Denying Telnet Access on Catalyst 6509

Similar Messages

• Missinf FWSM in Catalyst 6509 switch

  I have a problem with a Catalyst 6509 switch.The problem initially I had was loggin into the switch.I was always sent to the rommon> anytime I tried logging into the switch until I was told to enter "boot bootflash:". I was able to enter the switch but could not find the FWSM module.The module was there until we tried upgrading the IOS of the MSFC.
  When I enter "show module" it does not show the FWSM module.
  Is there something anybody can please show me to do other to access the Firewall module.

  Thanks for your post.
  Below is the result of a sh version and sho module of the switch as well as a report that comes up upon bootup using the "boot bootflash:"
  core02>en
  Password:
  core02#sh ver
  Cisco Internetwork Operating System Software
  IOS (tm) c6sup2_rp Software (c6sup2_rp-PSV-M), Version 12.1(12c)E4, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
  TAC Support: http://www.cisco.com/tac
  Copyright (c) 1986-2002 by cisco Systems, Inc.
  Compiled Mon 14-Oct-02 12:37 by hqluong
  Image text-base: 0x40008980, data-base: 0x41598000
  ROM: System Bootstrap, Version 12.1(11r)E1, RELEASE SOFTWARE (fc1)
  BOOTLDR: c6sup2_rp Software (c6sup2_rp-PSV-M), Version 12.1(12c)E4, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
  core02 uptime is 4 minutes
  System returned to ROM by power-on (SP by power-on)
  System image file is "sup-bootflash:c6sup22-psv-mz.121-12c.E4.bin"
  cisco Catalyst 6000 (R7000) processor with 227328K/34816K bytes of memory.
  Processor board ID SAL08144260
  R7000 CPU at 300Mhz, Implementation 39, Rev 3.3, 256KB L2, 1024KB L3 Cache
  Last reset from power-on
  X.25 software, Version 3.0.0.
  Bridging software.
  8 Ethernet/IEEE 802.3 interface(s)
  --More-- 6 Virtual Ethernet/IEEE 802.3 interface(s)
  26 Gigabit Ethernet/IEEE 802.3 interface(s)
  381K bytes of non-volatile configuration memory.
  32768K bytes of Flash internal SIMM (Sector size 512K).
  Configuration register is 0x2102
  core02#sh module
  Mod Ports Card Type Model Serial No.
  1 2 Catalyst 6000 supervisor 2 (Active) WS-X6K-SUP2-2GE SAL08154S4S
  2 8 unknown FRU type (major = 0x6003, mino WS-XSVC-K+BB-2 SAD081203ZV
  3 16 16 port GE RJ45 WS-X6316-GE-TX SAD08140999
  4 8 8 port 1000mb GBIC Enhanced QoS WS-X6408A-GBIC SAL081555Q1
  Mod MAC addresses Hw Fw Sw Status
  1 000f.8f9d.3510 to 000f.8f9d.3511 5.0 6.1(3) 7.2(0.90) Ok
  2 000f.8f5b.bd62 to 000f.8f5b.bd69 2.0 Unknown Unknown PwrDowo 0003.feae.f137 1.3 5.4(2) 7.2(0.90) Ok
  4 000f.f716.8dd0 to 000f.f716.8dd7 3.1 5.4(2) 7.2(0.90) Ok
  Copyright (c) 1986-2002 by cisco Systems, Inc.
  Compiled Mon 14-Oct-02 13:00 by hqluong
  00:00:54: %SNMP-5-COLDSTART: SNMP agent on host core02 is undergoing a cold star
  t
  00:00:56: %C6KPWR-SP-4-UNSUPPORTED: unsupported module in slot 2, power not allo
  wed: Unknown Card Type.
  00:00:56: %C6KPWR-SP-4-ENABLED: power to module in slot 3 set on
  00:00:57: %C6KPWR-SP-4-ENABLED: power to module in slot 4 set on
  00:00:56: %C6KPWR-SP-4-UNSUPPORTED: unsupported module in slot 2, power not allo
  wed: Unknown Card Type.
  00:00:56: %C6KPWR-SP-4-ENABLED: power to module in slot 3 set on
  00:00:57: %C6KPWR-SP-4-ENABLED: power to module in slot 4 set on
  00:01:10: %DIAG-SP-6-RUN_MINIMUM: Module 1: Running Minimum Online Diagnostics..
  00:01:14: %DIAG-SP-6-DIAG_OK: Module 1: Passed Online Diagnostics
  00:01:14: %OIR-SP-6-INSCARD: Card inserted in slot 1, interfaces are now online
  00:01:25: %DIAG-SP-6-RUN_MINIMUM: Module 3: Running Minimum Online Diagnostics..
  00:01:28: %DIAG-SP-6-DIAG_OK: Module 3: Passed Online Diagnostics
  00:01:28: %OIR-SP-6-INSCARD: Card inserted in slot 3, interfaces are now online
  00:01:56: %DIAG-SP-6-RUN_MINIMUM: Module 4: Running Minimum Online Diagnostics..
  00:01:57: %DIAG-SP-6-DIAG_OK: Module 4: Passed Online Diagnostics
  00:01:57: %OIR-SP-6-INSCARD: Card inserted in slot 4, interfaces are now online
  Mod Sub-Module Model Serial

• Securing Telnet access on Cisco routers (access class)

  Dear All,
  In all my network i have cisco catalyst switch and cisco routers deployed in my WAN. In cisco routers, it was activated an ACL to secure telnet access to WAN devices. only 3 hosts (remote) were autorized to access these devises. I need to modify this secuirty to have access from the LAN (locally).
  The ACL was implmented in all routers, and activated using access class in.
  in there any idea without changing more the configuration and only tell the router to apply this ACL for WAN and not access for the LAN ?
  Thanks for your help,
  Best regards,

  Hi,
  here is the ip int brief.
  thanks
  CISCO1841#show ip int brief
  Interface IP-Address OK? Method Status Protocol
  FastEthernet0/0 192.168.1.1 YES NVRAM up up
  FastEthernet0/1 192.168.2.1 YES NVRAM up up
  ATM0/0/0 unassigned YES NVRAM up up
  Dot11Radio0/1/0 unassigned YES NVRAM up up
  Dot11Radio0/1/0.1 192.168.2.129 YES NVRAM up up
  Dot11Radio0/1/0.2 192.168.3.1 YES NVRAM up up
  NVI0 unassigned NO unset up up
  Virtual-Access1 unassigned YES unset up up
  Dialer1 151.16.203.203 YES IPCP up up

• Catalyst 6509 Standby Supervisor IOS upgrade

  You can delete and squeeze bootflash on the standby supervisor. Is there a way to download IOS to Standby Supervisor bootflash ( 2/bootflash: ) on a Catalyst 6509 ?

  Yes it is possible
  "copy tftp {flash | file-id | config}"
  file-id
  Format used to specify the file on the Flash device, where the format is m/device:filename.
  m/ = Option that gives access to different modules, such as the standby supervisor engine or an Ethernet module.
  device: = Device where the Flash resides.
  filename = Name of the configuration file.
  http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_6_3/cmd_ref/d_cmd.htm#39929

• NAT IN CATALYST 6509-HOW TO DO IT?

  Hello friends,
  The LAN CAMPUS is conformed by more than 20 VLANS and all the PCs can go to Internet.
  Now I have a new network cloud and I have to attach that network into my campus.
  To do that, I have a Public IP Pool to do translation.
  But I just need that some IPs (from diferent Vlans)could go to the new Network while keep having connecivity to Internet.
  So my Question is:
  I am not interested in perform Static NAT.
  I wonder if I can NAT a group of IPs (in different subnets) with the Public POOL. i.e: group to group.
  I have a PIX 525. I could do it in that PIX but I think It could be better to do it in the Catalyst 6509. (Because the Pix CPU percentage is High-and sometimes I have problems)
  How can I do NAT in C 6509?
  I am attaching a referecial picture.

  Hi bosalaza:
  yes, I think ACL will help so much...
  Look I need to translate only this IPs:
  172.16.8.56
  172.16.24.85
  172.16.33.95
  172.16.86.56
  172.16.125.81
  172.16.157.89
  To this Public IPs:
  200.xx.45.170
  200.xx.45.171
  200.xx.45.172
  200.xx.45.173
  200.xx.45.174
  200.xx.45.175
  But whitout Static NAT.
  And do it but in the C6509.
  I have no enough experience to perform NAt in C6509.
  Thanks in advance.

• ORA-24247: network access denied by access control list (ACL)error-UTL_HTTP

  I am getting following ACL error while executing following procedure:
  create or replace procedure sat_proc as
  http_req utl_http.req;
  http_resp utl_http.resp;
  BEGIN
  http_req := utl_http.begin_request('www.yahoo.com');
  http_resp := utl_http.get_response(http_req);
  utl_http.end_response(http_resp);
  END;
  exec sat_proc;
  ORA-29273: HTTP request failed
  ORA-06512: at "SYS.UTL_HTTP", line 1130
  ORA-24247: network access denied by access control list (ACL)
  ORA-06512: at "TRANSDBA.SAT_PROC", line 5
  ORA-06512: at line 1
  I am able to execute successfully while executing above code as PL/SQL block:
  DECLARE
  http_req utl_http.req;
  http_resp utl_http.resp;
  BEGIN
  http_req := utl_http.begin_request('www.yahoo.com');
  http_resp := utl_http.get_response(http_req);
  utl_http.end_response(http_resp);
  END;
  PL/SQL procedure successfully completed.
  Could help me find why I am getting error while executing same code in a procedure? Is there any privilege missing?

  GRANT EXECUTE ON SYS.UTL_HTTP TO <your_user>;
  SQL> set time on
  17:21:01 SQL> set role none;
  Role set.
  17:21:23 SQL> @utl_http.sql
  17:21:34 SQL> DECLARE
  17:21:34   2  http_req utl_http.req;
  17:21:34   3  http_resp utl_http.resp;
  17:21:34   4  BEGIN
  17:21:34   5  http_req := utl_http.begin_request('www.yahoo.com');
  17:21:34   6  http_resp := utl_http.get_response(http_req);
  17:21:34   7  utl_http.end_response(http_resp);
  17:21:34   8  END;
  17:21:34   9  /
  PL/SQL procedure successfully completed.
  17:21:35 SQL> connect / as sysdba
  Connected.
  17:22:47 SQL> connect dbadmin/admindb
  Connected.
  17:23:06 SQL> @utl_http.sql
  17:23:22 SQL> DECLARE
  17:23:22   2  http_req utl_http.req;
  17:23:22   3  http_resp utl_http.resp;
  17:23:22   4  BEGIN
  17:23:22   5  http_req := utl_http.begin_request('www.yahoo.com');
  17:23:22   6  http_resp := utl_http.get_response(http_req);
  17:23:22   7  utl_http.end_response(http_resp);
  17:23:22   8  END;
  17:23:22   9  /
  PL/SQL procedure successfully completed.
  17:23:23 SQL> set role none;
  Role set.
  17:23:29 SQL> @utl_http.sql
  17:23:31 SQL> DECLARE
  17:23:31   2  http_req utl_http.req;
  17:23:31   3  http_resp utl_http.resp;
  17:23:31   4  BEGIN
  17:23:31   5  http_req := utl_http.begin_request('www.yahoo.com');
  17:23:31   6  http_resp := utl_http.get_response(http_req);
  17:23:31   7  utl_http.end_response(http_resp);
  17:23:31   8  END;
  17:23:31   9  /
  DECLARE
  ERROR at line 1:
  ORA-29273: HTTP request failed
  ORA-06512: at "SYS.UTL_HTTP", line 1130
  ORA-24247: network access denied by access control list (ACL)
  ORA-06512: at line 5
  17:23:31 SQL> above is from test user
  Below is from SYSDBA account
  SQL> set time on
  17:20:53 SQL> revoke execute on sys.utl_http to dbadmin;
  revoke execute on sys.utl_http to dbadmin
  ERROR at line 1:
  ORA-00905: missing keyword
  17:22:03 SQL> revoke execute on sys.utl_http from dbadmin;
  revoke execute on sys.utl_http from dbadmin
  ERROR at line 1:
  ORA-04020: deadlock detected while trying to lock object
  ACLiLZU+w09hR7gQAB/AQAjcw==
  17:22:32 SQL> /
  Revoke succeeded.
  17:22:52 SQL> Edited by: sb92075 on Jun 10, 2010 5:24 PM

• Catalyst 6509 switch

  I have a problem with one of our catalyst 6509 switches. We had power problem and when I tried to power the switch on after the power was restored it take me to the rommon.
  rommon>
  I urgently need answers to three questions and would therefore appreciate it if anyone can help me out.
  1. What is the cause of the switch not booting from flash but going to rommon?
  2.How do I get into the switch and
  3.How do I reset the switch to boot from flash and not going to the rommon
  Hope a savior comes to my aid

  Probably went into rommon due to incorrect or missing boot statement . You must already be in the switch if you know it is in rommon . If this is a native IOS box then just issue the "boot bootflash: " command and this should boot the box . Once booted up make sure the boot statement is correct . "boot system flash sup-bootflash: .

• In onLoad JavaScript, I'm getting "Error: Permission denied to access property 'classes'" when I access Components.classes; how do I enable that permission?

  I need to emulate several ActiveX functions in my client's web application. I have located several Mozilla web pages that describe how to do the things I need, and I have attempted to implement those instructions. However, I can't seem to get past the first line of code. In my web page, I am calling a JavaScript function using the onLoad attribute of the <body> tag. I am using the Navigator object to determine that the browser is Firefox. I then attempt to access the extension classes using the following code on lines 51 and 52 of the Download.js file:
  var C = Components;
  var CC = C.classes;
  The Web Console gives me these two messages:
  [13:51:55.621] The Components object is deprecated. It will soon be removed. @ http://distribution:781/NewDDI/DownLoad.js:51
  [13:51:55.621] Error: Permission denied to access property 'classes' @ http://distribution:781/NewDDI/DownLoad.js:52
  How do I enable adequate permission to be able to access the Components classes?

  I think Components is available only in extensions (or otherwise privileged code) and not in ordinary web pages.

• HR User, REST example - network access denied by access control list (ACL)

  Hi,
  I am new to APEX and am running the 'Oracle Developer Days' vm. I'm logged into APEX as the default HR/oracle account and I've been following the 'Creating and Using a RESTful Web Service in Application Express 4.2' training video, however when I try to retrieve information by entering a dept no. and clicking submit I get:
  ORA-29273: HTTP request failed ORA-06512: at "SYS.UTL_HTTP", line 1130 ORA-24247: network access denied by access control list (ACL)
  I've seen the following thread:
  ORA-24247: network access denied by access control list (ACL)error-UTL_HTTP
  and I've tried running the command:
  GRANT EXECUTE ON SYS.UTL_HTTP TO HR;
  but I'm not getting anywhere, presumably the HR user does not have permissions to access 'http://localhost:8888/apex/hr/employee_test'
  Any help much appreciated, also if this is the wrong forum for this question please let me know.
  Many Thanks

  Hi,
  Thank you for the link; I executed the first block of code to 'grant connect privileges to any host for the APEX_040200 database user' that did not work so I changed the user to HR within the code and re-executed and that seems to have done the trick. I guess the HR user is now in the power_users list/group?
  Thanks again!

• Restrict telnet access for specific users on ios router

  aaa new-model
  aaa authentication login default local
  username aaa password aaa
  username bbb password bbb
  user aaa should have ssh and telnet access.
  user bbb  is only used for vpn authentication, i dont want him to access router via ssh or telnet ,even in user exec mode.
  i also can not  apply access-class on vty lines because i am loging in device from different places ,and dont know exact ranges of ip address to create access-list
  radius and tacacs is not option for me
  what can be done in order to restrict user bbb from ssh and telnet access ?

  OK. I did not clearly remember the OP description of aaa and bbb. So for bbb to only have VPN access try
  User bbb password bbb privilege 0
  HTH
  Rick
  Sent from Cisco Technical Support iPhone App

• Why is Yahoo screening my internet searches and denying me access to websites like parts of CBC?

  Why is it that yahoo has started filtering my internet usage? I get messages like:
  "We did not find results for thumbnail cbc because SafeSearch is active and your query contains some restricted word(s). Try the suggestions below or type a new query above.
  To search for thumbnail cbc, change your SafeSearch preferences."
  I do not use yahoo for anything! Yahoo has been denying me access to certain websites that I've been accessing for a long time. This used to only seem to affect some video content, now I'm having problems accessing all kinds of websites. Is this a virus? How do I get rid of this? The only solution I have found is to use internet explorer and I much prefer firefox!

  If you see the problem with Fireox but not with Internet Explorer, then it does seem to be a Firefox related problem, rather than say globally installed software or something to do with your Internet Provider.
  I note in the UK (Great Britain) new connections to Internet Providers now offer porn etc filters.
  Two possibilities I immediately think of are
  # You have not installed a standard Mozilla version of Firefox but have used a third party, modified build.
  #* In which case do a clean install, deleting program files (NOT profile files)
  #*Obtain an installer for an official version from https://www.mozilla.org/firefox/all/ see [[Troubleshoot and diagnose Firefox problems#w_5-reinstall-firefox]]'''_5-reinstall-firefox'''
  # You are using Yahoo without knowing it or you have some other software filtering search results
  #* Please attach a screenshot of the problem <br /> See [[How do I create a screenshot of my problem?]] <br /> You will need to use a compressed image type such as often used elsewhere on the web: .jpeg or .png types not a large bitmap image.
  #* Please let us have our full troubleshooting information as explained under
  To find the correct solution to your problem, we require some more non-personal information from you. Please do the following:
  *'''For Firefox versions previous to 29.0''': Click the Firefox button at the top left, then click the ''Help'' menu and select ''Troubleshooting Information'' from the submenu. If you don't have a Firefox button, click the Help menu at the top and select ''Troubleshooting Information'' from the menu.
  *'''For Firefox 29.0 and above''': Click the menu button [[Image:New Fx Menu]], click help [[Image:Help-29]] and select ''Troubleshooting Information''.
  Now, a new tab containing your troubleshooting information should open.
  *At the top of the page, you should see a button that says "Copy text to clipboard". Click it.
  *Now, go back to your forum post and click inside the reply box. Press Ctrl+V to paste all the information you copied into the forum post.
  If you need further information about the Troubleshooting information page, please read the article [[Use the Troubleshooting Information page to help fix Firefox issues]].
  Thanks in advance for your help!

• ORA-24247: network access denied by access control list (ACL)

  Hi All,
  I am sending a mail thru OWB 11g ( and using database 11g) after successful or failure of process. My process is completing successfully but am not able to send mail. At the time of sending mail it is giving me error as below
  ORA-24247: network access denied by access control list (ACL)
  ORA-06512: at "SYS.UTL_TCP", line 17
  ORA-06512: at "SYS.UTL_TCP", line 246
  ORA-06512: at "SYS.UTL_SMTP", line 115
  ORA-06512: at "SYS.UTL_SMTP", line 138
  ORA-06512: at line 8
  I have created ACL using the following code
  BEGIN
  dbms_network_acl_admin.create_acl(acl => 'oramail.xml',
  description => 'Network permissions for mail.oracle.com',
  principal => 'OWF_MGR', is_grant => TRUE, privilege => 'connect');
  DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(acl => 'oramail.xml',
  principal => 'OWF_MGR',
  is_grant => true,
  privilege => 'resolve');
  DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(acl => 'oramail.xml',
  host => '141.146.46.30');
  END;
  commit;
  where 141.146.46.30 is my mail server IP. I am still not able to send mail by OWB. Please let me know if I have missed any steps in this.
  Thanks.

  For Oracle Warehouse Builder 11g running in 11g dB you need to set the ACL for the OWBSYS user. For example:
  EXECUTE DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('acl_for_owb_cc.xml', 'ACL for Control Center', 'OWBSYS', TRUE, 'connect');
  For Oracle Warehouse Builder 10.2.0.4 running in 11g dB you need to set the ACL for the OWB repository owner. For example:
  EXECUTE DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('acl_for_owb.xml', 'ACL for OWB', 'MY_OWB_REPO_OWNER', TRUE, 'connect');"

• My computer is denying me access to all of my computer files.

  My computer is denying me access to all of my computer files. My virus software has been turned off and it won't turn back on. I can't download new virus software because access to temporary Internet files is denied the programs downloading. I'm fairly sure it's malware because my work on my word software is showing every single work misspelled. My spelling isn't that bad. I can't use the restore to go back to a previous time--access is denied. I'm at the end, I just don't know what to do. I don't have a restore CD. I'm afraid if it's malware it could make it impossible to use it or for a restore to work.
  I have a work deadline tomorrow and obviously I'm not going to make it. HELP!!

  Hi,
  It does sound like a Malware infection, so try the following.
  On another PC, follow the procedure on the link below to create a bootable CD which you can use to scan your computer and hopefully remove the Malware - if your not sure which version to download, your notebook is listed as coming with a 64bit installation, so try that first.
  Windows Defender Offline.
  When this has completed, boot into Windows and then see if you are able to download and install the free versions of MBAM and SUPERAntiSpyware on the links below.
  MBAM
  SUPERAntiSpyware
  If you can install them, run full scans with both these utilities - if any malware is detected, remove/quarantine it and run the scan again until both applications come back clean.
  Regards,
  DP-K
  ****Click the White thumb to say thanks****
  ****Please mark Accept As Solution if it solves your problem****
  ****I don't work for HP****
  Microsoft MVP - Windows Experience

• Trying to interconnect Catalyst 4506 (IOS) & Catalyst 6509 (CatOS) using FS

  Hey all,
  I'm currently having a problem interconnecting a Catalyst 4506 using IOS and a Catalyst 6509 using CatOS via FSO. The FSO is all setup and they show that they are talking but when we plug the fiber optic cables into the switches, we get a notconnect status on the switches. The link lights on both switches don't light up either. I have configured both sides as follows
  6509 (the Gigabit Port is 2/6):
  set port negotiation 2/6 disable
  set trunk 2/6 nonegotiate dot1q 1-1005,1025-4094
  4506 (the Gigabit Port is 1/1):
  interface GigabitEthernet 1/1
  switchport trunk encapsulation dot1q
  switchport mode trunk
  switchport nonegotiate
  speed nonegotiate
  We were told by the FSO company that both ends must turn off negotiation in order for it to work. On the end with the Catalyst 6509, I have tried plugging another known working fiber optic line into the 2/6 port and the link light lights up so we know that the port isn't broken. Any ideas? I am lost.
  Background:
  We currently have a T1 line that serves as a point to point between the two buildings. We were trying to get rid of it and go with Free Space Optics (FSO) to increase bandwidth between the two buildings. We have 5 VLANs on each side (on the 4506 side, Vlans 110, 120, 132, 140, & 104 and on the 6509 side, Vlan 10, 20, 32, 40, 4) and the point to point is on the 200 network to interconnect the switches.

  Hie David,
  Just to start with are we sure that Rx of one switch terminates on Tx of other and vice versa. The fiber cable which is plugged in the trnasmitter of one switch must go to the receiver of another switch. You can just try swapping the TX and RX points at one switch.
  I doubt this because as you have said even the link light is not coming up.

• APEX and ORA-24247: network access denied by access control list (ACL)

  Hi,
  I try to send email with APEX.
  I have enter the parameters of my mail server and activate the email on my application.
  I have follow the APEX installation guide and apply the script given in the "Granting Connect Privileges" section.
  When I try to send email or make a subscription, I don't receive any email and can see this error in the table "WWV_FLOW_MAIL_LOG"
  +"MAIL_TO","MAIL_FROM","MAIL_REPLYTO","MAIL_SUBJ","MAIL_CC","MAIL_BCC","MAIL_SEND_ERROR","LAST_UPDATED_BY","LAST_UPDATED_ON","SECURITY_GROUP_ID"+
  +"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",05/03/12,3210210578052219+
  +"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",05/03/12,3210210578052219+
  +"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",05/03/12,3210210578052219+
  +"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",05/03/12,3210210578052219+
  +"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",24/02/12,3210210578052219+
  +"[email protected]","[email protected]","[email protected]","Suivi de Besoins","","","ORA-24247: network access denied by access control list (ACL)","SYS",05/03/12,3210210578052219+
  Do you see what is wrong in my configuration ?
  I use APEX 4.1, Oracle 11g.
  The script that I have apply is :
  DECLARE
  ACL_PATH  VARCHAR2(4000);
  ACL_ID    RAW(16);
  BEGIN
  -- Look for the ACL currently assigned to '*' and give APEX_040100
  -- the "connect" privilege if APEX_040100 does not have the privilege yet.
  SELECT ACL INTO ACL_PATH FROM DBA_NETWORK_ACLS
  WHERE HOST = '*' AND LOWER_PORT IS NULL AND UPPER_PORT IS NULL;
  -- Before checking the privilege, make sure that the ACL is valid
  -- (for example, does not contain stale references to dropped users).
  -- If it does, the following exception will be raised:
  --+
  -- ORA-44416: Invalid ACL: Unresolved principal 'APEX_040100'
  -- ORA-06512: at "XDB.DBMS_XDBZ", line ...
  --+
  SELECT SYS_OP_R2O(extractValue(P.RES, '/Resource/XMLRef')) INTO ACL_ID
  FROM XDB.XDB$ACL A, PATH_VIEW P
  WHERE extractValue(P.RES, '/Resource/XMLRef') = REF(A) AND
  EQUALS_PATH(P.RES, ACL_PATH) = 1;
  DBMS_XDBZ.ValidateACL(ACL_ID);
  IF DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE(ACL_PATH, 'APEX_040100',
  +'connect') IS NULL THEN+
  DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(ACL_PATH,
  +'APEX_040100', TRUE, 'connect');+
  END IF;
  EXCEPTION
  -- When no ACL has been assigned to '*'.
  WHEN NO_DATA_FOUND THEN
  DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('power_users.xml',
  +'ACL that lets power users to connect to everywhere',+
  +'APEX_040100', TRUE, 'connect');+
  DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL('power_users.xml','*');
  END;
  +/+
  COMMIT;
  Thanks for your help,

  Hi,
  You need to grant privilege to the user.
  i.e add principal
  You can use script :
  DECLARE
  ACL_ID   RAW(16);
  CNT      NUMBER;
  BEGIN
  -- Look for the object ID of the ACL currently assigned to ''*
  SELECT ACLID INTO ACL_ID FROM DBA_NETWORK_ACLS
  WHERE HOST = '' AND LOWER_PORT IS NULL AND UPPER_PORT IS NULL;*
  -- If just some users referenced in the ACL are invalid, remove just those
  -- users in the ACL. Otherwise, drop the ACL completely.
  SELECT COUNT(PRINCIPAL) INTO CNT FROM XDS_ACE
  WHERE ACLID = ACL_ID AND
  EXISTS (SELECT NULL FROM ALL_USERS WHERE USERNAME = PRINCIPAL);
  IF (CNT > 0) THEN
  FOR R IN (SELECT PRINCIPAL FROM XDS_ACE
  WHERE ACLID = ACL_ID AND
  NOT EXISTS (SELECT NULL FROM ALL_USERS
  WHERE USERNAME = PRINCIPAL)) LOOP
  UPDATE XDB.XDB$ACL
  SET OBJECT_VALUE =
  DELETEXML(OBJECT_VALUE,
  *'/ACL/ACE[PRINCIPAL="'||R.PRINCIPAL||'"]')*
  WHERE OBJECT_ID = ACL_ID;
  END LOOP;
  ELSE
  DELETE FROM XDB.XDB$ACL WHERE OBJECT_ID = ACL_ID;
  END IF;
  END;
  REM commit the changes.
  COMMIT;
  Or you need to add privilege to specific user/schema using following script:
  BEGIN
  DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE (
  acl          => 'aclfilename.xml',
  principal    => 'databaseuser',
  is_grant     => TRUE,
  privilege    => 'connect',
  position     => null);
  COMMIT;
  END;
  Please execute this code after connect as sysdba user.
  Thanks & Regards,
  Jaydipsinh Raulji
  Web: [www.oracleapexconsultant.com|www.oracleapexconsultant.com]