Fine tuning the logging to cisco device
Dear Netpro Community,
I am trying to fine tune the AAA portion on the cisco device
Here is my current configuration:
aaa new-model
aaa authentication login default group radius local
aaa authentication enable default group radius enable
If the radius server is offline, the first level is not a problem. However, the issue occurs if I want to go to enable mode. It will not use the enable password defined locally, but instead it will go to and search for radius server for authentication.
Debug:
test_switch>en
Password:
01:05:15: RADIUS: Authenticating using $enab15$
01:05:15: RADIUS: ustruct sharecount=1
01:05:15: RADIUS: Initial Transmit tty0 id 44 x.x.x.x:1812, Access-Request,
len 72
01:05:15: Attribute 4 6 AC10E10F
01:05:15: Attribute 5 6 00000000
01:05:15: Attribute 61 6 00000000
01:05:15: Attribute 1 10 24656E61
01:05:15: Attribute 2 18 69ABFDF8
01:05:15: Attribute 6 6 00000006
01:05:20: RADIUS: Retransmit id 44
01:05:25: RADIUS: Retransmit id 44
01:05:30: RADIUS: Retransmit id 44
Password:
01:05:35: RADIUS: Marking server x.x.x.x:1812,1813 dead
01:05:35: RADIUS: Tried all servers.
01:05:35: RADIUS: No valid server found. Trying any viable server
01:05:35: RADIUS: Tried all servers.
01:05:35: RADIUS: No response for id 44
01:05:35: RADIUS: No response from server
% Password: timeout expired!
% Error in authentication.
How do I ensure that i can access the switch in privilege mode if there is no path to the radius server?
Jagdeep:
With the default "radius-server retransmit" value, there are (potentially) three retransmissions that may occur if the RADIUS server doesn't respond to the first request. With a 1 sec. "radius-server timeout", this provides a four second window of opportunity for a successful response.
If he doesn't want to use a "radius-server timeout" as low as 1 sec. (per your concern), he can use the "radius-server retransmit" command to constrain (to a reasonable period) the time required to mark an MIA RADIUS Server as dead.
e.g.:
radius-server host aaa.bbb.ccc.ddd auth-port 1812 acct-port 1813 timeout 2 retransmit 1 key xxxxxxxxxx
Contrary to your statement, your approach and mine are trying to facilitate the same thing, i.e.: accommodating fall back to the enable method prior to login timeout.
However, your recommendation only results in a successful login after 20+ sec., due to postponement of fall back, resulting from the 20 sec. spent determining that the MIA RADIUS Server is dead.
I don't ever want to wait 20+ sec. for a login, and don't find it necessary to wait that long to conclude that an AAA server is MIA.
Similar Messages
-
How to guide for Fine tuning the performance of SAP EP
All,
Could anyone please let me know where to locate the how to guide for fine tuning the performance of the SAP Enterprise Portal?
thanks,
~Lhi leena,
Look into these threads...
https://www.sdn.sap.com/irj/sdn/thread?threadID=119605
https://www.sdn.sap.com/irj/sdn/thread?threadID=101325
Also see,
<a href="https://websmp103.sap-ag.de/~form/sapnet?_SHORTKEY=00200797470000073623&_OBJECT=011000358700001480992005E">this link</a>
https://media.sdn.sap.com/public/eclasses/bwp04/PortalTuning_files/Default.htm
Regs,
jaga
Message was edited by: jagadeep sampath -
Fine Tuning The Enterprise Portal
Hello world
Currently i am searching about the best ways to fine tune our E Portal the below Info are the results of my search so far.
Hope They Help You and please share any knowledge you have around this area.
Tuning The E-Portal
1-Tunable Parameters of SAP Web Application Server (JAVA)
:Reducing the Network Traffic -From the Config Tool window,
select: <instance> + services + http, and change the
value of the following properties:
-NeverCompressed: delete this values --> *.css, *.pdf, *.js, image,
application/pdf, text/JavaScript
-CacheControl: 604800
Servlet_js p
-EnableChunkedResponse: True
-MinimumGZipLength: 1024
2-SAP Web Application Server (Java) Monitoring Server
Adjusting Log Severity Levels
- re adjust the severty from ALL to ERROR
3-Disabling the Distributed Statistics Service
1.Run\usr\sap\<system_number>\JC<instance_id>\j2ee\configtool
\offlinecfgeditor.bat
2. Select Configurations -> cluster_data -> server -> cfg -> services->
Propertysheet dsr-runtime -> <edit-button> -> startup-mode ->
3. Select Custom and enter manual, and then select Apply custom .
4. Restart the cluster.
4- PRT Configuration
\usr\sap\<system_id>\JC<instance_number>\j2ee\cluster\server<number>\apps\sap.com\irj
\servlet_jsp\irj\root\WEB-INF\portal\system\properties
SET
-async.response.pool.size=100
-PRT monitor monitor.off=false
-Log on to the portal as an administrator, and navigate to:
System Administration -> Monitoring -> Portal
-> Components Overview System Administration ->Monitoring ?? Portal ?? Threads Overview
to help you identify bottlenecks in performance.
5-Tuning the Application Server
- Configuring JVM parameters on AS Java
Set <-XX:SoftRefLRUPolicyMSPerMB=1000> (from default 1)
- Avoiding session leaks - Tracing Single User Sessions
- Tuning HTTP Provider Service
-Enabling production mode
6-Java Memory Analyzer Tool
-Install Java Memory Analyzer Tool MAT
- run performance reports using Solution Manger // this only work if you have running solution manger on your system
If You Have Any Tips Please Share
Regards,
Ahmed SalamDear Ashish,
From the Config Tool window --> Servlet_js p Tap
-EnableChunkedResponse: True
-MinimumGZipLength: 1024
Read carfuly and you will find the answers
Hope it helped
Regards,
Ahmed Salam. -
Inputs for Fine tuning the program
Hi All,
Following code is taking lot of time... No i need to fine tune the same ,,,
Please give some inputs..
SELECT VBELN INTO VBUK-VBELN FROM VBUK
WHERE ( CMGST EQ 'B' OR CMGST EQ 'C' )
AND VBELN IN S_VBELN.
SELECT * FROM VBAP WHERE VSTEL IN SHP_PT
AND VBELN EQ VBUK-VBELN
AND VKGRU '101'.
SELECT VBELN POSNR EDATU FROM VBEP
INTO (VBEP-VBELN,VBEP-POSNR,VBEP-EDATU)
WHERE VBELN EQ VBAP-VBELN AND POSNR EQ VBAP-POSNR
AND LFREL EQ 'X' AND BMENG GT 0
AND EDATU BETWEEN DATE_LOW
AND DAT_HIGH
ORDER BY EDATU VBELN POSNR.
CLEAR LIPS.
PERFORM APPEND_DATA_TO_ITAB1 TABLES ITAB1
USING VBEP-VBELN VBEP-POSNR
VBEP-EDATU LIPS-VBELN
LIPS-POSNR vbap-VSTEL.
ENDSELECT.
ENDSELECT.
ENDSELECT.
Regards,
Chan
Moderator message: Please Read before Posting in the Performance and Tuning Forum
Edited by: Thomas Zloch on Nov 24, 2010 1:17 PMHI,
Remove the select endselect the select all the entries into internal table then from tat internal table select by using for all entries into another internal table. for eq -
IF NOT s_vbeln[] IS INITIAL.
SELECT vbeln cmgst
INTO TABLE itvbuk
FROM vbuk
WHERE vbeln IN s_vbeln.
DELETE itvbuk WHERE cmgst NE 'B' AND cmgst NE 'C' .
ENDIF.
IF NOT itvbuk[] IS INITIAL.
SELECT *
FROM vbap
INTO TABLE itvbap
FOR ALL ENTRIES IN itvbuk
WHERE vbeln EQ itvbuk-vbeln.
DELETE itvbap WHERE vkgru NE '101' AND NOT vstel IN shp_pt.
ENDIF.
Like wise modify the logic and check the secondary index is available for the where clause which you will be specifing.
Regards,
Madhukar Shetty -
My apple extreme wireless network is working fine with two Macs but ios devices (iPhone & iPad) will not connect. I can see the network and it's telling me I'm connected but Safari says I'm not connected to the internet. Everything was working until the ISP went down. Any suggestions?
Thank you, I've tried the support tips (resetting the network, checking security settings, etc.) and rebooting the network devices several times to no avail. I've actually been working on this for several days (when I can afford to have the network down).
What I have to determine is what has changed in the setup...from when it WAS working just fine with all devices. -
FIne Tuning the Cisco Prime Alarms
HI Expert,
One of our client having Cisco Wireless LAN infrastructure with Cisco Prime. Currently they are getting more alarms (minor) on their environment.
They would like to modify the Alarm pattern / threshold to minimise the Alarms pop-up in prime. Could you please advise me how we can modify this ?
Also do Cisco having any documents for how to fine tune ?
Thank you.
-AnanthanHi
Here's the document for the customization of alarms.
Configuring Alarm Severity Levels
A newly generated alarm has a default severity level that you might want to change.
To configure an alarm’s severity level, follow these steps:
Step 1 Choose Administration > System Settings.
Step 2 From the left sidebar menu, choose Severity Configuration.
Step 3 Select the check box of the alarm condition whose severity level that you want to change.
Step 4 From the Configure Security Level drop-down list, choose a severity level, then click Go.
Step 5 Click OK to confirm the changes.
Configuring Alarm Severity Levels
http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-2/user/guide/pi_ug/alarms.html#pgfId-1054721
- Ashok
Please rate the useful post or mark as correct answer as it will help others looking for similar information -
I have a Airport Extreme that is dropping the wireless signal alot (several times a day) The green light will go amber, but the internet service is still ok if your using an ethernet cable directly plugged in. When the light goes amber all devices that is using wireless will lose there wireless icon. The only way to get the green light back is to unplug the Airport device and replug it back in. I tried the reset on the back but still no luck. What is the fix?
Let's see if I can get this straight.
You have an Airport Extreme base station that is set to "Create a wireless network" and you have the box checked for "allow this network to be extended"....
Then you have an Airport Express that is set to "Extend a wireless network" which you selected the name of your network in the box...
Correct?
See this Apple document:
http://support.apple.com/kb/HT4259?viewlocale=en_US&locale=en_US
The wireless unit on the right of the diagram can be either of the newer Apple base stations.
Extreme, Express, Time Capsule -
Fine-tuning the appearance of JFileChooser
I have what I hope is a simple question:
I'm creating a customized JFileChooser. One of the cool things it does is it displays its own custom icons for the files. These icons are a bit bigger than the standard icons for my look-and-feel (Linux default LandF, whatever that is, in Java 1.5). These icons are about 45 pixels high. They look GREAT when viewing in the "icon" view, but when the user switches to the "list" view, they draw on top of eachother. Somehow JFileChooser doesn't know to leave more space.
Any suggestions on this?
And the other question, which I'm sure is a FAQ but I can't find it: I also have a file filter on this JFileChooser, and yet it gives the user the option of changing to "view any file type". Is there a way to turn that off? I really want to constrain what my users are doing.
Thankshi leena,
Look into these threads...
https://www.sdn.sap.com/irj/sdn/thread?threadID=119605
https://www.sdn.sap.com/irj/sdn/thread?threadID=101325
Also see,
<a href="https://websmp103.sap-ag.de/~form/sapnet?_SHORTKEY=00200797470000073623&_OBJECT=011000358700001480992005E">this link</a>
https://media.sdn.sap.com/public/eclasses/bwp04/PortalTuning_files/Default.htm
Regs,
jaga
Message was edited by: jagadeep sampath -
I am using two cursors in my Pro*C applicatioin
exec sql declare cur_open_act cursor for
select distinct d.member_number,
a.account_number,
a.registration_type,
f.registration_desc,
a.office_code,
a.open_flag,
a.date_opened,
a.state,
a.restriction_code,
a.restriction_date,
nvl(c.book_shares, 0) +
nvl(c.memo_book_shares, 0) +
nvl(b.non_company_sweep_balance, 0) +
nvl(a.cash_td_balance, 0) +
nvl(a.cash_sd_balance, 0) +
nvl(a.margin_td_balance, 0) +
nvl(a.margin_sd_balance, 0)
) as balance
from br_accounts a,
(select account_number,
sum(sweep_td_balance) non_company_sweep_balance
from br_sweep_accounts
group by account_number) b,
stars_accounts c,
br_member_accounts d,
br_office_codes e,
company_registration_types f
where a.account_number = b.account_number (+)
and a.account_number = d.account_number
and a.sweep_fund_number = c.fund_number (+)
and a.sweep_account_number = c.account_number (+)
and a.registration_type = f.registration_type (+)
and a.office_code = e.office_code
and a.open_flag='Y'
and d.relationship_code in ('PRI','RET','TTE')
and e.managed_product_ind != 'Y';
exec sql declare cur_close_act cursor for
select distinct d.member_number,
a.account_number,
a.registration_type,
f.registration_desc,
a.office_code,
a.open_flag,
a.date_opened,
a.state,
a.restriction_code,
a.restriction_date,
nvl(c.book_shares, 0) +
nvl(c.memo_book_shares, 0) +
nvl(b.non_company_sweep_balance, 0) +
nvl(a.cash_td_balance, 0) +
nvl(a.cash_sd_balance, 0) +
nvl(a.margin_td_balance, 0) +
nvl(a.margin_sd_balance, 0)
) as balance
from br_accounts a,
(select account_number,
sum(sweep_td_balance) non_company_sweep_balance
from br_sweep_accounts
group by account_number) b,
stars_accounts c,
br_member_accounts d,
br_office_codes e,
company_registration_types f
where a.account_number = b.account_number (+)
and a.account_number = d.account_number
and a.sweep_fund_number = c.fund_number (+)
and a.sweep_account_number = c.account_number (+)
and a.registration_type = f.registration_type (+)
and a.office_code = e.office_code
and a.open_flag='N'
and d.relationship_code in ('PRI','RET','TTE')is
and e.managed_product_ind != 'Y'
and (
nvl(c.book_shares, 0) +
nvl(c.memo_book_shares, 0) +
nvl(b.non_company_sweep_balance, 0) +
nvl(a.cash_td_balance, 0) +
nvl(a.cash_sd_balance, 0) +
nvl(a.margin_td_balance, 0) +
nvl(a.margin_sd_balance, 0)
) != 0;
The query used is redundant for the most part and is shown below
select distinct d.member_number,
a.account_number,
a.registration_type,
f.registration_desc,
a.office_code,
a.open_flag,
a.date_opened,
a.state,
a.restriction_code,
a.restriction_date,
nvl(c.book_shares, 0) +
nvl(c.memo_book_shares, 0) +
nvl(b.non_company_sweep_balance, 0) +
nvl(a.cash_td_balance, 0) +
nvl(a.cash_sd_balance, 0) +
nvl(a.margin_td_balance, 0) +
nvl(a.margin_sd_balance, 0)
) as balance
from br_accounts a,
(select account_number,
sum(sweep_td_balance) non_company_sweep_balance
from br_sweep_accounts
group by account_number) b,
stars_accounts c,
br_member_accounts d,
br_office_codes e,
company_registration_types f
where a.account_number = b.account_number (+)
and a.account_number = d.account_number
and a.sweep_fund_number = c.fund_number (+)
and a.sweep_account_number = c.account_number (+)
and a.registration_type = f.registration_type (+)
and a.office_code = e.office_code
and d.relationship_code in ('PRI','RET','TTE')is
and e.managed_product_ind != 'Y'
Is there a more efficient way other than using 2 separate cursors?
I don't want to use the redundant portion as a single cursor since it affects the performance.
Edited by: user9285722 on Apr 1, 2011 4:43 PMHi,
Why dont you just use the 1st cursor and along with what you do with the first cursor, if balance!=0 then do what you do with second cursor.
I dont know how you do in pro*c, but here is the algorithm.
open cur_open_act;
loop
-- Do your operations that you do with cursor1.
---Now along with that
IF cur_open_act.balance != 0 then
----- Do your operations that you do with cursor2.
END IF;
end loop;G. -
Fine tuning the database query
To analyse the load of a particular object. we do use 'performance analysis' in ABAP. But let us suppose we've come to know that more load is on the database. i.e. suppose 80% on database, 20% on Application server. what could be the possible steps that u wud perform on the query so that the load gets decreased. we don't have a chance to transform the load from database to application server (such as using internal tables and hence reducing the load). we should do something on the database side. so what can we do. any solution would be highly appreciated.
thanks in advance for the solution.Hi,
You should use ST05 and then Switch TRACE ON for SQL.
Then do your query again.
After you have run your query, you switch the trace OFF and then you display the trace.
When displaying the trace you can see which SQL queries that have been made and how long time they have taken (left most column).
If the time is RED that indicates a bad query.
Anyway. Doubleclick on the query to find out how the query is made.
And analyse the table(s) that are used and whether or not an INDEX is used.
If no index is used you can ADD an index to the database table(s) in transaction SE10. Or directly in the database if you have that possibilty.
ST05,
Trace on,
Run query,
Trace off,
Display trace,
Analyze trace.
Good luck!
BR Mattias -
Collecting logs from Cisco Prime Infrastructure
Hi ,
I am currently working in integrating Cisco Prime Infrastruture with the siem tool Qradar.
Can any one help me out in below issues:
1)How and where is the log stored in Cisco Prime.?
2)Does the logs contains the logs of the devices that Cisco Prime manages?
3)Is there any way to sent out the logs from Cisco Prime to a third party device.?Hi,
1)How and where is the log stored in Cisco Prime.?
/opt/CSCOlumnos/logs
2)Does the logs contains the logs of the devices that Cisco Prime manages?
AFAIK,
In the prime infrastructure Syslogs are directly read from udp port 514 and then filtered
, the non SEV1 and SEV2 syslogs will be dropped and will not be entered into db . The
syslog messages will not be saved into log files .
Till now PI support only SEV 0,1 and 2 syslog.
3)Is there any way to sent out the logs from Cisco Prime to a third party device.?
unfortunately , this feature is not there in PI so far.
Thanks-
Afroz
***Ratings Encourages Contributors **** -
Syslog server for Monitoring Cisco devices
I am looking for Syslog server to log all logs from Cisco devices. We have more than 800 cisco devices. Can anyone tell me what syslog server should i use to log these files.
Thank you.Has anyone used the Cisco recommendation of Buliding Scalable Syslog Solutions?
http://www.cisco.com/en/US/technologies/collateral/tk869/tk769/white_paper_c11-557812.html#wp9000318
I used this in another organaztion and we were very successful, we currenlty use Netcool that feeds from a syslog and we get several non-actionable alarms and it's very time consuming for 13,000 devices. I would only like to alert on 0-5 Cisco Syslog messages. Below is the response from my Netcool Administrator (What are your thoughts?):
From my Netcool Administrator:
Regarding, using the Cisco syslog severity for alert control, I feel that is not the best way to control the work in Netcool.
1. -- Cisco is not consistent with the use of this value.
Examples:
In this case the important message is the lower severity alert: I would consider the BGP-3-NOTIFICATION of a 6 level of Informational
Aug 4 03:10:01 rtgara02r01m04-lb0.us.bank-dns.com 001458: Aug 4 03:10:01: %BGP-5-ADJCHANGE: neighbor 10.93.69.106 Down BGP Notification sent
Aug 4 03:10:02 rtgara02r01m04-lb0.us.bank-dns.com 001459: Aug 4 03:10:01: %BGP-3-NOTIFICATION: sent to neighbor 10.93.69.106 4/0 (hold time expired) 0 bytes
This one is near the top level of serverity per Cisco but not all that severe in reality, further this syslog has a bug where the threshold is not even exceeded
%ENVMON-1-CPU_WARNING_OVERTEMP: Critical Warning: CPU temperature 107C exceeds threshold 110C. Please resolve system cooling immediately to prevent system damage
This one is reporting a standard condition:
%ILPOWER-5-POWER_GRANTED: Interface Fa0/24: Power granted
Here is an example of a 1 where the voice group says that nothing is wrong:
Aug 4 13:08:42 rtgcaa75u01-01.sw.us.bank-dns.com 047489: Aug 4 11:08:41: %IVR-1-APP_PARALLEL_INVALID_LIST: Call terminated. Huntgroup \'1\' does not contain enough valid SIP end-points to proceed with a parallel call. -
I wonder what is included in the log files?
My application generates 1G log files per day. when I use logmnr to
analyze the log files, I find that 2000 rows which is performed by my
application user is in the v$logmnr_contents view. And 55000 rows
which is performed by the Oracle sys user. In these 5000 rows I can
see SQL statements( Redo, Undo), and 50000 rows I can't see SQL
statements which is identified by "unsupport statemet" or null.
I wonder if my application generates 2000 rows, why oracle generates
25 times than it. Can I tuning the log file that log file can be
minimized.
With best regard!Your problem may be related to the '''BLNGBAR''' shown at the end of your User Agent String. This answer from '''SafeBrowser''' may help -
http://support.mozilla.org/en-US/questions/900875 -
Few Methods of fine tuning query
I want to know few methods of fine tuning the query
http://download-west.oracle.com/docs/cd/B10501_01/server.920/a96533/toc.htm
-
How to fine tune the performnce of Adobe - WebDynpro Java
Hi Experts,
Upon deploying an Adobe - WebDynpr Java application on my local NWDW machine having 2 GB RAM, it takes around 10 minutes by watch before the PDF form appears on the screen with the populated data.
This is really depressing as the client will surely not accept this.
Any tips on fine tuning the performance of Adobe online applications?
Regards,
Shobhithi,
when the J2EE engine is running...
goto task manager....
see performance.
if the memory usage is more than the memory you have installed,
that means you are using virtual memory...(ie. hard disk as RAM)
try shutting down any excess processes which you are not using.
(CAUTION: shut down only those processes which you know)
Summary is:-
check if you are on virtual memory.
because if you are using virtual memory....
you are falling short of RAM.
our server also has 2 GB RAM, but it works fine(including Interactive forms)
regards,
-ag
Maybe you are looking for
-
Download appears corrupt (Error Code: U43M1D207)
I have been trying for some time to download these updates via the application manager (yes, I have updated to the very latest version), but continue to receive these errors. Photoshop Camera Raw 8.1(CS6) There was an error downloading this update. P
-
Safari Top Page on Yahoo Game Log Refresh
This may happen at other sites, but Firefox does not do this. When I have a gamelog open and refreshed automatically every 30 seconds, Safari refreshes, but resets to the top of the page. The updated content is at the bottom. Firefox refreshes, but s
-
Videos on Tenplay keep stopping and starting with wi-fi. Is there a fix??
Videos/episodes on Tenplay keep stopping and starting with wi-fi. Is there a fix??
-
Bug 3752644 in OC4J 9.0.4 standalone and not in iAS version
Hi, While developing an (ADF) application I ran into bug 3752644, which can be viewed in metalink (ArrayOutOfIndex when using j2ee security facility). But what is not clear to me is if this bug only appears in the standalone version of OC4J or also i
-
necesito pasar una imagen pdf a curvas, aver si me podeis ayudar. gracias un saludo