Patton electronic SmartNode 4110 Series manual

SmartWare Software Configuration Guide24 • Access control list configuration

Mode: Interface

Step	Command	Purpose

1	node(cfg)#context ip router	Selects the IP router context

2	node(ctx-ip)[router]#interface if-name	Selects IP interface if-namefor which access
		control list profile shall be debugged

3	node(if-ip)[if-name]#debug acl {in out} [level]	Enables access control list debug monitor
		with a certain debug level for the selected
		interface if-name

Where the syntax is:

Keyword	Meaning

if-name	The name of the IP interface to which an access control list proﬁle gets bound

level	The detail level. Level 0 disables all debug output, level 7 shows all debug output.

in	Speciﬁes that the settings for incoming packets are to be changed.

out	Speciﬁes that the settings for outgoing packets are to be changed.

Example: Debugging access control list proﬁles

The following example shows how to enable debugging for incoming trafﬁc of access control lists on interface wan. On level 7 all debug output is shown.

node(cfg)#context ip router node(cfg-ip)[router]#interface wan node(cfg-if)[wan]#debug acl in 7

The following example enables the debug monitor for access control lists globally.

node#debug acl

The following example disables the debug monitor for access control lists globally.

node#no debug acl

Access control list configuration task list

265

Image 265

Contents

SmartWare Release Patton Electronics Company, Inc Summary Table of Contents SmartWare Software Configuration Guide Table of Contents Command line interface CLI Copying configurations to and from a remote storage location IP context overview 11 NAT/NAPT configuration Serial port configuration PRI port configuration Isdn Overview Basic IP routing configuration Snmp configuration Dhcp configuration CS context overview VPN configuration CS interface configuration FXO interface configuration SIP interface configuration Table of Contents 524 45 H.323 gateway configuration Pstn profile configuration Location Service Terms and definitions List of Figures SmartWare Software Configuration Guide List of Tables About this guide How to read this guideAudience Structure About this guide About this guide Typographical conventions used in this document PrecautionsGeneral conventions Garamond bold type SmartWare Software Configuration GuideAbout this guide Mouse conventions Service and supportPatton support headquarters in the USA Fax +1 253 RMA numbers Warranty coveragePatton Electronics Company System overview Chapter contents Introduction SmartWare embedded software Circuit SwitchVoIP Gateway IP Router Carrier networks Applications WAN Enterprise networks Typical LAN telephony system with a SmartNode gateway LAN telephony Conﬁguration concepts Conﬁguration concept overview Context Contexts and GatewaysExample Gateway Interfaces Interfaces, Ports, and BindingsPorts and circuits Bindings Use Commands Proﬁles and Use commandsProﬁles Command line interface CLI CLI prompt Command modesOperator exec mode, the system prompt is displayed as Command help Command editingCommand completion Navigating the CLI Command Editing Shortcuts Command history Accessing the CLI If desired Accessing the SmartWare CLI task list Console port procedure Accessing via the console portEnding a Telnet or console port session see Telnet Procedure Accessing via a Telnet sessionUsing an alternate TCP listening port for the Telnet server Disabling the Telnet server Login display Selecting a secure password Factory preset administrator account Password encryptionConﬁguring operators and administrators Creating an operator account Name and password password Creating an administrator accountOpening a secure conﬁguration session over SSH Nodecfg#copy running-conﬁg startup-conﬁg Displaying the CLI version Mode EnableDisplaying account information Checking identity and connected users Switching to another accountNode# who Node who Command index numbers Used in operator execution mode Accessing the CLI Ending a Telnet or console port session Showing command default values System image handling System image handling Memory regions in SmartWare Local Persistent Volatile Flash System image handling task list Copying system images from a network server to Flash memory Displaying system image informationShow version Step Command Purpose Upgrading the software directly Explanation Auto provisioning of ﬁrmware and conﬁgurationHere’s an example for conﬁguration provisioning To use and debug provisioning Boot procedure Boot procedure Factory conﬁguration Default Startup ConﬁgurationIP Addresses in the Factory Conﬁguration Conﬁguration ﬁle handling Understanding conﬁguration ﬁles Configuration file handling Sample conﬁguration ﬁle Conﬁguration ﬁle handling task list Local Memory Regions Copying conﬁgurations within the local memory Backup already present in ﬂash memory Node# copy nvram backup startup-conﬁgName nvramtarget-name Name into the local memory Remote memory regions for SmartWare Copying conﬁgurations to and from a remote storage location Nodecfg# copy tftp//ip-addressport Displaying conﬁguration ﬁle informationNew-startupnvramstartup-conﬁg Modifying the running conﬁguration at the CLI Node#copy running-conﬁg tftp//node-ip Modifying the running conﬁguration ofﬂineNode#reload Deleting a speciﬁed conﬁguration Example Modifying the running conﬁguration ofﬂineExample Deleting a speciﬁed conﬁguration Delete the conﬁguration named minimal explicitly Encrypted ﬁle download CLI copy command copy tftp//host/path conﬁg-ﬁleEncrypted Conﬁguration Download Auto provisioning Use Cases Install a custom encryption key optional Download an encrypted conﬁguration ﬁle Encrypt a conﬁguration ﬁleUpload an encrypted conﬁguration ﬁle Basic system management Basic system management conﬁguration task list Downloads the license key ﬁle and install Managing feature license keysNode cfg#copy tftp//tftp-server/path/ﬁle Name licenses Licenses Setting system information System banner with message to operators Setting the system banner Display clock information Setting time and date Conﬁguring the Web server Display time since last restartDetermining and deﬁning the active CLI version De en Displaying the system logs Restarting the system Displaying reports Controlling command executionUnit Show the currently running commands Ctrl-zsuspend active commandCtrl-cterminate current command Bring job 0 to foreground Mode System Timed execution of CLI commandSome examples Displaying the checksum of a conﬁguration Name sys#no terminal idle-time Radius Client Conﬁguration AAA component General AAA Conﬁguration Authentication procedure with a Radius server Nodepf-authname#server-timeout Nodecfg#proﬁle authentication nameAuthentication proﬁle-name Nodecfg#show proﬁle authentication Radius conﬁguration Example Conﬁgure the Radius clients as shown in ﬁgure Conﬁguring Radius clients Vendor Conﬁguring Radius accounting 109 Attributes in the Radius request message Conﬁguring the Radius server Attributes in the Radius accept message Conﬁguring the local database accounts Word password Example Create an administrator and an operator accountPassword Base. The no form removes an existing account Storing call logs with quality information IP context overview IP context and related elements IP context overview conﬁguration task list Conﬁguring physical ports Planning your IP conﬁgurationCreating and conﬁguring IP interfaces IP interface related information Conﬁguring static IP routing Conﬁguring NaptConﬁguring RIP Conﬁguring quality of service QoS Conﬁguring access control lists IP interface conﬁguration Creating an IP interface IP interface conﬁguration task listNodectx-iprouter#interface name Nodeif-ip name# Deleting an IP interface Conﬁguring a Napt DMZ interface Setting the IP address and netmaskName if-ip if-name# no napt Inside Icmp redirect messages Icmp message processingRouter advertisement broadcast message Deﬁning the MTU and MSS of the interface Nodeif-ipname#tcp adjust-mssExample Deﬁning the MTU of the interface MTU packet size value must be in the range from Displaying IP interface information Conﬁguring an interface as a point-to-point link Displaying dynamic ARP entries Testing connections with the ping commandFlushing dynamic ARP entries Processing gratuitous ARP requests Ber timeout seconds Mode Either operator or administrator executionIP link supervision Node#ping address num Show IP link status Check connectivity of an IP linkDebug connectivity Debug ARP Example Debug ARP output Traceroute Example Display the ARP information Conﬁguring the Igmp Proxy NAT/NAPT conﬁguration Dynamic Napt Static Napt Tftp because the SmartNode might become inaccessibleDynamic NAT Napt traversal Static NAT Creating a Napt proﬁle NAT/NAPT conﬁguration task listNode cfg#proﬁle napt name Optional Deﬁning Napt port ranges Conﬁguring a Napt DMZ hostOptional Ahespgreipv6 localip AH, ESP, GRE, or IPv6 respectively directed to Deﬁning the UDP Napt type Preserving TCP/UDP port numbers in NaptName pf-napt pf-name# udp-handling symmetricaddress Displaying NAT/NAPT conﬁguration information Activate NAT/NAPTNode cfg#context ip router Node cfg#show proﬁle napt Example Display NAT/NAPT conﬁguration information Mode proﬁle napt pf-naptConﬁguring NAT static protocol entries Ethernet port conﬁguration Ethernet port conﬁguration task list Entering the Ethernet port conﬁguration modeConﬁguring medium for an Ethernet port Binding an Ethernet port to an IP interface Conﬁguring Ethernet encapsulation type for an Ethernet portNodeprt-eth slot/port#encapsulation ip Conﬁgures the encapsulation type to IP Nodeprt-eth slot/port#bind interface name router Multiple IP addresses on Ethernet ports Conﬁguring a Vlan Nodeprt-ethslot/port#vlan id Nodeconﬁg#port ethernet slot portNodevlanid#encapsulation ippppoemulti Nodevlanid#bind interface name router Example Adding a receive mapping table entry Adding a receive mapping table entryNodeprt-eth slot/port#cos rx-map layer Closing an Ethernet port Adding a transmit mapping table entry Using the built-in Ethernet sniffer Nvramethernet-0-slot-port.cap Following is an example of how the sniffer is normally usedNvramethernet-0-0-1.cap Link scheduler conﬁguration Applying scheduling at the bottleneck Using trafﬁc classes Introduction to Scheduling Weighted fair queuing WFQPriority Shaping Hierarchy Burst tolerant shaping or wfq Quick references Setting the modem rate Policy-map policy-map Proﬁle service-policy Command cross referenceLink scheduler conﬁguration task list Source trafﬁc-class class Deﬁning the access control list proﬁle Enable statistics gathering seePacket classiﬁcation Scenario with Web server regarded as a single source host Creating an access control list Nodecfg#proﬁle acl name Creating a service policy proﬁleNodepf-acl name#permit ip host ip-address any trafﬁc-class Nodepf-acl name#permit ip any any Structure of a Service-Policy Proﬁle Specifying the handling of trafﬁc-classes Deﬁning fair queuing weight Specifying the type-of-service TOS ﬁeld Mode SourceDeﬁning the bit-rate Deﬁning absolute priority Specifying the precedence ﬁeld Specifying differentiated services codepoint Dscp markingNodesrc name#set ip tos value Nodesrc name#set ip precedence value Specifying layer 2 marking Deﬁnes the Class-Of-Service value applied to packets of forNodesrc name#set ip dscp value Value is from 0 to Deﬁning random early detection Quality of Service for routed RTP streamsDiscarding Excess Load Nodesrc name#random-detect burst-tolerance Mode proﬁle service-policy/proﬁle Nodeif-ip if-name#use proﬁle service Devoting the service policy proﬁle to an interfacePolicy name in out Displaying link arbitration status Enable statistics gatheringDisplaying link scheduling proﬁle information Optional Value Implication on Command Output Serial port conﬁguration Disabling an interface Serial port conﬁguration task list Enabling an interface Conﬁguring the hardware port protocol Conﬁguring the serial encapsulation typePort Conﬁguring the active clock edge Baudrate Conﬁguring the baudrate 176 Frame Relay conﬁguration Conﬁguring Frame Relay encapsulation Frame Relay conﬁguration task list Conﬁguring the keep-alive interval Conﬁguring the LMI type Ber to be used on the speciﬁed virtual circuit Enabling fragmentationNodepvc dlci#fragment size For this PVC only FRF.12 end-to-end fragmentation Entering Frame Relay PVC conﬁguration mode Binding the Frame Relay PVC to IP interface Conﬁguring the PVC encapsulation type IP interface wan is bound to PVC 1 on port serial 0 Mode PVC Disabling a Frame Relay PVC Enabling a Frame Relay PVC Debugging Frame Relay Displaying Frame Relay information Integrated service access 188 Check that the Frame Relay settings are correct Conﬁgure the serial interface settings Example 2 Frame Relay on e1t1 with a channel-group PRI port conﬁguration PRI port conﬁguration task list Terminology PRI Debugging Enable/Disable PRI portConﬁguring PRI port-type Conﬁguring PRI clock-mode Name prt-e1t1 slot/port# linecode Conﬁguring PRI framingAmi b8zs hdb3 Name prt-e1t1 slot/port# framing Conﬁguring PRI used-connector E1T1 in E1 mode only Conﬁguring PRI line-build-out E1T1 in T1 mode onlyConﬁguring PRI application mode E1T1 only Conﬁguring PRI Loopback detection E1T1 only Conﬁguring PRI LOS threshold E1T1 only Conﬁguring PRI encapsulation Default disabled Create a Channel-Group Mode channel-group group-nameConﬁguring Channel-Group Timeslots Conﬁguring Channel-Group Encapsulation Mode channel-group group Entering Hdlc Conﬁguration ModeMode hdlc Conﬁguring Hdlc CRC-Type Conﬁguring Hdlc Encapsulation Default no encapsulationPRI Debugging PRI Conﬁguration Examples Example 2 RBS without a channel-group Example 1 IsdnExample 3 RBS with a channel-group Example 4 Frame Relay without a channel-group Example 6 PPP without a channel-group Example 5 Framerelay with a channel-groupExample 7 PPP with a channel-group BRI port conﬁguration BRI port conﬁguration task list Enable/Disable BRI portConﬁguring BRI clock-mode Feed Default disabled Conﬁguring BRI Power-FeedConﬁguring BRI encapsulation Creating a channel group Name ch-grp group-name#no Selects the timeslot to be used Default no timeslotsTimeslots timeslots Name#no debug bri BRI DebuggingName#show port bri Example 2 Isdn with manual clock/uni-side settings Example 1 Isdn with auto clock/uni-side settingsBRI Conﬁguration Examples Example 3 Multi-Link PPP over two B-Channels Isdn Overview Isdn reference points Isdn reference points Possible SmartNode port conﬁgurations Isdn UNI Signaling 215 Isdn Layering Isdn Conﬁguration Concept Isdn conﬁguration Mode base-mode Enter Q.921 conﬁguration modeIsdn conﬁguration task list Conﬁguring Q.921 parameters Enter Q.931 conﬁguration mode Mode q921Conﬁguring Q.921 encapsulation Conﬁguring Q.931 parameters Mode q931 Nodeq931slot/port#no signalling-rule Nodeq931slot/port#signalling-ruleEtsi Pss1old Debugging Isdn Conﬁguring Q.931 encapsulationFace if-name Control interface Example being clock slave on uni network interface Isdn Conﬁguration ExamplesNode#show port isdn slot port detail level Assume the scenario as illustrated in ﬁgure Example QsigExample PRI RBS conﬁguration RBS conﬁguration task list Enter RBS conﬁguration modeConﬁguring RBS protocol Conﬁguring RBS encapsulation Mode rbsDebugging RBS Noderbs#no encapsulation cc-rbs Example Conﬁguring RBS Ground Start on a E1T1 port RBS Conﬁguration Examples 229 DSL Port Conﬁguration Conﬁguring PPPoE Line Setup Profile napt WAN Conﬁguration Summary Using PVC channels in bridged Ethernet mode Setting up permanent virtual circuits PVCUsing PVC channels with PPPoE Diagnostics Troubleshooting DSL ConnectionsPPPoE access Link State Basic IP routing conﬁguration Routing tables Basic IP routing conﬁguration task listStatic routing Policy routing Conﬁguring static IP routes Displaying IP route information seeNodecfg#context ip router Enters the IP router Context Adds a static route Displaying IP route information Deleting static IP routes 0.0/0 172.16.32.2 Static Conﬁguring policy routing Basic static IP routing example Examples Changing the default UDP port range for RTP and Rtcp RIP conﬁguration Routing protocol Enabling send RIP RIP conﬁguration task list Specifying the send RIP version Enabling an interface to receive RIP Specifying the receive RIP version Example Enabling RIP learn host and defaultEnabling RIP learning Enabling RIP announcing Enabling RIP auto summarization Specifying the default route metric Enabling the poison reverse algorithm Enabling RIP split-horizon processing 3600 Default 180 seconds Setting the RIP route expiryEnabling holding down aged routes Nodeif-ipname#rip route-expiry Displaying global RIP information Displaying RIP conﬁguration of an IP interface 252 Access control list conﬁguration What access lists do About access control listsWhy you should conﬁgure access lists Features of access control lists When to conﬁgure access lists Mapping out the goals of the access control list Access control list conﬁguration task list Nodepf-acl name#permit ip src src-wildcard any Where the syntax is Type type type type code code cos group Nodepf-acl name#permit icmp src src-wildcard anyNodepf-acl name#deny icmp src src-wildcard Any host src dest dest-wildcard any host dest Msg name Where the syntax is as followingType type Code code Card any host src eq port gt port lt port range Nodepf-acl name#permit tcp udp sctp src src-wildPort lt port range from to cos group cos-rtp group Nodepf-acl name#deny tcp udp sctp src src Lt port Eq portGt port Range from to Where the syntax is Displaying an access control list proﬁle Unbind an access control list proﬁle from an interfaceDebugging an access control list proﬁle Control list profile shall be debugged Denying a speciﬁc subnet Commands that have to be entered are listed below Snmp conﬁguration Simple Network Management Protocol Snmp Snmp basic commandsSnmp basic components Snmp management information base MIB Identiﬁcation of a SmartNode via SnmpNetwork management framework Snmp tools Setting basic system informationSnmp conﬁguration task list 271 Example Setting the system group objects Setting access community information Ro rw Or read/write access Specifying the default Snmp trap target Setting allowed host informationNodecfg#snmp host IP-address-of-SN security Nodecfg#snmp target IP-address-of-SN Displaying Snmp related information Using the AdventNet Snmp utilities AdventNet MibBrowser Settings Button on the Toolbar Using the MibBrowser AdventNet TrapViewer displaying received traps Using the TrapViewer Enterprise TimeStampGeneric Type Speciﬁc Type Standard Snmp version 1 traps Snmp interface traps 281 Sntp client conﬁguration Sntp client conﬁguration task list Selecting Sntp time servers Deﬁning Sntp client operating modeUnicast anycast multicast Deﬁning Sntp local UDP port Example Enabling the Sntp client operation Enabling and disabling the Sntp clientExample Disabling the Sntp client operation Deﬁning Sntp client poll interval Deﬁning the Sntp client anycast address Deﬁning Sntp client constant offset to GMTName #show clock local Displays the local time, UTC and the offset of the local Enabling and disabling local clock offset compensation Example Enabling the Sntp client root delay compensationNodecfg#sntp-client anycast-address ip Showing Sntp client related information Example Disabling the Sntp client root delay compensationExample Showing Sntp client related information Debugging Sntp client operation Recommended public Sntp time servers Nist Internet time service 291 Dhcp conﬁguration Dhcp configuration DHCP-client conﬁguration tasks Enable DHCP-client on an IP interfaceDHCP-server and DHCP-client are illustrated in ﬁgure ‘conﬁgure’ conﬁguration mode Example Enable DHCP-client on an IP interface Example Enable Dhcp debug monitor Mode AnyRelease or renew a Dhcp lease manually advanced Get debug output from DHCP-client Conﬁgure DHCP-server proﬁles DHCP-server conﬁguration tasks Nodepf-dhcpsname#no netbios Nodepf-dhcpsname#no defaultNodecfg#proﬁle dhcp-server name Nodepf-dhcpsname#network ip Nodepf-dhcpsname#no bootﬁle boot Use DHCP-server proﬁles and enable the DHCP-serverNodepf-dhcpsname#no next-server All ip-address Deﬁne the Tftp server Option 66 for the DHCP-server Deﬁne the bootﬁle Option 67 for the DHCP-serverCheck DHCP-server conﬁguration and status Get debug output from the DHCP-server Create/Modify DHCP-Relay proﬁle Conﬁgure DHCP-relay Enable/Disable DHCP-Relay Agent DNS conﬁguration Enabling the DNS resolver DNS conﬁguration task listServer-ip-address Enabling the DNS relay DNS relay diagram 307 DynDNS conﬁguration Creating a DynDNS account Conﬁguring the DNS resolver DynDNS conﬁguration task list Conﬁguring the DynDNS server Conﬁguring basic DynDNS settingsWord Mode DynDNS Conﬁguring advanced DynDNS settings optionalTroubleshooting Deﬁning a mail exchanger for your hostname 312 PPP conﬁguration 314 Creating an IP interface for PPP PPP conﬁguration task listNodeif-ipname#point-to-point Nodeif-ipname#ipaddress Nodeif-ipname# no tcp adjust-mssNodeif-ipname#ipaddress dhcp Nodeif-ipname# ipaddress ip-address Creating a PPP subscriber Disable interface IP address auto-conﬁguration from PPPNodeif-ipname#use proﬁle napt name Nodecfg # subscriber ppp name Nodesubscrname# dial inout Optional outboundinbound user passwordChap pap chappap Nodesubscrname# no identiﬁcation Conﬁguring a PPPoE session Trigger forced reconnect of PPP sessions using a timer Tor AC-Name Conﬁguring PPP over a Hdlc Link Case authentication is requiredCreating a PPP proﬁle Optional ﬁle Nodecfg #no proﬁle ppp name DefaultNodepf-pppname#mtu min min max Nodepf-pppname#mru min min max Default Min max max defaultConﬁguring the local and remote PPP Mrru Name pf-ppp proﬁle# mrru min Example Display PPP subscriber conﬁguration information Displaying PPP conﬁguration information Debugging PPP Example Display a PPP proﬁle Nodecfg #show ppp networks level Nodecfg #show ppp links levelNodecfg #show pppoe name Nodecfg #show port interface name LCP Example Display PPP link information Example Display PPPoE information Example Display PPP network protocol information With authentication, encapsulation PPPoE Without authentication, encapsulation multi, with NaptSample conﬁgurations PPP over Ethernet PPPoE With authentication, unnumbered interface Without authentication, numbered interfacePPP over a Hdlc Link Serial Port PPP over a Hdlc Link E1T1 Port PPP Dialer PPP Dial-up over Isdn Dial-up and login information for a certain Following command creates a new PPP dialer Mode context csCreate a dialer Create outbound destinations Conﬁgure recovery strategy Case Create inbound destinations Name inboundprovider#local-e164 Name if-dialerdialer#inboundE164 Name inboundprovider#remote-e164 Debug dialer functionality Example Dial-on demand feature Dial-up on demand Dial-up Dial-up on monitor Dial if possible, and never drop Mode context ip/interfaceDial-up nailed CS context overview CS context conﬁguration components Planning the CS conﬁguration CS context conﬁguration task list Remote ofﬁce in an Enterprise network Conﬁguring the clock source Conﬁguring general CS settings Debugging the clock source Mode Operator execution Selecting PCM law compression Conﬁguring call routingNode sys#clock-sourceslot-number port-number Reference clock Specify call routing Creating and conﬁguring CS interfaces Conﬁguring voice over IP parameters Conﬁguring dial tones Conﬁguring FXS ports Conﬁguring Isdn portsConﬁguring an H.323 VoIP connection Conﬁguring a SIP VoIP connection Activating CS context conﬁguration Node ctx-csswitch#debug call-router detail level Nodectx-csswitch#show call-router config detailNodectx-csswitch#show call-router status detail Level SmartNode in an Enterprise network CS Conﬁguration Planning the CS context First we set clock-source to Isdn port 2/3 Conﬁguring general CS settingsConﬁguring call routing 354 Because we need G.723 as codec we enable Dtmf relay Conﬁguring VoIP settingsWe want to use this proﬁle on our H.323 interfaces Conﬁguring BRI ports Conﬁguring an H.323 VoIP connection Next we conﬁgure call signalingActivating the CS context conﬁguration TAB-CALLED-NUMBER Finally, activate the gateway and CS context Conﬁguration script for our application looks as follows Showing the running conﬁguration 359 360 361 VPN conﬁguration Encryption Authentication Permanent IKE Tunnels Transport and tunnel modesKey management Creating an IPsec transformation proﬁle VPN conﬁguration task listExample Create an IPsec transformation proﬁle Creating an IPsec policy proﬁle Procedure To create an IPsec policy proﬁle Mode Conﬁgure Creating/modifying an outgoing ACL proﬁle for IPsec Displaying IPsec conﬁguration information Conﬁguration of an IP interface and the IP router for IPsec Example Display IPsec policy proﬁles Example Display IPsec transformation proﬁlesDebugging IPsec Example IPsec Debug Output Main differences between manual & IKE Ipsec conﬁgurations Key management IKECreating an Ipsec transform proﬁle Creating an Isakmp transform proﬁle Should be used. Do not specify a peer, if this pol Creating an Isakmp Ipsec policy proﬁleIcy shall be used for multiple peers in transport Mode. The peer can either be an IP address or a Conﬁguration of an IP interface and the IP router for Ipsec Creating/modifying an outgoing ACL proﬁle for IpsecPolicy matching Sample conﬁguration snippet Use proﬁle acl WANOut out Debug ike errorDebug ike event Enabling RTP encryption support Encrypted Voice Performance considerationsPerformance considerations Mode Context ip /interface if-name SmartNode conﬁguration IPsec tunnel, DES encryption Cisco router conﬁguration 379 380 CS interface conﬁguration CS interfaces on the CS context CS interface conﬁguration task list Nodeif-typeif-name#… Examples Create CS interfaces and delete anotherNodeif-typeif-name#exit 384 Conﬁguring the interface mapping tables Service service-name Nodeif- typeif-name #exitTable table-name That shall be applied to all call properties Table in table-nameAnd/or Speciﬁed direction Incoming call passing an interface mapping table Call passing an input and an output mapping table Conﬁguring the precall service tables Number to command Supplementary service invocation commandsSupplementary service invocation command Repeat to add other special number map Isdn interface conﬁguration Isdn interfaces on the CS context Isdn interface conﬁguration task list Conﬁguring an alternate Pstn proﬁle optional Conﬁguring Dtmf dialing optionalNodeif-isdn if-name#no use proﬁle Deﬁnes an alternate Pstn proﬁle to be used for Conﬁguring ringback tone on Isdn user-side interfaces Name if-isdn if-name# no call-waiting Disable call-waitingConﬁguring call waiting optional Disabling call-waiting on Isdn DSS1 network interfaces Enabling Display Information Elements on Isdn Ports Conﬁguring Call-Hold on Isdn interfacesConﬁguring date/time publishing to terminals optional Deﬁning the ‘network-type’ in Isdn interfaces Sending the connected party number Colp optional Home Office Isdn Advice of Charge support 398 All calls If there is no tariff information from the network forNodeif-isdnif- name# aoc-d automatic If there is not charge information from the network Following table shows an overview of the AOC variants Isdn User Interface Connected to a PBX switch etcIsdn Network Interface connected to phones NoChargeAvailable Isdn DivertingLegInformation2 Facility Mode interface isdn interfaceTransmit Direction Receive Direction Nodeif-isdn#caller-name early-alerting Nodeif-isdn#caller-name500 By default Outgoing Isdn call. This feature is disabledNodeif-isdn#caller-name ignore Absence FXS interface conﬁguration Conﬁguring a subscriber number recommended FXS interface conﬁguration task list Conﬁguring caller-ID presentation optional Mode Interface FXSConﬁguring ﬂash hook processing optional Nameif-fxsname#no subscriber Conﬁguring ringing-cadence optional Ing-indication stutter-dial-tone Through Stuttered Dial Tone Conﬁguring the Message Waiting Indication feature for FXS Mat etsi Frequency-shift keyingMat bell Call hold Call transfer FXS supplementary services description Call hold Default enabledCall waiting Tern Drop passive call Call waiting reminder ringDrop active call Call toggle Call park ConferencingNameif-fxsname#no drop-passive Pattern FXO interface conﬁguration FXO interfaces on the CS context Creating an FXO interface FXO services description Deleting an FXO interface Nodectx-csswitch#interface fxo nameNodeif-fxo name # FXO off-hook on caller ID FXO interface conﬁguration task list Nodectx-csswitch#interface fxo if-name Conﬁguring when the digits are dialed optionalNodeif-fxoif-name# Nodeif-fxo if-name# Nodeif-fxoif-name#dial-after dial-tone timeout seconds Figuration mode Nodeif-fxo if-name #ring-number count Nodeif-fxo if-name# Min min-time max max-time Conﬁguring how to detect a call has disconnected optional Battery-reversal tax-pulse Nodeif-fxo if-name#no connect-signal FXO Mute dialing Conﬁguring the destination of the call FXO interface examples RBS interface conﬁguration Creating/Deleting a RBS interface RBS interface conﬁguration task listConﬁguring an alternate Pstn proﬁle Name Face, the ‘no’ form deletes an existing one Conﬁguring additional disconnect signals Mode Interface RBSConﬁguring an alternate Tone-Set proﬁle Conﬁguring B-Channel allocation strategy Node#no debug ccrbs datapath error signaling Nodeif-rbsif-name#no dial-after dial- tone timeout secondsConﬁguring number of Rings before Off-Hook Conﬁguring ready to dial strategy Prints information about ongoing calls on Node#show ccrbs call if-name detail levelSelected interface Node#show ccrbs interface if-name detail Interface conﬁguration Interface conﬁguration task list Examples Deﬁne the IP address of the remote H.323 entity Binding the interface to an H.323 gateway Conﬁguring an alternate VoIP proﬁle optional Node if- h323 if-name #itc rx 3k1 Conﬁguring CLIP/CLIR support optionalSpeciﬁes the information transfer capability to Node if- h323 if-name #itc tx 3k1 Enabling the early call connect optional Enabling ‘early-proceeding’ on H.323 interfacesNameif-h323if-name#early-proceeding Nameif-h323name#early-connect Enabling the via address support optional Enabling the early call disconnect optional Nodeif-h323if-name# remoteport port Conﬁguring status inquiry settings optionalIng connection should be established AOC-D Support for H.323 Nodeif-h323if-name# no aoc-d Mode context cs/interfce h.323 interface-nameNodeif-h323if-name# no aoc-d emit SIP interface conﬁguration SIP interface conﬁguration task list SIP Conﬁgure a remote host Binding the interface to a SIP gatewayNodeif-sipif-name# no bind context Sip-gateway gw-name Conﬁguring a local host Optional Using an alternate VoIP proﬁle OptionalNodeif-sipif-name# no remote host Nodeif-sipif-name# no local host Using an alternate Tone-Set proﬁle Optional Using an alternate SIP proﬁle OptionalNodeif-sipif-name#use proﬁle voip Nodeif-sipif-name#use proﬁle sip pro Conﬁguring address translation Optional Conﬁguring early call connect / disconnect OptionalMapping call-control properties in SIP headers Conﬁguring Isdn Redirecting Number Tunneling Over SIP Mapping SIP headers to call-control propertiesHeader Updating caller address parameters SIP Diversion Header 450 SIP Refer Transmission & Isdn Explicit Call Transfer support 452 Name if-sip interface#no aoc-d AOC Over SIP OptionalAccept Name if-sip interface#no aoc-d emit Enabling the SIP penalty-box feature Optional Enabling the session timer Optional Conﬁgure the SIP hold method Optional Default zero-ip Call router conﬁguration Call router configuration 458 Direct call routing vs. advanced call routing Map out the goals for the call router Call router conﬁguration task list Conﬁgure address completion timeout Enable advanced call routing on circuit interfacesConﬁgure general call router behavior Address-completion timeout timeout Example Conﬁgure address completion timeoutDigit-collection timeout timeout Digit-collection terminating-char char Conﬁgure number preﬁx for Isdn number types Procedure To conﬁgure number preﬁx Mode Context CSExample Conﬁgure number preﬁx National-preﬁx preﬁx Create a routing table Conﬁgure call routing tables Calling-e164 Called party number routing table Example Called party number routing tableRegular Expressions Symbol Description Digit Collection Digit Collection Variants Example Digit collection of any number Dialed Selected Description Number Entry Number type routing table Calling party number routing table Numbering plan routing table IP address routing table Name routing table URI routing table Presentation Indicator Routing TableSmith must be escaped with a backslash \, because Dot . means ‘any character’ in a regular expression Screening Indicator Routing Table Information transfer capability routing table 478 Time of day routing table Default Any other unhandled case Mode context csDay of Week Routing Table Example Day of week routing table Node ctx-cs switch #routing-table Procedure To delete an entire routing tableDeleting routing tables Resulting running-conﬁg is Example Remove an entire routing table Node ctx-cs switch #no routing-tableConﬁgure mapping tables Delete the routing table table-name Type Description Input-Type Description Output-Type Sets the display name of the called Mapping table examples To E.164 Mapping Tables Example Called and calling party manipulation mapping tableInput-type to output-type table-name Away the input-type and output-type 486 487 Other mapping tables Custom SIP URIs from called-/calling-e164 properties Deleting mapping tables Node ctx-cs switch #mapping-tableEnter the mapping table from which you want to remove an Example Remove an entire mapping table Procedure To delete an entire mapping table Mode Context CSCreating complex functions Deleting complex functions Example Create a complex function Digit collection & sending-complete behavior Example Remove an entire complex functionSending-Complete Ingress interface 323 Call-Router True Yes123# Egress Interface Complete-indication clear Mode context cs / interface sip Creating a hunt group service Creating call services Hunt group service Call dest-service service-name Node ctx-cs switch #service huntCause cause Call dest-interface interface-name Normal Event Default Behavior Class Cause Hunt Description Group Service No-user-responding Drop original call Resource Service orUnavailable Option Not Invalid Message Implemented Protocol Error Interworking Distribution group service Creating a distribution group service Nodesvc-huntservice-name# route call Node ctx-cs switch #service distribuDest-service service-name With the ﬁrst conﬁgured destinations Call-router ‘limiter’ service Distribution-Group Min-Concurrent setting ‘Limiter’ service diagram Priority service Priority service diagram Bridge CS Bridge service-‘VoIP Leased Line’ Bridge services diagram Conﬁguration Example Conﬁguring the service second-dialtone Activate the call router conﬁguration Deleting call services Example Create and test a routing table Test the call router conﬁguration 516 Call routing example network 518 CS context and call router elements 520 Conﬁgure partial rerouting Enable push-back aaa service Mode context cs/interface sipMode context cs/service aaa Call reroute Enable push-back distribution-group service Enable push-back bridge serviceEnable push-back hunt group service Enable push-back limiter service SIP call-router services SIP conference-service conﬁguration task list SIP conference-serviceEntering conference-service conﬁguration mode Name ctx-csswitch#no service sip Mode Service SIP conference SIP location-serviceConﬁguring the conference server Ference-server host-name port Entering SIP location-service conﬁguration mode SIP location-service conﬁguration task list Conﬁguring the hunt timeout Binding a location serviceConﬁguring multi-contact behavior Seconds Tone conﬁguration Tone-set proﬁles Conﬁguring call-progress-tone proﬁles Tone conﬁguration task list Conﬁgure tone-set proﬁles Procedure To conﬁgure a tone-set proﬁle Mode Conﬁgure Procedure To assign a tone-set proﬁle to a Pstn interface Enable tone-set proﬁleFor which a tone indication can be provided Example Show tone-set proﬁle Show call-progress-tone and tone-set proﬁlesNode#show proﬁle call-progress-tone Name Ciﬁc with name name Following example shows how to display the tone-set proﬁle 536 FXS port conﬁguration Shutdown and enable FXS ports Conﬁgure country-speciﬁc FXS port parameters Bind FXS ports to higher layer applicationsNetherlands Enter FXS port conﬁguration mode Mode IC voice in systemOther FXS port parameters Nodeconﬁg#port fxs slot port Example FXO port conﬁguration Bind FXO ports to higher layer applications Shutdown and enable FXO ports Other FXO port parameters Conﬁgure country speciﬁc FXO port parametersNodeconﬁg#port fxo slot port Nodeprt-fxo slot/ port#use Enter FXO port conﬁguration mode Gateway conﬁguration Gateway between IP and CS contexts Enable the gateway Mode Gateway H.323Gateway conﬁguration task list Binding the gateway to an IP interface Conﬁgure registration authentication service RAS Optional Node gw-h323h323#gatekeeper-discov Conﬁgure H.235 Security optionalEry auto gkid 235 conﬁguration Procedure To enable H.235 security on H.323 gateway Word h235-password encrypted \getcryptopassword h235-password masNode gw-h323h323#h235security master Node gw-h323h323#h235security pass Command show h235-securityshows the current setting Default setting isSignaling message Detail debug-level Enabling H.245 Tunneling Advanced conﬁguration options optional Enabling the early H.245 procedure Enabling the fastconnect procedureNodegw-h323h323#h245-tunneling Enables H.245 tunneling Nodegw-h323h323#faststart Enables the fastconnect procedure Setting the response timeout Conﬁguring the trafﬁc class for H.323 signalingNodegw-h323h323#call-signaling-port Port Naling connections Nal gateway Setting the connect timeoutIstration Nodecfg#debug gateway h323 signaling Nodecfg#debug gateway h323 errorH323 status detail level Nodecfg#debug gateway h323 tpktchan Context SIP gateway overview Routing Architecture Context SIP Gateway conﬁguration task list Enter conﬁguration modeFrom-URI-Host equal Remote Request-URI-Host equal Local Creating a context SIP gateway Mode Transport Interface Mode Context SIP GatewayCreating a transport interface Conﬁguring the IP binding Conﬁguring a spoofed contact address Binding location servicesEnabling/disabling the context SIP gateway Debug commands TroubleshootingShow status information Node#show context sip-gateway gw Example Conﬁguration Examples Outbound Authentication Inbound Authentication Outbound Registration 569 Inbound Registration B2B User Agent with Registered Clients 572 VoIP proﬁle conﬁguration VoIP profile configuration Creating a VoIP proﬁle VoIP proﬁle conﬁguration task listNodecfg#profile voip name Nodepf-voip name# Conﬁgure codecs Procedure Remove a codec from the list Mode Proﬁle VoIP Mode Proﬁle VoIPProcedure Insert a codec at a speciﬁc position in the list Conﬁguring the transparent-clearmode codec Mode VoIP nameConﬁguring the Cisco versions of the G.726 codecs Conﬁguring Dtmf relay DefaultrtpsignalingConﬁguring RTP payload types Nodepf-voip pf-name#dtmf-relay Conﬁguring RTP payload type for Cisco NSE Conﬁguring RTP payload type for transparent-clearmodeConﬁguring Cisco NSE for Fax Nodepf-voip name#rtp payload-type nse Jitter and dejitter buffer Conﬁguring the dejitter buffer advanced Adaptive Procedure Conﬁgure the dejitter buffer Dejitter buffer is allowed to introduce. This setting Max-delayEnabling/disabling ﬁlters advanced Is valid for all modes Illustrates the difference between Fax relay and Fax bypass Conﬁguring Fax transmission Fax relay and Fax bypass Sion bypass g711alaw64k Nodepf-voipname#fax transmisNodepf-voipname#fax dejitter Nodepf-voipname# fax transmis Volume Mode proﬁle voip proﬁle-nameCED retransmission Retransmission number Mode proﬁle voip pf-name No-Signal RetransmissionMethod default v150-vbdnse Default default Fax bypass method Conﬁguring modem transmission Modem bypass methodNodepf-voip name#modem trans Mission bypass g711alaw64k Conﬁguring IP-IP codec negotiation Conﬁguring the trafﬁc class for Voice and Fax data Home ofﬁce in an enterprise network Home ofﬁce in an enterprise network Description Home ofﬁce with fax Show the conﬁgured proﬁle Soft phone client gateway 595 Disable Dtmf relay Show the conﬁgured proﬁle Pstn proﬁle conﬁguration Creating a Pstn proﬁle Pstn proﬁle conﬁguration task list Procedure Disable echo cancellation Mode Proﬁle Pstn Conﬁguring the echo cancellerProcedure Conﬁgure voice output gain Conﬁguring output gain 600 SIP proﬁle conﬁguration SIP proﬁle conﬁguration task list Entering the conﬁguration mode for a SIP proﬁleMapping from a SIP disconnect cause Namecfg#no profile name name Mapping from a SIP redirection reason Mapping to a SIP causeMapping to a SIP redirection code Q931-cause to sip-cause Authentication Service Creating an Authentication Service Authentication Service conﬁguration task list Conﬁguring a Realm Conﬁguring the authentication protocolCreating credentials Location Service Creating a Location Service Location Service conﬁguration task listAdding a domain Domain Examples Creating an identity Mode Identity Alias Authentication outbound faceBound Authentication inbound face Mode Authentication outboundNodeauthout#authenticate authentica Nodeauthout#authenticate index Nodeauthin#authenticate authentica Mode Authentication inboundNodeauthin#authenticate index Nodeauthin#no authenticate index Registration outbound face Mode Registration outbound Strict-route Noderegout#proxy host portPort strict-route Noderegout#proxy index down posi Registration inbound face Noderegin# no lifetime default secNodeidentityname# no registration Inbound Call outbound face Mode Call outboundNodecallout#proxy host port Nodecallout#proxy index host Mode Call inbound Mode Call outboundCall inbound face Inheriting from an identity group to an identity Creating an identity group Subscription Conﬁguring the Message Waiting Indication feature for SIP Notiﬁcation Mode Message inbound Mode Message inbound Message Waiting Indication through Call-Control This conﬁguration example, inheritance is used VoIP debugging Debugging strategy Filtering debug monitor output Following command will disable the ﬁlter completelyVerifying IP connectivity Example Verify IP connectivity Debugging Isdn signaling Debugging call signalingUnit#debug ccisdn signaling Overview Isdn debug monitors Verify an incoming call Verify an outgoing call Line 630 Verify Isdn layer 2 and 3 status Isdn layer 2 and 3 can be veriﬁed using a show commandDebug isdn event slot port all layer2 layer3 Overview FXS debug monitors Debugging FXS SignalingStops For most verbose output State to RINGING, that means it has accepted the call Overview H.323 debug monitors Debugging H.323 Signaling 635 636 637 Debugging SIP signaling Using SmartWare’s internal call generator No debug media-gate Debugging voice dataWay dejitter Way control detail level Way error Way switchWay rtp Way dsp Check system logs How to submit trouble reports to Patton 643 Appendix a Terms and deﬁnitions Also release SmartWare architecture terms and deﬁnitions Pression Buffer Ory Pots Tftp Appendix B Mode summary Mode overview, 1 Mode Overview, 2 Mode Overview, 3 Appendix C Command summary Ebnf syntax Show command history New Conﬁguration CommandsOther Show help Appendix D Internetworking terms & acronyms Numeric Abbreviations DSS1 MSN SAR Appendix E Used IP ports & available voice Codecs Telnet Used IP portsWebserver Available voice codecs