ATA command interface

I'm looking for an ATA command interface for Solaris 8. There are none publically available that I can tell. Our current software supports SCSI on Solaris via the uscsi ioctl, but no corresponding ATA ioctl exists.
However http://smartmontools.sourceforge.net includes a file called os_solaris_ata.s which accomplishes this for a subset of functions. I need a more generic interface, but will not be publishing the code, so I would not need to worry about the obfuscation that this developer did (no, I don't do Sparc assembly and really don't want to learn it to figure out how to do this simple thing.
Below is the except from the file:
! In Solaris, programmer can pass SCSI command to target device directly
! by using USCSI ioctl or using "scg" generic SCSI driver. But, such
! method does not exist for ATA devices.
! However, I can access Solaris kernel source because I am subscriber of
! Source Foundation Program of Solaris. So, I can find method of
! accessing ATA device directly. The method is to pack command in
! undocumented structure and issue ioctl that appears only in kernel
! source. Yes, that is the same way in using USCSI interface.
! But, I met difficulty in disclosing this technique. I have signed NDA
! with Sun that inhibits me not to violate their intellectual property.
! Fortunately, Sun allows licensees to publish "Interfaces" if:
! (1) he/she treats Solaris code as confidential
! (2) and he/she doesn't incorporate Sun's code into his/her code
! (3) and disclose enough information to use "Interface" to everyone.
! So, I publish that technique in assembly code or object code because:
! (1) I believe Sun's intellectural property is not invaded because I
! didn't reveal any struct member and ioctl to non-licensee.
! (2) no piece of kernel source is included in this code.
! (3) And finally, I publish enough information below in order to use
! this code.
! For last reason, please don't remove "Calling Interface" section from
! distribution.
!

Hi
Cisco ATA 186 has an IVR which can be accessed through your phone.
http://www.cisco.com/en/US/products/hw/gatecont/ps514/products_configuration_example09186a00800c3a50.shtml
Once the IP address is set through IVR, the device can be accessed through "http:///dev"
Pls rate the helpful posts.
Regards
JD

Similar Messages

ATA command timeouts after disk has gone sleeping

Hi all
I've configured myself a NAS, which is infrequently accessed, so I set the standby timer of the disks to 241 (30 minutes) using hdparm.
for i in /dev/sd?; do
hdparm -S 241 $i > /dev/null
done
After 30 minutes the disks go to sleep, no problem there, but once they are accessed again, the first command sent to the disk time out:
ata7.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x6 frozen
ata7.00: cmd b0/d8:00:00:4f:c2/00:00:00:00:00/00 tag 0
res 40/00:00:00:f1:00/00:00:00:00:00/00 Emask 0x4 (timeout)
ata7.00: status: { DRDY }
ata7: hard resetting link
ata7: SATA link up 3.0 Gbps (SStatus 123 SControl 300)
ata7.00: max_sectors limited to 256 for NCQ
ata7.00: max_sectors limited to 256 for NCQ
ata7.00: configured for UDMA/133
sd 6:0:0:0: timing out command, waited 7s
ata7: EH complete
SCSI device sdg: 1953525168 512-byte hdwr sectors (1000205 MB)
sdg: Write Protect is off
sdg: Mode Sense: 00 3a 00 00
SCSI device sdg: drive cache: write through
After that the drives work fine again. The command timeout is 7 seconds, which seems too low because the disks need some time to spin up.
Two questions:
Can the ATA command timeout be increased?
If the command fails, is it retried?
Thanks,
Glenn

The G5 Discussion is here while this is devoted to Mac Pro, hence the confusion. The MP doesn't use cables, just trays that slide in.
Is it possible you have backups you can boot from? (hint, hint). Or Disk Warrior 4? would also be 'nice.'
Hard restarts DO trash files and directories. And never make changes w/o a bootable backup. Maybe a couple FW drives. (One person yesterday backed up his problem G5 drive only that turned his 'good backup' into an unbootable drive also, and didn't have a 2nd backup - which can happen and why you don't want to rely on just one).

Commands (interface) for BEx Analyser

Hi Gurus,
has anyone a complete documentation or has detailed information about the functionality that can be used Excel/BEx Analyser (e.g. with buttons)?
Example:
With button commands you can set variables or set the input mode of a query:
CMD 1 SET_INPUT_MODE
SET_INPUT_MODE 1 ACTIVE
Any info about the command interface of the BEx Analyser is highly appreciated.
Thanks in advance,
Leo

The problem is solved for greek letter by adding a system variable sap_codepage - 1704. But only one entry can be maitained for this variable. And the report still cannot identify Russian characters.
Is there any way to solve this problem for BEX 3.X for all multiple languages?

ATA Commands support in MAC OS

*Any body know how we can perform ATA operations from MAC OS. I tried from Windows, In Windows we can use DeviceIoControl(....) system call to tell ATA driver to perform ATA operations. But I could not find any such kind of API or system calls in MAC OS. Please any body know how we can send ATA commands to storage device.*

Start with http://www.powerbasic.com/support/pbforums/showthread.php?t=38364, a top hit from a google search for *ATA commands*. Here's another: http://developer.apple.com/mac/library/qa/qa2001/qa1179.html

How to send ATA Commands in MAC OS X

Hi,
*Our end target is SSD(SATA device. Our requirement is to write some data into SSD using ATA Write. We know in windows we can use DeviceIoControl(...) and ATA passthru commands for write. If any one knows how this task achieve in MAC OS X. Is there any interface supporting this task. Our SSD using AppleAHCIPort driver. Please find the following few more information below regarding our SSD(Information from IORegistryExplorer).*
*IOClass: AppleAHCIDiskDriver*
*IOProviderClass: IOAHCIDevice*
*please respond...*
*Thanks in advance.*

Good answer. I despise the hall monitors in these forums. (Relax, cut back on the caffeine, go outside there's this big ball of file in the sky you might find interesting). I might understand if someone is abusing the forums with repeated and unnecessary cross posts. But come on... this person, for example, has a sincere question that may be better served because the question is posted on a couple of different forums.

Ata command READ FPDMA QUEUED on new laptop + ssd

I call on you again, fellow archers!
I have just installed Arch on a brand new laptop, but the boot process hangs a few times, with the "failed command" messages in the gist below.
excerpt from dmesg
I've searched around on the web; some say it's a hardware error, some say it's a bug.
Full disclosure: I'm running btrfs.
So can I do something about it, or should I ask the supplier for a new laptop?
Any help is much appreciated.
Last edited by Bladtman242 (2014-01-30 18:52:11)

Looks like the firmware update solved it.

Wat is command interface with text mean

i have forgotten my password tor my macbook pro so i can only use my guest account not my own account as the administrator im running mavrticks is there a way i can get past this and start it as if it were a new computer setup

Here's how to reset your password: https://discussions.apple.com/docs/DOC-4101
Note that this will not reset your keychain password. Those passwords are lost for good. You'll have to use keychain access to create a new login keychain.

Is there now a system call to send pass-through commands to ATA devices?

I want to send pass-through ATA commands to SATA/ATA devices on intel-based solaris. From the beginning the USCSICMD ioctl has worked just fine on SCSI/SAS/FC targets on intel & sparc-based solaris, but the mechanism to send pass-through commands to ATA devices has always been undocumented, closed, unavailable, whatever.
Is there now a way to do this w/o writing a custom device driver? Does anybody have an example chunk of code that does something simple like send the ATA IDENTIFY command to a disk drive? I know I can use SATL to encapsulate commands to SATA disks using certain SAS controllers, but I really need a way that will work with devices that are plugged into a standard SATA port on a motherboard.
Thanks

Hi Dhalek,
Just tried out a small example and it works ok in SQL Dev 4
drop table t1;
create table t1 (col1 int);
insert into t1 values (1);
insert into t1 values (2);
insert into t1 values (3);
select * from t1;
/*sqldev:stmt*/BEGIN;
DELETE FROM t1;
SELECT * FROM t1;
/*sqldev:stmt*/ROLLBACK;
SELECT * FROM t1;
---- RESULT ----
table T1 dropped.
table T1 created.
1 rows inserted.
1 rows inserted.
1 rows inserted.
col1
1
2
3
/*sqldev:stmt*/BEGIN
3 rows deleted.
col1
/*sqldev:stmt*/ROLLBACK
col1
1
2
3
Regards,
Dermot
SQL Developer Team

Interface & command consistency !?!

I am dismayed that the commands, interface, menu item location etc are so drastically different for each application. It is as if there are four different companies within Adobe, thus the simple commands like <ctrl> F does not have the same function in Illustrator as it does in InDesign. <ctrl> R in Acrobat is different in Illustrator etc etc .... Geewiz -- its frustrating! One of Adobes big pronouncements for the CS suite was the common interface from application to application within the CS suites ,,,,, uh someone screwed up in the kitchen because these Applications interfaces are obviously politically motivated and managed, with each enclave within Adobe being arrogantly possessive their own interface hierarchy and short cut functionality. Adobe upper management must take hold of these little enclaves of selfish power struggles and mandate a common interface/function/menu interface to live up to the marketing claim that the user will enjoy a consistent work environment. Really folks get it together, stop the power struggle and get over yourselves, and give the consumers/user/buyer what you promised. I dont expect anything to change within Adobe CS anytime soon, because the business culture therein is obviously stagnated and combative which will take years to resolve, unless there is courageous leadership at the top that abolishes the fortress mentality that permeates the product development cycle. Another thing I don't get is why,, when I open a file, why can't the save command default to the directory that I opened the file in. I end up saving in the wrong directory so many times because Adobe programs seem fixated on the last directory I saved to, which obviously a history lesson, and not the current folder/reality that is now my new focus and workflow. Thanks to all that have taken the time to let me vent. May your day unfold with new adventures.

Hi Mahesh,
From the config guide:
To control the set of interfaces with which you want to exchange routing updates, you can disable the sending of routing updates on specified interfaces by configuring the
passive-interface
here is the link:
http://www.cisco.com/en/US/docs/ios/12_0/np1/configuration/guide/1crip.html
Correct, you do not need a routing protocol. The interfaces are directly connected. Now, if for example you add a loopback address to each router, you need a routing protocol or static router to reach the opposite router's loopback address.
The reason the interfaces/IPs do not show up in the RIP routing table is because they are directly connected and directly connected routes have a lower admin distance (1) which is preferred over rip which is 120.
yes
HTH

Which EEM cmd can run command on an interface all Friday at 10 h pm?

Hi all,
I'm looking to write an EEM cli command that allow me to run a conmmande (ip access group 130 in) on one interface all Friday at 10 pm?
How can I write this?
Thanks.

This should do it for you.
event manager applet apply-acl event timer cron cron-entry "0 22 * * 5" action 1.0 cli command "enable" action 2.0 cli command "config t" action 3.0 cli command "interface gi0/0" action 4.0 cli command "ip access-group 130 in" action 5.0 cli command "end"

SF-300 'interface range' command BUG

Hello!
I have number of SF300 switches in production and have found bug with command "interface range".
When I reconfigure interfaces previously configured with "interface range" to different VLAN interface change VLAN, but after reboot it move back to vlan configured with "interface range".
SW2#sh ver
SW version    1.1.2.0 ( date 12-Nov-2011 time 23:34:26 )
Boot version    1.0.0.4 ( date 08-Apr-2010 time 16:37:57 )
HW version    V01
SW2#sh int switchport gi4
Port : gi4
Port Mode: Access
Gvrp Status: disabled
Ingress Filtering: true
Acceptable Frame Type: admitAll
Ingress UnTagged VLAN ( NATIVE ): 11
Port is member in:
Vlan               Name               Egress rule Port Membership Type
11                User                Untagged          Static
SW2#sh run
interface fa10
description WiFI(1)
exit
vlan database
vlan 2,4,11
exit
interface gi3
switchport default-vlan tagged
exit
interface range fa14-20,fa22-24
switchport access vlan 2
exit
interface range fa10,fa13
switchport access vlan 4
exit
interface range fa1-2,fa21,gi4
switchport access vlan 11
exit...
SW2#conf t
SW2(config)#int gi4
SW2(config-if)#switchport access vlan 11
SW2#sh int switchport gi4
Port : gi4
Port Mode: Access
Gvrp Status: disabled
Ingress Filtering: true
Acceptable Frame Type: admitAll
Ingress UnTagged VLAN ( NATIVE ): 4
Port is member in:
Vlan               Name               Egress rule Port Membership Type
4                 WiFI                Untagged          Static
...SW2#sh startup-config
interface fa10
description WiFI(1)
exit
vlan database
vlan 2,4,11
exit
interface gi3
switchport default-vlan tagged
exit
interface range fa14-20,fa22-24
switchport access vlan 2
exit
interface range fa10,fa13
switchport access vlan 4
exit
interface range fa1-2,fa21,gi4
switchport access vlan 11
>!!!!!!!!!!?????????????????????????
SW2#write mem
SW2#reload
==============
!!!!!DOWNTIME!!!!
==============
SW2#sh int switchport gi4
Port : gi4
Port Mode: Access
Gvrp Status: disabled
Ingress Filtering: true
Acceptable Frame Type: admitAll
Ingress UnTagged VLAN ( NATIVE ): 11
Port is member in:
Vlan               Name               Egress rule Port Membership Type
11                User                Untagged          Static
Now the only way to fix it:
copy run tftp://XXXXXXX
copy tftp://XXXXXX start
reload
Please let me know if this bus will be fixed in next software releas!
Regards
Sergiy A. Pyvovaroff (CCNP).

Hi Sergry,
Thank you for the explanation, but to fix software, someone has to open a Service Request . It may have been noticed and scheduled for fix.
I would you ask you to please be kind enough to goto www.cisco.com/go/sbsc and call by phone or click to chat with the folks at the small business support center (SBSC) and open a case. They will give in response a service request (SR) number.
It doesn't take long to open a SR, and someone at SBSC is then responsible for feedback to you to let you know what's happening.
The SR will ensure that;
our technicians verify your findings and
escalate the case up into development.
if this problem has been observed previously and there is a resolution, you may be asked to even try, if you wish a pre-release version of firmware.
Since you have a CCNP, I am guessing that this process is not foreign to you.
It can be annoying opening a case, especially when you have documented the issue in the post,   but at least you can point the technician to this posting, where you have almost explained everything needed to get development to look at the problem.
Sergry, it's a interest observation, I just use the 300 series GUI to add Gig2 as a access port to vlan 2, the following script was created;
interface gigabitethernet2
switchport mode access
switchport access vlan 2
switchport general pvid 2   - this is a error I guess as the switch port is in access mode.
exit
Did you use the GUI to generate the CLI. or just use the CLI without reference to the CLI manual?.
This CLI is not identical to a Catalyst CLI. see the following URL for the 300 series CLI manual;
http://www.cisco.com/en/US/docs/switches/lan/csbms/sf30x_sg30x/administration_guide/CLI_Nikola300_1.1.pdf
Again, please be so kind to spend a little time to open a SR.
I will be tomorrow, on a issue I highlighted in red. It is a minor issue for me, as the switch still leaves GiG2, in access mode,   as a untagged interface in VLAN2.
regards Dave

ASA 5505: Outside Interface Becomes Inaccessible

Greetings --
I've been having occurrences of my ASA's 'outside' interface become inaccessible from the internet side. AnyConnect users that are logged in get kicked out ... can't ping to the IP address ... can't ssh into the ASA. Internally, I can ping the IP address and I can ssh into the ASA.
The 'lockout' typically occurs around 1PM, 7:30PM, and 10:30PM. To get the 'outside' interface working again, I would have to log into a host machine on the LAN (via TeamViewer) and then ssh into the ASA and reboot.
Any ideas why the lockouts are occuring? Is it possible my ISP is shutting down the IP?
Below is the configs to the ASA:
hostname psa-asa
enable password IqUJj3NwPkd63BO9 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 10.0.1.0 Net-10
name 192.168.1.20 dbserver
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
switchport access vlan 3
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.98 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address xxx.xxx.xxx.43 255.255.255.0
interface Vlan3
no nameif
security-level 50
ip address 192.168.5.1 255.255.255.0
ftp mode passive
object-group service RDP tcp
port-object eq 3389
access-list vpn_nat_inside extended permit ip Net-10 255.255.255.224 192.168.1.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip any Net-10 255.255.255.224
access-list inside_nat0_outbound extended permit ip host chewieOP-host Net-LabCorp 255.255.255.0
access-list inside_access_in extended permit ip any any
access-list Split_Tunnel_List standard permit Net-10 255.255.255.224
access-list outside_1_cryptomap extended permit ip host chewieOP-host Net-LabCorp 255.255.255.0
access-list outside_access_in extended permit ip host Mac any
pager lines 24
logging enable
logging timestamp
logging monitor errors
logging history errors
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool SSLClientPool-10 10.0.1.1-10.0.1.20 mask 255.255.255.128
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (inside) 10 interface
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
nat (outside) 10 access-list vpn_nat_inside outside
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.41 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication enable console LOCAL
aaa authentication ssh console LOCAL
aaa authorization command LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer 162.134.70.20
crypto map outside_map 1 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
subject-name CN=pas-asa.null
keypair pasvpnkey
crl configure
crypto ca certificate chain ASDM_TrustPoint0
certificate fecf8751
    308202da 308201c2 a0030201 020204fe cf875130 0d06092a 864886f7 0d010105
    0500302f 31153013 06035504 03130c70 61732d61 73612e6e 756c6c31 16301406
    092a8648 86f70d01 09021607 7061732d 61736130 1e170d31 33303530 36323134
    3131365a 170d3233 30353034 32313431 31365a30 2f311530 13060355 0403130c
    7061732d 6173612e 6e756c6c 31163014 06092a86 4886f70d 01090216 07706173
    2d617361 30820122 300d0609 2a864886 f70d0101 01050003 82010f00 3082010a
    02820101 00dc6f5c 584be603 1219ad4a 43085a97 b8fd7e33 c887933d 1b46dbca
    deada1da 7689ab5e 9b6fa20b d6f7e5e3 049285e7 65778c15 a9447e1e 8ba749cb
    61e0e985 9a90c09f b4c28af0 c6b5263c d2c13107 cce6c207 62f17cbe 99d9d5c2
    86870084 25c035e4 ea9ab8ae 8b664464 40305c4d e40dd774 506f6c0a 6f4ca4d1
    0c81d2dd bcdc8393 3f4fbcba 1b477d45 502063b8 af862bdf 50499615 7b9dac1b
    67252db8 1473feec c39d9c32 9d9f3564 74fdf1bd 71ca9310 e5ad6cba 999ae711
    c381347c a6508759 eb405cc0 a4adbe94 fb8204a2 382fad46 bc0fc43d 35df1b83
    6379a040 90469661 63868410 e16bf23b 05b724a3 edbd13e1 caa49238 ee6d1024
    a32a1003 af020301 0001300d 06092a86 4886f70d 01010505 00038201 010084b1
    62698729 c96aeec0 4e65cace 395b9053 62909905 e6f2e325 df31fbeb 8d767c74
    434c5fde 6b76779f 278270e0 10905abc a8f1e78e f2ad2cd9 6980f0be 56acfe53
    f1d715b9 89da338b f5ac9726 34520055 2de50629 55d1fcc5 f59c1271 ad14cd7e
    14adc454 f9072744 bf66ffb5 20c04069 375b858c 723999f8 5cc2ae38 4bb4013a
    2bdf51b3 1a36b7e6 2ffa3bb7 025527e1 e12cb2b2 f4fc624a 143ff416 d31135ff
    6c57d226 7d5330c4 c2fa6d3f a1472abc a6bd4d4c be7380b8 6214caa5 78d53ef0
    f08b2946 be8e04d7 9d15ef96 2e511fc5 33987858 804c402b 46a7b473 429a1936
    681a0caa b189d4f8 6cfe6332 8fc428df f07a21f8 acdb8594 0f57ffd4 376d
quit
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 28800
vpn-sessiondb max-session-limit 10
telnet timeout 5
ssh 192.168.1.100 255.255.255.255 inside
ssh 192.168.1.0 255.255.255.0 inside
ssh timeout 60
console timeout 0
dhcpd auto_config inside
dhcpd address 192.168.1.222-192.168.1.223 inside
dhcpd dns 64.238.96.12 66.180.96.12 interface inside
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ssl trust-point ASDM_TrustPoint0 outside
webvpn
enable outside
anyconnect-essentials
svc image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
svc image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 2
svc enable
tunnel-group-list enable
group-policy SSLClientPolicy internal
group-policy SSLClientPolicy attributes
wins-server none
dns-server value 64.238.96.12 66.180.96.12
vpn-access-hours none
vpn-simultaneous-logins 3
vpn-idle-timeout none
vpn-session-timeout none
ipv6-vpn-filter none
vpn-tunnel-protocol svc
group-lock value PSA-SSL-VPN
default-domain none
vlan none
nac-settings none
webvpn
svc mtu 1200
svc keepalive 60
svc dpd-interval client none
svc dpd-interval gateway none
svc compression none
group-policy DfltGrpPolicy attributes
dns-server value 64.238.96.12 66.180.96.12
vpn-tunnel-protocol IPSec svc webvpn
username user1 password ks88YmM0AaUUmhfU encrypted privilege 0
username user1 attributes
vpn-group-policy SSLClientPolicy
service-type remote-access
username user2 password 1w1.F5oqiDOWdcll encrypted privilege 0
username user2 attributes
vpn-group-policy SSLClientPolicy
service-type remote-access
username user3 password lQ8frBN8p.5fQvth encrypted privilege 15
username user4 password w4USQXpU8Wj/RFt8 encrypted privilege 15
username user4 attributes
vpn-group-policy SSLClientPolicy
vpn-simultaneous-logins 3
vpn-idle-timeout none
vpn-session-timeout none
service-type admin
username user5 password PElMTjYTU7c1sXWr encrypted privilege 0
username user5 attributes
vpn-group-policy SSLClientPolicy
service-type remote-access
username user6 password /zt/9z7XUifQbEsA encrypted privilege 0
username user6 attributes
vpn-group-policy SSLClientPolicy
service-type remote-access
username user7 password aEGh.k89043.2NUa encrypted privilege 0
username user7 attributes
vpn-group-policy SSLClientPolicy
service-type remote-access
tunnel-group DefaultRAGroup general-attributes
address-pool SSLClientPool-10
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *****
tunnel-group PSA-SSL-VPN type remote-access
tunnel-group PSA-SSL-VPN general-attributes
address-pool SSLClientPool-10
default-group-policy SSLClientPolicy
tunnel-group PSA-SSL-VPN webvpn-attributes
group-alias PSA_VPN enable
group-url https://xxx.xxx.xxx.43/PSA_VPN enable
pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
privilege cmd level 3 mode exec command perfmon
privilege cmd level 3 mode exec command ping
privilege cmd level 3 mode exec command who
privilege cmd level 3 mode exec command logging
privilege cmd level 3 mode exec command failover
privilege cmd level 3 mode exec command packet-tracer
privilege show level 5 mode exec command import
privilege show level 5 mode exec command running-config
privilege show level 3 mode exec command reload
privilege show level 3 mode exec command mode
privilege show level 3 mode exec command firewall
privilege show level 3 mode exec command asp
privilege show level 3 mode exec command cpu
privilege show level 3 mode exec command interface
privilege show level 3 mode exec command clock
privilege show level 3 mode exec command dns-hosts
privilege show level 3 mode exec command access-list
privilege show level 3 mode exec command logging
privilege show level 3 mode exec command vlan
privilege show level 3 mode exec command ip
privilege show level 3 mode exec command ipv6
privilege show level 3 mode exec command failover
privilege show level 3 mode exec command asdm
privilege show level 3 mode exec command arp
privilege show level 3 mode exec command route
privilege show level 3 mode exec command ospf
privilege show level 3 mode exec command aaa-server
privilege show level 3 mode exec command aaa
privilege show level 3 mode exec command eigrp
privilege show level 3 mode exec command crypto
privilege show level 3 mode exec command vpn-sessiondb
privilege show level 3 mode exec command ssh
privilege show level 3 mode exec command dhcpd
privilege show level 3 mode exec command vpnclient
privilege show level 3 mode exec command vpn
privilege show level 3 mode exec command blocks
privilege show level 3 mode exec command wccp
privilege show level 3 mode exec command dynamic-filter
privilege show level 3 mode exec command webvpn
privilege show level 3 mode exec command module
privilege show level 3 mode exec command uauth
privilege show level 3 mode exec command compression
privilege show level 3 mode configure command interface
privilege show level 3 mode configure command clock
privilege show level 3 mode configure command access-list
privilege show level 3 mode configure command logging
privilege show level 3 mode configure command ip
privilege show level 3 mode configure command failover
privilege show level 5 mode configure command asdm
privilege show level 3 mode configure command arp
privilege show level 3 mode configure command route
privilege show level 3 mode configure command aaa-server
privilege show level 3 mode configure command aaa
privilege show level 3 mode configure command crypto
privilege show level 3 mode configure command ssh
privilege show level 3 mode configure command dhcpd
privilege show level 5 mode configure command privilege
privilege clear level 3 mode exec command dns-hosts
privilege clear level 3 mode exec command logging
privilege clear level 3 mode exec command arp
privilege clear level 3 mode exec command aaa-server
privilege clear level 3 mode exec command crypto
privilege clear level 3 mode exec command dynamic-filter
privilege cmd level 3 mode configure command failover
privilege clear level 3 mode configure command logging
privilege clear level 3 mode configure command arp
privilege clear level 3 mode configure command crypto
privilege clear level 3 mode configure command aaa-server
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:2298b0ae64f8ff7a5e25d97fe3f02841

Hi,
I guess if you want to temporarily set up a software to receive the logs on some computer you could even use Tftpd (you will find it easily through Google search) The same software can be used for multiple different purposes.
I sometime use it personally when testing different stuff on my home ASA.
It naturally isnt a real option if you actuall setup a separate Syslog server.
You wouldnt really need to add much to your logging configuration
logging device-id hostname
logging trap informational
logging host
Where is the name of the interface behind which the server is and the is naturally the IP address of the server.
Though the above would generate a lot of logging.
I am not even 100% sure it would log anything when you are facing the problem.
Best would be to also troubleshoot while the problem is there.
Can you confirm that you use the Internet connection through the ASA when you are accessing the internal host behind the ASA? I assume that the host connects from the LAN to the Internet which enables you to have a remote connection to the host?
If this is so it makes it a wierd problem as the ASA and your ISP can clearly pass traffic to and from your network since that remote connections is working even if there is other problems.
- Jouni

Can HP/otherPEOPLE RESPOND to MISSING "ATA PASSWORD" FEATURE IN BIOS (SECURITY) ??

Hello people,
Can you please answer following ?:
Note: I can fix anything (Engineer & x-Tech here), so rarely (if ever) ask for help, but one problem is killing me with certain consumer (nonbusiness) laptop:
I purchased HP:
ProductName#: "DM1Z" (DM1Z-3000, to be exact), specific Product# XL303AV.
Product/part# not important b/c problem covers many such HP ultraportable Laptops.
===
Let me first state the Question/Problem (short), then go onto Explanation (lengthy):
HP-SUPPLIED "BIOS" IS MISSING ABILITY TO SET "ATA PASSWORD".
IS THERE SOLUTION AVAILABLE or COMING UP; and FOR ALL PEOPLE or if not, COULD I GET ONE IN PRIVATE (might even pay a reasonable fee for modifying BIOS!) ?
==========
Explanation:
You may call DM1Z a "Consumer" Netbook/UltraLaptop, but in reality we're using for business (here). Meant for travel, by design, this is a Novel machine most powerful in the world for its size when came out. Things get stolen or FORGOTTEN often when you travel. I've been using what is called "ATA Password" (aka "Harddisk Lock") since time immemorial (since late 1990's) on other UltraPortables, and keep using on current HP EliteBooks, *enovo & *sus. But the irony, this "DM1Z" meant for travel and thus easy target for THIEVES, is a problem with security.
For your info: I keep industrial drawings, banks/creditcards, emails and if Harddisk is removed/stolen, I'll need a gun to shoot myself. FDE Encryption is NOT a solution for DM1Z - read below.
But first:
Please assure your Technical knowledge is deep enough b/c to avoid bloating message, I provide minimum explanation for a subject some Sales folks keep confusing with another (people who use cheap computers, have no clue BIOS/PowerOn password has NO relation to Harddisk/ATA Password - so would help if an engineer or technically-inclined customers/enthusiasts respond to following:
If you use computers for serious business rather than "pictures, music" or similar waste alone; you are likely using either or both protections:
a) Encryption (Software or Hardware types) and/or
b) Harddisk aka "ATA Password" (been part of ATA Command Set since mid 1990's, powerusers know). The term "Harddisk" here is interchangeable with SSD Drives (new SSD's e.g. Intel320series, are ATA Password compliant just like conventional/spinning harddisks).
I know all about Encryption and it is NOT the subject of this email, in some cases we cannot use Encryption to full extent (e.g. FDE [Full Disk Encryption] in a form of BitLocker, TrueCrypt, PGP, etc.), or we can't use it for the entire Harddisk/SSD, or it has tobe combined with ATA Password anyway. Self-encrypting/Built-in AES storage like new SSD's from Intel (Intel320) or some WesternDigital harddrives (SED - Self Encrypting Drive) are also not an option.
A Netbook like DM1Z is not a full-blown workstation, so its processor is both weak overall + lacks builtin AES Encryptor Accelerator (found in Intel i7-2600 for example).
Forget encryption. Too long to explain, just please accept this fact.
All I am asking to please answer WHY "ATA Password" feature (security) is missing in BIOS and HOW to get it back, either for everyone or can I pay a small $fee to get BIOS modified?
This one little feature would be a golden key to move DM1Z beyond "games" and more into business use. Right now I have to struggle with lame Encryption that suffocates this little Netbook processor. Why no "ATA password" present in BIOS ?? Like I said this is not a 50-pound home-bound machine, it's ultraportable, it travels, things get stolen or FORGOTTEN. I did find a couple wallets in various airports with USBflashdrives (returned), but in our case my data is utterly dangerous to be stolen.
=====
Explanation - Detailed:
ATA Password can be set in most business/hi-end laptops & some desktops BIOS's simply because they don't hide such functionality; cheaper/consumer machines hide it to deny {Content Removed: Language Filter Evasion} customers' [who only use computers for entertainment], though manufacturers like Intel , *P, *ell, *enovo/*BM or *sus may offer also on consumer models. Too bad for HP - DM1Z, you might be losing sales for professional/business applications.
Remember I politely asked for Technically-inclined people to respond, which Sales folks often are NOT. They keep confusing ATA/Harddisk Password with other passwords - usually PowerOn/BIOS/Supervisor passwords present in most even "cheapo" computers - but completely unrelated & worthless (it can be
reset by kids in minutes)! DM1Z does have that password (PowerOn and/or BIOS-style access), but it has no relation to "ATA password.
No professional takes "PowerOn" or "BIOS" password(s) seriously - it is a joke which can be defeated in minutes (even by kids). I promised not to explain much, but let me say this much:
Your data is on a storage device, if a Thief steals your Harddrive/SSD & plugs into another computer/controller board ==> you're DEAD if ATA Password was not setup. Doesn't mean ATA Password is hard to crack, but it is a real strong protection against moderately violent attack. Ultimate protection is Encryption, but like I said I am contacting you to give us back "ATA Password".
Encryption is NOT the subject of this Message.
The missing ability to set Harddisk/ATApassword (also applies to DM1Z w/ SSDdrive attached, instead of Harddisk) is giving us a headache, in fact I can manage every technical problem but not missing feature in BIOS/UEFI. Because hacking BIOS and/or using third-party ATA/Harddrive hacktools is very risky and so many people have ruined their hardware, not to mention that life is short and we are not going to spend it searching for some "Hacktools" to bypass BIOS.
>======>
P.S.
I personally started using Harddisk/ATA Passwords back in mid 1990's in *BM *hinkpads (*BM was first to implement ATA "Security Xtension" added into ATA Standard in mid 1990's); later they were renamed as L*novo, also I used A*us even consumer laptops offered ATA password!; now for business we're using STRICTLY "HP EliteBooks"; I like HP stuff due to its roots in Science/Instrumentation. Even my engineering tools made by Agilent technologies, is nothing but a former HP division spun off years ago. World's best Test & Measurement tools. OK fine, I won't rant more but:
But this same omitting "ATA Password: feature in such UltraPortable while its processor is not meant for FDE Encryption heavy load, is a PAIN.
On the other hand I am not too stupid & recognize tech Support may get additional workload from "idi0t-customers" who forget their password.
How about us, technically capable people get it for a reasonable fee as a "Modified BIOS" or some BIOS add-on or just flash a huge warning in RED LETTERS before user is setting a password, that no one in the world will reset password if forgotten.
Come one, we cannot turn into a nation of {Content Removed: Language Filter Evasion}
Else, nothing can be allowed for customers - even using a microwave oven is dangerous!
So the question is:
a) Does anyone know a workaround? Either within BIOS or outside?
b) Question is to both HP users + HP officials who might be reading it.
I can't transform everything here to use Encryption FDE, but it's overkill for AMD Fusion processor & for other reasons (too long to explain) we just want a simple:
"ATA Password" back into BIOS"
================>
Thanks if you can answer?
Max S.

I will wait for more responses, maybe someone in the world can share experience, meanwhile thanks for your response.
May attempt to hack BIOS on my own, or talk to HDD/SSD thru "notorious" HDDerase Utility which bypasses BIOS but risk is high. Lame BIOS may not enumerate a locked ATA device at PowerOn, yet some people from Intel SSD forum reported success.
P.S. ATA Password is crackable.
If you had a drawer full of locked harddrives, it is an indication how many people messup (at least in America in recent times, we seem to be losing Technical edge -how does one lock their own harddisk and forget pass is beyond me).
But for those folks who suffer from forgetfulness:
Basically a question of Cost vs. Data value.
If Data really valuable, they can PAY and get it cracked after proving OWNERSHIP (whatever company cracks ATA pass w/o requring proof, is illegal).
My data is far more valuable than a collection of {Content Removed: Language Filter Evasion} or grandma's photos - I keep industrial design files, banks, and secret letters, but cracking ATA Pass is fairly expensive and not worth for thief to steal my data. So it's kind of effective.
If I need ot crack it - first off, I don't forget passwords
Second, if you are the owner and esperienced person, you do keep backups and image(s) and just write off $$ you spend on harddrive as a LOSS, and restore image to a new Harddrive. SSD's take only minutes to restore image (though losing locked SSD is more expensive than locked HDD).
Anyways,
ATA/Harddisk pass is the ONE & BEST (for my kind of people) solution for an ultraportable Laptop/netbook whose processor is not adequate to run FDE (BitLocker, TrueCrypt, PGP), it's not i7-2600 w/builtin AES as in our workstation.
==
Can you please leave this topic alive for much longer, in case someone else responds.? I just posted and only few users seen it.
Sometimes best solutions come from other Users, rather than Mfg. Official tech Support.

Link outage in Etherchannel causes interface down and failover Secondary Faild

Hi,
I have configured port-channel Firewall ASA5515-X and stacking switch WS-3750X. Also firewall configured as failover mode. Problem is that my active firewall connected switch port show green and working but standby firewall connected switch port shows orange color. When i inpute show failover command on firewall, secondary is faild. Please assist. Here is the below show command.
mdbl-int-fw-01# sho port-channel 10
Ports: 2 Maxports = 16
Port-channels: 1 Max Port-channels = 48
Protocol: LACP/ active
Minimum Links: 1
Maximum Bundle: 8
Load balance: src-dst-ip
mdbl-int-fw-01# sho interface port-channel 10
Interface Port-channel10 "inside", is up, line protocol is up
Hardware is EtherChannel/LACP, BW 2000 Mbps, DLY 10 usec
 Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
 Input flow control is unsupported, output flow control is off
 Description: *** Connected to CORE-SW ***
 MAC address 4c00.821d.511f, MTU 1500
 IP address 10.98.8.97, subnet mask 255.255.255.248
Traffic Statistics for "inside":
 56859 packets input, 3419130 bytes
 148709 packets output, 16063580 bytes
 56858 packets dropped
 1 minute input rate 0 pkts/sec, 46 bytes/sec
 1 minute output rate 2 pkts/sec, 216 bytes/sec
 1 minute drop rate, 0 pkts/sec
 5 minute input rate 0 pkts/sec, 46 bytes/sec
 5 minute output rate 2 pkts/sec, 216 bytes/sec
 5 minute drop rate, 0 pkts/sec
Members in this channel:
 Active: Gi0/1 Gi0/2
mdbl-int-fw-01# sho port
mdbl-int-fw-01# sho port-channel sum
mdbl-int-fw-01# sho port-channel summary
Flags: D - down P - bundled in port-channel
 I - stand-alone s - suspended
 H - Hot-standby (LACP only)
 U - in use N - not in use, no aggregation/nameif
 M - not in use, no aggregation due to minimum links not met
 w - waiting to be aggregated
Number of channel-groups in use: 1
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
10 Po10(U) LACP Gi0/1(P) Gi0/2(P)
mdbl-int-fw-01#
mdbl-int-fw-01# sho port-channel ?
<1-48> Channel group number
brief Brief information
detail Detail information
port Port information
protocol protocol enabled
summary One-line summary per channel-group
| Output modifiers
<cr>
mdbl-int-fw-01# sho port-channel bri
mdbl-int-fw-01# sho port-channel brief
 Channel-group listing:
Group: 10
Ports: 2 Maxports = 16
Port-channels: 1 Max Port-channels = 48
Protocol: LACP/ active
Minimum Links: 1
Maximum Bundle: 8
Load balance: src-dst-ip
mdbl-int-fw-01# sho port-channel ?
<1-48> Channel group number
brief Brief information
detail Detail information
port Port information
protocol protocol enabled
summary One-line summary per channel-group
| Output modifiers
<cr>
mdbl-int-fw-01# sho port-channel pro
mdbl-int-fw-01# sho port-channel protocol
 Channel-group listing:
Group: 10
Protocol: LACP
mdbl-int-fw-01# sho port-channel ?
<1-48> Channel group number
brief Brief information
detail Detail information
port Port information
protocol protocol enabled
summary One-line summary per channel-group
| Output modifiers
<cr>
mdbl-int-fw-01# sho port-channel det
mdbl-int-fw-01# sho port-channel detail
 Channel-group listing:
Group: 10
Ports: 2 Maxports = 16
Port-channels: 1 Max Port-channels = 48
Protocol: LACP/ active
Minimum Links: 1
Maximum Bundle: 8
Load balance: src-dst-ip
 Ports in the group:
Port: Gi0/1
Port state = bndl
Channel group = 10 Mode = LACP/ active
Port-channel = Po10
Flags: S - Device is sending Slow LACPDUs F - Device is sending fast LACPDUs.
 A - Device is in active mode. P - Device is in passive mode.
Local information:
 LACP port Admin Oper Port Port
Port Flags State Priority Key Key Number State
Gi0/1 SA bndl 32768 0xa 0xa 0x2 0x3d
Partner's information:
 Partner Partner LACP Partner Partner Partner Partner Partner
Port Flags State Port Priority Admin Key Oper Key Port Number Port State
Gi0/1 SA bndl 32768 0x0 0xa 0x118 0x3d
Port: Gi0/2
Port state = bndl
Channel group = 10 Mode = LACP/ active
Port-channel = Po10
Flags: S - Device is sending Slow LACPDUs F - Device is sending fast LACPDUs.
 A - Device is in active mode. P - Device is in passive mode.
Local information:
 LACP port Admin Oper Port Port
Port Flags State Priority Key Key Number State
Gi0/2 SA bndl 32768 0xa 0xa 0x3 0x3d
Partner's information:
 Partner Partner LACP Partner Partner Partner Partner Partner
Port Flags State Port Priority Admin Key Oper Key Port Number Port State
Gi0/2 SA bndl 32768 0x0 0xa 0x119 0x3d
mdbl-int-fw-01#
mdbl-int-fw-01#
mdbl-int-fw-01#
mdbl-int-fw-01#
mdbl-int-fw-01# sho port-channel ?
<1-48> Channel group number
brief Brief information
detail Detail information
port Port information
protocol protocol enabled
summary One-line summary per channel-group
| Output modifiers
<cr>
mdbl-int-fw-01# sho fail
mdbl-int-fw-01# sho failover st
mdbl-int-fw-01# sho failover state
 State Last Failure Reason Date/Time
This host - Primary
 Active None
Other host - Secondary
 Failed Ifc Failure 22:03:03 UTC Jan 8 2014
 outside: No Link
 dmz: No Link
 mgt: No Link
 inside: No Link
====Configuration State===
 Sync Done
====Communication State===
 Mac set
mdbl-int-fw-01#
mdbl-int-fw-01#
mdbl-int-fw-01#
mdbl-int-fw-01# sho failover
Failover On
Failover unit Primary
Failover LAN Interface: failover GigabitEthernet0/3 (up)
Unit Poll frequency 200 milliseconds, holdtime 800 milliseconds
Interface Poll frequency 500 milliseconds, holdtime 5 seconds
Interface Policy 1
Monitored Interfaces 4 of 114 maximum
failover replication http
Version: Ours 8.6(1)2, Mate 8.6(1)2
Last Failover at: 02:16:48 UTC Jan 8 2014
 This host: Primary - Active
 Active time: 74479 (sec)
 slot 0: ASA5515 hw/sw rev (1.0/8.6(1)2) status (Up Sys)
 Interface outside (118.179.139.4): No Link (Waiting)
 Interface dmz (10.98.56.3): No Link (Waiting)
 Interface mgt (10.10.11.1): Unknown (Waiting)
 Interface inside (10.98.8.97): Normal (Waiting)
 slot 1: IPS5515 hw/sw rev (N/A/7.1(4)E4) status (Up/Up)
 IPS, 7.1(4)E4, Up
 Other host: Secondary - Failed
 Active time: 0 (sec)
 slot 0: ASA5515 hw/sw rev (1.0/8.6(1)2) status (Up Sys)
 Interface outside (118.179.139.6): No Link (Waiting)
 Interface dmz (10.98.56.2): No Link (Waiting)
 Interface mgt (0.0.0.0): No Link (Waiting)
 Interface inside (10.98.8.98): No Link (Waiting)
 slot 1: IPS5515 hw/sw rev (N/A/7.1(4)E4) status (Up/Up)
 IPS, 7.1(4)E4, Up
Stateful Failover Logical Update Statistics
 Link : failover GigabitEthernet0/3 (up)
 Stateful Obj xmit xerr rcv rerr
 General 12665 0 9929 0
 sys cmd 9929 0 9929 0
 up time 0 0 0 0
 RPC services 0 0 0 0
 TCP conn 0 0 0 0
 UDP conn 0 0 0 0
 ARP tbl 2735 0 0 0
 Xlate_Timeout 0 0 0 0
 IPv6 ND tbl 0 0 0 0
 VPN IKEv1 SA 0 0 0 0
 VPN IKEv1 P2 0 0 0 0
 VPN IKEv2 SA 0 0 0 0
 VPN IKEv2 P2 0 0 0 0
 VPN CTCP upd 0 0 0 0
 VPN SDI upd 0 0 0 0
 VPN DHCP upd 0 0 0 0
 SIP Session 0 0 0 0
 Route Session 0 0 0 0
 User-Identity 1 0 0 0
 Logical Update Queue Information
 Cur Max Total
 Recv Q: 0 7 9930
 Xmit Q: 0 30 99581
mdbl-int-fw-01#
mdbl-int-fw-01#
mdbl-int-fw-01# sho failover state
 State Last Failure Reason Date/Time
This host - Primary
 Active None
Other host - Secondary
 Failed Ifc Failure 22:03:03 UTC Jan 8 2014
 outside: No Link
 dmz: No Link
 mgt: No Link
 inside: No Link
====Configuration State===
 Sync Done
====Communication State===
 Mac set
mdbl-int-fw-01# sho failover ?
descriptor Show failover interface descriptors. Two numbers are shown for
 each interface. When exchanging information regarding a
 particular interface, this unit uses the first number in messages
 it sends to its peer. And it expects the second number in
 messages it receives from its peer. For trouble shooting, collect
 the show output from both units and verify that the numbers
 match.
exec Show failover command execution information
history Show failover switching history
interface Show failover command interface information
state Show failover internal state information
statistics Show failover command interface statistics information
| Output modifiers
<cr>
mdbl-int-fw-01# sho failover inter
mdbl-int-fw-01# sho failover interface
 interface failover GigabitEthernet0/3
 System IP Address: 10.98.8.89 255.255.255.248
 My IP Address : 10.98.8.89
 Other IP Address : 10.98.8.90
mdbl-int-fw-01# sho failover stati
mdbl-int-fw-01# sho failover statistics
 tx:995725
 rx:980617
mdbl-int-fw-01# sho failover hi
mdbl-int-fw-01# sho failover history
==========================================================================
From State To State Reason
==========================================================================
02:16:40 UTC Jan 8 2014
Not Detected Negotiation No Error
02:16:48 UTC Jan 8 2014
Negotiation Just Active No Active unit found
02:16:48 UTC Jan 8 2014
Just Active Active Drain No Active unit found
02:16:48 UTC Jan 8 2014
Active Drain Active Applying Config No Active unit found
02:16:48 UTC Jan 8 2014
Active Applying Config Active Config Applied No Active unit found
02:16:48 UTC Jan 8 2014
Active Config Applied Active No Active unit found
==========================================================================
mdbl-int-fw-01# sho failover
Failover On
Failover unit Primary
Failover LAN Interface: failover GigabitEthernet0/3 (up)
Unit Poll frequency 200 milliseconds, holdtime 800 milliseconds
Interface Poll frequency 500 milliseconds, holdtime 5 seconds
Interface Policy 1
Monitored Interfaces 4 of 114 maximum
failover replication http
Version: Ours 8.6(1)2, Mate 8.6(1)2
Last Failover at: 02:16:48 UTC Jan 8 2014
 This host: Primary - Active
 Active time: 74554 (sec)
 slot 0: ASA5515 hw/sw rev (1.0/8.6(1)2) status (Up Sys)
 Interface outside (118.179.139.4): No Link (Waiting)
 Interface dmz (10.98.56.3): No Link (Waiting)
 Interface mgt (10.10.11.1): Unknown (Waiting)
 Interface inside (10.98.8.97): Normal (Waiting)
 slot 1: IPS5515 hw/sw rev (N/A/7.1(4)E4) status (Up/Up)
 IPS, 7.1(4)E4, Up
 Other host: Secondary - Failed
 Active time: 0 (sec)
 slot 0: ASA5515 hw/sw rev (1.0/8.6(1)2) status (Up Sys)
 Interface outside (118.179.139.6): No Link (Waiting)
 Interface dmz (10.98.56.2): No Link (Waiting)
 Interface mgt (0.0.0.0): No Link (Waiting)
 Interface inside (10.98.8.98): No Link (Waiting)
 slot 1: IPS5515 hw/sw rev (N/A/7.1(4)E4) status (Up/Up)
 IPS, 7.1(4)E4, Up
Stateful Failover Logical Update Statistics
 Link : failover GigabitEthernet0/3 (up)
 Stateful Obj xmit xerr rcv rerr
 General 12676 0 9938 0
 sys cmd 9938 0 9938 0
 up time 0 0 0 0
 RPC services 0 0 0 0
 TCP conn 0 0 0 0
 UDP conn 0 0 0 0
 ARP tbl 2737 0 0 0
 Xlate_Timeout 0 0 0 0
 IPv6 ND tbl 0 0 0 0
 VPN IKEv1 SA 0 0 0 0
 VPN IKEv1 P2 0 0 0 0
 VPN IKEv2 SA 0 0 0 0
 VPN IKEv2 P2 0 0 0 0
 VPN CTCP upd 0 0 0 0
 VPN SDI upd 0 0 0 0
 VPN DHCP upd 0 0 0 0
 SIP Session 0 0 0 0
 Route Session 0 0 0 0
 User-Identity 1 0 0 0
 Logical Update Queue Information
 Cur Max Total
 Recv Q: 0 7 9940
 Xmit Q: 0 30 99677

Hi Ganesan,
I am proposing a design like this. You can have the STP in pvst mode and have a different priority set for the core switch to make it core a as root bridge. There is nothing wrong with your design you have made you core switch which will be physically down to your firewall... but in real it comes on the top of your firewall as well... But spanning tree conf should be done properly to achieve this... I have proposed my design which is pretty simple but easy for troubleshoot....
You can have your firewalls connected to core switch on the down and can directly connected to router on outside... always core a -->py fw--rtra will be the primary path... if anything goes wrong then secondary line will come in to picture....
make sure that your hsrp will have high priority to ur core a vlan conf for the access switches.....
Please do rate for the helpful posts.
By
Karthik

Error when using the REF eCATT command ....

Hi,
When the REF command is used in an eCATT test script to execute another eCATT, only the first REF command executes successfully - all subsequent REF commands fail with these error msgs 'Error in eCATT function SAPGUI', 'Error in Control', 'Message raised at CL_APL_ECATT_LINE_INTERPRETER =CM00K LINE   347'.
Executed separately, the referenced eCATT test scripts are successful.   Executed from one eCATT test script via the REF command, only the first REF command is successful. We are on SAP 6.7 6.40, GUI is 6.40 as well.
Any suggestions would be appreciated - Thanks !

Thanks for the reply, Jonathan.   Still having the same problem after implementing your suggestion.   Any other suggestions you have would be appreciated.
The ResetGUI = 'X' was done for each command interface in the REFerenced test scripts.   The ResetGUI statement was only found immediately after the 'Command Interface' statement (wasn't found after the 'Processed Screen' statement).
The error still happens for the second and all subsequent test scripts referenced by the 'REF' command.   In the failed REF test scripts, the ConnectionID, SessionID, and SystemInfo statements are the failed statments (red lights beside them).   These three statements are immediately after the ResetGUI = 'X' statment (which has a green light).
Different execution options have been tried, including closing, and not closing, generated GUI sessions.
Really at a loss here to figure out how to get the REF statement to work !

ATA command interface

Similar Messages

Maybe you are looking for