Ask The Expert: Understanding, Implementing, and Troubleshooting Cisco Prime Network

Similar Messages

• Ask the Expert: Installing, Configuring, and Troubleshooting Cisco Unified MeetingPlace

  With Dejan Petrovic
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about different MeetingPlace deployment types, what they include and require, and what they are capable of with Cisco expert Dejan Petrovic.  Cisco Unified MeetingPlace is a conferencing solution providing audio and video conferencing, and data sharing experience. It can be fully on premise solution or a hybrid solution integrated with WebEx for data sharing capability. Dejan  will be answering any questions about installation, upgrade, migration and troubleshooting processes.
  Dejan Petrovic is a Cisco customer support engineer and team lead in the Conferencing Technical Assistance Center team based in Boxborough. He has been providing support to customers and partners for Cisco Unified MeetingPlace solutions since 2009. He has more than eight years of experience working in the IT industry as system administrator, business manager, and networking consultant. Petrovic holds a bachelor’s degree in computer network and information systems as well as several Cisco certifications, including CCNA, Cisco IPCC Express Specialist,  and MeetingPlace Support Specialist.
  Remember to use the rating system to let Dejan know if you have received an adequate response. 
  Dejan might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Collaboration, Voice and Video sub-community discussion forum shortly after the event.  This event lasts through February 8, 2013. Visit this forum often to view responses to your questions and the questions of other community members.

  Hello Nick,
  I appreciate your questions, and will try to answer them below.
  When you are installing a fresh new MeetingPlace 8.5 that you plan to integrate with WebEx, the only available option is WebEx Managed user profiles. With this option, you can either create profiles manually on WebEx side, and then sync them to MeetingPlace, or you can use Federated SSO for import of profiles from LDAP server in your network to WebEx, and then sync the profiles from WebEx to MeetingPlace (you choose one of these two options when provisioning WebEx site).
  These are the only two available options for a NEW install of MP8.5 for WebEx integration, and as you can see both options are WebEx Managed profiles, the only difference is if you are going to use Federated SSO, or create profiles on WebEx manually.
  During the install, you can select to install MeetingPlace managed users option, but you would choose this option only if you plan to do a migration from an earlier MP release (7.x/8.0) with WebEx integration and Directory Integration.
  For example, MeetingPlace managed profiles option is available if you had MeetingPlace 8.0 integrated with WebEx Type II (WebEx scheduling) with Directory Integration, where you had your MP8.0 integrated with CUCM via AXL for user profile management (CUCM integrated with LDAP), and your WebEx Site provisioned for Directory Integration, and then migrate from that system to MeetingPlace 8.5 that you installed selecting MeetingPlace managed user profiles.
  The same goes for MeetingPlace Scheduling (Type I) integration with WebEx. Possible only with migration, and not with a fresh new installation.
  Now, to focus on your questions.
  1. As you can see, you don't have many options. If you have MS Active Directory that you would like to use for SSO in MP8.5 WebEx Scheduling, you will have to go with Federated SSO. So far, I haven't heard of any issues with that as it seems to be pretty straight forward to configure, and also WebEx Support team provides direct support for that setup as it is a direct integration between WebEx Site and the LDAP server (nothing to do with MeetingPlace side of the equation).
  2. In general, if you have Federated SSO enabled, you would go to WebEx site home page, click on Host Log In button which will then ask you to enter your network/windows credentials and place you to WebEx scheduling interface.
  If you have Directory Integration (like on MP8.0 WebEx Type II with CUCM/AXL integration), when you go to WebEx site home page and click Host Log In button, you are being redirected to the MeetingPlace log-in page where you would enter your Windows credentials (assuming your CUCM is integrated with LDAP), and then if log in is successful, you get redirected back to WebEx scheduling interface. With this type of deployment, you can log in to WebEx scheduling interface ONLY if you are connecting from your company network or have a VPN connection to your company network. This is a major limitation that most customers complained about, but the reason for this was that we didn't want to make MP Application server hostname/IP publicly available and hence cause a security issue.
  I am sure I answered your questions, but opened some new questions. So, please, let me know if I need to clarify anything.
  Thank you.
  -Dejan

• Ask the Expert: FSPF Concepts and Troubleshooting in Cisco SAN Environments

              With Upinder Sujlana
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about FSPF, VSAN interaction, load balancing, and troubleshooting with Upinder Sujlana.
  According to the FC-SW-2 standard, Fabric Shortest Path First (FSPF) is a link state path selection protocol. FSPF keeps track of the links on all switches in the fabric and associates a cost with each link. FSPF tracks the state of links on all switches in the fabric, associates a cost with each link in its database, and then chooses the path with a minimal cost. The cost associated with an interface can be administratively changed to implement the FSPF route selection. Upinder will discuss Cisco's implementation of FSPF.
  Upinder Sujlana is a customer support engineer for Cisco's SAN TAC team based in San Jose, CA. He has worked in the TAC for the past five years with a focus on WAN technologies (L2TP, T1, T3, SCE 2K, 8K) and data center technologies such as MDS; Cisco Nexus 7000, 5000, and 2000; FCoE; and FC. Prior to joining the TAC, Upinder was a Java client-side programmer for an NMS startup company and then transitioned to network testing for a cloud company. He holds a master's degree in electrical engineering from Santa Clara University and has CCIE certification (no. 37318) in routing and switching. These days he is enthusiastic about Python programming. 
  Remember to use the rating system to let Upinder know if you have received an adequate response. 
  Upinder might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation in Data Center community,  sub-community, Storage Networking   discussion forum shortly after the event. This event lasts through March 14, 2014. Visit this forum often to view responses to your questions and the questions of other community members.

  Hi Evan,
  You can use my favorite command as below to find out the cost and check what path traffic will take. Here is a example :
  switch1# show fspf internal route vsan 2
  FSPF Unicast Routes
  VSAN     Number          Dest Domain          Route Cost          Next hops
  1                   0x01(1)                    1000                  fc1/2
  1                   0xEF(239)                  1000                  fc1/1
  1                   0xED(238)                  2000                  fc1/1
                                                                       fc1/2
  This shows the total cost of all links.
  The next hop (238) has two interfaces. This indicates that both paths will be used during load sharing. Up to sixteen paths can be used by FSPF with a Cisco MDS 9000 Family switch.
  http://www.cisco.com/en/US/products/ps5989/prod_troubleshooting_guide_chapter09186a008067a306.html#wp126591
  HTH,
  ~upinder

• Ask the Expert: Configuration, Design, and Troubleshooting of Cisco Nexus 1000

  With Louis Watta
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about design, configuration, and troubleshooting of Cisco Nexus 1000V Series Switches operating inside VMware ESXi and Hyper-V with Cisco expert Louis Watta. Cisco Nexus 1000V Series Switches deliver highly secure, multitenant services by adding virtualization intelligence to the data center network. With Cisco Nexus 1000V Series Switches, you can have a consistent networking feature set and provisioning process all the way from the virtual machine access layer to the core of the data center network infrastructure.
  This is a continuation of the live Webcast.
  Louis Watta is a technical leader in the services organization for Cisco. Watta's primary background is in data center technologies: servers (UNIX, Windows, Linux), switches (MDS, Brocade), storage arrays (EMC, NetApp, HP), network switches (Cisco Catalyst and Cisco Nexus), and enterprise service hypervisors (VMware ESX, Hyper-V, KVM, XEN). As a Technical Leader in Technical Services, Louis currently supports beta and early field trials (EFTs) on new Cisco software and hardware. He has more than 15 years of experience in a wide variety of data center applications and is interested in data center technologies oriented toward data center virtualization and orchestration. Prior to Cisco, Louis was a system administrator for GTE Government Systems. He has a bachelor of science degree in computer science from North Carolina State University. .
  Remember to use the rating system to let Louis know if you have received an adequate response.
  Louis might not be able to answer each question because of the volume expected during this event. Remember that you can continue the conversation on the Data Center community Unified Computing shortly after the event.
  This event lasts through Friday, JUne 14, 2013. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.
  Webcast related links:
  Slides
  FAQ
  Webcast Video Recording

  Right now there is only a few features that are not supported on N1Kv on Hyper-V
  They are VXLAN and QOS Fair Weighted Queuing. We are currently demoing VXLAN functionality at Microsoft TechEd Conference this week in New Orleans. So VXLAN support should be coming soon. I can't give you a specific timeline.
  For Fair Weighted Queuing I'm not sure. In the VMware world we take advantage of NETIOC infrastructure. In the MS world they do not have a NETIOC infrastructure that we can use to create a similar feature.
  Code base parity (as in VMware and Hyper-V VSMs running NXOS 5.x) will happen with the next major N1KV release for ESX.
  Let me know if that doesn't answer your question.
  thanks
  louis

• Ask the Expert: Basic Introduction and Troubleshooting on Cisco Nexus 7000 NX-OS Virtual Device Context

  With Vignesh R. P.
  Welcome to the Cisco Support Community Ask the Expert conversation.This is an opportunity to learn and ask questions of Cisco expert Vignesh R. P. about the Cisco® Nexus 7000 Series Switches and support for the Cisco NX-OS Software platform .
  The Cisco® Nexus 7000 Series Switches introduce support for the Cisco NX-OS Software platform, a new class of operating system designed for data centers. Based on the Cisco MDS 9000 SAN-OS platform, Cisco NX-OS introduces support for virtual device contexts (VDCs), which allows the switches to be virtualized at the device level. Each configured VDC presents itself as a unique device to connected users within the framework of that physical switch. The VDC runs as a separate logical entity within the switch, maintaining its own unique set of running software processes, having its own configuration, and being managed by a separate administrator.
  Vignesh R. P. is a customer support engineer in the Cisco High Touch Technical Support center in Bangalore, India, supporting Cisco's major service provider customers in routing and MPLS technologies. His areas of expertise include routing, switching, and MPLS. Previously at Cisco he worked as a network consulting engineer for enterprise customers. He has been in the networking industry for 8 years and holds CCIE certification in the Routing & Switching and Service Provider tracks.
  Remember to use the rating system to let Vignesh know if you have received an adequate response. 
  Vignesh might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the  Data Center sub-community discussion forum shortly after the event. This event lasts through through January 18, 2013. Visit this forum often to view responses to your questions and the questions of other community members.

  Hi Vignesh
  Is there is any limitation to connect a N2K directly to the N7K?
  if i have a an F2 card 10G and another F2 card 1G and i want to creat 3 VDC'S
  VDC1=DC-Core
  VDC2=Aggregation
  VDC3=Campus core
  do we need to add a link between the different VDC's
  thanks

• Ask the Expert: Installation, Operation, and Troubleshooting of RF Gateway 1 (RFGW1)

  With Ron Hanson
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions from Cisco expert Ron Hanson about the RF Gateway 1 (RFGW1) including installation, operation, configuration, and troubleshooting.
  Ron Hanson is a customer support engineer in the Technical Assistance Center, where he supports major RF Gateway 1 customers as part of the Service Providers Video team. He started working with the RF Gateway before its general release in 2008, and worked in the field on large Gateway deployments before joining product support. Hanson has been in the cable TV industry for 38 years. He previously spent 22 years at Scientific-Atlanta, which was acquired by Cisco in 2007. He holds two joint patents and is certified as a Cisco Optical Specialist. 
  Remember to use the rating system to let Ron know if you have received an adequate response. 
  Ron might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Service Provider sub-community discussion forum shortly after the event. This event lasts through Sept 7, 2012. Visit this forum often to view responses to your questions and the questions of other community members.

  Hi John,
  Thanks for your reply.  The process of moving a license to another gateway can be done by the customer on the web site named HESULE  https://online.sciatl.com/license-it/.  You will need the HOST ID which can be found on the SYSTEM/License management tab. The HOST ID is essentially the 7 digit serial number with all leading zeros removed.
  Be sure to use Firefox when logging in.  Entering your email is important because the new license will be sent back to this address.
  In the License management tab, on the gateway you wish to remove the license from, record the 32 digit validation key number to the right of the license you wish to transfer.
  Go to HESULE and start the transfer process.  Hesule is very secure - therfore you must "prove" to Hesule the license has been removed from the first chassis.  Hesule will issue you a new license with the license you wish to transfer removed.  When you load this new license and new validation key will come up on the screen.  Go back to Hesule and enter this key to prove the license has been removed.  Hesule will then email you another new license containing the license you are transfering. Load this license on the new RFGW1 and the process is complete.
  Yes I understand I said a lot.  However, the process is described step by step on the Hesule site.
  If you have any problems do not hesitate to contact me.
  Thank you   RON HANSON

• Ask the Expert:Concepts, Configuration and Troubleshooting Layer 2 MPLS VPN – Any Transport over MPLS (AToM)

  With Vignesh R. P.
  Welcome to the Cisco Support Community Ask the Expert conversation.This is an opportunity to learn and ask questions about  concept, configuration and troubleshooting Layer 2 MPLS VPN - Any Transport over MPLS (AToM) with Vignesh R. P.
  Cisco Any Transport over MPLS (AToM) is a solution for transporting Layer 2 packets over an MPLS backbone. It enables Service Providers to supply connectivity between customer sites with existing data link layer (Layer 2) networks via a single, integrated, packet-based network infrastructure: a Cisco MPLS network. Instead of using separate networks with network management environments, service providers can deliver Layer 2 connections over an MPLS backbone. AToM provides a common framework to encapsulate and transport supported Layer 2 traffic types over an MPLS network core.
  Vignesh R. P. is a customer support engineer in the Cisco High Touch Technical Support center in Bangalore, India, supporting Cisco's major service provider customers in routing and MPLS technologies. His areas of expertise include routing, switching, and MPLS. Previously at Cisco he worked as a network consulting engineer for enterprise customers. He has been in the networking industry for 8 years and holds CCIE certification in the Routing & Switching and Service Provider tracks.
  Remember to use the rating system to let Vignesh know if you have received an adequate response. 
  Vignesh might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the  Service Provider sub-community discussion forum shortly after the event. This event lasts through through September 21, 2012. Visit this forum often to view responses to your questions and the questions of other community members.

  Hi Tenaro,
  AToM stands for Any Transport over MPLS and it is Cisco's terminology used for Layer 2 MPLS VPN or Virtual Private Wire Service. It is basically a Layer 2 Point-to-Point Service. AToM basically supports various Layer 2 protocols like Ethernet, HDLC, PPP, ATM and Frame Relay.
  The customer routers interconnect with the service provider routers at Layer 2. AToM eliminates the need for the legacy network from the service provider carrying these kinds of traffic and integrates this service into the MPLS network that already transports the MPLS VPN traffic.
  AToM is an open standards-based architecture that uses the label switching architecture of MPLS and can be integrated into any network that is running MPLS. The advantage to the customer is that they do not need to change anything. Their routers that are connecting to the service provider routers can still use the same Layer 2 encapsulation type as before and do not need to run an IP routing protocol to the provider edge routers as in the MPLS VPN solution.
  The service provider does not need to change anything on the provider (P) routers in the core of the MPLS network. The intelligence to support AToM sits entirely on the PE routers. The core label switching routers (LSRs) only switch labeled packets, whereas the edge LSRs impose and dispose of labels on the Layer 2 frames.
  Whereas pseudowire is a connection between the PE routers and emulates a wire that is carrying Layer 2 frames. Pseudowires use tunneling. The Layer 2 frames are encapsulated into a labeled (MPLS) packet. The result is that the specific Layer 2 service—its operation and characteristics—is emulated across a Packet Switched Network.
  Another technology that more or less achieves the result of AToM is L2TPV3. In the case of L2TPV3 Layer 2 frames are encapsulated into an IP packet instead of a labelled MPLS packet.
  Hope the above explanation helps you. Kindly revert incase of further clarification required.
  Thanks & Regards,
  Vignesh R P

• Ask the Experts: Understanding Cisco ASR 9000 Series Aggregation Services Routers Platform Architecture and Packet Forwarding Troubleshooting

  With Xander Thuijs
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn how to Cisco ASR 9000 Series Aggregation Services Routers with Cisco expert Xander Thuijs. The Cisco ASR 9000 Series Aggregation Services Routers product family offers a significant added value compared to the prior generations of carrier Ethernet routing offerings. The Cisco ASR 9000 Series is an operationally simple, future-optimized platform using next-generation hardware and software. The ASR 9000 platform family is composed of the Cisco ASR 9010 Router, the Cisco ASR 9006 Router, the Cisco ASR 9922 Router, Cisco ASR 9001 Router and the Cisco ASR 9000v Router.
  This is a continuation of the live Webcast.
  Xander Thuijs is a principal engineer for the Cisco ASR 9000 Series and Cisco IOS-XR product family at Cisco. He is an expert and advisor in many technology areas, including IP routing, WAN, WAN switching, MPLS, multicast, BNG, ISDN, VoIP, Carrier Ethernet, System Architecture, network design and many others. He has more than 20 years of industry experience in carrier Ethernet, carrier routing, and network access technologies. Xander  holds a dual CCIE certification (number 6775) in service provider and voice technologies. He has a master of science degree in electrical engineering from Hogeschool van University in Amsterdam.
  Remember to use the rating system to let Xander know if you have received an adequate response.
  Xander might not be able to answer each question because of the volume expected during this event. Remember that you can continue the conversation on the Service Providers community XR OS And Platforms  shortly after the event. This event lasts through Friday, May 24, 2013. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.
  Webcast  related links:
  Slides
  Webcast  Video Recording
  FAQ

  Is there a Cisco lab available for ASR 9000
  we have "XR4U" stations coming available soon when XR 511 comes alive. The plan is for a downloadable play image like that. In the interim we have 2 demo systems available, and they can be booked via your account manager representative.
  How will MOD160 perform with multiple 9000NVS?
  very well. the mod 160 has 4 NPU's, 2 per bay. So if you have a 4x10 MPA to serve a satellite, you effectively have a single NPU per 20 1Gigs from the satellite. The pps performance will be stellar. However it might be price technically more ideal to connect satellite with a 36x10. Since the MOD-x has native MPA's with 1G also.
       2. Is there a shortcut for a Bundle-EthernetX interface, such as port-channel interface (poX), in Cisco IOS® ?.
  usability enhancement is there, we are trying to push this into a new reasonable release. follow CSCuh04526
       3. What  is the revolutions per minute (RPM) on these hard disk drives (HDDs)  compared to the solid state drives (SDDs)? Will the spinning drives be  slow?
  depends on the type we had avaialble at time of production, you will see different sizes and disks on the RSP2. the rpm of the HD is not so much an issue as much as the buffered writing we used to do in XR. This is fixed up with XR43 where the disk writing performance is much better. the HD/SDD is used for logging storage only (and maybe your pictures) but other then that we're not that concerned with write perf of the HD.
  regards
  xander

• Ask the Expert: Plan, Design, and Implement Mobile Remote Access, the Cisco Collaboration Edge Architecture

  Welcome to the Cisco® Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about planning, designing, and implementing mobile remote access (Cisco Collaboration Edge Architecture) with Cisco subject matter experts Aashish Jolly and Abhijit Anand.
  Cisco Collaboration Edge Architecture is an architecture that provides VPN-less access of Cisco Unified Communications resources to Cisco Jabber® users. This discussion is dedicated to addressing questions about design best practices while implementing mobile remote access.
  For more information, refer to the Unified Communications Mobile and Remote Access via Cisco VCS deployment guide. 
  Aashish Jolly is a network consulting engineer who is currently serving as the Cisco Unified Communications consultant for the ExxonMobil Global account. Earlier at Cisco, he was part of the Cisco Technical Assistance Center (TAC), where he helped Cisco partners with installation, configuring, and troubleshooting Cisco Unified Communications products such as Cisco Unified Communications Manager and Manager Express, Cisco Unity® solutions, Cisco Unified Border Element, voice gateways and gatekeepers, and more. He has been associated with Cisco Unified Communications for more than seven years. He holds a bachelor of technology degree as well as Cisco CCIE® Voice (#18500), CCNP® Voice, and CCNA® certifications and VMware VCP5 and Red Hat RHCE certifications.
  Abhijit Singh Anand is a network consulting engineer with the Cisco Advanced Services field delivery team in New Delhi. His current role involves designing, implementing, and optimizing large-scale collaboration solutions for enterprise and defense customers. He has also been an engineer at the Cisco TAC. Having worked on multiple technologies including wireless and LAN switching, he has been associated with Cisco Unified Communications technologies since 2006. He holds a master’s degree in computer applications and multiple certifications, including CCIE Voice (#19590), RHCE, and CWSP and CWNP.
  Remember to use the rating system to let Aashish and Abhijit know if you have received an adequate response. 
  Because of the volume expected during this event, our experts might not be able to answer every question. Remember that you can continue the conversation on the Cisco Support Community Collaboration, Voice and Video page, in the Jabber Clients subcommunity, shortly after the event. This event lasts through June 20, 2014. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Hi Marcelo,
     Yes, there are some requirements for certificates in Expressway.
  Expressway Core (Exp-C)
  - Can be signed by either External or Internal CA
  - Better to use a cluster name even if you start with 1 peer in Exp-C cluster. In the future, if more peers are added, changes would be minimal.
  - Better to use FQDN of cluster as CN of certificate, this way the traversal zone configuration on Expressway-E won't require any change even if new peers are added to Exp-C cluster.
  - If CUCM is mixed mode, include security profile names (in FQDN format) as Subject Alternate Names
  - The Chat Node Aliases that are configured on the IM and Presence servers. They will be required only for Unified Communications XMPP federation deployments that intend to use both TLS and group chat. (Note that Unified Communications XMPP federation will be supported in a future Expressway release). The Expressway-C automatically includes the chat node aliases in the CSR, providing it has discovered a set of IM&P servers.
  - For TLS b/w CUCM, IM-P & Exp-C
    + If using self-signed certificates on CUCM, IM/P. Load Cisco Tomcat, cup, cup-xmpp certificates from IM-P on Exp-C. Load callmanager, Cisco Tomcat certificates from CUCM on Exp-C.
    + If using Internal CA signed certificates on CUCM, IM/P. Load Root CA certificates on Exp-C.
    + Load CA certificate under tomcat-trust, cup-trust, cup-xmpp-trust on IM-P.
    + Load CA certificate under tomcat-trust, callmanager-trust on CUCM.
  Expressway Edge (Exp-E)
  - Signed by External CA
  - Configured Unified Communications domain as Subject Alternate Name
  - If using a cluster, select FQDN of this peer as CN and FQDN of Cluster + this peer as Subject Alternate Name.
  - If XMPP federation is being deployed, enter the same Chat Node Aliases as entered in Exp-C.
  For more details, please refer to the Certificate Creation Guide for Cisco Expressway x8.1.1
  http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-1/Cisco-Expressway-Certificate-Creation-and-Use-Deployment-Guide-X8-1.pdf
  - Aashish

• Ask the Experts: Single Sign-On with Cisco WebEx Meetings Server, Internet Reverse Proxy, and Enterprise License Manager Solutions

  With Arun Kumar
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about Single Sign-On (SSO) with Cisco WebEx Meetings Server (Cisco WMS), Internet Reverse Proxy (IRP), and Enterprise License Manager (ELM) solutions.
  SSO standards such as Security Assertion Markup Language (SAML) 2.0 provide secure mechanisms for passing credentials and related information between different websites that have their own authorization and authentication systems. SSO enables simplified user authentication and management.
  IRP provides public access, enabling users to host or attend meetings from the Internet and mobile devices. Although IRP is optional, Cisco encourages its use because it provides a better user experience for your mobile workforce.
  Example question topics include:
  SSO profiles and SAML 2.0 Identity providers (IdPs) supported in Cisco WMS
  Basic configuration of IdPs
  Interaction between IdPs and Cisco WMS
  Difference between the cloud client implementation and Cisco WMS
  Meeting access behavior in a split-horizon network topology with SSO
  How to enable public access to Cisco WMS
  Cisco WMS ELM operations
  Cisco WMS ELM compared to other unified communications ELM or standalone ELM and compatibility/inoperability between them
  Arun Kumar is a team lead in the San Jose Conferencing Technical Assistance Center. He has over eight years of experience in conferencing technology and specializes in Cisco Unified Meeting Place Express and Cisco WebEx Meeting Server. He joined Cisco in 2010 as an escalation engineer for the Cisco Telepresence group. Before joining Cisco he worked for the UK's third-largest internet service provider Supanet on VoIP technology and the *Nix domain. Kumar holds a master of science degree in computer science from Sikkim Manipal University in India, and he holds CCIE (Voice) and VMware Certified Professional certifications.
  Remember to use the rating system to let Arun know if you have received an adequate response.
  Arun might not be able to answer each question because of the volume expected during this event. Remember that you can continue the conversation on the Collaboration, Voice, and Video community Other Subjects subcommunity shortly after the event. This event lasts through Monday May 17, 2013. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Hello Mobile Service,
  CWMS and Jabber integrations:
  http://www.cisco.com/en/US/docs/voice_ip_comm/jabber/Windows/9_1/JABW_BK_E4CC9599_00_environment-configuration-guide_chapter_01.html#JABW_TK_SF2ED5E1_00
  In above link start from section: Set Up Cisco WebEx Meetings Server on Cisco Unified Presence
  then move to section: Add Cisco WebEx Meetings Server to a Profile
  Once done, move to section: Specify Conferencing Credentials in the Client side. You will see above server already listed there, just go ahead and enter your username and password (pleae make sure this user already exists on your CWMS) and accept any certificate/s if presented. Jabber Integration is done and you can start testing the same.
  Attached CWMS - AFDS integration doc.
  Please let me know if any furhter question.
  Thanks, Arun

• Ask the Expert: Packet Capture Capabilities of Cisco Routers and Switches

  With Rahul Rammanohar 
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about packet capture capabilities of Cisco routers and switches.
  In May 2013, we created a video that included packet capture capabilities across multiple Cisco routers and switches. For each product, we began with a discussion about the theory of the capabilities, followed by an explanation of the commands, and we concluded with a demo on real devices. In this Ask the Expert event, you’re encouraged to ask questions about the packet capture capabilities of these Cisco devices:
  •       7600/6500: mini protocol analyzer (MPA), ELAM, and Netdr
  •       ASR9k: network processor capture
  •       7200/ISRs: embedded packet capture
  •       Cisco Nexus 7K, 5K, and 3K: Ethanalyzer
  •       Cisco Nexus 7K: ELAM
  •       CRS: show captured packets
  •       ASR1K: embedded packet capture
  More Information
  Blog URL: Packet Capture Capabilities of Cisco Routers and Switches
  Watch the Video:  https://supportforums.cisco.com/videos/6226
  Hitesh Kumar is a customer support engineer in the High-Touch Technical Services team at Cisco specializing in routing protocols. He has been supporting major service providers and enterprise customers in routing, Multiprotocol Label Switching (MPLS), multicast, and Layer 2 VPN (L2VPN) issues on routing platforms for more than three years. He has more than six years of experience in the IT industry and holds a CCIE certification (number 38757) in service. 
  Rahul Rammanohar is a technical leader with the High-Touch Technical Support Team in India. He handles escalations in the area of routing protocols and large-scale architectures for devices running Cisco IOS, IOS-XR, and IOS-XE Software. He has been supporting major service providers and large enterprise customers for routing, MPLS, multicast, and L2VPN issues on all routing platforms. He has more than 13 years of experience and holds a CCIE certification (number 13015) in routing/switching and service provider.
  Remember to use the rating system to let Hitesh and Rahul know if you have received an adequate response.  
  Because of the volume expected during this event, Hitesh and Rahul might not be able to answer each question. Remember that you can continue the conversation in the Service Provider, sub-community forum shortly after the event. This event lasts through November 1, 2013. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Hello Erick
      Thanks for the topology. The trigger will be different for labelled  packet as you would need to mention the values of labels too in the  trigger.
       Below are two examples of one or two labels being  used, it depends on where you are capturing the packet in mplsvpn  scenario which will decide teh number of labels being imposed on the  packet.
  Trigger for one label. (if the router on which you are capturing the packet PHP is being performed)
  VPN label - 5678
  Source Address - 111.111.111.111
  Destination Address - 123.123.123.123
  show platform capture elam trigger dbus others if data = 0 0 0 0x88470162 0xE0000000 0 0 0x00006F6F 0x6F6F 7B7B 0x7B7B0000 [ 0 0 0 0xffffffff 0xf0000000 0 0 0x0000ffff 0xffffffff 0xffff0000 ]
  Trigger for two labels. (for other core routers)
  IGP label - 1234
  VPN label - 5678
  Source Address - 111.111.111.111
  Destination Address - 123.123.123.123
  show platform capture elam trigger dbus others if data = 0 0 0 0x8847004D 0x20000162 0xE0000000 0 0 0x00006F6F 0x6F6F7B7B 0x7B7B0000 [ 0 0 0 0xffffffff 0xf000ffff 0xf0000000 0 0 0x0000ffff 0xffffffff 0xffff0000 ]
      You can check the labels being used (by using show ip cef <> details) and covert their values to hex and change the trigger accordingly.
       I have changed the colors for better understanding. If you notice carefully in the trigger the values for ip address, labels have just been converted to their respective hex values which could be replaced.
       Please let me know if this helps.
  Thanks & Regards
  Hitesh & Rahul

• Ask the Expert: Different Flavors and Design with vPC on Cisco Nexus 5000 Series Switches

  Welcome to the Cisco® Support Community Ask the Expert conversation.  This is an opportunity to learn and ask questions about Cisco® NX-OS.
  The biggest limitation to a classic port channel communication is that the port channel operates only between two devices. To overcome this limitation, Cisco NX-OS has a technology called virtual port channel (vPC). A pair of switches acting as a vPC peer endpoint looks like a single logical entity to port channel attached devices. The two devices that act as the logical port channel endpoint are actually two separate devices. This setup has the benefits of hardware redundancy combined with the benefits offered by a port channel, for example, loop management.
  vPC technology is the main factor for success of Cisco Nexus® data center switches such as the Cisco Nexus 5000 Series, Nexus 7000 Series, and Nexus 2000 Series Switches.
  This event is focused on discussing all possible types of vPC along-with best practices, failure scenarios, Cisco Technical Assistance Center (TAC) recommendations and troubleshooting
  Vishal Mehta is a customer support engineer for the Cisco Data Center Server Virtualization Technical Assistance Center (TAC) team based in San Jose, California. He has been working in TAC for the past 3 years with a primary focus on data center technologies, such as the Cisco Nexus 5000 Series Switches, Cisco Unified Computing System™ (Cisco UCS®), Cisco Nexus 1000V Switch, and virtualization. He presented at Cisco Live in Orlando 2013 and will present at Cisco Live Milan 2014 (BRKCOM-3003, BRKDCT-3444, and LABDCT-2333). He holds a master’s degree from Rutgers University in electrical and computer engineering and has CCIE® certification (number 37139) in routing and switching, and service provider.
  Nimit Pathak is a customer support engineer for the Cisco Data Center Server Virtualization TAC team based in San Jose, California, with primary focus on data center technologies, such as Cisco UCS, the Cisco Nexus 1000v Switch, and virtualization. Nimit holds a master's degree in electrical engineering from Bridgeport University, has CCNA® and CCNP® Nimit is also working on a Cisco data center CCIE® certification While also pursuing an MBA degree from Santa Clara University.
  Remember to use the rating system to let Vishal and Nimit know if you have received an adequate response. 
  Because of the volume expected during this event, Vishal and Nimit might not be able to answer every question. Remember that you can continue the conversation in the Network Infrastructure Community, under the subcommunity LAN, Switching & Routing, shortly after the event. This event lasts through August 29, 2014. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Hello Gustavo
  Please see my responses to your questions:
  Yes almost all routing protocols use Multicast to establish adjacencies. We are dealing with two different type of traffic –Control Plane and Data Plane.
  Control Plane: To establish Routing adjacency, the first packet (hello) is punted to CPU. So in the case of triangle routed VPC topology as specified on the Operations Guide Link, multicast for routing adjacencies will work. The hellos packets will be exchanged across all 3 routers and adjacency will be formed over VPC links
  http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/operations/n5k_L3_w_vpc_5500platform.html#wp999181
  Now for Data Plane we have two types of traffic – Unicast and Multicast.
  The Unicast traffic will not have any forwarding issues, but because the Layer 3 ECMP and port channel run independent hash calculations there is a possibility that when the Layer 3 ECMP chooses N5k-1 as the Layer 3 next hop for a destination address while the port channel hashing chooses the physical link toward N5k-2. In this scenario,N5k-2 receives packets from R with the N5k-1 MAC as the destination MAC.
  Sending traffic over the peer-link to the correct gateway is acceptable for data forwarding, but it is suboptimal because it makes traffic cross the peer link when the traffic could be routed directly.
  For that topology, Multicast Traffic might have complete traffic loss due to the fact that when a PIM router is connected to Cisco Nexus 5500 Platform switches in a vPC topology, the PIM join messages are received only by one switch. The multicast data might be received by the other switch.
  The Loop avoidance works little different across Nexus 5000 and Nexus 7000.
  Similarity: For both products, loop avoidance is possible due to VSL bit
  The VSL bit is set in the DBUS header internal to the Nexus.
  It is not something that is set in the ethernet packet that can be identified. The VSL bit is set on the port asic for the port used for the vPC peer link, so if you have Nexus A and Nexus B configured for vPC and a packet leaves Nexus A towards Nexus B, Nexus B will set the VSL bit on the ingress port ASIC. This is not something that would traverse the peer link.
  This mechanism is used for loop prevention within the chassis.
  The idea being that if the port came in the peer link from the vPC peer, the system makes the assumption that the vPC peer would have forwarded this packet out the vPC-enabled port-channels towards the end device, so the egress vpc interface's port-asic will filter the packet on egress.
  Differences:  In Nexus 5000 when it has to do L3-to-L2 lookup for forwarding traffic, the VSL bit is cleared and so the traffic is not dropped as compared to Nexus 7000 and Nexus 3000.
  It still does loop prevention but the L3-to-L2 lookup is different in Nexus 5000 and Nexus 7000.
  For more details please see below presentation:
  https://supportforums.cisco.com/sites/default/files/session_14-_nexus.pdf
  DCI Scenario:  If 2 pairs are of Nexus 5000 then separation of L3/L2 links is not needed.
  But in most scenarios I have seen pair of Nexus 5000 with pair of Nexus 7000 over DCI or 2 pairs of Nexus 7000 over DCI. If Nexus 7000 are used then L3 and L2 links are required for sure as mentioned on above presentation link.
  Let us know if you have further questions.
  Thanks,
  Vishal

• Ask the Expert: Enterprise Design and Deployment of Multicast

  Welcome to this Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about Cisco enterprise design and deployment of multicast solutions.
  The enterprise world is evolving to be overcome with large throughput capacity and record numbers of users connecting to the network. Mechanisms such as multicast, which allows for a minimization of throughput for multiple users subscribing to the same stream, are a welcome addition. Applications such as enterprise all-hands video streaming, trading applications, mass operating system deployment, and custom implementations can put a strain on the network if done via unicast. Multicast can minimize this strain by replicating a single stream for subscription by multiple parties who would like to receive the same information. For this Ask the Expert event, Patrick Lloyd, CCIE R&S no. 39750 and a network consulting engineer with Cisco’s Enterprise Advanced Services Delivery Team, will answer questions about multicast design and implementation based on best practices and prior experience with large enterprise deployments.
  Patrick Lloyd is a network consulting engineer for Cisco’s Enterprise East Advanced Services team, working to support and lend his expertise to a number of financial, insurance, healthcare, and consulting customers. In his four years of experience, he has lent design expertise to multicast networks ranging from 500 Cisco devices and 20K users to upward of 4500 Cisco devices and 50K users. Patrick is certified with his Cisco Certified Internetworking Expert no. 39750 in the Routing and Switching track and also has achieved certification in CCNA Security and Securing Cisco Routers and Switches as part of the CCNP Security track. Patrick received his MS degree in networking and systems administration from Rochester Institute of Technology in Rochester, NY, and his BS degree in computer science from Eastern Connecticut State University. He frequently gives customer-based knowledge transfers.
  Remember to use the rating system to let Patrick know if you have received an adequate response.
  Because of the volume expected during this event, Patrick might not be able to answer every question. Remember that you can continue the conversation in Network Infrastructure under the subcommunity WAN, Routing & Switching shortly after the event. This event lasts through September 12, 2014. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Thanks for the question!  This is actually a good one that I've encountered with a couple customers in the past, the tradeoff between a flood and prune type design, as opposed to the shared tree -> shortest path tree sequence.  As per Cisco best practice, we are actively trying to get customers to implement sparse mode, going so far as to not support PIM dense mode in our data center products.  And for good reason!  The last thing you want is a chatty protocol within the data center which is flooding traffic out to receivers who may or may not be interested in it every 3 minutes.  Instead, you're much better off having interested receivers join a stream, have your RP connect the interested senders and receivers, and then transition to the shortest path between source and destination.
  That being said, if you're studying for CCIE or looking to get experience in how multicast works, dense mode should at least be a lab exercise!
  Links for reference as to the difference in PIM modes:
  Dense Mode Operation:
  http://www.cisco.com/en/US/docs/ios/ipmulti/configuration/guide/imc_pim_dense_rfrsh.pdf
  Pim Modes and explanation of each:
  http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12-2_53_se/configuration/guide/3750xscg/swmcast.html#wp1077051
  A great slide deck to learn the operation of multicast:
  https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=6633&backBtn=true
  Troubleshooting Multicast:
  https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=78578&backBtn=true
  Let me know if this is the answer you're looking for!

• Ask the Expert: Layer 2 Security on Cisco Catalyst Platforms

  With Wilson Bonilla
  Welcome to the Cisco Support Community Ask the Expert conversation.  This  is an opportunity to learn and ask questions about about issues in designing, planning, and implementing Layer 2 security in your LAN network with expert Wilson Bonilla. 
  Wilson will cover topics that network engineers face daily such as Spanning Tree Protocol security, private VLANs, IP source guard, protected ports, dynamic ARP inspection, virtual LAN access-control lists (VLAN ACLs), and Dynamic Host Configuration Protocol (DHCP) snooping over Cisco Catalyst platforms.  With the fast growth of networks, Layer 2 security is even more critical in the LAN to help your network become more reliable, efficient, and secure. Wilson will answer your questions about LAN networks with Cisco Catalyst switches.  
  Wilson Bonilla is a technical networking trainer at the Learning and Development Department for Cisco Technical Assistance Center located in Costa Rica. Before joining the Training Department, he worked for the Cisco TAC as a customer support engineer focused on LAN Switching for more than two years. While working on LAN switching, Wilson also had roles such as technical leader and trainer, adding to his area of expertise in Cisco Catalyst Layer 2 switching. He has CCNP routing and switching certification and is currently studying to achieve his CCNA certification in data center.
  Remember to use the rating system to let Wilson know if you've received an adequate response. 
  Because of the volume expected during this event, Wilson might not be able to answer every question. Remember that you can continue the conversation in the Network Infrastructure community, subcommunity, LAN, Switching and Routing, shortly after the event. This event lasts through November, 2013. Visit this forum often to view responses to your questions and those of other Cisco Support Community members.

  Hello NetNavi.
  Check the post above about MacSec for more information and let me know if you need further clarification, if so I will do my best,
  In regards to best practices there is a Cisco document; it describes deployments and best practices in every scenario; Supplicants, authenticator, authentication services and other configurations. Please check it out:
  http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6638/deploy_guide_c17-663760.html
  In regards to Private VLANS:
  What is a Private Vlan?
  A private Vlan is a way to isolate hosts within the same Vlan or broadcast domain. So even when you might have devices sharing the same broadcast domain they can be isolated, this isolated is configured based on sub-domains also most often called primary and secondary Vlans.
  What is a primary Vlan?
  The primary Vlan is representation of the private Vlan, a primary Vlan has one or more secondary Vlans, a switch uses the primary Vlan to present traffic from the secondary Vlans to its neighboring devices.
  What is a secondary Vlan?
  A secondary Vlan is a sub-domain of the primary Vlan. We could say that the secondary Vlans belongs to the primary. The must be associated to a primary Vlan. There are two types of secondary vlans: Isolated and Community secondary Vlans.
  What does it happen to host within a secondary isolated Vlan?
  Host within the isolated vlan; can’t communicate to neither other host in the same isoalted vlan nor host in a community vlan.
  What does it happen to host within the secondary community Vlan?
  Host within the community Vlan can communicate with other host assigned to the same community vlan, but they can’t talk to host in other community vlans.
  What are the benefits of implementing private Vlans?
  Scalability: The most common scenario is a service provider. Imagine all customers of a service provider connected through DSL, cable modem… it’s very likely that all customers belong to the same broadcast domain, however if that’s the case why is it that I can’t use my neighbor’s printer, or maybe why is it that I can’t access the files he has store in his computer, (security) we are in the same broadcast shouldn’t I be able to at least ping his ip address?. Well that’s because the ISP must guarantee some type of security for their customers, and because put every single customer that they have in a single Vlan is not scalable they use private Vlans.
  Examples:
  ISP use private vlans to protect from security bridges, Private vlans and isolated Vlans are used to protect personal information for example from one customer to another.
  DMZ; Many implementations utilizes private vlans in a DMZ to limt or minimize that risk of a compromised server.
  I would like to share this documentation with you for further information and configuration guidelines
  http://www.cisco.com/en/US/tech/tk389/tk814/technologies_configuration_example09186a008017acad.shtml#hw
  This document explains what Cisco Catalyst switches support Private Vlans. 
  http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a0080094830.shtml
  Let me know if you have further questions.
  Regards
  Wilson B.

• ASK THE EXPERTS - WAAS MONITORING AND REPORTING

  Welcome to the Cisco Networking  Professionals Ask the Expert conversation. This is an opportunity to learn about Cisco Wide Area Application Services monitoring and reporting with Michael Holloway and Joe Merrill.  Michael is an escalation support engineer in the Application  Delivery Business Unit focusing on escalations to engineering related to  the Cisco Wide Area Application Services (WAAS) product. He has worked  with Cisco WAAS since its initial development, and with the first  product beta.
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin:0in;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;
  mso-bidi-font-family:"Times New Roman";
  mso-bidi-theme-font:minor-bidi;}
  Joe Merrill is an escalation support engineer in the Application Delivery Business Unit focusing on escalations to engineering related to the Cisco Wide Area Application Services (WAAS) product. He has worked with Cisco WAAS since its initial development, and with the first product beta.
  Remember to use the rating system to let Michael and Joe know if you have received an adequate response.
  Michael and Joe might not be able to answer each question due to the volume expected   during this event. Our moderators will post many of the unanswered   questions in other discussion forums shortly after the event. This  event  lasts through August 27, 2010. Visit this forum often to view  responses  to your questions and the questions of other community  members.

  Very good questions. Let me try and take them one at a time. Some of the answers you will likely find in the CM GUI help (upper-left corner is the Help button), or in the online documentation. But let's add a little more color and detail.
  1)When we pull bandwidth Optimization report, on Y-Axis the graphs says Effective Capacity .What is Effective Capacity?
  Basically, the "effective increased bandwidth capacity" is telling you how much additional WAN bandwidth you've gained because of the optimization. It will chart somewhere between 1 times and 100 times. Typically it charts all traffic, though you can configure it to chart traffic for specific Applications.
  The CDM online help gives the formulas used to chart the graph:
  Effective WAN Capacity = 1 / (1-% Reduction Excluding Pass-Through)
  % Reduction Excluding Pass-Through = (Original Excluding Pass-Through - Optimized) / (Original Excluding Pass-Through)
  2)what is reduction % excluding and including passthrough
  Looking at the formulas given above might help you understand. The one is a reduction ratio compared to only the original traffic that is optimized. The other is a reduction ratio compared to all original traffic, whether it is optimized or not. So, if you want to know what kind of optimization you are getting for the traffic that you configured to have optimized, look at the "excluding pass-through" numbers. If you want to know the positive effect that optimization is having on your full traffic load, take a look at the "including pass-through" numbers.
  3)What is effectivity capacity including and excluding passthrough ?
  The effective capacity is what kind of throughput you can potentially realize on the WAN -- assuming you would fill it to 100% capacity -- because of the level of optimization you are seeing. The "including" numbers show you the effect of optimization compared to all the traffic passing through the WAE whether it is optimized or not. The "excluding" numbers show the effect of optimization compared only to the traffic that is receiving optimizations.
  4)With the help of which report, we can show the customer that the file download which took 10 mins in first attempt, is downloaded in 10secons in next attempt?
  This one is a little trickier. The reports are much broader than a single connection. They are for all traffic, or for traffic that matches specific defined Applications. You could create a separate Application and matching classifiers for the client and/or server IP addresses and/or ports, run the test, then configure the charts to only show you the data for that Application. By default, statistics for an Application aren’t charted unless you check the "Enable Statistics" box when defining/editing the Application.
  5)How to show that the bandwidth utilization has decreased by which %.
  You want to look at the % reduction numbers you asked about in #2 above.
  6)Which report says that the applications have become this much time faster?
  These questions are normally put forwarded by many customers ? Can you please help me with your expertise answer ?
  This is probably the hardest question to answer.
  "Faster" isn't always easy to define. You are probably talking about user experience rather than statistics found in a network device. What determines that experience? A web page fully populating with all the pictures? A CIFS-based application that saves a file? A custom application that collects data from different servers over different protocols to perform some operation? Much of that is subjective and based on multiple individual requests, sometimes over different protocols.
  What we can provide are statistics to show the effect of WAN optimization and application acceleration for specific types of traffic. We can't show you that displaying a web page is N times faster with WAAS, because we don't know which of all the many HTTP requests that are made are specific to the user experience. But we can show that each of the requests received so much overall optimization, so much optimization from DRE, so much optimization from LZ, so much added benefit from HTTP acceleration.
  What you would probably do is collect some base-line timings for performing certain user activities, then perform the same operations both cold (first pass) and warm (subsequent passes). Back up those timing numbers with reports from the CM GUI, and perhaps even the "show statistics connection connection-id ". Which reports to use? Start with those Optimization and Acceleration reports. Those are the reports we expect will give the most complete/accurate pictures of the benefit of WAAS. You can also create and even schedule custom reports as needed.