Cisco Cisco Expressway Maintenance Manual
For example, your syslog host is typically receiving syslog messages from multiple systems, so you may
want to limit Expressway to sending only "Error" messages (and anything more severe) to this host. If you
want to leave the host untouched while troubleshooting a Expressway problem, you could configure a
second, temporary, host to receive "Debug" level (most verbose = messages of all severities). Then you
could safely remove the configuration after resolving the issue, without risking your primary syslog host.
want to limit Expressway to sending only "Error" messages (and anything more severe) to this host. If you
want to leave the host untouched while troubleshooting a Expressway problem, you could configure a
second, temporary, host to receive "Debug" level (most verbose = messages of all severities). Then you
could safely remove the configuration after resolving the issue, without risking your primary syslog host.
Call detail records (CDRs)
The Expressway now has the ability to record call connections and disconnections. There is a new service
that allows short-lived CDRs to be read from the Expressway by an external system.
that allows short-lived CDRs to be read from the Expressway by an external system.
There is also an option to log the CDRs more permanently, in which case the CDRs are published as
Informational messages to your syslog host. This option also keeps CDRs for a few days on the event log,
but the local data could rotate quickly.
Informational messages to your syslog host. This option also keeps CDRs for a few days on the event log,
but the local data could rotate quickly.
Note: CDR reporting is best effort and should not be relied upon for accurate billing purposes.
Media statistics
A media statistics logging service has been added to this release. When the service is active, up to 2GB of
data is kept locally in a rotating log. The stats are also published as syslog messages for offline storage and
analysis. For each call, the Expressway tracks statistics like packet counts, bitrates, and jitter.
data is kept locally in a rotating log. The stats are also published as syslog messages for offline storage and
analysis. For each call, the Expressway tracks statistics like packet counts, bitrates, and jitter.
Other changes
Enhancements and usability improvements
n
You can add static IP routes via the web UI, where previously these could only be added by CLI . There is a
new page
new page
System > Network interfaces > Static routes
to provide this functionality.
n
The Certificate Signing Request (CSR) generator now enables you to select the digest algorithm requested
for your certificate. The options are SHA-1, SHA-256 (new default), SHA-384, and SHA-512. In
Expressway versions prior to X8.5.1, the CSR page had no way to select the algorithm, and the CSR used
SHA-1 by default.
for your certificate. The options are SHA-1, SHA-256 (new default), SHA-384, and SHA-512. In
Expressway versions prior to X8.5.1, the CSR page had no way to select the algorithm, and the CSR used
SHA-1 by default.
Changed functionality
n
When changing an administrator account password, the logged in administrator is now required to authorize
the change by entering their own password.
the change by entering their own password.
n
The IP and Ethernet configuration pages have a new menu location. Previously these were
System
> IP
and
System > Ethernet
. These pages are now
System > Network interfaces > IP
and
System
> Network interfaces > Ethernet
.
n
The Expressway-C now defaults to SHA-256 for signing SSO requests it gives to clients, and you can
change it to use SHA-1 if required. In version X8.5, when the SSO feature was previewed, the
Expressway-C defaulted to SHA-1 and there was no way to select a different algorithm.
change it to use SHA-1 if required. In version X8.5, when the SSO feature was previewed, the
Expressway-C defaulted to SHA-1 and there was no way to select a different algorithm.
Note: If you were using the SSO feature with X8.5, this change may cause it to stop working after upgrade
to X8.5.1. You have two options to resolve this: leave the new default on the Expressway-C, and you may
need to reconfigure the IdP to expect requests to be signed with SHA-256 (recommended for better
security); the other option is to revert the Expressway-C's signing algorithm to SHA-1 for your IdP (go to
to X8.5.1. You have two options to resolve this: leave the new default on the Expressway-C, and you may
need to reconfigure the IdP to expect requests to be signed with SHA-256 (recommended for better
security); the other option is to revert the Expressway-C's signing algorithm to SHA-1 for your IdP (go to
Configuration > Unified Communications > Identity Providers (IdP)
, locate your IdP row, then in
Actions
column click Configure Digest).
Cisco Expressway Administrator Guide (X8.5.2)
Page 395 of 403
Reference material
Software version history