SG300 - ACL problem

I'm trying to setup an ACL on my SG300-20 to enable FTP and a few other protocols to a server, but I'm running data that returns on different ports (ie active FTP).
Below is a sample:
Extended IP access list Protocol_Restriction
    permit  tcp  any ftp any any
Now that works great to allow a connection, but with active ftp when the data tries to come back on a different port (I assume) it is just hung up as all other ports are denied.
I event tried allowing all ports to come back from the server:
Extended IP access list Protocol_Restriction
    permit  tcp  any ftp any any
    permit  ip any host 192.168.0.100
But that also didn't work seem to work.
I've played around with this in layer2 and layer3 to no avail.  I've also seen many tips on applying in and out to the various interfaces, but that doesn't seem to work.  Is that something that is only available on higher end switchers/firewalls?
Can anyone assist with this?
Thanks,

Hi
There are a few rules to getting ACLs working.
ACL is made up of a number of ACE entries
ACE entries use REVERSE MASKING
There is an implicit (invisible) deny at the end of the ACE entries, so if you want to include all other traffic at the bottom of a ACE list you have to state with a ACE entry a  permit all any any, like i did in the example below.  I think you got trapped on this rule.
ACE entries are ordered in priority from low number  to high number. The ACE entries are executed in desending order starting from a lower number  and down the list as you see it on the GUI.
ACL need to be bound to a switch interface.
ACL listen for pattern matches on ingress of packets not on egress into a physical switch port.
.So imagine that a ACL is like a ear listening to packets coming into the switch from some other device or IP host.
A scenario to restrict the  FTP access of one host to One FTP server;
I wish to restrict one IP host (192.168.10.106) on switch port 8,  from accessing a FTP server which is at IP address 192.168.10.101
I created a ACE list below as part of a ACL . (I really didn't need  the priority 20 entry )
The restricted Host is on switch port 8, so I would Bind the ACL to switch port 8 to listen for pattern matched within my ACE list
Here is the CLI it created , if you are interested;
ip access-list extended Restrict_FTP
deny tcp 192.168.10.106 0.0.0.0 any 192.168.10.101 0.0.0.0 20-21
permit tcp 192.168.10.0 0.0.0.255 any 192.168.10.101 0.0.0.0 20-21
permit ip any any
exit
interface gigabitethernet8
service-acl input Restrict_FTP
exit
Remember,  to save any  changes.
Hope this helps, but if not check the following community post.
https://supportforums.cisco.com/thread/2061080
regards Dave

Similar Messages

  • 300-28 Switches ACL Problem (Lack of Hardware Error)

    Hi!
    I am using SG300-28 switches in Layer 3 mode. I have 15 Vlans created and routing. I have 3 ACLS applied on the 5 VLANs.
    I am facing problem while adding another ACL in the VLAN interface error is (Lack of Hardware resources).
    I don't know what is the problem, I am worried about it. Please help in this.
    I have also updated my switch to latest firmware e.g.1.4.0.88

    hi
    seems you've reached maximum number of ACL entries for switch (512). Please:
    how many ACLs you have configured in total?
    how many entries have each applied access list on your switch?
    you can also check available resources with command "show system resources tcam"

  • ASA ACL Problems

    I have several new ASA-5520 boxes. All are configured with version 7.06 (Cisco recomendation) and in active/standby configuration.
    The problem is that the ACLs seem to disapear. For example; I have an outside access list that have about 20 lines. Every once in a while the ACL will start blocking traffic that is permitted by the ACL. When I do a 'sh access-list outside' it says that there are only two elements. They are there when I look at the running config. If I wait a while they start to work again and show up as 'active elements' again. I can force a failover and failback to fix it or restart the firewall. I will open a TAC case on Monday. I was hoping that maybe someone has seen this and has a quick solution.
    Thanks,
    Patrick

    could you provide the show running-config?

  • Security update fixes ACL problems, almost

    So far when running disk permissions, I've had one iMac C2D have no problems reported and the other iMac C2D only have ACL issues on /Library

    Open the Terminal application and type:
    man chmod
    Look under the heading ACL MANIPULATION OPTIONS. The argument that you would use is:
    "everyone deny delete"
    If you can't understand the manual then leave your handy work alone. It's not a large security breach. chmod, chown, and chflags should only be used when you understand what you are doing.

  • ACL problem in 6 and 5.1 sp9? Bug?!

    Hi all gurus:
    I got this problem for several days, and still cannot solve it. Can
    anyone help me?
    My design is to put all my beans and connection pool under one "kbf"
    acl. And "guest" servlet/jsp accesses these beans by using this "kbf"
    account. And it works in 5.1 sp8.
    Then i tried to use sp9. The very first time when jsp is compiling
    by WLS, all the jsps work correctly! After that, immediately click the
    link again, it throws jndi exception. Saying "guest" no permission to
    access "kbf" jndi. But my "guest" actually is a servlet/jsp running
    inside the server.
    So then we tried to use 6 sp2, to see whether we can solve the
    problem. And the funny things come out as follows.
    I just click my URL link in browser, first time everything is fine,
    my data is shown correctly. second time it throws ACL exception ,saying
    guest no right to look up my JDBC pool. Click again, the data comes out
    again. Clieck again throws same exception. It is a "toggle".
    And, for another jsp page/link, (it gets data from two tables),
    first time both two tables data are shown. Click some other link, then
    come back to click this link, only one table data is shown, then click
    this link again, both are shown. It is also a "toggle", slightly
    different.
    Something really funny going on for this ACL!
    Can anyone in BEA tell me more about this ACL issue? Why always
    nobody cares to answer these ACL questions? Both in ejb group and
    security group?
    Or simply nobody is using ACL in their project?
    Or i missed out something important? or i am abusing ACL?
    Or is it a bug?
    Since we are going to production very soon, i need the solution
    ASAP. Right now i only have two solutions:
    1. stick to 5.1 sp8.
    2. grant "guest" permission to all my beans, connection pool, which
    means no use for the ACL at all.
    Hope someone at least give me an hint. And sorry for the crossing
    post.
    Thanks.
    minjiang

    Thanks a lot!
    The problem is that i cached the ejb homes and connection pool. So now i use
    your first solution, create context everytime, although the performance may be
    slow down.
    But strange, it works in 5.1 sp6-8.
    Thanks again, Dimitri!
    minjiang
    Dimitri Rakitine wrote:
    The security context is associated with thread so, for example:
    in a servlet, you create InitialContext as "user" and save it.
    Next request which will be "guest" anyway.
    So, if you want authentication, you can either
    - create InitialContext everytime
    - use j2ee security so container will do this automatically:
    http://e-docs.bea.com/wls/docs61/webapp/security.html
    Dimitri
    On Fri, 13 Jul 2001, minjiang wrote:
    Hi Dimitri:
    Sorry to mail you directly.
    I have this question for quite some time. And not receive any
    response for my posting, cross posting.
    Do you have any idea why my deployment works on 5.1 sp8, but not on
    sp9 and 6 sp2?
    I noticed bea changed the weblogic.ejb.interal.StatefulEJBObejct,
    and StatefulEJBCache in sp9, and this is part of why my application
    cannot work. (for one facade session bean looking up other beans in
    another acl)
    Another part is i described in the forward posting, for my "guest"
    jsp/servelt cannot access other acl?
    For my understanding, since my facade bean and jsp/servlet only run
    inside the WLS server, so as long as the correct credential is supplied
    while constructing the jndi context, they should be allowed, right? It
    shoud not be only one credential in one thread, which seems WLS is doing
    now.
    Thanks for help, and any hint or document is appreciated.
    minjiang

  • WLC ACL Problem

    Hi all,
    I'm having problems when trying to apply an ACL to my WLC dynamic interfaces. I have three WLANs that I wish to keep separated and am using ACLs that I have configured on the controller, the only problem is they don't seem to work!
    Ping test from 10.201.32.11 on WLAN1 to 10.201.27.41 on WLAN2 works and the current ACL is below:
         1 Out     10.201.32.0/255.255.252.0       10.201.24.0/255.255.252.0    Any     0-65535     0-65535  Any   Deny           0
         2  In     10.201.24.0/255.255.252.0       10.201.32.0/255.255.252.0    Any     0-65535     0-65535  Any   Deny           0
         3 Out     10.201.32.0/255.255.252.0       10.201.28.0/255.255.255.0    Any     0-65535     0-65535  Any   Deny           0
         4  In     10.201.28.0/255.255.255.0       10.201.32.0/255.255.252.0    Any     0-65535     0-65535  Any   Deny           0
         5 Out     10.201.32.0/255.255.252.0     192.168.200.0/255.255.255.224  Any     0-65535     0-65535  Any   Deny           0
         6  In   192.168.200.0/255.255.255.224     10.201.32.0/255.255.252.0    Any     0-65535     0-65535  Any   Deny           0
         7 Any         0.0.0.0/0.0.0.0                 0.0.0.0/0.0.0.0          Any     0-65535     0-65535  Any Permit          69
     DenyCounter : 0
    Each WLAN is sat on its own separate dynamic interface and own unique subnet.
    Any suggestions would be most appreciated.
    Thanks.

    Hi,
    Keep in mind the direction of the ACL.
    In means from client destined  to WLC
    Out means from WLC destined to client.
    It should look like this:
    Index  Dir       IP Address/Netmask              IP Address/Netmask        Prot    Range       Range    DSCP  Action      Counter
         1  In     10.201.32.0/255.255.252.0       10.201.24.0/255.255.252.0    Any     0-65535     0-65535  Any   Deny           0
         2 Out     10.201.24.0/255.255.252.0       10.201.32.0/255.255.252.0    Any     0-65535     0-65535  Any   Deny           0
    Don't forget to apply the ACL on interface or on WLAN.
    Regards,
    Christos.

  • Leopard Server / Windows / ACL Problem

    We have this problem that came up sense we upgraded our servers to Leopard. When Windows users are accessing files (over SMB), the POSIX permissions seem to override the ACLs. This is a problem because applications like Excel will change the permissions.
    This worked perfectly in Tiger. The windows user would modify the POSIX permissions all they want, but it wouldn't matter because the ACLs were what mattered.
    Does anyone know of a solution. This is a real problem.

    Since your issue is caused by OS X Server, you may want to post your question over in the OS X Server forums:
    http://discussions.apple.com/category.jspa?categoryID=96

  • 4506, ACL problem

    I have 4506 that is used in a lab environment. We utilize the 192.168.X.X split up into vlans
    vlan 2 assgined ip address 192.168.0.1
    vlan 3 assigned ip address 192.168.1.1
    vlan 4 assigned ip address 192.168.2.1
    vlan 5 assinged ip address 192.168.3.1
    and so on.
    here is the problem:
    I need the people using 192.168.3.X on vlan 5 to only be able to access outside their vlan on PING (ICMP), DNS (udp 53), Proxy server on port 8080, LDAP (tcp 369), and SSL (tcp 443) this is to all vlans.
    And only host 192.168.0.180 on vlan 2
    and host 192.168.2.181 on vlan 4
    to be able to access all ip's on the vlan 5
    Every thing I have tried with extended acls has failed to allow this to happen.
    Ken Taylor

    here's a small excerpt of something similar i set up on a 6509 using reflexive acl's. (adjust ip's and ports to your liking)...
    ip access-list extended vlan232_acl_inbound
    evaluate intraffic232
    permit tcp any host 192.168.232.20 eq www reflect outtraffic232
    permit tcp any host 192.168.232.20 eq 443 reflect outtraffic232
    permit tcp any host 192.168.232.20 eq ftp reflect outtraffic232
    permit tcp any host 192.168.232.20 range 1024 5000 reflect outtraffic232
    permit tcp any host 192.168.232.42 eq ftp reflect outtraffic232
    permit tcp any host 192.168.232.42 range 1024 5000 reflect outtraffic232
    permit ip host 192.168.51.5 192.168.232.0 0.0.0.255
    permit ip 192.168.231.0 0.0.0.255 192.168.232.0 0.0.0.255
    permit ip host 206.195.31.0 192.168.232.0 0.0.0.255
    deny ip 192.168.0.0 0.0.255.255 192.168.232.0 0.0.0.255
    ip access-list extended vlan232_acl_outbound
    evaluate outtraffic232
    permit ip 192.168.232.0 0.0.0.255 host 192.168.151.33 reflect intraffic232
    permit ip 192.168.232.0 0.0.0.255 192.168.2.0 0.0.0.255 reflect intraffic232
    permit ip 192.168.232.0 0.0.0.255 192.168.3.0 0.0.0.255 reflect intraffic232
    permit ip 192.168.232.0 0.0.0.255 host 192.168.51.5
    permit ip 192.168.232.0 0.0.0.255 192.168.231.0 0.0.0.255
    deny ip 192.168.232.0 0.0.0.255 192.168.0.0 0.0.255.255
    permit ip 192.168.232.0 0.0.0.255 any reflect intraffic232
    interface Vlan232
    ip access-group vlan232_acl_outbound in
    ip access-group vlan232_acl_inbound out

  • Strange ACL problem...

    Using Server 10.5.2
    Trying to create a custom ACL for a sharepoint where two different groups are allowed permissions for everything except for deleting files and folders. I have set these using File Sharing in Server Admin and ticking the boxes in custom ACL.
    I have propagated the permissions through the files and folders in the sharepoint and checked in terminal that they have taken using ls -le.
    However, when logging in, the user is able to create a new folder within the sharepoint but not able to change its name (permission denied). They can't delete also (so at least that works!).
    If I give the user (group) full access or read and write access, everything is fine but obviously they can delete files...not so good.
    The same problem occurs on another sharepoint and also using other users....
    Any ideas??
    Thanks,
    Joel.

    i don't know if this still applies, but it should.
    check this archived thread:
    http://discussions.apple.com/thread.jspa?messageID=1535247

  • SMB ACL Problem

    We have this problem that came up sense we upgraded our servers to Leopard. When Windows users are accessing files (over SMB), the POSIX permissions seem to override the ACLs. This is a problem because applications like Excel will change the permissions.
    This worked perfectly in Tiger. The windows user would modify the POSIX permissions all they want, but it wouldn't matter because the ACLs were what mattered.
    Does anyone know of a solution. This is a real problem.

    OK, here's a tip that may get the situation going for you all. This involves making an adjustment to your server's Samba configuration file, which should be done with the Windows SMB services stopped.
    In /etc/smb.conf, add the following line under [global]:
    *acl check permissions = no*
    This mailing list archive notes the same problem: http://lists.apple.com/archives/macos-x-server/2008/Jan/msg00759.html, and it offered the above solution.
    Here's a little more about why this alteration is required: Windows clients work a little differently when determining if a file or folder (an item) can be deleted or not. With simple POSIX permissions, you're allowed to delete an item as long as you have write access to the item's parent folder and as long as the POSIX special permission sticky (owner only delete) bit is not set. With ACLs, deletion can be granted explicitly on the item via the use of delete or it can be granted via implication so long as the item's parent has delete_child. In short, to deny deletion of an item, you must deny delete on the item itself and delete_child on its parent. Now it's starting to get a bit more complicated to determine if some item can or cannot be deleted.
    Apparently Windows clients perform a "pre-scan" of a folder's contents ahead of time to determine if an item can or cannot be deleted. The logic behind this "pre-scan" works like this: 1. Assume that the item cannot be deleted. 2. If the pre-scan evaluates effective permissions correctly, and those permissions allow delete, flag the item as being delete-able.
    Now when you go to delete the item, Windows just checks the result of its pre-scan. With Leopard, Windows boxes are having trouble evaluating effective permissions from the Darwin ACL model. (I don't know why.) Thus, the pre-scan returns "deletion denied" because that's the default assumption. Windows didn't even try to delete the file; rather, it simply doesn't think this is possible.
    The use of *acl check permissions = no* disables this Windows "pre-scanning" behavior. Unfortunately, this can mean that an item that really cannot be deleted appears to be delete-able. In this case the item will "magically reappear" the next time the folder's contents are refreshed in Windows.
    Hope this helps! This is my present understanding of the need.
    --Gerrit
    Message was edited by: Gerrit DeWitt

  • IWork09 + Mac Os X Server Snow Leopard 10.6 - ACL problem

    I have a client with 6 users who are having issues saving iWork files in our MacMiniServer running 10.6.6.
    Users, in MacOsX server are setting inside a group "i.e. GROUP". GROUP, in ACL field, have Full Control of Folder, child foldes, child files, all discendants and I propagate permissions.
    One client, member of GROUP, can save pages/numbers/preview files into server, but every time other client, member of same GROUP, try to modify that document in mainly, Numbers or Pages (and also Preview) it is giving errors, "I don't have the specific ones at this time". So we have to drag the documents to our Local Desktop, save and then drag drop back into the Server folder, we all have read and write access to these documents.
    I have seen in Server Admin File Sharing that iWork and Preview files lose their ACL information, while Office files, Archicad files and other don't have any problem.
    Anyone have any ideas?
    Thanks

    Hi Yvan!
    Few minutes ago I resolve my problem and now I tell you how.
    The problem isn't that several users may work simultaneously on a given document (iWork files), but my typical situation was:
    A user (X) saves a new pages files into server shared folder. He closes file and Pages.
    After time, other user (Y) goes to open that file but for him it is impossible resaving the file. Not simultaneously, but in different time. IWork files lost their ACL.
    In my server user X and user Y are inside the same group (AAA) and, in the share folder, ACL permissions are Full Control for AAA Groups.
    This morning I have generated a new Share Points, I propagate permissions (Group AAA Full Control) to This Folder, Child Folders & Files and then I have transfered all my files from older Share Points to newest Share Folder. All iWork file now are working without permission problems.

  • 6.0sp5 ssl/acl problem

    good day,
    I'm using this acl file:
    version 3.0;
    acl "es-internal";
    allow (read, list, execute,info) user = "anyone";
    deny (write, delete) user = "anyone";
    acl "default";
    authenticate (user,group) {
    database = "default";
    method = "basic";
    allow (read,execute)
    (user = "anyone") and
    (dns = "*.llnl.gov");
    deny (write,delete,list,info)
    (user = "anyone");
    with two listeners on the same machine, one with ssl and one with no ssl. I have no problems with the non-ssl listener but
    with the ssl listener I'm getting 403;forbidden message when I try posting a jsp/servlet form. yet the execute permission is granted .
    the log file says:
    [..] denied by ACL default directive 2

    Don't do so!
    Just add the path /web/server/vs2/doc/struts-blank/WEB-INF/classes/ to your IWS6 JVM classpath, it is OK forever!!
    As follow:
    Start administer web server-->Select a Server: your server, click manager-->Java-->Configure JVM Attributes-->Add your specifically path(such as ...../WEB-INF/classes/) to the Classpath-->Click OK-->restart webserver.

  • Lenovo Beacon ACL problem

    Hi,
    i have Lenovo Beacon 2x3TB, ACL had failed, and now i can't change folder permision in web or even in terminal. I tried to restore factory settings, but that did not change anything. I did reset but it did not help. Please for assistance for this problem. Here is folder permision in Private share:
    drwxr-xr-x   6 nobody  users 4096 Mar 27 04:00 .
    drwxr-xr-x  19 root    root  4096 Mar 27 03:56 ..
    drwxrwx--x+  8 admin   users 4096 Mar 26 03:55 admin
    drwxrws--x+  7    1001 users 4096 Mar 27 03:59 milena
    drwxrwx--x+  7    1002 users 4096 Mar 27 04:00 test
    drwxr-sr-x+ 36 tsekata users 4096 Apr 12 00:23 tsekata

    lenovo A369i touch not working

  • SG300-20 - Problems with Forwarding and Learning MACs until Write

    I have an SG300-20 and started having problems a few weeks ago.  Primarily the problem is related to rebooting systems, waking systems from sleep, or any other activity such as speed/duplex changes on the host that cause the host NIC to cycle.  Regardless of how the host NIC "goes down", when the host NIC "turns up" it shows connected on the host and switch, but the SG300 refuses to learn the MAC.  The only remedy seems to be the write command.  Immediately after the write command is issued there is delay from 0 to a few seconds, then L2 connectivity returns.
    Also, a new problem cropped-up during testing after changing the mode to "route."  If I reload the switch it stops forwarding all traffic until a write command is issued.
    Anyone see these symptoms and have a solution?
    Thanks,
    Jeff

    Jeff, I can't recreate this.
    switch0d8210#set system mode switch                                  
    Changing the switch working mode will *delete* the startup configuration file                                                                            
    and reset the device right after that. It is highly recommended that you will                                                                            
    backup it before changing the mode, continue ? (Y/N)[N] Y                                                        
    switch0d8210#10-Oct-2013 17:19:08 %FILE-I-DELETE: File Delete - file URL flash:/                                                                               
    /startup-config              
    switch0d8210#reload                  
    You haven't saved your changes. Are you sure you want to continue ? (Y/N)[N] Res                                                                               
    etting local unit                
    *****************  SYSTEM                        
    Boot1 Checksum Test...............................PASS                                                     
    Boot2 Checksum Test...............................PASS                                                     
    Flash Image Validation Test.......................PASS                                                    
    BOOT Software Version 1.3.5.06 Built  21-Jul-2013  15:12:10                                                          
    Networking device with Marvell ARM CPU core. 128 MByte SDRAM.                                                            
    I-Cache 16 KB. D-Cache 16 KB. L2 Cache 256 KB. Cache Enabled.                                                            
    MAC Address   :  00:26:0b:0d:82:10.                                  
    Autoboot in 2 seconds - press RETURN or Esc. to abort and enter prom.                                                                    
    Preparing to decompress...                         
    100%    
    Decompressing SW from image-1                            
    100%    
    OK 
    Running from RAM...                  
    GPIO ID is 3           
    Module type is 10                
    Device ID 0xdff411ab                   
    *** Running  SW  Ver. 1.3.5.58  Date  10-Oct-2013  Time  17:15:41 ***                                                                    
    HW version is V01                
    Base Mac address is: 00:26:0b:0d:82:10                                     
    Dram size is  : 128M bytes                         
    Dram first block size is  : 102912K bytes                                        
    Dram first PTR is  : 0x1780000                             
    Dram second block size is  : 4096K bytes                                       
    Dram second PTR is  : 0x7C00000                              
    Flash size is: 16M                 
    .....10-Oct-2013 17:15:44 %CDB-I-LOADCONFIG: Loading running configuration.                                                                          
    10-Oct-2013 17:15:44 %CDB-I-LOADCONFIG: Loading startup configuration.                                                                     
    Device configuration:                    
    Slot 1 - SG300-28P                 
    Device 0: GT_98DX3025 (AlleyCat)                               
    -- Unit Standalone                --                                   
    Tapi Version: v1.9.6                   
    Core Version: v1.9.6                   
    10-Oct-2013 17:16:20 %INIT-I-InitCompleted: Initialization task is completed                                                                           
    Detected speed: 115200                     
    10-Oct-2013 17:16:34 %Entity-I-SEND-ENT-CONF-CHANGE-TRAP: entity configuration c                                                                               
    hange trap.          
    10-Oct-2013 17:16:34 %SNMP-I-CDBITEMSNUM: Number of running configuration items                                                                              
    loaded: 0        
    10-Oct-2013 17:16:34 %SNMP-I-CDBITEMSNUM: Number of startup configuration items                                                                              
    loaded: 0        
    The SSH Server is generating a default RSA key.                                              
    This may take a few minutes, depending on the key size.                                                      
    10-Oct-2013 17:16:35 %Environment-I-FAN-STAT-CHNG: FAN# 1 status changed - opera                                                                               
    tional.      
    The SSH Server is generating a default DSA key.                                              
    This may take a few minutes, depending on the key size.                                                      
    10-Oct-2013 17:17:20 %SYSLOG-N-LOGGING:                                      
    The SSH Client is generating a default RSA key.  
    User Name:cisco              
    Password:
    This may take a few minutes, depending on the key size.e default settings. Please change the passwor         
    The SSH Client is generating a default DSA key.                     
    d for better protection
    This may take a few minutes, depending on the key size.                                                      
    10-Oct-2013 17:18:16 %SSL-I-SSLCTASK: Starting autogeneration of self-signed cer                          
    Aging time is 300 sec                    
    switchb2
    tificate - 1024 bitsitchb29140#wr mem  
    Generating RSA private key, 1024 bit long modulus Port       Type                                
    10-Oct-2013 17:18:24 %SSL-I-SSLCTASK: Autogeneration of self-signed certificate                                        
       1       e0:5f:b9:b2:91:40       0
    was successfully completed                         
    Generating RSA private key, 1024 bit long modulush mac address-tab                             
    User Name:         
    press ENTER key to retry authentication
    User Name:
    Detected speed: 115200
    User Name:cisco
    Password:*****
    Please change your password from the default settings. Please change the passwor
    d for better protection of your network. Do you want to change the password (Y/N
    )[Y] ?N
    switch0d8210#show mac address-table
    Aging time is 300 sec
      Vlan        Mac Address         Port       Type
       1       00:26:0b:0d:82:10       0         self
       1       64:31:50:1c:50:d3      gi3      dynamic
       1       d0:67:e5:56:14:32      gi2      dynamic
    switch0d8210#
    -Tom
    Please mark answered for helpful posts

  • Invoke-Command and $using:ACL problem

    Hi,
    Can anyone point me in the right direction.
    I want to modify and ACL on a remote server, but i cannot assign a variable inside the invoke-command where i'm also refferencing an local variable.
    When the first invoke-command is ran i get an error:
    A Using variable cannot be retrieved. A Using variable can be used only with Invoke-Command, Start-Job, or InlineScript
    in the script workflow. When it is used with Invoke-Command, the Using variable is valid only
    if the script block is invoked on a remote computer.
    $DriveFunctionDirectoryStructure="z:\projects\1"
    Invoke-Command
    -Session$s-ScriptBlock{$acl=get-acl$using:DriveFunctionDirectoryStructure}
    Invoke-Command
    -Session$s-ScriptBlock{$acl.SetAccessRuleProtection($using:True,$using:ToggleAccessRuleFlag)}
    Invoke-Command
    -Session$s-ScriptBlock{Start-Sleep-Seconds5}
    Invoke-Command
    -Session$s-ScriptBlock{$rule=New-ObjectSystem.Security.AccessControl.FileSystemAccessRule("localdomain\$using:groupName","$using:AccessOption","ContainerInherit,
    ObjectInherit","None","Allow")}
    Invoke-Command
    -Session$s-ScriptBlock{$acl.AddAccessRule($rule)}
    Invoke-Command
    -Session$s-ScriptBlock{Set-Acl$using:DriveFunctionDirectoryStructure$acl}

    Hi RFalken,
    you can use the -ArgumentList parameter of Invoke-Command like this:
    $script = {
    Param (
    $Parameter1,
    $Parameter2
    Invoke-Command -ScriptBlock $script -ArgumentList @(2,42)
    Cheers,
    Fred
    There's no place like 127.0.0.1

Maybe you are looking for

  • Where can i find steps to back up iPhone to time machine?

    where can i find steps to back up iPhone to time machine?

  • How to display total for a column in updateble report

    How can I display total on a report column? the query is select htmldb_item.checkbox(1,invoice_id) invoice_id, htmldb_item.DISPLAY_AND_SAVE(2,invoice_no,15)invoice_no, htmldb_item.DISPLAY_AND_SAVE(3,to_char(invoice_date, 'DD-MON-YYYY'),20) invoice_da

  • Repository like table names in user_tab_columns after generating database

    Hello, Steps 1) database was redesigned (table names, columns, PK, FK) in Oracle Designer (9.0.4.3.14) 2) Changes were exported into the actual application schema of a pysical database Problem: Some table names occur twice in the dictionary view USER

  • EMac freezing

    Hello, I have an eMac which I have updated to Tiger. I never had a problem before...now my computer freezes whenever it feels like it. I called Apple and did the utilities repair...I also reinstalled Tiger. I know that I do need to add some memory, b

  • Related to servlets and core java

    Hi, How the JVM and servlet container/wecontainer/ejb container is communicating with each other coz they sit in difft places...