Sign up and stay connected to your favorite communities.

sign uplog in
Coming soon

You can review the material from all sessions, not just the ones you attended, online after the event.

see more
1 point · 3 days ago

1st time attendee here... any idea when they put those up? There were a few sessions they miss that I'm really wanting to watch the recordings of and review the slidedecks.

Spark, now WebEx Teams, is meant to replace Jabber and provide a consistent experience across PC/mobile devices, room kits, spark boards, and telepresence endpoints. Scheduling and joining WebEx meetings is easier when everything is on the same platform. You can do 100% cloud or you can leverage on-prem CUCM, PSTN, and media resources.

see more
1 point · 3 days ago

Just note, Teams isn't a full Jabber replacement yet. Jabber still does some things like the handset phone control and presence.

Nice! When the 7ks first came out, we had to have our firewall interconnect VLANs peeled away and onto their own links. Then we discovered OSPF wouldn't allows adjacencies to form across the peer link. We ended up having to scrap them entirely and continued to use standard Catalysts switches in between any OSPF speaker and the core switches (5596UPs, which did most everything OK that the 7k failed at).

We're on the 9ks now (but refuse to go ACI mode), so some of the same rules still apply. We were told it was supported architecture, but it didn't work for us in actual operations. Adjacencies were still not forming properly until we introduced the Cats. :( Would be nice if we could remove the extra OSPF links/switches. I hope the new code/firmware updates help.

see more
2 points · 4 days ago

If it's what I'm thinking, there is a feature you have to turn on for that to work on the N9K. The OSPF adjacencies may not form without it because the packet may get sent to the wrong box, it then attempts to traverse the VPC to the other box, and the TTL drops to 0 and the packet gets dropped.

I think it's the layer3 peer-router command in the VPC domain config that basically tells the Nexus not to decrease the TTL when traversing the VPC link. Did you guys have that turned on with the 9Ks and it still didn't work?


875/1000 at Cisco Live!

I didn't really study as much as I should have for this. I spent most of my time on TestOut and Boson practice exams. I was making mid 700's up to a 900+ one time on my Boson exams.

For my ICND2 I think I'll spend some more time reading and maybe making some study cards to supplement studying with the practice exams.

Me too! Took mine this morning at 9, first cert exam ever. Passed with 912. Congratulations!

see more
Original Poster1 point · 11 days ago


Advice? I'm looking to take this after I finish the Odom book.

see more
Original Poster5 points · 11 days ago

Study often but give yourself breaks between practice tests. Even with the random questions on the Boson practice exam I found myself learning the test and not all of the underlying material. Like I would bring up a new question and immediately knew the answer after reading part of the sentence because I remembered that particular question and answer.

Also, use the Study mode on any practice exam you take. I would try to answer the question without looking and then would check the answer and read the explanation before continuing.

Read everything carefully... I got lots of questions on practice exams wrong because I didn't read well enough (too fast) or was connected to the wrong device and not seeing the config I needed to be looking at.

Get familiar with the topics list on Cisco's website. Don't assume practice material is going to cover everything.

So it still sucks huh. I'm on 6.1 so I was hoping it got better. I looked PA's site yesterday to get a grip on their offerings. I'm not sure what to select yet, I have some more reading to do.

see more

We switched from an ASA (pre-IPS) to Palo Alto and pretty much couldn't be happier. We've turned in to a Cisco shop over the years but we the PAN boxes fit our use-case. We evaluated Cisco Firepower and Dell's offering before we jumped in.

One thing I've been surprised with Palo Alto is their latest hardware and associated license subscriptions actually went down substantially in price compared to the ones we went with, so much so that it may be in our best interest to switch models before we had planned to.

I've been practicing with Irelia on top in Custom bot games to get my Q timing down on minion waves (plus with a custom game I can assure the bots on my team are more intelligent than the player-run bots). I've found being pressed into my tower can be helpful for getting last hit and clearing the wave.. Tower shoots minion at full health->Q minion->gold and a passive stack. Repeat for stacks and then maybe E enemy champs and have some fun but still be in retreat range of tower if it goes bad.


Just wondering where people usually get driver wheels or tires for steam locomotives? I'm wanting to try modeling a small engine in On3 or On30 ... drivers are only 36". I can print the actual wheels with one of the detail non-metallic materials on Shapeways but I'm having difficulty finding tires for them. I don't have a lathe, unfortunately, but I'm attempting to see if I can get either tires or the entire wheels printed in Stainless Steel.

Original Poster1 point · 1 month ago

Thought I'd come back and post what I've played with after receiving my 3D printed parts.

So I started with the wheel that I had printed at Shapeways using my STL file. I had it printed in their High Definition Acrylate.



You can see on the back image that the detail is less, presumably due to printing supports. I'll have to clean it up maybe with an exacto and sandpaper.

I forgot to take pictures of the tire before I tried to seat it so all I have is the results. I thought I might have to heat it up first but, with a little nudging, the wheel went in to place and it feels fairly solid so far. The material is High-Detail Stainless Steel from i.Materialise. I'm not sure on conductivity yet but their website reports the composition is:

"High-detail stainless steel consists of 6% boron, 10% silicon, 10% aluminum, 17% chromium, 12% nickel, and 2.2% molybdenum"




On30 runs on HO track. Does any HO locomotive have 65" drivers of suitable appearance? That's an odd size in real life (US practice, anyway), but look at HO models of 69"-wheeled prototypes, as many model steam have slightly undersize wheels.

see more
Original Poster1 point · 2 months ago

I'll check that out, it hadn't occurred to me to look for a similar size in HO. The locomotive idea I'm playing with is one of the Disneyland locomotives. Locomotives #1 and #2 are basically scale models already. I suspect the rest of the engines would be easier to model since they're all full size engines, just with small wheels.

I spent a lot of time designing the wheel and having them 3D printed... I'd love to find a way to utilize them. I think this would be a lot easier if I had a lathe and associated experience as I could just make the tires myself. I have a 3D model for them as well and have generated a cut sheet but getting them custom made online is pretty expensive as well.

I'm currently attempting to get both the entire wheel (with tire) and just the tire printed in Fine Detail Stainless Steel at i.Materialize. I'm curious what the detail level is and the conductivity and whether the texture of stainless steel will be detrimental at that small of size. I'll post my findings once it comes in.


We are using Imagicle with BillyBlues except it has a few limitations in our deployment.

First, it does reporting in a way that seems to work around usage billing. Unfortunately, our environment ended up going more towards a flat rate billing based on the number of devices an organization has.

Second, for call reporting it can't seem to track calls for devices set as an "Anonymous (Public/Shared Space)" device in CUCM. The data is there, it just doesn't include it unless a user is associated either in CUCM or if it left as anonymous and then a dummy user account is created and assigned that extension in Imagicle. Definitely not ideal and it creates extra management overhead.

Just curious what others are using in this space?

We mostly sell ISI Infortel Select. It's cloud-based which is nice, just point Billing Server right at a public IP. May be an issue if CUCM doesn't have internet access.

It does the same thing with automatically creating dumby "Unassigned" users for each extension it doesn't have knowledge of though. What would be your preferred way to handle these?

see more
Original Poster1 point · 1 month ago

Automatically creating them would actually be a step in the right direction. Right now I have to manually create them and assign them to a department. They eat a user license and act as full users as far as using the built in fax solution. When a real person gets assigned to the extension I have to remember to go in and delete it or else the new CUCM user is probably not going to automatically sync in.

Running a .0 distro is fine, but in the long run, you want the .1.x versions so that you don't have to patch as often.

see more

I've been trying to wait until a version is TAC recommended but it doesn't seem like they just post which version is currently recommended.

I've got a maintenance window in a few weeks... I was going to update to the latest 8.0.x but now I'm wondering if 8.1.1 will be ready for production.

Comment deleted1 month ago
Original Poster5 points · 1 month ago

Work was done on it last semester too and, afterwards, student complaints to Campus Support really seemed to drop off. It's definitely important to call in when there is an issue, otherwise it can be difficult to know if there is still a problem or how widespread it is.

There are some other tips in that post as well including turning off competing wifi signals and looking for 5ghz and/or dual-band support when you are checking out new hardware to purchase.

In that case I'd look for switches that have dedicated stacking interfaces rather than Virtual stacking using ethernet. Generally dedicated stacking links are faster and more reliable. E.G Stackwise 480 cables used by the Cisco 3850 will run a stack of nine 48 port gigabit switches completely non-blocking. Because the stacking interface does 480Gbit. No SFP based stacking technology is going to do that. Also those stacking cables are bloody robust and they screw into the switch, so there's no change of anyone knocking it and ruining your day.

Similar thing goes for the flexstack plus technology used by the 2960X series. Although not as high bandwidth, or as secure cables, and you have to buy the module. But still probably better than using standard 1/10G uplink ports to do it.

see more
2 points · 1 month ago

The 3650 series can stack as well although you have to buy the modules separately just like with the 2960-X. The 3650 can be a good middle ground switch between a 2960-X and 3850 price-wise.

Netflow - on Cisco boxes anyway.

see more
8 points · 1 month ago

Or, if they do support it, it isn't a full implementation. An example is the Cisco 2960-X that supports "Netflow Lite".

Sometimes I wonder if it's the diet coke of Netflow... just one sampling, not Netflow enough.

Yeah, we've got 6500's that only count netflow on the management VRF. Great if you want to see the number of SNMP queries, not so useful for production traffic.

see more
3 points · 1 month ago

Is that with an older sup? We've got 6500-E chassis with sup720 cards and I want to say we're able to do Netlow on SVIs on any VRF.

6 points · 1 month ago

We never purchase SmartNET on APs, access switches, or phones. It's cheaper to keep spares than keep paying for SmartNET.

We also will purchase refurbished phones and keep spares that we can just toss in. In the long run for us it ends up being cheaper. (~ 2000 phones across our facilities)

see more
0 points · 1 month ago

Same here although it sucks when the hardware goes bad and they won't replace it after the first year. Seems like they should have limited lifetime at least.

2 points · 1 month ago

I would have recommended the 8900 series but those are EOS at this point. We've started moving to their replacement which is the 8800 series.

I think the 8800 units look more professional but I've already had three or four bad units after the first year. It's possible we just got some lemons. Ours are all 8845 phones with video and we've also standardized on the 8831 conference phone (we've ordered an 8832 to trial but it hasn't arrived yet).

What really sucks is that they had a 7900 series trade-in program a year or two ago that would have provided discounts on 8800 series purchases.

As far as your specific questions:

  1. I generally don't like the idea of cloud services for VoIP but it really depends on what your acceptable downtime, SLA with provider, and redundancy options look like.
  2. We're Cisco here.. no CCX yet but I've been really looking into it. Cisco is complex but you get a lot of options with that complexity.
  3. We've done both when we were ordering our 8945 phones. The refurbished are just that, so make sure you trust the vendor you're getting them from and investigate their warranty options. We generally purchase new anymore since we have state/educational discounts through Cisco and our VAR.
Original Poster2 points · 2 months ago

I'm not seeing much Nintendo Switch support, and it appears to block P2P connections, which many online games use for servers. Those are my two primary concerns

see more
3 points · 2 months ago

It definitely works with the Switch (I have one and have connected to verify).

It doesn't block P2P traffic so much as it blocks certain P2P applications (mostly things like BitTorrent clients). P2P gaming should work ok... a lot of work was done last semester on that. Most games should work fine though, at least I'm not currently aware of any that don't.

The university firewall does block incoming connections but that doesn't have anything to do with SafeConnect.

NAT type on consoles should report Type 1 Open although some games may still report Type 2 Moderate (probably P2P related). Windows gaming can be set up to be just as good by running a smaller installer that can be found on the ATU OIS support page.

Original Poster2 points · 2 months ago

Thank you! Looks like I was worried over nothing. I appreciate your thorough reply, and it is nice to know that this sub isn't ENTIRELY dead

see more

No prob!

Yeah it would be great to find some way to get it more active. Same for the Facebook and Twotger accounts.


Greetings all,

Still working on trying to improve our wireless on our campus. I've gone through multiple rounds with VARs and Cisco Wireless Experts and we've made quite a few adjustments for our residence halls in particular but I'm still getting complaints. I think some of this is simply due to interferers... in some areas I'm seeing 80%+ channel utilization with less than 5% tx and rx on the AP and it's neighbors and with a number of unknown interferers in the area with unknown effect and duty cycles. We won't know for sure until this summer when we can go in with a spectrum analyzer and disable our radios for a clean survey of the air space. Since most of our residence hall APs are in a hallway covering rooms on both sides (not great, I know, but this can't be changed anytime soon), they can see each other as neighbors fairly easily.


We don't support 802.11b anymore and that helped, particularly with roaming. A lot of complaints in the residence halls don't really involve a roaming situation though. Our engagements with the experts have indicated the following data rates for 2.4ghz:


Data Rate Support
1 Mbps Disabled
2 Mbps Disabled
5.5 Mbps Disabled
6 Mbps Disabled
9 Mbps Disabled
11 Mbps Supported
12 Mbps Mandatory
18 Mbps Supported
24 Mbps Supported
36 Mbps Mandatory
48 Mbps Supported
54 Mbps Supported


Recent attempts to improve the situation have involved reducing the 2.4ghz cell size by modifying the RRM Power Threshold v2 trigger and Maximum Power Level Assignment. I believe, judging by feedback, this had a small positive affect but it wasn't enough yet. We also enabled a 5ghz only SSID but I've already gotten a complaint about that network as well.


My second attempt involved adjusting those settings again, this time to increase 2.4ghz cell size, and disable the 2.4ghz radio on every other AP (staggering between floors). We're in the process of seeing how this one plays out although RRM is still keeping the radios power level down so I started looking in to other possibilities.


I'd like to disable the 11 Mbps data rate... advice we got previously was to leave it on so clients could drop down to it if necessary but I'm wondering if this isn't part of the issue since as I've read this could be causing a larger cell size for AP neighbor detection. I did try to disable it on one RF profile but got an error saying "Failed to update 11b data rate as 802.11b network is operational"... do I need to disable this data rate in Wireless->802.11b/g/n->Network" first?


This is a BYOD environment so I have to support as much as possible, within reason (#sorrynotsorry802.11b). When I look up device info in Prime Infrastructure on some of the tickets I've gotten, connectivity/data rates/SNR/etc usually looks pretty good for the most part. Anyone have any similar experiences or thoughts on this?


edit Update to include some additional information... all of our residence halls are utilizing a main SSID broadcasting both 2.4ghz and 5ghz with Band Select enabled (the two residence halls I'm using to test are also broadcasting the second 5ghz only SSID I mentioned above). AP units consist of Cisco 2702i APs and some 702w/1801w deployed where we had to.

By default beamforming is disabled so you have to manually do it through the CLI. You have to disable the radio first

config 802.11a disable network config 802.11a beamforming global enable config 802.11a enable network config 802.11b disable network config 802.11b beamforming global enable config 802.11b enable network

"MFP is showing as "Optional" on our WLAN configs" Disable under WLAN too

see more
Original Poster2 points · 2 months ago

Thanks for this. I'm probably going to look into sneaking this in early morning one day this weekend along with the 11 Mbps disable if I can figure out how to do it.


see more
Original Poster1 point · 2 months ago

I did this early this morning as well as turning off 11 Mbps on the two SSIDs we are currently testing with (it allowed me to do it once the 802.11b networks were disabled. Channel utilization seems to have dropped but I'll need to wait until students come back on Monday to fully confirm.

Is it able to hear any audio at all? I want to say there is configs in the menus on the phones themselves (not in CUCM) for enabling headsets, hookswitch, etc.

Original Poster1 point · 3 months ago

Thanks for the recommendations! I don't suppose any of those will take a configuration file from an HP 1920, would they? As I've mentioned in other replies, I'm mostly a novice with our networking equipment. I learned just enough to get our 1920 switches configured the we we need them, and I just re-use the same config files on new projects.

see more
2 points · 2 months ago

Generally I view new switch installs as an opportunity. Don't just copy over the config, even if you can. Instead, look at the config and see what can be improved upon. This might include configuring for features you weren't previously using or removing outdated features, re-evaluating VLANs, etc.

edit Also, programming the new switch from scratch can be a benefit itself if it's a new make/model that you've never worked with before. Eventually, you'll probably end up with some basic configs for that type of switch that you can start with each time but it's always good to get hands-on working knowledge of the switch type you're working with.

Original Poster1 point · 3 months ago

Yup. 8821. Big issue is one way calling. We also have an issue where sometimes phones need to be power cycled to get back on the network after leaving the coverage area. It's an all Cisco network and we've upgraded the code on the APs/WLC & added more APs to increase coverage. We've got QOS implemented on the VOIP SSID and fast transition enabled. One thing we noticed a few days ago is that some 8821 phones report CCX not supported at times and CCX is what controls dynamic transmit power control. Async power is one of the things that causes one way conversations on these. Phones are on the latest code and the CUCM servers are on 12.something. In this case, there is no WAN or MAN involved. It's all local. Our one big wireless no no right now is we have 6 SSIDs.

see more
2 points · 2 months ago

Our one big wireless no no right now is we have 6 SSIDs.

I found a spreadsheet at some point that allowed you to adjust WLC attributes and it would show you something like estimated air quality based on the number of SSIDs. If I remember, 6 is technically doable with the right environment and configuration but I also remember best practice is to always have as few as possible.

Original Poster1 point · 3 months ago

So in your original implementation, did the VAR take a look at your network or are you contracting for separate services to look at it after the fact? Yeah, that is one of our sticking points with them. They claim they did a voice readiness assessment but they certainly didn't evaluate the network at all.

see more
2 points · 2 months ago

I wasn't around for the initial setup on this newer system but, I assume, something similar was done back then.

The most recent engagement had them run the RISC analysis that I mentioned. It does go in and look at network configs device status so it can come back and offer errors/warnings/etc based on what it finds. My impression is, it looks at all sorts of things including spanning-tree issues, QOS, etc.

Honestly, I don't think one can actually be "voip ready" without actually doing at least a scan and analysis of the network. It's like building a house on a foundation you know nothing about... it MIGHT stay standing or it might all fall down into a pile of rubble.

Comment deleted3 months ago
3 points · 3 months ago · edited 3 months ago

About GlobalProtect Licenses

If you want to use GlobalProtect to provide a secure remote access or virtual private network (VPN) solution via single or multiple >internal/external gateways, you do not need any GlobalProtect licenses. However, to use some of the more advanced features (such >as HIP checks and associated content updates, support for the GlobalProtect mobile app, or IPv6 support) you must purchase an >annual GlobalProtect subscription. This license must be installed on each firewall running a gateway(s) that:

Performs HIP checks

Supports the GlobalProtect app for mobile endpoints

Supports the GlobalProtect app for Linux endpoints

Provides IPv6 connections

Split tunnels traffic based on the destination domain, application process name, or HTTP/HTTPS video streaming application . For GlobalProtect Clientless VPN, you must also install a GlobalProtect subscription on the firewall that hosts the Clientless VPN from >the GlobalProtect portal. You also need the GlobalProtect Clientless VPN dynamic updates to use this feature.

This is the 8.1 version of that link.

OP looks to be correct... the Linux version requires the license. I'm curious why they did that unless they consider it a more advanced feature? I know we've been looking at this license for the mobile clients but it's been cost prohibitive so far.

*edited to fix link

Comment deleted3 months ago

Woops my bad.. copy/pasted the quote from the correct tab but got the link from the wrong one. Too many chrome tabs open... #thestruggleisreal

Updated my post.

Original Poster1 point · 3 months ago

Yes, Wi-Fi and a few other subnets/VLANS will need to span all closets

see more

Not sure what you're using for Wifi but CAPWAP with Cisco is really nice for deploying wireless into L3 environments. Our APs basically just sit on the main building VLAN that our end-users are on. We certainly could put them into their own management VLAN but it really doesn't matter... they're all in Local mode so wireless traffic is tunneled back to the controller over CAPWAP.


I'm at a stage where I'm looking at potential long-term software replacements. One of the areas I'm looking at is NAC... we had Cisco NAC and then went to SafeConnect. My issues with SafeConnect are no IPv6 and that it doesn't really integrate to the level I'd like with our Cisco wireless system and Prime Infrastructure.

ISE would be an obvious choice to improve in both of these areas, however, endpoint posture and enforcement seems pretty expensive with the Apex licensing. Currently, we require Windows and Mac endpoints on our wireless and residence network wired/wireless to install the policy key which allows us to enforce on banned software, OS versions/updates, AV status, DNS settings, etc. There is no policy key install for Linux, gaming consoles, mobile devices, etc so they pretty much get a pass other than having to sign-in every so often.

I asked one of our Cisco SEs about it and he seemed surprised we were doing that level of enforcement in a BYOD environment. I'm curious what other education environments, especially ones with on-campus housing networks, are doing in this area?

edit Please excuse the badly worded title... probably should have double checked that before submitting.

Ripping it out as soon as possible. We're doing 802.1X via ISE though.

see more
Original Poster1 point · 3 months ago

Out of curiosity, are you ripping out the whole system or just the posture/enforcement?

Original Poster1 point · 3 months ago

I'm curious if anyone has any experience with Cisco ISE in a BYOD and/or residence hall environment. With our current deployment on our residence hall networks, we're already using 802.1x with mab on the Cisco WLC and with mac bypass on the Layer 2 wired access ports.

Original Poster1 point · 3 months ago

does troubleshooting with prime shorten the time you would take without it by a big factor?

which troubleshooting features do you often use?

see more

There is quite a bit of nice stuff it gets from an attached Cisco WLC for wireless troubleshooting including historic data for each client showing RSSI, SNR, AP association, etc. in some nice graphs. The graphs don't always load on my installation though.

We're using it for monitoring but primarily for wireless planning. I'm hoping to start leveraging it for config and IOS upgrades.

Just recently we've started using it for wireless reports since the students in our residence halls are reporting bad wifi (almost always 2.4ghz... surprise).

It's come a long way... the newest sitemaps are way nicer than the older ones as far as performance. I'd also suggest looking at Cisco DNA Center... I'm not sure how far along it is as far as feature parity, but everything I hear is that Prime Infrastructure is going to eventually merge in to DNA Center.

455 points · 3 months ago

As a printer, I hate you all.

see more

Aren't you supposed to say Bonjour?

11 points · 3 months ago

You are entering a dark and expensive territory of device compliance.

see more
4 points · 3 months ago

Is that a white rabbit I just saw dive down the rabbit hole or was it Cisco licensing?

3 points · 3 months ago · edited 3 months ago

Cisco DNA Center/SD-Access and SD-WAN are separate things. 'Cisco SD-WAN' is just rebranded Viptela but it sounds like you are referencing DNA Center/SD-Access.

At the moment, DNA Center (APIC-EM 2.0) requires purchasing the equivalent of 3x Cisco UCS C-series servers similar to an ACI APIC deployment, no VM option like APIC-EM 1.x. There is future talk of DNA Center hosted by Cisco but hasn't been rolled out yet for smaller enterprise. DNA Center will ultimately be used to control Cisco ISE, Wireless/WLC, and SD-Access and there are dCloud demos available to test out the tool.

Moral of the story is the technology is very new so just like any other bleeding edge tech, don't feel like you have to jump in too early but it is functional and shipping. Most likely is not mature enough at this stage.

see more
2 points · 3 months ago

Also, DNA Center can be part of SD-Access but you don't have to be running SD-Access to use DNA Center.

It would be a bigger issue if the C9300 price didn't undercut the 3650/3850 cost. For Cisco switch refreshes the C9300 still makes sense monetarily and then you can drop the DNA license after the 3-years.

see more

Looking at the datasheet it seems to me that the 48-port PoE+ 9300 has less overall PoE power than the equivalent 3650 unless a second power supply is added. Do you know if the C9300 still cheaper when you factor in extra pieces like this?

Cake day
July 11, 2017

Trophy Case (1)

Verified Email

Cookies help us deliver our Services. By using our Services or clicking I agree, you agree to our use of cookies. Learn More.