Starting with Cisco WAAS

Similar Messages

• Getting Starting With Cisco Wireless LAN Solution

  Can someone send me a link that will help me understand Cisco Wireless solution. I'm looking to install mybe the Aironet 1200 or 1300 wireless LAN. I need some good documentation so that I will fully understand the technology.
  Thanks,

  This should get you going.
  http://www.cisco.com/en/US/products/sw/cscowork/ps3915/index.html
  http://www.cisco.com/en/US/products/ps6379/index.html
  http://www.cisco.com/en/US/products/ps6305/index.html
  http://www.cisco.com/en/US/products/ps6386/index.html
  Hope these help.
  please remember to rate all replies

• Cisco WAAS moibile integrated with Symantec Backup Exec 2010

  Here customer requirement is to take backup of opened Database file .fdb
  (Microsoft Dynamic Navision) integrated with WAN optimization (Cisco WAAS
  mobile).
  Problem is  Cisco WAAS mobile is not optimizing  Symantec backup process when backup job is running.
  Please find attached files (WAAS mobile accleration status with symantec
  backup process).
  Customer is using Microsoft Dynamics Navision (ERP application).
  WAAS mobile client is connecting and file copy is accelerating, but
  symatec backup (beremote.exe) and Navision (fin.exe) processes are not
  accelerating.
  I added above processes in WAAS mobile server's acceleration list.
  Please advise if any changes has to made in WAAS mobile server.
  Regards
  Prasad
  Cell: 9000012355

  Hi Prasad,
  According to the screen shots provided the fin.exe process is bypassed due to Low Latency.  From the admin guide this means:
  Bypassed : Low Latency. The latency between the client and the application server is less than the latency threshold, which is 10 ms by default. This threshold may be modified on the Connection Settings tab on the Configure > Clients > Networking page.
  Also, I see SERVER.exe process is going to the same server or subnet as fin.exe but is bypassed due to Pre-Existing connection.
  Bypassed: Pre-existing Connection. When WAAS Mobile is started after other applications, the existing TCP connections associated with those applications will not be reset unless the “Auto Reset Connection” property has been selected for the process in the Accelerated Processes table, and hence, these pre-existing connections will be bypassed.
  Lastly, I see bermote.exe is listed as Bypass Reason Unknown in one of the screen shots.
  Bypassed : Reason Unknown. This message will occur when an attempt to reset a TCP connection associated with an application that has been configured to have these connections be automatically reset (via the Accelerated Processes table on the Configure > Clients > Acceleration page) fails.
  Is this client actually accessing a server that is remote for these first two processes?
  For the last process, did we try to first exit the application in question and all the associated processes (beremote, and any other processes that may get started with this application), then start the WAAS Mobile client, then finally start the associated process/application?
  Cheers,
  Mike Korenbaum
  P.S.  If this answers your question please mark it as such.

• Getting started with WAAS

  Hello everyone -
  We've recently purchased a Cisco WAAS solution 2x WAE 674 applicances, and I find myself running into a few questions.  I'm configuring the devices in a test enviornment, just to get familliar with the interfaces / OS / CLI.
  Our WAAS deployment is going to be fairly simple, one remote site (for now), with a DS3 as the pipe back to our datacenter.  I'm still in the middle of reading through the massive amount of documentation available for this product, but would just like to ask a few basic questions.  The WAAS boxes we purchased are the WAE-674's, with 4GB memory, and enterprise licenses.  The orignial quote didn't include inline adapters for these boxes, and I'm trying to figure out what the differences are between inline interception, and configuring WCCP on my routers.
  Another assumption that I'm making is that one of the boxes I'll need to configure as the central manager, and my remote box will be my WAE.  Or am I wrong about this do they both need to be configured as WAE's, and if I need to add another site later on, I can configure a CM box at that time.
  Any help is appreciated, I'm very comfortable with Cisco IOS / routers / switches / callmanager, but I'm fairly new to this product.
  Thanks!
  Jonathan Kloza
  Systems Engineer
  CACI Technologies

  Zach,
  I have done the change now for one of my wccp farm, with success.
  See below.
  Is there any command to see the loadbalacing?
  I can see there is equel connection on both with "sh statistics connection"
  Jan
  01#sh egress-methods
  Intercept method : WCCP
    TCP Promiscuous 61 :
        WCCP negotiated return method : WCCP GRE
                          Egress Method      Egress Method
        Destination        Configured            Used
        any          WCCP Negotiated Return  WCCP GRE
    TCP Promiscuous 62 :
        WCCP negotiated return method : WCCP GRE
                          Egress Method      Egress Method
        Destination        Configured            Used
        any          WCCP Negotiated Return  WCCP GRE
  Intercept method : Generic L2
                          Egress Method      Egress Method
        Destination        Configured            Used
        any          not configurable        IP Forwarding
  02#sh egress-methods
  Intercept method : WCCP
    TCP Promiscuous 61 :
        WCCP negotiated return method : WCCP GRE
                          Egress Method      Egress Method
        Destination        Configured            Used
        any          WCCP Negotiated Return  WCCP GRE
    TCP Promiscuous 62 :
        WCCP negotiated return method : WCCP GRE
                          Egress Method      Egress Method
        Destination        Configured            Used
        any          WCCP Negotiated Return  WCCP GRE
  Intercept method : Generic L2
                          Egress Method      Egress Method
        Destination        Configured            Used
        any          not configurable        IP Forwarding

• Cisco WAAS Prepositioning 0.0 bytes Copied........ :-(

  Good Evening All,
  I am having my first attempt of using the prepositioning function within Cisco WAAS running version 4.1.7a and its not going very well at all.........:-(
  We are trying to test a preposition of Microsoft Updates to a selection of Branch WAE devices but the "Amount Copied" is constantly sat on 0.0 bytes and never changes.
  Clearly i am doing something wrong and im hoping someone can advise, basically i create the Preposition task via the CM (also running 4.1.7a), i see the root folder i need (which has further subfolders benieth it) and select the folder, i submit this and it takes this with no problem, i assign the branch WAE's to this and its also submitted and accepted, i select schedule for "Now" and the preposition appears in the statuc tab however no matter how many hours its left it constantly sits at 0.0 Bytes - Clear something is wrong.
  Doing a "Sh run" on the branch WAE it sees the preposition task at the end of the config but still nothing. I am assuming this is down to the fact that the Data Centre WAE is not loading the files in the "staging" area, the Data Centre WAE has flows for the chosen Server when you do a "sh stat con" and can ping the server by name and ip address.
  Im at a lost of what to check next, we are not running the "legacy" WAFS as we first started running 4.1.3b and recently upgraded to 4.1.7a.
  Can anyone help......??
  Thanks in advance
  Craig

  Hi Mike,
  Thanks for your quick reply on this, i have a feeling you may have hit the nail on the head already with your first comment...... Doh.
  Ill give you an example of how the branch site is setup:-
  e.g. (not actual addressing used but gives you the idea)
  Branch Site
  int vlan 10
  ip address 10.10.10.1 255.255.255.192
  ip wccp 61 redirect in
  int vlan 11
  ip address 10.10.10.65 255.255.255.192
  ip wccp 61 redirect in
  int fa0/1
  description *** BRANCH WAE WAAS Device ***
  ip address 1.1.1.5 255.255.255.248
  Int se0/1/0
  172.1.1.1 255.255.255.252
  ip wccp 62 redirect in
  ip wccp 61 redirect-list 161
  ip wccp 62 redirect-list 162
  access-list 161 permit tcp 10.10.10.0 0.0.0.127 192.168.1.0 0.0.0.255
  access-list 162 permit tcp 192.168.1.0 0.0.0.255 10.10.10.0 0.0.0.127
  Data centre end:-
  This access-list is then replicated but in data centre but with the access-list 161 & 162 swapped - the 192.168.1.0 subnet is acting as the Data Centre server subnets.
  In the data centre the WAE will have an address of say 172.21.1.5 255.255.255.248.
  Is there any risk/implication of including the ip address ranges of the WAE devices themselves? currently we dont do this on any site where we have a WAE device and we are seeing great benefits still but i guess this will explain why the prepositioning is not working as the devices are not matching the ACL and therefore being denied redirection.
  Cheers
  Craig

• Help with cisco ISE 1.1.2.145 patch-3 to ISE 1.2.0.899-2-85601 upgrade procedure

  Need help from ISE experts/gurus in this forum.
  Due to a nasty bug in Cisco ISE (bug ID CSCue38827 ISE Adclient daemon not initializing on leave/join), this bug will make the ISE stopping working completely and a reboot is required (very nice bug from cisco) .  This leaves me no choice but to upgrade to version 1.2.0.899-2-85601. 
  Scenario: 
  - 4 nodes in the environment running ISE version 1.1.2.145 patch 3
  - node 1 is Primary Admin and Secondary Monitoring - hostname is node1
  - node 2 is Secondary Admin and Primary Monitoring - hostname is node2
  - node 3 is Policy service node - hostname is node3
  - node 4 is Policy service node - hostname is node4
  Objective:  Upgrade the ISE environment to ISE version 1.2 with patch version 1.2.0.899-2-85601.
  My understand  is that I have to upgrade the existing environment from ISE version 1.1.2.145 patch 3
  to ISE version 1.1.2.145 patch 10 (patch 10 was released on 10/04/2013) before I can proceed with
  upgrading to ISE version 1.2 and patch it with 1.2.0.899-2-85601. 
  Can I patch my exsiting environment from 1.1.2 patch 3 to patch 10 prior to upgrading to version 1.2.0.899-2-85601?
  I look at Cisco website and patch 10 was released on 10/04/2013 while version 1.2 was released back in 07/05/2013.
  I am trying to get a definite answer from Cisco TAC but it seems like they don't know either. 
  Question #1:  How do I proceed with upgrading the current ISE environment from 1.1.2.145 patch 3 to 1.1.2.145 patch 10?
  Propose solution: 
  step #1: make ISE node1 to be both Primary Admin and Primary monitoring.  ISE node2 is now Secondary Admin and Secondary Monitoring. 
           Then go ahead and apply ISE version 1.1.2.145 patch 10 to ISE node2 via the GUI,
  step #2: Once ISE node2 patch 10 is completed, make node2 Primary Admin and Primary Monitoring.  At this point, apply ISE 1.1.2.145 patch 10
           to ISE node1 via the GUI,
  step #3: Once ISE node1 patch 10 is completed, make node1 Primary Admin and Secondary Monitoring and node2 Secondary Admin and Primary Monitoring,
  step #4: apply ISE 1.1.2.145 patch 10 to ISE Policy Service node3.  Once that is completed, verify that node2 is working and accepting traffics,
  step #5: apply ISE 1.1.2.145 patch 10 to ISE Policy Service node4.  Once that is completed, verify that node2 is working and accepting traffics,
  Question #2: How do I proceed with upgrading the current ISE environment from 1.1.2.145 patch 10 to ISE version 1.2 with patch version 1.2.0.899-2-85601?
  Propose solution:
  step #1:  Make ISE node1 the Primary Admin and Primary monitoring.  At this point ISE node2 will become Secondary Admin and Secondary Monitoring
  step #2:  Perform upgrade on the ISE node2 via the command line "application upgrade <app-bundle> <repository>".  Once ISE node2 upgrade is completed, it will
            form a new ISE 1.2 cluster independent of the old cluster,
  step #3:  Perform upgrade on the ISE Policy Service node3 via the command line "application upgrade <app-bundle> <repository>".  After the upgrade the ISE
            Policy Service Node3 will automatically joins the ISE node2 which is already in version 1.2
  step #4:  Perform upgrade on the ISE Policy Service node4 via the command line "application upgrade <app-bundle> <repository>".  After the upgrade the ISE
            Policy Service Node4 will automatically joins the ISE node2 which is already in version 1.2
  step #5:  At this point the only node remaining in the 1.1.2.145 patch 10 is the ISE node1 Primary Admin and Primary Monitoring
  step #6:  Check and see if there are any more PSN's registered in ISE node1 (there should not be any)
  step #7:  Perform the upgrade on the ISE node1 from command line  "application upgrade <app-bundle> <repository>"
  step #8:  Once upgrade on ISE node1 is complete, ISE node1 will automatically join the new ISE 1.2 cluster,
  step #9:  Make ISE node1 Primary Admin and Secondary and ISE node2 Secondary Admin and Primary Monitoring,
  Question #3:  How do I proceed with upgrading the current ISE environment from 1.2 patch0 to 1.2.0.899-2-85601?
  Propose solution: 
  step #1: make ISE node1 to be both Primary Admin and Primary monitoring.  ISE node2 is now Secondary Admin and Secondary Monitoring. 
           Then go ahead and apply ISE 1.2.0.899-2-85601 to ISE node2 via the GUI,
  step #2: Once ISE node2 1.2.0.899-2-85601 is completed, make node2 Primary Admin and Primary Monitoring.  At this point, apply 1.2.0.899-2-85601
           to ISE node1 via the GUI,
  step #3: Once ISE node1 patch 10 is completed, make node1 Primary Admin and Secondary Monitoring and node2 Secondary Admin and Primary Monitoring,
  step #4: apply ISE 1.2.0.899-2-85601 to ISE Policy Service node3.  Once that is completed, verify that node2 is working and accepting traffics,
  step #5: apply ISE 1.2.0.899-2-85601 to ISE Policy Service node4.  Once that is completed, verify that node2 is working and accepting traffics,
  does these steps make sense to you?
  Thanks in advance.

  David,
  A few answers to your questions -
  Question 1: My recommendation is to follow vivek's blog since most fixes and upgrade steps are provided there - I would recommend installing the patch that was release prior to the 1.2 release date since the directions to "install the latest patch" would put you at the version of when the ISE 1.2 was released
  https://supportforums.cisco.com/community/netpro/security/aaa/blog/2013/07/19/upgrading-to-identity-services-engine-ise-12
  You do not have the ability to install ISE patch through the GUI on any of the "non-primary" nodes (you can use the cli commmand to achieve this), the current patching process was designed so you can install the patch on the primary admin node and it will then roll the patches out to the entire deployment (one node at at time). I painfully verified this by watching the services on each node and when a node was up and operational the next node would start the patching process. First the admin nodes then the PSNs.
  Every ISE upgrade that I have attempted as not been flawless and I can assure you that I have done an upgrade on 1.1.2 patch 3 and this worked fine, however I used the following process. You will need the service account information that is used to join your ISE to AD.
  I picked the secondary admin/monitoring node and made it a standalone node by deregistering (much like the old procedure) in your case this will be node2.
  I backed up the certificates from the UI and the database from the CLI (pick the local disk or ftp-your choice).
  I reset the database and ran the upgrade script (since I did not have access to the vsphere console or at the location of the non UCS hardware [for a 1.1.4 upgrade]).
  Once the upgrade was completed I then restored the 1.1.x database, ISE 1.2 now has the ability to detect the version of the database that is restored and will perform the migration for you.
  Once the restore finished, I then restored the certificate and picked one of the PSNs
  backup the cert,
  Had the AD join user account handy
  reset-db,
  and run the upgrade script.
  Once that is done I then restore the cert
  Join the PSN to the new deployment
  Join both nodes to AD through primary admin node
  Monitor for a few days (seperate consoles to make sure everything runs smooth)
  If anything doesnt look or feel right, you can shut down the 1.2 PSN and force everything through the existing 1.1.2 setup and perform some investigation, if it all goes smooth you can then follow the above step for the other two nodes, starting with the last PSN and the the last admin node.
  Thanks and I hope that helps,
  Tarik Admani
  *Please rate helpful posts*

• Catalyst 2960 Problem with Cisco SPA512

  Hi there,
  I hope someone can help me.
  I don't have much experience with switches, I'm doing the desktop support in our company.
  We have Catalyst 4510 R+E to 2 Catalyst 2960 switches and seperate VLAN's for IP Phones and for Internet in one part of our office.
  Now I'm running into trouble with some IP Phones that are connected to the 2960 switches. It appears only to happen with Cisco's SPA-512. I've tried FW 7.5.2, 7.5.5 and 7.5.5b. These phones sporadically drop the call / connection, with the red MIC button blinking. Based on my research this means that it looses Internet connection. I have 1 SPA512 with FW 7.5.1 that does not show these symptoms.
  I have other phones SPA942 and Polycom IP335 in the same area behind the same switches and no issues.
  We've tried to disable auto negotiate and set a fixed transmition rate or either 1Gbps and 100Mbps, both without success.
  I also have SPA512 in other areas of the office just connected to our Catalyst 4510 R+E and they work just fine. That's why I don't believe it has anything to do with the 4510, but I can be wrong.
  That's all I have for you guys. Hope someone can help me to fix / troubleshoot this..
  Frank

  SSwitch3#test cable-diagnostics tdr int g1/0/16
  TDR test started on interface Gi1/0/16
  A TDR test can take a few seconds to run on an interface
  Use 'show cable-diagnostics tdr' to read the TDR results.
  SSwitch3#show cable-diagnostics tdr int g1/0/16
  TDR test last run on: June 27 13:39:21
  Interface Speed Local pair Pair length        Remote pair Pair status
  Gi1/0/16  1000M Pair A     52   +/- 10 meters Pair A      Normal
                  Pair B     52   +/- 10 meters Pair B      Normal
                  Pair C     52   +/- 10 meters Pair C      Normal
                  Pair D     52   +/- 10 meters Pair D      Normal
  SSwitch3#

• Ask the Experts: Single Sign-On with Cisco WebEx Meetings Server, Internet Reverse Proxy, and Enterprise License Manager Solutions

  With Arun Kumar
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about Single Sign-On (SSO) with Cisco WebEx Meetings Server (Cisco WMS), Internet Reverse Proxy (IRP), and Enterprise License Manager (ELM) solutions.
  SSO standards such as Security Assertion Markup Language (SAML) 2.0 provide secure mechanisms for passing credentials and related information between different websites that have their own authorization and authentication systems. SSO enables simplified user authentication and management.
  IRP provides public access, enabling users to host or attend meetings from the Internet and mobile devices. Although IRP is optional, Cisco encourages its use because it provides a better user experience for your mobile workforce.
  Example question topics include:
  SSO profiles and SAML 2.0 Identity providers (IdPs) supported in Cisco WMS
  Basic configuration of IdPs
  Interaction between IdPs and Cisco WMS
  Difference between the cloud client implementation and Cisco WMS
  Meeting access behavior in a split-horizon network topology with SSO
  How to enable public access to Cisco WMS
  Cisco WMS ELM operations
  Cisco WMS ELM compared to other unified communications ELM or standalone ELM and compatibility/inoperability between them
  Arun Kumar is a team lead in the San Jose Conferencing Technical Assistance Center. He has over eight years of experience in conferencing technology and specializes in Cisco Unified Meeting Place Express and Cisco WebEx Meeting Server. He joined Cisco in 2010 as an escalation engineer for the Cisco Telepresence group. Before joining Cisco he worked for the UK's third-largest internet service provider Supanet on VoIP technology and the *Nix domain. Kumar holds a master of science degree in computer science from Sikkim Manipal University in India, and he holds CCIE (Voice) and VMware Certified Professional certifications.
  Remember to use the rating system to let Arun know if you have received an adequate response.
  Arun might not be able to answer each question because of the volume expected during this event. Remember that you can continue the conversation on the Collaboration, Voice, and Video community Other Subjects subcommunity shortly after the event. This event lasts through Monday May 17, 2013. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Hello Mobile Service,
  CWMS and Jabber integrations:
  http://www.cisco.com/en/US/docs/voice_ip_comm/jabber/Windows/9_1/JABW_BK_E4CC9599_00_environment-configuration-guide_chapter_01.html#JABW_TK_SF2ED5E1_00
  In above link start from section: Set Up Cisco WebEx Meetings Server on Cisco Unified Presence
  then move to section: Add Cisco WebEx Meetings Server to a Profile
  Once done, move to section: Specify Conferencing Credentials in the Client side. You will see above server already listed there, just go ahead and enter your username and password (pleae make sure this user already exists on your CWMS) and accept any certificate/s if presented. Jabber Integration is done and you can start testing the same.
  Attached CWMS - AFDS integration doc.
  Please let me know if any furhter question.
  Thanks, Arun

• Accounting problem with CISCO 5200

  Hello!
  I have CISCO 5200 with the following config:
  aaa accounting delay-start
  aaa accounting update periodic 5
  aaa accounting network default start-stop radius
  Also, I have radius server (freeradius) connected with SQL database.
  Alive-packets (from cisco) don't include information about sent/received bytes (AcctInputOctects/AcctOutputOctets), however, the "Stop
  records" include such information.
  So, is it possible to enable AcctInputOctects/AcctOutputOctets in the alive-packets from CISCO 5200? How?
  Sincerely Yours,
  Axe Sky

  Axe Sky,
  Could you help me with how you did your config on the freeradius server? I am currently trying to configure 802.1x port authentication on a 2950 but really have no idea were to start with the freeradius server. I have looked at the text files but not sure what to configure to make this work. Any help in this matter would be greatly appreciated.

• Getting Started with Wireless: Wireless configuration on 877W router - STUC

  Just letting you know that I've already posted an identical post under "Getting Started with Wireless" but don't feel that I'm getting any attention so I made another post. Thank you.
  Hi all
  I have a Cisco 877W router running IOS v 12.4(15)T3. Have been trying to configure wireless to run WPA-PSK and is stuck at the final stage. Spent a lot of time configuring the router using CLI but ended up using the Web GUI interface. I was able to configure the wireless settings (I think) but failed when connecting to the router from WinXP-SP2 and was wondering if you have any suggestion for me. I've ran the following debugs on the router:
  VNRouter#sho debug
  DHCP server event debugging is on.
  dot11:
  802.1X module WPA/WPA-PSK/CCKM key management debugging is on
  dot11 Syslog debugging is on
  Below is the error message when connecting wirelessly
  *Mar 4 18:46:25.655: *** Not encrypted dot1x packet from 001b.771a.dbad has been discarded
  VNRouter#
  *Mar 4 18:46:25.659: %DOT11-6-ASSOC: Interface Dot11Radio0, Station VNRouter 001b.771a.dbad Associated SSID[VN-WiLess1] AUTH_TYPE[OPEN] KEY_MGMT[WPA PSK]
  VNRouter#
  *Mar 4 18:47:25.571: *** Not encrypted dot1x packet from 001b.771a.dbad has been discarded
  *Mar 4 18:47:25.575: *** Not encrypted dot1x packet from 001b.771a.dbad has been discarded
  *Mar 4 18:47:25.575: *** Not encrypted dot1x packet from 001b.771a.dbad has been discarded
  *Mar 4 18:47:25.579: *** Not encrypted dot1x packet from 001b.771a.dbad has been discarded.
  I've created two VLANs (and tied these two vlans to 2 separate SSID) on this router for a reason and so far has not been able to connect to any of them (SSID). I've also attached the config so you can have a look. Thanks in advance for your help.

  The configuration looks fine. In most cases, the connectivity issues with WPA-PSK is due to the mismatch in PSK on the Client and the AP. Try re-entering the PSK key on both the router and the client and check if you are seeing any issues.

• Starting a Cisco call manager express

  I have a cisco 2651 with Cisco call manager express.
  I have too 15 IP telephones 7902G
  The configuration is in factory default.
  Ì have to create an IP pbx and extensions of a municipality with that components.
  I's like that anybody helps me in the starting configuration, Where can I find good documentation about a tipical case like this?
  I have a lot experience in networking and IP telephony but I'm newbie in CCME.
  Regards

  To begin the configuration use "telephony-service setup" command which will prompt you for some of the basic configuration ie how many phones, starting DN, etc. To add additional feature refer to the admin guide provided by Jorge link.
  Chris

• IPS Tech Tips: IPS Best Practices with Cisco Remote Management Services

  Hi Folks -
  Another IPS Tech Tip coming up and this time we will be hearing from some past and current Cisco Remote Services members on their best practice suggestions. As always these are about 30 minutes of content and then Q&A - a low cost high reward event.
  Hope to see you there.
  -Robert
  Cisco invites you to attend a 30-45 minute Web seminar on IPS Best   Practices delivered via WebEx. This event requires registration.
  Topic: Cisco IPS Tech Tips - IPS Best Practices with Cisco Remote Management   Services
  Host: Robert Albach
  Date and Time:
  Wednesday, October 10, 2012 10:00 am, Central Daylight Time (Chicago,   GMT-05:00)
  To register for the online event
  1. Go to https://cisco.webex.com/ciscosales/onstage/g.php?d=203590900&t=a&EA=ralbach%40cisco.com&ET=28f4bc362d7a05aac60acf105143e2bb&ETR=fdb3148ab8c8762602ea8ded5f2e6300&RT=MiM3&p
  2. Click "Register".
  3. On the registration form, enter your information and then click   "Submit".
  Once the host approves your registration, you will receive a confirmation   email message with instructions on how to join the event.
  For assistance
  http://www.webex.com
  IMPORTANT NOTICE: This WebEx service includes a feature that allows audio and   any documents and other materials exchanged or viewed during the session to   be recorded. By joining this session, you automatically consent to such   recordings. If you do not consent to the recording, discuss your concerns   with the meeting host prior to the start of the recording or do not join the   session. Please note that any such recordings may be subject to discovery in   the event of litigation. If you wish to be excluded from these invitations   then please let me know!

  Hi Marvin, thanks for the quick reply.
  It appears that we don't have Anyconnect Essentials.
  Licensed features for this platform:
  Maximum Physical Interfaces       : Unlimited      perpetual
  Maximum VLANs                     : 100            perpetual
  Inside Hosts                      : Unlimited      perpetual
  Failover                          : Active/Active  perpetual
  VPN-DES                           : Enabled        perpetual
  VPN-3DES-AES                      : Enabled        perpetual
  Security Contexts                 : 2              perpetual
  GTP/GPRS                          : Disabled       perpetual
  AnyConnect Premium Peers          : 2              perpetual
  AnyConnect Essentials             : Disabled       perpetual
  Other VPN Peers                   : 250            perpetual
  Total VPN Peers                   : 250            perpetual
  Shared License                    : Disabled       perpetual
  AnyConnect for Mobile             : Disabled       perpetual
  AnyConnect for Cisco VPN Phone    : Disabled       perpetual
  Advanced Endpoint Assessment      : Disabled       perpetual
  UC Phone Proxy Sessions           : 2              perpetual
  Total UC Proxy Sessions           : 2              perpetual
  Botnet Traffic Filter             : Disabled       perpetual
  Intercompany Media Engine         : Disabled       perpetual
  This platform has an ASA 5510 Security Plus license.
  So then what does this mean for us VPN-wise? Is there any way we can set up multiple VPNs with this license?

• Utilizing Cisco WAAS (Wide area application server) to optimize CAD traffic

  Hi all,
  Has anyone used Cisco WAAS (Wide Area Application Server) to optimize CAD traffic for agents sitting at remote site ? if so, does the remote agent really notice any improvement login to CAD or while working in CAD ?
  Thanks in advance for any inputs / suggestions !!!
  D.

  Hi,
  The push-down, the WAAS will push down the signed SMB traffic to Generic AO.
  Be aware that if you turn on SMB signing the optimzations performed will only be TFO/DRE/LZ. The signed SMB/SMBv2traffic is optimized, not accelerated with SMB AO like unsigned SMB/SMBv2 traffic.
  We know this is confusing, whence: CSCub42695.
  I hope answers at least some of your questions.
  Regards,
  Abhishek

• Issue with cisco ONS 15310. Slot with Ethernet ports, designed for bridging.

  Hi, guys. I’ve got an issue with cisco ONS 15310 sdh optical network. I’ve got a special slot with Ethernet ports, designed for bridging. Assume, we’ve got to multiplexers, named A and B with ports A0 and B0 respectively. The ios console of these slots says, the configuration is as follows:
  no ip address set on these ports
  Ports are administratively up
  Auto mdix
  Bridge groups are the same on these ports.
  Dot1q tunnel.
  I’m trying to monitor a device with an ip-address connected to port B0. It answers ping if I connect the notebook directly to a device. But if I connect the notebook to port A0 and ping the device pluged in port B0 through the optical network, it doesn’t answer. I tried connections with straight and cross cable.
  Guys, who set the network said, it should work as a point to point bridge with no extra configuration. But it doesn’t. I used wireshark sniffer to lookup what’s happening on port A0. All I see is cdp-s from port A0 and self-announcements of the notebook.
  Any suggestions? Thank you in advance.

  B
  Building configuration...
  Current configuration : 3712 bytes
  ! Last configuration change at
  version 12.2
  no service pad
  service timestamps debug uptime
  service timestamps log uptime
  no service password-encryption
  hostname B
  boot-start-marker
  boot-end-marker
  enable password -
  clock timezone -
  ip subnet-zero
  no ip domain-lookup
  no mpls traffic-eng auto-bw timers frequency 0
  bridge 100 protocol ieee
  bridge 140 protocol ieee
  bridge 141 protocol ieee
  bridge 142 protocol ieee
  bridge 143 protocol ieee
  bridge 144 protocol ieee
  interface Loopback0
  ip address 192.x.0.x 255.255.255.255
  interface FastEthernet0
  description -
  no ip address
  mode dot1q-tunnel
  bridge-group 140
  bridge-group 140 spanning-disabled
  interface FastEthernet1
  description --- B0 ---
  no ip address
  mode dot1q-tunnel
  bridge-group 141
  bridge-group 141 spanning-disabled
  interface FastEthernet2
  description -
  no ip address
  mode dot1q-tunnel
  bridge-group 142
  bridge-group 142 spanning-disabled
  interface FastEthernet3
  description -
  no ip address
  mode dot1q-tunnel
  bridge-group 143
  bridge-group 143 spanning-disabled
  interface FastEthernet4
  description -
  no ip address
  mode dot1q-tunnel
  bridge-group 144
  bridge-group 144 spanning-disabled
  interface FastEthernet5
  no ip address
  shutdown
  interface FastEthernet6
  no ip address
  shutdown
  interface FastEthernet7
  description -
  no ip address
  shutdown
  mode dot1q-tunnel
  bridge-group 100
  bridge-group 100 spanning-disabled
  interface POS0
  description -
  no ip address
  crc 32
  interface POS0.1
  encapsulation dot1Q 141
  no snmp trap link-status
  bridge-group 141
  interface POS0.2
  encapsulation dot1Q 142
  no snmp trap link-status
  bridge-group 142
  interface POS0.3
  encapsulation dot1Q 143
  no snmp trap link-status
  bridge-group 143
  interface POS0.4
  encapsulation dot1Q 144
  no snmp trap link-status
  bridge-group 144
  interface POS0.5
  description -
  encapsulation dot1Q 140
  no snmp trap link-status
  bridge-group 140
  interface POS1
  no ip address
  crc 32
  interface POS1.1
  encapsulation dot1Q 100
  no snmp trap link-status
  bridge-group 100
  router ospf 100
  log-adjacency-changes
  network 192.x.0.x 0.0.0.0 area 0
  ip default-gateway [x.x.x.x]
  ip classless
  no ip http server
  snmp-server community public RO
  snmp-server ifindex persist
  snmp-server trap link ietf
  snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
  snmp-server enable traps tty
  snmp-server enable traps config
  snmp-server enable traps cpu threshold
  snmp-server enable traps entity
  snmp-server enable traps syslog
  snmp-server enable traps hsrp
  snmp-server enable traps config-copy
  snmp-server enable traps bridge
  snmp-server enable traps ospf state-change
  snmp-server enable traps ospf errors
  snmp-server enable traps ospf retransmit
  snmp-server enable traps ospf lsa
  snmp-server enable traps ospf cisco-specific state-change
  snmp-server enable traps ospf cisco-specific errors
  snmp-server enable traps ospf cisco-specific retransmit
  snmp-server enable traps ospf cisco-specific lsa
  snmp-server enable traps bgp
  snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
  snmp-server enable traps ipmulticast
  snmp-server enable traps rtr
  snmp-server enable traps mpls traffic-eng
  snmp-server enable traps mpls ldp
  snmp-server enable traps rsvp
  snmp-server enable traps l2tun session
  snmp-server enable traps mpls vpn
  snmp-server host x.x.x.x public
  control-plane
  line con 0
  line vty 0 4
  password -
  logging synchronous level 4
  login
  end

• Afaria 7 SP3 integration with Cisco ISE

  Hi,
  I am trying to find the configuration procedure that is needed for Afaria MDM to integrate with Cisco ISE 1.2.
  1. What service should be installed/enabled?
  2. Which port or service path (<IP:port/abc/xyz?>) it will listen for the communication from Cisco ISE?
  3. Cisco ISE uses REST API to communicate with Afaria. Does this require REST API installation or service activation?
  4. What type certificates are supported in Afaria for this integration.
  5. Anything that related to this topic.
  Appreciate if someone can provide the configuration procedure or any information possible.
  Regards,
  Mudasir Abbas

  From the user guide it seems that LDAP only allows you to strip the prefix/suffix and can't add the suffix.
  http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_man_id_stores.html#wp1054421
  Strip start of subject name up to the last occurrence of the separator
  Strip end of subject name from the first occurrence of the separator
  Regards,
  Jatin
  Do rate helpful posts-