Manuals / Patton electronic / Communications / IP Phone

Patton electronic SmartNode 4110 Series manual Cisco router conﬁguration

Models: SmartNode 4110 Series

1 664

Download 664 pages 15.88 Kb

Page 378

SmartWare Software Configuration Guide32 • VPN configuration

Cisco router conﬁguration

crypto ipsec transform-set DES esp-des

!

crypto map VPN_DES local-address FastEthernet0/1 crypto map VPN_DES 10 ipsec-manual

set peer 200.200.200.2

set session-key inbound esp 2222 cipher FEDCBA0987654321 set session-key outbound esp 1111 cipher 1234567890ABCDEF set transform-set DES

match address 110

!

access-list 110 permit ip 172.16.0.0 0.0.255.255 192.168.1.0 0.0.0.255

!

interface FastEthernet0/0

ip address 172.16.1.1 255.255.0.0

!

interface FastEthernet0/1

ip address 200.200.200.1 255.255.255.252 crypto map VPN_DES

!

ip route 192.168.1.0 255.255.255.0 FastEthernet0/1

IPsec tunnel, AES encryption at 256 bit key length, AH authentication with HMAC- SHA1-96

SmartNode conﬁguration

profile ipsec-transform AES_SHA1 esp-encryption aes-cbc 256 ah-authentication hmac-sha1-96

profile ipsec-policy-manual VPN_AES_SHA1 use profile ipsec-transform AES_SHA1

session-key inbound ah-authentication 1234567890ABCDEF1234567890ABCDEF12345678 session-key outbound ah-authentication FEDCBA0987654321FEDCBA0987654321FEDCBA09 session-key inbound esp-encryption

1234567890ABCDEF1234567890ABCDEF1234567890ABCDEF1234567890ABCDEF session-key outbound esp-encryption

FEDCBA0987654321FEDCBA0987654321FEDCBA0987654321FEDCBA0987654321 spi inbound ah 3333

spi outbound ah 4444 spi inbound esp 5555 spi outbound esp 6666 peer 200.200.200.1 mode tunnel

...

Rest of the configuration, see above, just change the name of the IPsec policy pro- file in the ACL profile ‘VPN_Out’

Cisco router conﬁguration

crypto ipsec transform-set AES_SHA1 ah-sha-hmac esp-aes 256

!

crypto map VPN_AES_SHA1 local-address FastEthernet0/1 crypto map VPN_AES_SHA1 10 ipsec-manual

set peer 200.200.200.2

Sample configurations

378

Image 378

Patton electronic SmartNode 4110 Series manual Cisco router conﬁguration

Contents

SmartWare Release Patton Electronics Company, Inc Summary Table of Contents SmartWare Software Configuration Guide Table of Contents Command line interface CLI Copying configurations to and from a remote storage location IP context overview 11 NAT/NAPT configuration Serial port configuration PRI port configuration Isdn Overview Basic IP routing configuration Snmp configuration Dhcp configuration CS context overview VPN configuration CS interface configuration FXO interface configuration SIP interface configuration Table of Contents 524 45 H.323 gateway configuration Pstn profile configuration Location Service Terms and definitions List of Figures SmartWare Software Configuration Guide List of Tables How to read this guide About this guideAudience Structure About this guide About this guide General conventions PrecautionsTypographical conventions used in this document Garamond bold typeSmartWare Software Configuration GuideAbout this guide Patton support headquarters in the USA Service and supportMouse conventions Fax +1 253Warranty coverage RMA numbersPatton Electronics Company Chapter contents System overviewIntroduction VoIP Gateway Circuit SwitchSmartWare embedded software IP RouterApplications Carrier networksEnterprise networks WANLAN telephony Typical LAN telephony system with a SmartNode gatewayConﬁguration concepts Conﬁguration concept overview Example Contexts and GatewaysContext GatewayPorts and circuits Interfaces, Ports, and BindingsInterfaces BindingsProﬁles and Use commands Use CommandsProﬁles Command line interface CLI Command modes CLI promptOperator exec mode, the system prompt is displayed as Command completion Command editingCommand help Navigating the CLICommand history Command Editing ShortcutsAccessing the CLI Accessing the SmartWare CLI task list If desiredAccessing via the console port Console port procedureEnding a Telnet or console port session see Using an alternate TCP listening port for the Telnet server Accessing via a Telnet sessionTelnet Procedure Disabling the Telnet serverSelecting a secure password Login displayConﬁguring operators and administrators Password encryptionFactory preset administrator account Creating an operator accountOpening a secure conﬁguration session over SSH Creating an administrator accountName and password password Nodecfg#copy running-conﬁg startup-conﬁgMode Enable Displaying the CLI versionDisplaying account information Node# who Switching to another accountChecking identity and connected users Node whoUsed in operator execution mode Command index numbersAccessing the CLI Showing command default values Ending a Telnet or console port sessionSystem image handling System image handling Memory regions in SmartWare System image handling task list Local Persistent Volatile FlashDisplaying system image information Copying system images from a network server to Flash memoryShow version Step Command Purpose Upgrading the software directly Auto provisioning of ﬁrmware and conﬁguration ExplanationHere’s an example for conﬁguration provisioning To use and debug provisioning Boot procedure Boot procedureDefault Startup Conﬁguration Factory conﬁgurationIP Addresses in the Factory Conﬁguration Conﬁguration ﬁle handling Understanding conﬁguration ﬁles Configuration file handling Conﬁguration ﬁle handling task list Sample conﬁguration ﬁleCopying conﬁgurations within the local memory Local Memory RegionsName nvramtarget-name Node# copy nvram backup startup-conﬁgBackup already present in ﬂash memory Name into the local memoryCopying conﬁgurations to and from a remote storage location Remote memory regions for SmartWareDisplaying conﬁguration ﬁle information Nodecfg# copy tftp//ip-addressportNew-startupnvramstartup-conﬁg Modifying the running conﬁguration at the CLI Modifying the running conﬁguration ofﬂine Node#copy running-conﬁg tftp//node-ipNode#reload Example Deleting a speciﬁed conﬁguration Example Modifying the running conﬁguration ofﬂineDeleting a speciﬁed conﬁguration Delete the conﬁguration named minimal explicitlyEncrypted Conﬁguration Download CLI copy command copy tftp//host/path conﬁg-ﬁleEncrypted ﬁle download Auto provisioningInstall a custom encryption key optional Use CasesEncrypt a conﬁguration ﬁle Download an encrypted conﬁguration ﬁleUpload an encrypted conﬁguration ﬁle Basic system management Basic system management conﬁguration task list Node cfg#copy tftp//tftp-server/path/ﬁle Managing feature license keysDownloads the license key ﬁle and install Name licenses LicensesSetting system information Setting the system banner System banner with message to operatorsSetting time and date Display clock informationDetermining and deﬁning the active CLI version Display time since last restartConﬁguring the Web server De enRestarting the system Displaying the system logsControlling command execution Displaying reportsUnit Ctrl-cterminate current command Ctrl-zsuspend active commandShow the currently running commands Bring job 0 to foregroundSome examples Timed execution of CLI commandMode System Displaying the checksum of a conﬁgurationName sys#no terminal idle-time Radius Client Conﬁguration AAA component Authentication procedure with a Radius server General AAA ConﬁgurationAuthentication proﬁle-name Nodecfg#proﬁle authentication nameNodepf-authname#server-timeout Nodecfg#show proﬁle authenticationRadius conﬁguration Conﬁguring Radius clients Example Conﬁgure the Radius clients as shown in ﬁgureConﬁguring Radius accounting Vendor109 Conﬁguring the Radius server Attributes in the Radius request messageConﬁguring the local database accounts Attributes in the Radius accept messagePassword Example Create an administrator and an operator accountWord password Base. The no form removes an existing accountStoring call logs with quality information IP context overview IP context and related elements IP context overview conﬁguration task list Creating and conﬁguring IP interfaces Planning your IP conﬁgurationConﬁguring physical ports IP interface related informationConﬁguring Napt Conﬁguring static IP routingConﬁguring RIP Conﬁguring access control lists Conﬁguring quality of service QoSIP interface conﬁguration Nodectx-iprouter#interface name IP interface conﬁguration task listCreating an IP interface Nodeif-ip name#Deleting an IP interface Name if-ip if-name# no napt Setting the IP address and netmaskConﬁguring a Napt DMZ interface InsideIcmp message processing Icmp redirect messagesRouter advertisement broadcast message Example Deﬁning the MTU of the interface Nodeif-ipname#tcp adjust-mssDeﬁning the MTU and MSS of the interface MTU packet size value must be in the range fromConﬁguring an interface as a point-to-point link Displaying IP interface informationFlushing dynamic ARP entries Testing connections with the ping commandDisplaying dynamic ARP entries Processing gratuitous ARP requestsIP link supervision Mode Either operator or administrator executionBer timeout seconds Node#ping address numDebug connectivity Check connectivity of an IP linkShow IP link status Debug ARPTraceroute Example Debug ARP outputConﬁguring the Igmp Proxy Example Display the ARP informationNAT/NAPT conﬁguration Dynamic Napt Tftp because the SmartNode might become inaccessible Static NaptDynamic NAT Static NAT Napt traversalNode cfg#proﬁle napt name NAT/NAPT conﬁguration task listCreating a Napt proﬁle OptionalOptional Ahespgreipv6 localip Conﬁguring a Napt DMZ hostDeﬁning Napt port ranges AH, ESP, GRE, or IPv6 respectively directed toPreserving TCP/UDP port numbers in Napt Deﬁning the UDP Napt typeName pf-napt pf-name# udp-handling symmetricaddress Node cfg#context ip router Activate NAT/NAPTDisplaying NAT/NAPT conﬁguration information Node cfg#show proﬁle naptMode proﬁle napt pf-napt Example Display NAT/NAPT conﬁguration informationConﬁguring NAT static protocol entries Ethernet port conﬁguration Entering the Ethernet port conﬁguration mode Ethernet port conﬁguration task listConﬁguring medium for an Ethernet port Nodeprt-eth slot/port#encapsulation ip Conﬁguring Ethernet encapsulation type for an Ethernet portBinding an Ethernet port to an IP interface Conﬁgures the encapsulation type to IPMultiple IP addresses on Ethernet ports Nodeprt-eth slot/port#bind interface name routerConﬁguring a Vlan Nodevlanid#encapsulation ippppoemulti Nodeconﬁg#port ethernet slot portNodeprt-ethslot/port#vlan id Nodevlanid#bind interface name routerAdding a receive mapping table entry Example Adding a receive mapping table entryNodeprt-eth slot/port#cos rx-map layer Adding a transmit mapping table entry Closing an Ethernet portUsing the built-in Ethernet sniffer Following is an example of how the sniffer is normally used Nvramethernet-0-slot-port.capNvramethernet-0-0-1.cap Link scheduler conﬁguration Using trafﬁc classes Applying scheduling at the bottleneckPriority Weighted fair queuing WFQIntroduction to Scheduling ShapingBurst tolerant shaping or wfq HierarchySetting the modem rate Quick referencesLink scheduler conﬁguration task list Command cross referencePolicy-map policy-map Proﬁle service-policy Source trafﬁc-class classEnable statistics gathering see Deﬁning the access control list proﬁlePacket classiﬁcation Creating an access control list Scenario with Web server regarded as a single source hostNodepf-acl name#permit ip host ip-address any trafﬁc-class Creating a service policy proﬁleNodecfg#proﬁle acl name Nodepf-acl name#permit ip any anyStructure of a Service-Policy Proﬁle Deﬁning fair queuing weight Specifying the handling of trafﬁc-classesDeﬁning the bit-rate Mode SourceSpecifying the type-of-service TOS ﬁeld Deﬁning absolute priorityNodesrc name#set ip tos value Specifying differentiated services codepoint Dscp markingSpecifying the precedence ﬁeld Nodesrc name#set ip precedence valueNodesrc name#set ip dscp value Deﬁnes the Class-Of-Service value applied to packets of forSpecifying layer 2 marking Value is from 0 toDiscarding Excess Load Quality of Service for routed RTP streamsDeﬁning random early detection Nodesrc name#random-detect burst-toleranceMode proﬁle service-policy/proﬁle Devoting the service policy proﬁle to an interface Nodeif-ip if-name#use proﬁle servicePolicy name in out Enable statistics gathering Displaying link arbitration statusDisplaying link scheduling proﬁle information Optional Value Implication on Command Output Serial port conﬁguration Serial port conﬁguration task list Disabling an interfaceEnabling an interface Conﬁguring the serial encapsulation type Conﬁguring the hardware port protocolPort Conﬁguring the active clock edge Conﬁguring the baudrate Baudrate176 Frame Relay conﬁguration Frame Relay conﬁguration task list Conﬁguring Frame Relay encapsulationConﬁguring the LMI type Conﬁguring the keep-alive intervalNodepvc dlci#fragment size Enabling fragmentationBer to be used on the speciﬁed virtual circuit For this PVC only FRF.12 end-to-end fragmentationEntering Frame Relay PVC conﬁguration mode Conﬁguring the PVC encapsulation type Binding the Frame Relay PVC to IP interfaceMode PVC IP interface wan is bound to PVC 1 on port serial 0Enabling a Frame Relay PVC Disabling a Frame Relay PVCDebugging Frame Relay Displaying Frame Relay information Integrated service access 188 Conﬁgure the serial interface settings Check that the Frame Relay settings are correctExample 2 Frame Relay on e1t1 with a channel-group PRI port conﬁguration Terminology PRI port conﬁguration task listConﬁguring PRI port-type Enable/Disable PRI portPRI Debugging Conﬁguring PRI clock-modeAmi b8zs hdb3 Conﬁguring PRI framingName prt-e1t1 slot/port# linecode Name prt-e1t1 slot/port# framingConﬁguring PRI line-build-out E1T1 in T1 mode only Conﬁguring PRI used-connector E1T1 in E1 mode onlyConﬁguring PRI application mode E1T1 only Conﬁguring PRI LOS threshold E1T1 only Conﬁguring PRI Loopback detection E1T1 onlyDefault disabled Conﬁguring PRI encapsulationConﬁguring Channel-Group Timeslots Mode channel-group group-nameCreate a Channel-Group Conﬁguring Channel-Group EncapsulationMode hdlc Entering Hdlc Conﬁguration ModeMode channel-group group Conﬁguring Hdlc CRC-TypeDefault no encapsulation Conﬁguring Hdlc EncapsulationPRI Debugging PRI Conﬁguration Examples Example 1 Isdn Example 2 RBS without a channel-groupExample 3 RBS with a channel-group Example 4 Frame Relay without a channel-group Example 5 Framerelay with a channel-group Example 6 PPP without a channel-groupExample 7 PPP with a channel-group BRI port conﬁguration Enable/Disable BRI port BRI port conﬁguration task listConﬁguring BRI clock-mode Conﬁguring BRI encapsulation Conﬁguring BRI Power-FeedFeed Default disabled Creating a channel groupDefault no timeslots Name ch-grp group-name#no Selects the timeslot to be usedTimeslots timeslots BRI Debugging Name#no debug briName#show port bri Example 1 Isdn with auto clock/uni-side settings Example 2 Isdn with manual clock/uni-side settingsBRI Conﬁguration Examples Example 3 Multi-Link PPP over two B-Channels Isdn Overview Isdn reference points Isdn reference pointsIsdn UNI Signaling Possible SmartNode port conﬁgurations215 Isdn Conﬁguration Concept Isdn LayeringIsdn conﬁguration Isdn conﬁguration task list Enter Q.921 conﬁguration modeMode base-mode Conﬁguring Q.921 parametersMode q921 Enter Q.931 conﬁguration modeConﬁguring Q.921 encapsulation Mode q931 Conﬁguring Q.931 parametersEtsi Nodeq931slot/port#signalling-ruleNodeq931slot/port#no signalling-rule Pss1oldFace if-name Conﬁguring Q.931 encapsulationDebugging Isdn Control interfaceIsdn Conﬁguration Examples Example being clock slave on uni network interfaceNode#show port isdn slot port detail level Example Qsig Assume the scenario as illustrated in ﬁgureExample PRI RBS conﬁguration Enter RBS conﬁguration mode RBS conﬁguration task listConﬁguring RBS protocol Debugging RBS Mode rbsConﬁguring RBS encapsulation Noderbs#no encapsulation cc-rbsRBS Conﬁguration Examples Example Conﬁguring RBS Ground Start on a E1T1 port229 DSL Port Conﬁguration Line Setup Conﬁguring PPPoEConﬁguration Summary Profile napt WANSetting up permanent virtual circuits PVC Using PVC channels in bridged Ethernet modeUsing PVC channels with PPPoE PPPoE access Troubleshooting DSL ConnectionsDiagnostics Link StateBasic IP routing conﬁguration Static routing Basic IP routing conﬁguration task listRouting tables Policy routingNodecfg#context ip router Enters the IP router Context Displaying IP route information seeConﬁguring static IP routes Adds a static routeDeleting static IP routes Displaying IP route informationConﬁguring policy routing 0.0/0 172.16.32.2 StaticExamples Basic static IP routing exampleChanging the default UDP port range for RTP and Rtcp RIP conﬁguration Routing protocol RIP conﬁguration task list Enabling send RIPEnabling an interface to receive RIP Specifying the send RIP versionExample Enabling RIP learn host and default Specifying the receive RIP versionEnabling RIP learning Enabling RIP announcing Specifying the default route metric Enabling RIP auto summarizationEnabling RIP split-horizon processing Enabling the poison reverse algorithmEnabling holding down aged routes Setting the RIP route expiry3600 Default 180 seconds Nodeif-ipname#rip route-expiryDisplaying RIP conﬁguration of an IP interface Displaying global RIP information252 Access control list conﬁguration About access control lists What access lists doWhy you should conﬁgure access lists When to conﬁgure access lists Features of access control listsAccess control list conﬁguration task list Mapping out the goals of the access control listNodepf-acl name#permit ip src src-wildcard any Where the syntax is Nodepf-acl name#deny icmp src src-wildcard Nodepf-acl name#permit icmp src src-wildcard anyType type type type code code cos group Any host src dest dest-wildcard any host destType type Where the syntax is as followingMsg name Code codePort lt port range from to cos group cos-rtp group Nodepf-acl name#permit tcp udp sctp src src-wildCard any host src eq port gt port lt port range Nodepf-acl name#deny tcp udp sctp src srcGt port Eq portLt port Range from toWhere the syntax is Unbind an access control list proﬁle from an interface Displaying an access control list proﬁleDebugging an access control list proﬁle Control list profile shall be debugged Commands that have to be entered are listed below Denying a speciﬁc subnetSnmp conﬁguration Snmp basic commands Simple Network Management Protocol SnmpSnmp basic components Identiﬁcation of a SmartNode via Snmp Snmp management information base MIBNetwork management framework Setting basic system information Snmp toolsSnmp conﬁguration task list 271 Setting access community information Example Setting the system group objectsRo rw Or read/write access Nodecfg#snmp host IP-address-of-SN security Setting allowed host informationSpecifying the default Snmp trap target Nodecfg#snmp target IP-address-of-SNUsing the AdventNet Snmp utilities Displaying Snmp related informationUsing the MibBrowser AdventNet MibBrowser Settings Button on the ToolbarUsing the TrapViewer AdventNet TrapViewer displaying received trapsGeneric Type TimeStampEnterprise Speciﬁc TypeStandard Snmp version 1 traps Snmp interface traps 281 Sntp client conﬁguration Sntp client conﬁguration task list Deﬁning Sntp client operating mode Selecting Sntp time serversUnicast anycast multicast Deﬁning Sntp local UDP port Example Disabling the Sntp client operation Enabling and disabling the Sntp clientExample Enabling the Sntp client operation Deﬁning Sntp client poll intervalName #show clock local Deﬁning Sntp client constant offset to GMTDeﬁning the Sntp client anycast address Displays the local time, UTC and the offset of the localExample Enabling the Sntp client root delay compensation Enabling and disabling local clock offset compensationNodecfg#sntp-client anycast-address ip Example Showing Sntp client related information Example Disabling the Sntp client root delay compensationShowing Sntp client related information Debugging Sntp client operationNist Internet time service Recommended public Sntp time servers291 Dhcp conﬁguration Dhcp configuration Enable DHCP-client on an IP interface DHCP-client conﬁguration tasksDHCP-server and DHCP-client are illustrated in ﬁgure Example Enable DHCP-client on an IP interface ‘conﬁgure’ conﬁguration modeRelease or renew a Dhcp lease manually advanced Mode AnyExample Enable Dhcp debug monitor Get debug output from DHCP-clientDHCP-server conﬁguration tasks Conﬁgure DHCP-server proﬁlesNodecfg#proﬁle dhcp-server name Nodepf-dhcpsname#no defaultNodepf-dhcpsname#no netbios Nodepf-dhcpsname#network ipNodepf-dhcpsname#no next-server Use DHCP-server proﬁles and enable the DHCP-serverNodepf-dhcpsname#no bootﬁle boot All ip-addressDeﬁne the bootﬁle Option 67 for the DHCP-server Deﬁne the Tftp server Option 66 for the DHCP-serverCheck DHCP-server conﬁguration and status Get debug output from the DHCP-server Conﬁgure DHCP-relay Create/Modify DHCP-Relay proﬁleEnable/Disable DHCP-Relay Agent DNS conﬁguration DNS conﬁguration task list Enabling the DNS resolverServer-ip-address DNS relay diagram Enabling the DNS relay307 DynDNS conﬁguration DynDNS conﬁguration task list Creating a DynDNS account Conﬁguring the DNS resolverConﬁguring basic DynDNS settings Conﬁguring the DynDNS serverWord Troubleshooting Conﬁguring advanced DynDNS settings optionalMode DynDNS Deﬁning a mail exchanger for your hostname312 PPP conﬁguration 314 PPP conﬁguration task list Creating an IP interface for PPPNodeif-ipname#point-to-point Nodeif-ipname#ipaddress dhcp Nodeif-ipname# no tcp adjust-mssNodeif-ipname#ipaddress Nodeif-ipname# ipaddress ip-addressNodeif-ipname#use proﬁle napt name Disable interface IP address auto-conﬁguration from PPPCreating a PPP subscriber Nodecfg # subscriber ppp nameChap pap chappap Optional outboundinbound user passwordNodesubscrname# dial inout Nodesubscrname# no identiﬁcationTrigger forced reconnect of PPP sessions using a timer Conﬁguring a PPPoE sessionTor AC-Name Creating a PPP proﬁle Case authentication is requiredConﬁguring PPP over a Hdlc Link Optional ﬁleNodepf-pppname#mtu min min max DefaultNodecfg #no proﬁle ppp name Nodepf-pppname#mru min min maxConﬁguring the local and remote PPP Mrru Min max max defaultDefault Name pf-ppp proﬁle# mrru minDisplaying PPP conﬁguration information Example Display PPP subscriber conﬁguration informationExample Display a PPP proﬁle Debugging PPPNodecfg #show pppoe name Nodecfg #show ppp links levelNodecfg #show ppp networks level Nodecfg #show port interface nameExample Display PPP link information LCPExample Display PPP network protocol information Example Display PPPoE informationSample conﬁgurations Without authentication, encapsulation multi, with NaptWith authentication, encapsulation PPPoE PPP over Ethernet PPPoEPPP over a Hdlc Link Serial Port Without authentication, numbered interfaceWith authentication, unnumbered interface PPP over a Hdlc Link E1T1 PortPPP Dial-up over Isdn PPP DialerCreate a dialer Following command creates a new PPP dialer Mode context csDial-up and login information for a certain Create outbound destinationsConﬁgure recovery strategy Create inbound destinations CaseE164 Name if-dialerdialer#inboundName inboundprovider#local-e164 Name inboundprovider#remote-e164Example Dial-on demand feature Debug dialer functionalityDial-up Dial-up on demandDial if possible, and never drop Mode context ip/interface Dial-up on monitorDial-up nailed CS context overview CS context conﬁguration components CS context conﬁguration task list Planning the CS conﬁgurationRemote ofﬁce in an Enterprise network Conﬁguring general CS settings Conﬁguring the clock sourceMode Operator execution Debugging the clock sourceNode sys#clock-sourceslot-number port-number Conﬁguring call routingSelecting PCM law compression Reference clockCreating and conﬁguring CS interfaces Specify call routingConﬁguring dial tones Conﬁguring voice over IP parametersConﬁguring an H.323 VoIP connection Conﬁguring Isdn portsConﬁguring FXS ports Conﬁguring a SIP VoIP connectionActivating CS context conﬁguration Nodectx-csswitch#show call-router status detail Nodectx-csswitch#show call-router config detailNode ctx-csswitch#debug call-router detail level LevelSmartNode in an Enterprise network Planning the CS context CS ConﬁgurationConﬁguring general CS settings First we set clock-source to Isdn port 2/3Conﬁguring call routing 354 We want to use this proﬁle on our H.323 interfaces Conﬁguring VoIP settingsBecause we need G.723 as codec we enable Dtmf relay Conﬁguring BRI portsNext we conﬁgure call signaling Conﬁguring an H.323 VoIP connectionActivating the CS context conﬁguration Finally, activate the gateway and CS context TAB-CALLED-NUMBERShowing the running conﬁguration Conﬁguration script for our application looks as follows359 360 361 VPN conﬁguration Authentication EncryptionTransport and tunnel modes Permanent IKE TunnelsKey management Example Create an IPsec transformation proﬁle VPN conﬁguration task listCreating an IPsec transformation proﬁle Creating an IPsec policy proﬁleProcedure To create an IPsec policy proﬁle Mode Conﬁgure Creating/modifying an outgoing ACL proﬁle for IPsec Conﬁguration of an IP interface and the IP router for IPsec Displaying IPsec conﬁguration informationDebugging IPsec Example Display IPsec transformation proﬁlesExample Display IPsec policy proﬁles Example IPsec Debug OutputKey management IKE Main differences between manual & IKE Ipsec conﬁgurationsCreating an Ipsec transform proﬁle Creating an Isakmp transform proﬁle Icy shall be used for multiple peers in transport Creating an Isakmp Ipsec policy proﬁleShould be used. Do not specify a peer, if this pol Mode. The peer can either be an IP address or aPolicy matching Creating/modifying an outgoing ACL proﬁle for IpsecConﬁguration of an IP interface and the IP router for Ipsec Sample conﬁguration snippetDebug ike error Use proﬁle acl WANOut outDebug ike event Encrypted Voice Performance considerations Enabling RTP encryption supportPerformance considerations Mode Context ip /interface if-name IPsec tunnel, DES encryption SmartNode conﬁgurationCisco router conﬁguration 379 380 CS interface conﬁguration CS interface conﬁguration task list CS interfaces on the CS contextExamples Create CS interfaces and delete another Nodeif-typeif-name#…Nodeif-typeif-name#exit 384 Service service-name Nodeif- typeif-name #exit Conﬁguring the interface mapping tablesTable table-name And/or Table in table-nameThat shall be applied to all call properties Speciﬁed directionIncoming call passing an interface mapping table Conﬁguring the precall service tables Call passing an input and an output mapping tableSupplementary service invocation command Supplementary service invocation commandsNumber to command Repeat to add other special number mapIsdn interface conﬁguration Isdn interface conﬁguration task list Isdn interfaces on the CS contextNodeif-isdn if-name#no use proﬁle Conﬁguring Dtmf dialing optionalConﬁguring an alternate Pstn proﬁle optional Deﬁnes an alternate Pstn proﬁle to be used forConﬁguring call waiting optional Name if-isdn if-name# no call-waiting Disable call-waitingConﬁguring ringback tone on Isdn user-side interfaces Disabling call-waiting on Isdn DSS1 network interfacesConﬁguring Call-Hold on Isdn interfaces Enabling Display Information Elements on Isdn PortsConﬁguring date/time publishing to terminals optional Sending the connected party number Colp optional Deﬁning the ‘network-type’ in Isdn interfacesHome Office Isdn Advice of Charge support 398 Nodeif-isdnif- name# aoc-d automatic If there is no tariff information from the network forAll calls If there is not charge information from the networkIsdn Network Interface connected to phones Isdn User Interface Connected to a PBX switch etcFollowing table shows an overview of the AOC variants NoChargeAvailableTransmit Direction Mode interface isdn interfaceIsdn DivertingLegInformation2 Facility Receive DirectionNodeif-isdn#caller-name Nodeif-isdn#caller-name early-alerting500 Nodeif-isdn#caller-name ignore Outgoing Isdn call. This feature is disabledBy default AbsenceFXS interface conﬁguration FXS interface conﬁguration task list Conﬁguring a subscriber number recommendedConﬁguring ﬂash hook processing optional Mode Interface FXSConﬁguring caller-ID presentation optional Nameif-fxsname#no subscriberConﬁguring ringing-cadence optional Conﬁguring the Message Waiting Indication feature for FXS Ing-indication stutter-dial-tone Through Stuttered Dial ToneFrequency-shift keying Mat etsiMat bell FXS supplementary services description Call hold Call transferCall waiting Default enabledCall hold TernDrop active call Call waiting reminder ringDrop passive call Call toggleNameif-fxsname#no drop-passive ConferencingCall park PatternFXO interface conﬁguration FXO interfaces on the CS context FXO services description Creating an FXO interfaceNodectx-csswitch#interface fxo name Deleting an FXO interfaceNodeif-fxo name # FXO interface conﬁguration task list FXO off-hook on caller IDNodeif-fxoif-name# Conﬁguring when the digits are dialed optionalNodectx-csswitch#interface fxo if-name Nodeif-fxo if-name#Figuration mode Nodeif-fxoif-name#dial-after dial-tone timeout secondsNodeif-fxo if-name# Nodeif-fxo if-name #ring-number countConﬁguring how to detect a call has disconnected optional Min min-time max max-timeNodeif-fxo if-name#no connect-signal Battery-reversal tax-pulseConﬁguring the destination of the call FXO Mute dialingFXO interface examples RBS interface conﬁguration Conﬁguring an alternate Pstn proﬁle RBS interface conﬁguration task listCreating/Deleting a RBS interface Name Face, the ‘no’ form deletes an existing oneConﬁguring an alternate Tone-Set proﬁle Mode Interface RBSConﬁguring additional disconnect signals Conﬁguring B-Channel allocation strategyConﬁguring number of Rings before Off-Hook Nodeif-rbsif-name#no dial-after dial- tone timeout secondsNode#no debug ccrbs datapath error signaling Conﬁguring ready to dial strategySelected interface Node#show ccrbs call if-name detail levelPrints information about ongoing calls on Node#show ccrbs interface if-name detailInterface conﬁguration Interface conﬁguration task list Binding the interface to an H.323 gateway Examples Deﬁne the IP address of the remote H.323 entityConﬁguring an alternate VoIP proﬁle optional Speciﬁes the information transfer capability to Conﬁguring CLIP/CLIR support optionalNode if- h323 if-name #itc rx 3k1 Node if- h323 if-name #itc tx 3k1Nameif-h323if-name#early-proceeding Enabling ‘early-proceeding’ on H.323 interfacesEnabling the early call connect optional Nameif-h323name#early-connectEnabling the early call disconnect optional Enabling the via address support optionalConﬁguring status inquiry settings optional Nodeif-h323if-name# remoteport portIng connection should be established AOC-D Support for H.323 Mode context cs/interfce h.323 interface-name Nodeif-h323if-name# no aoc-dNodeif-h323if-name# no aoc-d emit SIP interface conﬁguration SIP SIP interface conﬁguration task listNodeif-sipif-name# no bind context Binding the interface to a SIP gatewayConﬁgure a remote host Sip-gateway gw-nameNodeif-sipif-name# no remote host Using an alternate VoIP proﬁle OptionalConﬁguring a local host Optional Nodeif-sipif-name# no local hostNodeif-sipif-name#use proﬁle voip Using an alternate SIP proﬁle OptionalUsing an alternate Tone-Set proﬁle Optional Nodeif-sipif-name#use proﬁle sip proConﬁguring early call connect / disconnect Optional Conﬁguring address translation OptionalMapping call-control properties in SIP headers Mapping SIP headers to call-control properties Conﬁguring Isdn Redirecting Number Tunneling Over SIPHeader Updating caller address parameters SIP Diversion Header 450 SIP Refer Transmission & Isdn Explicit Call Transfer support 452 Accept AOC Over SIP OptionalName if-sip interface#no aoc-d Name if-sip interface#no aoc-d emitEnabling the session timer Optional Enabling the SIP penalty-box feature OptionalDefault zero-ip Conﬁgure the SIP hold method OptionalCall router conﬁguration Call router configuration 458 Direct call routing vs. advanced call routing Call router conﬁguration task list Map out the goals for the call routerEnable advanced call routing on circuit interfaces Conﬁgure address completion timeoutConﬁgure general call router behavior Digit-collection timeout timeout Example Conﬁgure address completion timeoutAddress-completion timeout timeout Digit-collection terminating-char charExample Conﬁgure number preﬁx Procedure To conﬁgure number preﬁx Mode Context CSConﬁgure number preﬁx for Isdn number types National-preﬁx preﬁxConﬁgure call routing tables Create a routing tableCalling-e164 Example Called party number routing table Called party number routing tableRegular Expressions Symbol Description Digit Collection Digit Collection Variants Example Digit collection of any number Dialed Selected Description Number Entry Calling party number routing table Number type routing tableNumbering plan routing table Name routing table IP address routing tableSmith must be escaped with a backslash \, because Presentation Indicator Routing TableURI routing table Dot . means ‘any character’ in a regular expressionScreening Indicator Routing Table Information transfer capability routing table 478 Day of Week Routing Table Default Any other unhandled case Mode context csTime of day routing table Example Day of week routing tableDeleting routing tables Procedure To delete an entire routing tableNode ctx-cs switch #routing-table Resulting running-conﬁg isConﬁgure mapping tables Node ctx-cs switch #no routing-tableExample Remove an entire routing table Delete the routing table table-nameType Description Input-Type Description Output-Type Sets the display name of the called Mapping table examples Input-type to output-type table-name Example Called and calling party manipulation mapping tableTo E.164 Mapping Tables Away the input-type and output-type486 487 Custom SIP URIs from called-/calling-e164 properties Other mapping tablesNode ctx-cs switch #mapping-table Deleting mapping tablesEnter the mapping table from which you want to remove an Procedure To delete an entire mapping table Mode Context CS Example Remove an entire mapping tableCreating complex functions Example Create a complex function Deleting complex functionsSending-Complete Example Remove an entire complex functionDigit collection & sending-complete behavior Ingress interfaceCall-Router 323Yes True123# Egress Interface Mode context cs / interface sip Complete-indication clearCreating call services Creating a hunt group serviceHunt group service Cause cause Node ctx-cs switch #service huntCall dest-service service-name Call dest-interface interface-nameDefault Behavior Class Cause Hunt Description Group Service Normal EventNo-user-responding Drop original call Unavailable Service orResource Option NotImplemented Invalid MessageProtocol Error Interworking Creating a distribution group service Distribution group serviceDest-service service-name Node ctx-cs switch #service distribuNodesvc-huntservice-name# route call With the ﬁrst conﬁgured destinationsDistribution-Group Min-Concurrent setting Call-router ‘limiter’ servicePriority service ‘Limiter’ service diagramPriority service diagram CS Bridge service-‘VoIP Leased Line’ BridgeBridge services diagram Conﬁguring the service second-dialtone Conﬁguration ExampleDeleting call services Activate the call router conﬁgurationTest the call router conﬁguration Example Create and test a routing table516 Call routing example network 518 CS context and call router elements 520 Conﬁgure partial rerouting Mode context cs/service aaa Mode context cs/interface sipEnable push-back aaa service Call rerouteEnable push-back hunt group service Enable push-back bridge serviceEnable push-back distribution-group service Enable push-back limiter serviceSIP call-router services Entering conference-service conﬁguration mode SIP conference-serviceSIP conference-service conﬁguration task list Name ctx-csswitch#no service sipConﬁguring the conference server SIP location-serviceMode Service SIP conference Ference-server host-name portSIP location-service conﬁguration task list Entering SIP location-service conﬁguration modeConﬁguring multi-contact behavior Binding a location serviceConﬁguring the hunt timeout SecondsTone conﬁguration Tone-set proﬁles Tone conﬁguration task list Conﬁguring call-progress-tone proﬁlesProcedure To conﬁgure a tone-set proﬁle Mode Conﬁgure Conﬁgure tone-set proﬁlesEnable tone-set proﬁle Procedure To assign a tone-set proﬁle to a Pstn interfaceFor which a tone indication can be provided Node#show proﬁle call-progress-tone Show call-progress-tone and tone-set proﬁlesExample Show tone-set proﬁle Name Ciﬁc with name nameFollowing example shows how to display the tone-set proﬁle 536 FXS port conﬁguration Shutdown and enable FXS ports Bind FXS ports to higher layer applications Conﬁgure country-speciﬁc FXS port parametersNetherlands Other FXS port parameters Mode IC voice in systemEnter FXS port conﬁguration mode Nodeconﬁg#port fxs slot portExample FXO port conﬁguration Shutdown and enable FXO ports Bind FXO ports to higher layer applicationsNodeconﬁg#port fxo slot port Conﬁgure country speciﬁc FXO port parametersOther FXO port parameters Nodeprt-fxo slot/ port#useEnter FXO port conﬁguration mode Gateway conﬁguration Gateway between IP and CS contexts Gateway conﬁguration task list Mode Gateway H.323Enable the gateway Binding the gateway to an IP interfaceConﬁgure registration authentication service RAS Optional Conﬁgure H.235 Security optional Node gw-h323h323#gatekeeper-discovEry auto gkid Procedure To enable H.235 security on H.323 gateway 235 conﬁgurationNode gw-h323h323#h235security master \getcryptopassword h235-password masWord h235-password encrypted Node gw-h323h323#h235security passSignaling message Default setting isCommand show h235-securityshows the current setting Detail debug-levelAdvanced conﬁguration options optional Enabling H.245 TunnelingNodegw-h323h323#h245-tunneling Enables H.245 tunneling Enabling the fastconnect procedureEnabling the early H.245 procedure Nodegw-h323h323#faststart Enables the fastconnect procedureNodegw-h323h323#call-signaling-port Conﬁguring the trafﬁc class for H.323 signalingSetting the response timeout Port Naling connectionsSetting the connect timeout Nal gatewayIstration H323 status detail level Nodecfg#debug gateway h323 errorNodecfg#debug gateway h323 signaling Nodecfg#debug gateway h323 tpktchanContext SIP gateway overview Routing Architecture From-URI-Host equal Remote Request-URI-Host equal Local Enter conﬁguration modeContext SIP Gateway conﬁguration task list Creating a context SIP gatewayCreating a transport interface Mode Context SIP GatewayMode Transport Interface Conﬁguring the IP bindingBinding location services Conﬁguring a spoofed contact addressEnabling/disabling the context SIP gateway Show status information TroubleshootingDebug commands Node#show context sip-gateway gwConﬁguration Examples ExampleOutbound Authentication Inbound Authentication Outbound Registration 569 Inbound Registration B2B User Agent with Registered Clients 572 VoIP proﬁle conﬁguration VoIP profile configuration Nodecfg#profile voip name VoIP proﬁle conﬁguration task listCreating a VoIP proﬁle Nodepf-voip name#Conﬁgure codecs Mode Proﬁle VoIP Procedure Remove a codec from the list Mode Proﬁle VoIPProcedure Insert a codec at a speciﬁc position in the list Mode VoIP name Conﬁguring the transparent-clearmode codecConﬁguring the Cisco versions of the G.726 codecs Conﬁguring RTP payload types DefaultrtpsignalingConﬁguring Dtmf relay Nodepf-voip pf-name#dtmf-relayConﬁguring Cisco NSE for Fax Conﬁguring RTP payload type for transparent-clearmodeConﬁguring RTP payload type for Cisco NSE Nodepf-voip name#rtp payload-type nseConﬁguring the dejitter buffer advanced Jitter and dejitter bufferProcedure Conﬁgure the dejitter buffer AdaptiveEnabling/disabling ﬁlters advanced Max-delayDejitter buffer is allowed to introduce. This setting Is valid for all modesConﬁguring Fax transmission Illustrates the difference between Fax relay and Fax bypassFax relay and Fax bypass Nodepf-voipname#fax dejitter Nodepf-voipname#fax transmisSion bypass g711alaw64k Nodepf-voipname# fax transmisCED retransmission Mode proﬁle voip proﬁle-nameVolume Retransmission numberMethod default v150-vbdnse Default default No-Signal RetransmissionMode proﬁle voip pf-name Fax bypass methodNodepf-voip name#modem trans Modem bypass methodConﬁguring modem transmission Mission bypass g711alaw64kConﬁguring the trafﬁc class for Voice and Fax data Conﬁguring IP-IP codec negotiationHome ofﬁce in an enterprise network Home ofﬁce in an enterprise networkDescription Show the conﬁgured proﬁle Home ofﬁce with faxSoft phone client gateway 595 Disable Dtmf relay Show the conﬁgured proﬁle Pstn proﬁle conﬁguration Pstn proﬁle conﬁguration task list Creating a Pstn proﬁleProcedure Conﬁgure voice output gain Conﬁguring the echo cancellerProcedure Disable echo cancellation Mode Proﬁle Pstn Conﬁguring output gain600 SIP proﬁle conﬁguration Mapping from a SIP disconnect cause Entering the conﬁguration mode for a SIP proﬁleSIP proﬁle conﬁguration task list Namecfg#no profile name nameMapping to a SIP redirection code Mapping to a SIP causeMapping from a SIP redirection reason Q931-cause to sip-causeAuthentication Service Authentication Service conﬁguration task list Creating an Authentication ServiceConﬁguring the authentication protocol Conﬁguring a RealmCreating credentials Location Service Adding a domain Location Service conﬁguration task listCreating a Location Service Domain ExamplesMode Identity Creating an identityAuthentication outbound face AliasBound Nodeauthout#authenticate authentica Mode Authentication outboundAuthentication inbound face Nodeauthout#authenticate indexNodeauthin#authenticate index Mode Authentication inboundNodeauthin#authenticate authentica Nodeauthin#no authenticate indexMode Registration outbound Registration outbound facePort strict-route Noderegout#proxy host portStrict-route Noderegout#proxy index down posiNodeidentityname# no registration Noderegin# no lifetime default secRegistration inbound face InboundNodecallout#proxy host port Mode Call outboundCall outbound face Nodecallout#proxy index hostMode Call outbound Mode Call inboundCall inbound face Creating an identity group Inheriting from an identity group to an identityConﬁguring the Message Waiting Indication feature for SIP SubscriptionMode Message inbound NotiﬁcationMode Message inbound Message Waiting Indication through Call-Control This conﬁguration example, inheritance is used VoIP debugging Debugging strategy Verifying IP connectivity Following command will disable the ﬁlter completelyFiltering debug monitor output Example Verify IP connectivityUnit#debug ccisdn signaling Debugging call signalingDebugging Isdn signaling Overview Isdn debug monitorsVerify an incoming call Line Verify an outgoing call630 Isdn layer 2 and 3 can be veriﬁed using a show command Verify Isdn layer 2 and 3 statusDebug isdn event slot port all layer2 layer3 Stops Debugging FXS SignalingOverview FXS debug monitors For most verbose outputState to RINGING, that means it has accepted the call Debugging H.323 Signaling Overview H.323 debug monitors635 636 637 Debugging SIP signaling Using SmartWare’s internal call generator Way dejitter Debugging voice dataNo debug media-gate Way control detail levelWay rtp Way switchWay error Way dspHow to submit trouble reports to Patton Check system logs643 Appendix a Terms and deﬁnitions SmartWare architecture terms and deﬁnitions Also releasePression Ory BufferPots Tftp Appendix B Mode summary Mode overview, 1 Mode Overview, 2 Mode Overview, 3 Appendix C Command summary Ebnf syntax Other New Conﬁguration CommandsShow command history Show helpAppendix D Internetworking terms & acronyms Abbreviations NumericDSS1 MSN SAR Appendix E Used IP ports & available voice Codecs Used IP ports TelnetWebserver Available voice codecs