Answer Questions

I've recently acquired an old 3560X switch and was trying to setup vlans for a home lab for training and testing purpose. In my bid to get my vlans working, I did some research and found that these switches are susceptible to a trunking and vlan bug (which would explain why it isnt working). I would like to download the latest released firmware but was unable to get it from cisco because.....

Hello  My customer runs two reports over the same time frame: Agent All Fields Report & Detailed Call CSQ Agent report. Both have the column "Talk Time" Both reports don't have the same Talk Time, the Talk Time in the Agent All Fields report is higher. In my LAB I created some calls with UCCX and one agent, after about 3 calls the Agent All Field Report had already 4 extra seconds compared with the Detailed Call CSQ Agent report. I can understand over a whole day with a 100 agents and thousands of calls can get quite some differences Is this normal? UCCX 12.5 SU3 and CUCM 15 Any idea? Thanks    

Hi.  I have set up some customer filtering using openDNS.  Can i access that via DOH, from what I read seems people only reference the public opendns server.What settings should i use if I want to use DOH and opendns custom filtering thanks  D

What is a DCN License for Cisco ACI to using Health Score and Troubleshooting Wizard Feature ?

I was configuring service profile template for ESXi hosts and followed best practices works fine, for Windows 2022 Hyper-v I am confused how to configure vnic, trunk port or native VLAN ? FI ports are port channeled by default, how to define vnic for Hyper-V hosts, for esxi hosts it is clear Mgmt, vMotion, Overlay, VM n/w dedicated vNIC's. Can anyone clarify on how to define vnic for Hyper

Hi, I'm not able to use Cisco Anyconnect to connect to my company's VPN, which uses SSO (Single Sign-On).After starting my company's Anyconnect VPN connection, I was able to enter and successfully authenticate my credentials.  After this however, Chrome reported this failure:This site can’t be reachedlocalhost refused to connect.The address bar shows: http://localhost:29786/api/sso/... Any suggestions on how to enable Chrome localhost connections?Is anyone is able to use Cisco Anyconnect on a Chromebook to connect to VPN?

our client want to set up sip oauth for IP phone to encrypt media and signaling. They want to use self signed certificate for this setup . how to set up?

Observation: Microsoft has changed something and started rejecting valid DKIM signed emails. I've observed O365 and hotmail.com bouncing mails. To fix: Set each of your dkim signing profiles setting > Canonicalization values to "Relaxed. This makes the body and header hashing more tolerant of minor changes (like extra line breaks or reordered headers) that Microsoft sometimes applies.           Have a great day! Chris        

I need to setup secure sip trunk between cucm and im presence. i can see document related to cucm but what configuration we have to set in Im presence side? is there any step by step in this regard? what certificate we can use? we are planning for self signed certificate for this setup.is self signed certificate ok?

Hello Team,I am migrating from MDS 9148S to MDS 9148T, I have included a part of Zoneset output below and I can see a unique fcid though, but same WWPN is listed under each zone, please can you explain the logic here.This output is from MDS9148S, I am assuming I need to rebuild the zoneset and relevant WWNs. Please advise bet practice to migrate devices from 9148S to 9148T given this scenario`show zoneset active vsan 1-4093`zoneset name ZONESET_V1 vsan 1  zone name Z_FC1_3_FC1_2_V1 vsan 1  * fcid 0x400f00 [interface fc1/3 swwn 20:00:00:de:fb:d8:f3:a0]  * fcid 0x400e00 [interface fc1/2 swwn 20:00:00:de:fb:d8:f3:a0]  zone name Z_FC1_5_FC1_1_V1 vsan 1  * fcid 0x401000 [interface fc1/5 swwn 20:00:00:de:fb:d8:f3:a0]  * fcid 0x401100 [interface fc1/1 swwn 20:00:00:de:fb:d8:f3:a0]  zone name Z_FC1_4_FC1_3_V1 vsan 1    interface fc1/4 swwn 20:00:00:de:fb:d8:f3:a0  * fcid 0x400f00 [interface fc1/3 swwn 20:00:00:de:fb:d8:f3:a0]  zone name Z_FC1_6_FC1_4_V1 vsan 1  * fcid 0x400d00 [interface fc1/6 swwn 20:00:00:de:fb:d8:f3:a0]    interface fc1/4 swwn 20:00:00:de:fb:d8:f3:a0  zone name Z_FC1_8_FC1_1_V1 vsan 1  * fcid 0x400c00 [interface fc1/8 swwn 20:00:00:de:fb:d8:f3:a0]  * fcid 0x401100 [interface fc1/1 swwn 20:00:00:de:fb:d8:f3:a0]  zone name Z_FC1_7_FC1_2_V1 vsan 1  * fcid 0x400700 [interface fc1/7 swwn 20:00:00:de:fb:d8:f3:a0]  * fcid 0x400e00 [interface fc1/2 swwn 20:00:00:de:fb:d8:f3:a0]

We are in the process of deploying some multi-instance FPR3130 pairs.  The FPR3130's were supplied with 7.2.8-25 so we manually upgraded them to 7.4.2-172 and then onboarded them into the FMCv where we then converted them to multi-instance.  We then upgraded the FMCv to 7.4.2.2-28 and proceeded to upgrade the FPR3130 chassis to 7.4.2.2-28 and then the instances to the same version. 7.4.2.3-4 recently popped up on CCO for the FMC and the FPR3100 series, so I'm looking to upgrade before any of this goes live.  I upgraded the FMCv easily and I'm now looking at upgrading the 4 x chassis.  The software is downloaded to the FMC.  If I go to Devices, Upgrade, Chassis Upgrade, it shows '4 devices and 8 clusters/HA pairs are not candidates to add to your upgrade list' in the Device Selection panel, and in the right panel showing the chassis and instances, it shows each chassis with version 7.4.2.2-28 and the Details saying 'Already running target version or later' If I go to Devices, Upgrade, Threat Defence Upgrade, it shows '8 clusters/HA pairs are candidates to add to your upgrade list' and '4 devices are not candidates to add to your upgrade list'.  So it looks like I can upgrade the instances, but not the chassis.  Is this a bug or by design?  I can't see anything in the release notes relating to this.  

Hello. I've spent a day or three trying to understand the NS OCI schema files and online Cisco OCI-P documentation. I'm able to get an NS system user logged in using OCI-P via the XSP server to the Network Server, but I am not able to form an acceptable XML command to modify Network Server items. The following XML would hopefully add a Routing Policy Call Screening Instance with Toll and Local calling with an instance named 'TestGroup': <?xml version = "1.0" encoding = "ISO-8859-1"?><com.broadsoft.protocols.nsoss.BroadsoftDocument protocol="NSOCI" version="24.0"><CommandArray><com.broadsoft.protocols.nsoss.CommandcommandType="RoutingPolicyCallScreeningAddInstanceRequest"><CommandDataArray><name>TestGroup</name><isEnabled>true</isEnabled><callType>TO</callType></com.broadsoft.protocols.nsoss.Command></CommandArray></com.broadsoft.protocols.nsoss.BroadsoftDocument> ... but in the openclientserver/OCSLog file, it's recorded as: Invalid command type in NSOCI message: .. nothing I try creates a valid command type. If anyone can help point me in the right direction, I'd appreciate it. Thanks...  Jamie M. SC.

Hi Everyone, I am performing an offline upgrade for Cisco WSA. I am trying to download firmware package from http://updates.ironport.com/fetch_manifest.html. and the download link is not working. I just wanna check if there's an alternate site to download the firmware?   Thank you    Best regards Weiwen

Hi all,I’m having an issue with a Sony EVI-X200C PTZ camera connected to a Cisco Webex Room Kit Plus via RJ45 to the codec. At first I was having a lot of odd issues, and after I swapped out a regular RJ45 cable for a cross-over cable, things started working more smoothly. The camera also has an external power supply and an HDMI cable going to the Room Kit codec. HDMI and control both work fine after an initial power cycle — the camera spins up, connects, and PTZ works perfectly via the Touch pad thing. That's the problem though.The issue:When the codec goes into standby, the camera also goes into standby or reboots (by design). Upon wake-up, the camera does its startup spin check, and then the green power light blinks indefinitely, and it never regains control or video unless the camera is manually power-cycled. It does either that, or stays in standby indefinitely. It's very weird behavior.It seems like the codec doesn’t re-initiate any control after waking, and the camera gets stuck waiting for initialization. This behavior is 100% reproducible and not caused by wiring or cable quality.Has anyone seen this behavior?We do have another room set up similar to this one and there are no issues. I have checked the configuration in the codec web GUI and CUCM and I cannot see anything out of the ordinary. It’s not really practical to unplug and power-cycle the camera every time we want to use it.Thanks for the help.

These are Term Qty based licenses however there is no Default term and it the Initial Term is 1-1 with Prepay term 1-1.  What exactly does this mean?  

We are excited to announce the release of Cisco Firewall Migration Tool version 7.7.10, packed with powerful new features and enhancements designed to streamline your firewall migration process. This latest update brings significant improvements that simplify migration workflows and enhance compatibility across multiple platforms. Key Highlights of Firewall Migration Tool 7.7.10: Azure Firewall Migration: Now you can seamlessly migrate configurations from Microsoft Azure Native Firewall to Cisco Secure Firewall Threat Defense. Enhanced Multicloud Compatibility: The tool expands its capabilities to support migration from Check Point Firewall and Fortinet Firewall to Cisco Multicloud Defense, providing greater flexibility for complex multicloud environments. Simplified Policy Management: Automatic detection of Security Group Tag configurations is introduced for dynamic and scalable access control. This feature currently supports on Secure Firewall ASA migrations, helping to reduce manual policy adjustments. Access Rule Editing: Users can now manage objects and object groups directly within the Optimize, Review, and Validate Configurations page, improving efficiency and control during the migration process. Improved Reporting: Enhanced pre-migration and post-migration reports offer a better user experience by delivering clearer insights and actionable information throughout the migration lifecycle. Here is the link to the release notes for the Firewall Migration Tool: https://www.cisco.com/c/en/us/td/docs/security/firepower/migration-tool/fp-migtool-release-notes.html Refer Open and Resolved Issues for the list of defects resolved in this maintenance release. We encourage customers to download and use the latest version of the Firewall Migration Tool (i.e. 7.7.10), as the new version includes fixes for the recently discovered issues that customers may have experienced while performing the migration from the supported platform to Cisco Threat Defense. As always, the migration tool is fully supported by the TAC team. Reach out to TAC team if you encounter any issues or require further support while performing the migration.    

                                                                       Site-to-Site IPSec VPN  with Overlapping Subnets Introduction The Problem The Solution Lab Example Introduction To configure a site-to-site VPN with overlapping subnets, you'll need to use Network Address Translation (NAT) on at least one side of the tunnel to make the subnets appear unique to the VPN. This involves mapping the internal, overlapping subnet to a unique, non-overlapping subnet for traffic traversing the VPN tunnel. The Problem: When two networks with identical subnet ranges (e.g., 192.168.1.0/24) need to communicate via a VPN, the routers on each end won't be able to distinguish between the two networks because they have the same IP address space. This leads to routing issues, as the routers won't know which subnet to forward traffic to.  The Solution:    Address Translation (NAT) Source NAT (SNAT):When traffic originates from one site, its source IP address is translated to a different, non-overlapping IP address within a "virtual" subnet before being sent over the VPN tunnel. Destination NAT (DNAT):When traffic destined for the remote site reaches the other end of the tunnel, its destination IP address is translated back to the original, overlapping IP address.                                           Lab Example:           Assuming that all required interfaces are up and configured with ip addresses including ISP router. In this example, I am configuring NAT on both the routers R1 and R2. R1  Configuration R1(config)#interface Ethernet0/0R1(config-if)# ip nat outside!R1(config)# interface Loopback1R1(config-if)# ip nat inside!R1(config)# ip route 0.0.0.0 0.0.0.0 1.1.1.2R1(config)# ip nat inside source static network 192.168.1.1 10.10.10.10 /32 R1(config)#crypto isakmp policy 1R1(config-isakmp)#hash sha512R1(config-isakmp)#authentication pre-shareR1(config-isakmp)#group 14R1(config-isakmp)#lifetime 3600R1(config-isakmp)#encryption aes 256R1(config-isakmp)#exit R1(config)#crypto isakmp key 0 xxxxxxxx address 2.2.2.2 R1(config)# crypto ipsec transform-set TSET1 esp-aes 128 esp-md5-hmacR1(cfg-crypto-trans)# exitR1(config)# crypto ipsec security-association lifetime seconds 3600!R1(config)# ip access-list extended VPNT1R1(config-ext-nacl)# permit ip host 10.10.10.10 host 20.20.20.20R1(config-ext-nacl)# exit!R1(config)# crypto map CMAP 10 ipsec-isakmp R1(config-crypto-map)# match address VPNT1R1(config-crypto-map)# set peer 2.2.2.2R1(config-crypto-map)# set transform-set TSET1R1(config-crypto-map)# exit!R1(config)# int eth0/0R1(config-if)#crypto map CMAPR1(config-if)#exit R2  Configuration R2(config)#interface Ethernet0/0R2(config-if)# ip nat outside!R2(config)# interface Loopback1R2(config-if)# ip nat inside!R2(config)# ip route 0.0.0.0 0.0.0.0 2.2.2.1R2(config)# ip nat inside source static network 192.168.1.1 20.20.20.20 /32 R2(config)#crypto isakmp policy 1R2(config-isakmp)#hash sha512R2(config-isakmp)#authentication pre-shareR2(config-isakmp)#group 14R2(config-isakmp)#lifetime 3600R2(config-isakmp)#encryption aes 256R2(config-isakmp)#exit R2(config)#crypto isakmp key 0 xxxxxxxx address 1.1.1.1 R2(config)# crypto ipsec transform-set TSET1 esp-aes 128 esp-md5-hmacR2(cfg-crypto-trans)# exitR2(config)# crypto ipsec security-association lifetime seconds 3600!R2(config)# ip access-list extended VPNT1R2(config-ext-nacl)# permit ip host 20.20.20.20 host 10.10.10.10R2(config-ext-nacl)# exit!R2(config)# crypto map CMAP 10 ipsec-isakmp R2(config-crypto-map)# match address VPNT1R2(config-crypto-map)# set peer 1.1.1.1R2(config-crypto-map)# set transform-set TSET1R2(config-crypto-map)# exit!R2(config)# int eth0/0R2(config-if)#crypto map CMAPR2(config-if)#exit Verification: .............................................................................................. Thank you very much..! ........................................................................          

So I have already completed every modules, exams, surveys and skill exams. But in the final module it shows 50% even though I have already completed everything, I already have my grades in the gradebook. My email is espermandigz@gmail.com in the cisco networking academy as well. Please help me resolve this issue.

Hi folks,We have a requirement to perform endpoint profiling using NetFlow as a probe in Cisco ISE. We’ve configured NetFlow export from our core switch, and when we inspect the NetFlow data directly (e.g., via a collector), we can see details like source IP, destination IP, source port, and destination port.However, in ISE’s Context Visibility, we are only seeing L4_DST_PORT, and the other details such as source IP, destination IP, and source port are missing.Has anyone here done a complete profiling setup purely using NetFlow as a probe? If so, could you please share any guide or working configuration reference?Appreciate your help!

As far as I know, when I use cwa that floats a redirection page like google ssoI understand that you use OPEN + MAB. I'm trying to set the authentication method of SSID to 802.1X and two-factor authentication through google so, is it possible?

Missed us at Cisco Live US but still want the scoop on all the ThousandEyes updates? Don't worry, we've got you covered. Sign up for next week's webinar with Jillian & Sergio to hear about the ways we continue to grow and develop deeper visibility, smarter analytics & faster issue resolution for you.See you there! 

Content filtering is completely broken as it is blocking categories that are not markeddeveloper.apple.com/news/releases This site was blocked due to the following categories: Research/ReferenceYet I have not marked that category 

Hi,We are using CMS-1000 on-prem for video conferencing. Is there any method to programmatically identify the active speaker in a video conference? The API doesn't seem to offer a clear call to achieve that. ThanksCMS, Conferencing

It been a while since I needed to download my OpenDNS roaming computer file but it seems like a lot has changed with the platform.  Can any supply some input as to how much things have changed and what are replacement options.   I was what they used to call a prosumer so I am not looking for enterprise coverage, features and protection Thanks

I am trying to find a good example or lesson on configurating TLOC extensions utilizing the Configuration Groups (Not classic templates) and the C8000v.  You can use the guided tour when using Configuration Groups and enable TLOC extensions there,  but  I've found no good example of what to fill in the fields.   Any assistance or known examples would be appreciated.