Uses of nace

how to attach a program in output types of nace (i.e) simple mail

Hi Aswini,
If you have your Own o/p program , Script and program, then you will assign this by using the transaction code: NACE. Then this thing will appear when you want to print Purchase order or other.
Mainly, NACE is used to create o/p type. So, while creating the output type you will mention forms, and driver program.
Those will be maintained in the table TNAPR. If you create the output type using NACE then it will be automatically visible in table NAST and TNAPR.
With the help of NACE transaction, we can assign assign Sap script and driver program to O/P type in an aplication for different mediums (like print/fax , mail) .
For an example:
NACE--> Application EA --> means for PO > check O/P "NEU" (SAP standard)> Medium "Print" --> You can find the Driver program and Sap script associated to it.
Output types are basically added by the BASIS team.
Output types are part of Output determination procedure which is linked to the application (e.g. Purchsing). Output types represents how you want to output the information. In SAP Script context it links the print program with SAP script. Output types are also linked to Access sequence, which allows you to create condition records so that output types can be processed automatically.
For more information on output type, You can view the following link:
http://help.sap.com/saphelp_nw04/helpdata/en/c8/19884743b111d1896f0000e8322d00/frameset.htm.
Hope this will help you......

Similar Messages

What is the use of NACE transaction in scripts?

hi
what is the use of NACE transaction in scripts?
bye

NACE is the transaction code where you can maintain the output types for the applications...
NACE - Initial Customizing Screen
where your going to attach the layout which u have designed to the particular output type - Specifies the kind of output to be produced.
The output type can specify, for example, a printed form that you need for internal use or a form that you want to send to a customer or vendor (for example, an order confirmation). The output type can also be an internal electronic mail message that you want to send to staff in another department.
print program - If you want to inform a partner about changes to output that was already issued, you enter the name of a program and a routine in the Form routine field.
The routine in the program checks which changes should result in a changed output being sent.
regards

Extending field catalog of application ME using transaction NACE

Hello,
I extended the field catalog of application ME using Transaction NACE. I inserted material field as ZZMATNR but I couldn't find this field at IMG->Materials Management->Inventory Management and Physical Inventory->Output Determination->Maintain Condition Tables->Output: Create Conditions Table ->FieldCatalog.
How can I use ZZMATNR?
Thank you.
Yasar Unalp

Follow the OSS note below (OSS note - 39462) you need to follow the same for your field.
Summary
Symptom
In the message determination for purchasing, the field catalog in Transaction M/60 should be enhanced, for example, with a field for the user ID.
Other terms
USNAM, condition table
Reason and Prerequisites
The communication structure to be maintained can be taken from table T681Z. Table T681Z can be displayed with Transaction SE16.Use 'B' for message determination and application EF for purchase order.
Thus the structure for purchase orders to be maintained is KOMKBEA.
The following section describes how to include field 'User ID' in the structure.If other applications or fields are used, the following example can be used in a modified form.
Solution
1. You must include field ZZUSNAM in communication structure KOMKBEA.In this structure there is an include that is provided for additional fields.In this Include KOMKBZ you must include the field with the name ZZUSNAM. ERNAM can be used as the domain in this case.
2. The same field must also be included in structure KOMB in Include KOMBZ (the same procedure as under point 1).
3. In table T681F use Transaction SM31 with key B, EF to add the same field. You can do this by overwriting an existing field.
As of Release 4. 0 you can use view V_T681F in Transaction SM30 for that purpose. Enter usage 'B', your application and field group '001'.
4. In the message determination, the system runs perform USEREXIT_KOMKBEA_FILL. This perform is in program RVCOMFZZ.
The source code should be changed as follows:
FORM_USEREXIT_KOMKBEA_FILL.
COM_KBEA-ZZUSNAM = SY-UNAME.

Using NAP/NAC to Protect Network Resources

Hello,
I'm intending to create ACL in a Layer3 Switch to project our network resources and enhancing the security of our network resources.
Instead of creating plenty of ACLs in the switch, is it possible to use NAP/NAC to protect these resources and allow only certain resources available to our users?
Regards,

Hi,
DHCP NAP can be used to modify the routing table, so you could limit access to an IP address, but you can't use it to limit access to specific ports (i.e. web services on 80 and 443). This requires a firewall or ACL.
I think that for what you want you will need to configure an extended ACL on the switch.
Please read the link I gave above (http://technet.microsoft.com/en-us/library/dn425037.aspx). This shows how to assign specific IP addresses to certain types of client devices. You can
then use the ACL on the switch, or a firewall, to filter access based on source IP address.
You might also went to spend time making a list of all the devices on your network, including the type of network access (wired, wireless, or both) they have, and the users (staff, student, other) that have these devices. If possible, group the devices into
2 or 3 basic groups and decide what kind of network resources they should have access to.
If you want to filter based on user group, you will need to implement some kind of authentication method, such as 802.1X with PEAP/MSCHAP v2 or PEAP/TLS. If you don't understand these methods yet and haven't been using 802.1X you should spend some
time reading about it.
http://technet.microsoft.com/en-us/network/bb545365.aspx
I hope this helps,
-Greg

Use of NACE after creating print program n smart form

Wat's d purpose of NACE?I hav created my own print program n smart form according to my own requirement.If NACE is necessary 4 my smart from.How can i use NACE i mean navigation steps.
Please help me out.Its urgent.
Thanks & Regards,
Santhosh.

Hi Santhosh,
Nace is for message control settings. Say if u want to trigger a Smartform or an Idoc or any other customized program u can do the message control settings.
Say at the time of Sales Order creation or updation u want to trigger a Smartform, then u have to follow the following steps:
Goto NACE
Select application V1 and then click Output Type.
create a new Output type or copy the existing one abd save it with new name
then in Processing Routine Mention the driver program name and in Form routine mention the main subroutine name.
In Smartform mention your SMartform name and also the layout if u have ceated.
Again go to NACE and Select application V1 and press Procedures.
here out of the many procedures u have to select the right one and attach your Output Type to it.
You can also create a condition record..Say if u want to trigger this Smartforms for Sales Order of particular type.
Hope this helps.
Reward Points if useful.
Thanks.

Use of NACE in sap script

hi gurus
can u tell me the use of t code NACE in sap script
rgds
mojib

hi,
NACE
You can track the form and the print program used for that form
The Tcode NACE is used to link the Standard SAP forms (SCRIPTFORM or SMARTFORM) or the customized form or the new form to its respective print programs. Also the output types, Form entry are linked with their forms and print programs. In short term, i can tell u that configuration or customization of forms to print programs, assigning output types, form entry to the forms are done using this Tcode.
NACE is used to create output type while creating the output type you will mention forms, and driver program.
that will be maintained in the table TNAPR.if you create the output type using NACE then it will be automatically visible in table NAST and TNAPR.
so check in NAST, TNAPR table
http://help.sap.com/saphelp_erp2005/helpdata/en/c8/1989fe43b111d1896f0000e8322d00/frameset.htm
Condition records in NACE?
and
NACE is used for message control customizing.
Take a look at the following link
http://help.sap.com/saphelp_nw04/helpdata/en/c8/198a1843b111d1896f0000e8322d00/frameset.htm
and also
NACE is used for message control customizing.
Take a look at the following link
http://help.sap.com/saphelp_nw04/helpdata/en/c8/198a1843b111d1896f0000e8322d00/frameset.htm
Hope this helps, Do reward.

Alternative to WSUS for use with NAC

I'm looking for thoughts on alternatives to WSUS for use with Cisco Network Admission Control. I'm primarily looking for increased speed. Thanks.

I don't see the value in getting that particular time on the first day of the current monthYou're completely right about that.
That makes me assume on some autopilot that we have another case of YASTDCOVV or YACOSTADISC
+'Yet Another String To Date Comparison Or Vice Versa' or 'Yet Another Case Of Storing Time And Date In Separate Columns'+
However, three other people interpreted the request the same yet different than I did so my assumption is probably wrong Only Evaleah can tell....
Edited by: hoek on Oct 21, 2009 8:54 PM OP has a name, you blunt Hoek, so use it!

Printing Purchase Order from ME9F using custom program and smartform

I was able to use my custom program which calls a smartform to print purchase orders from transaction ME9F. I did this using transaction NACE.
However, when I call "Output Message" from ME9F, the output always fails (shown by an 'X' icon after the checkbox). When I try to put back the standard program in NACE, it does not show an 'X' but a check which indicates that the printing was successful.
Do you know why this happens? What did I miss?
Here's my call to my smartform from my custom driver program:
    " Change Smartform ZP_MMSF_P01_PURCHASE_ORDER
    " to internal Function module name
    CALL FUNCTION 'SSF_FUNCTION_MODULE_NAME'
        EXPORTING
            FORMNAME   = 'ZP_MMSF_P01_PURCHASE_ORDER'
        IMPORTING
            FM_NAME    = fmname
    wa_cparam-no_dialog = 'X'.
    wa_output-tddest = 'LOCL'. "or 'LP01'. "Spool: Output device
    CALL FUNCTION fmname
        EXPORTING
            control_parameters         = wa_cparam
            output_options             = wa_output
            i_data                     = i_data
            wa_lookup                  = wa_data_lookup
            goods_amt                  = goods_amt
            discount_amt               = discount_amt
            vat                        = vat
            total_amt                  = total_amt
            total_amt_inwords          = total_amt_inwords

Vijaya,
I have this problem though,
Whenever I try to provide values for CONTROL_PARAMETERS and OUTPUT_OPTIONS to the sapscript call in your code, the PO printing (even the preview) does not proceed. I do this because I wanted to suppress the printer dialog.
here is a fragment of the code:
" code I added
LS_COMPOSER_PARAM-tddest = 'LOCL'. "or 'LP01'. "Spool: Output device
LS_COMPOSER_PARAM-bcs_langu = sy-langu.
LS_CONTROL_PARAM-preview = 'X'.
LS_CONTROL_PARAM-no_open = 'X'.
LS_CONTROL_PARAM-no_close = 'X'.
LS_CONTROL_PARAM-device = 'PRINTER'.
LS_CONTROL_PARAM-no_dialog = 'X'.
DO NAST_ANZAL TIMES.
*--In case of repetition only one time archiving
* if sy-index > 1 and nast-tdarmod = 3.
* nast_tdarmod = nast-tdarmod.
* nast-tdarmod = 1.
* ls_composer_param-tdarmod = 1.
* endif.
IF SY-INDEX NE 1 AND REPEAT IS INITIAL.
REPEAT = 'X'.
ENDIF.
CALL FUNCTION LF_FM_NAME
EXPORTING
ARCHIVE_INDEX = TOA_DARA
ARCHIVE_PARAMETERS = ARC_PARAMS
CONTROL_PARAMETERS = LS_CONTROL_PARAM
MAIL_RECIPIENT = LS_RECIPIENT
MAIL_SENDER = LS_SENDER
OUTPUT_OPTIONS = LS_COMPOSER_PARAM
USER_SETTINGS = SPACE
IS_NAST = NAST
IS_REPEAT = REPEAT
I tried to trace it to the function module generated by smartform. The error propagates this way: From the function module, there is a call to function SSFCOMP_PROCESS_DOCUMENT. Then inside that function, there is a perform operation to tr_ssfcomp_process_doc
perform tr_ssfcomp_process_doc using startpage docstruc
                                       header.
Inside that form, it calls the macro tr_active which checks the value of ssfcstat-trlevel (tracelevel) against c_trlevel_document. In the macro, if ssfcstat-trlevel is less than c_trlevel_document, the smartform will fail. c_trlevel_document is 15 and ssfcstat-trlevel is 0, and so the smartform fails.
(you can see the macro tr_active in include LSTXBCMAC and the form tr_ssfcomp_process_doc is in the include LSTXBCFTR)
When I do not put values in CONTROL_PARAMETERS and OUTPUT_OPTIONS, everything is ok.
Do you know why this happens?
Thanks in advance!
Edit: I have found out about transaction SFTRACE, but this is disabled.
Kyle

What is the exact purpose of Transaction NACE and NAST Table?

Hi All,
What is the exact purpose of Transaction NACE and NAST Table?
Pls help me
Akshitha.

Hi
When a Output type in an apllication doc is configured with a Medium, Partner, Lang and other communication paramters an entry is created in NAST table
so to trigger the output an entry in NAST is compulsory
Output is a link between the Driver Program and the Sapscript,
An output type summarizes messages of the same meaning. It contains parameters that are valid for all its assigned messages, for example appropriate partner functions.
Transmission medium is a medium which the layout will be come out, this may be printout, Fax or Mail
Check this link.
http://help.sap.com/saphelp_nw2004s/helpdata/en/c8/19884743b111d1896f0000e8322d00/content.htm
ex-how to config output type.
You will assign output types using Transaction NACE.
Do the follow steps to assign output type
1)Select Application Type V2 which will have description Shipping.
2)Click on Output types button.
3)Go to change mode by pressing Ctrl+F4.
4)Select one output type which already exists
5)Do Copy As(F6)
6)Give your output type against Output Type field.
7)Under General data Tab, Give Program and Form routine and Save the data.
i think it a work of functional guy but at senior level i think it is not a big deal for abaper.
Check the following documentation
In NACE t-codewe have the application for each one. based on the application output type can be defined, based on output type script and print progrma can be defined.
If suppose data can be read from EDI then we should go for condition records.
So whenever we execute the script first composer checks the output type and then execute the program. in program whenever opn form FM will be populate then script will open first. After that again program till another FM will populate if it then script will populate........like it is cycle proces. Composer does all these things and at last it will submit that output to spool.
Go to the Transaction NACE.
choose the related sub module.. like billing or shipping
doubel click on Output Types
Choose the Output Type for which whcih you wanted your script to trigger
Then select the Output Type and double click on Processing Routine
Then go to create new entries--> Select the Medium (1- print output), then enter your Script and Print Program detls --> Save and come out
Now go to the Transaction (for which you have created the output type)... Issue output--> Select the output type --> Print....
Device Types for SAP Output Devices (Detail Information)
Definition
The device type indicates the type of printer to be addressed. When you define an output device, choose the name of the device type that was defined in the SAP System for your printer model, such as Post2 for a PostScript printer. In the case of frontend printing under Microsoft Windows, you can also use the generic (device-independent) device type SWIN.
The system uses the information in the device type to convert a document from the internal SAP character representation (spool request in OTF or in text format) to a device-specific, print-ready data stream (output request). Since a device type specifies attributes that apply to all devices of a certain model, it can be shared among device definitions. For example, all devices in the SAP spool system that are compatible with Hewlett-Packard LaserJet IIID printers would use the HPLJIIID device type.
You should not confuse the device type with the printer driver. The device type is the total of all attributes of an output device that the SAP System must know to control the output device correctly, such as control commands for font selection, page size, character set selection, and so on. These attributes also include the printer driver that SAPscript/Smart Forms (the SAP form processor) should use for this printer. The SAPscript printer driver that is to be used for devices of this type for output formatting is therefore only an attribute that the device type specifies.
How do I choose the correct device type?
In most cases, the SAP System already provides the appropriate device type for the printer type for the printer model that you want to use.
These standard device types are completely defined and need no modification or extension before you use them in device definitions.
You can also download missing device types from the sapserv server. For a current list of the supported device types, see SAP Note 8928 in the SAP Service Marketplace.
Most printers can be controlled using a generic format, such as PostScript. They can be switched to a mode that is compatible with one of the standard printers for which an SAP device type is available. In this case, a supported model is emulated.
Almost all printers are delivered with Microsoft Windows printer drivers. The system can control these printers with the generic (device-independent) device type SWIN. The Microsoft Windows spool system then performs the processing of the print data.
If the specified device types are not available, and generic device types cannot be used, you must create your own device type or edit a copy of an existing device type. We recommend that only those with specialist knowledge of the SAP Spool System and printer driver code do this. For more information, see Defining a New Device Type .
Attributes of a Device Type
A device type is distinguished by the attributes listed below. If you change an existing device type or create a new device type, you must change at least some of these attributes.
Character set: A character set specifies the codes with which characters must be represented in the print-ready output stream (output request). This code replaces the generic SAP characters set that is used internally by the SAP spool system (spool request).
Printer driver: You can specify different printer drivers for printing SAPscript documents and ABAP lists.
Print controls: Print controls represent printer operations, such as boldface or changing the font size. These print control are replaced by printer-specific commands during the creation of the output request from a spool request.
Formats: Formats specify the format supported by the SAP system. The system differentiates between SAPScript formats (DINA4 and LETTER) and ABAP list formats (X_65_132 = 65 rows/132 columns).
Page format: A page format is the interface between a format and SAPscript. It specifies the paper dimensions with which SAPScript can calculate the row and column lengths.
Actions: Actions are output device-specific commands that are required for the implementation of a format. The action printer initialization, for example, can contain a printer command with which the number of rows on a page is defined. There is a set of actions for every format supported by a device type.
Reward points for useful Answers

NAC Agent reporting never shows a failure

I seem to only get reports for successful agent logins under Device MGMT>Clean Access>Clean Access Agent>Reports. Am I missing a setting somewhere? Even though I have had many failures (testing, etc) I never see a failed report. Any ideas?

Hello,
Could you please confirm what error message you are getting on the NAC agent (if using the NAC agent for posture validation)? The NAC agent will display the standard stuff such as 'temporary access', etc. The message displayed is based upon which requirement is failing, for example a standard AV installation check/rule.
Also, for this failing client, do you see a passed report or no report at all? Well, for the agents that ultimately pass posture assessment (even if a particular check/rule fails) we see a passed report. If the agent never gains access, IE never gets out of 'Temporary Access' we don't see any report. I am hoping that when a Agent fails posture assessment we will see a failed report. IE, we need a way for the service desk to be able to monitor failed sessions proactively, and with the minimal external alerts available (no email, etc) these failed reports would be key.
If we can't see no report at all, there may be something that breaks before that. I have pages and pages of successful reports, but not a single failed report.
A quick way to verify would be to collect the NAC agent's logs after a failure, under
Start > Program Files > Cisco > Client Utilities > Cisco Log Packager I don't see this installed on any of the machines with an agent? Please adivse where I can download it. Thanks.

ISE and NAC Agent

Hello, we currently run NAC for our wired (OOB), wireless (IB) and VPN (IB) enviroments. We are looking at migrating over to ISE for our wireless enviroment as a first step, with follow-up projects to move the VPN and wired clients over. I have been reading that ISE will still use the NAC agent. Our current NAC enviroment is at 4.7.2 and we are running the 4.7.2.10 agent. We do not want to upgrade this enviroment, we would rather focus on migrating to ISE. So our thought was to upgrade the clients to the latest NAC agent version 4.9.1.5. This agent is supported against the 4.7.2 NAC Manager. The problem is, I do not see this agent version listed as supported in the ISE compatibility matrix. Instead, they list a NAC agent of 4.9.0.37, which ironically, is NOT listed in the NAC compatiblity matrix. So what version of NAC agent should we run in a mixed enviroment? I am hoping 4.9.1.5 is supported against ISE, and the matrix is simply not updated yet. Thank you in advance for your help.

Not sure I understand. The 4.9.1.5 NAC agent does run against our CAM, as we have tested that and it is listed in the support matrix. So if we upgrade our NAC applainces, we would still run that agent. Does that agent tun against ISE, and if not, what is Cisco's recommendation to bring ISE into the enviroment? We have to have a migration path, and wireless seemed like a logical first step. But we need a NAC agent that will work against Clean Access AND ISE as our laptops will be wireless and wired at different times. Which Agent would be recommended?

NAC OOB VIRTUAL GW PROBLEM

Hi,
I am trying to setup a NAC OOB Virtual GW Scenario (attached is the visio schematic of the setup):
Switch: 3550 (ios 12.2(46) adv ip serv)
NAC 4130 appliances: v4.1.6 (also tried v4.5)
Switch Configuration of the trunks to the CAS):
- int f0/23 (connected to CAS e0) -> dot1q trunk with native vlan 999 and allowed vlans 199 (mgt vlan of cas) and 10 (hosts access vlan)
- int f0/21 (connected ro CAS e1) -> dot1q trunk with native vlan 998 and allowed vlans 100 (hosts authentication vlan)
- SVIs on switch: 199, 10, 200 (CAM mgt vlan), 99 (dns, dhcp)
The problem I am facing is that the host once connected to a managed port is able to acquire an ip from the access vlan from the dhcp server but is not redirected to the login page. I tried to follow some hints provided in previous posts but none of them worked for me. I configured the following:
- Login Page
- Configured IP based traffic control on the unautheticated role to permit all traffic (also host based to permit https://192.168.199.1 -> cas' ip with trusted dns my dns server 192.168.99.1)
- Managed subnet with unused ip in access vlan (192.168.10.253) and vlan id that of the auth vlan (100)
- vlan mapping between untrusted vlan 100 and trusted vlan 10
- tried to access a resolvable website by my dns from the host (as per the suggestion from a previous post for someone who was facing the same prob)
- also tried to access the cas' login page from the host with vain, eventhough it is accessible from trusted subnets
Note: I followed the configuration guide of both v4.1.6 and v4.5 and with both versions I was facing the same problem.
I would be very thankful for any hints to help me solve this issue.
Questions: When the host is connected to a managed host (assigned to the managed vlan 100) and it is assigned an ip from the a access vlan 10. Shouldn't I be able to access the managed subnet case I configured ip traffic control policy to permit all traffic from untrusted to trusted? also shouldn't I be able to resolve website's ip with "nslookup x.com" since dns traffic is by default configured and also trusted dns server 192.168.99.1 is configured?
Thanks in advance for any help.

It arised to be that the 3550/3560/3750 are not supported for Central Deployment. The problem is solved.
Cisco Catalyst 3550/3560/3750 and NAC Appliance In-Band Central Deployment
For Cisco Clean Access (NAC Appliance) in In-Band Central Deployment mode, when a Cisco Catalyst 3560/3750 series switch is used as a Layer 3 switch and if both ports of the Clean Access Server (CAS) are connected to the same 3560/3750 switch, the minimum switch IOS code required is Cisco IOS release 12.2(25)SEE.
Because caveat CSCdu27506 is not fixed on the Catalyst 3550 series switch, when the Catalyst 3550 is used as a Layer 3 switch, it cannot be used in NAC Appliance In-Band Central Deployment.
For further details, refer to switch IOS caveat CSCdu27506:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCdu27506
See also Switch Support for CAS Virtual Gateway/VLAN Mapping (IB and OOB).
Switch Support for CAS Virtual Gateway/VLAN Mapping (IB and OOB)
Table 6 describes Cisco Catalyst switch model support for the Virtual Gateway VLAN Mapping feature of the Clean Access Server for either in-band (IB) or out-of-band deployments (OOB). This table is intended to clarify CAS network deployment options when connecting the CAS in Virtual Gateway (bridge) mode to the switches listed.
Table 6 Switch Support for CAS Virtual Gateway In-Band/OOB VLAN Mapping Feature
Cisco Catalyst Switch Model Virtual Gateway
Central Deployment
(both interfaces into same switch) Edge Deployment
(each interface into different switch)
6000/6500 Yes Yes
4000/4500 Yes Yes
3750/3560 (L3 switch) Yes with 12.2(25) SEE and higher 1
Yes
3550 (L3 switch) No 1
Yes
3750/3560 (L2 switch) Yes Yes
3550 (L2 switch) Yes Yes
2950/2960 Yes Yes
2900XL No 2
Yes
3500XL Yes Yes
28xx NME Yes with 12.2(25) SEE and higher 1
Yes
1 Due to switch caveat CSCdu27506. See Cisco Catalyst 3550/3560/3750 and NAC Appliance In-Band Central Deployment for details.
2 2900 XL does not support removing VLAN 1 from switch trunks.

Wired WebAuth only with NAC Guest Server (No ACS)

Ok, I have been fighting this for two days now. I want to use the webauth function on some of our Cisco 3750Gs ver
12.2(55)SE5 for guest access. I'm trying to use our NAC Guest Server ver: 2.0.3 as the backend portal and Radius server. We do not have ACS or any of the other components of ISE or NAC. I think the issue is the NGS server is not sending the d(ACL) back to switch. Guest work work fine from our WLCs.
switch debug: No Attributes in swtich debug
Mar 22 12:56:00.448 CDT: RADIUS(0000030C): Config NAS IP: 199.46.201.26
Mar 22 12:56:00.448 CDT: RADIUS/ENCODE(0000030C): acct_session_id: 1012
Mar 22 12:56:00.448 CDT: RADIUS(0000030C): sending
Mar 22 12:56:00.448 CDT: RADIUS(0000030C): Send Access-Request to 10.199.33.20:1812 id 1645/19, len 177
Mar 22 12:56:00.448 CDT: RADIUS: authenticator 99 95 59 55 09 A9 D9 E1 - 2B 01 90 36 1B 8A 41 92
Mar 22 12:56:00.448 CDT: RADIUS: User-Name           [1]   20 "[email protected]"
Mar 22 12:56:00.448 CDT: RADIUS: User-Password       [2]   18 *
Mar 22 12:56:00.448 CDT: RADIUS: Framed-IP-Address   [8]   6   199.46.201.231
Mar 22 12:56:00.448 CDT: RADIUS: Service-Type        [6]   6   Outbound                  [5]
Mar 22 12:56:00.448 CDT: RADIUS: Message-Authenticato[80] 18
Mar 22 12:56:00.448 CDT: RADIUS:   A2 57 B5 F2 A6 FB 46 71 D0 EA 26 54 95 90 F4 D0             [ WFq&T]
Mar 22 12:56:00.448 CDT: RADIUS: Vendor, Cisco       [26] 49
Mar 22 12:56:00.448 CDT: RADIUS:   Cisco AVpair       [1]   43 "audit-session-id=C72EC91A000002FC0A6CD698"
Mar 22 12:56:00.448 CDT: RADIUS: NAS-Port-Type       [61] 6   Ethernet                  [15]
Mar 22 12:56:00.448 CDT: RADIUS: NAS-Port            [5]   6   50106
Mar 22 12:56:00.448 CDT: RADIUS: NAS-Port-Id         [87] 22 "GigabitEthernet1/0/6"
Mar 22 12:56:00.448 CDT: RADIUS: NAS-IP-Address      [4]   6   199.46.201.26
Mar 22 12:56:00.448 CDT: RADIUS(0000030C): Started 5 sec timeout
Mar 22 12:56:01.454 CDT: RADIUS: Received from id 1645/19 10.199.33.20:1812, Access-Reject, len 20
Mar 22 12:56:01.454 CDT: RADIUS: authenticator 92 98 05 84 6E 4B CF DD - B5 D7 90 25 10 59 7B E7
Mar 22 12:56:01.454 CDT: RADIUS(0000030C): Received from id 1645/19
NGS log:
rad_recv: Access-Request packet from host 199.46.201.26 port 1645, id=19, length=177
    User-Name = "[email protected]"
    User-Password = "5rRmpPt9"
    Framed-IP-Address = 199.46.201.231
    Service-Type = Outbound-User
    Message-Authenticator = 0xa257b5f2a6fb4671d0ea26549590f4d0
    Cisco-AVPair = "audit-session-id=C72EC91A000002FC0A6CD698"
    NAS-Port-Type = Ethernet
    NAS-Port = 50106
    NAS-Port-Id = "GigabitEthernet1/0/6"
    NAS-IP-Address = 199.46.201.26
+- entering group authorize {...}
[radius-user-auth]     expand: %{User-Name} -> [email protected]
[radius-user-auth]     expand: %{User-Password} -> 5rRmpPt9
[radius-user-auth]     expand: %{NAS-IP-Address} -> 199.46.201.26
[radius-user-auth]     expand: %{Calling-Station-Id} ->
Exec-Program output:                          Note: no attributes here
Exec-Program: returned: 1
++[radius-user-auth] returns reject
Delaying reject of request 12 for 1 seconds
Going to the next request
Waking up in 0.6 seconds.
Similar debug from NGS but auth request from WLC: See attributes are sent to wlc although not needed
rad_recv: Access-Request packet from host 10.100.16.100 port 32770, id=22, length=152
    User-Name = "[email protected]"
    User-Password = "5rRmpPt9"
    Service-Type = Login-User
    NAS-IP-Address = 10.100.16.100
    NAS-Port = 13
    NAS-Identifier = "ICTWLC01"
    NAS-Port-Type = Ethernet
    Airespace-Wlan-Id = 514
    Calling-Station-Id = "10.198.12.211"
    Called-Station-Id = "10.100.16.100"
    Message-Authenticator = 0xc9383e767f0c228a2b8a0ece7069f366
+- entering group authorize {...}
[radius-user-auth]     expand: %{User-Name} -> [email protected]
[radius-user-auth]     expand: %{User-Password} -> 5rRmpPt9
[radius-user-auth]     expand: %{NAS-IP-Address} -> 10.100.16.100
[radius-user-auth]     expand: %{Calling-Station-Id} -> 10.198.12.211
Exec-Program output: Session-Timeout := 20002004, cisco-AVPair += priv-lvl=15, cisco-AVPair += auth-proxy:proxyacl#1=permit ip any any
Exec-Program-Wait: plaintext: Session-Timeout := 20002004, cisco-AVPair += priv-lvl=15, cisco-AVPair += auth-proxy:proxyacl#1=permit ip any any
Exec-Program: returned: 0
++[radius-user-auth] returns ok
[files] users: Matched entry DEFAULT at line 1
++[files] returns ok
Found Auth-Type = Accept
Auth-Type = Accept, accepting the user
+- entering group post-auth {...}
[sql]     expand: %{User-Name} -> [email protected]
[sql] sql_set_user escaped user --> '[email protected]'
[sql]     expand: %{User-Password} -> 5rRmpPt9
[sql]     expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', NOW()) -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('[email protected]', '5rRmpPt9', 'Access-Accept', NOW())
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('[email protected]', '5rRmpPt9', 'Access-Accept', NOW())
rlm_sql (sql): Reserving sql socket id: 12
rlm_sql_postgresql: Status: PGRES_COMMAND_OK
rlm_sql_postgresql: query affected rows = 1
rlm_sql (sql): Released sql socket id: 12
++[sql] returns ok
Sending Access-Accept of id 22 to 10.100.16.100 port 32770
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Accounting-Request packet from host 10.100.16.100 port 32770, id=30, length=170
config:
aaa new-model
aaa authentication login default group radius
aaa authentication login console group tacacs+ line
aaa authentication enable default group tacacs+ enable
aaa authorization console
aaa authorization exec default group tacacs+ none
aaa authorization auth-proxy default group radius
aaa accounting auth-proxy default start-stop group radius
aaa accounting exec default stop-only group tacacs+
aaa accounting commands 15 default stop-only group tacacs+
ip device tracking
ip auth-proxy auth-proxy-banner http ^C HawkerBeechcraft Guest Network ^C
ip auth-proxy proxy http login expired page file flash:expired.html
ip auth-proxy proxy http login page file flash:login.html
ip auth-proxy proxy http success page file flash:success.html
ip auth-proxy proxy http failure page file flash:failed.html
ip admission auth-proxy-banner http ^C HawkerBeechcraft Guest Network ^C
ip admission proxy http login expired page file flash:expired.html
ip admission proxy http login page file flash:login.html
ip admission proxy http success page file flash:success.html
ip admission proxy http failure page file flash:failed.html
ip admission name web-auth-guest proxy http inactivity-time 60
dot1x system-auth-control
identity policy FAILOPEN
access-group PERMIT
interface GigabitEthernet1/0/6
switchport access vlan 301
switchport mode access
ip access-group pre-webauth-guest in
no logging event link-status
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust device cisco-phone
mls qos trust dscp
no snmp trap link-status
auto qos voip cisco-phone
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input AutoQoS-Police-CiscoPhone
ip admission web-auth-guest
ip http server
ip http secure-server
ip access-list extended PERMIT
permit ip any any
ip access-list extended pre-webauth-guest
permit udp any any eq bootps
permit udp any any eq domain
permit tcp any host 10.199.33.20 eq 8443
permit tcp any host 10.199.33.21 eq 8443
permit tcp any host 10.100.255.90 eq 8443
deny   ip any any log
ip radius source-interface Vlan301
radius-server attribute 8 include-in-access-req
radius-server dead-criteria tries 2
radius-server host 10.199.33.20 auth-port 1812 acct-port 1813 key 7 022E5C782C130A74586F1C0D0D
radius-server vsa send authentication
I get the login and AUP page then the failed page... I never see the priv-lvl 15 or the proxyacl? How do I do this with Guest server only?
Help!

Without the ACS, only with the NAC guest is possible?
They can send me sample configuration?

NAC web agent question

Hi,
I need to know when can i use the NAC web agent??? is it used for guests or visitors only????
If i used NAC web agent for guests , can i perform posture assessment for the guest users ( i mean check windows update , AV/AS or certain services)?? or network scanning will be only applied to the guests who are using NAC web agent????
i read the userguide of 4.7.1 of CAM and CAS but i have some conflicts regarding the above topic , so please i need your help.
Mohamed

Mohamed,
You can use it for any kind of users (guest/regular) and can do posture assessment, but no remediation. Remediation requires the full agent. The other limitation is that the web agent is only valid on Windows machines and cannot run on Mac/Linux etc.
HTH,
Faisal

How to assign scripts in nace?

what is the use of nace?

Hi,
In NACE transaction, We will assign the Form name and the driver program name and the corresponding routine to be triggered in the driver program.
We should be able to tell the system to pick up the desired form layout and trigger the routine and get the data from the database and put it on to the form. All these stuff the system will come to know from the NACE settings.
NACE is used to create output type while creating the output type you will mention forms, and driver program.
that will be maintained in the table TNAPR.if you create the output type using NACE then it will be automatically visible in table NAST and TNAPR.
so check in NAST, TNAPR table
You can view all forms and driver programs for standard SAP Scripts.
Assigning Form and Driver proram to an Output type is as follows.
1) Go to NACE transaction
2) Select an Applicatin(V1-Sales,V2-Shipping,V3-Billing)
3) Click on Outputtypes Button
4) Comes to Change Mode
5) Click on New Entries button
6) Specify Output type,Form name and Program and Save it.
Regards,
Priyanka.
http://help.sap.com/saphelp_erp2005/helpdata/en/c8/1989fe43b111d1896f0000e8322d00/frameset.htm
Condition records in NACE?

Uses of nace

Similar Messages

Maybe you are looking for