WLC 8510 Time Based ACL Support

Similar Messages

• Time based ACLs

  Time based ACLs seems not be be supported on IOS XR (4.0.x, A9k). Are there any plans to support this feature on XR?
  cheers,
  michel

  Hi Michel,
  You are correct, it is not supported and not on the roadmap.
  You can use EEM functionality tough to achieve this.
  Regards,
  /A
  Sent from Cisco Technical Support iPad App

• Asr1000 and time-based acl

  Hi
  We use 7206 as a PPPoE BRAS. All user sessions are rate limited using MQC on virtual-access interfaces.
  Rate changes dependng of the time of day. It's imlemented using time-based acl. Now we want to migrate to asr1000,
  but that router doesn't support time-based acl according to Cisco FN.
  Question is how to change user traffic rates on asr1000 on time of day basis?

  radius attribute nas-port-type through rate-limit (firewall)
  http://conft.com/en/US/docs/ios/security/command/reference/sec_r1.html#wp1062750

• Time Based Publishing not supported in WPC

  Hi all,
  I want to implement Time Based Publishing for some WPC resources (for example: web articles or paragraphs, ie: not for pages, but resources).
  Sadly, it seems that is not allowed. There is the following note: 1310768 - Time Based Publishing not supported in WPC.
  Does anyone know an alternative way to achieve this TBP behavior? I thought developing some task scheduler service, or perhaps a namespace filter.... , some help will be thanked!
  Question aside: I don't understand why standard TBP is not supported, being a WPC's web article a standard KM resource. Don't you find strange?
  Thanks in advance,
  Best regards,
  Marcelo

  In case anyone is interested, I asked SAP about it.
  They said that TBP for WPC is only available to pages, and since 7.3 is the only time based publishing feature available for WPC. Beside that, they made clear the difference betweeen WPC and KMC... I supposed (wrong) that WPC was relied on KMC,
  So.. I'm really stuck on this.
  I'll keep this question opened in case anyone could help or maybe share an idea,
  Thanks in advance
  Best regards,
  Marcelo

• Adobe Configurator and deprecated Flash-based panel support in Adobe CC products

  Does Configurator 4.0 (or Configurator 3) support the creation of HTML5-based panels?
  I received the following email from Adobe: 
  Photoshop CC, starting in the middle of 2014, will remove support for Flash-based extensions. All other Creative Cloud products have already marked Flash-based panel support as deprecated at this time, meaning no future enhancements or bug fixes will be coming for Flash-based extensions.
  The current version of Photoshop CC already includes support for a new type of HTML5 based panel. We are currently working on a new version of Adobe Extension Builder designed specifically to support the creation of these HTML5 based panels.  You can download a free preview here: http://labs.adobe.com/technologies/extensionbuilder3/.
  Details about developing HTML5 extensions for Photoshop as well as for other Creative Cloud products are available in the Extension Builder pre-release program here: https://adobeformscentral.com/?f=6V6IgvE0yLQQ7bgadxNXaw .   You can also join the Photoshop developers' prerelease program for details specific to Photoshop.  If you're interested, please let me know and I will get you setup.
  Will the panels created by Configurator 4.0 work in PS CC after the middle of 2014 when support for Flash-based extensions is removed from Photoshop CC?  For that matter, will the panels created in Configurator 3.0 work in PS CC after the middle of 2014?

  I've carefully read all the posts here and would like to give my feedback on the whole question. I'm a professional retoucher and a teacher as well, and during my professional carrer I've built dozens of panels.
  I do really take advantage of boosting my productivity with any customized panel, as automation is something that adds speed, reliability and dramatically reduce errors during repetitive tasks. Therefore, I can't live without it.
  Now, I  understand why Adobe wants to move towards HTML 5, but please give us the ability to keep our work at the same level of efficiency we currently have. Photoshop is not for amateurs, it's a professional software. And professionals must keep their productivity, for sure they can't afford any loss of it, especially in these times!
  Moving from Flash to HTML 5  means rebuilding all the existing panels from scratch: how much this will cost to us in terms of time (and money) if we could have an HTML 5 version of Configurator? And how much, if we don't have a tool like Configurator at all? Three times, ten times as much? Maybe Adobe knows the answer, not me, I'm not a coder. But I'd like to know this answer.
  Further, picture this: I've taught several classes for at least  five intercontinental companies on how to build actions and organize them into panels for improving their productivity. Every time the response was the same: BOOM!
  They had a huge speed improvement in their daily workflows, and started to build dozens of panels by themselves for any possibile use. It was like opening a Pandora's box for them (their words).
  Every one who attended my classes, have taught the same topic inside their company and the reaction was always the same. So now, in every company in which I've taught building panels and actions, there are hundreds of panels for many different uses, all over the world. Of course, as 100% of them were specifically built for internal use, they shared the panels among them, but not outside their company.
  Many of them who are now mid-advanced users, have written to me asking how they could keep their panels working correctly in the next CC version of Photoshop. I have no solution for them, unless many of them become coders. That's a bad answer, I must admit, but no way out right now.
  Their reply to me was very straight: "well, we won't upgrade any copy of Photoshop until we can keep our panels working correctly for sure. For us is much more important being productive and efficient than upgrading to the latest version, if this means to lower our performance, no doubt."
  Adobe wanted to integrate all their softwares into the Creative Cloud. So far so good, I'm for it. But when you decide to integrate everything saying to the world that "it's for the sake of a better productivity", then you must really integrate them. Otherwise people will think that it was only a commercial move. So why we can't build panels for the applications inside Muse, for example? It was introduced to allow people to build  websites quickly and efficiently using HTML 5, taking care about the layout instead of investing too much time in coding.
  Exactly what Configurator allowed to do. Focus on the result with minimal time cost, aka money cost.
  World is running faster, therefore we need to work faster too. And without Configurator we won't. I can't disagree with all the people that won't upgrade Photoshop, if this means that they'll work slower because they can't use their panels carefully made by themselves. Photoshop is a tool for producing ideas and other nice stuff, like any software. The faster it is, the most people will like it, the better will sold. A simple truth. Think about what happened to Apple Finalcut ProX and how many users switched to Premiere. Photoshop has no competitors except new versions of itself.
  And this does not apply only the CC users. Look at the bigger picture: how many users still using CS6 with all their fully working panels won't upgrade to CC if they know they'll reduce their productivity?
  Think about the answer. Carefully.

• Sales orders in TDMS company/time based reduction  are outside the scope

  Guys,
  I have had some issues with TDMS wheras it didn't handle company codes without plants very well. That was fixed by SAP. But I have another problem now. If I do a company code and time based reduction, It doesn't seem to affect my sales orders in VBAK/VBUK as I would have expected. I was hoping it would only copy sales orders across that have a plant which is assigned to a company code that was specified in the company code based reduction scenario. That doesn't seem to be the case.
  VBAK is now about one third of the size of the original table (number of records). But I see no logic behind the reduction. I can clearly see plenty of sales documents that have a time stamp way back from what I specified in my copy procedure and I can see others that have plant entries that should have been excluded from the copy as they do belong to different company codes than the ones I specified.
  I was under the impression that TDMS would sort out the correct sales orders for me but somehow that doesn't seem to be happening. I have to investigate further as to what exactly it did bring across but just by looking at what's in the target system I can see plenty of "wrong" entries in there either with a date outside the scope or with a plant outside the scope.
  I can also see that at least the first 10'000 entries in VBAK in the target system have a valid from and to date of 00.00.0000 which could explain why the time based reduction didn't work?
  Did you have similar experiences with your copies? Do I have to do a more detailed reduction such as specifying tables/fields and values?
  Thanks for any suggestions
  Stefan
  Edited by: Stefan Sinzig on Oct 3, 2011 4:57 AM

  The reduction itself is not based on the date when the order was created but the logic enhances it to invoices and offers, basically the complete update process.
  If you see data that definitely shouldn't be there I'd open an OSS call and let the support check what's wrong.
  Markus

• In sm_crm automatically populate service and response profiles based on support team

  Hi All,
  i have a requirement that in SM_CRM transaction while creating a incident user wants to automatically populate service and response profiles based on support team name.
  i have checked for BADI's but dint find any which automatically populates service and response profiles at the time of creation of the ticket.
  Kindly help!!

  Hi Shaswat
  This doesn't work as mentioned in the wiki page and SLA doesn't get determined by the org unit or support team via customizing.
  We reported this to SAP and got a feedback that this is not supported and will be removed in future from the access sequence.
  Therefore the only option is to implement badi i.e. crm_sladet_badi and use BADI determination in ur acess sequence to call this badi.
  hope this clarifies
  Thanks
  Prakhar

• Time based stacking does not work for 0 seconds

  Related to my previous note about stacking DNG with CR2, it appears that selecting 0 time interval for stacking does not work the way I would expect.
  A 0 time interval for stacking should mean that all times that are exactly the same (ie. DNG from CR2 file) get merged. This does not happen. It would seem that a time interval of 1 second is required to stack a DNG that comes from a CR2 file together.
  So if I have a CR2 file that was taken at 11:23:34 and convert it to DNG, I now have two files taken at 11:23:34.
  If I use the "time based stacking" and select 0 second gap, they will not be stacked together.
  I need to use a 1 second gap.
  It would be nice to see this fixed

  Reset SMC.     http://support.apple.com/kb/HT3964
  Choose the method for:
  "Resetting SMC on portables with a battery you should not remove on your own".

• MAC-based ACL in wireless router

  Hi,
  I have a AIR-AP1262N wireless rotuer. I have implemented many mac based ACL in it. A sample looks like this.
  access-list 715 permit 6427.37e0.8379   0000.0000.0000
  access-list 715 permit e006.e933.901d   0000.0000.0000
  access-list 715 permit 88cb.8278.40e8   0000.0000.0000
  access-list 715 permit 6427.37e0.d1ng   0000.0000.0000
  access-list 715 deny   0000.0000.0000   ffff.ffff.ffff
  Now what ever new mac I want to allow, the acl that I configure is going below the deny rule and it is not working.
  Is there any way to move it before the deny rule or should I delete the whole config and re-enter it every time.

  Please try the below commands and update that it is working or not
  show mac access-lists name
  and then
  resequence mac access-list name starting-sequence-number increment/decrement

• TDMS - time based reduction - receiver system deletion

  Experts,
  I'm doing a time based reduction.  I'm on the step "Start Deletion of Data in Receiver System".  It's been running for over 18hours.
  But I don't see any jobs running in SM66 on the Central/Control or Sender or Reciever systems.
  When I click on the "Task" button, I see it has completed 8,444 of 12,246  sub activites.  There are 3,802 not yet started.
  We're on all the latest levels of DMIS and ECC.
  Any ideas?
  Thanks
  NICK

  Ashley and Niraj,
  Hey, I'm all for tips/tricks so don't worry about messing up my thread.
  I completely shut down the central/control system via stopsap and restarted.  Still it was in "running" status but no jobs were running on sender/rec or central/control.
  So I tried the trouble-shooting but it was un-clear to me what to do.
  I ended up highlighting the phase I reference earlier, then doing "execute" again.  The status changes from the "truck" to a green flag and I started to see jobs run again on the receiver system.  Again they have stopped, but I see another job scheduled to run in a few minutes....It's just weird, I didn't run into this on my last time-based copy.
  I'll post a few things I've learned to increase performance:
  RDISP/MAX_WP_RUNTIME = 0
  At LEAST 25 WP and 25 BCK procs
  rec/client = OFF
  RDISP/BTCTIME = 60
  RUN STATS regularly
  TAKE OUT OF ARCHIVELOG MODE
  Read/Impl these notes:
  Read theseu2026Update these parameters
  o TD05X_FILL_VBUK_1 Note 1058864
  o TD05X_FILL_VBUK_2 Note 1054584
  o TD05X_FILL_BKPF Note 1044518
  o TD05X_FILL_EBAN Note 1054583
  o TD05X_FILL_EQUI Note 1037712
  Set these oracle index on rec system:
  Table: QMIH
    fields: MANDT, BEQUI
  Table: PRPR
    fields: MANDT, EQUNR
  Table: VBFA
    fields: MANDT, VBELN, VBELV, POSNV
  set parameter u2018P_CLUu2019 to u2018Yu2019 in the following
  activities before you start the activities for filling internal header tables:
  TD05X_FILL_BKPF
  TD05X_FILL_CE
  TD05X_FILL_EKKO
  TD05X_FILL_VBUK
  TD05X_FILL_VBUK_1
  TD05X_FILL_VBUK_2
  TD05X_FILL_VSRESB
  TD05X_FILL_WBRK_1
  run TCODE CNVMBTACTPAR, specify the project number to do this
  IMPORTANT TCODEs
  CNV_MBT_TDMS_MY  Main TDMS starting point     
  CNVMBTMON  Process Monitor (must know your project number)
  DTLMON  MWB transfer monitor
  CNVMBTACTPAR  activity parameters
  CNVMBTACTDEF  MBT PCL activity maint
  CNVMBTTWB  TDMS workbench to develop scrambling rules
  CNV_TDMS_HCM_SCRAM  run in SENDER system for scrambling functionality
  Reports
  CNV_MBT_PACKAGE_REORG  to reorganize TDMS projects..aka delete
  CNV_MBT_DTL_FUGR_DELETE  deletes function groups associated with old projects
  Tables
  CNVMBTUSEDMTIDS   lists obsolete MTIDs
  IMPORTANT NOTES
  Note 894307 - TDMS: Tips, tricks, general problems, error tracing
  Note 1405597 - All relevant notes for TDMS Service Pack 12 and above
  Note 1402704 - TDMS Composite Note : Support Package Independent
  Note 890797 - SAP TDMS - required and recommended system settings
  Note 894904 - TDMS: Problems during deletion of data in receiver system
  Note 916763 - TDMS performance "composite SAP note"
  Note 1003051 - TDMS 3.0 corrections - Composite SAP Note
  Note 1159279 - Objects that are transferred with TDMS
  Note 939823 - TDMS: General questionnaire for problem specification
  Note 897100 - TDMS: Generating profiles for TDMS user roles
  Note 1068059 - To obtain the optimal deletion method for tables (receiver)
  Note 970531 - Installation and delta upgrade of DMIS 2006_1
  Note 970532 - Installation of DMIS Content 2006_1
  Note 1231203 - TDMS release strategy (Add-on: DMIS, DMIS_CNT, DMIS_EXT...)
  Note 1244346 - Support Packages for TDMS (add-on DMIS, DMIS_CNT, ...)
  I'm doing this for an ECC system running ecc 6.0 EHP6 by the way.
  Still any help with my issue on the delete would be helpful. but post tips I don't kwnow about
  NICK

• WLC 5760 centralized mode Flexconnect support?

  Hi all,
  I am currently digging through the documentation about the 5760 WLC and converged access mode and found one particular information, which I need more clarification for.
  This is the link
  http://www.cisco.com/en/US/prod/collateral/wireless/ps6302/ps8322/ps12598/qa_c67-726507.html
  And here the specific snippet:
  Q. What deployment modes can the Cisco 5760 WLC and Cisco Catalyst 3850 support?
  A. The Cisco 5760 WLC can operate in centralized mode (also known as local  mode) as well as converged access mode, whereas the Cisco Catalyst 3850  operates in converged access mode. At this time, there is no support  for office-extend access points, indoor or outdoor mesh, or FlexConnect  access points on the Cisco 5760 WLC and Cisco Catalyst 3850.
  Now my questions are:
  Does this apply to the converged access mode only or also centralized mode?
  Do 5508/WiSM2 WLCs still support APs in the specified modes even when using the new mobility architecture?
  When is it planned to add support for the new platforms, if at all?
  Hoping for some answers!
  Regards,
  Patrick

  Hi Patrick,
  Why not post your question here;
  https://supportforums.cisco.com/thread/2220448
  There's an open forum Converged Access Q&A session on the go direct with Cisco...
  Richard

• Time-based access controls

  Hello all,
  Is there a time-based access control that can be configured for a 4.2 WCS+WiSM setup either in the WCS or controller? Or am I limited to the ACLs for my Wireless VLAN on the switch. Ultimately, I would like to be able to configure certain APs to accept/deny connections at specific times of the day. Any suggestions would be appreciated. Thank you in advance for your time and help.
  Charles

  Currently, IP and IPX extended access lists are the only functions that can use time ranges. The time range allows the network administrator to define when the permit or deny statements in the access list are in effect. Prior to this feature, access list statements were always in effect once they were applied. Both named or numbered access lists can reference a time range.
  For the further description following URL for the Time-Based Access Lists will help you.
  http://www.cisco.com/en/US/docs/ios/12_0t/12_0t1/feature/guide/timerang.html#wp10236
  I hope it may help you.

• What is a time based scenario in TDMS?

  We need only to transfer the data from the last 90 days.
  We know we should use time based scenario. However we cannot find instruction how to implement this scenario.
  Could you help?  Thanks!

  Hi
  Describing how to do time based reduction using TDMS will not be possible over this medium. It is recommended that you refer to the TDMS guides (specifically the Solution operation guide). Refer to the following thread for the same -
  Links, Documents, Support Pack Schedule
  However i will brief you some steps - Once you are on the TDMS overview screen do the following steps -
  1) create project
  2) create sub-project
  3) create package (use the option "initial package for time based reduction from the popup")
  4) once the package screen appears execute various activities of the package in correct order. Detailed documentation for each activity is available on the package screen.
  I hope this helps
  Pankaj

• WRVS4400N2 IP based ACL and Firewall not blocking WAN

  I'm trying to block all Internet access (except for 2 IPs) to my Windows Home Server 2011. I've tried blocking with IP based ACL on my WRVS4400N2 (bridged through a Ubee cable modem) without luck. Tried creating a Connection Security Rule with the server firewall...without luck. The following ports are forwarded in the router (7, 9, 80, 443, 3389, 4125).
  The latest IP based ACL settings I've used (enabled, listed by priority):
  ACTION -- SERVICE -- SOURCE -- SOURCE IP -- DESTINATION -- TIME -- DAY
  Allow -- All Protocal -- WAN -- XXX.XXX.XXX.XXX -- Any -- Any Time -- Any Day
  Allow -- All Protocal -- WAN -- YYY.YYY.YYY.YYY -- Any -- Any Time -- Any Day
  Deny -- All Protocal -- WAN -- Any -- Any -- Any Time -- Any Day
  How can I block access from the Internet?   

  Hi,
  Thank you for replying. However I have already tried as you have suggested and it is still not working.
  My Single Port Forwarding looks like this:
  Application: SMTP External Port: 25 Internal Port: 25 Protocol: TCP IP Address: 192.168.xxx.xxx Enabled: Yes
  My rules in IP Based ACL look like this (columns from left to right):
  1 YES Allow SMTP WAN 203.xxx.xxx.xxx 192.168.xxx.xxx Any Time Every Day  
  2 YES Deny SMTP WAN ANY ANY Any Time Every Day 
  My goal is to only allow 203.xxx.xxx.xxx to have access to port 25 on 192.168.xxx.xxx. However, even with the rules above enabled, all external hosts have access to port 25 on 192.168.xxx.xxx.

• RVS4000 IP Based ACL and NAT

  Hi,
  I'm having an issue with a Linksys RVS4000 which doesn't appear to be behaving as I think it should.
  I need to forward a port (Single Port Forwarding) through to an internal NAT host. However, I only want that host/port to be accessible from one host on the internet, for security reasons.
  I have created the port forwarding entry and this works fine. I then created two rules in IP Based ACL - one to block all access to that port from the WAN interface and one to allow access from a single host.
  However, it appears that when a port forwarding entry is added, it will completely bypass the ACL and allow all traffic for that port/host by default.
  Is this the correct behaviour?
  Firmware version is v1.2.11
  Regards,
  Adam

  Hi,
  Thank you for replying. However I have already tried as you have suggested and it is still not working.
  My Single Port Forwarding looks like this:
  Application: SMTP External Port: 25 Internal Port: 25 Protocol: TCP IP Address: 192.168.xxx.xxx Enabled: Yes
  My rules in IP Based ACL look like this (columns from left to right):
  1 YES Allow SMTP WAN 203.xxx.xxx.xxx 192.168.xxx.xxx Any Time Every Day  
  2 YES Deny SMTP WAN ANY ANY Any Time Every Day 
  My goal is to only allow 203.xxx.xxx.xxx to have access to port 25 on 192.168.xxx.xxx. However, even with the rules above enabled, all external hosts have access to port 25 on 192.168.xxx.xxx.