cancel
Showing results for 
Search instead for 
Did you mean: 

Answer Questions

  • Dynamic Channel Assignment - ( 18m ago )
  • Wireless and Mobility
  • I was noticing when I choose freeze or off in the DCA 802.11a the last auto channel update seems to keep happening changing time since last update. Also I still see channel updates still happening in log
    View more
18m ago
Cancel Post

  • Cisco 8865 with Cisco 8800 Key Expansion Module in Webex Control Hub - ( 42m ago )
  • IP Telephony and Phones
  • I am trying to set up a Cisco 8800 KEM with an 8865 phone.  I know with the old CUCM, you could create a template and push it to the key expansion module, but, with Control Hub, I see the KEM is attached but can't do anything with it.  When its plugged into the phone, I get a white screen.  I've tried a factory reset with no luck.  Any ideas?
    View more
42m ago
Cancel Post

  • Portchannel dropping packets due to load balancing? - ( 55m ago )
  • Switching
  • I have a L2 portchannel between a 9407 and two Nexus 5000   We have Exfo testers at each end. My port one on 9407 goes two port two on his nexus and I loop his port two. He does the opposite. He port one loops my port two and we both send a 1Gig Down the link.   However I seem to be losing half a gig traffic either side. I believe this is to do with the portchannel load balancing.  I've gone through all the load balancing options on the 9400 and it hasn't made any difference. 1. Do I need to set the same otions on the nexus?   2. Is it something else other than load balancing?
    View more
55m ago
Cancel Post

  • L4 ace30 - ssh and sftp fail - ( 57m ago )
  • Network Management
  • The XXX.XXX.2.XXX bandwith is divided into 1-127 and 128-254. A server ip - XXX.XXX.2.139. The B server has two IPs. (one- VIP:XXX.XXX.2.32 , Real IP-XXX.XXX.2.141) -A server can connect ssh and sftp to B server Real IP. -Within the local L4 configuration, the other bandwith servers are ssh and sftp connections to the B server VIP.   issue : Ping from A server to B server VIP goes out. However, ssh and sftp connections can not be made from A server to B server VIP. This is not enough. ( A -> B VIP ssh and sftp access fail message) Connecting to XXX.XXX.2.32 . . . ssh : connect to host XXX.XXX.2.32 port 22 : Connection refused Couldn`t read packet : Connection reset by peer    What do I need to check? I would like to ask you a lot of advice.   Best Regards.  
    View more
57m ago
Cancel Post

  • Multiple ISE servers AAA query from WLAN - ( an hour ago )
  • Identity Services Engine (ISE)
  • Hi All, Quick design question. I have a WLAN that right now I send our AAA request to ISE. (ISE version 2.4) and I have two ISE nodes a Primary and a secondary. Would it be good practice to add my secondary node to the second server list on the WLAN....in case the Primary ISE is busy would the secondary ISE node take the Radius request even if its configured for the secondary Policy node for ISE?  Thanks,Dan
    View more
an hour ago
Cancel Post

  • MSDP without BGP - ( an hour ago )
  • Routing
  • Hi to all, suppose to have two PIM domains each running bsr (two RPs per domain on each domain an access-list manage rp mapping) Suppose that unicast ipv4 address spaces of the newtworks  of the two domains do not overlap. Suppose that unicast traffic is already flowing between the two networks that are connected through a transparent ASA firewall. I want to make multicast traffic pass between the two domains. One solution of course is to enable pim on the ASA firewall getting a uniq bigger PIM domain with one elected  bsr router. Anyway I'd like to keep separate the tho domains from bsr perspective and control which sources in one domain can be used on the other I did some test on a lab environment and make it work using these configurations: 1)Use pim bsr-border to stop bsr  packetson both sides of the firewall 2)Set up msdp between the RPs, that is each RP on one domain peers with both RPs on the other domain 3)To make traffic from source A in domain 1  available  in domain 2 add the mgroup used by source A to the access list that manage rp mapping in domain 2 In this way RPs on domain 2 know active sources in domain 1 and PIM routers in domain 2 are able to forward igmp report's join towards their domain RP   So can msdp be used without (m)BGP and without anycast RPs?   Regards MM   Regards MM    
    View more
an hour ago
Cancel Post

  • show tech - ( an hour ago )
  • Network Management
  • Hi guys,   i'm using EPNM 3.0 with NCS5500 routers.   Is it possible in EPN-M generate and collect “show tech” files from routers.  Bonus if we can also generate “show ‘feature’ trace” files.   thanks   Francesca
    View more
an hour ago
Cancel Post

  • Early and delayed offer, early and delayed media. - ( an hour ago )
  • IP Telephony and Phones
  • So early offer is when the calling party shares the media codec and rtp ip/ports in the Invite message, correct ? Whereas delayed offer is where the media content is shared after the 200 ok message, is that correct? Can someone please explain early media and delayed media? Also what are the advantages/disadvantages of early/delayed offer/media.
    View more
an hour ago
Cancel Post

  • 8831 wireless Microphone Connection - ( 2 hours ago )
  • IP Telephony and Phones
  • I have upgraded the firmware of the 8831 phone from 9.3.1 to 10.3.1 due to the display panel requirements.  I have lost the ability to utilize the wireless microphone option with this update.  Is there another firmware update I could use to receive the ability to utilize the wireless microphone feature?
    View more
2 hours ago
Cancel Post

  • Anyconnect Migration with Certs to FTD - ( 2 hours ago )
  • FirePOWER
  • Hello, I attempted to migrate anyconnect from ASA to FTD. We currently authenticate users using certificates only. The certs are issue to domain machine via our internal PKI.  I exported the pkcs for the public cert and enrolled in FMC and that worked. I also installed the internal root CA cert in FMC under trusted CA's. When I go to connect it's giving an error with invalid cert found. What am I missing here. Does the FTD need a cert signed by my internal CA?
    View more
2 hours ago
Cancel Post

  • My PCs can't ping firewall's inside interface - ( 2 hours ago )
  • Firewalls
  • Hi Everyone.  I've been trying to setup a simple network which has 1 firewall, 1 switch and 2 PCs. Please see the attachment for the topology. My goal is that I want my PCs can ping 8.8.8.8 of the 'internet' switch (from my attachment). But  for now, they can't even ping 10.10.10.1 (firewall's inside interface) while these PCs can ping VLAN 10 ( 172.16.1.1) and vlan 20 ( 192.168.10.1) as well as 10.10.10.2. Any thoughts why these PCs can't ping the inside interface of firewall? Thanks alot. 
    View more
2 hours ago
Cancel Post

  • Error "sshd[31506]: error: key_load_public: invalid format" with SSH login AiroNet - ( 2 hours ago )
  • Other Wireless - Mobility Subjects
  • Hello, friends. I have 3 this AP: cisco AIR-AP1852E-R-K9 (AP software ap1g4-k9w8 version 8.4.100.0) I cannot to login by ssh. Only telnet and https.To view logs i use this command: "show ap eventlog APA0F8.497C.0028". In this log i find this sshd errors: Mar 21 10:48:32 sshd[21537]: error: key_load_public: invalid formatMar 21 10:48:32 sshd[21537]: error: Could not load host key: /mnt/application/ssh_host_rsa_keyMar 21 10:48:32 sshd[21537]: error: key_load_public: invalid formatMar 21 10:48:32 sshd[21537]: error: Could not load host key: /mnt/application/ssh_host_ecdsa_keyMar 21 10:48:32 sshd[21537]: fatal: Unable to negotiate with 172.19.4.191 port 3714: no matching host key type found. Their offer: ssh-rsa,ssh-dssMar 21 10:48:38 sshd[21553]: error: key_load_public: invalid format--More-- or (q)uitMar 21 10:48:38 sshd[21553]: error: Could not load host key: /mnt/application/ssh_host_rsa_keyMar 21 10:48:38 sshd[21553]: error: key_load_public: invalid formatMar 21 10:48:38 sshd[21553]: error: Could not load host key: /mnt/application/ssh_host_ecdsa_keyMar 21 10:48:38 sshd[21553]: fatal: Unable to negotiate with 172.19.4.191 port 3719: no matching host key type found. Their offer: ssh-rsa,ssh-dssMar 21 11:42:31 sshd[27674]: error: key_load_public: invalid formatMar 21 11:42:31 sshd[27674]: error: Could not load host key: /mnt/application/ssh_host_rsa_keyMar 21 11:42:31 sshd[27674]: error: key_load_public: invalid formatMar 21 11:42:31 sshd[27674]: error: Could not load host key: /mnt/application/ssh_host_ecdsa_keyMar 21 11:42:31 sshd[27674]: fatal: Unable to negotiate with 172.19.4.191 port 3588: no matching host key type found. Their offer: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-1.3.132.0.10,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,ssh-rsaMar 21 12:03:59 sshd[30106]: error: key_load_public: invalid formatMar 21 12:03:59 sshd[30106]: error: Could not load host key: /mnt/application/ssh_host_rsa_keyMar 21 12:03:59 sshd[30106]: error: key_load_public: invalid formatMar 21 12:03:59 sshd[30106]: error: Could not load host key: /mnt/application/ssh_host_ecdsa_keyMar 21 12:03:59 sshd[30106]: fatal: Unable to negotiate with 172.19.4.191 port 4600: no matching host key type found. Their offer: ecdsa-sha2-nistp256,ssh-rsa,ssh-dssMar 21 12:06:45 sshd[30417]: error: key_load_public: invalid formatMar 21 12:06:45 sshd[30417]: error: Could not load host key: /mnt/application/ssh_host_rsa_keyMar 21 12:06:45 sshd[30417]: error: key_load_public: invalid formatMar 21 12:06:45 sshd[30417]: error: Could not load host key: /mnt/application/ssh_host_ecdsa_keyMar 21 12:06:45 sshd[30417]: fatal: Unable to negotiate with 172.19.4.191 port 1906: no matching host key type found. Their offer: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-1.3.132.0.10,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,ssh-rsa,ss--More-- or (q)uitMar 21 12:10:06 sshd[30804]: error: key_load_public: invalid formatMar 21 12:10:06 sshd[30804]: error: Could not load host key: /mnt/application/ssh_host_rsa_keyMar 21 12:10:06 sshd[30804]: error: key_load_public: invalid formatMar 21 12:10:06 sshd[30804]: error: Could not load host key: /mnt/application/ssh_host_ecdsa_keyMar 21 12:10:06 sshd[30804]: fatal: Unable to negotiate with 172.19.4.191 port 4101: no matching host key type found. Their offer: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-1.3.132.0.10,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,ssh-rsa,ssMar 21 12:16:08 sshd[31483]: error: key_load_public: invalid formatMar 21 12:16:08 sshd[31483]: error: Could not load host key: /mnt/application/ssh_host_rsa_keyMar 21 12:16:08 sshd[31483]: error: key_load_public: invalid formatMar 21 12:16:08 sshd[31483]: error: Could not load host key: /mnt/application/ssh_host_ecdsa_keyMar 21 12:16:08 sshd[31483]: fatal: Unable to negotiate with 172.19.4.191 port 3583: no matching host key type found. Their offer: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-1.3.132.0.10,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,ssh-rsa,ssMar 21 12:16:12 sshd[31506]: error: key_load_public: invalid formatMar 21 12:16:12 sshd[31506]: error: Could not load host key: /mnt/application/ssh_host_rsa_keyMar 21 12:16:12 sshd[31506]: error: key_load_public: invalid formatMar 21 12:16:12 sshd[31506]: error: Could not load host key: /mnt/application/ssh_host_ecdsa_keyMar 21 12:16:12 sshd[31506]: fatal: Unable to negotiate with 172.19.4.191 port 3620: no matching host key type found. Their offer: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-1.3.132.0.10,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,ssh-rsa,ss As i understand from google )) i cannot login because use "OpenSSH can no longer connect to Cisco routers/switches using the default settings of KexAlgorithms"May be this is bug: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuw36025 ?Is it possible to downgrade in my AP this new version of ssh?Thank you
    View more
2 hours ago
Cancel Post

  • Tacacs per VRF - ( 2 hours ago )
  • Network Management
  • Hello, I have some trouble with tacacs configuration when i have a VRF  Switch :  C3750EIOS version :15.0(2) My configuration : aaa group server tacacs+ Netxpserver-private 10.10.41.4ip vrf forwarding MAISON_VEip tacacs source-interface vlan 120 It seems that my switch can not reach my tacacs server. I have a default route on my VRF.  Could you please share your experience your tacacs per VRF experience with us ?Do you think that the configuration is good ?  For information, i used https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_tacacs/configuration/15-mt/sec-usr-tacacs-15-mt-book/sec-vrf-tacas-svrs.html as documentation Thanks in advance for your help.
    View more
2 hours ago
Cancel Post

  • DCNM - ( 2 hours ago )
  • Other Data Center Subjects
  • I have a DCNM verson 10.4. I didn´t find the option  "Switch On-Board Analytics". They explam that I need to do these steps but in my DCNM doesn´t appears this option... Step 1 Choose Inventory > View > Switches. The discovered switches are displayed. Step 2 Click a switch name in the Device Name column. The Switch dashboard that corresponds to that switch is displayed. Step 3 Click the Switch On-Board Analytics tab. This tab displays the Switch On-Board Analytics charts.   Someone can help me ?
    View more
2 hours ago
Cancel Post

3 hours ago
Cancel Post

3 hours ago
Cancel Post

3 hours ago
Cancel Post

  • Webvpn / SSL VPN Missing Bookmarks (Clientless) - ( 3 hours ago )
  • VPN and AnyConnect
  • Hello, Here's my situation. ASA5525 9.2   Configured all requirements for webvpn and tested successfully. able to create new bookmark and enforce it by group policy first and for testing purposes after multiple attempts by apply DAP's (Dynamic access policy).   DAP trace debug shows that when i log in with a specific user account i am getting the proper Group policy & DAP association, also confirmed that the url-list enabled for that session matches whats defined in the GP And\Or the DAP.   However the problem is bookmarks dont show on the portal page (homepage).   Anyone else come across such issue ? i opened a case with Cisco and will post results if we were able to solve it.   Any help is much appreciated !  
    View more
3 hours ago
Cancel Post

  • Data field format with Netflow v9 - ( 4 hours ago )
  • Network Management
  • Hello, We read the following article about Netflow v9 on: https://www.cisco.com/en/US/technologies/tk648/tk362/technologies_white_paper09186a00800a3db9.html and configured netflow on one of our routers. We would like to build a parser to do some in-house development but noticed that some of the fields are reported in Hex. How do we know what fields are reported in HEX and what in decimal? Is this documented cleared somewhere? Thanks,
    View more
4 hours ago
Cancel Post

4 hours ago
Cancel Post

  • Disable DNA and Prime Integration - ( 5 hours ago )
  • Cisco Digital Network Architecture (DNA)
  • Hi I recently tried the DNA and Prime integration in PI 3.5, but now i need my device inventory on PI as well because there are some requirements that i still want to address by operating from within PI,  So is there away where i can revert back the integration or get my devices inventory back in PI ? I could not find a way to disable it, any help is appreciated RegardsDawit
    View more
5 hours ago
Cancel Post

  • WLC QoS - WLAN QoS Parameters / Wired QoS Protocol - ( 5 hours ago )
  • Wireless and Mobility
  • Hello, I would have a question about the QoS in a Wireless environment Based on this configuration page example: https://www.cisco.com/c/dam/en/us/td/i/200001-300000/290001-300000/294001-295000/294182.tif/_jcr_content/renditions/294182.jpg I'm not sure to understand the difference between the WLAN QoS Parameters and the Wired QoS Protocol. I read this about it: "WLAN Maximum Priority—The highest DSCP marking value that may be used on the WLAN; this value can override AVC policies as well DSCP-values received from the wired network." "Wired QoS Protocol—Can be set to 802.1p and the maximum CoS value can be defined per WLAN." As far as I understood, the two parameters is used to define the maximum Priority of the packets. What are the difference between these two parameters ? If the two are configured, with one higher to the other, which of them will be applicable ? Example, a wireless frame arriving with WMM AC_VO (IEEE 802.11e UP 6, DSCP EF), and the WLAN QoS Parameters Maximum Priority is set as Video (so maximum DSCP AF41), and Wired QoS Protocol 802.1P Tag as 5 (so DSCP EF), do the frame will be kept at EF or the frame will be re-marked at AF41 defined by the Video maximum priority ? Thanks
    View more
5 hours ago
Cancel Post

  • Update C3850 from 3.x to 16.x with auto-rollback - ( 6 hours ago )
  • Other Network Architecture Subjects
  • Hi all,yesterday I performed an update from a 3.x version to the 16.3.8 version on a stack of C3850 switches.I included the "auto-rollback" command with the "software install"  command in order to have a rollback scenario, just in case.The documentation says that once the update has completed you have to enter the "software committ" command in order to cancel the auto-rollback. But with the 16.3.8 version there is no "software" command anymore.Actually nothing happend after the specified amount of time.I just cleaned up the flash with the "request platform software package clean switch" command.Maybe that did the trick as that command also deleted the old "packages.conf" file.Has anyone ran into the same problem? BR
    View more
6 hours ago
Cancel Post

  • Unable to connect to TRex server - ( 6 hours ago )
  • DevNet Sandbox
  • Hi there,   I have just started up the TRex sandbox and connected to it via AnyConnect. But when I try to follow the instructions and SSH to the TRex or the CSR1000v, Guacamole just gives me an connection error.   Any suggestions?  
    View more
6 hours ago
Cancel Post

  • FirePower and Allow O365 (Worldwide endpoints) - ( 6 hours ago )
  • FirePOWER
  • Hi Guys   I need to allow the urls found on https://docs.microsoft.com/en-us/office365/enterprise/urls-and-ip-address-ranges But in firepower rule set the applications "Office 365, Exchange Online, Microsoft" doesn't all the URLs? Any way to cover these urls and IP ranges in some cleaver maner? I would like to allow xxx applications, and then done.   best regards Michael
    View more
6 hours ago
Cancel Post