customer support engineer with the Cisco Technical Assistance Center for 3 years on the authentication, authorization, accounting (AAA) and wireless technology teams. 
  Raphael Ohaemenyi  Raphael Ohaemenyi is a customer support engineer with the authentication, authorization and accounting (AAA) team in the Technical Assistance Center in Richardson, Texas, where he supports Cisco customers in identity management technologies. His areas of expertise include Cisco Access Control Server, Cisco Network Admission Control (NAC) Appliance, Cisco Identity Services Engine, and IEEE 802.1X technologies. He has been at Cisco for more than 2 years and has worked in the networking industry for 8 years. He holds CCNP, CCDP, and CCSP certification.
  Remember to use the rating system to let Jacob, Richard and Raphael know if you have received an adequate response.  
  Jacob, Richard and Raphael might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the wireless mobility sub community forum shortly after the event. This event lasts through Oct 5th, 2012. Visit this forum often to view responses to your questions and the questions of other community members.

  OOPS !!
  I will repost the whole messaqge with the correct external URL's:
  In  general, the Trustsec design and deployment guides address the specific  support for the various features of the 'whole' Cisco TS (and other  security) solution frameworks.  And then a drill-down (usually the  proper links are embedded) to the specifc feature, and then that feature  on a given device.  TS 2.1 defines the use of ISE or ACS5 as the policy  server, and confiugration examples for the platforms will include and  refer to them.
  TrustSec Home Page
  http://www.cisco.com/en/US/netsol/ns1051/index.html
  http://www.cisco.com/en/US/solutions/collateral/ns170/ns896/ns1051/product_bulletin_c25-712066.html
  http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5712/ps11637/ps11195/at_a_glance_c45-654884.pdf
  I find this page very helpful as a top-level start to what features and capabilities exist per device:
  http://www.cisco.com/en/US/solutions/ns170/ns896/ns1051/trustsec_matrix.html
  The TS 2.1 Design Guides
  http://www.cisco.com/en/US/solutions/ns340/ns414/ns742/ns744/landing_DesignZone_TrustSec.html
  DesignZone has some updated docs as well
  http://www.cisco.com/en/US/netsol/ns982/networking_solutions_program_home.html#~bng
  As  the SGT functionality (at this point) is really more of a  router/LAN/client solution, the most detailed information will be in the  IOS TS guides like :
  http://www.cisco.com/en/US/docs/switches/datacenter/sw/6_x/nx-os/security/configuration/guide/b_Cisco_Nexus_7000_NX-OS_Security_Configuration_Guide__Release_6.x.html
  http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_cts/configuration/xe-3s/asr1000/sec-usr-cts-xe-3s-asr1000-book.html
  http://www.cisco.com/en/US/docs/switches/lan/trustsec/configuration/guide/trustsec.html

• Best way to secure Aironet 1200 for small office

  We are getting ready to install 4 aironet 1200 AP's into an office that will only be used by 5 people with T43 Thinkpads (Intel 2200 built-in card).
  What is the best method to secure the connection and prevent the outside world from accessing our internal network?
  I don't feel WEP/WPA encryption is enough -- Would be interested in using the built in security that comes with the Aironet and not an external security server, yet.
  Any info or push in the right direction is greatly appreciated.
  Thanks

  You could pretty easily use the "local" RADIUS built-in to the AP firmware and implement LEAP or EAP-FAST.
  Both are pretty easy to set up, the AP can handle that small load without any real performance issues, and the Intel client software supports it (you'll want to make sure all the client software and drivers are the most recent, there were some issues in the past).
  Both LEAP and EAP-FASt will support seamless roaming, You'd set one of the APs up for WDS and the others to point to it.
  Admin (add/change/delete users) via the Web GUI is also pretty straight forward.
  Good Luck
  Scott