Example of ISG PBHK configuration
Could anyone share an example of ISG's PBHK configuration, pretty please?
i'm facing an issue when applying PBHK within the subscriber policy. Here is what i do:
policy-map type service PBHK
ip portbundle
policy-map type control ISG
class type control always event session-start
1 service-policy type service name PBHK
10 service-policy type service name S_L4R
class type control always event session-restart
1 service-policy type service name PBHK
10 service-policy type service name S_L4R
class type control always event account-logon
10 authenticate aaa list RAD_SRV
access-list 100 permit ip any host 192.168.8.227
ip portbundle
length 5
match access-list 100
source GigabitEthernet2
interface GigabitEthernet1
description endhosts
ip address 192.168.0.254 255.255.255.0
ip helper-address vrf SRV 192.168.8.228
service-policy type control ISG
ip subscriber l2-connected
initiator unclassified mac-address
interface GigabitEthernet2
description server-dhcp-int_gw
vrf forwarding SRV
ip address dhcp
ip portbundle outside
When i enable the network interface on the end host i see whole bunch of debug messages saying:
Portbundle Hostkey: Apply inbound direction from Service Profile configuration
Portbundle Hostkey[uid:33]: No free port-bundles - feature failed
Portbundle Hostkey[uid:33]: Key update: remove port-bundle 0.0.0.0:0
Portbundle Hostkey[uid:33]: Sent a PBHK session key remove
How can it be out of ports, if none of them are used?
ISG#show ip portb sta
Bundle-length = 5
Bundle-groups: -
IP Address Free Bundles In-use Bundles
192.168.8.230 2016 0
Hi Arseniy,
I think the issue here may be that the PBHK source interface is in a VRF (SRV) different than the VRF of the interface where subscriber arrives (global).
I would suggest to change the PBHK source to use an interface not in a VRF. Perhaps use a loopback interface for that. You should still be able to configure ' ip portbundle outside' on the desired interface in VRF SRV.
Hope this helps.
Similar Messages
-
dear all
I want to configure classes for Internet users, who has download limit e.g. 1GB
after finish his quoita his band with will dropdown on 64Kbps for certain period.
than disconnect the user.
AAA configuration
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin-top:0in;
mso-para-margin-right:0in;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0in;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
aaa group serverradius AAA-SERVERS
server <IP Address> auth-port 1812acct-port 1813
aaa authentication login default local
aaa authentication login WEB_LOGON group AAA-SERVERS
aaa authentication ppp default group AAA-SERVERS
aaa authentication ppp AAA-SERVERS group AAA-SERVERS
aaa authorization network default group radius local
aaa authorization network radiusgroup group AAA-SERVERS
aaa authorization network PREPAID_AUTHOR_LIST group AAA-SERVERS
aaa authorization subscriber-service default group AAA-SERVERS
aaa accounting delay-start all
aaa accounting update periodic 5
aaa accounting network default start-stop group AAA-SERVERS
aaa accounting network AAA_ACCNT_LIST start-stop group AAA-SERVERS
aaa accounting network AAA_ACCNT1 start-stop group AAA-SERVERS
aaa accounting connection default start-stop group AAA-SERVERS
aaa accounting system default start-stop group AAA-SERVERS
please help me to solve this issue...
vikasdear allI want to configure classes for Internet users, who has download limit e.g. 1GBafter finish his quoita his band with will dropdown on 64Kbps for certain period.than disconnect the user.AAA configurationaaa group serverradius AAA-SERVERS
server auth-port 1812acct-port 1813
aaa authentication login default local
aaa authentication login WEB_LOGON group AAA-SERVERS
aaa authentication ppp default group AAA-SERVERS
aaa authentication ppp AAA-SERVERS group AAA-SERVERS
aaa authorization network default group radius local
aaa authorization network radiusgroup group AAA-SERVERS
aaa authorization network PREPAID_AUTHOR_LIST group AAA-SERVERS
aaa authorization subscriber-service default group AAA-SERVERS
aaa accounting delay-start all
aaa accounting update periodic 5
aaa accounting network default start-stop group AAA-SERVERS
aaa accounting network AAA_ACCNT_LIST start-stop group AAA-SERVERS
aaa accounting network AAA_ACCNT1 start-stop group AAA-SERVERS
aaa accounting connection default start-stop group AAA-SERVERS
aaa accounting system default start-stop group AAA-SERVERSplease help me to solve this issue...vikas
Hi Vikas,
Try Configure rate limits based on access list and interface and apply them to the ports or to VLAN's:
rate-limit input access-group 130 1000000 16000 24000 conform-action transmit exceed-action drop
rate-limit output access-group 130 1000000 16000 24000 conform-action transmit exceed-action drop
Then your acl should define the traffic to limit. The above command will limit to 1Mb with a little bursting ability.
Hope to Help !!
Ganesh.H
Remember to rate the helpful post -
Can anyone give an example of how to configure a DataSource using Mysql driver?
thanks in advance.
Hi Jack,
I don't have an answer for you -- just some suggestions.
Yes, I know it's a silly question, and please excuse me, but have
you looked at the documentation? I think this web page will be relevant:
http://otn.oracle.com/docs/products/ias/doc_library/90200doc_otn/web.902/a95879/ds.htm#1004903
The following web sites may also be useful (if you haven't already
looked at them, of-course :-)
http://www.orionserver.com
http://www.orionsupport.com
http://www.atlassian.com
http://www.elephantwalker.com
Good Luck,
Avi. -
NEED EXAMPLE AD INTEGRATION CONFIGURATION ON ACS 3.3, 5.3
Hi,
Please give example of Active directory configuration related to radius in Windows server 2003.
The same way need Step by step to AD configuration in ACS.
Please help on this. I searched alot but not getting any exact docs which say both of these things.
I need to configure End User (Wireless or L3 Device) --> ACS --> LDAP for Authentication
Regards,
SakthivelBefore you integrate ACS 5.x to the AD, ensure that the TimeZone, Date & Time on the ACS matches with that on the AD primary domain controller. Also, define the DNS server on the ACS in order to be able to resolve the domain name from the ACS 5.x. Complete these steps in order to configure ACS 5.x Application Deployment Engine (ADE-OS):
Please follow the below link for step by step configurations because it's not possible to paste here full steps:
http://www.cisco.com/en/US/products/ps9911/products_configuration_example09186a0080bc6506.shtml -
"XI demo examples must be configured before first use"
Trying to execute the "Checking Flight Seat Availability" (Proxy-to-Proxy Communication) in Client 105 but there seems to be a problem. A new SAP screen states "XI demo examples must be configured before first use, Read the documentation under Help - Application Help", and unfortunately there is no content in the Help either. I am 100% sure that the example have been properly configured according to the Configuration Guide but obviously I have missed something. The BSP application in the SAP system of the Integration Server (client 105) has been activated.
Hi,
please check the following link.
http://help.sap.com/saphelp_erp2005/helpdata/en/ae/fd773f12f14a18e10000000a114084/frameset.htm
Please note the following points from SAP help. please note the sentence in bold wich states that you must create the configuration objects yourself. Since different customers have different requirements in an integration scenario, Integration Directory content is not shipped. It is the task of consultants and administrators to configure the data in the Integration Directory at the customer site
The features of the demo examples include several complete integration scenarios and comprise the following parts:
· Design objects in the Integration Repository
The design objects are defined and shipped by SAP.
· Configuration objects in the Integration Directory
You must create the configuration objects yourself. SAP provides comprehensive recommendations to help you.
· Example applications
SAP has implemented example applications for the communication parties involved. These example applications also contain user interfaces. You use these to execute the demo examples.
· Configuration guide
Detailed configuration instructions for the standard configuration recommended by SAP are available for the demo examples. These describe all the steps required to configure the demo examples in detail. A basic knowledge of Process Integration is sufficient to be able to make the relevant configuration settings.
· Documentation
Besides the detailed configuration instructions, additional documentation is also available. This also describes how to use the individual demo examples and explains the technical concepts addresse
Please award points for helpful answer.
thanks
sharmistha -
CUCM Session Management Edition Configuration Example
Hello:
Can somebody help with an example of configuration of the session management edition installed in a CUCM version 9 that has to be the central for dial plans and pstn access, it has work with other CUCMs version 9 (leafs)......i will appreciate if you can send an example or even a configuration guide, deployment guide, etc....
Best Regards
Bruno LaraYou can find a lot of into on it if you search cisco.com
https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=6107&tclass=popup
Basically think of it as a GK in old terminology, it will aggregate all the dial plans and you will direct anything you don't recognize to it for routing. -
Looking for WebVPN Configuration Examples
I am looking for examples of VPN Concentrator configurations that provide access to Citrix and applications on the network. I have our intranet and e-mail access working. Any assistance will be appreciated.
Lou KirtLou,
Version 4.7 of the software for the concentrator has support for Citrix with WebVPN. Here is a link to the release notes that describes setting up the concentrator for support.
http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3000/4_7/47con3k.htm#wp499765
Steve -
PPoe configuration in asa 5505
hi all,
I want to know the ppoe configuration in asa5505 firewall. IN my office i have a asa5505 and i get conncetion from local isp which is nothing but ppoe connection so how to do this.
regards
aslam mohammadHi Aslam,
The ASA configuration guide shows examples on how to configure PPPoE on the ASA:
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/vpn_pppoe.html#wpxref85837
-Mike -
How To Get the Properties in the Configuration File
I have a configuration file in the class path. the content of the file rough looks like below:
DISABLE_PASSWORDLESS_AUTH = true
REQUIRE_ACTIVATION = false
ENABLE_RSS = true
ENABLE_WATCH = true
ENABLE_ATTACHMENT = true
MAX_ATTACHMENT_SIZE = 1024
ENABLE_LOGIN_INFO_IN_SESSION = true
ENABLE_LOGIN_INFO_IN_COOKIE = true
ENABLE_LOGIN_INFO_IN_REALM = false
ENABLE_LOGIN_INFO_IN_CUSTOMIZATION = falseHow do I write Java code to pick up the value of the property; for example, ENABLE_RSS, in the configuration file?One slight correction:
String path = "/path/to/topOfClassPath/";
InputStream is = getClass().getResourceAsStream(path + "properties.conf");jfbriere's code would try to load the properties from the same location in the ClassPath (e.g. package) from where the class is located. Got bit by that one more than once. I usually try to locate items like this in a "/resources" package located at the "top" of the ClassPath so I always know where they are and use a fully qualified path to load them - e.g.
getResourceAsStream("/resources/application.properites"); -
How to configure an jms adapter to use ActiveMQ?
Does anyone have an example of how to configure an jms adapter of oracle esb
for third party JMS provider to use ActiveMQ?
I had done something as follow:
1、add activemq shared-library in $SOA_INSTANCE/config/service.xml
2、config a jms adapter fro third party use paramter:
java.naming.factory.initial org.apache.activemq.jndi.ActiveMQInitialContextFactory
java.naming.provider.url tcp://10.20.30.26:61615
but I got a error:ERRJMS_CONN_FAC_NOT_FOUND.
Caused by: javax.naming.NameNotFoundException: org.apache.activemq.ActiveMQConnectionFactory
at org.apache.activemq.jndi.ReadOnlyContext.lookup(ReadOnlyContext.java:225)
at javax.naming.InitialContext.lookup(InitialContext.java:351)
at oracle.tip.adapter.jms.JMS.JMSFactory.jndiLookup(JMSFactory.java:237)
at oracle.tip.adapter.jms.JMS.JMSConnectionFactoryFactory.getConnectionFactory(JMSConnectionFactoryFactory.java:138)
... 51 more
what should I do? can someone give me a detail resolvent?I also had done as follows:
1、add activemq shared-library to shared-library named "oracle.esb" in server.xml :
<shared-library name="oracle.esb" version="10.1.3">
<import-shared-library name="apache.activemq"/>
</shared-library>
2、add in $SOA_INSTANCE\j2ee\soa\application-deployments\default\JmsAdapter\oc4j-ra.xml
<imported-shared-libraries>
<import-shared-library name="apache.activemq"/>
</imported-shared-libraries> -
Problem with SCs that created before the Name Server was configured
Hello,
I have created an SC and developed it.
When I created it, the Name Server wasn't configured and because of that, when I created new DC for this SC I needed to write the vendor manually. Lets assume I wrote example.org.
Sometime after I did configured the Name Server and I reserved example.org as a namespace prefix.
When I create new SC and new DCs in it everything is OK: Instead of writing example.org as my vendor I can choose from a combo box between sap.com and my own which is example.org.
The problem arises with the SC that has been developed before the Name server was configured: If I create new DC for it the vendor is shaded with sap.com inside with no option to change it, even though the previous DCs for this SC were created under the vendor example.org (which I entered manually).
I assume I can (with a lot of manual work) create new SC and move the DCs (or only their code) to the newly created SC, where I have the option to choose, but I am looking for more simpler solution. For example, changing a certain configuration file at the SC or so.
Anyone has an idea?
Thank you in advance,
RoyAnyone...?
-
Package and deploy Photoshop presets with Configurator panels ?
Hi,
is there any functionality available in either Configurator or the Extension Manager that might allow me to package and install some Photoshop presets (brushes, shapes, scripts etc) when I create a ZXP file ?.
I work as an educator, and really like the idea that the Panels can be deployed so easily by novice users. It would be particularly useful if I could also add some content to the presets folder at the same time as installing a Panel.
ThanksAn example on how to configure the mxi file for installing your personal items ( as an example i use burshes) :
1-Create a new folder inside the directory : Adobe Extension Manager/Samples/ and call it Photoshop
2-go to Adobe Extension Manager/Samples/Dreamweaver/
copy the DreamweaverBlank.mxi file, past it in the Photoshop folder you Have created and rename it PhotoshopBlank.mxi
You will keep this file as a template.
3-open the file you renamed with a text editor
make the modifications you see below and save it with a nameyoulike.mxi (without spaces)
<macromedia-extension
name="name you want"
version="number you want"
The description above will appear in extension manager
type="command">
<!-- Describe the author -->
<author name="your name" />
<!-- List the required/compatible products -->
<products>
<product name="Photoshop" version="version" primary="true" />
</products>
instead of dreamweaver write Photoshop, and change also the version
( for example Photoshop CS4 is version 11.0, CS5 is version 12.0)
That will target photoshop as program where to install your brush
<!-- Describe the extension -->
<description>
<![CDATA[
write a description of the presets you are installing, this will appear in Extension Manager.
]]>
</description>
<!-- Describe where the extension shows in the UI of the product -->
<ui-access>
<![CDATA[
write a description of where the presets you are delivering will be installed in PS.
]]>
</ui-access>
<!-- Describe the files that comprise the extension -->
<files>
<file name="Your brushes' name.abr" destination="$presetsfolder/brushes" />
<file name="Your brushes' name2.abr" destination="$presetsfolder/brushes" />
<file name="Your brushes' name3.abr" destination="$presetsfolder/brushes" />
</files>
describe the file that will be packaged and the path destination folder
<!-- Describe the changes to the configuration -->
<configuration-changes>
</configuration-changes>
</macromedia-extension>
4- place your Your brushes' name.abr /Your brushes' name2.abr /Your brushes' name3.abr
near the mxi file you have edited and personalized with the same brushes'name
5- launch Extension Manager CSxx , go to File>Package Extension and go to Adobe Extension Manager/Samples/ Photoshop and choose your nameyoulike.mxi
If you want to target a different folder than Presets where to install your item see attribute in the pdf link
NOTE:
if you want to install your items ( the brushes in this example) toghether the the installation of your panel you have to edit the .mxi panel file and adding only the part that " Describe the files that comprise the extension":
<file name="Your brushes' name.abr" destination="$presetsfolder/brushes" />
May be you can now deploy your panel and items immediately and have time to read more in the pdf when you'll have time -
Deleting an entry in an IDM Configuration Object
Does anyone know of a way using Express or Express/Java to delete an entry in an IDM configuration object (not the configuration object itself)? For example, if an IDM Configuration object has a Hashmap with 6 entries and we want to delete entry number 4, is there a way to do this? Thanks!
Hi Mohammed,
Are you really facing authorization issue or you mention to say that the delete option in grey out.
Generally, it won't allow you to delete the entries in TCOLL table.
Steps to delete entry in a table:
1.) First, you have to select the entry and press display.
2.) Enter in debugging mode by pressing /h.
3.) For code variable it will be CODE="show". Change show to DELE and press F8(Execute).
4.) Now the delete button will be enabled. After deleting, go out of T-code and again enter into SE16 and check the table TCOLL.
Regards
Sudhir Sadhu -
Read a configuration file or add a property in a global configuration file
Hello people,
Anyone has a tip in order to get a String to identify the environment (u201Cdevelopmentu201D, u201Cqau201D or u201Cproductionu201D) that a component is running?
I was thinking in use the server name to associate each one with respective environment but this idea seems workaround.
Another idea was to insert a configuration file (or insert only a property in a configuration file existent in Netweaver Web AS) in order to get and change this information according the respective environment.
Could anyone help me how to solve this issue?
Regards,
CleitonHi Satyajit,
Iu2019d like to know if is possible change the u201CWeb Dynpro Application Propertyu201D by visual administrator, for example or changing some configuration file. Because we are using the CMS then Iu2019m not interested in change it by NWDS, compile and deploy a different package in each environment. Do you know how to change it easy?
About the solution with query string, I didnu2019t like so much, I could use the portal to pass this information, however I will need define this information in all iView in each respective environment.
Regards,
Cleiton -
Hello all
Currently all of our mailboxes are located in O365. Our MX records point to EOP, and we have Centralized mail transport enabled. This means that all emails sent from mailboxes in O365 are
routed from EOP to On-prem, and then from on-prem to the intended recipient. The email flow is below. From my understanding when a transport rule exist in EOP that has a address space of * (all domains) that this transport rule will take precedence over all
other transport rules. Example is if i create a transport rule that uses MX record lookup to send emails to Yahoo.com, and i also have a transport rule that has an address space of * and uses a smarthost, the email sent to Yahoo.com will be sent using
the connector that has an address space of *. Also as i said earlier all mailboxes are hosted in O365, if i need to send forced TLS to a certain domain, and because we have Centralized mail transport enabled then where should i configure the forced TLS?
it doesn't make sense to try and configure this in EOP because all emails go through on-prem first. If you look at my below routing hops the last hop the email takes before it leaves the environment is the Symantec SMG servers. I think this is where
i would need to configure foreced TLS to external domains.
user in O365 sends email to @gmail.com
EOP----->on-prem Hybrid Server------->Symantec SMG server------->@Gmail.com
Bulls on ParadeThank you. One more question for you. Regarding the sending server, do the names in the cert (CN) also need to be available on the internet? example send connector is configured to use forced TLS to BofA.com the send connectors that used to send email to
BofA.com cert is a self signed cert. Does the Receiving server at BofA.com need to verify the name in the cert that was used to send the email to BofA.com ?
Thank you again
Bulls on Parade
Maybe you are looking for
-
Progress Bars in File Upload Behavours
Progress Bars in File Upload Behavours would be great.
-
Inter Company Reconcilation & inter branch Reconcilation
how can we do the inter company reconcilation,inter branch reconcilation,sales ledger reconcilation,purchase ledger reconcilation,
-
IMovies keeps crashing in Yosemite
Hi Folks, Has any one recently upgraded to Yosemite OS and are having problems with iTunes and iMovies crashing when you open the program? It doesn't even log in, I only get the Problem Report for iMovie box. Any suggestions are welcome. Cheers!
-
Duplicate Accounts merging in Interaction center
Hi, I created 2 acounts with same data like adress postal code and country etc.when i am trying to merge log in with interaction centre agent.it is showing merging option after click on merge screen is disappeared there is no message like accounts me
-
Problems in deploying in Forte to RI and DB2
Hi, I have created database in DB2 7.1. Its usuing the JDBC 2.0 drivers. I am accessing the database from a different machine, thus am using the net driver. I can see the database and get the schema I want. All is ok until deployment: Sender object D