VRF selector using PBR or Source IP address
Could anyone can tell which is the better choice of VRF selector using PBR or Source IP address? From Cisco doc, VRF selection based on Source take advance over PBR. My feeling is that PBR may match more criterias than just match source IP address.
Thanks
I would personally use the "VRF selection based on source IP address" only where the "VRF selection using PBR" is not available since the latter is a superset of the former.
Hope this helps,
Similar Messages
-
Ip igmp snooping querier on Nexus, what source IP address to use?
Am looking at a problem with servers in the same vlan across multiple switches that are unable to communicate using multicast. I have found that in the systen I'm to set up I need to apply the ip igmp snooping querier command, in the vlan, but it needs a source IP address.
Different documents make conflicting recommendations for this address, one suggests that any unused address will do, another suggests to use the IP address that is configured on the SVI for the vlan.
Which is correct?Eventually I had to ask Cisco TAC, the response was that any IP address within the subnet could be used. The recommendation was to allocate an unused address in the vlan subnet for this purpose, use the same address on multiple switches should resiliance be required.
-
Windows 2008 R2
ISCSI Initiator favourites revert to using the IPv6 or the apipa IP address from other NICs instead of the source IP address that I specified.
When I manually connect to multiple targets and specify the correct ISCSI source IP address, I check the favourites and everything looks okay. But when the server is rebooted I check the favourites again and the source IP is now referencing the IPv6 and
sometimes the apipa address.
I have unbound IPv6 from the ISCSI NICS but this has made no difference.
Can anyone explain why this is happening?
Although the server still reconnects to the storage oaky, I’m concerned that if a path goes down that is might try to use the wrong interface to re-establish a connection.
Thanks.Hi,
IPV6 is supported with MS iSCSI. Do you have Multiple Connections per Session (MCS) configured? Is your storage configured to use both IPv4 and IPv6?
If yes, please see if http://support.microsoft.com/kb/2014131 helps.
Hope this helps.
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Doing Source IP address NAT. Using 1 address vs using many
I have a few implimentations where I am using source groups to do NAT on the client's source IP address. It is possible to always translate the source IP address to the same one, or to have it be different depending on the content rule you hit.
Is there any advantage of one over the other?Thanks for the thoughts. I am aware of the content rule limitation, and actually, (depending on your definition of PAT vs NAT) the CSS can do NAT of the source IP address using source groups and an ACL. It can translate the source IP address of an incoming packet from a client into a different IP address. You don't really have a pool of addresses like you do on a Cisco router, you can specify a single IP address to translate the source address to, or different ones depending on the content rule you hit, so it is kind of like NATing with overload on a router. I am doing it now.
The basic steps for doing NAT on the source(I.E.-Client's) IP address are:
group [groupx]
ip address [source address you want to change client IP to]
active
acl 1
clause 10 permit any any destination [VIP of content rule] sourcegroup [groupx]
apply circuit-(VLANx)
If the inbound packet on VLANx matches all the criteria in the clause statement, the "sourcegroup" part of the clause statement links you to the ip address that you want to NAT your client's source address to.
You can build on this and make it as fancy as you like, even translating the source address to different addresses depending on the content rule you hit. I'm just wondering if there is an advantage of using many different IP addresses over using just one. -
Is there possible to specify the source ip address used for Radius
I have a cat6509 configured to talk to Radius server (ACS), as I understood that the IP address used by Cat6k to talk to ACS is by using the nearest interface ip, can i explicitly specify the source address used by Cat6k in this case ?
thanks in advance.I am not clear whether you are asking about talking to Radius from the switch or from the MSFC? If it is from the MSFC you are correct that by default it will use as source address the address of the outbound interface. On the MSFC you can use the command: ip radius source-interface to specify what address to use.
On the switch I think that it will source its packets to Radius using the management/console IP address rather than the outbound interface. So no command is needed to specify the source interface.
HTH
Rick -
XT-100HD Quits working after RESET using XA-C30 Source Selector on CDX-GT630UI
I constantly Have to reset my headunit to get the HD tuner to work It only works once or twice Then when I turn onthe ignition again
The head unit wont display or tune to HD radio I have tried running the HD tunerto different BUS ins on the XA-C30 source selector
but it doesnt work evn after RESET Installation manual says to hook up XM to BUS in 1 then MY CDX-757MX CD changer Then HD
radio BUS ins 1 2 3 Have tried changing the order of bus ins NO luck !!! Maybe connect HD BUS out to source selector control in then source selector 2 to hd 100 in (i pod adapter in) Keep XM on Source selector 1 then use bus passthru on xm for changer or leave changer connected to source selector 3 ??? Still need to have headunit connected to source selector somehow ??? HELP!!!! Maybe run Separate constant power to battery on the HD tuner ??? AM using CMP200UCA XM tuner &SONY adapter cable CNPSON that has cd changer BUS pssthru Wherw do I hook up the headunit???Hello Rich,
Welcome to the Sony Community.
Such an issue happens due to issues during installation. Unfortunately, Sony does not provide installation support. It is recommended that the installation be completed by a qualified professional installer.
Basic mounting instructions are available in the documentation included with your car stereo system. Manuals are also available online and can be downloaded using the below link.
http://esupport.sony.com/US/p/select-system.pl?DIRECTOR=DOCS
If my post answers your question, please mark it as an "Accepted Solution." -
Serial interfaces, ip vrf forwarding, and PBR with set vrf
I am doing some work with VRF-lite but I am having some trouble with serial interfaces. I have a PE router with a serial interface where I want to take incoming traffic and using policy-based routing send the traffic to the appropriate VRF. I want to assign the serial interface itself to be in one of those VRFs, not the global routing table. Eventually, I also want to overlap the VPNs/VRFs to send traffic going out the serial interface through the VRF assigned to the serial interface. Initially, it looks something like this:
ip vrf VRF1
rd 65000:3
route-target export 65000:3
ip vrf VRF2
rd 65000:18
route-target import 65000:3
ip route vrf VRF1 10.90.51.0 255.255.255.0 192.168.11.18
interface Serial0/0/0
ip vrf forwarding VRF1
ip address 192.168.11.17 255.255.255.252
router bgp 65000
no synchronization
bgp log-neighbor-changes
no auto-summary
address-family ipv4 vrf VRF1
redistribute static
no auto-summary
no synchronization
exit-address-family
ip access-list extended remote-source
permit ip 10.90.0.0 0.0.255.255 any
route-map SERIAL-INCOMING permit 100
match ip address remote-source
set vrf VRF2
But if I try to turn on the policy based routing at the serial interface, I get an error:
Router(conf)#interface Serial0/0/0
Router(config-if)#ip policy route-map SERIAL-INCOMING
% Can not apply route-map SERIAL-INCOMING to this interface
% Either remove 'set vrf' from route-map or unconfigure 'ip vrf forward'
I can sort of get around the problem by using an "ip vrf receive" instead of "ip vrf forward", but unfortunately, that leaves my Serial interface in the global table which isn't what I wanted.
What troubles me is that I can do this without any problems on an Ethernet interface. Are there any known issues with "ip vrf forward" and using PBR and "set vrf" on Serial interfaces, or have I configured something wrong?
If I stick with the "ip vrf receive", how can I force the physical Serial interface into the appropriate VRF?
Thanks.
Clarke Morledge
College of William and MaryUpon further investigation....
The serial interface issue was a red herring. It just so happens that every other time I've done this it has been on a flavor of 12.2x on a 6500/7600 where this feature is supported. The only systems I have with Serial interfaces are 1841s.
The problem with the 1841 is that most of the code revisions out there do not support this feature. It was only added to the regular code train with the recent release of 12.2(24)T. I tested with 12.2(24)T1 and you are now able to use "ip vrf forwarding" on all interfaces along with a PBR route-map that uses the "set vrf" option.
Thanks, Laurent, for pointing me towards the TAC on this.
Clarke Morledge
College of William and Mary -
Vrf lite and PBR on the same sub interface
Hi,
I have a connection point to point on subinterface between PE and CE and use EBGP as routing protocol. The CE are router Cisco7609 and on the subinterface i apply "ip vrf forwarding WAP". Inside this vpn / vrf that I defined before I want to do pbr, so to route the traffic based on the source Ip address. I cannot use the "vrf select" because it is not supported on this platform. So I would like to know if I can do pbr on this subinterface and how can I do it, just only configuring the "ip policy route-map WAP" under the same sub interface where I confgure ip vrf forwarding?
Thanks
IraUse the route map as a noraml thing.
To match the all the ip address there should not be any match statement in the route map. -
Source ip address for icmp messages not what is expected
We have a router that has interfaces in multiple VRFs. One interface sits on an interface that is routed on the Internet. Other interface sits on a VRF that is in a private address space and is used for WAN connectivity. The strange behavior that I'm seeing is related to icmp messages coming off the router. It appears that scanners hitting the Internet-facing interface cause the router to generate icmp messages (type 3) that are source using the IP address of the WAN-facing interface and they are routed across the WAN, into our data center and dropped by our firewall due to anti-spoofing rules. Is this normal behavior? Doesn't seem normal to me. Is this behavior something that can be changed via configuration?
probabaly some body attacking you
you need inbound access-list in Internet-facing interface.
and you need to filtr private source addresses classes A, B, C
ip access-list extended InWorld
deny ip any 192.168.0.0 0.0.255.255
deny ip any 172.16.0.0 0.15.255.255
deny ip any 10.0.0.0 0.255.255.255
permit ip any any
interface FastEthernet0
description Internet-facing interface
ip address 9.2.3.6 255.255.255.252
ip access-group InWorld in
later you will see hit counts
sh access-lis
here is detailed explanation
http://www.techrepublic.com/article/prevent-ip-spoofing-with-the-cisco-ios/
they using more complicated acces-list
In a typical IP address spoofing attempt, the attacker fakes the source of packets in order to appear as part of an internal network. David Davis tells you three ways you can make an attacker's life more difficult—and prevent IP address spoofing.
As you know, the Internet is rife with security threats, and one such threat is IP address spoofing. During a typical IP address spoofing attempt, the attacker simply fakes the source of packets in order to appear as part of an internal network. Let's discuss three ways you can protect your organization from this type of attack.
Block IP addresses
The first step in preventing spoofing is blocking IP addresses that pose a risk. While there can be a reason that an attacker might spoof any IP address, the most commonly spoofed IP addresses are private IP addresses (RFC 1918) and other types of shared/special IP addresses.
Here's a list of IP addresses—and their subnet masks—that I would block from coming into my network from the Internet:
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
127.0.0.0/8
224.0.0.0/3
169.254.0.0/16
All of the above are either private IP addresses that aren't routable on the Internet or used for other purposes and shouldn't be on the Internet at all. If traffic comes in with one of these IP addresses from the Internet, it must be fraudulent traffic.
In addition, other commonly spoofed IP addresses are whatever internal IP addresses your organization uses. If you're using all private IP addresses, your range should already fall into those listed above. However, if you're using your own range of public IP addresses, you need to add them to the list.
Implement ACLs
The easiest way to prevent spoofing is using an ingress filter on all Internet traffic. The filter drops any traffic with a source falling into the range of one of the IP networks listed above. In other words, create an access control list (ACL) to drop all inbound traffic with a source IP in the ranges above.
Here's a configuration example:
Router# conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# ip access-list ext ingress-antispoof
Router(config-ext-nacl)# deny ip 10.0.0.0 0.255.255.255 any
Router(config-ext-nacl)# deny ip 172.16.0.0 0.15.255.255 any
Router(config-ext-nacl)# deny ip 192.168.0.0 0.0.255.255 any
Router(config-ext-nacl)# deny ip 127.0.0.0 0.255.255.255 any
Router(config-ext-nacl)# deny ip 224.0.0.0 31.255.255.255 any
Router(config-ext-nacl)# deny ip 169.254.0.0 0.0.255.255 any
Router(config-ext-nacl)# permit ip any any
Router(config-ext-nacl)# exit
Router(config)#int s0/0
Router(config-if)#ip access-group ingress-antispoof in
Internet service providers (ISPs) must use filtering like this on their networks, as defined in RFC 2267. Notice how this ACL includes permit ip any any at the end. In the "real world," you would probably have a stateful firewall inside this router that protects your internal LAN.
Of course, you could take this to the extreme and filter all inbound traffic from other subnets in your internal network to make sure that someone isn't on one subnet and spoofing traffic to another network. You could also implement egress ACLs to prevent users on your network from spoofing IP addresses from other networks. Keep in mind that this should be just one part of your overall network security strategy.
Use reverse path forwarding (ip verify)
Another way to protect your network from IP address spoofing is reverse path forwarding (RPF)—or ip verify. In the Cisco IOS, the commands for reverse path forwarding begin with ip verify.
RPF works much like part of an anti-spam solution. That part receives inbound e-mail messages, takes the source e-mail address, and performs a recipient lookup on the sending server to determine if the sender really exists on the server the message came from. If the sender doesn't exist, the server drops the e-mail message because there's no way to reply to the message—and it's very likely spam.
RPF does something similar with packets. It takes the source IP address of a packet received from the Internet and looks up to see if the router has a route in its routing table to reply to that packet. If there's no route in the routing table for a response to return to the source IP, then someone likely spoofed the packet, and the router drops the packet.
Here's how to configure RPF on your router:
Router(config)# ip cef
Router(config)# int serial0/0
Router(config-if)# ip verify unicast reverse-path
Note that this won't work on a multi-homed network.
It's important to protect your private network from attackers on the Internet. These three methods can go a long way toward protecting against IP address spoofing. For more information on IP address spoofing, read "IP Address Spoofing: An Introduction."
Is IP address spoofing a major concern for your organization? What steps have you taken to protect the company? Have you used RPF? Share your experiences in this article's discussion.
and dont forget to rate post -
How to create a report using XML data source from Crystal Report Designer
Hi,
Iu2019m having Crystal Report Designer XI R2 SP4. Iu2019m trying to create a report using XML data source stored on disk. This is a customer order report and the xml is structured in such a way that it has an order details header part (master) and then it has several order lines (detail). One order line can have several order line characteristics (detail-detail). So what I need to know is now I can design this layout from the designer. If this was done using views I can do it with sub-reports but using xml data this seems to be different. Can you help me to design this layout? I have included the xml and xsd as well.
Thank you in advance.
Regards,
Chanaka
XML
<?xml version="1.0" encoding="UTF-8"?>
<CUSTOMER_ORDER_CONF_REP_REQUEST xmlns:xsi="http://www.w3.org/2001/XMLSchema" xmlns="urn:ifsworld-com:customer_order_conf_rep">
<CUSTOMER_ORDER_CONF_REP>
<ORDER_NO>D555809</ORDER_NO>
<PRINTED_DATE>2009-03-26T08:52:54</PRINTED_DATE>
<AUTHORIZE_NAME>Chanaka</AUTHORIZE_NAME>
<CUSTOMER_NO>CU-1473-INV</CUSTOMER_NO>
<CUST_NAME>Mr.Johan Matts</CUST_NAME>
<SHIP_ADDR_1>93,Main Street</SHIP_ADDR_1>
<SHIP_ADDR_2>Negambo Road</SHIP_ADDR_2>
<SHIP_ADDR_3>Watthala</SHIP_ADDR_3>
<SHIP_ADDR_4>SRI LANKA</SHIP_ADDR_4>
<BILL_ADDR_1>93,Main Street</BILL_ADDR_1>
<BILL_ADDR_2>Negambo Road</BILL_ADDR_2>
<BILL_ADDR_3>Watthala</BILL_ADDR_3>
<BILL_ADDR_4>SRI LANKA</BILL_ADDR_4>
<CUSTOMER_PO_NO>112984638</CUSTOMER_PO_NO>
<CUSTOMER_FAX>112984639</CUSTOMER_FAX>
<CUSTOMER_EMAIL>abcbababab</CUSTOMER_EMAIL>
<ORDER_LINES>
<ORDER_LINE>
<LINE_NO>1</LINE_NO>
<CUSTOMER_PART_NO>NW-IP11</CUSTOMER_PART_NO>
<CUSTOMER_PART_DESC>iPod</CUSTOMER_PART_DESC>
<SALE_UNIT_PRICE>1200</SALE_UNIT_PRICE>
<PRICE_TOTAL>1200</PRICE_TOTAL>
<DISCOUNT>0</DISCOUNT>
<PRICE_QTY>1</PRICE_QTY>
<ORDER_LINE_CHARACTERSTICS>
<CHARACTERISTIC_ITEM>
<CHARACTERISTIC_ID xsi:nil="1"/>
<CHARACTERISTIC_VALUE xsi:nil="1"/>
</CHARACTERISTIC_ITEM>
</ORDER_LINE_CHARACTERSTICS>
</ORDER_LINE>
<ORDER_LINE>
<LINE_NO>2</LINE_NO>
<CUSTOMER_PART_NO>NW-IP24</CUSTOMER_PART_NO>
<CUSTOMER_PART_DESC>XGA Projector</CUSTOMER_PART_DESC>
<SALE_UNIT_PRICE>500</SALE_UNIT_PRICE>
<PRICE_TOTAL>1500</PRICE_TOTAL>
<DISCOUNT>0</DISCOUNT>
<PRICE_QTY>3</PRICE_QTY>
<ORDER_LINE_CHARACTERSTICS>
<CHARACTERISTIC_ITEM>
<CHARACTERISTIC_ID>1</CHARACTERISTIC_ID>
<CHARACTERISTIC_VALUE>Free Instalation</CHARACTERISTIC_VALUE>
</CHARACTERISTIC_ITEM>
</ORDER_LINE_CHARACTERSTICS>
</ORDER_LINE>
<ORDER_LINE>
<LINE_NO>3</LINE_NO>
<CUSTOMER_PART_NO>NW-IP02</CUSTOMER_PART_NO>
<CUSTOMER_PART_DESC>Sony DVD Player</CUSTOMER_PART_DESC>
<SALE_UNIT_PRICE>1000</SALE_UNIT_PRICE>
<PRICE_TOTAL>1000</PRICE_TOTAL>
<DISCOUNT>0</DISCOUNT>
<PRICE_QTY>1</PRICE_QTY>
<ORDER_LINE_CHARACTERSTICS>
<CHARACTERISTIC_ITEM>
<CHARACTERISTIC_ID>1</CHARACTERISTIC_ID>
<CHARACTERISTIC_VALUE>Free 5 DVDs</CHARACTERISTIC_VALUE>
</CHARACTERISTIC_ITEM>
</ORDER_LINE_CHARACTERSTICS>
</ORDER_LINE>
<ORDER_LINE>
<LINE_NO>4</LINE_NO>
<CUSTOMER_PART_NO>NW-IP99</CUSTOMER_PART_NO>
<CUSTOMER_PART_DESC>Flatscreen TV</CUSTOMER_PART_DESC>
<SALE_UNIT_PRICE>1500</SALE_UNIT_PRICE>
<PRICE_TOTAL>1350</PRICE_TOTAL>
<DISCOUNT>10</DISCOUNT>
<PRICE_QTY>1</PRICE_QTY>
<ORDER_LINE_CHARACTERSTICS>
<CHARACTERISTIC_ITEM>
<CHARACTERISTIC_ID>1</CHARACTERISTIC_ID>
<CHARACTERISTIC_VALUE>Free Delivery</CHARACTERISTIC_VALUE>
</CHARACTERISTIC_ITEM>
<CHARACTERISTIC_ITEM>
<CHARACTERISTIC_ID>2</CHARACTERISTIC_ID>
<CHARACTERISTIC_VALUE>1 year additional warranty</CHARACTERISTIC_VALUE>
</CHARACTERISTIC_ITEM>
</ORDER_LINE_CHARACTERSTICS>
</ORDER_LINE>
<ORDER_LINE>
<LINE_NO>5</LINE_NO>
<CUSTOMER_PART_NO>NW-IP56</CUSTOMER_PART_NO>
<CUSTOMER_PART_DESC>Sony MP3 Player</CUSTOMER_PART_DESC>
<SALE_UNIT_PRICE>200</SALE_UNIT_PRICE>
<PRICE_TOTAL>400</PRICE_TOTAL>
<DISCOUNT>0</DISCOUNT>
<PRICE_QTY>2</PRICE_QTY>
<ORDER_LINE_CHARACTERSTICS>
<CHARACTERISTIC_ITEM>
<CHARACTERISTIC_ID>1</CHARACTERISTIC_ID>
<CHARACTERISTIC_VALUE>Free carry belt</CHARACTERISTIC_VALUE>
</CHARACTERISTIC_ITEM>
<CHARACTERISTIC_ITEM>
<CHARACTERISTIC_ID>2</CHARACTERISTIC_ID>
<CHARACTERISTIC_VALUE>Free promotional 4GB memory bar</CHARACTERISTIC_VALUE>
</CHARACTERISTIC_ITEM>
<CHARACTERISTIC_ITEM>
<CHARACTERISTIC_ID>3</CHARACTERISTIC_ID>
<CHARACTERISTIC_VALUE>No warranty on memory bar</CHARACTERISTIC_VALUE>
</CHARACTERISTIC_ITEM>
</ORDER_LINE_CHARACTERSTICS>
</ORDER_LINE>
</ORDER_LINES>
</CUSTOMER_ORDER_CONF_REP>
</CUSTOMER_ORDER_CONF_REP_REQUEST>
XSD
<?xml version="1.0" encoding="UTF-8"?>
<?report module="ORDER" package="CUSTOMER_ORDER_CONF_REP" ?>
<xs:schema targetNamespace="urn:ifsworld-com:customer_order_conf_rep" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns="urn:ifsworld-com:customer_order_conf_rep" elementFormDefault="qualified" attributeFormDefault="unqualified">
<xs:element name="CUSTOMER_ORDER_CONF_REP_REQUEST">
<xs:complexType>
<xs:all minOccurs="1" maxOccurs="1">
<xs:element name="CUSTOMER_ORDER_CONF_REP">
<xs:complexType>
<xs:choice minOccurs="0" maxOccurs="50">
<xs:element name="ORDER_NO" nillable="true" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:maxLength value="2000"/>
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="PRINTED_DATE" type="xs:dateTime" nillable="true" minOccurs="0"/>
<xs:element name="AUTHORIZE_NAME" nillable="true" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:maxLength value="2000"/>
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="CUSTOMER_NO" nillable="true" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:maxLength value="2000"/>
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="CUSTOMER_PO_NO" nillable="true" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:maxLength value="2000"/>
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="CUST_NAME" nillable="true" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:maxLength value="2000"/>
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="SHIP_ADDR_1" nillable="true" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:maxLength value="2000"/>
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="SHIP_ADDR_2" nillable="true" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:maxLength value="2000"/>
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="SHIP_ADDR_3" nillable="true" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:maxLength value="2000"/>
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="SHIP_ADDR_4" nillable="true" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:maxLength value="2000"/>
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="BILL_ADDR_1" nillable="true" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:maxLength value="2000"/>
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="BILL_ADDR_2" nillable="true" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:maxLength value="2000"/>
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="BILL_ADDR_3" nillable="true" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:maxLength value="2000"/>
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="BILL_ADDR_4" nillable="true" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:maxLength value="2000"/>
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="CUSTOMER_FAX" nillable="true" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:maxLength value="2000"/>
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="CUSTOMER_EMAIL" nillable="true" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:maxLength value="2000"/>
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="ORDER_LINES" nillable="true" minOccurs="0">
<xs:complexType>
<xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:element name="ORDER_LINE">
<xs:complexType>
<xs:choice minOccurs="0" maxOccurs="39">
<xs:element name="LINE_NO" nillable="true" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:maxLength value="2000"/>
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="SALE_UNIT_PRICE" type="xs:float" nillable="true" minOccurs="0"/>
<xs:element name="PRICE_TOTAL" type="xs:float" nillable="true" minOccurs="0"/>
<xs:element name="DISCOUNT" type="xs:float" nillable="true" minOccurs="0"/>
<xs:element name="PRICE_QTY" type="xs:float" nillable="true" minOccurs="0"/>
<xs:element name="CUSTOMER_PART_NO" nillable="true" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:maxLength value="4000"/>
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="CUSTOMER_PART_DESC" nillable="true" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:maxLength value="4000"/>
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="ORDER_LINE_CHARACTERSTICS" nillable="true" minOccurs="0">
<xs:complexType>
<xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:element name="CHARACTERISTIC_ITEM">
<xs:complexType>
<xs:choice minOccurs="0" maxOccurs="6">
<xs:element name="CHARACTERISTIC_ID" nillable="true" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:maxLength value="2000"/>
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="CHARACTERISTIC_VALUE" nillable="true" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:maxLength value="2000"/>
</xs:restriction>
</xs:simpleType>
</xs:element>
</xs:choice>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:choice>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:choice>
</xs:complexType>
</xs:element>
</xs:all>
</xs:complexType>
</xs:element>
</xs:schema>Hi Sourashree,
Thank you for the response and ideas you have given me so far. I can get the fetch the data from the data source without any problem. That is I do the following,
1. New Report
2. From Create New Connection-> XML
3. Provide the u201CLocal XML Fileu201D and have u201CSpecify Schema Fileu201D checked -> Next
4. Provide the u201CLocal Schema Fileu201D -> Finish
Then I can see the following under XML
+ CUSTOMER_ORDER_CONF_REP_REQUEST
CUSTOMER_ORDER_CONF_REP_REQUEST
CUSTOMER_ORDER_CONF_REP_REQUEST/CUSTOMER_ORDER_CONF_REP
CUSTOMER_ORDER_CONF_REP_REQUEST/ CUSTOMER_ORDER_CONF_REP/ORDER_LINES
CUSTOMER_ORDER_CONF_REP_REQUEST/ CUSTOMER_ORDER_CONF_REP/ORDER_LINES/ORDER_LINE
CUSTOMER_ORDER_CONF_REP_REQUEST/ CUSTOMER_ORDER_CONF_REP/ORDER_LINES/ORDER_LINE/ORDER_LINE_CHARACTERSTICS
CUSTOMER_ORDER_CONF_REP_REQUEST/ CUSTOMER_ORDER_CONF_REP/ORDER_LINES/ORDER_LINE/ORDER_LINE_CHARACTERSTICS/CHARACTERSTIC_ITEM
And from here if I add the following three I can get all the fields I need to the report
CUSTOMER_ORDER_CONF_REP_REQUEST/CUSTOMER_ORDER_CONF_REP
CUSTOMER_ORDER_CONF_REP_REQUEST/ CUSTOMER_ORDER_CONF_REP/ORDER_LINES/ORDER_LINE
CUSTOMER_ORDER_CONF_REP_REQUEST/ CUSTOMER_ORDER_CONF_REP/ORDER_LINES/ORDER_LINE/ORDER_LINE_CHARACTERSTICS/CHARACTERSTIC_ITEM
Then I come to the Linking section. Here I canu2019t link anything. There is a common field called u201CInternal_IDu201D but I canu2019t link using it. So I get a message when I click Next. From here I add all the fields.
For this point onwards only I need help. How do I group, add fields and design the layout so I can get an report output as follows.
Date
Order number Authorized code
Customer No
Name
Phone
Fax email
Shipping address 1 Billing Address 1
Shipping address 2 Billing Address 2
Shipping address 3 Billing Address 3
Shipping address 4 Billing Address 4
Order Line 1 detailsu2026u2026u2026u2026u2026u2026u2026u2026u2026u2026u2026u2026u2026 LINE_NO CUSTOMER_PART_NO CUSTOMER_PART_DESC SALE_UNIT_PRICE PRICE_QTY DISCOUNT PRICE_TOTAL
Characteristic details belonging to Order line 1 CHARACTERISTIC_ID 1 CHARACTERISTIC_VALUE1
CHARACTERISTIC_ID 2 CHARACTERISTIC_VALUE2
CHARACTERISTIC_ID 3 CHARACTERISTIC_VALUE3
Order Line 2 detailsu2026u2026u2026u2026u2026u2026u2026u2026u2026u2026u2026u2026u2026u2026
Characteristic details belonging to Order line 2
Order Line 3 detailsu2026u2026u2026u2026u2026u2026u2026u2026u2026u2026u2026u2026u2026u2026
Characteristic details belonging to Order line 3
Order Line 4 detailsu2026u2026u2026u2026u2026u2026u2026u2026u2026u2026u2026u2026u2026u2026
Characteristic details belonging to Order line 4
Order Line 5 detailsu2026u2026u2026u2026u2026u2026u2026u2026u2026u2026u2026u2026u2026u2026
Characteristic details belonging to Order line 5
How can I achieve this kind of a layout using the give xml and xsd? Should I use grouping if so how should I do the grouping?
I have included the full xml and xsd in the first mail I posted but I canu2019t see it now. I can include that again if you want.
Regards,
Chanaka -
ACE NAT configuration - is it possible to use a different source PAT IP per rserver in a serverfarm?
Hi,
I've a quick question regarding using PAT (port address translation) on an ACE module specifically for the purpose of load-balancing requests to a cluster of Exchange CAS servers.
Each CAS server needs to see requests from the same source IP which can be achieved by using source NAT / PAT but due to the scale of this Exchange deployment a single NAT pool with one PAT'd IP will not provide enough ports (i.e. there may well be more than ~64,000 ports required at any one time).
Is it possible to configure PAT on the ACE so that each individual rserver will see requests from a unique source PAT address, i.e., each rserver sees a different source PAT IP, i.e., in order to provide ~64,000 ports per source PAT IP <-> CAS server pair as opposed to ~64,000 ports shared between all the CAS servers?
If so, does anyone have any configuration examples (based on a single-armed configuration)?
TIAHi Tia,
I don't think we can do this. We can easily configure a different nat pool per serverfarm but not per rserver.
--Olivier -
Redirect based on source IP address????
I have a site that I don't want our competitors to view! By
tracking code, I have managed to obtain their source IP addresses.
After looking around, there is a .php solution to my problem
but my host is not well suited to .php files (although it does some
processing).
My pages are in .shtml (to process css drop-down menus
correctly) and I understand that this attached code, if put at the
top of the page before anything else, will work.
I have managed to get one working
http://www.donbur.co.uk/gb/newindex.php
but am having difficulty getting this code to work elsewhere.
The problem is, when I try to put this code into either a
template or as an include, it won't process correctly or the page
won't render at all.
Do I have to use .php files or can I insert php script into
an .shtml document.
Getting really confused now.... HELPThanks for the constructive advice...
quote:
>After looking around, there is a .php solution to my
problem but my host is not well
>suited to .php files (although it does some processing).
What does this mean? Does your hosting plan include php
support or not?
You can't just put a php script into any page. It needs to be
a .php page or you need to reconfigure the server to parse other
pages for php. But if your hosting plan doesn't support php then it
won't work in any case.
My host is BT Internet and they claim not to process .php
files which is why our main .php site is hosted elsewhere; however,
it seems that, although it has difficulty (to clarify: doesn't
render) with main full scripts, it does seem to process simple
<?php echo commands for example.
It has been suggested on another forum that the .shtml files
are set to be recognised by .php in the cpanel but our host will
not do this...
Our competitors are not particularly smart or up-to-date and
this would have been reasonably effective; however, I bow to better
judgement and close this topic. -
Load balancing based on source IP address
Hi,
I configured a CSS to balance the load depending on source IP address to suppport a application feature in the server.
We have two firewalls and behind we have different users. We have also two servers behind the CSS.
Firewalls perform NAT with a unique outside IP address. So, for example, in these conditions the CSS balances requests coming from FW 1 to server 1 and requests coming from FW 2 to server 2. Is it correct this scenario?
Is it possible that requests coming from FW 1 could be forwarded to Server 2 and viceversa?
Could anyone answer me?
Thanks in advance.
Best regards.
Giuseppe.Giuseppe,
it all depends on how you configured your CSS.
Did you use an ACL to force traffic from SRC1 to server1 and traffic from SRC2 to server2 ?
Or did you simply configure sticky based on source ip or a source ip hash loadbalancing ?
Except the ACL, all other methods do not guarantee that the traffic will be splitted in 2.
Gilles. -
Route call based on source IP address
Hello Guys,
Is there a way to route calls based on source IP address?
I want to redirect calls to specific queues based on the ip of the phone who's starting it.
Any ideas?
Thanks in advance.
Filipe LeiteHi Filipe
I'm assuming here that you are using CallManager rather than CME?
One option might be to use the 'device mobility' feature to assign a specific CSS to devices based on their IP subnet. That CSS could have the appropriate partitions to route to a seperate trigger that directs calls to a separate CSQ.
Of course, whether you can do this depends on whether it would be appropriate to override the device CSS in this way.
Aaron -
Log connection attempts and source IP address for connections that fail/timeout on RADIUS
How can I log the connection attempts and source IP address for connections that fail RADIUS authentication? I'm using RD Gateway on 2012 R2 in conjunction with Azure Multi-Factor Authentication Server on another 2012 R2 server. When a user fails
multifactor authentication or the authentication times out, all I get is Security event 6273 on the RD Gateway that the radius server did not process the request, and only the radius server's IP is logged. There's nothing logged in TerminalServices-Gateway\Operational
because the TS Gateway hasn't yet processed the connection attempt (all auditing options for RD Gateway are enabled). The MFA/Radius Server is only logging the connection from the TSGateway - it doesn't know the original client's IP address.
I'm looking for the equivalent of an IIS log - somewhere the RD Gateway should log the initial HTTPS connection attempt and the source IP address of the client. I need to be able to track down potentially fraudulent login attempts.Hi,
Thank you for your posting in Windows Server Forum.
This error might be caused by one of the following conditions:
• The user does not have valid credentials
• The connection method is not allowed by network policy
• The network access server is under attack
• NPS does not have access to the user account database on the domain controller
• NPS log files or the SQL Server database are not available
To perform these procedures, you must be a member of Domain Admins.
Please check for more information:
Event ID 6273 — NPS Authentication Status
http://technet.microsoft.com/en-us/library/cc735399(v=ws.10).aspx
Hope it helps!
Thanks.
Dharmesh Solanki
Maybe you are looking for
-
Ipad air crash to apple screen
Hi I had a very stable ipad 2, upgraded to ipad air but have found a few issues. Although the colours are great it doesnt feel as stable. I get a few crashes here and there which is annoying as my ipad 2 on ios5 and ios6 ran like a dream. Is it i
-
I lose saved tabs after closing Firefox 7.0.1/Vista
I have configured FF through Options to save tabs when closing. I shut down my system every night, and approximately once every 2 weeks when restarting FF it can't recover my previous session. The "We're embarrassed..." window option to restore tabs
-
IPhoto 2.1 to iPhoto 4.0 Must you purchase 4.0?
iPhoto 2.1 to iPhoto 4.0 Must you purchase 4.0? Trying to install pictures on a Nano and can't until I have a later version of iphoto (4.0 on) Do I need to purchase a later version of iPhoto to do this. Kris (Kansas)
-
Dear , I buied I phone from USA and I sent to Iraq to use it there but when used it I get this message : The SIM card that you currently have installed in this iPhone is from a carrier that is not supported under the activation policy that is curren
-
Why won't the Thunderbolt port (Mini Display) on a 2011 MacBook Pro drive a DVI Display?
I'm trying to use a MonoPrice 5106 Mini Display to DVI adapter and a DVI cable to drive an Acer H233H 23" HD display. I'm driving it from the Thunderbolt Port (Mini Display) on a 2011 MacBook Pro. It doesn't work. I use a similar MonoPrice adapter