HP and Cisco

We have a client with a Nexus 5000 at the ToR. They want to start migrating to a blade server environment for their new cloud infrastructure.
How does an HP blade server move FCoE traffic from a server CNA to the ToR? I need a definitive answer.
I posted this question on HPs forums, but they are horrifically slow.
Thanks

ok I see.
If the goal is to leverage the CNAs you have solutions :
1 - use passthrough modules in the c7000 and send all the wires to a Nexus 2232 at the top of the rack.
2 - use HP FlexFabric modules, it's some kind of "internal" FCoE and the module splits the I/O at the chassis level, on one side in Ethernet, and the other in FC
3 - there are rumours about a Nexus 4000 for HP coming soon. But it's only rumours.
Technically the only one that currently put FCoE at the top of the rack is the first one.

Similar Messages

Routing issue between Cisco Nexus and Cisco 4510 R+E Chassis

We have configured Cisco Nexus 7K9 as core and Cisco 4510 R+E as access switches for Server connectivity.
We are experiencing problem in terms of ARP learning and Ping issues between Cisco Nexus and end hosts.

Hi,
So you have N7k acting as L3 with servers connected to 4510?.
Do you see the MAC associated with failing ARP in 4510?. Is it happening with all or few servers?. Just to verify if it is connectivity issue between N7k and 4510, you can configure an SVI on 4510 and assign address from same raneg (server/core range) and perform a ping.
This will help narrow down if issue is between server to 4510 or 4510 to N7k.
Thanks,
Nagendra

Mavericks VPN dropouts with native VPN client and Cisco IPSec

Since update to Maverics I am experiencing VPN dropouts with native VPN client and Cisco IPSec
I am connecting via a WIFI router to a remote VPN server
The conenction is good for a while but eventually it drops out.
I had Zero issues in mountain lion and only have issues since the update to 10.9
I had similar issues in teh past with an unrelaibel wifi router but i am using a Verizon Fios router and it has worked impecably until mavericks
My thoughts are:
1 -issue with mavericks ( maybe the app sleep funciton affecting eithe VPN or WIFI daemons)
2- Issue with cisco router compaitibility or timing with Cisco IPSEC
3- Issue with WIFI itself on mavericks - some sort of WIFI software bug
Any thousuggestions?

Since update to Maverics I am experiencing VPN dropouts with native VPN client and Cisco IPSec
I am connecting via a WIFI router to a remote VPN server
The conenction is good for a while but eventually it drops out.
I had Zero issues in mountain lion and only have issues since the update to 10.9
I had similar issues in teh past with an unrelaibel wifi router but i am using a Verizon Fios router and it has worked impecably until mavericks
My thoughts are:
1 -issue with mavericks ( maybe the app sleep funciton affecting eithe VPN or WIFI daemons)
2- Issue with cisco router compaitibility or timing with Cisco IPSEC
3- Issue with WIFI itself on mavericks - some sort of WIFI software bug
Any thousuggestions?

Communication problem between Cisco 3560 and Cisco SG300.

Dear Support,
I have a Cisco SG300 and Cisco 3560 switches.
3560 is my Core Switch and SG300 is access switch.
From 3560 VLAN information is not passed to SG300.
3560 Configuration:
interface GigabitEthernet0/23
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,10,11
switchport mode trunk
SG300 Configuration:
interface gigabitethernet49
spanning-tree link-type point-to-point
switchport mode general
switchport general allowed vlan add 2,10-11 tagged
macro description switch
Please suggest how this issue is resolve.
Regards,
JItesh Mahajan.

Dear Aleksandra,
Below Configuration is right or wrong for 3560 and SG300.
3560 Configuration:
interface GigabitEthernet0/23
switchport trunk encapsulation dot1q
switchport trunk allowed vlan remove VLAN 1
switchport native vlan 1
switchport trunk allowed vlan 1,2,10,11
switchport mode trunk
SG300 Configuration:
interface gigabitethernet49
spanning-tree link-type point-to-point
switchport mode general
switchport general allowed vlan add 2,10-11 tagged
macro description switch
Regards,
JItesh Mahajan.

Site-to-Site VPN between Cisco ASA 5505 (8.4) and Cisco Router (IOS 15.2)

Hi, I'm trying to create Site-to-Site VPN between Cisco ASA 5505 and Cisco Router 3945.
I've tried create configuration with and without ASA wizard, but anyway it doesn't work.
Please help me to find where is the issue.
I have two sites and would like to get access from 192.168.83.0 to 192.168.17.0
192.168.17.0 --- S1.S1.S1.S1 (IOS Router) ==================== S2.S2.S2.S2 (ASA 5505) --- 192.168.83.0
Here is my current configuration.
Thanks for your help.
IOS Configuration
version 15.2
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 2
crypto isakmp key cisco address 198.0.183.225
crypto isakmp invalid-spi-recovery
crypto ipsec transform-set AES-SET esp-aes esp-sha-hmac
mode transport
crypto map static-map 1 ipsec-isakmp
set peer S2.S2.S2.S2
set transform-set AES-SET
set pfs group2
match address 100
interface GigabitEthernet0/0
ip address S1.S1.S1.S1 255.255.255.240
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map static-map
interface GigabitEthernet0/1
ip address 192.168.17.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
access-list 100 permit ip 192.168.17.0 0.0.0.255 192.168.83.0 0.0.0.255
ASA Configuration
ASA Version 8.4(3)
interface Ethernet0/0
switchport access vlan 2
interface Vlan1
nameif inside
security-level 100
ip address 192.168.83.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address S2.S2.S2.S2 255.255.255.248
ftp mode passive
same-security-traffic permit intra-interface
object network inside-network
subnet 192.168.83.0 255.255.255.0
object network datacenter
host S1.S1.S1.S1
object network datacenter-network
subnet 192.168.17.0 255.255.255.0
object network NETWORK_OBJ_192.168.83.0_24
subnet 192.168.83.0 255.255.255.0
access-list outside_access_in extended permit icmp any any echo-reply
access-list outside_access_in extended deny ip any any log
access-list outside_cryptomap extended permit ip 192.168.83.0 255.255.255.0 object datacenter-network
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool vpn_pool 192.168.83.200-192.168.83.254 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (inside,outside) source dynamic inside-network interface
nat (inside,outside) source static inside-network inside-network destination static inside-network inside-network no-proxy-arp route-lookup
nat (inside,outside) source static inside-network inside-network destination static datacenter-network datacenter-network no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_192.168.83.0_24 NETWORK_OBJ_192.168.83.0_24 destination static datacenter-network pdatacenter-network no-proxy-arp route-lookup
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 DEFAULT_GATEWAY 1
crypto ipsec ikev1 transform-set vpn-transform-set esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set vpn-transform-set mode transport
crypto ipsec ikev1 transform-set L2L_SET esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set L2L_SET mode transport
crypto dynamic-map dyno 10 set ikev1 transform-set vpn-transform-set
crypto map vpn 1 match address outside_cryptomap
crypto map vpn 1 set pfs
crypto map vpn 1 set peer S1.S1.S1.S1
crypto map vpn 1 set ikev1 transform-set L2L_SET
crypto map vpn 20 ipsec-isakmp dynamic dyno
crypto map vpn interface outside
crypto isakmp nat-traversal 3600
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
group-policy GroupPolicy_S1.S1.S1.S1 internal
group-policy GroupPolicy_S1.S1.S1.S1 attributes
vpn-tunnel-protocol ikev1
group-policy remote_vpn_policy internal
group-policy remote_vpn_policy attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec
username artem password 8xs7XK3To4s5WfTvtKAutA== nt-encrypted
username admin password rqiFSVJFung3fvFZ encrypted privilege 15
tunnel-group DefaultRAGroup general-attributes
address-pool vpn_pool
default-group-policy remote_vpn_policy
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group DefaultRAGroup ppp-attributes
authentication ms-chap-v2
tunnel-group S1.S1.S1.S1 type ipsec-l2l
tunnel-group S1.S1.S1.S1 general-attributes
default-group-policy GroupPolicy_S1.S1.S1.S1
tunnel-group S1.S1.S1.S1 ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:f55f10c19a0848edd2466d08744556eb
: end

Thanks for helping me again. I really appreciate.
I don't hve any NAT-exemptions in Cisco IOS Router. Transform-set I will change soon, but I've tried with tunnel mode and it didn't work.
Maybe NAT-exemptions is the issue. Can you advice me which exemptions should be in Cisco IOS Router?
Because on Cisco ASA I guess I have everything.
Here is show crypto session detail
router(config)#do show crypto session detail
Crypto session current status
Code: C - IKE Configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal, T - cTCP encapsulation
X - IKE Extended Authentication, F - IKE Fragmentation
Interface: GigabitEthernet0/0
Session status: DOWN
Peer: 198.0.183.225 port 500 fvrf: (none) ivrf: (none)
      Desc: (none)
      Phase1_id: (none)
IPSEC FLOW: permit ip 192.168.17.0/255.255.255.0 192.168.83.0/255.255.255.0
        Active SAs: 0, origin: crypto map
        Inbound: #pkts dec'ed 0 drop 0 life (KB/Sec) 0/0
        Outbound: #pkts enc'ed 0 drop 0 life (KB/Sec) 0/0
Should I see something in crypto isakmp sa?
pp-border#sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst             src             state          conn-id status
IPv6 Crypto ISAKMP SA
Thanks again for your help.

Transfer VOIP Calls Between Cisco Desk Phone and Cisco Jabber For IPhone 9.5

Does anyone know how to transfer an active voip call from a Cisco IP Desk Phone to Cisco Jabber for IPhone? I can transfer a call from Cisco Jabber for IPhone to my Cisco IP Desk Phone no problem. I put the call on hold and then click "Resume" on my Cisco IP Desk Phone. However I cannot do the same but the other way around. If I put the call on hold on my Cisco IP Desk Phone, I see "no active call" on my Jabber client. The only information I could find slighlty relevant was using the Mobility Key/Remote Destination Profile feature however this defeats the object as this will forward to an external number, e.g. mobile and I just want to transfer the call within the VOIP environment between the two devices that are using the same directory number.
I am using Cisco Call Manager 9.1(2), Cisco Presence 9.1 and Cisco Jabber for IPhone 9.5.
Any help would be greatly appreciated.
Kind Regards,
Paul Parker.

Did you ever find an answer to this ?
I am seeing the same behavior and trying so see if I can put calls on hold and pick them up both ways also.
The only answer I seem to have found is to use park instead
That would/should work but I would just prefer to hold/unhold
Just not sure why we would not be able to hold/unhold on what is essentially a "shared" line
Does anyone have this working for them ?

Cisco ISE 1.2 and Cisco ACS 5.4 patch 6 and support for snmp version 3

does anyone know if cisco ISE version 1.2 patch 8 and Cisco ACS 5.4 patch 6 support snmp version 3?
ciscoISE/admin(config)# snmp-server ?
community Set community string
contact    Text for mib object sysContact
host       Specify hosts to receive SNMP notifications
location   Text for mib object sysLocation
ciscoISE/admin(config)# snmp-server
Ciscoacs/admin(config)# snmp-server ?
community Set community string
contact    Text for mib object sysContact
host       Specify hosts to receive SNMP notifications
location   Text for mib object sysLocation
Ciscoacs/admin(config)# snmp-server

No support SNMP v3 on ISE v1.2 and 1.3 except for profilling
http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/cli_ref_guide/ise_cli/ise_cli_app_a.html#12768
http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/cli_ref_guide/b_ise_CLIReferenceGuide/b_ise_CLIReferenceGuide_chapter_0100.html#ID-1364-00000d30

Problem VOFR cisco 3810 and Cisco 1750

-I have a network with equipment 3810 Cisco and Cisco 1750 in topology in stars.
-The router central is a Cisco 3810 wthin a E1 connected to PBX
- other router in the network, have fxs wthin two port
- the network this working with vofr
- the problem is: from an equipment 1750 I can call to a Cisco 3810 but from an equipment 3810 I can not to a cisco 1750.
- but if I place debug in Cisco 1750 ( debug voice ccaip inout) I watch that the call this arriving
- the configurations de routers is OK
- please it can help me

---------------Debug voice ccaip inout-----------------------------------
ARBORAL-R#
ARBORAL-R#
ARBORAL-R#ter moni
ARBORAL-R#
*Mar 4 00:01:59.358: cc_api_call_setup_ind (vdbPtr=0x810920C0, callInfo={called=6250,called_oct3=0x0,calling=,calling_oct3=0x0,subscriber_type_str=Unknown,
fdest=1 peer_tag=0},callID=0x80FF6BB4)
*Mar 4 00:01:59.358: cc_api_call_setup_ind type 0 , prot 11
*Mar 4 00:01:59.362: cc_process_call_setup_ind (event=0x81093FA8) handed call to app "DEFAULT"
*Mar 4 00:01:59.362: sess_appl: ev(23=CC_EV_CALL_SETUP_IND), cid(1), disp(0)
*Mar 4 00:01:59.362: sess_appl: ev(SSA_EV_CALL_SETUP_IND), cid(1), disp(0)
*Mar 4 00:01:59.362: ccCallSetContext (callID=0x1, context=0x81074A5C)
*Mar 4 00:01:59.366: ssaCallSetupInd finalDest cllng(), clled(6250)
*Mar 4 00:01:59.366: ssaSetupPeer cid(1) peer list: tag(6250) called number (6250) tag(1) called number (6250)
*Mar 4 00:01:59.366: ssaSetupPeer rotary_dialpeer_status(1)
*Mar 4 00:01:59.366: ssaSetupPeer cid(1), destPat(6250), matched(4), prefix(), peer(81213410), peer->encapType (1)
*Mar 4 00:01:59.366: ccCallProceeding (callID=0x1, prog_ind=0x0)
*Mar 4 00:01:59.366: ccCallSetupRequest (Inbound call = 0x1, outbound peer =6250, dest=, params=0x81074A70 mode=0, *callID=0x8109F780)
*Mar 4 00:01:59.366: ccCallSetupRequest numbering_type 0x0
*Mar 4 00:01:59.366: dest pattern 6250, called 6250, digit_strip 1
*Mar 4 00:01:59.370: callingNumber=, calledNumber=6250, redirectNumber=
*Mar 4 00:01:59.370: accountNumber=, pinNumber=
*Mar 4 00:01:59.370: finalDestFlag=1, guid=06e4.bc49.8945.19b9.0000.0000.fdc3.ac59
*Mar 4 00:01:59.370: peer_tag=6250
*Mar 4 00:01:59.370: ccIFCallSetupRequestPrivate: (vdbPtr=0x81069AF4, dest=, callParams={called=6250,called_oct3=0x0, calling=,calling_oct3=0x0, subscriber_type_str=Unknown, fdest=1, voice_peer_tag=6250},mode=0x0) vdbPtr type = 6
*Mar 4 00:01:59.370: ccIFCallSetupRequestPrivate: (vdbPtr=0x81069AF4, dest=, callParams={called=6250, called_oct3 0x0,
calling=,calling_oct3 0x0,fdest=1, voice_peer_tag=6250}, mode=0x0)
*Mar 4 00:01:59.370: ccSaveDialpeerTag (callID=0x1, dialpeer_tag=
*Mar 4 00:01:59.370: ccCallSetContext (callID=0x2, context=0x810C043C)
*Mar 4 00:01:59.378: cc_api_call_proceeding(vdbPtr=0x81069AF4, callID=0x2,
prog_ind=0x0)
*Mar 4 00:01:59.378: cc_api_call_alert(vdbPtr=0x81069AF4, callID=0x2, prog_ind=0x8, sig_ind=0x1)
*Mar 4 00:01:59.378: sess_appl: ev(20=CC_EV_CALL_PROCEEDING), cid(2), disp(0)
*Mar 4 00:01:59.378: cid(2)st(SSA_CS_CALL_SETTING)ev(SSA_EV_CALL_PROCEEDING)
oldst(SSA_CS_MAPPING)cfid(-1)csize(0)in(0)fDest(0)
*Mar 4 00:01:59.382: -cid2(1)st2(SSA_CS_CALL_SETTING)oldst2(SSA_CS_MAPPING)
*Mar 4 00:01:59.382: ssaIgnore cid(2), st(SSA_CS_CALL_SETTING),oldst(1), ev(20)
*Mar 4 00:01:59.382: sess_appl: ev(7=CC_EV_CALL_ALERT), cid(2), disp(0)
*Mar 4 00:01:59.382: cid(2)st(SSA_CS_CALL_SETTING)ev(SSA_EV_CALL_ALERT)
oldst(SSA_CS_CALL_SETTING)cfid(-1)csize(0)in(0)fDest(0)
*Mar 4 00:01:59.382: -cid2(1)st2(SSA_CS_CALL_SETTING)oldst2(SSA_CS_MAPPING)
*Mar 4 00:01:59.382: ccCallAlert (callID=0x1, prog_ind=0x8, sig_ind=0x1)
*Mar 4 00:01:59.382: ccConferenceCreate (confID=0x8109F7F8, callID1=0x1, callID2=0x2, tag=0x0)
*Mar 4 00:01:59.382: cc_api_bridge_done (confID=0x1, srcIF=0x810920C0, srcCallID=0x1, dstCallID=0x2, disposition=0, tag=0x0)
*Mar 4 00:01:59.386: cc_api_bridge_done (confID=0x1, srcIF=0x81069AF4, srcCallID=0x2, dstCallID=0x1, disposition=0, tag=0x0)
*Mar 4 00:01:59.386: cc_api_caps_ind (dstVdbPtr=0x810920C0, dstCallId=0x1, srcCallId=0x2,
caps={codec=0xEBFB, fax_rate=0x7F, vad=0x3, modem=0x2
codec_bytes=0, signal_type=3})
*Mar 4 00:01:59.386: cc_api_caps_ind (Playout: mode 0, initial 56068,min 33034, max 5688)
*Mar 4 00:01:59.386: cc_api_caps_ind (dstVdbPtr=0x81069AF4, dstCallId=0x2, srcCallId=0x1,
caps={codec=0x8, fax_rate=0x2, vad=0x2, modem=0x1
codec_bytes=30, signal_type=2})
*Mar 4 00:01:59.386: cc_api_caps_ind (Playout: mode 0, initial 0,min 0, max 0)
*Mar 4 00:01:59.386: cc_api_caps_ack (dstVdbPtr=0x81069AF4, dstCallId=0x2, srcCallId=0x1,
caps={codec=0x8, fax_rate=0x2, vad=0x2, modem=0x1
codec_bytes=30, signal_type=2})
*Mar 4 00:01:59.386: cc_api_caps_ack (dstVdbPtr=0x810920C0, dstCallId=0x1, srcCallId=0x2,
caps={codec=0x8, fax_rate=0x2, vad=0x2, modem=0x1
codec_bytes=30, signal_type=2})
*Mar 4 00:01:59.390: cc_api_call_disconnected(vdbPtr=0x81069AF4, callID=0x2, cause=0xAC)
*Mar 4 00:01:59.390: sess_appl: ev(28=CC_EV_CONF_CREATE_DONE), cid(1), disp(0)
*Mar 4 00:01:59.390: cid(1)st(SSA_CS_CONFERENCING_ALERT)ev(SSA_EV_CONF_CREATE_DONE)
oldst(SSA_CS_MAPPING)cfid(1)csize(0)in(1)fDest(1)
*Mar 4 00:01:59.390: -cid2(2)st2(SSA_CS_CONFERENCING_ALERT)oldst2(SSA_CS_CALL_SETTING)
*Mar 4 00:01:59.390: sess_appl: ev(12=CC_EV_CALL_DISCONNECTED), cid(2), disp(0)
*Mar 4 00:01:59.394: cid(2)st(SSA_CS_CONFERENCED_ALERT)ev(SSA_EV_CALL_DISCONNECTED)
oldst(SSA_CS_CALL_SETTING)cfid(1)csize(0)in(0)fDest(0)
*Mar 4 00:01:59.394: -cid2(1)st2(SSA_CS_CONFERENCED_ALERT)oldst2(SSA_CS_CONFERENCING_ALERT)
*Mar 4 00:01:59.394: ssaDisconnectedAlert: redirect_numbers(0)
*Mar 4 00:01:59.394: ccConferenceDestroy (confID=0x1, tag=0x0)
*Mar 4 00:01:59.394: cc_api_bridge_drop_done (confID=0x1, srcIF=0x810920C0, srcCallID=0x1, dstCallID=0x2, disposition=0 tag=0x0)
*Mar 4 00:01:59.394: cc_api_bridge_drop_done (confID=0x1, srcIF=0x81069AF4, srcCallID=0x2, dstCallID=0x1, disposition=0 tag=0x0)
*Mar 4 00:01:59.394: sess_appl: ev(29=CC_EV_CONF_DESTROY_DONE), cid(1), disp(0)
*Mar 4 00:01:59.394: cid(1)st(SSA_CS_ALERT_DISC_CONF_DESTROYING)ev(SSA_EV_CONF_DESTROY_DONE)
oldst(SSA_CS_CONFERENCING_ALERT)cfid(1)csize(0)in(1)fDest(1)
*Mar 4 00:01:59.398: -cid2(2)st2(SSA_CS_ALERT_DISC_CONF_DESTROYING)oldst2(SSA_CS_CONFERENCED_ALERT)
*Mar 4 00:01:59.398: ssa: Disconnected cid(2) state(11) cause(0xAC)
*Mar 4 00:01:59.398: ssaCallDisconnectAlert: cid(2), peer-cid(1)
*Mar 4 00:01:59.398: ccCallDisconnect (callID=0x2, cause=0xAC tag=0x0)
*Mar 4 00:01:59.402: cc_api_call_disconnect_done(vdbPtr=0x81069AF4, callID=0x2, disp=0, tag=0x0)
*Mar 4 00:01:59.402: sess_appl: ev(13=CC_EV_CALL_DISCONNECT_DONE), cid(2), disp(0)
*Mar 4 00:01:59.402: cid(2)st(SSA_CS_ALERT_DISC_DISCONNECTING)ev(SSA_EV_CALL_DISCONNECT_DONE)
oldst(SSA_CS_CONFERENCED_ALERT)cfid(-1)csize(0)in(0)fDest(0)
*Mar 4 00:01:59.402: -cid2(1)st2(SSA_CS_ALERT_DISC_DISCONNECTING)oldst2(SSA_CS_ALERT_DISC_CONF_DESTROYING)
*Mar 4 00:01:59.406: ssaDisconnectDone: Rotary Retry cid(1) peer list: tag(1) called number (6250)
*Mar 4 00:01:59.406: ssaSetupPeer cid(1) peer list: tag(1) called number (6250)
*Mar 4 00:01:59.406: ssaSetupPeer rotary_dialpeer_status(2)
*Mar 4 00:01:59.406: ssaSetupPeer cid(1), destPat(6250), matched(0), prefix(), peer(81211DC4), peer->encapType (5)
*Mar 4 00:01:59.406: ccCallProceeding (callID=0x1, prog_ind=0x0)
*Mar 4 00:01:59.406: ccCallSetupRequest (Inbound call = 0x1, outbound peer =1, dest=, params=0x81074A70 mode=0, *callID=0x8109F7C0)
*Mar 4 00:01:59.406: ccCallSetupRequest numbering_type 0x0
*Mar 4 00:01:59.406: dest pattern ...., called 6250, digit_strip 0
*Mar 4 00:01:59.406: callingNumber=, calledNumber=6250, redirectNumber=
*Mar 4 00:01:59.406: accountNumber=, pinNumber=
*Mar 4 00:01:59.410: finalDestFlag=1, guid=06e4.bc49.8945.19b9.0000.0000.fdc3.ac59
*Mar 4 00:01:59.410: peer_tag=1
*Mar 4 00:01:59.410: ccIFCallSetupRequestPrivate: (vdbPtr=0x810920C0, dest=, callParams={called=6250,called_oct3=0x0, calling=,calling_oct3=0x0, subscriber_type_str=Unknown, fdest=1, voice_peer_tag=1},mode=0x0) vdbPtr type = 11
*Mar 4 00:01:59.410: ccSaveDialpeerTag (callID=0x1, dialpeer_tag=
*Mar 4 00:01:59.410: ccCallSetContext (callID=0x3, context=0x810C0D90)
*Mar 4 00:01:59.458: cc_api_call_proceeding(vdbPtr=0x810920C0, callID=0x3,
prog_ind=0x8)
*Mar 4 00:01:59.462: sess_appl: ev(20=CC_EV_CALL_PROCEEDING), cid(3), disp(0)
*Mar 4 00:01:59.462: cid(3)st(SSA_CS_CALL_SETTING)ev(SSA_EV_CALL_PROCEEDING)
oldst(SSA_CS_MAPPING)cfid(-1)csize(0)in(0)fDest(0)
*Mar 4 00:01:59.462: -cid2(1)st2(SSA_CS_CALL_SETTING)oldst2(SSA_CS_ALERT_DISC_CONF_DESTROYING)
*Mar 4 00:01:59.462: ssaIgnore cid(3), st(SSA_CS_CALL_SETTING),oldst(1), ev(20)
*Mar 4 00:01:59.466: cc_api_call_disconnected(vdbPtr=0x810920C0, callID=0x3, cause=0x3)
*Mar 4 00:01:59.466: sess_appl: ev(12=CC_EV_CALL_DISCONNECTED), cid(3), disp(0)
*Mar 4 00:01:59.466: cid(3)st(SSA_CS_CALL_SETTING)ev(SSA_EV_CALL_DISCONNECTED)
oldst(SSA_CS_CALL_SETTING)cfid(-1)csize(0)in(0)fDest(0)
*Mar 4 00:01:59.466: -cid2(1)st2(SSA_CS_CALL_SETTING)oldst2(SSA_CS_ALERT_DISC_CONF_DESTROYING)
*Mar 4 00:01:59.466: ssa: Disconnected cid(3) state(1) cause(0x3)
*Mar 4 00:01:59.470: ccCallDisconnect (callID=0x3, cause=0x3 tag=0x0)
*Mar 4 00:01:59.470: ccCallDisconnect (callID=0x1, cause=0x3 tag=0x0)
*Mar 4 00:01:59.470: cc_api_call_disconnect_done(vdbPtr=0x810920C0, callID=0x3, disp=0, tag=0x0)
*Mar 4 00:01:59.470: sess_appl: ev(13=CC_EV_CALL_DISCONNECT_DONE), cid(3), disp(0)
*Mar 4 00:01:59.474: cid(3)st(SSA_CS_DISCONNECTING)ev(SSA_EV_CALL_DISCONNECT_DONE)
oldst(SSA_CS_CALL_SETTING)cfid(-1
ARBORAL-R#
ARBORAL-R#
ARBORAL-R#

RSA SecurID and Cisco ACS integration for user(s) with enable mode

I thought I had this problem figured out but I guess not.
I have a Cisco 2621 router with IOS 12.2(15)T17. Behind the
router is a Gentoo linux, RSA SecurID 6.1 and Cisco ACS 3.2.
I use tacacs+ authentication for logging into the Cisco router
such as telnet and ssh. In the ACS I use "external user databases"
for authentication which proxy the request from the ACS over
to the RSA SecurID Server. I installed RSA Agents with
sdconf.rec file on the Cisco ACS server. I renamed "user group 1"
to be "RSA_SecurID" group. In the "External user databases" and
"database configurations" I assign SecurID to this "RSA_SecurID"
group.
Everything is working fine. In the "User Setup" I can see dynamic
user test1, test2,...testn listed in there as "dynamic users". In
other words, I can telnet into the router with my two-factor
SecurID.
The problem is that if test1 wants to go into "enable" mode with
SecurID login, I have to go into "test1" user setting and select
"TACACS+Enable Password" and choose "Use external database password".
After that, test1 can go into enable mode with his/her SecurID
credential.
Well, this works fine if I have a few users. The problem is that
I have about 100 users that I need to do this. The solution is
clearly not scalable. Is there a setting from group level that
I can do this?
Any ACS "experts" want to help me out here? Thanks.

That is not what I want. I want user "test1" to be able to do this:
C
Username: test1
Enter PASSCODE:
C2960>en
Enter PASSCODE:
C2960#
In other words, test1 user has to type in his/her RSA token password to get
into exec mode. After that, he/she has to use the RSA token password to
get into enable mode. Each user can get into "enable" mode with his/her
RSA token mode.
The way you descripbed, it seemed like anyone in this group can go directly
into enable mode without password. This is not what I have in mind.
Any other ideas? Thanks.

What is the difference in the features between Cisco prime 1.2 and Cisco prime 1.4 ?

Dears,
Please i need to know what is the difference in the features between Cisco prime infrastructure 1.2 and Cisco prime 1.4.
Already i see the release note for each one but the release indicate only the New feature for every one. so i need to know the difference between them not new features.
Wait your kind feedback plz
Regards,

Hi,
New Features and Enhancements
The following topics describe new features and enhancements in Cisco Prime Infrastructure 1.4.
Management Support for WLC Release 7.5
Support for 802.11ac Module
Support for Cisco AP 700
Policy Classification Engine
FlexConnect Audit Support
Autonomous AP Support
Client Stateful Switchover
Cable Modem Monitoring
Support for Secure File Transfer Protocol
and please go through the link and check the data sheet for further clearance.
http://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/prime-infrastructure/datasheet-c78-729879.html

Cisco Call Manager 5.1 and Cisco VoIP Gateways

Hi,
I have Cisco Call Manager 5.1 with Cisco 2800 series routers as a ISDN gateways and Cisco VG224/ATA 186 as POTS gateways. While Cisco Call Manager collects call statistics from 7900 series SCCP handsets managed by the Call Manager (number of VoIP packets, dropped frames etc.), it shows only one side of the call as it does not collect statistics from the Cisco routers (configured as H.323 gateways), the Cisco VG224 (with ports configured as H.323 gateways and as a SCCP devices) and Cisco ATA 186 (configured for SCCP).
Is the collection of these statistics possible? What needs to be done?
Thanks,
Paul

Update: Logging of QoS/Call Management Records (CMR) to Call Manager CDR database is not possible with H.323 gateways; only MGCP gateways:
http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_qanda_item09186a008020650a.shtml#qa4
Anyone know how to get the Cisco router gateway to log these statistics anyway using standard router logging mechanisms (e.g. syslog)?
Anyone know about calls to SCCP ports on Cisco VG224 or ATA 186?
Thanks,
Paul

Since I upgraded to Lion, my RSA securid token and Cisco VPN client doesn't work any longer. Anyone have suggestions on how to fix that?

Since upgrading to Lion, I can no longer use VPN because my RSA securid token and CIsco VPN Client won't load. Any suggestioins out there?

.

Cisco Prime network and cisco prime infrastructure

Hi,
What is the difference between Cisco Prime Network and Cisco Prime infrastructure.
Please advice.

I assume you are asking about Cisco Prime LAN Management System (LMS) vs. Cisco Prime Infrastructure (PI).
LMS is currently the leading Cisco offering for wired infrastructure management. It is the evolution of the earlier CiscoWorks LMS, CiscoWorks RWAN CiscoWorks 2000, CWSI, VLAN Director, original CiscoWorks classic etc. products going back almost 20 years.
PI is the equivalent Cisco offering for wireless LANs and is the successor to NCS and WCS products.
The overlap and confusion comes from the fact the Cisco is positioning PI as the overall wireless and wired management platform and gradually introducing wired network management features to make it equal (and eventually exceed) LMS's capabilities.
There is a comparison table here that shows the current differences. A major new release of PI (2.0) is due out shortly which will close many (but not all) of the gaps on that table.

RedHat Enterprise Cluster and Cisco IGMP Snooping/Querying

Has anyone else had any experience with IGMP Snooping/Querying and RedHat Enterprise Cluster?
We have been experiencing a large amount of problems with this functionality.
We are running IGMP Querying in our environment and we recently set up a second querier.
Here's the steps we took
Existing querier: 192.168.3.248
Everything was running fine.
Added a new querier on a different switch: 192.168.3.247
At this point, all of our RedHat Enterprise Clusters fenced themselves and needed to be restarted in order to restore
access. In order to restart the RedHat Enterprise Clusters, the physical servers must be rebooted.
Are there any known issues with RedHat Enterprise Clustering and Cisco Switches (3750
series)? I would expect the querier change to be seamless, but it does not seem that this
is the case.

Hi,
In our organizaiton we have Red Hat Cluster with 2 cisco switch (Model: cisco WS-C2960S-24TD-L, Version: "flash:/ c2960s-universalk9-mz.122-55.SE3/c2960s-universalk9-mz.122-55.SE3.bin").
- We are using HP Chassis c7000 and Server is on the chassis. There are 2 service IC & Med. Each server has one service primary and other secondary running.
- The two cluster switches are connected each other with Ether channer trunk (1+1) link. Also these 2 switches are connected to our Mgmt switch for Server Admin access to HP Chassis via OA port. The Red Hat system has cluster lan (pri & sec) & OA lan (01 & 02 of HP chassis) connected to Cluster switches. The Mgmt VLAN is 501 - 172.31.10.0/24.
Problem:
When the CluserSW01 goes down the cluser shifted to CluseterSW02 with Cluser_Secondary_LAN and OA2. But when the ClusterSW01 switch comes again than the communication breaks and cluster don come up.
I was thinking this is either STP or IGMP, well sure though. As these are production systems hence we also couldn't do much more test as well.
If you have face any such issue or have experience with it or know what the problem might be... kindly share with me.
Thanks,
Adnan

Anybody know the Roadmap for combining NAC Agent and Cisco AnyConnect?

Heard a rumor that Cisco is going to combine the functionality of the NAC Agent and Cisco AnyConnect as far as being an 802.1x supplicant, does anyone have any information about this? Like is it true and if so, any idea when it will happen?

Hi ,
There is no comitted plan for NAC and Anyconnect integration. But Anyconnect now comes with a module called NAM ( network access module) which can do dot1x as well.
Here is the link for that :
http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/administration/guide/ac04namconfig.html
Thanks
Waris

Juniper SSG and Cisco ACS v5.x Configuration

I searched for a long time unsuccessfully trying to find a resolution to my SSG320M and Cisco ACS v5.x TACACS dilemma. I finally got it working in my network, so I'm posting the resolution here in case anyone else is looking.
Configure the Juniper (CLI)
1. Add the Cisco ACS and TACACS+ configuration
     set auth-server CiscoACSv5 id 1
     set auth-server CiscoACSv5 server-name 192.168.1.100
     set auth-server CiscoACSv5 account-type admin
     set auth-server CiscoACSv5 type tacacs
     set auth-server CiscoACSv5 tacacs secret CiscoACSv5
     set auth-server CiscoACSv5 tacacs port 49
     set admin auth server CiscoACSv5
     set admin auth remote primary
     set admin auth remote root
     set admin privilege get-external
Configure the Cisco ACS v5.x (GUI)
1. Navigate to Policy Elements > Authorization and Permissions > Device Administration > Shell Profiles
        Create the Juniper Shell Profile.
        Click the [Create] button at the bottom of the page
                Select the General tab
                        Name:    Juniper
                        Description: Custom Attributes for Juniper SSG320M
                Select the Custom Attributes tab
                    Add the vsys attribute:
                        Attribute:                vsys
                        Requirement:       Manadatory
                        Value:                    root
                        Click the [Add^] button above the Attribute field
                    Add the privilege attribute:
                        Attribute:                privilege
                        Requirement:       Manadatory
                        Value:                    root
                                Note: you can also use 'read-write' but then local admin doesn't work correctly
                        Click the [Add^] button above the Attribute field
                Click the [Submit] button at the bottom of the page
2. Navigate to Access Policies > Access Services > Default Device Admin > Authorization
        Create the Juniper Authorization Policy and filter by Device IP Address.
        Click the [Customize] button at the bottom Right of the page
                Under Customize Conditions, select Device IP Address from the left window
                        Click the [>] button to add it
                Click the [OK] button to close the window
                Click the [Create] button at the bottom of the page to create a new rule
                        Under General, name the new rule Juniper, and ensure it is Enabled
                        Under Conditions, check the box next to Device IP Address
                                Enter the ip address of the Juniper (192.168.1.100)
                        Under Results, click the [Select] button next to the Shell Profile field
                                Select 'Juniper' and click the [OK] button
                        Under Results, click the [Select] button below the Command Sets (if used) field
                                Select 'Permit All' and ensure all other boxes are UNCHECKED
                        Click the [OK] button to close the window
                Click the [OK] button at the bottom of the page to close the window
                Check the box next to the Juniper policy, then move the policy to the top of the list
                Click the [Save Changes] button at the bottom of the page
3. Login to the Juniper CLI and GUI, and attempt to change something to verify privilege level.

Cisco Prime LMS is not designed to manage appliances like the ACS. ACS is not on the LMS supported device list and I would doubt that it would be as LMS's functions are mostly not applicable to the appliance or software running on it.
You can use ACS as an authentication source for LMS, but authorization is still role-based according to the local accounts on the LMS server.

HP and Cisco

Similar Messages

Maybe you are looking for