Default action for access list Deny

Similar Messages

• Nered to know where I can view ACL denies regarding "access-list deny any log" ?

  I ask this question in the context of an SNMP access list. I am guessing that this line of config (access-list deny any log) will allow you to see which addresses were denied SNMP access.
  I need to know where I can view the source addresses from where the packets were dropped? Could this be just in sh log? Thanks in advance for any help. Cheers

  Hi,
  Yes, with an extended access-list with the last line:
  deny ip any any log
  with "sh log" you can  see the source address of the packets being dropped.
  Take note that you must be at least in the logging level 6 (informational), by default console and monitor are in level 7 (debugging):
  logging console debugging
  logging monitor debugging
  With older IOS versions (before at least 12.4) you had to add the following lines at the bottom of the acl:
  access-list 101 deny   tcp any range 0 65535 any range 0 65535 log
  access-list 101 deny   udp any range 0 65535 any range 0 65535 log
  access-list 101 deny   icmp any any log
  access-list 101 deny   ip any any log
  to log the sources and destinations IPs and port numbers.
  Best Regards,
  Pedro Lereno

• Setting up default connection for accessing emails...

  I had a quick look and found similar problems on here, but none that I thought were the same.
  I've been able to set up Gmail to be received through my 'Messaging' on my N96. Turns out its quite a handy function. Also figured out that you can get it to automatically check you mail at regular intervals. I want to use this, but I don't want to have to select the connection every time the phone wants to check for new mail. So I need to set up a preferred connection. That's no problem...
  The problem occurs when I try to select my WLAN as default. However, every time I select it, the phone freezes up. Not completely, as I can change programs and even exit the messaging settings via the hang up key, but if I do that, it doesn't make any changes.
  I have deleted and restored the WLAN connection, I have accessed my inbox manually, so it isn't a problem on Google's end, and I have checked the various connection options to no avail.
  So, does anyone know why it my phone would freeze when trying to set up my WLAN connection as the default connection for accessing my e-mails? Any questions about my situation, just ask and I will gladly supply whatever you ask for.
  Regards,
  Jarvis
  Message Edited by jarvis187 on 15-Jan-2009 01:24 AM

  No help available out there? If you need it explained clearer just say so and I'll do so. Thanks in advance.

• Plant maintenance - Default value for task list

  Dear All ,
  I am new to the forum, Can any one throw some light on where do I do customizing settings , so that I will get a pop up window asking to change workcentre while I assign a Task list to an order.
  Sorry if this is a silly question.
  Thanks in advance

  Hi,
  You can define this at the following IMG path:
  >Plant maintenance & customer service -Maintenance & service Processing -Maintenance and service orders -Functions and settings for order types -Default value for task list data and profile assignment                                                                               
  It is also possible for each user to maintain their own settings. This can be done using the following menu:                                                                               
  Transaction IW31/32: Extras   > Settings   > Default values
  -Paul

• Need help for access list problem

  Cisco 2901 ISR
  I need help for my configuration.... although it is working fine but it is not secured cause everybody can access the internet
  I want to deny this IP range and permit only TMG server to have internet connection. My DHCP server is the 4500 switch.
  Anybody can help?
           DENY       10.25.0.1 – 10.25.0.255
                            10.25.1.1 – 10.25.1.255
  Permit only 1 host for Internet
                  10.25.7.136  255.255.255.192 ------ TMG Server
  Using access-list.
  ( Current configuration  )
  object-group network IP
  description Block_IP
  range 10.25.0.2 10.25.0.255
  range 10.25.1.2 10.25.1.255
  interface GigabitEthernet0/0
  ip address 192.168.2.3 255.255.255.0
  ip nat inside
  ip virtual-reassembly in max-fragments 64 max-reassemblies 256
  duplex auto
  speed auto
  interface GigabitEthernet0/1
  description ### ADSL WAN Interface ###
  no ip address
  pppoe enable group global
  pppoe-client dial-pool-number 1
  interface ATM0/0/0
  no ip address
  no atm ilmi-keepalive
  interface Dialer1
  description ### ADSL WAN Dialer ###
  ip address negotiated
  ip mtu 1492
  ip nat outside
  no ip virtual-reassembly in
  encapsulation ppp
  dialer pool 1
  dialer-group 1
  ppp authentication pap callin
  ppp pap sent-username xxxxxxx password 7 xxxxxxxxx
  ip nat inside source list 101 interface Dialer1 overload
  ip route 0.0.0.0 0.0.0.0 Dialer1
  ip route 10.25.0.0 255.255.0.0 192.168.2.1
  access-list 101 permit ip 10.25.0.0 0.0.255.255 any
  access-list 105 deny   ip object-group IP any
  From the 4500 Catalyst switch
  ( Current Configuration )
  interface GigabitEthernet0/48
  no switchport
  ip address 192.168.2.1 255.255.255.0 interface GigabitEthernet2/42
  ip route 0.0.0.0 0.0.0.0 192.168.2.3

  Hello,
  Host will can't get internet connection
  I remove this configuration......         access-list 101 permit ip 10.25.0.0 0.0.255.255 any
  and change the configuration ....      ip access-list extended 101
                                                              5 permit ip host 10.25.7.136 any
  In this case I will allow only host 10.25.7.136 but it isn't work.
  No internet connection from the TMG Server.

• Please assist me for access-list configuration

  Dear Team,
  Please help me to configure the access-list.
  Requirement:
  I have three different subnets(10.1.1.0/24, 20.1.1.0/24, 30.1.1.0/24). PC1, PC3 are within 10.1.1.0 subnets and PC2 and PC4 are within 30.1.1.0 subnets.
  I want 10.1.1.0 subnet should not access 30.1.1.0 subnets but 30.1.1.0 subnets should access 10.1.1.0 subnets. Please find below configuration.
  At R2:
  ip access-list exstandard 101
  deny ip 10.1.1.0 0.0.0.255 30.1.1.0 0.0.0.255
  permit ip any any
  int f0/0
  ip access-group 101 in
  But this configuration is not working, it's blocking the 30.1.1.0 subnet to access 10.1.1.0 also. Please help me!!!!!
  Regards,
  Sanjib

  Hello
  I assume the rtrs are performing the routing for these subnets and no the switches, anyway your acl doesn't look correct, try this:
  R2
  ip access-list extended 101
  deny ip 30.1.1.0 0.0.0.255 10.1.1.0 0.0.0.255
  permit ip any any
  int f0/0
  ip access-group 101 in
  or
  ip access-list extended 101
  deny ip 10.1.1.0 0.0.0.255 30.1.1.0 0.0.0.255
  permit ip any any
  int f0/0
  ip access-group 101 out
  reverse the acl for R3 if applicable
  res
  Paul

• Default Action for TCODE-PA48

  Hello
  I would like to find out if there is a way to modify TCODE-PA48 to default customer/recruitment specific actions.
  Currently, once the candidate to be hired is selected, ALL the actions in table-T529A are displayed.
  Your assistance will be appreciated.
  Regards.
  Bongisa

  Hello Bongisa,
  Within TRAN PA48, as a standard the program reads the hiring events from T529A and defaults the first one ('1'). This behaviour cannot be changed without a modification. But of course this is a default
  value which can be overwritten with a customer specific value.
  Transaction PA48 is used for transferring data into a HR system from SAP or any Non-SAP system. The result of this operation is hiring an employee and hence the action type '1' is taken as default.
  Also the list of actions and the infogroup assigned to this action type are nothing but the same shown when an employee is hired. In addition to this, other flexible customizing options based on user
  group are also applicable.
  Kind regards,
  Graziela Dondoni

• IDOC to file...Error for Access is denied

  Hello Friends,
  I am triggering IDOC WBBDLD from SAP ECC. It is successfully sending IDOC to XI
  In XI, in SXMB_MONI, message is successful.
  But when I am checking in message monitoring with message ID in adaptor level. I am facing given below error.
  2010-06-15 18:38:30 Error Attempt to process file failed with com.sap.aii.adapter.file.ftp.FTPEx: 550 XREFTXN.asc: Access is denied.
  2010-06-15 18:38:31 Error Exception caught by adapter framework: XREFTXN.asc: Access is denied.
  2010-06-15 18:38:31 Error Delivery of the message to the application using connection File_http://sap.com/xi/XI/System failed, due to: com.sap.aii.af.ra.ms.api.RecoverableException: XREFTXN.asc: Access is denied. : com.sap.aii.adapter.file.ftp.FTPEx: 550 XREFTXN.asc: Access is denied..
  Receiver side, I used file adaptor.
  When I check the receiver side communication channel in component monitoring. I receive below error
       An error occurred while connecting to the FTP server '10.1.45.36:21'. The FTP server returned the following error message: 'com.sap.aii.adapter.file.ftp.FTPEx: 550 XREFTXN.asc: Access is denied. '. For details, contact your FTP server vendor.
  Kindly suggest me about the issue and how can I resolve it.
  Regards,
  Narendra
  Edited by: Narendra GSTIT on Jun 16, 2010 7:00 AM

  Dear Narendra,
  An error occurred while connecting to the FTP server '10.1.45.36:21'. The FTP server returned the following error message: 'com.sap.aii.adapter.file.ftp.FTPEx: 550 XREFTXN.asc: Access is denied. '. For details, contact your FTP server vendor.
  The above error clearly telling you to contact FTP Server vendor. So call  your FTP Server administrator and tell that the user you are using in receiver File communication channel not having authorization to create file in FTP server. so that he will grant authorization to the FTP user full authorizationt to create file in FTP Directory.
  thanks,
  madhu

• Is there a way to change the default action for clicking a "Print" button on a website to open Print Preview instead of the default system printer?

  When I am at a website that contains a button for printing (Gmail, for example), is there a way to change the way that functions, so that when I click "Print", Firefox will open Print Preview instead of taking me to the default system printer?

  You can apply  system-wise "negative" color effect under Settings > General > Accessibility, by toggling the White and Black switch - and, in iCab Mobile (and some other, better browsers / PDF readers), its own "night mode" negative color scheme.
  Otherwise, no, you can't do anything else except for asking third party app authors to add selectable back/froeground (=text) colors to their apps.
  There is an article dedicated to this question: http://www.iphonelife.com/blog/87/do-you-find-your-idevices-screen-be-too-blueis h-or-just-too-harsh-bedtime-reading

• Default value for choice list in af:query panel

  Hi all,
  I have af:queryPanel in which i made one choicelist with static list.i want to have the first value of the static list as a default value to the field in af:queryPanel.how can i achieve this.
  I am using jdev11.1.1.5
  Thanks in advance

  Hi,
  In your model project, create a view criteria (on the VO which you would be using for displaying values in the LOV). In your view criteria add the attributes and set default value (say add Empno and set its value to literal 1111). Now, when creating LOV for the next view object, select the view criteria you've created in previous step (instead of using all queryable attributes).
  Refer : http://docs.oracle.com/cd/E23943_01/web.1111/b31974/lists.htm#BEIBAFDD
  -Arun

• Possible bug ? - Default value for select list

  4.2.1
  Hi, I have one page with a couple of reports. I have a time period filter on top. Its a select list with values 7 days, 3 months and 12 months. Default value is set to 3 (where return values of select list is 1,2,3 resp).
  Now in page 1 which has this select list, :P1_SELECT it has a report which shows counts of number of items purchased. When the user clicks on the count(hyperlinked column), it takes the user to another page which runs the details of the items and also uses the Page 1 select. It works fine when I change the time period. However, if I dont change the time period in the select list when I first login, althought I have set the default value to 3, the interactive report on page shows no data found, because the select list default value I guess it does not recognize.
  Is this a bug?
  Thanks,
  Sunil

  ryansun wrote:
  4.2.1
  Hi, I have one page with a couple of reports. I have a time period filter on top. Its a select list with values 7 days, 3 months and 12 months. Default value is set to 3 (where return values of select list is 1,2,3 resp).
  Now in page 1 which has this select list, :P1_SELECT it has a report which shows counts of number of items purchased. When the user clicks on the count(hyperlinked column), it takes the user to another page which runs the details of the items and also uses the Page 1 select. It works fine when I change the time period. However, if I dont change the time period in the select list when I first login, althought I have set the default value to 3, the interactive report on page shows no data found, because the select list default value I guess it does not recognize.
  Is this a bug?NO.
  Default values is only populated on the clien side and NOT in the session.
  This has been discussed thousands of times in the forum..found this with a simple search {message:id=4440597}

• Define default value for Select List

  Hello,
  I have an Item on the page, which is a Select list
  And I have a LOV associated with this item, which is a database query.
  How do I make one of the values of this LOV to be a default value of this Select list?
  I need this value to be displayed first, instead of a Null value.
  Thanks!

  That's right - use the Default value area of your Item definition.
  Have a look at this post:
  Re: previous selected option as default value
  May be you will find it useful...

• How can I make the default action for Real Player (etc.) to be not to play?

  While browsing with Mozilla, I would prefer not to have videos play unless I start the video. This goes for commercials or any video.
  Is there a preference to set this? If not, can you make one that does that?

  By default plugins.click_to_play should be default set to true. However, please also contact Apple support to make sure that this is expected.
  If there is not an option to override this, it is also possible to set the preference in about:plugins:
  *[https://support.mozilla.org/en-US/kb/why-do-i-have-click-activate-plugins Why do I have to click to activate plugins? ]

• Resolved:how to set default LAYOUT for ALV list display

  hey guys,
    In my alv report there are 20 cloumns.
  after display i usualy choose 12 of them from CHOOSE LAYOUT option and then give it to print...
  how to set this LAYOUT as default
  sorry guys i figured it out..
  but can we give it programiticlay?
  Edited by: kumar gaurav on May 27, 2008 8:15 AM

  hi,
  you can do it.
  after declaring the catlog table you will give as
  wa_catlog-seltext_l = 'material'.
  wa_catlog-datatype = 'char'.
  wa_catlog-outputlen = 18.
  wa_catlog-fieldname = 'matnr'.
  append wa_catlog to i_catlog.
  clear wa_catlog.
  wa_catlog-seltext_l = 'plantl'.
  wa_catlog-datatype = 'char'.
  wa_catlog-outputlen = 4.
  wa_catlog-fieldname = 'werks'.
  append wa_catlog to i_catlog.
  clear wa_catlog.
  similarly what sequence you give here i.e. material  ,  plant  etc. you get the output in the same oder you can even give only the fields you want in the output.
  rewards points if useful.
  siri

• IOS XR deny ace not supported in access list

  Hi everybody,
  We´ve a 10G interface, this is a MPLS trunk between one ASR 9010 and a 7613, and the first thing that we do is through a policy-map TK-MPLS_TG we make a shape of 2G to the interface to the output:
  interface TenGigE0/3/0/0
   cdp
   mtu 1568
   service-policy output TK-MPLS_TG
   ipv4 address 172.16.19.134 255.255.255.252
   mpls
    mtu 1568
  policy-map TK-MPLS_TG
  class class-default
    service-policy TK-MPLS_EDGE-WAN
    shape average 2000000000 bps
    bandwidth 2000000 kbps
  and we´ve the policy TK-MPLS_EDGE-WAN as a service-policy inside, this new policy  help us to asign bandwidth percent to 5 class-map, wich in turn match with experimental values classified when they got in to the router:
  class-map match-any W_RTP
   match mpls experimental topmost 5
   match dscp ef
   end-class-map
  class-map match-any W_EMAIL
   match mpls experimental topmost 1
   match dscp cs1
   end-class-map
  class-map match-any W_VIDEO
   match mpls experimental topmost 4 3
   match dscp cs3 cs4
   end-class-map
  class-map match-any W_DATOS-CR
   match mpls experimental topmost 2
   match dscp cs2
   end-class-map
  class-map match-any W_AVAIL
   match mpls experimental topmost 0
   match dscp default
   end-class-map
  policy-map TK-MPLS_EDGE-WAN
  class W_RTP
    bandwidth percent 5
  class W_VIDEO
    bandwidth percent 5
  class W_DATOS-CR
    bandwidth percent 30
  class W_EMAIL
    bandwidth percent 15
  class W_AVAIL
    bandwidth percent 2
  class class-default
  end-policy-map
  what we want to do is to assign a especific bandwidth to the proxy to the output using the class W_AVAIL, the proxy is 150.2.1.100. We´ve an additional requirement, wich is not apply this "rate" to some networks we are going to list only 4 in the example, so what we did was a new policy-map with a new class-map and a new ACL :
  ipv4 access-list PROXY-GIT-MEX
  10 deny ipv4 host 150.2.1.100 10.15.142.0 0.0.0.255
  20 deny ipv4 host 150.2.1.100 10.15.244.0 0.0.0.255
  30 deny ipv4 host 150.2.1.100 10.18.52.0 0.0.0.127
  40 deny ipv4 host 150.2.1.100 10.16.4.0 0.0.0.255
  50 permit tcp host 150.2.1.100 any
  60 permit tcp host 10.15.221.100 any
  policy-map EDGE-MEX3-PXY
   class C_PXY-GIT-MEX3
    police rate 300 mbps
   class class-default
   end-policy-map
  class-map match-any C_PXY-GIT-MEX3
   match access-group ipv4 PROXY-GIT-MEX
   end-class-map
  we asign a policy rate of 300 mbps to the class inside the policy EDGE-MEX3-PXY and finally we put this new policy inside the class W_AVAIL of the policy TK-MPLS_EDGE-WAN
  policy-map TK-MPLS_EDGE-WAN
  class W_RTP
    bandwidth percent 5
  class W_VIDEO
    bandwidth percent 5
  class W_DATOS-CR
    bandwidth percent 30
  class W_EMAIL
    bandwidth percent 15
  class W_AVAIL
    service-policy EDGE-MEX3-PXY
  class class-default
  end-policy-map
  and we get this:
  Wed Sep 17 18:35:36.537 UTC
  % Failed to commit one or more configuration items during a pseudo-atomic operation. All changes made have been reverted. Please issue 'show configuration failed' from this session to view the errors
  RP/0/RSP1/CPU0:ED_MEX_1(config-pmap-c)#show configuration failed
  Wed Sep 17 18:35:49.662 UTC
  !! SEMANTIC ERRORS: This configuration was rejected by
  !! the system due to semantic errors. The individual
  !! errors with each failed configuration command can be
  !! found below.
  !!% Deny ace not supported in access-list: InPlace Modify Error: Policy TK-MPLS_TG: 'km' detected the 'warning' condition 'Deny ace not supported in access-list'
  end
  Any  kind of help is very appreciated.

  That is correct, due to the way the class-matching is implemented in the TCAM, only permit statements in an ACL can be used for QOS class-matching based on ACL.
  unfortunately, you'll need to redefine the policy class match in such a way that it takes the permit only.
  if you have some traffic that you want to exclude you could do something like this:
  access-list PERMIT-ME
  1 permit
  2 permit
  3 permit
  access-list DENY-me
  !the exclude list
  1 permit
  2 permit
  3 permit
  policy-map X
  class DENY-ME
  <dont do anything> or set something rogue (like qos-group)
  class PERMIT-ME
  do here what you wanted to do as earlier.
  eventhough the permit and deny may be overlapping in terms of match.
  only the first class is matched here, DENY-ME.
  cheers!
  xander