HSRP Bad Authentication
Hi,
I'm having the following message almost continously:
%STANDBY-3-BADAUTH: Bad authentication from 103.226.1.249, remote state Init
I have double checked the config and there's no authentication configured in neither of the switches of this HSRP group. Config is the following:
SWITCH1:
interface Vlan2
ip address 31.226.1.249 255.255.255.0 secondary
ip address 200.4.163.249 255.255.255.0 secondary
ip address 103.226.1.249 255.255.255.0
ip helper-address 103.197.4.3
ip helper-address 47.193.27.3
no ip redirects
standby 2 ip 103.226.1.1
standby 2 ip 31.226.1.1 secondary
standby 2 ip 200.4.163.1 secondary
standby 2 priority 120
SWITCH 2:
interface Port-channel1.2
encapsulation dot1Q 2
ip address 31.226.1.246 255.255.255.0 secondary
ip address 200.4.163.246 255.255.255.0 secondary
ip address 103.226.1.246 255.255.255.0
ip helper-address 103.197.4.3
ip helper-address 47.193.27.3
no ip redirects
no ip directed-broadcast
standby 2 priority 130 preempt
standby 2 ip 103.226.1.1
standby 2 ip 31.226.1.1 secondary
standby 2 ip 200.4.163.1 secondary
This is the result of sh standby brief for switch 2:
Po1.2 2 130 P Active local 103.226.1.249 103.226.1.1
And this for switch 1:
Interface Grp Prio P State Active Standby Virtual IP
Vl2 2 120 Standby 103.226.1.246 local 103.226.1.1
The device which complains of this error is cisco Cat4232L3 with IOS 12.0(7)W5(15b). Despite I'm pretty sure this is a bug, I have found nothing in the Bug Toolkit...
What do you think?
Regards,
Ruben
Ruben
I do not see a problem with the part of the config that you posted. And the show standby indicates that HSRP is working (at least switch 2 knows that it is active and switch 1 knows that it is standby). I do not know if the full output of show standby would show anything else useful.
If standby is working and you are getting these error messages then it does sound like a bug. If you want to investigate further, it might be helpful to run debug for HSRP and see if it indiates anything. And of course opening a case with TAC is the ultimate way to find if it is a bug.
HTH
Rick
Similar Messages
-
"Bad Authentication" when pop or smtp with Verizon e-mail using Evolution
I'm using Evolution 3.2.3 as my e-mail client.
It's worked with literally every ISP and mail service other than Verizon.
I followed the instructions on the Verizon support e-mail client setup:
Incoming mail server (POP3): pop.verizon.net
Incoming Server Port Numbers: 995
Outgoing mail server (SMTP): smtp.verizon.net
Outgoing Server Port Numbers: 465 Why is this important?
Make sure SSL encryption is enabled for the incoming and outgoing mail server.
But if I try to receieve or send e-mail I always get a "Bad authentication response from server" error.
Has anyone ever got Evolution to work with Verizon?
I searched and it seemed to work up until the year 2013.For the sake of example, we are going to pretend that we are setting up fictional account "[email protected]" and the password for logging into that account in webmail is "fakepassword" - Again, this is a fictitious account for the sake of an example.
The settings for using Verizon's servers would be:
Incoming Server: pop.verizon.net
Server Requires Authentication: Yes
Username: fakeacct
Password: fakepassword
Requires a Secure Connection (SSL): Yes
Port: 995
Outgoing Server: smtp.verizon.net
Server Requires Authentication: Yes (You can set it to use the same settings as incoming, or manually enter the username and password.)
Requires a Secure Connection (SSL): Yes
Port: 465
If you are given the option anywhere for Secure Password Authentication (SPA), set it to No, Normal, Plain, etc. - This can also be listed as "Authentication type" in some clients.
These settings should work unless you have a Verizon/Yahoo account, in which case the server names are: incoming.yahoo.verizon.net -and- outgoing.yahoo.verizon.net
If all of that is set up and it's still not working, your best bet is to provide a screenshot of your settings (with personal information blocked/removed) and any errors you are getting.
If a forum member gives an answer you like, give them the Kudos they deserve. If a member gives you the answer to your question, mark the answer as Accepted Solution so others can see the solution to the problem.
"All knowledge is worth having." -
You can't create a class that inherites from CL_HRPAD00AUTH_CHECK_STD, because this class is already final.
It should be another way to implement a BADI that checks authentication without skipping system authentication.
Any ideas?Created as a seperate post from Badi - it is better to ask your own question than to respond to an old one.
matt -
ITunes U Posting Dies (Bad Authentication) When Updating Metadata
I've been trying to use the default iTunes U workflow to post recorded files to iTunes U. The upload of the files goes fine but for some reason when the pcast_post2iTunesU script gets to the bit about updating the metadata for the file I get "ERROR: pcast_updateiTunesU: Authentication to iTunes U failed." I'm positive this is part of the metadata section because I can comment it out and everything is peachy.
Obviously my credentials are correct because I can post the files. At first I had an issue with the timestamp (can't use time.apple.com to get the computer time), but again, the posting of files works so I have to believe I'm not that far off that it would always fail on the metadata part.
Anyone run into something similar?Answered my own question. Make sure you're using the main administrator credentials for your site. I had used a custom credential. Seems to work for uploading but not metadata.
-
Hi,
When putting a sniffer in our LAN "user division subnet" and I saw the HSRP password authentication.
Is there any things to do in our router to prevent this "not seeing the password authentication".
We use Catalyst 6500 with SUP2 running IOS 12.1.20.
Thanks
# sh run interface vlan xxxx
description JT2nd Remote Silo servers
ip address 10.206.14.252 255.255.254.0
standby 206 ip 10.206.14.1
standby 206 priority 254
standby 206 preempt
standby 206 authentication xxxxxxxHello
You have applied a clear text authentication , which allows users to sniff the passwords. Use MD5 authentication for maximum security. You need to have your IOS support this feature.
standby 206 authentication md5 key-string xxxxxx timeout 10
You can have more info about this in the following URL:
http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801a7a8a.html#wp1038760
Hope this helps.. all the best. rate replies if found useful.
Raj -
PHP external authentication issue
Trying to login to AFCS connection using external authentication.
PHP file generates a key correctly and everything seems to fine up until i get to using the key inside flex.
at the login stage i get the following error in the console trace from the library login call
As far as i can tell everything is right... how can i tell what is wrong with the authentication key?
AFCS Beta Build # : 1.1
requestInfo https://connectnow.acrobat.com/{roomname}?exx=eDp7dXRmOF9lbmNvZGUoZGFyaXVzKX06OmRtOmFnZW50ZG06aHR0cHM6Ly9jb25uZWN0bm93LmF jcm9iYXQuY29tL2hpaW50ZXJmYWNlL2RtOjEwMDo4N2NmNWUwMjIzZTVhMmFkYzI2MmY4MDVlNWJmMWVlM2Y4OTJlY 2Qx&mode=xml&x=0.2519759591668844
#THROWING ERROR# bad authentication keyThere are a few mistakes in the key. There is some PHP 'code' in it (wrong string expansion ?) and you are using a full URL instead of the room name.
If you want more details send me a private message, but you should check the way you call the get authentication token method. -
Problems logging in with authentication token.
I have a test application which creates a room from Java. It generates the auth token as follows.
String roomName = "dynamically_created_room1";
AccountManager collabAcctMngr = new AccountManager(CollaborationConstants.COLLABORATION_ACCT_URL);
collabAcctMngr.login(CollaborationConstants.COLLABORATION_ACCT_ID,CollaborationConstants. COLLABORATION_ACCT_PASSWORD);
collabAcctMngr.createRoom(roomName,true);//: Deletes the room on exit
Session collabSession = collabAcctMngr.getSession(roomName);
collabSession.secret = CollaborationConstants.COLLABORATION_ACCT_SHARED_SECRET;
String token = collabSession.getAuthenticationToken(CollaborationConstants.COLLABORATION_ACCT_SHARED_SEC RET,
"jeff-" + "-phelps","uid1",UserRoles.PUBLISHER);
log.info("token = " + token);
The room is created fine.
I then run my flex CollaborationTest application
<s:WindowedApplication xmlns:fx="http://ns.adobe.com/mxml/2009"
xmlns:s="library://ns.adobe.com/flex/spark"
xmlns:rtc="http://ns.adobe.com/rtc"
xmlns:mx="library://ns.adobe.com/flex/mx">
<fx:Declarations>
<!-- Place non-visual elements (e.g., services, value objects) here -->
<rtc:AdobeHSAuthenticator id="auth" userName="" password="" protocol="rtmfp" authenticationKey="{AUTH_KEY}"/>
<rtc:RoomSettings id="roomSettings" autoPromote="true" guestsMustKnock="false"/>
</fx:Declarations>
<fx:Script>
<![CDATA[
public const COLLABORATION_ACCT_URL:String = "https://collaboration.adobelivecycle.com/endlessmind";
public const AUTH_KEY:String ="exx=eDpqZWZmLS1waGVscHM6OmVuZGxlc3NtaW5kOnVpZDE6ZHluYW1pY2FsbHlfY3JlYXRlZF9yb29tMTo1MDo 0YTI4NmFjN2FkYzk4ZTI3YTZkNWYwMmVhYWE5ZTgwNzUwYjRiZjFl";
private var testRoomURL:String = "https://collaboration.adobelivecycle.com/endlessmind/dynamically_created_room1";
protected function button1_clickHandler(event:MouseEvent):void {
cSession.roomURL = testRoomURL;
cSession.login();
]]>
</fx:Script>
<mx:Panel title="Test the ability to log into a room with a authentication key">
<s:Button label="PUSH TO LOGIN" click="button1_clickHandler(event)"/>
<rtc:ConnectSessionContainer authenticator="{auth}" initialRoomSettings="{roomSettings}" id="cSession" width="100%"
height="100%" autoLogin="false" >
</rtc:ConnectSessionContainer>
</mx:Panel>
</s:WindowedApplication>
When I push the button to login, I received the following exception
requestInfo https://collaboration.adobelivecycle.com/endlessmind/dynamically_created_room1?exx=eDpqZWZ mLS1waGVscHM6OmVuZGxlc3NtaW5kOnVpZDE6ZHluYW1pY2FsbHlfY3JlYXRlZF9yb29tMTo1MDo0YTI4NmFjN2FkY zk4ZTI3YTZkNWYwMmVhYWE5ZTgwNzUwYjRiZjFl&mode=xml&x=0.6030149115249515
11:51:46 GMT-0600 #THROWING ERROR# bad authentication key
Error: Invalid username or password:Login again
at com.adobe.rtc.authentication::AbstractAuthenticator/onLoginFailure()[/Users/arun/Work/apo nnusa_theoden.corp.adobe.com_1666/depot/branches/connect/1104/cocomoPlayer10.1/src/com/ado be/rtc/authentication/AbstractAuthenticator.as:200]
at com.adobe.rtc.authentication::AbstractAuthenticator/onAuthorizationFailure()[/Users/arun/ Work/aponnusa_theoden.corp.adobe.com_1666/depot/branches/connect/1104/cocomoPlayer10.1/src /com/adobe/rtc/authentication/AbstractAuthenticator.as:215]
at com.adobe.rtc.session.sessionClasses::MeetingInfoService/onComplete()[/Users/arun/Work/ap onnusa_theoden.corp.adobe.com_1666/depot/branches/connect/1104/cocomoPlayer10.1/src/com/ad obe/rtc/session/sessionClasses/MeetingInfoService.as:331]
at flash.events::EventDispatcher/dispatchEventFunction()
at flash.events::EventDispatcher/dispatchEvent()
at flash.net::URLLoader/onComplete()
Any help is greatly appreciated.
Thanks.
JeffBarry,
I am not sure I understand the problem.
The way external authentication works is the following:
- you create a room (or you reuse an existing room)
- you create a session token by calling AccountManager.getSession().
- that session token will be valid for the next "run" of that room.
- if you call AccountManager.getSession() again, you will get the same session token back (it's still valid). You can call AccountManager.invalidateSession() to make that session token invalid and give you a new one next time you call getSession()
- if a user enters the room the rooms becomes "active" and the session "countdown" starts (actually there is no session countdown. Your session token will be valid until current session ends).
- if a user exits the room, after a few minutes the room will become "inactive". At that point the session is considered terminated and the authentication session token is invalidated (deleted).
- if at this point a user tries to enter the room again with an old session token it will receive an error (cannot login)
I don't know how the behaviour you see matches this but here is a couple of suggestion:
- try to call getSession() every time you need a new authentication token. This is an overkill but if it works it may explain part of your problem (you cache session tokens and don't dispose them correctly when a room ends).
- if you are using external authentication and get a login error, go back to your server and get another authentication token (this may require calling getSession() to make sure you are getting a token for the current session).
Again, if everything was correct and you had full control of when rooms starts and end (i.e. you are monitoring the rooms via the server-to-server hooks) you should be able to create a session token once and reuse it until the room ends. -
Tacacs do not function in Nexus 5000
Dear Mister
By someone reason, the Tacas is not functioning in my Nexus 5000. I am using the next configuration :
tacacs-server key 7 "0310551D121F2D595D"
ip tacacs source-interface Vlan5
tacacs-server host 10.20.2.80
tacacs-server host 10.20.16.138
aaa group server tacacs+ TACSERVER
server 10.20.2.80
server 10.20.16.138
source-interface Vlan5
use-vrf default
aaa authentication login default group TACSERVER
no aaa user default-role
aaa authentication login error-enable
tacacs-server directed-request
I did a telnet to port 49, in address , and is functioning. That discard a Security problem (FW, ACL, etc).
When I do the test, nothing is showed in the Tacacs Logs Server.
The log messages are the next:
2012 Aug 22 15:54:45 NITE1 %TACACS-3-TACACS_ERROR_MESSAGE: received bad authentication packet from 10.20.2.80
2012 Aug 22 15:54:45 NITE1 %TACACS-3-TACACS_ERROR_MESSAGE: All servers failed to respond
2012 Aug 22 15:54:48 NITE1 %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for user GPALAVE from 10.20.2.80 - login[3087]
The problem is very strange.
I need help.
Best regardsYou config looks fine. Can you ping from VLAN5 to TACACS+? Also, did you add VLAN5's IP address to your TACACS+.
Regards,
jerry -
Tacacs not working for 3 new 5508 WLC's...working fine for 6 old 4400 WLC's.
before 7.116 code upgrade...I remember 5508 was working on and off and now they are not.
Same configs on SW, WLC and ACS.
Debug on WLC gives..below message when Tacacs is attempted..
*aaaQueueReader: Oct 25 09:20:41.700: tplus_processAuthRequest: memory alloc failed for tplus
Any pointers for troubleshooting? Not sure why statistics show zero...?? Radius is working for users.
(wlc03) >show tacacs auth statistics
Authentication Servers:
Server Index..................................... 1
Server Address................................... 10.3.121.21
Msg Round Trip Time.............................. 0 (msec)
First Requests................................... 0
Retry Requests................................... 0
Accept Responses................................. 0
Reject Responses................................. 0
Error Responses.................................. 0
Restart Responses................................ 0
Follow Responses................................. 0
GetData Responses................................ 0
Encrypt no secret Responses...................... 0
Challenge Responses.............................. 0
Malformed Msgs................................... 0
Bad Authenticator Msgs........................... 0
Timeout Requests................................. 0
Unknowntype Msgs................................. 0
Other Drops...................................... 0
Server Index..................................... 2
--More-- or (q)uit
Server Address................................... 10.3.121.22
Msg Round Trip Time.............................. 0 (msec)
First Requests................................... 0
Retry Requests................................... 0
Accept Responses................................. 0
Reject Responses................................. 0
Error Responses.................................. 0
Restart Responses................................ 0
Follow Responses................................. 0
GetData Responses................................ 0
Encrypt no secret Responses...................... 0
Challenge Responses.............................. 0
Malformed Msgs................................... 0
Bad Authenticator Msgs........................... 0
Timeout Requests................................. 0
Unknowntype Msgs................................. 0
Other Drops...................................... 0
(wlc03) >show tacacs summary
Authentication Servers
Idx Server Address Port State Tout
1 10.3.121.21 49 Enabled 5
2 10.3.121.22 49 Enabled 5
Authorization Servers
Idx Server Address Port State Tout
1 10.3.121.21 49 Enabled 30
2 10.3.121.22 49 Enabled 5
Accounting Servers
Idx Server Address Port State Tout
1 10.3.121.21 49 Enabled 5
We can ping the TACACS servers...>show memory statistics
System Memory Statistics:
Total System Memory............: 1028820992 bytes
Used System Memory.............: 458424320 bytes
Free System Memory.............: 570396672 bytes
Bytes allocated from RTOS......: 21939008 bytes
Chunks Free....................: 29 bytes
Number of mmapped regions......: 45
Total space in mmapped regions.: 212779008 bytes
Total allocated space..........: 12015112 bytes
Total non-inuse space..........: 9923896 bytes
Top-most releasable space......: 133800 bytes
Total allocated (incl mmap)....: 234718016 bytes
Total used (incl mmap).........: 224794120 bytes
Total free (incl mmap).........: 9923896 bytes
show buffers
Pool[00]: 16 byte chunks
chunks in pool: 50000
chunks in use: 19030
bytes in use: 304480
bytes requested: 90479 (214001 overhead bytes)
Pool[01]: 64 byte chunks
chunks in pool: 40000
chunks in use: 14519
bytes in use: 929216
bytes requested: 566395 (362821 overhead bytes)
Pool[02]: 128 byte chunks
chunks in pool: 20000
chunks in use: 7726
bytes in use: 988928
bytes requested: 672853 (316075 overhead bytes)
Pool[03]: 256 byte chunks
chunks in pool: 4000
chunks in use: 808
bytes in use: 206848
bytes requested: 154777 (52071 overhead bytes)
Pool[04]: 1024 byte chunks
--More-- or (q)uit
chunks in pool: 15300
chunks in use: 11645
bytes in use: 11924480
bytes requested: 4945714 (6978766 overhead bytes)
Pool[05]: 2048 byte chunks
chunks in pool: 1000
chunks in use: 189
bytes in use: 387072
bytes requested: 355272 (31800 overhead bytes)
Pool[06]: 4096 byte chunks
chunks in pool: 1000
chunks in use: 36
bytes in use: 147456
bytes requested: 102479 (44977 overhead bytes)
Raw Pool:
chunks in use: 186
bytes requested: 156052303
show process memory
Name Priority BytesInUse BlocksInUse Reaper
cslStoreManager (240/ 7) 0 0 ( 0/ 0)%
System Reset Task (240/ 7) 0 0 ( 0/ 0)%
reaperWatcher ( 3/ 96) 0 0 ( 0/ 0)% I
osapiReaper ( 10/ 94) 0 0 ( 0/ 0)% I
TempStatus (240/ 7) 424 1 ( 0/ 0)% I
pktDebugSocketTask (255/ 1) 0 0 ( 0/ 0)%
LICENSE AGENT (240/ 7) 2228 85 ( 0/ 0)% I
emWeb ( 7/ 95) 1235795 20743 ( 0/ 0)% T 300
webJavaTask (240/ 7) 0 0 ( 0/ 0)%
fmcHsTask (100/ 60) 0 0 ( 0/ 0)%
apstatEngineTask (240/ 7) 0 0 ( 0/ 0)%
rrcEngineTask (240/ 7) 0 0 ( 0/ 0)%
spectrumDataTask (255/ 1) 1614480 12 ( 0/ 0)%
spectrumNMSPTask (255/ 1) 28808 3 ( 0/ 0)%
wipsTask (240/ 7) 0 0 ( 0/ 0)%
tsmTask (255/ 1) 0 0 ( 0/ 0)%
cids-cl Task (240/ 7) 0 0 ( 0/ 0)%
ethoipSocketTask ( 7/ 95) 0 0 ( 0/ 0)%
ethoipOsapiMsgRcv (240/ 7) 0 0 ( 0/ 0)%
--More-- or (q)uit
envCtrollerStatus (240/ 7) 0 0 ( 0/ 0)%
rfidTask (240/ 7) 0 0 ( 0/ 0)%
idsTrackEventTask (239/ 8) 0 0 ( 0/ 0)%
DHCP Server (240/ 7) 0 0 ( 0/ 0)%
bcastReceiveTask (240/ 7) 0 0 ( 0/ 0)%
ProcessLoggingTask (240/ 7) 0 0 ( 0/ 0)%
CDP Main (240/ 7) 3100 13 ( 0/ 0)%
sntpMainTask (240/ 7) 0 0 ( 0/ 0)%
sntpReceiveTask (240/ 7) 0 0 ( 0/ 0)%
cdpSocketTask (240/ 7) 0 0 ( 0/ 0)%
grouping Task (255/ 1) 0 0 ( 0/ 0)%
dot11a (255/ 1) 63 3 ( 0/ 0)%
rrm Socket Task ( 1/ 97) 35024 1 ( 0/ 0)%
rrm Socket Task (255/ 1) 35024 1 ( 0/ 0)%
dot11a (255/ 1) 0 0 ( 0/ 0)%
grouping Task (255/ 1) 0 0 ( 0/ 0)%
dot11b (255/ 1) 105 5 ( 0/ 0)%
rrm Socket Task (255/ 1) 35024 1 ( 0/ 0)%
dot11b (255/ 1) 0 0 ( 0/ 0)%
rrm Socket Task (255/ 1) 35024 1 ( 0/ 0)%
apfPmkCacheTimer (240/ 7) 0 0 ( 0/ 0)%
Apf Guest (240/ 7) 0 0 ( 0/ 0)%
RLDP Schedule Task (240/ 7) 0 0 ( 0/ 0)%
--More-- or (q)uit
apfMsConnTask_5 (175/ 32) 0 0 ( 0/ 0)%
apfMsConnTask_4 (175/ 32) 0 0 ( 0/ 0)%
apfMsConnTask_6 (175/ 32) 0 0 ( 0/ 0)%
apfMsConnTask_7 (175/ 32) 0 0 ( 0/ 0)%
apfMsConnTask_3 (175/ 32) 0 0 ( 0/ 0)%
apfMsConnTask_2 (175/ 32) 0 0 ( 0/ 0)%
apfLbsTask (240/ 7) 0 0 ( 0/ 0)%
apfMsConnTask_0 (175/ 32) 0 0 ( 0/ 0)%
apfMsConnTask_1 (175/ 32) 0 0 ( 0/ 0)%
apfProbeThread (200/ 22) 0 0 ( 0/ 0)%
apfOrphanSocketTas (240/ 7) 0 0 ( 0/ 0)%
apfRogueDetectorTh (175/ 32) 0 0 ( 0/ 0)%
apfRogueTask (240/ 7) 0 0 ( 0/ 0)%
apfOpenDtlSocket (175/ 32) 0 0 ( 0/ 0)%
apfRLDP (175/ 32) 424 1 ( 0/ 0)%
apfRLDPRecv (175/ 32) 0 0 ( 0/ 0)%
apfReceiveTask (175/ 32) 0 0 ( 0/ 0)%
mmMfpTask (175/ 32) 0 0 ( 0/ 0)%
mmMobility (240/ 7) 1272 3 ( 0/ 0)%
mmSSHPeerRegister (240/ 7) 0 0 ( 0/ 0)%
mmListen (180/ 30) 99920 227 ( 0/ 0)%
tplusTransportThre (201/ 22) 0 0 ( 0/ 0)%
radiusCoASupportTr (201/ 22) 0 0 ( 0/ 0)%
--More-- or (q)uit
EAP Framework (240/ 7) 0 0 ( 0/ 0)%
aaaQueueReader (225/ 13) 3518 12 ( 0/ 0)%
radiusRFC3576Trans (201/ 22) 0 0 ( 0/ 0)%
radiusTransportThr (201/ 22) 0 0 ( 0/ 0)%
pemReceiveTask (240/ 7) 0 0 ( 0/ 0)%
iappSocketTask (240/ 7) 0 0 ( 0/ 0)%
ccxRmTask (230/ 11) 0 0 ( 0/ 0)%
ccxS69Task (240/ 7) 424 1 ( 0/ 0)%
ccxDiagTask (240/ 7) 0 0 ( 0/ 0)%
ccxL2RoamTask (240/ 7) 240424 3 ( 0/ 0)%
dot1xSocketTask (240/ 7) 0 0 ( 0/ 0)%
Dot1x_NW_MsgTask_7 (240/ 7) 0 0 ( 0/ 0)%
Dot1x_NW_MsgTask_6 (240/ 7) 0 0 ( 0/ 0)%
Dot1x_NW_MsgTask_2 (240/ 7) 0 0 ( 0/ 0)%
Dot1x_NW_MsgTask_3 (240/ 7) 0 0 ( 0/ 0)%
Dot1x_NW_MsgTask_4 (240/ 7) 0 0 ( 0/ 0)%
Dot1x_NW_MsgTask_5 (240/ 7) 0 0 ( 0/ 0)%
Dot1x_NW_MsgTask_1 (240/ 7) 0 0 ( 0/ 0)%
Dot1x_NW_MsgTask_0 (240/ 7) 424 1 ( 0/ 0)%
dot1xMsgTask (240/ 7) 0 0 ( 0/ 0)%
locpTxServerTask (220/ 15) 408 2 ( 0/ 0)%
locpRxServerTask (200/ 22) 428043 1961 ( 0/ 0)%
capwapSocketTask ( 72/ 70) 303104 148 ( 0/ 0)%
--More-- or (q)uit
spamApTask6 (118/ 53) 25929 63 ( 0/ 0)%
spamApTask7 ( 53/ 78) 24233 59 ( 0/ 0)%
spamApTask5 (118/ 53) 23445 61 ( 0/ 0)%
spamApTask4 (118/ 53) 23513 58 ( 0/ 0)%
spamApTask3 (118/ 53) 19569 48 ( 0/ 0)%
spamApTask2 ( 53/ 78) 23809 58 ( 0/ 0)%
spamApTask1 ( 53/ 78) 22961 56 ( 0/ 0)%
spamApTask0 ( 78/ 68) 39189 106 ( 0/ 0)%
spamReceiveTask (120/ 52) 2204024 252 ( 0/ 0)%
spamSocketTask ( 32/ 85) 0 0 ( 0/ 0)%
Image License brok (240/ 7) 0 0 ( 0/ 0)% I
Image License brok (240/ 7) 28 1 ( 0/ 0)% I
IPC Main Thread (240/ 7) 0 0 ( 0/ 0)% I
License Client Lib (240/ 7) 96 1 ( 0/ 0)% I
sshpmLscScepTask (100/ 60) 0 0 ( 0/ 0)%
License Client Lib (240/ 7) 96 1 ( 0/ 0)% I
sshpmLscTask (100/ 60) 25783 1739 ( 0/ 0)%
sshpmReceiveTask (175/ 32) 6697 66 ( 0/ 0)%
sshpmMainTask (100/ 60) 208440 358 ( 0/ 0)%
mfpKeyRefreshTask (255/ 1) 0 0 ( 0/ 0)%
mfpEventTask (255/ 1) 0 0 ( 0/ 0)%
mfpTrapForwardTask (255/ 1) 0 0 ( 0/ 0)%
clientTroubleShoot (100/ 60) 2841248 4 ( 0/ 0)%
--More-- or (q)uit
loggerMainTask (200/ 22) 0 0 ( 0/ 0)%
debugMainTask (200/ 22) 0 0 ( 0/ 0)%
dot3ad_lac_task (240/ 7) 32901 3 ( 0/ 0)%
gccp_t (240/ 7) 5864 5 ( 0/ 0)%
dot1dTimer (240/ 7) 0 0 ( 0/ 0)% T 300
dot1dRecv (250/ 3) 0 0 ( 0/ 0)%
uart_session (240/ 7) 0 0 ( 0/ 0)%
StatsTask (240/ 7) 0 0 ( 0/ 0)%
fdbTask (240/ 7) 0 0 ( 0/ 0)%
broffu_SocketRecei (100/ 60) 13 1 ( 0/ 0)%
SNMPProcMon (240/ 7) 0 0 ( 0/ 0)% T 300
RMONTask ( 71/ 71) 0 0 ( 0/ 0)% I
SNMPTask (240/ 7) 61089 1064 ( 0/ 0)%
DHCP Socket Task (240/ 7) 0 0 ( 0/ 0)%
DHCP Proxy Task (240/ 7) 0 0 ( 0/ 0)%
dhcpClientTimerTas (240/ 7) 0 0 ( 0/ 0)%
DHCP Client Task (240/ 7) 0 0 ( 0/ 0)% T 600
BootP (240/ 7) 0 0 ( 0/ 0)% T 300
TransferTask (240/ 7) 848 2 ( 0/ 0)% I
osapiTimer (100/ 60) 13024 2 ( 0/ 0)% T 300
nim_t (100/ 60) 2447 3 ( 0/ 0)%
dtlArpTask ( 7/ 95) 98436 3 ( 0/ 0)%
dtlTask (100/ 60) 41089 20 ( 0/ 0)%
--More-- or (q)uit
dtlDataLowTask ( 7/ 95) 0 0 ( 0/ 0)%
sysapiprintf (240/ 7) 22657 3 ( 0/ 0)%
osapiBsnTimer ( 95/ 62) 0 0 ( 0/ 0)%
fp_main_task (240/ 7) 153068796 26868 ( 0/ 0)% -
DDNS: DDNS has been disabled........Need help figuring out error message
Already set up nannycam (Cisco WVC80N). Fowarding connection from port 80 to 1024 on router which is same as camera port. Have populated all necessary fields (email, TZO Key and domain name. Received Routers External IP Address, however when saved I receive following error message:
DDNS has been disabled
Bad Authentication - Username or Password - check setting and try again
I cant remotely connect to camera's server via my domain.
Help!!!What is the model number of your wireless router?
Open the setup page of the camera. Go to 'Options ' in the left panel. Enable the Alternate web port and port 1024. Save the settings. Make sure that you have entered the correct TZO settings.
Now open the port 1024 on your router for the IP address of the camera.
Check the Internet IP address on the router. Who is your Internet service provider? -
Nexus 6004 EIGRP Relationship between the two switches
Hi All,
I will try to explain this as best as I can. In our current TEST LAB we have a Pair of Cisco ASA5585x running in Active/Passive mode. We use a VRF transit to connect the 10 GB interface to a Pair of Cisco Nexus 6004 (L3) switches running vPC between them. Downstream we also have a pair of Cisco 9372 switches (L2) also running vPC between the two.
As of right now we have EIGRP neighbor relationship formed between the two N6K's and the ASA.
ASA
ciscoasa# sh eigrp neighbors
EIGRP-IPv4 neighbors for process 100
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 172.16.230.9 Te0/8.451 12 01:30:25 1 200 0 52
0 172.16.230.10 Te0/8.451 12 01:30:25 1 200 0 48
The ASA formed relationship with both N6K's
SWITCH1
Nexus6-1# sh ip eigrp neighbors vrf inside
IP-EIGRP neighbors for process 100 VRF Inside
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 172.16.8.3 Vlan680 11 01:28:28 1 50 0 45
1 172.16.230.10 Vlan451 13 01:28:28 1 50 0 46
2 172.16.230.11 Vlan451 10 01:28:00 4 50 0 13
Nexus6-1#
SWITCH2
Nexus6-2# sh ip eigrp neighbors vrf Inside
IP-EIGRP neighbors for process 100 VRF Inside
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
2 172.16.8.2 Vlan680 14 01:30:11 23 138 0 48
0 172.16.230.9 Vlan451 13 01:30:11 480 2880 0 50
1 172.16.230.11 Vlan451 13 01:29:48 1598 5000 0 13
Nexus6-2#
Both Nexus Switches formed EIGRP neighbors using the vPC Peer-Link. There is enough documentation out there that strongly suggest not to use vPC Peer-Links for EIGRP anything.
We do have additional interfaces available on the 6K's that we can use as a cross connect for EIGRP. What we are having trouble understanding how we can force EIGRP traffic over those ports?
Here is a complete Switch config:
Switch1
Nexus6-1# sh run
feature telnet
cfs eth distribute
feature eigrp
feature interface-vlan
feature lacp
feature vpc
feature lldp
vlan 1
vlan 451
name P2P_VRF_SVI
vlan 652
name Management
vlan 680
name Inside
vrf context Inside
vrf context management
ip route 0.0.0.0/0 172.16.52.1
vrf context peer-keepalive
vpc domain 99
role priority 1
peer-keepalive destination 10.200.50.2 source 10.200.50.1 vrf peer-keepalive
delay restore 120
interface Vlan1
interface Vlan451
description Inside p2p to ASA
no shutdown
vrf member Inside
ip address 172.16.230.9/29
ip router eigrp 100
no ip passive-interface eigrp 100
interface Vlan651
interface Vlan680
description Inside Network
no shutdown
vrf member Inside
ip address 172.16.8.2/22
ip router eigrp 100
interface port-channel99
switchport mode trunk
spanning-tree port type network
vpc peer-link
interface port-channel102
switchport mode trunk
vpc 102
interface Ethernet1/1
description vPC Peer Link 1.1
switchport mode trunk
speed auto
channel-group 99
interface Ethernet1/6
interface Ethernet1/7
description vPC Peer Link 1.7 to Nexus 9372 PRI
switchport mode trunk
speed auto
channel-group 102 mode active
interface Ethernet1/8
interface Ethernet1/9
interface Ethernet2/1
description vPC Peer Link 2.1
switchport mode trunk
speed auto
channel-group 99
interface Ethernet2/2
interface Ethernet2/7
description vPC Peer Link 2.1 to Nexus SEC
switchport mode trunk
speed auto
channel-group 102 mode active
interface Ethernet2/8
interface Ethernet8/1
description keep-alive peer-link to ALNSWI02
no switchport
vrf member peer-keepalive
ip address 10.200.50.1/30
interface Ethernet8/2
description Uplink to ASA
switchport mode trunk
interface Ethernet8/3
interface mgmt0
vrf member management
ip address 172.16.52.3/23
line console
line vty
boot kickstart bootflash:/n6000-uk9-kickstart.7.0.1.N1.1.bin
boot system bootflash:/n6000-uk9.7.0.1.N1.1.bin
router eigrp 100
passive-interface default
default-information originate
vrf Inside
autonomous-system 100
default-information originate
poap transit
Nexus6-1#
Nexus6-1# sh ip eigrp neighbors vrf inside
IP-EIGRP neighbors for process 100 VRF Inside
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 172.16.8.3 Vlan680 11 01:28:28 1 50 0 45
1 172.16.230.10 Vlan451 13 01:28:28 1 50 0 46
2 172.16.230.11 Vlan451 10 01:28:00 4 50 0 13
Nexus6-1#
Nexus6-1# sh ip eigrp topology vrf Inside
IP-EIGRP Topology Table for AS(100)/ID(172.16.8.2) VRF Inside
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 172.16.8.0/22, 1 successors, FD is 2816
via Connected, Vlan680
P 172.16.230.8/29, 1 successors, FD is 2816
via Connected, Vlan451
Nexus6-1# sh vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 99
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : primary
Number of vPCs configured : 1
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Disabled
vPC Peer-link status
id Port Status Active vlans
1 Po99 up 1,451,652,680
vPC status
id Port Status Consistency Reason Active vlans
102 Po102 up success success 1,451,652,6
80
Nexus6-1# sh spanning-tree
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32769
Address 1005.caf5.88ff
Cost 2
Port 4197 (port-channel102)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 8c60.4f2d.2ffc
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po99 Desg FWD 1 128.4194 (vPC peer-link) Network P2p
Po102 Root FWD 1 128.4197 (vPC) P2p
Eth8/2 Desg FWD 2 128.1026 P2p
Eth8/3 Desg FWD 2 128.1027 P2p
VLAN0451
Spanning tree enabled protocol rstp
Root ID Priority 33219
Address 8c60.4f2d.2ffc
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 33219 (priority 32768 sys-id-ext 451)
Address 8c60.4f2d.2ffc
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po99 Desg FWD 1 128.4194 (vPC peer-link) Network P2p
Po102 Desg FWD 1 128.4197 (vPC) P2p
Eth8/2 Desg FWD 2 128.1026 P2p
VLAN0652
Spanning tree enabled protocol rstp
Root ID Priority 33420
Address 1005.caf5.88ff
Cost 2
Port 4197 (port-channel102)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 33420 (priority 32768 sys-id-ext 652)
Address 8c60.4f2d.2ffc
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po99 Desg FWD 1 128.4194 (vPC peer-link) Network P2p
Po102 Root FWD 1 128.4197 (vPC) P2p
Eth8/2 Desg FWD 2 128.1026 P2p
VLAN0680
Spanning tree enabled protocol rstp
Root ID Priority 33448
Address 1005.caf5.88ff
Cost 2
Port 4197 (port-channel102)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 33448 (priority 32768 sys-id-ext 680)
Address 8c60.4f2d.2ffc
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po99 Desg FWD 1 128.4194 (vPC peer-link) Network P2p
Po102 Root FWD 1 128.4197 (vPC) P2p
Eth8/2 Desg FWD 2 128.1026 P2p
Nexus6-1#
Switch2
Nexus6-2# sh run
!Command: show running-config
!Time: Sat Feb 12 19:02:44 2011
version 7.0(1)N1(1)
hostname Nexus6-2
feature telnet
cfs eth distribute
feature eigrp
feature interface-vlan
feature lacp
feature vpc
feature lldp
vlan 1
vlan 451
name P2P_VRF_SVI
vlan 652
name Management
vlan 680
name Inside
vrf context Inside
vrf context P2P_Inside_VRF
vrf context management
ip route 0.0.0.0/0 172.16.52.1
vrf context peer-keepalive
vpc domain 99
role priority 2
peer-keepalive destination 10.200.50.1 source 10.200.50.2 vrf peer-keepalive
delay restore 120
interface Vlan1
interface Vlan451
description Inside p2p to ASA
no shutdown
vrf member Inside
ip address 172.16.230.10/29
ip router eigrp 100
no ip passive-interface eigrp 100
interface Vlan680
description Inside Network
no shutdown
vrf member Inside
ip address 172.16.8.3/22
ip router eigrp 100
interface port-channel99
switchport mode trunk
spanning-tree port type network
vpc peer-link
interface port-channel102
switchport mode trunk
vpc 102
interface Ethernet1/1
description vPC Peer Link 1.1
switchport mode trunk
speed auto
channel-group 99
interface Ethernet1/2
interface Ethernet1/6
interface Ethernet1/7
description vPC Link 1.7 to Nexus 9372 SEC
switchport mode trunk
speed auto
channel-group 102 mode active
interface Ethernet1/8
interface Ethernet1/12
interface Ethernet2/1
description vPC Peer Link 2.1
switchport mode trunk
speed auto
channel-group 99
interface Ethernet2/2
interface Ethernet2/6
interface Ethernet2/7
description vPC Link 2.1 to Nexus PRI
switchport mode trunk
speed auto
channel-group 102 mode active
interface Ethernet2/8
interface Ethernet2/12
interface Ethernet8/1
description keep-alive peer-link to ALNSWI01
no switchport
vrf member peer-keepalive
ip address 10.200.50.2/30
interface Ethernet8/2
description Uplink to ASA
switchport mode trunk
switchport trunk allowed vlan 1,451,652,680
interface Ethernet8/3
interface Ethernet8/20
interface mgmt0
vrf member management
ip address 172.16.52.4/23
line console
line vty
boot kickstart bootflash:/n6000-uk9-kickstart.7.0.1.N1.1.bin
boot system bootflash:/n6000-uk9.7.0.1.N1.1.bin
router eigrp 100
vrf Inside
autonomous-system 100
default-information originate
poap transit
logging logfile messages 6
Nexus6-2#
Nexus6-2#
Nexus6-2# sh ip eigrp neighbors vrf Inside
IP-EIGRP neighbors for process 100 VRF Inside
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
2 172.16.8.2 Vlan680 14 01:30:11 23 138 0 48
0 172.16.230.9 Vlan451 13 01:30:11 480 2880 0 50
1 172.16.230.11 Vlan451 13 01:29:48 1598 5000 0 13
Nexus6-2#
Nexus6-2# sh ip eigrp topology vrf Inside
IP-EIGRP Topology Table for AS(100)/ID(172.16.8.3) VRF Inside
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 172.16.8.0/22, 1 successors, FD is 2816
via Connected, Vlan680
P 172.16.230.8/29, 1 successors, FD is 2816
via Connected, Vlan451
Nexus6-2#
Nexus6-2#
Nexus6-2# sh vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 99
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : secondary
Number of vPCs configured : 1
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Disabled
vPC Peer-link status
id Port Status Active vlans
1 Po99 up 1,451,652,680
vPC status
id Port Status Consistency Reason Active vlans
102 Po102 up success success 1,451,652,6
80
Nexus6-2#
Nexus6-2#
Nexus6-2# sh spanning-tree
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32769
Address 1005.caf5.88ff
Cost 3
Port 4194 (port-channel99)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 8c60.4f2d.777c
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po99 Root FWD 1 128.4194 (vPC peer-link) Network P2p
Po102 Root FWD 1 128.4197 (vPC) P2p
Eth8/2 Desg FWD 2 128.1026 P2p
Eth8/3 Desg FWD 2 128.1027 P2p
VLAN0451
Spanning tree enabled protocol rstp
Root ID Priority 33219
Address 8cJon,
Are you ready for the mass confusion?
when Looking at the ASA EIGRP neighbors output here is what I see.
ASA# sh eigrp neighbors
EIGRP-IPv4 neighbors for process 100
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
3 172.16.230.1 Te0/8.450 13 16:45:14 1 200 0 64
2 172.16.230.2 Te0/8.450 11 16:45:14 1 200 0 84
1 172.16.230.10 Te0/8.451 11 16:45:20 1 200 0 178
0 172.16.230.9 Te0/8.451 13 16:45:20 1 200 0 148
For simplicity sake lets just concetrate on Interface TenGigabit0/8.451 which is the SVI on the Nexus switch that is VLAN451
From the Nexus Switch 6004 that is directly connected to the ASA here is what I see
SWI01# sh ip eigrp neighbors vrf Inside
IP-EIGRP neighbors for process 100 VRF Inside
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 172.16.8.3 Vlan680 10 17:04:30 54 324 0 177
1 172.16.230.10 Vlan451 11 16:59:10 819 4914 0 178
2 172.16.230.11 Vlan451 14 16:53:48 24 144 0 20
The Inside VRF that is tied to both SVI's on the Switch vlans 451 and 680 is in EIGRP 100 on the switch
SWI01# sh run int vlan 451
interface Vlan451
description Inside p2p to ASA
no shutdown
vrf member Inside
ip address 172.16.230.9/29
ip router eigrp 100
no ip passive-interface eigrp 100
SWI01# sh run int vlan 680
interface Vlan680
description Inside Network
no shutdown
vrf member Inside
ip address 172.16.8.2/22
ip router eigrp 100
hsrp 1
authentication text test
preempt
priority 250
ip 172.16.8.1
so you with me so far?
If you are you have noticed that on the ASA neighbors the ASA sees 172.16.230.11 as a neighbor which is the Secondary Nexus SW. That is becauise they all share the same subnet.
172.16.230.8/29
Brakedown:
PRI Nexus 6004 - 172.16.230.9
SEC NEXUS 6004 - 172.16.230.10
PRI ASA 5585x - 172.16.230.11
SEC ASA 5585x - 172.16.230.12
Because the ASA EIGRP network is a /29 it learns the Secondary Nexus via the Primary Nexus.
I am not sure that the link we created between the two Nexus Switches is doing anything but consuming ports right now.
SWI01# sh run int ethernet 8/9
interface Ethernet8/9
description EIGRP PORT to Secondary Nexus
switchport mode trunk
switchport trunk allowed vlan 450-451
SWI02# sh run int ethernet 8/9
interface Ethernet8/9
description EIGRP PORT to Primary Nexus
switchport mode trunk
switchport trunk allowed vlan 450-451
So the SVI's that go up to the ASA for inspection are 450 and 451. The network SVI's are 600 and 680 all of them live on the switch, and 680, and 600 are extended over the peer links down to the 9372's.
I think that we are breaking the golden rule of vPC BUT.. I am not 100% sure. Some of the documents read that we should not be allowing network vlans over peer links, but then how do you extend the vlans down to the leaf switch?
This is giving me nightmares at the moment…
does this make sense? -
Issue with calling an external web service using web service proxy
Hi,
I've created several web services using JDeveloper succesfully in the past, however I'm getting an issue with one that was working ok previously. Have spoken to the developers of the external web service and they say they haven't changed anything. Also if I test the external web service through soapUI for example it seems fine so it would seem that the issue is with the autogenerated code created by JDeveloper.
Basically I get the following exception as it sends the request to the external service:
java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: Bad Authentication header format: 'Basic realm="Integration Server" encoding="UTF-8"'
Expected "," at position 33
The user name/password appear correct.
JDev version 10.1.3.42.70
Any ideas?
Many Thanks
Gary
Edited by: user10916721 on 08-May-2012 09:54Found the answer. Basically I had one proxy web service working and one not both linking to a middle tier written in web methods. THe issue actually ended up being with the web methods code in that the one web service (that was not working) was put together using a backwards compatability mode. Once this was switched back then started working again in JDev.
-
We are in the process of integrating ISE into our WLC and are planning on implementing HReap (Flexconnect) local switching. We have setup the ISE server as a Radius entry in the WLC and added WLC to ISE, same shared secret. We have a test SSID configured on the WLC and it is using the entry to ISE for AAA. We have used "none" for layer 2 security as well as WPA.......but we never see any activity on the ISE server. Also from the WLC if we do a show radius auth stat there doesn't appear to be any traffic sent from the WLC to ISE.
(Cisco Controller) >show radius auth sta
Authentication Servers:
<Output Ommited>
Server Index..................................... 4
Server Address................................... IP ADDRESS OF ISE
Msg Round Trip Time.............................. 0 (msec)
First Requests................................... 0
Retry Requests................................... 0
Accept Responses................................. 0
Reject Responses................................. 0
Challenge Responses.............................. 0
Malformed Msgs................................... 0
Bad Authenticator Msgs........................... 0
Pending Requests................................. 0
Timeout Requests................................. 0
Unknowntype Msgs................................. 0
Other Drops...................................... 0
We have integrated ISE with swtich and ASA and have always been able to get some activity on the ISE authentication monitor.
Thanks,
JoeWireless will not do dACLs with or without FlexConnect. In centrally switched networks you can use Named ACLs which are differnt than dACLs.
But you are correct with FlexConnect (pre-7.5*) you can use FlexConnect ACLs tied to the VLAN. Then you can use ISE to set the VLAN.
*As of 7.5 version of code you can now user named ACLs on Locally Switched users, but it is still a named ACL and not a dACL.
From the release notes
In the earlier releases, you could have a per client access control list (ACL) in a centrally switched traffic. In this release, this feature has been enhanced to support ACL for local switching traffic with both central and local authentication. Client ACL is returned from AAA on successful client Layer 2 authentication as part of Airespace RADIUS attributes. As the Airespace RADIUS attribute is an ACL name, the ACL must be already present on the FlexConnect AP.
In downstream traffic, VLAN ACL is applied first and then the client ACL is applied. In upstream traffic, the client ACL is applied first and then the VLAN ACL is applied.
There are some other limitations when using FlexConnect that you should be aware about.
This guide will show you how to use Centrally Authenticated with Locally Switched
http://www.cisco.com/en/US/products/ps11640/products_configuration_example09186a0080c090eb.shtml
This document will show you the feature matrix for ISE and FlexConnect
http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080b3690b.shtml
If you are using Active Directory I would recommend against using LDAP because there are more features when using the native AD integration. If you not using AD then the issue with the Secure LDAP is probably related to the CA certificate not being installed correctly. -
Groupwise Mobile Issue - multiple SOAP Ports
Hi All,
I'm having an issue with Groupwise Mobile.
I've got multiple POAs hosted on the same server (using different ports), and GMS can only access one of them. The one that it can access is using the standard 7191 SOAP port.
Is there a trick to get mail to pass across another port? Users can authenticate, but synchronization doesn't work.
Thanks,
MattOriginally Posted by mikebell90
There used to be a known issue with soap that if you had multiple poas
on the same ip, you could only access one
It seems to be working now. But I'm not sure how I fixed it.
To complicate things, I think I was suffering from two separate issues that presented themselves as one problem.
One of the changes I made was to install GWM as a trusted app, rather than using user based authentication. This seemed to help GWM access POAs with SOAP ports other than 7191.
The other "issue" I had seemed to "heal" itself. The user account I was using to troubleshoot this showed up with the following message in it's inbox:
Syncing resumed - password resupplied
Your password was resupplied, and Intellisync Mobile Suite is now syncing normally again
...so I'm assuming that GWM was caching bad authentication data. I just couldn't seem to get this data to flush out, even after deleting and re-adding the user in GWM, cycling services, and rebooting servers. -
Hi,
I am new to Flex and Flex Mobile development and I wanted to follow the tutorial on "Build Your First Mobile Flex Application: Twitter Trends" by Narciso Jaramillo. But I am stuck at Exercise 3. Connect the trends view to data. I keep getting this error
There was an error while invoking the operation. Check your operation inputs and try invoking the operation again.
Response Received:
{"errors":[{"message":"Bad Authentication data","code":215}]}
I am using flash builder 4.6 and the Flex 4.6.0 SDK. I would appreciate some help on the Twitter API. Thanks.Hi,
Unfortunately, I was not able to get this resolved.
I have an iPhone, so was unable to install the .apk file on my device.
I was merely trying to vet this capability, so didn't actually spend a lot of time trying to resolve it. I suspect it does have something to do with my company's proxy server, so would like to know how Flashbuilder can be configured to use a proxy server when trying to connect to external URL's.
Sorry I couldn't help.
Todd
Maybe you are looking for
-
UK Pension Auto Enrolment: minimum contribution per month vs year
Hi all, just interested to know how you are dealing with cases, where the pensionable pay doesn't include the same variable payments as the legal qualifying earnings do, but due to higher percentages or no lower limit, the minumim threshold is still
-
Import of "image sequence" grays out when you select multiple jpg in Premier CC
It worked jus fine untill a few days ago after the CC update. I even reset the number sequencing on my camera to try a test set of picture. no matter what I do the "image sequence" check box grays out as soon as i click on multiple jpgs. any one eve
-
Is it bad that i keep opening and closing the display a lot?
-title-
-
Mini Player Not Remembering Position
I like to keep the iTunes mini-player in the lower right-hand corner of my screen, and until today it would always remember that position when I clicked the zoom button. Now, every time I click the zoom to go to the mini-player, it centers it on the
-
NB205 wont turn on - Please help
I found this thread posted in September. My problem is the same as these people: http://laptopforums.toshiba.com/t5/Batteries-and-Power/A205-S5804-Will-not-turn-on-power-and-battery... No useful support has been offered for his question yet so I post