Applying ACL globally

Similar Messages

• Best Practice for where to apply ACL's on a router

  I have a 1760 router with a 4 port ethernet card. It has the Vlan1 int on it for f0/0 in the IOS. I need to apply an ACL to that interface/subnet with the phyical cable in f0/0 and ip range of vlan1. When appling the ACL should I apply it to the physical interface or the Vlan (mgt) interface. What is the best practice and is there any docs on this on cisco?
  Thanks
  Chris

  Chris
  The f0/0 is operating as a switch port and as such you can not apply the access list directly to the physical interface. You should apply the access list to the vlan interface.
  HTH
  Rick

• Apply strictfp globally

  Hi all,
  Is there a way of applying the strictfp flag globally with the following JVM:
  java version "1.6.0_26"
  Java(TM) SE Runtime Environment (build 1.6.0_26-b03)
  Java HotSpot(TM) 64-Bit Server VM (build 20.1-b02, mixed mode)
  I looking for the equivalent of what is done with JRockit:
  http://docs.oracle.com/cd/E15289_01/doc.40/e15062/optionxx.htm#BABHBDAH
  If it is not possible, does anybody knows about a simple workaround ?
  Thank you in advance !
  Gilles Meyer

  The place you should be posting to is the Lightroom 4 Beta Forum...

• Cannot apply ACL to RAID through WGM

  I have a MDD server with a system disk running OS X Server 10.4.4 and two disks in mirror RAID configuration. When I try to apply usrers/groups to the ACL the changes are not accepted. I can drag users/groups to the ACL on the main system disk, but not to the RAID (not even the little black line shows up).
  Can ACL only be applied to the system disk? If not, any clues as to what I might be doing wrong?
  [Background: The machine orginally ran Server 10.3.8 with the same hardware configuration. The OS is a completely new install (erase and install). I thought this might have had something to do with it, so I broke the RAID and recreated it, to no avail.]

  Worked it out myself. Thanks!

• Apply ACL on vlan

         Amended the post     
  Hello
  can someone guide how to  apply access-list to a vlan
  office_A connect to Office_B on different floors on vlan 10
  need to allow inbond and outbond traffic
  Config of Office_A and host
  VLAN
  int vlan 10
  ip address 192.168.177.254 255.255.255.252
  Allow the following host to communicate with host of Office_B
  host 192.168.110 port 443
  host 192.168.1.16
  network 192.168.25.0/24
  Network of Office_B
  allow following host to communicate with hos of Office_A
  192.168.100.10  port 443
  1192.168.100.17
  192.168.27.0/24
  plz guide with right inbond / outbond acl to apply on SVI
  thanks
  Vishal

  Just to be on the same side, you want hosts 192.168.1.10:443 & 192.168.1.16 to connect to 192.168.100.10:443 and hosts 192.168.100.10:443 & 192.168.100.17 to connect to 192.168.110:443?
  I'm asking because I got confused from your question. If you have a topology for your network, it would be of great asset.
  Best Regards,
  Islam M. Nadim

• Applying ACL's when copying files using SBM protocol

  I' need to change the default behaviour of CMSDK when I'm copiying a file with Windows Explorer using SBM protocol in this way :
  When I'm copiying a file from some branchs of my tree of directories I want that ACL to apply is the ACL of the original file and not the ACL of the user who is doing the copy. For instance:
  Original file --> 'FILEA' with ACL 'AclA'
  User --> 'Pepe' default ACL 'Acluser'
  Copied file --> 'FILEB'
  CMSDK will copy the 'FILEA' to 'FILEB' with ACL 'Acluser', but I need that ACL of 'FILEB' is 'AclA' and not 'Acluser' ( from the original file FILEA).
  How could I get this ?.
  Thanks.

  This is no possible with SMB protocol. Ask for bug 1672091 to Oracle Support.

• Applying ACL to a folder (Java API)

  Hi there,
  I am wondering how to apply an ACL to a folder in order that this ACL gets automatically assigned to any LibraryObject (Folder or document) dropped in that folder.
  Any help appreciated,
  Stefano

  Not currently possible. There will be some new features in the
  next release that should make this easier.
  Regards,
  Jerry

• Applying HR global

  Hi ,
  I have 12.1.1 in my linux box(32-bit)
  Now i need to apply the HR global
  Though here every thing is new for me i followed some of the steps like this with metalink
  i need to apply the hr global for Australia
  so i have downloaded the patches into linux box and stored in location /v01/Patches
  then my database and listener are up and i have sourced the env files in appl and i run admsi.pl
  In the Oracle Patch Application assistant i provided the patch locationas /v01/Patches/patchtid and i
  click next
  IS the things which i have done is correct or not
  because there is no details about the summary
  Then what to do
  please help me

  Hi user;
  I have 12.1.1 in my linux box(32-bit)
  Now i need to apply the HR global
  Though here every thing is new for me i followed some of the steps like this with metalink
  i need to apply the hr global for Australia
  so i have downloaded the patches into linux box and stored in location /v01/Patches
  then my database and listener are up and i have sourced the env files in appl and i run admsi.pl
  In the Oracle Patch Application assistant i provided the patch locationas /v01/Patches/patchtid and i I suggest post patch issue on Forum Home » E-Business Suite » EBS General Discussion
  1. login as applmgr user
  2. source env file
  3. close apps services
  4. run adadmin (type adadmin and enter on applmgr user)
  5. Change Maintenance Mode than 1. Enable Maintenance Mode
  5. cd patchfolder
  6. ls
  7. you will see there xxx.drv file
  8. run adpatch and give xxx.drv file while adpatch ask you driver file
  9. You dont need to use admsi.pl you can use adpatch option
  Ps: If you dont have idea how you can apply patch please check:
  How to apply EBS 12i pathces in both Linux and Windows
  How to apply EBS 12i pathces in both Linux and Windows
  How to apply NLS patches in R12
  How to apply NLS patches in R12
  Also check:
  HR global installation in 12i EBS
  HR global installation in 12i EBS
  Hope it helps
  Regard
  Helios

• Applying acl to resources

  Hi,
  if I have a folder hierachy /xxx/yyy/zzz/*.xml. then I create myacl.xml, put it to /sys/acls/myacl.xml.
  call DBMS_XDB.setACL('/xxx', '/sys/acls/myacl.xml');
  will myacl will apply to all the subfolders and files along the hierachy? It seems not, so how can I apply one acl file to all my resources under /xxx easily?
  thanks a lot,
  Haili

  We're considering a recursive version of setACL for a future release... In the meantime you'll need your own PL/SQL block to do this..
  SQL>
  SQL> set serveroutput on
  SQL> --
  SQL> declare
    2    cursor getDocuments is
    3           select any_path
    4             from resource_view
    5            where under_path(res,'/home/SCOTT') = 1;
    6  begin
    7    for doc in getDocuments loop
    8      dbms_xdb.setAcl(doc.any_path, '/sys/acls/all_owner_acl.xml');
    9    end loop;
  10    commit;
  11  end;
  12  /
  PL/SQL procedure successfully completed.
  SQL>Message was edited by:
  mdrake

• Applying ACL (setAcl) to Versioned Document in java - Exception thrown

  Hello.,
  I am creating a new versioned document object and trying to apply an acl using doc.setAcl();
  However I receive an exception on the step where I am trying to set the ACL (below are the exceptions with IfsException.setVerboseMessage(true) )
  oracle.ifs.common.IfsException: IFS-30043: Insufficient access to change PublicObjects Owner
  oracle.ifs.common.IfsException: IFS-10204: Cannot update security settings for a PublicObject that has a SecuringPublicObject reference
  Exact same code works when it is not a versioned document.
  What do I need to do extra, to take care of versioned documents.
  Thanks,

  Hi,
  I too try to upload a documet throug web service proxies in java.
  Step followed are
  1. login using login service
  2. upload document using documentContentService
  3. createDocument using DocumentService
  The last step to createDocument in DocumentServicealwyas returns No valid session exists, though i try to do service calls in stateful session.
  Kindly help, if you have any solution for this.
  Regards,
  Bala

• Applying ACLs to Composite Application Views

  Is it possible to do the following?
  - We have a Composite Application with multiple views (Research, Reports, Admin)
  - We'd like for the Admin View to only be displayed for a specific CRX group
  - Can I set an ACL on the View node under the Application to accomplish this?

  Yes, this is possible by setting up ACLs on the nodes in CRX. The upcoming service pack will have a sample of how to do this - look for the mosaic-accesscontrol-pkg very soon in an updated samples package on packageshare.

• ACL applied to Vlan interfaces

  I have been working with access lists for a while now and i think i have a good knowledge about them. But the thing i'm still confused with is when you apply ACL "in" and "out" to a SVI or lvna virtual interface.
  It seems like in these type of interfaces the directions change completely compared to the normal interfaces (ethernet, serial... etc.) The logic is different and sometimes i find myself in problems when i have to do some troubleshooting in my work.
  I've tryied to found some information or manuals on Cisco about this specific issue but unfortunely, i couldn't find anything clear.
  Is there some method to quickly know when these ACL should be applied in one direction or another?
  Thanks for your time.

  It's no different on a SVI , "in" means coming in from the network (user ports) . "Out" means out towards the clients network.

• ACL practices when modifying and applying new policies

  Folks:
  I am studying for my CCNA , and I am confused at how to manage ACL lists that are already applied to an interface.
  For example: I have an ACL already applied to S0; however, I need to modify it. Cisco recommends that you disable the list first with the no ip access-group command; however, from my understanding, if I remove the list – traffic will be unfiltered. How do I modify an applied ACL and still filter traffic? Do I create another ACL to black all traffic until I modify my selected ACL?
  Thank you

  If you want to change an access-list that is already applied to an interface, you need to consider where to place your additions.
  You can do this:
  internetrouter#show access-lists
  Standard IP access list 2
  10 permit 172.16.1.1
  20 permit 172.16.1.2
  30 deny 172.16.1.0, wildcard bits 0.0.0.255
  In this ACL I have permitted 172.16.1.1 and .2
  However the last entry (line 30) I have denied the rest of the network. What if I wanted to add .3 and allow that??
  Well if we add .3 to the bottom of the ACL then .3 would be denied by line 30.
  I.e. if you do
  Conf t
  Ip access-list standard 2
  Permit 172.16.1.3
  Your ACL would look like this:
  internetrouter#show access-lists
  Standard IP access list 2
  10 permit 172.16.1.1
  20 permit 172.16.1.2
  30 deny 172.16.1.0, wildcard bits 0.0.0.255
  40 permit 172.16.1.3
  This won't work because of the order, the network is denied by line 30 so line 40 will have no effect, hence instead you can do this:
  Conf t
  Ip access-list standard 2
  25 Permit 172.16.1.3
  Which would place this above line 30.
  If we do a show access-list again:
  internetrouter#show access-lists
  Standard IP access list 2
  10 permit 172.16.1.1
  20 permit 172.16.1.2
  25 permit 172.16.1.3
  30 deny 172.16.1.0, wildcard bits 0.0.0.255
  Now .3 will be permitted and so too .1 and 2 with the rest of the network being denied. So it's important to check traffic flows and the placement of your ACLs.
  Likewise with removing ACL's with a 'no #' with the # being the line of the ACL entry.
  Having ACLs on an interface is good for security but can be devastating when you are editing them in a live config if you get it wrong.
  I recommend doing any changes to ACLs out of hours in an enterprise environment with a 'reload in 5' which gives me 5mins to make the change. If it goes well then I can cancel the reload and save the config. If I end up locking myself out, the router or device will reload in 5mins anyway so you can get the router back with the original config.
  Or as mentioned previously, create an entire new ACL altogether with your changes, then apply that to your interface. But even then you could get the ACL wrong, hence a reload in might be useful ;-)
  Hope this helps
  Sent from Cisco Technical Support iPhone App

• 3850 controller ACL working with ISE

  Hi all
  I was wondering if anyone can point me to the right direction. I was setting up BYOD access with ISE and Legacy controllers as follows:
  - create rule on ISE with Redirect / Airspace ACL
  - once that rule is hit ISE would send ACL name that needs to be applied on the controller (i.e. NSP-IOS )
  - controller would need to have the same ACL created locally with matching name
  - there are certain rules on old controllers allowing inbound / outbound traffic + denying traffic to be redirected
  now I want to use the same principle with 3850 controller.
  question is -> where do I configure this ACL, globally or under WLAN.... Also, what about direction - inbound / outbound that used to be the case with legacy controllers?

  The ACl should be under the WLAN

• Q: changing Global Currency 1 in OBIA 11.1.1.7.1

  We started configuring BI Apps 11.1.1.7.1 and are not able to change the Global Currency 1 (and 2-5) from USD to EUR (or anything else). Same applies for Global Currency Exchange Rate Type 1-n.
  In the Edit Parameter Value dialog, no values are displayed, and no edit is possible, although the icon does not indicate that this is a read-only parameter.
  Any idea's what we are missing.
  Thanks,
  Luc

  We finally got this to work, by adding an Externally Conformed Domains:
  In the Functional Setup Data Configuration and Load Plan Administration
  select Manage Externally Conformed Domains
  Configure Domain for E-Business Suite:
      Currency
      Conformed Currency Rate Type
  After this we could select EUR as global currency 1.
  There may be other possibilities, let me know if you managed to use alternative solutions.
  Best regards,
  Luc