Regarding Ironport rating

Similar Messages

• Regarding Vendor Rating.

  Pls any one can help me how to capture Vendor Rating for Quality.
  I have the requirement for accepted with Deviation.
  if accepted it is considered as 100 score
  if rejected it is consideredsas 1 score
  but it the Lot size is some thing more Then One.
  Here, let us assume that Lot size is 10 no's
  out of which i accepted 4 No's
  and rejected                 3 No's
  and accpeted with Deviation is 2.
  and 1 No's is in Hold.
  what should be the score and UD code.
  i mean to say is i want to Decide the Q Score according to the Vendor and Quatity posted .
  pls help me
  thanks in advance.
  Kumar.

  Hi
  A quality score can be derived from the:
  Usage decision
  Share of defects in the lot
  Share of defects for the characteristics
  Quality score for the characteristics
  You can use share of defects in the lot procedure .AssignQ score procedure " quality score from share of scrap" in material master
  This procedure calculates the quality score using the share of scrap in the inspection lot:
                         I_KQD_MAX         Share of scrap
  E_KQD = I_KQD_MAX * (--) ** (-(--
  - 1) ** 2)
                       Limiting val.       Predef. share
  with I_KQD_MAX               Maximum QSc from vendor evaluation
       Limiting value          Lower limit for good quality in QM
       Share of scrap          Estimated share of scrap in inspection lot
       Predef. share           Predefined share of scrap from QM
                                 inspection data
  If it does not meet your requirement, create your own function module ,create new Q score procedure in spro and assin new function module to this procedure.
  Sanjay

• Rating HUD?

  The rating HUD is showing Rejects along with 3 Stars or more which is the setting I selected. I've been trying to figure out why the rejects would be showing when I'm asking for 3 Stars or better. Is it possible that the HUD shows the Rejects since the images are stacked and the rejects are part of the stack which also includes the image that is 3 Stars or more?

  For anyone that may be interested, after working with aperture I may have found the answer to my question regarding the Rating HUD. It seems that if you try to call up images based on ratings and you have stacked them, all images within the stack will be displayed if just one of the stacked images has the rating that you requested. In other words if you request images with 3 stars and in a stack of ten images you Reject 9 of those images but have the three stared image in the stack, all the Rejects will show along with the one 3 Stared image. The key it seems is to UNSTACK all the images and then do a request for a rated image. I don't like that it works this way and if anyone knows any different I would be grateful to be enlightened.

• Rating Podcasted

  how do I rate a podcast and a podcast episode (different ratings)???

  For anyone that may be interested, after working with aperture I may have found the answer to my question regarding the Rating HUD. It seems that if you try to call up images based on ratings and you have stacked them, all images within the stack will be displayed if just one of the stacked images has the rating that you requested. In other words if you request images with 3 stars and in a stack of ten images you Reject 9 of those images but have the three stared image in the stack, all the Rejects will show along with the one 3 Stared image. The key it seems is to UNSTACK all the images and then do a request for a rated image. I don't like that it works this way and if anyone knows any different I would be grateful to be enlightened.

• IronPort WSA S170 and Context directory agent

  Hello people and experts,
  I need your consultation regarding IronPort and CDA deployment.
  I couldn't find any information in internet...
  So my question is - if IronPort is AD domain member and Explicit forward proxy is planned to be used. Do I need CDA to be deployed? What will happen if I don't want to deploy CDA in my environment?
  As I understood CDA is useful when IronPort works as Transparent Proxy or if IronPort is not a member of the same domaiin as users.
  Please advise.

  The CDA eliminates the need for NTLM authentication.  Once a user logs onto their computer in the morning and authenticates to the domain, the CDA will have received a successful audit event/log that informs it that user X is signed on to IP address X.  When the WSA needs to find out who is on this IP address, instead of using NTLM to challenge the client machine, it will ask the CDA who signed on this particular IP address.  Once it gets the user name, the WSA will proceed as usual and query the AD to determine the group membership of that particular user.

• ACS 5.3 - 11033 Selected Service type is not Network Access

  I have some older devices on the network that only support RADIUS (not TACACS) for authentication and would like to have them use SecureACS 5.3 
  I understand that by default, ACS only supports TACACS for device administration.  So I'll get this error when trying RADIUS:
  11033 Selected Service type is not Network Access
  Description:
  RADIUS requests can only be processed by Access Services that are of type Network Access
  Resolution Text:
  Verify that the Service Selection Policy rules are correct
  However, even after adjusting the Service Selection rules and seeing hits, I still see the same message in the logs, as if it has no affect.  Any Ideas?

  If you use the protocol as radius you can not use a device admin service. You can only use network access. That will allow you for authentication to the devices.
  Regards,
  Amjad
  Rating useful replies is more useful than saying "Thank you"

• Printer won't connect to wifi

  Hello
  I've recently bought Samsung m2020/2020w  wireless printer, but I cannot seem to connect it to wifi. When trying to connect via WPS, then wireless setup light keeps flasing for 2 minutes but won't connect. Also tried to connect the printer to wifi through my PC via cable, but that gives me "general error". Sent my printer for warranty repair, but it came back as OK (they managed to connect it to their wireless networks). I've switched off my windows firewall, tried firmware update on the printer and connecting it to the router using laptop. Wifi works okay with other wireless devices such as smartphones and laptops.
  Im using Cisco epc3825 router.

  Hello,
  what band the printer is using (2.4 or 5 GHz)?
  What is the security on the wireless network that you use?
  have you tried to connect the printer withour WPS?
  because it gives you a general error in wired side, I think your problem is bigger than wireless-only issue.
  I think it is better to move your post to the small business->wireless forms that is responsible for your device type.
  Regards,
  Amjad
  Rating useful replies is more useful than saying "Thank you"

• Preauth ACL for Wired guest not working

  Hi Guys,
  I have 5508 wireless lan controller running code 7.2. We recently implemented Wired guest access on the WLC and configured necessary changes on the switch. We also have wireless guest profile as well configured on the WLC. We have some people who usually use Jabber client for video conferencing so what we have done is we have configured a preauth acl so that if any users connect to the wireless guest profile they automatically connect to the Jabber server without going through the Web auth. We have applied the same ACL in the Wired guest profile as well but the problem is that Jabber is not able to connect unless we manually go through web browser and then authenticate, but it is working normally for wireless guest access without the web authentication. Let me know if this is some kind of bug or a known issue which can fixed in some way. Thanks in advance
  - Krishna

  Krishna:
  Can you please confirm if other type of traffic (other than jabber traffic) is allowed by the pre-auth ACL?
  try - for testing - to allow traffic -by same ACL -  to some other destination and try via normal user to ping to open whatever session with that destination.
  let me know if that works or not.
  Regards,
  Amjad
  Rating useful replies is more useful than saying "Thank you"

• Wildcard Certificate and Wireless Lan Controller

  Hello,
  I'm working with wlc 5508 version 7.2.111.3 and I'm looking to use a wildcard certificate, I've just checked on the forum that there was a bug-id and it seems it's been closed with a workaround of not using wildcard certs, is it resolved now?
  If yes, could you indicate to me how can I proceed to install it quickly?
  Regards

  Hello,
  The bug was about bad behavior when the wildcard certificate is used. The status of the bug now is "Terminated". That means it was found that the root cause for this bug is not really a bug (bad description, normal behavior...etc).
  So, I think you can go with the wildcard certificat you have. The bug was opened on 5.2 version which is very old comparing to 7.2.
  Let us know how it goes.
  Regards,
  Amjad
  Rating useful replies is more useful than saying "Thank you"

• Cloned ACS (VMware) but clone doesn't authenticate

                     Hi, I'm having an issue with a cloned vm of our ACS. We are moving it to a different location. I was able to clone it and get it back on the network, but I can't authenticate to it from any of my switches. I do have an older version:
  5.2.0.26
  Any ideas on why a cloned ACS wouldn't funtion like the original?
  Thanks

  Supposing ip address and hostname were changed, try to disconnect the ACS from the AD (remove the machine from AD and remove AD configuraiton on the ACS clone). Then try to make it to join again.
  Hope that will fix your issue.
  Regards,
  Amjad
  Rating useful replies is more useful than saying "Thank you"

• ISE Authorization Policy

  Hey guys,
  I have a question regarding ISE Authorization Policy. In my test lab, I don't have any wired station, and what I have is a wireless lapotp. I have configured to allow only EAP-TLS authentication. Now, my problem is I keep getting "15039 Rejected per authorization profile."
  Under the Policy > Authorization, I created a rule where I just want to allow on EAP-TLS either via machine or user identity, and the bottom is the default DenyAccess. When I tried to join the wireless network, I kept getting denied. I checked the ACL counters on the WLC side and it was not increasing.
  I changed the default DenyAccess to PermitAccess, and I was able to join the wireless network no problem, and the ACL counters on the WLC side increased.
  It seems like I am hitting the default Authorization Policy first which is on the bottom of the authorization policy.
  I attached the failed and authenticated logs that I got from ISE.
  Has anyone have encoutered this issue?
  The version that I have is 1.1.1
  Thanks
  P.S.
  I went back to check my autorization condition, and it is blank (See the 1st screenshot)

  Hi,
  it is obvious that you are not matching any condition.
  rather than keeping the condition blank, fill it with a condition that is always match and try if that helps.
  Regards,
  Amjad
  Rating useful replies is more useful than saying "Thank you"

• ISE License After Newly Installation

  Hi Guys,
  We have a ISE appliance 3355 running version 1.1.1 and the base license is already installed into it. For now, we wanna change the version into 1.2, but we only have the full installation IOS of 1.2 which means we do not have the upgrade path from 1.1.x to 1.2. I wanna know if the license will be lost after we freshly installing the full version of 1.2 instead of upgrading. THX!
  Regards

  But wait, who said that you are limited to the full upgrade only?
  You can upgrade from 1.1.1 to 1.2 with the upgrade bundle if you have the latest patch applied to the 1.1.1 version.
  This is as per the upgrade guide:
  http://goo.gl/kTVSBq
  or you menat that you don't have the file of the upgrade bundle itself?
  Regards,
  Amjad
  Rating useful replies is more useful than saying "Thank you"

• Status-Server request and the ACS SE 4.2

  According to traces collected in mt ACS SE 4.2, it would seem that the underlying software does not support the RADIUS Status-Server request. Anybody know if this request type is supported in version 5.*? Thanks.

  Jay:
  I have ACS 5.3 and this attribute does not seem to be listed.
  What is the attribute's ID?
  Regards,
  Amjad
  Rating useful replies is more useful than saying "Thank you"

• Cisco ACS 5.4 + Anyconnect 3.1 NAM with 802.1x, problem with changing ACS Radius user password

  Dear all,
  Presently, we are testing 802.1x using Cisco ACS 5.4 and Cisco Anyconnect v3.1 as 802.1x supplicant. We have created predefined NAM profiles (with Cisco Profile Editor) and applied as default in on our test machine. We are using PEAP (MsCHAPv2) and ACS local user credentials for authenticating process. We have noticed that, when we try to authenticate the network with predefined profile (network profile has Administrator Network privileges) and Windows user on test machine has no Admin privileges we are not able to change ACS user password (checked "Change password on next login" in the ACS user profile). In the Monitoring and Report View we get Failure Reason "24203 User need to change password"  but no popup window apears in Anyconnect. When we change Windows local user privileges to Admin or create Anyconnect network profile localy (privileges User Network) then, we are able to finish the process.
  Have you ever been facing the problem described above. Is it Anyconnect bug? How can we fix it?
  Best regards,
  Piotr

  If this happens with all machines then if a microsoft guy can look the app logs/privileges. It seems the app is requesting privilege that it is not authorized to and that's why the propmt window fails to appear. If we know what that privilege is we can probably fix it. If that privilege is not even required for smooth work Cisco need probably to fix this behavior.
  I am sorry if I am not able to help but I am not using the anyconnect for production.
  Regards,
  Amjad
  Rating useful replies is more useful than saying "Thank you"

• Cisco AIR-SAP2602I

  I'm trying to deploy a WiFi solution for a client. It would consist of 2 SSIDs; one for internal users with internal network access and a guest with only internal access.
  I have a Sonicwall TZ215:
  External IP: x.x.x.x
  LAN IP: 192.168.1.1/24
  DHCP Server: 192.168.5-195/24
  +++++++++++++++++++++++
  Cisco SG500:
  v1.3.0.62 / R750_NIK_1_3_647_260
  CLI v1.0
  set system mode switch queues-mode 4
  file SSD indicator encrypted
  ssd-control-start
  ssd config
  ssd file passphrase control unrestricted
  no ssd file integrity control
  ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
  voice vlan oui-table add 0001e3 Siemens_AG_phone________
  voice vlan oui-table add 00036b Cisco_phone_____________
  voice vlan oui-table add 00096e Avaya___________________
  voice vlan oui-table add 000fe2 H3C_Aolynk______________
  voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
  voice vlan oui-table add 00d01e Pingtel_phone___________
  voice vlan oui-table add 00e075 Polycom/Veritel_phone___
  voice vlan oui-table add 00e0bb 3Com_phone______________
  hostname xxx
  ip ssh server
  snmp-server location "xxx"
  snmp-server contact "John Doe"
  clock timezone CST 0 minutes 0
  clock dhcp timezone
  ip telnet server
  interface vlan 1
  ip address 192.168.1.2 255.255.255.0
  no ip address dhcp
  interface gigabitethernet1/1/1
  switchport mode access
  interface gigabitethernet1/1/2
  switchport mode access
  interface gigabitethernet1/1/3
  switchport mode access
  interface gigabitethernet1/1/4
  switchport mode access
  interface gigabitethernet1/1/5
  switchport mode access
  interface gigabitethernet1/1/6
  switchport mode access
  interface gigabitethernet1/1/7
  switchport mode access
  interface gigabitethernet1/1/8
  switchport mode access
  interface gigabitethernet1/1/9
  switchport mode access
  interface gigabitethernet1/1/10
  switchport mode access
  interface gigabitethernet1/1/11
  switchport mode access
  interface gigabitethernet1/1/12
  switchport mode access
  interface gigabitethernet1/1/13
  switchport mode access
  interface gigabitethernet1/1/14
  switchport mode access
  interface gigabitethernet1/1/15
  switchport mode access
  interface gigabitethernet1/1/16
  switchport mode access
  interface gigabitethernet1/1/17
  switchport mode access
  interface gigabitethernet1/1/18
  switchport mode access
  interface gigabitethernet1/1/19
  switchport mode access
  interface gigabitethernet1/1/20
  switchport mode access
  interface gigabitethernet1/1/21
  switchport mode access
  interface gigabitethernet1/1/22
  switchport mode access
  interface gigabitethernet1/1/23
  switchport mode access
  interface gigabitethernet1/1/24
  switchport mode access
  interface gigabitethernet1/1/25
  switchport mode access
  interface gigabitethernet1/1/26
  switchport mode access
  interface gigabitethernet1/1/27
  switchport mode access
  interface gigabitethernet1/1/28
  switchport mode access
  interface gigabitethernet1/1/29
  switchport mode access
  interface gigabitethernet1/1/30
  switchport mode access
  interface gigabitethernet1/1/31
  switchport mode access
  interface gigabitethernet1/1/32
  switchport mode access
  interface gigabitethernet1/1/33
  switchport mode access
  interface gigabitethernet1/1/34
  switchport mode access
  interface gigabitethernet1/1/35
  switchport mode access
  interface gigabitethernet1/1/36
  switchport mode access
  interface gigabitethernet1/1/37
  switchport mode access
  interface gigabitethernet1/1/38
  switchport mode access
  interface gigabitethernet1/1/39
  switchport mode access
  interface gigabitethernet1/1/40
  switchport mode access
  interface gigabitethernet1/1/41
  switchport mode access
  interface gigabitethernet1/1/42
  switchport mode access
  interface gigabitethernet1/1/43
  switchport mode access
  interface gigabitethernet1/1/44
  switchport mode access
  interface gigabitethernet1/1/45
  switchport mode access
  interface gigabitethernet1/1/46
  switchport mode access
  interface gigabitethernet1/1/47
  switchport mode access
  interface gigabitethernet1/1/48
  switchport mode access
  interface gigabitethernet1/1/51
  switchport mode access
  interface gigabitethernet1/1/52
  switchport mode access
  exit
  macro auto disabled
  ip default-gateway 192.168.1.1
  encrypted
  +++++++++++++++++++++++++++++++++++=
  Cisco AIR-SAP2602I
  ! Last configuration change at 00:11:27 UTC Mon Mar 1 1993 by administrator
  version 15.2
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname XXX
  logging rate-limit console 9
  enable secret 5 $1$RVFD$DybWHlNypzf3XsnL6RGND/
  no aaa new-model
  no ip routing
  ip domain name XXX
  dot11 syslog
  dot11 vlan-name Guest_VLAN vlan 200
  dot11 vlan-name Internal_Users vlan 300
  dot11 vlan-name default vlan 1
  dot11 ssid Internal
     vlan 300
     authentication open
     authentication key-management wpa
     mbssid guest-mode
     wpa-psk ascii 7 05180704241A18471802161B05
  dot11 ssid Guest
     vlan 200
     authentication open
     authentication key-management wpa
     guest-mode
     mbssid guest-mode
     infrastructure-ssid optional
     wpa-psk ascii 7 10652D4B5341151E09173E
  crypto pki token default removal timeout 0
  crypto pki trustpoint TP-self-signed-2946962253
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-2946962253
  revocation-check none
  rsakeypair TP-self-signed-2946962253
  crypto pki certificate chain TP-self-signed-2946962253
  certificate self-signed 01
    3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 32393436 39363232 3533301E 170D3933 30333031 30303431
    34325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 39343639
    36323235 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    81009438 47D6CAB8 36B9260D D5FEFA7A DFA7E065 E47ECCA2 346674C6 54D9C004
    D6D62585 DE26A41E 447E8607 D0BD58C5 92899510 4EEBF95C 9352D082 1BB71EBF
    72D56DDC 87D55A85 4A242578 6BBD31AD E48C8354 1C7331BD 5ED9F29D 5F8B868E
    14DB0C08 3930D2D4 3266ED2D 9902DAA4 A348B722 82FCC132 6FC4BF22 DC7B9DBC
    2F010203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
    551D2304 18301680 149FB8D9 F772C9DE 4BC86DD9 451902F3 4994F7D8 E0301D06
    03551D0E 04160414 9FB8D9F7 72C9DE4B C86DD945 1902F349 94F7D8E0 300D0609
    2A864886 F70D0101 05050003 81810054 FBCE018A CC09679F 8CB2D20A C773DE00
    51AFA13A AB5105D5 BAAB6F2F B7CAF46A 2BFDCDDC F156593F 16C509EF 8C5215C1
    7631DEFA 9E16633C 1E89CE65 C56591B2 5BE90BD0 1941F0EA 5478924C 4C0E229D
    013743C3 2D4993E0 C44F9143 89A7A5D6 870E3A6C A772B8BB D032956F 1A5B894A
    40EC55B9 8C5E3876 7E4B45FE 3DD00B
              quit
  ip ssh version 1
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  encryption vlan 1 mode ciphers aes-ccm
  encryption vlan 100 mode ciphers aes-ccm
  encryption vlan 200 mode ciphers aes-ccm
  encryption vlan 300 mode ciphers aes-ccm
  broadcast-key vlan 1 change 10000
  broadcast-key vlan 100 change 10000
  ssid Internal
  ssid Guest
  antenna gain 0
  stbc
  mbssid
  station-role root
  interface Dot11Radio0.200
  encapsulation dot1Q 200 native
  no ip route-cache
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 spanning-disabled
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  interface Dot11Radio0.300
  encapsulation dot1Q 300
  no ip route-cache
  bridge-group 255
  bridge-group 255 subscriber-loop-control
  bridge-group 255 spanning-disabled
  bridge-group 255 block-unknown-source
  no bridge-group 255 source-learning
  no bridge-group 255 unicast-flooding
  interface Dot11Radio1
  no ip address
  no ip route-cache
  encryption vlan 1 mode ciphers aes-ccm
  encryption vlan 300 mode ciphers aes-ccm
  encryption vlan 200 mode ciphers aes-ccm
  broadcast-key vlan 1 change 10000
  antenna gain 0
  dfs band 3 block
  channel dfs
  station-role root
  interface Dot11Radio1.1
  encapsulation dot1Q 1
  no ip route-cache
  interface Dot11Radio1.200
  encapsulation dot1Q 200 native
  no ip route-cache
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 spanning-disabled
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  interface Dot11Radio1.300
  encapsulation dot1Q 300
  no ip route-cache
  bridge-group 255
  bridge-group 255 subscriber-loop-control
  bridge-group 255 spanning-disabled
  bridge-group 255 block-unknown-source
  no bridge-group 255 source-learning
  no bridge-group 255 unicast-flooding
  interface GigabitEthernet0
  no ip address
  no ip route-cache
  duplex auto
  speed auto
  no keepalive
  hold-queue 160 in
  interface GigabitEthernet0.1
  encapsulation dot1Q 1
  no ip route-cache
  interface GigabitEthernet0.200
  encapsulation dot1Q 200 native
  no ip route-cache
  bridge-group 1
  bridge-group 1 spanning-disabled
  no bridge-group 1 source-learning
  interface GigabitEthernet0.300
  encapsulation dot1Q 300
  no ip route-cache
  bridge-group 255
  bridge-group 255 spanning-disabled
  no bridge-group 255 source-learning
  interface BVI1
  ip address 192.168.1.10 255.255.255.0
  no ip route-cache
  ip default-gateway 192.168.1.1
  no ip http server
  ip http secure-server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
  bridge 1 route ip
  line con 0
  line vty 0 4
  login local
  transport input all
  end
  +++++++++++++++++++++++++++++++++++++++++
  I was able to get dhcp from the Sonicwall with 192.168.1.0/24, but not from the SG500. I created a scope(192.168.2.0/24 for guest; 192.168.3.0/24 for internal users) I even created DHCP scope on the AP, but cannot get an IP from that either. I creatd an ACL to allow the 192.168.3.0/24 access elewhere, and denied 192.168.2.0 access to other but internet.
  If I disabled all scopes on the Sonicwall, I get an APIPA from both AP/SG500. Any thoughts?

  What is your default VLAN?
  On the AP, you configured VLAN 200 to be the native. is that the same with your othe devices?
  "encapsulation dot1Q 200 native"
  Regards,
  Amjad
  Rating useful replies is more useful than saying "Thank you"