Cisco WCS client count report - client count figures cumulative or concurrent?
Hi,
Just want to clarify the "assoicated client count" and "Authenticated client count" values from WCS Client count report concurrent or cumculative?
The client count report in excel format:
Total Client Count
Total Count
Event Time
Associated Client Count
Authenticated Client Count
total
Sun Oct 12 23:59:59 HKT 2014
3992
3854
total
Mon Oct 13 23:59:59 HKT 2014
7838
7289
total
Tue Oct 14 23:59:59 HKT 2014
7724
7124
total
Wed Oct 15 23:59:59 HKT 2014
6849
6336
total
Thu Oct 16 23:59:59 HKT 2014
5908
5530
total
Fri Oct 17 23:59:59 HKT 2014
1240
1228
total
Sat Oct 18 23:59:59 HKT 2014
1040
1031
Client Count
AP Name
Base Radio MAC
Event Time
Associated Client Count
Authenticated Client Count
AP-EDHB-018
08:1f:f3:23:23:10
Mon Oct 13 23:59:59 HKT 2014
160
157
AP-EDHB-018
08:1f:f3:23:23:10
Tue Oct 14 23:59:59 HKT 2014
121
120
AP-EDHB-018
08:1f:f3:23:23:10
Wed Oct 15 23:59:59 HKT 2014
95
95
AP-EDHB-018
08:1f:f3:23:23:10
Thu Oct 16 23:59:59 HKT 2014
94
94
AP-EDHB-018
08:1f:f3:23:23:10
Fri Oct 17 23:59:59 HKT 2014
6
6
AP-EDHB-018
08:1f:f3:23:23:10
Sat Oct 18 23:59:59 HKT 2014
3
3
AP-EDHB-019
08:1f:f3:23:24:30
Sun Oct 12 23:59:59 HKT 2014
38
38
AP-EDHB-019
08:1f:f3:23:24:30
Mon Oct 13 23:59:59 HKT 2014
113
110
AP-EDHB-019
08:1f:f3:23:24:30
Tue Oct 14 23:59:59 HKT 2014
110
109
AP-EDHB-018 have 160 assoicated client count reported. Really mean there were 160 wireless client assoicated at a moment or there were a totally 160 connected at that day?
Any idea?
Dick
Hi Kayle,
Thanks for the response. I think you are talking about this in the above.
Reports > Report Launch Pad > Client > Client Count > Client Count Report Details
then
AP by Floor Area and select "All Campus", "All Building", "All Floor"
By doing this I get 700+ APs daily client count in graphical (pdf) view and need to go through manually each graph to identify the top 50, top 100 in a given day.
Is it possible to only filter the top 50, 100 APs ?
I would like see my daily report gives something similar to the below
AP Name Max Client Count
AP01 96
AP02 83
AP50 20
Would it possible to get something like this from WCS reports ?
Thanks
Rasika
Similar Messages
-
Hi All,
hoping this is the right sub-forum for this query!
WCS is missing entries from it's client details report. on our firewall logs I had an IP I wanted to check for it's MAC address, I could see the log entry in our firewall and the time and date stamp along with the wireless IP Address.
I ran the Client Details report in WCS on the date and specified the times between 12:00 noon and 6:00pm and it failed to find the associated IP address in the log.
I know for certain that the IP was active at that point in time and it should appear in a our client details report, but it's not getting logged.
We are using version 7.0.172.0 of Cisco WCS if that makes any oddsYou can use the WCS navigator. The Cisco WCS Navigator provides network administrators with easy, cost-effective access to information from multiple geographically diverse Cisco WCS management platforms. This innovative platform allows network managers to partition the unified wireless network at the management level.
-
Need HELPS! ASA 5505 8.4 Cisco VPN Client cannot ping any internal host
Hi:
Need your great help for my new ASA 5505 (8.4)
I just set a new ASA 5505 with 8.4. However, I cannot ping any host after VPN in with Cisco VPN client. Please see below posted configuration file, thanks for any suggestion.
ASA Version 8.4(3)
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
switchport access vlan 2
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 172.29.8.254 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 177.164.222.140 255.255.255.248
ftp mode passive
clock timezone GMT 0
dns server-group DefaultDNS
domain-name ABCtech.com
same-security-traffic permit inter-interface
object network obj_any
subnet 172.29.8.0 255.255.255.0
object service RDP
service tcp source eq 3389
object network orange
host 172.29.8.151
object network WAN_173_164_222_138
host 177.164.222.138
object service SMTP
service tcp source eq smtp
object service PPTP
service tcp source eq pptp
object service JT_WWW
service tcp source eq www
object service JT_HTTPS
service tcp source eq https
object network obj_lex
subnet 172.29.88.0 255.255.255.0
description Lexington office network
object network obj_HQ
subnet 172.29.8.0 255.255.255.0
object network guava
host 172.29.8.3
object service L2TP
service udp source eq 1701
access-list VPN_Tunnel_User standard permit 172.29.8.0 255.255.255.0
access-list VPN_Tunnel_User standard permit 172.29.88.0 255.255.255.0
access-list inside_access_in extended permit icmp any any
access-list inside_access_in extended deny tcp any any eq 135
access-list inside_access_in extended deny tcp any eq 135 any
access-list inside_access_in extended deny udp any eq 135 any
access-list inside_access_in extended deny udp any any eq 135
access-list inside_access_in extended deny tcp any any eq 1591
access-list inside_access_in extended deny tcp any eq 1591 any
access-list inside_access_in extended deny udp any eq 1591 any
access-list inside_access_in extended deny udp any any eq 1591
access-list inside_access_in extended deny tcp any any eq 1214
access-list inside_access_in extended deny tcp any eq 1214 any
access-list inside_access_in extended deny udp any any eq 1214
access-list inside_access_in extended deny udp any eq 1214 any
access-list inside_access_in extended permit ip any any
access-list inside_access_in extended permit tcp any any eq www
access-list inside_access_in extended permit tcp any eq www any
access-list outside_access_in extended permit icmp any any
access-list outside_access_in extended permit tcp any host 177.164.222.138 eq 33
89
access-list outside_access_in extended permit tcp any host 177.164.222.138 eq sm
tp
access-list outside_access_in extended permit tcp any host 177.164.222.138 eq pp
tp
access-list outside_access_in extended permit tcp any host 177.164.222.138 eq ww
w
access-list outside_access_in extended permit tcp any host 177.164.222.138 eq ht
tps
access-list outside_access_in extended permit gre any host 177.164.222.138
access-list outside_access_in extended permit udp any host 177.164.222.138 eq 17
01
access-list outside_access_in extended permit ip any any
access-list inside_access_out extended permit icmp any any
access-list inside_access_out extended permit ip any any
access-list outside_cryptomap extended permit ip 172.29.8.0 255.255.255.0 172.29
.88.0 255.255.255.0
access-list inside_in extended permit icmp any any
access-list inside_in extended permit ip any any
access-list inside_in extended permit udp any any eq isakmp
access-list inside_in extended permit udp any eq isakmp any
access-list inside_in extended permit udp any any
access-list inside_in extended permit tcp any any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool ABC_HQVPN_DHCP 172.29.8.210-172.29.8.230 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm history enable
arp timeout 14400
nat (inside,outside) source static orange interface service RDP RDP
nat (inside,outside) source static obj_HQ obj_HQ destination static obj_lex obj_
lex route-lookup
nat (inside,outside) source static guava WAN_173_164_222_138 service JT_WWW JT_W
WW
nat (inside,outside) source static guava WAN_173_164_222_138 service JT_HTTPS JT
_HTTPS
nat (inside,outside) source static guava WAN_173_164_222_138 service RDP RDP
nat (inside,outside) source static guava WAN_173_164_222_138 service SMTP SMTP
nat (inside,outside) source static guava WAN_173_164_222_138 service PPTP PPTP
nat (inside,outside) source static guava WAN_173_164_222_138 service L2TP L2TP
object network obj_any
nat (inside,outside) dynamic interface
access-group inside_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 177.164.222.142 1
route inside 172.29.168.0 255.255.255.0 172.29.8.253 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server Guava protocol nt
aaa-server Guava (inside) host 172.29.8.3
timeout 15
nt-auth-domain-controller guava
user-identity default-domain LOCAL
http server enable
http 172.29.8.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set Remote_VPN_Set esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set Remote_vpn_set esp-3des esp-md5-hmac
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto dynamic-map outside_dyn_map 20 set ikev1 transform-set Remote_VPN_Set
crypto dynamic-map outside_dyn_map 20 set reverse-route
crypto map outside_map 1 match address outside_cryptomap
crypto map outside_map 1 set peer 173.190.123.138
crypto map outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5
ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ES
P-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside
crypto ikev1 enable outside
crypto ikev1 policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 43200
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet 192.168.1.0 255.255.255.0 inside
telnet 172.29.8.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside vpnclient-wins-override
dhcprelay server 172.29.8.3 inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
enable outside
group-policy ABCtech_VPN internal
group-policy ABCtech_VPN attributes
dns-server value 172.29.8.3
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPN_Tunnel_User
default-domain value ABCtech.local
group-policy GroupPolicy_10.8.8.1 internal
group-policy GroupPolicy_10.8.8.1 attributes
vpn-tunnel-protocol ikev1 ikev2
username who password eicyrfJBrqOaxQvS encrypted
tunnel-group 10.8.8.1 type ipsec-l2l
tunnel-group 10.8.8.1 general-attributes
default-group-policy GroupPolicy_10.8.8.1
tunnel-group 10.8.8.1 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 remote-authentication certificate
ikev2 local-authentication pre-shared-key *****
tunnel-group ABCtech type remote-access
tunnel-group ABCtech general-attributes
address-pool ABC_HQVPN_DHCP
authentication-server-group Guava
default-group-policy ABCtech_VPN
tunnel-group ABCtech ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 173.190.123.138 type ipsec-l2l
tunnel-group 173.190.123.138 general-attributes
default-group-policy GroupPolicy_10.8.8.1
tunnel-group 173.190.123.138 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 remote-authentication certificate
ikev2 local-authentication pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect pptp
inspect ftp
inspect netbios
smtp-server 172.29.8.3
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:6a26676668b742900360f924b4bc80de
: endHello Wayne,
Can you use a different subnet range than the internal interface, this could cause you a LOT of issues and hours on troubleshooting, so use a dedicated different Ip address range...
I can see that the local Pool range is included into the inside interface Ip address subnet range, change that and the related config ( NAT,etc, ) and let us know what happens,
Regards,
Julio
Security Trainer -
Problem with Cisco VPN client and HP elitebook 2530p windows 7 64-bit
Hi there
I have a HP Elitebook 2530p which i upgraded to windows 7 64-bit. I installed the Cisco VPN client application (ver. 5.0.07.0290 and also 64-bit) and the HP connection manager to connect to the internet through a modem Qualcomm gobi 1000 (that is inside the laptop). When I connect to the VPN, it connects (I write the username and password) but there is no traffic inside de virtual adapter for my servers. When I connect to the internet through wire or wireless internet, I connect de VPN client and there is no problem to establish communication to my servers.
I tried everything, also change the driver and an earlier version of the HP connection manager application. I also talked to HP and they told me that there was a report with this kind of problem and it was delivered to Cisco. I don’t know where is the problem.
Could anyone help me?
Thanks to all.You can try to update Deterministic Network Enhancer to the below listed release which supports
WWAN Drivers.
http://www.citrix.com/lang/English/lp/lp_1680845.asp.
DNE now supports WWAN devices in Win7. Before downloading the latest version of DNEUpdate from the links below, be sure you have the latest
drivers for your network adapters by downloading them from the vendors websites.
For 64-bit: ftp://files.citrix.com/dneupdate64.msi
Hope that helps. -
Is there really a Cisco VPN client for Linux? _Really?_
Hello folks,
I've finally after almost experiencing a brain aneurysm by trying to think too hard got my Cisco 881-SEC-K9 router properly configured for a multipoint IPSec VPN tunnel to my Amazon Virtual Private Cloud, so that hurdle is finally passed and I actually feel it was a very important milestone in my life somehow. I never thought I'd see the day I actually got my hands on a legitimate Cisco non-stink... erm.. I mean, non-linksys router. Now I just can't seem to find a 'client' VPN program for Linux. I'm currently running a Xen Hypervisor environment on openSUSE Linux because it's the only Linux distribution that completes all of my strenous requirements in a Linux server environment. It's also the most mature, and secure Linux on this planet, making it the most appreciable Linux distribution for my research needs. Using NetworkManager is not really an option for a basic Linux server environment, and OpenVPN is just too confusing to comprehend for my tiny little head. I've heard mention of some mysterious "Easy VPN" but after hours of digging online can't find any information about it, even the Cisco download link leads to a Page Not Found error. I do see a Linux VPN API for the AnyConnect program, but is that an actual VPN client, or just an API? It seems to want my money to download it but I don't have any money nor do I really know what it is because it's all secretive-like, closed source, and I can't even find a simple README file on it explaining what it is exactly. I'm just an out-of-work software developer trying to connect to my home router for personal use and I can't really afford to fork over a million and a half dollars for a single program that I'm only going to need to download once in my lifetime that should have been included with the router in the first place. I more than likely won't even be able to figure out how to use the program anyways because I don't know anything about VPN connections which is why I bought this router so I can try to figure it all out as part of the not-for-profit open source, volunteer research I'm presently trying to conduct. Is there some kind of evaluation or trial period for personal use? That would be really nice so I could at least figure out if I'm going to be able to figure it out or not. I hate throwing money away when it's in such short supply these days. There's really no alternative to a Cisco router. It's an absolute necessity for the things I'm trying to accomplish, so trying to settle for something else and going on with my life is not really an option. No, this is something I just need to face head on and get it over with.
<Rant>
Maybe I have a little too much crazy in me for my own good, but I don't see why it should take so much money just to learn how to do something for personal reference, it's not really a skill I would ever use otherwise. Wouldn't it be great if Cisco made their VPN client open source and free to the public to use and modify, to improve on, to learn and to grow and bring the whole world closer together as a community? Even the source code to the old discontinued Cisco VPN client could be used as a valuable learning tool for some poor starving college student or Open Source Software developer somewhere trying to get by on Ramen Noodles and Ramen Noodle Sauce on Toast (don't tell me you never thought about it). Through the ripple effect, It would drastically improve sales over the course of time, because it would open the door to a whole new market where those who previously could not afford to participate now could. That's the true power of Open Source. It creates a more skilled work force for the future by openly contributing and sharing knowledge together. What if the next big internet technology and the solution to world tyranny - the solution to end all wars forever - were locked in the mind of an unemployed software developer who couldn't afford to upgrade their cisco router software or access the software they needed because it was closed source and required committing to an expensive service contract to download? That would be just terrible, wouldn't it? I guess there's no way to ever know for sure. I suppose I'd be just as happy if some kind soul out there could point me to an easy to use alternative to an always on VPN connection that runs in the background which doesn't require NetworkManager or having to spend days upon days digging through and trying to comprehend either some really poor or extremely complex documentation? I apologize for all the run on sentences posed as questions, but I've just got some serious mental burnout from all of this, being unemployed is some hard work folks. I could really use a vacation. Perhaps a camping trip to the coast is in order after I get this working, that sounds nice, doesn't it? Nothing like a good summer thunder storm on the ocean beach - far away from technology - to refresh the mind.
</Rant>I do tend to talk too much and I don't mince any words either. What I am however, is really appreciative for the help. I know you hear that all the time, but you have no idea how much time and headache you just saved me. I think vpnc might be just what I've been looking for, unless someone can think of a client for Linux that I might be able to throw a little further. I'm very security minded now, after the backlash of Blackhat 2013, there's no telling which direction the internet might head next. Oh, you didn't hear? Well wether they realize it or not, DARPA basically declared war with other government agencies by releasing their own version of a spy program for civilians to use against the whoever -- possibly even the governmnet itself. They even went so far as to suggest it's private usage to blanket entire cities in information gathering. Civilians are a powerful foe, as they are not bound by the oath of office, any evidence they obtain is admissible in court, wether they know that or not. There's a very important reason for that. It's to prevent another civil war from ever happening, we shed enough blood the first time around less people forgot. It's something that can and will be avoided because our civilization has advanced beyond the need for bloodshed. The courts have to obey the majority rule, no matter what. For the first time in history, cyberwarfare can reach into the physical world to cause serious damage to physical structures like the nuclear facility incident in Iran. There's scarry bills trying to sneak through congress that are changing the landscape of technology forever for the entire world. We're at a pivotal point now where things can happen. It will be interesting to see how it all plays out over the next decade or so. No matter which way you look at it, just be preparerd to sell a whole lot of routers.
-
Cisco VPN client crashes with Error 51 on Intel Mac Mini
I am in the process of migrating from XP to Tiger on a brand-new Mac Mini (Intel Duo). Now I am stuck:
I use v 4.8.00 of the Cisco VPN client supplied by my university's IT dept. to connect to the Campus intranet. I have been unable to succesfully use this software, as it crashes upon initializing with "Error 51: Cannot connect to the VPN subsystem." Re-installing the software does not change the state of affairs.
After some research, I used a hack found here (http://www.versiontracker.com/php/feedback/article.php?story=20060107011305622 and http://www.versiontracker.com/php/feedback/article.php?story=20060107011305622) to manually restart the VPN daemon. The Terminal result looks like this:
kld(): warning /System/Library/Extensions/CiscoVPN.kext/Contents/MacOS/CiscoVPN cputype (18, architecture ppc) does not match cputype (7 architecture i386) of objects files previously loaded (file not loaded)
kextload: kldlookup("_kmodinfo") failed for module /System/Library/Extensions/CiscoVPN.kext/Contents/MacOS/CiscoVPN
kextload: a link/load error occured for kernel extension /System/Library/Extensions/CiscoVPN.kext
load failed for extension /System/Library/Extensions/CiscoVPN.kext
(run kextload with -t for diagnostic output)
Not being fluent in Darwin, I can only interpret this to mean that the VPN client is incompatible with the Intel chip in the Mac mini... Is this correct? Is the only way for me to use VPN to wait for a 4.8.x version to be made available?
Hopeful still,
felixxAlso - the Mac VPN system will work with most Cisco networking devices. You can open up the PCF profile that your IT group wants you to use and figure out most of the questions Internet Connect will ask you to set up the VPN connection. For the rest, you have to ask the IT group or try some things and see what works...
cheers,
Mike -
Mapped drives do not open after connecting via Cisco VPN Client
I have an issue when I initially connect to my remote network, I cannot get to any mapped drive unless I wait a few minutes for the VPN connect to mature. To explain further, I have to wait 2-4 minutes after connecting to the VPN for me to actually connect to those drives.
The error that pops up is:
"An error occurred while reconnecting to DriveLetter: to \\Server\sharedDrive\ Microsoft WIndows Network: The network path was not found. This connection has not been restored.
Now, immediately after I connect, I am able to successfully ping the server that hosts those folder locations but for some reason I cannot get to the server via UNC/shared drives until I wait a few minutes after connecting.
Below is the list of error logs I get when attempting to connect to the mapped drives during those first few minutes of connectivity:
1 15:26:39.804 10/06/14 Sev=Warning/3 IKE/0xA300005F
Firewall, Sygate Security Agent, is not running, the client will not send firewall information to concentrator.
2 15:28:10.614 10/06/14 Sev=Warning/2 IPSEC/0xE3700003
Function CniInjectSend() failed with an error code of 0xE4510023 (IPSecDrvCB:856)
3 15:28:10.614 10/06/14 Sev=Warning/2 IPSEC/0xE3700003
Function CniInjectSend() failed with an error code of 0xE4510023 (IPSecDrvCB:856)
4 15:28:10.614 10/06/14 Sev=Warning/2 IPSEC/0xE3700003
Function CniInjectSend() failed with an error code of 0xE4510023 (IPSecDrvCB:856)
5 15:28:10.614 10/06/14 Sev=Warning/2 IPSEC/0xE3700003
Function CniInjectSend() failed with an error code of 0xE4510023 (IPSecDrvCB:856)
6 15:28:10.614 10/06/14 Sev=Warning/2 IPSEC/0xE3700003
Function CniInjectSend() failed with an error code of 0xE4510023 (IPSecDrvCB:856)
7 15:28:10.614 10/06/14 Sev=Warning/2 IPSEC/0xE3700003
Function CniInjectSend() failed with an error code of 0xE4510023 (IPSecDrvCB:856)
8 15:28:10.614 10/06/14 Sev=Warning/2 IPSEC/0xE3700003
Function CniInjectSend() failed with an error code of 0xE4510023 (IPSecDrvCB:856)
9 15:28:10.614 10/06/14 Sev=Warning/2 IPSEC/0xE3700003
Function CniInjectSend() failed with an error code of 0xE4510023 (IPSecDrvCB:856)
10 15:28:17.188 10/06/14 Sev=Warning/2 IPSEC/0xE3700003
Function CniInjectSend() failed with an error code of 0xE4510023 (IPSecDrvCB:856)
11 15:28:17.188 10/06/14 Sev=Warning/2 IPSEC/0xE3700003
Function CniInjectSend() failed with an error code of 0xE4510023 (IPSecDrvCB:856)
12 15:33:50.642 10/06/14 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=192.168.11.120, error 0
13 15:33:51.656 10/06/14 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CleanUpVASettings: Was able to delete all VA settings after all, error 0
14 15:35:16.855 10/06/14 Sev=Warning/3 IKE/0xA300005F
Firewall, Sygate Security Agent, is not running, the client will not send firewall information to concentrator.
Any ideas on what it could be?I have a client that is showing a similar issue.. Windows 7 computer using Cisco IPSec client terminating on a Cisco 881 Router. I can ping the server by IP, Name and even access the drive from the start menu option, but not the mapped drive. Currently I am looking into this from a offline file issue in windows, but ran across this post and was wondering if you had figured this out? I am going to try the following and will post back if that resolves it.
Doing some research I found that Windows 7 and Vista both have what’s called “slow link mode”. The behavior is that if the latency of the network connection exceeds 80 milliseconds (ms), the system will transition the files to “offline mode”. The 80 ms value is configurable using a local group policy edit.
Open Group policy (start -> run -> gpedit.msc)
Expand “Computer Configuration”
Expand “Administrative Templates”
Expand “Network”
Click on “Offline Files”
Locate “Configure slow-link mode”
This policy can either be disabled or set to a higher value for slower connections.
https://www.conetrix.com/Blog/post/Fixing-Problem-With-Windows-7-Shared-Files-and-Mapped-Drives-Unavailable-Over-VPN.aspx -
Kernel panc & Cisco VPN client
Can someone take a look at the below and tell me if the Cisco VPN client is crashing my system? Thanks.
Interval Since Last Panic Report: 1353403 sec
Panics Since Last Report: 1
Anonymous UUID: 847B0480-8E72-4988-862B-D1FCA722F3BB
Tue Oct 6 09:47:56 2009
panic(cpu 0 caller 0x2a6ac2): Kernel trap at 0x002929e6, type 14=page fault, registers:
CR0: 0x8001003b, CR2: 0x0829a2ec, CR3: 0x00100000, CR4: 0x000006e0
EAX: 0x46a95b84, EBX: 0x00003b78, ECX: 0x000000af, EDX: 0x000005a4
CR2: 0x0829a2ec, EBP: 0x5bd4be68, ESI: 0x0829a2ec, EDI: 0x46a95e6c
EFL: 0x00010216, EIP: 0x002929e6, CS: 0x00000008, DS: 0x00000010
Error code: 0x00000000
Backtrace (CPU 0), Frame : Return Address (4 potential args on stack)
0x5bd4bbf8 : 0x21acfa (0x5ce650 0x5bd4bc2c 0x223156 0x0)
0x5bd4bc48 : 0x2a6ac2 (0x590a50 0x2929e6 0xe 0x590c1a)
0x5bd4bd28 : 0x29c968 (0x5bd4bd40 0x50 0x5bd4be68 0x2929e6)
0x5bd4bd38 : 0x2929e6 (0xe 0x5bd40048 0x10 0x5c730010)
0x5bd4be68 : 0x5c7383e5 (0x5bd4bed0 0x5bd4becc 0x5bd4bed4 0x5bd4bed8)
0x5bd4bef8 : 0x31772d (0x0 0x8247604 0x2 0x5bd4bf74)
0x5bd4bf68 : 0x317b37 (0x0 0x5748ee00 0x0 0x7a6442c)
0x5bd4bfc8 : 0x29c68c (0x7a64404 0x0 0x29c69b 0x7be07a8)
Kernel Extensions in backtrace (with dependencies):
com.cisco.nke.ipsec(2.0.1)@0x5c736000->0x5c7a4fff
BSD process name corresponding to current thread: kernel_task
Mac OS version:
10B504
Kernel version:
Darwin Kernel Version 10.0.0: Fri Jul 31 22:47:34 PDT 2009; root:xnu-1456.1.25~1/RELEASE_I386
System model name: MacBookPro3,1 (Mac-F4238BC8)
System uptime in nanoseconds: 2747345949935
unloaded kexts:
com.apple.driver.AppleFileSystemDriver 2.0 (addr 0x556e2000, size 0x12288) - last unloaded 127144562322
loaded kexts:
com.cisco.nke.ipsec 2.0.1
com.vmware.kext.vmnet 2.0.6
com.vmware.kext.vmioplug 2.0.6
com.vmware.kext.vmci 2.0.6
com.vmware.kext.vmx86 2.0.6
com.Logitech.Control Center.HID Driver 3.1.0
com.apple.driver.AppleHWSensor 1.9.2d0 - last loaded 32472308361
com.apple.driver.AppleUpstreamUserClient 3.0.5
com.apple.DontSteal_Mac_OSX 7.0.0
com.apple.GeForce 6.0.2
com.apple.driver.AudioIPCDriver 1.1.0
com.apple.driver.AppleHDA 1.7.4a1
com.apple.driver.SMCMotionSensor 3.0.0d4
com.apple.driver.AirPort.Atheros 411.19.4
com.apple.kext.AppleSMCLMU 1.4.5d1
com.apple.driver.AppleIntelMeromProfile 19
com.apple.driver.AppleIRController 161
com.apple.driver.ACPISMCPlatformPlugin 3.4.0a20
com.apple.driver.AppleLPC 1.4.6
com.apple.driver.AppleBacklight 170.0.2
com.apple.iokit.AppleYukon2 3.1.14b1
com.apple.filesystems.autofs 2.1.0
com.apple.driver.AppleUSBTrackpad 1.8.0b4
com.apple.driver.AppleUSBTCKeyEventDriver 1.8.0b4
com.apple.driver.AppleUSBTCKeyboard 1.8.0b4
com.apple.driver.Oxford_Semi 2.5.0
com.apple.iokit.SCSITaskUserClient 2.5.1
com.apple.iokit.IOAHCIBlockStorage 1.5.0
com.apple.driver.AppleAHCIPort 2.0.0
com.apple.driver.AppleUSBHub 3.7.8
com.apple.driver.AppleIntelPIIXATA 2.5.0
com.apple.BootCache 31
com.apple.AppleFSCompression.AppleFSCompressionTypeZlib 1.0.0d1
com.apple.driver.AppleFWOHCI 4.3.4
com.apple.driver.AppleEFINVRAM 1.3.0
com.apple.driver.AppleUSBEHCI 3.7.5
com.apple.driver.AppleUSBUHCI 3.7.5
com.apple.driver.AppleRTC 1.3
com.apple.driver.AppleHPET 1.4
com.apple.driver.AppleSmartBatteryManager 160.0.0
com.apple.driver.AppleACPIButtons 1.3
com.apple.driver.AppleSMBIOS 1.4
com.apple.driver.AppleACPIEC 1.3
com.apple.driver.AppleAPIC 1.4
com.apple.security.sandbox 0
com.apple.security.quarantine 0
com.apple.nke.applicationfirewall 2.0.11
com.apple.driver.AppleIntelCPUPowerManagementClient 90.0.0
com.apple.driver.AppleIntelCPUPowerManagement 90.0.0
com.apple.driver.AppleProfileReadCounterAction 17
com.apple.driver.AppleProfileTimestampAction 10
com.apple.driver.AppleProfileThreadInfoAction 14
com.apple.driver.AppleProfileRegisterStateAction 10
com.apple.driver.AppleProfileKEventAction 10
com.apple.driver.AppleProfileCallstackAction 20
com.apple.iokit.IOSurface 73.0
com.apple.iokit.IOBluetoothSerialManager 2.2.1f7
com.apple.iokit.IOSerialFamily 10.0.2
com.apple.driver.DspFuncLib 1.7.4a1
com.apple.iokit.IOAudioFamily 1.7.0fc16
com.apple.kext.OSvKernDSPLib 1.3
com.apple.nvidia.nv50hal 6.0.2
com.apple.NVDAResman 6.0.2
com.apple.iokit.IOFireWireIP 2.0.3
com.apple.iokit.IO80211Family 300.20
com.apple.iokit.AppleProfileFamily 40
com.apple.driver.AppleHDAController 1.7.4a1
com.apple.iokit.IOHDAFamily 1.7.4a1
com.apple.driver.AppleSMC 3.0.1d2
com.apple.driver.IOPlatformPluginFamily 3.4.0a20
com.apple.iokit.IONDRVSupport 2.0
com.apple.iokit.IOGraphicsFamily 2.0
com.apple.iokit.IONetworkingFamily 1.8
com.apple.driver.CSRUSBBluetoothHCIController 2.2.1f7
com.apple.driver.AppleUSBBluetoothHCIController 2.2.1f7
com.apple.iokit.IOBluetoothFamily 2.2.1f7
com.apple.iokit.IOUSBHIDDriver 3.7.5
com.apple.iokit.IOSCSIBlockCommandsDevice 2.5.1
com.apple.driver.AppleUSBMergeNub 3.7.5
com.apple.driver.AppleUSBComposite 3.7.5
com.apple.iokit.IOFireWireSerialBusProtocolTransport 2.0.0
com.apple.iokit.IOFireWireSBP2 4.0.5
com.apple.iokit.IOSCSIMultimediaCommandsDevice 2.5.1
com.apple.iokit.IOBDStorageFamily 1.6
com.apple.iokit.IODVDStorageFamily 1.6
com.apple.iokit.IOCDStorageFamily 1.6
com.apple.iokit.IOATAPIProtocolTransport 2.5.0
com.apple.iokit.IOSCSIArchitectureModelFamily 2.5.1
com.apple.driver.XsanFilter 402.1
com.apple.iokit.IOAHCIFamily 2.0.0
com.apple.iokit.IOUSBUserClient 3.7.5
com.apple.iokit.IOATAFamily 2.5.0
com.apple.iokit.IOFireWireFamily 4.1.7
com.apple.driver.AppleEFIRuntime 1.3.0
com.apple.iokit.IOUSBFamily 3.7.8
com.apple.iokit.IOHIDFamily 1.6.0
com.apple.iokit.IOSMBusFamily 1.1
com.apple.security.TMSafetyNet 6
com.apple.kext.AppleMatch 1.0.0d1
com.apple.driver.DiskImages 281
com.apple.iokit.IOStorageFamily 1.6
com.apple.driver.AppleACPIPlatform 1.3
com.apple.iokit.IOPCIFamily 2.6
com.apple.iokit.IOACPIFamily 1.3.0
System Profile:
Model: MacBookPro3,1, BootROM MBP31.0070.B07, 2 processors, Intel Core 2 Duo, 2.2 GHz, 4 GB, SMC 1.16f11
Graphics: NVIDIA GeForce 8600M GT, GeForce 8600M GT, PCIe, 128 MB
Memory Module: global_name
AirPort: spairportwireless_card_type_airportextreme (0x168C, 0x87), Atheros 5416: 2.0.19.4
Bluetooth: Version 2.2.1f7, 2 service, 0 devices, 1 incoming serial ports
Network Service: AirPort, AirPort, en1
PCI Card: pci168c,24, sppci_othernetwork, PCI Slot 5
Serial ATA Device: FUJITSU MHW2120BH, 111.79 GB
Parallel ATA Device: MATSHITADVD-R UJ-857E
USB Device: Built-in iSight, 0x05ac (Apple Inc.), 0x8502, 0xfd400000
USB Device: Apple Internal Keyboard / Trackpad, 0x05ac (Apple Inc.), 0x021a, 0x5d200000
USB Device: IR Receiver, 0x05ac (Apple Inc.), 0x8242, 0x5d100000
USB Device: Bluetooth USB Host Controller, 0x05ac (Apple Inc.), 0x8205, 0x1a100000
USB Device: USB Receiver, 0x046d (Logitech Inc.), 0xc525, 0x1a200000
FireWire Device: OEM ATA Device 00, G-TECH, Up to 800 Mb/secI had the same problem, and I think Cisco VPN client causes crashes in SL ( I had at least 3 crashes everyday) after uninstalling Cisco VPN client I don't have crashes anymore
for uninstalling :
1- open terminal
2-cd /
3-type cd /usr/local/bin ( hit return)
4-type ls and hit return ( to be sure that vpn_uninstall is there)
5-Type sudo ./vpn_uninstall ( hit return)
6- type your admin pass.
7- for the question type yes( hit return)
8- do the same as 7
then your good to go
for using built-in cisco vpn in snow leopard follow the instructions of this url
http://erbmicha.com/2009/09/07/how-to-cisco-vpn-with-snow-leopard-via-pcf-file/ -
Cisco VPN Client is not opening on windows 7 64bits
Hello,
My problem : i instaled Cisco VPN client 5.0.07.0440-k9 on Windows 7 64 bits, the installation ends successfully. But when i restard the computer, when i click it doesnt open.
Notice : when i restard the computer, it takes an infinite time the first rebooting , in the final stage of boot ( The black window with the Microsoft logo and message Windows Is Starting ...) '' it takes an infinite time so i force the reboot.
started the same thread here but no answer yet.
Thank youcheck your event viewer/System log. You may see some entries stating that
"The Cisco Systems Inc. IPSec Driver failed to start due to the following error: Windows cannot verify the digital signature for this file."
disable digital signatures (NOT recommended) and cisco works fine
I guess Cisco has already killed this program if they aren't even getting it certified. -
Unable to Externally Register Phone Services on Cisco Jabber Client via Expressway E
Hi,
I have currently deployed Cisco Jabber along with Expressway C and E for external regeneration without VPN. I have successfully registered IM and Presence service externally on the internet and I am able to chat with other Jabber users.
I am not able to register phone services for Cisco Jabber client who are registering externally over the internet without VPN.
I have checked that all the users are able to use IM and Presence along with Phone services in the internal network and over the internet using VPN. I have configured the required DNS SRV records on both the internal and external DNS Servers.
I am attaching a screen shot of the Jabber Client that is registered over the internet along with this post for your reference.
Appreciate if you can share your thoughts on the same.
Please do let me know if you need any further informaiton.
Thank you.
Regards,
Joseph Chirayath.I am testing with an android device, and I had to add a "digest user" on the BOT device in order for this to work. Phone services are now connected.
-
Unable to select 'Use Phone for audio calls' on Cisco Jabber Client 9.6 for Windows
Hi,
I have recently deployed Cisco Presence Server and integrated with Call Manager 9.1.2. I have successfully deplyed 6700 users on IM & Presence. Some of the users requested for Cisco Jabber with phone control.
I have added CFS client on the Call Manager and associated it with the same extension numbers from their desk phones. I am currently able to make audio and video calls for these specific users. I am currently using Cisco Jabber Client 9.6 for windows. I have users both daisy chained to their desk phones and who are not. Can you please confirm if it does make any difference.
Problem Faced -
I am not able to use to option use phone for audio calls. The phone comes down with a cross sign on it. At the same time Cisco Jabber by default uses the client and it works as expected.
Can you please let me know if any of you guys have faced a similar issue.
Please let me know if you need any information regading the configuration used.
Looking forward for your valuable comments.
Thank you.
Regards,
Joseph Chirayath.Hi Will,
I am attaching the screen shot for the END USER on CUCM 9.X that has been configured on Cisco Jabber.
Please do let me know if you need any further information.
Thank you. -
Directory Caching issue with Cisco Jabber client for Windows
Hi ,
I am facing cache issue with Cisco Jabber client for Windows. If I do any change related to modification or deletion of contacts in Active Directory/ Callmanager, it does not reflect in the Jabber. Because jabber takes the contacts from the locally stored cache file in the Windows system.
Every time I have to remove the cache file to overcome this issue, practically it's not possible to do the same with all the Widows users. As, if any employee leaves the company and still I can see his contact appears in the "Cisco Jabber client". I have not seen this issue with Android/Apple iOS.
Is there any automated way to remove the cache file?
Here is the detail of CUCM,Presence and Jabber.
CUCM version: 9.1.x
Presence : 9.1.X
Jabber : 10.5 and 10.6Hello
On our environment we had to install a dedicated Microsoft Certificate Authority "just for Cisco Jabber usage" to house the
Network Device Enrollment Service.
Our certificate for the CUPS were generated on this Certification Authority too.
I discussed this certificate matter with my colleagues this afternoon and nobody seems to remember how these certificates were deployed into the
Enterprise Trust store for the users.
But I think they asked all 400 users to accept the 3 certificates by answering "yes" to the popup instead of using a script deployed by GPO...
I wish you success with that deployment and really hope you have a technical partner that *Knows* this subject.
Our partner left us alone with that unfortunately.
Florent
EDIT: If the "Certutil script method" works, please let me know. This could be useful in our own deployment. -
Cisco Jabber client with other telephony devices
Hi,
I am completely new to Jabber and just started to understand Cisco jabber client for windows.
I understood that the jabber client supports xmpp for IM and CTI integration with Cisco Call manager for call control.
Is there a provision to integrate the jabber client to non-Cisco devices like Avaya or nortel or an ITS Netrix turret?
Integrate direct or indirect - as in with a plugin
Please do direct to any available documentation that would help
ThanksHi,
Welcome to Jabber! Yes, the client supports XMPP and CTI.
And yes you can use your existing Avaya / Nortel phones using a Cisco UC feature called Extend and Connect. No plugin required! It allows Jabber to CTI control any phone with a dialable number, including public phones. You can read more about the Extend and Connect feature here: http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/9_1_1/ccmfeat/CUCM_BK_C3E0EFA0_00_cucm-features-services-guide-91_chapter_0110010.pdf
To configure it for Jabber for Windows you can follow these instructions:
http://www.cisco.com/en/US/docs/voice_ip_comm/jabber/Windows/9_1/JABW_BK_E4CC9599_00_environment-configuration-guide_chapter_010.html#JABW_CN_EB63387E_00
Regards,
Matt -
Are there any plans to have a Cisco Jabber client on linux?
Mike,
The larger body of use case and development for Jabber has centered on Windows and mobile iOS and Android devices. That's not to say that there isn't a contingency of customers that want a Linux client but, as of today, there is no "Jabber" client for that platform. However, I've heard this question asked in a few different forums and the answer thus far has typically been one or both of the following:
1) There is a Jabber SDK, which could potentially be used to custom develop an application.
2) Use 3rd-party XMPP client (e.g. Pidgin)
As for an official answer on "will there be in the future" with a yes/no/maybe and/or a possible timeframe, you would need to reach out to Cisco or your trusted partner as roadmap items cannot be discussed without having a non-disclosure agreement in place. That's what Jamie is getting at in his response.
D. Hailey
NetCraftsmen, LLC. -
A list of supported Android Phones for Cisco Jabber Client.
Hi there,
I opened a discussion before about the Cisco Jabber Client for Android phones.
This product from Cisco is only official support bij a several mobile Android telephones. (very poor)
As everyone knows is that the mobile market is continious in development. Since a half year the official support phone list is still the same, but a lot of new Adroid phones are now on the market.
It's even so worse that some of the Cisco supported phones, are not available anymore in the market.
- Samsung Galaxy S2 becomes a Samsung Galaxy S3
- Samsung Galaxy TAB is still there
- Samsung Galaxy S (are not available anymore) The S1 or S Plus are now becoming the Samsung Galaxy S Advanced.
At what are the alternatives?
Still the list on the documentation is out-dated.
See:
Samsung Galaxy S International (GT-I9000) with Android operating system (OS) Version 2.2.1 or 2.3
Samsung Galaxy Tab International (GT-P1000) with Android 2.2.1 or 2.3
Samsung Galaxy S II (AT&T) with Android 2.3
To use Cisco Jabber for Android on the Samsung Galaxy S device, it is important that you upgrade your handset OS to Android Version 2.2.1 or 2.3. See the manufacturer/carrier site for more information about how to update the OS on your device. Minor voice quality issues may be experienced depending on the device used.
So hopefully Cisco is still working on the Cisco Jabber solution, and a lot of mobile Android phones will be supported so the road to success will be open.
Hopefully someone can help me to list of tested and supported phones (Official bij Cisco)
Kind regards,
EdgarThe official list of tested Android phones is what you've already discovered. With the next release of Cisco Jabber for Android, I'm sure it will be updated.
While the official list of what we tested is short, the client will work on many Android devices and TAC will provide support if you run into technical issues; provided the issue is with the Cisco Jabber client itself, and not with the OS of the manufacturer.
If there is a specific Android phone you are looking to have officially tested by Cisco, PM me with that information and I'll work with you to see what we can do to get it added.
Maybe you are looking for
-
How to get multiple records from internal table through BDC
PERFORM DYNPRO USING: 'X' 'SAPMM61L' '0500', ' ' 'BDC_OKCODE' '=NEWC', 'X' 'SAPMM61L' '0500', ' ' 'BDC_CURSOR' 'PLPTU-PLWRK(01)', ' ' 'BDC_OKCODE' '=TAKE', ' ' 'PLPTU-PLWRK(01)' '2531'. (2531 is a plant) This is the recording u
-
How can I get the iTunes player in the taskbar?
I've tried to find an answer to how I can do this in Windows 8 however there are no answers. I don't want the icon where I have to click and select what I want iTunes to do. I've done the thing where I add the toolbar to the taskbar and allowed iTune
-
IPhoto trashed images....
Hi, New to mac so my apologies if this is old hat... I decided to clear out old files and things from the documents folder in the finder window, not realising that it was my photos and some itunes content... I have since discovered that (of course) t
-
The specified module could not be found
This error box pops up when I try to open an image (the specified module could not be found) also the icon for photoshop would not respond on the taskbar.I can open my images in other programmes,would reinstalling photoshop be a good idea. Thanks
-
Hi, We are in migration from CCM 2.0 SRM MDM. In CCM , we are uploading the catalogs with UNSPSC and material group. Either any one is mandatory. If they give UNSPSC code in catalog, while uploading we are mapping to correspoding material group. But