Hi, I probably exagerating, but I just want to confirm   we have 2 6500 boxes (one SUP each) not in VSS just independent boxes with firewall service modules on each box we have only updagraded the secondary box and we verified asa failover is in place,however, we did not upgrade the primary box due to the lack of time of the window, we will proceed in another rescheduled window,    however, what will happen in case of a failure either at the harwarre level or fwsm, will it work automatic failover? just because they have different IOS versions?   they dont share control plane info suchs as the VPCs in nexus, and we are not running any VSS but just want to confirm if the primary box fails (with the old IOS version for now), will the secondary box with newer IOS version will take place normally with no problem assuming all config is the same?   or is there any consideration I can take ? ... View more

Hi Wireless experts,  I have a question on my WLC 8510, I have seen somewhere in the connection summary a link/option that opens a new window that says connection score.   I was wondering if anyone in simple and plain english can explain whats the meaning if its in red color vs green color,    Obviously, if its red, it means something wrong happens, but I want to know if its something related and associated to the AP itself that cannot handle the client connection, interference, etc,    or if its related to the end client that is not compatible with the radio, performance, etc   We have been having some reports of a particular user that is experiencing random disconnections and Im trying to tshot this scenario to find the root cause and check all possible scenarios   and I have not been able to find any documentation that explain in details other than the fancy words embedded in the pop up window, which I dont understand (meaning I have to read a lot of wifi tech for sure)       under this pop up there are some blue squares dots that say something but whats with that, I know cisco is trying to do their best with the GUI interface, but may be im so silly and the only one I dont understand cause its far way beyond my experience in this area, which I admit it and acept it, but if anyone can assist me in explaining to me in clear text whats the purposes of this, I would really appreciate it,  ... View more

Hi, I have been looking for an answer, I know that it might be out of cisco topic, but dont know where else to find a light to determine the reason or if Im thinking the correct answer   many network admins ask for tracert from the end workstation when an "outage" or problem occur being reported by IT support team,   so when they send the tracert output, they say, should I wait to the tracert to finish or cut the output when I see many asterisk or timed out?   or should I wait to see the complete word after the 30 hops?   so I stumbled to that question, I have heard some network admin, even CCIEs that wait to finish to see that completes, cause even If I see the requests time out along the path, but if I see "trace complete" it means that it reaches the destination   some other say, cut the output cause there is no reason if you see at least the last hop where the packet stoped.   some argue that since some routers do not allow ICMP packets, hence the reason to see asteriks and request time out, so probably along the path there could be some devices that do that and some others dont, but still there is a confusion between some and me also :(    so is it a myth or should we say to let the tracert run until it finishes?    what would be the best recommendation to at least calm down the critics between net admins and support team?    I know the tracert is a good tshot tool cause at least it will give you some idea on where the packets go., but still the question is to wait or not to wait until the 30 hops completes cause it will give you the answer if its reachable or not   any feedback?     ... View more

Hi team,   I have tested in several ways but it does not work,    I have 2 ISPs, so I made the IP SLA for icmp echos to test the public IP 208.67.222.222 that it does not receive a ping icmp's the strack in the static route will know about it   and its supposed to execute the EEM script   When I test and shutdown the other end of the border router to simulate a failure, even the show track 87 shows reachibility down but still the applet does not run   could you please check and help me if the script below is correct of if Im missing something?   ip sla 87 icmp-echo 208.67.222.222 source-ip 192.168.1.1 frequency 5 exit   ip sla schedule 87 life forever start-time now track 87 ip sla 87 reachability delay down 8 up 10 event manager applet failover_test event track 87 state down action 1.0 cli command "enable" action 1.1 cli command "conf t" action 1.2 cli command "route-map TEST-PBR" action 1.3 cli command "no set ip next-hop 10.1.1.1" action 1.4 cli command "set ip next-hop 10.2.2.2" action 1.5 cli command "end" action 1.6 cli command "write memory" ! ip route 208.67.222.222 255.255.255.255 10.1.1.1 name EEMScript track 87 ... View more

Hi,  I was wondering if you have an example of how can I implement just one IP SLA    For instance,    ip sla 15 icmp-echo 208.67.222.222 source-ip X.X.X.X. (ip address of one SVI) icmp-echo 208.67.222.222 source-ip  X.X.X.X. (ip address of one the second SVI)   how can I add more? is there any way?   the reason is that I dont want to create multiple IP SLA and tracking for the same purpose,    I just want to use one IP SLA for the same condition   is it possible, can you provide me an example easy to follow up ?   thanks so much ... View more