Manuals / Patton electronic / Communications / IP Phone

Patton electronic SmartNode 4110 Series manual General AAA Conﬁguration

Models: SmartNode 4110 Series

1 664

Download 664 pages 15.88 Kb

Page 104

SmartWare Software Configuration Guide	8 • RADIUS Client Configuration

Figure 14 illustrates the authentication procedure for a user logging into a SmartNode that is conﬁgured to use RADIUS as authentication method.

AAA Server

(RADIUS)

3. Authentication accepted

4. Access granted

IP	2. Authentication requested

User

1. Login Request

Node

Figure 14. Authentication procedure with a RADIUS server

General AAA Conﬁguration

The AAA component consists of AAA proﬁles and AAA methods. A service (e.g. Telnet) has to specify a proﬁle it wants to apply to all login requests. The proﬁle then speciﬁes the sequence in which methods are applied to obtain AAA information. Figure 15 illustrates the correlation between the Telnet login and console login services.

		AAA method
	Service	radius_deepblue
	AAA profile	1
	Telnet
	cli-login	2
	cli-login	radius_extern
		radius_extern

Console

3

local database

console-	1
console-
login	none
	none
	2

Figure 15. How to use AAA methods and AAA proﬁles

The Telnet service uses an AAA proﬁle called cli-login. This proﬁle speciﬁes that the following methods are used in the order they appear in the conﬁguration:

1.Query RADIUS server radius_deepblue.

2.Query RADIUS server radius_extern.

The AAA component

104

Image 104

Patton electronic SmartNode 4110 Series manual General AAA Conﬁguration, Authentication procedure with a Radius server

Contents

SmartWare Release Patton Electronics Company, Inc Summary Table of Contents SmartWare Software Configuration Guide Table of Contents Command line interface CLI Copying configurations to and from a remote storage location IP context overview 11 NAT/NAPT configuration Serial port configuration PRI port configuration Isdn Overview Basic IP routing configuration Snmp configuration Dhcp configuration CS context overview VPN configuration CS interface configuration FXO interface configuration SIP interface configuration Table of Contents 524 45 H.323 gateway configuration Pstn profile configuration Location Service Terms and definitions List of Figures SmartWare Software Configuration Guide List of Tables Audience How to read this guideAbout this guide Structure About this guide About this guide Precautions Typographical conventions used in this documentGeneral conventions Garamond bold typeSmartWare Software Configuration GuideAbout this guide Service and support Mouse conventionsPatton support headquarters in the USA Fax +1 253Patton Electronics Company Warranty coverageRMA numbers Chapter contents System overviewIntroduction Circuit Switch SmartWare embedded softwareVoIP Gateway IP RouterApplications Carrier networksEnterprise networks WANLAN telephony Typical LAN telephony system with a SmartNode gatewayConﬁguration concepts Conﬁguration concept overview Contexts and Gateways ContextExample GatewayInterfaces, Ports, and Bindings InterfacesPorts and circuits BindingsProﬁles Proﬁles and Use commandsUse Commands Command line interface CLI Operator exec mode, the system prompt is displayed as Command modesCLI prompt Command editing Command helpCommand completion Navigating the CLICommand history Command Editing ShortcutsAccessing the CLI Accessing the SmartWare CLI task list If desiredEnding a Telnet or console port session see Accessing via the console portConsole port procedure Accessing via a Telnet session Telnet ProcedureUsing an alternate TCP listening port for the Telnet server Disabling the Telnet serverSelecting a secure password Login displayPassword encryption Factory preset administrator accountConﬁguring operators and administrators Creating an operator accountCreating an administrator account Name and password passwordOpening a secure conﬁguration session over SSH Nodecfg#copy running-conﬁg startup-conﬁgDisplaying account information Mode EnableDisplaying the CLI version Switching to another account Checking identity and connected usersNode# who Node whoUsed in operator execution mode Command index numbersAccessing the CLI Showing command default values Ending a Telnet or console port sessionSystem image handling System image handling Memory regions in SmartWare System image handling task list Local Persistent Volatile FlashShow version Displaying system image informationCopying system images from a network server to Flash memory Step Command Purpose Upgrading the software directly Here’s an example for conﬁguration provisioning Auto provisioning of ﬁrmware and conﬁgurationExplanation To use and debug provisioning Boot procedure Boot procedureIP Addresses in the Factory Conﬁguration Default Startup ConﬁgurationFactory conﬁguration Conﬁguration ﬁle handling Understanding conﬁguration ﬁles Configuration file handling Conﬁguration ﬁle handling task list Sample conﬁguration ﬁleCopying conﬁgurations within the local memory Local Memory RegionsNode# copy nvram backup startup-conﬁg Backup already present in ﬂash memoryName nvramtarget-name Name into the local memoryCopying conﬁgurations to and from a remote storage location Remote memory regions for SmartWareNew-startupnvramstartup-conﬁg Displaying conﬁguration ﬁle informationNodecfg# copy tftp//ip-addressport Modifying the running conﬁguration at the CLI Node#reload Modifying the running conﬁguration ofﬂineNode#copy running-conﬁg tftp//node-ip Example Modifying the running conﬁguration ofﬂine Deleting a speciﬁed conﬁgurationExample Deleting a speciﬁed conﬁguration Delete the conﬁguration named minimal explicitlyCLI copy command copy tftp//host/path conﬁg-ﬁle Encrypted ﬁle downloadEncrypted Conﬁguration Download Auto provisioningInstall a custom encryption key optional Use CasesUpload an encrypted conﬁguration ﬁle Encrypt a conﬁguration ﬁleDownload an encrypted conﬁguration ﬁle Basic system management Basic system management conﬁguration task list Managing feature license keys Downloads the license key ﬁle and installNode cfg#copy tftp//tftp-server/path/ﬁle Name licenses LicensesSetting system information Setting the system banner System banner with message to operatorsSetting time and date Display clock informationDisplay time since last restart Conﬁguring the Web serverDetermining and deﬁning the active CLI version De enRestarting the system Displaying the system logsUnit Controlling command executionDisplaying reports Ctrl-zsuspend active command Show the currently running commandsCtrl-cterminate current command Bring job 0 to foregroundTimed execution of CLI command Mode SystemSome examples Displaying the checksum of a conﬁgurationName sys#no terminal idle-time Radius Client Conﬁguration AAA component Authentication procedure with a Radius server General AAA ConﬁgurationNodecfg#proﬁle authentication name Nodepf-authname#server-timeoutAuthentication proﬁle-name Nodecfg#show proﬁle authenticationRadius conﬁguration Conﬁguring Radius clients Example Conﬁgure the Radius clients as shown in ﬁgureConﬁguring Radius accounting Vendor109 Conﬁguring the Radius server Attributes in the Radius request messageConﬁguring the local database accounts Attributes in the Radius accept messageExample Create an administrator and an operator account Word passwordPassword Base. The no form removes an existing accountStoring call logs with quality information IP context overview IP context and related elements IP context overview conﬁguration task list Planning your IP conﬁguration Conﬁguring physical portsCreating and conﬁguring IP interfaces IP interface related informationConﬁguring RIP Conﬁguring NaptConﬁguring static IP routing Conﬁguring access control lists Conﬁguring quality of service QoSIP interface conﬁguration IP interface conﬁguration task list Creating an IP interfaceNodectx-iprouter#interface name Nodeif-ip name#Deleting an IP interface Setting the IP address and netmask Conﬁguring a Napt DMZ interfaceName if-ip if-name# no napt InsideRouter advertisement broadcast message Icmp message processingIcmp redirect messages Nodeif-ipname#tcp adjust-mss Deﬁning the MTU and MSS of the interfaceExample Deﬁning the MTU of the interface MTU packet size value must be in the range fromConﬁguring an interface as a point-to-point link Displaying IP interface informationTesting connections with the ping command Displaying dynamic ARP entriesFlushing dynamic ARP entries Processing gratuitous ARP requestsMode Either operator or administrator execution Ber timeout secondsIP link supervision Node#ping address numCheck connectivity of an IP link Show IP link statusDebug connectivity Debug ARPTraceroute Example Debug ARP outputConﬁguring the Igmp Proxy Example Display the ARP informationNAT/NAPT conﬁguration Dynamic Napt Dynamic NAT Tftp because the SmartNode might become inaccessibleStatic Napt Static NAT Napt traversalNAT/NAPT conﬁguration task list Creating a Napt proﬁleNode cfg#proﬁle napt name OptionalConﬁguring a Napt DMZ host Deﬁning Napt port rangesOptional Ahespgreipv6 localip AH, ESP, GRE, or IPv6 respectively directed toName pf-napt pf-name# udp-handling symmetricaddress Preserving TCP/UDP port numbers in NaptDeﬁning the UDP Napt type Activate NAT/NAPT Displaying NAT/NAPT conﬁguration informationNode cfg#context ip router Node cfg#show proﬁle naptConﬁguring NAT static protocol entries Mode proﬁle napt pf-naptExample Display NAT/NAPT conﬁguration information Ethernet port conﬁguration Conﬁguring medium for an Ethernet port Entering the Ethernet port conﬁguration modeEthernet port conﬁguration task list Conﬁguring Ethernet encapsulation type for an Ethernet port Binding an Ethernet port to an IP interfaceNodeprt-eth slot/port#encapsulation ip Conﬁgures the encapsulation type to IPMultiple IP addresses on Ethernet ports Nodeprt-eth slot/port#bind interface name routerConﬁguring a Vlan Nodeconﬁg#port ethernet slot port Nodeprt-ethslot/port#vlan idNodevlanid#encapsulation ippppoemulti Nodevlanid#bind interface name routerNodeprt-eth slot/port#cos rx-map layer Adding a receive mapping table entryExample Adding a receive mapping table entry Adding a transmit mapping table entry Closing an Ethernet portUsing the built-in Ethernet sniffer Nvramethernet-0-0-1.cap Following is an example of how the sniffer is normally usedNvramethernet-0-slot-port.cap Link scheduler conﬁguration Using trafﬁc classes Applying scheduling at the bottleneckWeighted fair queuing WFQ Introduction to SchedulingPriority ShapingBurst tolerant shaping or wfq HierarchySetting the modem rate Quick referencesCommand cross reference Policy-map policy-map Proﬁle service-policyLink scheduler conﬁguration task list Source trafﬁc-class classPacket classiﬁcation Enable statistics gathering seeDeﬁning the access control list proﬁle Creating an access control list Scenario with Web server regarded as a single source hostCreating a service policy proﬁle Nodecfg#proﬁle acl nameNodepf-acl name#permit ip host ip-address any trafﬁc-class Nodepf-acl name#permit ip any anyStructure of a Service-Policy Proﬁle Deﬁning fair queuing weight Specifying the handling of trafﬁc-classesMode Source Specifying the type-of-service TOS ﬁeldDeﬁning the bit-rate Deﬁning absolute prioritySpecifying differentiated services codepoint Dscp marking Specifying the precedence ﬁeldNodesrc name#set ip tos value Nodesrc name#set ip precedence valueDeﬁnes the Class-Of-Service value applied to packets of for Specifying layer 2 markingNodesrc name#set ip dscp value Value is from 0 toQuality of Service for routed RTP streams Deﬁning random early detectionDiscarding Excess Load Nodesrc name#random-detect burst-toleranceMode proﬁle service-policy/proﬁle Policy name in out Devoting the service policy proﬁle to an interfaceNodeif-ip if-name#use proﬁle service Displaying link scheduling proﬁle information Enable statistics gatheringDisplaying link arbitration status Optional Value Implication on Command Output Serial port conﬁguration Serial port conﬁguration task list Disabling an interfaceEnabling an interface Port Conﬁguring the serial encapsulation typeConﬁguring the hardware port protocol Conﬁguring the active clock edge Conﬁguring the baudrate Baudrate176 Frame Relay conﬁguration Frame Relay conﬁguration task list Conﬁguring Frame Relay encapsulationConﬁguring the LMI type Conﬁguring the keep-alive intervalEnabling fragmentation Ber to be used on the speciﬁed virtual circuitNodepvc dlci#fragment size For this PVC only FRF.12 end-to-end fragmentationEntering Frame Relay PVC conﬁguration mode Conﬁguring the PVC encapsulation type Binding the Frame Relay PVC to IP interfaceMode PVC IP interface wan is bound to PVC 1 on port serial 0Enabling a Frame Relay PVC Disabling a Frame Relay PVCDebugging Frame Relay Displaying Frame Relay information Integrated service access 188 Conﬁgure the serial interface settings Check that the Frame Relay settings are correctExample 2 Frame Relay on e1t1 with a channel-group PRI port conﬁguration Terminology PRI port conﬁguration task listEnable/Disable PRI port PRI DebuggingConﬁguring PRI port-type Conﬁguring PRI clock-modeConﬁguring PRI framing Name prt-e1t1 slot/port# linecodeAmi b8zs hdb3 Name prt-e1t1 slot/port# framingConﬁguring PRI application mode E1T1 only Conﬁguring PRI line-build-out E1T1 in T1 mode onlyConﬁguring PRI used-connector E1T1 in E1 mode only Conﬁguring PRI LOS threshold E1T1 only Conﬁguring PRI Loopback detection E1T1 onlyDefault disabled Conﬁguring PRI encapsulationMode channel-group group-name Create a Channel-GroupConﬁguring Channel-Group Timeslots Conﬁguring Channel-Group EncapsulationEntering Hdlc Conﬁguration Mode Mode channel-group groupMode hdlc Conﬁguring Hdlc CRC-TypePRI Debugging Default no encapsulationConﬁguring Hdlc Encapsulation PRI Conﬁguration Examples Example 3 RBS with a channel-group Example 1 IsdnExample 2 RBS without a channel-group Example 4 Frame Relay without a channel-group Example 7 PPP with a channel-group Example 5 Framerelay with a channel-groupExample 6 PPP without a channel-group BRI port conﬁguration Conﬁguring BRI clock-mode Enable/Disable BRI portBRI port conﬁguration task list Conﬁguring BRI Power-Feed Feed Default disabledConﬁguring BRI encapsulation Creating a channel groupTimeslots timeslots Default no timeslotsName ch-grp group-name#no Selects the timeslot to be used Name#show port bri BRI DebuggingName#no debug bri BRI Conﬁguration Examples Example 1 Isdn with auto clock/uni-side settingsExample 2 Isdn with manual clock/uni-side settings Example 3 Multi-Link PPP over two B-Channels Isdn Overview Isdn reference points Isdn reference pointsIsdn UNI Signaling Possible SmartNode port conﬁgurations215 Isdn Conﬁguration Concept Isdn LayeringIsdn conﬁguration Enter Q.921 conﬁguration mode Mode base-modeIsdn conﬁguration task list Conﬁguring Q.921 parametersConﬁguring Q.921 encapsulation Mode q921Enter Q.931 conﬁguration mode Mode q931 Conﬁguring Q.931 parametersNodeq931slot/port#signalling-rule Nodeq931slot/port#no signalling-ruleEtsi Pss1oldConﬁguring Q.931 encapsulation Debugging IsdnFace if-name Control interfaceNode#show port isdn slot port detail level Isdn Conﬁguration ExamplesExample being clock slave on uni network interface Example PRI Example QsigAssume the scenario as illustrated in ﬁgure RBS conﬁguration Conﬁguring RBS protocol Enter RBS conﬁguration modeRBS conﬁguration task list Mode rbs Conﬁguring RBS encapsulationDebugging RBS Noderbs#no encapsulation cc-rbsRBS Conﬁguration Examples Example Conﬁguring RBS Ground Start on a E1T1 port229 DSL Port Conﬁguration Line Setup Conﬁguring PPPoEConﬁguration Summary Profile napt WANUsing PVC channels with PPPoE Setting up permanent virtual circuits PVCUsing PVC channels in bridged Ethernet mode Troubleshooting DSL Connections DiagnosticsPPPoE access Link StateBasic IP routing conﬁguration Basic IP routing conﬁguration task list Routing tablesStatic routing Policy routingDisplaying IP route information see Conﬁguring static IP routesNodecfg#context ip router Enters the IP router Context Adds a static routeDeleting static IP routes Displaying IP route informationConﬁguring policy routing 0.0/0 172.16.32.2 StaticExamples Basic static IP routing exampleChanging the default UDP port range for RTP and Rtcp RIP conﬁguration Routing protocol RIP conﬁguration task list Enabling send RIPEnabling an interface to receive RIP Specifying the send RIP versionEnabling RIP learning Example Enabling RIP learn host and defaultSpecifying the receive RIP version Enabling RIP announcing Specifying the default route metric Enabling RIP auto summarizationEnabling RIP split-horizon processing Enabling the poison reverse algorithmSetting the RIP route expiry 3600 Default 180 secondsEnabling holding down aged routes Nodeif-ipname#rip route-expiryDisplaying RIP conﬁguration of an IP interface Displaying global RIP information252 Access control list conﬁguration Why you should conﬁgure access lists About access control listsWhat access lists do When to conﬁgure access lists Features of access control listsAccess control list conﬁguration task list Mapping out the goals of the access control listNodepf-acl name#permit ip src src-wildcard any Where the syntax is Nodepf-acl name#permit icmp src src-wildcard any Type type type type code code cos groupNodepf-acl name#deny icmp src src-wildcard Any host src dest dest-wildcard any host destWhere the syntax is as following Msg nameType type Code codeNodepf-acl name#permit tcp udp sctp src src-wild Card any host src eq port gt port lt port rangePort lt port range from to cos group cos-rtp group Nodepf-acl name#deny tcp udp sctp src srcEq port Lt portGt port Range from toWhere the syntax is Debugging an access control list proﬁle Unbind an access control list proﬁle from an interfaceDisplaying an access control list proﬁle Control list profile shall be debugged Commands that have to be entered are listed below Denying a speciﬁc subnetSnmp conﬁguration Snmp basic components Snmp basic commandsSimple Network Management Protocol Snmp Network management framework Identiﬁcation of a SmartNode via SnmpSnmp management information base MIB Snmp conﬁguration task list Setting basic system informationSnmp tools 271 Setting access community information Example Setting the system group objectsRo rw Or read/write access Setting allowed host information Specifying the default Snmp trap targetNodecfg#snmp host IP-address-of-SN security Nodecfg#snmp target IP-address-of-SNUsing the AdventNet Snmp utilities Displaying Snmp related informationUsing the MibBrowser AdventNet MibBrowser Settings Button on the ToolbarUsing the TrapViewer AdventNet TrapViewer displaying received trapsTimeStamp EnterpriseGeneric Type Speciﬁc TypeStandard Snmp version 1 traps Snmp interface traps 281 Sntp client conﬁguration Sntp client conﬁguration task list Unicast anycast multicast Deﬁning Sntp client operating modeSelecting Sntp time servers Deﬁning Sntp local UDP port Enabling and disabling the Sntp client Example Enabling the Sntp client operationExample Disabling the Sntp client operation Deﬁning Sntp client poll intervalDeﬁning Sntp client constant offset to GMT Deﬁning the Sntp client anycast addressName #show clock local Displays the local time, UTC and the offset of the localNodecfg#sntp-client anycast-address ip Example Enabling the Sntp client root delay compensationEnabling and disabling local clock offset compensation Example Disabling the Sntp client root delay compensation Showing Sntp client related informationExample Showing Sntp client related information Debugging Sntp client operationNist Internet time service Recommended public Sntp time servers291 Dhcp conﬁguration Dhcp configuration DHCP-server and DHCP-client are illustrated in ﬁgure Enable DHCP-client on an IP interfaceDHCP-client conﬁguration tasks Example Enable DHCP-client on an IP interface ‘conﬁgure’ conﬁguration modeMode Any Example Enable Dhcp debug monitorRelease or renew a Dhcp lease manually advanced Get debug output from DHCP-clientDHCP-server conﬁguration tasks Conﬁgure DHCP-server proﬁlesNodepf-dhcpsname#no default Nodepf-dhcpsname#no netbiosNodecfg#proﬁle dhcp-server name Nodepf-dhcpsname#network ipUse DHCP-server proﬁles and enable the DHCP-server Nodepf-dhcpsname#no bootﬁle bootNodepf-dhcpsname#no next-server All ip-addressCheck DHCP-server conﬁguration and status Deﬁne the bootﬁle Option 67 for the DHCP-serverDeﬁne the Tftp server Option 66 for the DHCP-server Get debug output from the DHCP-server Conﬁgure DHCP-relay Create/Modify DHCP-Relay proﬁleEnable/Disable DHCP-Relay Agent DNS conﬁguration Server-ip-address DNS conﬁguration task listEnabling the DNS resolver DNS relay diagram Enabling the DNS relay307 DynDNS conﬁguration DynDNS conﬁguration task list Creating a DynDNS account Conﬁguring the DNS resolverWord Conﬁguring basic DynDNS settingsConﬁguring the DynDNS server Conﬁguring advanced DynDNS settings optional Mode DynDNSTroubleshooting Deﬁning a mail exchanger for your hostname312 PPP conﬁguration 314 Nodeif-ipname#point-to-point PPP conﬁguration task listCreating an IP interface for PPP Nodeif-ipname# no tcp adjust-mss Nodeif-ipname#ipaddressNodeif-ipname#ipaddress dhcp Nodeif-ipname# ipaddress ip-addressDisable interface IP address auto-conﬁguration from PPP Creating a PPP subscriberNodeif-ipname#use proﬁle napt name Nodecfg # subscriber ppp nameOptional outboundinbound user password Nodesubscrname# dial inoutChap pap chappap Nodesubscrname# no identiﬁcationTrigger forced reconnect of PPP sessions using a timer Conﬁguring a PPPoE sessionTor AC-Name Case authentication is required Conﬁguring PPP over a Hdlc LinkCreating a PPP proﬁle Optional ﬁleDefault Nodecfg #no proﬁle ppp nameNodepf-pppname#mtu min min max Nodepf-pppname#mru min min maxMin max max default DefaultConﬁguring the local and remote PPP Mrru Name pf-ppp proﬁle# mrru minDisplaying PPP conﬁguration information Example Display PPP subscriber conﬁguration informationExample Display a PPP proﬁle Debugging PPPNodecfg #show ppp links level Nodecfg #show ppp networks levelNodecfg #show pppoe name Nodecfg #show port interface nameExample Display PPP link information LCPExample Display PPP network protocol information Example Display PPPoE informationWithout authentication, encapsulation multi, with Napt With authentication, encapsulation PPPoESample conﬁgurations PPP over Ethernet PPPoEWithout authentication, numbered interface With authentication, unnumbered interfacePPP over a Hdlc Link Serial Port PPP over a Hdlc Link E1T1 PortPPP Dial-up over Isdn PPP DialerFollowing command creates a new PPP dialer Mode context cs Dial-up and login information for a certainCreate a dialer Create outbound destinationsConﬁgure recovery strategy Create inbound destinations CaseName if-dialerdialer#inbound Name inboundprovider#local-e164E164 Name inboundprovider#remote-e164Example Dial-on demand feature Debug dialer functionalityDial-up Dial-up on demandDial-up nailed Dial if possible, and never drop Mode context ip/interfaceDial-up on monitor CS context overview CS context conﬁguration components CS context conﬁguration task list Planning the CS conﬁgurationRemote ofﬁce in an Enterprise network Conﬁguring general CS settings Conﬁguring the clock sourceMode Operator execution Debugging the clock sourceConﬁguring call routing Selecting PCM law compressionNode sys#clock-sourceslot-number port-number Reference clockCreating and conﬁguring CS interfaces Specify call routingConﬁguring dial tones Conﬁguring voice over IP parametersConﬁguring Isdn ports Conﬁguring FXS portsConﬁguring an H.323 VoIP connection Conﬁguring a SIP VoIP connectionActivating CS context conﬁguration Nodectx-csswitch#show call-router config detail Node ctx-csswitch#debug call-router detail levelNodectx-csswitch#show call-router status detail LevelSmartNode in an Enterprise network Planning the CS context CS ConﬁgurationConﬁguring call routing Conﬁguring general CS settingsFirst we set clock-source to Isdn port 2/3 354 Conﬁguring VoIP settings Because we need G.723 as codec we enable Dtmf relayWe want to use this proﬁle on our H.323 interfaces Conﬁguring BRI portsActivating the CS context conﬁguration Next we conﬁgure call signalingConﬁguring an H.323 VoIP connection Finally, activate the gateway and CS context TAB-CALLED-NUMBERShowing the running conﬁguration Conﬁguration script for our application looks as follows359 360 361 VPN conﬁguration Authentication EncryptionKey management Transport and tunnel modesPermanent IKE Tunnels VPN conﬁguration task list Creating an IPsec transformation proﬁleExample Create an IPsec transformation proﬁle Creating an IPsec policy proﬁleProcedure To create an IPsec policy proﬁle Mode Conﬁgure Creating/modifying an outgoing ACL proﬁle for IPsec Conﬁguration of an IP interface and the IP router for IPsec Displaying IPsec conﬁguration informationExample Display IPsec transformation proﬁles Example Display IPsec policy proﬁlesDebugging IPsec Example IPsec Debug OutputCreating an Ipsec transform proﬁle Key management IKEMain differences between manual & IKE Ipsec conﬁgurations Creating an Isakmp transform proﬁle Creating an Isakmp Ipsec policy proﬁle Should be used. Do not specify a peer, if this polIcy shall be used for multiple peers in transport Mode. The peer can either be an IP address or aCreating/modifying an outgoing ACL proﬁle for Ipsec Conﬁguration of an IP interface and the IP router for IpsecPolicy matching Sample conﬁguration snippetDebug ike event Debug ike errorUse proﬁle acl WANOut out Performance considerations Encrypted Voice Performance considerationsEnabling RTP encryption support Mode Context ip /interface if-name IPsec tunnel, DES encryption SmartNode conﬁgurationCisco router conﬁguration 379 380 CS interface conﬁguration CS interface conﬁguration task list CS interfaces on the CS contextNodeif-typeif-name#exit Examples Create CS interfaces and delete anotherNodeif-typeif-name#… 384 Table table-name Service service-name Nodeif- typeif-name #exitConﬁguring the interface mapping tables Table in table-name That shall be applied to all call propertiesAnd/or Speciﬁed directionIncoming call passing an interface mapping table Conﬁguring the precall service tables Call passing an input and an output mapping tableSupplementary service invocation commands Number to commandSupplementary service invocation command Repeat to add other special number mapIsdn interface conﬁguration Isdn interface conﬁguration task list Isdn interfaces on the CS contextConﬁguring Dtmf dialing optional Conﬁguring an alternate Pstn proﬁle optionalNodeif-isdn if-name#no use proﬁle Deﬁnes an alternate Pstn proﬁle to be used forName if-isdn if-name# no call-waiting Disable call-waiting Conﬁguring ringback tone on Isdn user-side interfacesConﬁguring call waiting optional Disabling call-waiting on Isdn DSS1 network interfacesConﬁguring date/time publishing to terminals optional Conﬁguring Call-Hold on Isdn interfacesEnabling Display Information Elements on Isdn Ports Sending the connected party number Colp optional Deﬁning the ‘network-type’ in Isdn interfacesHome Office Isdn Advice of Charge support 398 If there is no tariff information from the network for All callsNodeif-isdnif- name# aoc-d automatic If there is not charge information from the networkIsdn User Interface Connected to a PBX switch etc Following table shows an overview of the AOC variantsIsdn Network Interface connected to phones NoChargeAvailableMode interface isdn interface Isdn DivertingLegInformation2 FacilityTransmit Direction Receive Direction500 Nodeif-isdn#caller-nameNodeif-isdn#caller-name early-alerting Outgoing Isdn call. This feature is disabled By defaultNodeif-isdn#caller-name ignore AbsenceFXS interface conﬁguration FXS interface conﬁguration task list Conﬁguring a subscriber number recommendedMode Interface FXS Conﬁguring caller-ID presentation optionalConﬁguring ﬂash hook processing optional Nameif-fxsname#no subscriberConﬁguring ringing-cadence optional Conﬁguring the Message Waiting Indication feature for FXS Ing-indication stutter-dial-tone Through Stuttered Dial ToneMat bell Frequency-shift keyingMat etsi FXS supplementary services description Call hold Call transferDefault enabled Call holdCall waiting TernCall waiting reminder ring Drop passive callDrop active call Call toggleConferencing Call parkNameif-fxsname#no drop-passive PatternFXO interface conﬁguration FXO interfaces on the CS context FXO services description Creating an FXO interfaceNodeif-fxo name # Nodectx-csswitch#interface fxo nameDeleting an FXO interface FXO interface conﬁguration task list FXO off-hook on caller IDConﬁguring when the digits are dialed optional Nodectx-csswitch#interface fxo if-nameNodeif-fxoif-name# Nodeif-fxo if-name#Figuration mode Nodeif-fxoif-name#dial-after dial-tone timeout secondsNodeif-fxo if-name# Nodeif-fxo if-name #ring-number countConﬁguring how to detect a call has disconnected optional Min min-time max max-timeNodeif-fxo if-name#no connect-signal Battery-reversal tax-pulseConﬁguring the destination of the call FXO Mute dialingFXO interface examples RBS interface conﬁguration RBS interface conﬁguration task list Creating/Deleting a RBS interfaceConﬁguring an alternate Pstn proﬁle Name Face, the ‘no’ form deletes an existing oneMode Interface RBS Conﬁguring additional disconnect signalsConﬁguring an alternate Tone-Set proﬁle Conﬁguring B-Channel allocation strategyNodeif-rbsif-name#no dial-after dial- tone timeout seconds Node#no debug ccrbs datapath error signalingConﬁguring number of Rings before Off-Hook Conﬁguring ready to dial strategyNode#show ccrbs call if-name detail level Prints information about ongoing calls onSelected interface Node#show ccrbs interface if-name detailInterface conﬁguration Interface conﬁguration task list Binding the interface to an H.323 gateway Examples Deﬁne the IP address of the remote H.323 entityConﬁguring an alternate VoIP proﬁle optional Conﬁguring CLIP/CLIR support optional Node if- h323 if-name #itc rx 3k1Speciﬁes the information transfer capability to Node if- h323 if-name #itc tx 3k1Enabling ‘early-proceeding’ on H.323 interfaces Enabling the early call connect optionalNameif-h323if-name#early-proceeding Nameif-h323name#early-connectEnabling the early call disconnect optional Enabling the via address support optionalIng connection should be established Conﬁguring status inquiry settings optionalNodeif-h323if-name# remoteport port AOC-D Support for H.323 Nodeif-h323if-name# no aoc-d emit Mode context cs/interfce h.323 interface-nameNodeif-h323if-name# no aoc-d SIP interface conﬁguration SIP SIP interface conﬁguration task listBinding the interface to a SIP gateway Conﬁgure a remote hostNodeif-sipif-name# no bind context Sip-gateway gw-nameUsing an alternate VoIP proﬁle Optional Conﬁguring a local host OptionalNodeif-sipif-name# no remote host Nodeif-sipif-name# no local hostUsing an alternate SIP proﬁle Optional Using an alternate Tone-Set proﬁle OptionalNodeif-sipif-name#use proﬁle voip Nodeif-sipif-name#use proﬁle sip proMapping call-control properties in SIP headers Conﬁguring early call connect / disconnect OptionalConﬁguring address translation Optional Header Mapping SIP headers to call-control propertiesConﬁguring Isdn Redirecting Number Tunneling Over SIP Updating caller address parameters SIP Diversion Header 450 SIP Refer Transmission & Isdn Explicit Call Transfer support 452 AOC Over SIP Optional Name if-sip interface#no aoc-dAccept Name if-sip interface#no aoc-d emitEnabling the session timer Optional Enabling the SIP penalty-box feature OptionalDefault zero-ip Conﬁgure the SIP hold method OptionalCall router conﬁguration Call router configuration 458 Direct call routing vs. advanced call routing Call router conﬁguration task list Map out the goals for the call routerConﬁgure general call router behavior Enable advanced call routing on circuit interfacesConﬁgure address completion timeout Example Conﬁgure address completion timeout Address-completion timeout timeoutDigit-collection timeout timeout Digit-collection terminating-char charProcedure To conﬁgure number preﬁx Mode Context CS Conﬁgure number preﬁx for Isdn number typesExample Conﬁgure number preﬁx National-preﬁx preﬁxConﬁgure call routing tables Create a routing tableCalling-e164 Regular Expressions Example Called party number routing tableCalled party number routing table Symbol Description Digit Collection Digit Collection Variants Example Digit collection of any number Dialed Selected Description Number Entry Calling party number routing table Number type routing tableNumbering plan routing table Name routing table IP address routing tablePresentation Indicator Routing Table URI routing tableSmith must be escaped with a backslash \, because Dot . means ‘any character’ in a regular expressionScreening Indicator Routing Table Information transfer capability routing table 478 Default Any other unhandled case Mode context cs Time of day routing tableDay of Week Routing Table Example Day of week routing tableProcedure To delete an entire routing table Node ctx-cs switch #routing-tableDeleting routing tables Resulting running-conﬁg isNode ctx-cs switch #no routing-table Example Remove an entire routing tableConﬁgure mapping tables Delete the routing table table-nameType Description Input-Type Description Output-Type Sets the display name of the called Mapping table examples Example Called and calling party manipulation mapping table To E.164 Mapping TablesInput-type to output-type table-name Away the input-type and output-type486 487 Custom SIP URIs from called-/calling-e164 properties Other mapping tablesEnter the mapping table from which you want to remove an Node ctx-cs switch #mapping-tableDeleting mapping tables Creating complex functions Procedure To delete an entire mapping table Mode Context CSExample Remove an entire mapping table Example Create a complex function Deleting complex functionsExample Remove an entire complex function Digit collection & sending-complete behaviorSending-Complete Ingress interfaceCall-Router 323123# YesTrue Egress Interface Mode context cs / interface sip Complete-indication clearCreating call services Creating a hunt group serviceHunt group service Node ctx-cs switch #service hunt Call dest-service service-nameCause cause Call dest-interface interface-nameDefault Behavior Class Cause Hunt Description Group Service Normal EventNo-user-responding Drop original call Service or ResourceUnavailable Option NotImplemented Invalid MessageProtocol Error Interworking Creating a distribution group service Distribution group serviceNode ctx-cs switch #service distribu Nodesvc-huntservice-name# route callDest-service service-name With the ﬁrst conﬁgured destinationsDistribution-Group Min-Concurrent setting Call-router ‘limiter’ servicePriority service ‘Limiter’ service diagramPriority service diagram CS Bridge service-‘VoIP Leased Line’ BridgeBridge services diagram Conﬁguring the service second-dialtone Conﬁguration ExampleDeleting call services Activate the call router conﬁgurationTest the call router conﬁguration Example Create and test a routing table516 Call routing example network 518 CS context and call router elements 520 Conﬁgure partial rerouting Mode context cs/interface sip Enable push-back aaa serviceMode context cs/service aaa Call rerouteEnable push-back bridge service Enable push-back distribution-group serviceEnable push-back hunt group service Enable push-back limiter serviceSIP call-router services SIP conference-service SIP conference-service conﬁguration task listEntering conference-service conﬁguration mode Name ctx-csswitch#no service sipSIP location-service Mode Service SIP conferenceConﬁguring the conference server Ference-server host-name portSIP location-service conﬁguration task list Entering SIP location-service conﬁguration modeBinding a location service Conﬁguring the hunt timeoutConﬁguring multi-contact behavior SecondsTone conﬁguration Tone-set proﬁles Tone conﬁguration task list Conﬁguring call-progress-tone proﬁlesProcedure To conﬁgure a tone-set proﬁle Mode Conﬁgure Conﬁgure tone-set proﬁlesFor which a tone indication can be provided Enable tone-set proﬁleProcedure To assign a tone-set proﬁle to a Pstn interface Show call-progress-tone and tone-set proﬁles Example Show tone-set proﬁleNode#show proﬁle call-progress-tone Name Ciﬁc with name nameFollowing example shows how to display the tone-set proﬁle 536 FXS port conﬁguration Shutdown and enable FXS ports Netherlands Bind FXS ports to higher layer applicationsConﬁgure country-speciﬁc FXS port parameters Mode IC voice in system Enter FXS port conﬁguration modeOther FXS port parameters Nodeconﬁg#port fxs slot portExample FXO port conﬁguration Shutdown and enable FXO ports Bind FXO ports to higher layer applicationsConﬁgure country speciﬁc FXO port parameters Other FXO port parametersNodeconﬁg#port fxo slot port Nodeprt-fxo slot/ port#useEnter FXO port conﬁguration mode Gateway conﬁguration Gateway between IP and CS contexts Mode Gateway H.323 Enable the gatewayGateway conﬁguration task list Binding the gateway to an IP interfaceConﬁgure registration authentication service RAS Optional Ery auto gkid Conﬁgure H.235 Security optionalNode gw-h323h323#gatekeeper-discov Procedure To enable H.235 security on H.323 gateway 235 conﬁguration\getcryptopassword h235-password mas Word h235-password encryptedNode gw-h323h323#h235security master Node gw-h323h323#h235security passDefault setting is Command show h235-securityshows the current settingSignaling message Detail debug-levelAdvanced conﬁguration options optional Enabling H.245 TunnelingEnabling the fastconnect procedure Enabling the early H.245 procedureNodegw-h323h323#h245-tunneling Enables H.245 tunneling Nodegw-h323h323#faststart Enables the fastconnect procedureConﬁguring the trafﬁc class for H.323 signaling Setting the response timeoutNodegw-h323h323#call-signaling-port Port Naling connectionsIstration Setting the connect timeoutNal gateway Nodecfg#debug gateway h323 error Nodecfg#debug gateway h323 signalingH323 status detail level Nodecfg#debug gateway h323 tpktchanContext SIP gateway overview Routing Architecture Enter conﬁguration mode Context SIP Gateway conﬁguration task listFrom-URI-Host equal Remote Request-URI-Host equal Local Creating a context SIP gatewayMode Context SIP Gateway Mode Transport InterfaceCreating a transport interface Conﬁguring the IP bindingEnabling/disabling the context SIP gateway Binding location servicesConﬁguring a spoofed contact address Troubleshooting Debug commandsShow status information Node#show context sip-gateway gwConﬁguration Examples ExampleOutbound Authentication Inbound Authentication Outbound Registration 569 Inbound Registration B2B User Agent with Registered Clients 572 VoIP proﬁle conﬁguration VoIP profile configuration VoIP proﬁle conﬁguration task list Creating a VoIP proﬁleNodecfg#profile voip name Nodepf-voip name#Conﬁgure codecs Procedure Insert a codec at a speciﬁc position in the list Mode Proﬁle VoIPProcedure Remove a codec from the list Mode Proﬁle VoIP Conﬁguring the Cisco versions of the G.726 codecs Mode VoIP nameConﬁguring the transparent-clearmode codec Defaultrtpsignaling Conﬁguring Dtmf relayConﬁguring RTP payload types Nodepf-voip pf-name#dtmf-relayConﬁguring RTP payload type for transparent-clearmode Conﬁguring RTP payload type for Cisco NSEConﬁguring Cisco NSE for Fax Nodepf-voip name#rtp payload-type nseConﬁguring the dejitter buffer advanced Jitter and dejitter bufferProcedure Conﬁgure the dejitter buffer AdaptiveMax-delay Dejitter buffer is allowed to introduce. This settingEnabling/disabling ﬁlters advanced Is valid for all modesConﬁguring Fax transmission Illustrates the difference between Fax relay and Fax bypassFax relay and Fax bypass Nodepf-voipname#fax transmis Sion bypass g711alaw64kNodepf-voipname#fax dejitter Nodepf-voipname# fax transmisMode proﬁle voip proﬁle-name VolumeCED retransmission Retransmission numberNo-Signal Retransmission Mode proﬁle voip pf-nameMethod default v150-vbdnse Default default Fax bypass methodModem bypass method Conﬁguring modem transmissionNodepf-voip name#modem trans Mission bypass g711alaw64kConﬁguring the trafﬁc class for Voice and Fax data Conﬁguring IP-IP codec negotiationHome ofﬁce in an enterprise network Home ofﬁce in an enterprise networkDescription Show the conﬁgured proﬁle Home ofﬁce with faxSoft phone client gateway 595 Disable Dtmf relay Show the conﬁgured proﬁle Pstn proﬁle conﬁguration Pstn proﬁle conﬁguration task list Creating a Pstn proﬁleConﬁguring the echo canceller Procedure Disable echo cancellation Mode Proﬁle PstnProcedure Conﬁgure voice output gain Conﬁguring output gain600 SIP proﬁle conﬁguration Entering the conﬁguration mode for a SIP proﬁle SIP proﬁle conﬁguration task listMapping from a SIP disconnect cause Namecfg#no profile name nameMapping to a SIP cause Mapping from a SIP redirection reasonMapping to a SIP redirection code Q931-cause to sip-causeAuthentication Service Authentication Service conﬁguration task list Creating an Authentication ServiceCreating credentials Conﬁguring the authentication protocolConﬁguring a Realm Location Service Location Service conﬁguration task list Creating a Location ServiceAdding a domain Domain ExamplesMode Identity Creating an identityBound Authentication outbound faceAlias Mode Authentication outbound Authentication inbound faceNodeauthout#authenticate authentica Nodeauthout#authenticate indexMode Authentication inbound Nodeauthin#authenticate authenticaNodeauthin#authenticate index Nodeauthin#no authenticate indexMode Registration outbound Registration outbound faceNoderegout#proxy host port Strict-routePort strict-route Noderegout#proxy index down posiNoderegin# no lifetime default sec Registration inbound faceNodeidentityname# no registration InboundMode Call outbound Call outbound faceNodecallout#proxy host port Nodecallout#proxy index hostCall inbound face Mode Call outboundMode Call inbound Creating an identity group Inheriting from an identity group to an identityConﬁguring the Message Waiting Indication feature for SIP SubscriptionMode Message inbound NotiﬁcationMode Message inbound Message Waiting Indication through Call-Control This conﬁguration example, inheritance is used VoIP debugging Debugging strategy Following command will disable the ﬁlter completely Filtering debug monitor outputVerifying IP connectivity Example Verify IP connectivityDebugging call signaling Debugging Isdn signalingUnit#debug ccisdn signaling Overview Isdn debug monitorsVerify an incoming call Line Verify an outgoing call630 Debug isdn event slot port all layer2 layer3 Isdn layer 2 and 3 can be veriﬁed using a show commandVerify Isdn layer 2 and 3 status Debugging FXS Signaling Overview FXS debug monitorsStops For most verbose outputState to RINGING, that means it has accepted the call Debugging H.323 Signaling Overview H.323 debug monitors635 636 637 Debugging SIP signaling Using SmartWare’s internal call generator Debugging voice data No debug media-gateWay dejitter Way control detail levelWay switch Way errorWay rtp Way dspHow to submit trouble reports to Patton Check system logs643 Appendix a Terms and deﬁnitions SmartWare architecture terms and deﬁnitions Also releasePression Ory BufferPots Tftp Appendix B Mode summary Mode overview, 1 Mode Overview, 2 Mode Overview, 3 Appendix C Command summary Ebnf syntax New Conﬁguration Commands Show command historyOther Show helpAppendix D Internetworking terms & acronyms Abbreviations NumericDSS1 MSN SAR Appendix E Used IP ports & available voice Codecs Webserver Used IP portsTelnet Available voice codecs