Port Security based on Device Type

Hi all:
We need to know whether there is any feature or software that allows to block switch ports for type of devices.
For instance, we have some switches for IP phones and we do not want to have PCs connected to those ports.
We know that it can be done using MACs, but, as phones can be moved easily, it implies constant changes on port security.
Thanks
Regards

Apologies if I have not understood the original question, however, can you use port security (max MAC / sticky MAC) to ensure only devices that are currently connected are successful, other violations will result in the port being shutdown.
You may want to investigate some 802.1x device authentication
http://www.cisco.com/en/US/products/ps6662/products_ios_protocol_option_home.html
HTH
Steve

Similar Messages

  • Restrict WLAN access based upon device type

    hi,
    i have a requirement to allow only certain device types (Apple Ipad only) on WLAN. Dont want to use individual MAC filters due to administrative overheads. Any suggestions?

    The only way you can just allow one type of device is the use of a profiler. Cisco ISE has a profiler, but you will need to get the advanced license also. I don't know how you would be able to do it any other way unless you manually configure each iPad to allow that device on your network.
    Sent from Cisco Technical Support iPhone App

  • WLC and preventing access based upon device type

    Hello,
    I know this may be slightly offbase, and may be more of a Microsoft question, but I'll ask anyway.
    Here is my problem.  We have a WPA secured wireless network.   Users are now connecting there Iphones & Droids to this network.  We want to prevent this.  In researching, it looked like MS NPS server could authenticate not only on username/password, but also based on wether the computer was associated with the Domain.  I could then inject the associated VLAN to put the devices on.  While the injection is working perfectly, it doesnt look like this variable of "Domain Computer" is being met.  
    Basicly, we have Windows and Mac's that need to gain access to our secure wireless area, and anyone else can be put on a non-secure area.
    Has anyone else used this feature successfully?
    Or does anyone else have any alternatives?
    Thank you,

    Hi Drew,
    I think you're talking about machine authentication. Windows radius server easily checks the machine account on the domain so there is no added burden for the user.
    This is a setting to enable on the client side and also on the radius server side. For example, you can grant access only if machine authentication happened.
    However, WLC has nothing to do in this story actually ...
    Nicolas.
    ===
    Don't forget to rate answers that you find useful

  • Allowing a device blocked by port-security

    Lets say I have port security configured on a switch's ports like this:
        Secure Port  MaxSecureAddr  CurrentAddr  SecurityViolation  Security Action
                        (Count)       (Count)          (Count)
              Et0/2              1            1                  0         Shutdown
    And also that I use sticky to allow all connected devices.
    Now lets say an admin unplugs the computer that was plugged into a port and plugs in another one. The switch port shutdowns as expected. Now the admin calls and asked that the currently connected computer be allowed access. What is the proper way to allow access to that computer?
    I ran sticky again on that specific interface and did a no shut, but it is still shutdown. Do I need to completely disable and re-enable port-security on that interface to allow the new device?

    Hi,
    In the line command, write:
    switch(conf-if)#shutdown
    and
    switch#clear port-security dynamic interface XX/XX
    and
    switch#clear mac address-table dynamic interface XX/XX
    and
    switch(conf-if)#no shutdown
    In the 2 interfaces - old and new interfaces.
    Thanks.

  • Port Security Sticky Addresses

    Does anyone know if there is a way to automatically clear the mac address on a switchport that has port security sticky addressing enabled. I have the following configured on the port(s):
    switchport mode access
    switchport port-security
    switchport port-security aging time 1
    switchport port-security aging type inactivity
    switchport port-security mac-address sticky
    spanning-tree portfast
    I can't get it to release the sticky mac-address after the minute of inactivity. As soon as I try to connect another device to the port after the required inactivity, the port goes into an err-disabled state because it still sees the mac of the old device. Any help is appreciated. This is on a Catalyst 2950G switch.
    Josh

    It is not possible to age out sticky entries.  With sticky entries, they are added to the running config.  So the only way to remove it is through editing the running config....  If you enter the "no switchport port-security mac-address sticky" interface command, then the mac addresses will be learned dynamically, and will be aged out after 1 minute of inactivity, per your config ...

  • Recommended port-security settings for ASA HA failover

    I have a pair of ASA 5510s configured in active/standby mode. I have already configured the failover settings on the firewalls. Both firewalls are connected to a 2960G. I made a change to the interfaces on the 2960 to allow 2 mac addresses on each port. Here is the switch port config:
    interface GigabitEthernet0/8
    description ASA-Primary-Out
    switchport access vlan 200
    switchport mode access
    switchport port-security maximum 2
    switchport port-security
    switchport port-security aging time 2
    switchport port-security violation restrict
    switchport port-security aging type inactivity
    ip arp inspection limit rate 500
    no cdp enable
    spanning-tree portfast
    spanning-tree bpduguard enable
    Upon testing failover via the failover active command, I get port-security errors on the outside interface for each device:
    %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address aaaa.bbbb.cccc on port GigabitEthernet0/8. After a few minutes, the error goes away and I can then connect to each firewall. It seems that it still waits for the aging time to expire before allowing the other MAC address. Shouldn't the "maximum 2" setting allow for both mac addresses?
    I'd rather not have to hardcode the firewall's MAC addresses on each switchport because I could see this causing problems for us down the road. Is there anything else that can be done?

    Hello,
    This is expected because of the way ASA failover works. When a failover event occurs, the 2 units will swap their IP and MAC addresses (i.e. the Active unit is always using the same IP and MAC, but this role changes between the 2 physical units).
    Per the port-security config guide:
    http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_25_fx/configuration/guide/swtrafc.html#wp1090391
    "...if a station with a secure MAC address configured or learned on one secure port attempts to access another secure port, a violation is flagged."
    Since the MAC address moves to the other switchport when the failover happens, a violation is being logged.
    -Mike

  • SCOM 2012 SP1 Cisco Port Security Violations

    Hello,
    I'm fairly new to System Center but have learning quite a bit over the last year. I am looking for some information on how to generate an alert  off of a port-security violation.  There's not much information about this so i'm wondering if anyone
    out there has experience doing this.
    Also, we run a fairly large Cisco environment (20000+ switchports), so my next question is, do I have to be monitoring every switchport to see a port-sec event happen.  I've run some debug snmp packets on my Cisco devices, and I do see the SNMP trap
    sent for the port-security violation.
    The universal device poller that I setup for this is: OID 1.3.6.1.4.1.9.9.315.1.2.1.1.2 or the MIB CISCO-PORT_SECURITY-MIB:cpsIfPortSecurityStatus, so i'm pretty confident that i've got the right data.  I'm just looking for a way to see these events happen
    without having to monitor every single switchport on my network and if the alert will tell me which switch, which port had the violation.
    Any help is always appreciated.

    Hi,
    I have to say that I don't have experience doing this, but in my opinion, if you there is log files about that information, we can use SCOM to monitor the log file and fire alerts according to your requirements.
    Based on my research, the output of the port-security debug may have information about which switch, which port had the violation. (I am not familiar with cisco device, if there is any misunderstanding, please feel free let know)
    Regards,
    Yan Li
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

  • Port Security MIB on SF, SG series switches

    I need to setup some parameters related to port security features on my SG, SF series switches via SNMP. I've found that it is possible with port security MIB (1.3.6.1.4.1.9.9.315). I found out my devices has support of this MIB downloading archive with MIBs from cisco site. But when I try to read some parameters from this MIB via SNMP, for example "cps if port security status" (1.3.6.1.4.1.9.9.315.1.2.1.1.2) device answers with: "No Such Object available on this agent at this OID". But it is possible to do with web-interface in Security->Port Security section
    How is it possible to read/write such type of parameters ?

    The OID you mentioned cpsIfPortSecurityStatus has Read-Only permissions and hence you cannot set anything.
    You can only poll this object to know the operational status of the port security feature on an interface, which will result from one of the three status :
    1 : secureup
    2 : securedown
    3 : shutdown
    For more details check OID Translation.
    You can only set values which has Read-Write permissions, like cpsIfPortSecurityEnable, using which you can enable port security on an interface.
    Tell us what you want to achieve using SNMP Set operation?
    Also, I am not sure if these MIB features are completely implemented on 29xx/35xx/37xx devices.
    But are present in 45xx and 65xx series switches.

  • Dot1x with port security and redundant radius servers

    I have a strange issue with my dot1x port authentication.  I have two radius servers configured in my switch for redundancy, and on my switchport I have a Cisco IP phone and a PC.  Testing redundnacy with the radius servers, when I have both servers active and running, the port authentication works fine for both phone and pc.  When I fail the radius servers in the configuration, by disconnecting the NIC on it, the switch goes to the surviving radius server and authenticates, (I can see it in the running log) both the phone and PC get an access-accept, but only the phone works on the network and the port light stays amber showing it's blocking for the pc.  Strange, since it showed an accept on the radius server.
    This only seems to happen when the first one on the list is failed.  When the second one is failed, it obviously won't need to try it, so there's not an issue.  Any ideas?
    Here's the setup and configs:
    freeradius 2.1.12-4
    cisco 3560
    Switch Ports Model              SW Version            SW Image                
    *    1 52    WS-C3560G-48PS     12.2(53)SE2           C3560-IPBASEK9-M 
    aaa new-model
    aaa authentication dot1x default group radius
    aaa authorization network default group radius
    interface GigabitEthernet0/1
    switchport access vlan 100
    switchport mode access
    switchport voice vlan 110
    authentication event no-response action authorize vlan 901
    authentication host-mode multi-domain
    authentication port-control auto
    authentication periodic
    authentication violation protect
    mab
    dot1x pae authenticator
    dot1x timeout quiet-period 10
    dot1x timeout tx-period 1
    no mdix auto
    spanning-tree portfast
    radius-server host 10.90.1.88 auth-port 1645 acct-port 1646 key 7 xxx
    radius-server host 10.90.1.85 auth-port 1645 acct-port 1646 key 7 xxx
    Here's an authentication string from the radius server:
    (there are two mac address.  The first one 00.13 is the PC and the second 30.37 is the phone)
    rad_recv: Access-Request packet from host 10.90.100.7 port 1645, id=204, length=160
    User-Name = "001372b639a6"
    User-Password = "001372b639a6"
    Service-Type = Call-Check
    Framed-MTU = 1500
    Called-Station-Id = "9C-AF-CA-23-D9-01"
    Calling-Station-Id = "00-13-72-B6-39-A6"
    Message-Authenticator = 0xfeef777a8033c24934306b3cce78c8f1
    NAS-Port-Type = Ethernet
    NAS-Port = 50001
    NAS-Port-Id = "GigabitEthernet0/1"
    NAS-IP-Address = 10.90.100.7
    Wed Sep 18 10:48:06 2013 : Info: # Executing section authorize from file /etc/raddb/sites-enabled/default
    Wed Sep 18 10:48:06 2013 : Info: +- entering group authorize {...}
    Wed Sep 18 10:48:06 2013 : Info: ++[preprocess] returns ok
    Wed Sep 18 10:48:06 2013 : Info: ++[chap] returns noop
    Wed Sep 18 10:48:06 2013 : Info: ++[mschap] returns noop
    Wed Sep 18 10:48:06 2013 : Info: ++[digest] returns noop
    Wed Sep 18 10:48:06 2013 : Info: [suffix] No '@' in User-Name = "001372b639a6", looking up realm NULL
    Wed Sep 18 10:48:06 2013 : Info: [suffix] No such realm "NULL"
    Wed Sep 18 10:48:06 2013 : Info: ++[suffix] returns noop
    Wed Sep 18 10:48:06 2013 : Info: [eap] No EAP-Message, not doing EAP
    Wed Sep 18 10:48:06 2013 : Info: ++[eap] returns noop
    Wed Sep 18 10:48:06 2013 : Info: [sql]           expand: %{User-Name} -> 001372b639a6
    Wed Sep 18 10:48:06 2013 : Info: [sql] sql_set_user escaped user --> '001372b639a6'
    Wed Sep 18 10:48:06 2013 : Debug: rlm_sql (sql): Reserving sql socket id: 3
    Wed Sep 18 10:48:06 2013 : Info: [sql]           expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '001372b639a6'           ORDER BY id
    Wed Sep 18 10:48:06 2013 : Debug: rlm_sql_mysql: query:  SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '001372b639a6'           ORDER BY id
    Wed Sep 18 10:48:06 2013 : Info: [sql] User found in radcheck table
    Wed Sep 18 10:48:06 2013 : Info: [sql]           expand: SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '001372b639a6'           ORDER BY id
    Wed Sep 18 10:48:06 2013 : Debug: rlm_sql_mysql: query:  SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '001372b639a6'           ORDER BY id
    Wed Sep 18 10:48:06 2013 : Info: [sql]           expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = '001372b639a6'           ORDER BY priority
    Wed Sep 18 10:48:06 2013 : Debug: rlm_sql_mysql: query:  SELECT groupname           FROM radusergroup           WHERE username = '001372b639a6'           ORDER BY priority
    Wed Sep 18 10:48:06 2013 : Debug: rlm_sql (sql): Released sql socket id: 3
    Wed Sep 18 10:48:06 2013 : Info: ++[sql] returns ok
    Wed Sep 18 10:48:06 2013 : Info: ++[expiration] returns noop
    Wed Sep 18 10:48:06 2013 : Info: ++[logintime] returns noop
    Wed Sep 18 10:48:06 2013 : Info: ++[pap] returns updated
    Wed Sep 18 10:48:06 2013 : Info: Found Auth-Type = PAP
    Wed Sep 18 10:48:06 2013 : Info: # Executing group from file /etc/raddb/sites-enabled/default
    Wed Sep 18 10:48:06 2013 : Info: +- entering group PAP {...}
    Wed Sep 18 10:48:06 2013 : Info: [pap] login attempt with password "001372b639a6"
    Wed Sep 18 10:48:06 2013 : Info: [pap] Using clear text password "001372b639a6"
    Wed Sep 18 10:48:06 2013 : Info: [pap] User authenticated successfully
    Wed Sep 18 10:48:06 2013 : Info: ++[pap] returns ok
    Wed Sep 18 10:48:06 2013 : Info: # Executing section post-auth from file /etc/raddb/sites-enabled/default
    Wed Sep 18 10:48:06 2013 : Info: +- entering group post-auth {...}
    Wed Sep 18 10:48:06 2013 : Info: ++[exec] returns noop
    Sending Access-Accept of id 204 to 10.90.100.7 port 1645
    Wed Sep 18 10:48:06 2013 : Info: Finished request 0.
    Wed Sep 18 10:48:06 2013 : Debug: Going to the next request
    Wed Sep 18 10:48:06 2013 : Debug: Waking up in 4.9 seconds.
    Wed Sep 18 10:48:11 2013 : Info: Cleaning up request 0 ID 204 with timestamp +77
    Wed Sep 18 10:48:11 2013 : Info: Ready to process requests.
    rad_recv: Access-Request packet from host 10.90.100.7 port 1645, id=205, length=160
    User-Name = "3037a616cd49"
    User-Password = "3037a616cd49"
    Service-Type = Call-Check
    Framed-MTU = 1500
    Called-Station-Id = "9C-AF-CA-23-D9-01"
    Calling-Station-Id = "30-37-A6-16-CD-49"
    Message-Authenticator = 0xc9173e759dd759b9d414d192783e8a8e
    NAS-Port-Type = Ethernet
    NAS-Port = 50001
    NAS-Port-Id = "GigabitEthernet0/1"
    NAS-IP-Address = 10.90.100.7
    Wed Sep 18 10:48:13 2013 : Info: # Executing section authorize from file /etc/raddb/sites-enabled/default
    Wed Sep 18 10:48:13 2013 : Info: +- entering group authorize {...}
    Wed Sep 18 10:48:13 2013 : Info: ++[preprocess] returns ok
    Wed Sep 18 10:48:13 2013 : Info: ++[chap] returns noop
    Wed Sep 18 10:48:13 2013 : Info: ++[mschap] returns noop
    Wed Sep 18 10:48:13 2013 : Info: ++[digest] returns noop
    Wed Sep 18 10:48:13 2013 : Info: [suffix] No '@' in User-Name = "3037a616cd49", looking up realm NULL
    Wed Sep 18 10:48:13 2013 : Info: [suffix] No such realm "NULL"
    Wed Sep 18 10:48:13 2013 : Info: ++[suffix] returns noop
    Wed Sep 18 10:48:13 2013 : Info: [eap] No EAP-Message, not doing EAP
    Wed Sep 18 10:48:13 2013 : Info: ++[eap] returns noop
    Wed Sep 18 10:48:13 2013 : Info: [sql]           expand: %{User-Name} -> 3037a616cd49
    Wed Sep 18 10:48:13 2013 : Info: [sql] sql_set_user escaped user --> '3037a616cd49'
    Wed Sep 18 10:48:13 2013 : Debug: rlm_sql (sql): Reserving sql socket id: 2
    Wed Sep 18 10:48:13 2013 : Info: [sql]           expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '3037a616cd49'           ORDER BY id
    Wed Sep 18 10:48:13 2013 : Debug: rlm_sql_mysql: query:  SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '3037a616cd49'           ORDER BY id
    Wed Sep 18 10:48:13 2013 : Info: [sql] User found in radcheck table
    Wed Sep 18 10:48:13 2013 : Info: [sql]           expand: SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '3037a616cd49'           ORDER BY id
    Wed Sep 18 10:48:13 2013 : Debug: rlm_sql_mysql: query:  SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '3037a616cd49'           ORDER BY id
    Wed Sep 18 10:48:13 2013 : Info: [sql]           expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = '3037a616cd49'           ORDER BY priority
    Wed Sep 18 10:48:13 2013 : Debug: rlm_sql_mysql: query:  SELECT groupname           FROM radusergroup           WHERE username = '3037a616cd49'           ORDER BY priority
    Wed Sep 18 10:48:13 2013 : Debug: rlm_sql (sql): Released sql socket id: 2
    Wed Sep 18 10:48:13 2013 : Info: ++[sql] returns ok
    Wed Sep 18 10:48:13 2013 : Info: ++[expiration] returns noop
    Wed Sep 18 10:48:13 2013 : Info: ++[logintime] returns noop
    Wed Sep 18 10:48:13 2013 : Info: ++[pap] returns updated
    Wed Sep 18 10:48:13 2013 : Info: Found Auth-Type = PAP
    Wed Sep 18 10:48:13 2013 : Info: # Executing group from file /etc/raddb/sites-enabled/default
    Wed Sep 18 10:48:13 2013 : Info: +- entering group PAP {...}
    Wed Sep 18 10:48:13 2013 : Info: [pap] login attempt with password "3037a616cd49"
    Wed Sep 18 10:48:13 2013 : Info: [pap] Using clear text password "3037a616cd49"
    Wed Sep 18 10:48:13 2013 : Info: [pap] User authenticated successfully
    Wed Sep 18 10:48:13 2013 : Info: ++[pap] returns ok
    Wed Sep 18 10:48:13 2013 : Info: # Executing section post-auth from file /etc/raddb/sites-enabled/default
    Wed Sep 18 10:48:13 2013 : Info: +- entering group post-auth {...}
    Wed Sep 18 10:48:13 2013 : Info: ++[exec] returns noop
    Sending Access-Accept of id 205 to 10.90.100.7 port 1645
    Cisco-AVPair = "device-traffic-class=voice"
    Wed Sep 18 10:48:13 2013 : Info: Finished request 1.
    Wed Sep 18 10:48:13 2013 : Debug: Going to the next request
    Wed Sep 18 10:48:13 2013 : Debug: Waking up in 4.9 seconds.
    Wed Sep 18 10:48:18 2013 : Info: Cleaning up request 1 ID 205 with timestamp +84
    Wed Sep 18 10:48:18 2013 : Info: Ready to process requests.
    Thanks!

    802.1X support    requires an authentication server that is configured for Remote    Authentication Dial-In User Service (RADIUS). 802.1X authentication does  not   work unless the network access switch can route packets to the  configured   RADIUS server.
    Please check the  below links which can be helpful in configurations:
    Link-1
    http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/50sg/configuration/guide/dot1x.html

  • HT6437 My itunes cannot locate my ipod. All the sync option are grayed out and diagnostics says that itunes cannot find usb ports and that no device is connected when it is. What should I do to solve this issue?

    So itunes is giving me problems. Since around Christmas time, itunes decided to stop reading my ipod. I connect it to my computer with the usb cable and my computer will recognize that a device is connected but itunes will not. If I go to file->devices and try to sync, all of my sync options are grayed out, while before it would just automatically sync.
    When I run diagnostics it tells me that under ports that it cannot find usb ports (it has a green circle?), a type of cable isn't found, and that no device is connected with the usb cable (which my ipod is). I have been trying to fix this issue but nothing is working. I've tried restarting my ipod, itunes, and my computer, i've also tried resetting my ipod and uninstalling itunes then reinstalling itunes but nothing seems to be working.
    Does anyone know how to solve this issue?

    Do the USB ports work for other devices?
    Does the iPod charge?
    See
    iOS: Device not recognized in iTunes for Windows
    - I would start with                  
    Removing and reinstalling iTunes and other software components for Windows Vista, Windows 7, or Windows 8
    However, after your remove the Apple software components also remove the iCloud Control Panel via Windows Programs and Features app in the Window Control Panel. Then reinstall all the Apple software components
    - Then do the other actions of:
    iOS: Device not recognized in iTunes for Windows
    paying special attention to item #5
    - New cable and different USB port
    - Run this and see if the results help with determine the cause
    iTunes for Windows: Device Sync Tests
    Also see:
    iPod not recognised by windows iTunes
    Troubleshooting issues with iTunes for Windows updates
    - Try on another computer to help determine if computer or iPod problem

  • Need a hint for home office / 871 does not support port-security - FPM ?

    Hi,
    i want to realize the following setup:
    - Central Site 871 with Internet Connection and static IP
    - Home office 871 with Internet Connection and static IP. On that home office router, there should be 2 Vlans: 1 for the office work and one for the user's private PC. All Traffic from the "office" Vlan is being put into a VPN to the central site. All Traffic on the other interface is being natted and goes straight to the internet.
    To minimize security issues, i tried to configure port-security, so that the user cannot connect with his private PC to the office LAN ports and vice versa. Unfortunately, port-security seems not to be supported on the 871 (advanced ip services image).
    Now i looked for an alternative...and came over to FPM (flexible packet matching).
    If i understood right, you can classify packets for example by their source MAC address and if this field matches a specific value (the mac of the work pc), packets can be dropped by a policy.
    Of course i cannot avoid that the user connects the work pc together with his private pc (this is then related to the OS Security to keep out viruses, worms, trojans, etc). But i could/want to restrict the internet access with the work pc through "normal" Internet access - the users should not be able to do that (must use the company's proxy).
    I did the follwing config:
    class-map type access-control match-any c2
    match start l2-start offset 48 size 6 regex "0xabcd1234fedc"
    match field ETHER source-mac regex "abcd1234fedc"
    policy-map type access-control p2
    class c2
    drop
    interface Vlan1
    ip address 192.168.20.1 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    service-policy type access-control input p2
    service-policy type access-control output p2
    As this feature is quite new, i'm not familiar with it's syntax.
    I also tried to use "string" instead of regexp, but i'm still able to connect the office pc to the private Lan and i am able to access the "Internet" (currently it's only setup in a lab).
    As i understood so far, the offset is the value in bits, and size is in bytes. is that correct?
    Has anyone yet some experience with FPM or maybe any hint for me how to realize the requested setup with the 871 routers?
    bets regards,
    Andy

    For the FPM feature to work you will need PHDF files for the protocols you want to scan for to be loaded on your routers. The files can be downloaded from cisco's website. In your case you will have to download ether.phdf file.

  • How to obtain a device type id?

    Hi all -
    Sorry if this is a repeat question, but I'm trying to figure out if there is a J2ME call to obtain the type of device the application is running on, such as "Nokia 2600" etc...I would like to change the app functionality based on what type of device this is...Any thoughts?
    Thanks!

    Hi Keshav.
    Device type SAPWIN Format ZEMP i found following option now i all details stat to display on line 14 so i have to set in
    Start of line but i don't know how to write there?
    Printer initialization
    Reset after exit
    Cover page
    First Page
    Start of even page
    Start of odd page
    Start of page
    End of first page
    End of even page
    End of odd page
    End of page
    Start of line on an even page
    Start of line on an odd page
    Start of line
    End of line on an even page
    End of line on odd page
    End of line

  • Mobile Time and Travel supporting Device types

    Hi Mobile Guru's,
    We would like to implement Mobile Time and Travel to our client. Currently they are using the PDA's. I have gone through installation guides of MTT and came to know that MTT is possible only for Laptops. Is my assumption is true? Please let me know. Actually our client wanted to implement MTT to their PDA's which they are currently using. Where can I get information that MTT supports which type of device types? Please help me.
    Thanks in advance.
    With best regards,
    Ameer Baba.

    Hi Ameer
       The MTT application is supported only on Laptops and doesnt support PDAs and your assumption is absolutely true. More information on this can be obtained in the following link http://service.sap.com/instguides In this link navigate to Installations and Upgrades->Entry by Application Group->SAP xApps
    ->SAP xApps for Mobile Business->SAP XMTT.   Also the following notes will be useful for the latest version of MTT i.e 2.0 which is JSP based rather than MicroITS.
    892203 - Mobile Travel Expenses 2.0 - Composite Note
    892204 - Mobile Time Sheet 2.0 - Composite Note
    942046 - Restrictions for Mobile Time Sheet 2.0
    942044 - Restrictions for Mobile Travel Expenses 2.0
    Hope this is helpful
    Best Regards
    Sivakumar

  • CAM aging time VS Port-security aging time

    Hi All
    Please advise on the following:
    - Without port-security configured, MACs per interface are learnt as "Dynamic" entries and the global CAM aging timer applies (300 seconds) unless tweaked manually.
    - With switchport port-security enabled (without port-security mac-address sticky, which holds onto MACs infinitely) I see MACs being learnt as "Secure-Dynamic" in a show port-security interface gix/x output and as "Static" in the output of show mac address-table interface gix.x .
    What I want to know is if JUST port-security is applied (without mac-address sticky) do the default CAM aging timer of 300 seconds get applied to these MACs too? as I see their is also a option to configure port-security mac-address aging time / type, does this overrule / take precedence over the default CAM aging timer?
    Please assist, its not documented anywhere and its driving me a bit nuts!
    Thanks folks

    What I want to know is if JUST port-security is applied (without mac-address sticky) do the default CAM aging timer of 300 seconds get applied to these MACs too?
    Any aging time you configure with port security will take precedence over the default aging time.
    See this thread for details -
    https://supportforums.cisco.com/discussion/11054341/switchport-port-security-commands-help
    Jon

  • Printing a new format page in Matrix Printer with the SAPWIN Device Type...

    Hi,
    The requierements is to print Identification Material Labels with an Epson DFX-8500 printer. The label font is TIMES 34, therefore the Printer Device Type is SAPWIN. The real throuble is that label size (Format Page) doesn't exist.
    I created a New Format Page but when a print the Materlal Label (SAPSCRIPT), the SPAD configuration isn't recognized. I need an Height of 432 PT (Like INCH6 because the paper is continuous form) isn't recognized.
    Could somebody help me???
    Alexis Sánchez N.
    SAP ABAP Development Consultant
    << removed >>
    Valencia, Venezuela
    Edited by: Rob Burbank on May 25, 2010 3:56 PM

    Hi all,
    I solved myself... This is the way...
    I have an Epson Matrix Printer (Epson DFX-8500)
    In SAP, I created the Epson DFX-8500 Printer with the device type SAPWIN. This printer have some attributes in windows operational system (Windows XP). One of this attributes is the default paper size (Letter).
    To change this, you have to do what the SAP Note 163136 (Creating new paper size for Windows NT-2000-XP-2003) says:
    Solution
    Note: This note is based on Note Q157172 from the Microsoft Knowledge Base.
    You create a new paper size this way in Windows NT:
    1. Choose 'Control Panel' and double-click 'Printer'.
    2. Select 'Server Properties' in the 'File' menu.
    3. Select the 'Create A New Form' check box on the 'Forms' tab page.
    4. Enter the settings for the new paper size.
    NOTE : If you set up your own customized paper size, the margins
    cannot exceed the settings of the installed printer. The print area
    must correspond to the margin settings of the printer driver used.
    5. Save the paper size.
    Proceed as follows to use the new paper size as the default format:
    1. Select 'Printer' in the 'Control Panel'.
    2. Click the right mouse button to select the required printer and select
    'Document defaults'.
    3. Select the new paper size in the 'Paper Size' selection box (on the
    'Advanced' tab page).
    4. Click OK.
    5. Again with the right mouse button click the required printer and
    select 'Attributes'.
    6. Open the 'Device Settings' tab page and select the paper tray from
    which you should print. Then select the new paper size.
    NOTE: New paper sizes are stored on the computer on which they were
    created. If you create a new paper size for a shared printer, you must
    create the new paper size on the printer's print server.
    NOTE : In Windows XP, there is an error in this procedure that can be
    corrected with Note Q838298 from the Microsoft Knowledge Base.
    I hope it helps you...
    Alexis Sánchez N.
    SAP ABAP Development Consultant
    Valencia, Venezuela

Maybe you are looking for

  • My Applications keep Freezing - Brand New Mid-2010 iMac.  Please Help

    Hello - I am extremely frustrated because I just received my brand new iMac in the mail (27" i7 2.93GHZ / 2 TB HD / 4GB 2x2 SDRAM) and my applications keep freezing. Let me give an example - I keep trying to open iPhoto so that I can import and expor

  • Why does the iPhone randomly exit out of apps??

    Hello what should I do about my iPhone 4S randomly exiting out of apps? I've held the top and middle buttons at the same time many of times and its not helping! It's still occurring! Help!!!

  • I tunes wont install

    i had a very old version of itunes when i opened the program it notifided me of a update. i clicked to download it and the install failed. every times i try to istall i tunes it gives me the message "there is a problem with this windows installer pac

  • Email merge

    Hello - would like to know how I can mail merge with my imac - my pc I would create an email in word and than do a mail merge - sending each one as a separate email. What do I do to do email blasts? thanks for your help

  • Quicktime player problems since installing Snow Leopard

    Since installing Snow Leopard my Quicktime plays weird. The are sharp horizontal streaks and glitches where the picture smears (the only way I can describe it). If I restart or shut down and restart, that sometimes resolves the problem, but for only