Control Plane Policy not allowing ssh on my 3825 router
I have complaints for a downstream customer trying to connect to my network. He is the only one connecting to hosts via ssh. He is showing up hitting the 3rd party (Mcaffee Sidewinder Firewall) between the 2 Cisco 3825 routers but with the bytes stripped out. I started looking at the control plane policy and believe it is the culprit. He is the only host I need to get in through the router (WAN) via this protocol/port. What do I need to change in order to allow him through?
BTW, don't know why but the **** above should have read k - n - o - b. Probably the decorum police checking in...
Similar Messages
-
Password policy not allowing to reconfigure STMS
Hi Guru's,
I have done system copy by database restore method, in post activities I have mistakenly deleted STMS configuration on domain controller, now when I am trying to add production server in landscape.
the password policy is not allowing us to reconfigure STMS.
I have manually reset the TMSADM password with alphanumeric format on all three system in client 000 with user DDIC,but I was getting same error message,
After removing password policy on PRD server it allowed me to configure STMS for PRD server.
Is there other way to reconfigure STMS without removing policy?
policy parameter:
login/min_password_specials ==>1
login/min_password_digits ==>1
since i dont want to remove password policy to reconfigure STMS,
please suggest, alternative.
-Gokul Chitodeyou may want to have a look at SAP Note 761637 - Login restrictions prevent TMSADM logon
-
DLU policy not allowing user to unlock
ZCM 11.2.2
SLES11SP2
eDir 8.7
Win7 x86 and x64 workstations
I am currently deploying a test environment to about 6 Win7 machines - a mix of x86 ans x64 machines.
On several of the x86 machines if it locks due to inactivity the currently logged on user is not being allowed to unlock the workstation. Error received is "This computer is locked. Only the logged on user can unlock". It is not across the board but just a few. We are getting the Novell login box but it will not unlock even though it is the same user that originally logged on prior to locking.
If the policy is removed from that machine it seems to function fine.
I have set the NIC power management to not allow the computer to turn the NIC off to save power and the result is the same.
Any guidance would be appreciated.I don't have the foggiest on how DLU could relate to this issue.
I've never head that before.
I would recommend also asking in the Client Forums.
You may want to try disabling all Power Mgmt Features.
Have you tried changing it over to the local Windows User to try and
unlock the account? ( I presume you can do this in Win7, that used to
work for XP when this happened.)
On 3/7/2013 4:36 PM, usfsoyer wrote:
>
> ZCM 11.2.2
> SLES11SP2
> eDir 8.7
> Win7 x86 and x64 workstations
>
> I am currently deploying a test environment to about 6 Win7 machines -
> a mix of x86 ans x64 machines.
>
> On several of the x86 machines if it locks due to inactivity the
> currently logged on user is not being allowed to unlock the workstation.
> Error received is "This computer is locked. Only the logged on user can
> unlock". It is not across the board but just a few. We are getting the
> Novell login box but it will not unlock even though it is the same user
> that originally logged on prior to locking.
>
> If the policy is removed from that machine it seems to function fine.
>
> I have set the NIC power management to not allow the computer to turn
> the NIC off to save power and the result is the same.
>
> Any guidance would be appreciated.
>
>
Craig Wilson - MCNE, MCSE, CCNA
Novell Knowledge Partner
Novell does not officially monitor these forums.
Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human. -
Hi,
I did configuration for CCP on sw 4500 but it do the process cpu to grow up. On normal case the process is about 25% but when i configure the policy for control plane the cpu is about 40% and has peaks over 80%.
Please help me
thanks.Hi!
It interested for me too! -
My icloud control panel does not enable the Photos check box. Cannot view photos on PC that are taken with iphone and ipad.
Hi Randers - thank you for the advice. I signed out of the account on all devices, however when I try to go into iCloud on the Mac to re-input my account details, I'm presented with the following error message:
'Could not load iCloud preference pane'. Is there something additional I'm meant to do to be able to load an iCloud account on the Mac? -
My navigating button, key does not allow me to switch to other applications. To do this I have to
Shut down and reboot. I spoke with apple customer service on
Friday and they has me connect to the computer and download any new
And updated information. That resolved the issue for one day and the problem
Started again.Try restoring your phone as a "new" device in iTunes, not from backup. When finished, eject your phone. Do not sync any content back to your phone. How are things working now? If OK, sync your content back to your phone. If not, make an appointment at an Apple store, as you most likely have a hardware issue.
-
Hi ALL !!!
I created еру CPP and applied the service policy like "permit tcp host x.x.x.x any telnet" to it.
It work very nice if I haven't VRF.
But, ALL my users from VRF "USER" or "Manage" can telnet to router :-(
What can you suggest to me?Hello mpalis,
traffic which is not matching any defined classes ends in class class-default which is always applied whether you configured it or not.
Some traffic types cannot be defined by the classes and always go to the class-default class. Examples of those are Layer 2 PDUs/keepalives (CDP, ARP etc) and non-IP traffic (ISIS etc.). Also IPv6 traffic, if not expressely defined within a specific class, ends up in class-default.
What you see is pretty expected then. Some Layer 2 or non-IP control traffic is hitting the default class every now and then (the rate is pretty low in your ouputs > 1pps or so).
About the monitoring part it is not that easy on this platform (I assume you have a ASR 1000) as the easiest way to identify that traffic would be to use ERSPAN and use the CPU as the source. Unfortunately that is not supported (even though the CLI allows to configure it) and it does not work.
Other option would be Embedded Packet Capture (EPC) and capture process switched packets but this is not supported either on ARS.
What is left is an engineering command to see what is actually punted to the CPU which is "debug platform software infrastructure punt". Note that this is command can give a pretty chatty (overwhelming) output, so I suggest you to disable the console logging and send the output to the syslog if you intend to use it.
You will likely see some non-IP traffic/L2 traffic popping up every now and then confirming what i wrote above.
regards,
Riccardo
PS: Please rate the answer if helpful and flag the question as answered if no more help is needed. -
Software Restriction Policy not allowing Program Files directory on 64-bit machines
I've created a new software restriction policy, my default security level is set to "Disallowed", I have the standard built-in allowed locations:
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%
and I added another exemption for the C:\Program Files (x86) directory:
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)%
However, on my 64-bit machines, there are still programs being blocked in C:\Program Files:
C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe
C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
These same programs are not being blocked on my 32-bit machines, but the same policy is being applied to both and the programs are installed in the same locations on both.
I checked the registry on one of the 64-bit machines, and the default registry key exemption specified above:
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%
does exist on the 64-bit machine and it is set to C:\Program Files, exactly like the 32-bit machines. So why are programs still being blocked here?
ShaunHi Shaun,
>>on my 64-bit machines, there are still programs being blocked in C:\Program Files:
Before going further, are all the applications under the path not able to run or just some ones? Besides, when we run the applications mentioned above, did it tip that it's blocked by group policy? Here, we can run command
gpresult/h gpreport.html with administrative privileges to collect group policy result report to check if this is caused by some other GPOs.
Best regards,
Frank Shen
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
Family Sharing plan will not allow purchase by iTunes gift card.
We are on the Family Sharing plan. All family members have iTunes gift card balances on their accounts. iTunes store is only allowing purchases by credit card. According to all FAQ's on Apple site, it should access gift card first. How do we fix this?
Doerr6,
You are correct about how it is supposed to work.
However, many people are reporting the same problem that you are seeing. The only way to get it resolved is to contact iTunes Customer Service. -
Photo Stream shows shared on iPad but when I access it on PC, Photo Stream is not clickable and can only access old photos that I shared from a month ago.
iCloud is neither compatible with nor available for Windows XP.
-
Hi,
We are developing a network where the APs will be connected to DSL connections(publics). Now we are seeing the subject of security in the WLC, and my question is if the amount of tunnels can be limited that can receive the WLC in simultaneous form. I was seeing that the possibility exists of forming CPP but this limits the traffic that goes to the CPU, but not them tunnels. My question is referred in case a possible attack exists generating many simultaneous tunnels.
Please, let me know your opinion about this issue.
Thanks a lot.
Andres.http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7_2.html
Features Not Supported on Cisco 2500 Series Controllers
These software features are not supported on Cisco 2500 Series Controllers:
•Support for wired guest access.
•Cisco 2500 Series Controller cannot be configured as an auto anchor controller. However, you can configure it as a foreign controller.
•Supports only multicast-multicast mode.
•Bandwidth Contract feature is unsupported.
•Access points in direct connect mode is unsupported
•Service port support
•Apple Talk Bridging
•LAG
•Wired Guest -
My apple tv is not allowed a gateway thru my router..how do get around thi
my apple tv will not go through my router and communicate with pc. does anyone know of a solution for this
Make sure your router/computer allows access over the following ports
Port
Type
Protocol
Used By
53
TCP/UDP
DNS
DNS
80
TCP
HTTP
AirPlay, iTunes Store
123
TCP/UDP
NTP
Network Time
443
TCP
HTTPS
AirPlay, PhotoStream, iTunes Store
554
TCP/UDP
RTSP
AirPlay
1900
UDP
SSDP
Bonjour
3689
TCP
DAAP
iTunes, AirPlay, HomeSharing
5297
TCP
Bonjour
5298
TCP/UDP
Bonjour
5350
UDP
NAT
Bonjour
5351
UDP
NAT
Bonjour
5353
TCP/UDP
MDNS
Bonjour, AirPlay, HomeSharing
8000-8999
TCP
iTunes Radio Streams
42000-42999
TCP
iTunes Radio Streams
49159
UDP
MDNS (Win)
Bonjour, AirPlay
49163
UDP
MDNS (Win)
Bonjour, AirPlay
Refer to your router manual/manufacturer for any settings that are specific to that model. -
Confirmation Control key not allowed in MM Scheduling Agreement item.
Hi Experts ,
I am facing an issue with Confirmation control key in MM Scheduling Agreement.
Scheduling agreement already GRd without Conf-key and Now if am going to update confirmation control key as 0001.
I am getting an error "Confrmation Control key is not allowed".How can I solve this problem.Anyway i have to update the conf-key.
If you are answering me that will be very much apreciatable.
Looking forward for your answers.
Thanks,
BalaHi Bala ,
We can directly update the database table field , but this is not recommended.
Can you re-do the GR i.e Cancle the existing and again do GR with confirmation control key. -
What is the Control Plans functionality in cProjects used for?
Hi Folks,
What is the purpose and usage of control plans in cProjects? Is this useful in an environment where QM is not implemented? Appreciate if somebody could provide an example of how this functionality will be useful from a project management standpoint. I am on cProjects 4.5.
Cheers,
LashanHi,
the control plan functionality in cProjects is deprecated, see SAP Note 1114207:
Using the control plans is not recommended because with new
developments in SAP PLM Quality Management (QM). cProjects
remains the preferred project management solution, but all QM
aspects that are not directly related to project management
should be managed in SAP ERP.
Kind regards,
Florian -
My total world plan won't allow me to call a cell ...
I have a skype number and i purchase the plan unlimited world ...but I can call cell phone ...may be there is a special way to dial...please give me info someone.
I ment i try to call a cell phone in Peru ..but the unlimited plan does not allow me
Maybe you are looking for
-
Can we create the longer lines in the top-of-page in ALV Grid
Dear Experts, I want to display longer characters in the TOP-OF-PAGE in the ALV GRID . ( more than 60 character up to 150 ). Is there any possible FM. Kindly provide. Regards R.Rajendran
-
The scroll function on my mousepad is disabled when viewing a pdf file in firefox version 5.0. The scroll works on the pdf, but not on the other tabs. When the pdf is closed, the scroll function returns to normal. Any ideas?!
-
Move function from c++
I have function in C++ this below. int SGclass::FormatBCD_Byte(unsigned char sInput, int iNumByte, char sOutput) for(int i=0;i < iNumByte;i++){ printf("Value = %02X\n",*(sInput+i)); while( iNumByte > 0 ) sprintf(sOu
-
Application Server kicks users out of forms based app with FRM-92102 error
We are running the Retek application with application server(9.0.4.0) which is serving forms out to our users. We are currently receiving the following error after users connect to the web based forms application: FRM-92102: A Network Error has occur
-
Photoshop broken on last computer, now broken on brand new computer.
Hello, I have decided to re-try the Photoshop CS5 Extended trial on my -brand- new PC running Windows 7 Ultimate. This PC has an i7 Core at 3.4 Ghz, 8 GB DDR3 RAM, nVidia EVGA GTX 260 (Waiting for GTX 580 to come in the mail), 4 500GB HDD's in RAID0,