Individual Ports vs Ranges

Hi, just a quick question about best practices for an ASA5520. I'm currently running a pair of these as internal firewall for my organization, and have about 750 rules dictating traffic. A lot of the rules are for individual ports to specific server(s), some of them having 50+ ports opened. For example, Exchange has about 115 ports opened right now, anywhere from port 25 to 55000.
My question is that would it be better (faster, less strain on the ASA) to open a port range, (ie 52000-55000) or would the individual ports (ie: 52112,52336,52698,53441,53495, etc...) be ok?
Obviously the individual ports are much more granular for security, but I don't want to take that into consideration now. Just strictly individual ports vs ranges.
thanks

Your 5520 will easily handle 750+ rules so you can keep your current practice of using individual ports. And on a security device you also shouldn't trade security against speed if you are not forced to.
What you can do: Organise all needed ports per server in service object-groups. The resulting ACL won't be shorter by that approach, but the resulting ACL is more readable and manageble, especially if you use the ASDM.
Sent from Cisco Technical Support iPad App

Similar Messages

How to setup a UDP port forward range

Hi,
We are trying to figure out how to setup UDP port forward range. This is the configuration that we are using.
ip nat pool voip-rtp 10.10.10.3 10.10.10.3 netmask 255.255.255.0 type rotary
ip nat inside destination list 114 pool voip-rtp
access-list 114 permit udp any any range 16384 32767
Where 10.10.10.3 is the host I want to forward the ports 16384 to 32767 to.
This is not working. We use a similar set of commands for TCP range forwarding which work perfecting. Can anyone advise of the correct way to port forward a UDP range.
Damien

thanks for the suggestion.
I tried the same , but still the udp port 514 is not available. when i run nmap tool to scan the ports, the udp port 514 is not available to the external world and hence the syslog msgs i send to tat port is not being received. kindly help me out.
thanks again!!

Using ethernet port on range extender: faster??

I have an extender is the room with this computer for a wireless connection. This extender is v3 with the ethernet connection. Just for fun, I plugged my computer into that connection and disabled my wireless and found that I had a "wired-like" connection. Is there any real advantage to this besides not having to deal with security on this computer? In otherwords, is the wireless communciation between the router and the extender faster than the wireless connection between the extender and a given computer?

Does the computer get online with ethernet port from range expander? It is only meant for configuring it.

LACP port-channel down but Individual ports up

I have setup an active LACP consisting of two members in each port-channel. As it is configured now the individual ports are operational but not participating as members of the LACP. Not finding any reference to exactly why this is. From what I can gather this may be related to the host configuration?
If anyone can enlighten me to such a situation it would be greatly appreciated. Would be even better if anyone had experience with the Oracle Database Appliance requirements for network configuration on the Cisco side.
Group Port- Type Protocol Member Ports
Channel
210 Po210(SD) Eth LACP Eth107/1/11(I) Eth108/1/12(I)
211 Po211(SD) Eth LACP Eth107/1/12(I) Eth108/1/11(I)
interface port-channel210
description pdxodaprod-node0
switchport access vlan 48
interface Ethernet107/1/11
description pdxodaprod-node0-net0
switchport access vlan 48
speed auto
channel-group 210 mode active
interface Ethernet108/1/12
description pdxodaprod-node0-net1
switchport access vlan 48
speed auto
channel-group 210 mode active
interface port-channel211
description pdxodaprod-node1
switchport access vlan 48
interface Ethernet108/1/11
description pdxodaprod-node1-net0
switchport access vlan 48
speed auto
channel-group 211 mode active
interface Ethernet107/1/12
description pdxodaprod-node1-net1
switchport access vlan 48
speed auto
channel-group 211 mode active

Hi,
Putting the EtherChannel to the "on" mode will force the ports to become bundled unconditionally but the true problem, then, is truly seeing if it works. The Cisco switch will happily keep the ports bundled and will even transmit data over these ports but how do we know if Oracle is happy with that and does the same?
Personally, I would not recommend using the "on" mode precisely because of lack of any indication that things are operating just as they should, unless it can be shown without doubts that Oracle runs without LACP and uses a static EtherChannel.
Best regards,
Peter

SG500 LACP trunk mismatch native vlan on individual ports

Hi All,
I have just configured up a sg500 with a lacp trunk to an upstream switch.
I am getting native vlan mismatch on the individual ports of the lacp team.
24-Jan-2013 12:54:48 %CDP-W-NATIVE_VLAN_MISMATCH: Native VLAN mismatch detected on interface gi1/1/24.
24-Jan-2013 12:57:35 %CDP-W-NATIVE_VLAN_MISMATCH: Native VLAN mismatch detected on interface gi1/1/48.
The following is showing the correct native vlan
BH-WS-AC-2#show int switchport port 1
Port : Po1
Port Mode: Trunk
Gvrp Status: disabled
Ingress Filtering: true
Acceptable Frame Type: admitAll
Ingress UnTagged VLAN ( NATIVE ): 2000
Port is member in:
Vlan               Name               Egress rule Port Membership Type
1200               1200                 Tagged           Static
1210            Management              Tagged           Static
1212               1212                 Tagged           Static
2000           Native Vlan             Untagged          Static
But the following shows that the individual ports think they are the default vlan 1.
BH-WS-AC-2#show int switchport gi1/1/48
Port : gi1/1/48
Port Mode: Trunk
Gvrp Status: disabled
Ingress Filtering: true
Acceptable Frame Type: admitAll
Ingress UnTagged VLAN ( NATIVE ): 1
Port is member in:
Vlan               Name               Egress rule Port Membership Type
The following shows the LACP as up:
BH-WS-AC-2#show int Port-Channel 1
Load balancing: src-dst-mac-ip.
Gathering information...
Channel Ports
Po1      Active: gi1/1/24,gi1/1/48
Is this normal behaviour? as i cannot set the native vlan directly on the gi interface due to it being in the trunk.
Simon

Hi Simon, native vlan mismatch is a cosmetic error from CDP. It won't affect services provided the vlans are a member of the ports in question.
You can set the native vlan while it is within the lag. On the SX500 it would be
config t
int po1
switchport trunk native vlan xxxx
The port channel is the same as any other individual port so it's not a problem. 802.1q specifies the native vlan is the untagged member, if you want to get rid of the error, make sure the untagged vlans match up on both sides.
-Tom
Please mark answered for helpful posts

Air Port Express Range

ok so i bought this airport express for my macbook pro. i am a college student about to move into a dorm. but i am currently at my house with this wireless router. now my friend has the same exact laptop as mine, but bought a linksys and it works full bar around the whole house but his only cost around $60. now my airport express cost around $110 and only works perfectly in my room. now i even set it up with the apple people at 1800aplcare. so i don't know if i should return this airport express or not...please help...i just want full bar where ever i go...thank you
MacBook Pro Mac OS X (10.4.6)

Welcome to the discussions.
http://www.apple.com/airportexpress/
Reading through the nominclature of the the Airport Express it states the range to be 150 Feet.
One thing to bare in mind this fiqure can very greatlty by adding into the equation INTERFERENCE.
Walls, Cell and Wireless Phones as well as Rouge Microwave signals.
Remember when comparing one Router to another you have to preform a fair test in the same location with the different routers to see exactly what the range might be.
Also bear in mind that Different Networks in the same location using the same channel can also be problematic, and will need to have the channel changed so that one doesn't overlap and interfere with the other.
My quess is if you are going to use this in a dorm you will have more than full coverage and will probably automaticlly pick up several different Networks whaen you get settled in.
Remember All Routers are basicly the same Apple offers the ease of set up over the 3rd party routers as well as the built in Print Server the others do not offer.
Cheers Don

DMZ or a Port Mapping Range for A.E.???

I'm currently having an awful time with a recent playstation purchase named SocomIII. It seems that in order to get my mic to work on it's online feature, I need to either open an array of ports, (i.e. 6000-7000) or enable DMZ. I can't figure out how to do either. To make matters worse, I just sent my powerbook out to be fixed (Don't ask ... my ac adaptor's male end snapped off into the powerbook's jack) ... so now I type to you from Windoze land .......

Run the Airport Admin Utility. In the "Base Station Chooser" window that pops up, select Help->About Airport Admin Utility. What version of the utility is shown there? If it is older than 4.1, download the Airport 4.1 update from:
http://www.apple.com/support/downloads/airport41forwindows.html
...and try following my instructions again.
You can always look around in the version you are running - either after clicking on "Base Station Options" under the Airport tab, or under the Port Mapping tab. It's there somewhere!

Can I open a port range in the firewall for one host?

Can I open a port range in the firewall for one host? In other words, I want to be able to open ports 54001 to 54050 to allow one remote host in my LAN to access that port range in my Mac Server. Is this possible? Currently, the only option I see is to open individual ports for all external hosts (eg http or https)
Thanks in advance!

Which version of OS X Server are you using?
Server 2.2 and earlier includes an interface to a software firewall that can be configured to open specific ports very easily. Descriptions of how to configure the firewall can be found in the documentation for these versions.
Server 3.x no longer has an interface to the software firewall - it is still there, but you need to use other methods do configure it. A popular example of such a method is the icefloor utility.
Apple suggest that for Server 3 you delegate firewall duties to an external router. Server 3 includes the ability to configure the firewall component of Apple Airport routers 'automatically'
if you connect a machine running Server 3 directly to an Airport Router the router appears in the LH pane in the Server.app window (usually second line, below the entry for the server itself), and you can control what services are 'enabled' through the firewall there.
a more common solution perhaps is to use a non-apple router, and configure the firewall (and so open specific ports) through whatever control interface is provided for that router. There are many many kinds of hardware router you could use, and the control interfaces used vary widely - so you will have to consulting the documentation for your own router to work out how to do this.
If you post information about your software versions, and hardware configuration, it is possible that you can get more specific help with the tasks involved in opening the ports.
Hope this helps.

Configure static NAT for range of ports

Hi,
I have a 2911 with a 3CX IP PBX behind it that needs to have a static NAT to the 3CX server for TCP/UDP 5060 and UDP 9000-9049. Do I have to create a static NAT entry for every single port in order for this to work, or can a range be defined in the NAT entries?
As an example, say my 3CX server has an internal IP of 192.168.1.25 and my external IP is 1.2.3.4. Would I have to create an entry for each port?
ip nat inside source static tcp 192.168.1.25 5060 1.2.3.4 5060
ip nat inside source static udp 192.168.1.25 5060 1.2.3.4 5060
ip nat inside source static udp 192.168.1.25 9000 1.2.3.4 9000
ip nat inside source static udp 192.168.1.25 9001 1.2.3.4 9001
and so on...
Is this the correct way to do it, or is there another better way?
Also, I only have one public IP to work with, and there are multiple other hosts on this network that need to have access to the internet. Right now I have NAT setup with overload so that the other hosts can get to the Internet. Here's my config for that:
ip nat pool PATPOOL 1.2.3.4 1.2.3.4 netmask 255.255.255.252
ip nat inside source list NAT_ACL pool PATPOOL overload
ip access-list standard NAT_ACL
remark PAT to outside
permit 192.168.1.0 0.0.0.255
exit
My question with this is will the static NAT work if I already have NAT overload configured as above?
Thanks for the help in advance.
Austin
PS here is 3CX documentation on this subject http://www.3cx.com/blog/voip-howto/cisco-voip-configuration/

I ended up creating a static NAT entry for each individual port mapping. This worked just as it was supposed to.
I have seen examples of people using route maps and ACLs to accomplish forwarding a range ports. I have yet to see official documentation from Cisco on this, and in some cases those examples did not seem to work correctly.
ASAs with the latest code have the ability to forward a range of ports, but based on my research IOS lacks this feature.
In my case, forwarding 50 ports wasn't so bad. However, if you have hundreds or thousands of ports to forward you may want to try the route map/ACL approach.
Hopefully this information useful to others.

PAT port range

Hi,
I'm looking for a way to avoid doing 999 individual port address translations for ports in a range 1-999 for the same protocol.
I'm not finding anything that asa code v9.11 will allow.
I have the service objects defined but cannot find a way to get the nat statement to allow the service object.
object network foobarhost 192.168.100.22nat (inside,outside) static interface service fooservice fooservice
Hope I'm missing something here. Any help appreciated.
Thanks.

Hi,
Seems there is a bug in the 9.1 ASA software as I tried to configure this first with that software. That gave a wierd result and I checked another post on these forums that related to a similiar problem
I then booted my ASA with 8.4(5) software and the NAT is now working normally. So I imagine you will have to wait for a correcting software or move to a older software to get it working in the meanwhile
Heres the configuration I did and a "packet-tracer" output to test it
NAT CONFIGURATION
Where
SERVICE-LOCAL = The actual port range on the LAN
SERVICE-MAPPED = The corresponding NATed/Mapped port range on the WAN
SERVER-LOCAL = Server IP on the LAN
SERVER-MAPPED = Server IP NATed/Mapped on the WAN
nat = The NAT configuration
Y.Y.Y.Y = One of my public IP addresses assigned to this NAT configuration
X.X.X.X = My server LAN IP address
object service SERVICE-LOCAL
service tcp source range 5000 6000
object service SERVICE-MAPPED
service tcp source range 15000 16000
object network SERVER-LOCAL
host X.X.X.X
object network SERVER-MAPPED
host Y.Y.Y.Y
nat (LAN,WAN) source static SERVER-LOCAL SERVER-MAPPED service SERVICE-LOCAL SERVICE-MAPPED
PACKET-TRACER TEST
Where
WAN = My ASAs "outside" interface
1.2.3.4 = Random address behind the WAN interface
Y.Y.Y.Y = One of my public IP addresses assigned to this NAT configuration
X.X.X.X = My server LAN IP address
ASA# packet-tracer input WAN tcp 1.2.3.4 20000 Y.Y.Y.Y 15000
Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list
Phase: 2
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
nat (LAN,WAN) source static SERVER-LOCAL SERVER-MAPPED service SERVICE-LOCAL SERVICE-MAPPED
Additional Information:
NAT divert to egress interface LAN
Untranslate Y.Y.Y.Y/15000 to X.X.X.X/5000
Link to the dicussion with the NAT problem:
https://supportforums.cisco.com/thread/2196562?tstart=60
Link to the BugID (CLICK THE BUG ID AT THE END OF THE LINK)
https://www.cisco.com/cisco/psn/bssprt/bss?searchType=bstbugidsearch&page=bstBugDetail&BugID=CSCud64705
Finally the same NAT configuration as above but while running ASA software 9.1(1)
Where
WAN = My ASAs "outside" interface
1.2.3.4 = Random address behind the WAN interface
Y.Y.Y.Y = One of my public IP addresses assigned to this NAT configuration
X.X.X.X = My ASA WAN interface IP address
ASA(config)# packet-tracer input WAN tcp 1.2.3.4 20000 Y.Y.Y.Y 15000
Phase: 1
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in X.X.X.X 255.255.255.248 WAN
Result:
input-interface: WAN
input-status: up
input-line-status: up
output-interface: WAN
output-status: up
output-line-status: up
Action: drop
Drop-reason: (no-route) No route to host
Hope the above information has been helpfull. If so please rate
- Jouni

Failed to allocate port(s) in the specified range(s) for the following....

Hi,
I'm attempting to install oracle 10.2.0 on Solaris 10.
When I create a database i get the error:
Failed to allocate port(s) in the specified range(s) for the following process(es): .....
So I look at the logs and there looks like to be some configuration issues but i'm not sure where to start.
I've changed the port from NULL to 1521 in listener.ora.
It worried me that it was set to null.
Ive tried running emca -config -all db ( not sure what central agent home should be set it as /app/oracle/product/10.2.0/Db_1 seemed to accept that)
This gives me the same above error.
Any help is greatly appreciated. Please note im both a novice solaris and oracle user
Nov 22, 2006 3:29:41 PM oracle.sysman.emcp.EMConfig perform
INFO: This operation is being logged at /app/oracle/product/10.2.0/Db_1/cfgtoollogs/dbca/test2/emConfig.log.
Nov 22, 2006 3:29:41 PM oracle.sysman.emcp.ParamsManager setFlag
CONFIG: Flag 'CHECK_CONFIG' set to true
Nov 22, 2006 3:29:41 PM oracle.sysman.emcp.util.GeneralUtil initSQLEngine
CONFIG: SQLEngine connecting with SID: test2, oracleHome: /app/oracle/product/10.2.0/Db_1, and user: SYS
Nov 22, 2006 3:29:41 PM oracle.sysman.emcp.util.GeneralUtil initSQLEngine
CONFIG: SQLEngine created successfully and connected
Nov 22, 2006 3:29:41 PM oracle.sysman.emcp.util.GeneralUtil initSQLEngine
CONFIG: SQLEngine connecting with SID: test2, oracleHome: /app/oracle/product/10.2.0/Db_1, and user: DBSNMP
Nov 22, 2006 3:29:41 PM oracle.sysman.emcp.util.GeneralUtil initSQLEngine
CONFIG: SQLEngine created successfully and connected
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.ParamsManager getParam
CONFIG: No value was set for the parameter MODIFY_SID.
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.util.GeneralUtil initSQLEngine
CONFIG: SQLEngine connecting with SID: test2, oracleHome: /app/oracle/product/10.2.0/Db_1, and user: SYS
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.util.GeneralUtil initSQLEngine
CONFIG: SQLEngine created successfully and connected
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.ParamsManager setFlag
CONFIG: Flag 'asm_db' set to false
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.ParamsManager getParam
CONFIG: No value was set for the parameter MODIFY_SID.
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.DatabaseChecks getDbServiceName
CONFIG: No service name available. Will try to set db_unique_name.db_domain
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.util.GeneralUtil initSQLEngine
CONFIG: SQLEngine connecting with SID: test2, oracleHome: /app/oracle/product/10.2.0/Db_1, and user: SYS
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.util.GeneralUtil initSQLEngine
CONFIG: SQLEngine created successfully and connected
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.ParamsManager setParam
CONFIG: Setting param: DB_UNIQUE_NAME value:
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.ParamsManager getParam
CONFIG: No value was set for the parameter DB_UNIQUE_NAME.
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.DatabaseChecks getDbUniqueName
CONFIG: No Database unique name available. Will try to retrieve it from DB itself
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.ParamsManager setParam
CONFIG: Setting param: DB_UNIQUE_NAME value: test2
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.ParamsManager getParam
CONFIG: No value was set for the parameter DB_DOMAIN.
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.DatabaseChecks getDbDomain
CONFIG: No db domain available. Will query db for db_domain parameter
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.ParamsManager setParam
CONFIG: Setting param: DB_UNIQUE_NAME value: test2
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.ParamsManager setParam
CONFIG: Setting param: SERVICE_NAME value: test2
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.ParamsManager getParam
CONFIG: No value was set for the parameter MODIFY_SID.
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.ParamsManager getParam
CONFIG: No value was set for the parameter DBID.
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.DatabaseChecks getDbid
CONFIG: No dbid available. Will query db to extract it.
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.util.GeneralUtil initSQLEngine
CONFIG: SQLEngine connecting with SID: test2, oracleHome: /app/oracle/product/10.2.0/Db_1, and user: SYS
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.util.GeneralUtil initSQLEngine
CONFIG: SQLEngine created successfully and connected
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.ParamsManager setParam
CONFIG: Setting param: DBID value: 691205234
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.util.GeneralUtil initSQLEngine
CONFIG: SQLEngine connecting with SID: test2, oracleHome: /app/oracle/product/10.2.0/Db_1, and user: SYSMAN
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.util.GeneralUtil initSQLEngine
CONFIG: SQLEngine created successfully and connected
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.ParamsManager getParam
CONFIG: No value was set for the parameter ORACLE_HOSTNAME.
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.ParamsManager getParam
CONFIG: No value was set for the parameter ORACLE_HOSTNAME.
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.util.GeneralUtil initSQLEngine
CONFIG: SQLEngine connecting with SID: test2, oracleHome: /app/oracle/product/10.2.0/Db_1, and user: SYS
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.util.GeneralUtil initSQLEngine
CONFIG: SQLEngine created successfully and connected
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.EMDBPreConfig invoke
CONFIG: Passed repository configuration check
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.ParamsManager getParam
CONFIG: No value was set for the parameter MODIFY_SID.
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.ParamsManager getParam
CONFIG: No value was set for the parameter MODIFY_SID.
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.ParamsManager getParam
CONFIG: No value was set for the parameter GLOBAL_DB_UNIQUE_NAME.
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.DatabaseChecks getGlobalDbUniqueName
CONFIG: No Global database unique name available. Will try to retrieve it from DB itself
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.util.GeneralUtil initSQLEngine
CONFIG: SQLEngine connecting with SID: test2, oracleHome: /app/oracle/product/10.2.0/Db_1, and user: SYS
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.util.GeneralUtil initSQLEngine
CONFIG: SQLEngine created successfully and connected
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.ParamsManager getParam
CONFIG: No value was set for the parameter DB_DOMAIN.
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.DatabaseChecks getDbDomain
CONFIG: No db domain available. Will query db for db_domain parameter
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.ParamsManager setParam
CONFIG: Setting param: GLOBAL_DB_UNIQUE_NAME value: test2
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.util.FileUtil _copyFile
CONFIG: Copying file /app/oracle/product/10.2.0/Db_1/sysman/config/emd.properties to /app/oracle/product/10.2.0/Db_1/sysman/config/emd.prop
erties.emca.tmp
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.util.FileUtil backupFile
CONFIG: The original file /app/oracle/product/10.2.0/Db_1/sysman/config/emd.properties has been copied to /app/oracle/product/10.2.0/Db_1/s
ysman/config/emd.properties.emca.tmp
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.util.FileUtil _copyFile
CONFIG: Copying file /app/oracle/product/10.2.0/Db_1/sysman/config/emoms.properties to /app/oracle/product/10.2.0/Db_1/sysman/config/emoms.
properties.emca.tmp
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.util.FileUtil backupFile
CONFIG: The original file /app/oracle/product/10.2.0/Db_1/sysman/config/emoms.properties has been copied to /app/oracle/product/10.2.0/Db_1
/sysman/config/emoms.properties.emca.tmp
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.util.FileUtil _copyFile
CONFIG: Copying file /app/oracle/product/10.2.0/Db_1/sysman/emd/targets.xml to /app/oracle/product/10.2.0/Db_1/sysman/emd/targets.xml.emca.
tmp
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.util.FileUtil backupFile
CONFIG: The original file /app/oracle/product/10.2.0/Db_1/sysman/emd/targets.xml has been copied to /app/oracle/product/10.2.0/Db_1/sysman/
emd/targets.xml.emca.tmp
Nov 22, 2006 3:29:42 PM oracle.sysman.emcp.ParamsManager getParam
CONFIG: No value was set for the parameter ORACLE_HOSTNAME.
Nov 22, 2006 3:29:43 PM oracle.sysman.emcp.ParamsManager setFlag
CONFIG: Flag 'IS_CENTRAL_AGENT_RECONFIG' set to false
Nov 22, 2006 3:29:43 PM oracle.sysman.emcp.ParamsManager getParam
CONFIG: No value was set for the parameter ORACLE_HOSTNAME.
Nov 22, 2006 3:29:43 PM oracle.sysman.emcp.util.CentralAgentUtil isCentralAgentConfigured
CONFIG: Sid: test2 Host: honeyeater Node: null OH: /app/oracle/product/10.2.0/Db_1 agentHome: null isCentral: false
Nov 22, 2006 3:29:43 PM oracle.sysman.emcp.util.DBControlUtil isDBConsoleConfigured
CONFIG: Sid: test2 Host: honeyeater Node: null OH: /app/oracle/product/10.2.0/Db_1 isDBC: false
Nov 22, 2006 3:29:43 PM oracle.sysman.emcp.ParamsManager setFlag
CONFIG: Flag 'IS_CENTRAL_AGENT_CONFIGURED' set to false
Nov 22, 2006 3:29:43 PM oracle.sysman.emcp.ParamsManager setFlag
CONFIG: Flag 'IS_DBCONTROL_CONFIGURED' set to false
Nov 22, 2006 3:29:43 PM oracle.sysman.emcp.ParamsManager getParam
CONFIG: No value was set for the parameter DBCONTROL_HTTP_PORT.
Nov 22, 2006 3:29:43 PM oracle.sysman.emcp.ParamsManager getParam
CONFIG: No value was set for the parameter AGENT_PORT.
Nov 22, 2006 3:29:43 PM oracle.sysman.emcp.ParamsManager getParam
CONFIG: No value was set for the parameter RMI_PORT.
Nov 22, 2006 3:29:43 PM oracle.sysman.emcp.ParamsManager getParam
CONFIG: No value was set for the parameter JMS_PORT.
Nov 22, 2006 3:29:43 PM oracle.sysman.emcp.ParamsManager getParam
CONFIG: No value was set for the parameter ORACLE_HOSTNAME.
Nov 22, 2006 3:29:43 PM oracle.sysman.emcp.util.DBControlUtil isDBConsoleConfigured
CONFIG: Sid: test2 Host: honeyeater Node: null OH: /app/oracle/product/10.2.0/Db_1 isDBC: false
Nov 22, 2006 3:29:43 PM oracle.sysman.emcp.ParamsManager getParam
CONFIG: No value was set for the parameter ORACLE_HOSTNAME.
Nov 22, 2006 3:29:43 PM oracle.sysman.emcp.ParamsManager getParam
CONFIG: No value was set for the parameter PORTS_FILE.
Nov 22, 2006 3:29:43 PM oracle.sysman.emcp.ParamsManager getParam
CONFIG: No value was set for the parameter JMS_PORT_test2.
Nov 22, 2006 3:29:43 PM oracle.sysman.emcp.ParamsManager getParam
CONFIG: No value was set for the parameter JMS_PORT.
Nov 22, 2006 3:29:43 PM oracle.sysman.emcp.ParamsManager getParam
CONFIG: No value was set for the parameter RMI_PORT_test2.
Nov 22, 2006 3:29:43 PM oracle.sysman.emcp.ParamsManager getParam
CONFIG: No value was set for the parameter RMI_PORT.
Nov 22, 2006 3:29:43 PM oracle.sysman.emcp.ParamsManager getParam
CONFIG: No value was set for the parameter DBCONTROL_HTTP_PORT_test2.
Nov 22, 2006 3:29:43 PM oracle.sysman.emcp.ParamsManager getParam
CONFIG: No value was set for the parameter DBCONTROL_HTTP_PORT.
Nov 22, 2006 3:29:43 PM oracle.sysman.emcp.ParamsManager getParam
CONFIG: No value was set for the parameter AGENT_PORT_test2.
Nov 22, 2006 3:29:43 PM oracle.sysman.emcp.ParamsManager getParam
CONFIG: No value was set for the parameter AGENT_PORT.
Nov 22, 2006 3:29:43 PM oracle.sysman.emcp.util.OUIInventoryUtil setOUILoc
CONFIG: Setting oracle.installer.oui_loc to /app/oracle/product/10.2.0/Db_1/oui
Nov 22, 2006 3:29:43 PM oracle.sysman.emcp.util.PortManager markAllUsedPorts
CONFIG: Homes to scan for used ports: [app/oracle/product/10.2.0/Db_1]
Nov 22, 2006 3:29:43 PM oracle.sysman.emcp.util.PortManager markAllUsedPorts
CONFIG: Searching all DBConsole instances for used ports under ORACLE_HOME /app/oracle/product/10.2.0/Db_1
Nov 22, 2006 3:29:43 PM oracle.sysman.emcp.util.PortManager markAllUsedPorts
CONFIG: Marking JMS port: null from /app/oracle/product/10.2.0/Db_1/oc4j/j2ee/OC4J_DBConsole
Nov 22, 2006 3:29:43 PM oracle.sysman.emcp.util.PortManager markAllUsedPorts
CONFIG: Marking RMI port: null from /app/oracle/product/10.2.0/Db_1/oc4j/j2ee/OC4J_DBConsole
Nov 22, 2006 3:29:43 PM oracle.sysman.emcp.util.PortManager markAllUsedPorts
CONFIG: Marking HTTP port: null from /app/oracle/product/10.2.0/Db_1/oc4j/j2ee/OC4J_DBConsole
Nov 22, 2006 3:29:43 PM oracle.sysman.emcp.util.PortManager getAgentPort
CONFIG: Cannot parse EMD_URL correctly. No port identified
Nov 22, 2006 3:29:43 PM oracle.sysman.emcp.util.PortManager markAllUsedPorts
CONFIG: Marking Agent port: null from /app/oracle/product/10.2.0/Db_1/sysman/config/emd.properties
Nov 22, 2006 3:29:43 PM oracle.sysman.emcp.util.PortManager markAllUsedPorts
CONFIG: Cannnot parse EMD_URL correctly. No port identified
Nov 22, 2006 3:29:43 PM oracle.sysman.emcp.util.FileUtil getProperties
CONFIG: Error reading file /app/oracle/product/10.2.0/Db_1/install/staticports.ini
Nov 22, 2006 3:29:43 PM oracle.sysman.emcp.EMConfig perform
SEVERE: Failed to allocate port(s) in the specified range(s) for the following process(es): JMS [5540-5559],RMI [5520-5539],Database Contro
l [5500-5519],EM Agent [3938] | [1830-1849]
Refer to the log file at /app/oracle/product/10.2.0/Db_1/cfgtoollogs/dbca/test2/emConfig.log for more details.
Nov 22, 2006 3:29:43 PM oracle.sysman.emcp.EMConfig perform
CONFIG: Stack Trace:
oracle.sysman.emcp.exception.EMConfigException: Failed to allocate port(s) in the specified range(s) for the following process(es): JMS [55
40-5559],RMI [5520-5539],Database Control [5500-5519],EM Agent [3938] | [1830-1849]
at oracle.sysman.emcp.EMDBPreConfig.checkPorts(EMDBPreConfig.java:2266)
at oracle.sysman.emcp.EMDBPreConfig.performConfiguration(EMDBPreConfig.java:670)
at oracle.sysman.emcp.EMDBPreConfig.invoke(EMDBPreConfig.java:233)
at oracle.sysman.emcp.EMDBPreConfig.invoke(EMDBPreConfig.java:160)
at oracle.sysman.emcp.EMConfig.perform(EMConfig.java:141)
at oracle.sysman.assistants.util.em.EMConfiguration.run(EMConfiguration.java:426)
at java.lang.Thread.run(Thread.java:534)
Also got thie error in another log
Cluster Error Message: PRKH-1010 : Unable to communicate with CRS Services

thanks mathias,
but i have already done, netstat -na |grep portnumber
but nothing no port in range are set
thanks howevar
regards

WRT160n Port Range forwarding problem

I have a WRT160n that I am trying to forward some ports on for some DVR equipment. When I use the single port forwarding and enter each port separately it works fine. But I have 2 DVR's and they use a bunch of ports each so I want to use the port range forwarding because there are not enough spots in the single port forwarding section. The ports I am trying to forward are 8000-8004 for one IP address and 8005-8009 for a second IP address. I have entered it into the port range forwarding section but I can not connect from outside my network. As I said if I enter them in the single port section seperately as 8000,8001,8002,8003,8004 then I can connect fine outside my network. Any idea's what the problem is?

chuckb223 wrote:
jaymay wrote:
How about you isolate it first by forwarding the ports for one DVR. Forward them one by one on the Port Forwarding Range page then see if it works on one DVR. If it will, try to do the same thing for the other DVR.
Yes I already tried this with no luck. I tried just opening one port in the port forwarding for 1 DVR and it did not work, Opening this same port in the single port forwarding did work.
Is your router a version 1,2, or 3? Your router probably needs to be updated (firmware).
Firmware
11/08/2010
Ver.1.02.11
Download
3.15 MB
Firmware
11/15/2010
Ver.2.0.03 Build 9
Download
3.25 MB
Firmware
07/12/2010
Ver.3.0.03 Build 3
Download
3.31 MB
And then reset and reconfigure your router again for internet connection and try the port range forward again and see if you can both DVRs working properly.

4900M WS-X4908-10G-RJ45 Port Startup Delay

Hi all,
We have recently purchased 2 x 4900M switches with the following configuration:
2 x X2-10GB-SR installed in port te1/1, 1/2 (optical)
1 x 20 x 1GB RJ45 installed in the top left of chasis ge2/1 - 2/20
1 x WS-X4908-10G-RJ45 8 port 1/2 card in the top right of chassis te3/1 - 3/8
We have te1/1 connecting the 2 switches, and various vlan's and connections on the 1GB RJ45's with no problems.
However, we have a number of 10Gbps BaseT connections te3/1 - te3/5 which are causing us issues. On a reload of the switch or removal / re-install of the cable it can take anywhere up to an hour for the port to become active again. So when we reload the switch, we may get a connection come up after say 3 mins, but the port next to it may not come up for 15-60 min. The cabling is all the same (CAT6 and has been tested/verified) and all connections go to Broadcom 10Gb cards in Dell 820 servers running vmware. We have the following set on the ports:
switchport mode access
spanning-tree portfast
No speed or duplex can be set on these ports - these options are not available in the config.
Is this normal? Is there something I am missing in config for these ports? By the way, once a link is finally established, it will hold the link solid with no problems, but this is a problem for us, we can't have a reboot take an undetermined amount of time for the link to come back.
Any help appreciated.
Cheers,
Shane

I just upgraded to 15.1.2 SG2 that was released in Sept 2013 and am having this same issue with upgrade from 12.2.54. Took 2 of my ESX ports on the WS-X4908-10G-RJ45 a range of 11 min and 28 min to come up.
I applied the commands to set the 10G to the ports, but on reboots it seemed to make little difference for delay coming up:
Conf t
hw-module module 2 port-group 1 select tengigabitethernet
hw-module module 2 port-group 2 select tengigabitethernet
hw-module module 2 port-group 3 select tengigabitethernet
hw-module module 2 port-group 4 select tengigabitethernet
exit
I watched the ports in "sh hw-module module 2 port-group" and they would bounce individual ports around from Active to Inactive:
4900M_1#sh hw-mod mod 2 port-group
Module Port-group Active                         Inactive
   2        1     Te2/1-2                        Gi2/9-10
   2        2     Te2/3                          Te2/4,Gi2/11-12
   2        3     Te2/5-6                        Gi2/13-14
   2        4     Te2/7-8                        Gi2/15-16
4900M_1#
4900M_1#sh hw-module module 2 port-group
Module Port-group Active                         Inactive
   2        1     Te2/1-2                        Gi2/9-10
   2        2     Te2/3-4                        Gi2/11-12
   2        3     Te2/5-6                        Gi2/13-14
   2        4     Te2/7-8                        Gi2/15-16
4900M_1#
===================
I hate to downgrade because of security issue of having an old IOS hanging around my environment...
Anyone have any thoughts?
Thanks,
Brian

Unable to log in user at this time / opening up all ports

I've got a lion 10.7.3 server and several Lion client boxes all attached via ethernet to an airport extreme.
I've got a bona fide certificate that seems to have installed correctly, and the client is talking to the open directory server
Without fail, I get a message "unable to log in the user at this time" on each of the clients...
UNLESS I open up all ports on my airport extreme to the server.
I've tried opening individual ports for AFP, profile manager (1640, 2195), open ldap (389, 636) and even kerberos (88). Even with all of these open, it still doesn't work. I have to open up everything to get the error to go away - then the users can log in just fine.
Note, I'm logging in from the local network to a server on the local network, so this just seems bizarre.
I don't have the logs on this computer, but I recall that the error was occurring when it tried to mount the home directory, after authentication. It was an error 64 from homedirmounter (if memory serves).
Any thoughts on what port I'm missing that might be causing the error?

3659 is the SASL port used by the password server, so that makes a certain amount of sense.
However, I still maintain that if your network is configured in the way I'd expect, the base station shouldn't be relevant. The clients should be connecting on a LAN-to-LAN basis so the firewall/filter in the base station shoudn't be in play.
Given what you say, I suspect you've misconfigured your network - probably at the DNS level and you're not running private DNS for your LAN, which would force the clients to connect through the public address. The risks and downside of this approach are numerous - not least of which is the fact that you ARE exposing your server to the general public (including all the less-than-honourable people out there). On that basis there is a risk and i'd look to close that soonest.
You should have a private DNS server running on your LAN that knows the private network addresses of your servers and clients. In this way any client should be able to connect directly to the server's LAN address, bypassing the public interface on your base station. I suspect that if you perform a DNS lookup on your server's hostname you get back its public address, right?

Adding USB ports to mac pro

Hi,
i was wondering if anyone knows if it's possible to fit more usb ports in the back of the Mac Pro?
I got my mac pro about 4/5 years ago, and could really use some more ports.
Thanks for any help and advice,
Tom

Linc Davis wrote:
What's wrong with using a hub?
A few things:
With a hub, all devices must share the bandwidth of the one built-in port the hub is on. If one device on the hub takes up all the port bandwidth, too bad for the others. Or they will fight it out. But with most types of USB cards, each individual port on the card gets full USB bandwidth...no conflicts.
You need to use up a built-in USB port to plug in a hub, so adding a 4-port hub only gives you 3 more new ports in reality. With a USB card, all card ports are in addition to the Mac Pro ports.
A hub needs to take up one more outlet on your power strip. Or two or three outlets if it has a big transfomer. A USB card uses the Mac Pro power supply directly with no additional messy power and data cables.
A hub probably doesn't cost that much less than a USB card, if there is any price difference at all, yet the card has so many more advantages.
About the only reason to not get a USB card is that you've already used up the slots in your Mac Pro.

Individual Ports vs Ranges

Similar Messages

Maybe you are looking for