Category: Cisco

Check loaded Jabber XML configuration

Simply browse to http://CUCM-IP-address:6970/jabber-config.xml

Remember that TFTP files are not configuration changes to the configuration database replicated by the publisher to the subscriber. Likely, your publisher or the server you are checking is not a TFTP server. You need to upload jabber-config.xml to all TFTP servers.

If it does exist when you check in OS Administration > Software Upgrades > TFTP File Management, then you need to restart Cisco Tftp for the change to take effect.

Check the installation and configuration guide for more information:
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/Windows/9_7/JABW_BK_C4C679C9_00_cisco-jabber-for-windows-97.pdf

Filed under: Cisco, Unified Communications

TCP header compression on a Cisco router

TCP header compression is used to compress TCP headers in a network to save bandwidth on a link. However, TCP header compression comes at a cost in terms of processor time (delay/serialization delay).

Conditions: must be configured on both ends of the network to compress and decompress packets.

cisco_router1(config)# interface serial0/1
cisco_router1(config-if)# ip address 172.16.10.1 255.255.255.252
cisco_router1(config-if)# ip tcp header-compression

cisco_router2(config)# interface serial0/0/1
cisco_router2(config-if)# ip address 172.16.10.2 255.255.255.252
cisco_router2(config-if)# ip tcp header-compression

cisco_router1# show ip tcp header-compression

cisco_router2# show ip tcp header-compression

efficiency improvement factor = (bytes saved + bytes sent) / (bytes sent)

Filed under: Cisco, IOS, QoS

Disconnect SSH session on a Cisco ASA


asa# show ssh sessions

SID Client IP       Version Mode Encryption Hmac     State            Username
2   192.168.35.6    2.0     IN   aes256-cbc sha1     SessionStarted   elton
                            OUT  aes256-cbc sha1     SessionStarted   elton
3   204.16.58.6     2.0     IN   aes256-cbc sha1     SessionStarted   admin
                            OUT  aes256-cbc sha1     SessionStarted   admin


Notice the SID 2 and 3. Session ID 3 belongs to the one logged in as admin. Let’s drop the hammer.


asa# ssh disconnect 3

Verify.


asa# show ssh sessions

SID Client IP       Version Mode Encryption Hmac     State            Username
2   192.168.35.6    2.0     IN   aes256-cbc sha1     SessionStarted   elton
                            OUT  aes256-cbc sha1     SessionStarted   elton

asa# show logging
Oct 03 2014 11:22:00: %ASA-5-111008: User 'enable_15' executed the 'ssh disconnect 3' command.
Oct 03 2014 11:22:00: %ASA-5-111010: User 'enable_15',running 'CLI' from IP 199.48.158.6, executed 'ssh disconnect 3'
Oct 03 2014 11:22:00: %ASA-5-611103: User logged out: Uname: admin

Yeah, fuck that guy. If that wasn’t anyone you know, time to change your passwords.

Filed under: ASA, Cisco, Firewall

Call Forward All “Your call cannot be completed as dialed.” in Call Manager

Consider the scenario:
Long distance route pattern is 9.1[2-9]XX[2-9]XXXXXX
User has a Cisco IP Phone 7975 and wants to divert or forward all incoming calls to a mobile number.
IP phone is configured with a CSS that has access to long distance calls
IP phone’s line configuration has CSS set to

Problem: When the user attempts to set up CFwdAll, after dialing 9 then 1, it immediately yields “Your call cannot be completed as dialed.”

Troubleshooting: Updated line configuration to CSS that can access long distance calls.
Result: Still not able to setup CFwdAll.

Resolution:
Under System, go to Service Parameters and select your server.
For Service, select Cisco Call Manager (Active) from the drop-down menu.
Scroll down to Clusterwide Parameters (Feature – Forward)
By default, the CFA CSS Activation Policy is set to With Configured CSS. Change that to With Activating Device/Line CSS.

Explation: Excerpt from https://supportforums.cisco.com/discussion/11948691/callfwdall-activating-deviceline-css
Three possible values exist for this option:

  • Use System Default
  • With Configured CSS
  • With Activating Device/Line CSS

If you select the With Configured CSS option, the Forward All Calling Search Space that is explicitly configured in the Directory Number Configuration window controls the forward all activation and call forwarding. If the Forward All Calling Search Space is set to None, no CSS gets configured for Forward All. A forward all activation attempt to any directory number with a partition will fail. No change in the Forward All Calling Search Space and Secondary Calling Search Space for Forward All occurs during the forward all activation.

If you prefer to utilize the combination of the Directory Number Calling Search Space and Device Calling Search Space without explicitly configuring a Forward All Calling Search Space, select With Activating Device/Line CSS for the Calling Search Space Activation Policy. With this option, when Forward All is activated from the phone, the Forward All Calling Search Space and Secondary Calling Search Space for Forward All automatically gets populated with the Directory Number Calling Search Space and Device Calling Search Space for the activating device.

With this configuration (Calling Search Space Activation Policy set to With Activating Device/Line), if the Forward All Calling Search Space is set to None, when forward all is activated through the phone, the combination of Directory Number Calling Search Space and activating Device Calling Search Space gets used to verify the forward all attempt.

If you configure the Calling Search Space Activation Policy to Use System Default, then the CFA CSS Activation Policy cluster-wide service parameter determines which Forward All Calling Search space will be used. If the CFA CSS Activation Policy service parameter gets set to With Configured CSS, then Forward All Calling Search Space and Secondary Calling Search Space for Forward All will be used for Call Forwarding. If CFA CSS Activation Policy service parameter gets set to With Activating Device/Line CSS, then Forward All Calling Search Space and Secondary Calling Search Space for Forward All will be automatically populated with the Directory Number Calling Search Space and Device Calling Search Space for the activating device.

Filed under: Call Manager, Cisco

Call Manager LDAP new user ID not synced

Recently changed a user ID in Microsoft Active Directory and performed a full sync but the old user ID has not updated. It was noticed that while performing a full sync, it was done within 5 seconds. With both LDAP synchronization and LDAP authentication set in Call Manager, a user will not be able to log in to Extension Mobility.

To fix the issue:

Navigate to Cisco Unified Serviceability
Under Tools, select Control Center - Feature Services
Under Directory Services, select the Cisco DirSync radio button and click restart.

Navigate back to Cisco Unified CM Administration
Under LDAP, LDAP Directory, select your server and click Perform Full Sync Now
You should notice that synchronization process is taking a bit longer because the Cancel Sync Process button is available.
After the sync process is complete, check if the new user ID is reflected.

If this issue affects Cisco Unified Presence, the service that you need to restart is the Cisco UP Sync Agent.

Filed under: Call Manager, Cisco