Monday, March 31, 2008

A couple of good advice for Cisco CCIE Lab first taker

Found 2 good links on Netpro forum for CCIE lab first taker:

LAB VISIT - Good Advice !!! (Part 1)
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Career%20Certifications&topic=Certifications&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1dd6c507

Quoted from the link:

I recently visited RTP's CCIE Lab. I strongly recommend making the visit before your first time at a test site. Knowing the route, the building and speaking with one of the proctors who answered many questions helps. This has been reviewed by someone at Cisco (so no fear of NDA violation) I hope this info is helpful.

How do I access the rack?
- RTP's desks are located right next to the open rack. It's reassuring to see physical layout & cabling, but DO NOT TOUCH. I wasn't told this, but common sense that candidates keep hands off. If you think there's a problem with connections or the equipment, tell proctor immediately, and leave it to them. If there's a problem, they'll work with you, but if you mess with the equipment' Just Don't Touch.
- The PC can telnet to a comm sever (looked like 25xx) pre-configured to access your rack. A good thing about this: keep several telnet windows open (using Secure CRT) without need to 'CTRL-SHIFT-6, x' between sessions.

What version of the Doc CD is used?
- RTP has filtered access to online documentation site: http://www.cisco.com/univercd/home/home.htm. The search page, HW & SW docs and any link that starts with http://www.cisco.com/univercd/ will work, but some of CCO (white papers & tech notes) are blocked.

What's the desk like? (may vary by site)
- Desks are roughly 48'x30', with low cubicle wall on 3 sides.
- RTP uses 17' CRT's with the res locked down (1280x1024, I think)
- Keyboards are std 104-key keyboards like this one: http://www.execgroup.net/images/IBMkey.jpg
- There's no way to save files; if you use notepad for copy/paste, you can't save file.
- No printers, you can't print configs or debug/show output to review or make notes on.

What materials are provided or allowed?
- White, ltr-size copy paper is provided; you're started with 2 sheets, but proctor will provide as needed.
- Absolutely no outside items are permitted in the lab. Several pencils, of various colors, are provided. No pens, pencils, markers or highlights are allowed to be brought into the lab.
- No notebooks, pads, paper, Post-it notes or flags are allowed in the lab.
- There are no lockers to keep personal items during the exam, so leave everything home or in car.

LAB VISIT - Good Advice !!! (Part 2)
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Career%20Certifications&topic=Certifications&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1dd6c509

Quoted from the link:

I recently visited RTP's CCIE Lab. I strongly recommend making the visit before your first time at a test site. Knowing the route, the building and speaking with one of the proctors who answered many questions helps. This has been reviewed by someone at Cisco (so no fear of NDA violation) I hope this info is helpful.

What about the exam booklet?
- The exam is in a 3-ring binder, with diagrams and test enclosed in sheet protectors. You may take pages out of the binder, but are not permitted to remove the paper from the protector.
- Any writing directly on the sheet protector, or the paper itself will result in DISQUALIFICATION and one year ban from the test, (other violations provide for up to a lifetime ban http://www.cisco.com/en/US/learning/le3/ccie/exam/violation_rules.html)

Time / breaks
- Start time is practically written in stone. Don't be late, a briefing is done as a group, everyone starts at the same time. If you arrive late, you will have less than 8 hours to finish the lab.
- There is a wall clock (matches PC's clock) Based on time proctor started the exam, end time will be written on a white-board.
- The lunch break is 20-30 minutes, (proctor will give a 5 min warning) Lunch is from a local catering company, if you have food requirements, you may be best off bagging it. Beverages may be brought to the desk, but be careful.
- The proctor will provide a warning about 15 min before the end of the lab (helpful for those candidates who have completely zoned, and may have lost track of the time.)

Comments
- Provide comments and descriptions in the config at least where required by the exam. Additional remarks may be personally helpful, but if you are trying to explain why you chose one feature or command over any other, remember that scoring depends only on whether an objective was met, not how, so the comments will not sway the proctor's scoring.

Good exam strategy:
- Review the entire test before doing any configurations
- Group questions by comfort level, and knock out the sections you know very well, followed by sections you think you know, then sections you need to refer to documentation for. This will help you get the more points up front, instead of missing out on them by running out of time.
- Save configurations often throughout the exam bugs and power glitches can spoil an exam (BTW - it's a myth that the proctors start their grading by power cycling the rack, but why take the chance ' SAVE OFTEN!)




Virtual Switching System (VSS) Conversion

IOS: 12.2(33)SXH1

The conversion process involves 4 steps:

1. Configure Virtual Switch Domain and desingate each switch as either Switch 1 or Switch 2
2. Configure priority
3. Configure Virtual Switching Links (VSL)
4. Execute the Conversion command after which the switches will reload

Configure the Virtual Switch Domain
The virtual switch domain is a grouping of 2 members of VSS with an ID from 1-255, which both members must match this number in the virtual switch domain.

On switch 1:
sw1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
sw1(config)#switch virtual domain 1
Domain ID 1 config will take effect only
after the exec command 'switch convert mode virtual' is issued
sw1(config-vs-domain)#switch 1
sw1(config-vs-domain)#

On switch 2:
sw2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
sw2(config)#switch virtual domain 1
Domain ID 1 config will take effect only
after the exec command 'switch convert mode virtual' is issued
sw2(config-vs-domain)#switch 2
sw2(config-vs-domain)#


Configure Priority
Higher priority node will assume active virtual switch, similar to HSRP.

On Switch 1:
sw1(config-vs-domain)#switch 1 priority 110
sw1(config-vs-domain)#switch 2 priority 100

On Switch 2:
sw2(config-vs-domain)#switch 1 priority 110
sw2(config-vs-domain)#switch 2 priority 100


Configuring VSL

On Switch 1:
sw1(config)#interface port-channel 1
sw1(config)#no shut
sw1(config-if)#switch virtual link 1
sw1(config-if)#exit
sw1(config)#interface range tenGigabitEthernet 1/4 - 5
sw1(config-if-range)#no shut
sw1(config-if-range)#channel-group 1 mode on
sw1(config-if-range)#^Z

On Switch 2:
sw2(config)#int port-channel 2
sw2(config-if)#no shut
sw2(config-if)#switch virtual link 2
sw2(config-if)#exit
sw2(config)#interface range tenGigabitEthernet 1/4 – 5
sw2(config-if-range)#no shut
sw2(config-if-range)#channel-group 2 mode on
sw2(config-if-range)#^Z

Executing Conversion

On Switch 1:
sw1#switch convert mode virtual
This command will convert all interface names
to naming convention "interface-type switch-number/slot/port",
save the running config to startup-config and
reload the switch.
Do you want to proceed? [yes/no]: yes
Converting interface names
Building configuration...

On Switch 2:
sw2#switch convert mode virtual
This command will convert all interface names
to naming convention "interface-type switch-number/slot/port",
save the running config to startup-config and
reload the switch.
Do you want to proceed? [yes/no]: yes
Converting interface names
Building configuration...

You will see these output on the switch processor during reload:
Switch 1:
Initializing as Virtual Switch active

Switch 2:
Initializing as Virtual Switch standby

After reload, switch 2's console is no longer available:
sw1-sdby>
Standby console disabled
sw1-sdby>
Standby console disabled

One last step to complete the conversion:

sw1#switch accept mode virtual
This command will bring in all VSL configurations from the standby switch and populate
it into the running configuration. In addition the startup configurations will be updated with
the new merged configurations.
Do you want proceed? [yes/no]: yes
Merging the standby VSL configuration. . .
Building configuration...
[OK]






Sunday, March 30, 2008

Cisco Telepresence Discussion on Climate Change

Nobel Laureate Al Gore and Cisco CEO John Chambers host a virtual discussion on Climate Change and Technology Innovation via Cisco TelePresence








Saturday, March 29, 2008

While.....do.....done

This is one of my most frequently use iteration statement when I want to poll something and view something.

Let me give you a stupid example:

[root@panda ~]# while true; do date; sleep 5; done
Sat Mar 29 18:36:06 PDT 2008
Sat Mar 29 18:36:11 PDT 2008


Thursday, March 27, 2008

QR Code


Playing with QR code, pretty interesting and I can see lots of opportunities with this 2D bar code technology.

Some resources to share:

Online QR-Code Generator (Encoder)
http://qrcode.kaywa.com/

Online QR-Code Decoder
http://zxing.org/w/decode.jspx

ZXing (Zebra Crossing) - Java QR Code API
http://code.google.com/p/zxing/

I'm using QuickMark on my Dopod D810 for QR code photo decoding:
http://www.quickmark.com.tw




Tuesday, March 25, 2008

Conferencing Resources


A very usual question from people is, how many conference can I have, and how many parties can join a conference. Let me summarize below:

For Single-mode conference (G.711)
- PVDM - maximum 6 parties per conference
- ISR/PVDM2 - maximum 8 parties per conference
- WS-X6608 - maximum 16 parties per conference
- IPVMS - maximum 48 parties per conference
- CMM/ACT - maximum 64 parties per conference

For PVDM2, max 8 parties are allowed per conference, and 8 conferences are allowed per DSP. For using IPVMS in CUCM, maximum 48 parties are allowed per conference.

These are all G.711 values.

For example, if I have a PVDM2-16 = 2 DSPs = 2 x 8 conferences = max 16 conferences x 8 participants = 128 conference parties.

Max no. of conference per domain is 50 with 400 participants because of HW / IO limitation.

For mixed-mode conference (G.711 + G.729a)
- 2 conferences per DSP and 8 participants per conference.

SMTP server troubleshooting with mail commands

The very first step for SMTP server troubleshooting is to telnet to the smtp server 25/tcp, and issue mail commands see if it is functioning properly.

Here is an example:


NetBIOS name lookup with nmblookup

nmblookup is a handy tool to lookup the NetBIOS name information on your network. If you want to check the NetBIOS name of 1.2.3.4:

# nmblookup -A 1.2.3.4
Looking up status of 1.2.3.4
PANDAEATSBAMBOO <00> - B
PANDAEATSBAMBOO <20> - B
WORKGROUP <00> - B
WORKGROUP
<1e> - B

And you can do a reverse lookup as well.

# nmblookup pandaeatsbamboo
querying desktop on 1.2.3.255
1.2.3.4 pandaeatsbamboo <00>

Build your own RPM package

I'm sure you don't want to build the software from source for 200 servers in your server farm. You want to do it in a smarter way. Build your own rpm and distribute to your servers is certainly smarter and faster.

I'm using my home directory /home/panda to build the rpm. Firstly, please create the folders in the following structure:

/home/panda/rpm
BUILD RPMS SOURCES SPECS SRPMS

/home/panda/rpm/RPMS
athlon i386 i486 i586 i686 noarch

Put your source code tar ball in the SOURCES directory.

Create .rpmmacros in user home directory /home/panda, with the following text in your macro file:

%_topdir /home/panda/rpm

Then put your spec file in the SPECS folder, run rpmbuild and get a cup of coffee.

rpmbuild -ba rpm/SPECS/bamboo.spec

OpenSSL Cheatsheet

A. Generate your own CA

openssl req –x509 –days 1460 –newkey rsa:2048 –keyout ca-key.pem –out ca-crt.pem


Show Certificate Properties

openssl –x509 –in crt.pem –noout –text


Change Certificate to binary DER format

openssl –x509 –in ca-crt.pem –outform DER –out ca-crt.der


B. Generate a host certificate


Make the private key and CSR

openssl req –newkey rsa:1024 –keyout host-key.pem –out host-csr.pem


Sign the CSR by CA

If you have want to sign by the root CA specified in openssl.cnf,

openssl ca –in host-csr.pem –days 365 –out host-crt.pem –notext



Otherwise,

openssl x509 -req -days 365 -in host-csr.pem -CA ca-crt.pem -CAkey ca-key.pem -CAcreateserial -out host-crt.pem


Export the certificate and the private key to PKCS#12 format

openssl pkcs12 –export –inkey host-key.pem \

-in host-crt.pem –name “panda” \

-certfile ca-crt.pem –caname “Panda CA” \

-out host-crt.p12


C. Another way to make the host certificate

1. openssl genrsa –des3 –out new-key.pem 1024
2. openssl req –new –days 3650 –key new-key.pem –out new-csr.pem
3. openssl ca –in new-csr.pem –keyfile ./demoCA/private/ca-key.pem –cert ./demoCA/ca-crt.pem –out new-crt.pem


D. Extract keys and cert from PKCS#12

openssl pkcs12 –in my-crt.p12 –clcerts –nokeys –out usr-crt.pem

openssl pkcs12 –in my-crt.p12 –nocerts –out usr-key.pem


E. Print out certificate hash value

openssl x509 -hash -noout –in ca-crt.pem




Installing Cinelerra on Fedora Core 8

Cinelerra is a powerful open source video editing software running on Linux. It is included in the Freshrpms repository, and the easiest wa to install is to include the repository in the yum configuration.

rpm -Uvh http://ftp.freshrpms.net/pub/freshrpms/fedora/linux/6/freshrpms-release/freshrpms-release-1.1-1.fc.noarch.rpm

yum -y install cinelerra

Monday, March 24, 2008

Protecting your STP root switch

You can enable STP root guard feature on your STP root switch to protect the integrity. Should the STP root receive a superior BPDU, means another device wants to take over the STP root role, then the active STP root will place that port into a root inconsistent state and disable the port. This protects the STP root role from being accidentally or intentionally taken away.

SW1(config-if)# spanning-tree guard root

Suggested to enable this feature on all appropriate interfaces on the root switch.

Implementing Port Security

Port Security is used when you want to secure fixed host ports from being used by other device.

For all static devices like servers, printers etc, you can lock it down by using port security, and when somebody attempts to use the link connect another device into the network.

SW1(config-if)# switchport port-security mac-address 0011.2233.4455


Only device with MAC address 0011.2233.4455 is allowed to access that switch port.

Besides, you can limit the number of devices that can be seen on a given switch port. It is useful in protecting the switch from a MAC flooding attack. A MAC flooding attack works by sending random MAC addresses into the switch in an attempt to fill the L2 forwarding table. Address learning will stop until space is freed up in the table and the switch will have to flood all the traffic destined to the yet-to-learnt MAC addresses. Hackers could then exploit this extra flooding and use a sniffer to collect all the data flooded in his VLAN.

SW2(config-if)# switchport port-security maximum 10

It limits the given port from learning more than 10 MAC addresses.

Configuring Remote SPAN

Remote SPAN allows source ports and destination ports to be located on different switches. It uses a SPAN VLAN to transmit a copy of span data from source across the network to destination. You have to define and allow the SPAN VLAN in all network devices in the path.

1. Firstly, create a VLAN on each network switches in the path:
SW1(config)# vlan 456
SW1(config-vlan)# remote-span


VLAN 456 is a remote span VLAN.

2. Setup the SPAN destination port, which is where the sniffer plugged to.

SW1(config)# monitor session 1 source remote vlan 456
SW1(config)# monitor session 1 destination interface gi4/1


3. If you want to monitor the host on SW2 port gi5/10 , the RSPAN session could be completed as follows:

SW2(config)# monitor session 1 source interface gi5/10
SW2(config)# monitor session 1 destination remote vlan 456

Saturday, March 22, 2008

Upgrading Cisco Aironet AP from autonomous to lightweight

If you are using 1130AG or 1240AG access points, congratulations you can upgrade from autonomous to lightweight.

For all IOS-based 1200 series modular access point (1200/1220 Cisco IOS Software Upgrade, 1210 and 1230 AP) platforms, it depends on the radio:

–if 802.11G, MP21G and MP31G are supported

–if 802.11A, RM21A and RM22A are supported

The 1200 series access points can be upgraded with any combination of supported radios: G only, A only, or both G and A.

Do a "show controllers" command to see which radio chipset you are using.

http://www.cisco.com/en/US/docs/wireless/access_point/conversion/lwapp/upgrade/guide/lwapnote.html

Friday, March 21, 2008

Data Center of the future with Cisco Nexus 7000




Smallest Linux computer


Picotux...worlds smallest computer

The picotux 100 is the world's smallest Linux computer, only slightly larger (35mm×19mm×19mm) than an RJ45 connector.

Cisco Unified Personal Communicator Demo Video

A simple but great demonstration on CUPC on MAC.

Cisco Hospital of the Future - Palomar West

Second Life 'machinima' movie shows a simulation of a Cisco Connected Health hospital campus, Palomar West due to open in San Diego, California, in 2011.




Tuesday, March 18, 2008

Configuration Example for WAE deployment #2 - 2 legs scenario

Another very common scenario is you only have 2 interfaces available on the routers, one for LAN and one for WAN connections. Your LAN facing interface is running dot1q with both LAN and WAE subnets in it.

Router configuration
!
version 12.4
!
hostname Router
!
!
ip wccp 61
ip wccp 62

!
ip cef
!
ip domain name pandaeatsbamboo.com
!
!
interface FastEthernet0/0
no ip address
duplex full
speed 100

!
!
!
interface FastEthernet0/0.10
description “To Local Area Network”
encapsulation dot1Q 10
ip address 1.1.1.1 255.255.255.0
ip wccp 61 redirect in
ip wccp 62 redirect out

!
!
!
interface FastEthernet0/0.11
description “To Cisco WAE Appliance”
encapsulation dot1Q 11
ip address 2.2.2.1 255.255.255.0
ip wccp redirect exclude in
!
!
interface Serial0
description "To Wide Area Network"
ip address 3.3.3.1 255.255.255.0
!
end


WAE Configuration

! WAAS version 4.0.0
!
device mode application-accelerator
!
hostname WAE
!
clock timezone PST -8 0
ip domain-name pandaeatsbamboo.com
!
primary-interface GigabitEthernet 1/0
!
!
interface GigabitEthernet 1/0
ip address 2.2.2.2 255.255.255.0
no autosense
bandwidth 100
full-duplex

exit
interface GigabitEthernet 2/0
shutdown
exit
!
ip default-gateway 2.2.2.1
!
ip name-server 1.1.1.123
!
wccp version 2
wccp router-list 1 2.2.2.1
wccp tcp-promiscuous router-list-num 1

!
cdm ip 1.1.1.10
cms enable
!
policy-engine application

Configuration Example for WAE deployment #1 - 3 legs scenario


This configuration example is useful when your WAE is attached to a dedicated router interface.

Router configuration
!
version 12.4
!
hostname R1
!
!
ip wccp 61
ip wccp 62
!
ip cef

!
ip domain name pandaeatsbamboo.com
!
!
interface FastEthernet0/0
description "To Local Area Network"
ip address 1.1.1.1 255.255.255.0
ip wccp 61 redirect in
duplex full
speed 100

!
interface FastEthernet0/1
description “To Cisco WAE Appliance”
ip address 2.2.2.1 255.255.255.0
duplex full
speed 100

!
interface Serial0
description “To Wide Area Network”
ip address 3.3.3.1 255.255.255.0
ip wccp 62 redirect in
!
end


WAE Configuration

! WAAS version 4.0.0
!
device mode application-accelerator
!
hostname WAE
!
clock timezone PST -8 0
ip domain-name pandaeatsbamboo.com
!
primary-interface GigabitEthernet 1/0
!
!
interface GigabitEthernet 1/0
ip address 2.2.2.2 255.255.255.0
no autosense
bandwidth 100
full-duplex

exit
interface GigabitEthernet 2/0
shutdown
exit
!
ip default-gateway 2.2.2.1
!
ip name-server 1.1.1.123
!
wccp version 2
wccp router-list 1 2.2.2.1
wccp tcp-promiscuous router-list-num 1

!
cdm ip 1.1.1.10
cms enable
!
policy-engine application

Share clipboard and map network drive on rDesktop

I've introduced rDesktop as a remote desktop tools on Linux last month:

http://pandaeatsbamboo.blogspot.com/2008/02/remote-desktop-from-linux-rdesktop.html

Let me give you one more useful example on rDesktop. If you want to share your clipboard with the destination hosts, and map your local drive as your server's network drive.

Share clipboard and map network drive
rdesktop -u administrator -r clipboard:PRIMARYCLIPBOARD -r disk:panda=/home/panda 1.2.3.4

With this you are able to share the clipboard and drive with your remote desktop destination PC.


Monday, March 17, 2008

Iperf - bandwidth measuring tools

iPerf is a very useful tool to measure network performance. It requires a server host (receiving traffic) and a client host (sending traffic) for measurement.

Example:

UDP Server (5001/udp):
iperf -s -u -i 1

UDP Client pumping 80Mbps traffic to server 1.2.3.4:
iperf -c 1.2.3.4 -u -b 80m -i 1

http://www.dast.nlanr.net/Projects/Iperf/

Saturday, March 15, 2008

CUCME-SRST Cheatsheet



Starting from CUCME 4.0, it provides fallback functionality to IP phones that are registered to CUCM, just like SRST, but provide more robust features like B-ACD during the fallback mode.

Some of the key points for CME-SRST mode:
  • First supported with CME 4.0 – IOS 12.4(4)XC
  • IP phones re-home to CME in event of CallManager failure & have access to advanced CME telephony features
  • Support for up to 240 ephones
  • No support for Vg248 registration during fallback
  • Lack of support for “alias” command
  • Support for Cisco Unity at remote sites (Distributed Exchange/Domino)
  • Pickup Groups, Hunt Groups, B-ACD, Call Park,Softkey templates, paging
  • Support for CIPC 2.0 with VTA 2.0 on same computer
  • No support for secure voice in SRST mode
  • Requires more complex configuration
An iPhone app for CME Config Generation:
http://itunes.apple.com/us/app/cme-config-generator/id453025819?ls=1&mt=8

The call-manager-fallback command, which is used to configure Cisco Unified SRST, cannot be used on a router that is configured for Cisco Unified CME

Sample Configuration:
telephony-service
srst mode auto-provision all
srst ephone template 1
srst ephone description CCME-SRST MODE : Oct 31 2006 19:00:20 : Nov 01 2006 00:31:17
srst dn template 1
srst dn line-mode dual
max-ephones 144
max-dn 288
ip source-address 1.4.19.1 port 2000
max-conferences 8 gain -6
transfer-system full-consult
create cnf-files version-stamp Jan 01 2002 00:00:00

SIP Trunking Configuration for CME and CUE


Let's put up a complete configuration for CME and CUE, with SIP trunking to SP and between CME and CUE.

enable

!

clock read-calendar

!

config t

logging console

!

ftp-server enable

ftp-server topdir flash:

!

alias exec cue service-module service-engine 0/0 session

!

hostname Cisco-CME

!

enable secret cisco

!

clock timezone GMT -7

clock summer-time GMT recurring

!

!**********************************************************

!** Voice Class and Service VoIP Configuration **

!**********************************************************

!

voice class codec 1

codec preference 1 g711ulaw ß A list of preferred codecs can be configured

!

voice service voip

allow-connections sip to sip ß Allows SIP line-side to SIP trunk call flows

sip

localhost dns:abc.sip.net

registrar server expires max 3600 min 3600 ß Allows CME to accept SIP registrations

!

!**********************************************************

!** DHCP Configuration for Voice Vlan **

!**********************************************************

!

ip dhcp excluded-address 10.10.10.1 10.10.10.10

!

ip dhcp pool phone ß DHCP config for IP phones to be connected to the CME

network 10.10.10.0 255.255.255.0

default-router 10.10.10.1

option 150 ip 10.10.10.1

!

!**********************************************************

!** DHCP Configuration for Data Vlan **

!**********************************************************

!

ip dhcp excluded-address 192.168.10.1 192.168.10.10

!

ip dhcp pool data ß DHCP config for data terminals to be connected to the CME

network 192.168.10.0 255.255.255.0

default-router 192.168.10.1

!

ip domain name abc.sip.net ß DNS configuration

ip name-server 25.12.10.202

!

!**********************************************************

!** COR Configuration **

!**********************************************************

!

!

! COR members

!

dial-peer cor custom

name internal

name local

name domestic

name international

name 900

name 976

!

! COR list

!

!

dial-peer cor list call-internal

member internal

!

dial-peer cor list call-local

member local

!

dial-peer cor list call-domestic

member domestic

!

dial-peer cor list call-international

member international

!

dial-peer cor list call-900

member 900

!

dial-peer cor list call-976

member 976

!

! COR list for user with permission=internal

!

dial-peer cor list user-internal

member internal

!

! COR list for user with permission=local

!

dial-peer cor list user-local

member local

member internal

!

! COR list for user with permission=domestic

!

dial-peer cor list user-domestic

member domestic

member local

member internal

!

! COR list for user with permission=international

!

dial-peer cor list user-international

member international

member domestic

member local

member internal

!

! COR list for user with permission=internal/900/976

!

dial-peer cor list user900-internal

member 900

member 976

member internal

!

! COR list for user with permission=local/900/976

!

dial-peer cor list user900-local

member 900

member 976

member local

member internal

!

! COR list for user with permission=domestic/900/976

!

dial-peer cor list user900-domestic

member 900

member 976

member domestic

member local

member internal

!

! COR list for user with permission=international/900/976

!

dial-peer cor list user900-international

member 900

member 976

member international

member domestic

member local

member internal

!

!**********************************************************

!** VOICE PORTS and POTS DIAL PEER Configuration **

!**********************************************************

!

voice-port 0/0/0

connection plar opx 601

caller-id enable

!

voice-port 0/0/1

connection plar opx 601

caller-id enable

!

dial-peer voice 1 pots

description ** FXO pots dial-peer **

destination-pattern 8911

forward-digits 3

port 0/0/0

!

dial-peer voice 2 pots

description ** FXO pots dial-peer **

corlist outgoing call-local

destination-pattern 8.......

port 0/0/0

!

dial-peer voice 3 pots

description ** FXO pots dial-peer **

corlist outgoing call-domestic

destination-pattern 81..........

port 0/0/0

!

dial-peer voice 4 pots

description ** FXO pots dial-peer **

corlist outgoing call-international

destination-pattern 8011T

port 0/0/0

!

dial-peer voice 5 pots

description ** FXO pots dial-peer **

corlist outgoing call-900

destination-pattern 81900.......

port 0/0/0

!

dial-peer voice 6 pots

description ** FXO pots dial-peer **

corlist outgoing call-976

destination-pattern 81976.......

port 0/0/0

!

dial-peer voice 7 pots

description ** FXO pots dial-peer **

destination-pattern 8911

forward-digits 3

port 0/0/1

!

dial-peer voice 8 pots

description ** FXO pots dial-peer **

corlist outgoing call-local

destination-pattern 8.......

port 0/0/1

!

dial-peer voice 9 pots

description ** FXO pots dial-peer **

corlist outgoing call-domestic

destination-pattern 81..........

port 0/0/1

!

dial-peer voice 10 pots

description ** FXO pots dial-peer **

corlist outgoing call-international

destination-pattern 8011T

port 0/0/1

!

dial-peer voice 11 pots

description ** FXO pots dial-peer **

corlist outgoing call-900

destination-pattern 81900.......

port 0/0/1

!

dial-peer voice 12 pots

description ** FXO pots dial-peer **

corlist outgoing call-976

destination-pattern 81976.......

port 0/0/1

!

!**********************************************************

!** Internet Connection Configuration **

!**********************************************************

!

interface FastEthernet0/0

description ** DHCP Client mode **

no ip address

ip address dhcp

ip nat outside

no shutdown

!

!**********************************************************

!** Define QoS policy Configuration **

!**********************************************************

!

class-map match-all L3-to-L2_VoIP-Cntrl

match ip dscp af31

class-map match-all L3-to-L2_VoIP-RTP

match ip dscp ef

!

policy-map output-L3-to-L2

class L3-to-L2_VoIP-RTP

set cos 5

class L3-to-L2_VoIP-Cntrl

set cos 3

!

class-map match-all SIP

match protocol sip

class-map match-all RTP

match protocol rtp

!

policy-map EthOut

class RTP

!

interface FastEthernet 0/1

no ip address

no ip mroute-cache

shutdown

!

!**********************************************************

!** Voice and data VLAN subinterfaces to external switch **

!**********************************************************

!

interface FastEthernet 0/1.200

description ** Data VLAN **

encapsulation dot1Q 200 native

ip address 192.168.10.1 255.255.255.0 ß Data VLAN config for data terminals/PC’s

service-policy output output-L3-to-L2

no shutdown

!

interface FastEthernet 0/1.100

description ** Voice VLAN **

encapsulation dot1Q 100

ip address 10.10.10.1 255.255.255.0 ß Voice VLAN config for IP phones

service-policy output output-L3-to-L2

no shutdown

!

!**********************************************************

!** HTTP server Configuration **

!**********************************************************

!

ip http server

ip http authentication local

ip http path flash:

ntp master

!

!**********************************************************

!** TFTP server Configuration **

!**********************************************************

!

tftp-server flash:P00307020200.sbn

tftp-server flash:P00307020200.bin

tftp-server flash:P00307020200.sbn ß IP phone binaries should be downloaded to router’s flash

tftp-server flash:P00307020200.bin

tftp-server flash:CP7912060000SCCP050124A.sbin

tftp-server flash:music-on-hold.au ß Allows Music on Hold when SCCP phone presses “Hold”

!

!**********************************************************

!** SIP Trunk Configuration **

!**********************************************************

!

dial-peer voice 100 voip

description ** Incoming call from SIP trunk **

translation-profile incoming CUE_Incoming

session protocol sipv2

session target sip-server

incoming called-number .% ß Dial-peer for inbound calls from Service Provider

voice-class codec 1 Uses CUE_Incoming profile to translate the DID

voice-class sip dtmf-relay force rtp-nte # of CUE to the local extension cfgd for CUE.

dtmf-relay rtp-nte ß RFC-2833 to be used for all inbound calls from SIP Trunk

ip qos dscp cs5 media

ip qos dscp cs4 signaling

no vad ß Disables Voice Activity Detection on inbound calls

!

dial-peer voice 101 voip

description ** Outgoinging call to SIP trunk **

translation-profile outgoing PSTN_Outgoing ß

destination-pattern 9....... ß 7-digit dialing for outbound calls to SP

voice-class codec 1 ß Follow the list of preferred codecs cfgd under “voice class codec 1”

voice-class sip dtmf-relay force rtp-nte

session protocol sipv2

session target sip-server ß SIP messages will be sent to the “sip-server” cfgd under “sip-ua” --->

dtmf-relay rtp-nte ß RFC-2833 to be used for all outbound calls matching this dial-peer

ip qos dscp cs5 media

ip qos dscp cs4 signaling

no vad

!

dial-peer voice 102 voip

description ** Outgoinging call to SIP trunk **

translation-profile outgoing PSTN_Outgoing

destination-pattern 8[2-9]..[2-9]......

voice-class codec 1

voice-class sip dtmf-relay force rtp-nte

session protocol sipv2

session target sip-server

dtmf-relay rtp-nte

ip qos dscp cs5 media

ip qos dscp cs4 signaling

no vad

!

dial-peer voice 103 voip

description ** Outgoinging call to SIP trunk **

translation-profile outgoing PSTN_Outgoing

destination-pattern 8[0-1][2-9]..[2-9]......

voice-class codec 1

voice-class sip dtmf-relay force rtp-nte

session protocol sipv2

session target sip-server

dtmf-relay rtp-nte

ip qos dscp cs5 media

ip qos dscp cs4 signaling

no vad

!

dial-peer voice 104 voip

description ** 911 outgoinging call to SIP trunk **

translation-profile outgoing PSTN_Outgoing

destination-pattern 911

voice-class codec 1

voice-class sip dtmf-relay force rtp-nte

session protocol sipv2

session target sip-server

dtmf-relay rtp-nte

ip qos dscp cs5 media

ip qos dscp cs4 signaling

no vad

!

dial-peer voice 105 voip

description ** emergency outgoinging call to SIP trunk **

translation-profile outgoing PSTN_Outgoing

destination-pattern 8911

voice-class codec 1

voice-class sip dtmf-relay force rtp-nte

session protocol sipv2

session target sip-server

dtmf-relay rtp-nte

ip qos dscp cs5 media

ip qos dscp cs4 signaling

no vad

!

dial-peer voice 106 voip

description ** 911/411 outgoinging call to SIP trunk **

translation-profile outgoing PSTN_Outgoing

destination-pattern 8[2-9]11

voice-class codec 1

voice-class sip dtmf-relay force rtp-nte

session protocol sipv2

session target sip-server

dtmf-relay rtp-nte

ip qos dscp cs5 media

ip qos dscp cs4 signaling

no vad

!

dial-peer voice 107 voip

description ** International outgoinging call to SIP trunk **

translation-profile outgoing PSTN_Outgoing

destination-pattern 8011T

voice-class codec 1

voice-class sip dtmf-relay force rtp-nte

session protocol sipv2

session target sip-server

dtmf-relay rtp-nte

ip qos dscp cs5 media

ip qos dscp cs4 signaling

no vad

!

dial-peer voice 108 voip

description ** star code to SIP trunk **

destination-pattern *..

voice-class codec 1

voice-class sip dtmf-relay force rtp-nte

session protocol sipv2

session target sip-server

dtmf-relay rtp-nte

ip qos dscp cs5 media

ip qos dscp cs4 signaling

no vad

!

!

!**********************************************************

!** SIP UA Configuration **

!**********************************************************

!

sip-ua

authentication username cisco password cisco ß SIP Trunk authentication with SP’s network

registrar dns:abc.sip.net expires 3600 ß CME will send SIP registrations to this address

sip-server dns:abc.sip.net ß Session-Target for each VoIP dial-peer

host-registrar ß Sends all SIP 3xx headers as “Address of Record”

no remote-party-id ß SP’s B2BUA will provide this info instead of CME

retry invite 2

retry register 10 ß Retry count being tweaked for various SIP requests & timers

timers connect 100

!

!**********************************************************

!** CME TELEPHONY SERVICE Configuration **

!**********************************************************

!

telephony-service

load 7960-7940 P00307020200 ß Must match with “tftp-server flash:” config above

load 7912 CP7912060000SCCP050124A

max-ephones 24

max-dn 72

calling-number initiator ß Caller-ID for supplementary features

system message Cisco Unified CME ß This text will show up on each SCCP IP-phone

create cnf-files

dialplan-pattern 1 40855514.. extension-length 3 extension-pattern 4.. no-reg

voicemail 600 ß Extension # for CUE VoiceMail

max-conferences 8

secondary-dialtone 9 ß Allows users to dial “9” to place an external call

moh music-on-hold.au ß Music to be played when an SCCP phone presses “Hold” key

service phone videoCapability 1

time-zone 6

date-format mm-dd-yy

network-locale us

web admin system name cisco secret 0 cisco

dn-webedit

time-webedit

call-forward pattern .T

call-forward system redirecting-expanded

transfer-system full-consult dss

transfer-pattern 9.T

!

!**********************************************************

!** EPHONE DN and EPHONE Configuration **

!**********************************************************

!

ephone-dn 1 dual-line

number 410 secondary 4085551410 no-reg primary ß extension # not registered to the SP

label 410

name User-1

description User-1

cor incoming user900-international

call-forward busy 600 ß Call Fwd Busy sent to CUE Voice Mail [extension 600]

call-forward noan 600 timeout 15 ß Call Fwd No Answer sent to CUE Voice Mail after ~3 rings

!

ephone 1

mac-address 0000.0000.0001 ß MAC address of this user’s IP phone

type 7960 ß Type of IP Phone

username user1 password 410

video

button 1:1

!

ephone-dn 2 dual-line

number 411 secondary 4085551411 no-reg primary

label 411

name User-2

description User-2

cor incoming user900-international

call-forward busy 600

call-forward noan 600 timeout 15

!

ephone 2

mac-address 0000.0000.0002

type 7940

username user2 password 411

video

button 1:2

!

ephone-dn 3 dual-line

number 412 secondary 4085551412 no-reg primary

label 412

name User-3

description User-3

cor incoming user900-international

call-forward busy 600

call-forward noan 600 timeout 15

!

ephone 3

mac-address 0000.0000.0003

type 7940

username user3 password 412

video

button 1:3

!

ephone-dn 4 dual-line

number 413 secondary 4085551413 no-reg primary

label 413

name User-4

description User-4

cor incoming user900-international

call-forward busy 600

call-forward noan 600 timeout 15

!

ephone 4

mac-address 0000.0000.0004

type 7940

username user4 password 413

video

button 1:4

!

ephone-dn 5 dual-line

number 414 secondary 4085551414 no-reg primary

label 414

name User-5

description User-5

cor incoming user900-international

call-forward busy 600

call-forward noan 600 timeout 15

!

ephone 5

mac-address 0000.0000.0005

type 7940

username user5 password 414

video

button 1:5

!

ephone-dn 6 dual-line

number 415 secondary 4085551415 no-reg primary

label 415

name User-6

description User-6

cor incoming user900-international

call-forward busy 600

call-forward noan 600 timeout 15

!

ephone 6

mac-address 0000.0000.0006

type 7940

username user6 password 415

video

button 1:6

!

ephone-dn 7 dual-line

number 416 secondary 4085551416 no-reg primary

label 416

name User-7

description User-7

cor incoming user900-international

call-forward busy 600

call-forward noan 600 timeout 15

!

ephone 7

mac-address 0000.0000.0007

type 7940

username user7 password 416

video

button 1:7

!

ephone-dn 8 dual-line

number 417 secondary 4085551417 no-reg primary

label 417

name User-8

description user-8

cor incoming user900-international

call-forward busy 600

call-forward noan 600 timeout 15

!

ephone 8

mac-address 0000.0000.0008

type 7940

username user8 password 417

video

button 1:8

!

ephone-dn 9 dual-line

number 418 secondary 4085551418 no-reg primary

label 418

name Mail-Room

description Mail-Room

cor incoming user900-international

call-forward busy 600

call-forward noan 600 timeout 15

!

ephone 9

mac-address 0000.0000.0009

type 7912

username user9 password 418

video

button 1:9

!

ephone-dn 10 dual-line

number 419 secondary 4085551419 no-reg primary

label 419

name Break-Room

description Break-Room

cor incoming user900-international

call-forward busy 600

call-forward noan 600 timeout 15

!

ephone 10

mac-address 0000.0000.0010

type 7912

username user10 password 419

video

button 1:10

!

ephone-dn 11

description ** DID number for Voicemail **

number 4085551457

!

ephone-dn 12

description ** DID number for Auto Attendant **

number 4085551458

!

!**********************************************************

!** Telephony Services IP source address **

!**********************************************************

!

telephony-service

ip source-address 10.10.10.1 ß Uses the Voice VLAN address for SCCP phones

!

!**********************************************************

!** Voice Translation Rules **

!**********************************************************

!

voice translation-rule 9

rule 1 /^911$/ /911/ ß 911 calling

rule 2 /^9\(.*\)/ /\1/ ß strip off 9 for all outbound calls

!

voice translation-rule 1

rule 1 /4085551457/ /600/ ß translates CUE Voicemail DID # to extn. 600

rule 2 /4085551458/ /601/ ß translates CUE Auto-Attendant DID # to extn. 601

rule 1 /4085551459/ /501/ ß translates Hunt group-1 DID # to internal pilot # 501

rule 1 /4085551460/ /502/ ß translates Hunt group-2 DID # to internal pilot # 502

!

voice translation-profile CUE_Incoming

translate called 1 ß Uses translation-rule 1 above for inbound calls

!

voice translation-rule 410

rule 1 /600/ /4085551457/ ß translates CUE Voicemail & AA extn numbers to the DID number

rule 2 /601/ /4085551458/ ß before sending the call to Service provider

rule 3 /501/ /4085551459/ ß translates internal piliot # for Hunt group-1 to DID #

rule 4 /502/ /4085551460/ ß translates internal piliot # for Hunt group-2 to DID #

rule 5 /^9\(.......\)$/ /408\1/ ß appends the local area code for all 7-digit dialing

rule 6 /^9\(.*\)/ /\1/ ß strip off the digit 9 for all outbound calls

!

voice translation-profile PSTN_CallForwarding

translate redirect-called 410 ß translates Diversion: header’s user portion to a 10-digit DID #

translate redirect-target 410 ß translates Contact: header during call fwding to 10-digit DID #

!

voice translation-profile PSTN_Outgoing

translate called 9

translate redirect-called 410

translate redirect-target 410

!

!**********************************************************

!** VOICEMAIL Configuration **

!**********************************************************

!

dial-peer voice 13 voip

description ** cue voicemail pilot number **

translation-profile outgoing PSTN_CallForwarding

destination-pattern 600

b2bua ß Essential CLI, CME controls all calls to/from the Voice Mail

session protocol sipv2

session target ipv4:10.1.10.1 ß 10.1.10.1 is the internal address of Voice Mail

dtmf-relay sip-notify

codec g711ulaw

no vad

!

dial-peer voice 14 voip

description ** cue auto attendant number **

translation-profile outgoing PSTN_CallForwarding

destination-pattern 601

b2bua ß Essential CLI, CME controls all calls to/from the Auto-Attendant

session protocol sipv2

session target ipv4:10.1.10.1 ß 10.1.10.1 is the internal address of Auto Attendant

dtmf-relay sip-notify

codec g711ulaw

no vad

!

interface loopback0

ip address 10.1.10.2 255.255.255.0 ß assigned on same subnet as the CUE (10.1.10.1)

!

interface Service-Engine 0/0

ip unnumbered Loopback0

service-module ip address 10.1.10.1 255.255.255.0

service-module ip default-gateway 10.1.10.2

no shutdown

!

ip route 10.1.10.1 255.255.255.255 Service-Engine 0/0 ß Essential CLI – routes packets to CUE

!

ephone-dn 13

number 800... no-reg ß MWI-ON prefix, CUE must be cfgd accordingly

mwi on

!

ephone-dn 14

number 801... no-reg ß MWI-OFF prefix, CUE must be cfgd accordingly

mwi off

!

!**********************************************************

!** CALL PARK Configuration **

!**********************************************************

!

ephone-dn 15

number 701 no-reg ß Parking Slots created – 701, 702, 703, 704

park-slot ß Parking Slots are not registered to the SP

!

ephone-dn 16

number 702 no-reg

park-slot

!

ephone-dn 17

number 703 no-reg

park-slot

!

ephone-dn 18

number 704 no-reg

park-slot

!

!**********************************************************

!** HUNT GROUP Configuration **

!**********************************************************

!

ephone-hunt 1 sequential ß Sequential ringing of phones in this group

pilot 501 ß Pilot # for hunt group is 501, SP should have a DID number

associated with extension 501. Translation rule is also needed

list 415, 416, 417 ß These extensions will ring one after the other

final 601 ß Final destination after hunting is CUE Auto-Attendant

timeout 8

statistics collect

!

ephone-hunt 2 sequential

pilot 502

list 410, 412, 413

final 601

timeout 8

statistics collect

!

!**********************************************************

!** LINE VTY Configuration **

!**********************************************************

!

line vty 0 4

password cisco

login

!

!**********************************************************

!** THE END of CME router configuration **

!**********************************************************

!

end

!

wr

!

!**********************************************************

!** CUE Configuration **

!**********************************************************

!

service-module Service-Engine 0/0 session

web skipinitwizard

web admin cme hostname 10.10.10.1 username cisco password cisco

groupname Administrators create

username cisco create

username cisco password cisco

conf t

voicemail callerid

service imap

enable

end imap

service voiceview

enable

end voiceview

clock timezone Etc/GMT+7

groupname Administrators member cisco

groupname IMAPgrp create

groupname IMAPgrp privilege vm-imap

ntp server 10.10.10.1

username user1 create

username user1 phonenumber 410

username user1 phonenumberE164 4085551410

groupname IMAPgrp member user1

enable

username user1 fullname display "John Green"

username user1 fullname first John

username user1 fullname last Green

username user1 password 410

username user1 pin 410

conf t

voicemail mailbox owner user1

end

username user2 create

username user2 phonenumber 411

username user2 phonenumberE164 4085551411

groupname IMAPgrp member user2

enable

username user2 fullname display "John Yellow"

username user2 fullname first John

username user2 fullname last Yellow

username user2 password 411

username user2 pin 411

conf t

voicemail mailbox owner user2

end

username user3 create

username user3 phonenumber 412

username user3 phonenumberE164 4085551412

groupname IMAPgrp member user3

enable

username user3 fullname display "Peter Green"

username user3 fullname first Peter

username user3 fullname last Green

username user3 password 412

username user3 pin 412

conf t

voicemail mailbox owner user3

end

username user4 create

username user4 phonenumber 413

username user4 phonenumberE164 4085551413

groupname IMAPgrp member user4

enable

username user4 fullname display "Peter Yellow"

username user4 fullname first Peter

username user4 fullname last Yellow

username user4 password 413

username user4 pin 413

conf t

voicemail mailbox owner user4

end

username user5 create

username user5 phonenumber 414

username user5 phonenumberE164 4085551414

groupname IMAPgrp member user5

enable

username user5 fullname display "Bruce Lee"

username user5 fullname first Bruce

username user5 fullname last Lee

username user5 password 414

username user5 pin 414

conf t

voicemail mailbox owner user5

end

username user6 create

username user6 phonenumber 415

username user6 phonenumberE164 4085551415

groupname IMAPgrp member user6

enable

username user6 fullname display "Spider Man"

username user6 fullname first Spider

username user6 fullname last Man

username user6 password 415

username user6 pin 415

conf t

voicemail mailbox owner user6

end

username user7 create

username user7 phonenumber 416

username user7 phonenumberE164 4085551416

groupname IMAPgrp member user7

enable

username user7 fullname display "Super Man"

username user7 fullname first Super

username user7 fullname last Man

username user7 password 416

username user7 pin 416

conf t

voicemail mailbox owner user7

end

username user8 create

username user8 phonenumber 417

username user8 phonenumberE164 4085551417

groupname IMAPgrp member user8

enable

username user8 fullname display "Big Barney"

username user8 fullname first Big

username user8 fullname last Barney

username user8 password 417

username user8 pin 417

conf t

voicemail mailbox owner user8

end

username user9 create

username user9 phonenumber 418

username user9 phonenumberE164 4085551418

groupname IMAPgrp member user9

enable

username user9 fullname display "Mail Room"

username user9 fullname first Mail

username user9 fullname last Room

username user9 password 418

username user9 pin 418

conf t

voicemail mailbox owner user9

end

username user10 create

username user10 phonenumber 419

username user10 phonenumberE164 4085551419

groupname IMAPgrp member user10

enable

username user10 fullname display "Break Room"

username user10 fullname first Break

username user10 fullname last Room

username user10 password 419

username user10 pin 419

conf t

voicemail mailbox owner user10

end

ccn subsystem sip

gateway address "10.10.10.1"

dtmf-relay sip-notify

end

ccn trigger sip phonenumber 600

application "voicemail"

end

ccn trigger sip phonenumber 601

application "autoattendant"

end

ccn application ciscomwiapplication

parameter "strMWI_OFF_DN" "801"

parameter "strMWI_ON_DN" "800"

end

end

write