Firewall Module with HSRP switches

Similar Messages

• Firewall Module with Confiugured HSRP switches

  Hello ,
  We have implemented HSRP configuration between the core switches for 20 VLANs, as the following:
  HSRP Configuration for switch 1;
  Interface Vlan4
  Description “VLAN Description”
  Ip address 192.168.8.2 255.255.255.0
  Standby 5 ip 192.168.8.1
  Standby 5 timer 5 15
  Standby 5 preempt
  HSRP Configuration for switch 2;
  Interface Vlan4
  Description “VLAN Description”
  Ip address 192.168.8.3 255.255.255.0
  Standby 5 ip 192.168.8.1
  Standby 5 timer 5 15
  Standby 5 priority 50
  Standby 5 preempt
  Now, Only on the active core switch we have inserted a firewall Module to protect VLANs communication to each other while we dont have firewall on the standby switch. Im planning to implement firewall only on one switch if the VLAN fail the traffic will be diverted on the second switch without firewalling.
  Would you please assist me on Firewall configuration when i have HSRP running as per my config.
  Regards,

  HSRP provides two servicesIP redundancy and a Virtual IP (VIP) address. Each HSRP group may provide either or both of these services. Cisco IOS firewall stateful failover uses the IP redundancy services from only one HSRP standby group. It can use the VIP address from one or more HSRP groups. Use the following task to configure HSRP on the outside and inside interfaces of the router.
  http://cisco.com/en/US/products/ps6441/products_feature_guide09186a00806106ea.html#wp1149287

• Firewall module

  dear
  we are having firewall module in datacenter switch which is not in production i have a task to configure now there are total 80 server which are in difftrent zone
  so plz help me how to connfigure using multi context & any documentation to refer and configure
  thanks

  Managing Security Contexts
  http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/configuration/guide/contxt_f.html
  Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide, 3.1
  http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/configuration/guide/fwsm_cfg.html
  Regards,
  Arul

• Dual Cat6k with Firewall module scenario

  Hi All,
  Does anyone have design guides for Core Cat6k L2/L3 network with Firewall modules in two different chassis ?
  Thanks,
  Praful

  Try:
  http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a008048e64c.html
  http://www.cisco.com/en/US/products/hw/switches/ps708/products_installation_and_configuration_guide_chapter09186a00801c589c.html

• Powering APs from a 2911 with PoE switch module

  Good Morning everyone!
  I am hoping someone can shed some light on an issue I am having at a client site. 
  Client has purchased a 2911 ISR and an 8 port switch module with PoE card with the intention of running 4 2602i access points being managed by a 2504 WLC on the same switch card. 
  Problem we have is that the APs come up but do not power up radios or cleanair. If I plug an AP into switch port 0/0 it comes up and works fine but not on any of the other ports. We saw this on a separate router, (they are doing the same setup to two sites), yesterday. That's why I was called in, as they could only get one AP working at a time. 
  I believed this was a faulty poe card as it looks as though the APs are just not getting enough power and are placing the radios into RESET mode. Moved to the other ISR and everything worked fine, left it running overnight came in and all was fine and dandy. 
  As the other router had only a basic config on we did the config which involved some ACLs and a few port configurations but nothing on the switch card and nothing pertaining to power. I am a wireless guy, not a router specialist so am a bit stymied. Sometime later we noticed that all of the APs had all radios in RESET state. 
  Next I wiped the config on the ISR and rebooted everything and everything came up fine so points towards not a hardware issue but configuration. 
  Where should I be looking? 
  I can't paste a full running config due to client constraints but if someone could point me in the direction I can clean parts of the config for sharing... 

  I believed this was a faulty poe card as it looks as though the APs are just not getting enough power and are placing the radios into RESET mode.
  I haven't played with those modules for a long time, but what do you get when you run the command "sh power inline"?
  2600 APs require a minimum of 15.4w PoE but the recommended is 20.0w PoE.  

• Has anyone deployed converged access with 3850 switches and 5760 WLCs?

  Has anyone deployed a converged access network architecture with 3850 switches and 5760 WLCs? I have done lots of projects with the 5508 WLCs In a centralized deployment. Basically with this design, I manage 2 logical networks as the wireless network is an overlay over the wired network. I can design firewall to segregate traffic between the wired and wireless hence I can carry both staff and guest traffic.
  Now Cisco is telling us that there is new design such that the dats plane traffic can be dropped locally through the 3850 switched. I am not sold on this and have not found any recommended best practices on when should we use a converged access architecture.
  Pros
  With converged access, data traffic is terminated at the MA which is on the switches, hence the WLC will not be a bottleneck? This is to prepare adoption for 802.11ac?
  Less hops for voice calls from user A to user B as data control traffic is dropped locally.
  Cons
  Now how do I segregate guest and staff traffic if my security folks say I need a firewall?
  Troubleshooting wireless client mobility will be a nightmare as the 3850 switches are MA.
  Pushing and upgrading code for the Code will mean upgrading the stack of switches in the LAN riser. This will be painful in a huge campus environment like an university.
  Can someone convince me why would a customer choose converged access?
  Sent from Cisco Technical Support iPad App

  They choose CA because of the capwap termination at the switch. You can still use a 5508 and tunnel guest to a DMZ segment if you wish. You will need a 5508 though is you want to tunnel traffic to an anchor WLC.
  Sent from Cisco Technical Support iPhone App

• Cisco ISE Vs Cisco Anyconnect Posture module with Advanced Endpoint Protection

  We are planning to use cisco Anyconnect posture module with Adv Endpoint protection to examine the VPN users- This can check whether they a antivirus/anti spyware software installed on their work station and can force to update def file if its older than specified number of days, it can also check the firewall status on their workstation and enable if its not already.This can detect keylogger and emulation softwares also.
  Do we get any additional advantages in using ISE compared to Anyconnect posture module ......
  Siddhartha       

  These are good questions. We had them last year before we decided to purchase ISE, specifically for our VPN users.
  I will be watching this thread to see what kind of responses you get.
  As of right now, I can verify the ISE can indeed check if specific Anti-Virus is installed (i.e., your corporate AntiVirus), or if ANY (supported by Cisco within ISE) antivirus is installed, and it can force an update process for the AV if it detects that the DAT files are older than a admin specified amount of time.
  Our issue at the moment (if you haven't searched the forums) is ISE detected the proper WSUS updates are indeed installed on the users systems and allowing the users system to talk to our internal WSUS server.
  We are now wondering if the Advanced Endpoint licensing on the ASA would have been a better way to go.
  Wishing you luck in finding your answers for us all.
  Dirk

• Does CISCO C3560X VLAN support multiple Network segments which are further configured with HSRP function

  Hi Cisco experts,
      My name is Kumagai and I need your expert opinions below.
  I am trying to configure one VLAN1 support multiple network segments as below.
  (this should be a very straight forward configuration and should be OK, I think ? )
   interface Vlan1
   ip address 172.30.0.0 255.255.128.0
   ip address 172.30.31.253 255.255.254.0 secondary
   ip address 172.30.61.253 255.255.254.0 secondary
   ip address 172.30.71.253 255.255.254.0 secondary
   ip address 172.30.4.253 255.255.255.0 secondary
   The only issue that is eating me is the above network segments are using HSRP too
   and I am not sure is this possible with a combination of VLAN1 supporting multiples which are
   further supported with HSRP settings in Cisco environment.
  !example of HSRP:
  interface Vlan4
   ip address 172.30.4.253 255.255.255.0
   no ip redirects
   standby 4 ip 172.30.4.254
   standby 4 priority 105
   standby 4 preempt
  <<< what will happen if I add the HSRP configuration as below into the above VLAN1 with multiple Network segment ??)
   I would like to summarize my "Combined" configurations as below but I need your expert opinions on
   whether the configuration below is workable without any problem ??
   Or it is a total flop because Cisco does not support the configuration below !!!
   interface Vlan1
   ip address 172.30.0.0 255.255.128.0
   ip address 172.30.31.253 255.255.254.0 secondary
   ip address 172.30.61.253 255.255.254.0 secondary
   ip address 172.30.71.253 255.255.254.0 secondary
   ip address 172.30.4.253 255.255.255.0  secondary
   standby 30 ip 172.30.31.254
   standby 30 priority 105
   standby 30 preempt
   standby 60 ip 172.30.61.254
   standby 60 priority 105
   standby 60 preempt
   standby 70 ip 172.30.71.254
   standby 70 priority 105
   standby 70 preempt
   standby  4 ip 172.30.4.254
   standby  4 priority 105
   standby  4 preempt
  Thanking you in advance !!!!!

  Hi,
  As far as i know we dont set the ip helper address on the radio interface. It should be on the L3 interface of corresposding VLANs i.e.
  int vlan 20
  ip helper-address 192.168.33.xxx
  int vlan 60
  ip helper-address 130.20.1.xxx
  I'm assuming that your using SVI's (int Vlan 20 and int Vlan 60) rahter than physical interfaces. Also hope you have configured switch port as trunk where this AP is connected.
  Modify the AP config as below since you are using data vlan as the native vlan
  interface Dot11Radio0.20
  encapsulation dot1Q 20 native
  interface FastEthernet0.20
  encapsulation dot1Q 20 native
  Ideally your AP fastethernet configuration should looks like below and not sure how you missed this as this comes by default when you have multiple vlans for multiple ssids.
  interface FastEthernet0.20
  encapsulation dot1Q 20 native
  no ip route-cache
  bridge-group 20
  no bridge-group 20 source-learning
  bridge-group 20 spanning-disabled
  interface FastEthernet0.60
  encapsulation dot1Q 60
  no ip route-cache
  bridge-group 60
  no bridge-group 60 source-learning
  bridge-group 60 spanning-disabled
  Hope this helps.
  Regards
  Najaf

• Ciscoworks Firewall Module Support

  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-parent:"";
  mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
  mso-para-margin-top:0cm;
  mso-para-margin-right:0cm;
  mso-para-margin-bottom:10.0pt;
  mso-para-margin-left:0cm;
  line-height:115%;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;
  mso-bidi-font-family:"Times New Roman";
  mso-bidi-theme-font:minor-bidi;
  mso-fareast-language:EN-US;}
  We are using Firewall Modules in our Cat6500(s) (WS-SVC-FWM with FWSM 4.0(4)) to provide centralized firewall services to our users. I have been asked if there is any support for these blades in Ciscoworks. I don’t think these types of blade services have been integrated into Ciscoworks yet. We have the same issue with our wireless blades (WiSM)
  I’m mostly interested on the ability to backup context configurations from the Firewall blades.
  LMS 3.2 with RME 4.3.1 among others.
  Thanks for any information.
  Jorge A Jiles

  The answer is yes, RME 4.3.1 support configuration management with the WS-SVC-FWM
  Please refer to this link for a complete list of supported devices and modules.
  http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/3.2/device_support/table/lms32sdt.html
  However, there is a enhancement bug opened as well that I think you will be interested in based on
  the ability to backup context configurations from the Firewall blades.
  http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsl65838
  CSCsl65838            Bug Details
  Multicontext Firewalls should have ALL contexts archived from admin
  Symptom:For firewalls that support multiple  contexts, RME does not archive all the context configs if just the admin  context IP is in the seedfile.
  Conditions:Firewalls that support multiple contexts.
  Workaround:Manage each context configuration as an individual, separate device in RME.
  Further Problem Description:This  capability should be added to RME so that the customer is not required  to have IP reachability to each context and individually put that  context into RME.All the contexts can be accessed from the Admin  context by changeto context system.  Then either fetch the configs from  the file system (dir) or changeto each context and get its config.

• Intervlan Routing with 6500 switch

  I am designing an upgrade to our current network that will contain a 6500 switch and i wanted to setup vlans with the switch. I know that this switch has the ability to perform routing on its own so i do not need an external router to route between the vlans but if that is the case what default gateway do i give each vlan? Do i give the vlan ip address as the default gateway for the end devices or do i use an IP address in the switch somehow as the default gateway?
  Thanks.
  Pete

  Hi,
  Think of the MSFC as a router with many different interfaces. Your router itself would only have one default gateway for all those interfaces. For the clients, they will sit in each VLAN that you create. The clients default gateway will be the VLAN IP address (or HSRP address) on the 6500 that they sit. So, if you create vlan100 and put an IP address of 10.10.10.1 on the vlan100 interface..the 10.10.10.1 address would be the gateway for the clients in vlan 100. If you create a vlan200 and put an IP address of 10.11.11.1 on that interface..all the clients that are in vlan200 would have the gateway address of 10.11.11.1.
  Hope that helps.

• Handshaking DMM with multiple Switch devices - DAQmx error

  Hi.
  I'm trying to create a handshaking loop with DMM (PXI-4071), SWITCH (PXI-2569) and MUX (PXI-2575). All three instruments are in segment 2 of PXI-1045 chassis (slots 8, 9 and 10) and I am using PXI trigger lanes to route triggers.
  I followed the NI article 'Multi-module Scanning with National Instruments Switches' - I modified the NI SWITCH example 'niSwitchDMMSwitchHandshaking' to configure the other SWITCH but when I tried to run the example, I got an error:
  0xbffa6b9a - No registered lines could be found between the device in the route. (pop-up screenshot is in the attachment). It is the niSwitch_InitiateScan function for the second Switch that returned the error.
  Changing PIX trigger lanes has no effect.
  I tried both CVI and LabVIEW examples with the same result.
  I even tried to use two 2575 MUXes - same result.
  Can anybody tell me what am I doing wrong?
  Solved!
  Go to Solution.
  Attachments:
  errror1.JPG ‏26 KB

  Hi Pavel,
  For the purposes of this post, I'll define
  the measurement complete signal (sent by the DMM to the switch modules
  after each measurement) as 'MC' and place it on TTL0.
  For the
  purposes of this post, I'll define the scan advanced signal (sent by the
  switch module(s) to the DMM once the relays have settled) as 'SA' and place
  it on TTL1.
  You mentioned you're using NI-Switch, which is NI's IVI
  compliant switch API.  Since the IVI Foundation regulates the behavior
  of IVI compliant software, we must adhere to their rules when
  implementing our API.   Unfortunately, the IVI switch standard doesn't
  provide a method to control arbiting of triggers between multiple switch modules
  simultaneously. 
  Let's
  look at what happens when we setup a system with multiple switch
  modules handshaking with a single DMM.  The DMM is going to take a
  measurement and then send MC on TTL0. Meanwhile, each switch is listening to TTL0,
  waiting for the MC pulse.  When the MC pulse is received, each switch sets
  the relays according to its next scan list entry, waits for debounce,
  and then sends SA on TTL1.  The problem we run into here is that depending on the switch module, number of relays connected simultaneously, jitter, etc, it's possible that one module will send the SA trigger on TTL1 before the other.  Since the IVI spec doesn't provide any way to implement a 'master' switch or an arbitor, it's impossible to implement a system such that only the last switch that settles sends a trigger.  Therefore, what happens is we get a whole bunch of switch modules sending triggers at slightly different times onto TTL1.  If one switch is driving TTL1 high while the others are driving TTL1 lo, it's remotely possible that we could damage the TTL circuitry on the PXI backplane.
  To date, NI hasn't seen any failures due to simultaneously driving the TTL lines high and low at the same time with NI switch hardware, but it is theoretically possible that damage could occur.  For this reason, NI implemented a change in DAQmx
  9.0.0, 9.0.1, and
  9.0.2 that prevents a user from setting up handshaking with multiple switch modules while using NI-Switch.  What does DAQmx have to do with this, you might ask?  A component installed with DAQmx is responsible for verifying the triggers are valid.
  Customers with existing NI-Switch multi-module handshaking applications will find that upon upgrading to any of the above three versions of DAQmx, the error you observed will occur.  We've evaluated this customer feedback and have decided to revert to the previous functionality in a yet-to-be released version of DAQmx.  Please note that NI does not advise driving the same TTL line with multiple sources due to the chance that we'll double-drive the line. Therefore, it goes with out saying that NI does not advise using NI-Switch in multi-module handshaking applications.  We do, however, still recommend NI-Switch for Syncrhonous triggering because the switches never send triggers (in synchronous mode, the DMM just waits a predefined amount of time before switching).
  Note that if you use the DAQmx Switch API, we're no longer bound to the IVI spec, which means we have an arbitor that ensures only one switch module drives the SA trigger on TTL1.  NI highly recommends that customers evaluate using the DAQmx switching API for multi-switch handshaking applications. An example DAQmx handshaking application for the DAQmx Switch API is located in Example Finder»Hardware Input and Output»DAQmx»Switches»Switch Scanning with DMM - Handshaking.vi. 
  Note that in DAQmx, we'll only have one scan list, regardless of the number of switches we have.  Note that the syntax in DAQmx scanning is different than NI-Switch.  I'll defer a detailed explanation of the differences to the DAQmx and NI-Switch Help (search for 'scan list'), but in short, we'll need to include the DAQmx Device name prior to each connection.  For example, in NI-Switch, if we want to connect CH1 to Com1:
  CH1->Com1;
  In DAQmx, we'll need to include the Device name:
  Dev1\CH1->Com1;
  Note that to add additional switch modules in the DAQmx API,  we simply
  call the Set Topology and Reset VI multiple times:
  DAQmx keeps the
  session loaded in memory and as I noted above; we define which switch
  does the action as part of the scan list entry. 
  If you'd still like to use NI-Switch, you could roll back to DAQmx 8.9.5 or previous, or if you want to stick with 9.0.x, I highly recommend that we daisy chain the triggers as follows:
  DMM Measurement Complete to Advance Trigger on Switch1 via TTL0
  Scan Advance from Switch1 to Advance Trigger on Switch2 via TTL1
  Scan Advance from Switch2 to Trigger Source on DMM via TTL2
  Note that we'll need an additional TTL line for each switch module.  Also note that some switch modules allow front panel triggers, which reduces the number of TTL lines we'll need on the backplane, but which requires external wiring between switch modules.
  Message Edited by Knights Who Say NI on 06-11-2010 05:25 PM
  Message Edited by Knights Who Say NI on 06-11-2010 05:30 PM
  Message Edited by Knights Who Say NI on 06-11-2010 05:30 PM
  Message Edited by Knights Who Say NI on 06-11-2010 05:31 PM
  -John Sullivan
  Analog Engineer

• Cisco ACE Module with Bluecoat Cache Proxy, Transparent and spoofing client IP

  Hello Dears,
  I'm trying to implement Cache loadbalancing through Cisco ACE Module.
  I have 2 Bluecoat cache proxies, when i do configure transparent proxy without spoofing client IP, everything work properly, but when I enable spoofing client IP (reflect client IP address), clients are not able to access internet, although they are going to cache servers, I can see their sessions.
  I'm afraid that I have a problem in the returned traffic PBR.
  can anyone help please.
  Thanks

  Hi Ibrahim
  I ahve reviewed the config. The ACE config is all god but I do see some issue with the switch side. If you are doing ip spoofing, then "match ip address" in pbr should be the client ip address. However, what you did is ip address between the ACE and MSFC. Try to configure the test client ip address into the below access-list.
  msfc---vlan 265---ACE--vlan 264----CE farm
  interface vlan 265
    description Interface_With_MSFC_SUBS_2_INTERNET
    ip address 168.168.1.52 255.255.255.248
    access-group input PERMIT_ALL
    service-policy input L3L4_PM
    no shutdown
  ip route 0.0.0.0 0.0.0.0 168.168.1.50
  ip access-list extended HSDPA_2_CACHE
  permit tcp 168.168.0.0 0.0.255.255 any eq www   <<<-- wrong
  ip access-list extended Internet_2_CACHE
  permit tcp any eq www 168.168.0.0 0.0.255.255   <<<---wrong
  interface Vlan 265
  description Interface_With_ACE
  ip address 168.168.1.50 255.255.255.248
  route-map INTERNET_2_HSDPA permit 10
  description "PBR for Response HTTP Traffic"
  match ip address Internet_2_CACHE
  set ip next-hop 168.168.1.52
  route-map HSDPA_2_INTERNET permit 10
  match ip address HSDPA_2_CACHE
  set ip next-hop 168.168.1.52
  regards
  Andrew

• Experincing issues with 2960X switch

  Hi there.
  We are experincing issues with 2960X switch losing the ability to recognise the modules that are inserted in SFP ports.
  Initially, the modules are recognised, usable and will happily participate in cross-stack etherchannels. However, after a period of time -  and this ranges from a couple of hours to a few days, the links go down on the 2960X-side but are still registered as up on at the other end of the etherchannel.
  2960X stack  1      Po1(SD)         LACP      Gi3/0/49(D) Gi3/0/51(D)
  3750G stack  2      Po2(SD)         LACP      Gi1/0/23(I) Gi2/0/22(I)
  When the link fails, the member switch loses the ability to identify modules inserted - it knows they are there, but it cannot identify them. Having a look at the controller for one of them and it's having trouble,see below:-
  sh controllers ethernet-controller gi3/0/49 phy detail
  GigabitEthernet3/0/49 (gpn: 457, port-number: 49)
  hulc_sfp_iic_intf_read_eeprom sfp _index 0 yeti_iic_read_retry fail
  hulc_sfp_iic_intf_read_eeprom sfp _index 0 yeti_iic_read_retry fail
  hulc_sfp_iic_intf_read_eeprom sfp _index 0 yeti_iic_read_retry fail
  A 'sh int' gives:-
  Auto-duplex, Auto-speed, link type is auto, media type is unknown.
  Reboot the stack or just the member and everything resets and works again - for a period of time. I've swapped from compatible to Cisco-brand modules inbetween restarts and it doesn't prevent the issue reoccuring.
  The slots all fail at the same time and once they're in the error state, that switch has to be restarted before it will recongnise anything inserted in any slot.
  I have this issue on two seperate stacks in two different sites. We're running 15.0(2)EX4.
  Has anyone seen anything like this? Particularly interested in this which I've seen using the sh controllers cmd and on the console once after a reboot. hulc_sfp_iic_intf_read_eeprom sfp _index 0 yeti_iic_read_retry fail
  Any thoughts would be greatly appreciated.
  Aid

  Hi Team
  We happen case GLC-T with Catalyst 2960 Hang , It can't work 
  We was reload switch but same ( GLC-T with Catalyst 2960 Hang)
  and use command bellow  
  Switch97#
  Switch97#
  Switch97#sh int gi 1/0/26 transceiver 5 transceiver de
  Switch97#sh int gi 1/0/25 transceiver detail 
  hulc_sfp_iic_intf_read_eeprom sfp _index 0 yeti_iic_read_retry fail
  hulc_sfp_iic_intf_read_eeprom sfp _index 0 yeti_iic_read_retry fail
  hulc_sfp_iic_intf_read_eeprom sfp _index 0 yeti_iic_read_retry failDiagnostic Monitoring is not implemented.
  Switch97#
  Switch97#
  Switch97#sh int gi 1/0/25 transceiver detail 6 transceiver        de
  Switch97#sh int gi 1/0/26 transceiver detail 
  hulc_sfp_iic_intf_read_eeprom sfp _index 1 yeti_iic_read_retry fail
  hulc_sfp_iic_intf_read_eeprom sfp _index 1 yeti_iic_read_retry fail
  hulc_sfp_iic_intf_read_eeprom sfp _index 1 yeti_iic_read_retry failDiagnostic Monitoring is not implemented.
  We try IOS Software EX3, EX4, EX5 and 15-2.2 but can't problem 
  Please suggest case to me

• How to check for a function module with its description and functionality

  Hi all,
  How to check for a function module,with its description and its functionality,in detail how can I know the purpose of a particular function module,how to search for a function module which suits my requirement .

  Hi,
  You can search a FM of your requirement by putting in the Key words and searching for a FM. Like * KEYWORD * and then pressing F4.
  Say for example you need to search something regarding converstion.
  Search for * CONVERT * and press F4.
  If there is something specfic like converting date to something you can give
  DATE * CONVERT *
  OR
  CONVERT * DATE *  and press F4.
  Once you narrow down your search you will have a Function module documentation inside the Function module. Please note that all the FMs willl not have documentation.
  Regards,
  Pramod

• How to create a custom function module with the records in SAP R/3?

  Hi All,
  How to create a custom function module with the records in SAP R/3? Using RFC Adapter I have to fetch the custom function module records.
  Regards
  Sara

  Hi
  goto se37...here u need to create a function group... then u need to create a function module. inside assign import/export parameters. assign tables/exceptions. activate the same. now write ur code within the function module
  http://help.sap.com/saphelp_nw04/helpdata/en/9f/db98fc35c111d1829f0000e829fbfe/content.htm
  Look at the below SAP HELP links, These links will show you the way to create a Function Module
  http://help.sap.com/saphelp_nw04/helpdata/en/26/64f623fa8911d386e70000e82011b8/content.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/9f/db98fc35c111d1829f0000e829fbfe/content.htm