Manuals / Patton electronic / Communications / IP Phone

Patton electronic SmartNode 4110 Series IPsec tunnel, DES encryption, SmartNode conﬁguration

Models: SmartNode 4110 Series

1 664

Download 664 pages 15.88 Kb

Page 377

SmartWare Software Configuration Guide	32 • VPN configuration

Sample conﬁgurations

The following sample conﬁgurations establish IPsec connections between a SmartNode and a Cisco router. To interconnect two SmartNodes instead, derive the conﬁguration for the second SmartNode by doing the follow- ing modiﬁcations:

•Swap ‘inbound’ and ‘outbound’ settings

•Adjust the ‘peer’ setting

•Swap the private networks in the ACL proﬁles

•Adjust the IP addresses of the LAN and WAN interfaces

•Adjust the route for the remote network

IPsec tunnel, DES encryption

SmartNode conﬁguration

profile ipsec-transform DES esp-encryption des-cbc 64

profile ipsec-policy-manual VPN_DES

use profile ipsec-transform DES

session-key inbound esp-encryption 1234567890ABCDEF session-key outbound esp-encryption FEDCBA0987654321 spi inbound esp 1111

spi outbound esp 2222 peer 200.200.200.1 mode tunnel

profile acl	VPN_Out
permit ip	192.168.1.0 0.0.0.255 172.16.0.0 0.0.255.255 ipsec-policy VPN_DES
permit ip	any any
profile acl	VPN_In
permit esp any any
permit ah	any any
permit ip	172.16.0.0 0.0.255.255 192.168.1.0 0.0.0.255

deny ip any any

context ip router

interface LAN

ipaddress 192.168.1.1 255.255.255.0

interface WAN

ipaddress 200.200.200.2 255.255.255.252 use profile acl VPN_In in

use profile acl VPN_Out out

context ip router

route 0.0.0.0 0.0.0.0 200.200.200.1 0 route 172.16.0.0 255.255.0.0 WAN 0

Sample configurations

377

Image 377

Patton electronic SmartNode 4110 Series manual IPsec tunnel, DES encryption, SmartNode conﬁguration

Contents

SmartWare Release Patton Electronics Company, Inc Summary Table of Contents SmartWare Software Configuration Guide Table of Contents Command line interface CLI Copying configurations to and from a remote storage location IP context overview 11 NAT/NAPT configuration Serial port configuration PRI port configuration Isdn Overview Basic IP routing configuration Snmp configuration Dhcp configuration CS context overview VPN configuration CS interface configuration FXO interface configuration SIP interface configuration Table of Contents 524 45 H.323 gateway configuration Pstn profile configuration Location Service Terms and definitions List of Figures SmartWare Software Configuration Guide List of Tables Audience How to read this guideAbout this guide Structure About this guide About this guide Typographical conventions used in this document PrecautionsGeneral conventions Garamond bold typeSmartWare Software Configuration GuideAbout this guide Mouse conventions Service and supportPatton support headquarters in the USA Fax +1 253Patton Electronics Company Warranty coverageRMA numbers System overview Chapter contentsIntroduction SmartWare embedded software Circuit SwitchVoIP Gateway IP RouterCarrier networks ApplicationsWAN Enterprise networksTypical LAN telephony system with a SmartNode gateway LAN telephonyConﬁguration concepts Conﬁguration concept overview Context Contexts and GatewaysExample GatewayInterfaces Interfaces, Ports, and BindingsPorts and circuits BindingsProﬁles Proﬁles and Use commandsUse Commands Command line interface CLI Operator exec mode, the system prompt is displayed as Command modesCLI prompt Command help Command editingCommand completion Navigating the CLICommand Editing Shortcuts Command historyAccessing the CLI If desired Accessing the SmartWare CLI task listEnding a Telnet or console port session see Accessing via the console portConsole port procedure Telnet Procedure Accessing via a Telnet sessionUsing an alternate TCP listening port for the Telnet server Disabling the Telnet serverLogin display Selecting a secure passwordFactory preset administrator account Password encryptionConﬁguring operators and administrators Creating an operator accountName and password password Creating an administrator accountOpening a secure conﬁguration session over SSH Nodecfg#copy running-conﬁg startup-conﬁgDisplaying account information Mode EnableDisplaying the CLI version Checking identity and connected users Switching to another accountNode# who Node whoCommand index numbers Used in operator execution modeAccessing the CLI Ending a Telnet or console port session Showing command default valuesSystem image handling System image handling Memory regions in SmartWare Local Persistent Volatile Flash System image handling task listShow version Displaying system image informationCopying system images from a network server to Flash memory Step Command Purpose Upgrading the software directly Here’s an example for conﬁguration provisioning Auto provisioning of ﬁrmware and conﬁgurationExplanation To use and debug provisioning Boot procedure Boot procedureIP Addresses in the Factory Conﬁguration Default Startup ConﬁgurationFactory conﬁguration Conﬁguration ﬁle handling Understanding conﬁguration ﬁles Configuration file handling Sample conﬁguration ﬁle Conﬁguration ﬁle handling task listLocal Memory Regions Copying conﬁgurations within the local memoryBackup already present in ﬂash memory Node# copy nvram backup startup-conﬁgName nvramtarget-name Name into the local memoryRemote memory regions for SmartWare Copying conﬁgurations to and from a remote storage locationNew-startupnvramstartup-conﬁg Displaying conﬁguration ﬁle informationNodecfg# copy tftp//ip-addressport Modifying the running conﬁguration at the CLI Node#reload Modifying the running conﬁguration ofﬂineNode#copy running-conﬁg tftp//node-ip Deleting a speciﬁed conﬁguration Example Modifying the running conﬁguration ofﬂineExample Deleting a speciﬁed conﬁguration Delete the conﬁguration named minimal explicitlyEncrypted ﬁle download CLI copy command copy tftp//host/path conﬁg-ﬁleEncrypted Conﬁguration Download Auto provisioningUse Cases Install a custom encryption key optionalUpload an encrypted conﬁguration ﬁle Encrypt a conﬁguration ﬁleDownload an encrypted conﬁguration ﬁle Basic system management Basic system management conﬁguration task list Downloads the license key ﬁle and install Managing feature license keysNode cfg#copy tftp//tftp-server/path/ﬁle Name licenses LicensesSetting system information System banner with message to operators Setting the system bannerDisplay clock information Setting time and dateConﬁguring the Web server Display time since last restartDetermining and deﬁning the active CLI version De enDisplaying the system logs Restarting the systemUnit Controlling command executionDisplaying reports Show the currently running commands Ctrl-zsuspend active commandCtrl-cterminate current command Bring job 0 to foregroundMode System Timed execution of CLI commandSome examples Displaying the checksum of a conﬁgurationName sys#no terminal idle-time Radius Client Conﬁguration AAA component General AAA Conﬁguration Authentication procedure with a Radius serverNodepf-authname#server-timeout Nodecfg#proﬁle authentication nameAuthentication proﬁle-name Nodecfg#show proﬁle authenticationRadius conﬁguration Example Conﬁgure the Radius clients as shown in ﬁgure Conﬁguring Radius clientsVendor Conﬁguring Radius accounting109 Attributes in the Radius request message Conﬁguring the Radius serverAttributes in the Radius accept message Conﬁguring the local database accountsWord password Example Create an administrator and an operator accountPassword Base. The no form removes an existing accountStoring call logs with quality information IP context overview IP context and related elements IP context overview conﬁguration task list Conﬁguring physical ports Planning your IP conﬁgurationCreating and conﬁguring IP interfaces IP interface related informationConﬁguring RIP Conﬁguring NaptConﬁguring static IP routing Conﬁguring quality of service QoS Conﬁguring access control listsIP interface conﬁguration Creating an IP interface IP interface conﬁguration task listNodectx-iprouter#interface name Nodeif-ip name#Deleting an IP interface Conﬁguring a Napt DMZ interface Setting the IP address and netmaskName if-ip if-name# no napt InsideRouter advertisement broadcast message Icmp message processingIcmp redirect messages Deﬁning the MTU and MSS of the interface Nodeif-ipname#tcp adjust-mssExample Deﬁning the MTU of the interface MTU packet size value must be in the range fromDisplaying IP interface information Conﬁguring an interface as a point-to-point linkDisplaying dynamic ARP entries Testing connections with the ping commandFlushing dynamic ARP entries Processing gratuitous ARP requestsBer timeout seconds Mode Either operator or administrator executionIP link supervision Node#ping address numShow IP link status Check connectivity of an IP linkDebug connectivity Debug ARPExample Debug ARP output TracerouteExample Display the ARP information Conﬁguring the Igmp ProxyNAT/NAPT conﬁguration Dynamic Napt Dynamic NAT Tftp because the SmartNode might become inaccessibleStatic Napt Napt traversal Static NATCreating a Napt proﬁle NAT/NAPT conﬁguration task listNode cfg#proﬁle napt name OptionalDeﬁning Napt port ranges Conﬁguring a Napt DMZ hostOptional Ahespgreipv6 localip AH, ESP, GRE, or IPv6 respectively directed toName pf-napt pf-name# udp-handling symmetricaddress Preserving TCP/UDP port numbers in NaptDeﬁning the UDP Napt type Displaying NAT/NAPT conﬁguration information Activate NAT/NAPTNode cfg#context ip router Node cfg#show proﬁle naptConﬁguring NAT static protocol entries Mode proﬁle napt pf-naptExample Display NAT/NAPT conﬁguration information Ethernet port conﬁguration Conﬁguring medium for an Ethernet port Entering the Ethernet port conﬁguration modeEthernet port conﬁguration task list Binding an Ethernet port to an IP interface Conﬁguring Ethernet encapsulation type for an Ethernet portNodeprt-eth slot/port#encapsulation ip Conﬁgures the encapsulation type to IPNodeprt-eth slot/port#bind interface name router Multiple IP addresses on Ethernet portsConﬁguring a Vlan Nodeprt-ethslot/port#vlan id Nodeconﬁg#port ethernet slot portNodevlanid#encapsulation ippppoemulti Nodevlanid#bind interface name routerNodeprt-eth slot/port#cos rx-map layer Adding a receive mapping table entryExample Adding a receive mapping table entry Closing an Ethernet port Adding a transmit mapping table entryUsing the built-in Ethernet sniffer Nvramethernet-0-0-1.cap Following is an example of how the sniffer is normally usedNvramethernet-0-slot-port.cap Link scheduler conﬁguration Applying scheduling at the bottleneck Using trafﬁc classesIntroduction to Scheduling Weighted fair queuing WFQPriority ShapingHierarchy Burst tolerant shaping or wfqQuick references Setting the modem ratePolicy-map policy-map Proﬁle service-policy Command cross referenceLink scheduler conﬁguration task list Source trafﬁc-class classPacket classiﬁcation Enable statistics gathering seeDeﬁning the access control list proﬁle Scenario with Web server regarded as a single source host Creating an access control listNodecfg#proﬁle acl name Creating a service policy proﬁleNodepf-acl name#permit ip host ip-address any trafﬁc-class Nodepf-acl name#permit ip any anyStructure of a Service-Policy Proﬁle Specifying the handling of trafﬁc-classes Deﬁning fair queuing weightSpecifying the type-of-service TOS ﬁeld Mode SourceDeﬁning the bit-rate Deﬁning absolute prioritySpecifying the precedence ﬁeld Specifying differentiated services codepoint Dscp markingNodesrc name#set ip tos value Nodesrc name#set ip precedence valueSpecifying layer 2 marking Deﬁnes the Class-Of-Service value applied to packets of forNodesrc name#set ip dscp value Value is from 0 toDeﬁning random early detection Quality of Service for routed RTP streamsDiscarding Excess Load Nodesrc name#random-detect burst-toleranceMode proﬁle service-policy/proﬁle Policy name in out Devoting the service policy proﬁle to an interfaceNodeif-ip if-name#use proﬁle service Displaying link scheduling proﬁle information Enable statistics gatheringDisplaying link arbitration status Optional Value Implication on Command Output Serial port conﬁguration Disabling an interface Serial port conﬁguration task listEnabling an interface Port Conﬁguring the serial encapsulation typeConﬁguring the hardware port protocol Conﬁguring the active clock edge Baudrate Conﬁguring the baudrate176 Frame Relay conﬁguration Conﬁguring Frame Relay encapsulation Frame Relay conﬁguration task listConﬁguring the keep-alive interval Conﬁguring the LMI typeBer to be used on the speciﬁed virtual circuit Enabling fragmentationNodepvc dlci#fragment size For this PVC only FRF.12 end-to-end fragmentationEntering Frame Relay PVC conﬁguration mode Binding the Frame Relay PVC to IP interface Conﬁguring the PVC encapsulation typeIP interface wan is bound to PVC 1 on port serial 0 Mode PVCDisabling a Frame Relay PVC Enabling a Frame Relay PVCDebugging Frame Relay Displaying Frame Relay information Integrated service access 188 Check that the Frame Relay settings are correct Conﬁgure the serial interface settingsExample 2 Frame Relay on e1t1 with a channel-group PRI port conﬁguration PRI port conﬁguration task list TerminologyPRI Debugging Enable/Disable PRI portConﬁguring PRI port-type Conﬁguring PRI clock-modeName prt-e1t1 slot/port# linecode Conﬁguring PRI framingAmi b8zs hdb3 Name prt-e1t1 slot/port# framingConﬁguring PRI application mode E1T1 only Conﬁguring PRI line-build-out E1T1 in T1 mode onlyConﬁguring PRI used-connector E1T1 in E1 mode only Conﬁguring PRI Loopback detection E1T1 only Conﬁguring PRI LOS threshold E1T1 onlyConﬁguring PRI encapsulation Default disabledCreate a Channel-Group Mode channel-group group-nameConﬁguring Channel-Group Timeslots Conﬁguring Channel-Group EncapsulationMode channel-group group Entering Hdlc Conﬁguration ModeMode hdlc Conﬁguring Hdlc CRC-TypePRI Debugging Default no encapsulationConﬁguring Hdlc Encapsulation PRI Conﬁguration Examples Example 3 RBS with a channel-group Example 1 IsdnExample 2 RBS without a channel-group Example 4 Frame Relay without a channel-group Example 7 PPP with a channel-group Example 5 Framerelay with a channel-groupExample 6 PPP without a channel-group BRI port conﬁguration Conﬁguring BRI clock-mode Enable/Disable BRI portBRI port conﬁguration task list Feed Default disabled Conﬁguring BRI Power-FeedConﬁguring BRI encapsulation Creating a channel groupTimeslots timeslots Default no timeslotsName ch-grp group-name#no Selects the timeslot to be used Name#show port bri BRI DebuggingName#no debug bri BRI Conﬁguration Examples Example 1 Isdn with auto clock/uni-side settingsExample 2 Isdn with manual clock/uni-side settings Example 3 Multi-Link PPP over two B-Channels Isdn Overview Isdn reference points Isdn reference pointsPossible SmartNode port conﬁgurations Isdn UNI Signaling215 Isdn Layering Isdn Conﬁguration ConceptIsdn conﬁguration Mode base-mode Enter Q.921 conﬁguration modeIsdn conﬁguration task list Conﬁguring Q.921 parametersConﬁguring Q.921 encapsulation Mode q921Enter Q.931 conﬁguration mode Conﬁguring Q.931 parameters Mode q931Nodeq931slot/port#no signalling-rule Nodeq931slot/port#signalling-ruleEtsi Pss1oldDebugging Isdn Conﬁguring Q.931 encapsulationFace if-name Control interfaceNode#show port isdn slot port detail level Isdn Conﬁguration ExamplesExample being clock slave on uni network interface Example PRI Example QsigAssume the scenario as illustrated in ﬁgure RBS conﬁguration Conﬁguring RBS protocol Enter RBS conﬁguration modeRBS conﬁguration task list Conﬁguring RBS encapsulation Mode rbsDebugging RBS Noderbs#no encapsulation cc-rbsExample Conﬁguring RBS Ground Start on a E1T1 port RBS Conﬁguration Examples229 DSL Port Conﬁguration Conﬁguring PPPoE Line SetupProfile napt WAN Conﬁguration SummaryUsing PVC channels with PPPoE Setting up permanent virtual circuits PVCUsing PVC channels in bridged Ethernet mode Diagnostics Troubleshooting DSL ConnectionsPPPoE access Link StateBasic IP routing conﬁguration Routing tables Basic IP routing conﬁguration task listStatic routing Policy routingConﬁguring static IP routes Displaying IP route information seeNodecfg#context ip router Enters the IP router Context Adds a static routeDisplaying IP route information Deleting static IP routes0.0/0 172.16.32.2 Static Conﬁguring policy routingBasic static IP routing example ExamplesChanging the default UDP port range for RTP and Rtcp RIP conﬁguration Routing protocol Enabling send RIP RIP conﬁguration task listSpecifying the send RIP version Enabling an interface to receive RIPEnabling RIP learning Example Enabling RIP learn host and defaultSpecifying the receive RIP version Enabling RIP announcing Enabling RIP auto summarization Specifying the default route metricEnabling the poison reverse algorithm Enabling RIP split-horizon processing3600 Default 180 seconds Setting the RIP route expiryEnabling holding down aged routes Nodeif-ipname#rip route-expiryDisplaying global RIP information Displaying RIP conﬁguration of an IP interface252 Access control list conﬁguration Why you should conﬁgure access lists About access control listsWhat access lists do Features of access control lists When to conﬁgure access listsMapping out the goals of the access control list Access control list conﬁguration task listNodepf-acl name#permit ip src src-wildcard any Where the syntax is Type type type type code code cos group Nodepf-acl name#permit icmp src src-wildcard anyNodepf-acl name#deny icmp src src-wildcard Any host src dest dest-wildcard any host destMsg name Where the syntax is as followingType type Code codeCard any host src eq port gt port lt port range Nodepf-acl name#permit tcp udp sctp src src-wildPort lt port range from to cos group cos-rtp group Nodepf-acl name#deny tcp udp sctp src srcLt port Eq portGt port Range from toWhere the syntax is Debugging an access control list proﬁle Unbind an access control list proﬁle from an interfaceDisplaying an access control list proﬁle Control list profile shall be debugged Denying a speciﬁc subnet Commands that have to be entered are listed belowSnmp conﬁguration Snmp basic components Snmp basic commandsSimple Network Management Protocol Snmp Network management framework Identiﬁcation of a SmartNode via SnmpSnmp management information base MIB Snmp conﬁguration task list Setting basic system informationSnmp tools 271 Example Setting the system group objects Setting access community informationRo rw Or read/write access Specifying the default Snmp trap target Setting allowed host informationNodecfg#snmp host IP-address-of-SN security Nodecfg#snmp target IP-address-of-SNDisplaying Snmp related information Using the AdventNet Snmp utilitiesAdventNet MibBrowser Settings Button on the Toolbar Using the MibBrowserAdventNet TrapViewer displaying received traps Using the TrapViewerEnterprise TimeStampGeneric Type Speciﬁc TypeStandard Snmp version 1 traps Snmp interface traps 281 Sntp client conﬁguration Sntp client conﬁguration task list Unicast anycast multicast Deﬁning Sntp client operating modeSelecting Sntp time servers Deﬁning Sntp local UDP port Example Enabling the Sntp client operation Enabling and disabling the Sntp clientExample Disabling the Sntp client operation Deﬁning Sntp client poll intervalDeﬁning the Sntp client anycast address Deﬁning Sntp client constant offset to GMTName #show clock local Displays the local time, UTC and the offset of the localNodecfg#sntp-client anycast-address ip Example Enabling the Sntp client root delay compensationEnabling and disabling local clock offset compensation Showing Sntp client related information Example Disabling the Sntp client root delay compensationExample Showing Sntp client related information Debugging Sntp client operationRecommended public Sntp time servers Nist Internet time service291 Dhcp conﬁguration Dhcp configuration DHCP-server and DHCP-client are illustrated in ﬁgure Enable DHCP-client on an IP interfaceDHCP-client conﬁguration tasks ‘conﬁgure’ conﬁguration mode Example Enable DHCP-client on an IP interfaceExample Enable Dhcp debug monitor Mode AnyRelease or renew a Dhcp lease manually advanced Get debug output from DHCP-clientConﬁgure DHCP-server proﬁles DHCP-server conﬁguration tasksNodepf-dhcpsname#no netbios Nodepf-dhcpsname#no defaultNodecfg#proﬁle dhcp-server name Nodepf-dhcpsname#network ipNodepf-dhcpsname#no bootﬁle boot Use DHCP-server proﬁles and enable the DHCP-serverNodepf-dhcpsname#no next-server All ip-addressCheck DHCP-server conﬁguration and status Deﬁne the bootﬁle Option 67 for the DHCP-serverDeﬁne the Tftp server Option 66 for the DHCP-server Get debug output from the DHCP-server Create/Modify DHCP-Relay proﬁle Conﬁgure DHCP-relayEnable/Disable DHCP-Relay Agent DNS conﬁguration Server-ip-address DNS conﬁguration task listEnabling the DNS resolver Enabling the DNS relay DNS relay diagram307 DynDNS conﬁguration Creating a DynDNS account Conﬁguring the DNS resolver DynDNS conﬁguration task listWord Conﬁguring basic DynDNS settingsConﬁguring the DynDNS server Mode DynDNS Conﬁguring advanced DynDNS settings optionalTroubleshooting Deﬁning a mail exchanger for your hostname312 PPP conﬁguration 314 Nodeif-ipname#point-to-point PPP conﬁguration task listCreating an IP interface for PPP Nodeif-ipname#ipaddress Nodeif-ipname# no tcp adjust-mssNodeif-ipname#ipaddress dhcp Nodeif-ipname# ipaddress ip-addressCreating a PPP subscriber Disable interface IP address auto-conﬁguration from PPPNodeif-ipname#use proﬁle napt name Nodecfg # subscriber ppp nameNodesubscrname# dial inout Optional outboundinbound user passwordChap pap chappap Nodesubscrname# no identiﬁcationConﬁguring a PPPoE session Trigger forced reconnect of PPP sessions using a timerTor AC-Name Conﬁguring PPP over a Hdlc Link Case authentication is requiredCreating a PPP proﬁle Optional ﬁleNodecfg #no proﬁle ppp name DefaultNodepf-pppname#mtu min min max Nodepf-pppname#mru min min maxDefault Min max max defaultConﬁguring the local and remote PPP Mrru Name pf-ppp proﬁle# mrru minExample Display PPP subscriber conﬁguration information Displaying PPP conﬁguration informationDebugging PPP Example Display a PPP proﬁleNodecfg #show ppp networks level Nodecfg #show ppp links levelNodecfg #show pppoe name Nodecfg #show port interface nameLCP Example Display PPP link informationExample Display PPPoE information Example Display PPP network protocol informationWith authentication, encapsulation PPPoE Without authentication, encapsulation multi, with NaptSample conﬁgurations PPP over Ethernet PPPoEWith authentication, unnumbered interface Without authentication, numbered interfacePPP over a Hdlc Link Serial Port PPP over a Hdlc Link E1T1 PortPPP Dialer PPP Dial-up over IsdnDial-up and login information for a certain Following command creates a new PPP dialer Mode context csCreate a dialer Create outbound destinationsConﬁgure recovery strategy Case Create inbound destinationsName inboundprovider#local-e164 Name if-dialerdialer#inboundE164 Name inboundprovider#remote-e164Debug dialer functionality Example Dial-on demand featureDial-up on demand Dial-upDial-up nailed Dial if possible, and never drop Mode context ip/interfaceDial-up on monitor CS context overview CS context conﬁguration components Planning the CS conﬁguration CS context conﬁguration task listRemote ofﬁce in an Enterprise network Conﬁguring the clock source Conﬁguring general CS settingsDebugging the clock source Mode Operator executionSelecting PCM law compression Conﬁguring call routingNode sys#clock-sourceslot-number port-number Reference clockSpecify call routing Creating and conﬁguring CS interfacesConﬁguring voice over IP parameters Conﬁguring dial tonesConﬁguring FXS ports Conﬁguring Isdn portsConﬁguring an H.323 VoIP connection Conﬁguring a SIP VoIP connectionActivating CS context conﬁguration Node ctx-csswitch#debug call-router detail level Nodectx-csswitch#show call-router config detailNodectx-csswitch#show call-router status detail LevelSmartNode in an Enterprise network CS Conﬁguration Planning the CS contextConﬁguring call routing Conﬁguring general CS settingsFirst we set clock-source to Isdn port 2/3 354 Because we need G.723 as codec we enable Dtmf relay Conﬁguring VoIP settingsWe want to use this proﬁle on our H.323 interfaces Conﬁguring BRI portsActivating the CS context conﬁguration Next we conﬁgure call signalingConﬁguring an H.323 VoIP connection TAB-CALLED-NUMBER Finally, activate the gateway and CS contextConﬁguration script for our application looks as follows Showing the running conﬁguration359 360 361 VPN conﬁguration Encryption AuthenticationKey management Transport and tunnel modesPermanent IKE Tunnels Creating an IPsec transformation proﬁle VPN conﬁguration task listExample Create an IPsec transformation proﬁle Creating an IPsec policy proﬁleProcedure To create an IPsec policy proﬁle Mode Conﬁgure Creating/modifying an outgoing ACL proﬁle for IPsec Displaying IPsec conﬁguration information Conﬁguration of an IP interface and the IP router for IPsecExample Display IPsec policy proﬁles Example Display IPsec transformation proﬁlesDebugging IPsec Example IPsec Debug OutputCreating an Ipsec transform proﬁle Key management IKEMain differences between manual & IKE Ipsec conﬁgurations Creating an Isakmp transform proﬁle Should be used. Do not specify a peer, if this pol Creating an Isakmp Ipsec policy proﬁleIcy shall be used for multiple peers in transport Mode. The peer can either be an IP address or aConﬁguration of an IP interface and the IP router for Ipsec Creating/modifying an outgoing ACL proﬁle for IpsecPolicy matching Sample conﬁguration snippetDebug ike event Debug ike errorUse proﬁle acl WANOut out Performance considerations Encrypted Voice Performance considerationsEnabling RTP encryption support Mode Context ip /interface if-name SmartNode conﬁguration IPsec tunnel, DES encryptionCisco router conﬁguration 379 380 CS interface conﬁguration CS interfaces on the CS context CS interface conﬁguration task listNodeif-typeif-name#exit Examples Create CS interfaces and delete anotherNodeif-typeif-name#… 384 Table table-name Service service-name Nodeif- typeif-name #exitConﬁguring the interface mapping tables That shall be applied to all call properties Table in table-nameAnd/or Speciﬁed directionIncoming call passing an interface mapping table Call passing an input and an output mapping table Conﬁguring the precall service tablesNumber to command Supplementary service invocation commandsSupplementary service invocation command Repeat to add other special number mapIsdn interface conﬁguration Isdn interfaces on the CS context Isdn interface conﬁguration task listConﬁguring an alternate Pstn proﬁle optional Conﬁguring Dtmf dialing optionalNodeif-isdn if-name#no use proﬁle Deﬁnes an alternate Pstn proﬁle to be used forConﬁguring ringback tone on Isdn user-side interfaces Name if-isdn if-name# no call-waiting Disable call-waitingConﬁguring call waiting optional Disabling call-waiting on Isdn DSS1 network interfacesConﬁguring date/time publishing to terminals optional Conﬁguring Call-Hold on Isdn interfacesEnabling Display Information Elements on Isdn Ports Deﬁning the ‘network-type’ in Isdn interfaces Sending the connected party number Colp optionalHome Office Isdn Advice of Charge support 398 All calls If there is no tariff information from the network forNodeif-isdnif- name# aoc-d automatic If there is not charge information from the networkFollowing table shows an overview of the AOC variants Isdn User Interface Connected to a PBX switch etcIsdn Network Interface connected to phones NoChargeAvailableIsdn DivertingLegInformation2 Facility Mode interface isdn interfaceTransmit Direction Receive Direction500 Nodeif-isdn#caller-nameNodeif-isdn#caller-name early-alerting By default Outgoing Isdn call. This feature is disabledNodeif-isdn#caller-name ignore AbsenceFXS interface conﬁguration Conﬁguring a subscriber number recommended FXS interface conﬁguration task listConﬁguring caller-ID presentation optional Mode Interface FXSConﬁguring ﬂash hook processing optional Nameif-fxsname#no subscriberConﬁguring ringing-cadence optional Ing-indication stutter-dial-tone Through Stuttered Dial Tone Conﬁguring the Message Waiting Indication feature for FXSMat bell Frequency-shift keyingMat etsi Call hold Call transfer FXS supplementary services descriptionCall hold Default enabledCall waiting TernDrop passive call Call waiting reminder ringDrop active call Call toggleCall park ConferencingNameif-fxsname#no drop-passive PatternFXO interface conﬁguration FXO interfaces on the CS context Creating an FXO interface FXO services descriptionNodeif-fxo name # Nodectx-csswitch#interface fxo nameDeleting an FXO interface FXO off-hook on caller ID FXO interface conﬁguration task listNodectx-csswitch#interface fxo if-name Conﬁguring when the digits are dialed optionalNodeif-fxoif-name# Nodeif-fxo if-name#Nodeif-fxoif-name#dial-after dial-tone timeout seconds Figuration modeNodeif-fxo if-name #ring-number count Nodeif-fxo if-name#Min min-time max max-time Conﬁguring how to detect a call has disconnected optionalBattery-reversal tax-pulse Nodeif-fxo if-name#no connect-signalFXO Mute dialing Conﬁguring the destination of the callFXO interface examples RBS interface conﬁguration Creating/Deleting a RBS interface RBS interface conﬁguration task listConﬁguring an alternate Pstn proﬁle Name Face, the ‘no’ form deletes an existing oneConﬁguring additional disconnect signals Mode Interface RBSConﬁguring an alternate Tone-Set proﬁle Conﬁguring B-Channel allocation strategyNode#no debug ccrbs datapath error signaling Nodeif-rbsif-name#no dial-after dial- tone timeout secondsConﬁguring number of Rings before Off-Hook Conﬁguring ready to dial strategyPrints information about ongoing calls on Node#show ccrbs call if-name detail levelSelected interface Node#show ccrbs interface if-name detailInterface conﬁguration Interface conﬁguration task list Examples Deﬁne the IP address of the remote H.323 entity Binding the interface to an H.323 gatewayConﬁguring an alternate VoIP proﬁle optional Node if- h323 if-name #itc rx 3k1 Conﬁguring CLIP/CLIR support optionalSpeciﬁes the information transfer capability to Node if- h323 if-name #itc tx 3k1Enabling the early call connect optional Enabling ‘early-proceeding’ on H.323 interfacesNameif-h323if-name#early-proceeding Nameif-h323name#early-connectEnabling the via address support optional Enabling the early call disconnect optionalIng connection should be established Conﬁguring status inquiry settings optionalNodeif-h323if-name# remoteport port AOC-D Support for H.323 Nodeif-h323if-name# no aoc-d emit Mode context cs/interfce h.323 interface-nameNodeif-h323if-name# no aoc-d SIP interface conﬁguration SIP interface conﬁguration task list SIPConﬁgure a remote host Binding the interface to a SIP gatewayNodeif-sipif-name# no bind context Sip-gateway gw-nameConﬁguring a local host Optional Using an alternate VoIP proﬁle OptionalNodeif-sipif-name# no remote host Nodeif-sipif-name# no local hostUsing an alternate Tone-Set proﬁle Optional Using an alternate SIP proﬁle OptionalNodeif-sipif-name#use proﬁle voip Nodeif-sipif-name#use proﬁle sip proMapping call-control properties in SIP headers Conﬁguring early call connect / disconnect OptionalConﬁguring address translation Optional Header Mapping SIP headers to call-control propertiesConﬁguring Isdn Redirecting Number Tunneling Over SIP Updating caller address parameters SIP Diversion Header 450 SIP Refer Transmission & Isdn Explicit Call Transfer support 452 Name if-sip interface#no aoc-d AOC Over SIP OptionalAccept Name if-sip interface#no aoc-d emitEnabling the SIP penalty-box feature Optional Enabling the session timer OptionalConﬁgure the SIP hold method Optional Default zero-ipCall router conﬁguration Call router configuration 458 Direct call routing vs. advanced call routing Map out the goals for the call router Call router conﬁguration task listConﬁgure general call router behavior Enable advanced call routing on circuit interfacesConﬁgure address completion timeout Address-completion timeout timeout Example Conﬁgure address completion timeoutDigit-collection timeout timeout Digit-collection terminating-char charConﬁgure number preﬁx for Isdn number types Procedure To conﬁgure number preﬁx Mode Context CSExample Conﬁgure number preﬁx National-preﬁx preﬁxCreate a routing table Conﬁgure call routing tablesCalling-e164 Regular Expressions Example Called party number routing tableCalled party number routing table Symbol Description Digit Collection Digit Collection Variants Example Digit collection of any number Dialed Selected Description Number Entry Number type routing table Calling party number routing tableNumbering plan routing table IP address routing table Name routing tableURI routing table Presentation Indicator Routing TableSmith must be escaped with a backslash \, because Dot . means ‘any character’ in a regular expressionScreening Indicator Routing Table Information transfer capability routing table 478 Time of day routing table Default Any other unhandled case Mode context csDay of Week Routing Table Example Day of week routing tableNode ctx-cs switch #routing-table Procedure To delete an entire routing tableDeleting routing tables Resulting running-conﬁg isExample Remove an entire routing table Node ctx-cs switch #no routing-tableConﬁgure mapping tables Delete the routing table table-nameType Description Input-Type Description Output-Type Sets the display name of the called Mapping table examples To E.164 Mapping Tables Example Called and calling party manipulation mapping tableInput-type to output-type table-name Away the input-type and output-type486 487 Other mapping tables Custom SIP URIs from called-/calling-e164 propertiesEnter the mapping table from which you want to remove an Node ctx-cs switch #mapping-tableDeleting mapping tables Creating complex functions Procedure To delete an entire mapping table Mode Context CSExample Remove an entire mapping table Deleting complex functions Example Create a complex functionDigit collection & sending-complete behavior Example Remove an entire complex functionSending-Complete Ingress interface323 Call-Router123# YesTrue Egress Interface Complete-indication clear Mode context cs / interface sipCreating a hunt group service Creating call servicesHunt group service Call dest-service service-name Node ctx-cs switch #service huntCause cause Call dest-interface interface-nameNormal Event Default Behavior Class Cause Hunt Description Group ServiceNo-user-responding Drop original call Resource Service orUnavailable Option NotInvalid Message ImplementedProtocol Error Interworking Distribution group service Creating a distribution group serviceNodesvc-huntservice-name# route call Node ctx-cs switch #service distribuDest-service service-name With the ﬁrst conﬁgured destinationsCall-router ‘limiter’ service Distribution-Group Min-Concurrent setting‘Limiter’ service diagram Priority servicePriority service diagram Bridge CS Bridge service-‘VoIP Leased Line’Bridge services diagram Conﬁguration Example Conﬁguring the service second-dialtoneActivate the call router conﬁguration Deleting call servicesExample Create and test a routing table Test the call router conﬁguration516 Call routing example network 518 CS context and call router elements 520 Conﬁgure partial rerouting Enable push-back aaa service Mode context cs/interface sipMode context cs/service aaa Call rerouteEnable push-back distribution-group service Enable push-back bridge serviceEnable push-back hunt group service Enable push-back limiter serviceSIP call-router services SIP conference-service conﬁguration task list SIP conference-serviceEntering conference-service conﬁguration mode Name ctx-csswitch#no service sipMode Service SIP conference SIP location-serviceConﬁguring the conference server Ference-server host-name portEntering SIP location-service conﬁguration mode SIP location-service conﬁguration task listConﬁguring the hunt timeout Binding a location serviceConﬁguring multi-contact behavior SecondsTone conﬁguration Tone-set proﬁles Conﬁguring call-progress-tone proﬁles Tone conﬁguration task listConﬁgure tone-set proﬁles Procedure To conﬁgure a tone-set proﬁle Mode ConﬁgureFor which a tone indication can be provided Enable tone-set proﬁleProcedure To assign a tone-set proﬁle to a Pstn interface Example Show tone-set proﬁle Show call-progress-tone and tone-set proﬁlesNode#show proﬁle call-progress-tone Name Ciﬁc with name nameFollowing example shows how to display the tone-set proﬁle 536 FXS port conﬁguration Shutdown and enable FXS ports Netherlands Bind FXS ports to higher layer applicationsConﬁgure country-speciﬁc FXS port parameters Enter FXS port conﬁguration mode Mode IC voice in systemOther FXS port parameters Nodeconﬁg#port fxs slot portExample FXO port conﬁguration Bind FXO ports to higher layer applications Shutdown and enable FXO portsOther FXO port parameters Conﬁgure country speciﬁc FXO port parametersNodeconﬁg#port fxo slot port Nodeprt-fxo slot/ port#useEnter FXO port conﬁguration mode Gateway conﬁguration Gateway between IP and CS contexts Enable the gateway Mode Gateway H.323Gateway conﬁguration task list Binding the gateway to an IP interfaceConﬁgure registration authentication service RAS Optional Ery auto gkid Conﬁgure H.235 Security optionalNode gw-h323h323#gatekeeper-discov 235 conﬁguration Procedure To enable H.235 security on H.323 gatewayWord h235-password encrypted \getcryptopassword h235-password masNode gw-h323h323#h235security master Node gw-h323h323#h235security passCommand show h235-securityshows the current setting Default setting isSignaling message Detail debug-levelEnabling H.245 Tunneling Advanced conﬁguration options optionalEnabling the early H.245 procedure Enabling the fastconnect procedureNodegw-h323h323#h245-tunneling Enables H.245 tunneling Nodegw-h323h323#faststart Enables the fastconnect procedureSetting the response timeout Conﬁguring the trafﬁc class for H.323 signalingNodegw-h323h323#call-signaling-port Port Naling connectionsIstration Setting the connect timeoutNal gateway Nodecfg#debug gateway h323 signaling Nodecfg#debug gateway h323 errorH323 status detail level Nodecfg#debug gateway h323 tpktchanContext SIP gateway overview Routing Architecture Context SIP Gateway conﬁguration task list Enter conﬁguration modeFrom-URI-Host equal Remote Request-URI-Host equal Local Creating a context SIP gatewayMode Transport Interface Mode Context SIP GatewayCreating a transport interface Conﬁguring the IP bindingEnabling/disabling the context SIP gateway Binding location servicesConﬁguring a spoofed contact address Debug commands TroubleshootingShow status information Node#show context sip-gateway gwExample Conﬁguration ExamplesOutbound Authentication Inbound Authentication Outbound Registration 569 Inbound Registration B2B User Agent with Registered Clients 572 VoIP proﬁle conﬁguration VoIP profile configuration Creating a VoIP proﬁle VoIP proﬁle conﬁguration task listNodecfg#profile voip name Nodepf-voip name#Conﬁgure codecs Procedure Insert a codec at a speciﬁc position in the list Mode Proﬁle VoIPProcedure Remove a codec from the list Mode Proﬁle VoIP Conﬁguring the Cisco versions of the G.726 codecs Mode VoIP nameConﬁguring the transparent-clearmode codec Conﬁguring Dtmf relay DefaultrtpsignalingConﬁguring RTP payload types Nodepf-voip pf-name#dtmf-relayConﬁguring RTP payload type for Cisco NSE Conﬁguring RTP payload type for transparent-clearmodeConﬁguring Cisco NSE for Fax Nodepf-voip name#rtp payload-type nseJitter and dejitter buffer Conﬁguring the dejitter buffer advancedAdaptive Procedure Conﬁgure the dejitter bufferDejitter buffer is allowed to introduce. This setting Max-delayEnabling/disabling ﬁlters advanced Is valid for all modesIllustrates the difference between Fax relay and Fax bypass Conﬁguring Fax transmissionFax relay and Fax bypass Sion bypass g711alaw64k Nodepf-voipname#fax transmisNodepf-voipname#fax dejitter Nodepf-voipname# fax transmisVolume Mode proﬁle voip proﬁle-nameCED retransmission Retransmission numberMode proﬁle voip pf-name No-Signal RetransmissionMethod default v150-vbdnse Default default Fax bypass methodConﬁguring modem transmission Modem bypass methodNodepf-voip name#modem trans Mission bypass g711alaw64kConﬁguring IP-IP codec negotiation Conﬁguring the trafﬁc class for Voice and Fax dataHome ofﬁce in an enterprise network Home ofﬁce in an enterprise networkDescription Home ofﬁce with fax Show the conﬁgured proﬁleSoft phone client gateway 595 Disable Dtmf relay Show the conﬁgured proﬁle Pstn proﬁle conﬁguration Creating a Pstn proﬁle Pstn proﬁle conﬁguration task listProcedure Disable echo cancellation Mode Proﬁle Pstn Conﬁguring the echo cancellerProcedure Conﬁgure voice output gain Conﬁguring output gain600 SIP proﬁle conﬁguration SIP proﬁle conﬁguration task list Entering the conﬁguration mode for a SIP proﬁleMapping from a SIP disconnect cause Namecfg#no profile name nameMapping from a SIP redirection reason Mapping to a SIP causeMapping to a SIP redirection code Q931-cause to sip-causeAuthentication Service Creating an Authentication Service Authentication Service conﬁguration task listCreating credentials Conﬁguring the authentication protocolConﬁguring a Realm Location Service Creating a Location Service Location Service conﬁguration task listAdding a domain Domain ExamplesCreating an identity Mode IdentityBound Authentication outbound faceAlias Authentication inbound face Mode Authentication outboundNodeauthout#authenticate authentica Nodeauthout#authenticate indexNodeauthin#authenticate authentica Mode Authentication inboundNodeauthin#authenticate index Nodeauthin#no authenticate indexRegistration outbound face Mode Registration outboundStrict-route Noderegout#proxy host portPort strict-route Noderegout#proxy index down posiRegistration inbound face Noderegin# no lifetime default secNodeidentityname# no registration InboundCall outbound face Mode Call outboundNodecallout#proxy host port Nodecallout#proxy index hostCall inbound face Mode Call outboundMode Call inbound Inheriting from an identity group to an identity Creating an identity groupSubscription Conﬁguring the Message Waiting Indication feature for SIPNotiﬁcation Mode Message inboundMode Message inbound Message Waiting Indication through Call-Control This conﬁguration example, inheritance is used VoIP debugging Debugging strategy Filtering debug monitor output Following command will disable the ﬁlter completelyVerifying IP connectivity Example Verify IP connectivityDebugging Isdn signaling Debugging call signalingUnit#debug ccisdn signaling Overview Isdn debug monitorsVerify an incoming call Verify an outgoing call Line630 Debug isdn event slot port all layer2 layer3 Isdn layer 2 and 3 can be veriﬁed using a show commandVerify Isdn layer 2 and 3 status Overview FXS debug monitors Debugging FXS SignalingStops For most verbose outputState to RINGING, that means it has accepted the call Overview H.323 debug monitors Debugging H.323 Signaling635 636 637 Debugging SIP signaling Using SmartWare’s internal call generator No debug media-gate Debugging voice dataWay dejitter Way control detail levelWay error Way switchWay rtp Way dspCheck system logs How to submit trouble reports to Patton643 Appendix a Terms and deﬁnitions Also release SmartWare architecture terms and deﬁnitionsPression Buffer OryPots Tftp Appendix B Mode summary Mode overview, 1 Mode Overview, 2 Mode Overview, 3 Appendix C Command summary Ebnf syntax Show command history New Conﬁguration CommandsOther Show helpAppendix D Internetworking terms & acronyms Numeric AbbreviationsDSS1 MSN SAR Appendix E Used IP ports & available voice Codecs Webserver Used IP portsTelnet Available voice codecs