BGP, VRF and PBR ("set vrf")

Similar Messages

• Serial interfaces, ip vrf forwarding, and PBR with set vrf

  I am doing some work with VRF-lite but I am having some trouble with serial interfaces. I have a PE router with a serial interface where I want to take incoming traffic and using policy-based routing send the traffic to the appropriate VRF. I want to assign the serial interface itself to be in one of those VRFs, not the global routing table. Eventually, I also want to overlap the VPNs/VRFs to send traffic going out the serial interface through the VRF assigned to the serial interface. Initially, it looks something like this:
  ip vrf VRF1
  rd 65000:3
  route-target export 65000:3
  ip vrf VRF2
  rd 65000:18
  route-target import 65000:3
  ip route vrf VRF1 10.90.51.0 255.255.255.0 192.168.11.18
  interface Serial0/0/0
  ip vrf forwarding VRF1
  ip address 192.168.11.17 255.255.255.252
  router bgp 65000
  no synchronization
  bgp log-neighbor-changes
  no auto-summary
  address-family ipv4 vrf VRF1
  redistribute static
  no auto-summary
  no synchronization
  exit-address-family
  ip access-list extended remote-source
  permit ip 10.90.0.0 0.0.255.255 any
  route-map SERIAL-INCOMING permit 100
  match ip address remote-source
  set vrf VRF2
  But if I try to turn on the policy based routing at the serial interface, I get an error:
  Router(conf)#interface Serial0/0/0
  Router(config-if)#ip policy route-map SERIAL-INCOMING
  % Can not apply route-map SERIAL-INCOMING to this interface
  % Either remove 'set vrf' from route-map or unconfigure 'ip vrf forward'
  I can sort of get around the problem by using an "ip vrf receive" instead of "ip vrf forward", but unfortunately, that leaves my Serial interface in the global table which isn't what I wanted.
  What troubles me is that I can do this without any problems on an Ethernet interface. Are there any known issues with "ip vrf forward" and using PBR and "set vrf" on Serial interfaces, or have I configured something wrong?
  If I stick with the "ip vrf receive", how can I force the physical Serial interface into the appropriate VRF?
  Thanks.
  Clarke Morledge
  College of William and Mary

  Upon further investigation....
  The serial interface issue was a red herring. It just so happens that every other time I've done this it has been on a flavor of 12.2x on a 6500/7600 where this feature is supported. The only systems I have with Serial interfaces are 1841s.
  The problem with the 1841 is that most of the code revisions out there do not support this feature. It was only added to the regular code train with the recent release of 12.2(24)T. I tested with 12.2(24)T1 and you are now able to use "ip vrf forwarding" on all interfaces along with a PBR route-map that uses the "set vrf" option.
  Thanks, Laurent, for pointing me towards the TAC on this.
  Clarke Morledge
  College of William and Mary

• Sourced Based VRFs and IPSEC

  Hi All,
  I have 2 questions.
  1) Does Cisco Router 7600 with SUP720 3BXL supports VRF Selection based on Source IP Address [Layer 3 VPNs]?
  2) We have various clients reaching a Router and we want to forward them to a their company's VRFs, based on their source address (Given by Radius or Statically). Now, Ideally, we want to give to the customer's H.Q. the option to connect to this router using Leased Lines (or Frame Relays) or by using IPSEC (over the internet). Is this possible? Can traffic from an access server arrive to an interface and based on the source, the user will be either forwarded to a VRF or an IPSEC?
  Regards.
  Regards.

  Hello,
  a solution to xour problem could be to have a VRF aware access server and place the customers into their respective VRF right away (the feature is called Multi-VRF aka VRF-lite). IPSec and Dialer interfaces are possible. Based on authentication you could define the VRF and by having a dot1Q trunk to the 7600 which operates as the MPLS PE.
  A second option is to have the trunk to the 7600, VLANs in different VRFs and to do PBR into different VLANs on the CE router/access server.
  Hope this helps! please rate all posts.
  Regards, Martin

• Inject BGP Default Routes into Multiple VRF before Best Path Selection

  Hello, 
  I have the following setup:
  Multiple Border Routers with eBGP sessions to external AS. We receive a default route from this multiple AS to keep the Table manageable. We noticed an important part of our traffic was been SW routed instead of CEF when we had the Full Internet table. Router Resources came to the ground when we changed to a default. 
  Now I want to separate this default routes into different VRF. Attached is the Diagram. 
  My question is,  the multiple default route all go into the BGP Table. The BGP table then select the best route and place it on the RIB and then to the FIB. 
  I want to redistribute the different Route on the BGP table prior to the Best path selection algorithm and placed on the RIB. 
  How can I achieve this?

  Hi,
  Redistribution of multiple routes to same prefix is not possible. Even if you have configured BGP multipath and all different bgp routes got installed into routing table, during redistribution only route will be redistributed. 
  Also would like to understand the requirement of redistributing multiple BGP routes in to IGP. As per your diagram, 3 different eBGP sessions are on three different routers, so you can prefer eBGP route over iBGP received from other routers and can distribute eBGP route to IGP from each router. Thus you will have three different default routes in to IGP in core.
  Please don't forget to rate this post if it has been helpful
  - Akash

• VRF and CEF adj table

  Hello!
  I've faced with CEF adj table overflow on SUP720-3BXL when tried to import BGP Full View into VRF on PE.
  The scheme is following: border router R1 (6500 SUP720-3BXL) is MPLS PE. BGP session with uplinks are configured in address-family ipv4 vrf Uplink.
  I use "Per VRF label" feature for VRF Uplink due to TCAM limitations.
  There is another PE router R2 (6500 SUP720-3BXL) in the network with VRF Uplink.
  R2 has a problem with CEF adj table overflow because it creates adj entry for each prefix from BGP Full View instead of common entry for all traffic to R01. The content of these adj entries is identical.
  Here is some output from R1 and R2:
  R1#sh mls cef vrf Uplink 12.43.140.0 24 detail
  Codes: M - mask entry, V - value entry, A - adjacency index, P - priority bit
  D - full don't switch, m - load balancing modnumber, B - BGP Bucket sel
  V0 - Vlan 0,C0 - don't comp bit 0,V1 - Vlan 1,C1 - don't comp bit 1
  RVTEN - RPF Vlan table enable, RVTSEL - RPF Vlan table select
  Format: IPV4_DA - (8 | xtag vpn pi cr recirc tos prefix)
  Format: IPV4_SA - (9 | xtag vpn pi cr recirc prefix)
  M(5446   ): E | 1 FFF  0 0 0 0   255.255.255.0
  V(5446   ): 8 | 1 1    0 0 0 0   12.43.140.0        (A:360615 ,P:1,D:0,m:0 ,B:0 )
  R1#sh mls cef vrf Uplink 12.43.146.0 24 detail
  Codes: M - mask entry, V - value entry, A - adjacency index, P - priority bit
  D - full don't switch, m - load balancing modnumber, B - BGP Bucket sel
  V0 - Vlan 0,C0 - don't comp bit 0,V1 - Vlan 1,C1 - don't comp bit 1
  RVTEN - RPF Vlan table enable, RVTSEL - RPF Vlan table select
  Format: IPV4_DA - (8 | xtag vpn pi cr recirc tos prefix)
  Format: IPV4_SA - (9 | xtag vpn pi cr recirc prefix)
  M(5447   ): E | 1 FFF  0 0 0 0   255.255.255.0
  V(5447   ): 8 | 1 1    0 0 0 0   12.43.146.0        (A:360615 ,P:1,D:0,m:0 ,B:0 )
  R2#sh mls cef vrf Uplink 12.43.140.0 24 detail
  Codes: M - mask entry, V - value entry, A - adjacency index, P - priority bit
  D - full don't switch, m - load balancing modnumber, B - BGP Bucket sel
  V0 - Vlan 0,C0 - don't comp bit 0,V1 - Vlan 1,C1 - don't comp bit 1
  RVTEN - RPF Vlan table enable, RVTSEL - RPF Vlan table select
  Format: IPV4_DA - (8 | xtag vpn pi cr recirc tos prefix)
  Format: IPV4_SA - (9 | xtag vpn pi cr recirc prefix)
  M(4728   ): E | 1 FFF  0 0 0 0   255.255.255.0
  V(4728   ): 8 | 1 1    0 0 0 0   12.43.140.0        (A:294998 ,P:1,D:0,m:0 ,B:0 )
  R2#sh mls cef vrf Uplink 12.43.146.0 24 detail
  Codes: M - mask entry, V - value entry, A - adjacency index, P - priority bit
  D - full don't switch, m - load balancing modnumber, B - BGP Bucket sel
  V0 - Vlan 0,C0 - don't comp bit 0,V1 - Vlan 1,C1 - don't comp bit 1
  RVTEN - RPF Vlan table enable, RVTSEL - RPF Vlan table select
  Format: IPV4_DA - (8 | xtag vpn pi cr recirc tos prefix)
  Format: IPV4_SA - (9 | xtag vpn pi cr recirc prefix)
  M(4729   ): E | 1 FFF  0 0 0 0   255.255.255.0
  V(4729   ): 8 | 1 1    0 0 0 0   12.43.146.0        (A:311382 ,P:1,D:0,m:0 ,B:0 )
  R2#sh mls cef adjacency entry 294998 detail
  Index: 294998  smac: 0002.7eb5.7000, dmac: 00d0.01f9.c000
  mtu: 9018, vlan: 1020, dindex: 0x0, l3rw_vld: 1
  format: MPLS, flags: 0x8418
  label0: 0, exp: 0, ovr: 0
  label1: 16, exp: 0, ovr: 0
  label2: 453, exp: 0, ovr: 0
  op: PUSH_LABEL2_LABEL1
  packets: 0, bytes: 0
  R2#sh mls cef adjacency entry 311382 detail
  Index: 311382  smac: 0002.7eb5.7000, dmac: 00d0.01f9.c000
  mtu: 9018, vlan: 1020, dindex: 0x0, l3rw_vld: 1
  format: MPLS, flags: 0x8418
  label0: 0, exp: 0, ovr: 0
  label1: 16, exp: 0, ovr: 0
  label2: 453, exp: 0, ovr: 0
  op: PUSH_LABEL2_LABEL1
  packets: 0, bytes: 0
  It seems to me that 6500 need 1 adj entry for 1 FEC and it can't summarize all traffic with defined label to 1 FEC. Am i right?

  Hi, Yasir.
  Thank for your reply!
  R1 is a border router - routes are point to Uplink ISP:
  R1#sh ip route vrf Uplink 12.43.140.0
  Routing entry for 12.43.140.0/24
    Known via "bgp 12668", distance 20, metric 25
    Tag 31133, type external
    Last update from 85.26.237.46 20:04:33 ago
    Routing Descriptor Blocks:
    * 85.26.237.46, from 85.26.237.46, 20:04:33 ago
        Route metric is 25, traffic share count is 1
        AS Hops 4
        Route tag 31133
        MPLS label: none
  R1#sh ip route vrf Uplink 12.43.146.0
  Routing entry for 12.43.146.0/24
    Known via "bgp 12668", distance 20, metric 25
    Tag 31133, type external
    Last update from 85.26.237.46 20:04:43 ago
    Routing Descriptor Blocks:
    * 85.26.237.46, from 85.26.237.46, 20:04:43 ago
        Route metric is 25, traffic share count is 1
        AS Hops 4
        Route tag 31133
        MPLS label: none
  R1#sh ip cef vrf Uplink 12.43.140.0/24 detail
  12.43.140.0/24, epoch 1, flags rib only nolabel, rib defined all labels
  NetFlow: Origin AS 16711, Peer AS 0, Mask Bits 24
  recursive via 85.26.237.46
  attached to TenGigabitEthernet2/4.800
  R1#sh ip cef vrf Uplink 12.43.146.0/24 detail
  12.43.146.0/24, epoch 1, flags rib only nolabel, rib defined all labels
  NetFlow: Origin AS 16711, Peer AS 0, Mask Bits 24
  recursive via 85.26.237.46
  attached to TenGigabitEthernet2/4.800
  R2 is a PE Router - routes are point to border router R1 (212.49.96.9):
  R2#sh ip route vrf Uplink 12.43.140.0
  Routing entry for 12.43.140.0/24
    Known via "bgp 12668", distance 200, metric 25
    Tag 31133, type internal
    Last update from 212.49.96.9 20:05:29 ago
    Routing Descriptor Blocks:
    * 212.49.96.9 (Default-IP-Routing-Table), from 212.49.96.9, 20:05:29 ago
        Route metric is 25, traffic share count is 1
        AS Hops 4
        Route tag 31133
        MPLS label: 16
        MPLS Flags: MPLS Required
  R2#sh ip route vrf Uplink 12.43.146.0
  Routing entry for 12.43.146.0/24
    Known via "bgp 12668", distance 200, metric 25
    Tag 31133, type internal
    Last update from 212.49.96.9 20:05:37 ago
    Routing Descriptor Blocks:
    * 212.49.96.9 (Default-IP-Routing-Table), from 212.49.96.9, 20:05:37 ago
        Route metric is 25, traffic share count is 1
        AS Hops 4
        Route tag 31133
        MPLS label: 16
        MPLS Flags: MPLS Required
  R2#sh ip cef vrf Uplink 12.43.140.0/24 detail
  12.43.140.0/24, epoch 1, flags rib defined all labels
  recursive via 212.49.96.9 label 16
  nexthop 92.242.31.81 GigabitEthernet5/1 label 453
  R2#sh ip cef vrf Uplink 12.43.146.0/24 detail
  12.43.146.0/24, epoch 1, flags rib defined all labels
  recursive via 212.49.96.9 label 16
  nexthop 92.242.31.81 GigabitEthernet5/1 label 453

• VRF and FTP Server

  I have a weird problem with VRF and FTP Server. I have a lab setup whereby two VRFs Client1 and Client2 are created. Both the VRFs are in the same subnet. I have configured FTP-Server and TFTP-Server on this router. TFTP-Server works perfectly fine from both the networks. But for FTP-Server, I can login in to the FTP Server and authenticate positively. But when I try to do listing of directory, it gives a error "can't bind data".
  The web access to this router also works perfectly fine.
  Any idea why FTP fails.
  Before configuring vrf, the FTP server did work fine.
  Any idea why. here's the config :
  interface FastEthernet0/0.371
  description Client1
  encapsulation dot1Q 371
  ip vrf forwarding client1
  ip address 10.0.1.1 255.255.255.0
  interface FastEthernet0/0.372
  description Client2
  encapsulation dot1Q 372
  ip vrf forwarding client2
  ip address 10.0.1.1 255.255.255.0

  Ohhhhhhhh!!!
  I'm even more convinced its a passive/active problem with the ftp control channel. Did you try the gentleman's suggestion of passive ftp?? What's happening is that from a client on one vrf, you're attempting to terminate the ftp session in a router whom is in the second vrf. The ftp data session isn't vrf-aware from the sound of it, hence my question about what device models and IOS you're using.
  But I agree, it's getting complicated enough that sounds like TAC-time. My bet is something isn't vrf-aware to the point that the data is lost. For instance, to ping from one device to another from _within_ a vrf router instance, you have to use the keyword "vrf" like "ping vrf VRF_Name src dest".
  In your situation, your source is on one vrf while the destination is _within_ the second vrf, not just simply the IP packet being routed from vrf1-client (like a Windows PC) to vrf2-server (like a Unix ftp server).
  I'd be interested in hearing their solution.
  -Jeff

• Is it possible for Nexus7000 flexible netflow monitor for interfaces with different vrf and export to one netflow analyzer?

  I have a Nexus 7000 with many vlan interfaces with multiple vrf, I would like to know if my netflow analyzer only connected to one vrf, can I use flexible netflow on the Nexus 7000 to monitor those vlan interfaces with multiple vrf and export them to my netflow analyzer, so that I can see all flow from different vrfs on my netflow analyzer?
  Thank you!

  Adriano, there is a RV042G, which supports the gig ports and a 800 mbps nat throughput. Here is the datasheet
  http://www.cisco.com/en/US/prod/collateral/routers/ps10907/ps9923/ps12262/data_sheet_c78-706724.html
  If you are using a DSL connection, the SRP527/547 models may be an alternative. These models support the RFC 1483 Bridges EOA Please note the SRP547 should be 10/100/1000. Also note the SRP521/541 are Fast Ethernet units and they do differ from the SRP527/547. The main selling point of these devices are the FXS/FXO ports. So this may also be a bit of an "unfocused" solution. But it's worth throwing the idea out there!
  Here is the admin guide;
  http://www.cisco.com/en/US/docs/voice_ip_comm/unified_communications/srp540_series/administration/srp500_AG_2567701.pdf
  Here is the datasheet;
  http://www.cisco.com/en/US/prod/collateral/voicesw/ps6790/gatecont/ps10500/data_sheet_c78-550705.pdf

• VRF and DHCP issue

  VRF and DHCP issue
  We have a 6500 ( 12.2 (33) SXH5 ) that has a VRF running for our guest network. On this 6500 resides the DHCP pool with a range defined for our guest network. We have a stack of 3750's (12.2 (46) SE) connected to the 6500 with a L3 connection. The 3750's have a local guest VLAN with its gateway defined in a VLAN interface. This VLAN on the 3750 has an IP helper address pointing to an IP within the VRF on the 6500. When debugging DHCP on the 6500, a request is received and sent back out. The client never receives this request.
  If a static IP is applied, the client is able to communicate anywhere within the VRF successfully (including pinging the IP within the helper-address. As many posts have pointed out - there is no VRF <name> under the ip dhcp pool <name> within the 6500. I am just wondering if anyone else has run into this and what their solution was.
  Thanks.

  Hi,
  I have tested the dhcp server and vrf on Cisco 3640 and it is working without VRF under the ip dhcp pool. Please ensure that you have configured routing for the dhcp-relay agent(VLAN facing dhcp client on 3750 in your case).

• Possibility to use both Time Range ACL and PBR.

                     Hello
  I would like to find out the attached requirement.
  If there is any related information we greatly appreciate it.
  Actually I have already configure on Cisco1812J by using the following command.
  however the ACL status still shows "inactive" and the PBR does not function.
  *Configuration on R1
  time-range PBR-TIME
  periodic weekdays 15:40 to 15:41
  ip access-list extended PBR-TIME
  permit ip host 10.0.30.11 host 1.1.1.1 time-range PBR-TIME
  route-map PBR-TIME permit 10
  match ip address PBR-TIME
  set ip next-hop 10.0.20.3
  interface Vlan1
  ip address 10.0.30.1 255.255.255.0
  ip policy route-map PBR-TIME
  *Verification
  R1#sh ip access-lists
  Extended IP access list PBR-TIME
      10 permit ip host 10.0.30.11 host 1.1.1.1 time-range PBR-TIME (inactive)
  R1#sh route-map
  route-map PBR-TIME, permit, sequence 10
    Match clauses:
      ip address (access-lists): PBR-TIME
    Set clauses:
      ip next-hop 10.0.20.3
    Policy routing matches: 0 packets, 0 bytes
  *Traceroute from SW1
  SW1#traceroute 1.1.1.1
  Type escape sequence to abort.
  Tracing the route to 1.1.1.1
  VRF info: (vrf in name/id, vrf out name/id)
    1 10.0.30.1 0 msec 0 msec 9 msec
    2 10.0.10.2 0 msec 0 msec 17 msec
    3 10.0.11.254 0 msec *  0 msec

  Oh that is incredible!!
  It has been functioning correctly like this.
  Thank you for quick and precious advise.
  Regards,
  Masanobu Hiyoshi
  R1#sh ip access-lists
  Extended IP access list PBR-TIME
      10 permit ip host 10.0.30.11 host 1.1.1.1 time-range PBR-TIME (active) (45 matches)
  (omit)
  R1#sh ip access-lists
  Extended IP access list PBR-TIME
      10 permit ip host 10.0.30.11 host 1.1.1.1 time-range PBR-TIME (inactive) (45 matches)
  R1#
  SW1#traceroute 1.1.1.1
  Type escape sequence to abort.
  Tracing the route to 1.1.1.1
  VRF info: (vrf in name/id, vrf out name/id)
    1 10.0.30.1 0 msec 0 msec 0 msec
    2 10.0.20.3 0 msec 0 msec 9 msec
    3 10.0.21.254 0 msec *  0 msec
  SW1#traceroute 1.1.1.1
  Type escape sequence to abort.
  Tracing the route to 1.1.1.1
  VRF info: (vrf in name/id, vrf out name/id)
    1 10.0.30.1 0 msec 9 msec 0 msec
    2 10.0.10.2 0 msec 0 msec 8 msec
    3 10.0.11.254 0 msec *  0 msec

• I forgot the administrator password for my mac and cant set a new one without it how can i set a new one

  i forgot the administrator password for my mac and cant set a new one without it how can i set a new one

  Reset Password 10.7, 10.8...
  http://reviews.cnet.com/8301-13727_7-20087723-263/how-to-run-the-password-reset- utility-in-os-x-10.7-lion/

• When I open a raw file (NEF Nikon 7100)  and apply setting then click save, I get an error ( could not complete your request because of a program error ). Ideas?

  when I open a raw file (NEF Nikon 7100)  and apply setting then click save, I get an error ( could not complete your request because of a program error ). Ideas?

  Oh, dear.
  If you use PSE as your external editor for iphoto, you need to save the images back to iphoto by using Save, not Save As and not changing anything like the name or format that would bring up the Save As window. (You may need to adjust the editor prefs>saving files>on first save to save over existing.)
  OR you can export the photos from iphoto to the desktop, use file>open in the editor and then change whatever you want and either import the saved image to the organizer or import it back to iphoto as a new file. What you are doing is extremely risky, particularly to the iphoto library which you may easily damage by your workflow.
  I would start the organizer holding down the shift key, then create a new catalog and switch to the new one. Then try opening the editor without opening an image and see if you get any farther.
  PSE and iphoto are not designed to be used as you've been doing. You are trying to write to the iphoto library from outside iphoto, which is the fastest known way to corrupt the library and lose all your photos.

• Hi i got a new airport express for christmas and i set it up as per instructions ,i even give a static ip and wpa2 security ..the problem is is when i come to want to use it it says its not on my network and a orange triangle shows .when i reboot it works

  hi i got a new airport express for christmas and i set it up as per instructions ,i even give a static ip and wpa2 security ..the problem is is when i come to want to use it it says its not on my network and a orange triangle shows .when i reboot it works..then if i leave it a while and try iy agian its disapeared of my network...i have a bt hub 3 ....any help please ..im not sure if itsa faulty express

  I really don't have an answer for that one. I guess that while trying to get things working correctly, I would use the most basic monitor I had which in your case would be the Eizon using the Thunderbolt port and adaptor.
  When you boot into Safe Mode the startup is quite slow, but you should get the Apple logo and then the spinning gear below it (release the SHIFT key when it appears.) Then after a little more time you should see a gray progress bar appear below the spinning gear. When that disappears the computer will startup to a login screen.

• Can you save your own theme and button set up so I can use the same format

  Can you save your own theme and button set up, so I can use this same format for similar content. I want to keep the button content and the theme the same without having to create it everytime? I am trying to streamline the process for multiple dvd's with the same menu and buttons but different content. Does that make sense?

  I am only new to this caper too, but I am pretty sure you can save a theme as a favourite by pressing the "save theme as favourite" button under file. If you have edited an existing theme but don't want to lose it, make sure you untick the replace existing button.

• Jabber 9.2 and StartCallWithVideo set to false not taking

  The StartCallWithVideo option doesn't seem to working in Jabber 9.2 (tried 9.2.0 and 9.2.2). Tried false and FALSE for value.
  The jabber-config file downloads fine and has all the settings below on PC and the DockedWindow is not visible so the settings are working, but the calls start with video still and on the Jabber GUI under call section the start calls with video is selected.
  When I make call to someone else it starts with video unless I manually set to not start calls with video.
  Not finding any bugs on this.
  Anyone seen this before or know how to get it working if it isn't a bug?
  <?xml version="1.0" encoding="utf-8"?>
  <config version="1.0">
  <Client>
  </Client>
  <Directory>
    <DirectoryServerType>UDS</DirectoryServerType>
  </Directory>
  <Options>
    <StartCallWithVideo>FALSE</StartCallWithVideo>
    <Start_Client_On_Start_OS>true</Start_Client_On_Start_OS>
    <DockedWindowVisible>FALSE</DockedWindowVisible>
    </Options>
  <Policies>
  <Screen_Capture_Enabled>true</Screen_Capture_Enabled>
    <File_Transfer_Enabled>true</File_Transfer_Enabled>
    <Disallowed_File_Transfer_Types>.exe;.msi;.rar;.zip;.mp3</Disallowed_File_Transfer_Types>
    <Video_Disabled>false</Video_Disabled>
  </Policies>
  </config>

  Anyone have fix to this issue with IM&P 9.1.1, I have UC Service profile setup right and the setting set to false and my client is getting current XML file but still starts calls with video. I've tried both upper case and lower case for the false value. Other settings from my jabber-config file are working just fine. 
  FALSE
  I've been thru the links above and documentation again but not seeing a option anywhere on CUCM UC profile pages or IM&P to disable this.

• I am trying to setup Microsoft office mail and need assistance  - I am receiving the error, unable to find server and DNS setting in the Network

  I am trying to setup Microsoft office mail and need assistance  - I am receiving the error, unable to find server and DNS setting in the Network

  Which version of OSX and what email provider are you using.