More ports numbers in ACL taking AAGR more?
Hello
If I use the permit tcp any any eq 1 8 10 15 instead of below:
permit tcp any any eq 1
permit tcp any any eq 8
permit tcp any any eq 10
permit tcp any any eq 15
With the help of all the port in the same line numbers will use more ACL AAGR? According to my understanding, if we define a range to an ACL line, which would reserve a portion of the AAGR for this range, but there is no if booked AAGR, we define a single port as in permit tcp any any eq 1.
Then, will be permit tcp any any eq 1 8 10 15 be also part of the AAGR just like using " " 1-4range "" and I have to take into account the use of resources while using this?
Hi Vivek,
I see. Well, honestly, I don't know for you. These questions are extremely specific to the platform, and each router platform and switch supporting ACL can implement these things differently.
A note: I see you are using a router ISR G2 3945. These devices, to my knowledge, do not have an AAGR and that they do not become ACL in a hardware dedicated. SRI (x 800) and routers ISR G2 (x 900) are software-based and ACL is processed on the CPU. Specifically on these platforms, there is no need to worry about the use of the AAGR - because there is no AAGR there at all.
Best regards
Peter
Tags: Cisco Network
Similar Questions
-
Finding FTDI Chip COM Port numbers
I have been seaching for an easy way to get the port numbers COM from FTDI chips namely trying to connect to a device or not. FTDI Chip has LabVIEW drivers on this page , but they use an ID (Handle) number to communicate with the devices. Here's how to for those who are interested...
Manual SEO FTDI Chip...
http://www.ftdichip.com/support/documents/ProgramGuides/D2XX_Programmer%27s_Guide%28FT_000071%29.PDF
All functions in the manual call "" FTD2XX. "." FTDI Chip D2XX driver DLL"which is installed with. A call not included in the LabVIEW drivers is the "FT_GetComPortNumber" function that uses a identification number (handle) for a COM port number
Attatched is the FTDI Chip drivers edited with two screws again:
(1) FT_Get_Com_Port_Number.vi
(2) Demo.vi COM get Port number
Block diagrams:
1)
2)
-
On a port or vlan has no need of the acl filtering is more effective to have nothing or only allow an ip? I understand that there is a value default implicit deny ip any one to block whatever it is not allowed in a statement of permit to proceed, but I guess that this applies only if an acl is attributed so I think that if you just allow a whole ip in an acl with out all deny before he better not waste time processor running through a filter acl packets Since there is nothing to reject anyway i.
Hello Vini, if I interpret correctly, there is no need of an access list as there just no need system resources.
-Tom
Please mark replied messages useful -
Redirect Port RV042 bypassing ACL
I have a RV042 with Port Forwarding configured for RDP. This Port forwarding rule is applied before my ACL - sort of subnets that are not allowed through are allowed in. Version 4.0.0.07 firmware. Any help would be greatly appreciated.
Hi Eric, the default state table may be the problem.
Try to access rule something like -
Deny action
Service of all
The source WAN interface
IP source everything
Destination IP everything
Save
Permitted action
RDP service
The source WAN interface
Source IP - xx.xx.xx.xx
Destination IP - xx.xx.xx.xx
Save
-Tom
Please mark replied messages useful -
Diagrams of network with port numbers
Hello
Only, I am relatively new to VM view so please point me in the right direction.
I am looking for a diagram of network/infrastructure, showing how I connect to the Vmware View portal and start a virtual office. I found diagrams that tell me how it works through the server security seen however in my case I don't mean that I'm not implement a security server view (unless it can do just HTTP and not HTTPS). The more specific the better.
Can someone point me in the right direction by chance?
See you soon
Jase
There is a framework for 3 to disable the need for SSL. It is a global setting and affects everyone in.
-
Hello
I installed 11g R2 database and also installed weblogic server and oracle forms/reports/discoverer.
I also installed EM and EM database for oracle forms/reports/discoveter.
I just had a brain collapse and did not know to which port is used (I have auto config) to EM, for oracle database EM, for oracle forms/reports etc.
Is there a command or way of knowing what service uses ports?
for example. EM database uses 5500, oracle weblogic uses 7001. Is there any command that can tell me this info.?
Thank you
LabaPL identify the exact versions of installed software, as well as the version of the OS.
For EM, pl, see http://docs.oracle.com/cd/E11882_01/install.112/e24186/ports.htm#NTDBI2930
For WL 11 GR 1 material, see http://docs.oracle.com/cd/E21764_01/core.1111/e10105/portnums.htm
HTH
Srini -
Map of policy port 6880 - error AAGR re configured L4OPs
Hello
I work with a QoS configuration for the 6880-X-THE with 6800Ia aircraft. Configuring QoS, policymap, classes, ACL etc. have all been accepted very well.
I can apply a policy to an interface, but when I do I get the following errors come upward:
* Oct 13 03:13:55.832: % EARL_CM-SW1-5-NOL4OP: configured L4OPs exceeds the programmable limit for AAGR = 0
* Oct 13 03:13:55.828: % EARL_CM-SW2_STBY-5-NOL4OP: configured L4OPs exceeds the programmable limit for AAGR = 0
* 03:13:58.360 13 Oct: % QM-SW1-4-TCAM_ENTRY: input material AAGR programming failed to switch 1 slot 5 Gi141, 1, 0, 1 dir IN intf:error Req AAGR: FAIL (4): low AAGR entries (1)
* 03:13:58.360 13 Oct: % QM-SW1-4-TCAM_ENTRY: input material AAGR programming failed to switch 2 slot 5 Gi141, 1, 0, 1 dir IN intf:error Req AAGR: FAIL (4): low AAGR entries (1)
* 03:13:58.360 13 Oct: % QM-SW1-4-TCAM_ENTRY: input material AAGR programming failed to switch 1 slot 5 Gi141, 1, 0, 1 dir IN intf:error Req AAGR: FAIL (4): low AAGR entries (1)
* 03:13:58.360 13 Oct: % QM-SW1-4-TCAM_ENTRY: input material AAGR programming failed to switch 2 slot 5 Gi141, 1, 0, 1 dir IN intf:error Req AAGR: FAIL (4): low AAGR entries (1)
* 03:13:58.360 13 Oct: % QM-SW1-4-TCAM_ENTRY: input material AAGR programming failed to switch 1 slot 5 Gi141, 1, 0, 1 dir IN intf:error Req AAGR: FAIL (4): low AAGR entries (1)
* 03:13:58.360 13 Oct: % QM-SW1-4-TCAM_ENTRY: input material AAGR programming failed to switch 2 slot 5 Gi141, 1, 0, 1 dir IN intf:error Req AAGR: FAIL (4): low AAGR entries (1)
* 03:13:58.360 13 Oct: % QM-SW1-4-TCAM_ENTRY: input material AAGR programming failed to switch 1 slot 5 Gi141, 1, 0, 1 dir IN intf:error Req AAGR: FAIL (4): low AAGR entries (1)
* 03:13:58.360 13 Oct: % QM-SW1-4-TCAM_ENTRY: input material AAGR programming failed to switch 2 slot 5 Gi141, 1, 0, 1 dir IN intf:error Req AAGR: FAIL (4): low AAGR entries (1)
* 03:13:58.360 13 Oct: % QM-SW1-4-TCAM_ENTRY: input material AAGR programming failed to switch 1 slot 5 Gi141, 1, 0, 1 dir IN intf:error Req AAGR: FAIL (4): low AAGR entries (1)
* 03:13:58.360 13 Oct: % QM-SW1-4-TCAM_ENTRY: input material AAGR programming failed to switch 2 slot 5 Gi141, 1, 0, 1 dir IN intf:error Req AAGR: FAIL (4): low AAGR entries (1) I checked the quota police QoS and they look OK. Is there anything else I should look at?
NewLevel4Switch #sh platform hardware capacity qos
QoS resources police
Aggregate controllers: Sw/Mod used total% used
1/5 16384 16 1%
2/5 16384 16 1%
Configurations of policeman MicroFlow: Sw/Mod used total% used
1/5 128 1 1%
2/5 128 1 1%
Configurations of policeman NetFlow: Sw/Mod used total% used
1/5 384 0 0%
2/5 384 0 0%
Aggregate configurations to police: Sw/Mod used total% used
1/5 1024 8 1%
2/5 1024 8 1%
Distributed controllers: Total % used used (s)
4096 1 1%
Entries of QoS AAGR: Sw/Mod Total used % used
1/5 16384 1171 7%
2/5 16384 1171 7%Thank you
David.
Hi David,
I've confirmed the problem that you see on your 6880 s is due to the limit of L4Op 9. I put your config in the laboratory and see the same thing:
6800 - VSS (config) #int Duration1/5/1
6800 - VSS(config-if) #service - political TAG-INCOMING-MARKING-AND-POLICE entry
6800 - VSS(config-if) #end
6800 VSS #.
* 05:34:20.419 Oct 14: % SYS-SW2-5-CONFIG_I: configured from console by console
* 14 Oct 05:34:19.567: % EARL_CM-SW1_STBY-5-NOL4OP: configured L4OPs exceeds the programmable limit for AAGR = 0
* 05:34:22.115 Oct 14: % QM-SW2-4-TCAM_ENTRY: input material AAGR programming failed to switch 1 slot 5 intf Te1/5/1 dir IN:error Req AAGR: FAIL (4): low AAGR entries (1)
* 05:34:22.115 Oct 14: % QM-SW2-4-TCAM_ENTRY: input material AAGR programming failed to switch 1 slot 5 intf Te1/5/1 dir IN:error Req AAGR: FAIL (4): low AAGR entries (1)
* 05:34:22.115 Oct 14: % QM-SW2-4-TCAM_ENTRY: input material AAGR programming failed to switch 1 slot 5 intf Te1/5/1 dir IN:error Req AAGR: FAIL (4): low AAGR entries (1)
* 05:34:22.115 Oct 14: % QM-SW2-4-TCAM_ENTRY: input material AAGR programming failed to switch 1 slot 5 intf Te1/5/1 dir IN:error Req AAGR: FAIL (4): low AAGR entries (1)
* 05:34:22.115 Oct 14: % QM-SW2-4-TCAM_ENTRY: input material AAGR programming failed to switch 1 slot 5 intf Te1/5/1 dir IN:error Req AAGR: FAIL (4): low AAGR entries (1)
* 14 Oct 05:34:22.115: % FMCORE-SW2-6-RACL_ENABLED: TenGigabitEthernet1/5/1 Interface routed traffic is material in the direction of penetrationFor example, I advanced and used only a subset of your policy-map (match around the class 6 cards, each card class corresponding to a DSCP value).
6800 - VSS #$e entry acl interface Duration1/5/1 qos IP switch 1 module 5
mls_if_index:8100000 dir:0 function: 1 proto:0
pass the #0 characteristics
FNO:0
TCAM:A, Bank: 0, prot:0 ACEs
0x0000E010005D100B ip any any eq dscp 46
0x000100100131100B ip any any eq dscp 24
0x000120100245100B ip any any eq 34 dscp
0x0000E0100349100B ip any any eq 36 dscp
0x00014010044D100B ip any any eq dscp 38
0x000160100529100B ip any any eq 20 dscp
0x000000000080D00B ip all all (3 matches)I can see the entries correctly installed in the AAGR. If you look at the current capmap table (the table capmap is what makes reference to the index of the register where are stored the your L4Ops), you would see 6 entries here:
6800 - VSS #show platform software acl capmap AAGR a label switch 2 1 module 5
Entry of Table of Capmap of shadow for AAGR-----------------------------------------------------------------------
Output in a format CNT/INV/RST: RST - result value; INV - reversed;
CNT - aggregated reference account;CBF - number of bits to free cap (one per entry);
Free items are not displayed
-----------------------------------------------------------------------Index CBF [9] [8] [7] [6] [5] [4] [3] [2] [1] [0]
----- ----- ---------------- ---------------- ---------------- ---------------- ---------------- ---------------- ---------------- ---------------- ---------------- ----------------
2-3-212 / 0 / 1 free free free 7/1/1 6/1/1 5/1/1-4/1/1 3/1/1 2/1/1Ignore the 212/0/1 at the beginning - that is reserved and is used to specify the meaning of the installed feature.
We see here the limit as well - after 3 other entries with no expandable L4Ops, you're out of space.
Please change your policy map so that you don't go beyond 9 no expandable L4Ops.
I will work on discovering why the sup720s and the 32s behaved differently. Please give me some time.
Kind regards
Farre
-
Port and several instances of Remoting container numbers
When dividing the container of remote access in several instances that are running specific services, you are responsible for copy PLM config files in each new location of the folder that contains remoting. You can then change the configuration file EnvironmentSettings for each to determine which services are running under instances of remote access container by changing the setting isActive to each.
In doing so, is it necessary to also change the port numbers in each copy of the EnvironmentVariables config file so that they are in conflict with others, even if no service within the container of remoting is running on multiple instances of the container?
My hypothesis is that if we put a particular service "isActive" false for a given instance of the remoting container, container instance won't lock the port for this service, there is no conflict with the remote instance of the container that is running this service and listening on this port. This seems to be the case when it is tested, but I heard that you need to change the port numbers for each instance of the container, so a final clarification would be great.
Thank you!
Hi Brendon,
Yes, you are right. If the RemotingContainer service is not running, the port is not used.
-
ACL logging on router for syslog
ACL logging on router for syslog
I need to monitor ports on the router to a particular host to a destination. I have an ACL as shown below
permit log host 192.168.0.10 ip host 10.0.0.1
allow an ip
I have server syslog configuration, I see on the syslog server log messages, but there is no port information.
Log message looks like
"% S-6-acl IPACCESSLOGP:list permits 10.0.0.1 (0)-> 192.168.0.10 (0), xx packages.
I need to know which ports are host 10.0.0.1 uses the server 192.168.0.10
What is the best way to get this information.
Thank you
Dominic provides a creative solution. And according to the requirements of the original post, it could be a very satisfactory solution.
But we can also provide an explanation of the problem and a solution for this. A very simple access list that allows traffic between a specific pair of guests receive the original message and then allow all ip traffic. The access list does not cover all the values for the Protocol ports. And it is the reason for the log messages do not have port information. If the access list does not review the port numbers the message cannot report port numbers. If you want the log message to include port numbers, then you must consider the port numbers in the access list. This version of the list is slightly more complex, but it will provide the port numbers you want:
permit udp host 10.0.0.1 host 192.168.0.10 between 0 65535 Journal
permit tcp host 10.0.0.1 host 192.168.0.10 between 0 65535 Journal
permit log host 192.168.0.10 ip host 10.0.0.1
allow an ip
HTH
Rick
-
To configure a serial port using Max
Hello
I inherited the code that configures the serial port using the old serial code that does not allow the user to specify the term tank and turn on the tank of the term. Any ideas on how this is done with the old serial code? I also tried to use MAX to set the term tank and allow it, I am able to communicate with my device series with Max and I saved the changes when I was. So when I run Labview code, my serial code fails because the term tank is wrong and it is also not enabled.
Everything that happens with the definition the term tank and allows ideas?
What you do to the MAX to the extent where the configuration of the serial port have no impact on the LabVIEW program. (EDIT: which means that you can change the configuration in the LabVIEW code.)
If you load the old code in a version of LabVIEW using VISAS for all the stuff of series then the screw would have been automatically replaced by shell screw that NEITHER created for the old code. Inside, they use just VISA. More than probably the old code use via digital port numbers. For example, in the library of \vi.lib\Instr\serial.llb of
, you will see these shell screw Serial Port' writing' for example, calls the 'Open Serial Driver' VI which simply returns a VISA session. It then uses the Write VISA. So you can define characters of termination by obtaining the VISA of "Serial Driver Open" resource. Of course, the best solution is to rewrite the code using VISA directly. It will be much cleaner.
-
U2415 - two connections for Display Port
This is my first contact with Dell support and the first time I use the interface of the RFP.
My question will appear in some basic way a lot of people, but I'm confused by the fact that my new monitor is equipped with a cable, which I assume is the only one, I really need to connect. However, the documentation does not confirm it.
On the contraryt, there are two connectors on the monitor that are commented out using the interface to display, but with a different connector port. It's confusing and the documentation is only adding more confusion.
Do I need a cable only? I got a cable with on one side a marked connector of the symbol "monitor - like".
If so, I don't understand the purpose of providing two types of connectors and the need for an explanation (bad), not yet available in Dutch!
Port numbers are 4-5 on page 10
Thank you
If your computer graphics card has the size DP (DisplayPort) out, to connect like this =
RFP computer on--> Dell DP to the CDM cable--> U2415 CDM inIf your computer graphics card has the mini size CDM (Mini DisplayPort) out, to connect like this =
Computer AMD at--> Dell mDP to DP--> DP U2415 cable inWhy we offer both? If the end user can daisy chain multiple monitors. As explained on page 27. Or connect two computers to the same screen using these different ports.
For Belgium, the language is french.
-
One of the ESX host goes into isolation mode that we changed some network cables.
We would like to know which port (Service Console or the VMKernel Port) the ESX 3.5 host for HA? How long it takes before an ESX host in isolation mode?
Thank you
HA uses the network of the Service Console.
I couldn't find any official documentation with reference to this, more it's late but Texiwill indicates this in the next post http://communities.vmware.com/message/873245;jsessionid=FF1118786A924B95E124F4F3C73A2A65
In addition, if you want the actual port numbers too so these can be found on page 184 & 185 Page of http://www.vmware.com/pdf/vi3_35/esx_3/r35u2/vi3_35_25_u2_3_server_config.pdf
Hope this helps
Carl
-
ACC + ports RTMFP and IP address/host name
Hey guys,.
Where can I get the ports + IP addresses that we must have open order to use RTMFP + CAC services?
I found:
http://forums.Adobe.com/thread/583118 which seems to be related because of talking about ports RTMFP
http://www.IANA.org/assignments/port-numbers -1935 port that you have registered with IANA
http://kb2.Adobe.com/CPS/164/tn_16499.html -FMS using1935
http://help.Adobe.com/en_US/flashmediaserver/configadmin/WSdb9a8c2ed4c02d261d76cb3412a40a4 90be - 8000.html -more information about the ports
http://allthingsadobeconnect.blogspot.com/2011/02/what-is-list-of-IP-addresses-for.html One of your listed partmers host names addresses/IP, which is another piece of info, I am looking
http://learn.Adobe.com/wiki/display/LCCs/LiveCycle+collaboration+service - nothing here? :/
Y at - it an official doc for this type of info or if some can validate the following:
(1) must have ports 80 (RTMP), 443 (RTMPS) and 1935 (RTMFP - tcp + udp); However, once the application connects on port 1935 he will be redirected to any port between 19350-65535.
(2) the fms *. na.acrobat.com ip address will always be in the:
209.34.68.0/24 subnet
66.235.155.0/24 subnet
Thank you
Alex G.
Sorry, I thought I responded to this the other day. Not sure what will happen to my post.
In any case, it is a list of the ports used by FMS in LCC:
-tcp 443 for rtmps (rtmp over SSL)
-udp 1935 for rtmfp
-udp 19350 19400 (I need to check the upper limit): FMS listening on udp 1935 for the incoming connection, and then redirects the request to one of those (not sure of the details for doing this, but we have to configure our firewall to have these incoming ports open).
So in order to properly connect to ACC via RTMFP you must allow UDP traffic and outbound connections in 1935 and 19350-around the top.
You also want to tcp open 443 (which you should already have) to access the services web and downgrade to rtmps for recording and/or if a customer so requires.
Let us know if this information is sufficient or if you need more details. Because we rely on FMS, the best place to search for documents would be for FMS 4.x reference documentation. Here is a link that explains the configuration for the RTFMP support server-side. The customer should have the same set of ports (outgoing destination):
This link else explain how to configure a proxy TOWER if you want to limit access to UDP outbound-only Flash clients:
http://www.Adobe.com/devnet/flashplayer/articles/rtmfp_cirrus_app.html (refer to the "path of firewall" section)
-
Questions about the headphone port and EM Http.
1ST QUARTER-
L1 listening process is listening to 3 databases: CDB1, CDB3, PEH. Using DBCA I create 1 more CDB2 database and enable dynamic registration.
Can two orders of command Listener (lsnrctl) utility I use to determine if dynamic registration occurred for CDB2 database, with the process of listening to L1?
A. SEE THE L1
B. SPAWN L1
C. STATUS L1
D. SERVICES L1
E. LISTENER STATUS
F. SERVICES LISTENER
G. see THE current_listener
~~~~~~~~~~~~~~~~~~~~~~~~
T2-
Exhibition:
SERVER ERROR
The following 'no can connect ot the server.
Please contact the administrator.
While trying to EM database of access control by using a browser, you get an error. See exhibit.
On further investigation, you find that just completed the installation of Oracle Database 10g and your colleague who has installed the software noted all the port numbers.
How do you determine the port number of the HTTP listener that is used by EM Database Control?
From the sqlnet.ora file
B. in the tnsnames.ora file
C. the listener.ora file
D. in the portlist.ora file
E. using operating system utilitiesThe file is actually called portlist.ini
-
Interfaces:
G1 = Internet
G3, g4 = Server (1 GAL)G1 has no bound ACL
I'm trying to bind ACL (s) to 1 SHIFT that will allow a specific Internet traffic-> server and all (later, restrict) the server-> Internet traffic
(because it is linked to the GAL, as opposed to g1, ACL is applied to the "out" direction)
(to simplify things I use src/dest all - but later restricted to the IP addresses of the server)My rules:
access-list webau permit tcp any any eq 22
access-list webau permit tcp any any eq http
access-list webau permit tcp any any eq 443
access-list webau permit tcp any any eq 3389
access-list webau permit tcp any any eq 1935Binding of the ACL:
interface port-channel 1
IP access-group out webauThis allowed successfully than traffic from Internet-> server on TCP port numbers specified - well.
However, the server is unable to get out to the Internet at all.
(for example, ping, telnet google.com 80)I would have thought with no ACLs in, we could deduct all the traffic of the LAG to the switch.
I also tried:
access-list permit Allowall each
interface port-channel 1
IP access-group Allowall inIn addition, if I have add the rule to the ACL webau (related to out LAG1):
Allow Access-list icmp a whole webauI can ping the server-> Internet
or...
access-list webau permit eachServer-> Internet is OK
Finally - any recommendation on whether to apply to ports/channel of the server, with OUT management (as I am) vs apply to the Internet port with direction IN
Thank you!
Nick
Maybe you are looking for
-
What are the actual episodes of Game of Thrones season 6 will be available in iTunes?
-
HP 15-g018sv ethernet rdiver NOT FOUND for Windows 7
Hello guys,. I just bought a HP 15-g018sv gift. The laptop has 8 windows pre installed. The laptop can't work respective with Windows 8, so I tried the downgrade it with Windows 7. The problem is that there is no drivers anywhere for Windows 7 for et
-
Internet Explorer in Windows 7
Whenever when you open Internet Explorer, an error message appears- ' C:\PROGRA~2\INBOXA~2\bar\1.bin\AppIntegrator.exe I've been hacked? How can I get rid of this repeated gene? Thank you.
-
How to deploy BPM processes with the shape of the ADF?
Hello worldI'm a newbie on the BPM (11g) and ADF. I created a BPM process and an ADF train in the same project.I was wonder if I can deploy the makings of the ADF, and begin to test only the train before hook to the top of the form of the ADF with th
-
I have install Creative cloud several times to try to solve this problem but it still the same thing. I click on the tab "applications" of the creative cloud, and a message appears "download error". I can not install all the apps. Could someone help