Issue of ACL
hi Experts,
I am using wcc11.1.1.7, according to Kyle's blog:
https://blogs.oracle.com/kyle/entry/new_security_configuration_flag_ucm_ps3
I finished ACL configuration as the following:
in $domain/ucm/config/config.cfg, added:
UseEntitySecurity=true
SpecialAuthGroups=ACLGroup
AllowQuerySafeUserColumns=true
I restarted ucm server, then user1 checkin a doc with security grp name of ACLGroup, add user2 with RWDA for user access list, but user2 can not search this doc out, what could be the issue for this?
Best regards
Hi ,
I think the problem here is about understanding how ACL's work .
Basically , ACL is not meant to give / revoke security access / privileges for a document on the fly . It is used to tighten security structure by 1 more notch so that security can be applied on item level . This means that an item can be sub-classified among users who share the same security group / roles to the content item .
Please read through the following forum post which illustrates this point : https://forums.oracle.com/thread/1003039?t
Also , go through the ACL Documentation : http://docs.oracle.com/cd/E28280_01/doc.1111/e26692/securityacls.htm#BEIEIHCA
Section : 21.4 Access Control List Permissions
This line captures the core of ACL functionality :
However, users must also satisfy security criteria for access through the Content Server security group and the account (if Accounts are enabled). If any of these security criteria deny a certain permission, users will not have that permission to the content item.
When a user searches for a content item, all three ACL rights fields are combined as an "OR" condition. That result is combined in an "AND" condition with the result of the Security Group and Account fields. The user conducting the search must have Read permission to the security group, to the account (if accounts are enabled), and to at least one of the three ACL fields to be able to find the content item.
Thanks,
Srinath
Similar Messages
-
Hi ,
I am executing the below script as SYS user
dbms_network_acl_admin.create_acl
acl => 'utl_mail.xml'
,description => 'email Access'
,principal =>'PUBLIC'
,is_grant => TRUE
,privilege =>'connect'
,start_date => NULL
,end_date => NULL
And i am getting the below error
*ERROR at line 1: ORA-31003: Parent /sys/acls/ already contains child entry utl_mail.xml ORA-06512: at "SYS.DBMS_NETWORK_ACL_ADMIN", line 252
But there is no entry in DBA_NETWORK_ACLS that corresponds to utl_mail.xml , but there is an entry for lie the following
/sys/acls/mail_access.xml
i am not able to get around this issue , help needed
I am on Oracle 11gHi,
Raunaq wrote:
Q1: will it not effect my work if i change it to utl_mail_new.xml?
Q2:Does it have something to do with utl_mail. package installed on my DB?
A1: in my opinion no, you will not have any impact.
A2: please see OTN form: https://forums.oracle.com/thread/1019669?start=0&tstart=0
Thank you -
hi all,
Our application team faced a problem of ACL while accessing a table.
Errors are :
ORA - 29273 : HTTP request failed
ORA - 06512 : at "SYS.UTL_HTTP"
ORA - 24247
ACL was working fine earlier and yesterday due the above error we have to unassign it and recreated it. After that it was working fine.
Is it related to database or we have to do any changes at database level?
One more issue is that where this ACL.xml file is located at OS level?
what can be the problem...pl suggest.
Regards.Thanks for your reply sir,
OS : RHEL 5.7
DB : 11.2.0.2.0
I have also gone thorugh your link but it is showing how to configure it. I have configured it properly.
After recreating ACL it is working fine but i have recreated it with new acl file name. So i want to know that at OS level where these file are located and as lots of acl files are already created and I want to remove those files.
I can see all the paths of XML file with this query :
SQL>select * from resource_view;
and it is showing
/sys/acls/file_name.xml
so how can i remove this file?
So how can I do this? Please suggest. -
The right ACL-POSTURE-REDIRECT in ISE
I have an issue in ACL-POSTURE-REDIRECT to download the NAC agent. I got the right page to download and install the agent from the access switch. However, I got error status-2 when trying to download the agent. The intial ACL was as follows
ip access-list extended ACL-POSTURE-REDIRECT
deny udp any any eq domain
deny udp any host "ISE_IP" eq 8905
deny udp any host "ISE_IP" eq 8906
deny tcp any host "ISE_IP" eq 8443
deny tcp any host "ISE_IP" eq 8905
permit ip any any
Then I modified to be like this
ip access-list extended ACL-POSTURE-REDIRECT
deny udp any any eq domain
deny ip any host "ISE_IP"
permit ip any any
The second access list did work for me, but not all the time. !! so which access list should I apply
ThanksThis issue applies to user sessions during the client provisioning phase of authentication. The Possible Causes The client provisioning resource policy could be missing required settings.
Ensure that a client provisioning policy exists in Cisco ISE. If yes, verify the policy identity group, conditions, and type of agent(s) defined in the policy.(Also ensure whether or not there is any agent profile configured under Policy >Policy Elements > Results > Client Provisioning > Resources > Add > ISEPosture Agent Profile, even a profile with all default values.)• Try reauthenticating the client machine by bouncing the port on the accessswitch -
Permission Issues. Slow Computer. Disk Utility Not working.
Hey. So my Macbook (Mac OS X v10.6.8. Snow) is running slow. It also freezes from time to time & the internet is slower than it used to be. Ive been on other laptops in my house and they all have fast internet as usual so its not my provider. And my computer is having a hard time with apps it never used to stuggle with. Now Im sure this is somehow all my fault as I do change my icons and such but I don't really go hopping around the system files screwing with stuff too much. I have changed a few things in System/Library/CoreServices/ to satisfy my customizing needs but other than that I don't muck up stuff that much I hope. Also I recently changed my user name ( im the admin) but it doesnt match my home name anymore... idk what that is
Everytime I open Disky Utility and click verify Permissions.. around 54 "Permissions differ on 'such and such', should be blah blah, they are blah blah" pop up. And about 5 of Users or Group differs on "such and such" Should be 0, is 501 pop up. Someone mentioned I might have issues with ACLs. I have very little knowledge about them so..... anyway. So I hit Repair Permissions and it says it repairs all fifty some. Then I either hit verify again or after a restart or a few days later and the same silly Permission issues pop up. Same. Exact. Ones. Even if these permission issues have nothing to do with what I have said is wrong Id still like to try and fix them. Anyone know what is going on or what I can do?? Please and thank you in advance
I won't paste them all because it would be very long Here are a few examples.
Repairing permissions for “Kenna”
Permissions differ on "System/Library/Frameworks/JavaVM.framework/Versions/A/Headers/AWTCocoaComponen t.h", should be -rw-r--r-- , they are lrw-r--r-- .
Repaired "System/Library/Frameworks/JavaVM.framework/Versions/A/Headers/AWTCocoaComponen t.h".
Permissions differ on "System/Library/Frameworks/JavaVM.framework/Versions/A/Headers/JDWP.h", should be -rw-r--r-- , they are lrw-r--r-- .
Repaired "System/Library/Frameworks/JavaVM.framework/Versions/A/Headers/JDWP.h".
Permissions differ on "System/Library/Frameworks/JavaVM.framework/Versions/A/Headers/JDWPCommands.h", should be -rw-r--r-- , they are lrw-r--r-- .
Repaired "System/Library/Frameworks/JavaVM.framework/Versions/A/Headers/JDWPCommands.h".
User differs on "Applications/Safari.app/Contents/Resources/compass.icns", should be 0, user is 501.
Group differs on "Applications/Safari.app/Contents/Resources/compass.icns", should be 0, group is 20.
Permissions differ on "Applications/Safari.app/Contents/Resources/compass.icns", should be -rw-r--r-- , they are -r--r--r-- .
Repaired "Applications/Safari.app/Contents/Resources/compass.icns".
Permissions differ on "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/Rem ote Desktop Message.app/Contents/Resources/Italian.lproj/UIAgent.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/Rem ote Desktop Message.app/Contents/Resources/Italian.lproj/UIAgent.nib".
Permissions differ on "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreen.app/Contents/Resources/ko.lproj/MainMenu.nib", should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Su pport/LockScreen.app/Contents/Resources/ko.lproj/MainMenu.nib".
Permissions differ on "System/Library/CoreServices/Menu Extras/RemoteDesktop.menu/Contents/Resources/Dutch.lproj/RemoteDesktopMenu.nib" , should be drwxr-xr-x , they are -rwxr-xr-x .
Repaired "System/Library/CoreServices/Menu Extras/RemoteDesktop.menu/Contents/Resources/Dutch.lproj/RemoteDesktopMenu.nib" .
Now these CoreService files i did edit
User differs on "System/Library/CoreServices/loginwindow.app/Contents/Resources/MacOSXServer.ti f", should be 0, user is 501.
Group differs on "System/Library/CoreServices/loginwindow.app/Contents/Resources/MacOSXServer.ti f", should be 0, group is 20.
Repaired "System/Library/CoreServices/loginwindow.app/Contents/Resources/MacOSXServer.ti f".
User differs on "System/Library/CoreServices/DefaultDesktop.jpg", should be 0, user is 501.
Group differs on "System/Library/CoreServices/DefaultDesktop.jpg", should be 0, group is 20.
Repaired "System/Library/CoreServices/DefaultDesktop.jpg".I am not going to Lion. Ive been told I cant customize as much with it so thats not an issue
This what you mean?
Capacity : 249.72 GB
Available : 117.65 GB (117,652,971,520 Bytes)
Used : 132.06 GB (132,062,404,608 Bytes)
Sorry lol i feel silly idk what ram is...
this?
Processor 2.4 GHz Intel Core 2 Duo
Memory 2 Gb 667 MHz DDR2 SDRAM
I know how to backup .. but format and install? New at all this Sry -
I have a problem making a call from Isle of Man that has a 2900 router running CME 8.6 and a remote site Singapore that is on a UCS560, we have created a site to site VPN and can ping from either phone vlan to either phone vlan interfaces. The problem is that when I call from the Isle of Man site the call routes, rings on the remote phone and the user answers, they can hear the Isle of Man but the Isle of man cannot hear them... I hear you all say one way voice must be routing, well I cannot find where the error and like I say we can ping. I have added the singapore config as a starting point and we are calling from 0977 Isle of Man to 3123 Singapore.
version 15.1
parser config cache interface
no service pad
no service timestamps debug uptime
service timestamps log datetime msec localtime
service internal
service compress-config
service sequence-numbers
hostname SG_UC_560
boot-start-marker
boot system flash:/uc500-advipservicesk9-mz.151-4.M6
boot-end-marker
no logging buffered
no logging rate-limit
aaa new-model
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa session-id common
clock timezone WST 8 0
network-clock-participate wic 1
network-clock-select 1 BRI0/1/0
network-clock-select 2 BRI0/1/1
dot11 syslog
ip source-route
ip cef
ip dhcp relay information trust-all
ip dhcp excluded-address 172.16.100.1 172.16.100.99
ip dhcp excluded-address 172.16.100.200 172.16.100.255
ip dhcp excluded-address 192.168.138.1 192.168.138.99
ip dhcp excluded-address 192.168.138.200 192.168.138.255
ip dhcp pool phone
network 172.16.100.0 255.255.255.0
default-router 172.16.100.1
option 150 ip 172.16.100.1
ip dhcp pool data
import all
network 192.168.138.0 255.255.255.0
default-router 192.168.138.1
dns-server 8.8.8.8 8.8.4.4
ip dhcp pool DoorIntercom
host 192.168.138.5 255.255.255.0
hardware-address 7c1e.b3fe.09a8
ip inspect WAAS flush-timeout 10
ip dhcp-client update dns server both
no ipv6 cef
multilink bundle-name authenticated
stcapp ccm-group 1
stcapp
isdn switch-type basic-net3
trunk group ALL_BRI
hunt-scheme longest-idle
translation-profile outgoing PROFILE_ALL_BRI
trunk group ALL_FXO
max-retry 5
voice-class cause-code 1
hunt-scheme longest-idle
voice call send-alert
voice rtp send-recv
voice service voip
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
supplementary-service h450.12
sip
registrar server expires max 600 min 60
no update-callerid
voice class codec 1
codec preference 1 g711ulaw
codec preference 2 g711alaw
codec preference 3 g729r8
codec preference 4 g729br8
voice class cause-code 1
no-circuit
voice register global
mode cme
source-address 172.16.100.1 port 5060
max-dn 120
max-pool 30
load 9971 sip9971.9-2-2
load 9951 sip9951.9-2-2
load 8961 sip8961.9-2-2
authenticate register
authenticate realm uc500.local
timezone 42
date-format D/M/Y
hold-alert
create profile sync 0002461994550035
voice register dn 1
number 199
name Door Intercom
no-reg
label Door Intercom
voice register pool 1
registration-timer max 720 min 660
id mac 7C1E.B3FE.09A8
type CiscoMobile-iOS
number 1 dn 1
cor incoming user-internal default
dtmf-relay rtp-nte
username 199 password
codec g711ulaw
voice hunt-group 1 parallel
final 399
list 122,123
timeout 16
pilot 501
voice translation-rule 4
rule 15 /^...$/ /62223151/
voice translation-rule 1000
rule 1 /.*/ //
voice translation-rule 1112
rule 10 /^90[0123][1-9]\(.*\)/ /019\1/
rule 15 /^9/ //
voice translation-rule 2002
rule 1 /^6/ //
voice translation-rule 2222
voice translation-rule 3119
rule 1 /^3\(...\)/ /\1/
voice translation-rule 3121
rule 1 /3121/ /121/
voice translation-profile CALLER_ID_TRANSLATION_PROFILE
translate calling 1111
voice translation-profile CallBlocking
translate called 2222
voice translation-profile IOM
translate called 3119
voice translation-profile OUTGOING_TRANSLATION_PROFILE
translate called 1112
voice translation-profile PROFILE_ALL_BRI
translate calling 4
voice translation-profile XFER_TO_VM_PROFILE
translate redirect-called 2002
voice translation-profile nondialable
translate called 1000
voice-card 0
fax interface-type fax-mail
license udi pid UC560-BRI-K9 sn FGL164912CA
archive
log config
logging enable
logging size 600
hidekeys
process-max-time 150
ip tftp source-interface Vlan90
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
lifetime 85400
crypto isakmp key xxxxxxxxx address IP of Isle of Man no-xauth
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto map IOM-VPN 10 ipsec-isakmp
set peer IP of Isle of Man
set transform-set ESP-3DES-MD5
match address 150
interface Loopback0
ip address xxxxxxxxx 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/0
ip ddns update hostname xxxxxxxxx
ip ddns update dyndns
ip address dhcp client-id GigabitEthernet0/0
ip nat outside
ip virtual-reassembly in
load-interval 30
duplex auto
speed auto
crypto map IOM-VPN
interface Integrated-Service-Engine0/0
description Interface used to manage integrated application modulecue is initialized with default IMAP group
ip unnumbered Vlan90
ip nat inside
ip virtual-reassembly in
service-module ip address 10.1.10.1 255.255.255.252
service-module ip default-gateway 10.1.10.2
interface GigabitEthernet0/1/0
switchport mode trunk
switchport voice vlan 100
no ip address
macro description cisco-switch
interface GigabitEthernet0/1/1
switchport mode trunk
switchport voice vlan 100
no ip address
macro description cisco-switch
interface GigabitEthernet0/1/2
no ip address
macro description cisco-desktop
spanning-tree portfast
interface GigabitEthernet0/1/3
description Interface used to communicate with integrated service module
switchport access vlan 90
no ip address
service-module ip address 10.1.10.1 255.255.255.252
service-module ip default-gateway 10.1.10.2
interface BRI0/1/0
no ip address
isdn switch-type basic-net3
isdn point-to-point-setup
isdn incoming-voice voice
isdn sending-complete
trunk-group ALL_BRI 64
interface BRI0/1/1
no ip address
isdn switch-type basic-net3
isdn point-to-point-setup
isdn incoming-voice voice
isdn sending-complete
trunk-group ALL_BRI 64
interface Virtual-Template1
ip unnumbered Loopback0
ip nat inside
ip virtual-reassembly in
interface Virtual-Template200 type serial
no ip address
interface Vlan1
ip address 192.168.138.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface Vlan90
ip address 10.1.10.2 255.255.255.252
ip nat inside
ip virtual-reassembly in
interface Vlan100
ip address 172.16.100.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip local pool SDM_WEBVPN_POOL_1 192.168.138.20 192.168.138.29
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http path flash:/gui
ip dns server
ip nat inside source route-map SDM_RMAP_1 interface GigabitEthernet0/0 overload
ip route 10.1.10.1 255.255.255.255 Vlan90
access-list 100 deny ip 192.168.138.0 0.0.0.255 192.168.104.0 0.0.0.255
access-list 100 deny ip 172.16.100.0 0.0.0.255 172.16.105.0 0.0.0.255
access-list 100 deny ip 172.16.100.0 0.0.0.255 192.168.104.0 0.0.0.255
access-list 100 deny ip 192.168.138.0 0.0.0.255 172.16.105.0 0.0.0.255
access-list 100 permit ip 10.1.10.0 0.0.0.3 any
access-list 100 permit ip 192.168.138.0 0.0.0.255 any
access-list 100 permit ip 172.16.100.0 0.0.0.255 any
access-list 150 permit ip 192.168.138.0 0.0.0.255 192.168.104.0 0.0.0.255
access-list 150 permit ip 172.16.100.0 0.0.0.255 172.16.105.0 0.0.0.255
access-list 150 permit ip 172.16.100.0 0.0.0.255 192.168.104.0 0.0.0.255
access-list 150 permit ip 192.168.138.0 0.0.0.255 172.16.105.0 0.0.0.255
route-map SDM_RMAP_1 permit 1
match ip address 100
snmp-server community public RO
tftp-server flash:/phones/6901_6911/SCCP6911.9-1-1-0.loads alias SCCP6911.9-1-1-0.loads
tftp-server flash:/phones/6901_6911/SCCP6901.9-1-1-0.loads alias SCCP6901.9-1-1-0.loads
tftp-server flash:/phones/6901_6911/KNL6911SCCP.9-1-1-0.zz.sgn alias KNL6911SCCP.9-1-1-0.zz.sgn
tftp-server flash:/phones/6901_6911/KNL6901SCCP.9-1-1-0.zz.sgn alias KNL6901SCCP.9-1-1-0.zz.sgn
tftp-server flash:/phones/6901_6911/BFS6911SCCP.9-1-1-0.zz.sgn alias BFS6911SCCP.9-1-1-0.zz.sgn
tftp-server flash:/phones/6901_6911/APP6911SCCP.9-1-1-0.zz.sgn alias APP6911SCCP.9-1-1-0.zz.sgn
tftp-server flash:/phones/6901_6911/APP6901SCCP.9-1-1-0.zz.sgn alias APP6901SCCP.9-1-1-0.zz.sgn
tftp-server flash:/phones/69xx/SCCP69xx.9-1-1-2-sr.loads alias SCCP69xx.9-1-1-2-sr.loads
tftp-server flash:/phones/69xx/BOOT69xx.0-0-0-14.zz.sgn alias BOOT69xx.0-0-0-14.zz.sgn
tftp-server flash:/phones/69xx/DSP69xx.0-0-0-4.zz.sgn alias DSP69xx.0-0-0-4.zz.sgn
tftp-server flash:/phones/69xx/SCCP69xx.9-1-1-2-sr.zz.sgn alias SCCP69xx.9-1-1-2-sr.zz.sgn
tftp-server flash:/phones/521_524/cp524g-8-1-17.bin alias cp524g-8-1-17.bin
tftp-server flash:/phones/525/spa525g-7-4-9c.bin alias spa525g-7-4-9c.bin
tftp-server flash:/phones/50x-30x/spa50x-30x-7-4-9c.bin alias spa50x-30x-7-4-9c.bin
tftp-server flash:/phones/7906_7911/apps11.9-2-1TH1-13.sbn alias apps11.9-2-1TH1-13.sbn
tftp-server flash:/phones/7906_7911/cnu11.9-2-1TH1-13.sbn alias cnu11.9-2-1TH1-13.sbn
tftp-server flash:/phones/7906_7911/cvm11sccp.9-2-1TH1-13.sbn alias cvm11sccp.9-2-1TH1-13.sbn
tftp-server flash:/phones/7906_7911/dsp11.9-2-1TH1-13.sbn alias dsp11.9-2-1TH1-13.sbn
tftp-server flash:/phones/7906_7911/jar11sccp.9-2-1TH1-13.sbn alias jar11sccp.9-2-1TH1-13.sbn
tftp-server flash:/phones/7906_7911/SCCP11.9-2-1S.loads alias SCCP11.9-2-1S.loads
tftp-server flash:/phones/7906_7911/term06.default.loads alias term06.default.loads
tftp-server flash:/phones/7906_7911/term11.default.loads alias term11.default.loads
tftp-server flash:/phones/7914/S00105000400.sbn alias S00105000400.sbn
tftp-server flash:/phones/7915/B015-1-0-4.SBN alias B015-1-0-4.SBN
tftp-server flash:/phones/7916/B016-1-0-4.SBN alias B016-1-0-4.SBN
tftp-server flash:/phones/7921/APPS-1.4.1SR1.SBN alias APPS-1.4.1SR1.SBN
tftp-server flash:/phones/7921/CP7921G-1.4.1SR1.LOADS alias CP7921G-1.4.1SR1.LOADS
tftp-server flash:/phones/7921/GUI-1.4.1SR1.SBN alias GUI-1.4.1SR1.SBN
tftp-server flash:/phones/7921/TNUXR-1.4.1SR1.SBN alias TNUXR-1.4.1SR1.SBN
tftp-server flash:/phones/7921/SYS-1.4.1SR1.SBN alias SYS-1.4.1SR1.SBN
tftp-server flash:/phones/7921/TNUX-1.4.1SR1.SBN alias TNUX-1.4.1SR1.SBN
tftp-server flash:/phones/7921/WLAN-1.4.1SR1.SBN alias WLAN-1.4.1SR1.SBN
tftp-server flash:/phones/7925/APPSH-1.4.1SR1.SBN alias APPSH-1.4.1SR1.SBN
tftp-server flash:/phones/7925/CP7925G-1.4.1SR1.LOADS alias CP7925G-1.4.1SR1.LOADS
tftp-server flash:/phones/7925/GUIH-1.4.1SR1.SBN alias GUIH-1.4.1SR1.SBN
tftp-server flash:/phones/7925/JSYSH-1.4.1SR1.SBN alias JSYSH-1.4.1SR1.SBN
tftp-server flash:/phones/7925/JUIH-1.4.1SR1.SBN alias JUIH-1.4.1SR1.SBN
tftp-server flash:/phones/7925/SYSH-1.4.1SR1.SBN alias SYSH-1.4.1SR1.SBN
tftp-server flash:/phones/7925/TNUXH-1.4.1SR1.SBN alias TNUXH-1.4.1SR1.SBN
tftp-server flash:/phones/7925/TNUXRH-1.4.1SR1.SBN alias TNUXRH-1.4.1SR1.SBN
tftp-server flash:/phones/7925/WLANH-1.4.1SR1.SBN alias WLANH-1.4.1SR1.SBN
tftp-server flash:/phones/7931/apps31.9-1-1TH1-16.sbn alias apps31.9-1-1TH1-16.sbn
tftp-server flash:/phones/7931/cnu31.9-1-1TH1-16.sbn alias cnu31.9-1-1TH1-16.sbn
tftp-server flash:/phones/7931/cvm31sccp.9-1-1TH1-16.sbn alias cvm31sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7931/dsp31.9-1-1TH1-16.sbn alias dsp31.9-1-1TH1-16.sbn
tftp-server flash:/phones/7931/jar31sccp.9-1-1TH1-16.sbn alias jar31sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7931/SCCP31.9-1-1SR1S.loads alias SCCP31.9-1-1SR1S.loads
tftp-server flash:/phones/7931/term31.default.loads alias term31.default.loads
tftp-server flash:/phones/7936/cmterm_7936.3-3-21-0.bin alias cmterm_7936.3-3-21-0.bin
tftp-server flash:/phones/7937/apps37sccp.1-4-4-0.bin alias apps37sccp.1-4-4-0.bin
tftp-server flash:/phones/7940_7960/P00308010200.bin alias P00308010200.bin
tftp-server flash:/phones/7940_7960/P00308010200.loads alias P00308010200.loads
tftp-server flash:/phones/7940_7960/P00308010200.sb2 alias P00308010200.sb2
tftp-server flash:/phones/7940_7960/P00308010200.sbn alias P00308010200.sbn
tftp-server flash:/phones/7941_7961/apps41.9-1-1TH1-16.sbn alias apps41.9-1-1TH1-16.sbn
tftp-server flash:/phones/7941_7961/cnu41.9-1-1TH1-16.sbn alias cnu41.9-1-1TH1-16.sbn
tftp-server flash:/phones/7941_7961/cvm41sccp.9-1-1TH1-16.sbn alias cvm41sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7941_7961/dsp41.9-1-1TH1-16.sbn alias dsp41.9-1-1TH1-16.sbn
tftp-server flash:/phones/7941_7961/jar41sccp.9-1-1TH1-16.sbn alias jar41sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7941_7961/SCCP41.9-1-1SR1S.loads alias SCCP41.9-1-1SR1S.loads
tftp-server flash:/phones/7941_7961/term41.default.loads alias term41.default.loads
tftp-server flash:/phones/7941_7961/term61.default.loads alias term61.default.loads
tftp-server flash:/phones/7942_7962/apps42.9-1-1TH1-16.sbn alias apps42.9-1-1TH1-16.sbn
tftp-server flash:/phones/7942_7962/cnu42.9-1-1TH1-16.sbn alias cnu42.9-1-1TH1-16.sbn
tftp-server flash:/phones/7942_7962/cvm42sccp.9-1-1TH1-16.sbn alias cvm42sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7942_7962/dsp42.9-1-1TH1-16.sbn alias dsp42.9-1-1TH1-16.sbn
tftp-server flash:/phones/7942_7962/jar42sccp.9-1-1TH1-16.sbn alias jar42sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7942_7962/SCCP42.9-1-1SR1S.loads alias SCCP42.9-1-1SR1S.loads
tftp-server flash:/phones/7942_7962/term42.default.loads alias term42.default.loads
tftp-server flash:/phones/7942_7962/term62.default.loads alias term62.default.loads
tftp-server flash:/phones/7945_7965/apps45.9-1-1TH1-16.sbn alias apps45.9-1-1TH1-16.sbn
tftp-server flash:/phones/7945_7965/cnu45.9-1-1TH1-16.sbn alias cnu45.9-1-1TH1-16.sbn
tftp-server flash:/phones/7945_7965/cvm45sccp.9-1-1TH1-16.sbn alias cvm45sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7945_7965/dsp45.9-1-1TH1-16.sbn alias dsp45.9-1-1TH1-16.sbn
tftp-server flash:/phones/7945_7965/jar45sccp.9-1-1TH1-16.sbn alias jar45sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7945_7965/SCCP45.9-1-1SR1S.loads alias SCCP45.9-1-1SR1S.loads
tftp-server flash:/phones/7945_7965/term45.default.loads alias term45.default.loads
tftp-server flash:/phones/7945_7965/term65.default.loads alias term65.default.loads
tftp-server flash:/phones/7970_7971/apps70.9-1-1TH1-16.sbn alias apps70.9-1-1TH1-16.sbn
tftp-server flash:/phones/7970_7971/cnu70.9-1-1TH1-16.sbn alias cnu70.9-1-1TH1-16.sbn
tftp-server flash:/phones/7970_7971/cvm70sccp.9-1-1TH1-16.sbn alias cvm70sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7970_7971/dsp70.9-1-1TH1-16.sbn alias dsp70.9-1-1TH1-16.sbn
tftp-server flash:/phones/7970_7971/jar70sccp.9-1-1TH1-16.sbn alias jar70sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7970_7971/SCCP70.9-1-1SR1S.loads alias SCCP70.9-1-1SR1S.loads
tftp-server flash:/phones/7970_7971/term70.default.loads alias term70.default.loads
tftp-server flash:/phones/7970_7971/term71.default.loads alias term71.default.loads
tftp-server flash:/phones/7975/apps75.9-1-1TH1-16.sbn alias apps75.9-1-1TH1-16.sbn
tftp-server flash:/phones/7975/cnu75.9-1-1TH1-16.sbn alias cnu75.9-1-1TH1-16.sbn
tftp-server flash:/phones/7975/cvm75sccp.9-1-1TH1-16.sbn alias cvm75sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7975/dsp75.9-1-1TH1-16.sbn alias dsp75.9-1-1TH1-16.sbn
tftp-server flash:/phones/7975/jar75sccp.9-1-1TH1-16.sbn alias jar75sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7975/SCCP75.9-1-1SR1S.loads alias SCCP75.9-1-1SR1S.loads
tftp-server flash:/phones/7975/term75.default.loads alias term75.default.loads
tftp-server flash:/phones/8961/dkern8961.100609R2-9-2-2.sebn alias dkern8961.100609R2-9-2-2.sebn
tftp-server flash:/phones/8961/kern8961.9-2-2.sebn alias kern8961.9-2-2.sebn
tftp-server flash:/phones/8961/rootfs8961.9-2-2.sebn alias rootfs8961.9-2-2.sebn
tftp-server flash:/phones/8961/sboot8961.031610R1-9-2-2.sebn alias sboot8961.031610R1-9-2-2.sebn
tftp-server flash:/phones/8961/sip8961.9-2-2.loads alias sip8961.9-2-2.loads
tftp-server flash:/phones/8961/skern8961.022809R2-9-2-2.sebn alias skern8961.022809R2-9-2-2.sebn
tftp-server flash:/phones/9951/dkern9951.100609R2-9-2-2.sebn alias dkern9951.100609R2-9-2-2.sebn
tftp-server flash:/phones/9951/kern9951.9-2-2.sebn alias kern9951.9-2-2.sebn
tftp-server flash:/phones/9951/rootfs9951.9-2-2.sebn alias rootfs9951.9-2-2.sebn
tftp-server flash:/phones/9951/sboot9951.031610R1-9-2-2.sebn alias sboot9951.031610R1-9-2-2.sebn
tftp-server flash:/phones/9951/sip9951.9-2-2.loads alias sip9951.9-2-2.loads
tftp-server flash:/phones/9951/skern9951.022809R2-9-2-2.sebn alias skern9951.022809R2-9-2-2.sebn
tftp-server flash:/phones/9971/dkern9971.100609R2-9-2-2.sebn alias dkern9971.100609R2-9-2-2.sebn
tftp-server flash:/phones/9971/kern9971.9-2-2.sebn alias kern9971.9-2-2.sebn
tftp-server flash:/phones/9971/rootfs9971.9-2-2.sebn alias rootfs9971.9-2-2.sebn
tftp-server flash:/phones/9971/sboot9971.031610R1-9-2-2.sebn alias sboot9971.031610R1-9-2-2.sebn
tftp-server flash:/phones/9971/sip9971.9-2-2.loads alias sip9971.9-2-2.loads
tftp-server flash:/phones/9971/skern9971.022809R2-9-2-2.sebn alias skern9971.022809R2-9-2-2.sebn
tftp-server flash:/ringtones/Analog1.raw alias Analog1.raw
tftp-server flash:/ringtones/Analog2.raw alias Analog2.raw
tftp-server flash:/ringtones/AreYouThere.raw alias AreYouThere.raw
tftp-server flash:/ringtones/DistinctiveRingList.xml alias DistinctiveRingList.xml
tftp-server flash:/ringtones/RingList.xml alias RingList.xml
tftp-server flash:/ringtones/AreYouThereF.raw alias AreYouThereF.raw
tftp-server flash:/ringtones/Bass.raw alias Bass.raw
tftp-server flash:/ringtones/CallBack.raw alias CallBack.raw
tftp-server flash:/ringtones/Chime.raw alias Chime.raw
tftp-server flash:/ringtones/Classic1.raw alias Classic1.raw
tftp-server flash:/ringtones/Classic2.raw alias Classic2.raw
tftp-server flash:/ringtones/ClockShop.raw alias ClockShop.raw
tftp-server flash:/ringtones/Drums1.raw alias Drums1.raw
tftp-server flash:/ringtones/Drums2.raw alias Drums2.raw
tftp-server flash:/ringtones/FilmScore.raw alias FilmScore.raw
tftp-server flash:/ringtones/HarpSynth.raw alias HarpSynth.raw
tftp-server flash:/ringtones/Jamaica.raw alias Jamaica.raw
tftp-server flash:/ringtones/KotoEffect.raw alias KotoEffect.raw
tftp-server flash:/ringtones/MusicBox.raw alias MusicBox.raw
tftp-server flash:/ringtones/Piano1.raw alias Piano1.raw
tftp-server flash:/ringtones/Piano2.raw alias Piano2.raw
tftp-server flash:/ringtones/Pop.raw alias Pop.raw
tftp-server flash:/ringtones/Pulse1.raw alias Pulse1.raw
tftp-server flash:/ringtones/Ring1.raw alias Ring1.raw
tftp-server flash:/ringtones/Ring2.raw alias Ring2.raw
tftp-server flash:/ringtones/Ring3.raw alias Ring3.raw
tftp-server flash:/ringtones/Ring4.raw alias Ring4.raw
tftp-server flash:/ringtones/Ring5.raw alias Ring5.raw
tftp-server flash:/ringtones/Ring6.raw alias Ring6.raw
tftp-server flash:/ringtones/Ring7.raw alias Ring7.raw
tftp-server flash:/ringtones/Sax1.raw alias Sax1.raw
tftp-server flash:/ringtones/Sax2.raw alias Sax2.raw
tftp-server flash:/ringtones/Vibe.raw alias Vibe.raw
tftp-server flash:/Desktops/CampusNight.png
tftp-server flash:/Desktops/TN-CampusNight.png
tftp-server flash:/Desktops/CiscoFountain.png
tftp-server flash:/Desktops/TN-CiscoFountain.png
tftp-server flash:/Desktops/CiscoLogo.png
tftp-server flash:/Desktops/TN-CiscoLogo.png
tftp-server flash:/Desktops/Fountain.png
tftp-server flash:/Desktops/TN-Fountain.png
tftp-server flash:/Desktops/MorroRock.png
tftp-server flash:/Desktops/TN-MorroRock.png
tftp-server flash:/Desktops/NantucketFlowers.png
tftp-server flash:/Desktops/TN-NantucketFlowers.png
tftp-server flash:Desktops/320x212x16/List.xml
tftp-server flash:Desktops/320x212x12/List.xml
tftp-server flash:Desktops/320x216x16/List.xml
tftp-server flash:/bacdprompts/en_bacd_allagentsbusy.au alias en_bacd_allagentsbusy.au
tftp-server flash:/bacdprompts/en_bacd_disconnect.au alias en_bacd_disconnect.au
tftp-server flash:/bacdprompts/en_bacd_enter_dest.au alias en_bacd_enter_dest.au
tftp-server flash:/bacdprompts/en_bacd_invalidoption.au alias en_bacd_invalidoption.au
tftp-server flash:/bacdprompts/en_bacd_music_on_hold.au alias en_bacd_music_on_hold.au
tftp-server flash:/bacdprompts/en_bacd_options_menu.au alias en_bacd_options_menu.au
tftp-server flash:/bacdprompts/en_bacd_welcome.au alias en_bacd_welcome.au
tftp-server flash:/bacdprompts/en_bacd_xferto_operator.au alias en_bacd_xferto_operator.au
radius-server attribute 31 send nas-port-detail
control-plane
voice-port 0/0/0
cptone SG
station-id number 401
caller-id enable
voice-port 0/0/1
cptone SG
station-id number 402
caller-id enable
voice-port 0/0/2
cptone SG
station-id number 403
caller-id enable
voice-port 0/0/3
cptone SG
station-id number 404
caller-id enable
voice-port 0/1/0
compand-type a-law
cptone SG
bearer-cap Speech
voice-port 0/1/1
compand-type a-law
cptone SG
bearer-cap Speech
voice-port 0/3/0
trunk-group ALL_FXO 64
cptone SG
connection plar opx 501
description Configured by CCA 4 FXO-0/3/0-BG
caller-id enable
voice-port 0/3/1
trunk-group ALL_FXO 64
cptone SG
connection plar opx 501
description Configured by CCA 4 FXO-0/3/1-BG
caller-id enable
voice-port 0/3/2
trunk-group ALL_FXO 64
cptone SG
connection plar opx 501
description Configured by CCA 4 FXO-0/3/2-BG
caller-id enable
voice-port 0/3/3
trunk-group ALL_FXO 64
cptone SG
connection plar opx 501
description Configured by CCA 4 FXO-0/3/3-BG
caller-id enable
voice-port 0/4/0
auto-cut-through
signal immediate
input gain auto-control -15
description Music On Hold Port
sccp local Vlan90
sccp ccm 172.16.100.1 identifier 1 version 3.1
sccp
sccp ccm group 1
associate ccm 1 priority 1
dial-peer cor custom
name internal
name local
name local-plus
name international
name national
name national-plus
name emergency
name toll-free
dial-peer cor list call-internal
member internal
dial-peer cor list call-local
member local
dial-peer cor list call-local-plus
member local-plus
dial-peer cor list call-national
member national
dial-peer cor list call-national-plus
member national-plus
dial-peer cor list call-international
member international
dial-peer cor list call-emergency
member emergency
dial-peer cor list call-toll-free
member toll-free
dial-peer cor list user-internal
member internal
member emergency
dial-peer cor list user-local
member internal
member local
member emergency
member toll-free
dial-peer cor list user-local-plus
member internal
member local
member local-plus
member emergency
member toll-free
dial-peer cor list user-national
member internal
member local
member local-plus
member national
member emergency
member toll-free
dial-peer cor list user-national-plus
member internal
member local
member local-plus
member national
member national-plus
member emergency
member toll-free
dial-peer cor list user-international
member internal
member local
member local-plus
member international
member national
member national-plus
member emergency
member toll-free
dial-peer voice 1 pots
destination-pattern 401
port 0/0/0
no sip-register
dial-peer voice 2 pots
destination-pattern 402
port 0/0/1
no sip-register
dial-peer voice 3 pots
destination-pattern 403
port 0/0/2
no sip-register
dial-peer voice 4 pots
destination-pattern 404
port 0/0/3
no sip-register
dial-peer voice 5 pots
description ** MOH Port **
destination-pattern ABC
port 0/4/0
no sip-register
dial-peer voice 6 pots
description ôcatch all dial peer for BRI/PRIö
translation-profile incoming nondialable
incoming called-number .%
direct-inward-dial
dial-peer voice 50 pots
description ** incoming dial peer **
incoming called-number ^AAAA$
direct-inward-dial
port 0/1/0
dial-peer voice 51 pots
description ** incoming dial peer **
incoming called-number ^AAAA$
direct-inward-dial
port 0/1/1
dial-peer voice 150 pots
description ** incoming dial peer **
incoming called-number ^AAAA$
port 0/3/0
dial-peer voice 151 pots
description ** incoming dial peer **
incoming called-number ^AAAA$
port 0/3/1
dial-peer voice 152 pots
description ** incoming dial peer **
incoming called-number ^AAAA$
port 0/3/2
dial-peer voice 153 pots
description ** incoming dial peer **
incoming called-number ^AAAA$
port 0/3/3
dial-peer voice 154 pots
description ** FXO pots dial-peer **
destination-pattern A0
port 0/3/0
no sip-register
dial-peer voice 155 pots
description ** FXO pots dial-peer **
destination-pattern A1
port 0/3/1
no sip-register
dial-peer voice 156 pots
description ** FXO pots dial-peer **
destination-pattern A2
port 0/3/2
no sip-register
dial-peer voice 157 pots
description ** FXO pots dial-peer **
destination-pattern A3
port 0/3/3
no sip-register
dial-peer voice 2000 voip
description ** cue voicemail pilot number **
translation-profile outgoing XFER_TO_VM_PROFILE
destination-pattern 399
b2bua
session protocol sipv2
session target ipv4:10.1.10.1
voice-class sip outbound-proxy ipv4:10.1.10.1
dtmf-relay rtp-nte
codec g711ulaw
no vad
dial-peer voice 52 pots
trunkgroup ALL_BRI
corlist outgoing call-emergency
description **CCA*Singapore*Emergency Services**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 999[59]
forward-digits all
no sip-register
dial-peer voice 53 pots
trunkgroup ALL_FXO
corlist outgoing call-emergency
description **CCA*Singapore*Emergency Services**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 999[59]
forward-digits all
no sip-register
dial-peer voice 54 pots
trunkgroup ALL_BRI
corlist outgoing call-local
description **CCA*Singapore*VoIP Services**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 93.......
forward-digits all
no sip-register
dial-peer voice 55 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*Singapore*VoIP Services**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 93.......
forward-digits all
no sip-register
dial-peer voice 56 pots
trunkgroup ALL_BRI
corlist outgoing call-local
description **CCA*Singapore*Fixed Line Service**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 96.......
forward-digits all
no sip-register
dial-peer voice 57 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*Singapore*Fixed Line Service**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 96.......
forward-digits all
no sip-register
dial-peer voice 58 pots
trunkgroup ALL_BRI
corlist outgoing call-local-plus
description **CCA*Singapore*Mobile Phones**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 9[89].......
forward-digits all
no sip-register
dial-peer voice 59 pots
trunkgroup ALL_FXO
corlist outgoing call-local-plus
description **CCA*Singapore*Mobile Phones**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 9[89].......
forward-digits all
no sip-register
dial-peer voice 60 pots
trunkgroup ALL_BRI
corlist outgoing call-toll-free
description **CCA*Singapore*Freephone Calls**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 91800.......
forward-digits all
no sip-register
dial-peer voice 61 pots
trunkgroup ALL_FXO
corlist outgoing call-toll-free
description **CCA*Singapore*Freephone Calls**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 91800.......
forward-digits all
no sip-register
dial-peer voice 64 pots
trunkgroup ALL_BRI
description **CCA*Singapore*Alternate Carrier Select**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 915T
forward-digits all
no sip-register
dial-peer voice 65 pots
trunkgroup ALL_FXO
description **CCA*Singapore*Alternate Carrier Select**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 915T
forward-digits all
no sip-register
dial-peer voice 66 pots
trunkgroup ALL_BRI
corlist outgoing call-international
description **CCA*Singapore*International Calls**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 90[0123][1-9]T
forward-digits all
no sip-register
dial-peer voice 67 pots
trunkgroup ALL_FXO
corlist outgoing call-international
description **CCA*Singapore*International Calls**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 90[0123][1-9]T
forward-digits all
no sip-register
dial-peer voice 68 pots
trunkgroup ALL_BRI
corlist outgoing call-local
description **CCA*Singapore*Operator**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 91[01].
forward-digits all
no sip-register
dial-peer voice 69 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*Singapore*Operator**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 91[01].
forward-digits all
no sip-register
dial-peer voice 70 pots
trunkgroup ALL_BRI
corlist outgoing call-local
description **CCA*Singapore*Service Numbers**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 913..
forward-digits all
no sip-register
dial-peer voice 71 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*Singapore*Service Numbers**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 913..
forward-digits all
no sip-register
dial-peer voice 72 pots
trunkgroup ALL_BRI
corlist outgoing call-local
description **CCA*Singapore*Service Numbers**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 916..
forward-digits all
no sip-register
dial-peer voice 73 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*Singapore*Service Numbers**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 916..
forward-digits all
no sip-register
dial-peer voice 74 pots
trunkgroup ALL_BRI
corlist outgoing call-local
description **CCA*Singapore*Service Numbers**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 917..
forward-digits all
no sip-register
dial-peer voice 75 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*Singapore*Service Numbers**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 917..
forward-digits all
no sip-register
dial-peer voice 76 pots
trunkgroup ALL_BRI
corlist outgoing call-local
description **CCA*Singapore*Service Numbers**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 918[0-9][1-9].
forward-digits all
no sip-register
dial-peer voice 77 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*Singapore*Service Numbers**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 918[0-9][1-9].
forward-digits all
no sip-register
dial-peer voice 78 pots
trunkgroup ALL_BRI
corlist outgoing call-local
description **CCA*Singapore*Service Numbers**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 919[1-9][1-9]
forward-digits all
no sip-register
dial-peer voice 79 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*Singapore*Service Numbers**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 919[1-9][1-9]
forward-digits all
no sip-register
dial-peer voice 80 pots
trunkgroup ALL_BRI
description **CCA*Singapore*Special Service Code/International Prefixes**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 91T
forward-digits all
no sip-register
dial-peer voice 81 pots
trunkgroup ALL_FXO
description **CCA*Singapore*Special Service Code/International Prefixes**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 91T
forward-digits all
no sip-register
dial-peer voice 82 pots
trunkgroup ALL_BRI
corlist outgoing call-toll-free
description **CCA*Singapore*Freephone Calls**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 9800T
forward-digits all
no sip-register
dial-peer voice 83 pots
trunkgroup ALL_FXO
corlist outgoing call-toll-free
description **CCA*Singapore*Freephone Calls**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 9800T
forward-digits all
no sip-register
dial-peer voice 3150 voip
description INTERSITE CALLS TO IOM
translation-profile incoming IOM
destination-pattern 09..
session target ipv4:172.16.105.3
incoming called-number .T
dtmf-relay h245-alphanumeric
codec g729br8
dial-peer voice 3151 voip
destination-pattern 0977
session target ipv4:172.16.105.3
max-redirects 10
dtmf-relay h245-alphanumeric
codec g729br8
no dial-peer outbound status-check pots
sip-ua
telephony-service
video
fxo hook-flash
max-ephones 138
max-dn 600
ip source-address 172.16.100.1 port 2000
auto assign 1 to 1 type bri
calling-number initiator
service phone videoCapability 1
service phone ehookenable 1
service dnis overlay
service dnis dir-lookup
service dss
timeouts interdigit 5
system message Seaboard
url services http://10.1.10.1/voiceview/common/login.do
url authentication http://10.1.10.1/voiceview/authentication/authenticate.do
load 7914 S00105000400
load 7915-12 B015-1-0-4
load 7915-24 B015-1-0-4
load 7916-12 B016-1-0-4
load 7916-24 B016-1-0-4
load 7906 SCCP11.9-2-1S
load 7911 SCCP11.9-2-1S
load 7921 CP7921G-1.4.1SR1
load 7925 CP7925G-1.4.1SR1
load 7931 SCCP31.9-1-1SR1S
load 7936 cmterm_7936.3-3-21-0
load 7937 apps37sccp.1-4-4-0
load 7960-7940 P00308010200
load 7941 SCCP41.9-1-1SR1S
load 7941GE SCCP41.9-1-1SR1S
load 7942 SCCP42.9-1-1SR1S
load 7945 SCCP45.9-1-1SR1S
load 7961 SCCP41.9-1-1SR1S
load 7961GE SCCP41.9-1-1SR1S
load 7962 SCCP42.9-1-1SR1S
load 7965 SCCP45.9-1-1SR1S
load 7970 SCCP70.9-1-1SR1S
load 7971 SCCP70.9-1-1SR1S
load 7975 SCCP75.9-1-1SR1S
load 521G-524G cp524g-8-1-17
load 525G spa525g-7-4-9c
load 501G spa50x-30x-7-4-9c
load 502G spa50x-30x-7-4-9c
load 504G spa50x-30x-7-4-9c
load 508G spa50x-30x-7-4-9c
load 509G spa50x-30x-7-4-9c
load 525G2 spa525g-7-4-9c
load 301 spa50x-30x-7-4-9c
load 303 spa50x-30x-7-4-9c
load 6921 SCCP69xx.9-1-1-2-sr
load 6941 SCCP69xx.9-1-1-2-sr
load 6961 SCCP69xx.9-1-1-2-sr
load 6901 SCCP6901.9-1-1-0
load 6911 SCCP6911.9-1-1-0
time-zone 42
date-format dd-mm-yy
keepalive 30 auxiliary 4
voicemail 399
max-conferences 8 gain -6
call-forward pattern .T
call-forward system redirecting-expanded
multicast moh 239.10.16.16 port 2000
web admin system name admin secret 5 $1$.BzE$MaR5EV3sF7La6S4Mpk02w1
dn-webedit
time-webedit
transfer-system full-consult dss
transfer-pattern 9.T
transfer-pattern .T
transfer-pattern 6... blind
secondary-dialtone 9
night-service day Sun 17:00 09:00
night-service day Mon 17:00 09:00
night-service day Tue 17:00 09:00
night-service day Wed 17:00 09:00
night-service day Thu 17:00 09:00
night-service day Fri 17:00 09:00
night-service day Sat 17:00 09:00
fac standard
create cnf-files version-stamp 7960 Sep 27 2013 16:58:13
ephone-template 15
url services 1 http://10.1.10.1/voiceview/common/login.do VoiceviewExpress
softkeys remote-in-use Newcall
softkeys idle Redial Newcall Cfwdall Pickup Gpickup Dnd Login
softkeys seized Cfwdall Endcall Redial Pickup Gpickup Callback
softkeys connected Hold Endcall Trnsfer TrnsfVM Confrn Acct Park
button-layout 7931 2
ephone-template 16
url services 1 http://10.1.10.1/voiceview/common/login.do VoiceviewExpress
softkeys remote-in-use Newcall
softkeys idle Redial Newcall Cfwdall Pickup Gpickup Dnd Login
softkeys seized Cfwdall Endcall Redial Pickup Gpickup Callback
softkeys connected Hold Endcall Trnsfer TrnsfVM Confrn Acct Park
ephone-template 17
url services 1 http://10.1.10.1/voiceview/common/login.do VoiceviewExpress
softkeys remote-in-use CBarge Newcall
softkeys idle Redial Newcall Cfwdall Pickup Gpickup Dnd Login
softkeys seized Cfwdall Endcall Redial Pickup Gpickup Callback
softkeys connected Hold Endcall Trnsfer TrnsfVM Confrn Acct Park
ephone-template 18
url services 1 http://10.1.10.1/voiceview/common/login.do VoiceviewExpress
softkeys remote-in-use CBarge Newcall
softkeys idle Redial Newcall Cfwdall Pickup Gpickup Dnd Login
softkeys seized Cfwdall Endcall Redial Pickup Gpickup Callback
softkeys connected Hold Endcall Trnsfer TrnsfVM Confrn Acct Park
button-layout 7931 2
ephone-dn 9
number BCD no-reg primary
description MoH
moh out-call ABC
ephone-dn 593 dual-line
ring internal
number 123 no-reg primary
pickup-group 1
label 123
description Sandra Lee
name Sandra Lee
huntstop channel
ephone-dn 594 dual-line
ring internal
number 122 no-reg primary
pickup-group 1
label 122
description JuatFong Kien
name JuatFong Kien
huntstop channel
ephone-dn 595 dual-line
ring internal
number 121 no-reg primary
pickup-group 1
label 121
description Brian Wittenborn
name Brian Wittenborn
huntstop channel
ephone-dn 596 dual-line
ring internal
number 120 no-reg primary
pickup-group 1
label 120
description Spare Phone
name Spare Phone
huntstop channel
ephone-dn 597 dual-line
ring internal
number 119 no-reg primary
pickup-group 1
label 119
description Brian Whilock
name Brian Whilock
huntstop channel
ephone-dn 598
number 6... no-reg primary
description ***CCA XFER TO VM EXTENSION***
call-forward all 399
ephone-dn 599
number A801... no-reg primary
mwi off
ephone-dn 600
number A800... no-reg primary
mwi on
ephone 1
device-security-mode none
mac-address 20BB.C092.04C1
ephone-template 16
username "119" password 123456
type 7945
no missed-calls
button 1:597
ephone 2
device-security-mode none
mac-address F029.29E3.1D6E
ephone-template 16
username "120" password 123456
type 7945
no missed-calls
button 1:596
ephone 3
device-security-mode none
mac-address F029.29E3.15E8
ephone-template 16
username "121" password 123456
type 7945
no missed-calls
button 1:595
ephone 4
device-security-mode none
mac-address C8F9.F9D7.1489
ephone-template 16
username "122" password 123456
type 7945
no missed-calls
button 1:594
ephone 5
device-security-mode none
mac-address 20BB.C092.0871
ephone-template 16
username "123" password 123456
type 7945
no missed-calls
button 1:593
alias exec cca_voice_mode PBX
banner login ^Cbanner login ^Cisco Configuration Assistant. Version: 3.2 (2). Thu Jul 25 15:13:05 SGT 2013^^C
line con 0
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
speed 115200
line vty 0 4
transport preferred none
transport input all
line vty 5 100
transport preferred none
transport input all
ntp master
ntp server sg.pool.ntp.org prefer
webvpn gateway SDM_WEBVPN_GATEWAY_1
inservice
webvpn install svc flash:/webvpn/anyconnect-win-3.1.04063-k9.pkg sequence 1
webvpn context SDM_WEBVPN_CONTEXT_1
secondary-color white
title-color #CCCC66
text-color black
ssl authenticate verify all
policy group SDM_WEBVPN_POLICY_1
functions svc-enabled
svc address-pool "SDM_WEBVPN_POOL_1" netmask 255.255.255.0
svc keep-client-installed
svc split include 172.16.100.0 255.255.255.0
svc split include 192.168.138.0 255.255.255.0
svc split include 192.168.104.0 255.255.255.0
svc split include 172.16.105.0 255.255.255.0
virtual-template 1
default-group-policy SDM_WEBVPN_POLICY_1
aaa authentication list sdm_vpn_xauth_ml_1
gateway SDM_WEBVPN_GATEWAY_1
max-users 20
inservice
endMost of the time this type of symptom is related to a routing issue or ACL.
I am thinking more codec.
your dial-peer 3150 with incoming called number .T will negotiate the codec betweeen IOM and Singapore (g729br8),
can you paste a show call active voice so we
this way we can at least ascertain what codec is used from IOM to singapore e2e
and what are the phones in singaport using internally?
=============================
Please remember to rate useful posts, by clicking on the stars below.
============================= -
Need help setting up static NAT to internal server
One of my internal servers requires it to be available to the internet I am having a hard time allowing it to be NATed through my Ciscc 2801 router. It seems as though im missing something small. From what I can gather it seems as though its as issue with ACL, but im not sure. I have ran the following command: ip nat inside source static tcp 192.168.5.1 ***WAN IP Address*** 8443 extendable Then I tried to add it to the ACL
via this command: access-list 150 permit tcp any host ***WAN IP Address*** eq 8443
Here is a copy of my config. Please advise. Thanks.
IP 172.19.3.x
sub 255.255.255.128
GW 172.19.3.129
Ciscso 2801 Router
Current configuration : 11858 bytes
version 12.4
service timestamps debug datetime localtime
service timestamps log datetime localtime show-timezone
service password-encryption
hostname router-2801
boot-start-marker
boot-end-marker
logging message-counter syslog
logging buffered 4096
aaa new-model
aaa authentication login userauthen group radius local
aaa authorization network groupauthor local
aaa session-id common
clock timezone est -5
clock summer-time zone recurring last Sun Mar 2:00 1 Sun Nov 2:00
dot11 syslog
ip source-route
ip dhcp excluded-address 172.19.3.129 172.19.3.149
ip dhcp excluded-address 172.19.10.1 172.19.10.253
ip dhcp excluded-address 172.19.3.140
ip dhcp ping timeout 900
ip dhcp pool DHCP
network 172.19.3.128 255.255.255.128
default-router 172.19.3.129
domain-name domain.local
netbios-name-server 172.19.3.7
option 66 ascii 172.19.3.225
dns-server 172.19.3.140 208.67.220.220 208.67.222.222
ip dhcp pool VoiceDHCP
network 172.19.10.0 255.255.255.0
default-router 172.19.10.1
dns-server 208.67.220.220 8.8.8.8
option 66 ascii 172.19.10.2
lease 2
ip cef
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
no ip domain lookup
ip domain name domain.local
multilink bundle-name authenticated
key chain key1
key 1
key-string 7 06040033484B1B484557
crypto pki trustpoint TP-self-signed-3448656681
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3448bb6681
revocation-check none
rsakeypair TP-self-signed-344bbb56681
crypto pki certificate chain TP-self-signed-3448656681
certificate self-signed 01
3082024F
quit
username admin privilege 15 password 7 F55
archive
log config
hidekeys
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key XXXXX address 209.118.0.1
crypto isakmp key xxxxx address SITE B Public IP
crypto isakmp keepalive 40 5
crypto isakmp nat keepalive 20
crypto isakmp client configuration group IISVPN
key 1nsur3m3
dns 172.19.3.140
wins 172.19.3.140
domain domain.local
pool VPN_Pool
acl 198
crypto isakmp profile IISVPNClient
description VPN clients profile
match identity group IISVPN
client authentication list userauthen
isakmp authorization list groupauthor
client configuration address respond
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto dynamic-map Dynamic 5
set transform-set myset
set isakmp-profile IISVPNClient
qos pre-classify
crypto map VPN 10 ipsec-isakmp
set peer 209.118.0.1
set peer SITE B Public IP
set transform-set myset
match address 101
qos pre-classify
crypto map VPN 65535 ipsec-isakmp dynamic Dynamic
track 123 ip sla 1 reachability
delay down 15 up 10
class-map match-any VoiceTraffic
match protocol rtp audio
match protocol h323
match protocol rtcp
match access-group name VOIP
match protocol sip
class-map match-any RDP
match access-group 199
policy-map QOS
class VoiceTraffic
bandwidth 512
class RDP
bandwidth 768
policy-map MainQOS
class class-default
shape average 1500000
service-policy QOS
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$FW_INSIDE$
ip address 172.19.3.129 255.255.255.128
ip access-group 100 in
ip inspect SDM_LOW in
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
interface FastEthernet0/0.10
description $ETH-VoiceVLAN$$
encapsulation dot1Q 10
ip address 172.19.10.1 255.255.255.0
ip inspect SDM_LOW in
ip nat inside
ip virtual-reassembly
interface FastEthernet0/1
description "Comcast"
ip address PUB IP 255.255.255.248
ip access-group 102 in
ip inspect SDM_LOW out
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map VPN
interface Serial0/1/0
description "Verizon LEC Circuit ID: w0w13908 Site ID: U276420-1"
bandwidth 1536
no ip address
encapsulation frame-relay IETF
frame-relay lmi-type ansi
interface Serial0/1/0.1 point-to-point
bandwidth 1536
ip address 152.000.000.18 255.255.255.252
ip access-group 102 in
ip verify unicast reverse-path
ip inspect SDM_LOW out
ip nat outside
ip virtual-reassembly
frame-relay interface-dlci 500 IETF
crypto map VPN
service-policy output MainQOS
interface Serial0/2/0
description "PAETEC 46.HCGS.788446.CV (Verizon ID) / 46.HCGS.3 (PAETEC ID)"
ip address 123.252.123.102 255.255.255.252
ip access-group 102 in
ip inspect SDM_LOW out
ip nat outside
ip virtual-reassembly
encapsulation ppp
crypto map VPN
service-policy output MainQOS
ip local pool VPN_Pool 172.20.3.130 172.20.3.254
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 50.00.000.110 track 123
ip route 0.0.0.0 0.0.0.0 111.252.237.000 254
ip route 122.112.197.20 255.255.255.255 209.252.237.101
ip route 208.67.220.220 255.255.255.255 50.78.233.110
no ip http server
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip flow-top-talkers
top 20
sort-by bytes
ip nat inside source route-map COMCAST interface FastEthernet0/1 overload
ip nat inside source route-map PAETEC interface Serial0/2/0 overload
ip nat inside source route-map VERIZON interface Serial0/1/0.1 overload
ip nat inside source static tcp 172.19.3.140 21 PUB IP 21 extendable
ip access-list extended VOIP
permit ip 172.20.3.0 0.0.0.127 host 172.19.3.190
permit ip host 172.19.3.190 172.20.3.0 0.0.0.127
ip radius source-interface FastEthernet0/0
ip sla 1
icmp-echo 000.67.220.220 source-interface FastEthernet0/1
timeout 10000
frequency 15
ip sla schedule 1 life forever start-time now
access-list 23 permit 172.19.3.0 0.0.0.127
access-list 23 permit 172.19.3.128 0.0.0.127
access-list 23 permit 173.189.251.192 0.0.0.63
access-list 23 permit 107.0.197.0 0.0.0.63
access-list 23 permit 173.163.157.32 0.0.0.15
access-list 23 permit 72.55.33.0 0.0.0.255
access-list 23 permit 172.19.5.0 0.0.0.63
access-list 100 remark "Outgoing Traffic"
access-list 100 deny ip 67.128.87.156 0.0.0.3 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit tcp host 172.19.3.190 any eq smtp
access-list 100 permit tcp host 172.19.3.137 any eq smtp
access-list 100 permit tcp any host 66.251.35.131 eq smtp
access-list 100 permit tcp any host 173.201.193.101 eq smtp
access-list 100 permit ip any any
access-list 100 permit tcp any any eq ftp
access-list 101 remark "Interesting VPN Traffic"
access-list 101 permit ip 172.19.3.128 0.0.0.127 172.19.3.0 0.0.0.127
access-list 101 permit ip 172.20.3.128 0.0.0.127 172.19.3.0 0.0.0.127
access-list 101 permit ip 172.19.3.128 0.0.0.127 host 172.19.250.10
access-list 101 permit ip 172.19.3.128 0.0.0.127 host 172.19.250.11
access-list 101 permit tcp any any eq ftp
access-list 101 permit tcp any any eq ftp-data
access-list 102 remark "Inbound Access"
access-list 102 permit udp any host 152.179.53.18 eq non500-isakmp
access-list 102 permit udp any host 152.179.53.18 eq isakmp
access-list 102 permit esp any host 152.179.53.18
access-list 102 permit ahp any host 152.179.53.18
access-list 102 permit udp any host 209.000.000.102 eq non500-isakmp
access-list 102 permit udp any host 209.000.000.102 eq isakmp
access-list 102 permit esp any host 209.000.000.102
access-list 102 permit ahp any host 209.000.000.102
access-list 102 permit udp any host PUB IP eq non500-isakmp
access-list 102 permit udp any host PUB IP eq isakmp
access-list 102 permit esp any host PUB IP
access-list 102 permit ahp any host PUB IP
access-list 102 permit ip 72.55.33.0 0.0.0.255 any
access-list 102 permit ip 107.0.197.0 0.0.0.63 any
access-list 102 deny ip 172.19.3.128 0.0.0.127 any
access-list 102 permit icmp any any echo-reply
access-list 102 permit icmp any any time-exceeded
access-list 102 permit icmp any any unreachable
access-list 102 permit icmp any any
access-list 102 deny ip any any log
access-list 102 permit tcp any host 172.19.3.140 eq ftp
access-list 102 permit tcp any host 172.19.3.140 eq ftp-data established
access-list 102 permit udp any host SITE B Public IP eq non500-isakmp
access-list 102 permit udp any host SITE B Public IP eq isakmp
access-list 102 permit esp any host SITE B Public IP
access-list 102 permit ahp any host SITE B Public IP
access-list 102 permit tcp any host public ip eq 8443
access-list 110 remark "Outbound NAT Rule"
access-list 110 remark "Deny VPN Traffic NAT"
access-list 110 deny ip 172.19.3.128 0.0.0.127 172.19.3.0 0.0.0.127
access-list 110 deny ip 172.19.3.128 0.0.0.127 172.19.10.0 0.0.0.255
access-list 110 deny ip 172.19.10.0 0.0.0.255 172.19.3.128 0.0.0.127
access-list 110 deny ip 172.20.3.128 0.0.0.127 172.19.3.0 0.0.0.127
access-list 110 deny ip 172.19.3.128 0.0.0.127 172.20.3.128 0.0.0.127
access-list 110 deny ip 172.19.3.128 0.0.0.127 host 172.19.250.11
access-list 110 deny ip 172.19.3.128 0.0.0.127 host 172.19.250.10
access-list 110 permit ip 172.19.3.128 0.0.0.127 any
access-list 110 permit ip 172.19.10.0 0.0.0.255 any
access-list 198 remark "Networks for IISVPN Client"
access-list 198 permit ip 172.19.3.0 0.0.0.127 172.20.3.128 0.0.0.127
access-list 198 permit ip 172.19.3.128 0.0.0.127 172.20.3.128 0.0.0.127
access-list 199 permit tcp any any eq 3389
route-map PAETEC permit 10
match ip address 110
match interface Serial0/2/0
route-map COMCAST permit 10
match ip address 110
match interface FastEthernet0/1
route-map VERIZON permit 10
match ip address 110
match interface Serial0/1/0.1
snmp-server community 123 RO
radius-server host 172.19.3.7 auth-port 1645 acct-port 1646 key 7 000000000000000
control-plane
line con 0
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
transport input telnet ssh
scheduler allocate 20000 1000
ntp server 128.118.25.3
ntp server 217.150.242.8
endIf you are planning to use the fa0/1 interface IP itself then the configuration would be:
ip nat inside source static tcp 172.19.3.133 8443 interface fa0/1 8443 extendable
Assuming that you would like to port forward TCP/8443.
Then the ACL should be written:
ip access-list extended 102
2 permit tcp any host eq 8443 -
ITunes 7.7-Win Vista-iPhone 3G
When I hooked up my new iPhone for the first time, and during 2 subsequent restores, my PC will get something like 40 songs into the transfer of files to the iPhone and lock up completely. Nothing works at all, I have to undock the phone and use the reset button on the PC to restart. I'll do that and plug the iPhone in, the transfer starts up again, and locks up again at some unpredictable point. This will happen 5 or 6 times until I finally manage to get all the files transferred from iTunes to the iPhone. It seems like this PC is fine in all other ways, including normal every day syncs. The problem happens when I have a huge amount of data to bring over, such as in a restore. There are no significant events in the system logs. I've tried disabling the antivirus software before starting the transfer, and that doesn't help. Any suggestions as to what I could try to stop this? I hope to be done with restores, but you never know, and I dread the thought of it now.
This issue isn't limited to Vista. I run XP SP2 on my home machine. I am an admin and my wife is in the Power User group. We have individual library lists which point to a common iTunes Music folder. She can't edit. I suspected an issue with ACL's. Apparently iTunes 7.5 is setting permissions for the creator/owner without regard to the inheritance of permissions from the parent folder. Ordinary users (and Power Users) get only read/execute permissions, unless they were also the creator of the directory. I used a Microsoft ACL tool (XCACLS) to fix this, but I don't recommend it for any but advanced users. If you are able (as Admin), then just add permissions (full control) for the affected users by using the properties UI available. Apple needs to fix this problem.
-
Trying to run CSS11503 08.10.0.02 one-armed DNAT+SNAT with UDP 921
Is there a way to perform DNAT + SNAT and portmap disable on the CIsco CSS 11503. I need to do a DNAT in a one-armed configuration and the to SNAT for UDP traffic with SRC Port 9211 and DST Port 9211. I don't need loadbalancing but only NAT. Is there a way to solve this issue with ACL. Any help will be appreciated...
Thanksif you want to do DNAT, you have to it a content rule.
The vip will be nated to the service address.
Then you need a group to nat the client ip.
Finally, you need to use the command 'portmap disable' under the group to avoid port mapping.
Gilles. -
Recommendations for Rebuilding my Mini Server
I recently upgraded my Mini to Mavericks Server, and ended up destroying the most crucial service on the machine: File Sharing. Ever since the upgrade, I’ve been plagued with permissions issues, destroyed Photoshop docs, and a complete disruption in our day-to-day workflow.
My plan is to completely wipe the machine and start from scratch. All attempts to fix the permissions and ACL’s have failed, so this is the next (hopefully) logical step. My hope is to outline my steps and see if any of you have any feedback.
Make certain Time Machine is up to date.
Detach all external drives.
Perform clean install from Mavericks USB stick.
Re-establish GoDaddy SSL certificate.
Create Groups and Users
Here’s where I start to get a bit confused. My biggest concern are the files that I have stored on our Promise Pegasus thunderbolt raid drive. This drive contains all the files and folders that we are having difficulty accessing. Is there something that I should do to the drive before I perform the clean install?
Also, if I continue to use ACL’s, then do I even need to add users and groups in the File Sharing settings?
Another weird thing we’ve found: Multiple listings of _www or World Wide Web server on select files and folders. I added _www to our web files, but now they all show multiple listings when I check the permissions. What would cause that?
I appreciate any and all help in advance."Thanks for your advice. If I clear the ACE's on the Pegasus, will it also reset or affect the POSIX permissions? From what I've read, Adobe Photoshop disregards ACL's and looks to POSIX. I may just need to change how my team accesses Photoshop docs."
What version of Photoshop are you running? I have not had issues with ACLs since versions 5 or before. If you are using an older version, then you are correct, PS will ignore the ACL and rely on the POSIX group permissions. I recommend modifying the umask on the Mac systems to ensure that users are writing all files and folders with rw on the group. Customized umask can be implemented for the user level, protecting the OS from potential security concerns.
Another question: In Server.app, if I enable "Show System Accounts" in Users or Groups, I see that there is both a user and a group for "_www". I need to give Apache access to our web files. Should I give the '_www' user access, or should I make '_www' a member of Group "World Wide Web Server" and give that group access?
So you really should not need to explicitly define the www user for the files. Apache will be fine as long as the POSIX everyone bit is we to read. Standard umask should make this work fine. For example, if you look in the default site, the files are not owned by www not the www group:
-rw-r--r-- 1 root wheel 102749 Feb 18 17:10 Server.png
-rw-r--r-- 1 root wheel 7782 Feb 28 07:26 favicon.ico
-rw-r--r-- 1 root wheel 269 Feb 28 07:26 info.php
Yet they are served fine. The piece of importance is the final r-- on the files. POSIX is broken in to three chunks, the user, the group, and everyone else. So above, the user root has rw-, the group wheel has r-- and everyone else has r--. There should be no reason to explicitly define the www user unless you are attempting something I am not aware.
Last, I am aware of the SMB connection issues. However, the SMB connection is forced when I connect through the finder, even though I deselected the Share over SMB in the Server app. Forcing the AFP connection (afp://...) through the Connect to Server function is hit or miss. Some of our team can connect and others cannot. Not sure what to do about that one.
The recommended way is to use the Connect to Server dialog from the Finder. Using the sidebar is a Bonjour connection and is also, as you stated, defaulting to SMB. Remember, you can also customize your Shared Folder and disable SMB access to the share. At this time, AFP is faster, more reliable, and better supporting case and extended attributes and ACLs.
For the systems that are giving you fits, make sure your DNS is correct, then check in the user's home folder for extra .GlobalPreferences.plist files. These are not visible in the Finder so you will need to use Terminal:
ls -la ~/Library/Preferences
If you have a bunch of .GlobalPreferences files, get rid of the extras. This has been known to cause slow server connections.
R-
Apple Consultants Network
Apple Professional Services
Author "Mavericks Server – Foundation Services" :: Exclusively available in Apple's iBooks Store -
Router 520 series, rounting inter-vlan
Hello,
Till now I work only with router 1800 and 2800.
I would like to know if some of you have some experience in configuring a router 520. What I want to know if with this router can I realize this scenario:
- 3 Vlan: vlan1, vlan2, vlan3.
- 3 Lan: 10.x.1.0/24, 10.x.2.0/24, 10.x.3.0/24(each lan correspond a vlan)
And I have to management some access and security issue using acl, for example, vlan1 cannnot access to internet, and only vlan2 can access to vlan1.
I know how to realize this, but reading data-sheet and user guide of cisco 520, I am not sure 100%, if can do what I neet.
Thank you really much.VLANs in Cisco 520 Router Series:
http://www.cisco.com/en/US/docs/routers/access/500/520/software/configuration/guide/520scg_dhcp_vlan.html#wp1019824 -
Strange start-up freezes since last security update.
Hello,
I've had some strange behavior since the I applied the last security update and was wondering whether anyone else had experienced similar difficulties.
Occasionally (1 in 5 boots) my MBP experiences freezes after I have logged in, but before Finder is launched. I have left the machine run for > 15 minutes before being forced to do an un-graceful shutdown. The machine is frozen at "nebula" splash screen, with the spinning "beachball of death" but there is no menu bar, and the machine is unresponsive to any key strokes.
Console log of what appears to be the issue is included below.
System Software Overview:
System Version: Mac OS X 10.5.8 (9L30)
Kernel Version: Darwin 9.8.0
Boot Volume: Macintosh HD
Boot Mode: Normal
Computer Name: macbookpro
User Name: xxxxxxxx
Time since boot: 1:22
I'd appreciate hearing from anyone with similar problems or anyone who might be able to shed some light on what is actually going on and failing.
Thanks,
/scott
05/07/10 8:46:29 AM loginwindow[34] USER_PROCESS: 34 console
05/07/10 8:46:29 AM com.apple.launchd[1] (com.apple.launchd.peruser.501[138]) Bug: launchdcorelogic.c:3054 (23923):0: initgroups(loginname, desired_gid) != -1
05/07/10 8:46:29 AM com.apple.launchd[1] (com.apple.launchd.peruser.501[138]) Exited with exit code: 1
05/07/10 8:46:29 AM com.apple.launchd[1] (com.apple.launchd.peruser.501) Throttling respawn: Will start in 10 seconds
05/07/10 8:46:30 AM airportd[21] Error: processsccallback() interfaces: 2
05/07/10 8:46:39 AM com.apple.launchd[1] (com.apple.launchd.peruser.501[141]) Bug: launchdcorelogic.c:3054 (23923):0: initgroups(loginname, desired_gid) != -1
05/07/10 8:46:39 AM com.apple.launchd[1] (com.apple.launchd.peruser.501[141]) Exited with exit code: 1
05/07/10 8:46:39 AM com.apple.launchd[1] (com.apple.launchd.peruser.501) Throttling respawn: Will start in 10 seconds
05/07/10 8:46:49 AM com.apple.launchd[1] (com.apple.launchd.peruser.501[143]) Bug: launchdcorelogic.c:3054 (23923):0: initgroups(loginname, desired_gid) != -1
05/07/10 8:46:49 AM com.apple.launchd[1] (com.apple.launchd.peruser.501[143]) Exited with exit code: 1
05/07/10 8:46:49 AM com.apple.launchd[1] (com.apple.launchd.peruser.501) Throttling respawn: Will start in 10 secondsOK, I may have gotten to the bottom of this. Admittedly I am grasping at straws here.
Firstly, the log message seemed to indicate issues with the per-user launch agents. As mentioned previously I have verified the disk via Disk Utility with no problems. However, I did not run a disk permission check. I ran that and found some minor inconsistencies. But at the end of the permission check it reported unexpected ACLs on a number of system directories, including ~/Library, which is where the the per-user Launch Agents are stored.
A quick search of the discussion forums indicate that incremental OS X updates have a habit of corrupting permissions in such a way that ACLs are reported on directories. The only way to correct this situation is to do a re-install of the COMBO pkg.
I re-installed 10.5.8_COMBO (which took awhile) and re-checked permissions. I get the same small inconsistencies (all with FrontRow), but no reported issues with ACLs. Yay!
I have rebooted about 10 times and am yet to see the problem as reported, so I am tentatively declaring victory. Obviously I realize that re-installing the COMBO update may have fixed any number of issues, none of which are related to the ACL issue reported by disk permission check, which is why I say I am grasping at straws. But this seems to have fixed my problems. I will continue to test and post results. -
Hi,
Can anyone please let me know the process of getting the issuer name and portal user from the logon ticket using java program
Thanks in advance
Rgds
SatyaWell, of course you are - SAP logon tickets are not encrypted but digitally signed. However, you cannot go sure that the syntax is stable - it could be changed at any time. But there's an API for "ticket verifiers" (keyword "sapssoext"). That's why Patrick was asking you whether you want to analyse SAP logon tickets outside an NetWeaver Application Server.
I'm not sure whether you are aware of all the checks which need to be performed to validate SAP logon tickets:
1. parse ticket to retrieve digital signature (attached) and information on issuer (systemID and client, required for step 3)
2. verify digital signature (using SSF, sapseculib / sapcryptolib); determine subject name and issuer of the certificate (used by the ticket issuer to digitally sign the SAP logon ticket)
3. lookup ACL (for issuer systemID, client, certificate subject name and issuer); that ACL (access control list) needs to be implemented by you (unless using a NetWeaver Application Server)
4. check ticket validity
5. retrieve username
6. potentially: perform user mapping
7. check validity of user account (account validity, account lock, ...)
Just to parse the username out of a SAP logon ticket is not sufficient.
Regards, Wolfgang -
VLAN inter communication - almost there!
I have been working on this for a few days. Im almost there!
I want my Management Vlan to be able to ping Computers in the DMZ vlan. Im not sure if its NAT issue or ACL issue.
Specifically im ping from 192.168.0.5(management comp) to 10.10.10.5(DMZ comp)
Packet tracer shows no errors and says it should be working.
I pick up a weird error in the log that says: Routing failed to locate next hop for ICMP from Management:192.168.0.5/256 to inside:10.10.10.5/0
Why is it saying the 10.10.10.5 is on the inside, when its on the DMZ?
name 10.10.10.0 DMZ description Public Computers
name 192.168.10.0 Inside description CPL Staff Network
name 192.168.0.0 Management description Cisco equipment Access only
name 192.168.1.0 default description Not in use
name 192.168.10.2 CPLServer description win3k server
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
switchport trunk allowed vlan 11-13
switchport mode trunk
interface Ethernet0/2
switchport access vlan 11
interface Ethernet0/3
switchport access vlan 12
interface Ethernet0/4
switchport access vlan 13
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
shutdown
nameif default
security-level 100
ip address 192.168.1.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
interface Vlan11
description Inside
nameif inside
security-level 100
ip address 192.168.10.1 255.255.255.0
interface Vlan12
description DMZ
nameif DMZ
security-level 100
ip address 10.10.10.1 255.255.255.0
interface Vlan13
description Management
nameif Management
security-level 100
ip address 192.168.0.1 255.255.255.0
ftp mode passive
dns server-group DefaultDNS
domain-name CPL
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network obj-10.0.1.0
object-group network obj-10.0.2.0
access-list DMZtoInside extended permit ip host DMZ host CPLServer
access-list InsidetoDMZ extended permit ip Inside 255.255.255.0 host DMZ
access-list ManagementtoDMZ extended permit ip Management 255.255.255.0 DMZ 255.255.255.0
pager lines 24
logging enable
logging timestamp
logging asdm-buffer-size 512
logging buffered debugging
logging asdm debugging
mtu default 1500
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
mtu Management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any DMZ
icmp permit any Management
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
global (inside) 1 interface
global (DMZ) 1 interface
global (Management) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,Management) 0.0.0.0 0.0.0.0 netmask 0.0.0.0
static (inside,DMZ) 0.0.0.0 0.0.0.0 netmask 0.0.0.0
route outside 0.0.0.0 0.0.0.0 192.168.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http Management 255.255.255.240 Management
http Management 255.255.255.0 Management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
anyconnect-essentials
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymousHi,
I think the problem most likely is the NAT configuration.
Is there a specific reason you are using Dynamic PAT from one interface to another ("nat" and "global" between local interfaces)? If this is not required I would suggest a different type of configuration for the whole NAT if you want to try it out. This would involve removing some of the existing configurations and will naturally effect the network operation while you do it.
Removing old ones
no global (inside) 1 interface
no global (DMZ) 1 interface
no global (Management) 1 interface
no static (inside,Management) 0.0.0.0 0.0.0.0 netmask 0.0.0.0
no static (inside,DMZ) 0.0.0.0 0.0.0.0 netmask 0.0.0.0
Adding new configurations
Existing ones
!global (outside) 1 interface
!nat (inside) 1 0.0.0.0 0.0.0.0
access-list INSIDE-NAT0 remark NO NAT between Local Networks
access-list INSIDE-NAT0 permit ip 192.168.10.0 255.255.255.0 10.10.10.0 255.255.255.0
access-list INSIDE-NAT0 permit ip 192.168.10.0 255.255.255.0 192.168.0.0 255.255.255.0
nat (inside) 0 access-list INSIDE-NAT0
access-list DMZ-NAT0 remark NO NAT between Local Networks
access-list DMZ-NAT0 permit ip 10.10.10.0 255.255.255.0 192.168.0.0 255.255.255.0
access-list DMZ-NAT0 permit ip 10.10.10.0 255.255.255.0 192.168.10.0 255.255.255.0
nat (DMZ) 0 access-list DMZ-NAT0
access-list MANAGEMENT-NAT0 remark NO NAT between Local Networks
access-list MANAGEMENT-NAT0 permit ip 192.168.0.0 255.255.255.0 10.10.10.0 255.255.255.0
access-list MANAGEMENT-NAT0 permit ip 192.168.0.0 255.255.255.0 192.168.10.0 255.255.255.0
nat (Management) 0 access-list MANAGEMENT-NAT0
And naturally attach ACLs to interfaces to control traffic if needed
Hope this helps
- Jouni -
Is it me or is Lion Server the most user unfriendly piece of junk launched by apple in years? I am no idiot but am a MAC virgin having moved from PCs and WHS only recently. I have issues with ACL / permissions being corrupted (my 2.0TB WD ext hard drive gets trashed with server on) - no Wiki or Profile Manager - directories not working - no VPN and when it (the server) does seem to work - it crashes for no apparent reason. As for iCAl and email - that's a joke...I have a new 27 iMAC and the latest software and since installing the server app I have had to get a thumb drive to rebuild my iMAC when that too failed to restart (no doubt keychain was corrupted?). And, what is going on between server and server admin - do they not speak to each other? There are no bugs, the native system is clean and it works well - without server running. Is there an idiots guide devoid of MAC acronyms and Apache code that can take me through a simple set up without the need for a PhD in Apache?? The blogs are really useful and enterprise support is good - to the point of not being able to solve some of the complex set up issues. Until I know what can be going wrong I do not want to start playing with Terminal. Bill Gates forgive me....I was misled by my siblings and tempted by shiny baubles !!!!! Signed an old MS DOS user :-)
I think you would have been happier with a Snow Leopard Server. In my humble opinion Lion server is a transitional move that either produce a new server implementation or die completely.
10.6 server was a mature product.
Said this, i would recommend you these steps:
- Machine--
1. check your hardware (ram and Hard disk) for any possibile failure.
2. format and reinstall osX (i know, that *****, but coming from MS-DOS you'll probably stand this ;-) )
- Network -
3. plan your network setup, the (static) ip you're going to assign to your server, domains, routes
4. configure your mac network setup and THEN install server software
5. quickly review your DNS service so that your server is properly visible and configured
- Users -
6. Configure open domain on your server, or set it up to get users from other servers
- Services -
7. configure your services (wiki, ichat, ical, iwhatever)
8. configure apache
This order of configuration usually avoids some errors you could stumble upon. As for apache if you have something internal and quick you can use it. I wouldn't use 10.7 as a webserver (i used 10.6 with satisfaction for a heavy load webserver).
If you have more specific questions about Apache look up in these discussions and then ask if you don't find anything suitable for your needs.
Server and Server Admin are a dirty patch of old and new. I don't understand why they came up with such a bad solution, but i guess they're going to transit everything to the new Server application very soon.
Maybe you are looking for
-
My iPad comes up with large writing ,and it takes ages to re,boot
My iPad comes up with big writing ,and the only way I can get the writing small again is to reboot my iPad it used to reboot fast but it is know taking along time,and I am worried one day it's not going reboot for me,please help. Kind Regards E
-
FO and blanket order with shceduling agreeement, distinction
dear sirs, What is the difference between Blanket Purchase Order and the Framework Order. how the payment is beeing doen for the same 2 order with flow (along with Transaction cods)
-
Folders of picture scans won't copy
I have several folders of pictures, scans of slides, when I try to move the folder to copy to anothr hard drive it just freezes. I tried disk utility, disk warrior, techpro all of these say the folder and items are fine. They open fine but won't copy
-
Reinstalling tiger without losing apps, documents, mail etc
Hi, I wish to reinstall my tiger operating system on my powerbook g12, I have all the installer discs etc, and wondered if there was a way I could do this so I could save all the settings Basically I bought this computer for my G/friend, subsequently
-
How can I show the correct answers in a quiz on Adobe Presenter 10?
Hi all. I'm newer on Adobe Presenter. I've finished all questions on the quiz, but I like to show the correct answer after the user select a wrong answer and submit it. I've tried many thing and the correct answer isn't displayed. Thanks. Rafael.