Technical Services Newsletter

Safe Harbor certification marks the successful completion of extensive integrity testing that validates each operating system release. In August 2008, Cisco Catalyst 6500 Series Cisco IOS Software Release 12.2(33)SXH was Cisco Safe Harbor certified. Cisco recommends you plan to upgrade your Cisco Catalyst 6500 Series Switches, if suitable, to Release 12.2(33)SXH to take advantage of an important new embedded service providing higher network availability and operational efficiency.

This new service, Cisco Smart Call Home, is an award-winning capability* that features proactive network diagnostics and real-time alerts to identify problems before they affect your business. There is no additional cost or obligation for this capability when you have Cisco SMARTnet Service. You can easily configure your system to activate the proactive diagnostics, which will monitor select Cisco devices 24 hours a day, 365 days a year.

The benefits include:

Visibility into your network through diagnostic reports
Real-time troubleshooting
Automatic generation of Cisco service requests
Personalized web-based reporting
Secure, reliable data transport
Alerts to your staff, your authorized Cisco partner, and the Cisco Technical Assistance Center (TAC)

You will spend less time and effort monitoring and maintaining your network and experience a speedier resolution to network issues.

Smart Call Home is available as part of your Cisco SMARTnet Service on the Cisco Catalyst 6500 Series when running Cisco IOS Software Release 12.2(33)SXH. The Smart Call Home capability will be available for many other Cisco devices over the next 12 months.

"Cisco Smart Call Home allowed me to fix a network problem in about an hour that would have typically taken one of my staff two days to troubleshoot."

- Mike DeDecker, CCIE, Warner Pacific Insurance Services

To learn more about this new Cisco SMARTnet Service capability or to download Cisco IOS Software Release 12.2(33)SXH, visit the Smart Call Home website at:

http://www.cisco.com/go/smartcall

*Cisco Smart Call Home received the 2008 SSPA STAR Award for Best Embedded Product Support:

http://www.cisco.com/public/news_training/itsnews/products_services/200808.html#A

New Reader Tip: How to Automate Getting Packet Captures off of an ASA

For weeks I have been trying to figure out how to get packet captures off an ASA before the buffer is full or overwritten. It always seems like I was too late go get the capture I wanted manually, so here is what I came up with. I have found this to be a life saver for intermittent and unpredictable network events.

Using a circular-buffer and the Linux "wget" and "crontab" commands you can automate the download of your capture file off of your ASA and store as many captures as you have disk space. There might be some overlap between captures but at least you are going to have the packet captures you need. I am using Debian Etch but the commands are very generic and should work with any Linux distribution or Cygwin if you are stuck with Windows. My ASA software is version 7.2(3)12.

First, create an access-list for the captures you want on your ASA. Let's say between two devices:

access-list cap extended permit ip host 10.10.150.1 host 192.168.0.1
access-list cap extended permit ip host 192.168.0.1 host 10.10.150.1

Second, start your capture.

capture capout access-list cap interface outside buffer 1000000 circular-buffer

I am increasing the size of the buffer so I don't have to pull the captures off of the ASA so often. And, I am setting the circular-buffer command so the capture buffer starts overwriting old packet captures when it gets full. If you don't set this the capture just stops when the buffer is full.

Third, create an executable file on your Linux box and enter all on one line:

wget -P /home/directory 'https://username:'password'@ASA/capture/capout/pcap' -–no-check-certificate

wget is a very powerful program from the Linux/Unix world. It is great for pulling content off of a website without going through a browser. This command will place your capture files in the /home/directory. Unfortunately this is not very secure because the password to your ASA is in this file for anyone who has privileges to read. So be careful where you put it and who can see it.

Fourth, create your crontab. We will set the crontab to download the capture every half hour.

At the command prompt enter:

crontab -e

Then add a line like this:

30 * * * * /directory/of/your/executable_in_step_three

Make sure the permissions on the file allow it be executed. Now, what will happen is every half hour the crontab will download the pcap file to the directory you specified. The first file will be named pcap, the second pcap.1, third pcap.2 and so on. You need to be careful to make sure your crontab is downloading the pcap file before the new packet captures get overwritten. You can adjust either your crontab time or the buffer size on your ASA to accomplish this.

- Brian Kimsey-Hickman, Orange County Controller's Office, Orlando, FL, USA

Do you have something to add? If you are registered with Cisco.com, you can contribute to this Reader Tip on the Cisco Support Wiki now at:

http://supportwiki.cisco.com/wiki/index.php/Tech_Insights:How_to_Automate_Getting_Packet_Captures_off_of_an_ASA

Not registered with Cisco.com? Register today and begin taking advantage of Cisco tools and information at:

http://tools.cisco.com/RPF/register/register.do

To learn more about Reader Tip submission and guidelines, visit the Reader Tip submission page at:

http://www.cisco.com/warp/public/437/readertips/index.html

If your Tip is selected for publication in the Cisco Technical Services Newsletter, you will receive a complimentary Cisco polo t-shirt from the newsletter staff.

Note: All tips published in the Cisco Technical Services Newsletter are reviewed by Cisco technical support engineers; however, the Cisco Technical Services Newsletter and Cisco cannot guarantee the accuracy or completeness of these tips.

TechWiseTV: "Energy Efficiency in the Data Center"

Call it the dirty little secret of the digital age. When it comes to energy waste, data centers are among the world's biggest offenders. Most physical servers run at only about 10 to 15 percent utilization, yet can consume almost as much energy as at peak usage. Every watt of data center electricity consumption requires an additional watt just for cooling. And right now, the unutilized servers in the United States alone emit more carbon dioxide each year than the entire country of Thailand.

In addition to the environmental effects, saving energy in your data center can provide substantial green benefits in the form of significant cost savings. And, with data centers projected to continue expanding and the cost of energy increasing rapidly, this is becoming a critical priority for today's IT professionals.

Learn the five practical steps you can take right now to reduce your energy consumption. Discover the tools you need to monitor, measure, and manage your data center energy usage more efficiently at the new Cisco Efficiency Assurance Program (EAP) website. Find out how much energy you can actually save with consolidation and virtualization plus the added benefits these solutions offer. This 60-minute video broadcast will also provide:

Methods for assessing energy usage and corresponding emissions
Interactive calculators for estimating power costs, capacity, and utilization rates
Standard metrics to quantify power requirements at the systems level
Shared learning from IT, facilities, and environmental professionals in the industry

Learn more and register to view today at:

https://www.cisco.com/offer/semreg/augdatacenter/164880_22

New Edition of the Cisco Product Quick Reference Guide Available

The Summer/Fall 2008 edition of the Cisco Product Quick Reference Guide is available to order. The new and improved guide presents a portable, easy-to-use, consolidated portfolio of Cisco's products and solutions for every part of your business. Inside the guide you will find a wealth of information, including brief product and service overviews, important features, technical specifications, part numbers and ordering information. It meets your information needs whether you're an enterprise, a service provider, or a small or medium-sized business.

For more information and to place your order today, visit the Cisco Product Quick Reference Guide website at:

http://www.cisco.com/go/guide

Get Access to Cisco Live Technical Training Sessions

Subscribe to Cisco Live Virtual now to watch hundreds of technical sessions from Cisco Live 2008. The sessions include technology topics such as network systems, security, wireless, and data center -- all recorded live in Orlando.

Build your own curriculum with the My Sessions section, where you can tag content and create your own one-stop learning resource. In My Sessions, you can easily download content such as session presentations and relevant URL bookmarks into your virtual event bag, and even rate the sessions you viewed.

More than 10,000 networking professionals attended Cisco Live 2008 to get technical training, grow their knowledge and skills, and extend their professional network. Now you have the opportunity to gain the same benefits online at Cisco Live Virtual.

Subscribe today and begin your training:

http://www.cisco.com/offer/ciscolive2008/163987_1

New Cisco Product Documentation Available Online

"What's New in Cisco Product Documentation" is an online publication that provides information about the latest documentation releases for Cisco products. Updated monthly, this online publication is organized by product category to direct you quickly to the documentation for your products.

In addition to many new and revised documents, highlights of the September release include documentation for the following:

Cisco Security Agents 6.0
Cisco Security Manager 3.2.1
Cisco Unified Personal Communicator 7.0

View the latest release of "What's New in Cisco Product Documentation" online or as an RSS feed today at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Upcoming "Ask the Expert" Events and TechTalks from NetPro

Networking Professionals Connection (NetPro) is an interactive website where you can discuss Cisco networking products and technologies with Cisco experts and networking professionals around the world.

Upcoming events on Networking Professionals Connection include:

"Ask the Expert" events, which allow you to discuss specific networking issues online with Cisco engineers:
http://forums.cisco.com/eforum/servlet/NetProf?page=Expert_Archive_discussion
- "Cisco Access Servers for ISDN/Modems/PPP Connectivity," now through September 19
- "CS-MARS," now through September 19
- "Unified Communications Express Product Portfolio," September 22 through October 3
- "Deploying IOS Embedded Management Technologies," September 22 through October 3
TechTalks are online webcasts that focus on particular technology subjects. You can view the latest event schedule, register to attend a live session, and view archived presentations on the web any time.
http://www.cisco.com/go/techtalk

To attend an event or participate in a discussion forum, visit Networking Professionals Connection at:

http://www.cisco.com/discuss/networking

Vulnerability in Cisco WebEx Meeting Manager ActiveX Control

http://www.cisco.com/en/US/products/products_security_advisory09186a00809e2006.shtml

TECHINCAL DOCUMENTS

VOICE AND UNIFIED COMMUNICATIONS

Configuration Example:
Using IMAP4 to Access Voice Messages in Cisco Unity System with Exchange 2007

http://www.cisco.com/en/US/products/sw/voicesw/ps2237/products_configuration_example09186a00809d8c91.shtml

Tech Note:
Unified Communications Manager Express Toll Fraud Prevention

http://www.cisco.com/en/US/products/sw/voicesw/ps4625/products_tech_note09186a00809dc487.shtml

Tech Note:
Cannot Delete IP Phone Associated with IP Communicator

http://www.cisco.com/en/US/products/sw/voicesw/ps5475/products_tech_note09186a00809dc481.shtml

Tech Note:
Monitor Cisco Unity Voice Port Usage

http://www.cisco.com/en/US/products/sw/voicesw/ps2237/products_tech_note09186a00809dc479.shtml

Cisco TAC Case Collection Solution:
CRS Backup or Restore with BARS Receives a "GET_FROM_ARCHIVE_REQUEST failure. The Unable to load clusters.properties; nested exception is: com.cisco.archive.ArchiveSystemIOException: UNSPECIFIED_ERROR; Failed to retrieve /STI/Backup/CRS/clusters.properties" Error Message in the BARS Log

http://www.ciscotaccc.com/voice/showcase?case=K02015200

WIRELESS

Tech Note:
Wireless LAN Controller (WLC) and NAC Guest Server (NGS) Integration Guide

http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a00809d6b9a.shtml

Cisco TAC Case Collection Solution:
How to Configure the Access Point so that the Clients Can Roam around and Pick up the Strongest Access Point

http://www.ciscotaccc.com/wireless/showcase?case=K63417939

FIELD NOTICES

LAN SWITCHING

C4500 E - Chassis Will Not Boot with Unsupported IOS - Upgrade IOS

http://www.cisco.com/en/US/ts/fn/631/fn63147.html

Cisco TAC Case Collection Solution:
How to Configure a Loopback Interface in Cisco Catalyst Switch

http://www.ciscotaccc.com/lanswitching/showcase?case=K11397092

OPTICAL

ONS 15310-CTX-2500-K9 - Possible SFP Cage Shorting Issue

http://www.cisco.com/en/US/ts/fn/620/fn62520.html

ROUTERS

Cisco 38XX Router May Fail to Boot due to Change in ROMmon Erase Time

http://www.cisco.com/en/US/ts/fn/631/fn63153.html

Cisco TAC Case Collection Solution:
"%SYS-3-CPUHOG" Error Message Is Displayed on a Cisco Router

http://www.ciscotaccc.com/core/showcase?case=K16184380

SECURITY AND VPN

CIVS-KYBD2232-XX - Serial Converter May Malfunction when Utilized in RS485 Mode with a Dome-type Security Camera

http://www.cisco.com/en/US/ts/fn/631/fn63127.html

Third Party VPN Connection May Cause Unintended VPN Interruption for Other Connected Users

http://www.cisco.com/en/US/ts/fn/631/fn63146.html

Cisco TAC Case Collection Solution:
In LAN-to-LAN VPN Tunnel on Router, Packets Exceeding 1500 Maximum Transmission Units (MTU) Are Dropped

http://www.ciscotaccc.com/security/showcase?case=K16436075

VOICE AND UNIFIED COMMUNICATIONS

Unable to Share Application in MeetingPlace Web 6.0 and MeetingPlace Express

http://www.cisco.com/en/US/ts/fn/631/fn63151.html

RECENT SUPPORT WIKI TOPICS

How to Re-initialize the Resource Manager Essentials 4.0 Database

http://supportwiki.cisco.com/ViewWiki/index.php/How_to_re-initialize_the_Resource_Manager_Essentials_4.0_database

NetFlow Collector Fails to Run

http://supportwiki.cisco.com/ViewWiki/index.php/NetFlow_Collector_fails_to_run

NetFlow Performance Issues

http://supportwiki.cisco.com/ViewWiki/index.php/NetFlow_performance_issues

NFC NetFlow Collector Does Not Collect Flows

http://supportwiki.cisco.com/ViewWiki/index.php/NFC_Netflow_Collector_does_not_collect_flows