cancel
Showing results for 
Search instead for 
Did you mean: 

Answer Questions

  • OpenVuln API - CVSS vector string - ( 8m ago )
  • Services Discussions
  • Team,   Is is possible to pull the CVSS vector string from the OpenVuln API?  The strings are available in the CVRF downloads for the individual advisories, but I'm not seeing it in the API.   An example is the CVRF download of CVE-2018-15408.  When I download the XML, I get the following CVSS vector string - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</VectorV3>      </ScoreSetV3> But when I call https://api.cisco.com/security/advisories/cvrf/cve/CVE-2018-15408, the above vector string is not included in the output.   Is there a way to pull this information via API?   Thanks in advance for your guidance, Justin
    View more
8m ago
Cancel Post

  • Netflow collecting HTTP URL - ( 15m ago )
  • Network Management
  • Hello all,   this is my first post on Cisco Community, I hope I'm doing well :-)   I'm administrator of many routers on different platforms, and I'm new to manage netflow configuration (using Flexible Netflow). I would like to collect information about URL (to check my bandwith is not fully used by YouTube :-) ), and send them to my collector. I have added in my record configuration the "collect application http url" on a ASR1002 (the router has frozen while I did it...), but when I read flow cache, the column HTTP URL is empty for all rows.   So, my questions are : - do flexible Netflow is the best way to collect HTTP flow, and see web URL visited ? - do my configuration is correct ? Is there Something missing ?   Thanks a lot (hope my English is good enough ^^)  
    View more
15m ago
Cancel Post

  • Barcode format - ( 18m ago )
  • Voice Systems
  • What barcode format is used on boxes from Cisco?  I'm not looking to find a device I need to know if it's UPC CODE or EAN CODE or anything else from a long list of possible type.  I found multiple posts but they are old and could not find the answer.  Ref of barcodes types:  https://www.scandit.com/types-barcodes-choosing-right-barcode/   Thanks Gilles
    View more
18m ago
Cancel Post

  • Slow Handoff Between Access Points - ( 29m ago )
  • Wireless and Mobility
  • I have a single Cisco 2500 series wireless controller and approximately 30 access points that are models AIR-CAP2702E-B-K9 and AIR-CAP2702I-A-K9. The issue that I am experiencing is that an AP will hold onto an established connection even when other APs become much closer in range. There have been times where I have to physically walk out of range of an AP before it will latch to a new AP. I have been able to trick the system into handing off to another AP quicker by forcing an increase in minimum throughput required for a connection, but the AP will still hold that connection to the point where it is still clear a moderately seamless hand-off is not taking place. I am speculating that either something is misconfigured in my Mesh settings, or Mesh has not been setup to begin with. Any advice on the proper configuration of a Mesh network would be very well received.
    View more
29m ago
Cancel Post

  • Enquiry about PACL - ( 34m ago )
  • Switching
  • Hi experts,   If I want to deny Site B terminal (10.116.123.244) access internal networks (173.0.0.0/8, 10.114.0.0/16, 10.115.0.0/16, 10.116.0.0/16, 10.150.0.0/16) accept Internet through Site A Internet Firewall, can the following PACL works?   Config tip access-list extended simple-ip-acldeny ip host 10.116.123.244 10.114.0.0. 0.0.255.255deny ip host 10.116.123.244 10.115.0.0. 0.0.255.255deny ip host 10.116.123.244 10.116.0.0. 0.0.255.255deny ip host 10.116.123.244 173.0.0.0. 0.255.255.255deny ip host 10.116.123.244 10.150.0.0. 0.0.255.255end int gi2/31 ; the switchport where the terminal is connecting toip access-group simple-ip-acl in   Thanks.
    View more
34m ago
Cancel Post

  • Remediation via Auth VLAN - ( 42m ago )
  • Identity Services Engine (ISE)
  • Hi Experts,   Is remediation possible if I am implementing auth VLAN for switches that do not support URL redirection? Since, when auth VLAN is configured ISE acts as the DNS/DHCP server. I have configured anti-virus definition to automatic remediation.   So, now my anti-virus definition is not up to date and I am able to ping the AV servers. Will the auto-remediation happen in this case? Will AnyConnect be able to reach out to those AV servers and download the right definition?
    View more
42m ago
Cancel Post

  • Installation Examples - ( 44m ago )
  • Wireless and Mobility
  • Does anybody here have installation examples (pictures) especially from a Cisco 2602/2702/2802 with the external antenna AIR-ANT2566P4W-R in a warehouse enviroment and a installation on the ceiling?   Thx in Advance      
    View more
44m ago
Cancel Post

  • CSCtz84561 - Kingpin percentIPSEC-3-REPLAY_ERROR: IPSec SA receives anti-replay error, DP - ( 52m ago )
  • Cisco Bug Discussions
  • Hi, we have got a ISR4331/K9 with IOS XE 15.5(3)S4b showing the same log:   Oct 15 13:54:01.714: %IOSXE-3-PLATFORM: SIP1: cpp_cp: QFP:0.0 Thread:000 TS:00001842578982784425 %IPSEC-3-REPLAY_ERROR: IPSec SA receives anti-replay error, DP Handle 28, src_addr 172.29.250.39, dest_addr 172.29.250.30, SPI 0x46953b0e   We suppose bug CSCtz84561 is affecting to us, so please could you tell my which IOS XE versión would solve the problem?
    View more
52m ago
Cancel Post

an hour ago
Cancel Post

  • dACL issue - ( an hour ago )
  • Identity Services Engine (ISE)
  • ISE version 2.2.0.470   I am trying to build new dACLs for my VPN users and it doesn't seem to be working and I know its the dACL because when I revert back to the old dACL my VPN is successful.  When I try to hit the VPN with the new dACL I get a login failed.    Old dACL: New dACL:   remark allow newcitrixpermit tcp any host 192.168.254.75 eq 80permit tcp any host 192.168.254.77 eq 80permit tcp any host 192.168.254.75 eq 443permit tcp any host 192.168.254.77 eq 443 remark allow server mgmtpermit ip any 10.20.30.0 255.255.255.0 remark awspermit ip any 10.150.0.0 255.255.0.0permit ip any 10.155.0.0 255.255.0.0permit ip any 10.191.0.0 255.255.0.0 remark allow oktapermit tcp any host 10.20.1.176 eq 80permit tcp any host 10.20.1.175 eq 80permit tcp any host 10.81.3.44 eq 80permit tcp any host 10.81.3.45 eq 80 permit ip any 10.81.0.0 255.255.0.0 remark Allow pingpermit icmp any any remark BNA Server Networkspermit ip any 10.20.0.0 255.255.255.0permit ip any 10.20.1.0 255.255.255.0permit ip any 192.168.1.0 255.255.255.0permit ip any 10.20.5.0 255.255.255.128 permit ip any 10.20.35.0 255.255.255.0permit ip any 10.20.1.0 255.255.255.0permit ip any 10.20.45.0 255.255.255.128 remark BNA DMZpermit tcp any 192.168.10.0 255.255.255.0 eq 22permit tcp any 192.168.30.0 255.255.255.0 eq 22permit tcp any 10.20.26.10 255.255.255.255 eq 443 remark BNA Workstation Networkspermit ip any 192.168.7.0 255.255.255.0permit ip any 10.20.41.0 255.255.255.0permit ip any 10.20.42.0 255.255.255.0permit ip any 10.20.50.0 255.255.255.0permit ip any 10.20.40.0 255.255.255.0 remark Business Park Workstation Networkspermit ip any 10.22.50.0 255.255.255.0permit ip any 10.22.42.0 255.255.255.0permit ip any 10.22.20.0 255.255.255.0 remark BNA Lab Networkspermit ip any 192.168.13.0 255.255.255.0permit ip any 10.0.1.0 255.255.255.0permit ip any 10.20.250.0 255.255.255.0permit ip any 10.20.251.0 255.255.255.0permit ip any 10.0.10.0 255.255.255.0permit ip any 10.0.11.0 255.255.255.0permit ip any 10.20.25.0 255.255.255.0 remark CPI MIdwaypermit tcp any host 192.168.2.141 eq 3389 remark CPI Corporatepermit ip any 10.81.3.0 255.255.255.0permit ip any 10.81.0.0 255.255.255.0permit ip any 10.81.8.0 255.255.255.0permit ip any 10.81.1.0 255.255.255.0 remark Block all other internal requestsdeny ip any 10.0.0.0 255.0.0.0deny ip any 172.16.0.0 255.240.0.0deny ip any 192.168.0.0 255.255.0.0 remark Allow INETpermit ip any any remark IT User Accesspermit ip any 10.20.0.0 255.255.0.0permit ip any 192.168.1.0 255.255.0.0permit ip any 192.168.10.0 255.255.255.0permit ip any 10.81.0.0 255.255.0.0permit ip any 192.168.7.0 255.255.255.0 remark Lab Accesspermit ip any 10.0.1.0 255.255.255.0permit ip any 10.0.10.0 255.255.255.0permit ip any 10.0.100.0 255.255.255.0permit ip any 192.168.13.0 255.255.255.0 remark Deny Internal Segmentsdeny ip any 192.168.0.0 255.255.0.0deny ip any 10.0.0.0 255.0.0.0deny ip any 172.16.0.0 255.240.0.0 remark Allow INETpermit ip any any         The check syntax checks out on the dACL page after checking for syntax errors.    Does anyone see anything weird between the two?
    View more
an hour ago
Cancel Post

  • Separate Backup of Cisco Prime Maps - ( an hour ago )
  • Network Management
  • Per a previous TAC Engineer's recommendations after a failed Prime Infrastructure upgrade, I would like to backup the /opt/CSCOlumos/domainmaps in addition to a full NCS application backup. I seem to have misplaced my notes on backing up individual server files. Can someone assist?
    View more
an hour ago
Cancel Post

an hour ago
Cancel Post

  • ASA - NAT based on destination port - ( an hour ago )
  • Firewalls
  • Hello all- Need to setup a NAT based on destination port ASA 9.6.4   Source 202.1.1.18 routing to 202.1.1.17 on inteface vlan419int if destination port is 12154 need 202.1.1.17 to NAT TO inside interface host 192.168.1.10 if destination ports are 12146-12153 need 202.1.1.17 to NAT to asa-link interface host 172.16.210.10 Attached is a diagram Seems straightforward but I cant seen to get this working.  Thanks!  
    View more
an hour ago
Cancel Post

  • Script to read from a file and apply port descriptions. - ( 2 hours ago )
  • Network Management
  • We are replacing some older 3750 switches, with a 4500 switch. I want to be able to restore connectivity without having to worry about making sure a specific connection is plugged into a specific port (Time constraints). Is it possible to read a mac address from a file and based on the mac discovered on the port, configure a description for that port. I have found various examples on these forums, but nothing that comes close to what I want to accomplish.    Something like this, but the oui is a variable read from a different file. https://community.cisco.com/t5/network-management/eem-3-2-mac-address-prefix-gt-switch-port-config-examples/td-p/1813741
    View more
2 hours ago
Cancel Post

  • WSA S000v HTTPS proxy : TLS session reset from WSA - ( 2 hours ago )
  • Web Security
  • Hi Everyone,   I am running a test on a WSA and I am unable to make HTTPS proxy to work at the moment, I can see in wireshark from a packet capture on the wire that the WSA is actively closing the TCP session and I receive an error message that is not generated by the WSA but rather than the windows client browser, HTTP instead works fine.   I indeed tried with several flavor of certificates, in order : local WSA self-singed certificate local WSA certificate signed by internal root CA uploaded internal root CA certificate and key I installed all those certificates into the user and computer workstation's Trusted Root Certification autorities intermediate Root certification authorities I tried disabling/enabling all TLS and SSL versions and I tried modifying the chipers on the WSA appliance     Let me show you here below   WSA ip : 192.168.2.162 Workstation ip : 10.1.128.2   HTTPS TCP session reset actively from the WSA On the browser:  Additionally I am also seeing these logs on the appliance from https_logs:   Mon Oct 15 14:02:32 2018 Debug: HTTPS : - : DIAG: client did not complete SSL Handshake Mon Oct 15 14:02:32 2018 Debug: HTTPS : - : error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request Mon Oct 15 14:02:32 2018 Trace: HTTPS : - : Error Function is: 118 Error Reason is:155      
    View more
2 hours ago
Cancel Post

  • AnyConnect and no policy server detected - ( 2 hours ago )
  • Identity Services Engine (ISE)
  • Hi Experts, Test environment: ISE 2.3 patch 3 HP Comware switch: Version 7.1.070, Release 3208P03   I am seeing this very weird behavior with AnyConnect. We are using an ACL for posture redirection, so here when I have these two statements: rule 135 deny tcp destination-port eq 443 rule 140 deny tcp destination-port eq www AnyConnect says that, its failed to launch downloader   But when I change them to:rule 135 permit tcp destination-port eq 443rule 140 permit tcp destination-port eq www AnyConnect says, no policy server detected   Any idea why this could be happening? Following is the complete ACL:[NAC-5130-2]display acl 3003Advanced IPv4 ACL 3003, 29 rules,ACL's step is 5, start ID is 0 rule 0 permit ip destination <ISE Server> 0 rule 5 permit udp destination-port eq dns rule 10 permit udp source-port eq bootpc destination-port eq bootps rule 15 permit udp source-port eq bootps destination-port eq bootpc rule 20 permit tcp destination-port eq 2967 rule 25 permit tcp source-port eq 2967 rule 30 permit tcp destination-port eq 7070 rule 35 permit tcp source-port eq 7070 rule 40 permit ip destination <AV Server> 0 rule 45 permit tcp destination <AV Server> 0 destination-port eq 443 rule 50 permit tcp destination <AV Server> 0 destination-port eq www rule 55 permit tcp destination <AV Server> 0 destination-port eq 443 rule 60 permit tcp destination <AV Server> 0 destination-port eq www rule 65 permit tcp destination <AV Server> destination-port eq 443 rule 70 permit tcp destination <AV Server> destination-port eq www rule 75 permit tcp destination <SCCM Server> 0 destination-port eq 443 rule 80 permit tcp destination <SCCM Server> 0 destination-port eq www rule 85 permit tcp destination <SCCM Server> 0 destination-port eq 443 rule 90 permit tcp destination <SCCM Server> 0 destination-port eq www rule 95 permit tcp destination <SCCM Server> 0 destination-port eq 443 rule 100 permit tcp destination <SCCM Server> 0 destination-port eq www rule 105 permit tcp destination <SCCM Server> 0 destination-port eq 443 rule 110 permit tcp destination <SCCM Server> 0 destination-port eq www rule 115 permit tcp destination <SCCM Server> 0 destination-port eq 443 rule 120 permit tcp destination <SCCM Server> 0 destination-port eq www rule 125 permit tcp destination <SCCM Server> 0 destination-port eq 443 rule 130 permit tcp destination <SCCM Server> 0 destination-port eq www rule 135 deny tcp destination-port eq www rule 140 deny tcp destination-port eq 443
    View more
2 hours ago
Cancel Post

  • VRRP over OTV - ( 2 hours ago )
  • Routing
  • Hi!   We have 2 DCN networks that we have bridged with OTV for migration. We have a couple of Linux servers running VRRP and our problem is that servers running VRRP cannot find eachother and hence VRRP not working.   What I have understood FHRP should work over OTV unlessess we enable FHRP filterinh, wish we have not done   Any help are welcomed!   //Olle
    View more
2 hours ago
Cancel Post

Cancel Post

2 hours ago
Cancel Post

  • Layer 2 logging - What do you logg? and how? - ( 2 hours ago )
  • Switching
  • Hello Guys, This is my first post (yay!),   Either way I was interested to hear a little about what people prefer to logg on their layer 2 access layer devices and which commands you enable to get these info.   I am curious since I have noticed there is a huge spectrum of debugging messages etc, to enable/disable, but the info we can find in my network when "show logging", is limited to what is given standard, like link up/down status, err-disables and so on.   Is there anything people turn on/off standard, which isn't on default int Catalyst C2960-X's with IOS 15.4(2)E6 ?   All cool idea and setups have interest! Please share !   - Regards     Roar Kirkeby - Networks Students
    View more
2 hours ago
Cancel Post

  • Cisco ISE 2.1.474 Backup Issue - ( 3 hours ago )
  • Identity Services Engine (ISE)
  • Hi All I'm having problems backing-up on Cisco ISE2.1.0.474. My secondary PSN also not SYNCing. I have done a debug and I'm getting the following:-   isesvr/admin# 7 [32164]:[debug] backup-restore:restore: cars_xfer.c[184] [admin]: RW repo is requested6 [32164]:[info] backup-restore:backup: br_history.c[521] [admin]: ISE backup/restore initiated by CLI as ise.br.status is not 'in-progress' in /tmp/ise-cfg-br-flags7 [32164]:[debug] backup-restore:backup: br_backup.c[585] [admin]: initiating backup ise_config to repos BACKUP-REPO7 [32164]:[debug] backup-restore:backup: br_backup.c[629] [admin]: no staging url defined, using local space7 [32164]:[debug] backup-restore:backup: br_backup.c[54] [admin]: flushing the staging area7 [32164]:[debug] backup-restore:backup: br_backup.c[658] [admin]: creating /opt/backup/backup-ise_config-15396041947 [32164]:[debug] backup-restore:backup: br_backup.c[662] [admin]: creating /opt/backup/backup-ise_config-1539604194/backup/cars6 [32164]:[info] backup-restore:backup-logs: br_backup.c[98] [admin]: backup in progress:Starting Backup...10% completed7 [32164]:[debug] backup-restore:backup: br_backup.c[726] [admin]: creating /opt/backup/backup-ise_config-1539604194/backup/ise7 [32164]:[debug] backup-restore:backup: br_backup.c[752] [admin]: calling script /opt/CSCOcpm/bin/isecfgbackup.sh3 [32164]:[error] backup-restore:backup: br_backup.c[767] [admin]: DB BACKUP FAILED : . Backup aborted7 [32164]:[debug] backup-restore:history: br_history.c[252] [admin]: running date7 [32164]:[debug] backup-restore:history: br_history.c[76] [admin]: obtained backup history lock7 [32164]:[debug] backup-restore:history: br_history.c[160] [admin]: loaded history file /var/log/backup.log7 [32164]:[debug] backup-restore:history: br_history.c[118] [admin]: stored backup history file7 [32164]:[debug] backup-restore:history: br_history.c[90] [admin]: released backup history lock7 [32164]:[debug] backup-restore:history: br_history.c[310] [admin]: added record to history6 [32164]:[info] backup-restore:backup: br_history.c[454] [admin]: updating /tmp/ise-cfg-br-flags with status: complete and message: (null)6 [32164]:[info] backup-restore:backup: br_cli.c[1108] [admin]: error message: Application backup error7 [8223]:[debug] backup-restore:restore: cars_xfer.c[184] [admin]: RW repo is requested6 [8223]:[info] backup-restore:backup: br_history.c[521] [admin]: ISE backup/restore initiated by CLI as ise.br.status is not 'in-progress' in /tmp/ise-cfg-br-flags7 [8223]:[debug] backup-restore:backup: br_backup.c[585] [admin]: initiating backup ise_config to repos BACKUP-REPO7 [8223]:[debug] backup-restore:backup: br_backup.c[629] [admin]: no staging url defined, using local space7 [8223]:[debug] backup-restore:backup: br_backup.c[54] [admin]: flushing the staging area7 [8223]:[debug] backup-restore:backup: br_backup.c[658] [admin]: creating /opt/backup/backup-ise_config-15396043987 [8223]:[debug] backup-restore:backup: br_backup.c[662] [admin]: creating /opt/backup/backup-ise_config-1539604398/backup/cars6 [8223]:[info] backup-restore:backup-logs: br_backup.c[98] [admin]: backup in progress:Starting Backup...10% completed7 [8223]:[debug] backup-restore:backup: br_backup.c[726] [admin]: creating /opt/backup/backup-ise_config-1539604398/backup/ise7 [8223]:[debug] backup-restore:backup: br_backup.c[752] [admin]: calling script /opt/CSCOcpm/bin/isecfgbackup.sh3 [8223]:[error] backup-restore:backup: br_backup.c[767] [admin]: DB BACKUP FAILED : . Backup aborted7 [8223]:[debug] backup-restore:history: br_history.c[252] [admin]: running date7 [8223]:[debug] backup-restore:history: br_history.c[76] [admin]: obtained backup history lock7 [8223]:[debug] backup-restore:history: br_history.c[160] [admin]: loaded history file /var/log/backup.log7 [8223]:[debug] backup-restore:history: br_history.c[118] [admin]: stored backup history file7 [8223]:[debug] backup-restore:history: br_history.c[90] [admin]: released backup history lock7 [8223]:[debug] backup-restore:history: br_history.c[310] [admin]: added record to history6 [8223]:[info] backup-restore:backup: br_history.c[454] [admin]: updating /tmp/ise-cfg-br-flags with status: complete and message: (null)6 [8223]:[info] backup-restore:backup: br_cli.c[1108] [admin]: error message: Application backup error   I'd really appreciate any suggestions Thanks Erisan
    View more
3 hours ago
Cancel Post

  • CMS - WebBridge Guest access needs flush DNS - ( 3 hours ago )
  • TelePresence and Video Infrastructure
  • Hello,   I'm deploying a cluster of CMS servers (2xCMS1000 and 1xCMS) and I'm facing to a strange behavior.My customer doesn't need to login throught the Webbridge and just need Guest access method on the Webbridge. I have noticed Webbridge for Guest access doesn't work as expected, sometimes when I brownse the URL "join.exemple.com", the guest access method doesn't appear on the webbridge portal, that means no "join" button appears on the web page too, just the "sign-in" method appears even thought I have disabled it because my customer doesn't need it.   I have noticed errors on both CMS servers, when I login as admin : "Web bridge connection to "join.exemple.com" failed (Authentication failure)I have found if I flush DNS on both CMS servers, the error just below disappear, the "join" button appears on the CMS Webbridge page and then meetings can be join as Guest access.If I wait few minutes/hours, I can see again the error "Web bridge connection to "join.exemple.com" failed (Authentication failure) on the CMS Web admin portal and then I have to flush again DNS to make Guest access work again. My DNS configuration looks correct and each CMS server is able to resolver "join.exemple.com.   Someone would have an idea about this issue ?? Is this a bug of known issue ?   ThanksKevin  
    View more
3 hours ago
Cancel Post

  • URL Filtering and SSL decryption issues - ( 4 hours ago )
  • FirePOWER
  • Hello,   I am working with a customer that want to use the URL filtering function in his ASA 5545-X with firepower services. I have a similar setup in my LAB for testing purpose and I have create a SSL Policy that are using a Microsoft CA signed certificate and I have some Windows 10 clients with ROOT certificates from the same CA. However, I am having issues with some sites when using either Chrome or Firefox. Everything is working fine in both IE and Edge browsers but some HTTPS pages (like https://www.cisco.com) are timing out with Chrome and Firefox. I have tried the workaround described here - https://www.cisco.com/c/en/us/td/docs/security/firepower/SA/SW_Advisory_CSCvh22181.html but it only helped for some of the pages. The only other thing I can think of is certificate pinning, but I am not sure that this is browser dependent.  Anyone else have experienced similar issues with SSL decryption?  
    View more
4 hours ago
Cancel Post

4 hours ago
Cancel Post

  • Call Forward to External Number - ( 4 hours ago )
  • Contact Center
  • HI, I have uccx 11.5 with softphone (Jabber) for agents. Can Agents forward calls to External Number(Mobile number) from jabber. In desktop jabber , there is option to forward call to external number. My UCCX is integrated with CUCM and for ip Telephony call , forward to external number  works fine.  Please help!!
    View more
4 hours ago
Cancel Post