ISE TCP Dump not working?

Similar Messages

• TCP Wrappers not working

  I want to block all traffic except those rules listed in /etc/hosts.allow.
  And I don't want nfs clients from anywhere to connect to my server.
  But for some reason both of my configuration files are totally ignored  by arch:
  /etc/hosts.allow
  /etc/hosts.deny
  # /etc/hosts.allow
  sshd: ALL
  nfsd : 192.168.10.
  portmap: ALL
  mountd: ALL
  httpd: ALL
  mysqld: ALL : ALLOW
  tor: ALL
  # End of file
  # /etc/hosts.deny
  ALL: ALL: DENY
  # End of file
  Last edited by yassin (2008-04-10 20:43:45)

  #archlinux @ Freenode
  [20:23] < yassin> http://bbs.archlinux.org/viewtopic.php?id=46907
  [20:23] < yassin> any suggestions?
  [20:26] < tomkx> yassin - yes. For those who can't/won't click your link, ask an intelligent question that
            summarises your problem as briefly as possible, but with enough detail to enable anyone who's
            interested to answer you without asking for more information
  [20:26] < yassin> ok
  [20:26] < yassin> my TCP wrappers isn't working, /ets/hosts.deny & /etc/hosts.allow are totally ignored
  [20:29] < yassin> tomkx: well the problem is everyone can connect to every port
  [20:29] < yassin> like as if TCP wrappers wouldn't be running
  [20:30] < yassin> tomkx: for example I have in hosts.allow - nfsd : 192.168.10.
  [20:31] < yassin> and in hosts.deny - ALL: ALL: DENY
  [17:32] < yassin> tomkx: any ideas?
  [17:35] < tomkx> yassin - I was expecting something like "but nfs clients from anywhere can connect to my
            server". In other words, you haven't actually described a specific problem yet (and that includes
            your forum post)
  [17:36] < yassin> tomkx: good point there
  [17:36] < yassin> well yes, that is pretty much the problem
  [17:39] < yassin> tomkx: I updated the post now
  [17:42] < yassin> tomkx: that's not really the problem if we are specific, since I've got the right
            configurations, the problem is they are being ignored by arch
  [17:43] < yassin> tomkx: so I'd say my problem description was correct: "TCP Wrappers not working"
  Last edited by yassin (2008-04-10 20:50:57)

• ISE posture redirect not working

  ISE v1.1.0.665, 3395 h/w.
  Single Admin/Monitor/Policy node.
  WS-C3560-48TS      12.2(55)SE5           C3560-IPBASEK9-M
  For Client Provisioning I created an authorisation policy as follows:
  download acl "ACL-POSTURE-REMEDIATION"
  apply url redirect "ACL-POSTURE-REDIRECT".
  "Debug radius" shows all this is downloaded to the switch but:
  - Redirect does not work.
  - dACL is not applied if the URL redirect is also configured.
  Wireshark on the client shows no direct.
  Attached file shows "debug radius" for various combinations of authorisation policy i.e. dACL only, Redirect only, dACL + Redirect.
  I've also attached screen shots of these policies and wireshark.

  Grant,
  It looks like you are changing the vlan after your client gets an ip address, it seems like the client gets an ip address of
  192.168.16.164 and you are changing the vlan over to 516. I wanted to know if that is there isnt an ip to vlan mismatch before you move forward. If 516 is quarantine vlan you may want to start all clients on that vlan and use dynamic vlan assignment through change of authorization once a client becomes compliant. The reason is is that you can use the web portal, or the nac agent to change the ip address once the vlan is changed.
  Thanks,
  Tarik Admani

• ISE authorization Policy not working

  Hi ,
  I have configured the ISE as per the belwo link 
  https://supportforums.cisco.com/document/110031/central-web-authentication-cwa-guests-ise
  but my authorization policy is not working as when user get connected to guest wlan it get authneticated but when it look for authorization
  it going to default policy it should hit on above policy created screen shot as below

  What version of ISE + patch are you running?. Could you please send an screenshot of AUTH policies including the default --- > USE part?. Are you using customized portal for the first authentication process?
  CWA is pretty straightforward. Only issues I faced was multiple VM (ISE Personas) running on one single server was not replicating properly the AUTHZ policies so I added the PSN persona into the PAN Node and everything worked fine immediately. In addition to that, I realized that I needed at least ONE ENTRY into the ISE PAN Internal Endpoints DB so I could hit the AUTH Policy for MAB & user not found condition which sent me to the AUTHZ = User Unknown + Redirect. Once I authenticated the user using the Default Portal that meant I hit the GUEST FLOW policy. If you are using customized portals for the first authentication process, check: web portal mgmt. --- > Guest --- > MultiPortal Configurations --- > Customized Portal -- > Authentication part.

• Cisco ISE IP Renewal not working

  Hi all,
  I am setting up a CWA with Cisco ISE to authenticate Guests and Employees by Web and assign them to Two different vlans. The authentication pass. The authZ Profiles are affected. but The IP address did not change according to vlan until I renew it manually from console ( >ipconfig /release >ipconfig /renew). I desactivated Java in browsers, I activated it again and added the IP of the ISE to the Exception List in Java setting but the IP address still not change automatically.
  Any Ideas how to fix this Issue?
  Thank you.

  Hi Bouchaib,
  Make sure you have put a check on the VLAN DHCP Release option.
  If you are using ISE 1.3 then your path will be,
  Guest Access > Configure > Guest Portals > Create, Edit or Duplicate > Portal Behavior and Flow Settings > VLAN DHCP Release Page Settings.
  This affects the Central WebAuth (CWA) flow during final authorization when the network access changes the guest VLAN to a new VLAN. The guest’s old IP address must be released before the VLAN change and a new guest IP address must be requested through DHCP once the new VLAN access is in place. The IP address release renew operation varies by the browser and operating system used; Internet Explorer uses ActiveX controls, and Firefox and Google Chrome use Java applets. For non-Internet Explorer browsers, Java must be installed and enabled on the browser.
  The VLAN DHCP Release option does not work on mobile devices. Instead, guests are requested to manually reset the IP address. This method varies by devices. For example, on Apple iOS devices, guests can select the Wi-Fi network and click the Renew Lease button.
  For ISE 1.2 version, you can find the same option on the Guest Portal settings.

• TCP Reset not working

  I have my man-port on vlan 2 this is our MGT vlan we do not use vlan 1, tcpreset is not work. Below is the step I did to set it up
  1 vlan 1 is up but no ip address on this due to vlan 2 is MGT IP
  2 I have the man-port on vlan 2
  intrusion-detection module 9 management-port access-vlan 2
  3 I ran the tcpdump and noting came back go a pars error.
  can anyone shed light on my problems I'm not sure I have everything config right.
  Thanks

  Not sure what you are asking.
  Sounds like you may be confusing the management port with TCP Reset event action for signatures.
  The TCP Reset packets as event actions for signatures will not be sent out of the management port. They are sent out a TCP Reset port.
  The TCP Reset port is not user configurable or even viewable in Native IOS.
  The configuration you need to worry about is not the management-port but instead the data-ports of the IDSM-2. The data-ports need to be properly configured to monitor the traffic you want to execute the TCP Resets on,

• Compare Heap Dumps not working

  Dear All,
  Am trying to compare two heap dumps to find differences. I have read the Tutorial. I have two heap dumps open and click on the Delta button. But all I get is a message saying something like there are no two dumps open on the desktop. Can anybody help? Thanks a lot, Anthony

  Hi Scott,
  thanks for finding this bug... It looks like we do not pick up dumps that have been opened via "Open File...". I will have a look at it.
  The context menu does not work on purpose. The problem is this: in the heap dump we only have the object address. But as the garbage collector is moving objects around, this address changes even as the object stays the same. We cannot know if the object was moved or if a new one was created.
  So one has to structurally compare the heap dump. We do this currently for the histogram on class level and on class loader level (by the extracted class loader name if a name resolver is present). For objects we do nothing at the moment. I haven't really given much thought about that, but it should be possible to compare the graph/domTree once the user picked to comparable objects (which he can, because he knows the semantics).
  Regarding open sourcing: I just spend the last 3 hours hunting a little, tiny bug that was introduced when removing some SAP specifics which we do not open source. Soon, maybe and of next week we should have something there.
  New features is an automatic leak detection, e.g. we create a HTML report with the suspectd leaks. And the handling of local variables, ie. stuff kept alive by a thread, is much easier. Ahh, and we have some pie charts now.
  Andreas.

• WLC, FlexConnect, ISE: Dynamic VLAN not working

  Hi,
  Not sure if this is a WLC or ISE problem, but since I am unsure of the WLC config I will try here first.
  Equipment:
  WiSM2 7.2.111.3
  ISE 1.1.1.268
  AP 3502 in FlexConnect
  What I want to achive:
  One SSID, multiple VLAN
  Devices gets profiled in ISE and based on type of device it gets asigned to a VLAN
  Problem:
  When the device connects the first time it ends up in native VLAN and not switched to the right VLAN, but when I reconnect then it is added to the right VLAN.
  WLC config (I know you like images so here you go ):
  I must be missing something but I can't figure out what. I will be attaching a debug aaa event enable for when the client connect the first time.
  In ISE I have an Authorization Profile that just say VLAN ID/Tag 158 (the VLAN that the device should go to) an it is added to the Authorization rule of the profiled device. CoA is set to Reauth.
  When the client connects I get three events in ISE:
  1.
  Authentication failed :
  22056 Subject not found in the applicable identity store(s)
  2. Authentication Success. With the results:
  UserName=00:18:DE:A2:BC:3A
  User-Name=00-18-DE-A2-BC-3A
  State=ReauthSession:c20e8b2f0000027e50ed27f8
  Class=CACS:c20e8b2f0000027e50ed27f8:ISE01/144259326/671335
  Termination-Action=RADIUS-Request
  Tunnel-Type=(tag=1) VLAN
  Tunnel-Medium-Type=(tag=1) 802
  Tunnel-Private-Group-ID=(tag=1) 158
  cisco-av-pair=profile-name=AX-Intel-Device
  3.
  Dynamic Authorization failed :
  11213 No response received from Network Access Device
  Has anyone got this to work? Do I need to add FlexConnect groups? If so then why?
  Regards,
  Philip

  I think you're hitting CSCua58554
  The bugtoolkit description is horrible....  From what I recall when I ran into it, I believe that Flex connect is having a problem with Mac filtering based AAA override on open wlans (and/or CWA based).  In general, AAA override works fine when it is from like an eap authentication.
  We had to use a 7.3 ES to resolve it.....
  Looks like it is implemented in 7.4 though.....     If you dont want to join the 7.4 bandwagon quite yet, you might could ask TAC for an ES of 7.3,  don't think they have a 7.2 build.

• Ise: Url redirection not working

  everything should be ok on ise and switch
  the switch is configured with its own ip on the vlan (22)
  PS is on vlan (44)
  and ise is configured for web authentication policy to occurr on the logon vlan (33)
  the service is reachable by inputting the policy service ip address on port 8443, authentication is successful, acl downloaded and redirect url pushed properly to the switch but redirect never occurrs,
  instead a blank page (host not reachable) is displayed
  the clients on vlan 33 can resolve dns without problems
  the firewall has been set to make the vlan 44 and 33 talk each other on port 80,443,8443
  it looks like the switch's http/s-server is not making any difference maybe because it is on another vlan though it is routed
  can someone help me?
  i would really appreciate a flow chart on how web redirect works in ise and tge role of the http server
  ps the switch does not support the ip route command

  however not everithing is working as it should, sometimes the acl are not pushed properly and the redirect acl does not show any hit (often), sometimes the centralwebauth acl is not pushed properly and the show ip access list interface results in blank output
  interface GigabitEthernet1/0/10
  description Porte dot1x - voip ISE
  switchport access vlan 300
  switchport mode access
  switchport voice vlan 818
  ip access-group ACL-ALLOW in
  srr-queue bandwidth share 1 30 35 5
  queue-set 2
  priority-queue out
  authentication event fail action next-method
  authentication event server dead action authorize vlan 300
  authentication event server alive action reinitialize
  authentication host-mode multi-domain
  authentication open
  authentication order dot1x mab
  authentication priority dot1x mab
  authentication port-control auto
  authentication periodic
  authentication timer reauthenticate server
  authentication violation restrict
  mab
  mls qos trust cos
  dot1x pae authenticator
  dot1x timeout tx-period 10
  auto qos trust
  spanning-tree portfast
  spanning-tree bpduguard enable
  end
  the show auth sessiond for the interface is
              Interface:  GigabitEthernet1/0/10
            MAC Address:  20cf.3017.645b
             IP Address:  172.31.105.132
              User-Name:  20-CF-30-17-64-5B
                 Status:  Authz Success
                 Domain:  DATA
         Oper host mode:  multi-domain
       Oper control dir:  both
          Authorized By:  Authentication Server
            Vlan Policy:  300
                ACS ACL:  xACSACLx-IP-CentralWebAuth-5062f332
       URL Redirect ACL:  redirect
           URL Redirect:  https://ISEC3395.omitted.omitted:8443/guestportal/gateway?sessionId=AC1F552F0000000A001A6FD2&action=cwa
        Session timeout:  N/A
           Idle timeout:  N/A
      Common Session ID:  AC1F552F0000000A001A6FD2
        Acct Session ID:  0x0000000D
                 Handle:  0x7C00000A

• [Solved] Trying to grep a hex pattern from a binary dump - not working

  Hi all, I'm not sure if this is the right forum but as it is related to a scripting course I'm doing I couldn't see anywhere more suitable.
  I have a raw disk dump that contains several jpeg images etc...  I'm trying to make a carving utility to extract the images using bash and ultimately grep to do the heavy lifting.
  What I'm trying to do is to grep hex escaped character values within the raw disk dump to find the location where a jpeg image starts.  The jpeg image file header in hex is "ffd8ff".  The most straight forward example I could find for how to achieve this was from here: http://www.commandlinefu.com/commands/v … l-patterns
  According to that page I should be able to execute grep -P "\xff\xd8\xff" diskdump.raw in order to be able to get some sort of match, however in spite of my certainty that there are a number of jpeg images in the disk dump (I created the disk dump) and the fact that I can use hex dump utilities to confirm the presence of the matching header grep is refusing to play ball and acknowledge a match. I don't know what to do, other people on the course are able to use grep this way with different distributions.
  Does anyone know if this is a known issue, has anyone come across it before and, better yet, does anyone know how I can get grep to bend to my will on Arch?
  Thanks in advance,
  B
  Last edited by Baz_ (2015-04-03 08:55:11)

  Trilby wrote:
  I think you'll need the -a flag for grep (unless you use ewaller's od approach):
  man grep wrote:-a, --text
          Process a binary file as if it were text; this is equivalent to the --binary-files=text option.
  I have tried "grep -a ...", "grep -Pa ..." and the version that works for my class mate "grep -obPa ..." plus several other variations of the above and none of them work.
  I have a working version of a carver similar to ewaller's idea using a hexdump utility (xxd) rather than od but because of the fact that the header and footer could roll over from one line to another it is extremely inefficient as it requires two searches through the file to ensure that you have found the earliest header (the second search pads a few characters to the front of the raw dump depending on the size of the header).
  The ability to search for a string of characters by their hex values with grep would lead to much more efficient code.
  I don't suppose grep is due an update soon that might cause it to do what I want? Or even better is someone knows how to get grep as it stands to do what I want?
  Thanks for your posts so far guys, much appreciated.
  B

• Coherence *Extend-TCP configuration not working

  Hi,
       I was trying to setup the Coherence *Extend-TCP configuration on my solaris box.
       To start with, i'm trying to start a Cache server instance by using the cluster-side configuration XML (given at URL below)
       http://wiki.tangosol.com/display/COH32UG/Configuring+and+Using+Coherence*Extend
       But while starting its throwing me the below error. The Coherence version that i'm using is 3.2/353. Please advise.
       Exception in thread "main" java.lang.IllegalArgumentException: The "Proxy" element is missing a required acceptor configuration element
       at com.tangosol.coherence.component.util.daemon.queueProcessor.service.ProxyService.configure(ProxyService.CDB:30)
       at com.tangosol.coherence.component.util.SafeService.startService(SafeService.CDB:5)
       at com.tangosol.coherence.component.util.SafeService.getRunningService(SafeService.CDB:26)
       at com.tangosol.coherence.component.util.SafeService.ensureRunningService(SafeService.CDB:1)
       at com.tangosol.coherence.component.util.SafeService.start(SafeService.CDB:9)
       at com.tangosol.net.DefaultConfigurableCacheFactory.ensureService(DefaultConfigurableCacheFactory.java:775)
       at com.tangosol.net.DefaultCacheServer.start(DefaultCacheServer.java:138)
       at com.tangosol.net.DefaultCacheServer.main(DefaultCacheServer.java:60)
       regards
       Mike

  Sorry,
       I noticed that the above error occurs for version 3.1.1 (& not for 3.2) as previously
       specified in previous message (above). My apologies.
       As a follow-up, i've now installed 3.2 jars on my environment & i noticed that the
       above error doesnt occur for this version. The cache server seems to be coming
       up fine now (with the appropriate TCP/IP configuration tag in the xml).
       But when i try to run my client application (which attempts to connect to this
       remote cache server), it throws an InvocationTargetException error (full exception
       below).
       The error indicates that i'm missing some elements in the XML configuration.
       Exception
       (Wrapped) java.lang.reflect.InvocationTargetException
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
            at java.lang.reflect.Method.invoke(Unknown Source)
            at com.tangosol.net.extend.AdapterFactory.ensureCacheServiceAdapter(AdapterFactory.java:69)
            at com.tangosol.net.DefaultConfigurableCacheFactory.ensureService(DefaultConfigurableCacheFactory.java:729)
            at com.tangosol.net.DefaultConfigurableCacheFactory.ensureCache(DefaultConfigurableCacheFactory.java:650)
            at com.tangosol.net.DefaultConfigurableCacheFactory.configureCache(DefaultConfigurableCacheFactory.java:831)
            at com.tangosol.net.DefaultConfigurableCacheFactory.ensureCache(DefaultConfigurableCacheFactory.java:284)
            at com.tangosol.net.CacheFactory.getCache(CacheFactory.java:622)
            at com.tangosol.net.CacheFactory.getCache(CacheFactory.java:600)
            at com.tangosol.examples.explore.SimpleCacheClient.main(SimpleCacheClient.java:25)
       Caused by: java.lang.IllegalArgumentException: Missing required initiator child configuration element: <extend-cache-scheme tier='front'>
       <scheme-name>extend-direct</scheme-name>
       <service-name>ExtendTcpCacheService</service-name>
       <initiator-config tier='front'>
       <tcp-initiator>
       <remote-addresses>
       <socket-address>
       <address>gpblnx1d.nam.nsroot.net</address>
       <port>32000</port>
       </socket-address>
       </remote-addresses>
       <connect-timeout>10s</connect-timeout>
       <request-timeout>5s</request-timeout>
       </tcp-initiator>
       </initiator-config>
       </extend-cache-scheme>
            at com.tangosol.coherence.extend.component.comm.Adapter.getInitiatorElement(Adapter.CDB:13)
            at com.tangosol.coherence.extend.component.comm.adapter.CacheServiceStub.configure(CacheServiceStub.CDB:5)
            at com.tangosol.coherence.extend.component.application.library.generic.CoherenceExtend.createCacheServiceStub(CoherenceExtend.CDB:4)
            at com.tangosol.coherence.extend.component.application.library.generic.CoherenceExtend.ensureCacheServiceStub(CoherenceExtend.CDB:15)

• TCP Tunnelling not working per BPEL Technical Note

  Hi,
  I am trying to follow note http://www.oracle.com/technology/products/ias/bpel/htdocs/orabpel_technotes.tn001.html.
  I have set ob env. When I am executing the tcpmon -- the following command -- I am getting an exception as shown below.
  Could someone please help.
  Thanks
  Shamik
  java -classpath %OB_CLASSPATH% orabpel.apache.axis.utils.tcpmon 1234 localhost 7777
  Exception in thread "main" java.lang.NoClassDefFoundError: orabpel/apache/axis/utils/tcpmon

  For 10.1.3.1, try
  "%JAVA_HOME%\bin\java" -classpath %OB_CLASSPATH% org.collaxa.thirdparty.apache.axis.utils.tcpmon 1234 localhost 8888
  or use developer prompt and go to ..\bin\obtunnel

• TCP Networking not Working

  im using tcp networking to connect to a remote computer
  Chat.java
  import java.net.*;
  import java.io.*;
  public class Chat implements Runnable {
       ServerSocket wait;
       Socket connect;
       private final int PORT = 3674;
       Thread standby;
       public Chat() {
            try {
                 wait = new ServerSocket(PORT);
            }catch(IOException ec) {
                 System.err.println(ec);
            standby = new Thread(this, "Standby");
            standby.start();
       public void run() {
            try {
                 System.out.println("Waiting for Server to Connect...");
                 connect = wait.accept();
            }catch(IOException ec) {
                 System.err.println(ec);
            System.out.println("Connection Recieved from " + connect.getInetAddress());
       public static void main(String args[]) throws Exception {
            Chat c = new Chat();
  ChatSend.java
  import java.net.*;
  import java.io.*;
  import javax.swing.*;
  public class ChatSend {
       public static void main(String args[]) {
            System.out.println("Attempting to Connect");
            Socket connectto;
            int port = Integer.parseInt(JOptionPane.showInputDialog(null, "Connect Using Port:")); // user inputs 3674
            String ip = JOptionPane.showInputDialog(null, "Enter IP:"); // user inputs my ip address
            try {
                 connectto = new Socket(InetAddress.getByName(ip), port);
                 System.out.println("Socket Connected Succesfully");
            }catch(UnknownHostException ec) {
                 System.err.println(ec);
            }catch(IOException ec) {
                 System.err.println(ec);
  }im running Chat.java on my computer and im running ChatSend.java on a friends computer. i am never able to recieve the connection from my friends computer. i tried turning off both of our firewalls but this has no effect. my friend uses a wireless router to connect to the internet and i was wondering if this had any effect.

  If you are running Windows XP, make sure your Windows Firewall is turned off. Your routers may have built in firewalls either turn them off or make sure to open port 3674. Also your modem might have a build in Firewall so you will also have to check for that.

• Load-balancing of transparent cache + IP spoofing + RTSP + MMS not working

  We have already in production an architecture with load-balancing of
  transparent cache + ip spoofing.
  We are unable to do the same for streaming flows (MMS and RTSP).
  We are doing PBR from our core network (2 * C6K) to redirect port 80, 554 and
  1755 toward CSS boxes, same in our access router (2* Ciso7200).
  In this config desired flows are redirected toward the CSS.
  Then CSS should load balance the traffic toward our BlueCoat proxy-cache farm.
  It's working fine for HTTP but we are unable to make it works for MMS and
  RTSP.
  Note that we are requiered to use ECMP to perform IP Spoofing on the CSS, meaning we need 4 routes for each client subnet (one route toward upstream C6K, and 3 routes for each proxy cache). We use acl to get rid off looping condition.
  Anyone who has already put in place Load-balancing of Streaming transparent cache + IP spoofing could give us some hint.
  Many thanks.
  Regards,
  Pierre Viennet

  Gilles, thanks for your input.
  Here where we are at with streaming implementation:
  - HTTP on all type off client is working
  - RTSP: TCP 554 with Real Media client is working
  - RTSP: TCP 554 with WMP not working, but it's due to a bug in Bluecoat implementation, the proxy send an error when he see a request with ( User-Agent: WMPlayer ) for RTSP content.
  - MMS: TCP 1755 not working with IP spoofing enable on the proxy but OK without IP spoofing...
  - UDP 554: not working
  - UDP 1755: not working
  I fully understand the limitation for UDP traffic.
  But I don't see why it's not working for MMS over TCP traffic.
  Note that I have the exact same configuration for RTSP and MMS.
  Why is it not working for MMS with IP spoofing? Are you aware of a difference on the way CSS handle MMS flows? or a specificity of the MMS protocol?
  Below what we can see on the different equipement when trying to launch a MMS over TCP Stream:
  c6k-Faaa#sh mls ip source 195.83.182.72
  Displaying Netflow entries in Supervisor Earl
  DstIP SrcIP Prot:SrcPort:DstPort Src i/f:AdjPtr
  Pkts Bytes Age LastSeen Attributes
  202.3.225.5 195.83.182.72 tcp :1755 :1504 0 : 0
  3 124 17 18:58:12 L3 - Dynamic
  202.3.225.5 195.83.182.72 tcp :1755 :1527 0 : 0
  2 84 3 18:58:20 L3 - Dynamic
  202.3.225.5 195.83.182.72 tcp :554 :1503 0 : 0
  4 360 17 18:58:06 L3 - Dynamic
  c6k-Faaa#
  CSS11503_CORE1# sho flows 202.3.225.5 | grep 1755
  202.3.225.5 38531 195.83.182.72 1755 0.0.0.0 TCP
  2/3 2/1
  202.3.225.5 1527 195.83.182.72 1755 195.83.182.72 TCP
  2/7 2/3
  CSS11503_CORE1# sho flows 202.3.225.5 | grep 1755
  202.3.225.5 38531 195.83.182.72 1755 0.0.0.0 TCP
  2/3 2/1
  202.3.225.5 1527 195.83.182.72 1755 195.83.182.72 TCP
  2/7 2/3
  CSS11503_CORE1# sho flows 202.3.225.5 | grep 1755
  202.3.225.5 38531 195.83.182.72 1755 0.0.0.0 TCP
  2/3 2/1
  202.3.225.5 1527 195.83.182.72 1755 195.83.182.72 TCP
  2/7 2/3
  CSS11503_CORE1#
  TCP 192.168.4.19:1491 195.83.182.72:554 TIME_WAIT
  TCP 192.168.4.19:1492 195.83.182.72:554 TIME_WAIT
  TCP 192.168.4.19:1493 195.83.182.72:1755 TIME_WAIT
  TCP 192.168.4.19:1502 195.83.182.72:554 TIME_WAIT
  TCP 192.168.4.19:1503 195.83.182.72:554 TIME_WAIT
  TCP 192.168.4.19:1504 195.83.182.72:1755 TIME_WAIT
  TCP 192.168.4.19:1525 195.83.182.72:554 TIME_WAIT
  TCP 192.168.4.19:1526 195.83.182.72:554 TIME_WAIT
  TCP 192.168.4.19:1527 195.83.182.72:1755 TIME_WAIT
  Many Thanks for your input.
  Pierre Viennet.

• ISE Guest Activity Report not working (1.2.0.899)

  Recently I upgraded an ISE to 1.2.0.899. I found the Guest Activity Report is not working. Before the upgrade it was working properly (with the limitation of 5000 records by report). Nothing in the ASA was modified, but nothing is reported in the ISE; also I use the tcpdump integrated in the ISE to validate the syslog messages are arriving from the ASA to the ISE. I already enable the Passed Authentication logging category.
  Do I need to modify something else,to have the report?

  Hi
  Please make sure these steps has configured correctly:
  Step 1 Create an alarm, as described in Creating, Editing, and Deleting Alarm Schedules.
  Step 2  Specify a rule for Passed Authentication, Failed Authentications, or Authentication Inactivity for all users of                 type guest, as described in Creating and Assigning an Alarm Rule.
  Step 3 Calculate guest user activity by Monitoring Live Authentications.