#in Upgrading of Cisco 7900 Series firmware

2nd February 2012

Upgrading of Cisco 7900 Series firmware

This one has come up a few times recently.

Some background info to explain why you can’t directly upgrade to firmware version 8.5(3) from anything lower than 8.3(3) on 7900 series IP phones.

Basically Cisco change the CA that signed the phone load certificates. Between versions 8.3(3) and 8.5(2) the phone loads contained both the old and new CA certificates. Version 8.5(3) and higher only contains the new CA certificate.

So basically, if you try and upgrade from 8.3(2) or lower to 8.5(3) or higher the phone doesn’t trust the new CA certificate and you get an “auth fail” message. This is also true if you do a factory reset on an old phone – i.e. one that has the old CA certificate burnt into it in the factory.

Cisco have apparently “lost” the old CA certificate, so it will never be seen again.

So the lesson here is to always have a copy of 8.3(3) lurking around that you can get your hands on.

Barry Hesk

Cisco announce new 40 gig ports

01 February 2012#in

Cisco announce new 40 gig ports

Cisco have announced a slew of new products aimed squarely at the data centre market. New 40 gig modules are available for both the 6500 and Nexus 7000 platforms. The 6500 module is a 4 port module that can also be equipped with a convertor plug in to provide 10 gig ports. Overall switching capacity is 80 gig so supports 2 40 gig ports at line rate, or 4 ports oversubscribed 2:1. The 6500 modules require the new Sup-2T supervisor engines.

100 Gig modules are also available for the Nexus 7000.

Another new launch is the 4500-X which provides up to 40 Ten Gig interfaces utilising VSS support which has been available on the 6500s for a few years.

No pricing or availability information is out there yet…but don’t expect them to be cheap!

Barry Hesk

Cisco shelf Call Connect for Nokia Platforms

26th January 2012

Cisco shelf Call Connect for Nokia Platforms

After years of aligning themselves alongside Nokia with regards to Enterprise voice access, Cisco it seems have fallen out of love with them. Today saw the official end of sale of the Nokia Intellisync Call Connect platform, which turned Nokia handsets into WiFi enabled phones capable of interfacing with Cisco’s enterprise telephony products.

The rationale behind this can’t be too hard to guess; Nokia’s market slide, coupled to them using Windows Mobile for their next generation of hardware means that the Symbian based Call Connect platform is no longer relevant to today’s enterprises. Once heralded as a flag ship application by Nokia and Cisco, it’s something of an ignominious exit as it shuffles off the stage having made little to no market penetration.

Cisco are still heavily active in this space with versions of Jabber being available for Android and iPhone which turn your smartphone into a full function Cisco WiFi handset. Blackberry users can also come to the party, although in a much more complicated manner, as it requires the installation of Blackberry MVS server alongside BES. Whilst it works ok, the complexity of the Blackberry solution seems to be a real inhibitor to adoption, and from what we have seen is yet another nail in the enterprise coffin for RIM.

Barry Hesk

Cisco, Culture of Buggy Code and the Failure of the TAC

23rd November 2011

Cisco, Culture of Buggy Code and the Failure of the TAC

Sometimes I read something on a forum that puts a smile on my face. Today was one of those occasions when I stumbled upon this post which was discussing the quality of much of the code that gets released in today’s enviroment.

The above post (which we’ve also contributed to) is directed fairly and squarely at Cisco, however it could easily be directed to a broad range of vendors, including (but not limited to) Juniper, Hewlett Packard and Microsoft. We spend huge amounts of times debugging poor software from vendors that should have not been shipped in the first place.

I sense a ground swell of opinion changing here. I just hope the vendors listen, and put software quality ahead of release dates. If it doesn’t work, don’t release it until it does.

Barry Hesk

Cisco announces new Nexus Switches and ASA

20th October 2011

Cisco announces new Nexus Switches

Cisco today announced their latest iteration of the Nexus coverged storage and data switches.

Network World have a good article covering the announcements

In summary:

  • New switching fabric called imaginatively, “fabric-2” which scales to 550GB per slot – more than twice the thoughput on the original fabric.
  • New Nexus 3016 which provides 16 ports of 40GB Ethernet.
  • New Nexus 4048 – provides 48 10/100/1000 Mbps ports plus 10GB uplinks
  • Fabricpath support for the Nexus 5500 series providing multiple active layer 2 paths across a “top of rack” topology
  • ASA 1000V firewall – Cisco’s first purely software based firewall – using the same underlying technology as the 1000V switch

Price points are said to be “competitive” – which for Nexus probably means “expensive”.

Barry Hesk

More Cisco UC Installation Issues

30th September 2011

Cisco CUCM 8.6 Installation Problems

Yet more severe problems upgrading to the latest version of Cisco Unified Communications Manager.

We’d already reported a problem with the Unity Connection 8.5 installer hanging. Now it seems that other issues are present in the latest 8.6 releases too. As the operating system code base is common across all of the main Cisco UC applications, thes issues will probably impact Communications Manager, Unity Connection and and Contact Centre Express.

Details of the issues are:

1. Upgrading to 8.6(2) seems to work ok. A “switch version” is issued on the Publisher. After the reboot, the publisher comes up for a few minutes and then reboots again on the old version. Cisco TAC need to be involved to fix this issue. The latest code on CCO is still broken.
2. Instaled 8.6(2) on the Publisher; rebooted and all ok (see the previous issue). Attempted to install 8.6(2) on Subscriber. Installation hangs for hours and has to be cancelled. Workaround for this is to run the upgrade with “Automatic switch back to previous version if upgrade is successful” set to “no”.

Being brutally honest, this is all an utter mess. Cisco seem unable, or unwilling to actually test anything before they release it these days and it is starting to have a huge impact with customers.

Barry Hesk

New releases of Cisco UC Products

21 September 2011

Cisco Systems have released updates of their main Unified Communications Platforms to address both bug fixes and limited new functionality.

Cisco Unified Communications Manager 8.6(2)

Proxy TFTP Server: Targeted towards large enterprise deployments, it allows TFTP services serving endpoints to be distributed. It allows any CUCM server to act as a TFTP server for local resources, even handsets that belong to a different CUCM cluster.

Cluster Wide Call Park: Again, targeted at larger deployments, Call Park has been reworked to make it simpler in terms of call routing, CSS and Partition definitions. However, CTI monitoring of Call Park slots has been removed (it will be reinstated in CUCM 9.0) meaning that applications such as Attendant Consoles, will not be able to provide real time status displays of them.

Redirecting Number Transformation: Some additional enhancements allow you to manipulate the number associated with a redirect operation. This can be useful for situations where redirects are in place (for example Call Forwarding, or Single Number reach operations) to keep visible the original calling number.

Cisco Unity Connection 8.6(2)

Microsoft Office 365: Support for Unity Connection integrated with externally hosted Microsoft Office 365 environments. Please note that at the current time each integrated is limited to only 19 users. Email delivery, calendar integration and text to speech is supported.

Cisco SpeechView: Cisco SpeechView (Standard and Professional) provides speech to text services allowing you to “read” voicemails. Cisco SpeechView is a subscription service which is not covered by your existing Unity Connection licensing.

Cisco Unified Communications Manager Express 8.8

Phone Download: Adds HTTP support for downloading of phone firmware and configuration files.

Support for new phones: Adds support for 3905, 6945, 8941 and 8945 IP phones.

Cisco Unity Express 8.6(1)

Additional Hardware Support: Support for SM-SRE-710-K9 and SRM-SRE-910-K9 hardware service modules

Hosted SMTP Providers: Provides secure (SSL) SMTP support to hosted providers including Gmail, Yahoo, Hotmail, Microsoft Exchange and Windows Live.

New IMAP Clients: Support for additional IMAP Clients including iPhone, Cisco Mobile, Outlook 2010, Windows LiveMail 12.0 and IBM Lotus Notes. Support is also added for CSF Clients which includes Cisco Unified Personal Communicator 8.5.

Cisco Unity Contact Centre Express 8.5(1)

Outbound IVR: Allows CUCCX to place outbound calls and present the connected party with a menu / IVR system. Requires CUCCX Premium licensing.

Increased Agents: Up to 400 agents are now supported, depending on the underlying platform.

Additional Platforms: Additional hardware platforms are now supported including MCS 7825 and 7816s and Cisco UCS Servers.


Barry Hesk


Cisco CP-6921 handset restrictions

15 September 2011

Cisco have recently marked as end of sale the CP-7911 handset which is a “work horse” handset for many customer deployments. The 6921, featuring a headset port and full duplex speakerphone which the 7911 didn’t have, seems to be an attractive option however there are a few of restrictions to be aware of.

1. The 6921 whilst being a two line phone does not support two calls per button. The second channel can only be used for transfer or conference. This is unlike the way that the 7911 operates which provides two calls per button.

2. DND does not work on the handset when mapped to a softkey. This is an issue that is known by Cisco and there is a workaround of setting it to the 2nd button. However, if you want to use the 2nd button as a second line, you can’t use DND. This does not sound great to us.

3. Auto Answer on headsets. Other Cisco handsets that support auto answer on headsets provide the ability to play a “zip” tone on auto answer so that the agent knows a call has just arrived. The 6921 does NOT support this tone and we don’t know why. It can seemingly play the tone for internal calls, however it does not play it for external calls. Cisco TAC confirm that this is expected behaviour however we haven’t been able to find any documentation that reflects this. It also seems like a very strange restriction. Net result, we’d be loath to recommend 6921s with headsets if you want auto answer.

So all in all, be careful how you deploy 6921s. They are not as attractive as they appear at first glance.

Barry Hesk

Cisco ASA 8.3 NAT

Cisco ASA Version 8.3 (and now 8.4) has been out and shipping for quite some time. Based around our own experiences, and some feedback from customers we’ve been researching.

The following link provides a really helpful overview of what has changed in version 8.3 and higher.


It’s fair to say that NAT in 8.3 does cause confusion and is a radical departure from what was in place previously. In our minds, it’s much more aligned to the way that Checkpoint perform NAT on their platforms. It is also worth pointing out that in our experience, migrating from 8.2 to 8.3 does not work smoothly, or in some cases at all, and you will almost definitely need to rebuild your NAT from scratch at version 8.3. If you’re planning an upgrade to 8.3 or 8.4 please bear it in mind, and that you may need to completely rework your NAT. For most people this is not a massive issue as typically you may have a couple of static NAT entries, some exclusions for VPN traffic, and a dynamic interface based statement to catch everything else. However, if you have anything a little more complex, like policy NAT make sure you test and test again to ensure it’s all working ok.

Barry Hesk