How to apply parameter map?

Ok this may seem a bit of a dumb question but I just can't get a straight answer from Googling or from the IOS release 15.2 Security Config guide for ZFW.  So,I am editing the parameter map that governs tcp queue length in the OoO (Out of Order) global parameter map:
Router(config)#parameter-map type ooo global
Once I've made my changes, do I need to add this to a policy map?  Or does this just go into effect by default somehow? 
Thank you.

Hi Julio,
Well, I bought this ebok at Cisco Press ($14.99).  I don't have a Kindle unfortunately.  Normally I'd try bittorrents for this kind of thing but when it comes to business and work related material I like to keep it official. 
The ebook is only 112 pages which is good since I already have the CCNA Security book from Cisco Press queued up for reading but I think this ebook will be a good starter and is probably more to the point with real world talk. 
By the way, if you answer my question above, I can then Mark Correct Answer    Since I have the OoO parameter map defined, do I now need to apply it?  I know reading the book might give me an answer but just so I can get this particularthread off of my "to do" list I am hoping for the quick answer.  I know how to apply a parameter map to a policy map, just wondering whether these global ones like the ooo one need that, or are they applied by default and so you just need to edit their configs to change how they work. 

Similar Messages

  • Applying ACE connection parameter map?

    How do I apply the connection parameter map in a configuration like this to the service policy int827?  Do I need to define the traffic?  Can I specify only one source destination flow to apply the set tcp half-closed TCP normalization against?
    Any help would be appreciated.
    Thank you all,
    Jon
    policy-map type loadbalance first-match wss-1100-l7slb
      class class-default
        sticky-serverfarm sticky-srcip-1100
    policy-map type loadbalance first-match wss-1101-l7slb
      class class-default
        sticky-serverfarm sticky-srcip-1101
    parameter-map type connection TCPIP_PARAM_MAP
    set tcp timeout half-closed 180
    policy-map multi-match int827
      class wss-1100
        loadbalance vip inservice
        loadbalance policy wss-1100-l7slb
      class wss-1101
        loadbalance vip inservice
        loadbalance policy wss-1101-l7slb
    interface vlan 827
      bridge-group 1
      no normalization
      access-group input etherany
      access-group input ip-any-any
      access-group output ip-any-any
      service-policy input mgmt
      service-policy input int827
      no shutdown
    interface vlan 828
      bridge-group 1
      no normalization
      access-group input etherany
      access-group input ip-any-any
      access-group output ip-any-any
      no shutdown
    interface bvi 1
      mac-address autogenerate
      ip address x.x.x.6 255.255.255.0
      peer ip address x.x.x.7 255.255.255.0
      no shutdown
    ip route 0.0.0.0 0.0.0.0 x.x.x.1

    Yes, you always need to define interesting traffic to apply the connection parameter-map. If you apply "tcp timeout half-closed" to any traffic then you need to define class-map with 0.0.0.0. If you want to apply the
    "tcp timeout half-closed" to the current class-map, then you can assoicate it with a multi-match policy map as below :
    The service policy always applies to the incoming interface.
    parameter-map type connection TCPIP_PARAM_MAP
    set tcp timeout half-closed 180
    policy-map multi-match int827
      class wss-1100
        loadbalance vip inservice
        loadbalance policy wss-1100-l7slb
        connection advanced-options
      class wss-1101
        loadbalance vip inservice
        loadbalance policy wss-1101-l7slb
        connection advanced-options
    Just one more side note for the timeout parameter. The timeout value (default or other wise) remains the same irrespective of normalization or no norm.
    If you have a parameter map configured for timeout then it should still take in affect when you have normalization disabled.
    The only difference is that with normalization enabled, ACE will send a reset back after the timeout expires and will silently drop it when no norm is configured.
    regards
    Andrew

  • How to Pass parameter to Custom Scheduler dynamically

    hi ,
    I am new to OIM.
    Need your help in passing parameters dynamically to Custom Scheduler.
    I have created Custom Scheduler by extending Task Support.
    I have registered the plugin through API , using PlatformService.registerPlugin() method.
    As I need to send the parameter(s) to this CustomScheduler, I have defined them in Metadata (CustomScheduleTask.xml) file as below and got it imported into DB
    through weblogicImportMetadata.sh script by providing the path of the file.
    <scheduledTasks xmlns="http://xmlns.oracle.com/oim/scheduler">
    <task>
    <name>CustomScheduleTask</name>
    <class>org.schedule.custom.task.CustomScheduleTask</class>
    <description>Fetch details of the given user_id</description>
    <retry>5</retry>
    <parameters>
    <string-param required="true" helpText="Login Name">Login Name</string-param>
    </parameters>
    </task>
    </scheduledTasks>
    Iam able to import this plugin as well as register the plugin successfully. Now I have defined a job to which this Custom SchedulerTask is mapped.
    Now in order to run this job(schedule task) I need to provide Login name( or id) which needs to be send as a parameter for the scheduler to get executed.
    But while defining the job with this Schedule Task on OIM console, I was not able to define or pass parameter to this job. hence parameter is null in
    CustomSchedule 's execute method .
    Kindly help me how to pass parameter dynamically while running the scheduler from OIM console so that the execute method would be able to receive it.
    Thank you in Advance.
    Regards,
    Kumar

    Hi,
    When you have created the schedule job for your custom schedule task, you should see your Login Name textfield in the schedule task. If not, then there verify your schedule task xml.
    In your schedule class code, add:
    public void execute(HashMap arg0) {
              final String METHOD_NAME = "execute :: ";
              logger.debug(CLASS_NAME + METHOD_NAME + "Entering Method - execute");
              try {
                   String LoginName = arg0.get("Login Name");
    Regards,
    Sunny

  • [Forum FAQ] How to use parameter to control the Expand/Collapse drill-down options in SSRS report?

    In SQL Server Reporting Services (SSRS), drill-down is an action we can apply to any report item to hide and show other report items. They all are ways that we can organize and display data to help our users understand our report better. In this article,
    we are talking about how to use parameter to control the Expand/Collapse drill-down options in SSRS report.
    Consider that the report has a dataset (dsSales) with following fields: SalesTerritoryGroup, SalesTerritoryCountry, CalendarYear, SalesAmount.
    1. The report has the following group settings:
    Parent Group: SalesTerritoryGroup
     Child Group: SalesTerritoryCountry
      Child Group: CalendarYear
       Details: SalesAmount
    2. Add three parameters in the report:
    GroupExpand:
    Available Values: “Specify values”
    Label: Yes           Value: Yes
    Label: No            Value: No
    Default Values: “Specify values”
    Value: Yes
    CountryExpand:
    Available Values: “Specify values”
    Label: Yes           Value: =IIF(Parameters!GroupExpand.Value="No",Nothing,"Yes")
    Label: No            Value: No
    Default Values: “Specify values”
    Value: =IIF(Parameters!GroupExpand.Value="No","No","Yes")
    YearExpand:
    Available Values: “Specify values”
    Label: Yes          
    Value: =IIF(Parameters!GroupExpand.Value="No" or Parameters!CountryExpand.Value="No",Nothing,"Yes")
    Label: No            Value: No
    Default Values: “Specify values”
    Value: =IIF(Parameters!GroupExpand.Value="No" or Parameters!CountryExpand.Value="No","No","Yes")
    3. Right click SalesTerritoryCountry icon in the Row Groups dialog box, select Group Properties.
    4. Click Visibility in the left pane. Select “Show or hide based on an expression” and type with following expression:
    =IIF(Parameters!GroupExpand.Value="Yes", False, True)
    Select “Display can be toggled by this report item” option, and select “SalesTerritoryGroup” in the drop down list.
    5. Use the same method setting CalendarYear, (Details) drill-down with following expression:
    =IIF(Parameters!CountryExpand.Value="Yes", False, True)
    =IIF(Parameters!YearExpand.Value="Yes", False, True)
    6. Click SalesTerritoryGroup text box in the tablix. Select InitialToggleState property in the Properties dialog box, and type following expression:
    =IIF(Parameters!GroupExpand.Value="Yes", True, False)
    7. Use the same method setting SalesTerritoryCountry, CalendarYear text box with following expression:
    =IIF(Parameters!CountryExpand.Value="Yes", True, False)
    =IIF(Parameters!YearExpand.Value="Yes", True, False)
    After that, when we preview the report, we can use these three parameters to expand/collapse drill-down.
    Note:
    In our test, we may meet following issue. We can check the expression of InitialToggleState property to troubleshooting the issue.
    Applies to
    Reporting Services 2008
    Reporting Services 2008 R2
    Reporting Services 2012

    In SQL Server Reporting Services (SSRS), drill-down is an action we can apply to any report item to hide and show other report items. They all are ways that we can organize and display data to help our users understand our report better. In this article,
    we are talking about how to use parameter to control the Expand/Collapse drill-down options in SSRS report.
    Consider that the report has a dataset (dsSales) with following fields: SalesTerritoryGroup, SalesTerritoryCountry, CalendarYear, SalesAmount.
    1. The report has the following group settings:
    Parent Group: SalesTerritoryGroup
     Child Group: SalesTerritoryCountry
      Child Group: CalendarYear
       Details: SalesAmount
    2. Add three parameters in the report:
    GroupExpand:
    Available Values: “Specify values”
    Label: Yes           Value: Yes
    Label: No            Value: No
    Default Values: “Specify values”
    Value: Yes
    CountryExpand:
    Available Values: “Specify values”
    Label: Yes           Value: =IIF(Parameters!GroupExpand.Value="No",Nothing,"Yes")
    Label: No            Value: No
    Default Values: “Specify values”
    Value: =IIF(Parameters!GroupExpand.Value="No","No","Yes")
    YearExpand:
    Available Values: “Specify values”
    Label: Yes          
    Value: =IIF(Parameters!GroupExpand.Value="No" or Parameters!CountryExpand.Value="No",Nothing,"Yes")
    Label: No            Value: No
    Default Values: “Specify values”
    Value: =IIF(Parameters!GroupExpand.Value="No" or Parameters!CountryExpand.Value="No","No","Yes")
    3. Right click SalesTerritoryCountry icon in the Row Groups dialog box, select Group Properties.
    4. Click Visibility in the left pane. Select “Show or hide based on an expression” and type with following expression:
    =IIF(Parameters!GroupExpand.Value="Yes", False, True)
    Select “Display can be toggled by this report item” option, and select “SalesTerritoryGroup” in the drop down list.
    5. Use the same method setting CalendarYear, (Details) drill-down with following expression:
    =IIF(Parameters!CountryExpand.Value="Yes", False, True)
    =IIF(Parameters!YearExpand.Value="Yes", False, True)
    6. Click SalesTerritoryGroup text box in the tablix. Select InitialToggleState property in the Properties dialog box, and type following expression:
    =IIF(Parameters!GroupExpand.Value="Yes", True, False)
    7. Use the same method setting SalesTerritoryCountry, CalendarYear text box with following expression:
    =IIF(Parameters!CountryExpand.Value="Yes", True, False)
    =IIF(Parameters!YearExpand.Value="Yes", True, False)
    After that, when we preview the report, we can use these three parameters to expand/collapse drill-down.
    Note:
    In our test, we may meet following issue. We can check the expression of InitialToggleState property to troubleshooting the issue.
    Applies to
    Reporting Services 2008
    Reporting Services 2008 R2
    Reporting Services 2012

  • How to call Java Map in XSLT map

    Hello,
    Can anyone tell me how to call Java Map in XSLT map.
    Thanks and Regards
    Hemant

    Hello, Vijay,
    Can you help in understanding how can we pass whole payload in the parameter in XSLT map.....
    for eg
    <?xml version="1.0" encoding="UTF-8"?>
    <xsl:stylesheet version="2.0"
    xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
    xmlns:javamap="java:DATEandTIME.Date_Time">
         <xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes"/>
         <xsl:param name="inputparam" />
         <xsl:template match="/">
         <MT_TARGET>
              <date>
                   <xsl:if test="function-available('javamap:getDateValue')">
                       <xsl:value-of select="javamap:getDateValue($inputparam)"/>                    </xsl:if>
              </date>
              <time>
              <xsl:if test="function-available('javamap:getTimeValue')">
                       <xsl:value-of select="javamap:getTimeValue($inputparam)"/>                       <xsl:value-of select="$test"/>
              </xsl:if>
              </time>
              <project>
                        <xsl:value-of select= "//project"/>
              </project>
         </MT_TARGET>
         </xsl:template>
    </xsl:stylesheet>
    here we are passing static value in parameter.....
    Java code is:
                private static AbstractTrace trace = null;
                public static String getDateValue(Map inputparam)
                        trace = (AbstractTrace)inputparam.get(
                                 StreamTransformationConstants.MAPPING_TRACE );
                        Date now1 = new Date();
                        SimpleDateFormat formatter = new SimpleDateFormat ("yyyyMMd");
                        String dateString = formatter.format(now1);
                        return dateString;
                public static String getTimeValue(Map inputparam)
                            trace = (AbstractTrace)inputparam.get(
                                    StreamTransformationConstants.MAPPING_TRACE );
                            Date now1 = new Date();
                            SimpleDateFormat formatter = new SimpleDateFormat ("hhmmss");
                            String dateString1 = formatter.format(now1);
                            return dateString1;
    I want to pass whole payload so how can i pass it.

  • How to get ABAP mapping option in Interface Mapping

    Hi
    experts
    How to get ABAP mapping option in Interface Mapping . i need to do abap mapping . i didnt find the option
    plz help me

    Hi,
    If u2018ABAP-classu2019 and u2018XSL(ABAP ENGINE)u2019 does not appear under the u2018Mapping Program Typeu2019 in Interface Mapping, one has to make an additional entry in the Exchange Profile. 
    Only a user with the J2EE security role (administrator) can make the following settings in the Exchange Profile.
    It is achieved in the following manner:
    1) Open http://<host>:<port>/exchangeProfile/index.html
    2)Choose IntegrationBuilder ->IntegrationBuilder.Repository -> com.sap.aii.repository.mapping.additionaltypes
    Add: R3_ABAP|Abap-class;R3_XSLT|XSL (ABAP Engine)
    To check whether the data has been successfully read from the exchange    profile:
    1- Open http://<host>:<port>/rep/support/admin/index.html
    2- Choose Administration of Properties -> All Properties
    3- If the value associated to parameter com.sap.aii.repository.mapping.additionaltypes is not visible, press REFRESH button
    After doing above check in IR, if still don't find the option for ABAP mapping then refresh the cache.
    Award points if useful.

  • How to pass parameter as http POST in pageContext.setForwardURL

    Hi,
    I need to call a third party application page in my custom OAF page. I need to pass parameter to this third party page using POST method. I am using following command to call that -
    HashMap hm = new HashMap();
    hm.put("FirstName",firstName );
    hm.put("LastName",lastName);
    hm.put("AppSignature", signature);
    pageContext.setForwardURL(hopURL,
    null, // not necessary with KEEP_MENU_CONTEXT
    OAWebBeanConstants.KEEP_MENU_CONTEXT, // no change to menu context
    null, // No need to specify since we're keeping menu context
    hm, // request parameters
    false, // retain the root application module
    OAWebBeanConstants.ADD_BREAD_CRUMB_YES, // display breadcrumbs
    OAException.ERROR);
    I am passing parameter to the page using hash map table. That application is expecting the parameters in POST format and I believe using hash map table the parameters will be passed as GET format.
    We figured that out because one of the parameter we have to send is AppSignature which is 160 characters long. When third party applicatoin received that parameter they got only 151 characters, looks like they are truncated by GET method.
    Any idea how to pass parameter using POST format so that this issue could be fixed.
    Regards
    Hitesh

    Sumit,
    Thanks for your reply. I have resolved this issue by forwarding all parameters in session using pageContext.putSessionValueDirect and redirect to a jsp using pageContext.redirectImmediately.
    in jsp I read the params from session and set in the form , and then redirected to my third party application.
    Regards
    Hitesh

  • How to pass parameter to the Query String of the Named Queries'SQL

    Firstly to say sorry,I'm a beginner and my English is very little.
    Now I want to know
    How to pass parameter to the Query String of the Named Queries'SQL in the Map editor.
    Thanks.

    benzi,
    Not sure if this is on target for your question, but see #5 in the link below for some web screencasts that show how to pass an input text form field value to the bind variable of a view object. If you're looking for something different, maybe provide some more details such as what you are trying to accomplish and what technology stack you are using - for example, ADF BC, JSF, etc.
    http://radio.weblogs.com/0118231/stories/2005/06/24/jdeveloperAdfScreencasts.html
    Also see section 5.9 and chapter 18 in the developer's guide.
    thanks

  • Same parameter-map used on 2 different classes

    Greetings,
    If the same parameter-map (type connection or http) is used on two different policy-map classes, will that create a conflict in how traffic for each of serverfarms uses persistence or inactivity timeout (script 1)?
    Should we create a different instance of parameter-maps for each policy-map class (script 2)?
    Script 1
    parameter-map type connection inactivity_2000
    set timeout inactivity 2000
    parameter-map type http persistence-rebalance
    persistence-rebalance
    policy-map multi-match L4_POLICY
    class L3-4_VIP_A
    connection advanced-options inactivity_2000
    appl-parameter http advanced-options persistence-rebalance
    loadbalance policy L7_Serverfarm_A_Policy
    loadbalance vip inservice
    loadbalance vip icmp-reply active
    class L3-4_VIP_B
    connection advanced-options inactivity_2000
    appl-parameter http advanced-options persistence-rebalance
    loadbalance policy L7_Serverfarm_B_Policy
    loadbalance vip inservice
    loadbalance vip icmp-reply active
    Script 2
    parameter-map type connection L3-4_VIP_A_connection
    set timeout inactivity 2000
    parameter-map type connection L3-4_VIP_B_connection
    set timeout inactivity 2000
    parameter-map type http L3-4_VIP_A_http
    persistence-rebalance
    parameter-map type http L3-4_VIP_B_http
    persistence-rebalance
    policy-map multi-match L4_POLICY
    class L3-4_VIP_A
    connection advanced-options L3-4_VIP_A_connection
    appl-parameter http advanced-options L3-4_VIP_A_http
    loadbalance policy L7_Serverfarm_A_Policy
    loadbalance vip inservice
    loadbalance vip icmp-reply active
    class L3-4_VIP_B
    connection advanced-options L3-4_VIP_B_connection
    appl-parameter http advanced-options L3-4_VIP_B_http
    loadbalance policy L7_Serverfarm_B_Policy
    loadbalance vip inservice
    loadbalance vip icmp-reply active
    Thanks

    you can reuse the same parameter map.
    Gilles.

  • How to apply source to a schema?

    Hi,
    I want to apply new dump to the schema to test it.
    The dump is in another schema.
    Can any one suggest how to apply souce to a schema?
    Is there any script for this?
    Thanks
    Waiting for replies:)

    Hi
    What is your problem?
    Do you have an Oracle dump?
    Do you want to create your source table into another schema? Deploy it.
    Do you want to load your source data to another schema? Creat a mapping and load it.
    Ott Karesz
    http://www.trendo-kft.hu
    Message was edited by:
    ottkaresz

  • Parameter mapping for an action

    can anybody help me with this parameter mapping.
    how we can pass a parameter for an action.
    and how to use that parameter in the implemented coding.

    Hi sarbjeet,
    Rajat has correctly explained your requirement.
    Let me give you example.
    say when the User opens your application it shows a page with one drop down which conatins some values and a button. So If you want to get the value selected by the user on click of the button, then you need to associate a action with the button(which you can define in action property of the button and it will automatically create the method and you can check it in the implementation tab). Now you can write the code for getting the value from drop down in this method. after getting the value you can do what ever logic you want to perform like inserting it into database etc.
    Hope this will clearify logic. If you require the code then please let me know.
    Regards
    Narendra

  • How to effect parameter changes

    Hi Friends,
    I just changes parameter open_cursors to 500 in oracle EM and click apply button.
    However it does not affect system. How to apply changes in system. we can not stop database server.
    Thanks for help!!
    jim

    Hi..
    There is no need to stop or bounce(stop start) the database.
    ALTER SYSTEM SET OPEN_CURSORS=value; will do.
    BANNER
    Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod
    PL/SQL Release 10.2.0.1.0 - Production
    CORE    10.2.0.1.0      Production
    TNS for 32-bit Windows: Version 10.2.0.1.0 - Production
    NLSRTL Version 10.2.0.1.0 - Production
    SQL> sho parameter open
    NAME                                 TYPE        VALUE
    open_cursors                         integer     300
    open_links                           integer     4
    open_links_per_instance              integer     4
    read_only_open_delayed               boolean     FALSE
    SQL> alter system set open_cursors=500;
    System altered.
    SQL> sho parameter open_
    NAME                                 TYPE        VALUE
    open_cursors                         integer     500
    open_links                           integer     4
    open_links_per_instance              integer     4
    read_only_open_delayed               boolean     FALSE
    session_max_open_files               integer     10I tried it with OEM, it changed.Is there some error that you are getting
    HTH
    Anand
    Edited by: Anand... on Nov 15, 2008 3:14 AM

  • ACE - need help implementing basic parameter map

    Hi,
    I'm trying to implement a connection parameter on an ACE module that sumply sets the TCP timeout to 0.
    I can get this to work fine if I permit all TCP traffic in the class-map, but it doesn't work if I use an ACL;
    >>Match all TCP;
    parameter-map type connection TCP-Timeout
    set timeout inactivity 0
    class-map match-all TCP-Timeout-Out-Class
    2 match port tcp any
    class-map match-all TCP-Timeout-in-Class
    2 match port tcp any
    policy-map multi-match TCP-Timeout-Out-Policy
    class TCP-Timeout-Out-Class
    connection advanced-options TCP-Timeout
    policy-map multi-match TCP-Timeout-in-Policy
    class TCP-Timeout-in-Class
    connection advanced-options TCP-Timeout
    Interface vlan 920
    service-policy input TCP-Timeout-in-Policy
    Interface vlan 923
    service-policy input TCP-Timeout-Out-Policy
    >>Match ACL;
    access-list TCP-Timeout-Group-Out line 10 extended permit ip 10.221.178.0 0.0.0.255 any
    access-list TCP-Timeout-Group-in line 10 extended permit ip any 10.221.178.0 0.0.0.255
    parameter-map type connection TCP-Timeout
    set timeout inactivity 0
    class-map match-all TCP-Timeout-Out-Class
    match access-list TCP-Timeout-Group-Out
    class-map match-all TCP-Timeout-in-Class
    match access-list TCP-Timeout-Group-in
    policy-map multi-match TCP-Timeout-Out-Policy
    class TCP-Timeout-Out-Class
    connection advanced-options TCP-Timeout
    policy-map multi-match TCP-Timeout-in-Policy
    class TCP-Timeout-in-Class
    connection advanced-options TCP-Timeout
    Interface vlan 320
    service-policy input TCP-Timeout-in-Policy
    Interface vlan 323
    service-policy input TCP-Timeout-Out-Policy
    Any ideas?
    Many Thanks

    Try changing the class-map from "type match-all" to "type match-any". Match all implies both statments need to be true. The match-any is probably what you want. Either of the ACL statements can be true.
    Also try to apply the policy globally instead of the interfaces, simplifying the config might help as well.
    e.g.:
    access-list TCP-Timeout-Group line 10 extended permit ip 10.221.178.0 0.0.0.255 any
    access-list TCP-Timeout-Group line 20 extended permit ip any 10.221.178.0 0.0.0.255
    class-map match-any TCP-Timeout-Class
    match access-list TCP-Timeout-Group
    parameter-map type connection TCP-Parameter-Map
    set timeout inactivity 0
    policy-map multi-match TCP-Timeout-Out-Policy
    class TCP-Timeout-Out-Class
    connection advanced-options TCP-Parameter-Map
    service policy input TCP-Timeout-Out-Policy <- apply it globally
    Hope it helps.
    Roble

  • ACE30 (A5(3.1a)) SSL Parameter map

    Hi Guys,
    We have a requirement to disable SSLv3 support and enable TLS1.0, 1.1 and 1.2 within our environment.  Since having upgraded to A5(3.1a) we have available to us the ability to use TLS1.0, 1.1 and 1.2 according to the release notes, however in practice i've found that there is no ability to have only TLS1.0, 1.1 and 1.2, (not SSLv3) applied to a given VIP (via the ssl-proxy commands). From testing i've found that if I want to be specific about the versions of TLS, only one can be applied at a time:  E.g.
    parameter-map type ssl SSL-TLS1.0
      cipher RSA_WITH_3DES_EDE_CBC_SHA
      cipher RSA_WITH_AES_128_CBC_SHA priority 3
      cipher RSA_WITH_AES_256_CBC_SHA priority 2
      version TLS1
    ssl-proxy service SSL-NISTEST
      key NISTEST-KEY.pem
      cert NISTEST-CRT-RENEWED.pem
      chaingroup SSL-AUSCERTS-SERVER-CHAIN
      ssl advanced-options SSL-TLS1.0
    I cannot apply TLS1.0, 1.1 and 1.2, to therefore support all browsers etc.  I tried using "Up to TLS1.2" from the versions that were available, however this still includes SSLv3 which we do not want.  Can Cisco confirm that my observations are correct and that I cannot add all 3 versions of TLS?  
    thanks
    Sheldon

    Hi Nithin,
    Your stats looks OK to me. Looks like it is all good. Why do you think you are still using SSL3?
    Also, did you specifically not want to use the TLS 1.1 and TLS 1.2?
    Is there any reason you want to keep the MD5 cipher?
    Cipher tlsv1_rsa_rc4_128_md5:                    20
    Cipher tlsv1_rsa_rc4_128_sha:                     0
    Cipher tlsv1_rsa_des_cbc_sha:                   714
    Cipher tlsv1_rsa_3des_ede_cbc_sha:           410321
    SSLv3 negotiated protocol:                        0
    TLSv1 negotiated protocol:                   411055
    SSLv3 full handshakes:                            0
    SSLv3 resumed handshakes:                         0
    SSLv3 rehandshakes:                               0
    SSLv3 secured rehandshakes:                       0
    TLSv1 full handshakes:                       411053
    TLSv1 resumed handshakes:                         0
    TLSv1 rehandshakes:                               0
    TLSv1 secured rehandshakes:                       0
    SSLv3 handshake failures:                         0
    SSLv3 failures during data phase:                 0
    TLSv1 handshake failures:                         2
    TLSv1 failures during data phase:                 0

  • CT5760 - virtual-host in parameter-map not used in webauth redirect

    Hi all.
    I'll try posting my issue here before I post a TAC on this:
    Cisco CT5760 wireless controller running IOS-XE version 3.6.0.
    This issue is related to web authentication on an SSID with external web portal. It seems that the statement "virtual-host" in "parameter-map type webauth global" is not used as intended. I'll try to explain:
    When a user connects to an SSID with external web authentication enabled and the user opens a web browser, the user will get redirected to the external web portal for authentication. In this redirect URL we see the parameter "switch_url=http://1.2.3.4/login.html". The IP address 1.2.3.4 is, in this example, our virtual IP. But we have also configured "virtual-host" to be webauth.example.com. And in my opinion the "switch_url" parameter should be "switch_url=http://webauth.example.com/login.html". This is how it works on our old Cisco WiSM1 implementation.
    The reason why this is a problem is that the clients web browser will not accept the certificate installed on "http://1.2.3.4" because it is not issued with that IP address, only the hostname webauth.example.com. I know that it is possible to get certificates issued with an IP address (as long as it's not an RFC1918 IP address), but rumors say that many Certificate Authorities will stop issuing these soon, even with "real IPs". Therefore it is important that the redirect URL gets corrected.
    Does anyone disagree with me that this is a bug?

    Hi and thank you for your response.
    I feel that I need to clarify a few things. Here is my parameter-map config (a bit edited):
    parameter-map type webauth global
    virtual-ip ipv4 1.1.1.1 virtual-host webauth.example.com
    intercept-https-enable
    parameter-map type webauth webauth_external
    type webauth
    redirect for-login https://webauth-external.example.com/v2/login.html
    redirect portal ipv4 x.x.x.x
    So the problem here is that a web browser of the client gets the following redirect URL:
    https://webauth-external.example.com/v2/login.html?switch_url=https://1.1.1.1/login.html&redirect=http://www.cnn.com
    Then after a successful login on the external portal, the user gets redirected back to https://1.1.1.1/login.html. Here is the core of my problem. I think that the parameter "switch_url" should be with the name webauth.example.com since I configured it as the "virtual-host". This is the behavior we see with our old Cisco WiSM1.
    When the redirect goes to https://1.1.1.1/login.html the client complains about the certificate, because it is not issued to that IP address but to the hostname.
    I can verify that the client does not complain about this if I manually edit the redirect URL on the client to the following:
    https://webauth-external.example.com/v2/login.html?switch_url=https://webauth.example.com/login.html&redirect=http://www.cnn.com
    Then the redirect after authentication goes to https://webauth.example.com/login.html and the client accepts the certificate and everything is peachy.
    Do you see my problem? And yes, the virtual IP resolves to the name in DNS.

Maybe you are looking for

  • How can I manage multiple iPads for different students?

    Problem: I need to manage multiple iPads for my students with special needs. I need to download different apps to different iPads and I'm not sure how to keep their apps separate but still keep ultimate control of the units (i.e. lock them from loadi

  • Can you schedule a report to be emailed out?

    Is there a way to have a schedule a report to run and then email the results out to either myself or a set email address? Thanks, Mike

  • Unable to update profit center or plant code in the customer line item

    Hi, We require the profit center and plant code and division in FI documents (Posted through billing document or through direct FI entry) We are unable to input plant or profit center in the customer line item while using F-21 or any other FI transac

  • Adding a sub-total column in a report

    I making changes to a developed report using Reports 2.5 and I need to add a subtotal column at the change of wbs code.in other words I have A26,A27,A28. At the end of A26, I would like to have subtotal column, and then when I get to A27, another sub

  • Previously Downloaded song won't play

    I have an album that I previously purchased from iTunes, and Recently I accidently deleted the album off my ipod, and now that I'm trying to re-download it onto my iTunes, it won't let me. I have the songs on my music list, but they have the exclaima