ISE tcp/8443 & 8905 from client
Hi,
Reading the port reference for ISE: http://www.cisco.com/en/US/docs/security/ise/1.2/installation_guide/ise_app_c-ports.html I see that port tcp 8443 & 8905 needs to be allowed from the client to PSN. I can't find the reason why. What is it used for? It say Discovery, but what kind of discovery?
Regards,
Philip
Please see the below link for detail information over TCP/UDP ports used by ISE.
http://www.cisco.com/en/US/docs/security/ise/1.0.4/install_guide/ise104_app_e-ports.html
Similar Messages
-
ISE No EAP response from Client
Hi,
So on the same switch, same port configuration, 1 users laptop has absoutely no issues authenticating on the port.
On another port, same configuration, I see the below error in ISE.
Same windows settings on both laptops regarding the 802.1x authentication.
No response received during 120 seconds on last EAP message sent to the client :
5411 No response received during 120 seconds on last EAP message sent to the client
Any ideas as to why or whats happening here?Verify that supplicant is configured properly to conduct a full EAP conversation with ISE. Verify that NAS is configured properly to transfer EAP messages to or from supplicant. Verify that supplicant or network access server (NAS) does not have a short timeout for EAP conversations. Check the network that connects the NAS to ISE. If the external ID store is used for the authentication, it may be not responding fast enough for current timeouts. For more information you can see the below link.
http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_81_troubleshooting_failed_authc.pdf -
Cisco 2504 as Anchor not passing TCP 8443
Hello,
I have a very strange scenario with 2504 WLC. It is deployed as an Anchor with 5508 as the foreign. In summary, my set up is as follows:
2504 - Anchor (version 7.6.120), Port 1- MGT, Port 2 - Guest subnet, No AAA Server, Internal DHCP server
5508 - Foreign (version 7.6.101.1, Guest interface (dummy, non-routable and no vlan on switch), MAC filtering, ACL-redirect, AAA with Radius NAC.
The mobility tunnels are up and FW rule also allows DNS and TCP/8443 from the guest subnet. The guest client receives its DHCP address and queries external DNS on the DMZ, but after that nothing happens. The web redirect URL times out.
I can see hits on the FW ACL for the DNS query and response but none for TCP/8443. The client browser times out. From wireshark, I can see the client query the DNS for the ISE hostname and the DNS replies with the IP address, but I don't see the guest send a packet to ISE. It's as if the DNS packet flows through the Guest interface, but the TCP/8443 packet doesn't flow out of the Anchor WLC to the Foreign to be sent to ISE.
Please does anyone understand this very strange occurrence.After contacting Cisco TAC without a successful resolution, I discovered that Policy Set was the problem. This was very strange as the Policy set was evaluated and the correct Authz policy applied.
I had a policy set with Radius conditions equal 802.11 AND Wireless_MAB. This was to separate it from another policy set for 802.1X. The Wireless_MAB policy set was evaluated and the web redirect ACL was applied by ISE, but after that ISE didn't respond with the Guest Portal page.
As soon as I removed the condition Wireless_MAB from the policy set definition, the Guest portal worked.
I think Cisco should either evaluate the Policy set functionality and fix it or release a statement that Policy set can't work with 2 conditions defined, which I think doesn't make sense as why would I use Policy set for Radius Nas_Port_type 802.11. This means the 802.1X Policy set would be checked first (if it is first in the order) before the Wireless_MAB Policy as both use NAS_port_type of 802.11. -
How to list IP address from client on the Server (TCP/IP CLIENT SERVER COMMUNICATION)
Excuse me,
In this project I want to ask how to add list IP from client that connect to server.
I have edited slightly the project.
'SERVER
Imports System.Net
Imports System.Net.Sockets
Imports System.Threading
Imports System.Threading.Tasks
Imports System.Reflection
Public Class ServerForm
Private _Listener As TcpListener
Private _Connections As New List(Of ConnectionInfo)
Private _ConnectionMonitor As Task
Private Sub Button_Checked(sender As System.Object, e As System.EventArgs) Handles StartStopButton.CheckedChanged
If StartStopButton.Checked Then
StartStopButton.Text = "Stop"
StartStopButton.Image = My.Resources.StopServer
_Listener = New TcpListener(IPAddress.Any, CInt(PortTextBox.Text))
_Listener.Start()
Dim monitor As New MonitorInfo(_Listener, _Connections)
ListenForClient(monitor)
_ConnectionMonitor = Task.Factory.StartNew(AddressOf DoMonitorConnections, monitor, TaskContinuationOptions.LongRunning)
Else
StartStopButton.Text = "Start:"
StartStopButton.Image = My.Resources.StartServer
CType(_ConnectionMonitor.AsyncState, MonitorInfo).Cancel = True
_Listener.Stop()
_Listener = Nothing
End If
End Sub
Private Sub PortTextBox_Validating(sender As Object, e As System.ComponentModel.CancelEventArgs) Handles PortTextBox.Validating
Dim deltaPort As Integer
If Not Integer.TryParse(PortTextBox.Text, deltaPort) OrElse deltaPort < 1 OrElse deltaPort > 65535 Then
MessageBox.Show("Port number between 1 and 65535", "Invalid Port Number", MessageBoxButtons.OK, MessageBoxIcon.Exclamation)
PortTextBox.SelectAll()
e.Cancel = True
End If
End Sub
Private Sub ListenForClient(monitor As MonitorInfo)
Dim info As New ConnectionInfo(monitor)
_Listener.BeginAcceptTcpClient(AddressOf DoAcceptClient, info)
End Sub
Private Sub DoAcceptClient(result As IAsyncResult)
Dim monitorinfo As MonitorInfo = CType(_ConnectionMonitor.AsyncState, MonitorInfo)
If monitorinfo.Listener IsNot Nothing AndAlso Not monitorinfo.Cancel Then
Dim info As ConnectionInfo = CType(result.AsyncState, ConnectionInfo)
monitorinfo.Connections.Add(info)
info.AcceptClient(result)
ListenForClient(monitorinfo)
info.AwaitData()
Dim doUpdateConnectionCountLabel As New Action(AddressOf UpdateConnectionCountLabel)
Invoke(doUpdateConnectionCountLabel)
End If
End Sub
Private Sub DoMonitorConnections()
Dim doAppendOutput As New Action(Of String)(AddressOf AppendOutput)
Dim doUpdateConnectionCountLabel As New Action(AddressOf UpdateConnectionCountLabel)
Dim monitorInfo As MonitorInfo = CType(_ConnectionMonitor.AsyncState, MonitorInfo)
Me.Invoke(doAppendOutput, "Server Started")
Do
Dim lostCount As Integer = 0
For index As Integer = monitorInfo.Connections.Count - 1 To 0 Step -1
Dim info As ConnectionInfo = monitorInfo.Connections(index)
If info.Client.Connected Then
If info.DataQueue.Count > 0 Then
Dim messageBytes As New List(Of Byte)
While info.DataQueue.Count > 0
Dim value As Byte
If info.DataQueue.TryDequeue(value) Then
messageBytes.Add(value)
End If
End While
Me.Invoke(doAppendOutput, "Message from IP: " + System.Text.Encoding.ASCII.GetString(messageBytes.ToArray))
End If
Else
monitorInfo.Connections.Remove(info)
lostCount += 1
End If
Next
If lostCount > 0 Then
Invoke(doUpdateConnectionCountLabel)
End If
_ConnectionMonitor.Wait(1)
Loop While Not monitorInfo.Cancel
For Each info As ConnectionInfo In monitorInfo.Connections
info.Client.Close()
Next
monitorInfo.Connections.Clear()
Invoke(doUpdateConnectionCountLabel)
Me.Invoke(doAppendOutput, "Server Stoped")
End Sub
Private Sub UpdateConnectionCountLabel()
ConnectionCountLabel.Text = String.Format("{0} Connections", _Connections.Count)
End Sub
Private Sub AppendOutput(message As String)
If RichTextBox1.TextLength > 0 Then
RichTextBox1.AppendText(ControlChars.NewLine)
End If
RichTextBox1.AppendText(message)
RichTextBox1.ScrollToCaret()
End Sub
Private Sub ClearButton_Checked(sender As Object, e As EventArgs) Handles ClearButton.CheckedChanged
If ClearButton.Checked Then
RichTextBox1.Clear()
End If
End Sub
End Class
Public Class MonitorInfo
Private _listener As TcpListener
Public ReadOnly Property Listener As TcpListener
Get
Return _listener
End Get
End Property
Private _connections As List(Of ConnectionInfo)
Public ReadOnly Property Connections As List(Of ConnectionInfo)
Get
Return _connections
End Get
End Property
Public Property Cancel As Boolean
Public Sub New(tcpListener As TcpListener, connectionInfoList As List(Of ConnectionInfo))
_listener = tcpListener
_connections = connectionInfoList
End Sub
End Class
Public Class ConnectionInfo
Private _monitor As MonitorInfo
Public ReadOnly Property Monitor As MonitorInfo
Get
Return _monitor
End Get
End Property
Private _Client As TcpClient
Public ReadOnly Property Client As TcpClient
Get
Return _Client
End Get
End Property
Private _DataQueue As System.Collections.Concurrent.ConcurrentQueue(Of Byte)
Public ReadOnly Property DataQueue As System.Collections.Concurrent.ConcurrentQueue(Of Byte)
Get
Return _DataQueue
End Get
End Property
Private _Stream As NetworkStream
Public ReadOnly Property Stream As NetworkStream
Get
Return _Stream
End Get
End Property
Public Sub New(monitor As MonitorInfo)
_monitor = monitor
_DataQueue = New System.Collections.Concurrent.ConcurrentQueue(Of Byte)
End Sub
Private _LastReadLength As Integer
Public ReadOnly Property LastReadLength As Integer
Get
Return _LastReadLength
End Get
End Property
Private _Buffer(63) As Byte
Public Sub AcceptClient(result As IAsyncResult)
_Client = _monitor.Listener.EndAcceptTcpClient(result)
If _Client IsNot Nothing AndAlso _Client.Connected Then
_Stream = _Client.GetStream
End If
End Sub
Public Sub AwaitData()
_Stream.BeginRead(_Buffer, 0, _Buffer.Length, AddressOf DoReadData, Me)
End Sub
Private Sub DoReadData(result As IAsyncResult)
Dim info As ConnectionInfo = CType(result.AsyncState, ConnectionInfo)
Try
If info.Stream IsNot Nothing AndAlso info.Stream.CanRead Then
info._LastReadLength = info.Stream.EndRead(result)
For Index As Integer = 0 To _LastReadLength - 1
info._DataQueue.Enqueue(info._Buffer(Index))
Next
'info.SendMessage("Data Diterima " & info._LastReadLength & " Bytes")
info.SendMessage("reply form server: " & info._LastReadLength & " Bytes")
For Each otherInfo As ConnectionInfo In info.Monitor.Connections
If Not otherInfo Is info Then
otherInfo.SendMessage(System.Text.Encoding.ASCII.GetString(info._Buffer))
End If
Next
info.AwaitData()
Else
info.Client.Close()
End If
Catch ex As Exception
info._LastReadLength = -1
End Try
End Sub
Private Sub SendMessage(message As String)
If _Stream IsNot Nothing Then
Dim messageData() As Byte = System.Text.Encoding.ASCII.GetBytes(message)
Stream.Write(messageData, 0, messageData.Length)
End If
End Sub
End Class
'CLIENT
Imports System.Net
Imports System.Net.Sockets
Public Class ClientForm
Private _Connection As ConnectionInfo
Private _ServerAddress As IPAddress
Private Sub ClientForm_Load(sender As System.Object, e As System.EventArgs) Handles MyBase.Load
ValidateChildren()
End Sub
Private Sub ConnectButton_Checked(sender As Object, e As System.EventArgs) Handles ConnectButton.CheckedChanged
If ConnectButton.Checked Then
If _ServerAddress IsNot Nothing Then
ConnectButton.Text = "Disconnect"
ConnectButton.Image = My.Resources.StopServer
Try
_Connection = New ConnectionInfo(_ServerAddress, CInt(PortTextBox.Text), AddressOf InvokeAppendOutput)
_Connection.AwaitData()
Catch ex As Exception
MessageBox.Show(ex.Message, "Error Connecting to Server", MessageBoxButtons.OK, MessageBoxIcon.Exclamation)
ConnectButton.Checked = False
End Try
Else
MessageBox.Show("Invlid IP Server", "Cannt Connect to Server", MessageBoxButtons.OK, MessageBoxIcon.Exclamation)
ConnectButton.Checked = False
End If
Else
ConnectButton.Text = "Connect"
ConnectButton.Image = My.Resources.StartServer
If _Connection IsNot Nothing Then _Connection.Close()
_Connection = Nothing
End If
End Sub
Private Sub SendButton_Click(sender As System.Object, e As System.EventArgs) Handles SendButton.Click
If _Connection IsNot Nothing AndAlso _Connection.Client.Connected AndAlso _Connection.Stream IsNot Nothing Then
Dim buffer() As Byte = System.Text.Encoding.ASCII.GetBytes(InputTextBox.Text)
_Connection.Stream.Write(buffer, 0, buffer.Length)
End If
End Sub
Private Sub ServerTextBox_Validating(sender As Object, e As System.ComponentModel.CancelEventArgs) Handles IPTextBox.Validating
_ServerAddress = Nothing
Dim remoteHost As IPHostEntry = Dns.GetHostEntry(IPTextBox.Text)
If remoteHost IsNot Nothing AndAlso remoteHost.AddressList.Length > 0 Then
For Each deltaAddress As IPAddress In remoteHost.AddressList
If deltaAddress.AddressFamily = AddressFamily.InterNetwork Then
_ServerAddress = deltaAddress
Exit For
End If
Next
End If
If _ServerAddress Is Nothing Then
MessageBox.Show("Cannot resolve Server Address", "invalid Server", MessageBoxButtons.OK, MessageBoxIcon.Exclamation)
IPTextBox.SelectAll()
e.Cancel = True
End If
End Sub
Private Sub PortTextBox_Validating(sender As Object, e As System.ComponentModel.CancelEventArgs) Handles PortTextBox.Validating
Dim deltaPort As Integer
If Not Integer.TryParse(PortTextBox.Text, deltaPort) OrElse deltaPort < 1 OrElse deltaPort > 65535 Then
MessageBox.Show("Port number between 1 and 65535", "invalid Port number", MessageBoxButtons.OK, MessageBoxIcon.Exclamation)
PortTextBox.SelectAll()
e.Cancel = True
End If
End Sub
Private Sub InvokeAppendOutput(message As String)
Dim doAppendOutput As New Action(Of String)(AddressOf AppendOutput)
Me.Invoke(doAppendOutput, message)
End Sub
Private Sub AppendOutput(message As String)
If RichTextBox1.TextLength > 0 Then
RichTextBox1.AppendText(ControlChars.NewLine)
End If
RichTextBox1.AppendText(message)
RichTextBox1.ScrollToCaret()
End Sub
Private Sub ButtonClear_Click(sender As Object, e As EventArgs) Handles ButtonClear.Click
RichTextBox1.Clear()
InputTextBox.Clear()
End Sub
End Class
Public Class ConnectionInfo
Private _AppendMethod As Action(Of String)
Public ReadOnly Property AppendMethod As Action(Of String)
Get
Return _AppendMethod
End Get
End Property
Private _Client As TcpClient
Public ReadOnly Property Client As TcpClient
Get
Return _Client
End Get
End Property
Private _Stream As NetworkStream
Public ReadOnly Property Stream As NetworkStream
Get
Return _Stream
End Get
End Property
Private _LastReadLength As Integer
Public ReadOnly Property LastReadLength As Integer
Get
Return _LastReadLength
End Get
End Property
Private _Buffer(63) As Byte
Public Sub New(address As IPAddress, port As Integer, append As Action(Of String))
_AppendMethod = append
_Client = New TcpClient
_Client.Connect(address, port)
_Stream = _Client.GetStream
End Sub
Public Sub AwaitData()
_Stream.BeginRead(_Buffer, 0, _Buffer.Length, AddressOf DoreadData, Me)
End Sub
Public Sub Close()
If _Client IsNot Nothing Then _Client.Close()
_Client = Nothing
_Stream = Nothing
End Sub
Private Sub DoreadData(result As IAsyncResult)
Dim info As ConnectionInfo = CType(result.AsyncState, ConnectionInfo)
Try
If info._Stream IsNot Nothing AndAlso info._Stream.CanRead Then
info._LastReadLength = info._Stream.EndRead(result)
If info._LastReadLength > 0 Then
Dim message As String = System.Text.Encoding.ASCII.GetString(info._Buffer)
info._AppendMethod(message)
End If
info.AwaitData()
End If
Catch ex As Exception
info._LastReadLength = -1
info._AppendMethod(ex.Message)
End Try
End Sub
End Class
//ScreenShot server
http://prntscr[dot]com/5t1ol3
//Screenshot client
http://prntscr[dot]com/5t1odj
source: code[dot]msdn[dot]microsoft[dot]com/windowsdesktop/Simple-Multi-User-TCPIP-43cc3b44I have a similar chat application. When the user attempts to connect, instead of sending a simple string, the client sends a serialized object(xml string) with all relevant login and session information, this includes the user's IP address. Once the server
receives said information, depending on the type of TCP broadcast (a custom enumerated type) information from one user may be passed to a single user, or distributed to many users.
If it helps, here is the TCPBroadcast object I use. But in order for your server to understand it, you kind of have to build your server and client somewhat around it.
Option Strict On
Option Explicit On
Option Infer Off
Namespace TCPChat
Public Class TCPBroadcast
Public Property Message As String
Public Property BroadCastTime As DateTime
Public Property DestUser As String
Public Property OriginUser As String
Public Property PasswordHash As String
Public Property BroadcastSourceIP As String
Public Property BroadCastType As TCPBroadcastType
Public Property LoginUserName As String
Public Property FailureReason As String
Public Function XmlEncoding() As String
Dim serializer As New Xml.Serialization.XmlSerializer(GetType(TCPBroadcast))
Dim XML As String = String.Empty
Using memStream As New IO.MemoryStream
Using xmlWriter As New Xml.XmlTextWriter(memStream, System.Text.Encoding.UTF8) With _
{.Indentation = 4, .Formatting = System.Xml.Formatting.Indented}
serializer.Serialize(xmlWriter, Me)
End Using
XML = System.Text.Encoding.UTF8.GetString(memStream.ToArray)
End Using
Return XML
End Function
Public Function ToBinary() As Byte()
Return System.Text.Encoding.UTF8.GetBytes(Me.XmlEncoding)
End Function
Public Shared Function FromBinary(binary As Byte()) As DeserializationResult
Dim xml As String = System.Text.Encoding.UTF8.GetString(binary)
Return FromXML(xml)
End Function
Public Shared Function FromXML(xml As String) As DeserializationResult
Dim DeserializationResult As New DeserializationResult
DeserializationResult.Error = False
Try
Dim deserializer As New Xml.Serialization.XmlSerializer(GetType(TCPBroadcast))
Dim buffer As Byte() = System.Text.Encoding.UTF8.GetBytes(xml)
Using memStream As New IO.MemoryStream(buffer)
DeserializationResult.tcpBroadCast = CType(deserializer.Deserialize(memStream), TCPBroadcast)
End Using
Catch ex As Exception
DeserializationResult.Error = True
DeserializationResult.ErrorMessage = ex.ToString
DeserializationResult.AttemptedXML = xml
End Try
Return DeserializationResult
End Function
Public Class DeserializationResult
Public [Error] As Boolean
Public ErrorMessage As String
Public tcpBroadCast As TCPBroadcast
Public AttemptedXML As String
Sub New()
End Sub
End Class
Public Enum TCPBroadcastType
AdministrativeMessage
AuthenticationFailure
AuthenticationSuccess
ChatBroadcast
CredentialsRequest
Credentials
DisconnectedByServer
KeepAlive
PrivateMessage
ServerMessage
SystemMessage
UnableToProcessRequest
End Enum
End Class
End Namespace
“If you want something you've never had, you need to do something you've never done.”
Don't forget to mark
helpful posts and answers
! Answer an interesting question? Write a
new article
about it! My Articles
*This post does not reflect the opinion of Microsoft, or its employees. -
Not able to connect RAC database from client
Hi there
Recently I have configured RAC in test environment. version 11.2.0.1. OS Redhat 5.9. Everything seems to be fine except not able to connect rac database from client. Error is as under :
C:\Documents and Settings\pbl>sqlplus test1/test1@myrac
SQL*Plus: Release 10.2.0.1.0 - Production on Mon Nov 17 14:29:06 2014
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-12545: Connect failed because target host or object does not exist
Enter user-name:
myrac =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = rac-scan)(PORT = 1521))
(CONNECT_DATA =
(SERVICE_NAME = racdb.testdb.com.bd)
Please give me your valuable suggestion to overcome the issue.
Regards
Jeweluser13134974 wrote:
ORA-12545: Connect failed because target host or object does not exist
This error means that the hostname or IP address used in the TNS connection string, failed to resolve or connect.
Your client is making two connections. The first connection is to the SCAN listener. It matches a db instance for your connection request based on service requested, available registered service handlers, load balancing, and so on. It then send a redirect to your client informing it of the handler for that service.
Your client then does a second connection to this service (a local RAC listener that will provide you with a connection to the local RAC instance). This is what seems to be failing in your case.
The SCAN listener's redirect uses the hostname of the server that the local listener is running on. Your client needs to resolve that hostname (of a RAC node) to an IP address. This likely fails.
You can add the RAC node hostnames to your client platforms hosts file. The appropriate action however would be to ensure that DNS is used for name resolution instead. -
HOW TO CONNECT FROM CLIENT MACHINE TO REMOTE MACHINE(SERVER DATABASE MACHINE)
Hi friends.
I need your valuable help,
I am using oracle 11g database.
I have two system.One is client machine and installed oracle 11G client software.
and from this machine user can connect remote server database(This is old remote system, this is just for Information).
And i have created one new database called RMANP in new remote server machine (this is the machine, in which i need to connect from client machine)
ex
CLIENT MACHINE DETAIL IS:
system66
ip address is 192.162.21.66
REMOTE SEVER MACHINE DETAILS IS:
system56
ip address is 192.162.21.56.
and i add entry on client machine tnsname.ora file like following,
RMANP=
(DESCRIPTION=
(ADDRESS=
(PROTOCOL=TCP)
(HOST=192.168.21.56)
(PORT=1521)
(CONNECT_DATA=
(SERVICE_NAME=rmanp)
But when i try to connect to remote server from client machine in sqlplus, i am getting an error, Like following,
SQL> CONN SYS/SYSPW AS SYSDBA;
ERROR:
ORA-12560: TNS:protocol adapter error2684285 wrote:
Hi friends.
I need your valuable help,
I am using oracle 11g database.
I have two system.One is client machine and installed oracle 11G client software.
and from this machine user can connect remote server database(This is old remote system, this is just for Information).
And i have created one new database called RMANP in new remote server machine (this is the machine, in which i need to connect from client machine)
ex
CLIENT MACHINE DETAIL IS:
system66
ip address is 192.162.21.66
REMOTE SEVER MACHINE DETAILS IS:
system56
ip address is 192.162.21.56.
and i add entry on client machine tnsname.ora file like following,
RMANP=
(DESCRIPTION=
(ADDRESS=
(PROTOCOL=TCP)
(HOST=192.168.21.56)
(PORT=1521)
(CONNECT_DATA=
(SERVICE_NAME=rmanp)
But when i try to connect to remote server from client machine in sqlplus, i am getting an error, Like following,
SQL> CONN SYS/SYSPW AS SYSDBA;
ERROR:
ORA-12560: TNS:protocol adapter error
There is nothing in your connect string to tell sqlplus which database you want to connect to. Therefore it assumes (by default) that you want to connect to a *local* database whose name is identified by the value of the environment variable ORACLE_SID. And there is no such database, so he gets the reported error trying to establish a connection to a non-existent local service.
You need to specify your target database, thusly:
SQL> conn sys/syspw@rmanp as sysdba
BTW, connecting to a remote database as sysdba is considered by most DBAs to be a big secruity breach. If you really need sysdba privileges (rare) you should be logged on to the database server machine with proper OS credentials, and work from there.
Also, TYPING IN ALL CAPS IS PERCEIVED AS SHOUTING. -
ISE acting as Radius Proxy Client?
Hi,
I have an issue where a remote company has there internal redius server and I have my ISE radius server.
When there users come to my site, they can authenticate with my wireless and my ISE server proxies the request to there home site to be authenticated and tells me if I should allow them access or not.
So standard radius proxy and it all works well when my ISE server begins the exchange.
However if my staff go to there site the reverse is not working, they are proxying the requests back OK, and I can see on the firewall and router the incomming radius packets destined to my ISE server. But there is no recourd on the ISE server of ever reciving them and it all times out.
Is tehre some thing I need to do to allow ISE to act as the client in a radius proxy set up?
Cheers.
Oh I am running version 1.2Hi Aaron,
Check the Cisco ISE dashboard (Operations > Authentications) for any indication regarding the nature of RADIUS communication loss. (Look for instances of your specified RADIUS usernames and scan the system messages that are associated with any error message entries.)
Log into the Cisco ISE CLI5 and enter the following command to produce RADIUS attribute output that may aid in debugging connection issues:
test aaa group radius new-code
If this test command is successful, you should see the following attributes:
Connect port
Connect NAD IP address
Connect Policy Service node IP address
Correct server key
Recognized username or password
Connectivity between the NAD and Policy Service node
You can also use this command to help narrow the focus of the potential problem with RADIUS communication by deliberately specifying incorrect parameter values in the command line and then returning to the administrator dashboard (Operations > Authentications) to view the type and frequency of error message entries that result from the incorrect command line. For example, to test whether or not user credentials may be the source of the problem, enter a username and or password that you know is incorrect, and then go look for error message entries that are pertinent to that username in the Operations > Authentications page to see what Cisco ISE is reporting.)
Note This command does not validate whether or not the NAD is configured to use RADIUS, nor does it verify whether the NAD is configured to use the new AAA model.
The Cisco ISE network enforcement device (switch) is missing the radius-server vsa send accounting command.
Verify that the switch RADIUS configuration for this device is correct and features the appropriate command(s).
For more details please go through the following link:
http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/troubleshooting_guide/ise_tsg.html#pgfId-192989 -
Can we stop shared server from client m/c
Hi all,
Can we stop Oracle Shared and Dedicated server from Client Machine if i am connecting through SYSDBA.
Thanks
Vipin> Can we stop Oracle Shared and Dedicated server from Client Machine if i am
connecting through SYSDBA.
Yes. No.
Yes, you can stop shared server. Simply decrease the shared server pool to zero. (see below for details)
No, you cannot stop a dedicated server as "The Thing" that creates dedicated server connections is the Listener. So you will need to stop that.
# stop shared server:
SQL> show parameter shared_servers
NAME TYPE VALUE
max_shared_servers integer 20
shared_servers integer 10
SQL> alter system set shared_servers=0 scope=memory;
System altered.
# now attempt a shared server connection
/home/billy> sqlplus scott/tiger"(DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL=TCP)(HOST=dev)(PORT=1521))) (CONNECT_DATA = (SID=dev) (SERVER=shared)))"
SQL*Plus: Release 10.2.0.1.0 - Production on Wed Sep 5 12:21:06 2007
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-12519: TNS:no appropriate service handler found
# start the shared server (in the SYSDBA session)
SQL> alter system set shared_servers=10 scope=memory;
System altered.
# now attempt a shared server connection
/home/billy> sqlplus scott/tiger@"(DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL=TCP)(HOST=dev)(PORT=1521))) (CONNECT_DATA = (SID=dev) (SERVER=shared)))"
SQL*Plus: Release 10.2.0.1.0 - Production on Wed Sep 5 12:21:17 2007
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production
With the Partitioning and Data Mining options
SQL> -
platform: Oracle 10.2.0.1.0 on RHEL5.
Issue: tnsping failed from client (successful from the server itself)
Brief: I can tnsping and sqlplus to the test1 db from the RHEL5 db server itself, no issue. But when I tried to tnsping from a client, I get the error.
** In both db selver and the client, I am using same tnsnames.ora.
** checked etc/hosts , /etc/sysconfig/network , /proc/sys/net/ipv4/ip_local_port_range - all OK.
Pl help.
=======listener file======
LISTENER_TEST1 =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = abc.com)(PORT = 1523))
SID_LIST_LISTENER_TEST1 =
(SID_LIST =
(SID_DESC =
(GLOBAL_DBNAME = test1)
(ORACLE_HOME = /app/oracle/product/10.2.0/db_1)
(SID_NAME = test1)
====================
=====tnsnames.ora=====
TEST1.ABC.COM =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = dbserver.abc.com)(PORT = 1523))
(CONNECT_DATA =
(SERVICE_NAME = test1)
====================
====================
----following is a tnsping test (SUCCESSFUL) from the db server itself----
dbserver> tnsping TEST1.ABC.COM
TNS Ping Utility for Linux: Version 10.2.0.1.0 - Production on 19-APR-2008 00:13:24
Copyright (c) 1997, 2005, Oracle. All rights reserved.
Used parameter files:
/app/oracle/product/10.2.0/db_1/network/admin/sqlnet.ora
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = dbserver.abc.com)(PORT = 1523))) (CONNECT_DATA = (SERVICE_NAME = test1)))
OK (0 msec)
====================
====================
~~~~~Followin g is a tnsping test (FAILED) from a client~~~~~~~~~~
clientbox> tnsping test1.abc.com
TNS Ping Utility for Linux: Version 10.2.0.4.0 - Production on 19-APR-2008 00:22:09
Copyright (c) 1997, 2007, Oracle. All rights reserved.
Used parameter files:
/u01/app/oracle/product/10.2.0/network/admin/sqlnet.ora
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = dbserver.abc.com)(PORT = 1523))) (CONNECT_DATA = (SERVICE_NAME = test1)))
TNS-12560: TNS:protocol adapter error
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
====================Duplicate thread.
Re: tnsping failed in 10g@RHEL5
It's always advisable to open one post instead of multiple with the same contents on different forums.
Regards,
Sabdar Syed. -
Running Pro*C from client machine
Hi
I trying to run a Pro*c program which tries to connect to DB which is running on different server.
While running this I am getting "ORA-12560: TNS:protocol adapter error".
One suggestion I found that Pro*C application should run on DB server.
is there any workaround so that we can run pro*C from client machine?
Or running on server is only possibility?
Thanks
ShaileshSorry, I may have misunderstood your problem. I believe that this issue has to do with your tnsnames.ora file. You need to configure your DB to be able to talk to the Pro*C program. In order to do this, you need to set up an LISTENER for EXTERNAL_PROC (for external processes). This is automatically created when you install the DB. You can also create a listener using Network configuration manager. You just need to specify the proctocol, IPC or TCP/IP and the KEY = extproc (can be anything)
listener.ora (techobs.com is just the domain name)
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC0))
TNSNAMES.ora where you you must specify the SID for the external proc
EXTPROC_CONNECTION_DATA.TECHOBS.COM =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = IPC)(Key = EXTPROC0))
(CONNECT_DATA = (SID = extp))
Note: I learned this when doing the installation of OC. If I am wrong, I would hope that somebody would show me where because this is Oracle DBA. -
Unable to access Scan IP from clients!
Dear All,
I am posting this question again, I am still struck here. I cant access my Database 11gR2 on Linux from clients like toad, using scan IP address.
I have struggled a lot but couldnt find anything helping me.
Kindly help. This is the status of my database currently:
Output of crsctl status resource -t is
ora.etisldb.db
1 ONLINE ONLINE racnode1 Open
2 ONLINE ONLINE racnode2 Open
SQL> select name, enabled from dba_services;
NAME ENA
SYS$BACKGROUND NO
SYS$USERS NO
etisldbXDB NO
etisldb NO
Status of listener from one of the RAC node
LSNRCTL> status
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=LISTENER)))
STATUS of the LISTENER
Alias LISTENER
Version TNSLSNR for Linux: Version 11.2.0.1.0 - Production
Start Date 19-MAR-2012 16:47:06
Uptime 0 days 18 hr. 55 min. 5 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /u01/app/11.2.0/grid/network/admin/listener.ora
Listener Log File /u01/app/grid/diag/tnslsnr/racnode1/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=LISTENER)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=10.168.20.31)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=10.168.20.32)(PORT=1521)))
Services Summary...
Service "+ASM" has 1 instance(s).
Instance "+ASM1", status READY, has 1 handler(s) for this service...
Service "etisldb" has 2 instance(s).
Instance "etisldb1", status UNKNOWN, has 1 handler(s) for this service...
Instance "etisldb1", status READY, has 1 handler(s) for this service...
Service "etisldbXDB" has 1 instance(s).
Instance "etisldb1", status READY, has 1 handler(s) for this service...
The command completed successfully
[grid@racnode1 ~]$ srvctl status scan_listener
SCAN Listener LISTENER_SCAN1 is enabled
SCAN listener LISTENER_SCAN1 is running on node racnode1
vi /etc/hosts
# Single Client Access Name (SCAN)
10.168.20.29 etisldb-scan
[grid@racnode1 ~]$ srvctl config scan_listener
SCAN Listener LISTENER_SCAN1 exists. Port: TCP:1521
When I run srvctl status service -d etisldb (I think this is where the problem lies)
It shows nothing, not even error.
My Service Name is etisldb and instance name is etisldb1
# tnsnames.ora Network Configuration File: /u01/app/oracle/product/11.2.0/dbhome_1/network/admin/tnsnames.ora
# Generated by Oracle configuration tools.
tnsnames.ora
ETISLDB =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = 10.168.20.29)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = etisldb)
etisldb1 =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = 10.168.20.29)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)(SERVICE_NAME = etisldb)
(INSTANCE_NAME = etisldb1)
listener.ora
LISTENER=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=IPC)(KEY=LISTENER)))) # line added by Agent
LISTENER_SCAN1=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=IPC)(KEY=LISTENER_SCAN1)))) # line added by Agent
ENABLE_GLOBAL_DYNAMIC_ENDPOINT_LISTENER_SCAN1=ON # line added by Agent
ENABLE_GLOBAL_DYNAMIC_ENDPOINT_LISTENER=ON # line added by Agent
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(GLOBAL_DBNAME = etisldb)
(ORACLE_HOME = /u01/app/11.2.0/grid)
(SID_NAME = etisldb1)
SID_LIST_LISTENER_SCAN1 =
(SID_LIST =
(SID_DESC =
(GLOBAL_DBNAME = etisldb)
(ORACLE_HOME = /u01/app/11.2.0/grid)
(SID_NAME = etisldb1)
Still I am unable to access RAC when i give service as RACDB and IP 10.168.20.29. If you require any other information kindly let me know.
Kindly Help,
ImranHi Imran,
If you are going to use SCAN for serious client connectivity , then it should be registered with the DNS .
Putting SCAN name in /etc/hosts file will only provide you a workaround during installation.
If you don't have a DNS setup , then use tns entries with VIP names.
If you want to use SCAN for client connections, then
1. configure SCAN in DNS and make sure nslookup scan-name resolves to 3 IPs
2. Use SCAN name rather than IP for HOST in your tnsnames, jdbc URL . Currently you've set IP in your tnsnames , (HOST = 10.168.20.29 )
3. Now, set REMOTE_LISTENER = scan-name:port on all nodes so that SCAN listener can handover the client connections to the least loaded local listeners. -
End-of-communication channel error from client
In my server oracle(oracle9i enterprices edition) is working fine but from client side i'm getting the following error
*end-of-communication channel error
But my network is working fine
anyone can you give me the solution for this problem....?
Message was edited by:
user497084checkout TNSPING <service name> from cmd prompt
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\NJi>tnsping issl
TNS Ping Utility for 32-bit Windows: Version 2.3.2.1.0 - Production on 25-OCT-06
14:36:06
Copyright , 1996(c) Oracle Corporation 1995. All rights reserved.
Attempting to contact (ADDRESS=(COMMUNITY=tcp.world)(PROTOCOL=TCP)(Host=198.1.2.
15)(Port=1521))
OK (100 msec) -
Multicasting using TCP/IP for Multiple clients
Hello
i have been watching in Find example Vi's in labview there is are UDP multicasting receiver and sender Vi's Is there
any available for TCP/IP for multiple clients. or any other way to broadcast the messages from server to many clients
Regardsmadd wrote:
i have been watching in Find example Vi's in labview there is are UDP multicasting receiver and sender Vi's Is there
any available for TCP/IP for multiple clients. or any other way to broadcast the messages from server to many clients
OK, you are possibly confusing things. UDP is part of TCP/IP. Could it be you are trying to multicast using TCP?
This is not possible. TCP is a connection based protocol, meaning any connection is established between exactly two partners, starting out with the three-way handshake, the data transmission and acknowledgments, and the connection tear down. This ensures complete delivery verification of all communications at the expense of the protocol overhead. (similar to a classic phone connection between two people: First you verify the right person picks up, then you talk, then say goodbye)
UDP is a connectionless protocol, meaning any packets are simply placed on the wire and the protocol itself does not ensure any verification of delivery (similar to e.g. a radio broadcast). Any two-way communication needs to be done by the program, e.g. the receiver could send another UDP packet back to notify the sender that a packet was received.
Broadcast and multicast packets must be connectionless. There is no way around it. You can use UDP for broadcasts and TCP for for data at the same time in the same program, but you cannot combine the two into a single connection. They don't mix.
Maybe I misunderstood. If I did, please clarify what you had in mind. More details!
LabVIEW Champion . Do more with less code and in less time . -
View data in client B from client A in the same SID without a valid logon?
Hi Folks
We are planning on upgrading our 4.6C system to ERP 6.0, and are initialy considering having two clients in the same sandbox SID. One would be for the developers to perform code remediation checks (client A), and one would contain a copy of production data for performing testing of functionality over live data (client B).
Would it be possible to view data in client B from client A in the same system without a valid logon to client B or RFC connection to client B from client A? For example via the use on an ABAP program to SQL the database?
I know one can use transactions like SM30/SM31 to view, compare, and adjust data between clients, but this requires an RFC connection and valid logon to the target client.
Regards
Kevin.Hi Kevin.
>
Kevin McLatchie wrote:
> Would it be possible to view data in client B from client A in the same system without a valid logon to client B or RFC connection to client B from client A? For example via the use on an ABAP program to
Short answer: yes.
If someone has the right to write and execute ABAP reports on the system he is able to access the data of all clients. So I don't think that this setup is advisable. Don't mix development and production data in one system.
Best regards,
Jan -
How to delete file from client machine
Hi all,
we are using the DataBase: oracle:10g,
and forms/reports 10g(developer suite 10g-10.1.2.2).
can anybody help me how to delete the file from client machine in specified location using webutil or any
(i tried with webutil_host & client_host but it is working for application server only)
thank you.hi
check this not tested.
PROCEDURE OPEN_FILE (V_ID_DOC IN VARCHAR2)
IS
-- Open a stored document --
LC$Cmd Varchar2(1280) ;
LC$Nom Varchar2(1000) ;
LC$Fic Varchar2(1280);
LC$Path Varchar2(1280);
LC$Sep Varchar2(1) ;
LN$But Pls_Integer ;
LB$Ok Boolean ;
-- Current Process ID --
ret WEBUTIL_HOST.PROCESS_ID ;
V_FICHERO VARCHAR2(500);
COMILLA VARCHAR2(4) := '''';
BOTON NUMBER;
MODO VARCHAR2(50);
URL VARCHAR2(500);
Begin
V_FICHERO := V_ID_DOC;
LC$Sep := '\';--WEBUTIL_FILE.Get_File_Separator ; -- 10g
LC$Nom := V_FICHERO;--Substr( V_FICHERO, instr( V_FICHERO, LC$Sep, -1 ) + 1, 100 ) ;
--LC$Path := CLIENT_WIN_API_ENVIRONMENT.Get_Temp_Directory ;
LC$Path := 'C:';
LC$Fic := LC$Path || LC$Sep || LC$Nom ;
If Not webutil_file_transfer.DB_To_Client
LC$Fic,
'TABLE_NAME',
'ITEM_NAME',
'WHERE'
) Then
Raise Form_trigger_Failure ;
End if ;
LC$Cmd := 'cmd /c start "" /MAX /WAIT "' || LC$Fic || '"' ;
Ret := WEBUTIL_HOST.blocking( LC$Cmd ) ;
LN$But := WEBUTIL_HOST.Get_return_Code( Ret ) ;
If LN$But 0 Then
Set_Alert_Property( 'ALER_STOP_1', TITLE, 'Host() command' ) ;
Set_Alert_Property( 'ALER_STOP_1', ALERT_MESSAGE_TEXT, 'Host() command error : ' || To_Char( LN$But ) ) ;
LN$But := Show_Alert( 'ALER_STOP_1' ) ;
LB$Ok := WEBUTIL_FILE.DELETE_FILE( LC$Fic ) ;
Raise Form_Trigger_Failure ;
End if ;
If Not webutil_file_transfer.Client_To_DB
LC$Fic,
'TABLE_NAME',
'ITEM_NAME',
'WHERE'
) Then
NULL;
Else
Commit ;
End if ;
LB$Ok := WEBUTIL_FILE.DELETE_FILE( LC$Fic ) ;
Exception
When Form_Trigger_Failure Then
Raise ;
End ;sarah
Maybe you are looking for
-
I am running a small network on a MacPro running OS X server 10.5.4 with 2 mac clients and 2 windows clients. The OS X server was installed by an apple specialist but it is still not working properly and I find it hard to believe that it is a bug is
-
I have two threads, each with socket.getOutputStream()).writeObject(message); in a server, and a client reading messages from both threads (everything uses the same socket). Sometimes, a message is not recieved; is this because one message overwrites
-
Cfmx 7 wont connect to MS SQL server
Hi there, can anyone give me some help with connecting to a DB in MS SQL Server? i'm trying to connect via the cfadmin but i keep getting the following error when verfiying the DB connection: Connection verification failed for data source: sitedirect
-
Acrobat shows previously deleted version of a file
I'm not sure if this is a setting that I can't find or a weird issue that I have not found elsewhere on the net. - I create a new PDF (in this case using InDesign) - I decide to make a change and save a new PDF (over writing the old one using the sam
-
Hi Folks, I created some business components, 1 Entity Object and 1 View Object, based on a database table has 3 columns: ID, NAME and DESCRIPTION. Then I edited the View and created a bind variable and modified the SQL to use it (Ex: where ID =: Bid