Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new blog
3507
Views
0
Helpful
0
Comments

Call Home Data Privacy

Bryan Williams
Level 1
Level 1
‎10-24-2012 04:05 PM

One of the ways that Smart Call Home helps customers identify and resolve problems faster is by automating interactions with TAC.  Call Home automatically uploads items that are frequently required by TAC to resolve issues, including the saved and running configurations.

To limit privacy or compliance issues, the configuration upload feature is optional and turned off by default.  When enabled, Call Home masks any sensitive data not relevant to the support process.  Data is masked in the device so that it never traverses the LAN or the Internet.  Masked data includes usernames, passwords, and community strings.  The following is an example of the masked items from a device in my lab:

--------------------------------------------------------------------------------------------------------------------------------

enable password 7 XXXXXXXXXXXXXXXXXX

!

call-home

data-privacy level normal

profile "CiscoTAC-1"

  destination transport-method http

  no destination transport-method email

  destination address email XXXXXXXXXXXXXXXXXX

  destination address http XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

profile "CiscoTAC-2"

  destination transport-method http

  no destination transport-method email

  destination address http XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

!

cwmp agent

management server username XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

!

username XXXXXXXX privilege 15 secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

username XXXXXXXX privilege 15 password 7 XXXXXXXXXXXXXXXXXX

snmp-server community XXXXXXXX v1default RO

----------------------------------------------------------------------------------------------------------------------------

Call Home version 2, which is currently available in the ISR G2 running 15.2(2)T and above, adds the option to mask the IP Address and Hostname.  Note that masking the hostname may cause some Smart Call Home processing rules to fail, so it is only recommended in environments that absolutely require this degree of privacy.

The new options in call home are:

Data-privacy level high

Data-privacy hostname

Combined, they mask these additional items in our sample config:

hostname XXXXXXXXXXXXXXXXXX

!

ip domain name XXXXXXXXX

!

interface GigabitEthernet0/0

ip address XXXXXXXXXXXXXXXXXXXXXXXXXXX

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Popular Articles
Customers Also Viewed These Support Documents