Monday, November 28, 2011

asa/pix pre-shared-key is ****

Hi Guys

So if your anything like me, you've logged onto an ASA or pix trying to troubleshoot VPN connectivity.. you go to check the preshared key and all you see is:

preshared-key ***

damnit!

If your anything like you assumed it was hidden and could not be recovered.. Wrong!

simply do a:

more system:running-config

and you will be provided with the pre-shared-key in all its unencrypted glory!

Enjoy!

Tuesday, November 22, 2011

Toll Fraud in IOS 15.1

Hi Guys

Came across this link and thought i would share:
https://supportforums.cisco.com/docs/DOC-12228

It's cisco discussing the toll fraud prevention feature in the latest IOS. One of the more interesting things I found out from this document is that any dial-peer session target addresses are automagically (love that word) added to the list of trusted sources, but still worth understanding this tech and how it works.

I hope this helps someone out there!

Friday, November 18, 2011

Hello Jaluri!

Hey guys, this is just a test post to make sure I am being fed into jaluri.com, i really like it and wanna make sure i am listed on it, plus here is some free advertising for all you readers of my blog (all 3 of you!) for jaluri.com, awesome networking blog aggregator.

Guys on jaluri you may have missed my last post (which has my first video post!) on Cisco Unified Provisioning Manager, a way to easily add phones to your CUCM, 90 day trial available, check out more at:

http://www.ccierants.com/2011/11/cisco-unified-provisioning-manager.html

Cheers!


Tuesday, November 8, 2011

Cisco Unified Provisioning Manager

Hi Guys
(People using aggregates please see; http://www.ccierants.com/2011/11/cisco-unified-provisioning-manager.html)


So, this is the first time I have ever done a Video blog post, so if it feels rushed and unscripted.. that is because it is! Sorry! I did it as a Video because only a Video could really show how easy Cisco Unified Provisioning Manager can make adding new phones/users/enabling "services" for users with CUCM.

Here are some quick facts:
What: Cisco Unified Provisioning Manager 8.6 is a tool that integrates with your existing CUCM, CUC and CUPs servers to provide a single management pane to easily add users to all three and ensure they are added consistently and accurately.

Essentially it provides templates for line and phone settings to add users to CUCM. So for example, you can create a template called SiteA (As I do in the video) that contains all the settings for SiteA users telephones, lines, voicemail, remote destination profiles and extension mobility profiles and easily add new users with just a few clicks, making changes if you need to.

The provisioning tool takes care of all the little details such as associating the users with their phones, associating the user to the line, updating the primary extension etc. etc. and means you can _very_ rapidly deploy new phones.

It even looks after your number blocks, so you can specify directory numbers for particular sites and it will manage their allocation for you, ensuring they don't overlap, allowing you to reserve some numbers and also showing you an inventory of which are available.

Here is a video showing more:


video

Higher quality video: http://youtu.be/c6LL-4rZf_4


How: A 90 day trial license is available to make sure it is for you, it's got a list price of 12k for 500 users, so you should half that to get an idea of how much it might cost. I would say it is targeted at quite large organizations who make a lot of add's moves and changes or who have a very complicated CUCM setup.




Caveats: It has a few limitations that I came across such as you cannot use keywords everywhere (keywords like ${FIRSTNAME} and ${EXTENSION} allow you to specify

More Information: I still have not fully explored options such as what about removing services from a user, (i.e. decommissioning a users phone) as I imagine that is quite common task.

If you have had some of your own experience with Cisco Unified Provisioning Manager I would love to hear about it! Leave a comment below


Tuesday, November 1, 2011

YACFCMEHCUCMD or Yet Another Cool Feature CME has CUCM does not

HI Guys

(People visiting from Aggregators please visit: http://www.ccierants.com/2011/11/yacfcmehcucmd-or-yet-another-cool.html)

Introducing Unlocked MeetMe Conferences.

Like my very Long acronym in the title? Yes it's time for yet another great feature that CCME has that CUCM does not, the list just keeps getting longer and longer, I am a Cisco fan boy through and through but it boggles my mind that CME gets features that CUCM does not, CUCM is meant to be the flagship.

Plus if you believe the rumors, the plan is to remove CUE running on modules and instead have SRE running Unity Connection, so if that is there plan long term for unity connection, you have to wonder if the next logical step is to do the same for CUCM (you can already do it too, CUCM will run on SRE modules as far as I know)

So anyway, on to the feature

So we all know and love Meet me conference on CCME and CUCM i assume, it is a pretty funky feature where you can setup a conference by pressing the meetme button, dialling the number of the conference 'Room" and then having your participants dial the meeting number (either externally or internally) This means you as the conference organiser don't have to dial everyone in, you can just say

Ring me at 5:00pm on this number to join the conference, deal with it.

Your participants then just dial in, pretty simple and effective hey.

But it has a few small limitations, for some it is a hassle to have to press the meetme soft key, they forget to do it. To me though one of the main limitations is that you actually have to be infront of a Cisco Handset in order to start the conference off, what if you want a conference but your away from your desk when the conference starts, maybe an important customer wants to talk business so you hop into your car to go see him before realising, DAMN, i forgot about my conference, and i can't even start the conference now because I am on the road.

Well, conference meetme unlocked is what your after in this situation.

With Conference Meetme unlocked, you can have a meetme number that is always ready to go, simply dial in and the conference starts, even if your the first one to start the conference!

It is super easy to configure as well, here is a quick example configuration:


ephone-dn 6 octo-line
number 3000
conference meetme unlocked
!

Easy as that guys, just that simple keyword at the end of conference meetme "unlocked" and walla your ready to go.

Let's use a show command to get a bit more info:

PeterCCIE18371#show ephone-dn conference meetme
type active inactive numbers
=======================================
Meetme 1 7 3000
DN tags: 6
All DN tags unlocked.


now for those of you who have never even setup a normal meet me conference I have included all my configuration for you just to give you a bit more to work with :)

Just quickly, 10.0.0.3 is my local CCME, (which is Fa0/1 IP address)

sccp local FastEthernet0/1
sccp ccm 10.0.0.3 identifier 1 version 7.0
sccp
sccp ccm group 1
associate ccm 1 priority 1
associate profile 1 register CONFHQ
dspfarm profile 1 conference
codec g711ulaw
codec g711alaw
codec g729ar8
codec g729abr8
codec g729r8
codec g729br8
maximum sessions 1
associate application SCCP
telephony-service
sdspfarm units 1
sdspfarm tag 1 CONFHQ
conference hardware
ephone-dn 6 octo-line
number 3000
conference meetme unlocked

!

Of course you must be careful from a security perspective to ensure that only people within your organization can dial this number, this can be accomplished with COR's (incoming COR's and Outgoing COR"S) I have even seen some smart cookies out there on internet land who have setup AA scripts so there meet me's have a PIN!

I hope this helps someone out there!