Cisco NAS IP is SSID interface IP and not WLC IP
Hi,
The radius packets are being dropped on my ISE deployment because the NAS IP is being detected as the SSID IP and not the IP of the WLC. I want the IP of the WLC to be the NAS IP because the WLC is what I've configured as the NAD in the ISE itself.
I have configured the management interface IP - 192.168.1.1 (from where I access the GUI) as the NAD in ISE.
The SSID interface IP is 192.168.7.1. Obviously, since this isn't configured as a NAD in ISE, the radius packets sourced from this IP are being dropped.
I have another SSID with IP 192.168.5.1, but in this case, the NAS IP mentioned in the ISE logs indicate the WLC Management IP which is perfectly fine and this is what should happen.
Similar Messages
-
Photoshop CS6 unusable -interface freezes and not enough memory message - on a specific hardware
I usually speak french but I'll try to be as clear as possible.
I work as a technician in a school and we're experiencing a major issue with Photoshop CS6.
We have 3 differents computer's hardware. Photoshop CS6 works fine on 2 of them.
On the other though, Photoshop CS6 is unusable. With this specific hardware, Photoshop has the same weird behavior on each machine (around 50), so it's not related to an hardware malfunction (like bad ram) I suppose.
Our problem is this: Once Photoshop is opened and you minimize it in the task bar, as soon as you maximise it to use it again, the interface doesn't respond well at all, the interface is all messed up, some windows are missing and most of the time Photoshop freezes. And after that, whatever we try to do, like selecting whatever option, we have the ''not enough memory'' message. So we can't do nothing with the program after that, from selecting another tool to saving a file.
Even when no file is opened and we have plenty of RAM that can be used, the problem is there.
The same problem occurs if we open a window above Photoshop (internet, word, everything). As soon as we go back to work in Photoshop, the interface freezes and windows are missing, and we get the same not enough memory message every time.
We already tried to change/desactivate each performance settings in Photoshop, we already installed the latest Photoshop CS6 update.
We've updated BIOS, processor driver, graphic card driver, etc.
We have this problem with Photoshop CS6 64 bits and 32 bits.
We dont have this problem with any other program in the CS6 suite.
We dont have this problem with Photoshop CS5.
We have the same graphic card and driver on the others computers where Photoshop CS6 works perfectly well.
What's bugging us is everything else in the production suite works fine!
Please, do you think of anything else we can try?
We're hopeless!
Here is the specific hardware where the problem occur.
Hardware:
Dell Inspiron T3500
Intel XEON e5220 2.27 ghz
6 GIGS (RAM)
Quadro FX 1800
Plenty of available hard-disk.
VRAM: 768 MB
OPEN GL: Version 3.3
Windows 7 Professional SP1Yes! There it this (sorry our Photoshop version is in french since we are a french school, I hope it's still useful to you) .
Please note that it's not with the latest Adobe update available, but we've tried it on an other computer but I can't access it right now. But the adobe update did'nt solve the problem either.
Version Adobe Photoshop : 13.0 (13.0 20120315.r.428 2012/03/15:21:00:00) x64
Système d'exploitation : Windows 7 64 bits
Version : 6.1 Service Pack 1
Architecture système : UC Intel Famille :6, modèle :10, niveau :5 avec MMX, SSE Entier, SSE FP, SSE2, SSE3, SSE4.1, SSE4.2, HyperThreading
Nombre de processeurs physiques : 4
Nombre de processeurs logiques : 8
Vitesse du processeur : 2266 MHz
Mémoire intégrée : 6142 Mo
Mémoire libre : 4316 Mo
Mémoire disponible pour Photoshop : 5361 Mo
Mémoire utilisée par Photoshop : 60 %
Taille de la mosaïque d'images : 128K
Niveaux de mémoire cache de l'image : 4
Dessin OpenGL : Activé.
Mode de dessin OpenGL : Standard
Mode OpenGL normal autorisé : Vrai.
Mode OpenGL avancé autorisé : Vrai.
Anciens GPU OpenGL autorisés : Non détectés.
Fournisseur de la carte vidéo : NVIDIA Corporation
Module de rendu de la carte vidéo : Quadro FX 1800/PCIe/SSE2
Affichage : 1
Limites d'affichage : = haut : 0, gauche : 0, bas : 1200, droite : 1920
N° de la carte vidéo : 1
Carte vidéo : NVIDIA Quadro FX 1800
OpenCL Non disponible
Version du pilote : 8.17.12.9573
Date du pilote : 20120209000000.000000-000
Pilote de la carte vidéo : nvd3dumx.dll,nvwgf2umx.dll,nvwgf2umx.dll,nvd3dum,nvwgf2um,nvwgf2um
Mode vidéo : 1920 x 1200 x 4294967296 couleurs
Nom de la carte vidéo : NVIDIA Quadro FX 1800
Mémoire vidéo : 768 Mo
Taille de la texture rectangle vidéo : 8192
Numéro de série : 92278706405826761289
Dossier de l'application : C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\
Chemin des fichiers temporaires : C:\Users\elebel\AppData\Local\Temp\
Le disque de travail de Photoshop comporte l'E/S asynchrone activé.
Volume(s) de travail :
C:\, 405,5 Go, 363,7 Go libres
Dossier des modules externes obligatoires : C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Required\
Dossier principal des modules externes : C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Plug-ins\
Dossier des modules externes complémentaires : non défini
Composants installés :
A3DLIBS.dll A3DLIB Dynamic Link Library 9.2.0.112
ACE.dll ACE 2012/01/18-15:07:40 66.492997 66.492997
adbeape.dll Adobe APE 2012/01/25-10:04:55 66.1025012 66.1025012
AdobeLinguistic.dll Adobe Linguisitc Library 6.0.0
AdobeOwl.dll Adobe Owl 2012/02/09-16:00:02 4.0.93 66.496052
AdobePDFL.dll PDFL 2011/12/12-16:12:37 66.419471 66.419471
AdobePIP.dll Adobe Product Improvement Program 6.0.0.1654
AdobeXMP.dll Adobe XMP Core 2012/02/06-14:56:27 66.145661 66.145661
AdobeXMPFiles.dll Adobe XMP Files 2012/02/06-14:56:27 66.145661 66.145661
AdobeXMPScript.dll Adobe XMP Script 2012/02/06-14:56:27 66.145661 66.145661
adobe_caps.dll Adobe CAPS 6,0,29,0
AGM.dll AGM 2012/01/18-15:07:40 66.492997 66.492997
ahclient.dll AdobeHelp Dynamic Link Library 1,7,0,56
aif_core.dll AIF 3.0 62.490293
aif_ocl.dll AIF 3.0 62.490293
aif_ogl.dll AIF 3.0 62.490293
amtlib.dll AMTLib (64 Bit) 6.0.0.75 (BuildVersion: 6.0; BuildDate: Mon Jan 16 2012 18:00:00) 1.000000
ARE.dll ARE 2012/01/18-15:07:40 66.492997 66.492997
AXE8SharedExpat.dll AXE8SharedExpat 2011/12/16-15:10:49 66.26830 66.26830
AXEDOMCore.dll AXEDOMCore 2011/12/16-15:10:49 66.26830 66.26830
Bib.dll BIB 2012/01/18-15:07:40 66.492997 66.492997
BIBUtils.dll BIBUtils 2012/01/18-15:07:40 66.492997 66.492997
boost_date_time.dll DVA Product 6.0.0
boost_signals.dll DVA Product 6.0.0
boost_system.dll DVA Product 6.0.0
boost_threads.dll DVA Product 6.0.0
cg.dll NVIDIA Cg Runtime 3.0.00007
cgGL.dll NVIDIA Cg Runtime 3.0.00007
CIT.dll Adobe CIT 2.0.5.19287 2.0.5.19287
CoolType.dll CoolType 2012/01/18-15:07:40 66.492997 66.492997
data_flow.dll AIF 3.0 62.490293
dvaaudiodevice.dll DVA Product 6.0.0
dvacore.dll DVA Product 6.0.0
dvamarshal.dll DVA Product 6.0.0
dvamediatypes.dll DVA Product 6.0.0
dvaplayer.dll DVA Product 6.0.0
dvatransport.dll DVA Product 6.0.0
dvaunittesting.dll DVA Product 6.0.0
dynamiclink.dll DVA Product 6.0.0
ExtendScript.dll ExtendScript 2011/12/14-15:08:46 66.490082 66.490082
FileInfo.dll Adobe XMP FileInfo 2012/01/17-15:11:19 66.145433 66.145433
filter_graph.dll AIF 3.0 62.490293
hydra_filters.dll AIF 3.0 62.490293
icucnv40.dll International Components for Unicode 2011/11/15-16:30:22 Build gtlib_3.0.16615
icudt40.dll International Components for Unicode 2011/11/15-16:30:22 Build gtlib_3.0.16615
image_compiler.dll AIF 3.0 62.490293
image_flow.dll AIF 3.0 62.490293
image_runtime.dll AIF 3.0 62.490293
JP2KLib.dll JP2KLib 2011/12/12-16:12:37 66.236923 66.236923
libifcoremd.dll Intel(r) Visual Fortran Compiler 10.0 (Update A)
libmmd.dll Intel(r) C Compiler, Intel(r) C++ Compiler, Intel(r) Fortran Compiler 10.0
LogSession.dll LogSession 2.1.2.1640
mediacoreif.dll DVA Product 6.0.0
MPS.dll MPS 2012/02/03-10:33:13 66.495174 66.495174
msvcm80.dll Microsoft® Visual Studio® 2005 8.00.50727.6195
msvcm90.dll Microsoft® Visual Studio® 2008 9.00.30729.1
msvcp100.dll Microsoft® Visual Studio® 2010 10.00.40219.1
msvcp80.dll Microsoft® Visual Studio® 2005 8.00.50727.6195
msvcp90.dll Microsoft® Visual Studio® 2008 9.00.30729.1
msvcr100.dll Microsoft® Visual Studio® 2010 10.00.40219.1
msvcr80.dll Microsoft® Visual Studio® 2005 8.00.50727.6195
msvcr90.dll Microsoft® Visual Studio® 2008 9.00.30729.1
pdfsettings.dll Adobe PDFSettings 1.04
Photoshop.dll Adobe Photoshop CS6 CS6
Plugin.dll Adobe Photoshop CS6 CS6
PlugPlug.dll Adobe(R) CSXS PlugPlug Standard Dll (64 bit) 3.0.0.383
PSArt.dll Adobe Photoshop CS6 CS6
PSViews.dll Adobe Photoshop CS6 CS6
SCCore.dll ScCore 2011/12/14-15:08:46 66.490082 66.490082
ScriptUIFlex.dll ScriptUIFlex 2011/12/14-15:08:46 66.490082 66.490082
tbb.dll Intel(R) Threading Building Blocks for Windows 3, 0, 2010, 0406
tbbmalloc.dll Intel(R) Threading Building Blocks for Windows 3, 0, 2010, 0406
TfFontMgr.dll FontMgr 9.3.0.113
TfKernel.dll Kernel 9.3.0.113
TFKGEOM.dll Kernel Geom 9.3.0.113
TFUGEOM.dll Adobe, UGeom© 9.3.0.113
updaternotifications.dll Adobe Updater Notifications Library 6.0.0.24 (BuildVersion: 1.0; BuildDate: BUILDDATETIME) 6.0.0.24
WRServices.dll WRServices Friday January 27 2012 13:22:12 Build 0.17112 0.17112
wu3d.dll U3D Writer 9.3.0.113
Modules externes obligatoires :
3D Studio 13.0 (13.0 20120315.r.428 2012/03/15:21:00:00)
ADM 3.11x01
Aérographe 13.0
Aplatissement 13.0 (13.0 20120315.r.428 2012/03/15:21:00:00)
Aquarelle 13.0
Asymétrie 13.0 (13.0 20120315.r.428 2012/03/15:21:00:00)
Barbouillage 13.0
Bas-relief 13.0
BMP 13.0
Camera Raw 7.0
Carrelage 13.0
Chrome 13.0
Cineon 13.0 (13.0 20120315.r.428 2012/03/15:21:00:00)
Cisaillement 13.0
Collada 13.0 (13.0 20120315.r.428 2012/03/15:21:00:00)
CompuServe GIF 13.0
Contour accentué 13.0
Contour déchiré 13.0
Contour encré 13.0
Contour lumineux 13.0
Contour postérisé 13.0
Contraction 13.0
Coordonnées polaires 13.0
Correction de l'objectif 13.0
Couleurs NTSC 13.0 (13.0 20120315.r.428 2012/03/15:21:00:00)
Couteau à palette 13.0
Craie/Fusain 13.0
Craquelure 13.0
Crayon Conté 13.0
Crayon de couleur 13.0
Cristallisation 13.0
Croisillons 13.0
Découpage 13.0
Demi-teintes couleur 13.0
Désentrelacement 13.0
Diagonales 13.0
Dicom 13.0
Dispersion 13.0
Eazel Acquire 13.0 (13.0 20120315.r.428 2012/03/15:21:00:00)
Ecart type 13.0 (13.0 20120315.r.428 2012/03/15:21:00:00)
Effet mosaïque 13.0
Effet pointilliste 13.0
Emballage plastique 13.0
Enregistrer pour le Web 13.0
Entropie 13.0 (13.0 20120315.r.428 2012/03/15:21:00:00)
Eponge 13.0
Etalement 13.0
Extension WIA 13.0 (13.0 20120315.r.428 2012/03/15:21:00:00)
Extrusion 13.0
Fibres 13.0
Filtre Collection d'images 13.0 (13.0 20120315.r.428 2012/03/15:21:00:00)
Filtre Rogner et désincliner les photos 13.0
Flash 3D 13.0 (13.0 20120315.r.428 2012/03/15:21:00:00)
Flou de l'objectif 13.0
Flou optimisé 13.0
Flou radial 13.0
Fluidité 13.0
Format IFF 13.0
Fresque 13.0
Fusain 13.0
Galerie de filtres 13.0
Google Earth 4 13.0 (13.0 20120315.r.428 2012/03/15:21:00:00)
Grain 13.0
Grain photo 13.0
Grand-angle adaptatif 13.0
Halo 13.0
HDRMergeUI 13.0
Insertion filigrane 4.0
JPEG 2000 13.0
Lecture filigrane 4.0
Lueur diffuse 13.0
Matlab Operation 13.0 (13.0 20120315.r.428 2012/03/15:21:00:00)
Maximum 13.0 (13.0 20120315.r.428 2012/03/15:21:00:00)
Médiane 13.0 (13.0 20120315.r.428 2012/03/15:21:00:00)
Mezzo-tinto 13.0
Minimum 13.0 (13.0 20120315.r.428 2012/03/15:21:00:00)
Moteur 3D Photoshop 13.0 (13.0 20120315.r.428 2012/03/15:21:00:00)
Moyenne 13.0 (13.0 20120315.r.428 2012/03/15:21:00:00)
Moyenne 13.0 (13.0 20120315.r.428 2012/03/15:21:00:00)
Multiprocesseur 13.0 (13.0 20120315.r.428 2012/03/15:21:00:00)
Néon 13.0
Noir/Blanc 13.0
Noyau de mesures 13.0 (13.0 20120315.r.428 2012/03/15:21:00:00)
Nuages 13.0 (13.0 20120315.r.428 2012/03/15:21:00:00)
Nuages par différence 13.0 (13.0 20120315.r.428 2012/03/15:21:00:00)
Océan 13.0
Onde 13.0
Ondulation 13.0
OpenEXR 13.0
Papier gaufré 13.0
Papier humide 13.0
Pastels 13.0
Patchwork 13.0
PCX 13.0 (13.0 20120315.r.428 2012/03/15:21:00:00)
Peinture à l'huile 13.0
Photocopie 13.0
Pinceau à sec 13.0
Pixar 13.0 (13.0 20120315.r.428 2012/03/15:21:00:00)
Placage de texture 13.0
Plâtre 13.0
Plume calligraphique 13.0
PNG 13.0
Point de fuite 13.0
Pointillisme 13.0
Portable Bit Map 13.0 (13.0 20120315.r.428 2012/03/15:21:00:00)
Portée 13.0 (13.0 20120315.r.428 2012/03/15:21:00:00)
Radiance 13.0 (13.0 20120315.r.428 2012/03/15:21:00:00)
Réticulation 13.0
Rogner et désincliner les photos 13.0 (13.0 20120315.r.428 2012/03/15:21:00:00)
Routines FastCore 13.0 (13.0 20120315.r.428 2012/03/15:21:00:00)
Routines MMXCore 13.0 (13.0 20120315.r.428 2012/03/15:21:00:00)
Solarisation 13.0 (13.0 20120315.r.428 2012/03/15:21:00:00)
Sommation 13.0 (13.0 20120315.r.428 2012/03/15:21:00:00)
Soufflerie 13.0
Sous-couche 13.0
Sphérisation 13.0
Sumi-e 13.0
Support de script 13.0
Tampon 13.0
Targa 13.0
Tourbillon 13.0
Tracés vers Illustrator 13.0
Trame de demi-teintes 13.0
U3D 13.0 (13.0 20120315.r.428 2012/03/15:21:00:00)
Variance 13.0 (13.0 20120315.r.428 2012/03/15:21:00:00)
Variantes 13.0 (13.0 20120315.r.428 2012/03/15:21:00:00)
Verre 13.0
Vitrail 13.0
Wavefront|OBJ 13.0 (13.0 20120315.r.428 2012/03/15:21:00:00)
Wireless Bitmap 13.0 (13.0 20120315.r.428 2012/03/15:21:00:00)
Zigzag 13.0
Dossier des modules externes tiers et facultatifs : SANS
Modules externes dont le chargement a échoué : AUCUN
Flash :
Mini Bridge
Kuler
Modules TWAIN installés : AUCUN -
3rd network interface unknown and not found - udev renaming
I have an Arch linux based firewall with 3 wired network interfaces, one on the mobo.
In a thunderstorm one of the pci-based interfaces died.
Upon changing that one to another with the same chipset (realtek 8139) as the one on the mobo, udev hangs a long time on boot and the latter (eth2) becomes unknown and not found.
Looking at the kernel log I find the following before change:
kernel: udev[435]: renamed network interface eth1 to eth1-eth2
kernel: udev[426]: renamed network interface eth2 to eth1
kernel: udev[435]: renamed network interface eth1-eth2 to eth2
And after the change just this:
kernel: udev[426]: renamed network interface eth2 to eth2-eth1
What is going on and how can I avoid this?
ThanksCould you post the output of sudo lspci -v ?? I am wondering if the chipsets are conflicting with each other's resources. They shouldn't, but it sounds like one of them might have been a little traumatized and may be a little brain damaged. (Pardon my anthropomorphisms)
-
HSRP / interface tracking and not only
Hi All,
HSRP provides nice feature of tracking an external interface, while taking decision with regard to active HSRP router election.
What I would like to ask you is as follows:
In my network all routing decisions are based on Layer2 protocol (NSAP addresses in ATM). On a top of this, I have pure IP network without any dynamic routing protocol (neither OSPF nor BGP is not supported on ATM boxes). Now I would like to bring ATM interface down for a gateway, which does not work as an active HSRP router.
As I mentioned before Layer2 takes a decision for traffic a traffic flow. Im afraid under certain circumstances traffic may hit ATM interface attached the standby router. So what next? Wont be properly routed via HSRP pair. Is my understanding correct?
I would like to have activated only one ATM interface running on active HSRP router, on the standby line protocol should be down. When HSRP re-election process takes place, newly activated router becomes active and in the first order changes protocol line to active. Is that possible?
Just as a last remark, ATM interfaces are monitored (tracked) only. Standby group is configured on Ethernet ports.
Regards,
ArturHello Artur,
HSRP 'tracking' feature is solely to take down the 'HSRP STATUS' to up or down and it has no bearing on the actual line protocol state of the interface.
So if you desire that HSRP should bring down the ATM interface, then that is not possible. HSRP tracking would only change the 'priority' of that interface and not bring it down/up.
Let me know if i understood and answered your question correctly, -
Cisco ASA 5505 Cannot ping local traffic and local hosts cannot get out
I have, what I believe to be, a simple issue - I must be missing something.
Site to Site VPN with Cisco ASA's. VPN is up, and remote hosts can ping the inside int of ASA (10.51.253.209).
There is a PC (10.51.253.210) plugged into e0/1.
I know the PC is configured correctly with Windows firewall tuned off.
The PC cannot get to the ouside world, and the ASA cannot ping 10.51.253.210.
I have seen this before, and I deleted VLAN 1, recreated it, and I could ping the local host without issue.
Basically, the VPN is up and running but PC 10.51.253.210 cannot get out.
Any ideas? Sanitized Config is below. Thanks !
ASA Version 7.2(4)
hostname *****
domain-name *****
enable password N7FecZuSHJlVZC2P encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Vlan1
nameif Inside
security-level 100
ip address 10.51.253.209 255.255.255.248
interface Vlan2
nameif Outside
security-level 0
ip address ***** 255.255.255.248
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
shutdown
interface Ethernet0/3
shutdown
interface Ethernet0/4
shutdown
interface Ethernet0/5
shutdown
interface Ethernet0/6
shutdown
interface Ethernet0/7
shutdown
ftp mode passive
dns server-group DefaultDNS
domain-name *****
access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 10.1.7.0 255.255.255.0
access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 host 10.1.10.250
access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 host 10.1.3.200
access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 host 10.1.3.9
access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 host 10.10.10.14
access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 host 10.10.10.15
access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 host 10.10.10.16
access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 10.1.9.0 255.255.255.0
access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 10.10.9.0 255.255.255.0
access-list No_NAT extended permit ip 10.51.253.208 255.255.255.248 ***** 255.255.255.240
access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 10.1.7.0 255.255.255.0
access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 host 10.1.10.250
access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 host 10.1.3.200
access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 host 10.1.3.9
access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 host 10.10.10.14
access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 host 10.10.10.15
access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 host 10.10.10.16
access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 10.1.9.0 255.255.255.0
access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 10.10.9.0 255.255.255.0
access-list Outside_VPN extended permit ip 10.51.253.208 255.255.255.248 ***** 255.255.255.240
pager lines 24
mtu Outside 1500
mtu Inside
icmp unreachable rate-limit 1 burst-size 1
icmp permit any Outside
no asdm history enable
arp timeout 14400
global (Outside) 1 interface
nat (Inside) 0 access-list No_NAT
route Outside 0.0.0.0 0.0.0.0 ***** 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
aaa authentication enable console LOCAL
aaa authentication serial console LOCAL
aaa authentication ssh console LOCAL
http server enable
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set DPS_Set esp-3des esp-md5-hmac
crypto map DPS_Map 10 match address Outside_VPN
crypto map DPS_Map 10 set peer *****
crypto map DPS_Map 10 set transform-set *****
crypto map DPS_Map interface Outside
crypto isakmp enable Outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 28800
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 Outside
ssh timeout 60
console timeout 0
management-access Inside
username test password P4ttSyrm33SV8TYp encrypted
tunnel-group ***** type ipsec-l2l
tunnel-group ***** ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
Cryptochecksum:8d0adca63eab6c6c738cc4ab432f609d
: end
1500Hi Martin,
Which way you are trying. Sending traffic via site to site is not working or traffic which you generate to outside world is not working?
But you say ASA connected interface to PC itself is not pinging that is strange. But try setting up the specific rules for the outgoing connection and check. Instead of not having any ACL.
If it is outside world the you may need to check on the NAT rules which is not correct.
If it is site to site then you may need to check few other things.
Please do rate for the helpful posts.
By
Karthik -
Question on Interface Groups and Mobility
Hi everyone.
I have a small question.
I have two 5508 controllers with 6 Access Points (3 on each controller). The network layout has one AP on one controller, one on the other, 45 degrees and about 100ft apart from each other.
In this layout the clients roam from one AP to the other, one controller to the other, but there are certain times where the client loses connectivity to the network (layer 3). I don't see any disconnect or roaming messages in the controller logs, but the laptop shows a "!" sign in its wireless connection (win 7).
It can take from a few seconds to several minutes for it to get an ip address and connectivity again.
Now, for my setup:
I have 3 interfaces with different VLANs, and an interface group that binds those 3 interfaces together. The interfaces are called the same on both controllers, and the interface group as well.
The wlan number is the same, as the SSID configuration.
The question is:
When the client roams to the other controller, does it retain the same interface/VLAN configuration? I have found documentation stating that when the user roams and the WLC has the same subnet, it goes with no issues, but it doesn't mention interface groups. Could it be that in some handovers the client falls in a different VLAN even when it is in the same interface group?
Thanks in advance for your help.Are these two WLC in same mobility group ? If that is the case clients should not change the IP when they roam from one WLC to another. Even in interface group configuration it should work like this.
Here is sample config I did to test this out (I haven't use interface group, but as per my understanding It should not make any difference).
http://mrncciew.com/2013/03/17/l3-inter-controller-roaming/
HTH
Rasika -
Cisco ISE with multiple Network interface
Hello,
I am deploying Cisco ISE 1.2 in a distributed deployment and the requirement is to use external Radius proxy feature. ISE PSNs are designed to have 2 L3 NIC's, Eth0 for administration and Eth1 as client side facing NIC for Radius requests. I am interested to know would Cisco ISE in version 1.2 use Eth1 interface to send RADIUS authentication request to external RADIUS Proxy server.
Could not find above information in Cisco SNS-3400 Series Appliance Ports Reference.
http://www.cisco.com/en/US/docs/security/ise/1.2/installation_guide/ise_app_c-ports.html
Thanks
KumarThanks Ahmad for the reply.
Cisco ISE uses standard RADIUS authentication and authorization port to send request to Exteranl RADIUS proxy. As per the interface/port refrence guide of version 1.2 this is listed that is causing a confusion :-
Eth0
Eth1
Eth2
Eth3
Policy Service node
Session
•UDP:1645, 1812 (RADIUS Authentication)
•UDP:1646, 1813 (RADIUS Accounting)
•UDP: 1700 (RADIUS change of authorization Send)
•UDP: 1700, 3799 (RADIUS change of authorization Listen/Relay)
External Identity Stores
and Resources
•TCP: 389, 3268, UDP: 389 (LDAP)
•TCP: 445 (SMB)
•TCP: 88, UDP: 88 (KDC)
•TCP: 464 (KPASS)
•UDP: 123 (NTP)
•TCP: 53, UDP: 53 (DNS)
(Admin user interface authentication and endpoint authentication)
In external Identity Stores and Resources it says Eth0 is used for (Admin user interface authentication and endpoint authentication), where under sessions it lists that all ports can be used for RADIUS Authentication and Authorization.
I am not sure what I am missing to understand between the two if you can highlight that.
Thanks
Kumar -
FWSM interface monitoring and best practices documentation.
Hello everyone
I have a couple of questions regarding vlan interface monitoring and best practices specifically for this service module.
I couldn’t find a suggestion or guideline as for how to define a VLAN interface on a management station. The FWSM total throughput is 5.5gbs and the interfaces are mapped to vlans carried on trunks over 10gb etherchannels. Is there a common practice, or past experience, to set some physical parameters to logical interfaces? "show interface" command states BW as unknown.
Additionally, do any of you have a document addressing best practices for FWSM? I have this for other platforms and general recommendations based on newer ASA versions but nothing related to FWSM.
Thanks a lot!
Regards
GuidoHi,
If you are looking for some more command to check for the throughput through the module:-
show firewall module <number> traffic
Also , I think as this is End of life , you might have to check for some old documentation from Cisco on the best practices.
http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-series-switches/prod_white_paper0900aecd805457cc.html
https://supportforums.cisco.com/discussion/11540181/ask-expertconfiguring-troubleshooting-best-practices-asa-fwsm-failover
Thanks and Regards,
Vibhor Amrodia -
Cisco Prime 1.2 device interface alarms
Hello All,
I am working on Cisco Prime Infrastructure 1.2.1.012. I have enabled prime to report interface up and down messages.
But I am seeing some strange messages such as below,
Alarm Condition:Link down
Message: Port '{0}' is up on device '{1}'.
This is happening for some of the interfaces of the switch. For the same switch if there is any interface activity I can see alram message as,
Message: Port 'GigabitEthernet0/43' is up on device '10.104.xx.xx'
which is good and undestandable. Why the interface name is shown as {0}?
Any suggestions would be much appreciated.
Regards,
GirishJust found the solution to the problem!
Bug ID: CSCuf55719, Incomplete link down detection: Port '{0}' is down on device '{1}'.
It seems this issue will be fixed in PI 2.0.
Regards, -
Cisco 1262 AP cannot access via cosole and GUI
Hi,
I have a Cisco AIR-LAP1262N-E-9 but I cannot access via console and GUI. Also, I noticed that after getting IP address from DHCP server, its IP address will be released after 2minutes. Then after a while, the access point will get another new IP address. And this happens repeatedly.
Hoping for some help out there...
Thanks,
shawnHi Manas,
Thanks for your comments.
I have a WLC 5508 controller. I just want to have a basic setup for my upcoming project implementation. On my test bed, I have WLC, 2 sets of AP, and PoE L3 switch. The L3 switch serves as a DHCP server to APs. I manually set the Management Interface IP address of WLC in the same VLAN of the DHCP scope for AP just for basic connectivity. Upon powering up the APs, the WLC detected the APs. However, after 2-3 minutes, the WLC cannot detect anymore the APs. I also notice that the APs are getting their IP address to DHCP server but it will release after sometime..may about 3minutes. Then the APs will get again IP address and will release it. And this happens continuously. I just wish to hard code the IP settings to APs via console but I cannot access it.
Hoping for your help and thanks in advance.
Regards,
Shawn -
Cisco ASA 5520 traffic between interfaces
Hello,
I am new in the Cisco world , learning how everything goes. I have a Cisco ASA 5520 firewall that i am trying to configure, but i am stumped. Traffic does not pass trough interfaces ( i tried ping ) , although packet tracer shows everything as ok. I have attached the running config and the packet tracer. The ip's i am using in the tracer are actual hosts.
ciscoasa# ping esx_management 192.168.10.100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.100, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ciscoasa# ping home_network 192.168.10.100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.100, timeout is 2 seconds:
Success rate is 0 percent (0/5)
Thank you in advance.Hi,
Is this just a testing setup? I would suggest changing "internet" interface to "security-level 0" (just for the sake of identifying its an external interface) and not allowing all traffic from there.
I am not sure what your "packet-tracer" is testing. If you wanted to test ICMP Echo it would be
packet-tracer input home_network icmp 10.192.5.5 8 0 255 192.168.10.100
I see that you have not configured any NAT on the ASA unit. In the newer ASA software that would atleast allow communication between all interface with their real IP addresses.
I am not so sure about the older ASA versions anymore. To my understanding the "no nat-control" is default setting in your model which basically states that there is no need for NAT configurations between the interfaces the packet is going through.
Have you confirmed that all the hosts/servers have the correct default gateway/network mask configurations so that traffic will flow correctly outside their own network?
Have you confirmed that there are no firewall software on the actual server/host that might be blocking this ICMP traffic from other networks?
Naturally if wanted to try some NAT configurations you could try either of these for example just for the sake of testing
Static Identity NAT
static (home_network,esx_management) 192.168.5.0 192.168.5.0 mask 255.255.255.0
static (home_network,DMZ) 192.168.5.0 192.168.5.0 mask 255.255.255.0
static (home_network,management) 192.168.5.0 192.168.5.0 mask 255.255.255.0
OR
NAT0
access-list HOMENETWORK-NAT0 remark NAT0 to all local networks
access-list HOMENETWORK-NAT0 permit ip 192.168.5.0 255.255.255.255.0 192.168.10.0 255.255.255.0
access-list HOMENETWORK-NAT0 permit ip 192.168.5.0 255.255.255.255.0 192.168.20.0 255.255.255.0
access-list HOMENETWORK-NAT0 permit ip 192.168.5.0 255.255.255.255.0 192.168.1.0 255.255.255.0
nat (home_network) 0 access-list HOMENETWORK-NAT0
Hope this helps
- Jouni -
Hi
I recently upgrade tp 7.0.3 from 7.0.2.
While upgrade i found that i am not able to login to the web server with the admin id "admin" default created in the application server.
The same id i can login to application server , but not in wewb server.
I am getting the mentioned error "You cannot sign in to the Cisco Unified MeetingPlace Web Server interface using preconfigured system profiles".
However if i create a new user in application server and tried logging with the same in the web server it is working fine..
is it a known behaviour wirh the upgrade or i m facing some issue.
Hope i can find a solution here.
Regards
RCRC,
This behavior is stemming from a change in MP 7.0 MR2 to disable the MPWeb login for system profiles. This was an internal change made by the developers to restrict the log on to the MPWeb page by the default accounts created in MeetingPlace upon installation. The change now displays this error when the admin account is attempted to be used for MPWeb login, as you experienced-
Error:[22953] You cannot sign in to the Cisco Unified MeetingPlace Web Server interface using preconfigured system profiles.
You should be able to log into MPWeb using any other user profile that you have either created manually or pulled in from LDAP/Active Directory. You just cannot use the admin account. This is reserved for login to the MP Application Server Administration page only. I am going to work to get this information added to the MP 7.0 documentation with a note for changed behavior in MR2 and above. Here is the note from MP 8.0 documentation-
Note: You cannot use this preconfigured admin profile to access the Cisco Unified MeetingPlace Web Server interface. Instead enter the User ID and password information from one of the other user profiles that have system administrator privileges to sign in to the Web Server.
Please let me know if you have any further questions.
Thank You,
Gerry -
Generate Prime Interface Availability and Utilization Report for unified APs
Hi,
I´m trying to generate interface availability and interface utilization report for unified APs on Prime Infrastructure 2.0, but it doesn´t display any information. I have created device health and interface health templates under desing/Monitor configuration/My templates and deployed under Deploy/Monitoring deployment, but it still don´t show any information,
thaks for your help.Hi Alejandro,
Did you solve this problem? Or is it a bug?
I face the some issue with you, I just run "Report/Report Launch Pad/Deivce/Interface Utilization"
and then I create a report for interface utilization.
But it display nothing when the report run finished.
I ask some guys in this forum, they said maybe it's a PI2.1 bug.
BR
Frank -
Names of interface tables and interface programs of oracle modules
Hi all,
i need urgent and accurate information about the names of interface tables and interface programs of the following oracle modules,R12, or either ther are custom made. Any accurate link refering to the desire information would be much appreciated.
Plus i need a clear and simple definition and purpose of interface tables and interface program and by what other names are they known in industry.
Data Object,Oracle Module
Chart of Accounts,Oracle General Ledger
Trial Balance,Oracle General Ledger
Supplier Master,Oracle Payables
Open Supplier Invoices,Oracle Payables
Open Supplier Credit/ Debit Memos,Oracle Payables
Open Supplier Advances,Oracle Payables
Bank Master,Oracle Cash Management
Customer Master,Oracle Receivable
Asset Categories,Oracle Assets
Asset Master,Oracle Assets
Item Master,Oracle Inventory
Item Categories,Oracle Inventory
Sub Inventory and Locators,Oracle Inventory
Item On Hand Balances,Oracle Inventory
Item wise Per unit Cost,Oracle Inventory
Bill of Material,Oracle Discrete Manufacturing
Departments,Oracle Discrete Manufacturing
Operations,Oracle Discrete Manufacturing
Routings,Oracle Discrete Manufacturing
Resources,Oracle Discrete Manufacturing
Overheads,Oracle Discrete Manufacturing
Employee Master,Approval Hierarchy
Approval Hierarchy,Approval Hierarchy
Open Customer Invoices,Oracle Receivables
Open Customer Credit/ Debit Memos,Oracle Receivables
Open Customer Advances,Oracle Receivables
Pending Requisitions,Oracle Purchasing
Pending Purchase Orders,Oracle Purchasing
Open Sales Orders,Oracle Order Management
Price List,Oracle Order ManagementHi;
Its metalink note you need to login metalink wiht valid CSI(customer Support Identifier) number to can se note via using note number.
Please see:
Oracle EBS Based and Interface tables
Oracle EBS Based and Interface tables
Regard
Helios -
Hi, I'm using a Mac Pro here. I am trying to connect it with my NAS hard drive. But i could not connect to it because i have an ethernet which connects to the intranet in my company and Air Port for the internet and it could not detect the the ip address after i input the correct address on "Connect to Server" window. Please help! Urgent! Thanks
I did not say it is not possible.
I said if your company networks are monopolizing both ports, you should talk to them about what options are available.
Maybe you can get the company Intranet over wireless if you change some configuration items such as Subnet Mask.
Maybe you can get on the Internet over Ethernet.
You really need to ask them, and do not let them blow you off because you have a Mac. If they balk, ask them how it would be done on a PC (becasue it will be the same on a Mac).
Maybe you are looking for
-
Dreamweaver customer support woes...
Hoping that someone at Adobe might actually read customer letters... Bill Curry Box 44, Port Maitland Nova Scotia, Canada B0W2V0 July 22, 2009 Shantanu Narayen President and Chief Executive Officer Adobe Systems, Inc. 345 Park Avenue San Jose, CA
-
Forall with multi dml statements
hi I am trying to write a procedure for learning purpose, but it gives error message. Normally we use for loops, it is slow but for loop is a block and you can execute many select and dml statements inside for loop. I want to achieve this with bulk c
-
Can't stop wrong email address autofilling
Hi can any one help me please when I try to email people it keeps printing me to write wrong address is has only happened since the wife used my iPad to order stuff from the net this is the problem here My email address starts Toffa@ but when I try t
-
Caching Mode, groups, address book
GroupWise 2014 SP HP1 Hi, we experience problemes with groups in caching mode: while they show up correct with members in online mode and in WebAccess, they are empty in caching mode. I tried "Refresh", "Retrieve GW Address Book" and "Retrieve Entire
-
Can be implemented with Java 2D?
Could anyone tell me what kind of effect in this flash animation? it can be implemented with Java 2D? http://www.echt-wahnsinn.de/liebesgesichtflash.htm