Manuals / Patton electronic / Communications / IP Phone

Patton electronic SmartNode 4110 Series manual 379

Models: SmartNode 4110 Series

1 664

Download 664 pages 15.88 Kb

Page 379

SmartWare Software Configuration Guide	32 • VPN configuration

set session-key inbound esp 6666 cipher FEDCBA0987654321FEDCBA0987654321FEDCBA0987654321FEDCBA0987654321

set session-key outbound esp 5555 cipher 1234567890ABCDEF1234567890ABCDEF1234567890ABCDEF1234567890ABCDEF

set session-key inbound ah 4444 FEDCBA0987654321FEDCBA0987654321FEDCBA09 set session-key outbound ah 3333 1234567890ABCDEF1234567890ABCDEF12345678 set transform-set AES_SHA1

match address 110

!

...

For the remainder of the conﬁguration (see above), just change the name of the IPsec policy proﬁle in the ACL proﬁle VPN_Out

IPsec tunnel, 3DES encryption at 192 bit key length, ESP authentication with HMAC-MD5-96

SmartNode conﬁguration

profile ipsec-transform TDES_MD5 esp-encryption 3des-cbc 192 esp-authentication hmac-md5-96

profile ipsec-policy-manual VPN_TDES_MD5 use profile ipsec-transform TDES_MD5

session-key inbound esp-authentication 1234567890ABCDEF1234567890ABCDEF session-key outbound esp-authentication FEDCBA0987654321FEDCBA0987654321 session-key inbound esp-encryption

1234567890ABCDEF1234567890ABCDEF1234567890ABCDEF session-key outbound esp-encryption

FEDCBA0987654321FEDCBA0987654321FEDCBA0987654321 spi inbound esp 7777

spi outbound esp 8888 peer 200.200.200.1 mode tunnel

...

For the remainder of the conﬁguration (see above), just change the name of the IPsec policy proﬁle in the ACL proﬁle VPN_Out

Cisco router conﬁguration

crypto ipsec transform-set 3DES_MD5 esp-3des esp-md5-hmac

!

crypto map VPN_3DES_MD5 local-address FastEthernet0/1 crypto map VPN_3DES_MD5 10 ipsec-manual

set peer 200.200.200.2

set session-key inbound esp 8888 cipher FEDCBA0987654321FEDCBA0987654321FEDCBA0987654321 authenticator FEDCBA0987654321FEDCBA0987654321

set session-key outbound esp 7777 cipher 1234567890ABCDEF1234567890ABCDEF1234567890ABCDEF authenticator 1234567890ABCDEF1234567890ABCDEF

set transform-set 3DES_MD5 match address 110

!

Sample configurations

379

Image 379

Patton electronic SmartNode 4110 Series manual 379

Contents

SmartWare Release Patton Electronics Company, Inc Summary Table of Contents SmartWare Software Configuration Guide Table of Contents Command line interface CLI Copying configurations to and from a remote storage location IP context overview 11 NAT/NAPT configuration Serial port configuration PRI port configuration Isdn Overview Basic IP routing configuration Snmp configuration Dhcp configuration CS context overview VPN configuration CS interface configuration FXO interface configuration SIP interface configuration Table of Contents 524 45 H.323 gateway configuration Pstn profile configuration Location Service Terms and definitions List of Figures SmartWare Software Configuration Guide List of Tables About this guide How to read this guideAudience Structure About this guide About this guide Garamond bold type PrecautionsTypographical conventions used in this document General conventionsSmartWare Software Configuration GuideAbout this guide Fax +1 253 Service and supportMouse conventions Patton support headquarters in the USARMA numbers Warranty coveragePatton Electronics Company System overview Chapter contentsIntroduction IP Router Circuit SwitchSmartWare embedded software VoIP GatewayCarrier networks ApplicationsWAN Enterprise networksTypical LAN telephony system with a SmartNode gateway LAN telephonyConﬁguration concepts Conﬁguration concept overview Gateway Contexts and GatewaysContext ExampleBindings Interfaces, Ports, and BindingsInterfaces Ports and circuitsUse Commands Proﬁles and Use commandsProﬁles Command line interface CLI CLI prompt Command modesOperator exec mode, the system prompt is displayed as Navigating the CLI Command editingCommand help Command completionCommand Editing Shortcuts Command historyAccessing the CLI If desired Accessing the SmartWare CLI task listConsole port procedure Accessing via the console portEnding a Telnet or console port session see Disabling the Telnet server Accessing via a Telnet sessionTelnet Procedure Using an alternate TCP listening port for the Telnet serverLogin display Selecting a secure passwordCreating an operator account Password encryptionFactory preset administrator account Conﬁguring operators and administratorsNodecfg#copy running-conﬁg startup-conﬁg Creating an administrator accountName and password password Opening a secure conﬁguration session over SSHDisplaying the CLI version Mode EnableDisplaying account information Node who Switching to another accountChecking identity and connected users Node# whoCommand index numbers Used in operator execution modeAccessing the CLI Ending a Telnet or console port session Showing command default valuesSystem image handling System image handling Memory regions in SmartWare Local Persistent Volatile Flash System image handling task listCopying system images from a network server to Flash memory Displaying system image informationShow version Step Command Purpose Upgrading the software directly Explanation Auto provisioning of ﬁrmware and conﬁgurationHere’s an example for conﬁguration provisioning To use and debug provisioning Boot procedure Boot procedureFactory conﬁguration Default Startup ConﬁgurationIP Addresses in the Factory Conﬁguration Conﬁguration ﬁle handling Understanding conﬁguration ﬁles Configuration file handling Sample conﬁguration ﬁle Conﬁguration ﬁle handling task listLocal Memory Regions Copying conﬁgurations within the local memoryName into the local memory Node# copy nvram backup startup-conﬁgBackup already present in ﬂash memory Name nvramtarget-nameRemote memory regions for SmartWare Copying conﬁgurations to and from a remote storage locationNodecfg# copy tftp//ip-addressport Displaying conﬁguration ﬁle informationNew-startupnvramstartup-conﬁg Modifying the running conﬁguration at the CLI Node#copy running-conﬁg tftp//node-ip Modifying the running conﬁguration ofﬂineNode#reload Delete the conﬁguration named minimal explicitly Example Modifying the running conﬁguration ofﬂineDeleting a speciﬁed conﬁguration Example Deleting a speciﬁed conﬁgurationAuto provisioning CLI copy command copy tftp//host/path conﬁg-ﬁleEncrypted ﬁle download Encrypted Conﬁguration DownloadUse Cases Install a custom encryption key optionalDownload an encrypted conﬁguration ﬁle Encrypt a conﬁguration ﬁleUpload an encrypted conﬁguration ﬁle Basic system management Basic system management conﬁguration task list Name licenses Licenses Managing feature license keysDownloads the license key ﬁle and install Node cfg#copy tftp//tftp-server/path/ﬁleSetting system information System banner with message to operators Setting the system bannerDisplay clock information Setting time and dateDe en Display time since last restartConﬁguring the Web server Determining and deﬁning the active CLI versionDisplaying the system logs Restarting the systemDisplaying reports Controlling command executionUnit Bring job 0 to foreground Ctrl-zsuspend active commandShow the currently running commands Ctrl-cterminate current commandDisplaying the checksum of a conﬁguration Timed execution of CLI commandMode System Some examplesName sys#no terminal idle-time Radius Client Conﬁguration AAA component General AAA Conﬁguration Authentication procedure with a Radius serverNodecfg#show proﬁle authentication Nodecfg#proﬁle authentication nameNodepf-authname#server-timeout Authentication proﬁle-nameRadius conﬁguration Example Conﬁgure the Radius clients as shown in ﬁgure Conﬁguring Radius clientsVendor Conﬁguring Radius accounting109 Attributes in the Radius request message Conﬁguring the Radius serverAttributes in the Radius accept message Conﬁguring the local database accountsBase. The no form removes an existing account Example Create an administrator and an operator accountWord password PasswordStoring call logs with quality information IP context overview IP context and related elements IP context overview conﬁguration task list IP interface related information Planning your IP conﬁgurationConﬁguring physical ports Creating and conﬁguring IP interfacesConﬁguring static IP routing Conﬁguring NaptConﬁguring RIP Conﬁguring quality of service QoS Conﬁguring access control listsIP interface conﬁguration Nodeif-ip name# IP interface conﬁguration task listCreating an IP interface Nodectx-iprouter#interface nameDeleting an IP interface Inside Setting the IP address and netmaskConﬁguring a Napt DMZ interface Name if-ip if-name# no naptIcmp redirect messages Icmp message processingRouter advertisement broadcast message MTU packet size value must be in the range from Nodeif-ipname#tcp adjust-mssDeﬁning the MTU and MSS of the interface Example Deﬁning the MTU of the interfaceDisplaying IP interface information Conﬁguring an interface as a point-to-point linkProcessing gratuitous ARP requests Testing connections with the ping commandDisplaying dynamic ARP entries Flushing dynamic ARP entriesNode#ping address num Mode Either operator or administrator executionBer timeout seconds IP link supervisionDebug ARP Check connectivity of an IP linkShow IP link status Debug connectivityExample Debug ARP output TracerouteExample Display the ARP information Conﬁguring the Igmp ProxyNAT/NAPT conﬁguration Dynamic Napt Static Napt Tftp because the SmartNode might become inaccessibleDynamic NAT Napt traversal Static NATOptional NAT/NAPT conﬁguration task listCreating a Napt proﬁle Node cfg#proﬁle napt nameAH, ESP, GRE, or IPv6 respectively directed to Conﬁguring a Napt DMZ hostDeﬁning Napt port ranges Optional Ahespgreipv6 localipDeﬁning the UDP Napt type Preserving TCP/UDP port numbers in NaptName pf-napt pf-name# udp-handling symmetricaddress Node cfg#show proﬁle napt Activate NAT/NAPTDisplaying NAT/NAPT conﬁguration information Node cfg#context ip routerExample Display NAT/NAPT conﬁguration information Mode proﬁle napt pf-naptConﬁguring NAT static protocol entries Ethernet port conﬁguration Ethernet port conﬁguration task list Entering the Ethernet port conﬁguration modeConﬁguring medium for an Ethernet port Conﬁgures the encapsulation type to IP Conﬁguring Ethernet encapsulation type for an Ethernet portBinding an Ethernet port to an IP interface Nodeprt-eth slot/port#encapsulation ipNodeprt-eth slot/port#bind interface name router Multiple IP addresses on Ethernet portsConﬁguring a Vlan Nodevlanid#bind interface name router Nodeconﬁg#port ethernet slot portNodeprt-ethslot/port#vlan id Nodevlanid#encapsulation ippppoemultiExample Adding a receive mapping table entry Adding a receive mapping table entryNodeprt-eth slot/port#cos rx-map layer Closing an Ethernet port Adding a transmit mapping table entryUsing the built-in Ethernet sniffer Nvramethernet-0-slot-port.cap Following is an example of how the sniffer is normally usedNvramethernet-0-0-1.cap Link scheduler conﬁguration Applying scheduling at the bottleneck Using trafﬁc classesShaping Weighted fair queuing WFQIntroduction to Scheduling PriorityHierarchy Burst tolerant shaping or wfqQuick references Setting the modem rateSource trafﬁc-class class Command cross referencePolicy-map policy-map Proﬁle service-policy Link scheduler conﬁguration task listDeﬁning the access control list proﬁle Enable statistics gathering seePacket classiﬁcation Scenario with Web server regarded as a single source host Creating an access control listNodepf-acl name#permit ip any any Creating a service policy proﬁleNodecfg#proﬁle acl name Nodepf-acl name#permit ip host ip-address any trafﬁc-classStructure of a Service-Policy Proﬁle Specifying the handling of trafﬁc-classes Deﬁning fair queuing weightDeﬁning absolute priority Mode SourceSpecifying the type-of-service TOS ﬁeld Deﬁning the bit-rateNodesrc name#set ip precedence value Specifying differentiated services codepoint Dscp markingSpecifying the precedence ﬁeld Nodesrc name#set ip tos valueValue is from 0 to Deﬁnes the Class-Of-Service value applied to packets of forSpecifying layer 2 marking Nodesrc name#set ip dscp valueNodesrc name#random-detect burst-tolerance Quality of Service for routed RTP streamsDeﬁning random early detection Discarding Excess LoadMode proﬁle service-policy/proﬁle Nodeif-ip if-name#use proﬁle service Devoting the service policy proﬁle to an interfacePolicy name in out Displaying link arbitration status Enable statistics gatheringDisplaying link scheduling proﬁle information Optional Value Implication on Command Output Serial port conﬁguration Disabling an interface Serial port conﬁguration task listEnabling an interface Conﬁguring the hardware port protocol Conﬁguring the serial encapsulation typePort Conﬁguring the active clock edge Baudrate Conﬁguring the baudrate176 Frame Relay conﬁguration Conﬁguring Frame Relay encapsulation Frame Relay conﬁguration task listConﬁguring the keep-alive interval Conﬁguring the LMI typeFor this PVC only FRF.12 end-to-end fragmentation Enabling fragmentationBer to be used on the speciﬁed virtual circuit Nodepvc dlci#fragment sizeEntering Frame Relay PVC conﬁguration mode Binding the Frame Relay PVC to IP interface Conﬁguring the PVC encapsulation typeIP interface wan is bound to PVC 1 on port serial 0 Mode PVCDisabling a Frame Relay PVC Enabling a Frame Relay PVCDebugging Frame Relay Displaying Frame Relay information Integrated service access 188 Check that the Frame Relay settings are correct Conﬁgure the serial interface settingsExample 2 Frame Relay on e1t1 with a channel-group PRI port conﬁguration PRI port conﬁguration task list TerminologyConﬁguring PRI clock-mode Enable/Disable PRI portPRI Debugging Conﬁguring PRI port-typeName prt-e1t1 slot/port# framing Conﬁguring PRI framingName prt-e1t1 slot/port# linecode Ami b8zs hdb3Conﬁguring PRI used-connector E1T1 in E1 mode only Conﬁguring PRI line-build-out E1T1 in T1 mode onlyConﬁguring PRI application mode E1T1 only Conﬁguring PRI Loopback detection E1T1 only Conﬁguring PRI LOS threshold E1T1 onlyConﬁguring PRI encapsulation Default disabledConﬁguring Channel-Group Encapsulation Mode channel-group group-nameCreate a Channel-Group Conﬁguring Channel-Group TimeslotsConﬁguring Hdlc CRC-Type Entering Hdlc Conﬁguration ModeMode channel-group group Mode hdlcConﬁguring Hdlc Encapsulation Default no encapsulationPRI Debugging PRI Conﬁguration Examples Example 2 RBS without a channel-group Example 1 IsdnExample 3 RBS with a channel-group Example 4 Frame Relay without a channel-group Example 6 PPP without a channel-group Example 5 Framerelay with a channel-groupExample 7 PPP with a channel-group BRI port conﬁguration BRI port conﬁguration task list Enable/Disable BRI portConﬁguring BRI clock-mode Creating a channel group Conﬁguring BRI Power-FeedFeed Default disabled Conﬁguring BRI encapsulationName ch-grp group-name#no Selects the timeslot to be used Default no timeslotsTimeslots timeslots Name#no debug bri BRI DebuggingName#show port bri Example 2 Isdn with manual clock/uni-side settings Example 1 Isdn with auto clock/uni-side settingsBRI Conﬁguration Examples Example 3 Multi-Link PPP over two B-Channels Isdn Overview Isdn reference points Isdn reference pointsPossible SmartNode port conﬁgurations Isdn UNI Signaling215 Isdn Layering Isdn Conﬁguration ConceptIsdn conﬁguration Conﬁguring Q.921 parameters Enter Q.921 conﬁguration modeMode base-mode Isdn conﬁguration task listEnter Q.931 conﬁguration mode Mode q921Conﬁguring Q.921 encapsulation Conﬁguring Q.931 parameters Mode q931Pss1old Nodeq931slot/port#signalling-ruleNodeq931slot/port#no signalling-rule EtsiControl interface Conﬁguring Q.931 encapsulationDebugging Isdn Face if-nameExample being clock slave on uni network interface Isdn Conﬁguration ExamplesNode#show port isdn slot port detail level Assume the scenario as illustrated in ﬁgure Example QsigExample PRI RBS conﬁguration RBS conﬁguration task list Enter RBS conﬁguration modeConﬁguring RBS protocol Noderbs#no encapsulation cc-rbs Mode rbsConﬁguring RBS encapsulation Debugging RBSExample Conﬁguring RBS Ground Start on a E1T1 port RBS Conﬁguration Examples229 DSL Port Conﬁguration Conﬁguring PPPoE Line SetupProfile napt WAN Conﬁguration SummaryUsing PVC channels in bridged Ethernet mode Setting up permanent virtual circuits PVCUsing PVC channels with PPPoE Link State Troubleshooting DSL ConnectionsDiagnostics PPPoE accessBasic IP routing conﬁguration Policy routing Basic IP routing conﬁguration task listRouting tables Static routingAdds a static route Displaying IP route information seeConﬁguring static IP routes Nodecfg#context ip router Enters the IP router ContextDisplaying IP route information Deleting static IP routes0.0/0 172.16.32.2 Static Conﬁguring policy routingBasic static IP routing example ExamplesChanging the default UDP port range for RTP and Rtcp RIP conﬁguration Routing protocol Enabling send RIP RIP conﬁguration task listSpecifying the send RIP version Enabling an interface to receive RIPSpecifying the receive RIP version Example Enabling RIP learn host and defaultEnabling RIP learning Enabling RIP announcing Enabling RIP auto summarization Specifying the default route metricEnabling the poison reverse algorithm Enabling RIP split-horizon processingNodeif-ipname#rip route-expiry Setting the RIP route expiry3600 Default 180 seconds Enabling holding down aged routesDisplaying global RIP information Displaying RIP conﬁguration of an IP interface252 Access control list conﬁguration What access lists do About access control listsWhy you should conﬁgure access lists Features of access control lists When to conﬁgure access listsMapping out the goals of the access control list Access control list conﬁguration task listNodepf-acl name#permit ip src src-wildcard any Where the syntax is Any host src dest dest-wildcard any host dest Nodepf-acl name#permit icmp src src-wildcard anyType type type type code code cos group Nodepf-acl name#deny icmp src src-wildcardCode code Where the syntax is as followingMsg name Type typeNodepf-acl name#deny tcp udp sctp src src Nodepf-acl name#permit tcp udp sctp src src-wildCard any host src eq port gt port lt port range Port lt port range from to cos group cos-rtp groupRange from to Eq portLt port Gt portWhere the syntax is Displaying an access control list proﬁle Unbind an access control list proﬁle from an interfaceDebugging an access control list proﬁle Control list profile shall be debugged Denying a speciﬁc subnet Commands that have to be entered are listed belowSnmp conﬁguration Simple Network Management Protocol Snmp Snmp basic commandsSnmp basic components Snmp management information base MIB Identiﬁcation of a SmartNode via SnmpNetwork management framework Snmp tools Setting basic system informationSnmp conﬁguration task list 271 Example Setting the system group objects Setting access community informationRo rw Or read/write access Nodecfg#snmp target IP-address-of-SN Setting allowed host informationSpecifying the default Snmp trap target Nodecfg#snmp host IP-address-of-SN securityDisplaying Snmp related information Using the AdventNet Snmp utilitiesAdventNet MibBrowser Settings Button on the Toolbar Using the MibBrowserAdventNet TrapViewer displaying received traps Using the TrapViewerSpeciﬁc Type TimeStampEnterprise Generic TypeStandard Snmp version 1 traps Snmp interface traps 281 Sntp client conﬁguration Sntp client conﬁguration task list Selecting Sntp time servers Deﬁning Sntp client operating modeUnicast anycast multicast Deﬁning Sntp local UDP port Deﬁning Sntp client poll interval Enabling and disabling the Sntp clientExample Enabling the Sntp client operation Example Disabling the Sntp client operationDisplays the local time, UTC and the offset of the local Deﬁning Sntp client constant offset to GMTDeﬁning the Sntp client anycast address Name #show clock localEnabling and disabling local clock offset compensation Example Enabling the Sntp client root delay compensationNodecfg#sntp-client anycast-address ip Debugging Sntp client operation Example Disabling the Sntp client root delay compensationShowing Sntp client related information Example Showing Sntp client related informationRecommended public Sntp time servers Nist Internet time service291 Dhcp conﬁguration Dhcp configuration DHCP-client conﬁguration tasks Enable DHCP-client on an IP interfaceDHCP-server and DHCP-client are illustrated in ﬁgure ‘conﬁgure’ conﬁguration mode Example Enable DHCP-client on an IP interfaceGet debug output from DHCP-client Mode AnyExample Enable Dhcp debug monitor Release or renew a Dhcp lease manually advancedConﬁgure DHCP-server proﬁles DHCP-server conﬁguration tasksNodepf-dhcpsname#network ip Nodepf-dhcpsname#no defaultNodepf-dhcpsname#no netbios Nodecfg#proﬁle dhcp-server nameAll ip-address Use DHCP-server proﬁles and enable the DHCP-serverNodepf-dhcpsname#no bootﬁle boot Nodepf-dhcpsname#no next-serverDeﬁne the Tftp server Option 66 for the DHCP-server Deﬁne the bootﬁle Option 67 for the DHCP-serverCheck DHCP-server conﬁguration and status Get debug output from the DHCP-server Create/Modify DHCP-Relay proﬁle Conﬁgure DHCP-relayEnable/Disable DHCP-Relay Agent DNS conﬁguration Enabling the DNS resolver DNS conﬁguration task listServer-ip-address Enabling the DNS relay DNS relay diagram307 DynDNS conﬁguration Creating a DynDNS account Conﬁguring the DNS resolver DynDNS conﬁguration task listConﬁguring the DynDNS server Conﬁguring basic DynDNS settingsWord Deﬁning a mail exchanger for your hostname Conﬁguring advanced DynDNS settings optionalMode DynDNS Troubleshooting312 PPP conﬁguration 314 Creating an IP interface for PPP PPP conﬁguration task listNodeif-ipname#point-to-point Nodeif-ipname# ipaddress ip-address Nodeif-ipname# no tcp adjust-mssNodeif-ipname#ipaddress Nodeif-ipname#ipaddress dhcpNodecfg # subscriber ppp name Disable interface IP address auto-conﬁguration from PPPCreating a PPP subscriber Nodeif-ipname#use proﬁle napt nameNodesubscrname# no identiﬁcation Optional outboundinbound user passwordNodesubscrname# dial inout Chap pap chappapConﬁguring a PPPoE session Trigger forced reconnect of PPP sessions using a timerTor AC-Name Optional ﬁle Case authentication is requiredConﬁguring PPP over a Hdlc Link Creating a PPP proﬁleNodepf-pppname#mru min min max DefaultNodecfg #no proﬁle ppp name Nodepf-pppname#mtu min min maxName pf-ppp proﬁle# mrru min Min max max defaultDefault Conﬁguring the local and remote PPP MrruExample Display PPP subscriber conﬁguration information Displaying PPP conﬁguration informationDebugging PPP Example Display a PPP proﬁleNodecfg #show port interface name Nodecfg #show ppp links levelNodecfg #show ppp networks level Nodecfg #show pppoe nameLCP Example Display PPP link informationExample Display PPPoE information Example Display PPP network protocol informationPPP over Ethernet PPPoE Without authentication, encapsulation multi, with NaptWith authentication, encapsulation PPPoE Sample conﬁgurationsPPP over a Hdlc Link E1T1 Port Without authentication, numbered interfaceWith authentication, unnumbered interface PPP over a Hdlc Link Serial PortPPP Dialer PPP Dial-up over IsdnCreate outbound destinations Following command creates a new PPP dialer Mode context csDial-up and login information for a certain Create a dialerConﬁgure recovery strategy Case Create inbound destinationsName inboundprovider#remote-e164 Name if-dialerdialer#inboundName inboundprovider#local-e164 E164Debug dialer functionality Example Dial-on demand featureDial-up on demand Dial-upDial-up on monitor Dial if possible, and never drop Mode context ip/interfaceDial-up nailed CS context overview CS context conﬁguration components Planning the CS conﬁguration CS context conﬁguration task listRemote ofﬁce in an Enterprise network Conﬁguring the clock source Conﬁguring general CS settingsDebugging the clock source Mode Operator executionReference clock Conﬁguring call routingSelecting PCM law compression Node sys#clock-sourceslot-number port-numberSpecify call routing Creating and conﬁguring CS interfacesConﬁguring voice over IP parameters Conﬁguring dial tonesConﬁguring a SIP VoIP connection Conﬁguring Isdn portsConﬁguring FXS ports Conﬁguring an H.323 VoIP connectionActivating CS context conﬁguration Level Nodectx-csswitch#show call-router config detailNode ctx-csswitch#debug call-router detail level Nodectx-csswitch#show call-router status detailSmartNode in an Enterprise network CS Conﬁguration Planning the CS contextFirst we set clock-source to Isdn port 2/3 Conﬁguring general CS settingsConﬁguring call routing 354 Conﬁguring BRI ports Conﬁguring VoIP settingsBecause we need G.723 as codec we enable Dtmf relay We want to use this proﬁle on our H.323 interfacesConﬁguring an H.323 VoIP connection Next we conﬁgure call signalingActivating the CS context conﬁguration TAB-CALLED-NUMBER Finally, activate the gateway and CS contextConﬁguration script for our application looks as follows Showing the running conﬁguration359 360 361 VPN conﬁguration Encryption AuthenticationPermanent IKE Tunnels Transport and tunnel modesKey management Creating an IPsec policy proﬁle VPN conﬁguration task listCreating an IPsec transformation proﬁle Example Create an IPsec transformation proﬁleProcedure To create an IPsec policy proﬁle Mode Conﬁgure Creating/modifying an outgoing ACL proﬁle for IPsec Displaying IPsec conﬁguration information Conﬁguration of an IP interface and the IP router for IPsecExample IPsec Debug Output Example Display IPsec transformation proﬁlesExample Display IPsec policy proﬁles Debugging IPsecMain differences between manual & IKE Ipsec conﬁgurations Key management IKECreating an Ipsec transform proﬁle Creating an Isakmp transform proﬁle Mode. The peer can either be an IP address or a Creating an Isakmp Ipsec policy proﬁleShould be used. Do not specify a peer, if this pol Icy shall be used for multiple peers in transportSample conﬁguration snippet Creating/modifying an outgoing ACL proﬁle for IpsecConﬁguration of an IP interface and the IP router for Ipsec Policy matchingUse proﬁle acl WANOut out Debug ike errorDebug ike event Enabling RTP encryption support Encrypted Voice Performance considerationsPerformance considerations Mode Context ip /interface if-name SmartNode conﬁguration IPsec tunnel, DES encryptionCisco router conﬁguration 379 380 CS interface conﬁguration CS interfaces on the CS context CS interface conﬁguration task listNodeif-typeif-name#… Examples Create CS interfaces and delete anotherNodeif-typeif-name#exit 384 Conﬁguring the interface mapping tables Service service-name Nodeif- typeif-name #exitTable table-name Speciﬁed direction Table in table-nameThat shall be applied to all call properties And/orIncoming call passing an interface mapping table Call passing an input and an output mapping table Conﬁguring the precall service tablesRepeat to add other special number map Supplementary service invocation commandsNumber to command Supplementary service invocation commandIsdn interface conﬁguration Isdn interfaces on the CS context Isdn interface conﬁguration task listDeﬁnes an alternate Pstn proﬁle to be used for Conﬁguring Dtmf dialing optionalConﬁguring an alternate Pstn proﬁle optional Nodeif-isdn if-name#no use proﬁleDisabling call-waiting on Isdn DSS1 network interfaces Name if-isdn if-name# no call-waiting Disable call-waitingConﬁguring ringback tone on Isdn user-side interfaces Conﬁguring call waiting optionalEnabling Display Information Elements on Isdn Ports Conﬁguring Call-Hold on Isdn interfacesConﬁguring date/time publishing to terminals optional Deﬁning the ‘network-type’ in Isdn interfaces Sending the connected party number Colp optionalHome Office Isdn Advice of Charge support 398 If there is not charge information from the network If there is no tariff information from the network forAll calls Nodeif-isdnif- name# aoc-d automaticNoChargeAvailable Isdn User Interface Connected to a PBX switch etcFollowing table shows an overview of the AOC variants Isdn Network Interface connected to phonesReceive Direction Mode interface isdn interfaceIsdn DivertingLegInformation2 Facility Transmit DirectionNodeif-isdn#caller-name early-alerting Nodeif-isdn#caller-name500 Absence Outgoing Isdn call. This feature is disabledBy default Nodeif-isdn#caller-name ignoreFXS interface conﬁguration Conﬁguring a subscriber number recommended FXS interface conﬁguration task listNameif-fxsname#no subscriber Mode Interface FXSConﬁguring caller-ID presentation optional Conﬁguring ﬂash hook processing optionalConﬁguring ringing-cadence optional Ing-indication stutter-dial-tone Through Stuttered Dial Tone Conﬁguring the Message Waiting Indication feature for FXSMat etsi Frequency-shift keyingMat bell Call hold Call transfer FXS supplementary services descriptionTern Default enabledCall hold Call waitingCall toggle Call waiting reminder ringDrop passive call Drop active callPattern ConferencingCall park Nameif-fxsname#no drop-passiveFXO interface conﬁguration FXO interfaces on the CS context Creating an FXO interface FXO services descriptionDeleting an FXO interface Nodectx-csswitch#interface fxo nameNodeif-fxo name # FXO off-hook on caller ID FXO interface conﬁguration task listNodeif-fxo if-name# Conﬁguring when the digits are dialed optionalNodectx-csswitch#interface fxo if-name Nodeif-fxoif-name#Nodeif-fxoif-name#dial-after dial-tone timeout seconds Figuration modeNodeif-fxo if-name #ring-number count Nodeif-fxo if-name#Min min-time max max-time Conﬁguring how to detect a call has disconnected optionalBattery-reversal tax-pulse Nodeif-fxo if-name#no connect-signalFXO Mute dialing Conﬁguring the destination of the callFXO interface examples RBS interface conﬁguration Name Face, the ‘no’ form deletes an existing one RBS interface conﬁguration task listCreating/Deleting a RBS interface Conﬁguring an alternate Pstn proﬁleConﬁguring B-Channel allocation strategy Mode Interface RBSConﬁguring additional disconnect signals Conﬁguring an alternate Tone-Set proﬁleConﬁguring ready to dial strategy Nodeif-rbsif-name#no dial-after dial- tone timeout secondsNode#no debug ccrbs datapath error signaling Conﬁguring number of Rings before Off-HookNode#show ccrbs interface if-name detail Node#show ccrbs call if-name detail levelPrints information about ongoing calls on Selected interfaceInterface conﬁguration Interface conﬁguration task list Examples Deﬁne the IP address of the remote H.323 entity Binding the interface to an H.323 gatewayConﬁguring an alternate VoIP proﬁle optional Node if- h323 if-name #itc tx 3k1 Conﬁguring CLIP/CLIR support optionalNode if- h323 if-name #itc rx 3k1 Speciﬁes the information transfer capability toNameif-h323name#early-connect Enabling ‘early-proceeding’ on H.323 interfacesEnabling the early call connect optional Nameif-h323if-name#early-proceedingEnabling the via address support optional Enabling the early call disconnect optionalNodeif-h323if-name# remoteport port Conﬁguring status inquiry settings optionalIng connection should be established AOC-D Support for H.323 Nodeif-h323if-name# no aoc-d Mode context cs/interfce h.323 interface-nameNodeif-h323if-name# no aoc-d emit SIP interface conﬁguration SIP interface conﬁguration task list SIPSip-gateway gw-name Binding the interface to a SIP gatewayConﬁgure a remote host Nodeif-sipif-name# no bind contextNodeif-sipif-name# no local host Using an alternate VoIP proﬁle OptionalConﬁguring a local host Optional Nodeif-sipif-name# no remote hostNodeif-sipif-name#use proﬁle sip pro Using an alternate SIP proﬁle OptionalUsing an alternate Tone-Set proﬁle Optional Nodeif-sipif-name#use proﬁle voipConﬁguring address translation Optional Conﬁguring early call connect / disconnect OptionalMapping call-control properties in SIP headers Conﬁguring Isdn Redirecting Number Tunneling Over SIP Mapping SIP headers to call-control propertiesHeader Updating caller address parameters SIP Diversion Header 450 SIP Refer Transmission & Isdn Explicit Call Transfer support 452 Name if-sip interface#no aoc-d emit AOC Over SIP OptionalName if-sip interface#no aoc-d AcceptEnabling the SIP penalty-box feature Optional Enabling the session timer OptionalConﬁgure the SIP hold method Optional Default zero-ipCall router conﬁguration Call router configuration 458 Direct call routing vs. advanced call routing Map out the goals for the call router Call router conﬁguration task listConﬁgure address completion timeout Enable advanced call routing on circuit interfacesConﬁgure general call router behavior Digit-collection terminating-char char Example Conﬁgure address completion timeoutAddress-completion timeout timeout Digit-collection timeout timeoutNational-preﬁx preﬁx Procedure To conﬁgure number preﬁx Mode Context CSConﬁgure number preﬁx for Isdn number types Example Conﬁgure number preﬁxCreate a routing table Conﬁgure call routing tablesCalling-e164 Called party number routing table Example Called party number routing tableRegular Expressions Symbol Description Digit Collection Digit Collection Variants Example Digit collection of any number Dialed Selected Description Number Entry Number type routing table Calling party number routing tableNumbering plan routing table IP address routing table Name routing tableDot . means ‘any character’ in a regular expression Presentation Indicator Routing TableURI routing table Smith must be escaped with a backslash \, becauseScreening Indicator Routing Table Information transfer capability routing table 478 Example Day of week routing table Default Any other unhandled case Mode context csTime of day routing table Day of Week Routing TableResulting running-conﬁg is Procedure To delete an entire routing tableNode ctx-cs switch #routing-table Deleting routing tablesDelete the routing table table-name Node ctx-cs switch #no routing-tableExample Remove an entire routing table Conﬁgure mapping tablesType Description Input-Type Description Output-Type Sets the display name of the called Mapping table examples Away the input-type and output-type Example Called and calling party manipulation mapping tableTo E.164 Mapping Tables Input-type to output-type table-name486 487 Other mapping tables Custom SIP URIs from called-/calling-e164 propertiesDeleting mapping tables Node ctx-cs switch #mapping-tableEnter the mapping table from which you want to remove an Example Remove an entire mapping table Procedure To delete an entire mapping table Mode Context CSCreating complex functions Deleting complex functions Example Create a complex functionIngress interface Example Remove an entire complex functionDigit collection & sending-complete behavior Sending-Complete323 Call-RouterTrue Yes123# Egress Interface Complete-indication clear Mode context cs / interface sipCreating a hunt group service Creating call servicesHunt group service Call dest-interface interface-name Node ctx-cs switch #service huntCall dest-service service-name Cause causeNormal Event Default Behavior Class Cause Hunt Description Group ServiceNo-user-responding Drop original call Option Not Service orResource UnavailableInvalid Message ImplementedProtocol Error Interworking Distribution group service Creating a distribution group serviceWith the ﬁrst conﬁgured destinations Node ctx-cs switch #service distribuNodesvc-huntservice-name# route call Dest-service service-nameCall-router ‘limiter’ service Distribution-Group Min-Concurrent setting‘Limiter’ service diagram Priority servicePriority service diagram Bridge CS Bridge service-‘VoIP Leased Line’Bridge services diagram Conﬁguration Example Conﬁguring the service second-dialtoneActivate the call router conﬁguration Deleting call servicesExample Create and test a routing table Test the call router conﬁguration516 Call routing example network 518 CS context and call router elements 520 Conﬁgure partial rerouting Call reroute Mode context cs/interface sipEnable push-back aaa service Mode context cs/service aaaEnable push-back limiter service Enable push-back bridge serviceEnable push-back distribution-group service Enable push-back hunt group serviceSIP call-router services Name ctx-csswitch#no service sip SIP conference-serviceSIP conference-service conﬁguration task list Entering conference-service conﬁguration modeFerence-server host-name port SIP location-serviceMode Service SIP conference Conﬁguring the conference serverEntering SIP location-service conﬁguration mode SIP location-service conﬁguration task listSeconds Binding a location serviceConﬁguring the hunt timeout Conﬁguring multi-contact behaviorTone conﬁguration Tone-set proﬁles Conﬁguring call-progress-tone proﬁles Tone conﬁguration task listConﬁgure tone-set proﬁles Procedure To conﬁgure a tone-set proﬁle Mode ConﬁgureProcedure To assign a tone-set proﬁle to a Pstn interface Enable tone-set proﬁleFor which a tone indication can be provided Name Ciﬁc with name name Show call-progress-tone and tone-set proﬁlesExample Show tone-set proﬁle Node#show proﬁle call-progress-toneFollowing example shows how to display the tone-set proﬁle 536 FXS port conﬁguration Shutdown and enable FXS ports Conﬁgure country-speciﬁc FXS port parameters Bind FXS ports to higher layer applicationsNetherlands Nodeconﬁg#port fxs slot port Mode IC voice in systemEnter FXS port conﬁguration mode Other FXS port parametersExample FXO port conﬁguration Bind FXO ports to higher layer applications Shutdown and enable FXO portsNodeprt-fxo slot/ port#use Conﬁgure country speciﬁc FXO port parametersOther FXO port parameters Nodeconﬁg#port fxo slot portEnter FXO port conﬁguration mode Gateway conﬁguration Gateway between IP and CS contexts Binding the gateway to an IP interface Mode Gateway H.323Enable the gateway Gateway conﬁguration task listConﬁgure registration authentication service RAS Optional Node gw-h323h323#gatekeeper-discov Conﬁgure H.235 Security optionalEry auto gkid 235 conﬁguration Procedure To enable H.235 security on H.323 gatewayNode gw-h323h323#h235security pass \getcryptopassword h235-password masWord h235-password encrypted Node gw-h323h323#h235security masterDetail debug-level Default setting isCommand show h235-securityshows the current setting Signaling messageEnabling H.245 Tunneling Advanced conﬁguration options optionalNodegw-h323h323#faststart Enables the fastconnect procedure Enabling the fastconnect procedureEnabling the early H.245 procedure Nodegw-h323h323#h245-tunneling Enables H.245 tunnelingPort Naling connections Conﬁguring the trafﬁc class for H.323 signalingSetting the response timeout Nodegw-h323h323#call-signaling-portNal gateway Setting the connect timeoutIstration Nodecfg#debug gateway h323 tpktchan Nodecfg#debug gateway h323 errorNodecfg#debug gateway h323 signaling H323 status detail levelContext SIP gateway overview Routing Architecture Creating a context SIP gateway Enter conﬁguration modeContext SIP Gateway conﬁguration task list From-URI-Host equal Remote Request-URI-Host equal LocalConﬁguring the IP binding Mode Context SIP GatewayMode Transport Interface Creating a transport interfaceConﬁguring a spoofed contact address Binding location servicesEnabling/disabling the context SIP gateway Node#show context sip-gateway gw TroubleshootingDebug commands Show status informationExample Conﬁguration ExamplesOutbound Authentication Inbound Authentication Outbound Registration 569 Inbound Registration B2B User Agent with Registered Clients 572 VoIP proﬁle conﬁguration VoIP profile configuration Nodepf-voip name# VoIP proﬁle conﬁguration task listCreating a VoIP proﬁle Nodecfg#profile voip nameConﬁgure codecs Procedure Remove a codec from the list Mode Proﬁle VoIP Mode Proﬁle VoIPProcedure Insert a codec at a speciﬁc position in the list Conﬁguring the transparent-clearmode codec Mode VoIP nameConﬁguring the Cisco versions of the G.726 codecs Nodepf-voip pf-name#dtmf-relay DefaultrtpsignalingConﬁguring Dtmf relay Conﬁguring RTP payload typesNodepf-voip name#rtp payload-type nse Conﬁguring RTP payload type for transparent-clearmodeConﬁguring RTP payload type for Cisco NSE Conﬁguring Cisco NSE for FaxJitter and dejitter buffer Conﬁguring the dejitter buffer advancedAdaptive Procedure Conﬁgure the dejitter bufferIs valid for all modes Max-delayDejitter buffer is allowed to introduce. This setting Enabling/disabling ﬁlters advancedIllustrates the difference between Fax relay and Fax bypass Conﬁguring Fax transmissionFax relay and Fax bypass Nodepf-voipname# fax transmis Nodepf-voipname#fax transmisSion bypass g711alaw64k Nodepf-voipname#fax dejitterRetransmission number Mode proﬁle voip proﬁle-nameVolume CED retransmissionFax bypass method No-Signal RetransmissionMode proﬁle voip pf-name Method default v150-vbdnse Default defaultMission bypass g711alaw64k Modem bypass methodConﬁguring modem transmission Nodepf-voip name#modem transConﬁguring IP-IP codec negotiation Conﬁguring the trafﬁc class for Voice and Fax dataHome ofﬁce in an enterprise network Home ofﬁce in an enterprise networkDescription Home ofﬁce with fax Show the conﬁgured proﬁleSoft phone client gateway 595 Disable Dtmf relay Show the conﬁgured proﬁle Pstn proﬁle conﬁguration Creating a Pstn proﬁle Pstn proﬁle conﬁguration task listConﬁguring output gain Conﬁguring the echo cancellerProcedure Disable echo cancellation Mode Proﬁle Pstn Procedure Conﬁgure voice output gain600 SIP proﬁle conﬁguration Namecfg#no profile name name Entering the conﬁguration mode for a SIP proﬁleSIP proﬁle conﬁguration task list Mapping from a SIP disconnect causeQ931-cause to sip-cause Mapping to a SIP causeMapping from a SIP redirection reason Mapping to a SIP redirection codeAuthentication Service Creating an Authentication Service Authentication Service conﬁguration task listConﬁguring a Realm Conﬁguring the authentication protocolCreating credentials Location Service Domain Examples Location Service conﬁguration task listCreating a Location Service Adding a domainCreating an identity Mode IdentityAlias Authentication outbound faceBound Nodeauthout#authenticate index Mode Authentication outboundAuthentication inbound face Nodeauthout#authenticate authenticaNodeauthin#no authenticate index Mode Authentication inboundNodeauthin#authenticate authentica Nodeauthin#authenticate indexRegistration outbound face Mode Registration outboundNoderegout#proxy index down posi Noderegout#proxy host portStrict-route Port strict-routeInbound Noderegin# no lifetime default secRegistration inbound face Nodeidentityname# no registrationNodecallout#proxy index host Mode Call outboundCall outbound face Nodecallout#proxy host portMode Call inbound Mode Call outboundCall inbound face Inheriting from an identity group to an identity Creating an identity groupSubscription Conﬁguring the Message Waiting Indication feature for SIPNotiﬁcation Mode Message inboundMode Message inbound Message Waiting Indication through Call-Control This conﬁguration example, inheritance is used VoIP debugging Debugging strategy Example Verify IP connectivity Following command will disable the ﬁlter completelyFiltering debug monitor output Verifying IP connectivityOverview Isdn debug monitors Debugging call signalingDebugging Isdn signaling Unit#debug ccisdn signalingVerify an incoming call Verify an outgoing call Line630 Verify Isdn layer 2 and 3 status Isdn layer 2 and 3 can be veriﬁed using a show commandDebug isdn event slot port all layer2 layer3 For most verbose output Debugging FXS SignalingOverview FXS debug monitors StopsState to RINGING, that means it has accepted the call Overview H.323 debug monitors Debugging H.323 Signaling635 636 637 Debugging SIP signaling Using SmartWare’s internal call generator Way control detail level Debugging voice dataNo debug media-gate Way dejitterWay dsp Way switchWay error Way rtpCheck system logs How to submit trouble reports to Patton643 Appendix a Terms and deﬁnitions Also release SmartWare architecture terms and deﬁnitionsPression Buffer OryPots Tftp Appendix B Mode summary Mode overview, 1 Mode Overview, 2 Mode Overview, 3 Appendix C Command summary Ebnf syntax Show help New Conﬁguration CommandsShow command history OtherAppendix D Internetworking terms & acronyms Numeric AbbreviationsDSS1 MSN SAR Appendix E Used IP ports & available voice Codecs Telnet Used IP portsWebserver Available voice codecs