Answer Questions

Recently, I connected a 9115AXI AP with a Cisco C1000 24P 4GL PoE switch, no other PoE devices are connected with this switch. AP joined with the controller and clients are connected without any issues but the AP is continuously blinking red, green and blue. I am sure that it's a PoE power issue. I have a few questions:Does 9115AXT support the Cisco 24P 4GL 195W PoE switch?As per my knowledge, each port supports up to 30W and it seems AP is consuming 15.4 watts only, Does 9115AXI require more power?Thanks in advance.

Hello Cisco ISE lover, I would like to get some feedback or suggestion after upgrading the fix patch version on ISE, specially with cisco ise 3.1 patch 10. Is there any abnormal performance and functionality? Thank you for your input.

Hello,I am trying to implement a VXLAN configuration to extend a VLAN from our main site to different sites for a guest network. My environment uses VRF routing tables to separate our production network form our guest network while utilizing EIGRP for each VRF. We do not have routes in the global routing table. Could I get some feedback in regards to configuring the VXLAN using BGP and EVPN, as I can manage to get the NVE peers to come up in a lab without a VRF. As soon as i try to mimic production I cannot get the nve peers to come up. Are there any articles or recommendations to approach this scenario? In my guest vrf routing I can ping my loop backs at each site as a part of the vrf guest. Using Cisco Catalyst 9k Series

我是一个小白，刚刚接触带思科路由器，现在已经配置好了pppoe和nat，外网用户可以正常访问到内网服务，但内网用户通过域名无法访问到服务，请问我要怎配置呢？互联网 --- 路由器 --- 客户            |          服务器（192.168..x.x）当前的配置：interface Dialer1 ip nat outsideinterface Vlan20 ip address 192.168.1.1 255.255.252.0 ip nat insideip nat inside source static tcp 192.168.2.1 443 interface Dialer2 443 

Hi, i am new to packet tracer and I am having a problem with setting a V Lan with my DHCP server. It keeps saying DHCP failed and I have tried everything and still confused on what's wrong with it. I added my file, can someone help check what's wrong. Each AP is suppose to get a specific IP range

Does icmp go to the secondary IP address of Failover from outside? Active/standby in ASA5508 OSver9.8(1). The primary-side IP address configured in the two inside zones is ping-responsive, but does not respond to the secondary-side IP address. I would like to know if the reason why I don't respond is because I am waiting for failover, or if there is a way to respond with additional settings.

When creating client detail report in DNAC, I would like to add information of buildings and floors for each client. Is it possible to set it like this?

Failoverのsecondary IPアドレスへは外部からicmpは通るものですか。ASA5508 OSver9.8(1)でactive/standby構成です。2台のinsideゾーンに設定しているprimary側IPアドレスにはping応答するのにsecondary側IPアドレスには応答しません。応答しない原因がfailoverの待機状態だからなのか、追加設定で応答させる方法があるか知りたいです。

I received the following payload when subscribing to the eAgentOfferContact event.   { "data": { "agentEmailId": "saeedayesha629@gmail.com", "agentId": "8bebb975-2bfb-4901-b464-fb014602a7f9", "eventTime": 1739127559815, "eventType": "RoutingMessage", "interaction": { "callAssociatedData": { "ani": { "agentEditable": false, "agentViewable": true, "displayName": "ani", "global": false, "isSecure": false, "name": "ani", "reportable": false, "secureKeyId": "", "secureKeyVersion": 0, "type": "STRING", "value": "uzair.anwar@gmail.com" }, "customerName": { "agentEditable": false, "agentViewable": true, "displayName": "customerName", "global": false, "isSecure": false, "name": "customerName", "reportable": false, "secureKeyId": "", "secureKeyVersion": 0, "type": "STRING", "value": "Uzair Anwar" }, "dn": { "agentEditable": false, "agentViewable": true, "displayName": "dn", "global": false, "isSecure": false, "name": "dn", "reportable": false, "secureKeyId": "", "secureKeyVersion": 0, "type": "STRING", "value": "Email_EP" }, "ronaTimeout": { "agentEditable": false, "agentViewable": true, "displayName": "ronaTimeout", "global": false, "isSecure": false, "name": "ronaTimeout", "reportable": false, "secureKeyId": "", "secureKeyVersion": 0, "type": "STRING", "value": "32" }, "virtualTeamName": { "agentEditable": false, "agentViewable": true, "displayName": "virtualTeamName", "global": false, "isSecure": false, "name": "virtualTeamName", "reportable": false, "secureKeyId": "", "secureKeyVersion": 0, "type": "STRING", "value": "Email_Q" } }, "callAssociatedDetails": { "ani": "uzair.anwar@gmail.com", "customerName": "Uzair Anwar", "dn": "Email_EP", "mediaResourceId": "CSRORLF701AGO667", "ronaTimeout": "32", "virtualTeamName": "Email_Q" }, "callFlowParams": {}, "callProcessingDetails": { "EP_ID": "476f8ff1-8013-46c6-8a86-36dec453528f", "QMgrName": "aqm", "QueueId": "e56e67fe-32d3-49f7-a988-d5683e8fbafd", "ROUTING_TYPE": "queueBasedRouting", "ani": "uzair.anwar@gmail.com", "checkAgentAvailability": "false", "customerName": "Uzair Anwar", "dnis": "Email_EP", "mediaResourceId": "CSRORLF701AGO667", "participantInviteTimeout": "false", "priority": "10", "queuedDestinationID": "e56e67fe-32d3-49f7-a988-d5683e8fbafd", "queuedTo": "Queue", "removeSkillsOnTransferToQueue": "false", "ronaTimeout": "32", "taskToBeSelfServiced": "false", "virtualTeamName": "Email_Q", "vteamId": "e56e67fe-32d3-49f7-a988-d5683e8fbafd" }, "contactDirection": { "type": "INBOUND" }, "createdTimestamp": 1739127559249, "currentVTeam": "e56e67fe-32d3-49f7-a988-d5683e8fbafd", "interactionId": "5c050bff-b688-41d3-a0e8-ae608cabced0", "isFcManaged": false, "isMediaForked": false, "isTerminated": false, "mainInteractionId": "5c050bff-b688-41d3-a0e8-ae608cabced0", "media": { "CSRORLF701AGO667": { "holdTimestamp": null, "isHold": false, "mType": "mainCall", "mediaMgr": "digitalmm", "mediaResourceId": "CSRORLF701AGO667", "mediaType": "email", "participants": [ "uzair.anwar@gmail.com" ] } }, "mediaChannel": "email", "mediaProperties": null, "mediaType": "email", "orgId": "b3d1a048-a105-41b0-ba24-3b0d6e54af85", "outboundType": null, "owner": "8bebb975-2bfb-4901-b464-fb014602a7f9", "parentInteractionId": "5c050bff-b688-41d3-a0e8-ae608cabced0", "participants": { "8bebb975-2bfb-4901-b464-fb014602a7f9": { "autoAnswerEnabled": false, "bnrDetails": null, "callerId": null, "channelId": "76cc3b0e-2938-48cb-a781-f27e47bc5a70", "consultState": null, "consultTimestamp": null, "currentState": null, "currentStateTimestamp": null, "deviceCallId": null, "deviceId": null, "deviceType": null, "dn": "1002", "hasJoined": false, "hasLeft": false, "id": "8bebb975-2bfb-4901-b464-fb014602a7f9", "isConsulted": false, "isInPredial": false, "isOffered": true, "isWrapUp": false, "isWrappedUp": false, "joinTimestamp": null, "lastUpdated": 1739127559724, "name": "saeedayesha629 saeedayesha629", "pType": "Agent", "queueId": "e56e67fe-32d3-49f7-a988-d5683e8fbafd", "queueMgrId": "aqm", "sessionId": "09a41bca-d8fe-4765-bca2-000dc21a696a", "siteId": "e36b1799-29eb-471f-a750-9e91385134f2", "skillId": null, "skillName": null, "skills": [], "teamId": "54b22d49-05a4-441e-9f56-5d613eaa83a3", "teamName": "ChatTeam", "type": "Agent", "wrapUpTimestamp": null }, "uzair.anwar@gmail.com": { "callerId": null, "hasJoined": true, "hasLeft": false, "id": "uzair.anwar@gmail.com", "isInPredial": false, "pType": "Customer", "type": "Customer" } }, "previousVTeams": [ "476f8ff1-8013-46c6-8a86-36dec453528f" ], "queuedTimestamp": 1739127559667, "state": "new", "workflowManager": "IMI" }, "interactionId": "5c050bff-b688-41d3-a0e8-ae608cabced0", "mediaResourceId": "CSRORLF701AGO667", "orgId": "b3d1a048-a105-41b0-ba24-3b0d6e54af85", "queueMgr": "aqm", "ronaTimeout": 32, "trackingId": "48770908-37f9-4df3-b5ad-f456b42af075", "type": "AgentOfferContact" }, "orgId": "b3d1a048-a105-41b0-ba24-3b0d6e54af85", "trackingId": "notifs_4d2d637c-dac3-43f4-a409-682d508f1393", "type": "RoutingMessage" }   From this payload, how can I determine whether the email task is a new thread or a continuation of an existing email thread based on the subject or any other relevant fields? Any insights or guidance would be greatly appreciated!

Our security team has detected a vulnerability with the Cisco UCS C220 M4S CIMC. We need your assistance in addressing this or finding any \justification from Cisco regarding it.Here is the vulnerability:https://www.tenable.com/plugins/nessus/187201CVE: CVE-2023-48795, CVE-2023-51384, CVE-2023-51385

Meraki devices are successfully discovered but hostnames and serial numbers are not showing (NA) under Managed Devices.We have just rebuild the server using 2.11 server version. It was visible when we had 2.10.Hope to get feedback soon. Thank you in advance.

Hi, I 'm using Cisco Catalyst SD-WAN version 20.15.1 (on prem orchestrators). I have a problem onboarding any virtual edge C8000V router using the automated authentication process, but the manual onboarding process using an enterprise CA server is good with no issues. When I try to onboard, a C8000V router using the automated process, it fails. logs on the vBond shows authentication failure with code "ERR_CERT_VER_FAIL" ------------------ vBond:~$ cat /var/log/vsyslog Feb 9 10:30:19 vBond VBOND_4[1626]: %Viptela-vBond-vbond_4-5-NTCE-1400002: Notification: vbond-reject-vedge-connection severity-level:major host-name:"vBond" system-ip:10.3.3.2 uuid:"C8K-9C82B27D-FC58-6716-B992-3A616D67FE6E" organization-name:"NCRATLEOS-NOC-LAB" sp-organization-name:"NCRATLEOS-NOC-LAB" reason:"ERR_CERT_VER_FAIL" generated-at:2-9-2025T8:30:19Feb 9 10:30:19 vBond VBOND_4[1626]: %Viptela-vBond-vbond_4-5-NTCE-1400002: Notification: control-connection-auth-fail severity-level:major host-name:"vBond" system-ip:10.3.3.2 personality:vbond peer-type:vedge peer-system-ip::: local-system-ip:10.3.3.2 local-color:default reason:"ERR_CERT_VER_FAIL" generated-at:2-9-2025T8:30:19Feb 9 10:30:21 vBond VBOND_0[1635]: %Viptela-vBond-vbond_0-5-NTCE-1400002: Notification: vbond-reject-vedge-connection severity-level:major host-name:"vBond" system-ip:10.3.3.2 uuid:"C8K-BC9FCD48-8689-6C4D-A509-43608B131407" organization-name:"NCRATLEOS-NOC-LAB" sp-organization-name:"NCRATLEOS-NOC-LAB" reason:"ERR_CERT_VER_FAIL" generated-at:2-9-2025T8:30:21Feb 9 10:30:21 vBond VBOND_0[1635]: %Viptela-vBond-vbond_0-5-NTCE-1400002: Notification: control-connection-auth-fail severity-level:major host-name:"vBond" system-ip:10.3.3.2 personality:vbond peer-type:vedge peer-system-ip::: local-system-ip:10.3.3.2 local-color:default reason:"ERR_CERT_VER_FAIL" generated-at:2-9-2025T8:30:21Feb 9 10:30:23 vBond VBOND_4[1626]: %Viptela-vBond-vbond_4-5-NTCE-1400002: Notification: vbond-reject-vedge-connection severity-level:major host-name:"vBond" system-ip:10.3.3.2 uuid:"ASR-6332d2ad-329a-4b26-a0f4-175965c51b78" organization-name:"NCR-NOC-CAIRO-LAB" sp-organization-name:"NCR-NOC-CAIRO-LAB" reason:"ERR_CERT_VER_FAIL" generated-at:2-9-2025T8:30:23Feb 9 10:30:23 vBond VBOND_4[1626]: %Viptela-vBond-vbond_4-5-NTCE-1400002: Notification: control-connection-auth-fail severity-level:major host-name:"vBond" system-ip:10.3.3.2 personality:vbond peer-type:vedge peer-system-ip::: local-system-ip:10.3.3.2 local-color:default reason:"ERR_CERT_VER_FAIL" generated-at:2-9-2025T8:30:23 ------------------------- Root CA is installed on the router, and I have compared it with the Root CA installed on vManage and vBond. it looks the same (same serial num., same issuer and Organization Name. also, NTP is synchronized, and DNS server is installed properly. connectivity is Ok. This is the output of the "show sdwan control connection-history " ------------------- PEER PEER PEER PEER PEER SITE DOMAIN PEER PRIVATE PEER PUBLIC TYPE PROTOCOL SYSTEM IP ID ID PRIVATE IP PORT PUBLIC IP PORT LOCAL COLOR STATE -----------------------------------------------------------------------------------------------------------------------------------------vmanage dtls 10.3.3.1 11 0 192.168.74.11 12946 192.168.74.11 12946 public-internet tear_down 0vbond dtls 0.0.0.0 0 0 192.168.74.12 12346 192.168.74.12 12346 public-internet tear_down 0vbond dtls 0.0.0.0 0 0 192.168.74.12 12346 192.168.74.12 12346 public-internet tear_down 0vbond dtls 0.0.0.0 0 0 192.168.74.12 12346 192.168.74.12 12346 public-internet connect 0 ----------------------- and I see only the RootCA installed on the cEdge but not the device certificate: ------------- cEdge61#show sdwan control local-properties | include chassis-num|serial-numchassis-num/unique-id C8K-D175064E-AB76-2C6D-4FAA-024A075D8BA2serial-num No certificate installedsubject-serial-num N/Aenterprise-serial-num No certificate installed -------------------- Any idea why only Automated authentication fails, but not the manual authentication? on the vManage GUI, I see CSR generated then certificate installation failed. does this mean the vManage has some issues with the CSR signing process? Thanks in advance, 

I have cisco meeting server 3.9 and cisco meeting management 3.9, I configured meetingapps for file-sharing but this feature for role that I configured in cisco meeting management not visible, with space default Role this feature is visible.

Any updates on this ? We are faced with this after patching our ise cube with 8 nodes to patch 10 and then DUO MFA ios showing this error now When is the workaround expected ? In the worst case can we rollback one of the psns used as primary for vpn to patch 7 , and keep the others on patch 10 , kindly advise 

Hi Folks - I'm running vmanage version 20.12.3.1 and this happened.vmanage ui is not opening and its stuck at this This what ive done so far. I think it can't find the config-db files.ctl-vmanage01# request nms configuration-db backup path /home/admin/backup-configStarting backup of configuration-dbconfig-db backup logs are available in /var/log/nms/neo4j-backup.log file!!!ctl-vmanage01# request nms configuration-db diagnosticsNMS configuration databaseChecking cluster connectivity...Pinging server 0 on localhost:7687,7474...Starting Nping 0.7.80 ( https://nmap.org/nping ) at 2025-02-09 05:40 UTCSENT (0.0015s) Starting TCP Handshake > localhost:7474 (127.0.0.1:7474)RCVD (0.0015s) Handshake with localhost:7474 (127.0.0.1:7474) completedSENT (1.0025s) Starting TCP Handshake > localhost:7687 (127.0.0.1:7687)RCVD (1.0026s) Handshake with localhost:7687 (127.0.0.1:7687) completedSENT (2.0031s) Starting TCP Handshake > localhost:7474 (127.0.0.1:7474)RCVD (2.0031s) Handshake with localhost:7474 (127.0.0.1:7474) completedSENT (3.0041s) Starting TCP Handshake > localhost:7687 (127.0.0.1:7687)RCVD (3.0041s) Handshake with localhost:7687 (127.0.0.1:7687) completedSENT (4.0051s) Starting TCP Handshake > localhost:7474 (127.0.0.1:7474)RCVD (4.0051s) Handshake with localhost:7474 (127.0.0.1:7474) completedSENT (5.0061s) Starting TCP Handshake > localhost:7687 (127.0.0.1:7687)RCVD (5.0062s) Handshake with localhost:7687 (127.0.0.1:7687) completedMax rtt: 0.027ms | Min rtt: 0.013ms | Avg rtt: 0.018msTCP connection attempts: 6 | Successful connections: 6 | Failed: 0 (0.00%)Nping done: 1 IP address pinged in 5.01 secondsConnecting to localhost...Database does not exist. Database name: 'neo4j'.CompletedTotal disk space used by configuration-db:343M .Detailed disk space usage of configuration-db:0 database_lock8.0K neostore48K neostore.counts.db1.3M neostore.indexstats.db76K neostore.labelscanstore.db8.0K neostore.labeltokenstore.db40K neostore.labeltokenstore.db.id16K neostore.labeltokenstore.db.names40K neostore.labeltokenstore.db.names.id428K neostore.nodestore.db92K neostore.nodestore.db.id8.0K neostore.nodestore.db.labels40K neostore.nodestore.db.labels.id8.3M neostore.propertystore.db2.4M neostore.propertystore.db.arrays68K neostore.propertystore.db.arrays.id276K neostore.propertystore.db.id8.0K neostore.propertystore.db.index48K neostore.propertystore.db.index.id32K neostore.propertystore.db.index.keys40K neostore.propertystore.db.index.keys.id289M neostore.propertystore.db.strings2.2M neostore.propertystore.db.strings.id24K neostore.relationshipgroupstore.db48K neostore.relationshipgroupstore.db.id48K neostore.relationshipgroupstore.degrees.db860K neostore.relationshipstore.db76K neostore.relationshipstore.db.id116K neostore.relationshiptypescanstore.db8.0K neostore.relationshiptypestore.db40K neostore.relationshiptypestore.db.id8.0K neostore.relationshiptypestore.db.names40K neostore.relationshiptypestore.db.names.id16K neostore.schemastore.db48K neostore.schemastore.db.id5.5M profiles4.0K quarantine_marker32M schemactl-vmanage01#

I’m trying create a configuration where a firewall with a single public IP address can forward incoming connections to an internal server. While this seems straightforward, I’m encountering issues and would appreciate any guidance.The best documentation I've seen on this is: Managing Firewall Threat Defense with Cloud-delivered Firewall Management Center in Cisco Security Cloud Control section Interfaces and Device Settings > Network Address Translation > Examples for NAT > Providing Access to an Inside Web Server (Static Auto NAT)Setup Details:FTD 1010Firewall Management: Secure Cloud Control / cdFMCFirewall Version: 7.6.0Interfaces:eth1 (OUTSIDEzone): Single static public IP from ISP (e.g., 77.88.99.10)eth2 & eth3 form a port channel carrying several VLANsVLAN3 (INSIDEzone) is 10.3.3.1/24 and the default gateway for this networkInternal Server: SSH server at 10.3.3.140/24Current Status:A simple Security Policy and  NAT policy is configured for outbound traffic. Internal hosts can successfully initiate connections to the Internet hiding behind the firewall’s public IP.Internally, the SSH server is up and reachable, ssh -v shows:debug1: Remote protocol version 2.0, remote software version OpenSSH_9.3 FreeBSD-20240701debug1: compat_banner: match: OpenSSH_9.3 FreeBSD-20240701 pat OpenSSH* compat 0x04000000When I follow the steps in the guide to configure Static Auto NAT for inbound access, external SSH connections go directly to the firewall itself instead of being translated to the internal SSH server:debug1: Remote protocol version 2.0, remote software version OpenSSH_9.1 PKIX[13.5]debug1: compat_banner: match: OpenSSH_9.1 PKIX[13.5] pat OpenSSH* compat 0x0400000In additional testing I configured the NAT rule to translate the external port 2222 to the internal server on port 22. The result was ssh -p2222 77.88.99.10  would simply time out.So not only am I not seeing the desired result, when I connect to port 22 I’m able to log into the FTD CLI via SSH from the Internet, which is not acceptable — I do not want infrastructure login ports exposed directly on the Internet under any circumstances.Configuration Details:Attached screenshots show the Access Policy rule and a copy of `show nat detail` output.Question:What am I missing in my NAT or firewall configuration that would prevent incoming connections from being properly forwarded to the internal SSH server? Any insights or suggestions would be greatly appreciated.

Hello, I created the SD-WAN lab on the eve but I have an issue between the vedges and the vsmart. find the below screen  Vedge-2# show control connectionsPEER PEER CONTROLLER PEER PEER PEER SITE DOMAIN PEER PRIV PEER PUB GROUP TYPE PROT SYSTEM IP ID ID PRIVATE IP PORT PUBLIC IP PORT LOCAL COLOR PROXY STATE UPTIME ID ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------vbond dtls 0.0.0.0 0 0 10.100.100.4 12346 10.100.100.4 12346 default - up 0:00:10:15 0 vmanage dtls 1.1.255.20 10 0 10.100.100.2 12546 10.100.100.2 12546 default No up 0:00:10:15 0 Vedge-2#   vmanage# show control connectionsPEER PEER PEER PEER PEER PEER CONFIGURED SITE DOMAIN PEER PRIV PEER PUB INDEX TYPE PROT SYSTEM IP SYSTEM IP ID ID PRIVATE IP PORT PUBLIC IP PORT ORGANIZATION REMOTE COLOR STATE UPTIME --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------0 vsmart dtls 1.1.255.21 1.1.255.21 10 1 10.100.100.3 12346 10.100.100.3 12346 connectPS default up 0:00:36:21 0 vbond dtls 1.1.255.22 1.1.255.22 0 0 10.100.100.4 12346 10.100.100.4 12346 connectPS default up 0:00:38:36 1 vedge dtls 1.1.1.1 1.1.1.1 10 1 10.10.10.1 12426 10.10.10.1 12426 connectPS default up 0:00:10:15 1 vbond dtls 0.0.0.0 - 0 0 10.100.100.4 12346 10.100.100.4 12346 connectPS default up 0:00:38:36 2 vedge dtls 1.1.1.2 1.1.1.2 10 1 20.20.20.1 12426 20.20.20.1 12426 connectPS default up 0:00:11:29 2 vbond dtls 0.0.0.0 - 0 0 10.100.100.4 12346 10.100.100.4 12346 connectPS default up 0:00:38:38 3 vbond dtls 0.0.0.0 - 0 0 10.100.100.4 12346 10.100.100.4 12346 connectPS default up 0:00:38:52 vmanage#   Vsmart# show control connectionsPEER PEER PEER PEER PEER SITE DOMAIN PEER PRIV PEER PUB INDEX TYPE PROT SYSTEM IP ID ID PRIVATE IP PORT PUBLIC IP PORT REMOTE COLOR STATE UPTIME ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------0 vbond dtls 0.0.0.0 0 0 10.100.100.4 12346 10.100.100.4 12346 default up 0:00:37:25 0 vmanage dtls 1.1.255.20 10 0 10.100.100.2 12346 10.100.100.2 12346 default up 0:00:37:19 1 vbond dtls 0.0.0.0 0 0 10.100.100.4 12346 10.100.100.4 12346 default up 0:00:37:25  

Hi everyone, I'm labbing inter-AS Option B, and I keep running into a problem whereby the control plane is working (routes are being exchanged correctly between ASNs) but the external interfaces (ASBR to ASBR NNIs) are not enabled with MPLS until I shut/no shut them.  For example, ASBR1 (in AS 100) is connected to ASBR2 (in AS 200) with Gi0/0/0/2. If I issue `show mpls interfaces` I get the following:   RP/0/RP0/CPU0:ASBR1#show mpls interfaces Sat Feb 8 17:43:19.708 UTC Interface LDP Tunnel Static Enabled -------------------------- -------- -------- -------- -------- GigabitEthernet0/0/0/0 Yes No No Yes GigabitEthernet0/0/0/4 No No No Yes GigabitEthernet0/0/0/1 Yes No No Yes RP/0/RP0/CPU0:ASBR1#   So Gi0/0/0/2 in not MPLS enabled. To fix this, I simply do this:   RP/0/RP0/CPU0:ASBR1#conf t Sat Feb 8 17:45:49.283 UTC RP/0/RP0/CPU0:ASBR1(config)#interface gigabitEthernet 0/0/0/2 RP/0/RP0/CPU0:ASBR1(config-if)#shut RP/0/RP0/CPU0:ASBR1(config-if)#commit Sat Feb 8 17:45:54.972 UTC RP/0/RP0/CPU0:ASBR1(config-if)#no shut RP/0/RP0/CPU0:ASBR1(config-if)#commit Sat Feb 8 17:46:12.747 UTC LC/0/0/CPU0:Feb 8 17:46:12.856 UTC: ifmgr[324]: %PKT_INFRA-LINK-3-UPDOWN : Interface GigabitEthernet0/0/0/2, changed state to Down RP/0/RP0/CPU0:ASBR1(config-if)#LC/0/0/CPU0:Feb 8 17:46:13.480 UTC: ifmgr[324]: %PKT_INFRA-LINK-3-UPDOWN : Interface GigabitEthernet0/0/0/2, changed state to Up RP/0/RP0/CPU0:ASBR1(config-if)# RP/0/RP0/CPU0:ASBR1(config-if)# RP/0/RP0/CPU0:ASBR1(config-if)# RP/0/RP0/CPU0:ASBR1(config-if)# ^XRP/0/RP0/CPU0:ASBR1#sh mpls interfaces Sat Feb 8 17:46:23.230 UTC Interface LDP Tunnel Static Enabled -------------------------- -------- -------- -------- -------- GigabitEthernet0/0/0/0 Yes No No Yes GigabitEthernet0/0/0/4 No No No Yes GigabitEthernet0/0/0/2 No No No Yes GigabitEthernet0/0/0/1 Yes No No Yes RP/0/RP0/CPU0:ASBR1#   Then all of my traces and pings work ok.  Has anyone seen anything like this or know why this is happening? Could is be the order that I configure things or the OS version that I'm using (xrv9k 7.9.2). Thanks in advance for any help.

Please can someone interpret or convert the viptela commands to cisco IOS sdwan commandsI am planning to replace all our vedges to cisco ISR 1100All our vedges are managed via cli so i need to convert below viptela commands to cisco IOS sdwan commandsPlease can someone share how to configure below command on cisco sdwan IOS-XE routersGre Tunnels for Zscalar internet accessVpn 0 interface gre1  ip address <>  tunnel-source      <>  tunnel-destination <>   Default Gre route in Vpn 10ip gre-route 0.0.0.0/0 vpn 0 interface gre1      

I have a sd-wan lab in eve-ng and I'm working with config-groups for the spokes. When I get to the point to preview the CLI, an error displays which I will attach below. I've never seen this error before and I remember being able to push this config group before. Has anybody came across this error?  Thanks Versions: Controller suite - 20.12.4 C8kvs - 17.12.04

I have the platform SD-WAN with the version: To switch this device to CLI mode ¿is it only necessary to detach devices? if not, can you tell me what process I should follow  

Hello, I have a quick question with using Inter-VRF multicast with ACI.  We have a multicast application that is outside of our ACI fabric.  The Receiver is within the ACI Fabric.  The L3out to the larger network is associated with a VRF (BLUE VRF) and leaks unicast routes to the RED VRF where the multicast receiver lives.  the PIM rendezvous point is also outside the ACI fabric.  When the multicast receiver subscribes to the group, I don't see any (*, G) info outside the RED VRF.  When I set up a receiver in the ACI BLUE VRF, everything works fine.  We tried setting up inter-vrf multicast in both RED and BLUE VRFs but that broke all multicast in the ACI fabric.  We searched the internet for info on how the Inter-VRF multicast option works, but didn't find anything useful just some guidelines and limitations.  I think we are within the guidelines in our scenario.  I was hoping someone in the community has some tips for guidance on how to properly use the Inter-VRF multicast feature.  We broke the network once and folks weren't happy, so we want to be more careful next go.  Seeing how the source and the RP are on the side of the BLUE VRF, should we implement the Inter-VRF multicast in the BLUE VRF or does the configuration go on the receiver's side RED VRF?  

Hi all.  My organization's VMWare Team has hypervisors distributed all over our ACI fabric.  All the hypervisors have a management network that allows them to communicate with vCenter.  Recently (about 2 weeks ago) all the hypervisors started to periodically disconnect from vCenter for random periods of time and reconnect later.  During their blackout periods the hypervisors are not reachable from within the ACI fabric or from hosts external to the fabric. Not all hypervisors are unreachable at the same time but there is no clear pattern as to which ones lose connectivity.  Two hypervisors connected to the same pair of Leaf switches can be behaving differently at the same time.  Other networks with ACI and shared with the vCenter cluster are not experiencing random disconnects, only the network support hypervisor to vCenter communication.  Sorry I am not able to post any CLI output as the environment is air gapped and we are prohibited from moving the data from that network to this one.  I can describe to you our setup:Each hypervisor has two 100G NICs connected to two Leaf switches.All the EPGs for VMWare networks (such as: Fault tolerance, vMotion, Storage & Management) and VMs are pushed over the pair of links using AAEPs.  ACI does not have a VMM domain setup.  All the internal virtual networking is handled by the vCenter virtual distributed switches.  The Bridge Domain does have 4 subnets under it, and one of the subnets is the one having the problem.  Each subnet has its own EPG.  The problem subnet is designated as the primary subnet. We do have other Bridge domains with multiple subnets with their own EPGs setup the same way this one is, and they are not exhibiting the problem.  While the endpoints are not reachable on the network, the Endpoint tracker is still able to locate themFrom the Leaf switch the hypervisor is attached to, I still cannot ping the hypervisor when it's in the unreachable state, but able to ping it when it's working nominally.  Has anyone in the community run across something this and have a solution or have any ideas on how to begin troubleshooting it?  Thanks for any help you can provide!!Lamont

Hey Everybody, We are excited to announce an initiative aimed at improving the user experience starting within our Voice and Conferencing board. As part of a comprehensive post-relabelling effort, we will be temporarily transitioning the board to read-only mode from February 10th to February 21st. This change is designed to make it easier for you to locate relevant posts. During this period, you will still be able to access and read all existing content on the board, but posting new content or comments will be temporarily disabled. This pause will allow our team to efficiently organize and relabel posts, ensuring that information is accurately categorized and easily searchable. We appreciate your patience as we work to enhance the community's functionality and usability. Our goal is to create a more streamlined and intuitive experience for all members. If you have any questions or need further assistance, please feel free to reach out. Best regards, Corey and The Community Team