IDSM redundancy

I have two 6500 core switches in failover (HSRP) config. Both switches have IDSM-2 modules.I have about 5 VLANs to monitor using IDSM in-line. Since IDSM has two interfaces to monitor trafic, I have to create 8 VLANs and do VLAN pairing in order to monitor these 4 VLANs.
What are the options available for me to have redundancy in case of one IDSM module failure ?

The IDSM will bridge the VLANS. The SVI is in one VLAN and the clients are in another. If the IDSM fails, mac/arp learning will not take place 'through' the failed IDSM. If there is a trunk between the two core switches, the MAC will be learnt via:
Access Sw >> Core2 >> Core1.
However all traffic would still continue to flow (albeit with an added l2-hop). This would need to be tested tough as it dependant on your particular setup and design.
There is no way to track multi-chassis IDSM-2 failure AFAIK. For the same chassis, you can use Etherchannel to load balance the two IDSMs. I'm not sure if VSS supports the modules yet (even tough I remember reading about blade support for VSS...but not sure which modules).
Regards
Farrukh

Similar Messages

  • IDSM-2 "redundancy" in a single chassis

    I understand how IDSM-2 redundancy could work having two 6500's...but what do you do when you are doing inline vlan pairs and the IDSM-2 fails and is no longer there to bridge the vlans together? How can the switch be setup to bridge the vlans in the event that the IDSM-2 fails?
    Also, instead of pairing all the vlans that have SVI's on the FWSM, could I just pair the FWSM's VLAN/SVI on the MSFC with another vlan and get the same effect as pairing all the vlans that are on the FWSM? Thanks.

    I havn't tried this inside a 6500 chassis, but this works externally:
    Set up your in-line sensors as multiple alternate paths connecting the two VLANs together and use spanning tree to assign one sensor path a higher STP cost. Once the primary sensor fails the traffic should re-route to the standby sensor. If you play with the STP settings you can get the switchover time down under a second.

  • Redundancy for single IDSM on two separate chassis

    Can EtherChannel protocol be used to provide active/standby redundancy for single IDSM on two different chassis.
    Rgds.

    From the given link, I understand that active/standby redundancy configuration is not possible for IDSM's on two different chassis. Only active/active is possible.
    Secondly, please let me know whether the below configuration is for two IDSM's within same chassis or across two separate chassis.
    intrusion-detection module 4 management-port access-vlan 100
    intrusion-detection module 5 management-port access-vlan 100
    intrusion-detection module 4 data-port 1 channel-group 5
    intrusion-detection module 4 data-port 2 channel-group 6
    intrusion-detection module 5 data-port 1 channel-group 5
    intrusion-detection module 5 data-port 2 channel-group 6
    intrusion-detection port-channel 5 trunk allowed-vlan 200-204,208
    intrusion-detection port-channel 5 trunk allowed-vlan 708
    intrusion-detection port-channel 5 autostate include
    intrusion-detection port-channel 5 portfast enable
    intrusion-detection port-channel 6 trunk allowed-vlan 260,280,400,401
    intrusion-detection port-channel 6 trunk allowed-vlan 111-114
    intrusion-detection port-channel 6 autostate include
    intrusion-detection port-channel 6 portfast enable
    Rgds.

  • IDSM-2 Redundancy

    How redundancy can be achieved with IDSM-2 blades installed in one or more switches. I have looked at the Cisco documents but could not find much on IDSM-2 redundancy features.

    Thanks Nadeem.
    Is the other IDSM required to be in the same Switch or it can be in other switch. What I am trying to understand is various level of redundancies that can be achieved with IDSM-2. In case if I have Switch A and B at one site for the purpose of redundancy (but traffic may flow from either), how can I achieve redundancy in IDSM2 by installing one in each switch while minimizing the duplicacy.
    Is there a Cisco document that discusses various deployment scenarios of IDSM2 in CAT routers.
    Thanks.

  • IDSM placement and redundancy question

    Hi, Does the IDSM-2 support any sort of redundancy protocol?
    I can't see anything in the config guide.
    If I wanted to place a redundant pair on the outside of a pair of firewalls, how would I manage the redundancy of them.
    My other question is, is it better to place the IDSM on the outside of external facing firewalls or on the inside?
    Many Thanks, Dom

    These are two IDSM-2s connected to slot four and give of the same chassis. We are running FWSM >> MSFC OUTSIDE setup. All InterVLAN traffic is evaluated first by the IDSM than by the FWSM. Users default gateway is the FWSM.
    Here you go:
    intrusion-detection module 4 management-port access-vlan 100
    intrusion-detection module 5 management-port access-vlan 100
    intrusion-detection module 4 data-port 1 channel-group 5
    intrusion-detection module 4 data-port 2 channel-group 6
    intrusion-detection module 5 data-port 1 channel-group 5
    intrusion-detection module 5 data-port 2 channel-group 6
    intrusion-detection port-channel 5 trunk allowed-vlan 200-204,208
    intrusion-detection port-channel 5 trunk allowed-vlan 708
    intrusion-detection port-channel 5 autostate include
    intrusion-detection port-channel 5 portfast enable
    intrusion-detection port-channel 6 trunk allowed-vlan 260,280,400,401
    intrusion-detection port-channel 6 trunk allowed-vlan 111-114
    intrusion-detection port-channel 6 autostate include
    intrusion-detection port-channel 6 portfast enable
    Regards
    Farrukh

  • IDSM in redundant switching environment

    I have two 6500 switches/routers trunked to each other serving various devices. The two switches are installed for the purpose of redundancy and same VLANs are configured on both. My question is related to deploying IDSM-2 blades in this environment. Can I just use single blade in one switch and still be able to monitor desired VLANs traffic through VACL or SPAN/VSPAN/RSPAN or do I need two IDSM blades; one in each switch. Has anyone deployed IDS in this environment and what are the benefits of deploying 2 (one is each) versus 1.

    RSPAN is generally the method of choice for these types of configurations.
    The packets from both switches can then be monitored by a single IDSM-2 in one switch.
    You can also provide some redundancy by placing a second IDSM-2 in the other switch, and have both IDSM-2s monitoring the exact same traffic (each IDSM-2 is monitoring packets from both switches).
    You will get duplicate alarms (one from each IDSM-2) when both are running, but it will ensure you do not miss any alarms if one of the switches should happen to go down for maintenance or power loss.
    There are other deployment options, but these depend on some specifics that you will need to analyze:
    Do you have assymmetric traffic?
    Quite often in these types of setups, both the switches are carrying traffic at the same time, and on occasion the client traffic will go through one switch, but the server response traffic will come through the other switch. For the IDSM-2 to properly track these connections it needs to see traffic from both switches. So if assymetric traffic patterns exist, then RSPAN needs to be used so both switches can be monitored by a single IDSM-2.
    If assymetric traffic does not exist, then the IDSM-2 does not need to monitor both switches.
    You could deploy an IDSM-2 in each switch. Then using either span or VACL Capture the IDSM-2 could monitor just the traffic flowing through the switch where it is located.
    What are the traffic rates?
    The IDSM-2 has an upper performance limitation of 600Mbps. If you are forced to use RSPAN because of assymteric traffic patterns, then you will only have the ability to monitor 600Mbps and must choose wisely what will be RSPANed to the IDSM-2.
    If you do not have assymetric patterns then you can at least use 2 IDSM-2s (one in each switch) and possibly more (see below).
    If the traffic being routed by the switch/msfc?
    If no traffic is being routed by the switch, and you do not have assymetric traffic patterns then you are in luck. This is the easiest deployment scenario. You can have multiple IDSM-2s in each switch. Each IDSM-2 would be configured to monitor one or more vlans using VACL Capture. The performance limitations are 600 Mbps times the numbers of IDSM-2s you purchase and can fit in the switch.
    If traffic is being routed, however. You once again run into a situation where a single IDSM-2 has to monitor all of the vlans in the switch (when using VACL Capture). There is an interaction between the routing features of the switch/msfc which force a single IDSM-2 (per switch if no assymetric traffic patterns) to be used to monitor all of the vlans in that switch.
    And you are now limited to the 600 Mbps limitation (or 2*600Mbps if you place one in each switch and there are no assymetric traffic patterns).

  • IPS mode with IDSM-2 module on Cat6K

    Hi,
    I have installed the IDSM-2 module on the Catalyst 6509 switch, now I was refering to the configuration guide for IPS 6.0 there are multiple modes I can configure like inline, inline vlan pair, Promiscuous & vlan group mode.. so I'm thinking which one would be the best solution...
    The catalyst 6509 is acting as the CORE/Distribution with multiple Vlan's (around 20 vlans) configured, and customer wants the IPS to be deployed in such a way that it covers the traffic from all the vlans..
    Also note that there is a redundant Cat6509 switch which also has got the IDSM-2 module installed, so can these both IDSM-2 modules be installed in active/standby or active/active combination...
    can someone through some lights on the same please...
    Regards
    Vijay.

    A sensor can enter bypass mode for several reasons, including, but not limited to:
    1) Analysis Engine reconfiguration
    2) Global  Correlation updates
    3) Daily Signature DB self purg
    4) sensorApp failure
    Most of these reasons are benign. I have written Supportability Enhancement CSCtg69012 so that each bypass log will show the reason for entering bypass mode.
    The bug is available via the CCO Bug Toolkit: http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs.
    You may review the bug and click on the "Save Bug" button at the bottom of the page to receive email updates as changes are made to the bug's state.
    To fully diagnose your issue, I suggest opening a TAC case where we will request a "show tech," including debug level logs. This will allow us to see what is triggering the sensor to enter bypass mode.
    Thank you,
    Blayne Dreier
    Cisco TAC IDS Team
    **Please check out our Podcast**
    TAC Security Show: http://www.cisco.com/go/tacsecuritypodcast

  • IDSM with inline pairs causing mac move

    Hello,
    I´ve just added the IDSM-2 blades on a 6500 and configured it but it did not work as I planned.
    This picture is a little scale what I tried to do, actually I had more vlans on the inspection. 
    I have 2 cores and a portchannel trunk in between them and for redundancy I´m using HSRP as the config shows.
    After I congfigured I´ve got these msgs and I could not figure out how to stop it:
    Core1
    %MAC_MOVE-SP-4-NOTIF: Host 001a.a2e4.e800 in vlan 6 is flapping between port Gi6/d1 and port Po1
    %MAC_MOVE-SP-4-NOTIF: Host 001a.a2e4.e800 in vlan 7 is flapping between port Gi6/d1 and port Po1
    MAC 001a.a2e4.e800 is from Core2
    Core2
    %MAC_MOVE-SP-4-NOTIF: Host 0022.557b.c340 in vlan 6 is flapping between port  and port Po1
    %MAC_MOVE-SP-4-NOTIF: Host 0022.557b.c340 in vlan 7 is flapping between port Po1 and port
    Mac 0022.557b.c340 is from Core1
    There was only one VLAN pair that did not have this problem, which was the VLAN L2 for the ISP router and the VLAN Outside for the FWSM . It also was the only VLAN that did not have HSRP working, I dont know if it has something to do.
    The Core 1 is the STP Root with priority of Zero and the Core 2 is the Backup Root with priority 4096
    Any guesses ?

    I see this log message frequently when using a switch to feed an IPS sensor if the same Ethernet frame is entering the same VLAN on two different interfaces. I can;t tell how your traffic is flowing but I think you have the same issue.
    In my case it was not anything to worry about so I just ignored the messages.
    - Bob

  • Configuring 6513 Redundancy

    i have two 6513 switches. each has 2 supervisor engines ( with msfc), a fwsm, idsm, nam, and 2 gigabit ethernet modules. One of them has been fully configured with redundancy btw the sup engines (using the high availability option) and the msfcs (using hsrp). How do i configure the second one such that the 2 switches will both be on the network and provide full redundancy btw them

    Hi K.Adepetu,
    Yo have redundancy between the 2 sups in single chassis there are many ways but 2 have redundancy between 2 completely different chassis has only one way which is HSRP.
    So better idea will be to have SRM (Single Router Node) redundancy between the 2 sups in same chassis in this case one 1 sup will be active and if something happen to the active sup the 2nd sup will take over.
    And configure HSRp between the sups in 2 different chassis so that if both the sup in same chassi go down the sup in second chassis will come up.
    I will give you to link to have a look at it closer
    http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_7_2/confg_gd/redund.htm#wp1058202
    This link wil lguide you how to configure 2 different chassi with 2 sup each for full redundancy.
    HTH
    Ankur

  • I am using Windows 8.1 i have an External Hard Disk and one drive is now inaccessible due to sudden power failure few days ago. Now it shows "Data error (Cyclic redundancy check)". I want all my important files and Pics. How ?

    Hi,
    I am using Windows 8.1
    I have an External Hard Disk i have partitioned it to 4 parts.
    One drive is now inaccessible due to sudden power failure while listening Music from that drive few days ago.
    Now it shows "Data error (Cyclic redundancy check)".
    I tried all the procedures provided here like
    chkdsk /f, diskpart, rescan etc
    but no result :( (i mean all processes failed. They could not detect the drive).
    Please help me to get those data, pictures and project files.
    thank you

    Then why aren't you posting this in the Windows 8 forums found @
    http://social.technet.microsoft.com/Forums/windows/en-US/home?category=w8itpro
    This is a Windows 7 forum for discussion about Windows 7.
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”

  • Data error (cyclic redundancy check) when installing windows xp..

    hi guys.. i'm new here.. just switched to macdom a few days ago but unfortunately, i have been having problems trying to install windows xp with sp 2 on my system using boot camp. everytime i install it, i get to the setup screen ("39 minutes till setup rah rah rah", "windows xp is awesome because it has this cool interface etc... rah rah rah") and then the error of doom comes out -_-
    the error given is;
    an eror has been encountered that prevents setup from continuing
    one of the components that windows needs to continue setup could not be installed
    data error (cyclic redundancy check)
    if you are installing from a cd, there might be a problem with the disc; try cleaning the disc or using another disc
    if you are installing from the network, it is possible that not all of the files were copied correctly to your disk drive. run the disk checking utility on your installation drive from the recovery console and start setup again
    press ok to view the setup log file
    i have tried numerous times without fail and it is getting to my head.. gah.. if someone could help me out, it would be massive and i would sell my soul to you! (kidding).. thanks for reading!
    p/s: my setup is;
    Macbook
    2.1ghz
    1gb ram
    120gb hard disk
    dvd/cd-rw combo drive
    the basic setup pretty much.. again.. any help would be greatly appreciated. thank you so much guys!

    I guess there is a problem with your XP CD, probably scratched or did not burn successfully. Have you tried it with another installation cd?

  • Recovery Window-Based Retention VS Redundancy-Based Retention

    Hi Experts,
    We'd like to know your take on the use of Recovery Window-Based Retention Policy e.g.
    RMAN> CONFIGURE RETENTION POLICY TO RECOVERY WINDOW OF 7 DAYS;against the use of Redundancy-Based Retention Policy, e.g.
    CONFIGURE RETENTION POLICY TO REDUNDANCY 7;Do you have any recommendations or preferences to which should be used? Is there a preferred method by oracle?
    We're currently setting up RMAN for a client that's using Oracle 11.1.0.7 standard edition, so is there a preference to what's better suited for the standard edition? The plan is to back up data to Disk, and this data will be then backed up to tape.
    Thanks

    REDUNDANCY 7 is 7 backups -- irrespective of the number of days.
    If you are running only 1 backup a day, you'd assume that it is equivalent to 7 days. However, if one day you run a backup twice, then the 7-day old backup becomes redundant ! If, the next day, you again run the backup twice, the 5-day old backup becomes redundant ! (Conversely, if you don't run a backup for 2 days, then even the 9 day old backup is not redundant !).
    So, be aware (or beware) that any adhoc backup runs or changes to the backup frequency would change your retention duration (and if this happens 6 months from now, the IT Manager / DBA onsite may not know that retention has changed !)
    Hemant K Chitae

  • Dot1x with port security and redundant radius servers

    I have a strange issue with my dot1x port authentication.  I have two radius servers configured in my switch for redundancy, and on my switchport I have a Cisco IP phone and a PC.  Testing redundnacy with the radius servers, when I have both servers active and running, the port authentication works fine for both phone and pc.  When I fail the radius servers in the configuration, by disconnecting the NIC on it, the switch goes to the surviving radius server and authenticates, (I can see it in the running log) both the phone and PC get an access-accept, but only the phone works on the network and the port light stays amber showing it's blocking for the pc.  Strange, since it showed an accept on the radius server.
    This only seems to happen when the first one on the list is failed.  When the second one is failed, it obviously won't need to try it, so there's not an issue.  Any ideas?
    Here's the setup and configs:
    freeradius 2.1.12-4
    cisco 3560
    Switch Ports Model              SW Version            SW Image                
    *    1 52    WS-C3560G-48PS     12.2(53)SE2           C3560-IPBASEK9-M 
    aaa new-model
    aaa authentication dot1x default group radius
    aaa authorization network default group radius
    interface GigabitEthernet0/1
    switchport access vlan 100
    switchport mode access
    switchport voice vlan 110
    authentication event no-response action authorize vlan 901
    authentication host-mode multi-domain
    authentication port-control auto
    authentication periodic
    authentication violation protect
    mab
    dot1x pae authenticator
    dot1x timeout quiet-period 10
    dot1x timeout tx-period 1
    no mdix auto
    spanning-tree portfast
    radius-server host 10.90.1.88 auth-port 1645 acct-port 1646 key 7 xxx
    radius-server host 10.90.1.85 auth-port 1645 acct-port 1646 key 7 xxx
    Here's an authentication string from the radius server:
    (there are two mac address.  The first one 00.13 is the PC and the second 30.37 is the phone)
    rad_recv: Access-Request packet from host 10.90.100.7 port 1645, id=204, length=160
    User-Name = "001372b639a6"
    User-Password = "001372b639a6"
    Service-Type = Call-Check
    Framed-MTU = 1500
    Called-Station-Id = "9C-AF-CA-23-D9-01"
    Calling-Station-Id = "00-13-72-B6-39-A6"
    Message-Authenticator = 0xfeef777a8033c24934306b3cce78c8f1
    NAS-Port-Type = Ethernet
    NAS-Port = 50001
    NAS-Port-Id = "GigabitEthernet0/1"
    NAS-IP-Address = 10.90.100.7
    Wed Sep 18 10:48:06 2013 : Info: # Executing section authorize from file /etc/raddb/sites-enabled/default
    Wed Sep 18 10:48:06 2013 : Info: +- entering group authorize {...}
    Wed Sep 18 10:48:06 2013 : Info: ++[preprocess] returns ok
    Wed Sep 18 10:48:06 2013 : Info: ++[chap] returns noop
    Wed Sep 18 10:48:06 2013 : Info: ++[mschap] returns noop
    Wed Sep 18 10:48:06 2013 : Info: ++[digest] returns noop
    Wed Sep 18 10:48:06 2013 : Info: [suffix] No '@' in User-Name = "001372b639a6", looking up realm NULL
    Wed Sep 18 10:48:06 2013 : Info: [suffix] No such realm "NULL"
    Wed Sep 18 10:48:06 2013 : Info: ++[suffix] returns noop
    Wed Sep 18 10:48:06 2013 : Info: [eap] No EAP-Message, not doing EAP
    Wed Sep 18 10:48:06 2013 : Info: ++[eap] returns noop
    Wed Sep 18 10:48:06 2013 : Info: [sql]           expand: %{User-Name} -> 001372b639a6
    Wed Sep 18 10:48:06 2013 : Info: [sql] sql_set_user escaped user --> '001372b639a6'
    Wed Sep 18 10:48:06 2013 : Debug: rlm_sql (sql): Reserving sql socket id: 3
    Wed Sep 18 10:48:06 2013 : Info: [sql]           expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '001372b639a6'           ORDER BY id
    Wed Sep 18 10:48:06 2013 : Debug: rlm_sql_mysql: query:  SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '001372b639a6'           ORDER BY id
    Wed Sep 18 10:48:06 2013 : Info: [sql] User found in radcheck table
    Wed Sep 18 10:48:06 2013 : Info: [sql]           expand: SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '001372b639a6'           ORDER BY id
    Wed Sep 18 10:48:06 2013 : Debug: rlm_sql_mysql: query:  SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '001372b639a6'           ORDER BY id
    Wed Sep 18 10:48:06 2013 : Info: [sql]           expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = '001372b639a6'           ORDER BY priority
    Wed Sep 18 10:48:06 2013 : Debug: rlm_sql_mysql: query:  SELECT groupname           FROM radusergroup           WHERE username = '001372b639a6'           ORDER BY priority
    Wed Sep 18 10:48:06 2013 : Debug: rlm_sql (sql): Released sql socket id: 3
    Wed Sep 18 10:48:06 2013 : Info: ++[sql] returns ok
    Wed Sep 18 10:48:06 2013 : Info: ++[expiration] returns noop
    Wed Sep 18 10:48:06 2013 : Info: ++[logintime] returns noop
    Wed Sep 18 10:48:06 2013 : Info: ++[pap] returns updated
    Wed Sep 18 10:48:06 2013 : Info: Found Auth-Type = PAP
    Wed Sep 18 10:48:06 2013 : Info: # Executing group from file /etc/raddb/sites-enabled/default
    Wed Sep 18 10:48:06 2013 : Info: +- entering group PAP {...}
    Wed Sep 18 10:48:06 2013 : Info: [pap] login attempt with password "001372b639a6"
    Wed Sep 18 10:48:06 2013 : Info: [pap] Using clear text password "001372b639a6"
    Wed Sep 18 10:48:06 2013 : Info: [pap] User authenticated successfully
    Wed Sep 18 10:48:06 2013 : Info: ++[pap] returns ok
    Wed Sep 18 10:48:06 2013 : Info: # Executing section post-auth from file /etc/raddb/sites-enabled/default
    Wed Sep 18 10:48:06 2013 : Info: +- entering group post-auth {...}
    Wed Sep 18 10:48:06 2013 : Info: ++[exec] returns noop
    Sending Access-Accept of id 204 to 10.90.100.7 port 1645
    Wed Sep 18 10:48:06 2013 : Info: Finished request 0.
    Wed Sep 18 10:48:06 2013 : Debug: Going to the next request
    Wed Sep 18 10:48:06 2013 : Debug: Waking up in 4.9 seconds.
    Wed Sep 18 10:48:11 2013 : Info: Cleaning up request 0 ID 204 with timestamp +77
    Wed Sep 18 10:48:11 2013 : Info: Ready to process requests.
    rad_recv: Access-Request packet from host 10.90.100.7 port 1645, id=205, length=160
    User-Name = "3037a616cd49"
    User-Password = "3037a616cd49"
    Service-Type = Call-Check
    Framed-MTU = 1500
    Called-Station-Id = "9C-AF-CA-23-D9-01"
    Calling-Station-Id = "30-37-A6-16-CD-49"
    Message-Authenticator = 0xc9173e759dd759b9d414d192783e8a8e
    NAS-Port-Type = Ethernet
    NAS-Port = 50001
    NAS-Port-Id = "GigabitEthernet0/1"
    NAS-IP-Address = 10.90.100.7
    Wed Sep 18 10:48:13 2013 : Info: # Executing section authorize from file /etc/raddb/sites-enabled/default
    Wed Sep 18 10:48:13 2013 : Info: +- entering group authorize {...}
    Wed Sep 18 10:48:13 2013 : Info: ++[preprocess] returns ok
    Wed Sep 18 10:48:13 2013 : Info: ++[chap] returns noop
    Wed Sep 18 10:48:13 2013 : Info: ++[mschap] returns noop
    Wed Sep 18 10:48:13 2013 : Info: ++[digest] returns noop
    Wed Sep 18 10:48:13 2013 : Info: [suffix] No '@' in User-Name = "3037a616cd49", looking up realm NULL
    Wed Sep 18 10:48:13 2013 : Info: [suffix] No such realm "NULL"
    Wed Sep 18 10:48:13 2013 : Info: ++[suffix] returns noop
    Wed Sep 18 10:48:13 2013 : Info: [eap] No EAP-Message, not doing EAP
    Wed Sep 18 10:48:13 2013 : Info: ++[eap] returns noop
    Wed Sep 18 10:48:13 2013 : Info: [sql]           expand: %{User-Name} -> 3037a616cd49
    Wed Sep 18 10:48:13 2013 : Info: [sql] sql_set_user escaped user --> '3037a616cd49'
    Wed Sep 18 10:48:13 2013 : Debug: rlm_sql (sql): Reserving sql socket id: 2
    Wed Sep 18 10:48:13 2013 : Info: [sql]           expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '3037a616cd49'           ORDER BY id
    Wed Sep 18 10:48:13 2013 : Debug: rlm_sql_mysql: query:  SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '3037a616cd49'           ORDER BY id
    Wed Sep 18 10:48:13 2013 : Info: [sql] User found in radcheck table
    Wed Sep 18 10:48:13 2013 : Info: [sql]           expand: SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '3037a616cd49'           ORDER BY id
    Wed Sep 18 10:48:13 2013 : Debug: rlm_sql_mysql: query:  SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '3037a616cd49'           ORDER BY id
    Wed Sep 18 10:48:13 2013 : Info: [sql]           expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = '3037a616cd49'           ORDER BY priority
    Wed Sep 18 10:48:13 2013 : Debug: rlm_sql_mysql: query:  SELECT groupname           FROM radusergroup           WHERE username = '3037a616cd49'           ORDER BY priority
    Wed Sep 18 10:48:13 2013 : Debug: rlm_sql (sql): Released sql socket id: 2
    Wed Sep 18 10:48:13 2013 : Info: ++[sql] returns ok
    Wed Sep 18 10:48:13 2013 : Info: ++[expiration] returns noop
    Wed Sep 18 10:48:13 2013 : Info: ++[logintime] returns noop
    Wed Sep 18 10:48:13 2013 : Info: ++[pap] returns updated
    Wed Sep 18 10:48:13 2013 : Info: Found Auth-Type = PAP
    Wed Sep 18 10:48:13 2013 : Info: # Executing group from file /etc/raddb/sites-enabled/default
    Wed Sep 18 10:48:13 2013 : Info: +- entering group PAP {...}
    Wed Sep 18 10:48:13 2013 : Info: [pap] login attempt with password "3037a616cd49"
    Wed Sep 18 10:48:13 2013 : Info: [pap] Using clear text password "3037a616cd49"
    Wed Sep 18 10:48:13 2013 : Info: [pap] User authenticated successfully
    Wed Sep 18 10:48:13 2013 : Info: ++[pap] returns ok
    Wed Sep 18 10:48:13 2013 : Info: # Executing section post-auth from file /etc/raddb/sites-enabled/default
    Wed Sep 18 10:48:13 2013 : Info: +- entering group post-auth {...}
    Wed Sep 18 10:48:13 2013 : Info: ++[exec] returns noop
    Sending Access-Accept of id 205 to 10.90.100.7 port 1645
    Cisco-AVPair = "device-traffic-class=voice"
    Wed Sep 18 10:48:13 2013 : Info: Finished request 1.
    Wed Sep 18 10:48:13 2013 : Debug: Going to the next request
    Wed Sep 18 10:48:13 2013 : Debug: Waking up in 4.9 seconds.
    Wed Sep 18 10:48:18 2013 : Info: Cleaning up request 1 ID 205 with timestamp +84
    Wed Sep 18 10:48:18 2013 : Info: Ready to process requests.
    Thanks!

    802.1X support    requires an authentication server that is configured for Remote    Authentication Dial-In User Service (RADIUS). 802.1X authentication does  not   work unless the network access switch can route packets to the  configured   RADIUS server.
    Please check the  below links which can be helpful in configurations:
    Link-1
    http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/50sg/configuration/guide/dot1x.html

  • Jabber for Windows 10.5 and global redundancy

    Hi All,
    I implement J4W 10.5 in a full redundant environment, that contains:
    - 3 x CUCM 10.5
    - 2 x Unity Connection 10.5
    - 2 x IM&P 10.5
    - 2 x Expressway-C 8.2.2
    - 2 x Expressway-E 8.2.2
    After testing, I notice that the redundancy/failover does not act the same way depending the product, sometime no.
    As it is not clearly stated in the documentation, what is clearly supported as automatic failover, and what's not, when using Jabber for Windows 10.5?
    In my first test, I saw that Jabber does not support failover with UnityConnection: if the primary peer is down, no more voicemail on Jabber.
    If jabber run in Mobile and Remote Access, and the Expressway where it's conencted goes down, it doesn't switch to the other peer.
    It will be good to have a document that relate all the redundancy and failover support with Jabber, what can we expect during the failover process.
    It will help a lot of people.
    Thanks
    Gabriel

    Yep, that's what I did now.
    But keep in mind this is not really explained, even if crossing all the documentations.
    There is no document explaining what behaviour to expect in Jabber in case of redundancy of all the UC components.
    For the CUCM, it's not clear, and nothing is mentionned in case of MRA.
    IM&P is documented, but nothing for MRA.
    Expressays states about redundancy, but the behaviour to expect is not. Same for XMPP federation, no idea.
    UnityConnection as well, nothing is explained.

  • Memory on the redundant CSS5-SCM-2GE=

    Hi all,
    If a second SCM is installed in a CSS11506 Chassis,
    what is the amount of memory on board.
    I know the primary SCM has 288MB on Board. But some
    information say that only 144MB are on the redundant
    SCM Module.
    Help needed urgent.
    Regards
    Richard

    you can buy a SCM with 288Mb and 144MB.
    There is no specific SCM for the redundant slot.
    So what you get is what you buy.
    Gilles.

Maybe you are looking for

  • How do I create a global signal list or system record

    Forgive me but I have been away from LabVIEW for a quite a while. I have been working in the realm of LabWindows (99% of our work) for the last five years with some LabVIEW sprinkled in. I have been tasked with designing a replacement for an existing

  • Trouble connecting Zen V Plus (4

    I've been having trouble connecting my Zen V Plus to the computer. When I connect it I manage to transfer maybe 0-20 songs if I'm quick (I'm using WMP .0.572.545), but then everything freezes. I have to plug out the player before the computer and the

  • Minimum Screen Resolution for Premiere Pro CS3

    I want to be able to run the package on my laptop when out and about, but the screen resolution is only 1024 x 768. Can anyone tell me whether it will run under said resolution, but with a crowded screen or will it simply not work. I have not yet bou

  • Close period Account Payable

    Dear sir, Now, I dont know how to close period Account Payable (February, 2008) Please show me the Tcode and step by step guide docs to close period. Thank for your help Minhtb

  • Migrating Devloper 2000 Forms to 9i or 10G?

    I hope the Devloper community can assist me with these two questions: (1) When is Oracle scheduled to roll out the Devloper Suite 10G that coincides with their 10G Database? (2) I need to migrate my old Oracle Forms 5.0 (Developer 2000)to a more curr