MARS 4.3 and NAC (CSACS 4.2) logging
Hi
I'm trying to get MARS 4.3 and my Cisco ACS 4.2 server working together to display NAC events on MARS. I've added the server which runs CSACS under Security/Monitor Devices, added the reporting application of Cisco Secure ACS 3.x (does this matter that there is no option for 4.x, should this still work?) and have installed the PNLogAgent on the CSACS server and configured it to forward logs to MARS. The problem is that I have users who are being quarantined by NAC and the CSACS server shows these in the logs, yet I dont see any event on the MARS server to reflect this.
Is there something I'm missing here? Thanks
Jason Humes
Is this an ACS appliance or ACS running on your own Windows server?
Yes there is no problem with ACS 3.x in the GUI, as per the user guide ACS 4.x version should also be added as ACS 3.x. And I just set this up yesterday for a customer using an ACS SE appliance without any issues.
Did you Add the MARS IP and Log files in the PN Log agent?
Regards
Farrukh
Similar Messages
-
CSA agent and NAC agent together
Hi, do you have experience of CSA agent and NAC agent together on the same pc ?
Does one include the other ?
Which one have I to test first ?
thank you in advance
greatings
RSCisco Trust Agent collects security posture information from the NAC-compliant applications running on the network client and reports them to the Cisco Secure Access Control Server (ACS). These are some NAC-compliant applications:
- Antivirus applications
- Personal firewalls
- Host-based intrusion protection applications, such as Cisco Security Agent (CSA)
Cisco NAC is a strategic element of the Self-Defending Network. Working together with other Self-Defending Network components such as Cisco Security Agent and the Cisco Security Monitoring, Analysis, and Response System (Cisco Security MARS), Cisco NAC helps organizations achieve more accurate threat identification and prevention while increasing patch management efficiency. -
I have a customer running 5508 WLCs across the estate, and I'm retrofitting IEEE802.1x authentication for the corporate WLAN, and WebAuth for the Guest WLAN...they have PSK at the moment :(
They have AD and are showing great interest in ISE and NAC, so my immediate thoughts are to integrate ISE with AD, and use ISE as the RADIUS server for .1x on the WLC. Then use the WLC and ISE to do WebAuth for Guest...This is all standard stuff, but it gives the background.
Now we get to the interesting bit...they want to run BYOD. They are involved in financial markets, so the BYOD needs to be tightly controlled. They are asking about ISE coupled with NAC, but I'm not convinced I need NAC since the arrival of ISE1.3. Obviously, I will be looking at three (min) SSIDs, namely corporate, guest and BYOD, all logically separate. I don't need anything that ISE 1.2 can't support on corporate and guest, but BYOD needs full profiling and either barring or device remediation before access to the net.
Has anyone got any comments or suggestions? Is ISE 1.3 sufficiently NAC-like that I don't need it any more, or if that's not the case, what additional benefits does it bring that ISE can't support
Thanks for any advice/comments/experiences
JimHi Jim-
Version 1.3 offers a built-in PKI and vastly improved guest services experience. The internal PKI is nice if the customer doesn't have an PKI solution in place. Keep in mind though that the internal ISE PKI can only issue certificates to BYOD devices that were on-boarded via the ISE BYOD "flow" So you cannot use the ISE PKI to issue certs to domain computers.
With regards to NAC: You will have to clarify exactly what is needed here. If you needed to perform "posture assessment" then ISE can do it for Windows and OSX based machines. You can check for things like: A/V, A/S, Firewall Status, Windows Patches, etc. If you want to perform posture on mobile devices then you will need to integrate ISE with an MDM (Mobile Device Management) solution such as: Airwatch, Mobile Iron, Maas360, etc. ISE can query the MDM for things like: Is the device protected with a PIN, is the device rooted, is the device encrypted, etc.
I hope this helps!
Thank you for rating helpful posts! -
How to get the link between mara, ausp, cawn and cawnt tables
hello ABAPERS
i have got a requiremet in that i have to get the relation .
how to get the link between mara, ausp, cawn and cawnt tables and also type how can we get link between char value and char description in cawn and cawnt tables through ausp and mara tables.
I would be very thankful for ur help in advance.
Thanks & Regards.
soniHi,
Sample report using the linkage between tables;
report batch_char no standard page heading
line-size 132
line-count 58(1)
message-id mm.
Report by Batch Characteristic *
Description : Report by Batch Characteristic *
Declaration for Tables
tables: mara, " Material Master
mard, " Storage Location Data for Material
t001w, " Plants/Branches
t001l, " Storage Locations
cabn, " Characteristics
inob. " Link between Internal Number and Object
Declaration for Constants
constants : c_klart like ausp-klart value '023', " Class Type
c_obtab like inob-obtab value 'MCH1', " Database Table
c_flag type c value 'X', " Flag
c_c23 type i value '23', " Ratio
Constants for Ratio Categories
c_13 type p decimals 2 value '13.00', " For Ratio 13
c_1499 type p decimals 2 value '14.99', " For Ratio 14.99
c_15 type p decimals 2 value '15.00', " For Ratio 15
c_1699 type p decimals 2 value '16.99', " For Ratio 16.99
c_17 type p decimals 2 value '17.00', " For Ratio 17
c_1899 type p decimals 2 value '18.99', " For Ratio 18.99
c_19 type p decimals 2 value '19.00', " For Ratio 19
c_2099 type p decimals 2 value '20.99', " For Ratio 20.99
c_21 type p decimals 2 value '21.00', " For Ratio 21
c_2299 type p decimals 2 value '22.99', " For Ratio 22.99
c_23 type p decimals 2 value '23.00', " For Ratio 23
c_g23(4) type c value '>=23', " For Ratio >=23
c_ratio(5) value 'RATIO', " For Ratio
Constants for Storing Selected item field information
c_cursor1(15) value 'I_OUTPUT1-MEINS', " For Selected Base
" Unit of Measure
c_cursor2(15) value 'I_OUTPUT1-MATNR', " For Selected Base
" Material Number
c_cursor3(15) value 'I_OUTPUT1-MAKTX', " For Selected Base
" Material Des.
c_cursor4(15) value 'I_OUTPUT1-CLABS', "For Selected Base
" Stock Value
c_cursor5(15) value 'I_OUTPUT1-ATFLV', " For Selected Base
" Char.Value (Ratio)
c_cursor6(5) value 'C_G23'.
Declaration for Global Variables
data : g_exit type c, " Flag
g_clabs1(16) type c, " Quantity
g_clabs(18) type c, " Quantity
g_cursor(15) type c, " Cursor field name
g_matnr type mara-matnr, " Material Number
g_werks type mchb-werks, " Plant
g_atinn(30) type c. " Character.
Declaration for Internal tables
Internal table to hold Batch Stock data
data : begin of i_mchb occurs 0,
matnr like mchb-matnr, " Material Number
werks like mchb-werks, " Plant
lgort like mchb-lgort, " Storage Location
charg like mchb-charg, " Batch Number
clabs like mchb-clabs, " Stock Value
meins like mara-meins, " Unit of measure
atflo like ausp-atflv, " Char.Value (Ratio)
atflv like ausp-atflv, " Char.Value (Ratio)
end of i_mchb.
Internal table to hold Secondary List data
data : begin of i_mchb1 occurs 0,
werks like mchb-werks, " Plant
matnr like mchb-matnr, " Material Number
lgort like mchb-lgort, " Storage Location
charg like mchb-charg, " Batch Number
atinn like ausp-atinn, " Char.Value
clabs like mchb-clabs, " Stock Value
atflo like ausp-atflv, " Char.Value (Ratio)
atflv like ausp-atflv, " Char.Value (Ratio)
end of i_mchb1.
Internal table to get the Plant Name
data : begin of i_plant occurs 0,
werks like t001w-werks, " Plant
name1 like t001w-name1, " Name
end of i_plant.
Internal table to get the Material Description
data : begin of i_makt occurs 0,
matnr like makt-matnr, " Material
maktx like makt-maktx, " Description
end of i_makt.
Internal table to hold AUSP data
data : begin of i_ausp occurs 0,
objek like ausp-objek, " Object No
atinn like cabn-atinn, " Characteric value
atflv like ausp-atflv, " Characteristic Value
end of i_ausp.
Internal table to hold output data
data : begin of i_output occurs 0,
atinn like cabn-atinn, " Characteric value
werks like mchb-werks, " Plant
matnr like mchb-matnr, " Material Number
atnam like cabn-atnam, " Characteristic
atflv like ausp-atflv, " Char.Value (Ratio)
name1 like t001w-name1, " Plant Description
maktx like makt-maktx, " Material Description
clabs like mchb-clabs, " Stock Value
meins like mara-meins, " Base Unit of Measure
end of i_output.
Internal table to hold final Output data
data : begin of i_output1 occurs 0,
atinn like cabn-atinn, " Characteric value
werks like mchb-werks, " Plant
matnr like mchb-matnr, " Material Number
atnam like cabn-atnam, " Characteristic
atflv(32) type c, " Char.Value (Ratio)
name1 like t001w-name1, " Plant Description
maktx like makt-maktx, " Material Description
clabs like mchb-clabs, " Stock Value
meins like mara-meins, " Base Unit of Measure
end of i_output1.
Selection screen
selection-screen begin of block b1 with frame title text-001.
select-options: s_werks for t001w-werks obligatory, " Plant
s_lgort for t001l-lgort, " Stor.Location
s_matnr for mara-matnr obligatory, " Material No
s_atinn for cabn-atinn. " Character.
selection-screen end of block b1.
At selection screen
at selection-screen.
Validation of Selection Screen Fields
perform validate_screen.
Start of selection
start-of-selection.
Get the Material and Batch Stock data from MARA and MCHB Tables
perform get_mat_stock_data.
Get the Material Group Text and Plant Name from T023T and T001W Tables
perform get_plant_grp_data.
Append the data into final Output Internal Table after getting the
Characteristic Values data from INOB and AUSP Tables
perform append_final_data.
Processing if the Characteristics contain 'RATIO'
perform collect_ratio.
End-of-Page
end-of-page.
write /1(125) sy-uline.
End of selection
end-of-selection.
if g_exit <> c_flag.
Display the Report Output data
perform display_report.
endif.
Top-of-Page
top-of-page.
Write the Report and Column Headings
perform get_headings.
at line-selection
at line-selection.
if sy-lsind = 1.
perform display_batch.
endif.
Top of page during line-selection
top-of-page during line-selection.
perform heading_seclist.
Form validate_screen
Validation of Selection Screen fields
form validate_screen.
Validation of Plant
clear t001w.
if not s_werks[] is initial.
select werks
into t001w-werks
from t001w
up to 1 rows
where werks in s_werks.
endselect.
if sy-subrc <> 0.
message e899 with 'Enter Valid Plant'(002).
endif.
endif.
Validation of Material Number
clear mara.
if not s_matnr[] is initial.
select matnr
into mara-matnr
from mara
up to 1 rows
where matnr in s_matnr.
endselect.
if sy-subrc <> 0.
message e899 with 'Enter Valid Material'(003).
endif.
endif.
Validation of Storage Location
clear t001l.
if not s_lgort[] is initial.
select lgort
into t001l-lgort
from t001l
up to 1 rows
where lgort in s_lgort.
endselect.
if sy-subrc <> 0.
message e899 with 'Enter Valid Storage Location'(004).
endif.
endif.
Validation of Characteristic Value
clear cabn.
if not s_atinn[] is initial.
select atinn
into cabn-atinn
from cabn
up to 1 rows
where atinn in s_atinn.
endselect.
if sy-subrc <> 0.
message e899 with 'Enter Valid Characteristic Value'(005).
endif.
endif.
Validation of Plant, Material and Storage Location
clear mard.
select matnr werks lgort
into (mard-matnr, mard-werks, mard-lgort)
from mard
up to 1 rows
where matnr in s_matnr and
werks in s_werks and
lgort in s_lgort.
endselect.
if sy-subrc <> 0.
message e899 with 'No Data found for the Selection Criteria'(006).
endif.
endform. "validate_screen
*& Form get_headings
Write the Report and Column Headings
form get_headings.
data: l_repid type sy-repid.
l_repid = sy-repid.
call function 'Y_STANDARD_HEADING'
exporting
repid = l_repid
heading1 = sy-title.
write:/1(125) sy-uline.
format color col_heading on.
write : /1 sy-vline, 2(18) 'Material Number'(008) centered,
20 sy-vline, 21(40) 'Material Description'(011) centered,
61 sy-vline, 62(22) 'Ratio'(009) centered,
84 sy-vline, 85(18) 'Quantity'(010) centered,
103 sy-vline, 104(20) 'Base Unit of Measure'(015) centered,
125 sy-vline.
write:/1(125) sy-uline.
format color off.
endform. "get_headings
*& Form get_mat_stock_data
Get the Material and Batch Stock data from MARA and MCHB Tables
form get_mat_stock_data.
clear: i_mchb,i_output, i_output1.
refresh: i_mchb,i_output, i_output1.
select a~matnr " Material Number
b~werks " Plant
b~lgort " Storage Location
b~charg " Batch Number
b~clabs " Stock Value
a~meins " Base Unit of Measure
into table i_mchb
from mara as a inner join mchb as b
on amatnr eq bmatnr
where b~matnr in s_matnr and
b~werks in s_werks and
b~lgort in s_lgort.
if sy-subrc <> 0.
g_exit = c_flag.
message s899 with 'No Data found for the Selection Criteria'(006).
stop.
endif.
sort i_mchb by matnr werks lgort charg.
endform. " get_mat_stock_data
*& Form get_plant_grp_data
Get the Material Group Text and Plant Name from T023T and T001W
form get_plant_grp_data.
if not i_mchb[] is initial.
Get the Plant Description from t001w Table
clear i_plant.
refresh i_plant.
select werks " Plant
name1 " Name
into table i_plant
from t001w
for all entries in i_mchb
where werks = i_mchb-werks.
Get the Material Description from MAKT Table
clear i_makt.
refresh i_makt.
select matnr " Material number
maktx " Material Description
into table i_makt
from makt
for all entries in i_mchb
where matnr = i_mchb-matnr and
spras = sy-langu.
sort i_plant by werks.
delete adjacent duplicates from i_plant comparing werks.
sort i_makt by matnr.
delete adjacent duplicates from i_makt comparing matnr.
endif.
endform. "form get_plant_grp_data.
*& Form append_final_data
Append the data into final Internal Table
form append_final_data.
data : l_matbatch(28),
l_tabix like sy-tabix.
if not i_mchb[] is initial.
loop at i_mchb.
l_tabix = sy-tabix.
clear l_matbatch.
concatenate i_mchb-matnr i_mchb-charg into l_matbatch.
move-corresponding i_mchb to i_output.
Get the Plant Description from i_plant Table
read table i_plant with key werks = i_mchb-werks binary search.
if sy-subrc = 0.
i_output-name1 = i_plant-name1.
endif.
Get the Material Description from i_makt Table
read table i_makt with key matnr = i_mchb-matnr binary search.
if sy-subrc = 0.
i_output-maktx = i_makt-maktx.
endif.
Get the Characteristic Values data from INOB and AUSP Tables
clear inob.
select single cuobj from inob
into inob-cuobj
where klart = c_klart and
obtab = c_obtab and
objek = l_matbatch.
if sy-subrc = 0.
select objek
atinn
atflv
from ausp
into table i_ausp
where objek = inob-cuobj and
atinn in s_atinn and
klart = c_klart.
sort i_ausp by objek atinn.
loop at i_ausp.
clear cabn.
select single atinn atnam from cabn
into (cabn-atinn,cabn-atnam)
where atinn = i_ausp-atinn.
if sy-subrc = 0.
If the ratio value is between 13-14.99, display 13
if cabn-atnam cs c_ratio.
if i_ausp-atflv between c_13 and c_1499.
i_mchb-atflo = i_ausp-atflv.
i_mchb-atflv = c_13.
If the ratio value is between 15-16.99, display 15
elseif i_ausp-atflv between c_15 and c_1699.
i_mchb-atflo = i_ausp-atflv.
i_mchb-atflv = c_15.
If the ratio value is between 17-18.99, display 17
elseif i_ausp-atflv between c_17 and c_1899.
i_mchb-atflo = i_ausp-atflv.
i_mchb-atflv = c_17.
If the ratio value is between 19-20.99, display 19
elseif i_ausp-atflv between c_19 and c_2099.
i_mchb-atflo = i_ausp-atflv.
i_mchb-atflv = c_19.
If the ratio value is between 21-22.99, display 21
elseif i_ausp-atflv between c_21 and c_2299.
i_mchb-atflo = i_ausp-atflv.
i_mchb-atflv = c_21.
If the ratio value is greater than or equal to 23, display 23
elseif i_ausp-atflv >= c_23.
i_mchb-atflo = i_ausp-atflv.
i_mchb-atflv = c_23.
endif. " Condition for RATIO values
else. " If characteristic does contain RATIO
i_mchb-atflv = i_ausp-atflv.
endif.
i_output-atinn = cabn-atinn.
i_output-atnam = cabn-atnam.
i_output-atflv = i_ausp-atflv.
i_mchb1-matnr = i_mchb-matnr.
i_mchb1-werks = i_mchb-werks.
i_mchb1-lgort = i_mchb-lgort.
i_mchb1-charg = i_mchb-charg.
i_mchb1-clabs = i_mchb-clabs.
i_mchb1-atinn = i_ausp-atinn.
i_mchb1-atflo = i_mchb-atflv.
i_mchb1-atflv = i_ausp-atflv.
append : i_output, i_mchb1.
clear i_mchb1.
modify i_mchb index l_tabix transporting atflo atflv .
endif.
endloop.
endif.
endloop.
endif.
Checking whether the table is filled or not
if not i_output[] is initial.
sort i_output by atinn werks matnr atflv.
else.
g_exit = c_flag.
message s899 with 'No Data found for the Selection Criteria'(006).
endif.
Delete the records where RATIO is less than 13.
delete i_output where atnam cs c_ratio and atflv lt c_13.
endform. "append_final_data
*& Form display_report
Display the Report Output data
form display_report.
data: l_tabix like sy-tabix.
loop at i_output1.
l_tabix = sy-tabix.
At new Characteristic
at new atinn.
read table i_output1 index l_tabix.
format color 1 intensified on.
write: /1 sy-vline, 2(20) 'Characteristic Name:'(007),
23(40) i_output1-atnam,
125 sy-vline.
format color off.
format color 4 intensified on.
write: /1 sy-vline, 2(20) 'Plant Name :'(022),
23(4) i_output1-werks, 29(30) i_output1-name1,
125 sy-vline.
format color off.
write /1(125) sy-uline.
endat.
clear: g_clabs, g_clabs1.
format color col_normal.
write :/1 sy-vline, 2(18) i_output1-matnr,
20 sy-vline, 21(40) i_output1-maktx,
61 sy-vline.
if i_output1-atflv = c_c23.
write: 62(22) c_g23 centered.
else.
shift i_output1-atflv left deleting leading space.
write: 62(22) i_output1-atflv centered.
endif.
write: 84 sy-vline,
103 sy-vline,
110(5) i_output1-meins.
If the quantity value is negative
if i_output1-clabs ge 0.
write: 85(18) i_output1-clabs unit i_mchb-meins,
125 sy-vline.
else.
i_output1-clabs = - i_output1-clabs.
write i_output1-clabs unit i_mchb-meins to g_clabs1.
condense g_clabs1.
concatenate '(' g_clabs1 ')' into g_clabs separated by space.
write: 85(18) g_clabs right-justified,
125 sy-vline.
endif.
format color off.
hide : i_output1.
new-line.
At end of material
at end of matnr.
sum.
move : i_output1-matnr to g_matnr.
format color 3 intensified on.
write /1(125) sy-uline.
write :/1 sy-vline, 2(25) 'Total for Material :'(012),
28(18) g_matnr.
if i_output1-clabs ge 0.
write: 85(18) i_output1-clabs unit i_mchb-meins,
125 sy-vline.
else.
i_output1-clabs = - i_output1-clabs.
write i_output1-clabs unit i_mchb-meins to g_clabs1.
condense g_clabs1.
concatenate '(' g_clabs1 ')' into g_clabs separated by space.
write: 85(18) g_clabs right-justified,
125 sy-vline.
endif.
write: 125 sy-vline.
format color off.
write /1(125) sy-uline.
endat.
At end of plant
at end of werks.
sum.
move : i_output1-werks to g_werks.
format color 3 intensified off.
write :/1 sy-vline, 2(25) 'Total for Plant :'(013),
28(4) g_werks.
if i_output1-clabs ge 0.
write: 85(18) i_output1-clabs unit i_mchb-meins,
125 sy-vline.
else.
i_output1-clabs = - i_output1-clabs.
write i_output1-clabs unit i_mchb-meins to g_clabs1.
condense g_clabs1.
concatenate '(' g_clabs1 ')' into g_clabs separated by space.
write: 85(18) g_clabs right-justified,
125 sy-vline.
endif.
format color off.
write /1(125) sy-uline.
endat.
At end of characteristic
at end of atinn.
read table i_output1 index l_tabix.
sum.
format color 3 intensified on.
write :/1 sy-vline, 2(25) 'Total for Characteristic:'(014),
28(25) i_output1-atnam.
if i_output1-clabs ge 0.
write: 85(18) i_output1-clabs unit i_mchb-meins,
125 sy-vline.
else.
i_output1-clabs = - i_output1-clabs.
write i_output1-clabs unit i_mchb-meins to g_clabs1.
condense g_clabs1.
concatenate '(' g_clabs1 ')' into g_clabs separated by space.
write: 85(18) g_clabs right-justified,
125 sy-vline.
endif.
format color off.
write /1(125) sy-uline.
endat.
endloop.
endform. " display_report
*& Form DISPLAY_BATCH
Display the batch details for the seclected material *
form display_batch.
Get the batch details for the selected material
get cursor field g_cursor.
if g_cursor = c_cursor1 or
g_cursor = c_cursor2 or
g_cursor = c_cursor3 or
g_cursor = c_cursor4 or
g_cursor = c_cursor5 or
g_cursor = c_cursor6.
format color 3.
write: /1 sy-vline,
2(17) 'Material Number :'(020),
20(17) i_output1-matnr,
94 sy-vline.
format color off.
write /1(94) sy-uline.
loop at i_mchb1 where matnr = i_output1-matnr and
atinn = i_output1-atinn and
atflo = i_output1-atflv.
format color col_normal.
shift i_mchb1-charg left deleting leading '0'.
write :/1 sy-vline, 2(16) i_mchb1-lgort centered,
18 sy-vline, 19(17) i_mchb1-charg centered,
36 sy-vline.
if i_output1-atnam cs c_ratio.
write: 37(29) i_mchb1-atflv
exponent 0 decimals 2 centered.
else.
write : 37(29) i_mchb1-atflv
exponent 0 decimals 0 centered.
endif.
write : 66 sy-vline, 67(27) i_mchb1-clabs unit i_mchb-meins,
94 sy-vline.
format color off.
endloop.
write /1(94) sy-uline.
else.
message s899 with 'Invalid cursor position'(016).
exit.
endif.
endform. " DISPLAY_BATCH
*& Form HEADING_SECLIST
Write the Column Headings for Interactive Report
form heading_seclist.
write /1(94) sy-uline.
format color col_heading on.
write :/1 sy-vline, 2(16) 'Storage Location'(021),
18 sy-vline, 19(17) 'Batch Number'(017) centered,
36 sy-vline, 37(29) 'Characteristic Value'(018) centered,
66 sy-vline, 67(27) 'Quantity'(019) centered,
94 sy-vline.
write /1(94) sy-uline.
format color off.
endform. " HEADING_SECLIST
*& Form COLLECT_RATIO
Display the Characteristic ratio data
form collect_ratio.
loop at i_output.
clear g_atinn.
i_output1-atinn = i_output-atinn.
i_output1-atnam = i_output-atnam .
i_output1-werks = i_output-werks.
i_output1-name1 = i_output-name1.
i_output1-matnr = i_output-matnr.
i_output1-maktx = i_output-maktx.
i_output1-clabs = i_output-clabs.
i_output1-meins = i_output-meins.
call function 'CONVERSION_EXIT_ATINN_OUTPUT'
exporting
input = i_output-atinn
importing
output = g_atinn.
if g_atinn cs c_ratio.
If the ratio value is between 13-14.99, display 13
if i_output-atflv between c_13 and c_1499.
i_output1-atflv = c_13.
If the ratio value is between 15-16.99, display 15
elseif i_output-atflv between c_15 and c_1699.
i_output1-atflv = c_15.
If the ratio value is between 17-18.99, display 17
elseif i_output-atflv between c_17 and c_1899.
i_output1-atflv = c_17.
If the ratio value is between 19-20.99, display 19
elseif i_output-atflv between c_19 and c_2099.
i_output1-atflv = c_19.
If the ratio value is between 21-22.99, display 21
elseif i_output-atflv between c_21 and c_2299.
i_output1-atflv = c_21.
If the ratio value is greater than or equal to 23, display 23
elseif i_output-atflv >= c_23.
i_output1-atflv = c_23.
endif.
write i_output1-atflv to i_output1-atflv .
else.
write i_output-atflv to i_output1-atflv exponent 0 decimals 0.
endif.
collect i_output1.
clear i_output1.
endloop.
sort i_output1 by atinn werks matnr atflv.
endform. " COLLECT_RATIO
Reward if useful..
Regards,
Anji -
ISE and NAC wireless guest networks
I have a wireless network that is NAC controlled and use lobby ambassador for guest wireless. What is the best way to migrate to ISE for guest. Are there problems running NAC and ISE on the same controller?
Sent from Cisco Technical Support iPad AppHello,
For your query regarding ISE and NAC following are my findings, which might help you in order to solve your query.
for your first question:-
ISE is a free software upgrade for customers who have NAC appliance or NAC profiler. This is for both for the base and advance licenses.
ISE is a 50% software discount for customers who have NAC guest server. The 50% discount is a migration part for the base license only. The advance features license will not be impacted by this discount.
for your second question:-
There should be no issues running NAC and ISE on the same controller until and unless you are using two SSIDs. -
Difference between ISE and NAC?
Dear All,
Can you please help to understand difference ISE and NAC?
Thank You,
Abhisar.Well ISE is the next generation of NAC and has extended the features some of the comparison of features are mentioned in the given diagram
-
Guest-Anchor-WLC and NAC integration guide
I was trying to find some design reference for the Guest-WLC and NAC integration guide. Anyone can share some experience/cisco docs/links?
User traffic is locally bridged on a 1030 in REAP mode so packet forwarded to the default gtw would follow the NAT rules on the firewall but the real challenge is the LWAPP control channel. In that past using 1:1 NAT I was successful with a CP firewall but I had to play tricks with the mobility group and use the FW logs to track and define the right ports.
-
Macintosh clients, 802.1x and NAC.
I'm prototyping a NAC setup which has to cater for Macintosh clients as well as Windows. I can get the Macs to authenticate via 802.1x (surprisingly easy using the built in software!) but what I can't do is setup a Posture Validation Rule to identify that the client is a Mac and not a Windows machine. I've tried using the Cisco:PA:OS-Version condition set specifying "contains" MAC. I've also tried "contains" 10 but it doesn't work. I think it probably doesn't work as the condition set depends on the CTA being installed on the Mac which it isn't (and it's not an option either).
EDIT: Anyone tried installing the CTA on a MAC? It's horrific. Extract the files and run the install, OK so far. It then puts the config ini file in a directory no user (not even Admins) has permissions to so you can't modify it and BOY do you need to modify it!
Any ideas?I'm on the home straight with this one. Essentially to get the CTA to work using the built in 802.1x supplicant on Windows or MacOS you need to run a mix of NAC L2 IP and NAC L2 802.1x. This requires a little extra config on the switch but nothing tragic (it's all in the (NAC Framework Configuration Guide).
The reason for this is that the CTA requires a network channel to be open so it can run EAP over UDP (EOU) to do posture validation and the 802.1x part of the process gets the machine onto the network so the CTA can do it's stuff.
With this setup in place and the CTA properly configured (as mentioned previously this is the permissions setup on the Mac created by the CTA install makes this far more difficult than it should be) the process works pretty well, popup messages work, browser launch and URL redirection work. Looks good.
The fly in the ointment is wireless. The freebie CTA doesn't support it, no way. For a PC the answer is to buy the Cisco Secure Services Client which does support wireless and (I think) run that alongside the CTA (haven't fully worked this one out yet). If you have a wireless Mac, you're stuffed, Simple as that, which from my point of view is a real pain as the customer I'm developing this for wants posture validation for PCs and Macs, wired and wireless.
Hope this helps someone somewhere avoid a little pain! : ) -
NAC Framework and NAC Appliance in scenary WAN
How will be the scenary of NAC appliance and NAC Framework in a topology WAN, for example i have my core and remote office and I want to implement NAC for all remote site and central site.
which will be the solution?
Best RegardsHello Daladen,
Which is the solution for WAN topology in NAC Appliance?
one NAS for Site? and the NAM in the Central?
Thanks
Ãlvaro -
Difference betweeen SPRO and NACE
HI
What is the difference between SPRO and NACE
what is the use of thse TCODES.... and when we go for these TCODES..and what is the difference between each other
thansk
Babuhi
good
Output type is used to issue a output for a business object. The output issued could be in any format.
It coule be a printout, Fax, email, ale and so on...
Each Output type are triggered differently and at different time.
No its not always you use 'NEU'. It depends on the requirment.
For more read sap help on OUTPUT CONFIGURATION
http://help.sap.com/saphelp_46c/helpdata/en/30/c6853488601e33e10000009b38f83b/frameset.htm
reward point if helpful.
thanks
mrutyun^ -
Difference between NAC profiler/collector and NAC server
Hi,
could anyone tell me the difference between NAC collector and NAC server?
Thank you very much.
Best regards.
GiuseppeSorry edunn, but your description of the NAC Collector is not particularly helpful. If I may:
The NAC Profiler/collector is OEM'd from Great Bay Software. It performs automatic whitelisting of agentless devices, like IP phones and PBXs, printers, etc. In a NAC deployment without the profiler you'd have to go in to the NAC Server and manually enter the MAC addresses and/or IP addresses of devices that should bypass authentication and/or posture assessment. In a small environment that's not a big deal, but with multiple offices and/or subnets (with lots of phones or printers) this can be a hassle. Its also a big risk: If I know you're whitelisting by mac/IP I'll just go to a printer, print out its config page, set my NIC to have the same settings, and boom - I've just bypassed your $$ NAC solution, thankyouverymuch.
The nice thing about the NAC profiler is that its -not- static: every time a switchport goes up/down, or a new MAC address is detected, an SNMP trap gets sent to the profiler. You can also forward (via ip-helper) all DHCP requests to the profiler (it doesn't respond or issue an IP address, of course, but it does look at what options you requested.) It will look at the MAC vendor address, IP address, DHCP options, network traffic (via Netflow), SPAN port traffic, has an open port (eg. 9100 or 515 for printing) or a combination of the above, and dynamically whitelist agentless devices based on confidence level.
Its sort of like a reverse Turing test: if a device says its 'dumb' (no agent) AND acts the way its supposed to, it gets whitelisted. But if the Profiler starts seeing a supposed printer surf the Internet (or start receiving traffic on a port it should, or whatever), then it dynamically removes it from the whitelist, and now it will need to authenticate and pass posture.
You can define different profile groups and what parameters are required for each, and set which groups get whitelisted.
So basically the NAC Server is the gatekeeper, the NAC Manager is the global policy manager, and the NAC Profiler is the automatic whitelister. -
WLCM and NAC-NME configuration
Has anybody deployed WLCM and NAC-NME in the same ISR3800 box? What's the best practise and is there any configuration example?
customer has a small site where has one 3825, one WLCM(interface Integrated-Service-Engine1/0) and one NAC-NME(interface Integrated-Service-Engine2/0) are put in the 3825, GE0/0 of the 3825 connect to internal L3 switch, GE0/1 connect to internet. one WLAN had been configured in the WLCM(version 6.0.188) and will be protected by the NAC-NME(version 4.6.1).
It is said that NAC-NME not support OOB mode, can only work in In-Band mode. Since real IP Gateway mode has a lot of limitation, so can the NAC-NME be configured in In-Band Virtual Gateway mode? If yes, then how to setup a Layer2 connection between the WLCM(interface Integrated-Service-Engine1/0) and the untrusted interface(external G 0) of the NAC-NME?
What I can think is:
let me assume the quarantined Vlan of this WLAN is 310, real Vlan is 311, both the NAC-NME's untrusted interface(external G 0) and GE0/0 of the 3825 are connected to a 3750E L3 switch's G1/0/1 and G1/0/2, untrusted interface management vlan is 304, trusted interface management vlan is 303, then I can configure:
1. For 3825:
interface GigabitEthernet0/0.310
encapsulation dot1Q 310
bridge-group 1
interface GigabitEthernet0/0.311
encapsulation dot1Q 311
bridge-group 2
interface Integrated-Service-Engine1/0.310
encapsulation dot1Q 310
no ip address
bridge-group 1
interface Integrated-Service-Engine1/0.311
encapsulation dot1Q 311
no ip address
bridge-group 2
bridge 1 protocol ieee
bridge 2 protocol ieee
2. For 3750E:
interface GigabitEthernet1/0/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 304,310,311
switchport mode trunk
interface GigabitEthernet1/0/2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 310,311
switchport mode trunk
but how to configure interface Integrated-Service-Engine2/0 of the 3825 which is connected to the trusted interface of the NAC-NME?
interface Integrated-Service-Engine2/0.303
encapsulation dot1Q 303
ip address x.x.x.x
interface Integrated-Service-Engine1/0.311
encapsulation dot1Q 311
ip address y.y.y.y
3. NAC-NME will configure VLAN mapping 310<-->311
I have not tested these configurations(I don't have access the 3825 yet, will be able to access it next week), but I'm afraid since GigabitEthernet0/0.311 of 3825 had been configured as a bridge port, maybe Integrated-Service-Engine1/0.311 can't be configured as a L3 port.
Anything else need to configure? or is there any other better design and configuration example? Any input is highly appreciated!You got a defective unit. Open a TAC case to get a replacement.
-
i am trying to use ichat and when I try to log in it says my account has been suspended bc of suspicious use...help
Hi,
I would guess this is an AIM valid Screen Name such as an Apple issued @mac.com account.
I would also guess you travel to other countries.
There have been several posts about @mac.com names and people who travel and use their Screen Name elsewhere having the name Suspended.
Can you Log in here https://settings.aim.com/ ?
Is this where you saw the Suspended message ?
For AIM issued name the answer is to change your Password as this tends to prove you own the account.
This does not work for Apple IDs used as AIM Valid Screen Names as AIM can't tell when the password is changed (They can only see it when you log in)
AIM's Suspended Account page has an email ([email protected]) on it to contact if your account remains Suspended.
However you need to be very clear that you have an Apple Issued Name and that you know that resetting the password that works for AIM Names and that you would like them to reset the account.
More recently this has been a sticking point. It seems the Contact you get does not always know about the agreement that AIM recognises Apple Issued IDs as Valid Screen Names and that the AIM servers can only view the passwords at specific times (or at least confirm them) so you changing it will make no difference and that they have to step in manually.
10:39 PM Saturday; October 20, 2012
Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"
iMac 2.5Ghz 5i 2011 (Mountain Lion 10.8.2)
G4/1GhzDual MDD (Leopard 10.5.8)
MacBookPro 2Gb (Snow Leopard 10.6.8)
Mac OS X (10.6.8),
Couple of iPhones and an iPad
"Limit the Logs to the Bits above Binary Images." No, Seriously -
I need help with resetting my ichat. When i try to login now it wont let me... it says "AOL Instant Messenger password" and then "iChat can't log in to ... because your login ID or password is incorrect. How do I reset this if I cant log in? When I try to press online the same thing pops up and I have no way of logging in or asking for help.
Hi,
iChat (it would help to know which version) can accept Apple IDs as valid AIM Screen Names.
However if you have iChat 5 or earlier you cannot use ones ending in @me.com or @icloud.com issued by iCloud. (they can be used in iChat 6 or Messages as these versions make a double login to AIM and Apple to allow the use of the password).
In addition if you are using an Apple ID for an AIM Screen Name the password still needs to keep to the 16 character limit that AIM has.
AN @mac.com name can be used on any version of iChat (Until the 30th June 2014)
As it does not need a double check with Apple you can use it to log in to the AIM Web pages
Login here with an AIM Name registered at AIM or and @mac.com name and see if you get any suspended account messages.
Sometimes account can be suspended. Usually because something has triggered the "Unusual Activity" item.
About a year ago many @mac.com users that travelled out of their own country found themselves suspended when they got home.
If the Name checks out of if an Apple ID the password in known to be 16 characters or Less then do this:-
In Lion upwards open a Finder Window and use the Go Menu whilst holding down the ALT key.
Select the Library that appears in the menu list.
Navigate to Preferences.
(If you have version earlier than Lion the just navigate to ~/Library/Preferences (that's the Library in you Home - Little House icon - folder)
Fnd com.apple.ichat.aim.plist (even if you are using Messages)
Drag the file to the Trash and Restart the app.
7:39 pm Thursday; May 29, 2014
iMac 2.5Ghz i5 2011 (Mavericks 10.9)
G4/1GhzDual MDD (Leopard 10.5.8)
MacBookPro 2Gb (Snow Leopard 10.6.8)
Mac OS X (10.6.8),
Couple of iPhones and an iPad -
I just updated the software on my iphone 4 and prior to updating I could double click and start the camera without logging in, now I can't. How do I fix?
Nothing to fix...things have changed...slide the camera icon up now..no more double tap.
Maybe you are looking for
-
I like to close open email messages by double clicking the small envelope in the upper left hand corner just above the "File" tab. A single click brings up options for restore, move, size, minimize, maximize, close. Close is the default option on a d
-
New Windows server 2003 Hyper-V guest fails to boot
Hello, I'm currently doing some virtualization experiments on my new server hardware. The host hardware is: IBM x3650 M4 x2 Xeon E5-2609 32GB RAM x2 480 GB SSDs Server OS: Windows server 2012 I'd like to test some legacy app virtualization. I've conf
-
Problems with the Complexe backup in FCPro X!!!!
Hi there, I have 2 HD disks to backup my FCPX projects so...there's my problem/question: I create an Event. I create the original Project in one of my disks...I put clips from the event on the timeline, transitions, sounds...etc Now I backup the proj
-
IPod touch locked on the logo of apple
Hello, My iPod Touch is now locked on the logo of apple from now on a few hours. I have to try to put the iOS 4 on this one and I am very disappointed by the result(profit). I am not even apt of restoring my iPod Touch with iTunes. He(it) is written
-
New OVI Suite version, still no connect to Maps se...
New version of OVI suite again. Still fails contacting maps server. Doesn't even seem to try communicating (no activity on network). Anyone found anything on this? Still have to update maps from the phone. Lars-Erik Østerud - http://www.osterud.name/