Вы находитесь на странице: 1из 13

I had the enjoyable opportunity over the last few weeks to jump in and do a basic Cisco voice install.

It was about 110 phones, with the Cisco Unified Communications Manager Business Edition. This is a single box that includes Call Manager 6.1.3, and Unity Connection 2.1. It had to be done fast, and it had to be done right, so I stuck to mostly tried and true configurations. Since this was a price sensitive design, we used the 2800 router to its maximum potential. The 2800 is an amazingly flexible piece of equipment; it can be configured to do large variety of things. Sometimes known as the Integrated Services Router, or ISR, it can be set up as a router, firewall, VPN, Voice Gateway, SIP session border controller, transoder, conference bridge, and survivable remote gateway, all at the same time, on the same box! The call manager and unity connection install was straightforward, like punching out license plates. Set up media, device pools, partitions, calling search spaces, translation patterns, gateways, route filters, route patterns, etc. Scan then batch add the phones, set up voicemail and autoattendant call handlers, create expections, deal with the special people, and thats it. Enough said about that. The Cisco 2800 Integrated Services Router is used in this example to terminate a Multilink PPP bundle of four Internet T1s, act as a firewall, provide media services to the Cisco call manager, act as an MGCP controlled analog gateway, and use Cisco Survivable Remote Site Telephony (SRST) to be the backup call processor to the main Cisco Call Manager. SIP is ok with Network Address Translation as long as the firewall is capable of doing deep packet inspection and NATs all references to IP addresses. When I tried to NAT the inside interface of the firewallit did not work so well. The remote SIP service provider was seeing private IP addresses in the SIP text, which does not make for good two way communications. The Quality of Service setup on this example is fairly straightforward. Outbound is the standard Cisco MQS low-latency queuing setup, with a priority queue for voice and class based weighted fair queuing for the rest. Even though the service provider has said they prioritize inbound voice, I still set up inbound policing. Non-voice is limited to 4 Mbps, and anything greater than that will be dropped. Voice can use all of the bandwidth, so essentially there is 2 Mbps reserved for inbound voice. This is based on a calculation of 80 kbps for one G.711 call, so 2000 kbps gives us 25 concurrent voice calls, which should be plenty for 110 phones. Object groups are used, which is new to IOS version 12.4.20T. As a side note, I recommend strongly against using 12.4.22T1 for NAT or SCCP media like MTPs, since those feature are broken in that version. version 12.4
no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers

! hostname PriorityQueueRouter ! boot-start-marker warm-reboot boot-end-marker ! card type t1 0 0 card type t1 0 1 security authentication failure rate 3 log security passwords min-length 6 logging message-counter syslog logging buffered 100000 warnings no logging console enable secret 5 0000000000000000000 ! aaa new-model ! aaa authentication login default local aaa authorization console aaa authorization exec default local ! ! aaa session-id common clock timezone EST -5 clock summer-time EDT recurring network-clock-participate wic 0 network-clock-participate wic 1 network-clock-select 1 T1 0/0/0 network-clock-select 2 T1 0/0/1 network-clock-select 3 T1 0/1/0 network-clock-select 4 T1 0/1/1 ! dot11 syslog no ip source-route ! ! ip cef ! ! no ip domain lookup ip domain name MAINSITE.local ip ip ip ip ip ip ip ip ip ip ip ip ip ip inspect inspect inspect inspect inspect inspect inspect inspect inspect inspect inspect inspect inspect inspect max-incomplete high 5000 max-incomplete low 4500 one-minute high 5000 one-minute low 4500 tcp idle-time 300 tcp finwait-time 10 tcp max-incomplete host 1000 block-time 0 tcp reassembly queue length 1024 tcp reassembly timeout 60 tcp reassembly memory limit 256000 name EXT_FW ssh name EXT_FW https name EXT_FW ntp name EXT_FW tcp

ip inspect name EXT_FW dns ip inspect name EXT_FW smtp ip inspect name EXT_FW udp ip inspect name EXT_FW icmp ip inspect name EXT_FW ftp timeout 1200 ip inspect name EXT_FW http ip inspect name EXT_FW sip ip inspect name EXT_FW appleqtc ip inspect name EXT_FW l2tp ip inspect name EXT_FW pptp no ipv6 cef ! multilink bundle-name authenticated ! ! trunk group FXOPORTS hunt-scheme sequential both up ! ! voice service voip address-hiding allow-connections h323 to h323 allow-connections h323 to sip allow-connections sip to h323 allow-connections sip to sip no supplementary-service sip moved-temporarily no supplementary-service sip refer redirect ip2ip fax protocol pass-through g711ulaw modem passthrough nse codec g711ulaw sip bind control source-interface Loopback0 bind media source-interface Loopback0 header-passing registrar server expires max 3600 min 3600 no update-callerid early-offer forced ! ! voice class media 1 media flow-through ! ! voice class codec 1 codec preference 1 g711ulaw codec preference 2 g729r8 ! ! voice translation-rule 1 rule 1 /^\(2...\)/ /770555\1/ ! voice translation-rule 2 rule 1 /^9/ // ! ! voice translation-profile OUTBOUND translate calling 1

translate called 2 ! ! voice-card 0 no dspfarm dsp services dspfarm ! ! object-group network EXTERNAL_SIP_SERVERS host 247.10.98.2 ! object-group network INSIDE_NETWORKS 10.108.0.0 255.255.0.0 ! object-group network INTERNAL_SIP_SERVERS host 251.222.32.206 host 251.222.32.205 object-group network OUTSIDE_INTERFACE host 250.1.26.7 ! object-group service PING_SERVICE icmp echo-reply icmp unreachable icmp redirect icmp echo udp eq ntp udp eq domain ! object-group network PRIVATE_NAT_SERVERS host 10.108.80.5 host 10.108.60.6 host 10.108.60.7 host 10.108.60.10 host 10.108.60.12 ! object-group network PUBLIC_NAT_SERVERS host 251.222.32.205 host 251.222.32.195 host 251.222.32.197 host 251.222.32.199 host 251.222.32.201 ! object-group network SERVER_NETWORKS 10.108.60.0 255.255.255.0 10.108.80.0 255.255.255.0 ! object-group network SIP_NETWORKS host 251.222.32.206 host 251.222.32.205 ! object-group service SIP_SERVICE udp eq 5060 tcp eq 5060 ! ! controller T1 0/0/0

framing esf linecode b8zs cablelength long 0db channel-group 0 timeslots 1-24 ! controller T1 0/0/1 framing esf linecode b8zs cablelength long 0db channel-group 1 timeslots 1-24 ! controller T1 0/1/0 framing esf linecode b8zs cablelength long 0db channel-group 0 timeslots 1-24 ! controller T1 0/1/1 framing esf linecode b8zs cablelength long 0db channel-group 1 timeslots 1-24 ! ip tcp synwait-time 60 ip tcp path-mtu-discovery ip ssh time-out 60 ip ssh version 2 ! class-map match-any VOICE_CLASS match ip dscp ef match access-group name VOICEPACKETS_ACL class-map match-any CALLCONTROL_CLASS match ip dscp af31 match ip dscp cs3 match ip dscp af21 class-map match-any CONTROL_CLASS match access-group name NETWORKCONTROL_ACL match ip dscp af11 class-map match-any FROM_ISP_CLASS match access-group name FROM_ISP_ACL ! ! policy-map DROP_NON_VOICE_POLICY class FROM_ISP_CLASS police rate 2000000 conform-action set-dscp-transmit ef exceed-action set-dscp-transmit ef violate-action set-dscp-transmit ef class class-default police rate 4000000 conform-action transmit exceed-action drop violate-action drop policy-map VOICEFIRST_POLICY class CALLCONTROL_CLASS bandwidth percent 5

set dscp af21 class CONTROL_CLASS bandwidth percent 5 set dscp af11 class VOICE_CLASS priority percent 65 200000 set dscp ef class class-default fair-queue random-detect ! ! interface Loopback0 ip address 251.222.32.206 255.255.255.255 ! interface Multilink1 ip address 250.1.26.7 255.255.255.252 ip access-group OUTSIDE_IN in ip verify unicast reverse-path ip flow ingress ip nat outside ip inspect EXT_FW out ip virtual-reassembly snmp trap ip verify drop-rate no cdp enable ppp multilink ppp multilink group 1 ppp multilink fragment disable service-policy input DROP_NON_VOICE_POLICY service-policy output VOICEFIRST_POLICY ! interface GigabitEthernet0/0 ip address 10.108.100.254 255.255.255.0 ip flow ingress ip nat inside ip virtual-reassembly duplex auto speed auto ! interface GigabitEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0:0 no ip address encapsulation ppp ppp multilink ppp multilink group 1 ! interface Serial0/0/1:1 no ip address encapsulation ppp ppp multilink ppp multilink group 1

! interface Serial0/1/0:0 no ip address encapsulation ppp ppp multilink ppp multilink group 1 ! interface Serial0/1/1:1 no ip address encapsulation ppp ppp multilink ppp multilink group 1 ! ip local pool VPNPOOL 192.168.50.200 192.168.50.250 ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 Multilink1 ip route 10.108.0.0 255.255.0.0 10.108.100.1 no ip http server ip http authentication aaa ip http secure-server ! ! ip nat inside source route-map DYNAMIC_RMAP interface Multilink1 overload ip nat inside source static 10.108.60.6 64.206.208.195 route-map STATIC_RMAP ip nat inside source static 10.108.60.8 64.206.208.197 route-map STATIC_RMAP ip nat inside source static 10.108.60.10 64.206.208.199 route-map STATIC_RMAP ip nat inside source static 10.108.60.12 64.206.208.201 route-map STATIC_RMAP ip nat inside source static 10.108.80.5 64.206.208.205 route-map STATIC_RMAP ! ip access-list extended DYNAMIC_NAT_ACL deny ip object-group PRIVATE_NAT_SERVERS any permit ip 10.108.0.0 0.0.255.255 any ! ip access-list extended FROM_ISP_ACL permit ip object-group EXTERNAL_SIP_SERVERS object-group INTERNAL_SIP_SERVERS ! ip access-list extended OUTSIDE_IN permit object-group PING_SERVICE any object-group OUTSIDE_INTERFACE permit object-group PING_SERVICE any object-group INTERNAL_SIP_SERVERS permit object-group PING_SERVICE any object-group PUBLIC_NAT_SERVERS permit object-group SIP_SERVICE object-group EXTERNAL_SIP_SERVERS objectgroup INTERNAL_SIP_SERVERS permit object-group MGMT_SERVICE object-group MGMT_NETWORKS object-group OUTSIDE_INTERFACE ! ip access-list extended STATIC_NAT_ACL permit ip 10.108.0.0 0.0.255.255 any ! ! route-map DYNAMIC_RMAP permit 1 match ip address DYNAMIC_NAT_ACL ! route-map STATIC_RMAP permit 1 match ip address STATIC_NAT_ACL !

control-plane ! voice-port 2/0/0 ! voice-port 2/0/1 ! voice-port 2/0/2 ! voice-port 2/0/3 ! voice-port 2/0/4 ! voice-port 2/0/5 ! voice-port 2/0/6 ! voice-port 2/0/7 ! voice-port 2/0/8 trunk-group FXOPORTS 6 timing hookflash-out 50 connection plar 2700 ! voice-port 2/0/9 trunk-group FXOPORTS 5 timing hookflash-out 50 connection plar 2700 ! voice-port 2/0/10 connection plar 2700 ! voice-port 2/0/11 connection plar 2700 ! voice-port 2/0/12 connection plar 2700 ! voice-port 2/0/13 connection plar 2700 ! ccm-manager fallback-mgcp ccm-manager mgcp ccm-manager music-on-hold ccm-manager config server 10.108.80.5 ccm-manager config ! mgcp mgcp call-agent ucserver 2427 service-type mgcp version 0.1 mgcp dtmf-relay voip codec all mode out-of-band mgcp rtp unreachable timeout 1000 action notify mgcp modem passthrough voip mode nse mgcp package-capability rtp-package mgcp package-capability sst-package mgcp package-capability pre-package no mgcp package-capability res-package no mgcp package-capability fxr-package no mgcp timer receive-rtcp

mgcp sdp simple mgcp fax t38 inhibit mgcp rtp payload-type g726r16 static mgcp bind control source-interface GigabitEthernet0/0 mgcp bind media source-interface GigabitEthernet0/0 ! mgcp profile default ! sccp local Loopback0 sccp ccm 10.108.80.5 identifier 1 priority 1 version 6.0 sccp ! sccp ccm group 1 associate ccm 1 priority 1 associate profile 4 register MTP2851-729 associate profile 3 register MTP2851 associate profile 2 register CFB2851 associate profile 1 register XCD2851 ! dspfarm profile 1 transcode codec g711ulaw codec g729r8 maximum sessions 2 associate application SCCP ! dspfarm profile 2 conference codec g711ulaw codec g729r8 maximum sessions 2 associate application SCCP ! dspfarm profile 3 mtp codec g711ulaw maximum sessions software 50 associate application SCCP ! dspfarm profile 4 mtp codec g729r8 maximum sessions software 50 associate application SCCP shutdown ! ! dial-peer voice 999200 pots service mgcpapp port 2/0/0 ! dial-peer voice 999208 pots service mgcpapp port 2/0/8 ! dial-peer voice 1 pots description Incoming called numbers from FXO or FXS or ccm incoming called-number . direct-inward-dial ! dial-peer voice 59111 pots

trunkgroup FXOPORTS description 911 service with a leading 9 translation-profile outgoing OUTBOUND preference 5 destination-pattern 9[49]11 ! dial-peer voice 59112 pots trunkgroup FXOPORTS description 911 service without a leading 9 preference 5 destination-pattern [49]11 ! dial-peer voice 5202 pots trunkgroup FXOPORTS description International calling with FXOPORTS translation-profile outgoing OUTBOUND preference 5 destination-pattern 9011T ! dial-peer voice 19111 voip description 911 service with a leading 9 to ISP translation-profile outgoing OUTBOUND preference 6 destination-pattern 9[49]11 session protocol sipv2 session target ipv4:247.10.98.2 session transport udp dtmf-relay rtp-nte codec g711ulaw fax-relay ecm disable fax-relay sg3-to-g3 fax rate 14400 fax protocol pass-through g711ulaw ! dial-peer voice 1200 voip description local with a leading 9 to ISP translation-profile outgoing OUTBOUND preference 1 destination-pattern 9[2-9]..[2-9]...... session protocol sipv2 session target ipv4:247.10.98.2 session transport udp dtmf-relay rtp-nte codec g711ulaw fax-relay ecm disable fax-relay sg3-to-g3 fax rate 14400 fax protocol pass-through g711ulaw ip qos dscp cs3 signaling no vad ! dial-peer voice 1201 voip description long distance with a leading 9 to ISP translation-profile outgoing OUTBOUND preference 1 destination-pattern 91[2-9]..[2-9]...... session protocol sipv2

session target ipv4:247.10.98.2 session transport udp dtmf-relay rtp-nte codec g711ulaw fax-relay ecm disable fax-relay sg3-to-g3 fax rate 14400 fax protocol pass-through g711ulaw ip qos dscp cs3 signaling no vad ! dial-peer voice 1202 voip description international with a leading 9 to ISP translation-profile outgoing OUTBOUND preference 1 destination-pattern 9011T session protocol sipv2 session target ipv4:247.10.98.2 session transport udp dtmf-relay rtp-nte codec g711ulaw fax-relay ecm disable fax-relay sg3-to-g3 fax rate 14400 fax protocol pass-through g711ulaw ip qos dscp cs3 signaling no vad ! dial-peer voice 999209 pots service mgcpapp port 2/0/9 ! dial-peer voice 5200 pots trunkgroup FXOPORTS description Local calling with FXOPORTS translation-profile outgoing OUTBOUND preference 5 destination-pattern 9[2-9]..[2-9]...... ! dial-peer voice 5201 pots trunkgroup FXOPORTS description Long distance calling with FXOPORTS translation-profile outgoing OUTBOUND preference 5 destination-pattern 91[2-9]..[2-9]...... ! dial-peer voice 1100 voip description ** Incoming call from SIP trunk ** translation-profile incoming INBOUND voice-class codec 1 voice-class sip dtmf-relay force rtp-nte session protocol sipv2 session transport udp incoming called-number 770....... dtmf-relay rtp-nte fax protocol pass-through g711ulaw ip qos dscp cs3 signaling

no vad ! ! sip-ua nat symmetric role active retry invite 3 retry response 3 retry bye 3 retry cancel 3 retry rel1xx 3 timers connect 100 timers connection aging 30 ! ! ! call-manager-fallback secondary-dialtone 9 max-conferences 8 gain -6 transfer-system full-consult limit-dn 7961 6 timeouts interdigit 5 ip source-address 10.108.100.254 port 2000 max-ephones 110 max-dn 200 dual-line dialplan-pattern 1 770555 extension-length 4 transfer-pattern 9.......... keepalive 10 default-destination 2700 no huntstop time-zone 13 ! banner login ^CC ***************************************************************************** ** Unauthorized access and improper use are prohibited. Any activity on the system is subject to monitoring by the company at any time. Anyone who uses the system consents to such monitoring and agrees that the company may use the results of such monitoring without limitation. ***************************************************************************** ** ^C ! line con 0 exec-timeout 60 0 logging synchronous line aux 0 line vty 0 4 exec-timeout 60 0 logging synchronous line vty 5 15 exec-timeout 60 0 logging synchronous ! scheduler allocate 20000 1000

ntp server 131.144.4.9 ntp server 198.72.72.10 end