Static configuration
if i have dsl, a modem and a 3rd party router:
do i put the static connection in the computer?the modem?the router?
when im isolated down to just the modem/computer i can get connected online with the tcpip config set to static.once i plug in the router im not sure what to do.do i need to put computer on dhcp/then put static in the router?
You should have no problem configuring:
"ip route vrf vrf1 192.168.2.0 255.255.255.0 FastEthernet 0/0 x.x.x.x" with X being your next hop IP
Similar Messages
-
DACL with static IP configuration
Hi,
I want to restrict client communication based on dACLs for some Endpoint-Groups with MAB. Most of the clients are configured with DHCP, for these clients everything working fine. But there are also clients with static IP configuration and here is the problem. ISE does not know the ip address of the static configured client, so the 'source any' statement of the dACL can not be replaced with the client IP.
How is it possible to let ISE learn the static addresses and get this working?
ISE is on v1.2, IOS on switch is on 15.02.SE1
Thanks, FlorianI am not very much sure but can you try this and check (instead of any any just giving your network address)
http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_sw_cnfg.html
Define Local (Default) ACLs on the Switch
Enable these functions on older switches (with IOS releases earlier than 12.2(55)SE) to ensure Cisco ISE is able to perform the dynamic ACL updates required for authentication and authorization.
ip access-list extended ACL-ALLOW
permit ip any any
ip access-list extended ACL-DEFAULT
remark DHCP
permit udp any eq bootpc any eq bootps
remark DNS
permit udp any any eq domain
remark Ping
permit icmp any any
remark Ping
permit icmp any any
remark PXE / TFTP
permit udp any any eq tftp
remark Allow HTTP/S to ISE and WebAuth portal
permit tcp any host <Cisco_ISE_IP_address> eq www
permit tcp any host <Cisco_ISE_IP_address> eq 443
permit tcp any host <Cisco_ISE_IP_address> eq 8443
remark Drop all the rest
deny ip any any log
! The ACL to allow URL-redirection for WebAuth
ip access-list extended ACL-WEBAUTH-REDIRECT
deny ip any host <Cisco_ISE_IP_address>
permit ip any any -
Is it possible using the router as a DHCP server with a static configuration.
I.e. same IP for the same userMake a dhcp pool mapping only one mac address.
Look example below.
ip dhcp pool statichost
host 192.168.1.1 255.255.255.0
hardware-address 0010.a3fd.2f9f
client-name something
domain-name test.com
default-router 192.168.1.254
dns-server 192.168.1.10
lease 1 0 -
Configuring MPLS VPN using static routing
Hi,
I am managed to set up a BGP/MPLS VPN in a laboratory using CS3620 routers running IOS 12.2(3) with ISIS. I am thinking of using static routes among the PE and P routers instead of a IGP. Does anyone know if Cisco routers supports static configuration of LSP? I have tried but could not get it work.You can very well run MPLS with static routing in the core, as in Cisco we have to meet 2 criterias to have a MPLS forwarding Table.
1) Creating the LIB
This thing lies in having LDP neighborship netween two peers and you have Label bindings.
This is irrespective of what is the best next hop to reach the advertising peers LDP_ID.
2) Creating the LFIB
Now after considering all the Label bindings, the LDP_ID which can be reached out an interface
as a next hop, those Label bindings get installed in the LFIB.
So considering the above two points, we have to be careful in static routes
only for interfaces like Ethernet (Multiaccess Segments).
As in CEF when you give a static route pointing to an Ethernet Interface, CEF creates a
GLean Adjacency (Meaning there could be multiple hosts as the next hop on this segement, and it will glean for the right next-hop)
Now you may observe that when you give a static route only pointing to an Ethernet interface,
you LDP adjacency may come up and you may exchange the bindings with each other. But the Label Forarding Table is not created. This is bcos of this being a Multiaccess interface. And you have
Glean For it. If its a Normal WAN interface like Serial or POS, then there is no problem of
GLean and you would have a Valid Cached Adjacency.
So to avoid probelems with Ethernet interfaces you can simply specify the next-hop-ip address.
For Eg: ip route 10.10.31.250 255.255.255.255 10.10.31.226 (Without the Interface)
ip route 10.10.31.250 255.255.255.255 fa0/0 10.10.31.226 (Or with the Interface)
Only Difference in both is in the first one it has to do a recursive lookup for the outgoing interface. Otherwise both work well. And you can have static routes in your network
running MPLS.
And doing this CEF would would work as it should and you would have a Valid Cached Adjacency.
So this is applicable for Cisco devices which use CEF, including 6500 with SUP720.
HTH-Cheers,
Swaroop -
Configure static PAT for port range
Hi,
could someone help with this:
we have an ASA 5510 version 8.2 and ASDM 6.4. we want to configure a static PAT for a range of TCP and UDP port. in the nat configuration window we have just to enter one port ( range are note accepted).
Thanks,Hi,
In software levels 8.2 and below the only option is to generate a separate configurations for each port. This is easiest achieved through the CLI and using some text editor to help generate the possibly large configurations.
On ASA software 8.3 and above (where NAT format was completely redone) you have the option to use a single "nat" command to configure Static PAT for a continuous range of ports.
So your option is to either generate a separate "static" configuration for each port or upgrade the software to a newer one to be able to do Static PAT for a range of ports.
Naturally the update involves rewriting the current NAT configuratins into a new format even though booting to newer software usually converts the configurations automatically but with varying success.
- Jouni -
Sharing static members between Swing application and Web application
Hi,
if someone has done this please help:
I have created 3 classes:
Mainclass using JFrame which is used as host class for DBConnectionManager class,
and ConfigBean class used for storing static configuration parameters:
static public String strUser = "";
static public String strPassword = "";
static public String strDB = "";
static public int nMaxConn = 0;
static public String strPoolName = "";
static public boolean bConnected = false;
static public int nCurrentUsers = 0;
static public DBConnectionManager manager = null;
public DBConnectionManager getDBManager()
return this.manager;
public void setDBManager(DBConnectionManager manager)
this.manager = manager;
DBConnectionManager class uses static instance to see if this is only class created by client users.
Only static member in this class is getInstance member function for startig manager:
static synchronized public DBConnectionManager getInstance()
if (instance == null)
instance = new DBConnectionManager();
return instance;
In Mainclass I also created non static DBConnectionManager class for manipluation with host administrator.
Then I created web application layout in Tomcat 4 and used index.jsp:
<%@ page import="java.sql.*,java.io.*" %>
<jsp:useBean id="cfgbean" class="webvobapli.ConfigBean" scope="application" />
<%!
webvobapli.DBConnectionManager db = null;
String strMessage = "";
Statement stmt1;
ResultSet rset1;
String strQuery = "select count(*) from cards";
%>
<html>
<%
try
db = cfgbean.getDBManager();
if(db==null)
strMessage = "Error";
else
Connection con = db.getConnection("central2");
if(con != null)
stmt1 = con.createStatement();
rset1 = stmt1.executeQuery(strQuery);
rset1.next();
strMessage = rset1.getString(1);
else
strMessage = "NULL";
catch(Exception e)
strMessage = e.toString();
%>
<p>Message = <%=strMessage%></p>
</html>
Question: why db = cfgbean.getDBManager(); returns null if I created instance of DBConnectionManager
class in Mainclass and assigned it to ConfigBean as static instance before running web application.
Shouldn't all java programs share static memory area?
Beast Regards
Branislav CavlinQuestion: why db = cfgbean.getDBManager(); returns null if I created >>instance of DBConnectionManager
class in Mainclass and assigned it to ConfigBean as static instance >>before running web application.
Shouldn't all java programs share static memory area?You say you create the db objects BEFORE you run the web application - now I could be misunderstanding what you are saying, but does this not involve two JVM's (one to create initial db objects, which then exits, then second JVM fires you app server/servlet container) - which would explain why a null object is being returned. -
How to set and static ip_address for a Suse Linux box
Hi.
I've done the following to set an static ip address for my Suse 9 Linux box:
- Take not of inet address value from ifconfig command. ie: (172.17.2.14)
- Change this value in /etc/hosts for my linux box.
Since Suse is configure by default to use DHCP for assigning dinamic ip_addresses i'm not sure whether will lastly be set as a static address. I've rebooted my box and it seems to be OK.
Thanks in advance ...!/etc/hosts is not configuration file for ethernet interfaces.
Configuration files for ethernet interfaces are stored in /etc/sysconfig/network directory.
For example if you have eth0 device then configuretion for this device is stored in /etc/sysconfig/network/ifcfg-eth0 file.
Important directives:
DEVICE - interface (eth0)
IPADDR - IP address of interface
NETMASK - netmask
BOOTPROTO - "static" for static configuration, dhcp for dynamic configuration via dhcp
ONBOOT - activating interface during boot (yes/no) (yes - of course :-) )
GATEWAY - default gateway
So for example you want setup static IP (192.168.10.1 / 255.255.225.0) for eth0 interface.
Edit the /etc/sysconfig/network/ifcfg-eth0 file and your configuration should be:
DEVICE=eth0
IPADDR=192.168.10.1
NETMASK=255.255.255.0
BOOTPROTO=static
ONBOOT=yesThen you simply restart the nework using:
/etc/init.d/network restartOR
/sbin/ifdown eth0
/sbinf/ifup eth0 OR
ifconfig eth0 down
ifconfig eth0 up -
How do I configure ISP native IPv6 connectivity?
Hi!
I'm a network engineer for SECOM, an ISP in Southeastern Colorado. We will be making native IPv6 connectivity available to residential subscribers soon, and I've been tasked with verifying support for our IPv6 platform on home router products.
I have an AirPort Extreme purchased new in November of '09 that is running version 7.5.1, which I believe is completely current.
Under the IPv6 tab in my Advanced settings, I have the following configuration:
IPv6 Mode: Router
Block incoming IPv6 connections: NOT checked
Configure IPv6: Manually
WAN IPv6 Address: fdXX:XXXX:XXXX:a000::2
WAN IPv6 Prefix Length: 64
IPv6 Default Route: fdXX:XXXX:XXXX:a000::1
LAN IPv6 Address: fdXX:XXXX:XXXX:c000::1
(As you can see, I'm using ULA's for testing purposes, and I've replaced the global bits with X's for security.)
The problem is, if I plug a host into one of the LAN ports and assign it an address from the same /64 subnet (e.g. fdXX:XXXX:XXXX:c000::2), the host can't ping the Airport's assigned LAN address.
It can ping:
* the Airport's link-local IPv6 address, and
* the Airport's IPv4 192.168.x.x address
Also (and I'm gratified that this part is working), my CE router can ping the Airport's WAN IPv6 address!
So my question is, is there something in the IPv6 configuration I'm misunderstanding? Has anyone else gotten native statically-configured IPv6 working on the AirPort Extreme?
Thanks very much in advance,
John E. / SECOM
P.S. - I have verified with a packet capture that the AirPort extreme is not responding at all for the configured LAN IPv6 address; i.e., the ICMPv6 neighbor solicitation goes unanswered.
P.P.S. - I have tried a Windows 7 host, a Windows XP host, and an IPv6-certified multitester from JDSU. All exhibit the same symptoms.I have follow your instruction to connect to my ISP as it shows the following message:
Serial connection established.
using interface sppp0
connect: sppp0 <--> /dev/ttya
local IP address xxxxxxxx
remote IP address 1.1.1.1
But when I ping www.sun.com, it shows:
www.sun.com unknown.
I start Mozilla and it said www.sun.com not found etc...
What has gone wrong?
Do I have to configure some files such as:
/etc/resolv.conf
/etc/hosts
/etc/hostname ?
or any other steps that can help me to connect to the internet?
Thanks... -
OVS 3.2.1: Configuring a bridge?
I've statically configured bridging on eth0 following the example in Chapter 8.2.5. Network Bridge, of the Red Hat Enterprise Linux 6 Deployment Guide...
[root@xen3 network-scripts]# cat ifcfg-eth0
# Intel Corporation 82541PI Gigabit Ethernet Controller
DEVICE=eth0
BOOTPROTO=none
HWADDR=00:0E:0C:81:57:8B
ONBOOT=yes
BRIDGE=br0
[root@xen3 network-scripts]# cat ifcfg-br0
DEVICE=br0
TYPE=bridge
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.0.5
NETMASK=255.255.255.0
NETWORK=192.168.0.0...but, when I restart the host's network interfaces, the init.d script creates the bridge without configuring the IP interface and then complains:
[root@xen3 ~]# brctl show
bridge name bridge id STP enabled interfaces
[root@xen3 ~]# /etc/init.d/network restart
Shutting down interface eth0: bridge br0 does not exist!
[ OK ]
Shutting down interface eth2: [ OK ]
Shutting down loopback interface: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface br0: Device br0 does not seem to be present, delaying initialization.
[FAILED]
Bringing up interface eth0: [ OK ]
Bringing up interface eth2: [ OK ]
[root@xen3 ~]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000e0c81578b no eth0
[root@xen3 ~]# ifconfig -a
bond0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
BROADCAST MASTER MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
br0 Link encap:Ethernet HWaddr 00:0E:0C:81:57:8B
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
eth0 Link encap:Ethernet HWaddr 00:0E:0C:81:57:8B
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2012590 errors:0 dropped:76054 overruns:0 frame:0
TX packets:129928 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1113821773 (1.0 GiB) TX bytes:9818937 (9.3 MiB)
eth1 Link encap:Ethernet HWaddr 00:30:48:83:7E:14
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:18
eth2 Link encap:Ethernet HWaddr 00:30:48:83:7E:15
inet addr:192.168.1.5 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:50 errors:0 dropped:0 overruns:0 frame:0
TX packets:45 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4902 (4.7 KiB) TX bytes:6342 (6.1 KiB)
Interrupt:19
[root@xen3 network-scripts]# ping 192.168.0.5
connect: Network is unreachableHave I overlooked something in the configuration files (i.e., /etc/sysconfigu/network-scripts/ifcfg-X)?
Eric Pretorious
Truckee, CAepretorious wrote:
Have I overlooked something in the configuration files (i.e., /etc/sysconfigu/network-scripts/ifcfg-X)?It would seem that the configuration is correct: If I delete the bridge and start fresh...
[root@xen3 network-scripts]# brctl delbr br0
[root@xen3 network-scripts]# brctl show
bridge name bridge id STP enabled interfaces
[root@xen3 network-scripts]# /etc/init.d/network restart
Shutting down interface eth0: bridge br0 does not exist!
[ OK ]
Shutting down interface eth2: [ OK ]
Shutting down loopback interface: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface br0: Device br0 does not seem to be present, delaying initialization.
[FAILED]
Bringing up interface eth0: [ OK ]
Bringing up interface eth2: [ OK ]
[root@xen3 network-scripts]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000e0c81578b no eth0
[root@xen3 network-scripts]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0E:0C:81:57:8B
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2015317 errors:0 dropped:76054 overruns:0 frame:0
TX packets:129936 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1114206970 (1.0 GiB) TX bytes:9819445 (9.3 MiB)
eth2 Link encap:Ethernet HWaddr 00:30:48:83:7E:15
inet addr:192.168.1.5 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:92 errors:0 dropped:0 overruns:0 frame:0
TX packets:83 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:41060 (40.0 KiB) TX bytes:9902 (9.6 KiB)
Interrupt:19
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:483 errors:0 dropped:0 overruns:0 frame:0
TX packets:483 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:89320 (87.2 KiB) TX bytes:89320 (87.2 KiB)...and then use the ifup command, the bridge is correctly created/configured:
[root@xen3 network-scripts]# ifup br0
[root@xen3 network-scripts]# ifconfig
br0 Link encap:Ethernet HWaddr 00:0E:0C:81:57:8B
inet addr:192.168.0.5 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1 errors:0 dropped:1 overruns:0 frame:0
TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:96 (96.0 b) TX bytes:210 (210.0 b)
eth0 Link encap:Ethernet HWaddr 00:0E:0C:81:57:8B
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2015350 errors:0 dropped:76054 overruns:0 frame:0
TX packets:129942 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1114210906 (1.0 GiB) TX bytes:9819701 (9.3 MiB)
eth2 Link encap:Ethernet HWaddr 00:30:48:83:7E:15
inet addr:192.168.1.5 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:165 errors:0 dropped:0 overruns:0 frame:0
TX packets:134 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:80138 (78.2 KiB) TX bytes:16624 (16.2 KiB)
Interrupt:19
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:483 errors:0 dropped:0 overruns:0 frame:0
TX packets:483 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:89320 (87.2 KiB) TX bytes:89320 (87.2 KiB)Ideas? Suggestions? -
Logging with jdk1.4 - how to add a handler using configuration file
Hi, all
I am playing around with java.util.logging in jdk1.4. In particular, I am using a properties file for configuration. However, one thing I couldn't do is to assign a handler, such as the ConsoleHandler, to the com.xyz.foo logger. Everything for the root logger works just fine. Here's the file I use
handlers= java.util.logging.FileHandler
.level= INFO
java.util.logging.FileHandler.pattern = jdk14.log
java.util.logging.FileHandler.limit = 50000
java.util.logging.FileHandler.count = 1
java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter
java.util.logging.ConsoleHandler.level = INFO
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
com.xyz.foo.level = WARNING
com.xyz.foo.handlers = java.util.logging.ConsoleHandler
Nothing comes out on the console and everything from the com.xyz.foo logger is logged to jdk14.log file.
Can any one tell me why the last line has no effect?
Thanks much!Logger configuration files are grossly misunderstood due in large part to extremely poor documentation (some of the worst I have ever seen for the Java platform). The LogManager class uses logger configuration files to do three things:
1. Load porperties into a private Properties object that application programmers can subsequently access using the getProperty(String name) method in LogManager.
2. Those properties (or else the documented defaults) are then used to configure the root logger as well as the "global" handlers that are used by the root logger
3. Finally, whenever a logger is created the Properties object is checked to see if a key exists for the logger name + ".limit". If so, then the logger is assigned that level.
Notice that nowhere in here does it say that a programmatically created logger is configured. In your case, you must invoke getProperty("com.xyz.foo.handlers"), parse the property value (which is a bit tricky if there is more than one handler class name), load and instantiate the handler class, and invoke addHandler. Great huh? I'm in the middle of a indepth study of logger configuration, and I can tell you for sure the static configuration using configuration files is an order of magnitude harder than dynamic configuration. It offers the advantage of field service engineers being able to change the logger configuration, but at a very significant cost. -
Set Static IP address on Mac clients
Hi,
I'm trying to change the IP address on a mac client at startup time to a different value and to be Static type. I need to do it via the command line. I've researched and found out that 'networksetup -setmanual ...' and 'ipconfig set en0 MANUAL ...' would do it, but the 'networksetup' command is not available unless I have ARD installed and 'ipconfig' is not recommended for use other than testing and debug.
Another option I was looking at is editing /Library/Preferences/SystemConfiguration/preferences.plist and then doing 'changeip ...' command.
Do you know if there are any other commands that will allow me to change an ip address via the command line, set it to Static/Manual and preferably do it without a reboot?
Thank youHi Sergey,
when I use static IP in my jwc_properties.ini it is never picked up, it still uses DHCP. The part where I have configured IP looks like this:
# Whether static configuration or DHCP server is used do get IP address. Possible values: dhcp,static
ip.method = static
# IP address,used with static IP configuration only
ip.addr = 10.143.144.97
# Network mask,used with static IP configuration only
ip.netmask = 255.255.252.0
# Network gateway,used with static IP configuration only
ip.gateway = 10.143.144.1
# DNS server,used with static IP configuration only
ip.dns =
# MAC address
mac.addr = -
Dynamic configuration information
I can call getConfigDescriptionRegistry.getConfigDescriptions or one of the other methods to get the configuration descriptions for an thing-type. If I wanted to modify these at runtime, and provide my own configuration provider, can I do this? I'm not sure what happens deeper in the system - I assume that only 1 provider can respond to any uri? Or maybe not - if so, how is this managed?
I have two needs -:
1) To be able to add some configuration options into a parameters [options] array. These are only derived at runtime and are system/network dependant, so can't go in the XML.
2) To be able to add additional parameters to the configuration. Again, these are derived at runtime depending on how a device is configured (for example).
I can easily create my own provider and completely avoid using the XML provider, but I'd kind of like to be able to lever off the existing infrastructure and just add to/modify the static configuration rather than have to reimplement everything...
I guess I could (probably!?!) use getConfigDescriptionRegistry.getConfigDescriptions to get the static data, and then create my own provider that appends my data and modified the data that needs to be changed? I would guess it needs a different uri, although I suspect that this might then break something else when the system tries to link thing-types to the configuration provider? This seems a little messy though so maybe there's a better way?
Are there any pointers on how this might be achieved? I'm thinking it might be easier to do it all in my own config provider which is what I'm currently doing (mostly for test and concepts), but I want to work out the best way for a the final implementation...
Cheers
ChrisKai Kreuzer wrote on Wed, 22 July 2015 10:44
Which leaves us with Chris' problem that he would like to offer options specific to a certain device at a specific moment. The use case with the WLAN SSIDs is actually also such a case, so I guess sooner or later we need to address this.
Where do we go with this one? It's my next target to hit
So, if we don't want to link this to things (and I totally agree with the rationale), then we need an alternative. Currently, we have configDescriptions to describe the configuration options, but the 'other side' of the interface (the actual setting of the config) is done differently for different classes (I think that's true). For example, in the thingHandler, we have the handleConfigurationUpdate method - maybe in the channelHandler there's a similar method (I've not checked) - I don't know what other classes use the configDescriptions (rules I think?) but I guess every implementation is different?
Why aren't there standard interfaces for handling the various configuration related functions. We could have had (eg) ...
// Handle the updates of any configuration
interface ConfigConsumer() {
void handleConfigurationUpdate(Map<String, Object>);
// Handle dynamic configuration updates
interface ConfigDescriptionUpdate() {
List<ParameterOption> getOptions(String parameterId, Locale locale);
A thingHandler, or ruleHandler, or whatever wants to implement configuration implements these interfaces. Then, all configuration, both description, dynamic changes, and handling of changes, could all go through a central provider (and even REST interface!).
As far as implementation (and looking specifically at things here - other implementations would be similar): For registration, when the thingHandler is created, a check could be made to see if it implements this/these interfaces, then to register this handler with the configDescriptionProvider (along with it's UID). When the config descriptions are updated, the configDescriptionRegistry can request the updates from the handler if there's one registered.
One thing I'm unsure of here is the use of the UID. For things/channels etc, it seems a good idea to include the thingUID as it makes it a simple lookup in the configProvider (and if you didn't use the thingUID, I'm not sure how you'd link it). However, will all implementations of configDescriptions have a UID - eg I think I read rules will use the same config services - will they have a UID?
I realise I've probably confused matters by suggesting a common interface for handling of config changes as well as just covering the issue at hand, but I thought I'd mention it since it does in some ways seem a shame to have a common config description provider, but no common way of handling configuration updates/changes etc... Anyway, I hope that didn't confuse matters (too much!) - we could ignore the handleConfigurationUpdate side, and just look at the ConfigDescriptionUpdate, which is the current issue at hand...
What do you think? I've not thought this through in massive detail, but if you think this is workable, I'd be happy to look at the ConfigDescriptionUpdate impementation further...
Chris -
Client-side handler: static config?
I would like to provide a client-side JAX-RPC handler that would
be invoked without any modification to existing client code.
The idea is that user's would only need to modify a config file
(something like the web-services.xml file, but on the client-
side) to use our handler.
We are already doing this in axis (uses a client-side deployment
descriptor: client_deploy.wsdd), but based on another thread
("Client Handler Chain - help ??"), it looks like there is
currently no equivalent in WLS?
Are there plans to add the ability to statically configure
client-side handlers in WLS via some sort of client-side config
file/descriptor, or is the programmatic method of modifying
the HandlerRegistry in the client code the only way?
Any help/ideas would be greatly appreciated!
--TerryIn 7.0, you can do this in a handler:
import weblogic.webservice.binding.soap.HttpClientBinding;
String url = http://my/new/address/;
sslAdapter = null; //only needed for ssl
Binding binding = new HttpClientBinding( url, sslAdapter );
context.setProperty( WLMessageContext.BINDING_PROP,
binding );
HTHs
-manoj
http://manojc.com
"William Cassidy" <[email protected]> wrote in message
news:[email protected]...
>
Is there a similar way to set the endPointAddress.
"manoj cheenath" <[email protected]> wrote:
Ok, I will add this as a feature request.
If you are ok with using WLS internal APIs (This APIs may change in
the future), try this:
weblogic.webservice.Operation operation
=
((weblogic.webservice.WLMessageContext)messageContext).getOperation();
>>
weblogic.webservice.Port port = operation.getPort();
String endPointAddress = port.getAddress();
regards,
-manoj
"Terry Martin" <[email protected]> wrote in message
news:[email protected]...
Manoj, thanks for the response.
We'd definitely like to see a client side dd at some point, but
can work with the API's for now. Thanks much for adding this as
a feature request.
On another subject:
I need to determine the target/endpoint URL from my client-side
request handler. Again, this was something we were able to do in
axis, but is currently not part of the JAX-RPC standard (JSR101).
I could be missing something, but haven't seen any way of
determining the target URL given only the SOAPMessageContext.
The only way seems to be if it were passed as a "standard"
property in the SOAPMessageContext (this is one way it is done
in axis).
I imagine this will someday be standardized in JAX-RPC (I can
think of many uses for this feature, other than our own). In the
meantime, could you also add this as a feature request for WLS?
Thanks again,
-Terry
"manoj cheenath" <[email protected]> wrote:
True. In WLS 7.0 there are no client side dd in which you can specify
the handler chain. We did not comeup with ourown client side dd,
hopeing that JSR109 will define the dd.
It is quite easy to register the handlers through APIs. Let us know
if
that will not help you.
I will add client side dd as a feature requst for the next release.
regards,
-manoj
"Terry Martin" <[email protected]> wrote in message
news:[email protected]...
I would like to provide a client-side JAX-RPC handler that would
be invoked without any modification to existing client code.
The idea is that user's would only need to modify a config file
(something like the web-services.xml file, but on the client-
side) to use our handler.
We are already doing this in axis (uses a client-side deployment
descriptor: client_deploy.wsdd), but based on another thread
("Client Handler Chain - help ??"), it looks like there is
currently no equivalent in WLS?
Are there plans to add the ability to statically configure
client-side handlers in WLS via some sort of client-side config
file/descriptor, or is the programmatic method of modifying
the HandlerRegistry in the client code the only way?
Any help/ideas would be greatly appreciated!
--Terry -
Static Policy NAT in VPN conflicts with Static NAT
I have a situation where I need to create a site-to-site VPN between an ASA 5505 using IOS 7.2 and a Sonicwall NSA4500. The problem arises in that the LAN behind the Cisco ASA has the same subnet as a currently existing VPN created on the Sonicwall. Since the Sonicwall can't have two VPNs both going to the same subnet, the solution is to use policy NAT on the ASA so that to the Sonicwall, the new VPN appears to have a different subnet.
The current subnet behind the ASA is 192.168.10.0/24 (The Sonicwall already has a VPN created to a different client with that same subnet). I am trying to translate that to 192.168.24.0/24. The peer LAN (behind the Sonicwall) is 10.159.0.0/24. The pertinent configuration of the ASA is:
interface Vlan1
ip address 192.168.10.1 255.255.255.0
access-list outside_1_cryptomap extended permit ip 192.168.24.0 255.255.255.0 10.159.0.0 255.255.255.0
access-list VPN extended permit ip 192.168.10.0 255.255.255.0 10.159.0.0 255.255.255.0
static (inside,outside) 192.168.24.0 access-list VPN
crypto map outside_map 1 match address outside_1_cryptomap
In addition to this, there are other static NAT statements and their associated ACLs that allow certain traffic through the firewall to the server, e.g.:
static (inside,outside) tcp interface smtp SERVER smtp netmask 255.255.255.255
The problem is this: When I enter the static policy NAT statement, I get the message "Warning: real-address conflict with existing static" and then it refers to each of the static NAT statements that translate the outside address to the server. I thought about this, and it seemed to me that the problem was that the policy NAT statement needed to be the first NAT statement (it is last) so that it would be handled first and all traffic destined for the VPN tunnel to the Sonicwall (destination 10.159.0.0/24) would be correctly handled. If I left it as the last statement, then the other static NAT statements would prevent some traffic destined for the 10.159.0.0/24 network from being correctly routed through the VPN.
So I tried first to move my policy NAT statement up in the ASDM GUI. However, moving that statement was not permitted. Then I tried deleting the five static NAT statements that point to the server (one example is above) and then recreating them, hoping that would then move the policy NAT statement to the top. This also failed.
What am I missing?Hi,
To be honest it should work in the way I mentioned. I am not sure why it would change the order of the NAT configurations. I have run into this situation on some ASA firewalls running the older software (older than 8.2) and the reordering of the configurations has always worked.
So I am not sure are we looking at some bug or what the problem is.
I was wondering if one solution would be to configure all of the Static NAT / Static PAT as Static Policy NAT/PAT
I have gotten a bit rusty on the older (8.2 and older) NAT configuration format as over 90% of our customer firewalls are running 8.3+ software.
I was thinking of this kind of "static" configuration for the existing Static PAT configurations if you want to try
access-list STATICPAT-SMTP permit tcp host eq smtp any
static (inside,outside) tcp interface smtp access-list STATICPAT-SMTP
access-list STATICPAT-HTTPS permit tcp host eq https any
static (inside,outside) tcp interface https access-list STATICPAT-HTTPS
access-list STATICPAT-RDP permit tcp host eq 3389 any
static (inside,outside) tcp interface 3389 access-list STATICPAT-RDP
access-list STATICPAT-TCP4125 permit tcp host eq 4125 any
static (inside,outside) tcp interface 4125 access-list STATICPAT-TCP4125
access-list STATICPAT-POP3 permit tcp host eq pop3 any
static (inside,outside) tcp interface pop3 access-list STATICPAT-POP3
Naturally you would add the Static Policy NAT for the VPN first.
Again I have to say that I am not 100% sure if this was is the correct format maybe you can test it with a single service that has a Static PAT. For example the Static PAT for RDP (TCP/3389). First entering the Static Policy NAT then removing the Static PAT and then entering the Static Policy PAT.
Remember that you should be able to test the translations with the "packet-tracer" command
For example
packet-tracer input outside tcp 1.1.1.1 12345
- Jouni -
Configuring a 1230 AP as a "Local Radius Authenticator"
Configuring a 1230 AP as a "Local Radius Authenticator"
CCO-URL: Configuring an Access Point as a Local Authenticator
http://www.cisco.com/en/US/partner/products/hw/wireless/ps4570/products_configuration_guide_chapter09186a0080184a9b.html
this is the minimal config, i think:
AP# configure terminal
AP(config)# radius-server local
AP(config-radsrv)# nas 1.1.1.1 key 111
AP(config-radsrv)# group clerks
AP(config-radsrv-group)# vlan 2
AP(config-radsrv-group)# ssid batman
AP(config-radsrv-group)# reauthentication time 1800
AP(config-radsrv-group)# lockout count 2 time 600
AP(config-radsrv-group)# exit
AP(config-radsrv)# user jsmith password twain74 group clerks
AP(config-radsrv)# end
whereas 1.1.1.1 is the IP of the AP himself ?
is there a must for additional config commands like this:
radius-server host 1.1.1.1 auth-port 1812 acct-port 1813 key 111
aaa group server radius rad_eap
server 1.1.1.1 auth-port 1812 acct-port 1813
aaa group server radius rad_admin
server 1.1.1.1 auth-port 1812 acct-port 1813
all attempts didn't work
"station <MAC> authentication failed"
is there anything else nessecary ???You seem to be missing the following commands;
authentication network-eap eap_methods
authentication key-management cckm optional
The following commands are useful for diagnosis;
Show radius local statistics
show interface dot11Radio 0 aaa client
Debug dot11 aaa dot1x state
Debug dot11 mgmt interface
Local authentication is designed as a fall-back service for when the primary RADIUS server fails. We not encourage the use of Local authentication as a replacement for a radius server.
* With an ACS you get Authentication, Authorization and Accounting. With Local authentication you only get Authentication.
* ACS scales, supports external user-databases, supports multiple authentication types, supports database backup and replication, etc, etc... Local authentication supports a maximum of 50 users, internal static configuration only, and LEAP only.
Following is an IOS configuration, that I have tested, and works on an AP1200 (should work on an 1100 too, I just havent tested it);
· This configuration enables a single AP to do local authentication. No WDS is included for fast roaming.
· This configuration can be cut-and-pasted into an AP that has been write-erased (blank config), and it will configure all the parameters to allow a client to LEAP authenticate to it (even if no Ethernet cable is connected to it)
· Replace usernames/passwords with your own usernames/passwords
· Replace ip-addresseswith the APs IP address
· I added DHCP configuration so you can connect to a stand-alone AP with your DHCP-enabled laptop (with a profile that matches the test APs SSID and LEAP settings).
conf t
host loc-auth-ap-name
enable secret cisco
no ip domain-lookup
line vty 0 4
password cisco
exec-timeout 0 0
login
int bvi 1
ip address 10.11.12.13 255.255.255.0
Interface dot11 0
no ssid tsunami
encryption mode ciphers ckip-cmic
ssid test-loc-auth
authentication network-eap eap_methods
authentication key-management cckm optional
ip dhcp excluded-address 10.11.12.13
ip dhcp pool temp
network 10.11.12.0 255.255.255.0
interface BVI1
ip address 10.11.12.13 255.255.255.0
no ip route-cache
aaa new-model
aaa group server radius rad_eap
! add a real AAA server (with auth-port 1645) before
! the following statement if you are configuring a
! fallback authentication service instead of a
! standalone service
server 10.11.12.13 auth-port 1812 acct-port 1646
aaa authentication login eap_methods group rad_eap
! add a real AAA server (with auth-port 1645) before
! the following statement if you are configuring a
! fallback authentication service instead of a
! standalone service
radius-server host 10.11.12.13 auth-port 1812 acct-port 1646 key 0 l0cal-key-secret
radius-server deadtime 10
dot11 holdoff-time 1
ip radius source-interface BVI1
radius-server local
nas 10.11.12.13 key 0 l0cal-key-secret
user testuser password 0 testuser-key-secret
exit
exit
wri
Maybe you are looking for
-
Fumction Module For Tax calculation in PO
Hi, Is there any standard Function Module to find out the tax % and Tax value. I have the input parameters ( I can get from the PO). or is there any other way that I can get the Tax % and the tax value that is coming in the PO. ( I need to use these
-
My ipod is asking to restore and i dont want to restore and its not opening?
my ipod is asking to restore and i dont want to restore and its not opening?
-
Program to be tested in Quality client
Hi Testing your development programs in quality systems without transporting them physically. Plz provide pointer for the same. An approach how to create that instance in Qc will also be appreciated. cheers Mohinder Singh Chauhan
-
Up grade to Windows 7 (32 bit)
I upgraded my touchsmart from vista to windows 7. I have managed to get most features working (ie webcam, fingerprint and touch software. What I can't restore are the three buttons on the right lower part of the screen (ie screen orientation, media a
-
I cannot use Roboform with version6. How do I rollback to version 5?
Firefox is working fine. I have a brain injury, subsequently I use roboform password manager to remember all my passwords for me. I have the latest version of roboform but it cannot attach itself to Firefox 6.