Friday, February 22, 2008

The Future of Communications

Just did some surfing on YouTube and find this very interesting one:

Reduce Communications Manager Interdigit timeout


If you are having variable length dial-plan, you might suffer long interdigit timeout after you key-in your numbers. If you don't want to press "#" at the end of your dialing to tell CUCM to process your call, you can shorten the default T302 timer from default 15000 to minimum 3000.

System > Service Parameters > Clusterwide Parameters (Device - General) > T302 Timer

T302 Timer
This parameter specifies an interdigit timer for sending the SETUP ACK message. The timer restarts each time Cisco CallManager receives a digit. When this timer expires, Cisco CallManager routes the dialed digits. For exact timer definitions, refer to the Q.931 specification.
This is a required field.
Default: 15000
Minimum: 3000
Maximum: 75000
Unit: msec

Adding Permanent Static Route on Linux

To add a static route to your RH box, you can use the following command:

route add -net 192.168.1.0/24 gw 192.168.2.254

If you want this route permanently added to your routing table, touch a new file in /etc/sysconfig/network-scripts

touch /etc/sysconfig/network-scripts/route-eth0

put the route in your file:
192.168.1.0/24 via 192.168.2.254

Xming

Xming is a X Window server on MS Windows platform for free. Good thing is it doesn't rely on Cygwin and easy too use. Most importantly it can work together with PuTTY which is probably one of the applications I used most in my life.

1. Get your packages here:
http://www.straightrunning.com/XmingNotes/

2. Change the settings of your shortcut on desktop by appending the parameter "-ac" at the end of the "target" box. Double click the shortcut to start Xming.

3. Make sure your personal firewall is allowed 6000/tcp.

4. In PuTTY > SSH > X11, check "Enable X11 forwarding".


5. Connect to your Linux box, type "export DISPLAY="1.2.3.4:0.0". 1.2.3.4 is your IP address.

6. Type "xterm &" then you will see your X terminal on Windows!

Redirect Page in JSP

Wanna redirect the user to some pages that you want to show? Pretty simple in JSP:

String redirectURL = "http://hostname.com/index.jsp";
response.sendRedirect(redirectURL);

Thursday, February 21, 2008

Converting your favorite MP3 song to Cisco IP phone ringtone


You can do it, for free on your Linux box with lame and sox. Here ya go:

1. lame --decode she_bangs.mp3 she_bangs.wav
2. sox -t wav she_bangs.wav -t raw -r 8000 -U -b -c 1 she_bangs.raw resample -ql

Then you can use the raw file for your Cisco IP phone!

CamStudio - Open Source Screen Recording Software



Sometimes you want to record what you are doing with your desktop, say record the product demonstration or show to your customer how to do something. CamStudio is a great video and audio recording directly from the PC screen, an alternative to Camtasia Studio.

http://camstudio.org/

Wednesday, February 20, 2008

Start X with error message "No Devices Detected"

Just changed the video card on my testing PC and it boots up with the following error message:

(EE) No devices detected.
Fatal server error:
no screens found

I seldom use X so it takes me some time to troubleshoot. Finally I got the solution from X Wiki:

http://wiki.x.org

You can go to /etc/sysconfig/hwconf, and search for "VIDEO" to see what video card you are using. Then check if it matches with your X configuration file /etc/X11/xorg.conf.

If seems you are using the correct driver but still get this message, it is likely that your chipset isn't support on your Linux distro yet. You can try the vesa driver or the vga driver. In my case, the vesa driver solved my problem.

Section "Device"
Identifier "Videocard0"
Driver "vesa"
EndSection

Monday, February 18, 2008

OSPF over NBMA Networks

In general, there are 5 ways to deal with it.

1. Fully meshed topology. Drawback is you have to manage n(n-1)/2 PVCs
2. Estabish each PVC as an individual point-to-point network with its own subnet. Most easily managed, requires more processing power on routers.
3. Using the neighbor command. The oldest solution for pre-10.0 version IOS.

Example
Hub site router
router ospf 1
network 172.16.0.0 0.0.255.255 area 0
neighbor 172.16.2.2 ! Default priority 0, means spoke router will never be DR
neighbor 172.16.2.3

Spoke site Router A
router ospf 1
network 172.16.0.0 0.0.255.255 area 0
neighbor 172.16.2.1 priority 10 ! It makes the hub site router a DR

4. ip ospf network broadcast. Cause the NBMA cloud to view as broadcast multiaccess network.

Example
Hub site router
interface Serial0
ip ospf network broadcast
ip ospf priority 10 ! It makes the hub site router a DR

Spoke site Router A
interface Serial0
ip ospf network broadcast
ip ospf priority 0 ! means spoke router will never be DR

5. ip ospf network point-to-multipoint. Treat the PVCs as a collection of point-to-point links. Therefore no DR/BDR election takes place.

Example
Hub site router
interface Serial0
ip ospf network point-to-multipoint non-broadcast

Spoke site Router A
interface Serial0
ip ospf network point-to-multipoint non-broadcast

Saturday, February 16, 2008

Generate host key for inter-host SSH

You will find it handy to let the hosts communication each other and transfer files using SSH or SCP, but you don't want to allow Password Authentication to prevent password brute force attacks. You can generate the key pairs and allow key authentication with the following steps:

1. Make sure OpenSSH is installed
2. Check if you have directory $HOME/.ssh
3. ssh-keygen -t rsa, then it will generate the public (id_rsa.pub) and private (id_rsa) key files in $HOME/.ssh. Copy the id_rsa.pub content to the remote host $HOST/.ssh/authorized_keys2 file

To disable Password Authentication:
vi /etc/ssh/sshd_config
PasswordAuthentication no # Default is yes

/etc/init.d/sshd restart

Converting a PuTTY key for SecureCRT

I've been using PuTTY for many years and I'm quite happy with it. Since I'm pursuing CCIE and CCIE lab is using SecureCRT, so I decide to switch to SecureCRT to familiarize with it.

The very first challenge is to convert my key pairs generated by PuTTYGen for SecureCRT use. Not as straight forward as I think...... Here are the steps:

1. Use PuTTYGen to load your existing private keys
2. Use "Conversions" to export private key in OpenSSH format named identity
3. Export your public key named identity.pub
4. Put both files in the same folder

Then Start your SecureCRT
1. Choose QuickConnect
2. Protocol = SSH2, and enter the hostname or ip address
3. Under the "Authentication" session, Only checked "PublicKey"
4. Click "Properties" at the right pane
5. Choose "Use Global public key setting"
6. Under "Use identity or certificate file" and choose your identity.pub and click ok.
7. Enter your passphrase and get connected!

Friday, February 15, 2008

Disable exec-timeout

Don't wanna kick out and re-login 20 times during lab practice? Disable the exec-timeout for console and VTY to stay connected.

line con 0
exec-timeout 0 0
privilege level 15
line vty 0 4
exec-timeout 0 0
privilege level 15
no login

Running Multiple Instances on Dynamips

You can run multple instances on a Linux box, so that you can share the same box with your friends who are pursuing CCIE!

Take a look at /etc/init.d/dynamips:

PORT=7200

Default Dynamips is listening on 7200/tcp. Copy the init file and modify it to unused port, say 7201/tcp:

cp /etc/init.d/dynamips /etc/init.d/dynamips-7201

vi dynamips-7201

Change PORT=7200 to PORT=7201.

Start the second instance of Dynamips by /etc/init.d/dynamips-7201 start.

You will need to modify the .net config file, here are the key points to note when you create your second .net config file:
1. [1.2.3.4:7201] - make sure you are connecting to that particular instance
2. udp = 11000 - you have to use another udp port for the second instance
3. console = 3000 under your router configuration. Default starts at 2000/tcp and you can change to other unused ports, say from 3000/tcp.

Then run your config using:
dynagen your_config_file

Enjoy!

Dynamips / Dynagen on Linux

My environment: RH FC8 x86_64

Before start, make sure you have the IOS files with you, but please don't ask me where to get it!

1. Grab the rpms from sourceforge:
http://sourceforge.net/project/showfiles.php?group_id=160317

dynagen-0.10.1-1.noarch.rpm
dynamips-0.2.8RC1-1.i386.rpm

When installing dynamips RPM, there is a dependency needs to be resolved and you need to downgrade the libpcap from 0.9.8 to 0.9.4 before you can install dynamips.

2. Prepare your .net config files, the easiest way is to modified the sample config files come with the installation:
/usr/share/doc/dynagen-0.10.1/sample_labs

3. Start your dynamips daemon:
/etc/init.d/dynamips start

4. Then you can start your lab simulation!
dynagen your_conf_file.net

Before you load the IOS, you can decompress it by standard zip utilities, the loading speed will be much faster!

Dynagen official page: http://dynagen.org/
Dynagen Tutorial: http://dynagen.org/tutorial.htm

Mounting Windows share on Linux

Before you do this, make sure you have the windows share path, your username and password, and create a folder on Linux for the mount point.

mount -t cifs //mywindows/myshare -o username=myname,password=mypassword /mnt/winshare

Wednesday, February 13, 2008

Installing VMWare Workstation on Linux


My environment: RH Fedora Core 8, 2.6.23.15-137.fc8, 32-bit

Before installing, make sure you have the kernel-headers and kernel-devel rpm installed. You'll need the kernel header files during the installation process.

1. To install VMWare workstation on Linux, the very first step is to download the VMWare rpm file from the vmware website:

http://www.vmware.com

2. After download the rpm, install it:

rpm -Uvh Vmware-workstation-6.0.2-59824.i386.rpm

3. Just one step to go, run the configuration perl script:

vmware-config.pl

Here is the output from my Linux box, paste it here for your reference:

Configuring fallback GTK+ 2.4 libraries.

In which directory do you want to install the theme icons?

[/usr/share/icons]

What directory contains your desktop menu entry files? These files have a

.desktop file extension. [/usr/share/applications]

In which directory do you want to install the application's icon?

[/usr/share/pixmaps]

Trying to find a suitable vmmon module for your running kernel.

None of the pre-built vmmon modules for VMware Workstation is suitable for your

running kernel. Do you want this program to try to build the vmmon module for

your system (you need to have a C compiler installed on your system)? [yes]

Using compiler "/usr/bin/gcc". Use environment variable CC to override.

What is the location of the directory of C header files that match your running

kernel? [/lib/modules/2.6.23.15-137.fc8/build/include]

Extracting the sources of the vmmon module.

Building the vmmon module.

Using 2.6.x kernel build system.

make: Entering directory `/tmp/vmware-config0/vmmon-only'

make -C /lib/modules/2.6.23.15-137.fc8/build/include/.. SUBDIRS=$PWD SRCROOT=$PWD/. modules

make[1]: Entering directory `/usr/src/kernels/2.6.23.15-137.fc8-i686'

CC [M] /tmp/vmware-config0/vmmon-only/linux/driver.o

CC [M] /tmp/vmware-config0/vmmon-only/linux/hostif.o

CC [M] /tmp/vmware-config0/vmmon-only/common/comport.o

CC [M] /tmp/vmware-config0/vmmon-only/common/cpuid.o

CC [M] /tmp/vmware-config0/vmmon-only/common/hash.o

CC [M] /tmp/vmware-config0/vmmon-only/common/memtrack.o

CC [M] /tmp/vmware-config0/vmmon-only/common/phystrack.o

CC [M] /tmp/vmware-config0/vmmon-only/common/task.o

CC [M] /tmp/vmware-config0/vmmon-only/common/vmciContext.o

CC [M] /tmp/vmware-config0/vmmon-only/common/vmciDatagram.o

CC [M] /tmp/vmware-config0/vmmon-only/common/vmciDriver.o

CC [M] /tmp/vmware-config0/vmmon-only/common/vmciDs.o

CC [M] /tmp/vmware-config0/vmmon-only/common/vmciGroup.o

CC [M] /tmp/vmware-config0/vmmon-only/common/vmciHashtable.o

CC [M] /tmp/vmware-config0/vmmon-only/common/vmciProcess.o

CC [M] /tmp/vmware-config0/vmmon-only/common/vmciResource.o

CC [M] /tmp/vmware-config0/vmmon-only/common/vmciSharedMem.o

CC [M] /tmp/vmware-config0/vmmon-only/common/vmx86.o

CC [M] /tmp/vmware-config0/vmmon-only/vmcore/moduleloop.o

LD [M] /tmp/vmware-config0/vmmon-only/vmmon.o

Building modules, stage 2.

MODPOST 1 modules

CC /tmp/vmware-config0/vmmon-only/vmmon.mod.o

LD [M] /tmp/vmware-config0/vmmon-only/vmmon.ko

make[1]: Leaving directory `/usr/src/kernels/2.6.23.15-137.fc8-i686'

cp -f vmmon.ko ./../vmmon.o

make: Leaving directory `/tmp/vmware-config0/vmmon-only'

The module loads perfectly in the running kernel.

Trying to find a suitable vmblock module for your running kernel.

None of the pre-built vmblock modules for VMware Workstation is suitable for

your running kernel. Do you want this program to try to build the vmblock

module for your system (you need to have a C compiler installed on your

system)? [yes]


Extracting the sources of the vmblock module.

Building the vmblock module.

Using 2.6.x kernel build system.

make: Entering directory `/tmp/vmware-config0/vmblock-only'

make -C /lib/modules/2.6.23.15-137.fc8/build/include/.. SUBDIRS=$PWD SRCROOT=$PWD/. modules

make[1]: Entering directory `/usr/src/kernels/2.6.23.15-137.fc8-i686'

CC [M] /tmp/vmware-config0/vmblock-only/linux/block.o

CC [M] /tmp/vmware-config0/vmblock-only/linux/control.o

CC [M] /tmp/vmware-config0/vmblock-only/linux/dbllnklst.o

CC [M] /tmp/vmware-config0/vmblock-only/linux/dentry.o

CC [M] /tmp/vmware-config0/vmblock-only/linux/file.o

CC [M] /tmp/vmware-config0/vmblock-only/linux/filesystem.o

CC [M] /tmp/vmware-config0/vmblock-only/linux/inode.o

CC [M] /tmp/vmware-config0/vmblock-only/linux/module.o

CC [M] /tmp/vmware-config0/vmblock-only/linux/stubs.o

CC [M] /tmp/vmware-config0/vmblock-only/linux/super.o

LD [M] /tmp/vmware-config0/vmblock-only/vmblock.o

Building modules, stage 2.

MODPOST 1 modules

CC /tmp/vmware-config0/vmblock-only/vmblock.mod.o

LD [M] /tmp/vmware-config0/vmblock-only/vmblock.ko

make[1]: Leaving directory `/usr/src/kernels/2.6.23.15-137.fc8-i686'

cp -f vmblock.ko ./../vmblock.o

make: Leaving directory `/tmp/vmware-config0/vmblock-only'

The module loads perfectly in the running kernel.

Do you want networking for your virtual machines? (yes/no/help) [yes]


Configuring a bridged network for vmnet0.

Your computer has multiple ethernet network interfaces available: eth0, eth1.

Which one do you want to bridge to vmnet0? [eth0] eth1

The following bridged networks have been defined:

. vmnet0 is bridged to eth1

Do you wish to configure another bridged network? (yes/no) [no]

Do you want to be able to use NAT networking in your virtual machines? (yes/no)

[yes]

Configuring a NAT network for vmnet8.

Do you want this program to probe for an unused private subnet? (yes/no/help)

[yes]

Probing for an unused private subnet (this can take some time)...


The subnet 192.168.181.0/255.255.255.0 appears to be unused.

The following NAT networks have been defined:

. vmnet8 is a NAT network on private subnet 192.168.181.0.

Do you wish to configure another NAT network? (yes/no) [no]

Do you want to be able to use host-only networking in your virtual machines?

[yes]

Configuring a host-only network for vmnet1.

Do you want this program to probe for an unused private subnet? (yes/no/help)

[yes]

Probing for an unused private subnet (this can take some time)...

The subnet 172.16.245.0/255.255.255.0 appears to be unused.

The following host-only networks have been defined:

. vmnet1 is a host-only network on private subnet 172.16.245.0.

Do you wish to configure another host-only network? (yes/no) [no]

Trying to find a suitable vmnet module for your running kernel.

None of the pre-built vmnet modules for VMware Workstation is suitable for your

running kernel. Do you want this program to try to build the vmnet module for

your system (you need to have a C compiler installed on your system)? [yes]

Extracting the sources of the vmnet module.

Building the vmnet module.

Using 2.6.x kernel build system.

make: Entering directory `/tmp/vmware-config0/vmnet-only'

make -C /lib/modules/2.6.23.15-137.fc8/build/include/.. SUBDIRS=$PWD SRCROOT=$PWD/. modules

make[1]: Entering directory `/usr/src/kernels/2.6.23.15-137.fc8-i686'

CC [M] /tmp/vmware-config0/vmnet-only/driver.o

CC [M] /tmp/vmware-config0/vmnet-only/hub.o

CC [M] /tmp/vmware-config0/vmnet-only/userif.o

CC [M] /tmp/vmware-config0/vmnet-only/netif.o

CC [M] /tmp/vmware-config0/vmnet-only/bridge.o

CC [M] /tmp/vmware-config0/vmnet-only/filter.o

CC [M] /tmp/vmware-config0/vmnet-only/procfs.o

CC [M] /tmp/vmware-config0/vmnet-only/smac_compat.o

SHIPPED /tmp/vmware-config0/vmnet-only/smac_linux.x386.o

LD [M] /tmp/vmware-config0/vmnet-only/vmnet.o

Building modules, stage 2.

MODPOST 1 modules

CC /tmp/vmware-config0/vmnet-only/vmnet.mod.o

LD [M] /tmp/vmware-config0/vmnet-only/vmnet.ko

make[1]: Leaving directory `/usr/src/kernels/2.6.23.15-137.fc8-i686'

cp -f vmnet.ko ./../vmnet.o

make: Leaving directory `/tmp/vmware-config0/vmnet-only'

The module loads perfectly in the running kernel.

Do you want to install the Eclipse Integrated Virtual Debugger? You must have

the Eclipse IDE installed. [no]

Creating a new VMware VIX API installer database using the tar4 format.

Installing VMware VIX API.

You must read and accept the VMware VIX API End User License Agreement to

continue.

Press enter to display it.



Do you accept? (yes/no) yes

Thank you.

In which directory do you want to install the VMware VIX API binary files?

[/usr/bin]

In which directory do you want to install the VMware VIX API library files?

[/usr/lib/vmware-vix/lib]

The path "/usr/lib/vmware-vix/lib" does not exist currently. This program is

going to create it, including needed parent directories. Is this what you want?

[yes]

In which directory do you want to install the VMware VIX API document pages?

[/usr/share/doc/vmware-vix]

The path "/usr/share/doc/vmware-vix" does not exist currently. This program is

going to create it, including needed parent directories. Is this what you want?

[yes]

The installation of VMware VIX API 1.1.2 build-59824 for Linux completed

successfully. You can decide to remove this software from your system at any

time by invoking the following command: "/usr/bin/vmware-uninstall-vix.pl".

Starting VMware services:

Virtual machine monitor [ 確定 ]

Blocking file system: [ 確定 ]

Virtual ethernet [ 確定 ]

Bridged networking on /dev/vmnet0 [ 確定 ]

Host network detection [ 確定 ]

Host-only networking on /dev/vmnet1 (background) [ 確定 ]

DHCP server on /dev/vmnet1 [ 確定 ]

Host-only networking on /dev/vmnet8 (background) [ 確定 ]

DHCP server on /dev/vmnet8 [ 確定 ]

NAT service on /dev/vmnet8 [ 確定 ]

The configuration of VMware Workstation 6.0.2 build-59824 for Linux for this

running kernel completed successfully.

You can now run VMware Workstation by invoking the following command:

"/usr/bin/vmware".

Remote Desktop from Linux - rdesktop

rdesktop is an open source client runs on linux / unix with a X windows system. You can start a rdesktop session using the following command:

rdesktop -u administrator -p abc123 1.2.3.4


The look-and-feel is exactly the same with the Windows one!

To download rdesktop: http://www.rdesktop.org/

Tuesday, February 12, 2008

Route Pattern Basics


One of the first thing to learn for CUCM is the wildcards that used for route pattern. Let's learn by example:

Example 1
9.[2-9]XXXXXX
- "." - delimiter doesn't match any digits, mainly used for discarding
- "[2-9]" - range of digits from 2 to 9
- "X" - single digit between 0 and 9

Example 2
9.011!#
- "!" - one or more occurrences of digits between 0 and 9
- "#" - used to avoid interdigit timeout

Some other matching examples:
1111 - matches 1111
*1*1 - matches *1*1
12XX - matches numbers between 1200 and 1299
13[25-8]6 - matches 1326, 1356, 1366, 1376, 1386
13[^3-9]6 - matches 1306, 1316, 1326, 13*6, 13#6
13!# - matches any number that begins with 13, is followed by one or more digits, and ends with #; 135# and 13579# are example matches

Friday, February 8, 2008

Cisco IOS DHCP Server

Don't wanna get another box just for DHCP? Using your routers or switches as DHCP server might be a choice for you. :)

! Your exclude range
ip dhcp excluded-address 10.3.1.1 10.3.1.20

! Define your pool
ip dhcp pool MyPool
network 10.3.1.0 255.255.255.0
default-router 10.3.1.1
option 150 ip 10.3.1.1
dns-server 10.1.1.20

A trick if you want to restart the DHCP server:
no service dhcp
service dhcp

Configuring MGCP


A quick cheat sheet for MGCP configuration:-

3 components for MGCP
Call Agent: Control operation of gateway, usually CUCM
Endpoint: point of connection between packet network and trad phone network, usually analog lines or voice trunk lines (DS0)
Gateway: Translation between packet network and switched network, usually voice-enabled router

Configuring MGCP on Residential gateway
ccm-manager mgcp

! Call-agent is the CUCM address, at least one call-agent address is required
mgcp
mgcp call-agent 1.2.3.4

voice-port 1/0/0

voice-port 1/0/1

dial-peer voice 1 pots
application MGCPAPP
port 1/0/0

dial-peer voice 2 pots
application MGCPAPP
port 1/0/1

A destination pattern is not used because the relationship between the dial number and the port is maintained by the call agent.


Configuring MGCP on Trunk Gateway
ccm-manager mgcp

mgcp
mgcp call-agent 1.2.3.4

controller T1 1/0
frame esf
clock source internal
ds0-group 1 timeslots 1-24 type none service mgcp

controller T1 1/1
frame esf
clock source internal
ds0-group 1 timeslots 1-24 type none service mgcp

voice-port 1/0:1

voice-port 1/1:1

Instead of using application mgcpapp command in a dial peer, the service mgcp parameter is used in the ds0-group controller subcommand to identifies its the trunk endpoint with MGCP. As always, the call agent maintains the relationship between the endpoint and its address.

Monitoring and troubleshooting
show call active voice
show call history voice
show mgcp
show mgcp connection
show mgcp endpoint
show mgcp statistics
debug voip ccapi inout <- Useful as always
debug mgcp all

Darkoogle


If Darkoogle can remind you to save energy, my blog can do too! This is a Darklog, not simply a blog :)

Thursday, February 7, 2008

Paging with Communications Manager Express


A nice feature in CUCME is you can do voice broadcasting (paging) without any third party integration like Berbee. Here is a tutorial on how we do it:

telephony-service
max-dn 30 no-reg both

! Paging group configuration
ephone-dn 21
number 2021
paging ip 239.1.1.21 port 2000

ephone-dn 22
number 2022
paging ip 239.1.1.22 port 2000

ephone-dn 23
number 2022
paging ip 239.1.1.22 port 2000
paging group 21,22 ! Combined Group Paging

! Assign phones to paging group
ephone 1
paging-dn 21

ephone 2
paging-dn 21

ephone 3
paging-dn 22

ephone 4
paging-dn 22

When you make a call to paging group extension 2021, ephone 1 and ephone 2 will ring and auto-answer with speaker on. Ext 2022 is similar, ephone 3 and 4 will ring and auto-answer when somebody dials 2022. When you call the combined group paging number 2023, all 4 phones in the paging group 21 and 22 will rings, so the nested structure provides some flexibilty for you when you configure paging.

Generate your MRTG config with ease

I've written a very simple shell script to generate the MRTG config in bulk. Enjoy!

#!/bin/sh
CFGMAKER=/usr/bin/cfgmaker
MRTG=/usr/bin/mrtg

for i in sw01 sw02 sw03 rt01 rt02 rt03
do
DEV=panda-$i
$CFGMAKER --global 'WorkDir: /home/mrtg' --global 'Options[_]: bits,growright' --show-op-down --ifref=descr --ifdesc=descr --output /home/mrtg/$DEV.cfg public@$DEV
$MRTG $DEV.cfg
done

New Monster Switch - Cisco Nexus 7000




Some key points for N7K:
  • Data Center Class Switching Platform
  • Today 1.4Tbps, Scales beyond 15Tbps
  • New OS - NX-OS, a combination of IOS and SAN-OS
  • Cisco Trusted Sec enabled - link layer encryption at line rate and RBAC
  • Virtualization - Virtual Device Contexts
  • Future FCoE support
  • Unified I/O - save CapEx and OpEx - less HBA cards

Interesting Facts with N7K:
  • Download entire Wikipedia in 10ms
  • Download and transfer the entire searchable Internet in 7.5 mins
  • Send a photo to every single person on earth in 1/2 hr.
  • Transfer 5 mil concurrent Telepresence sessions

Wednesday, February 6, 2008

Enabling AutoQoS on Catalyst Switches


You can use one single command to enable QoS on your catalyst switches, and QoS will be applied to the switchports automatically.

Catalyst (config-if) # auto qos voip cisco-phone

It can achieve the following with AutoQoS macro:

  • Enforces a trust boundary at Cisco IP Phones
  • Enforces a trust boundary on Catalyst switch access ports and uplinks/downlinks
  • Enables Catalyst strict priority queuing for voice and weighted round robin queuing for data traffic
  • Modifies queue admission criteria (i.e. CoS to-queue mapping)
  • Modifies queue sizes, as well as queue weights where required
  • Modifies CoS-to-DSCP and IP precedence to-DSCP mappings

Tuesday, February 5, 2008

Tcling your IOS router

Basic TCL scripts on IOS will make your life a lot easier :)

Pre-requisites:

  • Tcl scripts must be run from tclsh, which is an EXEC mode command requiring enable access.
  • Cisco IOS 12.2(25) S or 12.3(2) T. Cisco IOS 12.3(7) T for the SNMP MIB access via Tcl.

Sample multiple host ping TCL

tclsh

foreach ip {

1.1.1.1
2.2.2.2
3.3.3.3

} {ping $ip}

Reference:
http://www.netcraftsmen.net/welcher/papers/iostcl01.html
http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801a75a7.html

Monday, February 4, 2008

IP Phone Factory Reset


This little trick can help you come across frustrating period, like the phone keeps rebooting without any reason....

Step 1 Unplug the power cable from the phone and then plug it back in.

The phone begins its power up cycle.

Step 2 While the phone is powering up, and before the Speaker button
flashes on and off,

press and hold #.

Continue to hold # until each line button flashes on and off in sequence
in amber.

Step 3 Release # and press 3491672850*#.

You can press a key twice in a row, but if you press the keys out of
sequence, the factory reset will not take place.

After you press these keys, the line buttons on the phone flash red and
the phone goes through the factory reset process.

Do not power down the phone until it completes the factory reset process
and the main screen appears.

Missing Corporate Directory under CUCME?


Remember to configure "url directories"!

Router(config)# telephony-service
Router(config-telephony)# url directories http://1.2.3.4/localdirectory

You will then see the corporate directory (actually the local directory) when you press the "directory" button!

Configure the Cisco Unified CallManager Express router for H.323 Interworking with Cisco Unified CallManager


Say if you have a CUCM running in HQ and CUCME running in branches, do you know how to link it up together? Here is an example in configuring H.323 networking between the CUCME and CUCM.

Configure a codec preference list

voice class codec 1
codec preference 1 g711ulaw
codec preference 2 g711alaw
codec preference 3 g729r8

Configure a H.323 voice class

voice class h323 1
h225 timeout tcp establish 3 ! TCP connection establishment timeout

Configure a H.323 dial peer between CUCME router and CUCM cluster

dial-peer voice 1000 voip
description VOIP to CUCM
destination pattern ^10..$
session target ipv4:192.168.1.1 ! CUCM IP address
voice-class codec 1 ! Assign Voice Codec Class to dial peer
voice-class h323 1 ! Assign H.323 voice class to dial peer
preference 1 ! This is required when multiple servers are avail in the cluster

When WAN is down, re-route the calls to CUCM over PSTN

dial-peer voice 1001 pots
description VOIP route PSTN to CUCM
destination-pattern ^10..$
preference 9 ! Lower preference than VOIP dial peer
port 0/0/1:23
prefix 1408555 ! Modify the 4 digit destination to 11 digits for PSTN access

To Verify:

show dial-peer voice summary
show dialplan number
show call active voice
show call active voice brief
show isdn status


On interface configuration, add the h323-gateway voip bind srcaddr

interface GigabitEthernet0/0.194
encapsulation dot1Q 194
ip address 192.168.3.2 255.255.255.0
h323-gateway voip interface
h323-gateway voip bind srcaddr 192.168.3.2

On CUCM, create a H.323 gateway with the IP address 192.168.3.2. Reset the gateway and try to establish the call from CUCME to CUCM

Sunday, February 3, 2008

Cisco Communications Manager Express - Class Of Restriction (COR)


You might be already very familiarize with partition and Calling Search Space in Communications Manager, but can we do similar call privileges in CUCME? Yes, COR can do the job.

The incoming COR is like having a key
The lack of an incoming COR is like having a master key that can unlock all locks

The outgoing COR is like a lock
The lack of an outgoing COR is like having no lock

Configuring Class of Restriction (COR)

Steps to configure COR:
1. Configure the class of restriction names.
2. Configure the class of restriction lists and members.
3. Assign the COR list to the dial peers.
4. Assign the COR to the ephone-dns.

1. Configuring Class of Restriction Names

dial-peer cor custom
name emergency
name local
name longdistance
name international
name hotline

2. Configuring Class of Restriction List

dial-peer cor list lobbyphone
member emergency

dial-peer cor list employeephone
member emergency
member local

dial-peer cor list salesphone
member emergency
member local
member longdistance

dial-peer cor list executivephone
member emergency
member local
member longdistance
member international

dial-peer cor list DestinationEmergency
member emergency

dial-peer cor list DestinationLocal
member local

dial-peer cor list DestinationLongDistance
member longdistance

dial-peer cor list DestinationInternational
member international

dial-peer cor list DestinationHotline
member hotline

3. Assigning COR lists to dial peers

dial-peer voice 911 pots
cor outgoing DestinationEmergency

dial-peer voice 9911 pots
cor outgoing DestinationEmergency

dial-peer voice 92 pots
cor outgoing DestinationLocal

dial-peer voice 91 pots
cor outgoing DestinationLongDistance
destination-pattern 91[2-8]

dial-peer voice 9011 pots
cor outgoing DestinationInternational

dial-peer voice 11 pots
cor outgoing DestinationLocal

dial-peer voice 9 pots
cor outgoing DestinationLocal

dial-peer voice 7777 pots
cor outgoing DestinationLocal

! Hotline Dial peer
dial-peer voice 919000 pots
description Hotline
cor outgoing DestinationHotline
destination-pattern 91900
port 0/0/1:23
forward-digits all

4. Assign COR to the Ephone-dns

ephone-dn 1
cor incoming executivephone

ephone-dn 2
cor incoming salesphone

ephone-dn 3
cor incoming employeephone

ephone-dn 4
cor incoming lobbyphone

Saturday, February 2, 2008

JSP Execute shell script

Although there is security concern to do something like this, I might say that is convenient to do something like this instead of writing lots of complicated JSP pages to do simple system tasks.

Here ya go:

String linuxCmd = "./run.sh";
Runtime rt = Runtime.getRuntime();
rt.exec(linuxCmd);




Cisco UC Manager 6 & LDAP integration

Maintaining too many user database makes your daily administration difficult. Integrating UC Manager with LDAP like Windows AD, you will find your life a lot easier when you do move, add and change.

3 screenshots and you will know how to do that:


LDAP System



LDAP Directory



Make sure the DN and User Search Base is correct.


LDAP Authentication


Cisco MeetingPlace Express 2.0 Integration with UC Manager 6


With the introduction of MeetingPlace Express 2.0, now you can collaborate using video, voice and web conference with a single box. The integration between MPE and UC is quite simple.

Step 1 Go to http://ccm-server/ccmadmin/main.asp, where ccm-server is the fully qualified domain name or IP address of the Cisco Unified CallManager server.
Step 2 Log in with your Cisco Unified CallManager administrator username and password.
Step 3 Add the gateway to the Cisco Unified CallManager database by completing the following actions:
a. Click Device > Gateway.
b. In the top right corner, click Add a New Gateway.
c. Select the H.323 Gateway type.

d. Select the H.225 device protocol.
e. Click Next.


Step 4 Add the route pattern to the Cisco Unified CallManager database by completing the following actions:
a. Click Route Plan > Route/Hunt > Route Pattern.
b. In the top right corner, click Add a New Route Pattern.

Step 5 Log in to Cisco Unified MeetingPlace Express and click Administration.
Step 6 Click System Configuration > Call Configuration > H.323 Configuration.


Step 7 Click System Configuration > Call Configuration > Dial Configuration.


Step 8 For external directory authentication, firstly create an application user mpexal from Communications Manager.


Step 9 Make sure you have the “Standard AXL API access” role.


Step 10 Create new user group “Standard AXL User”, and assign the “Standard AXL API Access” role to this group.


Step 11 Log in to Cisco Unified MeetingPlace Express and click Administration.
Step 12 Click System Configuration > Usage Configuration.



Step 13 To allow scheduling a video meeting, you have to enable it from either user profile settings or user group settings.

Then you will see video options in the schedule meetings page:

Cisco UC Manager 6 & Presence Server 6 Integration


The UC 6 and CUP 6 integration is pretty simple and straight forward. I have made a simple step-by-step guide, and hopefully it can help you guys.

1. Configure default inter-presence group subscription service parameter
a. CUCM > System > Service Parameter
b. select your CCM server
c. select service "Cisco CallManager"
d. configure the “Default inter-presence group subscription” service parameter to "Allow Subscription" (Default is Disable Subscription)

2. Configure default non Secure SIP Trunk Security Profile (this is used for a SIP trunk to CUPS for data information exchanged between the 2 servers only)
a. System > Security Profile > SIP Trunk Security Profile
b. Click "Find"
c. Select the "Non Secure SIP Trunk Profile"
d. check "Accept Presence Subscription" (Default Uncheck)
e. check "Accept Out-of-Dialog Refer" (Default Uncheck)
f. check "Accept Unsolicited Notification" (Default Uncheck)
g. check "Accept Replaces Header" (Default Uncheck)
h. Click “Save” to save your changes.

3. Configuring your CUPS as application server
a. System > Application Server
b. Click “Add New”
c. Select “Cisco Unified Presence Server” as the Application Server Type
d. Click “Next”
e. Enter CUPS hostname (e.g. cup6)
f. Click “Save”

4. Configure a SIP trunk between CUCM and CUPS
a. Device > Trunk
b. Click “Add New”
c. Set "Trunk Type" to "SIP Trunk", “Device Protocol” to "SIP"
d. Configure a Device Name with the IP address of the CUP server
e. Select Default Device Pool
f. Set “Destination Address” equal to the CUP FQDN under “SIP Information”
g. Set “SIP Trunk Security Profile” equal to “Non Secure SIP Trunk Profile”
h. Set “SIP Profile” equal to “Standard SIP Profile”
i. Click “Save”

5. Add a new CUPC on CUCM
a. Device > Phone
b. Add New
c. Select “Cisco Unified Personal Communicator”
d. Set device name to "UPCJACKIECHAN" if the username is "JACKIECHAN"
e. Device Pool > Default,
f. Device Security Profile > Cisco Unified Personal Communicator – Standard Security Profile
g. SIP profile > Standard SIP Profile
h. Save
i. Add DN 4002 to line 1
j. Save

6. Configure your group's End users and hard phone association (Assuming there is no LDAP authentication is used here)
a. User Management > End User
b. Add New
c. Set the User ID to jackiechan
d. Set Password to Cisco
e. Set PIN to 12345
f. Configure a Digest Credentials and Confirm Digest Credentials with "cisco"
g. Click Save
h. Click Device Association
i. Select the hard phone and CUPC for that user
j. Click "Save Selected Changes"
k. Click "Back to Users" at the top right hand corner
l. Enable "Allow Control of Device from CTI"
m. Set Primary Extension to your primary extension from the dropdown box
n. Save
o. Add your user to the User Group "Standard CCM End Users" and "Standard CTI Enabled"
p. System > Licensing > Capabilities Assignment > Find
q. Enable UPS, Enable UPC for the users