Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
328
Views
1
Helpful
4
Replies

Microsoft Teams Call ACP Question

dcanady55
Level 3
Level 3

‎01-02-2025 01:29 PM

Hello,

We are currently using Cisco 2110s, and it appears that Cisco still does not allow us to remediate elephant flows in the advanced section. The only way to reduce the impact seems to be by setting up a trust rule for specific traffic. Upon analyzing our elephant flows, it seems that many of them are caused by Teams calls. Is there any reason not to set up a trust rule specifically for the Teams Call application? Additionally, does anyone know if Cisco plans to enable remediation for elephant flows on 2110s in the future?

Thanks,

Labels:
0 Helpful
4 Replies 4

ccieexpert
VIP
VIP

‎01-02-2025 06:45 PM

what version are you running ?

what are the threshold set for elephant flow remedation ? are you sure you are hitting those thresholds ?

https://secure.cisco.com/secure-firewall/docs/elephant-flow-throttling

TEams calls may use UDP and all of that is encrypted streams , and it is SRTP (secure rtp) which firepower doesnt really decrypt..  if you are not doing ssl decryption for teams/MS services traffic, then yes you could do fastpath pre-filter for that traffic or just the teams calls(if you can do based on UDP ports etc)... trust option will still use snort resources, so pre-filter is the best option to bypass SNORT..

0 Helpful

dcanady55
Level 3
Level 3
In response to ccieexpert

‎01-03-2025 05:17 AM

Hello,

Running 7.4.2.1 on 2110.

I don't have any thresholds setup for elephant flows because that feature is not available for 2110s. I thought Trust does not use snort as that's what the guide says. 

dcanady55_0-1735909836669.png

dcanady55_1-1735910139098.png

 

0 Helpful

MHM Cisco World
VIP
VIP
In response to dcanady55

‎01-03-2025 06:02 AM

Until Now Cisco not support this feature in 2110 as I know.

You must check release note of FTD ver.

MHM

0 Helpful

ccieexpert
VIP
VIP

‎01-03-2025 08:55 AM

Hi Yes i completely forgot about it. 21xx does not have it.. it can only detect elephant flows.

Your best best is to use pre-filter for now if it is really causing a performance issue.

this is the enhancement defect, and you can follow up with your Cisco account team or partner account team/SE for status..

https://quickview.cloudapps.cisco.com/quickview/bug/CSCwh17142

Although trust bypasses SNORT for the most part, the packet (pointer) is still sent to SNORT for lookup/ initial processing and it can be taxing. The most efficient way is to use pre-filter policy.

Hope that helps

**Please rate as helpful if this was useful**

Customers Also Viewed These Support Documents