ISE MAB authentication license usage

Hello all. If I need ISE to authenticate wireless user MAC addresses (MAC Address bypass) in order to facilitate central web authentication - does every concurrent device MAC address that accesses my guest wireless SSID and gets forwarded to ISE for authentication use up a license?
I have many users with smart phones and tablets that have the guest wireless SSID profile already saved and automatically connect to the guest SSID when in range. Most of these users do not go on to log in via central web authentication, but their MAC addresses get forwarded to ISE for authentication. Does ISE use up a license per MAC address?
Thanks,

Hello-
Please take a look at the following link:
http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/installation_guide/ise_ig/ise_app_d_man_license.html
So, in your situation, a license will be consumed even though the user never authenticates. This is because a license is consumed as soon as a session hits a rule in your AAA ISE policies. However, you can from the document that as soon as the session times out the endpoint would free the license. If for some reason an "accounting-stop" message is not received then after 5 days of inactivity the system will automatically free the license. 
Hope this helps!
Thank you for rating helpful posts!

Similar Messages

  • ISE mab authentication with Avaya/Nortel switches

    Currently using Cisco ISE 1.1 to authentication both dot1x and mab from Cisco switches. Both features are authenticating properly.
    When we use a Nortel/Avaya switch for the authenticator, we are unable to authenticate using mac bypass (non-eap (or neap) in Avaya talk..). The correct authentication policy is found in the ISE, but the mac address is not found in the database. We know it is there because the same mac is authenticating with the Cisco switch. Dot1x authenticates properly from both the Cisco and Avaya authenticators.
    Could this be an issues with the username/password format in the Radius packet from the Cisco?
    Thanks in advance for any assistance.
    -Kurt

    As requested...
    http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fet
    chBugDetails&bugId=CSCuc22732
    MAB works from a cisco switch because the cisco switch places the mac address in the calling-station-attribute and the user-name attribute. The Cisco ISE platform is looking at the calling-station attribute to find the user name.This is the problem.
    The radius RFC says the user name must be in the user-name attribute. The calling-station-attribute is not a required field and is used for the phone number of a voip phone. Basically, the ISE platform is looking at the wrong field for the mac address.

  • Cisco ISE 1.3 MAB authentication.. switch drop packet

    Hello All,
    I have C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(55)SE9, RELEASE SOFTWARE (fc1) switch..
    and ISE 1.3 versoin..
    MAB authentication is working perfectly at ISE end.. but while seeing the same at switch end.. I am seeing switch is droping packet on some ports..
    while some ports are working perfectly..
    Same switch configuration is working perfectly on another switch without any issue..
    Switch configuration for your suggestion..!!
    aaa new-model
    aaa authentication fail-message ^C
    **** Either ACS or ISE is DOWN / Use ur LOCAL CREDENTIALS / Thank You ****
    ^C
    aaa authentication login CONSOLE local
    aaa authentication login ACS group tacacs+ group radius local
    aaa authentication dot1x default group radius
    aaa authorization config-commands
    aaa authorization commands 0 default group tacacs+ local
    aaa authorization commands 1 default group tacacs+ local
    aaa authorization commands 15 default group tacacs+ local
    aaa authorization network default group radius
    aaa accounting dot1x default start-stop group radius
    aaa accounting exec default start-stop group tacacs+
    aaa accounting commands 0 default start-stop group tacacs+
    aaa accounting commands 15 default start-stop group tacacs+
    aaa accounting network default start-stop group tacacs+
    aaa accounting connection default start-stop group tacacs+
    aaa accounting system default start-stop group tacacs+ group radius
    aaa server radius dynamic-author
     client 172.16.95.x server-key 7 02050D480809
     client 172.16.95.x server-key 7 14141B180F0B
    aaa session-id common
    clock timezone IST 5 30
    system mtu routing 1500
    ip routing
    no ip domain-lookup
    ip domain-name EVS.com
    ip device tracking
    epm logging
    dot1x system-auth-control
    interface FastEthernet0/1
     switchport access vlan x
     switchport mode access
     switchport voice vlan x
     authentication event fail action next-method
     --More--         authentication host-mode multi-auth
     authentication order mab dot1x
     authentication priority mab dot1x
     authentication port-control auto
     authentication violation restrict
     mab
     snmp trap mac-notification change added
     snmp trap mac-notification change removed
     dot1x pae authenticator
     dot1x timeout tx-period 10
     spanning-tree portfast
    ip tacacs source-interface Vlan10
    ip radius source-interface Vlan10 vrf default
    logging trap critical
    logging origin-id ip
    logging 172.16.5.95
    logging host 172.16.95.x transport udp port 20514
    logging host 172.16.95.x transport udp port 20514
    snmp-server group SNMP-Group v3 auth read EVS-view notify *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF7F access 15
    snmp-server view EVS-view internet included
    snmp-server community S1n2M3p4$ RO
    snmp-server community cisco RO
    snmp-server trap-source Vlan10
    snmp-server source-interface informs Vlan10
    snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
     --More--         snmp-server enable traps tty
    snmp-server enable traps cluster
    snmp-server enable traps entity
    snmp-server enable traps cpu threshold
    snmp-server enable traps vtp
    snmp-server enable traps vlancreate
    snmp-server enable traps vlandelete
    snmp-server enable traps flash insertion removal
    snmp-server enable traps port-security
    snmp-server enable traps envmon fan shutdown supply temperature status
    snmp-server enable traps config-copy
    snmp-server enable traps config
    snmp-server enable traps bridge newroot topologychange
    snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
    snmp-server enable traps syslog
    snmp-server enable traps mac-notification change move threshold
    snmp-server enable traps vlan-membership
    snmp-server host 172.16.95.x version 2c cisco
    snmp-server host 172.16.95.x version 2c cisco
    snmp-server host 172.16.5.x version 3 auth evsnetadmin
    tacacs-server host 172.16.5.x key 7 0538571873651D1D4D26421A4F
    tacacs-server directed-request
     --More--         tacacs-server key 7 107D580E573E411F58277F2360
    tacacs-server administration
    radius-server attribute 6 on-for-login-auth
    radius-server attribute 25 access-request include
    radius-server host 172.16.95.y auth-port 1812 acct-port 1813 key 7 060506324F41
    radius-server host 172.16.95.x auth-port 1812 acct-port 1813 key 7 110A1016141D
    radius-server host 172.16.95.y auth-port 1645 acct-port 1646 key 7 110A1016141D
    radius-server host 172.16.95.x auth-port 1645 acct-port 1646 key 7 070C285F4D06
    radius-server timeout 2
    radius-server key 7 060506324F41
    radius-server vsa send accounting
    radius-server vsa send authentication
    line con 0
     exec-timeout 5 0
     privilege level 15
     logging synchronous
     login authentication CONSOLE
    line vty 0 4
     access-class telnet_access in
     exec-timeout 0 0
     logging synchronous
     --More--         login authentication ACS
     transport input ssh

     24423  ISE has not been able to confirm previous successful machine authentication  
    Judging by that line and what your policy says, it appears that your authentication was rejected as your machine was not authenticated prior to this connection.
    first thing to check is whether MAR has been enabled on the identity source. second thing to check is whether your machine is set to send a certificate for authentication. there are other things you can look at but I'd do those two first.
    log off and on  or reboot and then see if you at least get a failed machine auth on the operations>authentication page and we can go from there. 

  • License usage

    Hi Folks,
    Well I thought I was pretty happy with licensing, and what I understood was:
    1. Licensing is based on number of concurrently active users.
    2. An advanced license is used if an endpoint is allocated an authentication profile based on a rule which uses profiling information/posturing.
    This shows my currentl licensing page:
    and here's a summary from the front page:
    Don't these two already contradict each other?
    I've no idea where 28 advanced licenses have been used. No posturing in place, fairly simple setup, dot1x certs and MAB. Any tips for troubleshooting license usage?
    Ver 1.1.4 Patch 3

    bikespace,
    In ISE 1.1.x, Advanced license is the count of postured, BYOD, or profiled endpoints
    that are active in session directory.
    You can make use of this API reference guide to check the Active session count.
    http://www.cisco.com/en/US/docs/security/ise/1.1/api_ref_guide/ise_api_ref_ch2.html#wp1068744
    The API to check for Active Session count is as follows :
    https://MNTise-node-name/ise/mnt/Session/ActiveList
    Looks like issue with Dashboard query . Dashboard might be taking the count of stale Endpoint sessions as well.

  • IP address in ISE live authentication after vlan change

    Hi all,
    on ISE live authentication dashboard we can see IP address of the client (known from FRAMED-IP-ADDRESS).
    But what about vlan change and the situation when client gets new IP address after relocation to different vlan.
    Live logs shows only the first IP address - client mapping (from the guest vlan), after authorization new vlan and dACL is assigned but logs don't include new IP address.
    session ID is the same all the time.
    so maybe ip helper or other trick?
    regards

    thx for reply.
    I added "aaa accounting update newinfo" and I'll see tommorow how it works with anyconnect and 802.1x.
    Meanwhile I think I must clarify what I meant
    Not all logs have IP address present in live authentication (this is MAB for test only)
    the situation with 802.1x and anyconnect is a bit better cause there are IP addresses but only from the first dhcp address assignment (authentication open with default ACL). Then if the policy changes vlan and the client gets new IP address from different scope we have wrong information in this log.
    but getting back to our MAB...
    details of this entry looks like:
    so this is probably the reason that no IP address is visible it was too soon for MAB to get this info and send it as framed IP address (according to this config command "radius-server attribute 8 include-in-access-req")
    nevertheless clicking the accounting details (from the 2nd screenshot)
    we see that this information is present
    so my first question is on which stage this column is fulfilled? only when "FRAMED-IP-ADDRESS" is send in radius-request? or from accounting?
    maybe ISE should dynamically modify this record after each accounting newinfo message?
    regards

  • ISE MAB is not Triggered for Linux Host

    Hello,
    We have configured MAB for hostst that do not support 802.1x, and in general working for most of the devices. For Some linux machines however, MAB is never triggered, i.e "debug mab all" and "debug radius" commands do not produce any output for the port. "show authentication session interface" command shows the 802.1x fail over to MAB, and after it MAB process starts to run but stays in running state without finishing.
    If we put another MAB host as Windows 7 or XP or Printer, it works properly passsing tthe MAB Authentication and assigned Vlan. If we put the port as to the normal "switchport mode access" and "switchport access vlan x", the device shows up in the MAC address table of the switch, and starts to work.
    As additional steps we have configured "authentication mode open" and "dot1x control-direction in" inorder to trigger or start the MAB Process allowing the packets out, but the "show interface " command the input packets counter remains 0, although output packet counters seem to increase continously to 1000 and above.
    The IP Addresses are static, and it is a requirement, so dhcp may trigger MAB but this is not a choice currently.
    IP device tracking is enabled, but again this did not change anything
    Any recommendations or workarounds for this Problem? Although seems an endpoint issue, that it never produces a single packet  , there may be some
    solutions to trigger MAB or learn the switch the Mac address of the Linux host, i.e. keepalive. We are also looking at the host side,
    The port configuration is:
    switchport access vlan 98
    switchport mode access
    ip access-group ACL-ALLOW in
    authentication event fail action next-method
    authentication event server dead action reinitialize vlan 97
    authentication event server alive action reinitialize
    authentication host-mode multi-auth
    authentication open
    authentication order dot1x mab
    authentication priority dot1x mab
    authentication port-control auto
    authentication periodic
    authentication timer reauthenticate server
    authentication violation restrict
    mab
    dot1x pae authenticator
    dot1x timeout tx-period 10
    spanning-tree portfast
    Thanks in Advance,
    Best Regards,

    Hi Ravi,
    Since the linux is some kind of embedded linux, we could not get the tcp dump on the PC itself, but tried to see what is going on with a span of this port. What is interesting is that the machine does not produce even a single ethernet or IP packet and remains completely silent. (We thought dhcp would be solution but the configuration file only allows to statically assign IP address).
    What we think is that somehow the machine starts to send packets after receiving a packet like Wake on LAN or arp. As you see on the port configuration the machine starts in Vlan 98, so in this Vlan it is not possible to get this packet from any other hosts on the same IP subnet since the IP of the host is Vlan 6. But in order to ISE to assign this Vlan 6 to the port with MAB, Mac Address of the host needs to be authenticated, which is not occuring because of the silence problem.
    As a workaround to a similar problem, we changed the "switchport access vlan 98" to "switchport access vlan 6" and with this configuration the Mac address is learned and the host is authenticated by ISE and port is assigned to Vlan 6 dynamically which is observed on "show authentication session interface" command output. This is also not accepted because the access port configuration is required to be as standard as possible due to changing of the cabling frequently. So every MAB host should start with a PreAuthentication Vlan, and go to final Vlan after Authentication and authorizaiton with Posture checking or profiling.
    As a second workaround these kind of machines are being worked on supporting dot1x, but this is a tedious process because often you need to escalate to the producer, and enhancement requests often prolong to be confirmed or denied.
    Since we meet this problem also with some Printers, we think this is a problem of the TCP/IP Stack of the Operating System of the host. We are searching if there can be some mechanism to be able to make the host start conversation with a packet through a keepalive or some other protocol (or a script)  that can be enabled.
    Best Regards,

  • WLC, ISE certificate authentication issue

    Hi Folks,
    This is the setup:
    Redundant pair of WLC 5508 (version 7.5.102.0)
    Redundant Pair of ISE (Version 1.2.0.899)
         The ISE servers are connected to the corporate Active Directory (the AD servers are configured as external identity sources)
         There is a rule based authentication profile which queries the AD identity source when it receives wireless 802.1x authentication requests.
    A corporate WLAN is configured on the WLC:
    L2 security WPA+WPA2 (AES Encryption), ISE server 1 and 2 configured as the AAA Authentication servers.
    This is all working correctly - I associate to the Corp WLAN (Authentication WPA2 enterprise, encryption AES CCMP, 802.1x auth MS-CHAPv2 using AD credentials) ... I can see the authentication request being processed correctly by the ISE, and I get access to the network.
    The client I am working for wants to restrict access to the WLAN to users who have been allocated a certificate from the corporate CA, and this is where I am having issues.
    I took a test laptop, and requested a new certificate (mmc, add snapin, certificates, current user, personal, request new cert).   
    The cert that was issued was signed only by a Corporate AD server with CA services (there is nothing in the certification path above the cert I was issued, apart from the issuing server itself).   I changed the security settings of my connection to the corp wlan (using TLS instead of mschapv2, and pointing to the certificate I requested)
    Initally authentication failed because the ISE did not trust the CA that provided my certificate (the ISE radius authentication troubleshooting tool had this entry: '12514 EAP-TLS failed SSL/TLS handshake because of an unknown CA in the client certificates chain').
    I exported the issuing CA's root certificate (followed this process http://support.microsoft.com/kb/555252), and imported the cert into ISE (administration, system, certificates, certificate store, import) - status of the cert is enabled, and it is trusted for client auth.
    After I did this, I could no longer associate to the Corp WLAN.  
    My laptop's wireless management software logs were filled with messages saying that the authentication server did not respond.   
    The ISE troubleshooting tool reported no new failed or successful authentication attempts.   
    Strangely though, the WLC log had a lot of entries like this: 'AAA Authentication Failure for UserName:host/laptop_asset_tag.corp.com User Type: WLAN USER'.
    It looks like the WLC is trying to locally authenticate my session when I use TLS, rather than hand off the authentication request to the ISE.    Other users who authenticate using their AD credentials only (as I described above) can still authenticate ok.
    Anyone able to shed some light on where I have gone wrong or what additional troubleshooting I can do?
    Thanks in advance,
    Darragh

    Hi,
    I had the same issue with microsoft CA and running ISE 1.1.4. The CA file was "corrupted", but you didn't see it at first glance. You can verify if the client CA matches the root CA via openssl.
    Try to export the root CA and the issuing CA in a different format (Base64), import both root and issuing into ise and check if that works. Also check if "Trust for client authentication or Secure Syslog services" in the Certificate Store -> CA -> Edit, is set.
    If this does not work, try to import the CA into another system and export it, then import into ISE.
    Regards,

  • ESW 520 802.1x MAB authentication problem

    Hello,
    I am having problem with 802.1x MAB authentication on ESW 520 switch, the authentication server is ACS 5.3.
    The Authentication method on ESW is 802.1x & MAC, and Host Authentication mode is Multi Session. When i plug ip phone it never authenticate the phone, and on ACS I get following error message:
    Radius authentication failed for USER: aa1effbb8fd4  MAC: aa-1E-FF-bb-8F-D4  AUTHTYPE:  Radius authentication failed
    RADIUS Status:Authentication failed    : 11509 Access Service does not allow any EAP protocols
    15004  Matched rule
    15012  Selected Access Service - MAB
    11507  Extracted EAP-Response/Identity
    11509  Access Service does not allow any EAP protocols
    11504  Prepared EAP-Failure
    11003  Returned RADIUS Access-Reject
    For that Access Service I have configured only Host Lookup.
    The same ACS configuration is working perfectly on Catalyst 3560G switche.
    It seems that ESW switch is not telling ACS that authentication is going to be by MAC address.
    Do you have any idea what can be the problem.

    Are you hitting the same selection rule? Also is "mab eap" configured globally on the switch, or on the port itself?
    Also can you post the port configuration and the show ver of the ESW?
    Thanks,
    Tarik Admani
    *Please rate helpful posts*

  • Cisco ISE - expired demo license alarm

    Hi,
    We are implementing Cisco ISE 1.2.0.899 and have an alarm reporting expired license. This alarm refers to the Advanced License demo and is therefore a false positive.
    This issue is that we cannot remove the demo icense and stop the root cause of this false positive alarm.
    Does anyone has an idea?
    Thanks in advance.
    Regards,
    Telmo Oliveira

    Please refer the discussion below
    https://supportforums.cisco.com/discussion/12059041/ise-advanced-eval-license-alerts-after-full-base-install

  • Logged-in Resources stat not the same as license usage

    Hello,
    If I look in Real-Time Reporting, the number of logged-in resources is 29.  If I go on the CLI and run show uccx cad license usage, it's telling me that there are 26 licences in use.
    What's the reason for the difference?
    I've tried counting the supervisors, but that doesn't give me the difference.

    Hi Jemima,
    Could you please cross check wih the UCCX's Real Time reporting ,Overall Cisco Unified Contact Center Express Stats report.
    To access the Overall Unified CCX Stats report, choose              Reports                   > Overall Cisco Unified Contact Center Express                     Stats from the Application Reporting menu bar.
    Number of resources currently logged in.
    This will give the accurate results.
    Hope this helps.
    Anand
    Please rate helpful posts !!

  • System Measurement: Measure and report license usage - System Type

    After a 'system copy' to create  new DEV and QAS PORTAL systems from a copy of PROD the USMM (System Measurement: Measure and report license usage) process identifies the System Type of the new systems as PROD.
    This was first noticed when performing a 'License Audit'.
    System Type:      PROD
    (Ex:   URL http://<server>:<port>:50000/usmm)
    Where can the 'System Type' be changed after a 'system copy'?

    Hi,
    You can change the System Type in Visual Admin under service Licensing Adapter.
    Thanks
    Sunny

  • License Usage on CWMS Version1.5 - 50 Port Deployment without IRP

    I am not able to understand how the license usage is being accounted in CWMS 1.5.
    Currently  I have deployed CWMS - 50 Port without IRP. The CWMS 1.5 is integrated  with CUCM 7.X. There are 3 hosts configured on the system and the  license count is increasing for every meeting that is scheduled. The  license count increases only when the first participants joins the  meeting.
    I have tested a few scenarios -
    1.  I have hosted a meeting and I joined only the teleconference, Other  participants joined the meeting and the license count increased by '1'
    2.  I have hosted another meeting at a different time and did not join the  meeting. Other participants joined the meeting and the license count  increased by '1'
    Please Note - In both scenarios the Atendees Join before host option was checked.
    I am currently refering the licenses usage scenarios posted on Cisco and has not found any resemblance.
    http://www.cisco.com/en/US/docs/collaboration/CWMS/b_planningGuide_chapter_0111.html
    Request your help in clarifying how the license usage counts increment.
    Thank you.

    Hi Joseph and Benjamin,
    I am not sure whether you have got the answer for this already, anyway, here is the explanation.
    There is a defect opened for incorrect license count shown in the CWMS dashboard. You can check the defect details in the link below,
    https://tools.cisco.com/bugsearch/bug/CSCul57521
    Our development team analyzed the above defect and identified the root cause of this issue as another defect. The defect details can be seen in the link below,
    https://tools.cisco.com/bugsearch/bug/CSCul03486
    To summarize the above two defects, sometimes, the telephonic session in CWMS doesn't end correctly and stays active through out. Hence, all the meeting initiated by this user will have one simultaenous meeting always. This is the reason, for licensing count getting increased even the meeting is scheduled in different date and time.
    Let me know if you need any further details.
    Regards,
    Hari

  • Consultation on License Usage Report.

    Hi;
    From one day to another, the "License Usage Report" section began the following message:
    "The system is operating With An Insufficient number of licenses. If additional licenses to cover the shortage are not configured in your Enterprise License Manager Within 59 days, you will no longer be able to provision users and devices."
    The query that I have is that the aggregate IP Phone says "Unassigned" then;
    Should I add a Onwed each User ID? What with that that message would be solved?
    image.
    regards

    refer the link which says
    Licenses in the non-compliant state for Unified Communications Manager are enforced after a 60-day grace period. At the conclusion of the grace period,Unified Communications Manager enforces non-compliance with the following service degradation:
    Devices and Users cannot be provisioned. Changing the configuration of a user that affects licensing (For example: the Enable IM and Presence and the Enable Mobility check boxes) is not allowed.
    Devices and Users cannot be de-provisioned. Any configuration changes that involve licensing (For example: disabling IM and Presence or Mobility) is allowed.
    you need to buy additional licenses to make the non-compliant phones work .
    http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/admin/9_1_1/ccmfeat/CUCM_BK_C3E0EFA0_00_cucm-features-services-guide-91/CUCM_BK_C3E0EFA0_00_cucm-features-services-guide-91_chapter_0100100.html
    regds,
    aman

  • 6120 Fixed Port License Usage

    I was looking around in the 6120 via cmd line and noticed that the "show license usage" output shows that there is an 8 port license but than none are in use. If that is the case do what does licensing the remaining 12 ports do? What happens if you use two of those for northbound Ethernet uplinks?
    show license usage
    Feature                      Ins  Lic   Status Expiry Date Comments
                                     Count
    FM_SERVER_PKG                 No    -   Unused             -
    ENTERPRISE_PKG                No    -   Unused             -
    FC_FEATURES_PKG               No    -   Unused             -
    ETH_PORT_ACTIVATION_PKG       No    8   Unused Never       -
    ETH_MODULE_ACTIVATION_PKG     No    0   Unused             -

    Hi..  I have a similar output in my lab setup. In my lab setup, i did not purchase any license and i can use port 19 and 20, in fact all of the ports. It looks like the license is base on trust and not really enforced.  Rgds Eng Wee

  • Show license usage output

    Hi Experts,
    Do you know where i can find reason as to why one of the MDS switches showing:
    FS1.DRC# show license usage ENTERPRISE_PKG
    Application
    ROnly Zoning
    But Nothing shows up for these two other switches.
    FS1# sh license usage ENTERPRISE_PKG
    FS2# sh license usage ENTERPRISE_PKG
    I have attached the "sh tech" output of this MDS switches
    Thanks in advance

    Hi,
    FS1.DRC have a zone with read-only attribute (EN12PR03_HBA0_SAN1DRC_SPA0) in vsan31, this vsan is not configured on the other switches.
    Rgds Filiph

Maybe you are looking for

  • HP Deskjet 3054A Wireless setup without access to router.

    Hey everyone, I own an HP Deskjet 3054A, and I would like to be able to print wirelessly. When I go through the wireless setup, it tells me to either: 1) enter a PIN on the wireless router or 2) Use WPS (Wireless protected setup). The problem is that

  • Trouble with a int parameter

    im haveing a problem grabing a integer parameter from a html page <PARAM name="parbg" value="1"> first i get incompatible types so i changed it now i get testmenu17.java:91: getParameter(java.lang.String) in java.applet.Applet cannot be applied to (i

  • Packaging in oracle lite webtogo 5.0.0..urgen

    I want to use webtogo for my application to work online/offline.. i am trying to use the packaging wizard for publishing all the objects to the mobile server. i have succeeded in publishing all my jsp's, servlets, beans and tables and sequences and v

  • Report with more columns than will fit on a page

    <p>I'm just beginning to use Crystal Reports (30-day Developer eval). I'm trying to create a report with more fields than will fit across one page. The "extra" fields seem to wrap on the first page. I'd really like to print the report across two page

  • Documentation button in initial screen is disabled.why?

    Hi guys:    I have the profile SAP_ALL and SAP_NEW,but when I login SAP system,Documentation button in initial screen is disabled.why,who can I use it ?