cancel
Showing results for 
Search instead for 
Did you mean: 

Answer Questions

  • Cisco 7811 IP Phone Licenses issue - ( 11m ago )
  • IP Telephony and Phones
  • Dear Support,Hope this email find you in good health, We have 96 rooms which has two phones with one EXT Number (for example 101 )and as per my understanding it should take Enhanced plus/ CUWL standard licenses. So it will cover 192 phones as each rooms has two phones and each two phone will take one license either enhance plus or CUWL.It not clear why this 96 room phones are taking basic licensing where this room extensions should take either one enhance plus or one CUWL license.Will it be possible that if we create one user and bind this room two phones to user then it will take enhance plus or CUWL license for two phones. kindly need your support to fix this issue.                   Sample of each Floor S/No No of Phones in each room No of Rooms  in each Floor 114228332 Total Quantity 1 Phone 48 bedrooms = 48 Phones2 Phones 96 Bedrooms = 192 Phones3 Phones 24 Rooms Total = 72 Phones4 phones 4 Rooms total  =16 Phones We have below quantity with us            No of 7811 Phones 393           No of 8811 Phones 10           No of 8845 Phones 10           No of SPA301-G3 Phones 168Kindly find the details below for licenses usages
    View more
11m ago
Cancel Post

  • Cisco ISE with Flex Connect Locally Switched WLAN - ( 59m ago )
  • Identity Services Engine (ISE)
  • Hi, I have a customer using flex connect APs with locally switched WLANs. Recently we started implementing ISE for WLAN authentication. The customer has around 20 AD groups and wanted to have different ACLs for users in different groups.For this purpose I configured different authorization policies (contains airespace-ACL attribute from with the name of the flexconnect ACL configured in the WLC) for each group. Today when I tried to add a flexconnect ACL to the flexconnect group I got an error saying "maximum 16 policies are allowed on the group" and it stopped me from adding the ACL. I read that we have a restriction of 16 flexconnect ACLs per group. Since the WLAN is locally switched, I believe that the ACL has to be present in the flexconnect group. Is there any other way than using flexconnect ACLs in such a situation?.  Our requirement is to restrict access for wireless users based on their AD group with posture assessment. If anyone has come across the same situation kindly help. Our ISE version is : 2.4 patch 8Our WLC version is  : 8.3.xOur WLC model is  : 5520
    View more
59m ago
Cancel Post

  • Segment Routing Testing Discussion - ( an hour ago )
  • Routing
  • Dear All , I am doing my thesis on Segment Routing and trying to show the benefits of SR by using GNS3 and building a network and implementing SR and testing some use cases I'd need your help and suggestions the network is as shown below  the IGP is OSPF and then SR is applied - my first question is : How to show that ECMP is working - my second question is regarding a scenario i did and wish you can help with it I am running IPerf3 test between PE-01 and PE-02 in different cases while congesting the link between P-01 and P-03 ( by another test on the same time ) using UDP packets - first without SR ( OSPF only ) - 2nd with segment routing with a policy to send the traffic trough P-04 then PE-02 while the other routes will be decided automatically by IGP so i have 2 segments only.- I fixed the traffic from PE-01 to PE-02 to be 512 K and changes the other traffic ( between P-01 and P-03 ) from 512K , 1 Mb , 2 Mb , 4 Mb and so on what I found is that with OSPF only with increasing the BW gradually i found losses  and losses increases with BW increase ( I mean the changeable BW ) however I found that was solved when using SR is that correct ? Can SR solve such problem ? or I have a problem in my use case ?all your comments and suggestions for another use cases that shows SR benefits are welcome  Thanks in advance 
    View more
an hour ago
Cancel Post

  • Manually fixing a tunnel with "clear crypto sa peer " - ( an hour ago )
  • VPN and AnyConnect
  • Dear community,  Our CISCO1921 establishes an IPSec tunnel with a peer at some other network with a server that we have to be connected to 24/7. It has been working for years until they made an upgrade of their peer a few months ago. Since then we experience a regularly occurring problem. The tunnel breaks and cannot be re-established by the 1921 device.  The fix is to run "clear crypto sa peer <ip-addr>" manually.This solved the problem immediately for some time. Sometime for a week. Sometimes for a day. Yesterday I had to do it 4 times in 8 hours.  I do not have almost any experience in CISCO outside of attempts to solve this problem, so any help is appreciated.  Question 1. What is its problem? Question 2. What is the best way to make it run this command automatically? Question 3. What is a proper way to solve this?  Thank you very much in advance! Andrey
    View more
an hour ago
Cancel "">Post

  • Third Party softwares compatibility with UCCE 11.6/12 - ( 2 hours ago )
  • Contact Center
  • Customer would like to know if the below two softwares are compatible with Cisco UCCE 11.6 or 12  contact center solution or not : 1) IBM Security Guardium Ajan for SQL database on Rogger/AW2) HP OpenView Performance Agent / windows with Agent desktops windows 
    View more
2 hours ago
Cancel Post

  • Transparent Mode Clustered Deployment with Multiple Bridge Groups and Dynamic Routing Protocols - ( 2 hours ago )
  • FirePOWER
  • Hi all Would you be so kind to advise on the following. We are trying to deploy our FTDs in as a cluster in a transparent mode. The intention is to have TWO BVIs configured on them to run dynamic routing protocols over these BVI to establish EIGRP adjacency between Layer 3 devices that sit on eaither end of a transparent FW. The diagram looks like this  For the avoidance of doubtsC9Ks are NOT in VSS - they are two separate logical entities, hence the complexity of routing layerThere's a reason we go for this deployment, so please don't question WHY. I know that SWV can simplify it.C9K-1 establishes EIGRP adjacency with both N5K-1 and N5K-2 via BVIxC9K-2 establishes EIGRP adjacency with both N5K-1 and N5K-2 via BVIyBoth N5Ks are stub routers and only advertise summaries and directly attached networksBoth N5Ks are neighbors via VLAN1801 and VLAN1802 (corresponding BVIs), but also VLAN1800 (P2P, not shown). Bacause SVI1801 and SVI1802 advertise summaries only (towards C9Ks), we need a P2P interface where both N5Ks will advertise directly attached (non summarized) networks to each other to avoid black holing of the traffic (rare case of DATA SVIa to be in a shut state on N5K-1, but not on N5K-2)All good, with exception that BVIy has to look WORSE from a routing perspective (that is, adjusted delay on C9K and N5Ks on SVIs that are bridged via BVIy - SVI1802 and SVI1812 delay 100). These are two separate bridge groups. Packet that entered N5K-1 via BVIx has to leave via BVIx. Without tuning the metric to make one BVI passive, it can be returned via BVIy and FTD will drop it as it expects it on BVIx So, the question is... how to group multiple bridge groups into zones? Such as VLANs 1801 and 1802 are in different bridge groups, but in the same zone (inside), while VLANs 1811 and 1812 are in the same zone as well (outside) ThanksP.S. I hope my intentions are clear :)
    View more
2 hours ago
Cancel Post

4 hours ago
Cancel Post

  • Cisco ISE Active Directory Joining Issue - ( 5 hours ago )
  • Policy and Access
  • Dear Members, I am facing issue while joining to domain, it is giving below error. Please help how can i resolve this issue. The user ABC is authorized to join the domain. NTP is also synchronized Error Description: Access is deniedSupport Details...Error Name: ERROR_ACCESS_DENIEDError Code: 5Detailed Log:12:57:31 Joining to domain XXXXDOMAIN.LOCAL using user ABC12:57:31 Checking credentials for user ABC12:57:31 Getting TGT for account ABC@XXXXDOMAIN.LOCAL12:57:31 TGT for account ABC@XXXXDOMAIN.LOCAL was retrieved successfully12:57:31 Credentials for user ABC were verified12:57:31 Searching for DC in domain XXXXDOMAIN.LOCAL12:57:31 Found DC: xxxxdc01.xxxxdomain.local , client site is Head-Office , dc site is Head-Office
    View more
5 hours ago
Cancel Post

  • Viptela vEdge Cloud not building control connections - ( 5 hours ago )
  • SD-WAN
  • Hi I am building a small lab on my laptop running ESXi and viptela controllers version 18.4.1. I successfully installed vManage, vSmart, vBond as well as vEdgeCloud (one of each). I used tinyCA to sign certificates for the controllers and uploaded root certs on all components including vEdge. Every device has some initial config on with system ip, clock, org name, timezone, interfaces, (check the screenshot attached). Next I went to PnP portal and did the following:Created controller profile (with vpn0 ip add of vBond 10.0.0.3 should I be using vpn512 address?)Added a device (Devices>Add Software Devices, PID:vedge-cloud-dna)Associated the device with the controller profileDownloaded "Provisioning File" (serialFile.viptela)I uploaded the viptela file onto vManage and the list was pushed successfully to all controllers. At this point I would expect for vEdge to finally be permited to join the overlay network. Considering it can ping all the controllers via vpn0 or vpn512 from and it has the root cert as well (even tho I believe this can be pushed from controllers). I also issued this command on vEdge to activate it with no luck:  request vedge-cloud activate chassis-number 71591a3b-7d52-24d4-234b-58e5f4ad0646 token e0b6f073220d85ad32445e30de88a739Is there a command to debug this? Any tips would be greatly appreciated Rudi
    View more
5 hours ago
Cancel Post

  • Catalyst 3560X/3750X RTU licensing? - ( 6 hours ago )
  • Switching
  • I haven't touched Catalyst 3560X/3750X's for a while as they came at an odd time where we had loads of customers with 3560G/3750G series switches already installed and no real reason to replace them.  We have put in quite a lot of 3650/3850 series to replace 3560G/3750G's since though (although it seems these are old-hat now with the Catalyst 9x00 series already here...).Anyway I have come across some 3560X's & 3750X's on a customer site we are doing some work on in the next few weeks and thought I'd upgrade the IOS as part of the work.  I noticed after I had upgraded the 3560X's to the latest Universal IOS image there is a now a RTU license option?  I found this https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12-2_53_se/configuration/notes/ol19813.htmlI thought the 3560X/3750X only supported licensing using the old .lic files specific to each device?  Is this now not the case?  Can I enable the RTU license for IP Services and it will work without installing a license file? Andy
    View more
6 hours ago
Cancel Post

7 hours ago
Cancel Post

  • Cisco WLC captive portal with self-signed cert: Android not trusting cert even though installed in trust store - ( yesterday )
  • Wireless and Mobility
  • The title pretty says it all. I have the layer 3 webauth enabled on a Cisco WLC 2504 WLAN with a self-signed SSL cert. I installed the root CA cert in the Android phone under Settings > Biometrics and security > Other security settings > Install from device storage for both "VPN and apps" and "Wi-Fi". When I connect to the Wi-Fi and I get redirected to the captive portal, I get this error: SSL certificate not trustedThe security certificate for this network is not from a trusted authority. We do not recommend that you connect to this network.Buttons: Cancel / Connect I verified that the certificate was installed okay because if I connect to a different Wi-Fi without the layer 3 webauth and open up Google Chrome and go to a different website that chains up to the same cert I trusted, I see a green lock icon an don't get any certificate warnings. My Android device is a Samsung Galaxy S8 running Android 9, kernel 4.4.153.
    View more
yesterday
Cancel Post

  • Webex Teams on iOS 13 Beta 3 - ( yesterday )
  • Collaboration Applications
  • Looks like iOS 13 Beta 3 breaks the messaging components of Webex Teams.  When you select the spaces, the messages don’t load.  I know this isn’t a bug or anything to fix, more of an FYI.  If anyone does have a fix for this, please let me know!
    View more
yesterday
Cancel Post

yesterday
Cancel Post

  • APIC uptime - ( yesterday )
  • Cisco Bug Discussions
  • How can I find the uptime of an APIC node?We had to shutdown 2 APIC's in a fabric for electrical works. I insisteed that I should be informed when the power is back to normal, but as it was ...So can i find anything in the log's? or on the CLI? 
    View more
yesterday
Cancel Post

  • How to drop a subscriber session by the username (PPPoE) | ASR 9010 - ( yesterday )
  • Other Network Architecture Subjects
  • I'm facing some problem with the client authentication, it is creating duplicate connections with the same login, as the exemple below: Username                Interface                          State             Subscriber IP Addr / PrefixLNS Address (Vrf)-----------------------------------------------------------------------------------joe3456                BE30.2000.pppoe453           AC                    192.168.0.1 (default)joe3456                BE30.2000.pppoe567           AC                    192.168.0.2 (default)    I've already learnt how to drop/stop a subscriber session by using the command clear subscriber session identifier interface <interface pppoe>, but it didn't solve my problem since it doesn't stop all the connections. I think the only way to solve my duplicate connections is: every time a user needs to connect, the script should remove all the previous PPPoE sessions with its username, so then create the new one. To do it, I need a command that stop a connection by the username, not by the interface. OBS: I use a radius server and my keepalive is set to send a message every 60 seconds until it completes 3 messages. Thank you
    View more
yesterday
Cancel Post

  • NAT & BGP on Cisco router - ( yesterday )
  • Other Network Architecture Subjects
  • Hi,Can any kind soul help me with my issues I've been facing for almost a week? I'm trying to do static destination NAT with the followings:192.168.1.1 (Source) -> 10.2.2.2 (Destination)Translated Address:192.168.1.1 (Source) -> 10.9.9.9 (Destination) I did all I could do with ip nat inside and ip nat ourside on my interfaces: External interface (172.16.1.1)ip nat insideInternal interface (192.168.10.10)ip nat outside ip nat inside source static 10.9.9.9 10.2.2.2 router bgp 65333 network 10.2.2.0 255.255.255.0 neighbor xxxxxx neighbor xxxxxxx xxxx ip route 10.2.2.0 255.255.255.255.0 null0 Basically i have all ibgp and ebgp advertising routes internally and externally. All works fine except this NAT issue. I'm trying to ping from one of my internal subnets to 10.2.2.2 but it could not reach the destination with translated 10.9.9.9. On my router i do have the routes to 10.9.9.9. Only missing routes is 10.2.2.2 which I have already input "network command" on bgp, as well as issuing static route as shown above.  What could be missing? diology73   
    View more
yesterday
Cancel Post

  • Prime Collaboration license question - ( yesterday )
  • Collaboration Applications
  • Hi GuysWith the prime collaboration license , I've read the ordering guide of CUWL and UCL license which indicate all of the these license should be supports and contained the prime collaboration license , as I run a BOM of CULW STD type license under CCW , it's not included license of prime collaboration see below as I captured I just have a confirmation that whether all these license included prime collaboration licence , or  I have some missed understanding for this document , thanks. zy
    View more
yesterday
Cancel Post

  • SIP CUBE Faxing to CUCM - RightFax not working - ( yesterday )
  • IP Telephony and Phones
  • Hi All, I need some help, we have recently started moving from MGCP Gateways to SIP CUBE on our Routers as the PRI quality was not good. I have Ported my Fax Range to the new ISP and currently having trouble receiving Faxes when it hits my CUBE. Please we have a SIP Trunk between CUCM and our RightFax Server and I can confirm is working for all MGCP Gateways.When doing a call to my FAX number using the CUBE I do hear the Fax tones but the call is dropped after 3 seconds. This means all routing is correct but it seems like connection is dropping. I have read online it might be because I'm sending g729 and g711ulaw to my Fax but can confirm when changing the Codec the call fails instantly. I have not worked with Faxing before and it's extremely hard to troubleshoot. any suggestions or ways to use RTMT to see what the issue is.  Or has someone else using RightFax used their CUBE Gateway for Faxing and got it working. Thanks in advance.
    View more
yesterday
Cancel Post

  • getting http-bind 404 (Not Found) while running non gadget sample - ( Friday )
  • Contact Center
  • HI,I'm getting below while running non gadget sample , would you please advisejabberwerx.js:5581 POST https://hq-uccx.abc.inc:8445/http-bind 404 (Not Found)jabberwerx.js:5581 XHR failed loading: POST "https://hq-uccx.abc.inc:8445/http-bind".jabberwerx.js:8035 closed: <stream:error xmlns:stream="http://etherx.jabber.org/streams"><service-unavailable xmlns="urn:ietf:params:xml:ns:xmpp-streams"/></stream:error>jquery-1.9.1.min.js:2970 PUT https://hq-uccx.abc.inc:8445/finesse/api/User/Agent002 401 (Unauthorized)jquery-1.9.1.min.js:2970 XHR failed loading: PUT "https://hq-uccx.abc.inc:8445/finesse/api/User/Agent002".
    View more
Friday
Cancel Post

Friday
Cancel Post

Friday
Cancel Post

  • VNI mobile traffic country information - ( Friday )
  • VNI and GCI
  • Hello,I recently reviewed the Cisco Mobile VNI Forecast, 2017-2022 Tool. I saw that additionally to the World and Regional information, you include "Average Mobile Traffic per Capita per Month (GB)" and "Consumer Mobile Traffic per Month (PB)" for certain countries (Canada, USA, Argentina, Brazil, Chile, Mexico, France, Germany, Italy, Spain, Sweden, United Kingdom, Australia, China, Japan and Korea). Would you be able to provide the information for these variables from 2013 to 2016 for these countries? Thank you in advance. Best regards, 
    View more
Friday
Cancel Post

  • CWMS Licensing question - ( Friday )
  • Collaboration Applications
  • I have a question about host licensing in CWMS, that's a little unclear from the docs.  Our users are synced with CUCM, and most of them are marked "inactive" as most users don't get hosting access.  Of the users that are marked "Active", most of them have a permanent license assigned, but somehow we have a few that don't.  We have a few permanent licenses available, so when one of these users that don't have a license assigned attempts to host a meeting, will one of these unassigned licenses be permanently assigned to them, or will they grab a "grace license" that will expire in 180 days?
    View more
Friday
Cancel Post

  • DCNM 11.2(1) discovery and admin credentials does not allow @ symbol - ( Friday )
  • Other Data Center Subjects
  • Wondering if there is an escape sequence possible for switch credentials in discovery.  All our switches use RADIUS and credentials to login are the form useraccount@example.com  unless the RADIUS server is unavailable and the switch has reverted to local auth, this is the format expected when it goes to the RADIUS/Auth server. But for some strange reason, the authentication credentials in DCNM does not allow the @ or any other kind of delimiter for a domain/realm login making the switches unreachable except via SNMP. Is there an escape sequence or another way to get the credential into the DCNM for this to work? Is this particular to the latest version web UI?    
    View more
Friday
Cancel Post