Cisco Cisco Expressway Maintenance Manual
Serviceability improvements
Secure connection checker
This new utility enables you to test whether or not a secure connection can be made from the Expressway. It checks
the validity of certificates presented by the transacting parties, looking for errors that would prevent the secure
connection.
the validity of certificates presented by the transacting parties, looking for errors that would prevent the secure
connection.
You simply enter an FQDN, hostname, or IP address to test the secure connection without otherwise affecting your
configuration.
configuration.
The feature can be used in the following circumstances:
■
you are discovering Unified Communications servers / nodes while configuring Mobile and Remote Access,
and wish to test whether TLS or HTTPS will be possible with the configured nodes
and wish to test whether TLS or HTTPS will be possible with the configured nodes
■
you are configuring a Unified Communications traversal zone, or Secure Traversal zone, between the
Expressway-C and the Expressway-E
Expressway-C and the Expressway-E
You can now filter the logs that Expressway sends to each remote syslog host by severity level.
For example, your syslog host is typically receiving syslog messages from multiple systems, so you may want to limit
Expressway to sending only "Error" messages (and anything more severe) to this host. If you want to leave the host
untouched while troubleshooting a Expressway problem, you could configure a second, temporary, host to receive
"Debug" level (most verbose = messages of all severities). Then you could safely remove the configuration after
resolving the issue, without risking your primary syslog host.
Expressway to sending only "Error" messages (and anything more severe) to this host. If you want to leave the host
untouched while troubleshooting a Expressway problem, you could configure a second, temporary, host to receive
"Debug" level (most verbose = messages of all severities). Then you could safely remove the configuration after
resolving the issue, without risking your primary syslog host.
Call detail records (CDRs)
The Expressway now has the ability to record call connections and disconnections. There is a new service that
allows short-lived CDRs to be read from the Expressway by an external system.
allows short-lived CDRs to be read from the Expressway by an external system.
There is also an option to log the CDRs more permanently, in which case the CDRs are published as Informational
messages to your syslog host. This option also keeps CDRs for a few days on the event log, but the local data could
rotate quickly.
messages to your syslog host. This option also keeps CDRs for a few days on the event log, but the local data could
rotate quickly.
Note:
CDR reporting is best effort and should not be relied upon for accurate billing purposes.
Media statistics
A media statistics logging service has been added to this release. When the service is active, up to 2GB of data is
kept locally in a rotating log. The stats are also published as syslog messages for offline storage and analysis. For
each call, the Expressway tracks statistics like packet counts, bitrates, and jitter.
kept locally in a rotating log. The stats are also published as syslog messages for offline storage and analysis. For
each call, the Expressway tracks statistics like packet counts, bitrates, and jitter.
Other changes
Enhancements and usability improvements
■
You can add static IP routes via the web UI, where previously these could only be added by CLI . There is a
new page System > Network interfaces > Static routes to provide this functionality.
new page System > Network interfaces > Static routes to provide this functionality.
■
The Certificate Signing Request (CSR) generator now enables you to select the digest algorithm requested for
your certificate. The options are SHA-1, SHA-256 (new default), SHA-384, and SHA-512. In Expressway
versions prior to X8.5.1, the CSR page had no way to select the algorithm, and the CSR used SHA-1 by
default.
your certificate. The options are SHA-1, SHA-256 (new default), SHA-384, and SHA-512. In Expressway
versions prior to X8.5.1, the CSR page had no way to select the algorithm, and the CSR used SHA-1 by
default.
Changed functionality
■
When changing an administrator account password, the logged in administrator is now required to authorize
the change by entering their own password.
the change by entering their own password.
■
The IP and Ethernet configuration pages have a new menu location. Previously these were System > IP and
System > Ethernet. These pages are now System > Network interfaces > IP and System > Network
interfaces > Ethernet.
System > Ethernet. These pages are now System > Network interfaces > IP and System > Network
interfaces > Ethernet.
384
Cisco Expressway Administrator Guide
Reference Material