Nexus 5000 - Securing MGMT Access

Similar Messages

• Nexus 5000 - Odd Ethernet interface behavior (link down inactive)

  Hi Guys,
  This would sound really trivial but it is very odd behavior.
  - We have a server connected to a 2, Nexus 5000s (for resiliancy)
  - When there is no config on the ethernet interfaces whatsoever, the ethernet interface is UP / UP, there is minimal amount of traffic on the link etc. E.g.
  Ethernet1/16 is up
    Hardware: 1000/10000 Ethernet, address: 000d.ece7.85d7 (bia 000d.ece7.85d7)
    Description: shipley-p1.its RK14/A13
    MTU 1500 bytes, BW 10000000 Kbit, DLY 10 usec,
       reliability 255/255, txload 1/255, rxload 1/255
    Encapsulation ARPA
    Port mode is access
    full-duplex, 10 Gb/s, media type is 1/10g
    Beacon is turned off
    Input flow-control is off, output flow-control is off
    Rate mode is dedicated
    Switchport monitor is off
    Last link flapped 00:00:07
    Last clearing of "show interface" counters 05:42:32
    30 seconds input rate 0 bits/sec, 0 packets/sec
    30 seconds output rate 96 bits/sec, 0 packets/sec
    Load-Interval #2: 5 minute (300 seconds)
      input rate 0 bps, 0 pps; output rate 8 bps, 0 pps
    RX
      0 unicast packets  0 multicast packets  0 broadcast packets
      0 input packets  0 bytes
      0 jumbo packets  0 storm suppression packets
      0 runts  0 giants  0 CRC  0 no buffer
      0 input error  0 short frame  0 overrun   0 underrun  0 ignored
      0 watchdog  0 bad etype drop  0 bad proto drop  0 if down drop
      0 input with dribble  0 input discard
      0 Rx pause
    TX
      0 unicast packets  163 multicast packets  0 broadcast packets
      163 output packets  15883 bytes
      0 jumbo packets
      0 output errors  0 collision  0 deferred  0 late collision
      0 lost carrier  0 no carrier  0 babble
      0 Tx pause
    1 interface resets
  - As soon as I configure the link to be an access port, the link goes down, flagging "inactivity" E.g.
  sh int e1/16
  Ethernet1/16 is down (inactive)
    Hardware: 1000/10000 Ethernet, address: 000d.ece7.85d7 (bia 000d.ece7.85d7)
    Description: shipley-p1.its RK14/A13
    MTU 1500 bytes, BW 10000000 Kbit, DLY 10 usec,
       reliability 255/255, txload 1/255, rxload 1/255
    Encapsulation ARPA
    Port mode is access
    auto-duplex, 10 Gb/s, media type is 1/10g
    Beacon is turned off
    Input flow-control is off, output flow-control is off
    Rate mode is dedicated
    Switchport monitor is off
    Last link flapped 05:38:03
    Last clearing of "show interface" counters 05:41:33
    30 seconds input rate 0 bits/sec, 0 packets/sec
    30 seconds output rate 0 bits/sec, 0 packets/sec
    Load-Interval #2: 5 minute (300 seconds)
      input rate 0 bps, 0 pps; output rate 0 bps, 0 pps
    RX
      0 unicast packets  0 multicast packets  0 broadcast packets
      0 input packets  0 bytes
      0 jumbo packets  0 storm suppression packets
      0 runts  0 giants  0 CRC  0 no buffer
      0 input error  0 short frame  0 overrun   0 underrun  0 ignored
      0 watchdog  0 bad etype drop  0 bad proto drop  0 if down drop
      0 input with dribble  0 input discard
      0 Rx pause
    TX
      0 unicast packets  146 multicast packets  0 broadcast packets
      146 output packets  13083 bytes
      0 jumbo packets
      0 output errors  0 collision  0 deferred  0 late collision
      0 lost carrier  0 no carrier  0 babble
      0 Tx pause
    0 interface resets
  - This behavior is seen on both 5Ks
  - I've tried using a different set of ports, changed SFPs, and fibre cabling to no avail
  - I can't seem to understand this behavior?!  In that, why would configuring the port cause the link to go down?
  - If anyone has experience this before, or could shed some light on this behavior, it would be appreciated.
  sh ver
  Cisco Nexus Operating System (NX-OS) Software
  TAC support: http://www.cisco.com/tac
  Copyright (c) 2002-2010, Cisco Systems, Inc. All rights reserved.
  The copyrights to certain works contained herein are owned by
  other third parties and are used and distributed under license.
  Some parts of this software are covered under the GNU Public
  License. A copy of the license is available at
  http://www.gnu.org/licenses/gpl.html.
  Software
    BIOS:      version 1.2.0
    loader:    version N/A
    kickstart: version 4.2(1)N1(1)
    system:    version 4.2(1)N1(1)
    power-seq: version v1.2
    BIOS compile time:       06/19/08
    kickstart image file is: bootflash:/n5000-uk9-kickstart.4.2.1.N1.1.bin
    kickstart compile time:  4/29/2010 19:00:00 [04/30/2010 02:38:04]
    system image file is:    bootflash:/n5000-uk9.4.2.1.N1.1.bin
    system compile time:     4/29/2010 19:00:00 [04/30/2010 03:51:47]
  thanks
  Sheldon

  I had identical issue
  Two interfaces on two different FEXes were INACTIVE. I have two Nexus 5596 in vPC and A/A FEXes.
  I also use config-sync feature.
  Very same configuration was applied to other ports on other FEXes and they were working with no problems.
  interface Ethernet119/1/1
    inherit port-profile PP-Exchange2003
  I checked VLAN status associated with this profile and it was active (of course it was, other ports were ok).
  I solved it by removing port profile from this port and re-applied it... voila, port changed state to up!
  Very very strange.

• Tacacs do not function in Nexus 5000

  Dear Mister
  By someone reason, the Tacas is not functioning in my Nexus 5000. I am using the next configuration :
  tacacs-server key 7 "0310551D121F2D595D"
  ip tacacs source-interface Vlan5
  tacacs-server host 10.20.2.80
  tacacs-server host 10.20.16.138
  aaa group server tacacs+ TACSERVER
      server 10.20.2.80
      server 10.20.16.138
      source-interface Vlan5
      use-vrf default
  aaa authentication login default group TACSERVER
  no aaa user default-role
  aaa authentication login error-enable
  tacacs-server directed-request
  I did a telnet to port 49, in address , and is functioning. That discard a Security problem (FW, ACL, etc).
  When I do the test, nothing is showed in the Tacacs Logs Server.
  The log messages are the next:
  2012 Aug 22 15:54:45 NITE1 %TACACS-3-TACACS_ERROR_MESSAGE: received bad authentication packet from 10.20.2.80
  2012 Aug 22 15:54:45 NITE1 %TACACS-3-TACACS_ERROR_MESSAGE: All servers failed to respond
  2012 Aug 22 15:54:48 NITE1 %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for user GPALAVE from 10.20.2.80 - login[3087]
  The problem is very strange.
  I need help.
  Best regards

  You config looks fine. Can you ping from VLAN5 to TACACS+? Also, did you add VLAN5's IP address to your TACACS+.
  Regards,
  jerry

• PFC configuration on Nexus 5000

  Hi,
  I have a CNA in my server connected to cisco nexus 5000 interfcae. I Want to genearate pause frames for FCOE class of traffic using the default class class-fcoe and cos value 3, the firmware version running is 5.0(3) N1 (1b). Can anyone tell me how can i configure it ?
  Thanks,
  Manju

  Sorry for the delayed response, Here is what you asked
  Cisco-5020# sh mod
  Mod Ports  Module-Type                      Model                  Status
  1    40     40x10GE/Supervisor               N5K-C5020P-BF-SUP      active *
  2    8      4x10GE + 4x1/2/4G FC Module      N5K-M1404              ok
  Mod  Sw              Hw      World-Wide-Name(s) (WWN)
  1    5.0(3)N1(1b)    1.2     --
  2    5.0(3)N1(1b)    1.0     20:41:00:0d:ec:b2:15:40 to 20:44:00:0d:ec:b2:15:40
  Mod  MAC-Address(es)                         Serial-Num
  1    000d.ecb2.1548 to 000d.ecb2.156f         JAF1303ACES
  2    000d.ecb2.1570 to 000d.ecb2.1577         JAF1245AJLF
  Cisco-5020#
  Cisco-5020#
  Cisco-5020# sh run
  !Command: show running-config
  !Time: Fri Oct 28 17:40:02 2005
  version 5.0(3)N1(1b)
  feature fcoe
  feature npiv
  feature telnet
  feature lldp
  username admin password 5 $1$v9Tm8Y77$ZSdbOfBxe1.Z9Oz1V9V2B0  role network-admin
  no password strength-check
  ip domain-lookup
  hostname Cisco-5020
  logging event link-status default
  service unsupported-transceiver
  class-map type qos class-fcoe
  class-map type queuing class-all-flood
    match qos-group 2
  class-map type queuing class-ip-multicast
    match qos-group 2
  class-map type network-qos class-all-flood
    match qos-group 2
  class-map type network-qos class-ip-multicast
    match qos-group 2
  policy-map type network-qos jumbo
    class type network-qos class-fcoe
      pause no-drop
      mtu 2158
    class type network-qos class-default
      mtu 9216
  system qos
    service-policy type network-qos jumbo
  snmp-server user admin network-admin auth md5 0x2694501fdfbe5abed9e85d51e4e31038 priv 0x2694501fdfbe5abed9e85d51e4e31038 localizedkey
  snmp-server host 138.239.198.184 traps version 2c public  udp-port 1163
  snmp-server host 138.239.198.184 traps version 2c public  udp-port 1164
  snmp-server host 138.239.198.200 traps version 2c public  udp-port 1163
  snmp-server host 138.239.198.200 traps version 2c public  udp-port 1164
  snmp-server host 138.239.200.118 traps version 2c public  udp-port 1163
  snmp-server host 138.239.198.200 traps version 2c public  udp-port 1163
  snmp-server enable traps entity fru
  snmp-server community snmpv3 group network-operator
  vrf context management
    ip route 0.0.0.0/0 10.192.207.254
  vlan 1-2,8
  vlan 10
    fcoe vsan 10
  vlan 20
    fcoe vsan 20
  vlan 30
  vlan 35
    fcoe vsan 35
  vlan 40,50
  vlan 52
    fcoe vsan 52
  vsan database
    vsan 20
    vsan 52
  fcdomain fcid database
    vsan 52 wwn 10:00:00:00:c9:b1:e5:3d fcid 0x180000 dynamic
    vsan 52 wwn 10:00:00:00:c9:b1:e5:3b fcid 0x180001 dynamic
    vsan 52 wwn 10:00:00:00:c9:5b:4d:e3 fcid 0x180002 dynamic
    vsan 52 wwn 10:00:00:00:c9:5b:ab:ad fcid 0x180003 dynamic
    vsan 52 wwn 10:00:00:00:c9:ad:ac:41 fcid 0x180004 dynamic
    vsan 52 wwn 10:00:00:00:c9:ad:ac:b9 fcid 0x180005 dynamic
    vsan 52 wwn 10:00:00:00:c9:ad:ac:b5 fcid 0x180006 dynamic
    vsan 52 wwn 10:00:00:00:c9:f2:73:d1 fcid 0x180007 dynamic
    vsan 52 wwn 10:00:00:00:c9:5b:4d:e1 fcid 0x180008 dynamic
    vsan 52 wwn 10:00:00:00:c9:5b:ab:a9 fcid 0x180009 dynamic
    vsan 52 wwn 10:00:00:00:c9:f2:73:d5 fcid 0x18000a dynamic
    vsan 52 wwn 10:00:00:00:c9:b1:e5:5d fcid 0x18000b dynamic
    vsan 52 wwn 10:00:00:00:c9:5b:ab:9b fcid 0x18000c dynamic
    vsan 52 wwn 10:00:00:00:c9:5b:ab:99 fcid 0x18000d dynamic
    vsan 52 wwn 10:00:00:00:c9:b1:e5:5b fcid 0x18000e dynamic
    vsan 1 wwn 10:00:00:00:c9:f2:73:b3 fcid 0x050000 dynamic
    vsan 52 wwn 10:00:00:00:c9:ad:ac:47 fcid 0x18000f dynamic
    vsan 52 wwn 10:00:00:00:c9:5b:a7:93 fcid 0x180010 dynamic
    vsan 52 wwn 10:00:00:00:c9:91:f8:19 fcid 0x180011 dynamic
    vsan 52 wwn 10:00:00:00:c9:9c:e0:77 fcid 0x180012 dynamic
    vsan 52 wwn 10:00:00:00:c9:5b:a7:d3 fcid 0x180013 dynamic
    vsan 52 wwn 10:00:00:00:c9:5b:a3:bb fcid 0x180014 dynamic
    vsan 52 wwn 10:00:00:00:c9:97:3b:c5 fcid 0x180015 dynamic
    vsan 52 wwn 10:00:00:00:c9:f2:73:91 fcid 0x180016 dynamic
    vsan 52 wwn 10:00:00:00:c9:a4:00:91 fcid 0x180017 dynamic
    vsan 52 wwn 10:00:00:00:c9:f2:73:8d fcid 0x180018 dynamic
    vsan 52 wwn 20:0f:00:11:0d:7f:a8:00 fcid 0x180019 dynamic
    vsan 52 wwn 20:0f:00:11:0d:7f:a8:01 fcid 0x18001a dynamic
    vsan 52 wwn 10:00:00:00:c9:5b:a3:b7 fcid 0x18001b dynamic
    vsan 52 wwn 10:00:00:00:c9:5b:a5:27 fcid 0x18001c dynamic
    vsan 52 wwn 10:00:00:00:c9:5b:a3:53 fcid 0x18001d dynamic
    vsan 52 wwn 10:00:00:00:c9:bb:c8:37 fcid 0x18001e dynamic
    vsan 52 wwn 10:00:00:00:c9:5b:76:e5 fcid 0x18001f dynamic
    vsan 20 wwn 10:00:00:00:c9:5b:a3:83 fcid 0xd30000 dynamic
    vsan 52 wwn 10:00:00:00:c9:91:00:00 fcid 0x180020 dynamic
    vsan 52 wwn 10:00:00:00:00:91:f7:f1 fcid 0x180021 dynamic
    vsan 1 wwn 10:00:00:00:c9:5b:4d:e3 fcid 0x050001 dynamic
    vsan 52 wwn 10:00:00:00:c9:97:3b:0f fcid 0x180022 dynamic
    vsan 52 wwn 10:00:00:00:c9:3c:8e:21 fcid 0x180023 dynamic
    vsan 52 wwn 10:00:00:00:c9:97:3b:11 fcid 0x180024 dynamic
    vsan 20 wwn 10:00:00:00:c9:b1:e6:b7 fcid 0xd30001 dynamic
    vsan 52 wwn 10:00:f8:19:00:91:f8:19 fcid 0x180025 dynamic
    vsan 52 wwn 10:00:00:00:c9:5b:a3:8b fcid 0x180026 dynamic
    vsan 52 wwn 10:00:00:00:c9:b1:e4:ff fcid 0x180027 dynamic
    vsan 52 wwn 10:00:00:00:c9:3c:8e:25 fcid 0x180028 dynamic
    vsan 52 wwn 50:06:01:61:44:60:23:4f fcid 0x1800ef dynamic
    vsan 52 wwn 10:00:00:00:c9:5b:d6:b9 fcid 0x180029 dynamic
    vsan 52 wwn 10:00:00:00:c9:ad:ac:43 fcid 0x18002a dynamic
    vsan 52 wwn 20:01:00:00:c9:5b:ab:99 fcid 0x18002b dynamic
    vsan 52 wwn 20:02:00:00:c9:5b:ab:99 fcid 0x18002c dynamic
    vsan 52 wwn 50:06:01:60:44:60:23:4f fcid 0x1801ef dynamic
    vsan 52 wwn 10:00:00:00:c9:9d:1f:bf fcid 0x18002d dynamic
    vsan 52 wwn 10:00:00:00:c9:9d:1f:c1 fcid 0x18002e dynamic
    vsan 52 wwn 10:00:00:00:c9:f2:73:d3 fcid 0x18002f dynamic
    vsan 20 wwn 10:00:00:00:c9:bb:c8:37 fcid 0xd30002 dynamic
    vsan 52 wwn 10:00:00:00:c9:12:34:56 fcid 0x180030 dynamic
    vsan 52 wwn 10:00:00:00:c9:12:34:57 fcid 0x180031 dynamic
    vsan 52 wwn 10:00:00:00:c9:b1:ea:81 fcid 0x180032 dynamic
    vsan 52 wwn 10:00:00:00:c9:b1:ea:7f fcid 0x180033 dynamic
    vsan 20 wwn 10:00:00:00:c9:12:34:56 fcid 0xd30003 dynamic
    vsan 52 wwn 10:00:00:00:c9:b1:e5:1b fcid 0x180034 dynamic
    vsan 52 wwn 10:00:00:00:c9:b1:e5:1d fcid 0x180035 dynamic
    vsan 52 wwn 10:00:00:00:c9:bb:c7:8f fcid 0x180036 dynamic
    vsan 52 wwn 10:00:00:00:c9:bb:cb:8f fcid 0x180037 dynamic
    vsan 52 wwn 10:00:00:00:c9:bb:cb:93 fcid 0x180038 dynamic
    vsan 52 wwn 10:00:00:00:c9:bb:c7:93 fcid 0x180039 dynamic
    vsan 20 wwn 10:00:00:00:c9:12:34:57 fcid 0xd30004 dynamic
    vsan 52 wwn 10:00:00:00:c9:5b:ab:c4 fcid 0x18003a dynamic
    vsan 52 wwn 10:00:00:00:c9:bb:17:b7 fcid 0x18003b dynamic
    vsan 52 wwn 10:00:00:00:c9:a0:ce:2d fcid 0x18003c dynamic
    vsan 52 wwn 10:00:00:00:c9:91:f7:f1 fcid 0x18003d dynamic
    vsan 52 wwn 10:00:00:00:c9:5b:ab:c0 fcid 0x18003e dynamic
    vsan 52 wwn 10:00:00:00:c9:b1:e5:5f fcid 0x18003f dynamic
    vsan 52 wwn 10:00:00:00:c9:e3:06:89 fcid 0x180040 dynamic
    vsan 52 wwn 50:06:01:68:44:60:23:4f fcid 0x1802ef dynamic
    vsan 1 wwn 50:06:01:61:44:60:23:4f fcid 0x0500ef dynamic
    vsan 52 wwn 10:00:00:00:c9:d1:16:24 fcid 0x180041 dynamic
    vsan 52 wwn 10:00:00:00:c9:d1:16:25 fcid 0x180042 dynamic
    vsan 52 wwn 10:00:00:00:c9:d1:0a:6d fcid 0x180043 dynamic
    vsan 20 wwn 10:00:00:00:c9:d1:16:25 fcid 0xd30005 dynamic
    vsan 20 wwn 10:00:00:00:c9:d1:16:24 fcid 0xd30006 dynamic
    vsan 20 wwn ff:f2:00:00:c9:12:34:78 fcid 0xd30007 dynamic
    vsan 20 wwn ff:f2:00:00:c9:d1:16:46 fcid 0xd30008 dynamic
    vsan 52 wwn ff:f2:00:00:c9:d1:0a:8c fcid 0x180044 dynamic
    vsan 20 wwn ff:f3:00:00:c9:d1:16:46 fcid 0xd30009 dynamic
    vsan 52 wwn ff:f0:00:00:c9:d1:0a:8c fcid 0x180045 dynamic
    vsan 52 wwn 10:00:00:00:c9:d1:0a:6c fcid 0x180046 dynamic
    vsan 20 wwn ff:f2:00:00:c9:d1:0a:8c fcid 0xd3000a dynamic
    vsan 20 wwn 10:00:00:00:c9:d1:0a:6d fcid 0xd3000b dynamic
    vsan 52 wwn ff:f2:00:00:c9:d1:16:46 fcid 0x180047 dynamic
    vsan 20 wwn ff:f3:00:00:c9:12:34:78 fcid 0xd3000c dynamic
    vsan 52 wwn ff:f3:00:00:c9:12:34:78 fcid 0x180048 dynamic
    vsan 52 wwn 50:06:01:69:44:60:23:4f fcid 0x1803ef dynamic
    vsan 52 wwn ff:f3:00:00:c9:d1:16:46 fcid 0x180049 dynamic
    vsan 52 wwn 10:00:00:00:c9:12:34:5b fcid 0x18004a dynamic
    vsan 52 wwn 10:00:00:00:c9:12:34:5a fcid 0x18004b dynamic
    vsan 52 wwn ff:f2:00:00:c9:12:34:78 fcid 0x18004c dynamic
    vsan 52 wwn 10:00:00:00:c9:a5:ac:f3 fcid 0x18004d dynamic
    vsan 52 wwn 10:00:00:00:c9:a5:ad:15 fcid 0x18004e dynamic
    vsan 52 wwn 10:00:00:00:c9:a5:ac:f5 fcid 0x18004f dynamic
    vsan 52 wwn 20:01:00:00:c9:a5:ac:f3 fcid 0x180050 dynamic
    vsan 52 wwn 20:02:00:00:c9:a5:ac:f3 fcid 0x180051 dynamic
    vsan 52 wwn ff:f3:00:00:c9:12:34:85 fcid 0x180052 dynamic
    vsan 52 wwn 20:00:00:11:0d:77:9c:00 fcid 0x180053 dynamic
    vsan 52 wwn 20:01:00:11:0d:77:9d:00 fcid 0x180054 dynamic
  interface port-channel3
  interface vfc1
    no shutdown
  interface vfc4
  interface vfc9
    bind interface Ethernet1/9
    no shutdown
  interface vfc10
  interface vfc11
    bind interface Ethernet1/11
    no shutdown
  interface vfc19
    bind interface Ethernet1/19
    no shutdown
  interface vfc21
    bind interface Ethernet1/21
    no shutdown
  interface vfc22
    bind interface Ethernet1/22
    switchport trunk allowed vsan 52
    no shutdown
  interface vfc24
    bind interface Ethernet1/24
    switchport trunk allowed vsan 52
    no shutdown
  interface vfc25
    bind interface Ethernet1/25
    switchport trunk allowed vsan 52
    no shutdown
  interface vfc26
    bind interface Ethernet1/26
    switchport trunk allowed vsan 52
    no shutdown
  interface vfc27
    bind interface Ethernet1/27
    no shutdown
  interface vfc28
    bind interface Ethernet1/28
    no shutdown
  interface vfc29
    bind interface Ethernet1/29
    no shutdown
  interface vfc30
    bind interface Ethernet1/30
    switchport trunk allowed vsan 52
    no shutdown
  interface vfc31
    bind interface Ethernet1/31
    shutdown
  interface vfc32
    bind interface Ethernet1/32
    no shutdown
  interface vfc33
    bind interface Ethernet1/33
    no shutdown
  interface vfc34
    bind interface Ethernet1/34
    no shutdown
  interface vfc35
    bind interface Ethernet1/35
    no shutdown
  interface vfc36
    bind interface Ethernet1/36
    no shutdown
  interface vfc37
    bind interface Ethernet1/37
    no shutdown
  interface vfc38
    bind interface Ethernet1/38
    no shutdown
  interface vfc39
    bind interface Ethernet1/39
    no shutdown
  interface vfc40
    bind interface Ethernet1/40
    no shutdown
  vsan database
    vsan 52 interface vfc1
    vsan 52 interface vfc9
    vsan 52 interface vfc11
    vsan 52 interface vfc19
    vsan 52 interface vfc21
    vsan 52 interface vfc22
    vsan 52 interface vfc24
    vsan 52 interface vfc26
    vsan 52 interface vfc27
    vsan 52 interface vfc28
    vsan 52 interface vfc29
    vsan 52 interface vfc30
    vsan 52 interface vfc31
    vsan 52 interface vfc32
    vsan 52 interface vfc33
    vsan 52 interface vfc34
    vsan 20 interface vfc35
    vsan 52 interface vfc36
    vsan 52 interface vfc37
    vsan 52 interface vfc38
    vsan 52 interface vfc39
    vsan 52 interface vfc40
    vsan 52 interface fc2/1
    vsan 52 interface fc2/2
    vsan 52 interface fc2/3
    vsan 52 interface fc2/4
  interface fc2/1
    switchport trunk allowed vsan 1
    switchport trunk allowed vsan add 52
    switchport trunk mode auto
    no shutdown
  interface fc2/2
    switchport trunk mode auto
    no shutdown
  interface fc2/3
    no shutdown
  interface fc2/4
    no shutdown
  interface Ethernet1/1
  interface Ethernet1/2
    speed 1000
  interface Ethernet1/3
  interface Ethernet1/4
  interface Ethernet1/5
  interface Ethernet1/6
  interface Ethernet1/7
    switchport mode trunk
  interface Ethernet1/8
  interface Ethernet1/9
    switchport mode trunk
    switchport trunk allowed vlan 1,10,20,52
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/10
  interface Ethernet1/11
    priority-flow-control mode on
    switchport mode trunk
    switchport trunk allowed vlan 1,52
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/12
    switchport mode trunk
  interface Ethernet1/13
    switchport mode trunk
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/14
    switchport mode trunk
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/15
    switchport mode trunk
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/16
    switchport mode trunk
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/17
  interface Ethernet1/18
    switchport mode trunk
    switchport trunk allowed vlan 1,30
  interface Ethernet1/19
    switchport mode trunk
    switchport access vlan 10
    switchport trunk allowed vlan 1,52
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/20
    switchport mode trunk
    switchport access vlan 52
    switchport trunk allowed vlan 1,52
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/21
    switchport mode trunk
    switchport trunk allowed vlan 1,52
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/22
  interface Ethernet1/23
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/24
    switchport mode trunk
    switchport access vlan 52
    switchport trunk allowed vlan 1,52
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/25
    switchport mode trunk
    switchport trunk allowed vlan 1,8,30,52
  interface Ethernet1/26
    switchport mode trunk
    switchport access vlan 52
    switchport trunk allowed vlan 1,8,30,52
  interface Ethernet1/27
    switchport mode trunk
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/28
    switchport mode trunk
    switchport trunk allowed vlan 1,8,30,52
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/29
    switchport mode trunk
    switchport trunk allowed vlan 1,52
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/30
    description line
    switchport mode trunk
    switchport access vlan 52
    switchport trunk allowed vlan 1,8,30,52
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/31
    switchport mode trunk
    switchport trunk allowed vlan 1,10,20,52
  interface Ethernet1/32
    switchport mode trunk
    switchport trunk allowed vlan 1,10,52
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/33
    switchport mode trunk
    switchport trunk allowed vlan 1,52
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/34
    switchport mode trunk
    switchport trunk allowed vlan 1,52
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/35
    switchport mode trunk
    switchport access vlan 10
    switchport trunk allowed vlan 1,10,52
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/36
    switchport mode trunk
    switchport trunk allowed vlan 1,30,52
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/37
    switchport mode trunk
    switchport trunk allowed vlan 1,30,52
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/38
    switchport mode trunk
    switchport trunk allowed vlan 1,10,52
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/39
    shutdown
    switchport mode trunk
    switchport trunk allowed vlan 1,10,20,52
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet1/40
    switchport mode trunk
    switchport trunk allowed vlan 1,52
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet2/1
    switchport mode trunk
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet2/2
    switchport mode trunk
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet2/3
    switchport mode trunk
    flowcontrol receive on
    flowcontrol send on
  interface Ethernet2/4
    switchport mode trunk
    flowcontrol receive on
    flowcontrol send on
  interface mgmt0
    ip address 10.192.194.111/20
  system default zone default-zone permit
  system default zone distribute full
  line console
  line vty
  boot kickstart bootflash:/n5000-uk9-kickstart.5.0.3.N1.1b.bin
  boot system bootflash:/n5000-uk9.5.0.3.N1.1b.bin
  interface fc2/1
  interface fc2/2
  interface fc2/3
  interface fc2/4
  zone default-zone permit vsan 20
  zone default-zone permit vsan 52
  zoneset distribute full vsan 1
  zoneset distribute full vsan 20
  zoneset distribute full vsan 52
  !Full Zone Database Section for vsan 1
  zone name bg-qa vsan 1
      member pwwn 10:00:00:00:c9:5b:ab:ca
      member pwwn 21:00:00:0c:50:c3:70:23
      member pwwn 21:00:00:0c:50:c3:70:22
      member pwwn 21:00:00:0c:50:c3:70:16
      member pwwn 21:00:00:0c:50:c3:70:1e
      member pwwn 22:00:00:0c:50:c3:70:26
      member pwwn 22:00:00:18:62:06:76:8a
      member pwwn 22:00:00:11:c6:17:68:c3
      member pwwn 22:00:00:0c:50:c3:70:1d
      member pwwn 22:00:00:0c:50:c3:6f:c2
      member pwwn 22:00:00:11:c6:17:68:dc
      member pwwn 21:00:00:0c:50:c3:6a:d0
      member pwwn 21:00:00:0c:50:79:92:90
      member pwwn 21:00:00:11:c6:17:69:a0
      member pwwn 21:00:00:0c:50:79:93:af
      member pwwn 22:00:00:0c:50:48:10:80
      member pwwn 22:00:00:11:c6:18:46:c6
      member pwwn 22:00:00:0c:50:32:2e:0f
      member pwwn 22:00:00:0c:50:48:10:74
      member pwwn 22:00:00:11:c6:18:46:f2
      member pwwn 21:00:00:00:87:13:cb:d1
      member pwwn 21:00:00:0c:50:79:91:0f
      member pwwn 10:00:00:00:c9:3c:8e:49
      member pwwn 10:00:00:00:c9:5b:ab:c2
      member pwwn 10:00:00:00:c9:5b:af:f3
  zone name sf_RAM vsan 1
      member pwwn 10:00:00:00:c9:5b:af:c9
      member pwwn 21:00:00:0c:50:b4:8e:20
  zone name anand vsan 1
      member pwwn 10:00:00:00:c9:65:69:31
      member pwwn 22:00:00:18:62:06:7f:f6
  zone name syedzone vsan 1
      member fwwn 20:11:00:0d:ec:56:7b:40
      member pwwn 50:06:01:60:44:60:23:4f
  zone name bg_qa vsan 1
  zoneset name TOM vsan 1
      member bg-qa
  zoneset name bg_dvt vsan 1
      member sf_RAM
  zoneset name lancer vsan 1
      member anand
  zoneset name bg-qa vsan 1
  zoneset name syed vsan 1
      member syedzone
  zoneset activate name lancer vsan 1
  !Full Zone Database Section for vsan 20
  zone name amrita_zone1 vsan 20
      member pwwn 10:00:00:00:c9:5b:a3:83
      member pwwn 22:00:00:04:cf:89:19:67
      member pwwn 22:00:00:0c:50:48:10:80
      member pwwn 22:00:00:11:c6:18:46:f2
      member pwwn 22:00:00:0c:50:79:93:ae
  zone name amr_zset vsan 20
  zoneset name amr_zset vsan 20
      member amrita_zone1
  zoneset activate name amr_zset vsan 20
  !Full Zone Database Section for vsan 52
  zone name vinod vsan 52
      member pwwn 50:06:01:69:44:60:23:4f
      member pwwn ff:f3:00:00:c9:12:34:78
      member pwwn 10:00:00:00:c9:12:34:5b
      member pwwn 10:00:00:00:c9:12:34:57
  zone name neha vsan 52
  zone name siv1 vsan 52
      member pwwn 10:00:00:00:c9:ad:ac:43
      member pwwn 50:06:01:61:44:60:23:4f
      member pwwn 10:00:00:00:c9:ad:ac:47
  zone name neha1 vsan 52
      member pwwn 10:00:00:00:c9:5b:ab:ad
      member pwwn 50:06:01:60:44:60:23:4f
  zone name neha2 vsan 52
      member pwwn 50:06:01:60:44:60:23:4f
      member pwwn 10:00:00:00:c9:5b:ab:a9
  zone name neha3 vsan 52
      member pwwn 10:00:00:00:c9:9d:1f:bf
      member pwwn 50:06:01:60:44:60:23:4f
  zone name neha4 vsan 52
      member pwwn 50:06:01:60:44:60:23:4f
      member pwwn 10:00:00:00:c9:9d:1f:c1
  zone name chetan vsan 52
      member pwwn 10:00:00:00:c9:f2:73:d3
      member pwwn 50:06:01:60:44:60:23:4f
      member pwwn 10:00:00:00:c9:ad:ac:47
  zone name siv2 vsan 52
      member pwwn 10:00:00:00:c9:d1:0a:6d
      member pwwn ff:f2:00:00:c9:d1:0a:8c
      member pwwn 22:00:00:0c:50:79:93:af
      member pwwn 22:00:00:0c:50:79:92:90
      member pwwn 22:00:00:0c:50:79:91:0f
      member pwwn 20:01:00:11:0d:77:9d:00
  zone name sroy vsan 52
      member pwwn 10:00:00:00:c9:b1:ea:7f
      member pwwn 50:06:01:60:44:60:23:4f
      member pwwn 10:00:00:00:c9:5b:ab:99
      member pwwn 10:00:00:00:c9:bb:cb:8f
      member pwwn 10:00:00:00:c9:5b:ab:c4
      member pwwn 10:00:00:00:c9:d1:16:25
      member pwwn 50:06:01:61:44:60:23:4f
      member pwwn 10:00:00:00:c9:a5:ac:f3
  zone name manju vsan 52
      member pwwn 10:00:00:00:c9:bb:c7:8f
      member pwwn 50:06:01:61:44:60:23:4f
  zone name ram vsan 52
      member pwwn 50:06:01:60:44:60:23:4f
      member pwwn 10:00:00:00:c9:a0:ce:2d
      member pwwn 10:00:00:00:c9:bb:17:b7
      member pwwn 10:00:00:00:c9:5b:a5:27
      member pwwn 10:00:00:00:c9:91:f7:f1
      member pwwn 10:00:00:00:c9:b1:e5:5f
  zone name jana vsan 52
      member pwwn 10:00:00:00:c9:91:f7:f1
      member pwwn 50:06:01:60:44:60:23:4f
  zone name priya vsan 52
      member pwwn 10:00:00:00:c9:e3:06:89
      member pwwn 50:06:01:60:44:60:23:4f
  zoneset name IBMraptor vsan 52
      member vinod
      member siv1
      member neha1
      member neha2
      member neha3
      member neha4
      member chetan
      member siv2
      member sroy
      member manju
      member ram
      member priya
  zoneset name ananda vsan 52
  zoneset name vinod vsan 52
  zoneset activate name IBMraptor vsan 52
  no system default switchport shutdown san
  Cisco-5020# sh system internal dcbx info interface ethernet 1/38
  Interface info for if_index: 0x1a025000(Eth1/38)
  tx_enabled: TRUE
  rx_enabled: TRUE
  dcbx_enabled: TRUE
  DCX Protocol: CIN
  Port MAC address:  00:0d:ec:b2:15:6d
  DCX Control FSM Variables: seq_no: 0x1, ack_no: 0x0,my_ack_no: 0x0, peer_seq_no:
  0x0 oper_version: 0x0,  max_version: 0x0 fast_retries 0x0
  Lock Status: UNLOCKED
  PORT STATE: UP
  LLDP Neighbors
  No DCX tlvs from the remote peer
  6 Features on this intf for Protocol CIN(0)
  3 Features on this intf for Protocol CEE(1)
  6 Features on this intf for Protocol CIN(0)
  Feature type LLS (6)sub_type FCoE Logical Link Status (0)
  feature type 6(LLS)sub_type 0
  Feature State Variables: oper_version 0 error 0 local error 0 oper_mode 0
       feature_seq_no 0 remote_feature_tlv_present 0 remote_tlv_aged_out 0
       remote_tlv_not_present_notification_sent 0
  Feature Register Params: max_version 0, enable 1, willing 0 advertise 1
       disruptive_error 0 mts_addr_node 0x101 mts_addr_sap 0x1d9
  Desired config cfg length: 1 data bytes:00
  Operating config cfg length: 0 data bytes:
  Peer config cfg length: 0 data bytes:
  Feature type PFC (3)
  feature type 3(PFC)sub_type 0
  Feature State Variables: oper_version 0 error 0 local error 0 oper_mode 0
       feature_seq_no 0 remote_feature_tlv_present 0 remote_tlv_aged_out 1
       remote_tlv_not_present_notification_sent 0
  Feature Register Params: max_version 0, enable 1, willing 0 advertise 1
       disruptive_error 0 mts_addr_node 0x101 mts_addr_sap 0x179
  Desired config cfg length: 1 data bytes:08
  Operating config cfg length: 0 data bytes:
  Peer config cfg length: 0 data bytes:
  Feature type App(Fcoe) (5)sub_type FCoE (0)
  feature type 5(App(Fcoe))sub_type 0
  Feature State Variables: oper_version 0 error 0 local error 0 oper_mode 0
       feature_seq_no 0 remote_feature_tlv_present 0 remote_tlv_aged_out 1
       remote_tlv_not_present_notification_sent 0
  Feature Register Params: max_version 0, enable 1, willing 0 advertise 1
       disruptive_error 0 mts_addr_node 0x101 mts_addr_sap 0x179
  Desired config cfg length: 1 data bytes:08
  Operating config cfg length: 0 data bytes:
  Peer config cfg length: 0 data bytes:
  Feature type PriMtu (8)
  feature type 8(PriMtu)sub_type 0
  Feature State Variables: oper_version 0 error 0 local error 0 oper_mode 0
       feature_seq_no 0 remote_feature_tlv_present 0 remote_tlv_aged_out 1
       remote_tlv_not_present_notification_sent 0
  Feature Register Params: max_version 0, enable 1, willing 0 advertise 1
       disruptive_error 0 mts_addr_node 0x101 mts_addr_sap 0x179
  Desired config cfg length: 16 data bytes:24    00    24    00    24    00    08    6e    24    00    24    00    24    00    24    00
  Operating config cfg length: 0 data bytes:
  Peer config cfg length: 0 data bytes:
  Feature type PriGrp (2)
  feature type 2(PriGrp)sub_type 0
  Feature State Variables: oper_version 0 error 0 local error 0 oper_mode 0
       feature_seq_no 0 remote_feature_tlv_present 0 remote_tlv_aged_out 1
       remote_tlv_not_present_notification_sent 0
  Feature Register Params: max_version 0, enable 1, willing 0 advertise 1
       disruptive_error 0 mts_addr_node 0x101 mts_addr_sap 0x179
  Desired config cfg length: 24 data bytes:32    32    00    00    00    00    00    00    00    0f    00    0f    00    0e    20    64    00    0e    00    0e
     00    0e    00    0e
  Operating config cfg length: 0 data bytes:
  Peer config cfg length: 0 data bytes:
  Feature type LLS (6)sub_type LAN Logical Link Status (1)
  feature type 6(LLS)sub_type 1
  Feature State Variables: oper_version 0 error 0 local error 0 oper_mode 0
       feature_seq_no 0 remote_feature_tlv_present 0 remote_tlv_aged_out 1
       remote_tlv_not_present_notification_sent 0
  Feature Register Params: max_version 0, enable 1, willing 0 advertise 1
       disruptive_error 0 mts_addr_node 0x101 mts_addr_sap 0xaf
  Desired config cfg length: 1 data bytes:80
  Operating config cfg length: 0 data bytes:
  Peer config cfg length: 0 data bytes:
  Traffic Counters
  DCBX pkt stats:
      Total frames out: 20296
      Total Entries aged: 27
      Total frames in: 0
      DCBX frames in: 0
      Total frames received in error: 0
      Total frames discarded: 0
      Total TLVs unrecognized: 0
  Cisco-5020#
  Cisco-5020#
  Cisco-5020#
  I am new to this PFC, and first time trying to configure so you can see nothing being configured.

• Nexus 5000 command/log accounting

  Good afternoon gentlemen
  I need to configure the same as shown below in Nexus 5000 switches. The requirement is logging all user access login (whether failed or succeeded) and also logging all commands that users issue.
  #IOS commands
  no logging console
  logging buffered 307200 informational
  service timestamps log datetime localtime show-timezone
  logging trap debugging
  login on-failure log
  login on-success log
  archive
     log config
        logging enable
        logging size 500
        hidekeys
        notify syslog contenttype plaintext
  By now, I only found the command "show accounting log". But no way to export to a syslog server I think.
  If you guys have an idea please answear
  Regards
  Christian

  Good afternoon gentlemen
  I need to configure the same as shown below in Nexus 5000 switches. The requirement is logging all user access login (whether failed or succeeded) and also logging all commands that users issue.
  #IOS commands
  no logging console
  logging buffered 307200 informational
  service timestamps log datetime localtime show-timezone
  logging trap debugging
  login on-failure log
  login on-success log
  archive
     log config
        logging enable
        logging size 500
        hidekeys
        notify syslog contenttype plaintext
  By now, I only found the command "show accounting log". But no way to export to a syslog server I think.
  If you guys have an idea please answear
  Regards
  Christian

• How to implement Oracle user/role security with Access front end?

  Hi,
  We have successfully migrated our Access database tables to Oracle 10g using SQL developer. We've recreated all the users and roles(i.e., access groups) in Oracle and granted rights to tables.
  In the Access front end database, in the Database window we have saved linked Oracle tables which replaced the Access tables. The forms, reports, queries run fine with the linked Oracle tables. All the linked table use one ODBC DSN to the Oracle database with the same Oracle user id.
  We need to be able to authenticate users into the Oracle database and RE-link the tables based on their own unique user id. By during so we can allow users to use the Oracle standard user id/role and system privileges to control select, update, ect. rights to the database.
  I've been able to use the VB code within Access to logon into the database with a unique id, but I have not been able to find out how to RE-link the tables to the unique user id using VB. There should be some way to relink tables dynamically, based on users login into the Access front end.
  I don't know a great deal about Access projects, but I do know with SQL server allows login into your Access project and link tables dynamically.
  Can someone give me some assistance or point me in the right direction?
  Thanks in advance,
  Larry

  We had one of our programmers here come up with a VB code solution for re-linking table within Access. However the relinking takes 3-4 minutes for 100+ tables.
  In an effort to help you understand the situation better, I will attempt to elaborate on the problem:
  We have an Access 2003 application which currently has a front end using Access(forms, reports, queries, & VB code) and a MS Access 2003 backend.
  We have migrated the backend tables to Oracle. However, we still have a need to maintain the front end in Access, since we have over 60 forms, 40 reports, 200+ queries in Access. Its easy to understand, we have a significant investment in the front end(Obviously, the plan is to migrate the front end also at some future date).
  In order to utilized the existing front end, we have to validate and modify the current front end connections to the new Oracle backend. One of the features of Access is that you can "link" tables and save the link for runtime. Each Access table can have its own link which is a separate ODBC/JET connection. As such, each separate link has its own userid/database information.
  The other issue with using the Access front-end is that Access utilizes a workgroup file to implement user and group security. The workgroup file contains all the users and which groups the users belong to in Access. Then within Access, you allow users access to object(tables, queries, ect) by their userid and or group. When users open an Access database with Access security enabled, they are required to log into Access. The login is authenticated by the workgroup file. Once, logged into Access, users have rights to Access objects based on their rights granted to their userid and groups they belong. The problem here is that when you remove the linked Access tables and replace them with linked Oracle tables, Access has knowledge about Oracle table rights granted to users; nor would you expect it to.
  The dilema is the disconnect between Access and the fact Oracle utilizes a similar but much more sophisticated security model. It creates users and roles(which are similar to Access groups), and again this is independent of Access security.
  Our solution was to still use the Access workgroup file security along with the Oracle security model. By using the Access userid and then creating a similar Oracle userid with similar table rights granted in Access, you could apply security within Access and also with the Oracle database.
  For example, a user BOB logs into Access via the workgroup file, using VB code, Access then establishes a Oracle connection logining into Oracle using the same unique userid BOB into Oracle.
  After connecting and validating user BOB into Oracle, then the Access tables are relinked to Oracle using the user BOB userid and table rights.
  This Oracle userid has been granted table rights specific for this userid.This allows the user BOB to use the Access application and still be authenticated into the Oracle database.
  The problem with this solution is that the relinking of the saved Access tables takes 3-7 minutes for about 100+ tables. This is not acceptable for users each time they log into the application.
  Our current alternative is to use one Oracle userid to login each user, and use Access form restrictions/security to allow/prevent users from updating/viewing data. Obviously, this is not the optimal solution in respect to security, but it at least allows us to control access to the data(via the forms) by using one logon required for each user, and quick startup time for the application.
  I understand SQL server does a better job in integration, but we use Oracle which is what I am trying to work with.
  Larry

• Flex encounters "Security error accessing url.Unable to load WSDL"

  i have created a flex application which connects to SAP via web service.
  when i try to run my flex application i encounter the following error.
  "Security error accessing url.Unable to load WSDL"
  i went through various posts relating a BSP application and crossdomain.xml
  i have created the crossdomain.xml file in the application and
  i tried those options and still not able to figure out the problem.
  the security error is because of the absence of the crossdomain.xml file, and in which path should i be saving the file?
  Kindly help me solve the problem.
  Thanks in advance.

  Have you seen this blog
  "Crossdomain.xml" in ABAP Web AS Server cache

• Security error accessing ur unable to load wsdl

  HI
  I am using a webservice(.net webservice) that is on my
  localhost and using it in flex application that is also on my
  system. Means both the webservice and flex application are on the
  same system.
  But when i gives the reference of the webservice using the
  system ip and run the application by the flex builder it generates
  the error as:
  mx.messaging.messages::ErrorMessage)#0
  body = (Object)#1
  clientId = "DirectHTTPChannel0"
  correlationId = "24CD6542-F141-1A05-BA35-00A108CB30A0"
  destination = ""
  extendedData = (null)
  faultCode = "Channel.Security.Error"
  faultDetail = "Destination: DefaultHTTP"
  faultString = "Security error accessing url"
  headers = (Object)#2
  messageId = "CC123DF0-0E6C-05FF-7894-00A109676283"
  rootCause = (flash.events::SecurityErrorEvent)#3
  bubbles = false
  cancelable = false
  currentTarget = (flash.net::URLLoader)#4
  bytesLoaded = 0
  bytesTotal = 0
  data = (null)
  dataFormat = "text"
  eventPhase = 2
  target = (flash.net::URLLoader)#4
  text = "Error #2170: Security sandbox violation:
  http://localhost:3000/MYCIMS/flex_bin/Design.swf
  cannot send HTTP headers to
  http://myip/MyServer/AdminWS.asmx."
  type = "securityError"
  timestamp = 0
  timeToLive = 0
  I have put crossdomain.xml file in the root of the localhost
  and made every changes possible in the crossdomain.xml file but the
  application is not running.
  Please somebody provide an effective solution, I have spend
  lots of time to resolve the problem but its not being....
  Thanks in advance
  Gopi Saini

  Have you seen this blog
  "Crossdomain.xml" in ABAP Web AS Server cache

• Security error accessing url (Unable to load WSDL)

  Hi folks.
  I have a Flex project that use a WCF webservice. In my localhost everything is allright, but I want to upload my flex project to a web host (http://www.dorj.ir) and upload my WCF webservice to a server that has a valid IP...
  After going to http://www.dorj.ir, you can see this error
  Security error accessing url
  Unable to load WSDL. If currently online, please verify the URI and/or format of the WSDL (http://ip/service.svc?wsdl)
  I put the crossdomain.xml file in the root of my server:
  <?xml version="1.0"?>
  <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
  <cross-domain-policy>
       <allow-access-from domain="http://www.dorj.ir" />
       <allow-http-request-headers-from domain="http://www.dorj.ir" headers="SOAPAction"/>
  </cross-domain-policy>
  But I have the same error, yet...!
  what should I do?!

  Have you seen this blog
  "Crossdomain.xml" in ABAP Web AS Server cache

• Applet Error:java.security.AccessControlException: access denied

  Hi,
  I just successful deploy an business component project to oralce 8.1.6 as an EJB Session bean, and
  the test of application module is successful. In the same workspace, I create an new project with
  an applet(which contains only an grid control)as a client of the business component. Everything works
  fine within the Applet viewer, however, when I trying to load the applet in IE5.5 I got the following
  error message in java console:
  Java(TM) Plug-in
  Using JRE version 1.2.1
  User home directory = D:\Documents and Settings\ERic
  Proxy Configuration: no proxy
  JAR cache enabled.
  Failed to query environment: 'access denied (java.util.PropertyPermission jbo.debugoutput read)'
  Diagnostics: Silencing all diagnostic output (use -Djbo.debugoutput=console to see it)
  Failed to query environment: 'access denied (java.util.PropertyPermission jbo.logging.show.timing read)'
  Failed to query environment: 'access denied (java.util.PropertyPermission jbo.logging.show.function read)'
  Failed to query environment: 'access denied (java.util.PropertyPermission jbo.logging.show.level read)'
  Failed to query environment: 'access denied (java.util.PropertyPermission jbo.logging.show.linecount read)'
  Failed to query environment: 'access denied (java.util.PropertyPermission jbo.logging.trace.threshold read)'
  Failed to query environment: 'access denied (java.util.PropertyPermission jbo.jdbc.driver.verbose read)'
  java.lang.ExceptionInInitializerError: java.security.AccessControlException: access denied (java.util.PropertyPermission org.omg.CORBA.ORBClass read)
  at java.security.AccessControlContext.checkPermission(Compiled Code)
  at oracle.aurora.jndi.orb_dep.Orb.<clinit>(Orb.java:24)
  at oracle.aurora.jndi.sess_iiop.sess_iiopURLContext.<clinit>(sess_iiopURLContext.java:9)
  at javax.naming.spi.NamingManager.getURLObject(NamingManager.java:588)
  at javax.naming.spi.NamingManager.getURLContext(NamingManager.java:537)
  at javax.naming.InitialContext.getURLOrDefaultInitCtx(InitialContext.java:274)
  at javax.naming.InitialContext.lookup(InitialContext.java:349)
  at oracle.jbo.client.remote.ejb.aurora.AuroraEJBAmHomeImpl.connectToService(AuroraEJBAmHomeImpl.java:179)
  at oracle.jbo.client.remote.ejb.aurora.AuroraEJBAmHomeImpl.createSession(AuroraEJBAmHomeImpl.java:152)
  at oracle.jbo.client.remote.ejb.aurora.AuroraEJBAmHomeImpl.initRemoteHome(AuroraEJBAmHomeImpl.java:123)
  at oracle.jbo.client.remote.ejb.aurora.AuroraEJBAmHomeImpl.<init>(AuroraEJBAmHomeImpl.java:59)
  at oracle.jbo.client.remote.ejb.aurora.AuroraEJBInitialContext.createJboHome(AuroraEJBInitialContext.java:47)
  at oracle.jbo.common.JboInitialContext.lookup(JboInitialContext.java:72)
  at javax.naming.InitialContext.lookup(InitialContext.java:349)
  at oracle.dacf.dataset.SessionInfo._createAppModule(SessionInfo.java:2330)
  at oracle.dacf.dataset.SessionInfo.connect(SessionInfo.java:1799)
  at oracle.dacf.dataset.SessionInfo.openProducerObject(SessionInfo.java:1848)
  at oracle.dacf.dataset.ProducerObject.open(ProducerObject.java:94)
  at oracle.dacf.dataset.SessionInfo.publishSession(SessionInfo.java:1305)
  at oracle.dacf.dataset.SessionInfo.publishSession(SessionInfo.java:1287)
  at broadcastapplet.myBroadCastApplet.init(myBroadCastApplet.java:70)
  at sun.applet.AppletPanel.run(Compiled Code)
  at java.lang.Thread.run(Thread.java:479)
  The Oracle 8.1.6 runs on Win2000, I put the JAR & related zip files in the same machine's IIS webserver.
  Is anyone can help?
  ERic

  Hi Shaji,
  Are you calling a webservice from within an Xacute Query for your applet?  On first glance, it looks like a web service call is being rejected due to security permissions.  If you have a webservice call (or HTTP post/get), can you test it separately with the same credentials as the webpage is using?
  Regards,
  Mike

• Urgent requirement : security error accessing url and http error: standalone flex

  Hi,
  I have a requirement to create record from standalone flex. I am using Flex builder 3.
  I used Flex-force toolkit to login  to salesforce. The swf file generated when used internal to salesforce it works great.
  But my requirement is to run it from public sites page / standalone pages. How will I configure it? I am getting error 'security error accessing url', default HTTP
  The requirement is on priority, please help me to resolve this issue.
  The login code is also furnished below. please help.
  Full error details:
  (com.salesforce.events::ApexFaultEvent)#0
    bubbles = false
    cancelable = true
    context = (null)
    currentTarget = (null)
    eventPhase = 2
    fault = (mx.rpc::Fault)#1
      content = (null)
      errorID = 0
      faultCode = "Channel.Security.Error"
      faultDetail = "Destination: DefaultHTTP"
      faultString = "Security error accessing url"
      message = "faultCode:Channel.Security.Error faultString:'Security error accessing url' faultDetail:'Destination: DefaultHTTP'"
      name = "Error"
      rootCause = (flash.events::SecurityErrorEvent)#2
        bubbles = false
        cancelable = false
        currentTarget = (flash.net::URLLoader)#3
          bytesLoaded = 0
          bytesTotal = 0
          data = (null)
          dataFormat = "text"
        eventPhase = 2
        target = (flash.net::URLLoader)#3
        text = "Error #2170: Security sandbox violation: file:///C|/Users/R/DOCUME%7E1/FLEXBU%7E1/TESTLO%7E1/BIN%2DRE%7E1/TESTLO%7E1.SWF cannot send HTTP headers to https://login.salesforce.com/services/Soap/u/14.0?1000.1153011256829."
        type = "securityError"
    headers = (null)
    message = (mx.messaging.messages::ErrorMessage)#4
      body = (null)
      clientId = "DirectHTTPChannel0"
      correlationId = "B8A1B02E-CE17-DCBA-4894-F2E4CBEB7C04"
      destination = ""
      extendedData = (null)
      faultCode = "Channel.Security.Error"
      faultDetail = "Destination: DefaultHTTP"
      faultString = "Security error accessing url"
      headers = (Object)#5
        DSStatusCode = 0
      messageId = "41F6A90D-ECAE-EA2D-7C84-F2E4DABD72F3"
      rootCause = (flash.events::SecurityErrorEvent)#2
      timestamp = 0
      timeToLive = 0
    messageId = "41F6A90D-ECAE-EA2D-7C84-F2E4DABD72F3"
    statusCode = 0
    target = (null)
    token = (mx.rpc::AsyncToken)#6
      message = (mx.messaging.messages::HTTPRequestMessage)#7
        body = "<se:Envelope xmlns:se="http://schemas.xmlsoap.org/soap/envelope/"><se:Header xmlns:sfns="urn:partner.soap.sforce.com"/><se:Body><login xmlns="urn:partner.soap.sforce.com" xmlns:ns1="sobject.partner.soap.sforce.com"><username>uname</username><password>pwdandsec token</password></login></se:Body></se:Envelope>"
        clientId = (null)
        contentType = "text/xml; charset=UTF-8"
        destination = "DefaultHTTP"
        headers = (Object)#8
          DSEndpoint = "direct_http_channel"
        httpHeaders = (Object)#9
          Accept = "text/xml"
          SOAPAction = """"
          X-Salesforce-No-500-SC = "true"
        messageId = "B8A1B02E-CE17-DCBA-4894-F2E4CBEB7C04"
        method = "POST"
        recordHeaders = false
        timestamp = 0
        timeToLive = 0
        url = "https://login.salesforce.com/services/Soap/u/14.0?1000.1153011256829"
      responders = (Array)#10
        [0] (::SalesForceResponder)#11
      result = (null)
    type = "fault"
  Login code:
  [Bindable] public var sfdc:Connection = new Connection();
  private function login():void {
  Security.loadPolicyFile("http://salesforce.com/services/crossdomain.xml");
  var lr:LoginRequest = new LoginRequest();
  lr.username = "uname";
  lr.password = "pwdtoken";
  sfdc.protocol = "https";
  sfdc.serverUrl = "https://login.salesforce.com/services/Soap/u/14.0";
  lr.callback = new AsyncResponder(loginSuccess, loginFault);
  sfdc.login(lr);

  This is resolved.
  I have copied the crossdomain.xml file to tomcat Root folder
  and the issue is resolved.

• Java.security.AccessControlException: access denied (java.util.PropertyPerm

  Hi All,
  I try to run an applet from Solaris 8 server on some client machine using IE5 and NetScape 6.2 ( I installed JRE 1.4, I also try other JRE versions) but I get the following errors again and agian,
  I even try to use appletviewer on the Solaris Box itself to open the applet but it makes no difference same errors
  could somebody please help or give me a hint how should I start tracing what the problem might be ?
  this applet comes with Solaris Bandwidth Manager as a gui administration tool ( webbased ) it supposed to change the configurations remotly over the web. I asure there is no solaris permission problem exist.
  I use Tomcat on the server side.Installed JDK 1.3 on Solaris 8 with all the default settings.
  i suppose something should be done with java.policy or java.security files i know nothing about java security please at least give me some URL's to find out more about this matter i searched a lot but couldn't find good documents about java default security restrictions
  java.lang.ExceptionInInitializerError
  at com.sun.ba.common.QConfiguration.loadPredefServices(QConfiguration.java:617)
  at com.sun.ba.common.QConfiguration.getPredefServices(QConfiguration.java:630)
  at com.sun.ba.tool.MainPanel.<init>(MainPanel.java:95)
  at com.sun.ba.tool.QoSFrame.<init>(QoSFrame.java:48)
  at com.sun.ba.tool.baApplet.init(baApplet.java:46)
  at sun.applet.AppletPanel.run(Unknown Source)
  at java.lang.Thread.run(Unknown Source)
  Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission console read)
  at java.security.AccessControlContext.checkPermission(Unknown Source)
  at java.security.AccessController.checkPermission(Unknown Source)
  at java.lang.SecurityManager.checkPermission(Unknown Source)
  at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
  at java.lang.System.getProperty(Unknown Source)
  at com.sun.ba.common.QDebug.<clinit>(QDebug.java:39)
  ... 7 more
  any help would be appriciated so much.
  thanks
  mehmad

  I dont know, but It may be that an Applet can only access the local machine. ie. If you run the applet on computer A and you want to edit the config on computer B, I do not believe you can. The applet can only talk to Computer A. You would have to:
  1) Run an application on computer A and the applet would tell the application what to change.
  2)Maybe sign the applet in a JAR File
  You will probably have to do #1.
  US101

• Java.security.AccessControlException: access denied (java.util.PropertyPer

  Hi All,
  I try to run an applet from Solaris 8 server on some client machine using IE5 and NetScape 6.2 ( I installed JRE 1.4, I also try other JRE versions) but I get the following errors again and agian,
  I even try to use appletviewer on the Solaris Box itself to open the applet but it makes no difference same errors
  could somebody please help or give me a hint how should I start tracing what the problem might be ?
  this applet comes with Solaris Bandwidth Manager as a gui administration tool ( webbased ) it supposed to change the configurations remotly over the web. I asure there is no solaris permission problem exist.
  I use Tomcat on the server side.Installed JDK 1.3 on Solaris 8 with all the default settings.
  i suppose something should be done with java.policy or java.security files i know nothing about java security please at least give me some URL's to find out more about this matter i searched a lot but couldn't find good documents about java default security restrictions
  java.lang.ExceptionInInitializerError
       at com.sun.ba.common.QConfiguration.loadPredefServices(QConfiguration.java:617)
       at com.sun.ba.common.QConfiguration.getPredefServices(QConfiguration.java:630)
       at com.sun.ba.tool.MainPanel.<init>(MainPanel.java:95)
       at com.sun.ba.tool.QoSFrame.<init>(QoSFrame.java:48)
       at com.sun.ba.tool.baApplet.init(baApplet.java:46)
       at sun.applet.AppletPanel.run(Unknown Source)
       at java.lang.Thread.run(Unknown Source)
  Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission console read)
       at java.security.AccessControlContext.checkPermission(Unknown Source)
       at java.security.AccessController.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
       at java.lang.System.getProperty(Unknown Source)
       at com.sun.ba.common.QDebug.<clinit>(QDebug.java:39)
       ... 7 more
  any help would be appriciated so much.
  thanks
  mehmad

  Hi,
  Please make changes in the java.security files present in the jdk1.3/lib/jre/security/java.security.There you make the changes in the property which gives you the error.See if this helps..
  regards vickyk

• Socket programming + java.security.AccessControlException: access denied

  the code below is for a particular port and IP ..what is the command for granting permission for all the sites?
  please help, i have been unable to tackle this problem from the past 24 hours.
  iam getting an error too..
  java.security.AccessControlException: access denied (java.net.SocketPermission yahoo.com resolve)
  grant {
    permission java.net.SocketPermission
          "puffin.eng.sun.com:7777",
       "connect, accept";

  ..

• Security Manager/Access problem

  (WWC-00000)
  An unexpected error has occurred in portlet instances: wwpob_api_portlet_inst.create_inst (WWC-44846)
  The following error occurred during the call to Web provider: java.lang.NullPointerException
  at oracle.portal.provider.v2.security.URLSecurityManager.hasAccess(Unknown Source)
  at oracle.portal.provider.v2.DefaultPortletDefinition.hasAccess(Unknown Source)
  at oracle.portal.provider.v2.ProviderInstance.getPortletDefinition(Unknown Source)
  at oracle.portal.provider.v2.ProviderInstance.getPortletInstance(Unknown Source)
  at oracle.portal.provider.v2.ProviderInstance.getPortletInstance(Unknown Source)
  at oracle.webdb.provider.v2.adapter.soapV1.ProviderAdapter.registerPortlet(Unknown Source)
  at java.lang.reflect.Method.invoke(Native Method)
  at oracle.webdb.provider.v2.utils.soap.SOAPProcessor.doMethodCall(Unknown Source)
  at oracle.webdb.provider.v2.utils.soap.SOAPProcessor.processInternal(Unknown Source)
  at oracle.webdb.provider.v2.utils.soap.SOAPProcessor.process(Unknown Source)
  at oracle.webdb.provider.v2.adapter.SOAPServlet.doSOAPCall(Unknown Source)
  at oracle.webdb.provider.v2.adapter.SOAPServlet.service(Unknown Source)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:336)
  at com.evermind.server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:59)
  at oracle.security.jazn.oc4j.JAZNFilter.doFilter(JAZNFilter.java:283)
  at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:523)
  at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:269)
  at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:735)
  at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:151)
  at com.evermind.util.ThreadPoolThread.run(ThreadPoolThread.java:64)
  (WWC-43147)
  Removing the provider.xml security manager setting will do away with this problem.
  Versions being used: Portal 9.0.2 and PDK september.

  I have checked with PDK September samples related to Security Manager/Access and they are working fine. Please lets know for which PDK sample gives this error.