Thursday, November 22, 2012

ISR G2 - cme-srst license

On ISRG2, in order to use cme-srst feature, just installing uck9 license is not good enough.  You also need to activate the cme-srst license by accepting the end user agreement.  After that you can use this feature for 12 years.

http://www.cisco.com/en/US/docs/routers/access/sw_activation/SA_on_ISR.html#wp1155517

Here is the command you need to issue:
config t
license accept end user agreement

reload your router then check:


SRST-R2#sh license det cme-srst
Feature: cme-srst                        Period left: 8  weeks 3  days
Index: 1        Feature: cme-srst                          Version: 1.0
        License Type: EvalRightToUse
        License State: Active, In Use
            Evaluation total period: 8  weeks 4  days
            Evaluation period left: 8  weeks 3  days
            Period used: 38 minutes 3  seconds
            Transition date: Jan 21 2013 17:12:02
        License Count: 20/0  (In-use/Violation)
        License Priority: Low
        Store Index: 7
        Store Name: Built-In License Storage

Be careful that before you do this step, you can still issue the CME-SRST command, it just doesn't work!  The phone cannot be registered with the reject message

Nov 22 09:08:32.987: %IPPHONE-6-REG_ALARM: 24: Name=SEP588D09357799 Load=SCCP6945.9-3-1-3 Last=Phone-Reg-Rej

My IOS version:  15.2(4)M2


Thursday, November 8, 2012

Jabber for iPad 9.1 - supports encryption now!

Just tested, works cool.  See the lock icon?


Minnie just bought a new iPad for Mickey with Jabber pre-installed so that she can call him with video anytime.  She is now making a test call between Jabber Video on Mac and Jabber for iPad, via 4G LTE modem.


Hadoop + Cisco SocialMiner = ?

What I am trying to do is to marry BigData Hadoop with Cisco SocialMiner, to collect the latest 1000 tweets on Twitter about Cisco, and analysis what is the most common words that people are using.

One of the beauty of SocialMiner is the API of it is very simple, just a HTTP request then you can get all your tweets in XML format.  You don't need to learn Twitter and Facebook API in order to collect the social contacts that you want.  This is how it works:


Several steps involved:
1. Setup Campaign in SocialMiner to collect Twitter stream with keywords Cisco, #Cisco and @Cisco
2. Write a little script on my Linux machine to get the XML file, and extracted the content of the tweets.
3. Copy it to the Hadoop HDFS, run the word count program.
4. Use Apache Pig, an abstracted level of Hadoop which allows you to use statement similar to SQL, to do the sorting.
5. Format the output in another XML file for graph plotting.  Done!


Looks like WebEx Meeting Server (on-premises WebEx) is the hottest topic now!

Tuesday, November 6, 2012

Cisco Prime Collaboration Manager 1.2 Demo (English)

This is the English version of the demo:




Previous Post with video in Cantonese:
http://pandaeatsbamboo.blogspot.com/2012/09/cisco-prime-collaboration-manager-12.html

Cisco Remote Expert Smart Solution Demonstration

Just managed to see Cisco Remote Expert Smart Solution Demonstration, and I have created a demo video on how it works.

Cantonese:


English:


VXC 6215 Demonstration (English)

This is the English version:


Previous post with video in Cantonese:
http://pandaeatsbamboo.blogspot.com/2012/09/cisco-vxc-6215-demo-cantonese.html

Cisco UCS Manager - Stateless Computing demo (English)

In my previous post I have created a UCS manager demo video about stateless computing in Cantonese.  Now I have updated another version of video with English voice over and hopefully can cover more people, enjoy and let me know what you think!



Previous post:
http://pandaeatsbamboo.blogspot.com/2012/07/cisco-ucs-manager-stateless-computing.html

Home Energy Control - On / Off AP via IP Phone

I have done this little trick at home and reason is to save energy and doesn't want to have my wireless network always on at home.  With this little trick, now I am managed to on / off my IOS AP with a single click.  :)


Demo Video (English)


Demo Video (Cantonese)


Sunday, September 30, 2012

WebEx Social 3.0

Trying to setup WebEx Social 3.0 in my lab, and find it not as straight forward as I thought.  Some points to share:

1. First of all, there are 11 roles of WebEx Social VM and a minimum 12 VMs are required.  Make sure you have enough resource.

http://www.cisco.com/en/US/docs/collaboration/ecp/admin/3_0/guide/ecpsetup.html

2.  Make sure you install the Director FIRST.  Then RDBMS SECOND.  Make sure the App Server (the web server actually) install and add to the Director LAST.  This is very very important.  I forced to redo my work the first time I install because I didn't install the App Server last.

3.  According to the guide in the above link, the default admin user for WebEx Social Web Login is

Username:  test@cisco.com
Password:  test

But this is WRONG!

The correct one should be,

Username:  test@your_company.com
Password:  test

Don't substitute "your_company.com" with your company name, this is the exact text you need to input.

4.  For Search Store you need at least 2 VM, one for master and one for slave

5.  For RDBMS you can only have 1 VM, single point of failure?

Anyway still playing around, will update when I find something interesting.



Friday, September 21, 2012

Sample IPSLA VO Configuration

My environment:  15.0(1)SE3, 3560 8-port switch

IP SLA VO is a tools to simulate video traffic in a network, especially you want to test the network readiness before the video endpoints are in place.

To enable IP SLA VO:


ip sla 1
 video 10.1.91.2 27010 source-ip 10.1.93.2 source-port 20010 profile TELEPRESENCE
 duration 60
 frequency 75
ip sla schedule 1 life forever start-time now
ip sla enable reaction-alerts
ip sla responder

To make sure it is running:
Harbour-UC-SW02#sh ip sla stat 1
IPSLAs Latest Operation Statistics

IPSLA operation id: 1
Type of operation: video
Latest operation start time: 00:07:16 HKT Wed Aug 8 2012
Latest operation return code: OK
Packets:
     Sender Transmitted:  57487
     Responder Received:  57487
Latency one-way time:
     Number of Latency one-way Samples: 37020
     Source to Destination Latency one way Min/Avg/Max: 0/5/11 milliseconds
     NTP sync state: SYNC
Inter Packet Delay Variation, RFC 5481 (IPDV):
     Number of SD IPDV Samples: 37019
     Source to Destination IPDV Min/Avg/Max: 0/500/1008 milliseconds
Packet Loss Values:
     Loss Source to Destination: 0
     Out Of Sequence: 0
Number of successes: 4
Number of failures: 0
Operation time to live: Forever

Prime Collaboration Manager 1.2 - Device Discovery Tips & Tricks


- Make sure the phones (e.g. 9971) that are registered to UCM with web access enabled
- To discover devices on UCM, make sure a JTAPI application user is created.  This user needs to associate to all devices that wants to monitor
- For EX60, you cannot use empty password for http, otherwise it cannot be discovered
- In order to get the mediatrace to work, correct WSMA configuration is needed on routers and switches, here is the sample:

username panda priv 15 password panda
ip http authentication local
ip http secure-server

ip sla responder

mediatrace responder
mediatrace initiator source-interface GigabitEthernet0/0

wsma agent exec profile WSMA-LISTENER-HTTPS
wsma agent config profile WSMA-LISTENER-HTTPS
!
wsma profile listener WSMA-LISTENER-HTTPS
 transport https

Cisco VXC 6215 Demo (Cantonese)

Sorry again if you don't understand Cantonese!


Cisco Prime Collaboration Manager 1.2 Demo (Cantonese)

Sorry if you don't understand Cantonese!


Tuesday, July 31, 2012

URI Dialing on UC 9.0 - Directory URI

For UC 9.0, users can dial the called party via URI if they are using 8961, 9951 or 9971.  You can import a LDAP attribute from the AD server, say for example email address, as the URI for that particular DN, known as directory URI.

1.  From System > LDAP > LDAP Directory, choose the Directory URI mapping to the appropriate LDAP attribute.  In my case I will use the mail attribute as the directory URI.


2.  Configure the phone and DN as what you always did.  Then associate the User to the phone device.  Make sure the primary extension is chosen, which is the DN you want the directory URI to bind with.  This is VERY IMPORTANT.  Without that you will not find it working.

3.  Check your DN again, you should see the directory URI appears magically.


4. The Directory URI is put into an automatically generated partition called "Directory URI".  If you wanna call other DN with Directory URI configured, make sure your CSS has the partition Directory URI.

You can try to make a call now.  It only supports on hook dialing for URI dialing, so you press the new call softkey, the press the "A B C" softkey so that you can enter alphanumeric characters.

If you don't want to call the full directory URI, you want to call without the domain name, make sure you change the following in the Enterprise parameter.




One point to note, when you have the URI and name configured on the DN, even you call each other via DN number, the bubble display on phone will still shows URI instead of DN number, even in the Call List it will show URI instead of DN, so when you redial actually you are calling back via URI instead of DN.

Test your call now and good luck!


MCU 4510 - Initial IP Configuration

Although this is listed in the Getting Started guide, if you so happen find my post ranked earlier than Cisco guide, this is a quick procedure on how to set / modify the IP address from console.

1.  Console connection is 38400 8n1

2.  Change Port A IP address and default gateway
static A 192.168.90.2 255.255.255.0 192.168.90.254

3.  Change DNS Server
dns 192.168.90.10 192.168.90.11

Saturday, July 28, 2012

SSL VPN is not supported when multiple context is configured on ASA


Learnt a lesson today.  I believe this is something new, but this is something that I have experienced today which spent me a couple of hours to troubleshoot.

What I want to do is to configure a ASA 5540 (version 8.2) as the SSL VPN headend for the VPN phones.  After I write erase the unit, I've found that basic commands like IP address cannot apply to its management and GE interface.  What I have done is to create a context and after I changeto that new context, I can apply those commands.

However the webvpn command is not available, and I have the required license installed.  After a google search, I've found when multiple context is enabled, webvpn is not supported.

Then I deleted the context and start all over again.  Finally I've found that the ASA 5540 with default "mode multiple" enabled.  It means that default it support multiple context and therefore configurations such as IP address cannot apply in the system context.  After I change it to "mode single" and reboot, all the commands including webvpn are accepted.

Tuesday, July 10, 2012

Cisco UCS Manager - Stateless computing demo


I have created a video to illustrate several demo scenario on how Cisco UCS achieve stateless computing, target to give you all a brief overview on our UCS manageability and how service profiles help to streamline the daily operations.

The video is voice over with Cantonese, sorry for those non-Cantonese speakers.  Will voice over in English when I have time.


Several configuration example has been touched on including:
- Pool creation (UUID, WWNN, WWPN, MAC)
- vNIC and vHBA template creation
- Service Profile template
- Create service profile from service profile template
- Associate Service Profile template with Server Pool to achieve service profile failover
- Rapid Server provisioning
- Server migration

SIP CME - authentication register


For SIP CME configuration, you will find local phones can register to CME without the need of "authentication register" command.  The CME will authenticates the MAC address compare with the ARP request.

For remote phones that are NOT in the same subnet, SIP digest authentication is required.  You need username and password stored in the phone config file, and compare it against the voice register pool.

Without "authentication register", when you do a "debug ccsip message", you will see 401 Unauthorized for the remote phones.

"authentication register" is a global settings and will affect all phones.

Sample configuration

voice service voip
allow-connections sip to sip
sip
bind control source-interface vlan102
bind media source-interface vlan102
!
voice register global
mode cme
source-address 1.1.1.1 port 5060
max-dn 20
max-pool 20
authenticate register
!
voice register dn  1
number 1001
!
voice register pool  1
id mac 0011.2233.4455
type 3905
number 1 dn 1
dtmf-relay sip-notify
username 1001 password cisco
codec g711ulaw

Thursday, July 5, 2012

Create Custom Tab for Jabber for Windows

You can create custom tab for Jabber for Windows to show HTML contents, just like a browser within Jabber for Windows client.  To do so, you can follow the below steps:


1. Access the following directory, assuming you are using a Windows 7 machine
C:\Users\%userprofile%\AppData\Roaming\Cisco\Unified Communications\Jabber\CSF\Config

2. Copy the file jabber-config.xml to the same folder and rename it to jabber-config-user.xml
3. Edit the jabber-config-user.xml file, below is an example to access this blog within Jabber for Windows client.


4. Save the file and restart Jabber

Good luck!

Cisco Jabber for Windows with UDS

User Data Interface is the new application interface that allows Cisco Jabber for Windows to search UCM user database and make user contacts available to Jabber for Windows user, you can search and add the contact to Jabber for Windows buddy list.  Not necessary UCM local user, you can synchronize AD users to UCM, then make it available to Jabber via UDS.  This is what I am doing in my lab.

To enable UDS, you need to create a new xml file namely jabber-config.xml.  The following example xml file enables UDS as well as using presence credential for phone services.


Remember to save this file in UTF-8 encoding.  Upload this file to UCM via UCM OS administration, to its root folder.  Then restart TFTP service on UCM and try to login via Jabber for Windows, then you can search and add contacts from UCM user contacts.
My environment:  UCM 8.6.2 + CUP 8.6.2 + Jabber for Windows 9.0.2

Unable to recognize the Camera on 9971 / 9951

In my recent testing I've found that there is an issue in recognizing the camera on 9971 / 9951 when it is powered by PoE, with CDP on the switch DISABLED.  When you "show power inline", without CDP enabled, the power that is drawn is 15.4W and the device type is IEEE PD.  On the phone you will not see the camera under the "Accessories" and no "Self-View" soft keys available on the phone.  "Video capabilities" and "Cisco Camera" have already enabled on UCM admin page under the 9971 device.

Workaround:
In that case you need to enable CDP on the switch, when you "show power inline" you will see the power that drawn is around 12W and the device type is Cisco 9971.  Under "Accessories" in the phone admin settings you will see the camera is recognized, and you can "Self-View" on the phone.

There is no such issue if you are using a power cube or power injector.

Tuesday, July 3, 2012

Factory reset your Mac Lion

This is something I have just done today.  Reset my Mac to factory default then restore the data from TimeMachine on my NAS.

1. Restart the Mac then press command-R, until you see the Apple logo
2. The Recovery HD will start up, you will see "Mac OS X Utilities"
3. Choose "Disk Utility", the erase your partition with data that you don't want
4. Choose Reinstall Mac OS X Lion, make sure you have either wired or wireless network connected
5. Restore from Mac OS X after Lion is installed, either from the initialization wizard or migration assistant after install

Reset Mac OS X root password

The prerequisite is your current login with admin right.

sudo passwd root

Decrypt Cisco VPN Group Password

As title. to decrypt Cisco VPN Group Password from .pcf file, the profile file of the legacy IPSEC VPN client, this is the tool that I always use and it always work:

http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode/

Thursday, June 21, 2012

Force Spotlight Reindex

My spotlight on MBP seems not working well, the following command force the spotlight to reindex:

sudo mdutil -E /

Monday, June 18, 2012

UCS Manager + VM-FEX - Not compatible with VMWare vCenter appliance

Just come across an issue during the VM-FEX proof of concept test with customer, I am using UCSM 2.0 and trying to configure VM-FEX with VMWare ESXi 5.0 and vCenter 5.0.  We are using vCenter appliance 5.0, not installing the vCenter on Windows, for this test.  The result is after the integration, all VM can't be powered up.

After a quick search and found this KB:
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2004079

UCS Manager with VM-FEX does not support the vCenter Server Appliance in any available release.


After we build a new vCenter on Windows (not appliance), everything is working fine.  :)



Friday, April 13, 2012

An Easy way to check UCM latest SDI log

RTMT is not bad, however it is still not as quick as you enter command via CLI.  You can use the following command to check the latest SDI log.

Example – it shows the latest 300 lines of SDI logs

file tail activelog cm/trace/ccm/sdi recent 300

Easy Virtual Network

Scenario: In this scenario there are 3 routers interconnected, with 3 VRFs namely Android, IOS and WP7 created.  VNET trunk is configured in order to reduce the complexity and administration effort in configuring the routers in between.

Reference:  http://www.cisco.com/en/US/docs/ios/ios_xe/evn/configuration/guide/evn_confg_xe.html#wp1060221

Topology

VRF android (eth1/0), iOS (eth1/1) and wp7 (eth1/2) -- R4 (eth1/3 vnet trunk) -- (eth1/3 vnet trunk) R5 (eth1/0 vnet trunk) -- (eth1/3 vnet trunk) R6 -- VRF android (eth1/0), iOS (eth1/1) and wp7 (eth1/2)  

Image(14)

R4 Config

Current configuration : 2285 bytes

!

! Last configuration change at 01:38:17 HKT Sat Mar 24 2012

!

version 15.2

service timestamps debug datetime msec

service timestamps log datetime msec

!

hostname R4

!

boot-start-marker

boot-end-marker

!

!

vrf definition android

vnet tag 1001

!

address-family ipv4

exit-address-family

!

vrf definition ios

vnet tag 1002

!      

address-family ipv4

exit-address-family

!

vrf definition wp7

vnet tag 1003

!

address-family ipv4

exit-address-family

!

!

no aaa new-model

!

!

!

clock timezone HKT 8 0

ip cef

!

!

!

!

!

!

no ipv6 cef

!

!

multilink bundle-name authenticated

!

!

!

!

!

!

!

!

!

!

!

!

!

interface Ethernet0/0

no ip address

shutdown

!

interface Ethernet0/1

no ip address

shutdown

!

interface Ethernet0/2

no ip address

shutdown

!

interface Ethernet0/3

no ip address

shutdown

!

interface Ethernet1/0

 vrf forwarding android

ip address 10.1.1.1 255.255.255.0

!

interface Ethernet1/1

 vrf forwarding ios

ip address 10.2.2.1 255.255.255.0

!

interface Ethernet1/2

 vrf forwarding wp7

ip address 10.3.3.1 255.255.255.0

!

interface Ethernet1/3

 vnet trunk

ip address 192.168.1.1 255.255.255.0

 ip ospf vnet area 0

vnet name android

  ip ospf 2 area 0

!

vnet name ios

  ip ospf 3 area 0

!

vnet name wp7

  ip ospf 4 area 0

!

!

interface Serial2/0

no ip address

shutdown

serial restart-delay 0

!

interface Serial2/1

no ip address

shutdown

serial restart-delay 0

!

interface Serial2/2

no ip address

shutdown

serial restart-delay 0

!

interface Serial2/3

no ip address

shutdown

serial restart-delay 0

!

interface Serial3/0

no ip address

shutdown

serial restart-delay 0

!

interface Serial3/1

no ip address

shutdown

serial restart-delay 0

!

interface Serial3/2

no ip address

shutdown

serial restart-delay 0

!

interface Serial3/3

no ip address

shutdown

serial restart-delay 0

!

router ospf 2 vrf android

router-id 1.1.1.2

network 0.0.0.0 255.255.255.255 area 0

!

router ospf 3 vrf ios

router-id 1.1.1.3

network 0.0.0.0 255.255.255.255 area 0

!

router ospf 4 vrf wp7

router-id 1.1.1.4

network 0.0.0.0 255.255.255.255 area 0

!

router ospf 1

router-id 1.1.1.1

network 0.0.0.0 255.255.255.255 area 0

!

ip forward-protocol nd

!

!

no ip http server

!

!

!

!

control-plane

!

!

line con 0

logging synchronous

line aux 0

line vty 0 4

login

!

!

end

R5 Config

Building configuration...

Current configuration : 2290 bytes

!

version 15.2

service timestamps debug datetime msec

service timestamps log datetime msec

!

hostname R5

!

boot-start-marker

boot-end-marker

!

!

vrf definition android

vnet tag 1001

!

address-family ipv4

exit-address-family

!

vrf definition ios

vnet tag 1002

!

address-family ipv4

exit-address-family

!

vrf definition wp7

vnet tag 1003

!

address-family ipv4

exit-address-family

!

!

no aaa new-model

!

!

!

clock timezone HKT 8 0

ip cef

!

!

!

!

!

!

no ipv6 cef

!

!        

multilink bundle-name authenticated

!

!

!

!

!

!

!

!

!

!

!

!

!

interface Ethernet0/0

no ip address

shutdown

!

interface Ethernet0/1

no ip address

shutdown

!

interface Ethernet0/2

no ip address

shutdown

!

interface Ethernet0/3

no ip address

shutdown

!

interface Ethernet1/0

 vnet trunk

ip address 192.168.2.1 255.255.255.0

ip ospf vnet area 0

vnet name android

  ip ospf 2 area 0

!

vnet name ios

  ip ospf 3 area 0

!

vnet name wp7

  ip ospf 4 area 0

!

!

interface Ethernet1/1

no ip address

shutdown

!

interface Ethernet1/2

no ip address

shutdown

!

interface Ethernet1/3

vnet trunk

ip address 192.168.1.2 255.255.255.0

 ip ospf vnet area 0

vnet name android

  ip ospf 2 area 0

!

vnet name ios

  ip ospf 3 area 0

!

vnet name wp7

  ip ospf 4 area 0

!

!

interface Serial2/0

no ip address

shutdown

serial restart-delay 0

!

interface Serial2/1

no ip address

shutdown

serial restart-delay 0

!

interface Serial2/2

no ip address

shutdown

serial restart-delay 0

!

interface Serial2/3

no ip address

shutdown

serial restart-delay 0

!

interface Serial3/0

no ip address

shutdown

serial restart-delay 0

!

interface Serial3/1

no ip address

shutdown

serial restart-delay 0

!

interface Serial3/2

no ip address

shutdown

serial restart-delay 0

!

interface Serial3/3

no ip address

shutdown

serial restart-delay 0

!

router ospf 2 vrf android

router-id 2.2.2.2

network 0.0.0.0 255.255.255.255 area 0

!

router ospf 3 vrf ios

router-id 2.2.2.3

network 0.0.0.0 255.255.255.255 area 0

!

router ospf 4 vrf wp7

router-id 2.2.2.4

network 0.0.0.0 255.255.255.255 area 0

!

router ospf 1

router-id 2.2.2.1

network 0.0.0.0 255.255.255.255 area 0

!

ip forward-protocol nd

!

!

no ip http server

!

!

!

!

control-plane

!

!

line con 0

logging synchronous

line aux 0

line vty 0 4

login   

!

!

end

R6 Config

Building configuration...

Current configuration : 2285 bytes

!

! Last configuration change at 01:39:03 HKT Sat Mar 24 2012

!

version 15.2

service timestamps debug datetime msec

service timestamps log datetime msec

!

hostname R6

!

boot-start-marker

boot-end-marker

!

!

vrf definition android

vnet tag 1001

!

address-family ipv4

exit-address-family

!

vrf definition ios

vnet tag 1002

!      

address-family ipv4

exit-address-family

!

vrf definition wp7

vnet tag 1003

!

address-family ipv4

exit-address-family

!

!

no aaa new-model

!

!

!

clock timezone HKT 8 0

ip cef

!

!

!

!

!

!

no ipv6 cef

!

!

multilink bundle-name authenticated

!

!

!

!

!

!

!

!

!

!

!

!

!

interface Ethernet0/0

no ip address

shutdown

!

interface Ethernet0/1

no ip address

shutdown

!

interface Ethernet0/2

no ip address

shutdown

!

interface Ethernet0/3

no ip address

shutdown

!

interface Ethernet1/0

vrf forwarding android

ip address 10.4.4.1 255.255.255.0

!

interface Ethernet1/1

 vrf forwarding ios

ip address 10.5.5.1 255.255.255.0

!

interface Ethernet1/2

 vrf forwarding wp7

ip address 10.6.6.1 255.255.255.0

!

interface Ethernet1/3

 vnet trunk

ip address 192.168.2.2 255.255.255.0

ip ospf vnet area 0

vnet name android

  ip ospf 2 area 0

!

vnet name ios

  ip ospf 3 area 0

!

vnet name wp7

  ip ospf 4 area 0

!

!

interface Serial2/0

no ip address

shutdown

serial restart-delay 0

!

interface Serial2/1

no ip address

shutdown

serial restart-delay 0

!

interface Serial2/2

no ip address

shutdown

serial restart-delay 0

!

interface Serial2/3

no ip address

shutdown

serial restart-delay 0

!

interface Serial3/0

no ip address

shutdown

serial restart-delay 0

!

interface Serial3/1

no ip address

shutdown

serial restart-delay 0

!

interface Serial3/2

no ip address

shutdown

serial restart-delay 0

!

interface Serial3/3

no ip address

shutdown

serial restart-delay 0

!

router ospf 2 vrf android

router-id 3.3.3.2

network 0.0.0.0 255.255.255.255 area 0

!

router ospf 3 vrf ios

router-id 3.3.3.3

network 0.0.0.0 255.255.255.255 area 0

!

router ospf 4 vrf wp7

router-id 3.3.3.4

network 0.0.0.0 255.255.255.255 area 0

!

router ospf 1

router-id 3.3.3.1

network 0.0.0.0 255.255.255.255 area 0

!

ip forward-protocol nd

!

!

no ip http server

!

!

!

!

control-plane

!

!

line con 0

logging synchronous

line aux 0

line vty 0 4

login

!

!

end

Show command

R5#sh ip ospf nei

Neighbor ID     Pri   State           Dead Time   Address         Interface

1.1.1.1           1   FULL/DR         00:00:33    192.168.1.1     Ethernet1/3

3.3.3.1           1   FULL/BDR        00:00:37    192.168.2.2     Ethernet1/0

1.1.1.4           1   FULL/DR         00:00:36    192.168.1.1     Ethernet1/3.1003

3.3.3.4           1   FULL/BDR        00:00:31    192.168.2.2     Ethernet1/0.1003

1.1.1.3           1   FULL/DR         00:00:38    192.168.1.1     Ethernet1/3.1002

3.3.3.3           1   FULL/BDR        00:00:31    192.168.2.2     Ethernet1/0.1002

1.1.1.2           1   FULL/DR         00:00:32    192.168.1.1     Ethernet1/3.1001

3.3.3.2           1   FULL/BDR        00:00:30    192.168.2.2     Ethernet1/0.1001

R5#sh ip int brie

Interface              IP-Address      OK? Method Status                Protocol

Ethernet0/0            unassigned      YES NVRAM  administratively down down   

Ethernet0/1            unassigned      YES NVRAM  administratively down down   

Ethernet0/2            unassigned      YES NVRAM  administratively down down   

Ethernet0/3            unassigned      YES NVRAM  administratively down down   

Ethernet1/0            192.168.2.1     YES NVRAM  up                    up     

Ethernet1/0.1001       192.168.2.1     YES NVRAM  up                    up    

Ethernet1/0.1002       192.168.2.1     YES NVRAM  up                    up    

Ethernet1/0.1003       192.168.2.1     YES NVRAM  up                    up    

Ethernet1/1            unassigned      YES NVRAM  administratively down down   

Ethernet1/2            unassigned      YES NVRAM  administratively down down   

Ethernet1/3            192.168.1.2     YES NVRAM  up                    up     

Ethernet1/3.1001       192.168.1.2     YES NVRAM  up                    up    

Ethernet1/3.1002       192.168.1.2     YES NVRAM  up                    up    

Ethernet1/3.1003       192.168.1.2     YES NVRAM  up                    up     

Serial2/0              unassigned      YES NVRAM  administratively down down   

Serial2/1              unassigned      YES NVRAM  administratively down down   

Serial2/2              unassigned      YES NVRAM  administratively down down   

Serial2/3              unassigned      YES NVRAM  administratively down down   

Serial3/0              unassigned      YES NVRAM  administratively down down   

Serial3/1              unassigned      YES NVRAM  administratively down down   

Serial3/2              unassigned      YES NVRAM  administratively down down   

Serial3/3              unassigned      YES NVRAM  administratively down down    

R5#sh ip route vrf android

Routing Table: android

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

       + - replicated route, % - next hop override

Gateway of last resort is not set

      10.0.0.0/24 is subnetted, 2 subnets

O        10.1.1.0 [110/20] via 192.168.1.1, 00:08:53, Ethernet1/3.1001

O        10.4.4.0 [110/20] via 192.168.2.2, 00:08:24, Ethernet1/0.1001

      192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks

C        192.168.1.0/24 is directly connected, Ethernet1/3.1001

L        192.168.1.2/32 is directly connected, Ethernet1/3.1001

      192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks

C        192.168.2.0/24 is directly connected, Ethernet1/0.1001

L        192.168.2.1/32 is directly connected, Ethernet1/0.1001

R5#show derived-config int eth1/3.1001

Building configuration...

Derived configuration : 183 bytes

!

interface Ethernet1/3.1001

description Subinterface for VNET android

encapsulation dot1Q 1001

vrf forwarding android

ip address 192.168.1.2 255.255.255.0

ip ospf 2 area 0

end

Service Advertisement Framework (SAF) Testing

Scenario:  In this test lab setup, there are 2 CM clusters and 1 CME and they are using SAF to advertise and learn their dial plan.  Both CM clusters are sharing the same SAF Forwarder, on the other hand CME are co-host with the SAF Forwarder using the same ISRG2 router.

The IOS version is 15.2, and it is a bit different from the configuration in the past.  The “external label” is removed from the EIGRP service family configuration, the new XMCP service routing is introduced.  The SAF Forwarder is the XMCP server and the UCM is the XMCP client.

Topology:

Image(1)

SAF Forwarder Configuration (for both UCM clusters)

SAF1#sh run

Building configuration...
Current configuration : 1958 bytes
!
! Last configuration change at 19:18:45 HKT Fri Mar 23 2012
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SAF1
!
boot-start-marker
boot-end-marker
!
!
enable password cisco
!
no aaa new-model
clock timezone HKT 8 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
!
!
!
!
!
!
username cisco
!
!
!
!
!
!
interface Ethernet0/0
no ip address
shutdown
!
interface Ethernet0/1
no ip address
shutdown
!
interface Ethernet0/2
no ip address
shutdown
!
interface Ethernet0/3
no ip address
shutdown
!
interface Ethernet1/0
no ip address
shutdown
!
interface Ethernet1/1
ip address dhcp
!
interface Ethernet1/2
no ip address
shutdown
!
interface Ethernet1/3
no ip address
shutdown
!
interface Serial2/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial3/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial3/1
ip address 10.20.1.1 255.255.255.252
serial restart-delay 0
!
interface Serial3/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial3/3
no ip address
shutdown
serial restart-delay 0
!
!
router eigrp SAFTEST
!
service-family ipv4 autonomous-system 1
  !
  topology base
  exit-sf-topology
exit-service-family
!
router ospf 1
network 0.0.0.0 255.255.255.255 area 0
!
ip forward-protocol nd
!
no ip http server
!
service-routing xmcp listen ipv4
client username safuser password 0 safpassword
  domain 1 default
!
!
!
!
!
mgcp profile default
!
!
!
!
voice service saf
!
!
!
line con 0
privilege level 15
logging synchronous
line aux 0
line vty 0 4
login
transport input all
!
!
end

Show command

SAF1#  show service-routing xmcp server
XMCP Server listening on port 4788
  Socket descriptors: 0 (TCP/IPv4)
  Connected clients: 0 unauthenticated, 2 total
  Maximum clients: unlimited
  Allow-lists: <none>
  Clients configured:
    Username "safuser", 2 client(s) connected

SAF1#  show service-routing xmcp client
Service-Routing XMCP Clients
Codes: A - Authenticated, T - TCP
    Handle     Address                                    Port  Keepalive
AT  3          192.168.90.223                            34220    22/30
    Client name: UCM/CM_cm86/NodeId=1/8.6.1.20000-1
AT  4          192.168.90.201                            60342    16/30
    Client name: UCM/192.168.90.201/NodeId=1/8.5.1.10000-26

SAF1#  show service-routing database
Service-Routing Database
Service ID (Service:Subservice:Instance)         Trust     Domain Owner Size
------------------------------------------------ --------- ------ ----- -----
      100:1:31000000-0000-0000-0000-000000000000 Connected *      1       319
      100:2:31000000-0000-0000-0000-000000000000 Connected *      1      1086
      101:2:275952D8-C2F9-38A8-AE06-8CE5000160D1 Connected 1      3       665
      101:2:733EF17C-84BD-5610-0325-D23200019F2E Connected 1      4       676

UCM Configuration

SAF Security Profile

Image(2)

SAF Forwarder (Client Label = username in new XCMP configuration)

Image(3)

Hosted DN Group

Image(4)

Hosted DN Pattern

Image(5)

Advertising Service

Image(6)

CCD Partition

Image(7)

Requesting Service

Image(8)

SAF Trunk

Image(9)

RTMT – The learnt dial plan is shown in RTMT

Image(10)

Then let’s move on to see the CME + SAF Forwarder configuration

CME + SAF Forwarder + SAF Client config

Current configuration : 2508 bytes
!
! Last configuration change at 20:42:48 HKT Fri Mar 23 2012
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SAF2
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
clock timezone HKT 8 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 10.20.30.1 255.255.255.255
!
interface Ethernet0/0
no ip address
shutdown
!
interface Ethernet0/1
no ip address
shutdown
!
interface Ethernet0/2
no ip address
shutdown
!
interface Ethernet0/3
no ip address
shutdown
!
interface Ethernet1/0
no ip address
shutdown
!
interface Ethernet1/1
no ip address
shutdown
!
interface Ethernet1/2
no ip address
shutdown
!
interface Ethernet1/3
no ip address
shutdown
!
interface Serial2/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial3/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial3/1
ip address 10.20.1.2 255.255.255.252
serial restart-delay 0
!
interface Serial3/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial3/3
no ip address
shutdown
serial restart-delay 0
!
!
router eigrp SAFTEST
!
service-family ipv4 autonomous-system 1
  !
  topology base
  exit-sf-topology
exit-service-family
!

router ospf 1
network 0.0.0.0 255.255.255.255 area 0
!

ip forward-protocol nd
!
no ip http server
!
!
!
!
!

!
dial-peer voice 1000 voip
destination-pattern ^1...$
session target saf
!
dial-peer voice 2000 voip
destination-pattern ^2...$
session target saf
!
mgcp profile default
!
!
!
!
voice service saf
profile trunk-route 1
  session protocol h323 interface Loopback0 transport tcp port 1720
  session protocol sip interface Loopback0 transport udp port 5060
!
profile dn-block 1
  pattern 1 type extension 3xxx
!
profile callcontrol 1
  dn-service name test
   trunk-route 1
   dn-block 1
  !
!
call
  timer aar-ageout 15
  pattern prefix
  !
!
channel 1 vrouter SAFTEST asystem 1
  subscribe callcontrol wildcarded
  publish callcontrol 1
!
!
!
telephony-service
max-ephones 30
max-dn 30
ip source-address 10.20.30.1 port 2000
max-conferences 4 gain -6
transfer-system full-consult
!
!
ephone-dn  1
number 3001
!
!
ephone  1
mac-address AABB.CCDD.EEFF
type 7965
button  1:1
!
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
login
transport input all
!
!
end

RTMT – See the learnt DNs from CME

Image(12)

Gatekeeper + CME 9.0 + 8945 + EX90 (TC 4.2) Testing

Scenario:  Wants to have CME IP phones talked to standalone EX90.  In this test lab, 2 x 8945 phones are registered to CME 9.0 as a SCCP video end point.  The CME, gateway, and gatekeeper are co-host in the same physical ISR G2 router.  EX90 is registered to the gatekeeper directly as a H.323 terminal. 

End result: 8945 calling EX90, 2 way video works.  The negotiated resolution is 352x288, therefore on EX90 it doesn’t look great, however at least they can connect and make call to each other.  Tried PVDM3 on ISRG2 as the video switching bridge, however it doesn’t work at all, one-way video is resulted. 

Image

Reference:  http://www.cisco.com/en/US/tech/tk1077/technologies_configuration_example09186a00807ca099.shtml

Configuration

cme-video#sh run

Building configuration...

Current configuration : 5424 bytes

!

! Last configuration change at 18:58:41 HKT Tue Mar 20 2012

! NVRAM config last updated at 18:53:32 HKT Tue Mar 20 2012

! NVRAM config last updated at 18:53:32 HKT Tue Mar 20 2012

version 15.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname cme-video

!

boot-start-marker

boot system flash:c2900-universalk9-mz.SPA.152-2.T1.bin

boot-end-marker

!

!

!

no aaa new-model

!

clock timezone HKT 8 0

!

no ipv6 cef

ip auth-proxy max-login-attempts 5

ip admission max-login-attempts 5

!

!

!

ip dhcp excluded-address 192.168.100.1 192.168.100.100

!

ip dhcp pool phone-pool

network 192.168.100.0 255.255.255.0

default-router 192.168.100.1

option 150 ip 192.168.100.1

!

ip dhcp pool PC

network 192.168.200.0 255.255.255.0

default-router 192.168.200.1

!

!

no ip domain lookup

ip domain name ccievoice.com

ip cef

!

multilink bundle-name authenticated

!

!

!

!

!

crypto pki token default removal timeout 0

!

!

voice-card 0

voice-service dsp-reservation 0

!

!

!

voice service voip

allow-connections h323 to h323

allow-connections h323 to sip

allow-connections sip to h323

allow-connections sip to sip

fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none

sip

  registrar server expires max 1200 min 300

!

voice class h323 1

  call start slow                      ! slow start is required for video

!

!

voice register global

mode cme

source-address 192.168.100.1 port 5060

max-dn 20

max-pool 20

timezone 42

time-format 24

date-format D/M/Y

create profile sync 0002883849114141

!

voice register dn  1

number 1001

name Phone 2

label +85225881001

!

voice register dn  2

number 1002

name Phone 3

label +85225881002

!

voice register pool  1

id mac 04C5.A4B0.D13C

type 9951

number 1 dn 1

dtmf-relay sip-notify

description --Phone 2--

codec g711ulaw

camera

video

!

voice register pool  2

id mac 1C17.D341.8FD2

type 9971

number 1 dn 2

dtmf-relay sip-notify

description --Phone 3--

codec g711ulaw

camera

video

!

voice register pool  3

!

!

!

!

!

license udi pid CISCO2911/K9 sn FHK1444F2EK

license accept end user agreement

hw-module pvdm 0/0

!

!

!

!

redundancy

!

!

!

!

!

!

!

!

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

no ip address

duplex auto

speed auto

!

interface GigabitEthernet0/0.100

encapsulation dot1Q 100

ip address 192.168.100.1 255.255.255.0

h323-gateway voip interface

h323-gateway voip id GK ipaddr 192.168.100.1 1719

h323-gateway voip h323-id CME

!

interface GigabitEthernet0/0.200

encapsulation dot1Q 200

ip address 192.168.200.1 255.255.255.0

!

interface GigabitEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface GigabitEthernet0/2

no ip address

shutdown

duplex auto

speed auto

!

interface GigabitEthernet0/0/0

no ip address

!

interface GigabitEthernet0/0/1

no ip address

!

interface GigabitEthernet0/0/2

no ip address

!

interface GigabitEthernet0/0/3

no ip address

!

interface Vlan1

no ip address

!

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

!

!

!

!

control-plane

!

!

!

!

!

!

!

mgcp profile default

!

sccp local GigabitEthernet0/0.100

sccp ccm 192.168.100.1 identifier 1 version 7.0

sccp

!

sccp ccm group 1

associate ccm 1 priority 1

associate profile 1 register CFB-VIDEO

!

dspfarm profile 1 conference video homogeneous

codec g711ulaw

codec h264 cif frame-rate 30 bitrate 320kbps               ! Meetme conference not working for EX90 (only send video, not receive video), only 2 x 8945 is working.  Tried ad-hoc, error message results and only audio remains.  Other resolution is worse.  Point to Point video between EX90 and 8945 is CIF quality

maximum sessions 1

associate application SCCP

!

dial-peer voice 1005 voip

destination-pattern 1005

video codec h264

session target ras

voice-class h323 1

dtmf-relay h245-alphanumeric

codec g711ulaw

!

dial-peer voice 1 pots

incoming called-number .

direct-inward-dial

!

!

gateway

timer receive-rtp 1200

!

!

!

gatekeeper

zone local GK cisco.com

no shutdown

!

!

telephony-service

sdspfarm units 1

sdspfarm tag 1 CFB-VIDEO

no auto-reg-ephone

max-ephones 20

max-dn 20

ip source-address 192.168.100.1 port 2000

time-zone 42

time-format 24

date-format dd-mm-yy

max-conferences 8 gain -6

transfer-system full-consult

create cnf-files version-stamp 7960 Mar 20 2012 18:13:08

!

!

ephone-template  1

softkeys hold  Join Newcall Resume Select

softkeys idle  Cfwdall ConfList Dnd Join Newcall Pickup Redial RmLstC

softkeys seized  Endcall Redial Meetme Cfwdall Pickup

softkeys connected  ConfList Confrn Endcall Hold Trnsfer Join Park RmLstC Select

!

!

ephone-dn  1  octo-line

number 1000

!

!

ephone-dn  2  octo-line

number 1004

!

!

ephone-dn  10  octo-line

number 1111

description --Meet Me Conf--

conference meetme video homogeneous

!

!

ephone-dn  20  octo-line

number 1234

conference ad-hoc video

!

!

ephone  1

device-security-mode none

description +85225881000

video

mac-address 503D.E57D.89C8

ephone-template 1

type 8945

button  1:1

!

!

!

ephone  2

device-security-mode none

video

mac-address 503D.E57D.87F8

ephone-template 1

type 8945

button  1:2

!

!

!

ephone  3

device-security-mode none

!

!

!

ephone  20

device-security-mode none

!

!

!

!

line con 0

exec-timeout 0 0

privilege level 15

logging synchronous

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

exec-timeout 0 0

privilege level 15

logging synchronous

no login

transport input all

line vty 5 40

login

transport input all

!

scheduler allocate 20000 1000

ntp master

!

end

Enable Root Access for EX60 / 90

To enable EX60 / 90 linux kernel with root access, you can first access the unit using the admin user right from a SSH client:

[root@panda ~]# ssh -l admin 192.168.10.1
Welcome to
TANDBERG Codec Release TC5.0.1.275220
SW Release Date: 2011-12-19

OK

systemtool rootsettings get


off


OK


systemtool rootsettings on


OK

Then you can access the unit with root access:

[root@panda ~]# ssh -l root 192.168.10.1
[tandberg:~] $

Thursday, April 12, 2012

CCIE Voice exam passed!!

Finally....

Still remember back in 2010, my first attempt.  At that time I thought I was good enough to take this challenge, at the end I have spent 3 hours to troubleshoot the phone registration problem and I have got quite a lot of sections with zero marks.

I have put it down for 1.5 years. 2 months ago I have decided to pick it up again and took my 2nd attempt. At that time I was very confidence and I have never thought that I will fail until I see the score report.  That was close.

Finally I made it yesterday.  I can now spend more time on other stuff, instead of pressing the keypad on the phones and make calls days and nights.

3 times more joy than getting my first CCIE R&S which passed in first attempt.  :)

Friday, March 9, 2012

Ask the cloud

This is something I have created around 1.5 years ago.  Just found this video on my hard drive when I tried to free up some space of my hard drive.  This is a demonstration on how to control Cisco UCS Manager using voice recognition technology.

Cisco UCM + UCCX + VXML + DMS + UCS Manager + Nuance

At that time there is no Siri, yet, LOL


Wednesday, March 7, 2012

Join the Cisco Jabber Video for Telepresence Beta now and extend your Telepresence Calling Circle

Join the Cisco Jabber Video for Telepresence Beta now and extend your Telepresence Calling Circle.
https://www.ciscojabbervideo.com

I have joined and tried and it works really well on my Mac.  I have also tried to conduct a 4-party video conference with EX90 embedded Multisite and it looks great.  Sign up for yours now!

Cisco Identity Services Engine - Default web login username and password

My environment:  Cisco ISE 1.0.3.377

I have just installed ISE in my lab environment to test things out and the installation is pretty straight forward.  Mount the iso in the VMWare ESXi datastore and run it for around 45 mins.  A post-installation wizard for information like IP address, hostname, etc.  A default admin user is created during the wizard, however it is NOT the same as the web admin username and password.  To access ISE:

https:///admin

The default web admin username and password is admin/cisco.  You are prompted to change it after your first successful logon.

Haven't started configure anything yet, will post anything that found interesting.  :)

Tuesday, February 28, 2012

My 2nd voice lab attempt failed

I failed and the worst part is I think I am doing well and I can't recall I have done anything wrong.  Now the most important thing is to revisit my work and see what I have missed.  Hope to make my 3rd attempt in a couple of months time.

Sunday, February 26, 2012

Ready to make my second voice lab exam attempt tomorrow, wish me luck!

MGCP Gateway Fallback Configuration Example

When you are deploying MGCP in branch office and the WAN connection between the MGCP gateway and UCM is broken, you can enable fallback on IOS gateway and route call based on your H.323 configuration.

These are the commands that you need to configure on your MGCP gateway.

R1(config)#ccm-manager fallback-mgcp


R1(config)#application
R1(config-app)#global
R1(config-app-global)#service alternate Default


Also configure the necessary incoming and outgoing voip and pots dial-peer as well as SRST configuration to handle the fallback situation.

VoiceView Express - Authentication Error

If you try to setup VoiceView Express for a CUE + UCM integration, and get the error:

Playback failed
Authentication error.  Report this error to your system administrator.

when you try to playback a message on Voiceview express, very likely you don't have the JTAPI user associated with the phone that use this service.  Make sure the JTAPI user is associated to the phones that are configured to use VoiceView Express.

Cisco UCM - Voice Mail Box Mask on Voice Mail Profile


The mask only mask the ReDir number.  Not the caller number, therefore:

When branch phone 5002 calls 5001 redir to 1220 (VM Pilot number, CUC in hub site) in SRST mode, it will mask the redir number from 98765001 (DID number) to 5001, therefore the caller 5002 can hear 5001's greeting instead of a general mailbox greeting.

However when 5001 press the voicemail envelop button on phone, the CLID is 98765001 therefore user 5001 doesn't able to listen to his personal greeting, as CUC doesn't recognize a subscriber has 98765001. It is not handled by the voice mail box mask.

One of the way is to enter 98765001 as alternate extension for the subscriber 5001.  If alternate extension is not a solution, you can use calling party transformation on UCM to manipulate the calling number, say for example create a new device pool for the voice mail ports on UCM and apply the calling party transformation CSS to this new device pool.

Cisco UCM + CUE integration - in SRST scenario

In previous post I have highlighted the steps and procedures that are required for a UCM + CUE JTAPI integration:

http://pandaeatsbamboo.blogspot.com/2012/02/ucm-cue-integration-example-step-by.html

What if the CUE is located at a branch site and the connection between UCM and CUE is broken?  When the WAN link is downed, SRST kicks in and the CUE can change from a JTAPI integration into a SIP integration, so that the SRST router can talk to CUE via SIP.

0. Assume you have the JTAPI integration in place, for normal situation when the connection between hub site and branch is up:
http://pandaeatsbamboo.blogspot.com/2012/02/ucm-cue-integration-example-step-by.html

1. Configure CUE SIP subsystem, the gateway address is your SRST router address:


ccn subsystem sip
gateway address "192.168.166.254"
mwi sip unsolicited

2. Configure SIP trigger, the voicemail pilot number:

ccn trigger sip phonenumber 1110
application "voicemail"


3. Configure the SIP dial-peer on your router

dial-peer voice 1110 voip
destination-pattern ^1110$
session protocol sipv2
session target ipv4:192.168.166.254
dtmf-relay sip-notify
codec g711ulaw

4. Configure the SIP MWI:

sip-ua
mwi-server ipv4:142.1.66.253 expires 3600 port 5060 transport udp unsolicited

5.  Sample CME as SRST configuration
telephony-service
srst mode auto-provision none
srst ephone template 1
srst dn template 1
srst dn line-mode octo
max-ephones 20
max-dn 20 no-reg
ip source-address 192.168.166.254 port 2000
voicemail 1110
mwi relay
max-conferences 8 gain -6
transfer-system full-consult
create cnf-files version-stamp 7960 Feb 25 2012 01:03:36
!
!
ephone-dn-template  1
call-forward busy 1110
call-forward noan 1110 timeout 20
mwi sip
huntstop channel 1
!

When the WAN link is downed, your branch phone can still access your local CUE, leave and retrieve voicemail as usual and the end user experience, MWI, etc will be the same.