Nexus 5000 - Securing MGMT Access
Could anyone comment on whether the capability exists to configure an ACL that protects management access, restricting access to certain source subnets? I want to use inband mgmt access (interface vlan feature)but limit the access by IP. ACLs seem to be only configurable on a per port basis or VLAN mapped basis, not on the VLAN Interface or Line VTY. Thanks in advance to anyone who offers a comment!
Hi Adam,
[edit] This is fixed in 4.1(3)N2(1) with defect CSCta26533. It is also available in 4.2(1)N1(1). I just tested this to verify, I was confused earlier as to what version my switches were running.
Here's an exmaple in 4.2(1)N1(1):
Nexus5010(config)# conf t
Nexus5010(config)# ip access-list someACL
Nexus5010(config-acl)# deny ip 192.168.0.0/16 any
Nexus5010(config-acl)# permit ip any any
Nexus5010(config-acl)# int mgmt0
Nexus5010(config-if)# ip access-group someACL in
Nexus5010(config-if)# exit
Nexus5010# sh ip access-lists summary
IPV4 ACL someACL
Total ACEs Configured: 2
Configured on interfaces:
mgmt0 - ingress (Router ACL)
Active on interfaces:
mgmt0 - ingress (Router ACL)
Also, CSCsq20638 will allow you to put an ACL on VTY lines. CSCsq20638 slipped the target release since my first answer, but is now committed to the 5.0 train for the Nexus 7000.
When the Nexus 5000 picks up this enhancement sometime in Q4 of 2010. I can't be specific about a release date since it's under active development, but it should be called 5.0(2)N1(1)
Regarding a VACL, that will work for inband management (SVI / VLAN interface), but not for those managing via MGMT0.
Regards,
John Gill
Message was edited by: johgill
Similar Messages
-
Nexus 5000 - Odd Ethernet interface behavior (link down inactive)
Hi Guys,
This would sound really trivial but it is very odd behavior.
- We have a server connected to a 2, Nexus 5000s (for resiliancy)
- When there is no config on the ethernet interfaces whatsoever, the ethernet interface is UP / UP, there is minimal amount of traffic on the link etc. E.g.
Ethernet1/16 is up
Hardware: 1000/10000 Ethernet, address: 000d.ece7.85d7 (bia 000d.ece7.85d7)
Description: shipley-p1.its RK14/A13
MTU 1500 bytes, BW 10000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA
Port mode is access
full-duplex, 10 Gb/s, media type is 1/10g
Beacon is turned off
Input flow-control is off, output flow-control is off
Rate mode is dedicated
Switchport monitor is off
Last link flapped 00:00:07
Last clearing of "show interface" counters 05:42:32
30 seconds input rate 0 bits/sec, 0 packets/sec
30 seconds output rate 96 bits/sec, 0 packets/sec
Load-Interval #2: 5 minute (300 seconds)
input rate 0 bps, 0 pps; output rate 8 bps, 0 pps
RX
0 unicast packets 0 multicast packets 0 broadcast packets
0 input packets 0 bytes
0 jumbo packets 0 storm suppression packets
0 runts 0 giants 0 CRC 0 no buffer
0 input error 0 short frame 0 overrun 0 underrun 0 ignored
0 watchdog 0 bad etype drop 0 bad proto drop 0 if down drop
0 input with dribble 0 input discard
0 Rx pause
TX
0 unicast packets 163 multicast packets 0 broadcast packets
163 output packets 15883 bytes
0 jumbo packets
0 output errors 0 collision 0 deferred 0 late collision
0 lost carrier 0 no carrier 0 babble
0 Tx pause
1 interface resets
- As soon as I configure the link to be an access port, the link goes down, flagging "inactivity" E.g.
sh int e1/16
Ethernet1/16 is down (inactive)
Hardware: 1000/10000 Ethernet, address: 000d.ece7.85d7 (bia 000d.ece7.85d7)
Description: shipley-p1.its RK14/A13
MTU 1500 bytes, BW 10000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA
Port mode is access
auto-duplex, 10 Gb/s, media type is 1/10g
Beacon is turned off
Input flow-control is off, output flow-control is off
Rate mode is dedicated
Switchport monitor is off
Last link flapped 05:38:03
Last clearing of "show interface" counters 05:41:33
30 seconds input rate 0 bits/sec, 0 packets/sec
30 seconds output rate 0 bits/sec, 0 packets/sec
Load-Interval #2: 5 minute (300 seconds)
input rate 0 bps, 0 pps; output rate 0 bps, 0 pps
RX
0 unicast packets 0 multicast packets 0 broadcast packets
0 input packets 0 bytes
0 jumbo packets 0 storm suppression packets
0 runts 0 giants 0 CRC 0 no buffer
0 input error 0 short frame 0 overrun 0 underrun 0 ignored
0 watchdog 0 bad etype drop 0 bad proto drop 0 if down drop
0 input with dribble 0 input discard
0 Rx pause
TX
0 unicast packets 146 multicast packets 0 broadcast packets
146 output packets 13083 bytes
0 jumbo packets
0 output errors 0 collision 0 deferred 0 late collision
0 lost carrier 0 no carrier 0 babble
0 Tx pause
0 interface resets
- This behavior is seen on both 5Ks
- I've tried using a different set of ports, changed SFPs, and fibre cabling to no avail
- I can't seem to understand this behavior?! In that, why would configuring the port cause the link to go down?
- If anyone has experience this before, or could shed some light on this behavior, it would be appreciated.
sh ver
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2010, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.
Software
BIOS: version 1.2.0
loader: version N/A
kickstart: version 4.2(1)N1(1)
system: version 4.2(1)N1(1)
power-seq: version v1.2
BIOS compile time: 06/19/08
kickstart image file is: bootflash:/n5000-uk9-kickstart.4.2.1.N1.1.bin
kickstart compile time: 4/29/2010 19:00:00 [04/30/2010 02:38:04]
system image file is: bootflash:/n5000-uk9.4.2.1.N1.1.bin
system compile time: 4/29/2010 19:00:00 [04/30/2010 03:51:47]
thanks
SheldonI had identical issue
Two interfaces on two different FEXes were INACTIVE. I have two Nexus 5596 in vPC and A/A FEXes.
I also use config-sync feature.
Very same configuration was applied to other ports on other FEXes and they were working with no problems.
interface Ethernet119/1/1
inherit port-profile PP-Exchange2003
I checked VLAN status associated with this profile and it was active (of course it was, other ports were ok).
I solved it by removing port profile from this port and re-applied it... voila, port changed state to up!
Very very strange. -
Tacacs do not function in Nexus 5000
Dear Mister
By someone reason, the Tacas is not functioning in my Nexus 5000. I am using the next configuration :
tacacs-server key 7 "0310551D121F2D595D"
ip tacacs source-interface Vlan5
tacacs-server host 10.20.2.80
tacacs-server host 10.20.16.138
aaa group server tacacs+ TACSERVER
server 10.20.2.80
server 10.20.16.138
source-interface Vlan5
use-vrf default
aaa authentication login default group TACSERVER
no aaa user default-role
aaa authentication login error-enable
tacacs-server directed-request
I did a telnet to port 49, in address , and is functioning. That discard a Security problem (FW, ACL, etc).
When I do the test, nothing is showed in the Tacacs Logs Server.
The log messages are the next:
2012 Aug 22 15:54:45 NITE1 %TACACS-3-TACACS_ERROR_MESSAGE: received bad authentication packet from 10.20.2.80
2012 Aug 22 15:54:45 NITE1 %TACACS-3-TACACS_ERROR_MESSAGE: All servers failed to respond
2012 Aug 22 15:54:48 NITE1 %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for user GPALAVE from 10.20.2.80 - login[3087]
The problem is very strange.
I need help.
Best regardsYou config looks fine. Can you ping from VLAN5 to TACACS+? Also, did you add VLAN5's IP address to your TACACS+.
Regards,
jerry -
PFC configuration on Nexus 5000
Hi,
I have a CNA in my server connected to cisco nexus 5000 interfcae. I Want to genearate pause frames for FCOE class of traffic using the default class class-fcoe and cos value 3, the firmware version running is 5.0(3) N1 (1b). Can anyone tell me how can i configure it ?
Thanks,
ManjuSorry for the delayed response, Here is what you asked
Cisco-5020# sh mod
Mod Ports Module-Type Model Status
1 40 40x10GE/Supervisor N5K-C5020P-BF-SUP active *
2 8 4x10GE + 4x1/2/4G FC Module N5K-M1404 ok
Mod Sw Hw World-Wide-Name(s) (WWN)
1 5.0(3)N1(1b) 1.2 --
2 5.0(3)N1(1b) 1.0 20:41:00:0d:ec:b2:15:40 to 20:44:00:0d:ec:b2:15:40
Mod MAC-Address(es) Serial-Num
1 000d.ecb2.1548 to 000d.ecb2.156f JAF1303ACES
2 000d.ecb2.1570 to 000d.ecb2.1577 JAF1245AJLF
Cisco-5020#
Cisco-5020#
Cisco-5020# sh run
!Command: show running-config
!Time: Fri Oct 28 17:40:02 2005
version 5.0(3)N1(1b)
feature fcoe
feature npiv
feature telnet
feature lldp
username admin password 5 $1$v9Tm8Y77$ZSdbOfBxe1.Z9Oz1V9V2B0 role network-admin
no password strength-check
ip domain-lookup
hostname Cisco-5020
logging event link-status default
service unsupported-transceiver
class-map type qos class-fcoe
class-map type queuing class-all-flood
match qos-group 2
class-map type queuing class-ip-multicast
match qos-group 2
class-map type network-qos class-all-flood
match qos-group 2
class-map type network-qos class-ip-multicast
match qos-group 2
policy-map type network-qos jumbo
class type network-qos class-fcoe
pause no-drop
mtu 2158
class type network-qos class-default
mtu 9216
system qos
service-policy type network-qos jumbo
snmp-server user admin network-admin auth md5 0x2694501fdfbe5abed9e85d51e4e31038 priv 0x2694501fdfbe5abed9e85d51e4e31038 localizedkey
snmp-server host 138.239.198.184 traps version 2c public udp-port 1163
snmp-server host 138.239.198.184 traps version 2c public udp-port 1164
snmp-server host 138.239.198.200 traps version 2c public udp-port 1163
snmp-server host 138.239.198.200 traps version 2c public udp-port 1164
snmp-server host 138.239.200.118 traps version 2c public udp-port 1163
snmp-server host 138.239.198.200 traps version 2c public udp-port 1163
snmp-server enable traps entity fru
snmp-server community snmpv3 group network-operator
vrf context management
ip route 0.0.0.0/0 10.192.207.254
vlan 1-2,8
vlan 10
fcoe vsan 10
vlan 20
fcoe vsan 20
vlan 30
vlan 35
fcoe vsan 35
vlan 40,50
vlan 52
fcoe vsan 52
vsan database
vsan 20
vsan 52
fcdomain fcid database
vsan 52 wwn 10:00:00:00:c9:b1:e5:3d fcid 0x180000 dynamic
vsan 52 wwn 10:00:00:00:c9:b1:e5:3b fcid 0x180001 dynamic
vsan 52 wwn 10:00:00:00:c9:5b:4d:e3 fcid 0x180002 dynamic
vsan 52 wwn 10:00:00:00:c9:5b:ab:ad fcid 0x180003 dynamic
vsan 52 wwn 10:00:00:00:c9:ad:ac:41 fcid 0x180004 dynamic
vsan 52 wwn 10:00:00:00:c9:ad:ac:b9 fcid 0x180005 dynamic
vsan 52 wwn 10:00:00:00:c9:ad:ac:b5 fcid 0x180006 dynamic
vsan 52 wwn 10:00:00:00:c9:f2:73:d1 fcid 0x180007 dynamic
vsan 52 wwn 10:00:00:00:c9:5b:4d:e1 fcid 0x180008 dynamic
vsan 52 wwn 10:00:00:00:c9:5b:ab:a9 fcid 0x180009 dynamic
vsan 52 wwn 10:00:00:00:c9:f2:73:d5 fcid 0x18000a dynamic
vsan 52 wwn 10:00:00:00:c9:b1:e5:5d fcid 0x18000b dynamic
vsan 52 wwn 10:00:00:00:c9:5b:ab:9b fcid 0x18000c dynamic
vsan 52 wwn 10:00:00:00:c9:5b:ab:99 fcid 0x18000d dynamic
vsan 52 wwn 10:00:00:00:c9:b1:e5:5b fcid 0x18000e dynamic
vsan 1 wwn 10:00:00:00:c9:f2:73:b3 fcid 0x050000 dynamic
vsan 52 wwn 10:00:00:00:c9:ad:ac:47 fcid 0x18000f dynamic
vsan 52 wwn 10:00:00:00:c9:5b:a7:93 fcid 0x180010 dynamic
vsan 52 wwn 10:00:00:00:c9:91:f8:19 fcid 0x180011 dynamic
vsan 52 wwn 10:00:00:00:c9:9c:e0:77 fcid 0x180012 dynamic
vsan 52 wwn 10:00:00:00:c9:5b:a7:d3 fcid 0x180013 dynamic
vsan 52 wwn 10:00:00:00:c9:5b:a3:bb fcid 0x180014 dynamic
vsan 52 wwn 10:00:00:00:c9:97:3b:c5 fcid 0x180015 dynamic
vsan 52 wwn 10:00:00:00:c9:f2:73:91 fcid 0x180016 dynamic
vsan 52 wwn 10:00:00:00:c9:a4:00:91 fcid 0x180017 dynamic
vsan 52 wwn 10:00:00:00:c9:f2:73:8d fcid 0x180018 dynamic
vsan 52 wwn 20:0f:00:11:0d:7f:a8:00 fcid 0x180019 dynamic
vsan 52 wwn 20:0f:00:11:0d:7f:a8:01 fcid 0x18001a dynamic
vsan 52 wwn 10:00:00:00:c9:5b:a3:b7 fcid 0x18001b dynamic
vsan 52 wwn 10:00:00:00:c9:5b:a5:27 fcid 0x18001c dynamic
vsan 52 wwn 10:00:00:00:c9:5b:a3:53 fcid 0x18001d dynamic
vsan 52 wwn 10:00:00:00:c9:bb:c8:37 fcid 0x18001e dynamic
vsan 52 wwn 10:00:00:00:c9:5b:76:e5 fcid 0x18001f dynamic
vsan 20 wwn 10:00:00:00:c9:5b:a3:83 fcid 0xd30000 dynamic
vsan 52 wwn 10:00:00:00:c9:91:00:00 fcid 0x180020 dynamic
vsan 52 wwn 10:00:00:00:00:91:f7:f1 fcid 0x180021 dynamic
vsan 1 wwn 10:00:00:00:c9:5b:4d:e3 fcid 0x050001 dynamic
vsan 52 wwn 10:00:00:00:c9:97:3b:0f fcid 0x180022 dynamic
vsan 52 wwn 10:00:00:00:c9:3c:8e:21 fcid 0x180023 dynamic
vsan 52 wwn 10:00:00:00:c9:97:3b:11 fcid 0x180024 dynamic
vsan 20 wwn 10:00:00:00:c9:b1:e6:b7 fcid 0xd30001 dynamic
vsan 52 wwn 10:00:f8:19:00:91:f8:19 fcid 0x180025 dynamic
vsan 52 wwn 10:00:00:00:c9:5b:a3:8b fcid 0x180026 dynamic
vsan 52 wwn 10:00:00:00:c9:b1:e4:ff fcid 0x180027 dynamic
vsan 52 wwn 10:00:00:00:c9:3c:8e:25 fcid 0x180028 dynamic
vsan 52 wwn 50:06:01:61:44:60:23:4f fcid 0x1800ef dynamic
vsan 52 wwn 10:00:00:00:c9:5b:d6:b9 fcid 0x180029 dynamic
vsan 52 wwn 10:00:00:00:c9:ad:ac:43 fcid 0x18002a dynamic
vsan 52 wwn 20:01:00:00:c9:5b:ab:99 fcid 0x18002b dynamic
vsan 52 wwn 20:02:00:00:c9:5b:ab:99 fcid 0x18002c dynamic
vsan 52 wwn 50:06:01:60:44:60:23:4f fcid 0x1801ef dynamic
vsan 52 wwn 10:00:00:00:c9:9d:1f:bf fcid 0x18002d dynamic
vsan 52 wwn 10:00:00:00:c9:9d:1f:c1 fcid 0x18002e dynamic
vsan 52 wwn 10:00:00:00:c9:f2:73:d3 fcid 0x18002f dynamic
vsan 20 wwn 10:00:00:00:c9:bb:c8:37 fcid 0xd30002 dynamic
vsan 52 wwn 10:00:00:00:c9:12:34:56 fcid 0x180030 dynamic
vsan 52 wwn 10:00:00:00:c9:12:34:57 fcid 0x180031 dynamic
vsan 52 wwn 10:00:00:00:c9:b1:ea:81 fcid 0x180032 dynamic
vsan 52 wwn 10:00:00:00:c9:b1:ea:7f fcid 0x180033 dynamic
vsan 20 wwn 10:00:00:00:c9:12:34:56 fcid 0xd30003 dynamic
vsan 52 wwn 10:00:00:00:c9:b1:e5:1b fcid 0x180034 dynamic
vsan 52 wwn 10:00:00:00:c9:b1:e5:1d fcid 0x180035 dynamic
vsan 52 wwn 10:00:00:00:c9:bb:c7:8f fcid 0x180036 dynamic
vsan 52 wwn 10:00:00:00:c9:bb:cb:8f fcid 0x180037 dynamic
vsan 52 wwn 10:00:00:00:c9:bb:cb:93 fcid 0x180038 dynamic
vsan 52 wwn 10:00:00:00:c9:bb:c7:93 fcid 0x180039 dynamic
vsan 20 wwn 10:00:00:00:c9:12:34:57 fcid 0xd30004 dynamic
vsan 52 wwn 10:00:00:00:c9:5b:ab:c4 fcid 0x18003a dynamic
vsan 52 wwn 10:00:00:00:c9:bb:17:b7 fcid 0x18003b dynamic
vsan 52 wwn 10:00:00:00:c9:a0:ce:2d fcid 0x18003c dynamic
vsan 52 wwn 10:00:00:00:c9:91:f7:f1 fcid 0x18003d dynamic
vsan 52 wwn 10:00:00:00:c9:5b:ab:c0 fcid 0x18003e dynamic
vsan 52 wwn 10:00:00:00:c9:b1:e5:5f fcid 0x18003f dynamic
vsan 52 wwn 10:00:00:00:c9:e3:06:89 fcid 0x180040 dynamic
vsan 52 wwn 50:06:01:68:44:60:23:4f fcid 0x1802ef dynamic
vsan 1 wwn 50:06:01:61:44:60:23:4f fcid 0x0500ef dynamic
vsan 52 wwn 10:00:00:00:c9:d1:16:24 fcid 0x180041 dynamic
vsan 52 wwn 10:00:00:00:c9:d1:16:25 fcid 0x180042 dynamic
vsan 52 wwn 10:00:00:00:c9:d1:0a:6d fcid 0x180043 dynamic
vsan 20 wwn 10:00:00:00:c9:d1:16:25 fcid 0xd30005 dynamic
vsan 20 wwn 10:00:00:00:c9:d1:16:24 fcid 0xd30006 dynamic
vsan 20 wwn ff:f2:00:00:c9:12:34:78 fcid 0xd30007 dynamic
vsan 20 wwn ff:f2:00:00:c9:d1:16:46 fcid 0xd30008 dynamic
vsan 52 wwn ff:f2:00:00:c9:d1:0a:8c fcid 0x180044 dynamic
vsan 20 wwn ff:f3:00:00:c9:d1:16:46 fcid 0xd30009 dynamic
vsan 52 wwn ff:f0:00:00:c9:d1:0a:8c fcid 0x180045 dynamic
vsan 52 wwn 10:00:00:00:c9:d1:0a:6c fcid 0x180046 dynamic
vsan 20 wwn ff:f2:00:00:c9:d1:0a:8c fcid 0xd3000a dynamic
vsan 20 wwn 10:00:00:00:c9:d1:0a:6d fcid 0xd3000b dynamic
vsan 52 wwn ff:f2:00:00:c9:d1:16:46 fcid 0x180047 dynamic
vsan 20 wwn ff:f3:00:00:c9:12:34:78 fcid 0xd3000c dynamic
vsan 52 wwn ff:f3:00:00:c9:12:34:78 fcid 0x180048 dynamic
vsan 52 wwn 50:06:01:69:44:60:23:4f fcid 0x1803ef dynamic
vsan 52 wwn ff:f3:00:00:c9:d1:16:46 fcid 0x180049 dynamic
vsan 52 wwn 10:00:00:00:c9:12:34:5b fcid 0x18004a dynamic
vsan 52 wwn 10:00:00:00:c9:12:34:5a fcid 0x18004b dynamic
vsan 52 wwn ff:f2:00:00:c9:12:34:78 fcid 0x18004c dynamic
vsan 52 wwn 10:00:00:00:c9:a5:ac:f3 fcid 0x18004d dynamic
vsan 52 wwn 10:00:00:00:c9:a5:ad:15 fcid 0x18004e dynamic
vsan 52 wwn 10:00:00:00:c9:a5:ac:f5 fcid 0x18004f dynamic
vsan 52 wwn 20:01:00:00:c9:a5:ac:f3 fcid 0x180050 dynamic
vsan 52 wwn 20:02:00:00:c9:a5:ac:f3 fcid 0x180051 dynamic
vsan 52 wwn ff:f3:00:00:c9:12:34:85 fcid 0x180052 dynamic
vsan 52 wwn 20:00:00:11:0d:77:9c:00 fcid 0x180053 dynamic
vsan 52 wwn 20:01:00:11:0d:77:9d:00 fcid 0x180054 dynamic
interface port-channel3
interface vfc1
no shutdown
interface vfc4
interface vfc9
bind interface Ethernet1/9
no shutdown
interface vfc10
interface vfc11
bind interface Ethernet1/11
no shutdown
interface vfc19
bind interface Ethernet1/19
no shutdown
interface vfc21
bind interface Ethernet1/21
no shutdown
interface vfc22
bind interface Ethernet1/22
switchport trunk allowed vsan 52
no shutdown
interface vfc24
bind interface Ethernet1/24
switchport trunk allowed vsan 52
no shutdown
interface vfc25
bind interface Ethernet1/25
switchport trunk allowed vsan 52
no shutdown
interface vfc26
bind interface Ethernet1/26
switchport trunk allowed vsan 52
no shutdown
interface vfc27
bind interface Ethernet1/27
no shutdown
interface vfc28
bind interface Ethernet1/28
no shutdown
interface vfc29
bind interface Ethernet1/29
no shutdown
interface vfc30
bind interface Ethernet1/30
switchport trunk allowed vsan 52
no shutdown
interface vfc31
bind interface Ethernet1/31
shutdown
interface vfc32
bind interface Ethernet1/32
no shutdown
interface vfc33
bind interface Ethernet1/33
no shutdown
interface vfc34
bind interface Ethernet1/34
no shutdown
interface vfc35
bind interface Ethernet1/35
no shutdown
interface vfc36
bind interface Ethernet1/36
no shutdown
interface vfc37
bind interface Ethernet1/37
no shutdown
interface vfc38
bind interface Ethernet1/38
no shutdown
interface vfc39
bind interface Ethernet1/39
no shutdown
interface vfc40
bind interface Ethernet1/40
no shutdown
vsan database
vsan 52 interface vfc1
vsan 52 interface vfc9
vsan 52 interface vfc11
vsan 52 interface vfc19
vsan 52 interface vfc21
vsan 52 interface vfc22
vsan 52 interface vfc24
vsan 52 interface vfc26
vsan 52 interface vfc27
vsan 52 interface vfc28
vsan 52 interface vfc29
vsan 52 interface vfc30
vsan 52 interface vfc31
vsan 52 interface vfc32
vsan 52 interface vfc33
vsan 52 interface vfc34
vsan 20 interface vfc35
vsan 52 interface vfc36
vsan 52 interface vfc37
vsan 52 interface vfc38
vsan 52 interface vfc39
vsan 52 interface vfc40
vsan 52 interface fc2/1
vsan 52 interface fc2/2
vsan 52 interface fc2/3
vsan 52 interface fc2/4
interface fc2/1
switchport trunk allowed vsan 1
switchport trunk allowed vsan add 52
switchport trunk mode auto
no shutdown
interface fc2/2
switchport trunk mode auto
no shutdown
interface fc2/3
no shutdown
interface fc2/4
no shutdown
interface Ethernet1/1
interface Ethernet1/2
speed 1000
interface Ethernet1/3
interface Ethernet1/4
interface Ethernet1/5
interface Ethernet1/6
interface Ethernet1/7
switchport mode trunk
interface Ethernet1/8
interface Ethernet1/9
switchport mode trunk
switchport trunk allowed vlan 1,10,20,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/10
interface Ethernet1/11
priority-flow-control mode on
switchport mode trunk
switchport trunk allowed vlan 1,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/12
switchport mode trunk
interface Ethernet1/13
switchport mode trunk
flowcontrol receive on
flowcontrol send on
interface Ethernet1/14
switchport mode trunk
flowcontrol receive on
flowcontrol send on
interface Ethernet1/15
switchport mode trunk
flowcontrol receive on
flowcontrol send on
interface Ethernet1/16
switchport mode trunk
flowcontrol receive on
flowcontrol send on
interface Ethernet1/17
interface Ethernet1/18
switchport mode trunk
switchport trunk allowed vlan 1,30
interface Ethernet1/19
switchport mode trunk
switchport access vlan 10
switchport trunk allowed vlan 1,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/20
switchport mode trunk
switchport access vlan 52
switchport trunk allowed vlan 1,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/21
switchport mode trunk
switchport trunk allowed vlan 1,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/22
interface Ethernet1/23
flowcontrol receive on
flowcontrol send on
interface Ethernet1/24
switchport mode trunk
switchport access vlan 52
switchport trunk allowed vlan 1,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/25
switchport mode trunk
switchport trunk allowed vlan 1,8,30,52
interface Ethernet1/26
switchport mode trunk
switchport access vlan 52
switchport trunk allowed vlan 1,8,30,52
interface Ethernet1/27
switchport mode trunk
flowcontrol receive on
flowcontrol send on
interface Ethernet1/28
switchport mode trunk
switchport trunk allowed vlan 1,8,30,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/29
switchport mode trunk
switchport trunk allowed vlan 1,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/30
description line
switchport mode trunk
switchport access vlan 52
switchport trunk allowed vlan 1,8,30,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/31
switchport mode trunk
switchport trunk allowed vlan 1,10,20,52
interface Ethernet1/32
switchport mode trunk
switchport trunk allowed vlan 1,10,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/33
switchport mode trunk
switchport trunk allowed vlan 1,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/34
switchport mode trunk
switchport trunk allowed vlan 1,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/35
switchport mode trunk
switchport access vlan 10
switchport trunk allowed vlan 1,10,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/36
switchport mode trunk
switchport trunk allowed vlan 1,30,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/37
switchport mode trunk
switchport trunk allowed vlan 1,30,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/38
switchport mode trunk
switchport trunk allowed vlan 1,10,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/39
shutdown
switchport mode trunk
switchport trunk allowed vlan 1,10,20,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/40
switchport mode trunk
switchport trunk allowed vlan 1,52
flowcontrol receive on
flowcontrol send on
interface Ethernet2/1
switchport mode trunk
flowcontrol receive on
flowcontrol send on
interface Ethernet2/2
switchport mode trunk
flowcontrol receive on
flowcontrol send on
interface Ethernet2/3
switchport mode trunk
flowcontrol receive on
flowcontrol send on
interface Ethernet2/4
switchport mode trunk
flowcontrol receive on
flowcontrol send on
interface mgmt0
ip address 10.192.194.111/20
system default zone default-zone permit
system default zone distribute full
line console
line vty
boot kickstart bootflash:/n5000-uk9-kickstart.5.0.3.N1.1b.bin
boot system bootflash:/n5000-uk9.5.0.3.N1.1b.bin
interface fc2/1
interface fc2/2
interface fc2/3
interface fc2/4
zone default-zone permit vsan 20
zone default-zone permit vsan 52
zoneset distribute full vsan 1
zoneset distribute full vsan 20
zoneset distribute full vsan 52
!Full Zone Database Section for vsan 1
zone name bg-qa vsan 1
member pwwn 10:00:00:00:c9:5b:ab:ca
member pwwn 21:00:00:0c:50:c3:70:23
member pwwn 21:00:00:0c:50:c3:70:22
member pwwn 21:00:00:0c:50:c3:70:16
member pwwn 21:00:00:0c:50:c3:70:1e
member pwwn 22:00:00:0c:50:c3:70:26
member pwwn 22:00:00:18:62:06:76:8a
member pwwn 22:00:00:11:c6:17:68:c3
member pwwn 22:00:00:0c:50:c3:70:1d
member pwwn 22:00:00:0c:50:c3:6f:c2
member pwwn 22:00:00:11:c6:17:68:dc
member pwwn 21:00:00:0c:50:c3:6a:d0
member pwwn 21:00:00:0c:50:79:92:90
member pwwn 21:00:00:11:c6:17:69:a0
member pwwn 21:00:00:0c:50:79:93:af
member pwwn 22:00:00:0c:50:48:10:80
member pwwn 22:00:00:11:c6:18:46:c6
member pwwn 22:00:00:0c:50:32:2e:0f
member pwwn 22:00:00:0c:50:48:10:74
member pwwn 22:00:00:11:c6:18:46:f2
member pwwn 21:00:00:00:87:13:cb:d1
member pwwn 21:00:00:0c:50:79:91:0f
member pwwn 10:00:00:00:c9:3c:8e:49
member pwwn 10:00:00:00:c9:5b:ab:c2
member pwwn 10:00:00:00:c9:5b:af:f3
zone name sf_RAM vsan 1
member pwwn 10:00:00:00:c9:5b:af:c9
member pwwn 21:00:00:0c:50:b4:8e:20
zone name anand vsan 1
member pwwn 10:00:00:00:c9:65:69:31
member pwwn 22:00:00:18:62:06:7f:f6
zone name syedzone vsan 1
member fwwn 20:11:00:0d:ec:56:7b:40
member pwwn 50:06:01:60:44:60:23:4f
zone name bg_qa vsan 1
zoneset name TOM vsan 1
member bg-qa
zoneset name bg_dvt vsan 1
member sf_RAM
zoneset name lancer vsan 1
member anand
zoneset name bg-qa vsan 1
zoneset name syed vsan 1
member syedzone
zoneset activate name lancer vsan 1
!Full Zone Database Section for vsan 20
zone name amrita_zone1 vsan 20
member pwwn 10:00:00:00:c9:5b:a3:83
member pwwn 22:00:00:04:cf:89:19:67
member pwwn 22:00:00:0c:50:48:10:80
member pwwn 22:00:00:11:c6:18:46:f2
member pwwn 22:00:00:0c:50:79:93:ae
zone name amr_zset vsan 20
zoneset name amr_zset vsan 20
member amrita_zone1
zoneset activate name amr_zset vsan 20
!Full Zone Database Section for vsan 52
zone name vinod vsan 52
member pwwn 50:06:01:69:44:60:23:4f
member pwwn ff:f3:00:00:c9:12:34:78
member pwwn 10:00:00:00:c9:12:34:5b
member pwwn 10:00:00:00:c9:12:34:57
zone name neha vsan 52
zone name siv1 vsan 52
member pwwn 10:00:00:00:c9:ad:ac:43
member pwwn 50:06:01:61:44:60:23:4f
member pwwn 10:00:00:00:c9:ad:ac:47
zone name neha1 vsan 52
member pwwn 10:00:00:00:c9:5b:ab:ad
member pwwn 50:06:01:60:44:60:23:4f
zone name neha2 vsan 52
member pwwn 50:06:01:60:44:60:23:4f
member pwwn 10:00:00:00:c9:5b:ab:a9
zone name neha3 vsan 52
member pwwn 10:00:00:00:c9:9d:1f:bf
member pwwn 50:06:01:60:44:60:23:4f
zone name neha4 vsan 52
member pwwn 50:06:01:60:44:60:23:4f
member pwwn 10:00:00:00:c9:9d:1f:c1
zone name chetan vsan 52
member pwwn 10:00:00:00:c9:f2:73:d3
member pwwn 50:06:01:60:44:60:23:4f
member pwwn 10:00:00:00:c9:ad:ac:47
zone name siv2 vsan 52
member pwwn 10:00:00:00:c9:d1:0a:6d
member pwwn ff:f2:00:00:c9:d1:0a:8c
member pwwn 22:00:00:0c:50:79:93:af
member pwwn 22:00:00:0c:50:79:92:90
member pwwn 22:00:00:0c:50:79:91:0f
member pwwn 20:01:00:11:0d:77:9d:00
zone name sroy vsan 52
member pwwn 10:00:00:00:c9:b1:ea:7f
member pwwn 50:06:01:60:44:60:23:4f
member pwwn 10:00:00:00:c9:5b:ab:99
member pwwn 10:00:00:00:c9:bb:cb:8f
member pwwn 10:00:00:00:c9:5b:ab:c4
member pwwn 10:00:00:00:c9:d1:16:25
member pwwn 50:06:01:61:44:60:23:4f
member pwwn 10:00:00:00:c9:a5:ac:f3
zone name manju vsan 52
member pwwn 10:00:00:00:c9:bb:c7:8f
member pwwn 50:06:01:61:44:60:23:4f
zone name ram vsan 52
member pwwn 50:06:01:60:44:60:23:4f
member pwwn 10:00:00:00:c9:a0:ce:2d
member pwwn 10:00:00:00:c9:bb:17:b7
member pwwn 10:00:00:00:c9:5b:a5:27
member pwwn 10:00:00:00:c9:91:f7:f1
member pwwn 10:00:00:00:c9:b1:e5:5f
zone name jana vsan 52
member pwwn 10:00:00:00:c9:91:f7:f1
member pwwn 50:06:01:60:44:60:23:4f
zone name priya vsan 52
member pwwn 10:00:00:00:c9:e3:06:89
member pwwn 50:06:01:60:44:60:23:4f
zoneset name IBMraptor vsan 52
member vinod
member siv1
member neha1
member neha2
member neha3
member neha4
member chetan
member siv2
member sroy
member manju
member ram
member priya
zoneset name ananda vsan 52
zoneset name vinod vsan 52
zoneset activate name IBMraptor vsan 52
no system default switchport shutdown san
Cisco-5020# sh system internal dcbx info interface ethernet 1/38
Interface info for if_index: 0x1a025000(Eth1/38)
tx_enabled: TRUE
rx_enabled: TRUE
dcbx_enabled: TRUE
DCX Protocol: CIN
Port MAC address: 00:0d:ec:b2:15:6d
DCX Control FSM Variables: seq_no: 0x1, ack_no: 0x0,my_ack_no: 0x0, peer_seq_no:
0x0 oper_version: 0x0, max_version: 0x0 fast_retries 0x0
Lock Status: UNLOCKED
PORT STATE: UP
LLDP Neighbors
No DCX tlvs from the remote peer
6 Features on this intf for Protocol CIN(0)
3 Features on this intf for Protocol CEE(1)
6 Features on this intf for Protocol CIN(0)
Feature type LLS (6)sub_type FCoE Logical Link Status (0)
feature type 6(LLS)sub_type 0
Feature State Variables: oper_version 0 error 0 local error 0 oper_mode 0
feature_seq_no 0 remote_feature_tlv_present 0 remote_tlv_aged_out 0
remote_tlv_not_present_notification_sent 0
Feature Register Params: max_version 0, enable 1, willing 0 advertise 1
disruptive_error 0 mts_addr_node 0x101 mts_addr_sap 0x1d9
Desired config cfg length: 1 data bytes:00
Operating config cfg length: 0 data bytes:
Peer config cfg length: 0 data bytes:
Feature type PFC (3)
feature type 3(PFC)sub_type 0
Feature State Variables: oper_version 0 error 0 local error 0 oper_mode 0
feature_seq_no 0 remote_feature_tlv_present 0 remote_tlv_aged_out 1
remote_tlv_not_present_notification_sent 0
Feature Register Params: max_version 0, enable 1, willing 0 advertise 1
disruptive_error 0 mts_addr_node 0x101 mts_addr_sap 0x179
Desired config cfg length: 1 data bytes:08
Operating config cfg length: 0 data bytes:
Peer config cfg length: 0 data bytes:
Feature type App(Fcoe) (5)sub_type FCoE (0)
feature type 5(App(Fcoe))sub_type 0
Feature State Variables: oper_version 0 error 0 local error 0 oper_mode 0
feature_seq_no 0 remote_feature_tlv_present 0 remote_tlv_aged_out 1
remote_tlv_not_present_notification_sent 0
Feature Register Params: max_version 0, enable 1, willing 0 advertise 1
disruptive_error 0 mts_addr_node 0x101 mts_addr_sap 0x179
Desired config cfg length: 1 data bytes:08
Operating config cfg length: 0 data bytes:
Peer config cfg length: 0 data bytes:
Feature type PriMtu (8)
feature type 8(PriMtu)sub_type 0
Feature State Variables: oper_version 0 error 0 local error 0 oper_mode 0
feature_seq_no 0 remote_feature_tlv_present 0 remote_tlv_aged_out 1
remote_tlv_not_present_notification_sent 0
Feature Register Params: max_version 0, enable 1, willing 0 advertise 1
disruptive_error 0 mts_addr_node 0x101 mts_addr_sap 0x179
Desired config cfg length: 16 data bytes:24 00 24 00 24 00 08 6e 24 00 24 00 24 00 24 00
Operating config cfg length: 0 data bytes:
Peer config cfg length: 0 data bytes:
Feature type PriGrp (2)
feature type 2(PriGrp)sub_type 0
Feature State Variables: oper_version 0 error 0 local error 0 oper_mode 0
feature_seq_no 0 remote_feature_tlv_present 0 remote_tlv_aged_out 1
remote_tlv_not_present_notification_sent 0
Feature Register Params: max_version 0, enable 1, willing 0 advertise 1
disruptive_error 0 mts_addr_node 0x101 mts_addr_sap 0x179
Desired config cfg length: 24 data bytes:32 32 00 00 00 00 00 00 00 0f 00 0f 00 0e 20 64 00 0e 00 0e
00 0e 00 0e
Operating config cfg length: 0 data bytes:
Peer config cfg length: 0 data bytes:
Feature type LLS (6)sub_type LAN Logical Link Status (1)
feature type 6(LLS)sub_type 1
Feature State Variables: oper_version 0 error 0 local error 0 oper_mode 0
feature_seq_no 0 remote_feature_tlv_present 0 remote_tlv_aged_out 1
remote_tlv_not_present_notification_sent 0
Feature Register Params: max_version 0, enable 1, willing 0 advertise 1
disruptive_error 0 mts_addr_node 0x101 mts_addr_sap 0xaf
Desired config cfg length: 1 data bytes:80
Operating config cfg length: 0 data bytes:
Peer config cfg length: 0 data bytes:
Traffic Counters
DCBX pkt stats:
Total frames out: 20296
Total Entries aged: 27
Total frames in: 0
DCBX frames in: 0
Total frames received in error: 0
Total frames discarded: 0
Total TLVs unrecognized: 0
Cisco-5020#
Cisco-5020#
Cisco-5020#
I am new to this PFC, and first time trying to configure so you can see nothing being configured. -
Nexus 5000 command/log accounting
Good afternoon gentlemen
I need to configure the same as shown below in Nexus 5000 switches. The requirement is logging all user access login (whether failed or succeeded) and also logging all commands that users issue.
#IOS commands
no logging console
logging buffered 307200 informational
service timestamps log datetime localtime show-timezone
logging trap debugging
login on-failure log
login on-success log
archive
log config
logging enable
logging size 500
hidekeys
notify syslog contenttype plaintext
By now, I only found the command "show accounting log". But no way to export to a syslog server I think.
If you guys have an idea please answear
Regards
ChristianGood afternoon gentlemen
I need to configure the same as shown below in Nexus 5000 switches. The requirement is logging all user access login (whether failed or succeeded) and also logging all commands that users issue.
#IOS commands
no logging console
logging buffered 307200 informational
service timestamps log datetime localtime show-timezone
logging trap debugging
login on-failure log
login on-success log
archive
log config
logging enable
logging size 500
hidekeys
notify syslog contenttype plaintext
By now, I only found the command "show accounting log". But no way to export to a syslog server I think.
If you guys have an idea please answear
Regards
Christian -
How to implement Oracle user/role security with Access front end?
Hi,
We have successfully migrated our Access database tables to Oracle 10g using SQL developer. We've recreated all the users and roles(i.e., access groups) in Oracle and granted rights to tables.
In the Access front end database, in the Database window we have saved linked Oracle tables which replaced the Access tables. The forms, reports, queries run fine with the linked Oracle tables. All the linked table use one ODBC DSN to the Oracle database with the same Oracle user id.
We need to be able to authenticate users into the Oracle database and RE-link the tables based on their own unique user id. By during so we can allow users to use the Oracle standard user id/role and system privileges to control select, update, ect. rights to the database.
I've been able to use the VB code within Access to logon into the database with a unique id, but I have not been able to find out how to RE-link the tables to the unique user id using VB. There should be some way to relink tables dynamically, based on users login into the Access front end.
I don't know a great deal about Access projects, but I do know with SQL server allows login into your Access project and link tables dynamically.
Can someone give me some assistance or point me in the right direction?
Thanks in advance,
LarryWe had one of our programmers here come up with a VB code solution for re-linking table within Access. However the relinking takes 3-4 minutes for 100+ tables.
In an effort to help you understand the situation better, I will attempt to elaborate on the problem:
We have an Access 2003 application which currently has a front end using Access(forms, reports, queries, & VB code) and a MS Access 2003 backend.
We have migrated the backend tables to Oracle. However, we still have a need to maintain the front end in Access, since we have over 60 forms, 40 reports, 200+ queries in Access. Its easy to understand, we have a significant investment in the front end(Obviously, the plan is to migrate the front end also at some future date).
In order to utilized the existing front end, we have to validate and modify the current front end connections to the new Oracle backend. One of the features of Access is that you can "link" tables and save the link for runtime. Each Access table can have its own link which is a separate ODBC/JET connection. As such, each separate link has its own userid/database information.
The other issue with using the Access front-end is that Access utilizes a workgroup file to implement user and group security. The workgroup file contains all the users and which groups the users belong to in Access. Then within Access, you allow users access to object(tables, queries, ect) by their userid and or group. When users open an Access database with Access security enabled, they are required to log into Access. The login is authenticated by the workgroup file. Once, logged into Access, users have rights to Access objects based on their rights granted to their userid and groups they belong. The problem here is that when you remove the linked Access tables and replace them with linked Oracle tables, Access has knowledge about Oracle table rights granted to users; nor would you expect it to.
The dilema is the disconnect between Access and the fact Oracle utilizes a similar but much more sophisticated security model. It creates users and roles(which are similar to Access groups), and again this is independent of Access security.
Our solution was to still use the Access workgroup file security along with the Oracle security model. By using the Access userid and then creating a similar Oracle userid with similar table rights granted in Access, you could apply security within Access and also with the Oracle database.
For example, a user BOB logs into Access via the workgroup file, using VB code, Access then establishes a Oracle connection logining into Oracle using the same unique userid BOB into Oracle.
After connecting and validating user BOB into Oracle, then the Access tables are relinked to Oracle using the user BOB userid and table rights.
This Oracle userid has been granted table rights specific for this userid.This allows the user BOB to use the Access application and still be authenticated into the Oracle database.
The problem with this solution is that the relinking of the saved Access tables takes 3-7 minutes for about 100+ tables. This is not acceptable for users each time they log into the application.
Our current alternative is to use one Oracle userid to login each user, and use Access form restrictions/security to allow/prevent users from updating/viewing data. Obviously, this is not the optimal solution in respect to security, but it at least allows us to control access to the data(via the forms) by using one logon required for each user, and quick startup time for the application.
I understand SQL server does a better job in integration, but we use Oracle which is what I am trying to work with.
Larry -
Flex encounters "Security error accessing url.Unable to load WSDL"
i have created a flex application which connects to SAP via web service.
when i try to run my flex application i encounter the following error.
"Security error accessing url.Unable to load WSDL"
i went through various posts relating a BSP application and crossdomain.xml
i have created the crossdomain.xml file in the application and
i tried those options and still not able to figure out the problem.
the security error is because of the absence of the crossdomain.xml file, and in which path should i be saving the file?
Kindly help me solve the problem.
Thanks in advance.Have you seen this blog
"Crossdomain.xml" in ABAP Web AS Server cache -
Security error accessing ur unable to load wsdl
HI
I am using a webservice(.net webservice) that is on my
localhost and using it in flex application that is also on my
system. Means both the webservice and flex application are on the
same system.
But when i gives the reference of the webservice using the
system ip and run the application by the flex builder it generates
the error as:
mx.messaging.messages::ErrorMessage)#0
body = (Object)#1
clientId = "DirectHTTPChannel0"
correlationId = "24CD6542-F141-1A05-BA35-00A108CB30A0"
destination = ""
extendedData = (null)
faultCode = "Channel.Security.Error"
faultDetail = "Destination: DefaultHTTP"
faultString = "Security error accessing url"
headers = (Object)#2
messageId = "CC123DF0-0E6C-05FF-7894-00A109676283"
rootCause = (flash.events::SecurityErrorEvent)#3
bubbles = false
cancelable = false
currentTarget = (flash.net::URLLoader)#4
bytesLoaded = 0
bytesTotal = 0
data = (null)
dataFormat = "text"
eventPhase = 2
target = (flash.net::URLLoader)#4
text = "Error #2170: Security sandbox violation:
http://localhost:3000/MYCIMS/flex_bin/Design.swf
cannot send HTTP headers to
http://myip/MyServer/AdminWS.asmx."
type = "securityError"
timestamp = 0
timeToLive = 0
I have put crossdomain.xml file in the root of the localhost
and made every changes possible in the crossdomain.xml file but the
application is not running.
Please somebody provide an effective solution, I have spend
lots of time to resolve the problem but its not being....
Thanks in advance
Gopi SainiHave you seen this blog
"Crossdomain.xml" in ABAP Web AS Server cache -
Security error accessing url (Unable to load WSDL)
Hi folks.
I have a Flex project that use a WCF webservice. In my localhost everything is allright, but I want to upload my flex project to a web host (http://www.dorj.ir) and upload my WCF webservice to a server that has a valid IP...
After going to http://www.dorj.ir, you can see this error
Security error accessing url
Unable to load WSDL. If currently online, please verify the URI and/or format of the WSDL (http://ip/service.svc?wsdl)
I put the crossdomain.xml file in the root of my server:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="http://www.dorj.ir" />
<allow-http-request-headers-from domain="http://www.dorj.ir" headers="SOAPAction"/>
</cross-domain-policy>
But I have the same error, yet...!
what should I do?!Have you seen this blog
"Crossdomain.xml" in ABAP Web AS Server cache -
Applet Error:java.security.AccessControlException: access denied
Hi,
I just successful deploy an business component project to oralce 8.1.6 as an EJB Session bean, and
the test of application module is successful. In the same workspace, I create an new project with
an applet(which contains only an grid control)as a client of the business component. Everything works
fine within the Applet viewer, however, when I trying to load the applet in IE5.5 I got the following
error message in java console:
Java(TM) Plug-in
Using JRE version 1.2.1
User home directory = D:\Documents and Settings\ERic
Proxy Configuration: no proxy
JAR cache enabled.
Failed to query environment: 'access denied (java.util.PropertyPermission jbo.debugoutput read)'
Diagnostics: Silencing all diagnostic output (use -Djbo.debugoutput=console to see it)
Failed to query environment: 'access denied (java.util.PropertyPermission jbo.logging.show.timing read)'
Failed to query environment: 'access denied (java.util.PropertyPermission jbo.logging.show.function read)'
Failed to query environment: 'access denied (java.util.PropertyPermission jbo.logging.show.level read)'
Failed to query environment: 'access denied (java.util.PropertyPermission jbo.logging.show.linecount read)'
Failed to query environment: 'access denied (java.util.PropertyPermission jbo.logging.trace.threshold read)'
Failed to query environment: 'access denied (java.util.PropertyPermission jbo.jdbc.driver.verbose read)'
java.lang.ExceptionInInitializerError: java.security.AccessControlException: access denied (java.util.PropertyPermission org.omg.CORBA.ORBClass read)
at java.security.AccessControlContext.checkPermission(Compiled Code)
at oracle.aurora.jndi.orb_dep.Orb.<clinit>(Orb.java:24)
at oracle.aurora.jndi.sess_iiop.sess_iiopURLContext.<clinit>(sess_iiopURLContext.java:9)
at javax.naming.spi.NamingManager.getURLObject(NamingManager.java:588)
at javax.naming.spi.NamingManager.getURLContext(NamingManager.java:537)
at javax.naming.InitialContext.getURLOrDefaultInitCtx(InitialContext.java:274)
at javax.naming.InitialContext.lookup(InitialContext.java:349)
at oracle.jbo.client.remote.ejb.aurora.AuroraEJBAmHomeImpl.connectToService(AuroraEJBAmHomeImpl.java:179)
at oracle.jbo.client.remote.ejb.aurora.AuroraEJBAmHomeImpl.createSession(AuroraEJBAmHomeImpl.java:152)
at oracle.jbo.client.remote.ejb.aurora.AuroraEJBAmHomeImpl.initRemoteHome(AuroraEJBAmHomeImpl.java:123)
at oracle.jbo.client.remote.ejb.aurora.AuroraEJBAmHomeImpl.<init>(AuroraEJBAmHomeImpl.java:59)
at oracle.jbo.client.remote.ejb.aurora.AuroraEJBInitialContext.createJboHome(AuroraEJBInitialContext.java:47)
at oracle.jbo.common.JboInitialContext.lookup(JboInitialContext.java:72)
at javax.naming.InitialContext.lookup(InitialContext.java:349)
at oracle.dacf.dataset.SessionInfo._createAppModule(SessionInfo.java:2330)
at oracle.dacf.dataset.SessionInfo.connect(SessionInfo.java:1799)
at oracle.dacf.dataset.SessionInfo.openProducerObject(SessionInfo.java:1848)
at oracle.dacf.dataset.ProducerObject.open(ProducerObject.java:94)
at oracle.dacf.dataset.SessionInfo.publishSession(SessionInfo.java:1305)
at oracle.dacf.dataset.SessionInfo.publishSession(SessionInfo.java:1287)
at broadcastapplet.myBroadCastApplet.init(myBroadCastApplet.java:70)
at sun.applet.AppletPanel.run(Compiled Code)
at java.lang.Thread.run(Thread.java:479)
The Oracle 8.1.6 runs on Win2000, I put the JAR & related zip files in the same machine's IIS webserver.
Is anyone can help?
ERicHi Shaji,
Are you calling a webservice from within an Xacute Query for your applet? On first glance, it looks like a web service call is being rejected due to security permissions. If you have a webservice call (or HTTP post/get), can you test it separately with the same credentials as the webpage is using?
Regards,
Mike -
Urgent requirement : security error accessing url and http error: standalone flex
Hi,
I have a requirement to create record from standalone flex. I am using Flex builder 3.
I used Flex-force toolkit to login to salesforce. The swf file generated when used internal to salesforce it works great.
But my requirement is to run it from public sites page / standalone pages. How will I configure it? I am getting error 'security error accessing url', default HTTP
The requirement is on priority, please help me to resolve this issue.
The login code is also furnished below. please help.
Full error details:
(com.salesforce.events::ApexFaultEvent)#0
bubbles = false
cancelable = true
context = (null)
currentTarget = (null)
eventPhase = 2
fault = (mx.rpc::Fault)#1
content = (null)
errorID = 0
faultCode = "Channel.Security.Error"
faultDetail = "Destination: DefaultHTTP"
faultString = "Security error accessing url"
message = "faultCode:Channel.Security.Error faultString:'Security error accessing url' faultDetail:'Destination: DefaultHTTP'"
name = "Error"
rootCause = (flash.events::SecurityErrorEvent)#2
bubbles = false
cancelable = false
currentTarget = (flash.net::URLLoader)#3
bytesLoaded = 0
bytesTotal = 0
data = (null)
dataFormat = "text"
eventPhase = 2
target = (flash.net::URLLoader)#3
text = "Error #2170: Security sandbox violation: file:///C|/Users/R/DOCUME%7E1/FLEXBU%7E1/TESTLO%7E1/BIN%2DRE%7E1/TESTLO%7E1.SWF cannot send HTTP headers to https://login.salesforce.com/services/Soap/u/14.0?1000.1153011256829."
type = "securityError"
headers = (null)
message = (mx.messaging.messages::ErrorMessage)#4
body = (null)
clientId = "DirectHTTPChannel0"
correlationId = "B8A1B02E-CE17-DCBA-4894-F2E4CBEB7C04"
destination = ""
extendedData = (null)
faultCode = "Channel.Security.Error"
faultDetail = "Destination: DefaultHTTP"
faultString = "Security error accessing url"
headers = (Object)#5
DSStatusCode = 0
messageId = "41F6A90D-ECAE-EA2D-7C84-F2E4DABD72F3"
rootCause = (flash.events::SecurityErrorEvent)#2
timestamp = 0
timeToLive = 0
messageId = "41F6A90D-ECAE-EA2D-7C84-F2E4DABD72F3"
statusCode = 0
target = (null)
token = (mx.rpc::AsyncToken)#6
message = (mx.messaging.messages::HTTPRequestMessage)#7
body = "<se:Envelope xmlns:se="http://schemas.xmlsoap.org/soap/envelope/"><se:Header xmlns:sfns="urn:partner.soap.sforce.com"/><se:Body><login xmlns="urn:partner.soap.sforce.com" xmlns:ns1="sobject.partner.soap.sforce.com"><username>uname</username><password>pwdandsec token</password></login></se:Body></se:Envelope>"
clientId = (null)
contentType = "text/xml; charset=UTF-8"
destination = "DefaultHTTP"
headers = (Object)#8
DSEndpoint = "direct_http_channel"
httpHeaders = (Object)#9
Accept = "text/xml"
SOAPAction = """"
X-Salesforce-No-500-SC = "true"
messageId = "B8A1B02E-CE17-DCBA-4894-F2E4CBEB7C04"
method = "POST"
recordHeaders = false
timestamp = 0
timeToLive = 0
url = "https://login.salesforce.com/services/Soap/u/14.0?1000.1153011256829"
responders = (Array)#10
[0] (::SalesForceResponder)#11
result = (null)
type = "fault"
Login code:
[Bindable] public var sfdc:Connection = new Connection();
private function login():void {
Security.loadPolicyFile("http://salesforce.com/services/crossdomain.xml");
var lr:LoginRequest = new LoginRequest();
lr.username = "uname";
lr.password = "pwdtoken";
sfdc.protocol = "https";
sfdc.serverUrl = "https://login.salesforce.com/services/Soap/u/14.0";
lr.callback = new AsyncResponder(loginSuccess, loginFault);
sfdc.login(lr);This is resolved.
I have copied the crossdomain.xml file to tomcat Root folder
and the issue is resolved. -
Hi All,
I try to run an applet from Solaris 8 server on some client machine using IE5 and NetScape 6.2 ( I installed JRE 1.4, I also try other JRE versions) but I get the following errors again and agian,
I even try to use appletviewer on the Solaris Box itself to open the applet but it makes no difference same errors
could somebody please help or give me a hint how should I start tracing what the problem might be ?
this applet comes with Solaris Bandwidth Manager as a gui administration tool ( webbased ) it supposed to change the configurations remotly over the web. I asure there is no solaris permission problem exist.
I use Tomcat on the server side.Installed JDK 1.3 on Solaris 8 with all the default settings.
i suppose something should be done with java.policy or java.security files i know nothing about java security please at least give me some URL's to find out more about this matter i searched a lot but couldn't find good documents about java default security restrictions
java.lang.ExceptionInInitializerError
at com.sun.ba.common.QConfiguration.loadPredefServices(QConfiguration.java:617)
at com.sun.ba.common.QConfiguration.getPredefServices(QConfiguration.java:630)
at com.sun.ba.tool.MainPanel.<init>(MainPanel.java:95)
at com.sun.ba.tool.QoSFrame.<init>(QoSFrame.java:48)
at com.sun.ba.tool.baApplet.init(baApplet.java:46)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission console read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
at java.lang.System.getProperty(Unknown Source)
at com.sun.ba.common.QDebug.<clinit>(QDebug.java:39)
... 7 more
any help would be appriciated so much.
thanks
mehmadI dont know, but It may be that an Applet can only access the local machine. ie. If you run the applet on computer A and you want to edit the config on computer B, I do not believe you can. The applet can only talk to Computer A. You would have to:
1) Run an application on computer A and the applet would tell the application what to change.
2)Maybe sign the applet in a JAR File
You will probably have to do #1.
US101 -
Hi All,
I try to run an applet from Solaris 8 server on some client machine using IE5 and NetScape 6.2 ( I installed JRE 1.4, I also try other JRE versions) but I get the following errors again and agian,
I even try to use appletviewer on the Solaris Box itself to open the applet but it makes no difference same errors
could somebody please help or give me a hint how should I start tracing what the problem might be ?
this applet comes with Solaris Bandwidth Manager as a gui administration tool ( webbased ) it supposed to change the configurations remotly over the web. I asure there is no solaris permission problem exist.
I use Tomcat on the server side.Installed JDK 1.3 on Solaris 8 with all the default settings.
i suppose something should be done with java.policy or java.security files i know nothing about java security please at least give me some URL's to find out more about this matter i searched a lot but couldn't find good documents about java default security restrictions
java.lang.ExceptionInInitializerError
at com.sun.ba.common.QConfiguration.loadPredefServices(QConfiguration.java:617)
at com.sun.ba.common.QConfiguration.getPredefServices(QConfiguration.java:630)
at com.sun.ba.tool.MainPanel.<init>(MainPanel.java:95)
at com.sun.ba.tool.QoSFrame.<init>(QoSFrame.java:48)
at com.sun.ba.tool.baApplet.init(baApplet.java:46)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission console read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
at java.lang.System.getProperty(Unknown Source)
at com.sun.ba.common.QDebug.<clinit>(QDebug.java:39)
... 7 more
any help would be appriciated so much.
thanks
mehmadHi,
Please make changes in the java.security files present in the jdk1.3/lib/jre/security/java.security.There you make the changes in the property which gives you the error.See if this helps..
regards vickyk -
Socket programming + java.security.AccessControlException: access denied
the code below is for a particular port and IP ..what is the command for granting permission for all the sites?
please help, i have been unable to tackle this problem from the past 24 hours.
iam getting an error too..
java.security.AccessControlException: access denied (java.net.SocketPermission yahoo.com resolve)
grant {
permission java.net.SocketPermission
"puffin.eng.sun.com:7777",
"connect, accept";..
-
Security Manager/Access problem
(WWC-00000)
An unexpected error has occurred in portlet instances: wwpob_api_portlet_inst.create_inst (WWC-44846)
The following error occurred during the call to Web provider: java.lang.NullPointerException
at oracle.portal.provider.v2.security.URLSecurityManager.hasAccess(Unknown Source)
at oracle.portal.provider.v2.DefaultPortletDefinition.hasAccess(Unknown Source)
at oracle.portal.provider.v2.ProviderInstance.getPortletDefinition(Unknown Source)
at oracle.portal.provider.v2.ProviderInstance.getPortletInstance(Unknown Source)
at oracle.portal.provider.v2.ProviderInstance.getPortletInstance(Unknown Source)
at oracle.webdb.provider.v2.adapter.soapV1.ProviderAdapter.registerPortlet(Unknown Source)
at java.lang.reflect.Method.invoke(Native Method)
at oracle.webdb.provider.v2.utils.soap.SOAPProcessor.doMethodCall(Unknown Source)
at oracle.webdb.provider.v2.utils.soap.SOAPProcessor.processInternal(Unknown Source)
at oracle.webdb.provider.v2.utils.soap.SOAPProcessor.process(Unknown Source)
at oracle.webdb.provider.v2.adapter.SOAPServlet.doSOAPCall(Unknown Source)
at oracle.webdb.provider.v2.adapter.SOAPServlet.service(Unknown Source)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:336)
at com.evermind.server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:59)
at oracle.security.jazn.oc4j.JAZNFilter.doFilter(JAZNFilter.java:283)
at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:523)
at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:269)
at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:735)
at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:151)
at com.evermind.util.ThreadPoolThread.run(ThreadPoolThread.java:64)
(WWC-43147)
Removing the provider.xml security manager setting will do away with this problem.
Versions being used: Portal 9.0.2 and PDK september.I have checked with PDK September samples related to Security Manager/Access and they are working fine. Please lets know for which PDK sample gives this error.
Maybe you are looking for
-
How do you report Net Balance of A/R Down Payment Invoice?
We have recently installed SAP B1 Version 8.8 at a new client site. The client wants to accept A/R down payments from customers, issue invoices and draw the amount of the invoice from the down payment. I can see the net amount in an open items list
-
I just purchased my first Mac, a Macbook Pro, running Leopard 10.5.4. I also have 2 PCs at home which I use also. I use the one basically for storage, while I work off of the other. My problem is that I set up all three and they all work fine, connec
-
Idoc file to create master data in APO
Hi Experts, I will be getting an idoc file let say zmatmas02 its extended idoc type with extended segments i need to upload this file into an APO system can i use the program RSEINB00 to upload the idoc file , if so what are the steps i need to do, o
-
Photoshop v3 had a photo gallery automated action. Where would I fine one for v2014?
Photoshop v3 had a photo gallery automated action. Where would I fine one for v2014?
-
How can I take off FINAL DRAFT written in diagonal in the middle of every pages of my document.