Time based ACLs

Similar Messages

• Asr1000 and time-based acl

  Hi
  We use 7206 as a PPPoE BRAS. All user sessions are rate limited using MQC on virtual-access interfaces.
  Rate changes dependng of the time of day. It's imlemented using time-based acl. Now we want to migrate to asr1000,
  but that router doesn't support time-based acl according to Cisco FN.
  Question is how to change user traffic rates on asr1000 on time of day basis?

  radius attribute nas-port-type through rate-limit (firewall)
  http://conft.com/en/US/docs/ios/security/command/reference/sec_r1.html#wp1062750

• WLC 8510 Time Based ACL Support

  Hi,
  I see something like this in the Data Sheet of 8510 "A wireless policy engine on the Cisco 8500 Series enables profiling of wireless devices and enforcement of policies such as VLAN assignment, QoS, access control lists (ACLs), and time-of-day- based access." I wonder if does WLC 8500 has time-based ACL support, or data sheet is talking about anything else?
  Thank you for replies.
  M.S.Temelli / Istanbul Technical University

  You want a straight answer or you want an answer coming out from the SALES team? 
  Sales team will say "YES".  Will it be effective?  Not one bit.    You go to Security > Local Policy.  You create a Local Policy (and attached to your SSID) and determine what time/day you want specific criterea (like wireless client manufacturer).  
  However, if you want what time/day you want the SSID to go down or UP, then you'll need something more robust, like a Layer 3 ACL.  
  If you want something like a time/day you want the radio(s) of the AP to go down/up then you need something like EnergyWise or WCS/NCS/PI.

• MAC-based ACL in wireless router

  Hi,
  I have a AIR-AP1262N wireless rotuer. I have implemented many mac based ACL in it. A sample looks like this.
  access-list 715 permit 6427.37e0.8379   0000.0000.0000
  access-list 715 permit e006.e933.901d   0000.0000.0000
  access-list 715 permit 88cb.8278.40e8   0000.0000.0000
  access-list 715 permit 6427.37e0.d1ng   0000.0000.0000
  access-list 715 deny   0000.0000.0000   ffff.ffff.ffff
  Now what ever new mac I want to allow, the acl that I configure is going below the deny rule and it is not working.
  Is there any way to move it before the deny rule or should I delete the whole config and re-enter it every time.

  Please try the below commands and update that it is working or not
  show mac access-lists name
  and then
  resequence mac access-list name starting-sequence-number increment/decrement

• Time-based access controls

  Hello all,
  Is there a time-based access control that can be configured for a 4.2 WCS+WiSM setup either in the WCS or controller? Or am I limited to the ACLs for my Wireless VLAN on the switch. Ultimately, I would like to be able to configure certain APs to accept/deny connections at specific times of the day. Any suggestions would be appreciated. Thank you in advance for your time and help.
  Charles

  Currently, IP and IPX extended access lists are the only functions that can use time ranges. The time range allows the network administrator to define when the permit or deny statements in the access list are in effect. Prior to this feature, access list statements were always in effect once they were applied. Both named or numbered access lists can reference a time range.
  For the further description following URL for the Time-Based Access Lists will help you.
  http://www.cisco.com/en/US/docs/ios/12_0t/12_0t1/feature/guide/timerang.html#wp10236
  I hope it may help you.

• WRVS4400N2 IP based ACL and Firewall not blocking WAN

  I'm trying to block all Internet access (except for 2 IPs) to my Windows Home Server 2011. I've tried blocking with IP based ACL on my WRVS4400N2 (bridged through a Ubee cable modem) without luck. Tried creating a Connection Security Rule with the server firewall...without luck. The following ports are forwarded in the router (7, 9, 80, 443, 3389, 4125).
  The latest IP based ACL settings I've used (enabled, listed by priority):
  ACTION -- SERVICE -- SOURCE -- SOURCE IP -- DESTINATION -- TIME -- DAY
  Allow -- All Protocal -- WAN -- XXX.XXX.XXX.XXX -- Any -- Any Time -- Any Day
  Allow -- All Protocal -- WAN -- YYY.YYY.YYY.YYY -- Any -- Any Time -- Any Day
  Deny -- All Protocal -- WAN -- Any -- Any -- Any Time -- Any Day
  How can I block access from the Internet?   

  Hi,
  Thank you for replying. However I have already tried as you have suggested and it is still not working.
  My Single Port Forwarding looks like this:
  Application: SMTP External Port: 25 Internal Port: 25 Protocol: TCP IP Address: 192.168.xxx.xxx Enabled: Yes
  My rules in IP Based ACL look like this (columns from left to right):
  1 YES Allow SMTP WAN 203.xxx.xxx.xxx 192.168.xxx.xxx Any Time Every Day  
  2 YES Deny SMTP WAN ANY ANY Any Time Every Day 
  My goal is to only allow 203.xxx.xxx.xxx to have access to port 25 on 192.168.xxx.xxx. However, even with the rules above enabled, all external hosts have access to port 25 on 192.168.xxx.xxx.

• RVS4000 IP Based ACL and NAT

  Hi,
  I'm having an issue with a Linksys RVS4000 which doesn't appear to be behaving as I think it should.
  I need to forward a port (Single Port Forwarding) through to an internal NAT host. However, I only want that host/port to be accessible from one host on the internet, for security reasons.
  I have created the port forwarding entry and this works fine. I then created two rules in IP Based ACL - one to block all access to that port from the WAN interface and one to allow access from a single host.
  However, it appears that when a port forwarding entry is added, it will completely bypass the ACL and allow all traffic for that port/host by default.
  Is this the correct behaviour?
  Firmware version is v1.2.11
  Regards,
  Adam

  Hi,
  Thank you for replying. However I have already tried as you have suggested and it is still not working.
  My Single Port Forwarding looks like this:
  Application: SMTP External Port: 25 Internal Port: 25 Protocol: TCP IP Address: 192.168.xxx.xxx Enabled: Yes
  My rules in IP Based ACL look like this (columns from left to right):
  1 YES Allow SMTP WAN 203.xxx.xxx.xxx 192.168.xxx.xxx Any Time Every Day  
  2 YES Deny SMTP WAN ANY ANY Any Time Every Day 
  My goal is to only allow 203.xxx.xxx.xxx to have access to port 25 on 192.168.xxx.xxx. However, even with the rules above enabled, all external hosts have access to port 25 on 192.168.xxx.xxx.

• Sales orders in TDMS company/time based reduction  are outside the scope

  Guys,
  I have had some issues with TDMS wheras it didn't handle company codes without plants very well. That was fixed by SAP. But I have another problem now. If I do a company code and time based reduction, It doesn't seem to affect my sales orders in VBAK/VBUK as I would have expected. I was hoping it would only copy sales orders across that have a plant which is assigned to a company code that was specified in the company code based reduction scenario. That doesn't seem to be the case.
  VBAK is now about one third of the size of the original table (number of records). But I see no logic behind the reduction. I can clearly see plenty of sales documents that have a time stamp way back from what I specified in my copy procedure and I can see others that have plant entries that should have been excluded from the copy as they do belong to different company codes than the ones I specified.
  I was under the impression that TDMS would sort out the correct sales orders for me but somehow that doesn't seem to be happening. I have to investigate further as to what exactly it did bring across but just by looking at what's in the target system I can see plenty of "wrong" entries in there either with a date outside the scope or with a plant outside the scope.
  I can also see that at least the first 10'000 entries in VBAK in the target system have a valid from and to date of 00.00.0000 which could explain why the time based reduction didn't work?
  Did you have similar experiences with your copies? Do I have to do a more detailed reduction such as specifying tables/fields and values?
  Thanks for any suggestions
  Stefan
  Edited by: Stefan Sinzig on Oct 3, 2011 4:57 AM

  The reduction itself is not based on the date when the order was created but the logic enhances it to invoices and offers, basically the complete update process.
  If you see data that definitely shouldn't be there I'd open an OSS call and let the support check what's wrong.
  Markus

• Calculation of SLA times based on Service Organization

  Is it possible to calculate the SLA times based only on Service org?
  a) Using Service contracts i.e create SC with only org and assign the Service & Response profiles.
  Else as mentioned below.
  Please give your more thoughts.
  I maintain the Service & response profiles at "Maintain Availability and Response Times" .
  Can I access these values directly in the BADI ?
  My scenario is
  a) An agent belongs to a service org.
  b) I define these Profiles seperately for each Org (Org1 Org2 etc) at the above tcode.This manual entry.I know we dont have org to profiles mapping in the above tcode.I just painly maintain.
  c) In the BADI i check the org entered in the complaint.
  d) for Ex if the Org1 is entered I want to access the profiles for Org1.If else ladder.
  e) then use these profiles to calculate the SLA times.
  f) then save the document.
  g) Also trigger an e-mail saying the above time lines.
  Is the above flow possible??
  Let me know if you want me to post this onto another thread.
  Thanks
  amol

  Shalini,
  I will be just maintaining the service and response profiles in the "Maintain Availa..." tcode.
  There wont be exact mapping stored in any table.
  My logic would be ,i dunno whether this right or wrong..
  1) Once i get the Org ,I would compare like ths
  if( orgdata = org1)
  then service profile 1 etc.
  2) then apply the profiles to the cal of SLA times.
  I think we can achieve what you said using CRM_ORDERADM_I_BADI
  Or we need to use the BADI's specifically mentioned for serv contract det and calculation of SLA.
  As you know in SAP for SLA times we need to have the service contract for a) customer b) org  and many other parameters.then to this SC we need to associate the service and response profiles.When the SC is determined in a complaint ,the serv and resp profiles will be used to get the SLA times.
  But my requirement is to have determine the SLA times based on the service organisations.Not based on the customer and any other parameters.
  For ex : If my serv org is in India the times would be diff ..if my serv org is in US the times would be diff.
  So let me know what approach would be best ?
  Use BADI's as above or does this approach of having define different Service contracts (without having Partner functions customer etc) for diff orgs?
  Thanks
  Amol

• Problem in Time Based Publishing Content

  Hi every1,
    Im working with Time based publishing.
  Using xml form builder i created 3 contents means 3 xmls.
  Then i created one iView for reading the contents (KM Navigation iView) and i setup the properties like
  layout set, layout set mode, root folder of contents.
  After creation of iView i checked in the preview all 3 contents visible in my iView.
    Now i want to show time based content in that iView.
  Contents displayed as per time based
  for that i enabled time based publishing and life time of particular content(xml)by using the given way
  Time dependant publishing in Km. I clicked on the right hand side of the name of my folder-> go to details -> Settings -> Lifetime. there you have to enable the time dependant publishing. Then i opened the folder and click on the rt hand side of the document-> properties -> lifetime, here give the time span of the document.
  After life time setup , again i seen in the iView for reading the contents (previous created) in the preview
  again all 3 contents displayed including life time expired content also.
     Please give me solution for this, or any more configurations required.
  Note :
  I required to display the contents in between time applicable only ( from time and until time).
  Thanks in advaince
  Vasu

  I have waited more than 3 hours for settings to apply.
  But i couldn't find any changes.
  any other solution?
  Thanks
  Vasu

• Time Based Workflow - how to make it work?

  Hello,
  Has anyone successfully built a Time Based Workflow? Could you share your examples?
  For me it does not work properly.
  I have tried to set up 2 workflows: on Opportunity Close Date and Account Contract Expiration Date.
  - Account Contract Expiration Date: I want an Account Owner to get an email notification exactly 6 months before the contract with his client expires. However - the email is triggered each time the record is modified - so I have seen in the workflow monitor that users on the date of contract expiration - 180 days will receive as many emails as many times they modified the record! Is there a way to avoid this situation?
  - Opportunity Close Date - I want to send an email to Opportunity Owner's Manager - 10 days after the opportunity was closed. However - there will be the same issue as above + the wait action is not working with a PRE function.
  Please let me know what you think and if you have already built a Time Based Workflow that works correctly.
  Edited by: MagdaR on May 18, 2010 1:57 AM

  Let's start with the workflow for Opty Close Date.
  There are a lot of ways to do this, so you'll need to evaluate which way is best for your case, but the basics are to check to ensure that the opty is closed for the first time, then set the flag. In order to accomodate for the opty being closed when it is created, you will have to consider a post default for the flag in addition to the workflow.
  In this case, you could create a workflow on Opty using the before modified record saved trigger event. In the Rule Condition, have the workflow check for a closed opty and if the status changed to closed during this modification. There are a number of options to validate this, including sales stage = Closed/Won or Lost, Closed Date is populated for the first time, Status is closed. In any case, just validate that the opty was closed for the first time using the PRE Function (i.e., PRE(Closed Date) is null and PRE(Closed Date)<>Closed Date). When your condition is met, set a flag that will trigger the event. You could also add a date that the wf conditions were met the first time, to ensure that you track when the rule was originally triggered.
  The next step is to have a workflow that unsets the flag if the conditions are not met. Set the order on this one to follow the rule above.
  The last rule is the wait/email rule and it uses the when modified record saved event. This rule triggers on the flag being checked, then waits to send the email.
  Test this and validate that it will work for your purposes. Based on this workflow, you should be able to create the other one, and I can help if you have any issues.
  Good Luck,
  Thom

• Define Time-Based Fields for Cost Centers

  Dear All!
  I would like to know , how I'm abale to cahnge the setting
  of business area for Time-Based Field of Cost Centers to period
  Transaction is OKEG
  Would be thankful

  You can maintain master data for cost centers, cost elements, activity
  types, and business processes with time dependencies. You can make
  changes at any time for any given time interval. Data storage also takes
  place with a time reference. In this way, a master data record can have
  multiple database records storing different information.
  The smallest interval is one day. To ensure data consistency, you
  cannotchange each field daily. The timeframes in which you can change a
  field depend on the field functions, which are fixed by the SAP R/3
  System and cannot be changed. Master data maintenance includes an
  automatic check for each field's time-based consistency, resulting in
  individual time-based maintenance for each field.
  Regards
  Prabhu

• Exclude a table from time-based reduction

  Hi,
  Iu2019d like to exclude a table from time-based reduction. How can I do this ? Is there any manual how to do customizing in TDMS ?
  Regards
  p121848

  Thank you Markus for your annotation.
  AUFK is technically declared as an Master Data Table, but stores orders. Standard
  TDMS provides a reduction of this file and in the client copies we did via TDMS a lot of  records disappeared when we selected time-reduction.
  Now we fond out that some Transactions as OKB9 or KA03 refer to old internal orders. So we would like to maintain the customizing, to exclude AUFK from reduction. But this is not possible in activity TD02P_TABLEINFO, because no changes can be done to the tables, which have got the transfer_status 1 = Reduce.
  You can manipulate the Transfer-Status in file CNVTDMS_02_STEMP before getting to activity  TD02P_TABLEINFO, but I wonder whether this is the way one should do.
  Any idea ?
  Regards p121848

• Error in computing time based on TimeZones on a server

  I have a piece of code that generates timestamps based on US TimeZones such as Pacific, Central and Eastern. I get correct results when I run this code locally (EST) but get results an hour off when I run the same code on a server running in US central time. See the results below and the code that I run.
  Results from running the code on Dev Server:
  ts: 2007-11-05 10:39:03.19 ���� ������� (Default time)
  tsEST: 2007-11-05 10:39:03.019� ������� (EST based on TimeZone String America/New_York, should be 11:39)
  tsCST: 2007-11-05 09:39:03.019� ������� (Central time based on TimeZone String US/Central, should be 10:39)
  tsPST: 2007-11-05 07:39:03.019� ������� (Pacific time based on TimeZone String America/Los_Angeles, should be 8:39)
  Results from running the same code on Local machine:
  tsEST: 2007-11-05 11:39:01.272� (Eastern Time based on TimeZone String America/New_York)
  tsCST: 2007-11-05 10:39:01.272� (Central time based on TimeZone String US/Central)
  tsPST: 2007-11-05 08:39:01.272� (Pacific time based on TimeZone String America/Los_Angeles)
  Below is the code that I ran.
       Timestamp ts = new Timestamp(Calendar.getInstance().getTime().getTime());
  DateFormat df1 = new SimpleDateFormat( "yyyy-MM-dd HH:mm:ss.SS" );
  GregorianCalendar cal1 = new GregorianCalendar();
  Timestamp tsNow = new Timestamp(cal1.getTimeInMillis());
  TimeZone tsEST = TimeZone.getTimeZone("America/New_York");
  String inPattern = "yyyy-MM-dd HH:mm:ss.SS";
  DateFormat df = new SimpleDateFormat(inPattern);
  df.setTimeZone(tsEST);
  Date date = df.parse(tsNow.toString());
  df.setTimeZone(tsEST);
  ts = new Timestamp( df1.parse( df.format(date) ).getTime() );
  System.out.println("tsEST: " + ts.toString());
  DateFormat df2 = new SimpleDateFormat(inPattern);
  TimeZone tsCST = TimeZone.getTimeZone("US/Central");
  df2.setTimeZone(tsCST);
  ts = new Timestamp( df1.parse( df2.format(date) ).getTime() );
  System.out.println("tsCST: " + ts.toString());
  TimeZone tsPST = TimeZone.getTimeZone("America/Los_Angeles");
  df.setTimeZone(tsPST);
  ts = new Timestamp( df1.parse( df.format(date) ).getTime() );
  System.out.println("tsPST: " + ts.toString());

  Actually, I did try a complete removal and re-install with the same results. On the desktop machine on which the Ctime client is working, Ctime was installed on an earlier system version and was working before the upgrade to the current system. The client continued to work. This at least indicates an initial setup problem on 10.2.4 and may indeed relate to the product not yet being ready for the latest system.

• Repository Services - Time based publishing missing

  Hi,
  We are running NW07, and want to configure time based publishing.
  I can't find the Repository Services for this it is suppose to be under
  System administratoin -> Content Management -> Repository Services
  But it is not,
  can anyone help?

  After that, you have to define the real lifetime
  http://help.sap.com/saphelp_nw70/helpdata/en/e8/a9a76828b8dc469969ff450ec81ced/frameset.htm
  An keep in mind that only users with not more than read permissions will see the document only during its lifetime. Users with write additional permissions can always see it
  Kind regards
  Karin