HA on 5508 and service ports

Hi everybody.
Two 5508 WLCs running 7.4.100.60. I had to activate HA
I decided to configure Service ports: following HA conf guide, I used DHCP. That's because static IPs on service ports are often cleared and forgot during switchover. HA went up perfectly; tests were positive: by rebooting the active unit, standby was immediately ready, and so on.
I decided to test maintenance mode: by shutting down the mgt ports of the active unit, the standby one was activated, and the active went into maintenance mode (because it did not reach the standby). This again is correct.
Issue: when the unit is in this status (maintenance), its service port IS NOT reachable! I have to open again its mgt ports: the unit does not change tha maintenance status (and this is fully correct), but becomes reachable through its service port.
This is not enough: the active unit remembers the peer service port address, but the standby one does not.
Moreover, after some time, when I try to contact the latter, I jump on the former (I am always talking of Service ports).
This is really diffcult for me to explain.... Any suggestion?
Thanks
Davide

Hi
In my 5508 WLC i have exactly the same problem as you gsutherland
I tried apply this command config 802.11b 11nSupport a-mpdu tx priority all disable
and i get message
"802.11b network not disabled"
Why i must turn off b standard ?
Thanks for respons

Similar Messages

Static nat and service port groups

I need some help with opening ports on my ASA using firmware 9.1.2.
I read earlier today that I can create service groups and tie ports to those. But how do I use those instead of using 'object network obj-ExchangeSever-smtp' ?
I have the ACL -
access-list incoming extended permit tcp any object-group Permit-1.1.1.1 interface outside
Can this statement
object network obj-ExchangeSever-smtp
nat (inside,outside) static interface service tcp smtp smtp
reference the service port groups instead?
Thanks,
Andrew

Hi,
Are you looking a way to group all the ports/services you need to allow from the external network to a specific server/servers?
Well you can for example configure this kind of "object-group"
object-group service SERVER-PORTS
service-object tcp destination eq www
service-object tcp destination eq ftp
service-object tcp destination eq https
service-object icmp echo
access-list OUTSIDE-IN permit object-group SERVER-PORTS any object
The above would essentially let you use a single ACL rule to allow multiple ports to a server or a group of servers. (Depending if you use an "object" or "object-group" to tell the destination address/addresses)
I am not sure how you have configured your NAT. Are they all Static PAT (Port Forward) configurations like the one you have posted above or perhaps Static NAT configurations?
You can use the "object network " created for the NAT configuration in the above ACL rule destination field to specify the host to which traffic will be allowed to. Using the "object" in the ACL doesnt tell the ASA the ports however. That needs to be configured in the above way or in your typical way.
Hope this helps
- Jouni

5508 WLC service-port

Is it possible to connect to the WLC GUI through the service-port on the 5500 series controllers?
Or is this just for SSH?

Hi Colin,
Yes you can access the GUI using the service port IP Address.
Connect your laptop using service port and assign a static ip address of the same subnet as Service port IP of your Controller.

WLC 5508 - What is the use of service port.

Hi,
I am getting hard to understand use of service port in wlc 5508,
Even after reading so much post and cisco note I am not understanig the use of (Even basic use) service port.
As I understand service port should be access port and should be in diffrent vlan.
Pleae help me to understand it in simple way....

Hi Tarun,
Like others mentioned it is used for Out of Band Management of a WLC. Many do not use this as it could leads to issues unless you properly configure it & put it onto two completely different supernets. Config guides highlighted those restrictions & below is one of them listed in 7.4 config guide
Do not configure wired clients in the same VLAN or subnet of the service port of the controller on the network. If you configure wired clients on the same subnet or VLAN as the service port, it is not possible to access the management interface of the controller.
In situations you can use it to get access by directly connecting a laptop to take configuration backup or restore configuration to a controller. In the below post I have used service port to take backup & restore the configuration to a WLC.
http://mrncciew.com/2013/01/25/backup-restore-wlc-configs/
HTH
Rasika
**** Pls rate all useful responses ****

Port channel WLC 5508 and 3750

Hi All,
I want to configure Port channel for WLC 5508 and cisco 3750 Stack Switch. What changes I need to make on WLC and where?
Thanks
Jagdev

Thanks Chris,
LAG is enable on WLC, and Port channel is configured on 3750, Please see the configration and Port channel status below:-
(Cisco Controller) >show lag summary
LAG Enabled
interface Port-channel14
description Port Channel to WLC001
switchport trunk encapsulation dot1q
switchport mode trunk
end
sh etherchannel 14 summary
Flags: D - down        P - bundled in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      f - failed to allocate aggregator
        M - not in use, minimum links not met
        u - unsuitable for bundling
        w - waiting to be aggregated
        d - default port
Number of channel-groups in use: 14
Number of aggregators:           14
Group Port-channel Protocol    Ports
------+-------------+-----------+-----------------------------------------------
14     Po14(SD)        LACP      Gi1/0/22(I) Gi2/0/22(I)
sh run int g1/0/22
Building configuration...
Current configuration : 209 bytes
interface GigabitEthernet1/0/22
description Trunk to WLC001 DistPort1
switchport trunk encapsulation dot1q
switchport trunk native vlan 254
switchport mode trunk
channel-group 14 mode active
end
sh run int g2/0/22
Building configuration...
Current configuration : 209 bytes
interface GigabitEthernet2/0/22
description Trunk to WLC001 DistPort2
switchport trunk encapsulation dot1q
switchport trunk native vlan 254
switchport mode trunk
channel-group 14 mode active
end

Host name, port number and service name

Hi!
I have a question that will sound easy and stupid, but not for me.
during the instal of 9iAS.There is a screen ask to provide the host name,port number and service name.
Did host anme is only the name of my PC?
and what is the port number?(windows XP)
what is the format of the service name (orcl)?
Thanks
Kamal

if you used LDW as the connection/service name when you setup this connection to CMS DB, then no further changes to BOE configurations will be needed.
If you used the service name PO and now it is changes to NEW_PO - then you'll have to update CMS DB connection info in CCM>SIA>Properties>Connection.
See Admin guide for details.
p.s.
BOE services should be stopped while your changes on Oracle side are done and before you change the TNS file and connection info in CCM.

On a 3750 enhanced services port, are hierarchical queueing and standard queuing features mutually exclusive?

When you configure hierarchical queueing on an enhanced services port, should one also configure the egress queue chararcteristics such as buffer space and thresholds, shaped/shared weights, egress priority queue, etc., that is all of those characteristics that one would configure if one were configuring a port for standard QOS. In other words, on an enhanced services port, are the hierarchical queueing features using the modular QOS CLI and the standard egress queueing features supposed to be used together or are they mutually exclusive?

Hi Christine,
Answer to your confusion is in the following document.
http://www.cisco.com/en/US/docs/switches/metro/catalyst3750m/software/release/12.1_14_ax/release/notes/OL464603.html#wp58682
On an ES port, you can use LLQ (enabled with the priority policy-map class configuration command) and the egress priority queue (enabled with the priority-queue out
interface configuration command). By using these two features, you can
give priority to a class of traffic and avoid losing traffic when the
switch is congested. In previous releases (before the egress priority
queue was supported), you could put a traffic class into the
strict-priority queue, but congestion at the egress queue-sets could
result in the dropping of that priority traffic. The priority-queue out
interface configuration command enables you to prioritize the same
traffic class at the egress queue-sets, ensuring that priority traffic
reaches the hierarchical queues and is processed with priority.
you can also fine tune the Queue-sets for your desired results.
http://www.cisco.com/en/US/docs/switches/metro/catalyst3750m/software/release/12.2_50_se/configuration/guide/swqos.html#wp1162303

Hello! I want to sell my iphone 3g because i have 3gs- i cleared the info in settings and now have black screen saying no service and usb port pointing to itunes - is that all i do ?

Hello! I want to sell my iphone 3g because i have 3gs- i cleared the info in settings and now have black screen saying no service and usb port pointing to itunes - is that all i do ? i am pretty ignorant of computers- lol- i had read that i need to plug it back into itunes to verify it has all cleared out- i want to sell it on craigs list or ebay- i am really hurting for money right now- all your answers appreciated...

It needs to be restored by someone. You can do it, and set it up as a new phone, or the buyer can do it.

Service group, Destinations and Logical ports

I suppose that Service Group, Destinations and Logical ports
can be used to consumer a service in a specific system/landscape.
Is it correct ?
But when I use one or another ?
What are the differences ?

Hi
Service Group :identify a service provider.
Destinations and Logical ports : are the stuff which is required to setup the connections with the agrred service provider.
For example : As you how SOA is working , first we have to look for services once we found the required one or informed by the vendor itself , they will provide the credentials (this is something which contain port ,destination and password etc), once setup is complete we get the seamless services from its provider.
These thing are not seperate so donesnt make sence to use one or another .
BR
Satish Kumar

CTI route point and CTI ports not registering - UCCX 10.5 and CUCM 10.5 - PARTIAL SERVICE

I'm trying to integrate CUCM 10.5 and UCCX 10.5.
For some reason CTI route point and CTI ports are not registering on the CUCM and the status of the UCCX is "PARTIAL SERVICE".
On the UCCX Cisco Unified CCX Engine is in status "PARTIAL SERVICE" and the Unified CM Telephony Subsystem shows status "OUT OF SERVICE".
I tried with completely new installation of UCCX twice and got the same result twice.
But when I tried integrating UCCX 10 with the same CUCM 10.5 from above everything works fine and all the ports are registering right away.
In all the cases I have done the same configuration.
The versions of CUCM is 10.5.2.10000-5.
The version of UCCX is 10.5.1.10000-24.
The version of UCCX 10 with which it works fine is 10.0.1.11001-37.
Does anyone have an idea what might be the problem?

No I haven't. Unfortunately I don't have a 32bit Excel at the moment to try.
Can you please tell me this: I'm installing a new BE6000 system that came with this problematic version of UCCX (10.5.1.10000-24). I have been testing during the weekend with 3 versions of UCCX:
-10.0.1.11001-37
-10.6.1.10000-39 and
-10.5.1.10000-24
I got the best results with version 10.0.
Can I install that version (10.0) in BE6000 instead of the one that came preinstalled (10.5.1)?
This is my first BE6000 installation and I'm not sure if this is OK?
I installed a newer version of CUCM than the one that came preinstalled because I hit bug CSCup60269 but I'm not sure If I can go to a lower version for CCX.

Customizing server.name and server.port in services-config.xml

Hi
How can i find out what does BlazeDs use for server.name and server.port in
url="http://{server.name}:{server.port}/{context.root}/messagebroker/amf"
can i customize those values?
thank you

Mete
Thank you for your reply
So context.root is resolved at compile time and server & port at runtime
Do you have an example or a link that shows / explain how to create custom tokens replaced by JVM options?
I have an issue where if i install my app on http://www.mydomain.com/mycontext/, it loads but will display the following message when making server call using Safari
FAULT: faultCode:Client.Error.MessageSend faultString:Send failed faultDetail:Channel.Connect.Failed error NetConnection.Call.Failed: HTTP: Failed: url: http://www.mydomain.com/context/messagebroker/amf
Notte that it works on IE7 when accessing http://www.mydomain.com/mycontext/
and that it works great with all browsers on http://localhost:8080/mycontextroot
Would you know what is the best way to debug this issue?
Thank you
matt

Redundancy management IP and Redundancy port IP unreachable issue

Hi, all
I got one interesting issue with wireless 5508 controller. we have ordered two WLCs, one is air5508-12-k9, Anther one is air5508-HA-k9.
Now, we are going to form HA mode and HA box will become standby mode. One issue we are seeing now. after configuring redundancy management IP and Redundancy port IP to both WLCs. primary WLC are working well that we can ping it's all of IPs successfully, however standby WLC are not working well. even it can't ping itself. management IP has no problem.
Problem is only for redundancy management IP and redundancy Port IP. One interesting thing is our switch can't learn redundancy port's MAC address even it's connecting and interface shows UP. Primary has no this issue.
Has anyone have the same issue before or appreciate any suggestions and inputs.
WLC 1
(Cisco Controller) >show redundancy sum
            Redundancy Mode = SSO ENABLED
                Local State = ACTIVE
                 Peer State = UNKNOWN - Communication Down
                       Unit = Primary
                    Unit ID = 7C:0E:CE:64:43:80
           Redundancy State = Non Redundant
               Mobility MAC = 7C:0E:CE:64:43:80
Redundancy Management IP Address................. 25.16.228.252
Peer Redundancy Management IP Address............ 25.16.228.253
Redundancy Port IP Address....................... 169.254.228.252
Peer Redundancy Port IP Address.................. 169.254.228.253
WLC 2 HA
(Cisco Controller) >show redundancy sum
Redundancy Mode = SSO DISABLED
     Local State = ACTIVE
      Peer State = N/A
            Unit = Primary
         Unit ID = 7C:0E:CE:4A:23:40
Redundancy State = N/A
    Mobility MAC = 7C:0E:CE:4A:23:40
Redundancy Management IP Address................. 25.16.228.253
Peer Redundancy Management IP Address............ 25.16.228.252
Redundancy Port IP Address....................... 169.254.228.253
Peer Redundancy Port IP Address.................. 169.254.228.252
Thank you so much indeed.

thank you very much that makes sense, so I will need to change service port address ( maybe a class A or C ) or disconnect that port from the network ...
thank you again very much your help is really appreciated

Need help with ASA 5512 and SQL port between DMZ and inside

Hello everyone,
Inside is on gigabitEthernet0/1 ip 192.9.200.254
I have a dmz on gigabitEthernet2 ip 192.168.100.254
I need to pass port 443 from outside to dmz ip 192.168.100.80 and open port 1433 from 192.168.100.80 to the inside network.
I believe this will work for port 443:
object network dmz
subnet 192.168.100.0 255.255.255.0
object network webserver
host 192.168.100.80
object network webserver
nat (dmz,outside) static interface service tcp 443 443
access-list Outside_access_in extended permit tcp any object webserver eq 443
access-group Outside_access_in in interface Outside
However...How would I open only port 1433 from dmz to inside?
At the bottom of this message is my config if it helps.
Thanks,
John Clausen
Config:
: Saved
ASA Version 9.1(2)
hostname ciscoasa-gcs
domain-name router.local
enable password f4yhsdf.4sadf977 encrypted
passwd f4yhsdf.4sadf977 encrypted
names
ip local pool vpnpool 192.168.201.10-192.168.201.50
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 123.222.222.212 255.255.255.224
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 192.9.200.254 255.255.255.0
interface GigabitEthernet0/2
nameif dmz
security-level 100
ip address 192.168.100.254 255.255.255.0
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
interface Management0/0
management-only
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
ftp mode passive
dns server-group DefaultDNS
domain-name router.local
object network inside-subnet
subnet 192.9.200.0 255.255.255.0
object network netmotion
host 192.9.200.6
object network inside-network
subnet 192.9.200.0 255.255.255.0
object network vpnpool
subnet 192.168.201.0 255.255.255.192
object network NETWORK_OBJ_192.168.201.0_26
subnet 192.168.201.0 255.255.255.192
object network NETWORK_OBJ_192.9.200.0_24
subnet 192.9.200.0 255.255.255.0
access-list outside_access_in extended permit icmp any4 any4 log disable
access-list Outside_access_in extended permit udp any object netmotion eq 5020
access-list split standard permit 192.9.200.0 255.255.255.0
access-list VPNT_splitTunnelAcl standard permit 192.9.200.0 255.255.255.0
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
mtu dmz 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source static inside-network inside-network destination static vpnpool vpnpool
nat (inside,outside) source static NETWORK_OBJ_192.9.200.0_24 NETWORK_OBJ_192.9.200.0_24 destination static NETWORK_OBJ_192.168.201.0_26 NETWORK_OBJ_192.168.201.0_26 no-proxy-arp route-lookup
object network netmotion
nat (inside,outside) static interface service udp 5020 5020
nat (inside,outside) after-auto source dynamic any interface
access-group Outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 123.222.222.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http 192.9.200.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpool policy
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet 192.9.200.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl encryption aes128-sha1 3des-sha1
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 2 regex "Windows NT"
anyconnect image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 3 regex "Intel Mac OS X"
anyconnect enable
tunnel-group-list enable
group-policy SSLVPN internal
group-policy SSLVPN attributes
dns-server value 192.9.200.13
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split
default-domain value router.local
group-policy VPNT internal
group-policy VPNT attributes
dns-server value 192.9.200.13
vpn-tunnel-protocol ikev1 l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPNT_splitTunnelAcl
default-domain value router.local
username grimesvpn password 7.wersfhyt encrypted
username grimesvpn attributes
service-type remote-access
tunnel-group SSLVPN type remote-access
tunnel-group SSLVPN general-attributes
address-pool vpnpool
default-group-policy SSLVPN
tunnel-group SSLVPN webvpn-attributes
group-alias SSLVPN enable
tunnel-group VPNT type remote-access
tunnel-group VPNT general-attributes
address-pool vpnpool
default-group-policy VPNT
tunnel-group VPNT ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:36271b5a1b9382621e14c3aa635e2fbb
: end

Hi Vibor. Apologies if my comment was misunderstood. What I meant to say was that the security level of the dmz interface should probably be less than 100.
And therefore traffic could be controlled between DMZ and inside networks.
As per thr security level on the DMZ interface. ....... that command is correct. :-)

Issue with SPA525g registation and FXO port call calls are not disconnecting properly

Hi,
I have a UC540 and updated it to the latest IOS version with the latest firmware to my phones and i am having registration problems with SPA525g IP Phones. I updated the firmware of the phones as well and create manual tftp bindings with but still it is not registering. I run a couple of debugs (debug tftp events and debug ephone registration) I can see from the logs and in the phone that it is taking the proper VLAN and being discovered via CDP and being pointed to the TFTP server and still wont register. I can see that it is also taking its own .cnf file properly then the output sccp token regected invalid devices error is shown I have a SPA502G and it is working fine. Also there is a previous issue that all the voice port are shown as engage or offhook even the calls are disconnected thus make the main PSTN number busy am based in UAE and our service provider is etisalat I have check with them about the proper disconnection values but still it the same. That's why I have arrived in the conclusion to just update everything including the IOS and the phones firmware. I have put my config in this post, I am also trying to take the CCNA Voice exam on the 2nd week of april and I think that if i don't know how fix this issue for our customer then I would probably fail that exam. any suggestion and help is greatly appreciated cisco experts.
! Last configuration change at 13:36:42 ZP4 Thu Sep 13 2012 by Nick
! NVRAM config last updated at 13:45:41 ZP4 Thu Sep 13 2012 by Nick
version 15.1
parser config cache interface
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service internal
service compress-config
service sequence-numbers
hostname UC540
boot-start-marker
boot system flash:uc500-advipservicesk9-mz.151-2.T4
boot-end-marker
logging buffered 64000
enable secret 5 $1$3CIf$.rXyHeJQrwd97X/f2dS0M1
no aaa new-model
clock timezone ZP4 4 0
crypto pki token default removal timeout 0
crypto pki trustpoint TP-self-signed-3558175224
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3558175224
revocation-check none
crypto pki certificate chain TP-self-signed-3558175224
certificate self-signed 01 nvram:IOS-Self-Sig#3.cer
dot11 syslog
dot11 ssid cisco-data
vlan 1
authentication open
dot11 ssid cisco-voice
vlan 100
authentication open
ip source-route
ip cef
ip dhcp relay information trust-all
ip dhcp excluded-address 10.1.3.1 10.1.3.10
ip dhcp pool phone
   network 10.1.3.0 255.255.255.0
   default-router 10.1.3.1
   option 150 ip 10.1.3.1
ip name-server 213.42.20.20
ip name-server 195.229.241.222
ip inspect WAAS flush-timeout 10
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp router-traffic
ip inspect name SDM_LOW udp router-traffic
ip inspect name SDM_LOW vdolive
no ipv6 cef
multilink bundle-name authenticated
stcapp ccm-group 1
stcapp
stcapp supplementary-services
port 0/0/0
fallback-dn 301
port 0/0/1
fallback-dn 302
port 0/0/2
fallback-dn 303
port 0/0/3
fallback-dn 304
trunk group ALL_FXO
max-retry 5
voice-class cause-code 1
hunt-scheme longest-idle
translation-profile outgoing PROFILE_ALL_FXO
trunk group ALL_FX0
voice call send-alert
voice rtp send-recv
voice service voip
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
supplementary-service h450.12
sip
no update-callerid
voice class codec 1
codec preference 1 g711alaw
codec preference 2 g711ulaw
voice class dualtone-detect-params 1
freq-max-deviation 50
freq-max-power 0
freq-min-power 13
freq-power-twist 4
cadence-variation 6
voice class custom-cptone UAE-CUSTOM
dualtone disconnect
frequency 406
cadence 398 344 237 527 400
voice class custom-cptone CCAjointone
dualtone conference
frequency 600 900
cadence 300 150 300 100 300 50
voice class custom-cptone CCAleavetone
dualtone conference
frequency 400 800
cadence 400 50 200 50 200 50
voice class cause-code 1
no-circuit
voice register global
voice hunt-group 1 parallel
list 301,302,303
timeout 24
pilot 511
voice translation-rule 4
rule 15 // //
voice translation-rule 1000
rule 1 /.*/ //
voice translation-rule 1111
voice translation-rule 1112
rule 1 /^9/ //
rule 3 /^0/ //
voice translation-rule 2222
voice translation-rule 3265
rule 1 /$^..........$$/ /9\1/
rule 2 /$^.........$$/ /9\1/
rule 15 /$^ABCD$$/ /ABCD\1/
voice translation-profile CALLER_ID_TRANSLATION_PROFILE
translate calling 1111
voice translation-profile CallBlocking
translate called 2222
voice translation-profile INCOMING_CallerID_PROFILE
translate calling 3265
voice translation-profile OUTGOING_TRANSLATION_PROFILE
translate called 1112
voice translation-profile PROFILE_ALL_FXO
translate calling 4
voice translation-profile nondialable
translate called 1000
voice-card 0
dspfarm
dsp services dspfarm
license udi pid UC540W-FXO-K9 sn FHK143074G6
archive
log config
logging enable
logging size 600
hidekeys
username cisco privilege 15 secret 5 $1$vjNa$OFKLhupqR8al6x2b8Xmcj/
username adminac privilege 15 secret 5 $1$NDC.$PtD0y4YGIj5SqI1gghxWE1
username Nick privilege 15 secret 5 $1$iAmL$tsg7Jf2TEND1NN.h8z2dy/
ip tftp source-interface Loopback0
bridge irb
interface Loopback0
description $FW_INSIDE$
ip address 10.1.10.2 255.255.255.252
ip access-group 101 in
ip nat inside
ip virtual-reassembly in
interface FastEthernet0/0
description $FW_OUTSIDE$
ip address 192.168.101.2 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
interface Integrated-Service-Engine0/0
description cue is initialized with default IMAP group
ip unnumbered Loopback0
ip nat inside
ip virtual-reassembly in
service-module ip address 10.1.10.1 255.255.255.252
service-module ip default-gateway 10.1.10.2
interface FastEthernet0/1/0
switchport voice vlan 100
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/1
switchport voice vlan 100
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/2
switchport voice vlan 100
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/3
switchport voice vlan 100
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/4
switchport voice vlan 100
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/5
switchport voice vlan 100
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/6
switchport voice vlan 100
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/7
switchport access vlan 20
spanning-tree portfast
interface FastEthernet0/1/8
switchport access vlan 100
macro description cisco-switch
interface Dot11Radio0/5/0
no ip address
shutdown
ssid cisco-data
ssid cisco-voice
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
interface Dot11Radio0/5/0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0/5/0.100
encapsulation dot1Q 100
bridge-group 100
bridge-group 100 subscriber-loop-control
bridge-group 100 spanning-disabled
bridge-group 100 block-unknown-source
no bridge-group 100 source-learning
no bridge-group 100 unicast-flooding
interface Vlan1
no ip address
bridge-group 1
bridge-group 1 spanning-disabled
interface Vlan20
ip address 10.10.10.1 255.255.255.0
interface Vlan100
no ip address
bridge-group 100
bridge-group 100 spanning-disabled
interface BVI1
description $FW_INSIDE$
no ip address
ip nat inside
ip virtual-reassembly in
shutdown
interface BVI100
description $FW_INSIDE$
ip address 10.1.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http path flash:/gui
ip dns server
ip nat inside source list 1 interface FastEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 192.168.101.1
ip route 10.1.10.1 255.255.255.255 Integrated-Service-Engine0/0
logging esm config
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 1 permit 10.1.3.0 0.0.0.255
access-list 1 permit 10.1.10.0 0.0.0.3
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny   ip 192.168.10.0 0.0.0.255 any
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration##NO_ACES_8##
access-list 101 remark SDM_ACL Category=1
access-list 101 permit tcp 10.1.3.0 0.0.0.255 eq 2000 any
access-list 101 permit udp 10.1.3.0 0.0.0.255 eq 2000 any
access-list 101 deny   ip 10.1.3.0 0.0.0.255 any
access-list 101 deny   ip 192.168.10.0 0.0.0.255 any
access-list 101 deny   ip 192.168.101.0 0.0.0.3 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 permit ip any any
access-list 102 remark auto generated by SDM firewall configuration##NO_ACES_6##
access-list 102 remark SDM_ACL Category=1
access-list 102 deny   ip 10.1.10.0 0.0.0.3 any
access-list 102 deny   ip 10.1.3.0 0.0.0.255 any
access-list 102 deny   ip 192.168.101.0 0.0.0.3 any
access-list 102 deny   ip host 255.255.255.255 any
access-list 102 deny   ip 127.0.0.0 0.255.255.255 any
access-list 102 permit ip any any
access-list 102 permit ip 192.168.101.0 0.0.0.3 any
access-list 103 remark auto generated by SDM firewall configuration##NO_ACES_8##
access-list 103 remark SDM_ACL Category=1
access-list 103 permit tcp 10.1.10.0 0.0.0.3 any eq 2000
access-list 103 permit udp 10.1.10.0 0.0.0.3 any eq 2000
access-list 103 deny   ip 10.1.10.0 0.0.0.3 any
access-list 103 deny   ip 192.168.10.0 0.0.0.255 any
access-list 103 deny   ip 192.168.101.0 0.0.0.3 any
access-list 103 deny   ip host 255.255.255.255 any
access-list 103 deny   ip 127.0.0.0 0.255.255.255 any
access-list 103 permit ip any any
access-list 105 permit ip any any
snmp-server community public RO
tftp-server flash:/phones/521_524/cp524g-8-1-17.bin alias cp524g-8-1-17.bin
tftp-server flash:/phones/5x5/spa5x5-7-1-3c.bin alias spa5x5-7-1-3c.bin
tftp-server flash:/phones/525/spa525g-7-4-8.bin alias spa525g-7-4-8.bin
control-plane
bridge 1 route ip
bridge 100 route ip
voice-port 0/0/0
cptone GB
station-id name Cordless
station-id number 329
caller-id enable
voice-port 0/0/1
cptone AE
caller-id enable
voice-port 0/0/2
cptone AE
caller-id enable
voice-port 0/0/3
cptone AE
caller-id enable
voice-port 0/1/0
trunk-group ALL_FX0 64
translation-profile incoming INCOMING_CallerID_PROFILE
supervisory disconnect dualtone mid-call
supervisory custom-cptone UAE-CUSTOM
input gain 14
cptone GB
connection plar opx 511
impedance 600c
description Configured by CCA 4FXO-0/1/0-Custom-BG
bearer-cap Speech
caller-id enable
voice-port 0/1/1
trunk-group ALL_FX0 64
translation-profile incoming INCOMING_CallerID_PROFILE
supervisory disconnect dualtone mid-call
supervisory custom-cptone UAE-CUSTOM
input gain 14
cptone GB
connection plar opx 511
impedance 600c
description Configured by CCA 4 FXO-0/1/1-Custom-BG
bearer-cap Speech
caller-id enable
voice-port 0/1/2
trunk-group ALL_FX0 64
translation-profile incoming INCOMING_CallerID_PROFILE
supervisory disconnect dualtone mid-call
supervisory custom-cptone UAE-CUSTOM
supervisory dualtone-detect-params 1
input gain 14
cptone GB
connection plar opx 511
impedance 600c
description Configured by CCA 4 FXO-0/1/2-Custom-BG
bearer-cap Speech
caller-id enable
voice-port 0/1/3
trunk-group ALL_FX0 64
translation-profile incoming INCOMING_CallerID_PROFILE
supervisory disconnect dualtone mid-call
supervisory custom-cptone UAE-CUSTOM
input gain 14
cptone GB
connection plar opx 511
impedance 600c
description Configured by CCA 4 FXO-0/1/3-Custom-BG
bearer-cap Speech
caller-id enable
voice-port 0/4/0
auto-cut-through
signal immediate
input gain auto-control -15
description Music On Hold Port
sccp local Loopback0
sccp ccm 10.1.3.1 identifier 1 version 4.0
sccp
sccp ccm group 1
associate ccm 1 priority 1
associate profile 1 register confprof1
dspfarm profile 1 conference
description DO NOT MODIFY, active CCA conference profile - CCA2.0 codec729
codec g711ulaw
codec g711alaw
codec g729ar8
codec g729abr8
codec g729r8
codec g729br8
maximum sessions 2
associate application SCCP
dial-peer cor custom
name internal
name local
name local-plus
name international
name national
name national-plus
name emergency
name toll-free
dial-peer cor list call-internal
member internal
dial-peer cor list call-local
member local
dial-peer cor list call-local-plus
member local-plus
dial-peer cor list call-national
member national
dial-peer cor list call-national-plus
member national-plus
dial-peer cor list call-international
member international
dial-peer cor list call-emergency
member emergency
dial-peer cor list call-toll-free
member toll-free
dial-peer cor list user-internal
member internal
member emergency
dial-peer cor list user-local
member internal
member local
member emergency
member toll-free
dial-peer cor list user-local-plus
member internal
member local
member local-plus
member emergency
member toll-free
dial-peer cor list user-national
member internal
member local
member local-plus
member national
member emergency
member toll-free
dial-peer cor list user-national-plus
member internal
member local
member local-plus
member national
member national-plus
member emergency
member toll-free
dial-peer cor list user-international
member internal
member local
member local-plus
member international
member national
member national-plus
member emergency
member toll-free
dial-peer voice 1 pots
port 0/0/0
no sip-register
dial-peer voice 2 pots
port 0/0/1
no sip-register
dial-peer voice 3 pots
port 0/0/2
no sip-register
dial-peer voice 4 pots
port 0/0/3
no sip-register
dial-peer voice 5 pots
description ** MOH Port **
destination-pattern ABC
port 0/4/0
no sip-register
dial-peer voice 50 pots
description ** incoming dial peer **
incoming called-number ^AAAA$
port 0/1/0
dial-peer voice 51 pots
description ** incoming dial peer **
incoming called-number ^AAAA$
port 0/1/1
dial-peer voice 52 pots
description ** incoming dial peer **
incoming called-number ^AAAA$
port 0/1/2
dial-peer voice 53 pots
description ** incoming dial peer **
incoming called-number ^AAAA$
port 0/1/3
dial-peer voice 54 pots
description ** FXO pots dial-peer **
destination-pattern A0
port 0/1/0
no sip-register
dial-peer voice 55 pots
description ** FXO pots dial-peer **
destination-pattern A1
port 0/1/1
no sip-register
dial-peer voice 56 pots
description ** FXO pots dial-peer **
destination-pattern A2
port 0/1/2
no sip-register
dial-peer voice 2000 voip
description ** cue voicemail pilot number **
destination-pattern 388
b2bua
session protocol sipv2
session target ipv4:10.1.10.1
voice-class sip outbound-proxy ipv4:10.1.10.1
dtmf-relay rtp-nte
codec g711ulaw
no vad
dial-peer voice 6 pots
description "catch all dial peer for BRI/PRI"
translation-profile incoming nondialable
incoming called-number .%
direct-inward-dial
dial-peer voice 57 pots
description ** FXO pots dial-peer **
destination-pattern A3
port 0/1/3
no sip-register
dial-peer voice 69 pots
destination-pattern 329
port 0/0/0
dial-peer voice 300 pots
trunkgroup ALL_FX0
description Local Numbers
destination-pattern 9T
forward-digits 9
dial-peer voice 301 voip
destination-pattern 2..
session target ipv4:192.168.201.2
dial-peer voice 303 pots
trunkgroup ALL_FXO
trunkgroup ALL_FX0
description **InternationalCall**
destination-pattern 88T
dial-peer voice 304 pots
trunkgroup ALL_FX0
description *EM1*
destination-pattern 9[1-9]T
forward-digits 3
dial-peer voice 302 pots
trunkgroup ALL_FX0
description **Mobiles**
destination-pattern 9.[0-9].[0-9]......
dial-peer voice 305 pots
trunkgroup ALL_FX0
description **800-**
destination-pattern 9[0-9][0-9][0-9]T
no dial-peer outbound status-check pots
telephony-service
sdspfarm conference mute-on 111 mute-off 222
sdspfarm units 5
sdspfarm tag 1 confprof1
conference hardware
video
fxo hook-flash
max-ephones 40
max-dn 300
ip source-address 10.1.3.1 port 2000
max-redirect 20
auto assign 1 to 1 type bri
calling-number initiator
service phone videoCapability 1
service phone webAccess 0
service dnis overlay
service dnis dir-lookup
timeouts interdigit 5
system message American Center
url services http://10.1.10.1/voiceview/common/login.do
url authentication http://10.1.10.2/CCMCIP/authenticate.asp
load 521G-524G cp524g-8-1-17
load 525G spa525g-7-4-8
load 501G spa5x5-7-1-3c
load 502G spa5x5-7-1-3c
load 504G spa5x5-7-1-3c
load 508G spa5x5-7-1-3c
load 509G spa5x5-7-1-3c
time-zone 35
date-format dd-mm-yy
voicemail 388
max-conferences 8 gain -6
call-forward pattern .T
call-forward system redirecting-expanded
hunt-group logout HLog
moh MOH2.wav
multicast moh 239.10.16.16 port 2000
web admin system name cisco secret 5 $1$iDgA$MKNi2RWfsO0KjuC82kgLJ1
dn-webedit
time-webedit
transfer-system full-consult dss
transfer-pattern 9.T
transfer-pattern .T
secondary-dialtone 9
fac standard
create cnf-files version-stamp 7960 Aug 29 2012 12:00:04
line con 0
privilege level 15
logging synchronous
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
exec-timeout 0 0
logging synchronous
login local
transport input all
line vty 5 100
login local
transport input all
ntp master
end
Some of the output are not shown becaus it is to long I have attach the whole config for reference and any advice on how could I optimize and resolve my issues is greatly appreciated. Thanks

Nicolo - First off this stuff gets crazy sometimes. No worries about the exam. Sometimes when FXO ports go crazy it is due to battery reversal. If you go to the FXO port settings try turning battery reversal on and or off... depending on its current setting. See if that helps.
As for the 525s not registering.. These are inside the network correct? Are you connecting one directly to the UC500 with a Cat5E or Cat6 patch cable and the same thing happens? Does the MAC address on the phone match a MAC address under the EPHONE settings?
If you telnet into the UC500 can you execute a "dir" command at the CLI prompt and "CD" (change directory) into the phones folder and then the spa525g folder? Do files exist in there?
Also I only see an IP address under BVI100? This is the voice side of things what happened to the IP address under BVI1 (Data VLAN). Can you give us some information about the internal network? Cna you PING this phone system from the network? What IP address does it have?

Example wsdl and logical port for consumer proxy anyone ?

Hi,
Could please somebody give me an example of external WSDL file and logcial port created for the WSDL file in SOAMANAGER ?
I need to create manually logical port for my consumer proxy and I am missing something because my logical port is not active.
Any example is more than welcome.
I need to know how to populate fields manually on the following tabs based on the info in a WSDL file:
Consumer Security Additional Information Web Service Addressing Messaging Transport settings Message Attachments Operation specifi
Thanks and Regards
Agnieszka
The message, I am getting, when creating logical port is:
Operation 'SrtFmStatefulTf' not found [NS: 'urn:sap-com:document:sap:soap:functions:mc-style']
I think that maybe something is wrong with my wsdl.
Edited by: Agnieszka Domanska on Nov 17, 2010 5:41 PM

Hi Milan,
this kind of error occurs when there is no service and end point description in the WSDL of provider who's service you are trying to consume using Consumer Proxy.
Just open the provider's WSDL URL that you have given while creating Logical port for the consumer proxy and check if service and end point exists there.
Thanks
Sunil Singh

HA on 5508 and service ports

Similar Messages

Maybe you are looking for