ISE 1.2 and ACL's with multiple ports
When creating a DACL for my groups I used the Syntax " permit tcp any 192.168.20.0 0.0.0.255 eq 22 443" for one of my acl's inside the DACL and the syntax check validated it. When I pushed it to my groups it also worked but I have heard that this type of multiple port ACL in ISE is not supported. Does anyone know if this is accurate?
Thanks for the response but it's wrong. Cisco supports stacked ports in 1.2 for wired users. They carried over 1.1documentation to 1.2 and never updated it. We have it in writing from Cisco tac.
Similar Messages
-
Complex NAT and ACL issue with multiple VLANS
Hello Forum.
We have about 12 different VLANS behind an ASA 5515-x. One of those vlans contains a webserver and a DNS server (different machines, different IP addresses). ASDM 7.1.3
From outside the firewall, people need to be able to get to the webserver via http, https and a custom port (3390). From outside the firewall, no one needs DNS access.
From INSIDE the firewall, things are much more complicated. They need access to the DNS server from all VLANS and they need access to Webserver from all VLANS
The VLANS themselves are defined on the core switches, not the ASA The Vlan labels and network subnets increment by 5 (except in the first 5 numbers) and the VLAN subnets are equal to the vlan name. So for example VLAN 10 is on the 10.10.10.x subnet, vlan 20 is on the 10.10.20.x subnet, and so on. Each subnet is 24 bits
WHAT WORKS:
Outside_in: http, RDP work fine. Pretty sure I will be able to get https myself, so not looking for help there
Inside_in: traffic from vlan 10 to vlan 5 works fine, but I think that is in part to the any any allow rule on the vlan 10 interface. Apart from that, all vlans can get out to the web, but they cannot get proper DNS resoliution or access the webserver across vlans
I have looked at the access lists, I have looked at NATting the DNS, but it is not working, and I am not sure why. Any assistance would be appreciatedTried that, no joy. It said that the problem was a NAT issue, but I cannot figure it out. The NAT rule looks right, but is not because it doesn't work
-
is there any way to send sms by a connected iPhone to computer ? if so does it need any special application and program ? with witch port ? thank you.
Hi, Santosh..., and welcome to the Community,
I would recommend testing the SMS reply forwarding to your mobile number. Depending upon the results and if this works for you, you could then contact Skype Customer Service to cancel and request a refund.
In other words, SMS will be received via your mobile number, not via your Skype Number.
Regards,
Elaine
Was your question answered? Please click on the Accept as a Solution link so everyone can quickly find what works! Like a post or want to say, "Thank You" - ?? Click on the Kudos button!
Trustworthy information: Brian Krebs: 3 Basic Rules for Online Safety and Consumer Reports: Guide to Internet Security Online Safety Tip: Change your passwords often! -
OLAP on 11g and Materialised Views with Multiple Value-Based Hierarchies
Hello OLAPians
I am trying to setup Orable BIEE to report on an OLAP cube with pre-aggregated data. As OBIEE is not able to hook into the OLAP directly i have to create an SQL cubeview.
Currently i am on a 10g OLAP environment and am using the oracle sample SQL cubeview generator to create an SQLview of my cube.
The cube itself has multiple dimensions and these dimensions have multiple VALUE-based (ragged) hierarchies and dimension members can be shared across hierarchies also.
Initially i had a problem running the view generator plugin because there is a bug within it that does not finish if there are multiple value-based hierarchies present. I was able to get around this by manually editing the limitmap for the cubeview and manually creating the SQL view.
The question that i want to ask is how robust is the 11g materialised views with multiple value-based hierarchies and the sharing of dimension members across different hierarchies?
Has anyone successfully been able to create a cubeview and import it into OBIEE without the hassle of manually editing the limitmap?
A problem arises with the value-based setup whereby if the client creates a newer depth in the ragged hierarchy, i need to manually create the limitmap and the cube-view over again, and then re-map the BI Administration mappings.The simple answer to your question,
how robust is the 11g materialised views with multiple value-based hierarchies...?is that materialized views are not supported on top of value-based hierarchies in 11g. The reason is that it is not possible to write a reasonable SQL statement that aggregates a fact over a value-based hierarchy. Such a SQL statement is necessary if we want to create a rewritable MV on top of the cube.
But I suspect this is not what you are really asking. If you are trying to set up OBIEE on top of the cube in 10g using the view generator, then you will probably want to use the "ET VIEWS" that are generated automatically in 11g. These are generated whether or not you enable materialized views on top of your cube. I am not aware of any issues with the generated value-based hierarchy view support in 11g. Members may be shared between value hierarchies and you will not need to generate or modify limit maps. -
How to set WPA and WPA2 security with multiple AEs
Hi Everybody,
I have purchased a second AE and with the help of Alan Summers was able to set them all up for multiple speakers use in iTunes. In order to make them run I had to downgrade security settings to 40-bit WEP which is not really satisfying. My Airport Admin. Utility was still 4.0, so I tried 4.2 which offers the use of WPA and WPA2 with multiple AEs. Upgraded to 4.2 and switched off security settings first. Both AE are recogniced and speakers of second AE also show up in iTunes but I cannot connect to them. Since it didn't work without security settings, I didn't even try with it and went back using 4.0. All other firmware is up-to-date:
AirPort Express 6.3
iTunes 6.0.2
Intel(R) PRO/Wireless 2200BG Network Connection 9.0.3.0
Any advice would deeply be appreciated!
BTW - if it works, it's maybe the greatest sound experience I ever had. Music all over the place!!
Best regards
RomanFound it!!
1) upgrade Airport Admin. Utility to 4.2
2) set second AE as "remote base station" and not in "client mode" (that's the clue!!)
3) follow instructions and type in MAC address of main base station
4) choose a channel (doesn't matter which one, just has to be the same on both AEs)
5) choose your personal WPA and WPA2 password (same on both AEs)
6) restart both AEs
7) enjoy the music all over the place!
Best regards
Roman -
How to insert autoincrement record and query it with multiple keys
Hi all,
I am not familiar with BerkeyleyDB, I am now doing a project that needs to insert records and then query it out with multiple keys at later time. Since there is no field that can be distinct primary key, I want to user DbSequence as auto increment primary key to db, and set other index keys as secondary db, then using join cursor to do query with multiple keys.
I don't know how to use DbSequence, can anyone direct me to a example of using DbSequence as auto increment primary key?
Regards
-BruceI figured out the method to insert record with auto increment primary key. I listed the code block below:
char m_SeqNamePositions[32] = "MyPositions";
DbSequence *m_pSeqPositions;
m_pDBPositions = new Db(NULL, 0);
m_pDBPositions->open(NULL, pszFileName, szFileName, DB_BTREE, DB_CREATE, 0); // 无数据文件
m_pSeqPositions = new DbSequence(m_pDBPositions, 0);
Dbt key((void *)m_SeqNamePositions, (u_int32_t)strlen(m_SeqNamePositions));
m_pSeqPositions->open(NULL, &key, DB_CREATE);
db_seq_t SeqNum;
m_pSeqPositions->get(0, 1, &SeqNum, 0);
Dbt key((void *)&SeqNum, (u_int32_t)sizeof(SeqNum));
Dbt data(pRecord, sizeof(*pRecord));
return m_pDBPositions->put(NULL, &key, &data, DB_NOOVERWRITE);
m_pSeqPositions->close(0);
m_pDBPositions->close(0);
delete m_pSeqPositions;
delete m_pDBPositions;
m_pDBPositions = NULL; -
Extended access list with multiple ports
Hello All,
I have a problem with my Cisco Catalyst 4503-E when i try to configure an extended access lists with multipleports.
I receive the following message:
The informations of my Switch are the following:
Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500-IPBASE-M), Version
12.2(52)SG, RELEASE SOFTWARE (fc1)
Please help me to resolve this problem.
Best regards.Thank you Alex for your response.
Yes, this is an example:
permit tcp 192.168.1.0 0.0.0.255 host 192.168.2.1 eq 135 389 636 445 3268 3269 domain 88
I have more ACLs and each ACL contains more conditions with multiples Por -
ACE: a class-map with multiple ports... what about the probe/serverfarm?
Hello Gilles,
One question about something I was not able to find in the documentation.
Lets say I have one class-map which includes 2 ports (in this case https and 5061).
Can I associate this class-map to just 1 generic serverfarm and probe for both ports or I have to specify 2 serverfarms/rservers/probes?
So, by not specifying the ports on the rserver, if a request is received on port 443 (or 5061), it is sent to the same respective port on the rserver?
The same way is valid for the generic probe. ACE module is able to probe both ports based on the class-map?
Thanks and have a great day!!
Giulio.
probe tcp PROBE_GENERIC_TCP
description This probe works for all TCP services by inheriting the VIP port.
interval 15
faildetect 2
passdetect interval 15
passdetect count 2
open 2
rserver host SERVER1_ACCESS
ip address <1AC>
inservice
rserver host SERVER2_ACCESS
ip address <2AC>
inservice
serverfarm host ACCESS-SFARM
probe PROBE_GENERIC_TCP
rserver SERVER1_ACCESS
inservice
rserver SERVER2_ACCESS
inservice
class-map match-any OCS_L4ACCESS
2 match virtual-address x.x.x.176 tcp eq https
2 match virtual-address x.x.x.176 tcp eq 5061
policy-map type loadbalance first-match OCS_L4ACCESS
class class-default
sticky-serverfarm ACCESS_STICKY
policy-map multi-match POLICY
class OCS_L4ACCESS
loadbalance vip inservice
loadbalance policy OCS_L4ACCESS
loadbalance vip icmp-reply active
connection advanced-options OCS_VIPTIMEOUT
nat dynamic XXX vlan 503Even if you use the 4710 appliance or expect the inheritance in the module software, it's worth considering if this is really what you want. If you keep multiple ports in the L3/L4 class-map you can't handle the services independently. You will have a common serverfarm for both https and 5061. If https service stops on one rserver, the ACE will place that rserver (and not that service) in out-of-operation state and it won't receive any 5061 traffic either. (You have the fail-on-all probe option but I wouldn't say it's a better choice. In that case, https traffic would be sent to the rserver even if https port is closed as long as there is at least one working service on it.) That's why I prefer a separate class-map and separate serverfarm for each service. (They can contain the same rservers, no need to duplicate.) BUT if the software supports probe port inheritance, you can benefit from it even in this scenario: serverfarm-443 and serverfarm-5061 can both use your PROBE_GENERIC_TCP.
-
Just purchased Wndows Vista and having problems with the port for Palm 125
I just purchased a Windows Vista computer and having problems with getting my Palm 125 to sync with the desktop. I get an error message saying: "Com1 not available" What do I do?
Thanks,
Frustrated
Post relates to: Palm m125
This question was solved.
View Solution.Sorry, that didn't work. I get no drop down menu from the Hot Sync Manager for the Serial Port. What comes up often is: "The selected port, COM1, is not available at this time. Hot Sync Manager will open the port when it becomes available."
Could it be the Norton Antivirus Firewall that is preventing the Hot Sync Manager to open the Serial Port? Just a thought. Thanks for your help.
Post relates to: Palm m125 -
I have an iMac with 2 internal drives and a multiple user account set-up. Hw do I create a path to store data files on the second drive within an application?
This is the Mac mini forum not the iMac forum however...
Applications written for average users like Photoshop, Word, i.e. GUI based applications provide a 'Save' dialog box which while allow selecting second drives or any drive. The dialob box initially shown might be in the simple mode but you just need to click on the triangle to show the full set of options. You should then see the different drive names amongst other options.
If your referring to an application your writing yourself then you need to build a pathname. This can be in one of two styles depending on the programming system your using. This could be a POSIX style path or a Mac style path.
POSIX = /Volumes/volname/foldername
Mac style = Volname:foldername: -
Text elements and key figures with multiple restrictions
Hi,
I'd like to display text elements in my query according to the restricted key figures in it. There is a restricted key figure used multiple times with different base of restriction. (For exmple Sales in the past week and yesterday.)
KF restricted by <i>actual calendar week</i>, and
KF restricted by <i>actual calendar day</i>
When displaying text elements, only calendar week appears, however, if KF restricted by calendar week is removed from the query, calendar day is being displayed. (I suppose that both time characteristics are taken as filter values.)
Is that possible to display both filter values at once? Or at least calendar day meanwhile still having the week-based restriction in the query?
Thanx in advance,
GaborOne option would be to not use the *MVAL keyword and load the amount and quantity in separate Data Manager package imports wherby you can easily assign the NA to the appropriate dimension. When you import amount -- assign NA to P_UNIT and when you import quantity -- assign NA to P_CURRENCY.
However I suppose you would prefer to have one import process. Unfortunately I think you will have to find an ABAP custom solution by calling the END_Routine BADI from the transformation file to deal with the currency and unit dimensions.
Best regards,
[Jeffrey Holdeman|http://wiki.sdn.sap.com/wiki/display/profile/Jeffrey+Holdeman]
SAP Labs, LLC
BusinessObjects Division
Americas Applications Regional Implementation Group (RIG) -
Captions and no captions with multiple slideshows (a bug in idvd 6?)
Hi,
I am having a problem with the captions option in multiple slideshows, and am wondering if this a bug within idvd 6. My project has two slideshows which I created within idvd because I wanted the manual option of forwarding through your slides on tv. I have one slideshow with captions selected and the other has captions deselected. Both slideshows preview correctly in idvd, but when I burn the dvd to a disk, I either get both slideshows with captions or both without. The only way around this was to select captions for both slideshows and then manually delete the captions out of the slideshow that I didn't want them to appear. Is this a known glitch with idvd 6?I foolishly tried this on a separate Mac on a different library, that one with 22000 images that I had not edited (since the old iPhoto would just die a slow death on that sized library).
I actually only spent the money for iPhoto 6 (iLife's remainder package did not have any compelling use for me right now) and its ability to handle 25000 images.
Well, it is faster (i.e. it does not go to sleep for 12 minutes) if I click the scroll button but the blank images problem showed up there also. And ALL of those pictures were standard jpgs and not one was from a weird camera or ever modified or otherwise tweaked if that were an excuse for iPhoto 6 misbehaving with some pictures.
VERY annoying and very strange that they would not see this in Beta testing. Assuming they do test. So, folks, if you are planning to buy iLife for iPhoto, be forewarned. I will add this to my TO BUY OR NOT TO BUY blog entries at http://imran.com/media/blog/ so people are aware.
regards
Imran -
Using compactRIO and NI-CAN with multiple NI 9853 ports simultaneously
Here's my problem. I need to receive and log J1939 channel information on 4 seperate CAN buses IN REAL TIME. I have a CompactRIO with 2 x NI 9853 giving me a total of 4 CAN ports. Using the example "CAN Channel Receive" included with the CompactRIO I can see this is very easy to do on one CAN port using the CAN256 and CAN257 virtual interfaces in conjunction with the Channel and Frame APIs. However, I need to do this very same thing 4 times simultaneously on 4 different CAN ports and I only have available 2 virtual CAN interfaces. In order to do this on 4 physical CAN ports, I need 8 virtual CAN interfaces apparently. In other words I need a CAN258, CAN259, CAN260, CAN261, CAN262, and CAN263.
I know that it's possible to simply log the raw CAN messages and post process them to get channel information, but I'd rather not do this. I'd rather receive the CAN messages and log the channel data in real time if possible. Is this even possible on the CompactRIO and is this the only way to do it (using virtual interfaces)? Why don't the CAN ports on the NI 9853 modules show up as CAN interfaces in MAX. If they did, that would solve my problem and I wouldn't have to screw around with the virtual interfaces. What's the use of being able to use multiple NI 9853 modules if you can only utilize the Frame and Channel APIs on one of the CAN ports at a time?
Any help would be appreciated. Thanks.Hi,
Well the driver has only one pair of virtual Interfaces for Frame to channel conversion, so you have to make changes on the cRIO part of your application.
Try to bundle all messages from all 4 ports in one stream of data and use DMA technologie to transmit the data to the host for processing. If you have one stream of data, you should be able to do the conversion with the virtual interfaces you have.
The only risk i see is the performance for the virtual interfaces. It depends on your Busload, whether or not the controller is able to convert the streamin realtime.
Hopefully you work with an R-series Board. ;-)
Attached you can find an picture for an example of bundling two ports together for receiving one stream using DMA.
Hope that helps
DirkW
Attachments:
Receive_CAN_FPGA.zip 41 KB -
Organizing and Storing Photos with Multiple Users
I am new to the Imac and have a boat load of photos from previous PC. I have successfully migrated them to the IMAC and started using Iphoto. I also have several user accounts for the imac for the family but want to be able to share all the photos across the user accounts. What is the best way to do this without having duplicate files.
I started by coping all the photos in a Shared folder directly under the user folder that everyone has access to. I now have been in my user account and dragged and dropped in my photo library. Things seem to be working however it appears I have now two copies on my hard drive. One set in the share folder where I have originally copied them to from the pc and another set in my photos folder on my user account. I'm afraid as the other users do the same to I, we will have 3 to 4 copies... and with the number of photos I have I scared I won't have the disk space.
How else can I manage all the photos in a single location while having multiple users be able to access them.
Thanks in advance.
JasonI also have several user accounts for the imac for the family but want to be able to share all the photos across the user accounts. What is the best way to do this without having duplicate files.
Put them in the Shared folder as you have done. Now any user can access the files. It's basic but simple.
However, if you want to use iPhoto (and it's neither necessary nor compulsory) then you need to put the Library on an external disk formatted Mac OS Extended (Journaled) and set to ignore permissions. -
10g rman database and archivelogs backup with multipled archlog destination
I would like to use the 10g database and archivelogs backup statetement
backup database plus archivelog;
I would like to restrict the location of the archivelogs backed out as I am multiplexing the
archivelogs
I did not find a LIKE statement and the backup database plus archivelog
Did i miss something
patrick boulayI meant backup
I just want to restrict rman form backing up the two location using the 'one shot' 10g syntax
I used to backup using two steps
1) datafile
2) archlogs with a LIKE expression to tell Rman where to find the archlogs
1+2 with autobackup of control+spfile
the 'backup database plus archivelog ' syntax does accept a 'LIKE' expression
patrick
Maybe you are looking for
-
It still has all his music, even though it is supposedly "deauthorized" and won't work with my iPod without erasing my information. Has anyone encountered this problem, and does anyone know how to fix it?
-
Hi, Currently, I am working on evaluating Sun ONE Studio 7 IDE Enterprise Edition. We'd like to use the IDE for a coming up project, which will be written in C++. I was be able to create a small project to exercise all the features of the IDE such as
-
Firefox software update won't run with parental controls
Running mac 0S X 7.5, firefox has recently been updated 27.0.1 I have parental controls in place on my child's account on the mac. When that account is running and attempt to open firefox a dialog box appears saying the account does not have permissi
-
Contact Manager Sample Application
Hi Guys, I'm getting this error messages when I loaded contactmgr.mxml [MessagingError message='No service is configured to handle messages of type 'flex.data.messages.DataMessage'.'] at mx.messaging.config::ServerConfig$/getServiceIdForMessage() at
-
No coupon/alerts for joining GCU?
Hi, I joined GCU last week, but never received any confirmation, the 2-for-1 coupon, or anything else via e-mail (I check the spam folder, too). I can see the 20% discount working on the site, but what should I do about the rest?