Ask the Expert: Installing, Configuring, and Troubleshooting Cisco Unified MeetingPlace

Similar Messages

• Ask the Expert:Concepts, Configuration and Troubleshooting Layer 2 MPLS VPN – Any Transport over MPLS (AToM)

  With Vignesh R. P.
  Welcome to the Cisco Support Community Ask the Expert conversation.This is an opportunity to learn and ask questions about  concept, configuration and troubleshooting Layer 2 MPLS VPN - Any Transport over MPLS (AToM) with Vignesh R. P.
  Cisco Any Transport over MPLS (AToM) is a solution for transporting Layer 2 packets over an MPLS backbone. It enables Service Providers to supply connectivity between customer sites with existing data link layer (Layer 2) networks via a single, integrated, packet-based network infrastructure: a Cisco MPLS network. Instead of using separate networks with network management environments, service providers can deliver Layer 2 connections over an MPLS backbone. AToM provides a common framework to encapsulate and transport supported Layer 2 traffic types over an MPLS network core.
  Vignesh R. P. is a customer support engineer in the Cisco High Touch Technical Support center in Bangalore, India, supporting Cisco's major service provider customers in routing and MPLS technologies. His areas of expertise include routing, switching, and MPLS. Previously at Cisco he worked as a network consulting engineer for enterprise customers. He has been in the networking industry for 8 years and holds CCIE certification in the Routing & Switching and Service Provider tracks.
  Remember to use the rating system to let Vignesh know if you have received an adequate response. 
  Vignesh might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the  Service Provider sub-community discussion forum shortly after the event. This event lasts through through September 21, 2012. Visit this forum often to view responses to your questions and the questions of other community members.

  Hi Tenaro,
  AToM stands for Any Transport over MPLS and it is Cisco's terminology used for Layer 2 MPLS VPN or Virtual Private Wire Service. It is basically a Layer 2 Point-to-Point Service. AToM basically supports various Layer 2 protocols like Ethernet, HDLC, PPP, ATM and Frame Relay.
  The customer routers interconnect with the service provider routers at Layer 2. AToM eliminates the need for the legacy network from the service provider carrying these kinds of traffic and integrates this service into the MPLS network that already transports the MPLS VPN traffic.
  AToM is an open standards-based architecture that uses the label switching architecture of MPLS and can be integrated into any network that is running MPLS. The advantage to the customer is that they do not need to change anything. Their routers that are connecting to the service provider routers can still use the same Layer 2 encapsulation type as before and do not need to run an IP routing protocol to the provider edge routers as in the MPLS VPN solution.
  The service provider does not need to change anything on the provider (P) routers in the core of the MPLS network. The intelligence to support AToM sits entirely on the PE routers. The core label switching routers (LSRs) only switch labeled packets, whereas the edge LSRs impose and dispose of labels on the Layer 2 frames.
  Whereas pseudowire is a connection between the PE routers and emulates a wire that is carrying Layer 2 frames. Pseudowires use tunneling. The Layer 2 frames are encapsulated into a labeled (MPLS) packet. The result is that the specific Layer 2 service—its operation and characteristics—is emulated across a Packet Switched Network.
  Another technology that more or less achieves the result of AToM is L2TPV3. In the case of L2TPV3 Layer 2 frames are encapsulated into an IP packet instead of a labelled MPLS packet.
  Hope the above explanation helps you. Kindly revert incase of further clarification required.
  Thanks & Regards,
  Vignesh R P

• Ask The Expert: Understanding, Implementing, and Troubleshooting Cisco Prime Network

  Ask questions and learn about Cisco Prime Network with Cisco experts Vignesh Rajendran Praveen and Jaminder Singh Bali.
  Cisco Prime Network is and  Cisco Prime Network provides cost-effective device operation, administration and network fault management for today’s complex and evolved programmable networks (EPNs). It is a single solution to support both the traditional physical network components, as well as compute infrastructure, and the virtual elements found in data centers. Automated configuration and change management combined with advanced troubleshooting and diagnostics greatly help service providers enable proactive service assurance. Additionally, the flexible and extensible architecture is designed to support the multivendor environment, helping to lower operational costs.
  This event runs January 5 through January 16, 2015.
  Vignesh Rajendran Praveen is a High Touch Engineer with the Focused Technical Services team supporting Cisco's major Service Provider customers in Routing, Switching, Multiprotocol Label Switching (MPLS) technologies and Cisco Prime Network related issues. Previously at Cisco he has worked as a Network Consulting Engineer for Enterprise Customers and as a Customer Support Engineer for Service Provider customers. He has been in the networking industry for ten years and holds CCIE certification (#34503) in the Routing and Switching as well as Service Provider tracks.
  Jaminder Singh Bali is a Customer Support Engineer working in SP-NMS TAC team, supporting Cisco's major service provider customers in Cisco Prime Network, Performance and Prime Central related issues. His areas of expertise include Oracle, Linux and NMS applications. He has been in the industry for past six years.
  Remember to use the rating system to let the experts know if you have received an adequate response. 
  The Experts might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation in Network Infrastructure community, sub-community, LAN, Switching and Routing discussion forum shortly after the event. This event lasts through January 16, 2015. Visit this forum often to view responses to your questions and the questions of other community members.

  Hello Jerome,
  A variety of Cisco devices are supported by the the Cisco Prime Network. I would encourage you to go through the below links on the user guide depending the version of Cisco Prime Network being used.
  "Cisco Prime Network Supported Cisco Virtual Network Elements (VNEs)"
  "Cisco Prime Network Supported Cisco VNEs - Addendum"
  Below is the link for the user guide.
  http://www.cisco.com/c/en/us/support/cloud-systems-management/prime-network/products-user-guide-list.html
  Hope this would help in providing you more clarity.
  ***********Plz do rate this post if you found it helpful*************************
  Thanks & Regards,
  Vignesh R P

• Ask the Expert: Basic Introduction and Troubleshooting on Cisco Nexus 7000 NX-OS Virtual Device Context

  With Vignesh R. P.
  Welcome to the Cisco Support Community Ask the Expert conversation.This is an opportunity to learn and ask questions of Cisco expert Vignesh R. P. about the Cisco® Nexus 7000 Series Switches and support for the Cisco NX-OS Software platform .
  The Cisco® Nexus 7000 Series Switches introduce support for the Cisco NX-OS Software platform, a new class of operating system designed for data centers. Based on the Cisco MDS 9000 SAN-OS platform, Cisco NX-OS introduces support for virtual device contexts (VDCs), which allows the switches to be virtualized at the device level. Each configured VDC presents itself as a unique device to connected users within the framework of that physical switch. The VDC runs as a separate logical entity within the switch, maintaining its own unique set of running software processes, having its own configuration, and being managed by a separate administrator.
  Vignesh R. P. is a customer support engineer in the Cisco High Touch Technical Support center in Bangalore, India, supporting Cisco's major service provider customers in routing and MPLS technologies. His areas of expertise include routing, switching, and MPLS. Previously at Cisco he worked as a network consulting engineer for enterprise customers. He has been in the networking industry for 8 years and holds CCIE certification in the Routing & Switching and Service Provider tracks.
  Remember to use the rating system to let Vignesh know if you have received an adequate response. 
  Vignesh might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the  Data Center sub-community discussion forum shortly after the event. This event lasts through through January 18, 2013. Visit this forum often to view responses to your questions and the questions of other community members.

  Hi Vignesh
  Is there is any limitation to connect a N2K directly to the N7K?
  if i have a an F2 card 10G and another F2 card 1G and i want to creat 3 VDC'S
  VDC1=DC-Core
  VDC2=Aggregation
  VDC3=Campus core
  do we need to add a link between the different VDC's
  thanks

• Ask the Expert: FSPF Concepts and Troubleshooting in Cisco SAN Environments

              With Upinder Sujlana
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about FSPF, VSAN interaction, load balancing, and troubleshooting with Upinder Sujlana.
  According to the FC-SW-2 standard, Fabric Shortest Path First (FSPF) is a link state path selection protocol. FSPF keeps track of the links on all switches in the fabric and associates a cost with each link. FSPF tracks the state of links on all switches in the fabric, associates a cost with each link in its database, and then chooses the path with a minimal cost. The cost associated with an interface can be administratively changed to implement the FSPF route selection. Upinder will discuss Cisco's implementation of FSPF.
  Upinder Sujlana is a customer support engineer for Cisco's SAN TAC team based in San Jose, CA. He has worked in the TAC for the past five years with a focus on WAN technologies (L2TP, T1, T3, SCE 2K, 8K) and data center technologies such as MDS; Cisco Nexus 7000, 5000, and 2000; FCoE; and FC. Prior to joining the TAC, Upinder was a Java client-side programmer for an NMS startup company and then transitioned to network testing for a cloud company. He holds a master's degree in electrical engineering from Santa Clara University and has CCIE certification (no. 37318) in routing and switching. These days he is enthusiastic about Python programming. 
  Remember to use the rating system to let Upinder know if you have received an adequate response. 
  Upinder might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation in Data Center community,  sub-community, Storage Networking   discussion forum shortly after the event. This event lasts through March 14, 2014. Visit this forum often to view responses to your questions and the questions of other community members.

  Hi Evan,
  You can use my favorite command as below to find out the cost and check what path traffic will take. Here is a example :
  switch1# show fspf internal route vsan 2
  FSPF Unicast Routes
  VSAN     Number          Dest Domain          Route Cost          Next hops
  1                   0x01(1)                    1000                  fc1/2
  1                   0xEF(239)                  1000                  fc1/1
  1                   0xED(238)                  2000                  fc1/1
                                                                       fc1/2
  This shows the total cost of all links.
  The next hop (238) has two interfaces. This indicates that both paths will be used during load sharing. Up to sixteen paths can be used by FSPF with a Cisco MDS 9000 Family switch.
  http://www.cisco.com/en/US/products/ps5989/prod_troubleshooting_guide_chapter09186a008067a306.html#wp126591
  HTH,
  ~upinder

• Ask the Expert: Installation, Operation, and Troubleshooting of RF Gateway 1 (RFGW1)

  With Ron Hanson
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions from Cisco expert Ron Hanson about the RF Gateway 1 (RFGW1) including installation, operation, configuration, and troubleshooting.
  Ron Hanson is a customer support engineer in the Technical Assistance Center, where he supports major RF Gateway 1 customers as part of the Service Providers Video team. He started working with the RF Gateway before its general release in 2008, and worked in the field on large Gateway deployments before joining product support. Hanson has been in the cable TV industry for 38 years. He previously spent 22 years at Scientific-Atlanta, which was acquired by Cisco in 2007. He holds two joint patents and is certified as a Cisco Optical Specialist. 
  Remember to use the rating system to let Ron know if you have received an adequate response. 
  Ron might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Service Provider sub-community discussion forum shortly after the event. This event lasts through Sept 7, 2012. Visit this forum often to view responses to your questions and the questions of other community members.

  Hi John,
  Thanks for your reply.  The process of moving a license to another gateway can be done by the customer on the web site named HESULE  https://online.sciatl.com/license-it/.  You will need the HOST ID which can be found on the SYSTEM/License management tab. The HOST ID is essentially the 7 digit serial number with all leading zeros removed.
  Be sure to use Firefox when logging in.  Entering your email is important because the new license will be sent back to this address.
  In the License management tab, on the gateway you wish to remove the license from, record the 32 digit validation key number to the right of the license you wish to transfer.
  Go to HESULE and start the transfer process.  Hesule is very secure - therfore you must "prove" to Hesule the license has been removed from the first chassis.  Hesule will issue you a new license with the license you wish to transfer removed.  When you load this new license and new validation key will come up on the screen.  Go back to Hesule and enter this key to prove the license has been removed.  Hesule will then email you another new license containing the license you are transfering. Load this license on the new RFGW1 and the process is complete.
  Yes I understand I said a lot.  However, the process is described step by step on the Hesule site.
  If you have any problems do not hesitate to contact me.
  Thank you   RON HANSON

• Ask the Expert: C-Series Integration with Cisco Unified Computing System Manager

  Welcome to the Cisco Support Community Ask the Expert conversation. This conversation is an opportunity to learn and ask questions about Cisco C-Series Integration with Cisco Unified Computing System® Manager (Cisco UCS® Manager) with Cisco experts Vishal Mehta and Manuel Velasco.
  Cisco UCS C-Series Rack-Mount Servers are managed by the built-in standalone software, Cisco Integrated Management Controller (Cisco IMC). When a C-Series rack-mount server is integrated with Cisco UCS Manager, the IMC no longer manages the server. Instead you will manage the server using the Cisco UCS Manager GUI or Cisco UCS Manager command-line interface (CLI).
  Cisco UCS Manager 2.2 provides three connectivity modes for Cisco UCS C-Series Rack-Mount Server management. The following are the connectivity modes:
  Dual-wire management (shared LAN On Motherboard [LOM]): Shared LOM ports on the rack server are used exclusively for carrying management traffic.A separate cable connected to one of the ports on the Payment Card Industry Express (PCIe) card carries the data traffic.
  SingleConnect (Sideband): Using Network Controller Sideband Interface (NC-SI), the Cisco UCS Virtual Interface Card 1225 (VIC1225) connects one cable that can carry both data and management traffic.
  Direct Connect Mode: Cisco UCS Manager Version 2.2 introduces an additional rack server management mode using direct connection to the Fabric Interconnect.
  Vishal Mehta is a customer support engineer for Cisco’s Data Center Server Virtualization Technical Assistance Center (TAC) team based in San Jose, California. He has been working in the TAC for the past 3 years with a primary focus on data center technologies such as Cisco Nexus® 5000, Cisco UCS, Cisco Nexus 1000V, and virtualization. He presented at Cisco Live in Orlando 2013 and will present at Cisco Live Milan 2014 (BRKCOM-3003, BRKDCT-3444, and LABDCT-2333). He holds a master’s degree from Rutgers University in electrical and computer engineering and has CCIE® certification (number 37139) in routing and switching and service provider.
  Manuel Velasco is a customer support engineer for Cisco’s Data Center Server Virtualization TAC team based in San Jose, California.  He has been working in the TAC for the past 3 years with a primary focus on data center technologies such as Cisco UCS, Cisco Nexus 1000V, and virtualization.  Manuel holds a master’s degree in electrical engineering from California Polytechnic State University (Cal Poly) and CCNA® and VMware VCP certifications. Remember to use the rating system to let Vishal and Manuel know if you have received an adequate response. 
  Because of the volume expected during this event, our experts might not be able to answer every question. Remember that you can continue the conversation in the Data Center, under subcommunity, Unified Computing, shortly after the event. This event lasts through May 23, 2014. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Hello Sebastian,
  The different modes of connecting C-Series with UCSM come into play depending on the type of infrastructure you already have along with C-Series and NIC model.
  Cisco UCS C-Series Rack-Mount Servers are managed by the built-in standalone software, Cisco Integrated Management Controller (CIMC) .
  Powerful features provided by Cisco UCS Manager can be leveraged to manage C-Series server by integrating  C-Series Rack-Mount Server with UCSM.
  This not only gives you rich-feature set but also one management plane to operate UCS-B Series Chassis and UCS-C Series Rack Server.
  You will manage the server using the Cisco UCS Manager GUI or Cisco UCS Manager CLI.
  Cisco UCS Manager 2.2 provides three connectivity modes for Cisco UCS C-Series Rack-Mount Server management.
  The following are the connectivity modes:
  •  Dual-wire Management (Shared LOM):
  Shared LAN on Motherboard (LOM) ports on the rack server are used exclusively for carrying management traffic. A separate cable connected to one of the ports on the PCIe card carries the data traffic. Using two separate cables for managing data traffic and management traffic is also referred to as dual-wire management.
  http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/c-series_integration/ucsm2-2/b_C-Series-Integration_UCSM2-2/b_C-Series-Integration_UCSM2-2_chapter_0100.html
  This mode is recommended when you have C-Server which does not  have or cannot support VIC 1225 card (such C-200 server)
  •  SingleConnect (Sideband):
  Using Network Controller Sideband Interface (NC-SI), Cisco UCS VIC1225 Virtual Interface Card (VIC) connects one cable that can carry both data traffic and management traffic.
  This feature is referred to as SingleConnect.
  http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/c-series_integration/ucsm2-2/b_C-Series-Integration_UCSM2-2/b_C-Series-Integration_UCSM2-2_chapter_011.html
  This most recommended Integration model when using FEX and VIC 1225 card
  •  Direct Connect Mode:
  Cisco UCS Manager release version 2.2 introduces an additional rack server management mode using direct connection to the Fabric Interconnect.
  This mode will eliminate the need for FEX module as Servers are directly plugged into the base ports of Fabric Interconnect
  http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/c-series_integration/ucsm2-2/b_C-Series-Integration_UCSM2-2/b_C-Series-Integration_UCSM2-2_chapter_0110.html
  Please let us know if you need more information. Thank you!
  Thanks,
  Vishal

• Ask the Expert: Plan, Design, and Implement Mobile Remote Access, the Cisco Collaboration Edge Architecture

  Welcome to the Cisco® Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about planning, designing, and implementing mobile remote access (Cisco Collaboration Edge Architecture) with Cisco subject matter experts Aashish Jolly and Abhijit Anand.
  Cisco Collaboration Edge Architecture is an architecture that provides VPN-less access of Cisco Unified Communications resources to Cisco Jabber® users. This discussion is dedicated to addressing questions about design best practices while implementing mobile remote access.
  For more information, refer to the Unified Communications Mobile and Remote Access via Cisco VCS deployment guide. 
  Aashish Jolly is a network consulting engineer who is currently serving as the Cisco Unified Communications consultant for the ExxonMobil Global account. Earlier at Cisco, he was part of the Cisco Technical Assistance Center (TAC), where he helped Cisco partners with installation, configuring, and troubleshooting Cisco Unified Communications products such as Cisco Unified Communications Manager and Manager Express, Cisco Unity® solutions, Cisco Unified Border Element, voice gateways and gatekeepers, and more. He has been associated with Cisco Unified Communications for more than seven years. He holds a bachelor of technology degree as well as Cisco CCIE® Voice (#18500), CCNP® Voice, and CCNA® certifications and VMware VCP5 and Red Hat RHCE certifications.
  Abhijit Singh Anand is a network consulting engineer with the Cisco Advanced Services field delivery team in New Delhi. His current role involves designing, implementing, and optimizing large-scale collaboration solutions for enterprise and defense customers. He has also been an engineer at the Cisco TAC. Having worked on multiple technologies including wireless and LAN switching, he has been associated with Cisco Unified Communications technologies since 2006. He holds a master’s degree in computer applications and multiple certifications, including CCIE Voice (#19590), RHCE, and CWSP and CWNP.
  Remember to use the rating system to let Aashish and Abhijit know if you have received an adequate response. 
  Because of the volume expected during this event, our experts might not be able to answer every question. Remember that you can continue the conversation on the Cisco Support Community Collaboration, Voice and Video page, in the Jabber Clients subcommunity, shortly after the event. This event lasts through June 20, 2014. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Hi Marcelo,
     Yes, there are some requirements for certificates in Expressway.
  Expressway Core (Exp-C)
  - Can be signed by either External or Internal CA
  - Better to use a cluster name even if you start with 1 peer in Exp-C cluster. In the future, if more peers are added, changes would be minimal.
  - Better to use FQDN of cluster as CN of certificate, this way the traversal zone configuration on Expressway-E won't require any change even if new peers are added to Exp-C cluster.
  - If CUCM is mixed mode, include security profile names (in FQDN format) as Subject Alternate Names
  - The Chat Node Aliases that are configured on the IM and Presence servers. They will be required only for Unified Communications XMPP federation deployments that intend to use both TLS and group chat. (Note that Unified Communications XMPP federation will be supported in a future Expressway release). The Expressway-C automatically includes the chat node aliases in the CSR, providing it has discovered a set of IM&P servers.
  - For TLS b/w CUCM, IM-P & Exp-C
    + If using self-signed certificates on CUCM, IM/P. Load Cisco Tomcat, cup, cup-xmpp certificates from IM-P on Exp-C. Load callmanager, Cisco Tomcat certificates from CUCM on Exp-C.
    + If using Internal CA signed certificates on CUCM, IM/P. Load Root CA certificates on Exp-C.
    + Load CA certificate under tomcat-trust, cup-trust, cup-xmpp-trust on IM-P.
    + Load CA certificate under tomcat-trust, callmanager-trust on CUCM.
  Expressway Edge (Exp-E)
  - Signed by External CA
  - Configured Unified Communications domain as Subject Alternate Name
  - If using a cluster, select FQDN of this peer as CN and FQDN of Cluster + this peer as Subject Alternate Name.
  - If XMPP federation is being deployed, enter the same Chat Node Aliases as entered in Exp-C.
  For more details, please refer to the Certificate Creation Guide for Cisco Expressway x8.1.1
  http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-1/Cisco-Expressway-Certificate-Creation-and-Use-Deployment-Guide-X8-1.pdf
  - Aashish

• Ask the Expert: Deployment and Troubleshooting Cisco Unified Contact Center Express (UCCX) Deployments

  With Anirudh Ramachandran  and Abhiram Kramadhati 
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about the latest advancements in Cisco UCCX (such as the integration of Cisco Social Miner to provide agent chat and better reporting using the Cisco Unified Intelligence Center), as well as the existing features of Historical Reporting, custom reporting using the historical database, Agent Email services, JTAPI integration with CUCM, and the HA over WAN cluster mechanism.
  Anirudh Ramachandran is a customer support engineer at the Cisco Backbone Technical Assistance Center in Bangalore, India. Working in the Asia-Pacific time zone for the last two years, he focuses on Cisco Unified Contact Center Express issues and specializes in Linux, JTAPI/CTI integration, and UCCX system and database issues. He holds the CCNP Voice and UCCX Specialist certifications, and is also a Red Hat Certified Engineer. Anirudh writes tools and automates bug workarounds for UCCX in addition to working on TAC service requests, and currently has authored and co-authored seven such tools. Anirudh graduated from the National Institute of Technology Karnataka with a Bachelor of Technology in Computer Engineering.
  Abhiram Kramadhati is an engineer with the Contact Center Backbone team in the Asia Pacific timezone. He has been working with UCCX since he started with Cisco 2 years ago. During his time at Cisco, he has built his expertise around UCCX Telephony applications, JTAPI integration, UCCX system behaviour, LDAP components and also UCCX as IPIVR in UCCE environments. He also works on other technologies including Unified Communications Manager and UCCE. He has been involved in many technical escalations in the region. Abhiram is a Telecommunications engineer from Bangalore, India.
  Remember to use the rating system to let Anirudh and Abhiram know if you have received an adequate response. 
  They might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Collaboration, Voice and Video Contact Center subcommunity discussion forum shortly after the event. This event lasts through May 3, 2013. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Hi Anthony,
  Thanks for the question.
  This is an interesting requirement, since the UCCX trigger's configuration is translated only to the Call Forward Busy External setting on the CUCM.
  Trigger creation:
  144768: Apr 22 21:54:23.789 IST %MADM-ADM_CFG-7-UNK:JTAPITriggerServlet.updateNewTrigger() - Creating a new Trigger :1234
  144876: Apr 22 21:54:23.884 IST %MADM-ADM_CFG-7-UNK:JTAPITriggerServlet routePoint = 1234
  144877: Apr 22 21:54:23.884 IST %MADM-ADM_CFG-7-UNK:JTAPITriggerServlet description = testt
  144878: Apr 22 21:54:23.884 IST %MADM-ADM_CFG-7-UNK:JTAPITriggerServlet deviceName = testt
  144879: Apr 22 21:54:23.884 IST %MADM-ADM_CFG-7-UNK:JTAPITriggerServlet devicePool = {1B1B9EB6-7803-11D3-BDF0-00108302EAD1}
  144880: Apr 22 21:54:23.884 IST %MADM-ADM_CFG-7-UNK:JTAPITriggerServlet devicePoolName = Default
  144881: Apr 22 21:54:23.884 IST %MADM-ADM_CFG-7-UNK:JTAPITriggerServlet callingSearchSpace =
  144882: Apr 22 21:54:23.884 IST %MADM-ADM_CFG-7-UNK:JTAPITriggerServlet callingSearchSpaceName = None
  144883: Apr 22 21:54:23.884 IST %MADM-ADM_CFG-7-UNK:JTAPITriggerServlet redirectCSS = default
  144884: Apr 22 21:54:23.884 IST %MADM-ADM_CFG-7-UNK:JTAPITriggerServlet location = {29C5C1C4-8871-4D1E-8394-0B9181E8C54D}
  144885: Apr 22 21:54:23.884 IST %MADM-ADM_CFG-7-UNK:JTAPITriggerServlet locationName = Hub_None
  144886: Apr 22 21:54:23.884 IST %MADM-ADM_CFG-7-UNK:JTAPITriggerServlet partition =
  144887: Apr 22 21:54:23.884 IST %MADM-ADM_CFG-7-UNK:JTAPITriggerServlet partitionName = None
  144888: Apr 22 21:54:23.884 IST %MADM-ADM_CFG-7-UNK:JTAPITriggerServlet voiceMailProfile =
  144889: Apr 22 21:54:23.884 IST %MADM-ADM_CFG-7-UNK:JTAPITriggerServlet voiceMailProfileName = None
  144890: Apr 22 21:54:23.884 IST %MADM-ADM_CFG-7-UNK:JTAPITriggerServlet forwardBusyVM =
  144891: Apr 22 21:54:23.884 IST %MADM-ADM_CFG-7-UNK:JTAPITriggerServlet forwardBusyDestination =
  144892: Apr 22 21:54:23.884 IST %MADM-ADM_CFG-7-UNK:JTAPITriggerServlet forwardBusyCSS =
  144893: Apr 22 21:54:23.884 IST %MADM-ADM_CFG-7-UNK:JTAPITriggerServlet forwardBusyCSSName = None
  144953: Apr 22 21:54:23.913 IST %MADM-LIB_AXL-7-UNK:AXL-ExecutionCmd-569.CCMLineSOAPAdmin: try makeRequest() on AXL: 10.106.113.142, AXLUser: axl, AXLPassword: XXXXXX
  144954: Apr 22 21:54:23.913 IST %MADM-LIB_AXL-7-UNK:CCMVersionSOAPAdmin.getAXLVersion():7.1
  144955: Apr 22 21:54:23.913 IST %MADM-LIB_AXL-7-UNK:AXL-ExecutionCmd-569.CCMLineSOAPAdmin: makeRequest() - Start REQUEST ====================
  144956: Apr 22 21:54:23.913 IST %MADM-LIB_AXL-7-UNK:POST /axl/ HTTP/1.1
  Connection: keep-alive
  Host: 10.106.113.142:8443
  Authorization: Basic YXhsOmF4bA==
  SOAPAction: "CUCM:DB ver=7.1"
  Accept: text/*
  Content-type: text/xml; charset="utf-8"
  Cache-Control: no-cache
  Pragma: no-cache
  Content-length: 440
  http://schemas.xmlsoap.org/soap/envelope/">MADM_5691234CRS Line descriptionCallPark
  144957: Apr 22 21:54:23.913 IST %MADM-LIB_AXL-7-UNK:AXL-ExecutionCmd-569.CCMLineSOAPAdmin: makeRequest() - End REQUEST ==================
  144958: Apr 22 21:54:23.914 IST %MADM-LIB_AXL-7-UNK:AXL-ExecutionCmd-569.CCMLineSOAPAdmin: getSocket: MADM_LIB_AXL_AXL_SOCKET_POOL-0-79[TLS_RSA_WITH_AES_128_CBC_SHA: Socket[addr=10.106.113.142,port=8443,localport=44913]]
  144987: Apr 22 21:54:24.195 IST %MADM-LIB_AXL-7-UNK:AXL-ExecutionCmd-570.CCMCTIRoutePointSOAPAdmin: makeRequest() - Start REQUEST ====================
  144988: Apr 22 21:54:24.195 IST %MADM-LIB_AXL-7-UNK:POST /axl/ HTTP/1.1
  Connection: keep-alive
  Host: 10.106.113.142:8443
  Authorization: Basic YXhsOmF4bA==
  SOAPAction: "CUCM:DB ver=7.1"
  Accept: text/*
  Content-type: text/xml; charset="utf-8"
  Cache-Control: no-cache
  Pragma: no-cache
  Content-length: 839
  http://schemas.xmlsoap.org/soap/envelope/">MADM_570testttesttCTI Route PointCTI Route PointCTI Route PointSCCPUserRing1000010000
  144989: Apr 22 21:54:24.195 IST %MADM-LIB_AXL-7-UNK:AXL-ExecutionCmd-570.CCMCTIRoutePointSOAPAdmin: makeRequest() - End REQUEST ==================
  145014: Apr 22 21:54:24.647 IST %MADM-ADM_CFG-7-UNK:JTAPITriggerUtil.createRPAndLineOnCCM() - CTI RP created.
  145015: Apr 22 21:54:24.647 IST %MADM-ADM_CFG-7-UNK:JTAPITriggerUtil.createRPAndLineOnCCM() - Created a Route Point = 1234
  As you would aready know, the UCCX will send an AXL request (within the SOAP envelope) to the CUCM to create this RP. Looking at the existing code, there does not seem to be a method where we are differentiating between CFB_internal and CFB_external while sending this request.
  We have taken this as an enhancement request and also spoken to the business unit about the same. It has been added to the roadmap, we will reach out to you offline to understand the business case so that the process can be expedited if needed.
  Keep the questions coming
  Cheers,
  Abhiram Kramadhati

• Ask the Expert: Different Flavors and Design with vPC on Cisco Nexus 5000 Series Switches

  Welcome to the Cisco® Support Community Ask the Expert conversation.  This is an opportunity to learn and ask questions about Cisco® NX-OS.
  The biggest limitation to a classic port channel communication is that the port channel operates only between two devices. To overcome this limitation, Cisco NX-OS has a technology called virtual port channel (vPC). A pair of switches acting as a vPC peer endpoint looks like a single logical entity to port channel attached devices. The two devices that act as the logical port channel endpoint are actually two separate devices. This setup has the benefits of hardware redundancy combined with the benefits offered by a port channel, for example, loop management.
  vPC technology is the main factor for success of Cisco Nexus® data center switches such as the Cisco Nexus 5000 Series, Nexus 7000 Series, and Nexus 2000 Series Switches.
  This event is focused on discussing all possible types of vPC along-with best practices, failure scenarios, Cisco Technical Assistance Center (TAC) recommendations and troubleshooting
  Vishal Mehta is a customer support engineer for the Cisco Data Center Server Virtualization Technical Assistance Center (TAC) team based in San Jose, California. He has been working in TAC for the past 3 years with a primary focus on data center technologies, such as the Cisco Nexus 5000 Series Switches, Cisco Unified Computing System™ (Cisco UCS®), Cisco Nexus 1000V Switch, and virtualization. He presented at Cisco Live in Orlando 2013 and will present at Cisco Live Milan 2014 (BRKCOM-3003, BRKDCT-3444, and LABDCT-2333). He holds a master’s degree from Rutgers University in electrical and computer engineering and has CCIE® certification (number 37139) in routing and switching, and service provider.
  Nimit Pathak is a customer support engineer for the Cisco Data Center Server Virtualization TAC team based in San Jose, California, with primary focus on data center technologies, such as Cisco UCS, the Cisco Nexus 1000v Switch, and virtualization. Nimit holds a master's degree in electrical engineering from Bridgeport University, has CCNA® and CCNP® Nimit is also working on a Cisco data center CCIE® certification While also pursuing an MBA degree from Santa Clara University.
  Remember to use the rating system to let Vishal and Nimit know if you have received an adequate response. 
  Because of the volume expected during this event, Vishal and Nimit might not be able to answer every question. Remember that you can continue the conversation in the Network Infrastructure Community, under the subcommunity LAN, Switching & Routing, shortly after the event. This event lasts through August 29, 2014. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Hello Gustavo
  Please see my responses to your questions:
  Yes almost all routing protocols use Multicast to establish adjacencies. We are dealing with two different type of traffic –Control Plane and Data Plane.
  Control Plane: To establish Routing adjacency, the first packet (hello) is punted to CPU. So in the case of triangle routed VPC topology as specified on the Operations Guide Link, multicast for routing adjacencies will work. The hellos packets will be exchanged across all 3 routers and adjacency will be formed over VPC links
  http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/operations/n5k_L3_w_vpc_5500platform.html#wp999181
  Now for Data Plane we have two types of traffic – Unicast and Multicast.
  The Unicast traffic will not have any forwarding issues, but because the Layer 3 ECMP and port channel run independent hash calculations there is a possibility that when the Layer 3 ECMP chooses N5k-1 as the Layer 3 next hop for a destination address while the port channel hashing chooses the physical link toward N5k-2. In this scenario,N5k-2 receives packets from R with the N5k-1 MAC as the destination MAC.
  Sending traffic over the peer-link to the correct gateway is acceptable for data forwarding, but it is suboptimal because it makes traffic cross the peer link when the traffic could be routed directly.
  For that topology, Multicast Traffic might have complete traffic loss due to the fact that when a PIM router is connected to Cisco Nexus 5500 Platform switches in a vPC topology, the PIM join messages are received only by one switch. The multicast data might be received by the other switch.
  The Loop avoidance works little different across Nexus 5000 and Nexus 7000.
  Similarity: For both products, loop avoidance is possible due to VSL bit
  The VSL bit is set in the DBUS header internal to the Nexus.
  It is not something that is set in the ethernet packet that can be identified. The VSL bit is set on the port asic for the port used for the vPC peer link, so if you have Nexus A and Nexus B configured for vPC and a packet leaves Nexus A towards Nexus B, Nexus B will set the VSL bit on the ingress port ASIC. This is not something that would traverse the peer link.
  This mechanism is used for loop prevention within the chassis.
  The idea being that if the port came in the peer link from the vPC peer, the system makes the assumption that the vPC peer would have forwarded this packet out the vPC-enabled port-channels towards the end device, so the egress vpc interface's port-asic will filter the packet on egress.
  Differences:  In Nexus 5000 when it has to do L3-to-L2 lookup for forwarding traffic, the VSL bit is cleared and so the traffic is not dropped as compared to Nexus 7000 and Nexus 3000.
  It still does loop prevention but the L3-to-L2 lookup is different in Nexus 5000 and Nexus 7000.
  For more details please see below presentation:
  https://supportforums.cisco.com/sites/default/files/session_14-_nexus.pdf
  DCI Scenario:  If 2 pairs are of Nexus 5000 then separation of L3/L2 links is not needed.
  But in most scenarios I have seen pair of Nexus 5000 with pair of Nexus 7000 over DCI or 2 pairs of Nexus 7000 over DCI. If Nexus 7000 are used then L3 and L2 links are required for sure as mentioned on above presentation link.
  Let us know if you have further questions.
  Thanks,
  Vishal

• Ask the Experts: Single Sign-On with Cisco WebEx Meetings Server, Internet Reverse Proxy, and Enterprise License Manager Solutions

  With Arun Kumar
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about Single Sign-On (SSO) with Cisco WebEx Meetings Server (Cisco WMS), Internet Reverse Proxy (IRP), and Enterprise License Manager (ELM) solutions.
  SSO standards such as Security Assertion Markup Language (SAML) 2.0 provide secure mechanisms for passing credentials and related information between different websites that have their own authorization and authentication systems. SSO enables simplified user authentication and management.
  IRP provides public access, enabling users to host or attend meetings from the Internet and mobile devices. Although IRP is optional, Cisco encourages its use because it provides a better user experience for your mobile workforce.
  Example question topics include:
  SSO profiles and SAML 2.0 Identity providers (IdPs) supported in Cisco WMS
  Basic configuration of IdPs
  Interaction between IdPs and Cisco WMS
  Difference between the cloud client implementation and Cisco WMS
  Meeting access behavior in a split-horizon network topology with SSO
  How to enable public access to Cisco WMS
  Cisco WMS ELM operations
  Cisco WMS ELM compared to other unified communications ELM or standalone ELM and compatibility/inoperability between them
  Arun Kumar is a team lead in the San Jose Conferencing Technical Assistance Center. He has over eight years of experience in conferencing technology and specializes in Cisco Unified Meeting Place Express and Cisco WebEx Meeting Server. He joined Cisco in 2010 as an escalation engineer for the Cisco Telepresence group. Before joining Cisco he worked for the UK's third-largest internet service provider Supanet on VoIP technology and the *Nix domain. Kumar holds a master of science degree in computer science from Sikkim Manipal University in India, and he holds CCIE (Voice) and VMware Certified Professional certifications.
  Remember to use the rating system to let Arun know if you have received an adequate response.
  Arun might not be able to answer each question because of the volume expected during this event. Remember that you can continue the conversation on the Collaboration, Voice, and Video community Other Subjects subcommunity shortly after the event. This event lasts through Monday May 17, 2013. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Hello Mobile Service,
  CWMS and Jabber integrations:
  http://www.cisco.com/en/US/docs/voice_ip_comm/jabber/Windows/9_1/JABW_BK_E4CC9599_00_environment-configuration-guide_chapter_01.html#JABW_TK_SF2ED5E1_00
  In above link start from section: Set Up Cisco WebEx Meetings Server on Cisco Unified Presence
  then move to section: Add Cisco WebEx Meetings Server to a Profile
  Once done, move to section: Specify Conferencing Credentials in the Client side. You will see above server already listed there, just go ahead and enter your username and password (pleae make sure this user already exists on your CWMS) and accept any certificate/s if presented. Jabber Integration is done and you can start testing the same.
  Attached CWMS - AFDS integration doc.
  Please let me know if any furhter question.
  Thanks, Arun

• Ask the Expert: Packet Capture Capabilities of Cisco Routers and Switches

  With Rahul Rammanohar 
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about packet capture capabilities of Cisco routers and switches.
  In May 2013, we created a video that included packet capture capabilities across multiple Cisco routers and switches. For each product, we began with a discussion about the theory of the capabilities, followed by an explanation of the commands, and we concluded with a demo on real devices. In this Ask the Expert event, you’re encouraged to ask questions about the packet capture capabilities of these Cisco devices:
  •       7600/6500: mini protocol analyzer (MPA), ELAM, and Netdr
  •       ASR9k: network processor capture
  •       7200/ISRs: embedded packet capture
  •       Cisco Nexus 7K, 5K, and 3K: Ethanalyzer
  •       Cisco Nexus 7K: ELAM
  •       CRS: show captured packets
  •       ASR1K: embedded packet capture
  More Information
  Blog URL: Packet Capture Capabilities of Cisco Routers and Switches
  Watch the Video:  https://supportforums.cisco.com/videos/6226
  Hitesh Kumar is a customer support engineer in the High-Touch Technical Services team at Cisco specializing in routing protocols. He has been supporting major service providers and enterprise customers in routing, Multiprotocol Label Switching (MPLS), multicast, and Layer 2 VPN (L2VPN) issues on routing platforms for more than three years. He has more than six years of experience in the IT industry and holds a CCIE certification (number 38757) in service. 
  Rahul Rammanohar is a technical leader with the High-Touch Technical Support Team in India. He handles escalations in the area of routing protocols and large-scale architectures for devices running Cisco IOS, IOS-XR, and IOS-XE Software. He has been supporting major service providers and large enterprise customers for routing, MPLS, multicast, and L2VPN issues on all routing platforms. He has more than 13 years of experience and holds a CCIE certification (number 13015) in routing/switching and service provider.
  Remember to use the rating system to let Hitesh and Rahul know if you have received an adequate response.  
  Because of the volume expected during this event, Hitesh and Rahul might not be able to answer each question. Remember that you can continue the conversation in the Service Provider, sub-community forum shortly after the event. This event lasts through November 1, 2013. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Hello Erick
      Thanks for the topology. The trigger will be different for labelled  packet as you would need to mention the values of labels too in the  trigger.
       Below are two examples of one or two labels being  used, it depends on where you are capturing the packet in mplsvpn  scenario which will decide teh number of labels being imposed on the  packet.
  Trigger for one label. (if the router on which you are capturing the packet PHP is being performed)
  VPN label - 5678
  Source Address - 111.111.111.111
  Destination Address - 123.123.123.123
  show platform capture elam trigger dbus others if data = 0 0 0 0x88470162 0xE0000000 0 0 0x00006F6F 0x6F6F 7B7B 0x7B7B0000 [ 0 0 0 0xffffffff 0xf0000000 0 0 0x0000ffff 0xffffffff 0xffff0000 ]
  Trigger for two labels. (for other core routers)
  IGP label - 1234
  VPN label - 5678
  Source Address - 111.111.111.111
  Destination Address - 123.123.123.123
  show platform capture elam trigger dbus others if data = 0 0 0 0x8847004D 0x20000162 0xE0000000 0 0 0x00006F6F 0x6F6F7B7B 0x7B7B0000 [ 0 0 0 0xffffffff 0xf000ffff 0xf0000000 0 0 0x0000ffff 0xffffffff 0xffff0000 ]
      You can check the labels being used (by using show ip cef <> details) and covert their values to hex and change the trigger accordingly.
       I have changed the colors for better understanding. If you notice carefully in the trigger the values for ip address, labels have just been converted to their respective hex values which could be replaced.
       Please let me know if this helps.
  Thanks & Regards
  Hitesh & Rahul

• Ask the Expert: Enterprise Design and Deployment of Multicast

  Welcome to this Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about Cisco enterprise design and deployment of multicast solutions.
  The enterprise world is evolving to be overcome with large throughput capacity and record numbers of users connecting to the network. Mechanisms such as multicast, which allows for a minimization of throughput for multiple users subscribing to the same stream, are a welcome addition. Applications such as enterprise all-hands video streaming, trading applications, mass operating system deployment, and custom implementations can put a strain on the network if done via unicast. Multicast can minimize this strain by replicating a single stream for subscription by multiple parties who would like to receive the same information. For this Ask the Expert event, Patrick Lloyd, CCIE R&S no. 39750 and a network consulting engineer with Cisco’s Enterprise Advanced Services Delivery Team, will answer questions about multicast design and implementation based on best practices and prior experience with large enterprise deployments.
  Patrick Lloyd is a network consulting engineer for Cisco’s Enterprise East Advanced Services team, working to support and lend his expertise to a number of financial, insurance, healthcare, and consulting customers. In his four years of experience, he has lent design expertise to multicast networks ranging from 500 Cisco devices and 20K users to upward of 4500 Cisco devices and 50K users. Patrick is certified with his Cisco Certified Internetworking Expert no. 39750 in the Routing and Switching track and also has achieved certification in CCNA Security and Securing Cisco Routers and Switches as part of the CCNP Security track. Patrick received his MS degree in networking and systems administration from Rochester Institute of Technology in Rochester, NY, and his BS degree in computer science from Eastern Connecticut State University. He frequently gives customer-based knowledge transfers.
  Remember to use the rating system to let Patrick know if you have received an adequate response.
  Because of the volume expected during this event, Patrick might not be able to answer every question. Remember that you can continue the conversation in Network Infrastructure under the subcommunity WAN, Routing & Switching shortly after the event. This event lasts through September 12, 2014. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Thanks for the question!  This is actually a good one that I've encountered with a couple customers in the past, the tradeoff between a flood and prune type design, as opposed to the shared tree -> shortest path tree sequence.  As per Cisco best practice, we are actively trying to get customers to implement sparse mode, going so far as to not support PIM dense mode in our data center products.  And for good reason!  The last thing you want is a chatty protocol within the data center which is flooding traffic out to receivers who may or may not be interested in it every 3 minutes.  Instead, you're much better off having interested receivers join a stream, have your RP connect the interested senders and receivers, and then transition to the shortest path between source and destination.
  That being said, if you're studying for CCIE or looking to get experience in how multicast works, dense mode should at least be a lab exercise!
  Links for reference as to the difference in PIM modes:
  Dense Mode Operation:
  http://www.cisco.com/en/US/docs/ios/ipmulti/configuration/guide/imc_pim_dense_rfrsh.pdf
  Pim Modes and explanation of each:
  http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12-2_53_se/configuration/guide/3750xscg/swmcast.html#wp1077051
  A great slide deck to learn the operation of multicast:
  https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=6633&backBtn=true
  Troubleshooting Multicast:
  https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=78578&backBtn=true
  Let me know if this is the answer you're looking for!

• Ask the Expert: Single-Site and Multisite FlexPod Infrastructure

  With Haseeb Niazi and Chris O'Brien 
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about Single-Site and Multisite FlexPod Infrastructure with experts Haseeb Niazi and Chris O'Brien.
  This is a continuation of the live webcast.
  FlexPod is a predesigned and prevalidated base data center configuration built on Cisco Unified Computing System, Cisco Nexus data center switches, NetApp FAS storage components, and a number of software infrastructure options supporting a range of IT initiatives. FlexPod is the result of deep technology collaboration between Cisco and NetApp, leading to the creation of an integrated, tested, and validated data center platform that has been thoroughly documented in a best practices design guide. In many cases, the availability of Cisco Validated Design guides has reduced the time to deployment of mission-critical applications by 30 percent.
  The FlexPod portfolio includes a number of validated design options that can be deployed in a single site to support both physical and virtual workloads or across metro sites for supporting high availability and disaster avoidance. This session covers various design options available to customers and partners, including the latest MetroCluster FlexPod design to support a VMware Metro Storage Cluster (vMSC) configuration.
  Haseeb Niazi is a technical marketing engineer in the Data Center Group specializing in security and data center technologies. His areas of expertise also include VPN and security, the Cisco Nexus product line, and FlexPod. Prior to joining the Data Center Group, he worked as a technical leader in the Solution Development Unit and as a solutions architect in Advanced Services. Haseeb holds a master of science degree in computer engineering from the University of Southern California. He’s CCIE certified (number 7848) and has 14 years of industry experience.   
  Chris O'Brien is a technical marketing manager with Cisco’s Computing Systems Product Group.  He is currently focused on developing infrastructure best practices and solutions that are designed, tested, and documented to facilitate and improve customer deployments. Previously, O'Brien was an application developer and has worked in the IT industry for more than 20 years.
  Remember to use the rating system to let Haseeb and Chris know if you have received an adequate response. 
  Because of the volume expected during this event, Haseeb and Chris might not be able to answer every question. Remember that you can continue the conversation in the Data Center community, subcommunity Unified Computing shortly after the event. This event lasts through September 27, 2013. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.
  Webcast related links:
  Single-Site and Multisite FlexPod Infrastructure - Slides from live webcast
  Single-Site and Multisite FlexPod Infrastructure: FAQ from live webcast
  Single-Site and Multisite FlexPod Infrastructure - Video from live webcast

  I would suggest you read this white paper which details the pros and cons of direct connect storage. 
  http://www.cisco.com/en/US/partner/prod/collateral/ps10265/ps10276/whitepaper_c11-702584.html   This paper captures all the major design points for Ethernet and FC  protocols.
  I would only add that in FlexPod we are trying to create a highly  available solution and "flexible" solution; Nexus switching helps us  deliver on both with vPC and unified ports.
  NPV equats  to end-host mode which allows the system to present all of the servers  as N ports to the external fabric.  In this mode, the vHBAs are pinned  to the egress interfaces of the fabric interconnects.  This pinning  removes the potential of loops in the SAN fabric.  Host based multipathing of the  vHBAs account for potential uplink failures.  The NPV mode (end-host  mode) simplifies the attachment of UCS into the SAN fabric and that is  why it is in NPV mode by default.
  So for your last question, I will have to put my  Product Manager hat on so bear with me.   First off there is no drawback  to enabling the NPIV feature (none that I am aware of) the Nexus 5000  platform simply offers you a choice to design and support multiple FC  initiators (N-Ports) per F-Port via NPIV.  This allows for the  integration of the FI end-host mode described above.  I  imagine being a  unfied access layer switch, the Nexus team enabled standard Fibre  Channel switching capability and features first.  The implementatin of  NPIV is a customer choice based on their specific access layer  requirements.
  /Chris

• Ask the Expert: Layer 2 Security on Cisco Catalyst Platforms

  With Wilson Bonilla
  Welcome to the Cisco Support Community Ask the Expert conversation.  This  is an opportunity to learn and ask questions about about issues in designing, planning, and implementing Layer 2 security in your LAN network with expert Wilson Bonilla. 
  Wilson will cover topics that network engineers face daily such as Spanning Tree Protocol security, private VLANs, IP source guard, protected ports, dynamic ARP inspection, virtual LAN access-control lists (VLAN ACLs), and Dynamic Host Configuration Protocol (DHCP) snooping over Cisco Catalyst platforms.  With the fast growth of networks, Layer 2 security is even more critical in the LAN to help your network become more reliable, efficient, and secure. Wilson will answer your questions about LAN networks with Cisco Catalyst switches.  
  Wilson Bonilla is a technical networking trainer at the Learning and Development Department for Cisco Technical Assistance Center located in Costa Rica. Before joining the Training Department, he worked for the Cisco TAC as a customer support engineer focused on LAN Switching for more than two years. While working on LAN switching, Wilson also had roles such as technical leader and trainer, adding to his area of expertise in Cisco Catalyst Layer 2 switching. He has CCNP routing and switching certification and is currently studying to achieve his CCNA certification in data center.
  Remember to use the rating system to let Wilson know if you've received an adequate response. 
  Because of the volume expected during this event, Wilson might not be able to answer every question. Remember that you can continue the conversation in the Network Infrastructure community, subcommunity, LAN, Switching and Routing, shortly after the event. This event lasts through November, 2013. Visit this forum often to view responses to your questions and those of other Cisco Support Community members.

  Hello NetNavi.
  Check the post above about MacSec for more information and let me know if you need further clarification, if so I will do my best,
  In regards to best practices there is a Cisco document; it describes deployments and best practices in every scenario; Supplicants, authenticator, authentication services and other configurations. Please check it out:
  http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6638/deploy_guide_c17-663760.html
  In regards to Private VLANS:
  What is a Private Vlan?
  A private Vlan is a way to isolate hosts within the same Vlan or broadcast domain. So even when you might have devices sharing the same broadcast domain they can be isolated, this isolated is configured based on sub-domains also most often called primary and secondary Vlans.
  What is a primary Vlan?
  The primary Vlan is representation of the private Vlan, a primary Vlan has one or more secondary Vlans, a switch uses the primary Vlan to present traffic from the secondary Vlans to its neighboring devices.
  What is a secondary Vlan?
  A secondary Vlan is a sub-domain of the primary Vlan. We could say that the secondary Vlans belongs to the primary. The must be associated to a primary Vlan. There are two types of secondary vlans: Isolated and Community secondary Vlans.
  What does it happen to host within a secondary isolated Vlan?
  Host within the isolated vlan; can’t communicate to neither other host in the same isoalted vlan nor host in a community vlan.
  What does it happen to host within the secondary community Vlan?
  Host within the community Vlan can communicate with other host assigned to the same community vlan, but they can’t talk to host in other community vlans.
  What are the benefits of implementing private Vlans?
  Scalability: The most common scenario is a service provider. Imagine all customers of a service provider connected through DSL, cable modem… it’s very likely that all customers belong to the same broadcast domain, however if that’s the case why is it that I can’t use my neighbor’s printer, or maybe why is it that I can’t access the files he has store in his computer, (security) we are in the same broadcast shouldn’t I be able to at least ping his ip address?. Well that’s because the ISP must guarantee some type of security for their customers, and because put every single customer that they have in a single Vlan is not scalable they use private Vlans.
  Examples:
  ISP use private vlans to protect from security bridges, Private vlans and isolated Vlans are used to protect personal information for example from one customer to another.
  DMZ; Many implementations utilizes private vlans in a DMZ to limt or minimize that risk of a compromised server.
  I would like to share this documentation with you for further information and configuration guidelines
  http://www.cisco.com/en/US/tech/tk389/tk814/technologies_configuration_example09186a008017acad.shtml#hw
  This document explains what Cisco Catalyst switches support Private Vlans. 
  http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a0080094830.shtml
  Let me know if you have further questions.
  Regards
  Wilson B.