Fundamental ACL & Service Policy related questions

Hi All,
apologies in advance for seemingly stupid questions but I was forced to ask them as I have ALWAYS had great difficulty in using debug on Cisco platforms. Nothing ever shows up when I set up debug despite configuring "logging console" and setting the level to 7 etc. I have no clue why that is and if it's because all debugging messages go to the debug log instead of being prnted on the console, or what it is...I just don't get it. When I'm saying logging console...please print it on the console! Anyway, that rant aside...
I have a VERY simple topology like so
                                                                                    A few servers in this VLAN
ISP <---> 3560G (Physical Routed Port) <--> SVI (VLAN)
                                                                                    ASA5520 <--> Internal VLAN
With regards to ACLs and their direction, when an ACL is applied to a physical port (or in cases where QoS is enabled and a service-policy) is applied to either a routed physical port on the 3560, saying that the policy is applied in the "in" direction (or 'input' in case of service-policy) does that mean 'inbound' in either direction? As in IF that routed port is my direct connection to the ISP, and I set up "ip access-group myacl in" (or service-policy input myPolicymap) ...will that be applicable if the traffic enters that port from the ISP side OR from the internal network side, or "IN" for it is always JUST the ISP side because it's assuming that all traffic generated from inside the network going out to the Internet is implcitly allowed UNLESS an ACL somewhere in the network restricts that?
then, in case of an SVI...I believe just like the physical routed port, I can ONLY implement an "Inbound" ACL on this as well. So when I implement either a Heirarchical policy-map or just an access-group "in", then what is "IN" ...traffic entering this VLAN from the internal network and those public servers going out to the Internet AND Traffic entering this VLAN from the ISP/Internet via the physical routed Port OR is it JUST the latter, or is it just the former?
Now Lastly, when I have the physical ports to which the ASA and each of those physical servers are connected to sitting on the public VLAN, if I apply port-based ACLs or service-policies to them, then again, what direction is the "IN" ACL applied? Both? i.e. traffic coming into it from the public servers and the Internal network through the ASA, and the Internet OR just the traffic coming into it from the Internet, but the traffic going out from the servers to the Internet is not subjected to this ACL or service-policy
Again, very sorry for a dumb question but I'm seeing bizzare things in my network so was just wondering before I decide on what kind of security I want to plan/design
Thanks in advance

The mystical difference between debug output going to the console versus showing up in syslog is "logging debug-trace".  On goes to syslog, "no logging debug-trace" goes to console.  I've been bit by this one myself.
ACLs on physical ports have directionality like the cable plug: "in" is from the cable entering into the switch or firewall, "out" is leaving the device to run along the cable to somewhere else.  On Catalyst switches port ACLs are inbound (receiving packets) only.  Obviously, on directly connected devices, one devices out is the other devices in.
ACLs on SVI's depend on whether your are running a base image or services image; services images can do IPv4 and IPv6 in both directions.  However, port ACL's trump routed ACL's; if both exist, the port ACL is the only one applied.  I think if a directly connected port has no port ACL, no ACL is applied at all; routed ACL's on SVI's only apply to transitions between VLANs inside the switch, not to traffic entering physical ports.
-- Jim Leinweber, WI State Lab of Hygiene

Similar Messages

  • Service request related question

    I wasn't sure where to put this - so I guessed here...I filled out the service form because my battery won't stay charged on my nano...I received the empty box, but I never got the email of instructions on what to do. I put my nano in the box and sealed it - and removed the top copy of the label, but there are 4 boxes at the bottom of the return label and i'm not sure if I'm supposed to check on or now. They are labeled: CIP - Unopened Box - Defective - Something Else I can't remember right now. Can someone help me please???
    Nano   Windows XP  

    Hi Sunil,
    You can already make surveys mandatory and get an error message if it is not filled from customizing.
    Open the following customizing:
    CRM > Transactions > Settings for Service Requests > Questionnaires > Define Determination for Surveys in Service Requests
    In this customizing, have a new determination rule with the Item category as needed and check the Mandatory checkbox. You might need to scroll to see this checkbox. With this setting, you should get an error message if the questionnaire is not filled.
    Regards,
    Shiromani

  • Service policy direction

    I'm trying to get some input on the direction policy maps should be applied, inbound vs outbound. If I have a central site that is hosting resources that include web related apps, Citrix, and SQL, and want users at a remote end of a point 2 point connection or VPN tunnel to have QoS guarantees such as bandwidth reservation and cbwfq, should the policy be applied in the outbound direction of the serial interface on the remote router that makes the point 2 point connection, and the inbound direction of the central site router's serial interface that is the other end of that point 2 point?
    Or, from the remote site, should it be the outbound direction on the serial interface that classifies traffic such as http to certain urls, citrix, and sql servers, but on the central router's serial interface that marking would be using acls, having the source being the http, citrix, and sql servers and the remote clients being the destination?
    What?s the recommended method of implementing something like this in terms of the direction of the policy maps?
    Thank you
    Bill

    If the policy map is being used for classification marking (e.g. DSCP marking), the usual recommendation is mark as close to the source as possible, usually "IN" on an ingress edge interface.
    If the policy map is being used for congestion management, and since congestion usually is found on an egress interface, such policies are applied there.
    So, from end-to-end, you might have an inbound policy on the local LAN device's edge interface, and an outbound policy on the local WAN device's WAN interface. Same on the remote side's devices for return traffic.
    Since congestion is usually of primary concern on the WAN device, the inbound classification could be done inbound on that device's LAN interface, or even as part of the outbound policy.
    Sample IOS policies (NB: syntax is incorrect):
    wan router
    class map VoIP
    match protocol Voice
    class map mission-critical match-any
    match protocol citrix
    match protocol sql
    match protocol http
    class map real-time
    match dscp ef
    class map gold
    match dscp af31
    policy map classify
    class VoIP
    set dscp ef
    class mission-critical
    set dscp af31
    class class-default
    set dscp best-effort
    policy CBWFQ
    class real-time
    priority 50 percent
    class gold
    bandwidth remaining 80 percent
    interface ethernet
    service policy classify in
    interface serial
    service policy CBWFQ out

  • Removing FTP from Global service policy

    Hi Everyone,
    I removed FTP  from global service policy.
    I have no ACL that permits or deny FTP traffic.
    But my understanding was if we remove some inspect from global service policy it does not work.
    But i am still able to access FTP websites?
    Is this default behaviour with global policy?
    Regards
    MAhesh

    Hi Mahesh,
    I guess if it has an effect on your FTP connections depends on the type of FTP connection used, Active or Passive.
    To my understanding the "inspect ftp" mainly helps with the Active FTP where the Client first connects to the FTP server with Control port TCP/21 and then the server open the Data connection to the Client with the source Data port of TCP/20. So in this case the firewall has to first allow the FTP Control connection (TCP/21) from the Client to the Server. This is usually allowed by your normal ACL rules or if you are using "security-level" configurations only it should also be allowed like any other TCP traffic.
    Now when the Server starts to open the Data connection with a source port TCP/20 towards the destination port that the Client told the server over the Control connection we might then run into problems.
    So essentially the firewall will be seing an connection attempt coming from the "outside" with the source port TCP/20 and with a destination port TCP/xxxxx. Without "inspect ftp" to my understanding this should be blocked like any other TCP connection you have not allowed.
    So the "inspect ftp" configurations purpose is to dynamically allow the FTP Data connection through the firewall when this Data connection is being built from the "outside" to the "inside".
    The reason why your FTP connection keeps working even after removing the "inspect ftp" is probably because you are using Passive FTP. In Passive FTP and Client opens both Control and Data connection to the server so there usually isnt anything on the firewall blocking the Client from opening both of these connections. Also we dont need anything on the firewall telling about the Data connections ports because they are being opened from the "inside" of the firewall so the firewall doesnt have to allow any connection initiation from the "outside" like with Active FTP.
    Here is one site explaining the 2 FTP types:
    http://slacksite.com/other/ftp.html
    Here is the ASA Command Reference section explaining the use of "inspect ftp"
    http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/i2.html#wp1744171
    Here is also some more information related to it
    http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/inspect_basic.html#wp1234738
    - Jouni

  • Please post documentation-related questions or comments on the

    Please post documentation-related questions or comments on the Performance Management Applications {forum:id=1318} forum     
    http://forums.oracle.com/forums/forum.jspa?forumID=1318

    I just got a call today that I reached my 300GB limit for the month.  I called and got a pretty rude response from the security and data usage department.  The guy told me in so many words that if I do not like or agree with the policy that I should feel free to find another service provider.!!! I tried to explain that we watch Netflix and XFinity on-demand alot and I was told that that can not be anywhere close to the data usage. I checked my router and watching a "super HD, dolby 5.1" TV show on Netflix will average about 5-6 GB per hour (1.6MB/s) ... sp this means that I can only watch no more than 1-2 Super HD TV shows a day via Netflix before I run out of my data usage.    This seems a bit redicilous doesn't it? Maybe the TV ads about the higher speed than the competition should be accompanied with "as long as you don't use it too often"   Not a good experience ... 

  • EAP-TLS client security policy enforcement question using ISE

    Hi Experts ,
    I have remote site connected to HQ wireless controller and cisco ISE used as RADIUS server . I am using EAP-TLS authentication method where client will validate the server certificate and server will validate the client certificate.
    I am using EAP-TLS and machine authentication.
    In case of server certificate installation using internal PKI (Root CA ) server , I am quite clear that we can create certificate in ISE and can be signed by CA which will be used for EAP-TLS as well. however I am trying to under the client certificate installation.
    how does client gets certificate from CA. is there any mechanism used by AD to import the certificate automatically to all the clients ?
    and more important is , which certificate will be installed on client machines. Do we need to create certificate first from CA and save in repository and later can be installed same to client machines .... Sorry it could be microsoft AD related question however i am pretty sure that since we as a wireless techie , need to know even client side configuration.
    This is all about certificate installation . how about entire security policy which is used for EAP-TLS ?
    how will client wireless network adapter properties automatically configured with same SSID which is configured with EAP-TLS along with certificate validation ?
    I am not sure ... will it get pushed through AD ? how will it happen ?
    It would be really helpful if someone could put light on this ..

    Hello Vino,
    Some answers below :
    how does client gets certificate from CA. is there any mechanism used by AD to import the certificate automatically to all the clients ?
    You have templates in the certificate authority to user or machine certificate and you can apply these certificates to a group of machines or users using GPO in the Windows Server 2008.
    It can be automatically because the machine can get it using GPO from domain and after can authenticates using 802.1X using these certificates received from this policy.
    If you want a user certificate and get it manually you can access the CA too using the URL https://X.X.X.X/certsrv and request manually the user certificate using your domain credentials and install manually to authenticate using EAP-TLS with this user certificate.
    In the Cisco ISE Side it needs to have a local certificate from the same client CA or from another CA and the Cisco ISE needs to trust in the clients CA Issuer to accept the client certificate and allow this one to access the network.
    In the client side the same happens, the client needs to trust in the Issuer CA for the Cisco ISE certificate to validate ISE certificate and get access to the network.
    and more important is , which certificate will be installed on client machines. Do we need to create certificate first from CA and save in repository and later can be installed same to client machines .... Sorry it could be microsoft AD related question however i am pretty sure that since we as a wireless techie , need to know even client side configuration.
    If you have a Windows Server with GPO and a CA configured you can use some templates to apply automatically a machine certificate or user certificate to a group of machines or user, in the case of machines it can be get from the domain using GPO and in the case of user certificate it can be get manually or using GPO too.
    This is all about certificate installation . how about entire security policy which is used for EAP-TLS ?
    The EAP-TLS is the most secured method to use to authenticate devices in the network because you have certificates and you have trusted certificate authority that you trust and only devices who has certificates from these CAs will be allowed to access the network.
    Another method very secured is EAP-FAST with machine and user certificate that the ISE will validade both the machine and user certificate before allow this one to get access to the network.
    how will client wireless network adapter properties automatically configured with same SSID which is configured with EAP-TLS along with certificate validation ?
    You can apply it too using GPO in the Windows Server to a domain machine but when you have a machine that is not a domain machine you can use a user certificate to authenticate this one and need to install manually the user certificate in that machine to authenticate the user to wireless network and create SSID specifying the policy that is EAP-TLS.
    Remember that client machine needs to have the CA issuer for the Cisco ISE certificate to trust in the Cisco ISE and get access to the network and the opposite too (ISE needs to have the CA Issuer to trust in the client)
    I hope it helps.

  • Command "service-policy input policy-name permit-any" will not work

    Hi all,
    have a SG500 with latest Firmware, but this command will not work.
    service-policy input QoS_01 permit-any
    i get this error message:
    % Wrong number of parameters or invalid range, size or characters entered
    without the option "permit-any or deny-any" the command is successfully.
    What is the reason?
    It is important, directly to specify this options. Otherwise to lose the access to the switch.
    Regards
    Stefan

    Hi Tom,
    i have a ACL / ACE and create a QoS "policy table" put the "policy class map" (with class mappings) in it.
    And now i will bind this QoS policy to a Ethernet port.
    cli tutorial example say:
    Use the service-policy Interface Configuration (Ethernet, Port-channel) mode command to bind a policy map to a port/port-channel. Use the no form of this command to detach a policy map from an interface.
    This command is only available in QoS advanced mode.
    Syntax
    service-policy input policy-map-name default-action [permit-any | deny-any]
    no service-policy input
    Example:
    witchxxxxxx(config-if)# service-policy input policy1 permit-any
    A cisco support open a ticket for me.
    -Stefan

  • PM/EAM related questions posted in PLM forum

    Hi,
    I was going through some of the threads available in PLM forum, but to my surprise, most of the threads posted are related to PM, which should have been posted in EAM forum. It was clearly mentioned by the moderator in one of the sticky thread [PLM-Forumsplit - Please ensure you are using the right forum|PLM-Forumsplit -  Please ensure you are using the right forum;
    Questions regarding Plant Maintenance (PM) or Customer Service (CS) are discussed in the Enterprise Asset Management (EAM) forum
    forums - posts will be moved to the right forum.
    Please ensure your are opening a new thread in the right forum
    Despite the clear instructions given my the moderator, PM related questions are still posted to PLM forum and some of the active participant of EAM forum answers these questions in PLM forum. It would be nice if those threads are moved to appropriate forum, so that the relevant informations are available under one forum, also, PLM forum should be monitored regularly and inappropriate threads are to be moved to their respective forum.
    Few PM related threads posted recently in PLM forum:
    [Change PR for External order|Change PR for External order;
    [BAPI or Function Module to Complete Maintenance calls in IP10|BAPI or Function Module to Complete Maintenance calls in IP10;
    [delete material from PM order|delete material from PM order;
    [Message no. IW056 Work center change --> default data redefined|Message no. IW056 Work center change --> default data redefined;
    [Component in Task list not reflecting in maintenance order|Component in Task list not reflecting in maintenance order;
    [Deleted functional location/equipments|Deleted functional location/equipments;
    [PM orders not listing components from material BOM|PM orders not listing components from material BOM;
    [Completion date in Maintenance Plans in IP10|Completion date in Maintenance Plans in IP10;
    I had used abuse reports for some, but numbers of such posts are many.

    I hate to say this, but I often see the same thing, and I've never been able to figure out exactly what triggers selectability vs. non-selectability, but I suspect some of it has to do with tranparency flattening in particular, and possibly text wrap in cases where that comes into play. ID optimizes the PDF it creates, I think, and that might cause text, or even images, to be broken into chunks in funny ways. It occurs to me that turning off optimzing for fast web view might help in this regard.

  • Prevalence between service policy and rate limit

    Hi,
    I have a question, on the wan interface on my router I have configured two QoS configuration: one is based on rate-limit pointing to a an specified traffic but also I have a configuration with a service policy that include the same traffic with a restriction of bandwidth . I do not know what policy has prevalence if the service policy or the rate limit.
    Regards.

    Hi Rajan ,
    Thanks for teh reply.
    I'm but confused with your answer....
    We have SRM 5 implemented at our place and I see that service carts  created in the system using the link "ORDER" when converted to PO's in Sourcing create Purchase orders with HIERARCHY structure i.e. 1 header and 1 item(with the actual service line) but when they are replicated to ECC,we have done an enheancement to create LIMIT PO's for service orders.
    Hence I wanted to know when do we need to create SERVICE HIRERACHY based PO's in SRM and when we need to create LIMIT PO's directly in SRM?
    Also I understand that in SRM,for limit PO's,when the PO item is deleted in PROCESS PO trasnctions,the items are not returned back to sourcing.We dont want this to happen for all types of PO's(both material and Service).We want that when a PO item is deleted,the item should return back to sourcing.
    But other then above functionality,what are the advantages of creating SERVICE based HIERARHCY PO's v/s LIMIT PO's in SRM?
    Please advise.
    Any inputs from Experts on this forum will be appreciated.
    Thanks in advance.

  • Service policy counters not working..

    I have a service policy on a 6509 interface so I can see what the packets per second of a video stream coming out of a DVR (digital video recorder) is. This DVR has 16 security cameras attached and I'm concerned that when someone views all 16 cameras the video stream is going to be huge.
    So I create a service policy to match an access list for all IP from the DVR. But no counters increment unless I add in some other match statement. I added in a match protocol telnet and the service policy counters started to work. I removed the match on telnet and the counters stopped. Telnet has nothing to do with the DVR. Here is the config of the class map, policy map and show commands: (By the way video is streaming through this interface continually during this excercise)
    MATCHING ACCESS LIST ONLY:
    class-map match-any DVR
    match access-group 130
    policy-map DVR-test
    class DVR
    ROC-6509-DU-A#sh access-list 130
    Extended IP access list 130
    10 permit ip host 164.72.2.125 any
    ROC-6509-DU-A#sh policy-map int
    GigabitEthernet2/5
    Service-policy output: DVR-test
    Class-map: DVR (match-any)
    0 packets, 0 bytes
    30 second offered rate 0 bps
    Match: access-group 130
    0 packets, 0 bytes
    30 second rate 0 bps
    Class-map: class-default (match-any)
    0 packets, 0 bytes
    30 second offered rate 0 bps, drop rate 0 bps
    Match: any
    ADDING IN TELNET:
    class-map match-any DVR
    match access-group 130
    match protocol telnet
    policy-map DVR-test
    class DVR
    ROC-6509-DU-A#sh policy-map int
    GigabitEthernet2/5
    Service-policy output: DVR-test
    Class-map: DVR (match-any)
    524025 packets, 70724866 bytes
    30 second offered rate 3991000 bps
    Match: access-group 130
    523896 packets, 70689220 bytes
    30 second rate 3991000 bps
    Match: protocol telnet
    129 packets, 35646 bytes
    30 second rate 0 bps
    Class-map: class-default (match-any)
    18696 packets, 11180265 bytes
    30 second offered rate 129000 bps, drop rate 0 bps
    Match: any
    If I remove the 'match protocol telnet' and clear the counters, no longer do the counters for the access-list 130 increment - put back in match telnet and they start to increment.
    This is a Sup720 with IOS 12.2(18)SXE3
    Is this a bug or do I not have my class map or policy map correct?

    The hardware ASICs do not support collecting the individual policer information.
    Try:
    http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/1216ea1/3550scg/swqos.htm#xtocid1990743

  • Error while applying the Service Policy

    Hi,
    I am getting the below error while applying the service policy to the Interface.
    I have set the mpls exp 4 as well as want to limit the bandwidth to 1Mbps
    PE#sh policy-map setexp-GBoIP
      Policy Map setexp-GBoIP
        Class GBoIP-traffic
          set mpls experimental imposition 4
         police cir 1024000 bc 32000
           conform-action transmit
           exceed-action drop
    PE(config-if)#int vlan 2007
    PE(config-if)#service-policy input setexp-GBoIP
    QoS-ERROR: Addition/Modification made to policymap setexp-GBoIP and class GBoIP-traffic is not valid, command is rejected
    As well as I have created new clas--map with priority and Bandwidth and applied in output direction, I got the belwo error while applying the Service policy in
    PE(config-if)#service-policy out TEST
    bandwidth command is not supported in output direction for this interface
    PE(config-if)#service-policy output TEST
    priority command is not supported in output direction for this interface
    Any idea why so ?
    Thanks in Advance.
    Regards,
    Nilesh

    Check the current value of IGW_AWARDS_S sequence and make sure the MINVALUE in the patch (i.e. 10000) is not greater than the current one.
    OERR: ORA 4007 MINVALUE cannot be made to exceed the current value (Doc ID 19824.1)
    You may also log a SR.
    Thanks,
    Hussein

  • Field 'Goods Receipt / Performance of Service' in 'Related Documents' Tab of PO Item in SRM

    Hi Gurus,
    I have a requirement where I need to make 'Goods Receipt / Performance of Service' in 'Related Documents' Tab as non-editable based on certain fields on the PO Item.
    On searching SDN, I found that this can be done via SPRO in the below path SPRO->SRM Server->Cross application basic settings->Extension and field Control -> Configure field control -> configure control for fields at item level.
    But here in this I am finding difficulty on using the Dyn. Customer Class and method.
    Please help us on how to find the relevant standard CLass and Method.
    I am new to SRM Programming.
    Appreciate your inputs on this.

    Hello,
    have a look at SPRO:
    SAP Implementation Guide > SAP Supplier Relationship Management > SRM Server > Cross-Application Basic Settings > Extensions and Field Control (Personalization) > Configure Field Control > Display Standard Metadata Tables for Item Fields > Display Delivered Metadata Table for Item Fields.
    Here, for object type BUS2201, you can see standard dynamic control class name is /SAPSRM/CL_PDO_DYN_MDF_IT_PO.
    You need to do your own field control configuration using specific class and method based on the standard one seen above.
    Then, assign this class/method:
    SAP Implementation Guide > SAP Supplier Relationship Management > SRM Server > Cross-Application Basic Settings > Extensions and Field Control (Personalization) > Configure Field Control > Configure Control for Fields on Item Level > Metadata for Fields on Item Level.
    Regards.
    Laurent.

  • Why doesn't "show service-policy url-summary" work?

    Does any one know -- At Cisco Live this year -- this command was shown as an Option to see the number of
    hits on L7 class maps urls.
    It's not an option for me:  Running A3 (2.5)
    Thanks,
    From A2 documentation  (maybe this command was dropped from A3 -- but that would be unfortunate)
    To display the statistics for all policy maps or a specific policy map that is currently in service, use the show service-policy command. This command also allows you to display statistics for a specific class map in a policy or the hit counts for match HTTP URL statements in a Layer 7 HTTP policy map. If you do not enter an option with this command, the ACE displays all enabled policy statistics.
    show service-policy [policy_name [class-map class_name]] [detail | summary | url-summary] [|] [>]
    Syntax Description
    policy_name
    (Optional) Identifier of an existing policy map that is currently in service (applied to an interface) as an unquoted text string with a maximum of 64 alphanumeric characters. If you do not enter the name of an existing policy map, the ACE displays information and statistics for all policy maps.
    class-map class_name
    (Optional) Displays the statistics for the specified class map associated with the policy.
    detail
    (Optional) Displays a more detailed listing of policy map or class map statistics and status information.
    summary
    (Optional) Displays a summary of policy map or class map statistics and status information.
    url-summary
    (Optional) Displays the number of times that a connection is established based on a match HTTP URL statement for a class map in a Layer 7 HTTP policy map.
    The URL hit counter is per match statement per load-balancing Layer 7 policy. If you are using the same combination of Layer 7 policy and class maps with URL match statements in different VIPs, the count is combined. If the ACE configuration exceeds 64K URL and load-balancing policy combinations, this counter displays NA.

    Hi Dan,
    The url-summary has only been added to the ACE module code at this time.  The A2 code train is only for the module, while the A3 train is only for the appliance.  The good news is that later this year, we will have a new software coming out (A4) that will be the exact same image that can be loaded on either the module or the appliance, hence all functionality will be the same for both (except the acceleration and optimization that only the appliance will support.
    Hope this helps,
    Sean

  • I want to check all functions of PCI 6534.I have read the user manual..I have some memory related questions.​Please help me for that.

    I want to check all functions of PCI 6534.I have read the user manual..I have some memory related questions.Please help me for that.
    1.)If i am using the continuous output mode.and the size of generated data is less than 32 MB.If i want to preload the memory,what should i do?I want that first of all i load all my data to onboard memory & then i want to make start the transfer between 6534 & peripheral.Is it possible?As per me it should be.Plz tell me how should i do this?I think that in normal procedure the transfer between 6534-peripheral & outputting data from pc buffer to onboard memory works parallely.But i don't want this.Is it poss
    ible?
    (2).Similarly in finite input operation(pattern I/O) is it possible to preload the memory and then i read it?Because i think that the PC memory will be loaded automatically when 6534 acquires the data and then when we use DIO read vi the pc buffer data will be transferred to application buffer.If this is true,i do not want this.Is it possible?
    (3) One more question is there if i am using normal operation onboard memory will be used bydefault right?Now if i want to use DMA and if i have data of 512 bytes to acquire.How will it work and how should i do it?Please tell me the sequence of operations.As per my knowledge in normal DMA operation we have 32 Bytes FIFO is there so after acquisition of 32 bytes only i can read it.How it will known to me that 32 bytes acquisition is complete?Next,If i want to acquire each byte separately using DMA interrupts what should i do?Provide me the name of sourse from which i can get details about onboard memory & DMA process of 6534 specifically
    (4).In 6534 pattern Input mode,if i want to but only 10 bits of data.and i don't want to waste any data line what should i do?

    Hi Vishal,
    I'll try to answer your questions as best I can.
    1) It is definitely possible to preload data to the 32MB memory (per group) and start the acquisition after you have preloaded the memory. There are example programs on ni.com/support under Example Code for pattern generation and the 6534 that demonstrate which functions to use for this. Also, if your PC memory buffer is less than 32MB, it will automatically be loaded to the card. If you are in continuous mode however, you can choose to loop using the on-board memory or you can constantly be reading the PC memory buffer as you update it with your application environment.
    2) Yes, your data will automatically be loaded into the card's onboard memory. It will however be transferred as quickly as possible to the DMA FIFO on the card and then transferred to the PC memory buffer through DMA. It is not going to wait until the whole onboard memory is filled before it transfers. It will transfer throughout the acquisition process.
    3) Vishal, searching the example programs will give you many of the details of programming this type of application. I don't know you application software so I can't give you the exact functions but it is easiest to look at the examples on the net (or the shipping examples with your software). Now if you are acquiring 512 bytes of data, you will start to fill your onboard memory and at the same time, data will be sent to the DMA FIFO. When the FIFO is ready to send data to the PC memory buffer, it will (the exact algorithm is dependent on many things regarding how large the DMA packet is etc.).
    4) If I understand you correctly, you want to know if you waste the other 6 bits if you only need to acquire on 10 lines. The answer to this is Yes. Although you are only acquiring 10 bits, it is acquired as a complete word (16bits) and packed and sent using DMA. You application software (NI-DAQ driver) will filter out the last 6 bits of non-data.
    Hope that answers your questions. Once again, the example code on the NI site is a great place to start this type of project. Have a good day.
    Ron

  • While loading ITunes Igot this messege, Service "Apple Mobile Device" failed to start. Verify that you have sufficient privileges to start system services. My question is, How do I verify if I have sufficient privileges?

    While loading ITunes I got this messege, Service "Apple Mobile Device" failed to start. Verify that you have sufficient privileges to start system services. My question is, How do I verify if I have sufficient privileges?

    Hello hurleygirl63,
    Thank you for the details of the issue you are experiencing with iTunes.  I recommend following the steps in the article below:
    How to restart the Apple Mobile Device Service (AMDS) on Windows
    http://support.apple.com/kb/TS1567
    Thank you for using Apple Support Communities.
    Best,
    Sheila M.

Maybe you are looking for