Customers are of prime importance to Cisco, which is why we like to address and resolve customers' problems in a timely manner. One way a customer can assist the process is by providing the relevant files to the Cisco Technical Assistance Center (TAC) for review. The TAC customer support engineers use these files to help resolve customer issues and Cisco provides multiple options for uploading information to the Cisco TAC to match a customer's requirements. Some of these options are less secure, leading to certain inherent risks, and each option has limitations that customers should consider before deciding on an appropriate upload option. The following table summarizes the available upload options with details on file encryption capabilities, recommended files size limits, and other relevant information.
*Customer must encrypt prior to transit.
Support Case Manager 4.x File Upload
The Support Case Manager (SCM) 4.x file upload method is the preferred and most secure option for uploading files to service requests. Files transferred by using this option are encrypted in transit and constrained to a size of 250 GB. The communication channel between the customer’s computing device and Cisco is encrypted. Files uploaded through SCM are immediately linked to the associated Service Request and stored in an encrypted format.
Uploading a File While Creating a Service Request
Follow these steps after you arrive at the Describe Problem screen. For more detailed instructions on how to create or manage a service request on Support Case Manager, see Support Case Manager Help.
Step 1 In the Case Title and Case Description fields, enter a name and description for the case (Figure 1). The Case Title field accepts a maximum of 80 characters.
Figure 1. SCM: Describe Problem Screen (Title and Description)
Step 2 In the Technology field, click Browse to open the Select Technology window. Locate the technology for this case by searching or by browsing and expanding the list of technology categories. Click the technology to highlight it and then click Select (Figure 2).
Figure 2. SCM: Describe Problem Screen (Technology Selection)
Step 3 Click in the Problem Area field. Point to the general category and then select a specific problem area from the sublist (Figure 3).
Figure 3. SCM: Describe Problem Screen (Technology and Problem Area)
Step 4 For troubleshooting-related cases, click the calendar button beside the Problem Occurred On field and use the calendar widget to choose a date. Enter a time in the Time field. Enter information about troubleshooting steps already taken and environment changes in the fields provided (Figure 4).
Figure 4. SCM: Describe Problem Screen (Troubleshooting)
Step 5 Optionally, click Additional Case Details to expand the Additional Case Details area. Enter the available information (Figure 5).
Figure 5. SCM: Describe Problem Screen (Additional Case Details)
Step 6 To upload files such as error logs that might help diagnose the problem more quickly, click Upload Files (Figure 6). The Attach Files window opens. Click Choose File and browse to the file, choose it, and then click Open. Choose the type of file from the drop-down menu in the Type field. Enter a description of the file in the Description field and then click Attach.
Figure 6. SCM: Upload Files
Step 7 Click Submit to submit the case and return to the case list. To review the information first, click Review. The Review and Submit page appears.
Step 8 Review the summary information for your case. If you need to change any information, click Edit to return to that tab.
Step 9 When you are ready to create the new case, click Submit. When the case is submitted, a confirmation message appears and displays the case number (Figure 7). Click OK to return to the main page. The new case appears at the top of the case list.
Figure 7. SCM: Case Submitted Dialog Box
Uploading a File to an Existing Service Request
After a case is submitted, you can update it to add or change the information.
Step 1 Use the following link to log in to Support Case Manager: https://mycase.cloudapps.cisco.com/case.
Step 2 To open and edit a case, click the case number or case title in the list. The case details page opens.
Step 3 At the top of the case details page, there are three tabs: Summary, Notes, and Attachments. Beside the tabs is a set of toolbar buttons: Attach Files, Add Note, and Actions. Click Attach Files to select a file and upload it as an attachment to the case (Figure 8).
Figure 8. SCM Attachments Screen
Cisco HTML 5 Upload
Another secure method of uploading files to a service request is HTML5. The Cisco HTML 5 File Upload Tool is similar to Support Case Manager in that files transferred by using this option are encrypted in transit and constrained to a size of 250 GB. The communication channel between the customer's computing device and Cisco is encrypted. Files uploaded through the Cisco HTML 5 File Upload Tool are immediately linked to the associated Service Request and stored in an encrypted format. Complete the following steps to attach a file by using this tool.
Step 1 Use the following link to log in to the HTML 5 File Upload Tool: https://cway.cisco.com/csc.
Step 2 Enter your Case Number in the provided field (Figure 9).
Figure 9. HTML 5: Case Number Input Screen
Step 3 Press Enter.
Step 4 A new screen appears where you can add any descriptions to the file(s) you are uploading (Figure 10).
Step 5 When choosing a file to attach, either drag and drop or click inside the dash-edged box to select the file to upload (Figure 10).
Figure 10. HTML 5: File Drag and Drop Screen
Step 6 After choosing a file, if you chose to specify a description, a new screen appears (Figure 11). The Category and Description fields enable you to add more information about the file:
Figure 11. HTML 5: Select Category Screen
Step 7 Click Next to upload the file.
Step 8 The next screen shows the status of the file. After the file uploads, click add new file (Figure 12) or repeat steps 4 through 7 to upload any additional attachments.
Figure 12. HTML 5: Upload Status Screen
If neither the Support Case Manager nor the Cisco HTML 5 File Upload Tool can be used, another option customers have is to upload the file via secure File Transfer Protocol over SSL (FTPS) to ftp.cisco.com/incoming/TAC. There is no size limit for this option.
FTPS secures the communication channel between the customer's computing device and Cisco; however, the information is not stored securely until it is attached to the customer's Service Request. If a customer uses this option, it is strongly advised that the customer encrypts their files before transit. For more information, see Encrypting Files. The customer should employ a strong password and communicate the password to the Service Request Customer Support Engineer owner out-of-band, such as by telephone or SCM case update.
Uploading Files Using the FileZilla FTP Client
For this option, customers must use an FTP client that supports TLS/SSL. FTP clients are designed specifically for file transfers and, more importantly, are the only method that currently supports TLS/SSL encryption. SSL encryption is required to ensure that the user ID, password, and data are encrypted in transit.
There are many FTP clients available, but this example uses FileZilla because it is widely used and freely available. The FileZilla FTP client can be downloaded from https://filezilla-project.org/download.php and is available for Cisco employees on Softracker.
Step 1 Download and install the FTP FileZilla client.
Step 2 Start a new FileZilla FTP session as shown in Figure 13.
Figure 13. FileZilla FTP Session
Step 3 Select Port 990 as the SSL port. This port must be used to transfer sensitive data to ftp.cisco.com.
Step 4 From the File menu, choose Site Manager to connect to ftp.cisco.com and perform the file transfer.
Figure 14. Connecting to Cisco Using Site Manager
Step 5 In the Site Manager screen, click the Advanced tab to specify the following details:
Figure 15. Selecting a Log In Type
Step 6 Accept the certificates when presented with the pop-up.
Note: If a mismatched certificate warning displays, you may ignore it if the host that you connect to is within the *.cisco.com domain. The warning message appears because the certificate presented to the client is for the global virtual Cisco Download site. However, the connection is made to a host in a server farm with a different name than the one on the certificate.
Figure 16. Mismatched Certificate Warning
Note: Anonymous users and users logging in with a CCO account are unable to list the contents of the /incoming directory. However, you can still change to the /incoming/TAC directory to upload a file.
Remember the following when uploading files:
The following screen shots provide more details about the preceding steps:
Figure 17. Logging in as an Anonymous User
Figure 18. The only directory an Anonymous user or CCO user can see is the public directory /pub
Figure 19. Anonymous users cannot list the contents of the /incoming directory or any of its subdirectories, including /incoming/TAC
Figure 20. Anonymous and CCO users can change into the /incoming/TAC directory and upload a file
Uploading Files Using the Command-Line Interface LFTP Client
Neither the Mac OS X command-line interface (CLI) FTP client nor the Windows CLI FTP client support FTP TLS/SSL. Connections to FTP SSL port 990 that use these clients are not encrypted. For this reason they should not be used. An alternative CLI client is LFTP. LFTP supports FTP over SSL. If you can't use LFTP then you must use an FTP client such as FileZilla, which supports FTP over SSL and ensures that the user ID, passwords, and data are secured in transit. LFTP is included in Mac OS and Linux distributions. If you are using Windows, you can use LFTP by installing Cygwin.
LFTP Command-Line Interface on Windows
To install LFTP on a Windows computer, first install Cygwin.
Step 1 Install Cygwin on a Windows machine:
Step 2 Connect to ftps by using lftp:
Step 3 Connect by using LFTP CLI:
LFTP Command-Line Interface on Linux or Mac OS
If neither the Support Case Manager (SCM) nor the Cisco HTML 5 File Upload Tool works for you, another alternate file upload method is email file attachment upload, in addition to the FTP over SSL option described in the preceding section. Note that this method is fundamentally insecure and does not encrypt the file or the communication session used to transport the file between the customer and Cisco. It is incumbent upon the customer to explicitly encrypt files before the files are uploaded through email file attachments. As an additional security best practice, any sensitive information such as passwords should be obfuscated or removed from any configuration file or log that is sent over an unsecure channel. For more information, see Encrypting Files.
After the files are encrypted, upload additional information and files to the Service Request by sending the information via an email message to email@example.com with the Service Request number in the subject line of the message, for example, subject = SR xxxxxxxxx.
Attachments are limited to 20 MB per email update. Attachments submitted by using email messages are not encrypted in transit, but are immediately linked to the specified Service Request and stored in an encrypted format.
Attach the file to an email message and send the message to firstname.lastname@example.org as shown in Figure 21.
Figure 21. Send the File
The previous screen shot shows a Microsoft Outlook email that has an encrypted ZIP file attachment, the correct To address, and a properly formatted Subject. Other email clients should provide the same functionality and perform just as well as Microsoft Outlook.
The following examples show how to encrypt files by using three of the many available options such as WinZip, Linux tar and openssl commands, and Linux Gzip and GnuPG. A strong encryption cipher such as AES-128 should be used to properly protect the data. If you are using ZIP, an application that supports AES encryption must be used. Older versions of ZIP applications support a symmetric encryption system that is not secure and should not be used.
This section shows how to encrypt files by using the WinZip application. Other applications should provide the same functionality and perform as well as WinZip.
Step 1 Create a ZIP archive file as shown in Figure 22. In the WinZip GUI, click New and follow the menu prompts to create an appropriately named, new ZIP archive file. The newly created ZIP archive file appears.
Figure 22. Creating a ZIP Archive
Step 2 Add the file(s) to be uploaded to the ZIP archive file and select the Encrypt added files option as shown in Figure 23. From the main WinZip window, click Add and then select the file(s) to upload. The Encrypt added files option must be selected.
Figure 23. Encrypt Added Files
Step 3 Encrypt the file by using the AES encryption cipher and a strong password as shown in Figure 24:
Figure 24. Encrypt the File
Step 4 Verify that the file is encrypted as shown in Figure 25. Encrypted files are marked with an asterisk following the file name or a lock icon in the Encryption column.
Figure 25. Verify Encryption
This section shows how to encrypt files by using the Linux command-line tar and openssl commands. Other archive and encryption commands should provide the same functionality and perform just as well under Linux or Unix.
Step 1 Create a tar archive of the file and encrypt it through OpenSSL using the AES cipher and a strong password as shown in the following example. The command output shows the combined tar and openssl command syntax to encrypt the file(s) using the AES cipher.
[user@linux ~]$ tar cvzf - Data_for_TAC.dat | openssl aes-128-cbc -k
dd of=Data_for_TAC.aes128 Data_for_TAC.dat
60+1 records in
60+1 records out
This section shows how to encrypt files by using the Linux command-line Gzip and GnuPG commands. Other archive and encryption commands should provide the same functionality and perform just as well under Linux or Unix. The command output shows how to use the gzip and gpg command syntax to encrypt the file(s) using the AES cipher.
Step 1 Compress the file by using Gzip:
[user@linux ~]$ gzip -9 Data_for_TAC.dat
Step 2 Encrypt the file through GnuPG using the AES cipher and a strong password:
user@linux ~]$ gpg –cipher-algo AES –armor –output Data_for_TAC.dat.gz.asc –symmetric Data_for_TAC.dat.gz
Step 3 Enter and confirm the strong password at the passphrase prompt:
When encrypting attachments, share the encrypting password with the Service Request Customer Support Engineer owner. As a best practice, use a method other than the one used to upload the file. If you used an email message or FTPS to upload the file, communicate the password out-of-band such as by telephone or SCM case update.
For the duration that a Service Request is open and for a period up to 18 months following final closure of a Service Request, all files are instantly accessible from within the Service Request tracking system to authorized Cisco personnel. After a period of 18 months from final closure, the files may be moved to an archival storage instance to conserve space, but they are not purged (deleted) from the Service Request history.
At any time, an authorized customer contact can expressly request that a specific file be purged from a Service Request. Cisco can then delete that file and add a case note to document the party who deleted the file, the time and date stamp, and the name of the deleted file. After a file is purged in this manner, it cannot be recovered.
Files uploaded to the TAC FTP folder are retained for four days. The Service Request Customer Support Engineer owner needs to be informed when a file is uploaded to this folder. The Customer Support Engineer should back up the files within four days by attaching them to the service request.
Multiple options exist for uploading information to Cisco TAC to help them resolve Service Requests. Some of these options are less secure, leading to certain inherent risks. Each option has limitations that should be considered before deciding on an appropriate upload option.
- The preferred and most secure option is to use the Support Case Manager 4.x file upload method. Files transferred by using this option are encrypted in transit and constrained to a size of 250 GB. The communication channel between your computing device and Cisco is encrypted. Files uploaded through SCM are immediately linked to the associated Service Request and stored in an encrypted format.
- Another secure option is the Cisco HTML 5 File Upload Tool, which is similar to Support Case Manager in that files transferred by using this method are encrypted in transit and constrained to a size of 250 GB. The communication channel between your computing device and Cisco remains encrypted and the information is immediately linked to the associated Service Request and stored in an encrypted format.
- If you cannot use Support Case Manager or Cisco HTML 5 File Upload Tool as your file upload method, the least preferred file upload options are FTP over SSL (FTPS) or an email message sent to email@example.com. If you use either of these options, it is strongly advised that that you encrypt your files before transit. For more information, see Encrypting Files. You should employ a strong password and communicate the password to the Service Request Customer Support Engineer out-of-band such as by telephone or SCM case update.
- Unlike other file upload methods, FTP over SSL (FTPS) has no file size limit. In addition, FTPS secures the communication channel between your computing device and Cisco; however, the information will not be stored securely until it is attached to your Service Request.
- When uploading files to a service request via email to firstname.lastname@example.org, attachments are limited to 20 MB per email update. Attachments submitted by using email messages are not encrypted in transit, but are immediately linked to the Service Request and stored in an encrypted format.
- For the duration that a Service Request is open and for a period up to 18 months following final closure of a Service Request, all files are instantly accessible from within the Service Request tracking system to authorized Cisco personnel.
- After 18 months the files may be moved to archival storage.
- At any time, an authorized customer contact can expressly request that a specific file be purged from a Service Request.
- Files in the FTP folder are retained for only four days.
Accessing Cisco Technical Services
Cisco Worldwide Support Contacts
Cisco Technical Services Resource Guide
Cisco Security Blog - NCSAM Tip #3: What You Should Consider to be a Secure Password
Cisco Conferencing Products
The GNU Privacy Guard
The OpenSSL Project
This document is part of Cisco Security Intelligence Operations.
This document is provided on an "as is" basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information on the document or materials linked from the document is at your own risk. Cisco reserves the right to change or update this document at any time.