Tuesday, July 31, 2012

URI Dialing on UC 9.0 - Directory URI

For UC 9.0, users can dial the called party via URI if they are using 8961, 9951 or 9971.  You can import a LDAP attribute from the AD server, say for example email address, as the URI for that particular DN, known as directory URI.

1.  From System > LDAP > LDAP Directory, choose the Directory URI mapping to the appropriate LDAP attribute.  In my case I will use the mail attribute as the directory URI.

2.  Configure the phone and DN as what you always did.  Then associate the User to the phone device.  Make sure the primary extension is chosen, which is the DN you want the directory URI to bind with.  This is VERY IMPORTANT.  Without that you will not find it working.

3.  Check your DN again, you should see the directory URI appears magically.

4. The Directory URI is put into an automatically generated partition called "Directory URI".  If you wanna call other DN with Directory URI configured, make sure your CSS has the partition Directory URI.

You can try to make a call now.  It only supports on hook dialing for URI dialing, so you press the new call softkey, the press the "A B C" softkey so that you can enter alphanumeric characters.

If you don't want to call the full directory URI, you want to call without the domain name, make sure you change the following in the Enterprise parameter.

One point to note, when you have the URI and name configured on the DN, even you call each other via DN number, the bubble display on phone will still shows URI instead of DN number, even in the Call List it will show URI instead of DN, so when you redial actually you are calling back via URI instead of DN.

Test your call now and good luck!

MCU 4510 - Initial IP Configuration

Although this is listed in the Getting Started guide, if you so happen find my post ranked earlier than Cisco guide, this is a quick procedure on how to set / modify the IP address from console.

1.  Console connection is 38400 8n1

2.  Change Port A IP address and default gateway
static A

3.  Change DNS Server

Saturday, July 28, 2012

SSL VPN is not supported when multiple context is configured on ASA

Learnt a lesson today.  I believe this is something new, but this is something that I have experienced today which spent me a couple of hours to troubleshoot.

What I want to do is to configure a ASA 5540 (version 8.2) as the SSL VPN headend for the VPN phones.  After I write erase the unit, I've found that basic commands like IP address cannot apply to its management and GE interface.  What I have done is to create a context and after I changeto that new context, I can apply those commands.

However the webvpn command is not available, and I have the required license installed.  After a google search, I've found when multiple context is enabled, webvpn is not supported.

Then I deleted the context and start all over again.  Finally I've found that the ASA 5540 with default "mode multiple" enabled.  It means that default it support multiple context and therefore configurations such as IP address cannot apply in the system context.  After I change it to "mode single" and reboot, all the commands including webvpn are accepted.

Tuesday, July 10, 2012

Cisco UCS Manager - Stateless computing demo

I have created a video to illustrate several demo scenario on how Cisco UCS achieve stateless computing, target to give you all a brief overview on our UCS manageability and how service profiles help to streamline the daily operations.

The video is voice over with Cantonese, sorry for those non-Cantonese speakers.  Will voice over in English when I have time.

Several configuration example has been touched on including:
- Pool creation (UUID, WWNN, WWPN, MAC)
- vNIC and vHBA template creation
- Service Profile template
- Create service profile from service profile template
- Associate Service Profile template with Server Pool to achieve service profile failover
- Rapid Server provisioning
- Server migration

SIP CME - authentication register

For SIP CME configuration, you will find local phones can register to CME without the need of "authentication register" command.  The CME will authenticates the MAC address compare with the ARP request.

For remote phones that are NOT in the same subnet, SIP digest authentication is required.  You need username and password stored in the phone config file, and compare it against the voice register pool.

Without "authentication register", when you do a "debug ccsip message", you will see 401 Unauthorized for the remote phones.

"authentication register" is a global settings and will affect all phones.

Sample configuration

voice service voip
allow-connections sip to sip
bind control source-interface vlan102
bind media source-interface vlan102
voice register global
mode cme
source-address port 5060
max-dn 20
max-pool 20
authenticate register
voice register dn  1
number 1001
voice register pool  1
id mac 0011.2233.4455
type 3905
number 1 dn 1
dtmf-relay sip-notify
username 1001 password cisco
codec g711ulaw

Thursday, July 5, 2012

Create Custom Tab for Jabber for Windows

You can create custom tab for Jabber for Windows to show HTML contents, just like a browser within Jabber for Windows client.  To do so, you can follow the below steps:

1. Access the following directory, assuming you are using a Windows 7 machine
C:\Users\%userprofile%\AppData\Roaming\Cisco\Unified Communications\Jabber\CSF\Config

2. Copy the file jabber-config.xml to the same folder and rename it to jabber-config-user.xml
3. Edit the jabber-config-user.xml file, below is an example to access this blog within Jabber for Windows client.

4. Save the file and restart Jabber

Good luck!

Cisco Jabber for Windows with UDS

User Data Interface is the new application interface that allows Cisco Jabber for Windows to search UCM user database and make user contacts available to Jabber for Windows user, you can search and add the contact to Jabber for Windows buddy list.  Not necessary UCM local user, you can synchronize AD users to UCM, then make it available to Jabber via UDS.  This is what I am doing in my lab.

To enable UDS, you need to create a new xml file namely jabber-config.xml.  The following example xml file enables UDS as well as using presence credential for phone services.

Remember to save this file in UTF-8 encoding.  Upload this file to UCM via UCM OS administration, to its root folder.  Then restart TFTP service on UCM and try to login via Jabber for Windows, then you can search and add contacts from UCM user contacts.
My environment:  UCM 8.6.2 + CUP 8.6.2 + Jabber for Windows 9.0.2

Unable to recognize the Camera on 9971 / 9951

In my recent testing I've found that there is an issue in recognizing the camera on 9971 / 9951 when it is powered by PoE, with CDP on the switch DISABLED.  When you "show power inline", without CDP enabled, the power that is drawn is 15.4W and the device type is IEEE PD.  On the phone you will not see the camera under the "Accessories" and no "Self-View" soft keys available on the phone.  "Video capabilities" and "Cisco Camera" have already enabled on UCM admin page under the 9971 device.

In that case you need to enable CDP on the switch, when you "show power inline" you will see the power that drawn is around 12W and the device type is Cisco 9971.  Under "Accessories" in the phone admin settings you will see the camera is recognized, and you can "Self-View" on the phone.

There is no such issue if you are using a power cube or power injector.

Tuesday, July 3, 2012

Factory reset your Mac Lion

This is something I have just done today.  Reset my Mac to factory default then restore the data from TimeMachine on my NAS.

1. Restart the Mac then press command-R, until you see the Apple logo
2. The Recovery HD will start up, you will see "Mac OS X Utilities"
3. Choose "Disk Utility", the erase your partition with data that you don't want
4. Choose Reinstall Mac OS X Lion, make sure you have either wired or wireless network connected
5. Restore from Mac OS X after Lion is installed, either from the initialization wizard or migration assistant after install

Reset Mac OS X root password

The prerequisite is your current login with admin right.

sudo passwd root

Decrypt Cisco VPN Group Password

As title. to decrypt Cisco VPN Group Password from .pcf file, the profile file of the legacy IPSEC VPN client, this is the tool that I always use and it always work: