cancel
Showing results for 
Search instead for 
Did you mean: 

Answer Questions

  • With Prepending, adding next-hop-self chooses iBGP over eBGP - ( 09-16-2019 )
  • Routing
  • Hey GuysIn the below diagram, I have path prepending between R2 and R3. But still, R2 for reaching the 8.8.8.8/32 chooses R3 as it is eBGP.But when I add next-hop-self on R1 and R2,  R2 choose R1 to reach 8.8.8.8.  Why? R1#sh run | sec bgrouter bgp 100bgp log-neighbor-changesneighbor 10.10.10.2 remote-as 200neighbor 10.50.50.2 remote-as 100----------------------router bgp 100bgp log-neighbor-changesneighbor 10.50.50.1 remote-as 100neighbor 20.20.20.2 remote-as 200----------------------R3#sh run | sec bgrouter bgp 200bgp log-neighbor-changesnetwork 8.8.8.8 mask 255.255.255.255neighbor 10.10.10.1 remote-as 100neighbor 20.20.20.1 remote-as 100neighbor 20.20.20.1 route-map a out----route-map a permit 10match ip address prefix-list aset as-path prepend 200 200 200Here is the output: After adding next-hop-self: 
    View more
09-16-2019
Cancel Post

  • CME 10.5 with VG224 - ( 09-16-2019 )
  • IP Telephony and Phones
  • Hi Team, Can i configure VG224 gateway with CME 10.5 for fax and analog lines. If yes, what will be the procedure.  Regards,call manager express, CME, Voice Gateways, VG224Vicky
    View more
09-16-2019
Cancel Post

  • Billing reports issue on Cisco Imagicle - ( 09-16-2019 )
  • Collaboration Applications
  • HelloI'm using Cisco Imagicle for the billing on my voice platform, after I have changed the voice gateway I lost all billing reports.I tried to add the new voice gateway by the configuration wizard but I didn't import any call.My infra is composed of: CUCM 11.5, VG Cisco 4331, Imagicle billy Blue4, UCCX If someone have a idea to help me Thank you! 
    View more
09-16-2019
Cancel Post

  • OSPF transit non-backbone area - ( 09-16-2019 )
  • Routing
  • Hello all,i'm having some trouble on a lab with this topology Both Loopback1 are redistributed into OSPF (so they are E2).From R1, i can see this routing table (ospf)So, in order to reach 2.2.2.2 (that is IA) i will pass through R3 (so via area 0), while to reach 10.2.2.2 (the external one) i will use the bypass link between R1 and R2. Now, i know that OSPF says that all the path must pass through area 0 if there is a path via this area, but why this is not applied for E2? I have a second question. I would like to pass via bypass link even for 2.2.2.2, how should i do? If i put a distribute-list on R1, denying 2.2.2.2 from R3 ip prefix-list DEN seq 5 deny 2.2.2.2/32ip prefix-list DEN seq 10 permit 0.0.0.0/0 le 32ip prefix-list GAT seq 5 permit 155.1.13.0/24 le 32router ospf 100  distribute-list prefix DEN gateway GAT in I will see thisSo i'm not using the bypass path The routing bit is always set on the area0 path, even if i raise the metric.Do you know why? Thanks a lot.
    View more
09-16-2019
Cancel Post

  • Issuing device cert to ISE via external SCEP server - ( 09-16-2019 )
  • Identity Services Engine (ISE)
  • I am trying to have ISE ( v2.4 ) auto-enroll itself via SCEP to receive device certs from an external SCEP server ( LINUX ).however i am not seeing the 'crypto pki trustpoint' command on the ISE server via which i am to configure / request for cert via the SCEP server. the SCEP server is updated under the external CA settings fields and the associated CA certs are imported into the Trusted Certificates section. what am i missing ? gs-cis-pe11/admin# show crypto pki certificates^% invalid command detected at '^' marker.
    View more
09-16-2019
Cancel Post

  • 2500 seriesWireless Controller configuration - ( 09-16-2019 )
  • Other Wireless - Mobility Subjects
  • Good Day Cisco Gurus I currently have two 2500 series Controllers that re set up as an HA pair, I have two wireless networks configured. Guest: the guest is currently configured to allow access to the domain resources, I inherited these controllers and am trying to reconfigure the guest network to be a true guest network with access only to the internet and allowing guest access through the ISE device we have as well which will supply a temp password using an e-maill adrerss they provide and a password supplied by the ISE Internal: the internal domain I want to ensure is configured so that employees have to log in using their AD credentials and has access to CERTIAN domain assets.  I know this is a general and over arching question about generl configuration. If someone could pont me to any documentation on exactly how to configure it or even some sample configurations it would be greatly appreicated  Thank you very much
    View more
09-16-2019
Cancel Post

  • Questions about NAT on an ASA - ( 09-16-2019 )
  • Routing
  • Hello!   I'm trying to wrap my head around NAT rules and how the system processes them.  I understand that the manual NAT section comes before the auto / object NAT section which comes before manual NATs that we deprioritize.   WIthin each section, then, NAT rules are processed on a first-come basis, so, we put more specific NAT rules above more generic ones.  What happens when things have equal specificity?  Let's say I want to NAT an inside server to two different interfaces with different translated addresses?  
    View more
09-16-2019
Cancel Post

  • AAA Accounting Identity - ( 09-16-2019 )
  • Identity Services Engine (ISE)
  • Hi Guys, anybody here knows what is the use of the command below in the switches? aaa accounting identity start-stop group radius? I searched over the internet but it have only minimal information. Thanks for the help.
    View more
09-16-2019
Cancel Post

  • Proximity Audio Streaming From PC To Codec? - ( 09-16-2019 )
  • Cisco Proximity
  • Is it possible to share PC audio through the proximity connection (encoded and local playback)? I see several older posts acknowledging this is not possible, but they are dated from 2+ years ago. If this isn't currently supported is it on the roadmap? Other posts that discuss this:https://community.cisco.com/t5/cisco-proximity/audio-to-tv-with-proximity/td-p/3179304https://community.cisco.com/t5/cisco-proximity/audio-issues-while-sharing-video-through-desktop-proximity/td-p/3053954
    View more
09-16-2019
Cancel Post

  • impossible to login into netacad - ( 09-16-2019 )
  • Cisco Software Discussions
  • hi all, i have a problem with my cisco account. When i try to login into NetAcad, it shows that my account doesn't exist and so i'm not able to use packet tracer, but I can login on Cisco web site, so how it's possible? Could you please check? thank you.
    View more
09-16-2019
Cancel Post

  • BGP advertising same networks on 2 ISP independently (without iBGP) - ( 09-16-2019 )
  • Routing
  • I am new to BGP. We have established BGP neighborship with 2 uplink providers advertising different networks and receiving default routes from both using same AS number. We couldn't establish iBGP as we have a requirement to use both ISP A and ISP B for specific networks to reach to internet.Requirement:- Network A should prefer ISP A for incoming and outgoing- Network B should prefer ISP B for incoming and outgoing- Network C should prefer ISP B but in case ISP B goes down should prefer ISP A I have attached the overview network diagram below for reference. Please advise 
    View more
09-16-2019
Cancel Post

  • Unable to login to SNTC Portal - ( 09-16-2019 )
  • Smart Net Total Care Portal and Collector Discussions
  • After completing the registration and trying to access https://services.cisco.com  we are getting:You do not currently have access to Smart Services Connection. You must be entitled to at least one Smart Services contract to request access. At the end of the registration a message was displayed saying a cisco representative would review the information and get back to us but this never happened. Can you please assist?
    View more
09-16-2019
Cancel Post

09-16-2019
Cancel Post

  • Same statics routes on Cisco 891 - ( 09-16-2019 )
  • Routing
  • Can someone please help me? I don't seem to know why this router has two default routes in the running config. Please see below   ro-1.gbr.amsterdam#show running-config | i ip routeip route 0.0.0.0 0.0.0.0 192.168.1.254 254ip route 0.0.0.0 0.0.0.0 192.168.1.254 254ip route 10.74.254.0 255.255.255.0 10.10.10.2 nameip route 10.74.254.77 255.255.255.255 10.10.10.2 ip route 29.8.15.8 255.255.255.255 10.10.10.2
    View more
09-16-2019
Cancel Post

  • ASDM 7.12.2 doesn't work if another ASDM user logs into the same firewall - ( 09-16-2019 )
  • Firewalls
  • We have upgraded our ASA's to 9.12(2) with ASDM 7.12(2). When two users try to access the same firewall their ASDMs start to hang and don't finish their current activity. If one user is connected then all is well. When a second user tries to connect this fails to read and load the config, ASDM just hangs. On the first users session that also hangs on the current activity the user is carrying out e.g. update a firewall rule. Both users are now locked and cannot do anything. Does anyone else have this problem or know why this is happening. I suspect an ASDM bug as it never happened on the previous version. Paul
    View more
09-16-2019
Cancel Post

  • Mix smart and traditional licensing ASR9001S - ( 09-16-2019 )
  • XR OS and Platforms
  • Hello, I have to install these license ASR 9001 L3 VPN (smart licensing) and A9K-9001-MOB-LIC (traditional licensing with PAK) on a ASR9001S router.Can I mix smart and traditional licensing?From what I read, smart and traditional licensing can coexist on a same device, but not active at the same time.How do you recommend me to proceed? Best regards,Florentin
    View more
09-16-2019
Cancel Post

  • Finesse API Lab not working? - ( 09-16-2019 )
  • DevNet Sandbox
  • I have a Packaged Contact Center Enterprise sandbox running and I'm hoping to get some hands-on experience using the Finesse API to create and pass call variables. I'm trying to complete the lab shown here (Finesse – Basic Dialog REST APIs with XMPP) and when I do I get a message to the effect of "this will need extra resources, we'll request them and notify you when they're ready" but I never get notified, nor do I see any indication of activity. I've tried closing the box and waiting, not closing it and waiting, etc but I never get to complete the lab. I've also tried just using those steps to hit the Finesse instance in my lab but nothing seems to workIs this a glitch or am I doing something wrong? Any suggestions appreciated - I'd be happy to provide more info or clarification
    View more
09-16-2019
Cancel Post

  • Cisco WSA 11.8 trailblazer not starting - ( 09-16-2019 )
  • Web Security
  • Hi guys and ladies.  today I was playing with a virtual WSA I have done the upgrades from Version 11.5 to 11.7 and finally 11.8.After the last reboot, It showes me the new gui feature at the top of the window. By clicking on it nothing happend.  In the documentation for ASYNC OS 11.8 I found.   trailblazerconfig You can use the trailblazerconfig command to route your incoming and outgoing connections through HTTP and HTTPS ports on the new web interface. Note By default, trailblazerconfig CLI command is enabled on your appliance. You can see the inline help by typing the command: help trailblazerconfig. The syntax is as follows: trailblazerconfig enable <https_port> <http_port> trailblazerconfig disable trailblazerconfig status Where: 'enable' runs the trailblazer on the default ports (HTTPS: 4431 or HTTP: 801). 'disable' terminates the trailblazer 'status' checks the status of the trailblazer. Note If you have enabled trailblazerconfig command on the appliance, the request URL will contain the HTTP/HTTPS port number appended to the hostname. You can try any one of the following steps to make the navigation in your browser seamless: Accept the cerificate used by the web interface and use the following URL syntax: https://hostname:<https_api_port> (for example, https://some.example.com:6443) in a new browser window and accept the certificate. Here <https_api_port> is the AsyncOS API HTTPS port configured in Network > IP Interfaces. Also, ensure that the API ports (HTTP/HTTPS) are opened on the firewall. By default, trailblazerconfig CLI command is enabled on your appliance. Make sure that the HTTP/HTTPS ports are opened on the firewall. Also ensure that your DNS server can resolve the hostname that you specified for accessing the appliance. If the trailblazerconfig CLI command is disabled, you can run the trailblazerconfig > enable command using the CLI to avoid the following issues Requiring to add multiple certificates for API ports in certain browsers. Redirecting to the legacy web interface when you refresh the Spam quarantine, Safelist or Blocklist page. Metrics bar on the Advanced Malware Protection report page does not contain any data.Guess what happend, nothing. When I do the enable command, I receive the positive feedback that it is enabled now.When I then perform the status command after this, I get the information that trailblaezer is not running.  Is there somthing that I have missed?I am open for anykind of help. 
    View more
09-16-2019
Cancel Post

  • SD-WAN AMP Integration - ( 09-16-2019 )
  • SD-WAN
  • Hi Guys, Any of you had any experience using AMP with the SD-WAN Solution? I've recently been entitled with a Threat Grid Account and since then I'm not able to configure any device that has the security policy with AMP configured. The error I'm getting is this: Failed to update configuration - Failed to get AMP api key from threat grid server for deviceId: C1111X-8P-XXXXXXEven though I have the API Key configured on the SD-WAN Solution. Here's the configuration on the Security Policy:policy advanced-malware-protection AMP_to_OUT file-reputation-cloud-server cloud-isr-asn.eu.amp.cisco.com file-reputation-est-server cloud-isr-est.eu.amp.cisco.com file-reputation-alert info file-analysis-cloud-server isr.api.threatgrid.eu file-analysis-file-types pdf ms-exe new-office rtf mdb mscab msole2 wri xlw flv swf file-analysis-alert info target-vpns matchAllVpn ! Here's the AMP Key Configured. Any help would be much apprettiated. Thank youBest Regards,
    View more
09-16-2019
Cancel Post

  • Call waiting for Primary lines - ( 09-16-2019 )
  • Contact Center
  • I have a big group of Directors that want to keep Call waiting option on their primary extensions but be able to log into Finesse to view their agents.  What are my options? I added an agent extension but still only works if all lines are set to Max number of calls to 2 and busy trigger to 1. UCCE Version: 11.5.1.0.0.1246CUCM System version: 11.5.1.15900-18
    View more
09-16-2019
Cancel Post

09-16-2019
Cancel Post

  • Users cannot connect back to Meeting if they disconnect themselves from Cisco Meeting - ( 09-16-2019 )
  • TelePresence and Video Infrastructure
  • Hello,When a user connects to our Meeting via https://join.xyz.com, they will join successfully, if they disconnect or close their browser (in this case chrome) and try to connect again to the meeting, they will not be able to join again, unless they change their Internet connection and if they try, they will be able to login, but again cannot login twice using the same network or IP.this is a weird problem we are facing and its happening with half of the people who are joining the meeting.the message they will get is "cannot join the meeting" and session is discarded.Is it WEBRTC plugin for chrome issue or is it Expressway/CMS issue, can some shed a light on this please.
    View more
09-16-2019
Cancel Post

  • Spam Notification Email address - ( 09-16-2019 )
  • Email Security
  • Hi there, We have configured our CES for Content Filter to block attachment files and quarantine the email addresses and we have enabled Quarantine Notification to be sent from spaminfo@mydomin.com to all recipients, however, the Quarantine Notification always comes form this email address :noreply@ces.cisco.comHow can I change this default email address to the one I have configured? Also, even though we didn't enable "Enable End-User Quarantine Access" , the user still able to release the quarantined email, how can we disable that. Thanks!  
    View more
09-16-2019
Cancel Post

09-16-2019
Cancel Post

  • How can I see Serail Number CPAK-100G-LR4 ? - ( 09-16-2019 )
  • MPLS
  • Hello everyone   I have issue about to show serial number of CPAK-100G-LR4.I'm installed CRS-FP-X and 4X100GE-LO and CPAK transceivers plug into 4X100GE-LO. I showed with command "show inventory" in admin mode. I'm found serial number of CRS-FP-X and 4X100GE-LO but I can't found serial number of CPAK transceivers. Which command to show serial number of CPAK transceivers ? or I'm must be install license? Platform: Cisco CRS-8/S-BVersion: IOS-XR version 6.1.4 
    View more
09-16-2019
Cancel Post