Posted by: rolande | December 9, 2007

Configuring a Cisco 3725 with CallManager Express 4.0

Cisco 7960 VoIP Phone

The following is a configuration example taken from my own personal 3725 router that I use for IP telephony at home. I primarily used examples found on CallManager Express Resource Site as well as the Cisco Press CallManager Express book. I ran into quite a few issues with hardware and configuration based on my initially limited understanding of the logic and processes behind the IOS telephony service, so I figured I’d put this document out here to help anyone else save a little time.

The information supplied in this configuration is in no way guaranteed to work in every situation nor officially supported by the author. If you send me questions, I will eventually respond, though. This document is meant to provide an example of general IOS telephony configuration practices. The ! signifies a commented line in Cisco’s notation. Non-commented lines are the actual configuration syntax as it would be entered on the Cisco router.

Go To Configuration

Relevant Links to Additional Resources

Requirements

In order to support the IOS telephony service, you will need a version of IOS that includes the voice feature set. Since voice is a constantly evolving technology on Cisco platforms, the newer the code, the better the features. I am currently running IOS 12.4(9)T6 Advanced IP Services (c3725-advipservicesk9-mz.124-9.T6.bin) on a 3725 with 256MB DRAM and 192MB Flash, NM-2V with VIC-2FXO-M1, and VIC-2FXS. This IOS version now includes CallManager Express 4.0. Previous IOS versions all ran CallManager Express 3.3 or earlier. This release follows the previous version I was running [12.4(9)] but it just provides additional bug fixes under the latest T train release. I have recently started noticing software crashes causing my router to reboot. That is never good. So, I may be looking at reverting back to the previous release.

The previous release fixed a consistent memory leak with SIP registration and other strange issues with VoIP. The memory leak was quite significant at first due to bogus SIP registrations occuring for my POTS dial-peers. I also added ‘no sip-register’ to my POTS dial-peers as well as ‘no-reg both’ to the number on my ephone extensions and that made a dent in the leak but did not resolve it. Upgrading to 12.4(9)T2 resolved the SIP memory leak altogether. My SBC POTS service is plugged into one of the FXO ports and I have a SIP VoIP service (ViaTalk) configured as an alternate trunk provider. The internal house wiring is plugged into an FXS port on an ATA188 adapter attached via ethernet and the Skinny protocol and I have a handful of Cisco 7960 IP phones plugged into the network, as well.

My Setup

I have CallManager Express configured to act as a hybrid phone system. Each IP phone has a unique extension and they also have a shared line with the rest of the analog phones.

Incoming Calls – DID

Since POTS service doesn’t support DID/DNIS, inbound calls on the POTS line can only be forwarded to a single destination port. Unfortunately, there is no unique call information available to make a call routing decision.

There are 2 options (at least that I could find) to forward the inbound call to a port or extension. The easiest way is to use connection plar aka Private Line Auto Ringdown aka the BatPhone. When the port is seized it will automatically ring an extension. You assign PLAR to the incoming FXO voice-port to ring a known extension or destination pattern. The downside to this is that anytime you seize the FXO trunk on an outbound call it will obey the PLAR configuration. When you are trying to dial outbound it will technically work but it is annoying to get a call-waitng and caller-id chirp in your ear every time you initiate a call.

A better way to forward the inbound call is to use Direct Inward Dial (DID). The problem is that DID relies upon called number information coming inbound from the telco. POTS lines do not send DID/DNIS information. The nice thing is that we can at least still match a null DNIS value and translate it to a useful extension number that will ring an
internal line.

voice translation-rule 1
 rule 1 // /299/
!
voice translation-profile default
 translate called 1

The translation rule is then applied to the incoming FXO voice-port for inbound calls.

voice-port 1/1/0
 translation-profile incoming default

This config above only does the translation of the called number from null to the internal extension. The trick now is that you have to match this value and tell it to start evaluating the dial-peer destination patterns based on it. This is done using an incoming dial-peer with Direct Inward Dial that matches the incoming called number.

dial-peer voice 298 pots
 incoming called-number 299
 direct-inward-dial
 port 1/1/0

The direct-inward-dial command tells the dial-peer to force any matching call to start matching the outbound call leg dial-peer immediately based on the incoming called number. Of course, we conveniently translated that value from null to 299 above, so any inbound call will subsequently match an outbound dial-peer with a destination pattern of 299. Note that this dial-peer references the FXO port on the router. This is an incoming dial-peer statement. So, it is triggered when the call is inbound on port 1/1/0 and has an incoming called number of 299. The key action command is the direct-inward-dial statement which tells the router to start matching the called number (299) to any of the configured outbound dial-peers.

Outbound Calls

Alternatively, any internal extension can use the POTS line as an outbound trunk line by dialing 8. I recently integrated ViaTalk’s SIP VoIP service as a second line and I dial 9 to get an outside line using ViaTalk. Most VoIP providers offer dual-line with many advanced features. This would allow for multiple phone numbers for custom inbound call routing. Not only have I gained a 2nd and 3rd trunk line to add seamlessly for outbound calls, I now have a separate number for work calls that only rings certain phones in the house, as well as a dedicated fax/modem phone number. The IOS telphony service allows for integration of SIP services so the router can become a SIP client and proxy the call from the internal extension or accept a call from external and forward to a particular port or dial-peer.

Layer2 Switch Config

The Cisco 7960G IP Phones are plugged into my Catalyst 3524XL with Inline Power. Each phone port on the switch is configured for 802.1q trunking with a voice VLAN configured.

interface FastEthernet0/#
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport voice vlan 2
 spanning-tree portfast

The native VLAN on all of these ports is VLAN 1 which carries the rest of my home network data. Since Cisco does not tag the native VLAN frames, any device can plug into these ports and still function on VLAN 1. Cisco IP phones use CDP to negotiate which VLAN the phone should send its traffic on. When the voice VLAN is configured on a switch port, the phone automatically learns this from CDP and tags all of the traffic originated by the phone with that VLAN number.

Phone Boot Support

My router is configured to act as the DHCP server for all VLANs. When the phones boot, they autoconfigure the phone’s VLAN based on the default CDP negotiation. Then they get their network address information from the DHCP server, including the Option 150 parameter which defines the TFTP server to load the phone configuration file and image
etc.

ip dhcp pool Phones
   network 192.168.2.0 255.255.255.0
   default-router 192.168.2.1
   option 150 ip 192.168.2.1
   dns-server 192.168.1.5 4.2.2.1
   domain-name thewaystation.com
   lease 0 0 30

My router is currently configured as the TFTP server for the phones. I have loaded the necessary firmware image and other ringtones and XML config files onto the router’s flash memory. Good thing it doesn’t require very much memory. I added an extra 128MB ATA Flash card into slot0: anyway just so I’d have room for another IOS image if necessary.

tftp-server flash:P00308000500.bin
tftp-server flash:P00308000500.sbn
tftp-server flash:ringer1.pcm
tftp-server flash:P00308000500.sb2
tftp-server flash:P00308000500.loads
tftp-server flash:music-on-hold.au
tftp-server flash:NyukNyuk.raw
tftp-server flash:RingList.xml
tftp-server flash:Piano1.raw
tftp-server flash:Piano2.raw
tftp-server flash:Sax1.raw
tftp-server flash:Sax2.raw

CallManager Express GUI

I also loaded the CallManager Express GUI interface into flash to support an easier configuration interface. For detailed installation instructions, Click Here.

ip http server
ip http authentication local
no ip http secure-server
ip http path flash:

FXO Disconnect Problem

FXO ports with their default configuration are known to suffer from problems with not recognizing call hangup or disconnect from the calling or called party. The reason for this has to do with the fact that Telco switches or PBXs expect a phone to be attached to the line and not an FXO port. When a phone is hung up it opens the loop to indicate on-hook. FXO ports expect the switch to signal hangup by reversing the battery signal. So either device on either end of the connection is expecting the other to signal the call disconnect. It can become a standoff which keeps the line from being released in a timely fashion. In order to fix this, there are several things shown below that can be configured on the voice-port to assist the process.

Understanding FXO Disconnect Problem

 voice-port 1/1/0
 supervisory disconnect dualtone pre-connect
 pre-dial-delay 0
 no vad
 timeouts call-disconnect 2
 timeouts wait-release 2
 timing hookflash-out 250

By default, the FXO port supports battery-reversal detection. This is the normal way the remote switch signals call disconnect. Additionally, there is a feature called call supervision or disconnect supervision. This is used to listen for call disconnect tones that can be generated by a PBX or remote switch. There are several ways to configure this parameter based on how the remote telco or PBX may indicate call hangup. It is now possible to configure the disconnect tones to be detected either continuously during calls (by configuring the mid-call command), or only during call setup (by using the pre-connect command in the configuration). Detection of anytone (configured by the anytone command) operates only during call set-up. If you configure detection of anytone, you must also enable echo cancellation to prevent disconnection due to the detection of the router’s own ringback tone.

Finally, changing the default disconnect and wait-release timeouts on the voice-ports is key to making this process work quickly. By default the call-disconnect timeout is set for 60 seconds. That is way too long to wait for the port to clear after a disconnect is received. The wait-release timeout defaults to 30 seconds which is also rather long. By
lowering the timers to 2 seconds, things work in a much more expected manner. Finally, in order to support Centrex type services like call-waiting and 3 way calling, you must support the hook-flash feature. If this command is not enabled, the router will not relay a hook-flash event out the FXO port, thus disabling the ability to answer call-waiting etc.

Caller ID Support

One thing to take note of. If you want caller-id (CLID) to work on your phones, you will need to make sure you are using a VIC-2FXO-M1 module which is supported by the NM-1V and NM-2V modules in older platforms like the 2600, 3600, and 3700 series. Alternatively, you will need a VIC2-2FXO module which requires the newer NM-HD-1V or NM-HD-2V modules. These modules require newer platforms like the 2600XM, 2800, 3640/60 or 3800 series. The older VIC-2FXO modules do not support caller-id.

You can read more about the module dependencies on the compatibility matrix page.

Not All Dial-Peers are Treated the Same Way

Another thing I learned through experimentation and reading is that all dial-peers are not created equal. The IOS Telephony service doesn’t really like to share a destination-pattern amongst attached FXS ports and ephones. Really odd behavior ensues when incoming calls are evaluated against the dial-peers. What this means is that you can’t have all your IP phones and analog phones, attached to a directly connected FXS port, ring simultaneously like a normal shared line. The reason is that IOS applies grouping and order to the way it matches dial-peers. All POTS dial-peers are evaluated first. Next VOIP dial-peers are evaluated and, finally, Virtual dial-peers created by ephone configuration.

However, there is a way around this problem if you want to have a shared line on all IP and analog phones. The trick is to get a Cisco ATA-186 or the newer 188 Analog Telephone Adapter platform. These devices each have 2 FXS ports on them and an ethernet port and can run firmware that supports Cisco’s Skinny (SCCP) protocol. This allows the device to attach to CallManager Express as an ephone. Since the phones attached to the ATA device now appear as ephones on the router, IOS can match all the shared ephone dial-peers and ring the phones simultaneously without any problems.

SIP VoIP Config for ViaTalk

I recently integrated ViaTalk VoIP service into my CallManager setup to gain additional lines and cheaper long distance. Primarily I wanted to test the quality of the service and gauge whether or not it could replace my existing long distance package successfully. So far, things are going quite well. The price is right with a good set of features and most importantly they offer open access to their SIP proxy. I can make multiple outbound calls from different extensions simultaneously. The call quality has been really good to destinations within the US. It practically sounds like you are right next door to someone on the other side of the country. When I initially signed up for service, the calls I made to Canada, on the other hand, were more equivalent to cell phone quality. There must have been additional latency and/or jitter to contend with at the time into Canada. Within the past couple weeks I have made a couple calls to Canada and the quality has been just as good as within the US. The possibility of intermittent voice quality issues with VoIP is somewhat annoying but, for the price, I can deal with it. 😉

If you are seriously considering signing up for ViaTalk’s VoIP service, please use me as a referral and click on one of the ads on this page as a link to their site to go sign up. Thank you!

ViaTalk Banner

When you configure a SIP User Agent on your router, it will automatically attempt to register any destination patterns for dial-peers not associated with the SIP service. This is not a good thing. As a small home user, you probably only have one or two valid e164 phone numbers assigned to the SIP service. So no point in trying to register anything else. It just wastes CPU cycles and memory and will add annoying messages in the provider’s log files. The solution to keep these unwanted numbers from attempting to register via SIP is to use the no sip-register command on each dial-peer you want to filter. For ephones you have to use ‘no-reg [primary | secondary | both]’ on the number assignment. You can filter the primary number, secondary number, or both from registering with SIP.

sip-ua
 authentication username 1614602xxxx password xxxxxxxxxxxxxxxx
 no remote-party-id
 retry invite 4
 retry response 3
 retry bye 2
 retry cancel 2
 retry register 5
 timers register 250
 mwi-server dns:newyork.vtnoc.net expires 3600 port 5060 transport udp unsolicited
 registrar dns:newyork.vtnoc.net expires 3600
 sip-server dns:newyork.vtnoc.net
!
telephony-service
 voicemail *123
 mwi relay
 transfer-system full-consult
 transfer-pattern .T
 transfer-pattern 8.T
 secondary-dialtone 9
!
dial-peer voice 801 pots
 no sip-register
.
.
.
!
dial-peer voice 901 voip
 translation-profile outgoing SIP
 destination-pattern 91[2-9].........
 session protocol sipv2
 session target dns:newyork.vtnoc.net
 dtmf-relay rtp-nte
 codec g711ulaw
.
.
.

DTMF Relay is another issue that became an annoyance with ViaTalk. If you aren’t familiar, DTMF or Dual Tone Multi Frequency is the touchtone sound when you press digits on the phone. Most IP phones do not send the DTMF sounds in the audio stream. They use an out of band method to communicate that a digit is being pressed to the VoIP gateway. This in turn has to be translated on the other end so that an actual DTMF tone is sent to the end device such as a voicemail system or conferencing system. ViaTalk supposedly supports RFC 2833 signalling better known as RTP Named Telephone Events. This is a method of sending the DTMF signaling using a special RTP payload type called NTE. For the first few months that I had the ViaTalk service I had no issues checking my work voicemail or dialing into conference calls. Then one day I stopped being able to use these services. DTMF relay was failing. I would press buttons on the phone but nothing would happen on the other end.

After months of trying to figure out what is going on, I have narrowed it down to an interoperability issue with Cisco’s implementation of RTP NTE and the Asterix servers that ViaTalk uses. At this point you have to open a ticket with ViaTalk and have them change your profile to use ‘Auto’ DTMF relay to get it to work properly. For some reason it will not work if they hard code the setting on their end. I do not have a specific explanation of the problem but it has something to do with the way Asterix has implemented some form of negotiation with the SIP client for DTMF relay.

Additionally, once the DTMF issue has been fixed on your SIP profile with ViaTalk, their voicemail system will still not work properly. This is a known issue and I still have not seen an explanation or resolution from anyone who has run into it and posted questions about it. It is obvious that the voicemail system does not obey the DTMF relay negotiation or support the known workaround like the Asterix servers.

Configuring Quality of Service (QoS)

In order to guarantee latency through a “lower” speed interface, like what is typical of the upstream bandwidth on a DSL connection, you have to setup Class-Based Weighted Fair Queueing (CBWFQ). This QoS mechanism only works for traffic destined out of your network and across the DSL connection. Since, you usually don’t have control over the queueing performed on your ISP’s router you can not really impact the incoming traffic. It is typically not a problem, though, since most of the interfaces in that path will be higher speed anyway. The good thing is that you can make sure that your general upstream data traffic utilization plays nicely with your voice traffic and doesn’t get in the way of it.

policy-map voice-qos
 description VoIP QoS
 class voice-udp
  priority 256
 class voice-signaling
  bandwidth 128
 class class-default
  fair-queue 256

class-map match-any voice-signaling
 match  dscp af31
 match  protocol sip
class-map match-any voice-udp
 description Class Mapping for VoIP RTP
 match  dscp ef
 match  protocol rtp

 interface ATM0/0.35 point-to-point
 bandwidth 512
 bandwidth receive 3008
 pvc 0/35
  vbr-nrt 512 512
  service-policy output voice-qos
  max-reserved-bandwidth 80

There is a trick to get this configuration to work with the WIC-1ADSL module which appears as an ATM interface in the router. You have to define the pvc traffic as vbr-nrt and identify the upstream bit rate of the connection. Then apply the policy-map to the pvc itself under the ATM sub-interface configuration. Without configuring vbr-nrt on the specific pvc, you will not be able to apply the policy-map to the interface in a functioning state.

 


DISCLAIMER

No Warranty of any kind is expressed or implied with respect to the information contained in this document!

The information found here is compiled for the convenience of anyone looking for general guidelines and best practices for configuration based on my own professional experience, as well as industry standards.

Use this information at your own risk!

Scott S. 2007


Example Configuration for IOS IP Telephony with CallManager Express 4.0

version 12.4
service nagle
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname r5418-1
!
boot-start-marker
boot system flash:c3725-advipservicesk9-mz.124-9.T2.bin
boot-end-marker
!
logging count
logging queue-limit 250
logging buffered 50000 informational
no logging rate-limit
logging console informational
logging monitor informational
enable secret 5 xxxxxxxxxxxxxxxxxxxxxx
!
aaa new-model
!
!
aaa group server radius default
!
aaa authentication login default local-case
aaa accounting system default start-stop group default
!
aaa session-id common
!
resource policy
!
clock timezone EST -5
clock summer-time EDT recurring
no ip source-route
ip wccp 20 redirect-list 188
ip cef
!
!
ip dhcp relay information policy drop
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.10
ip dhcp excluded-address 192.168.1.250 192.168.1.255
ip dhcp excluded-address 192.168.2.1
!
ip dhcp pool Home
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1
   netbios-node-type h-node
   domain-name thewaystation.com
   dns-server 192.168.1.5
   lease 30
!
ip dhcp pool Laptop
   host 192.168.1.10 255.255.255.0
   client-identifier 01xx.xxxx.xxxx.xx
   client-name WorkLaptop
   default-router 192.168.1.1
   netbios-node-type h-node
   domain-name thewaystation.com
   dns-server 192.168.1.5
   lease infinite
!
ip dhcp pool Phones
   network 192.168.2.0 255.255.255.0
   default-router 192.168.2.1
   option 150 ip 192.168.2.1
   dns-server 192.168.1.5 4.2.2.1
   domain-name thewaystation.com
   lease 0 0 30
!
!
ip flow-cache timeout active 1
no ip bootp server
ip domain name thewaystation.com
ip name-server 192.168.1.5
ip multicast-routing
ip ssh time-out 30
ip ssh rsa keypair-name r5418-1.thewaystation.com
ip ssh version 2
ip inspect max-incomplete low 100
ip inspect max-incomplete high 300
ip inspect udp idle-time 60
ip inspect dns-timeout 60
ip inspect tcp idle-time 7200
ip inspect tcp finwait-time 8
ip inspect tcp max-incomplete host 100 block-time 1
ip inspect name Internet ftp alert on audit-trail on timeout 120
ip inspect name Internet fragment maximum 250 timeout 15
ip inspect name Internet tcp alert on timeout 7200
ip inspect name Internet http alert on timeout 120
ip inspect name Internet icmp alert on timeout 10
ip inspect name Internet udp alert on timeout 60
ip inspect name firewall ftp alert on audit-trail on timeout 120
ip inspect name firewall fragment maximum 250 timeout 15
ip inspect name firewall icmp alert on audit-trail on
ip inspect name firewall http alert on timeout 120
ip inspect name firewall udp alert on timeout 60
ip inspect name firewall tcp alert on timeout 7200
ip ips name Internet
ip accounting-threshold 100
ip accounting-list 192.168.1.0 0.0.0.255
!
!
trunk group  outbound
!
!
!
voice service pots
!
voice service voip
 sip
!
!
voice class codec 1
 codec preference 1 g711ulaw
 codec preference 2 g729r8
!
voice class codec 2
 codec preference 1 clear-channel
!
!
voice statistics time-range since-reset
!
voice translation-rule 1
 rule 1 // /1614xxxxxxx/
!
voice translation-rule 2
 rule 1 /614xxxxxxx/ /xxxxxxx/
!
voice translation-rule 7
 rule 1 /^2../ /614xxxxxxx/
!
voice translation-rule 8
 rule 1 /^9\(1..........\)/ /\1/
 rule 2 /^9614\(.......\)/ /\1/
 rule 3 /^9\(.......\)/ /\1/
 rule 4 /^9\(011.*\)/ /\1/
 rule 5 /^9\([2-9]11\)/ /\1/
!
voice translation-rule 9
 rule 1 /^8\(1..........\)/ /\1/
 rule 2 /^8614\(.......\)/ /\1/
 rule 3 /^8\(.......\)/ /\1/
 rule 4 /^8\(011.*\)/ /\1/
 rule 5 /^8\([2-9]11\)/ /\1/
!
voice translation-rule 91
 rule 1 /^614\(.*\)/ /9\1/
 rule 2 /^\(..........\)/ /91\1/
 rule 3 /^\(.*\)/ /9\1/
!
!
voice translation-profile SIP
 translate calling 7
 translate called 8
!
voice translation-profile cid_fix
 translate calling 91
!
voice translation-profile default
 translate called 1
!
voice translation-profile strip_9_out
 translate called 9
!
voice translation-profile voip
 translate called 2
!
!
!
!
username user privilege 15 password 7 xxxxxxxxxxxxxxxxxx
!
!
class-map match-all icmp
 match protocol icmp
class-map match-all outbound_hosting
 match access-group 170
class-map match-any voice-signaling
 match  dscp af31
 match  protocol sip
class-map match-any match-any
 match any
class-map match-any voice-udp
 description Class Mapping for VoIP RTP
 match  dscp ef
 match  protocol rtp
class-map match-all outbound_access
 match access-group 180
class-map match-all udp
 match access-group 150
!
!
policy-map voice-qos
 description VoIP QoS
 class voice-udp
  priority 256
 class voice-signaling
  bandwidth 128
 class class-default
  fair-queue 256
policy-map traffic_shape
 class outbound_hosting
  bandwidth 384
  queue-limit 128
 class class-default
  fair-queue 512
policy-map traffic_shape_out
 class outbound_hosting
  bandwidth 384
  queue-limit 128
 class outbound_access
  bandwidth 196
 class icmp
  police cir 128000
 class class-default
  fair-queue 512
!
!
!
!
!
!
!
interface Loopback0
 ip address 192.168.255.254 255.255.255.255
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface ATM0/0
 no ip address
 atm ilmi-keepalive
 atm ilmi-pvc-discovery
 bundle-enable
 dsl operating-mode auto
!
interface ATM0/0.35 point-to-point
 bandwidth 512
 bandwidth receive 3008
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no snmp trap link-status
 pvc 0/35
  vbr-nrt 512 512
  service-policy output voice-qos
  max-reserved-bandwidth 80
  pppoe-client dial-pool-number 1
 !
!
interface FastEthernet0/0
 description Home Data Network
 ip address 192.168.1.1 255.255.255.0
 ip access-group inside-out in
 ip access-group inside-in out
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip pim sparse-dense-mode
 ip nat inside
 no ip virtual-reassembly
 ip accounting output-packets
 ip accounting access-violations
 ip route-cache flow
 ip tcp adjust-mss 1452
 no snmp trap link-status
!
interface FastEthernet0/1
 description VoIP Phone Network
 ip address 192.168.2.1 255.255.255.0
 no ip unreachables
 no ip proxy-arp
 ip pim sparse-dense-mode
 ip nat inside
 ip virtual-reassembly
 no snmp trap link-status
 speed 100
 full-duplex
!
interface Virtual-Template1
 no ip address
 service-policy output traffic_shape
!
interface Async1
 no ip address
 encapsulation slip
!
interface Dialer1
 mtu 1492
 bandwidth 512
 bandwidth receive 3008
 ip address negotiated
 ip access-group internet-in in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip inspect Internet out
 ip ips Internet in
 ip virtual-reassembly
 encapsulation ppp
 ip route-cache flow
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication chap pap callin optional
 ppp chap hostname user@static.sbcglobal.net
 ppp chap password 7 xxxxxxxxxxxxxxxx
 ppp pap sent-username user@static.sbcglobal.net password 7 xxxxxxxxxxxxxx
 ppp ipcp route default
!
ip route 0.0.0.0 0.0.0.0 Dialer1 5 permanent
!
ip flow-export version 5 origin-as
ip flow-export destination 192.168.1.5 2055
!
ip http server
ip http authentication local
no ip http secure-server
ip http path flash:
ip nat translation tcp-timeout 7200
ip nat translation finrst-timeout 5
ip nat translation syn-timeout 15
ip nat translation icmp-timeout 360
ip nat pool HIDE 70.142.142.116 70.142.142.116 prefix-length 29
ip nat inside source route-map NAT pool HIDE overload
!
ip access-list extended NAT
 permit ip 192.168.0.0 0.0.255.255 any
ip access-list extended inside-in
 deny   icmp any any fragments
 permit icmp any any net-unreachable
 permit icmp any any host-unreachable
 permit icmp any any port-unreachable
 permit icmp any any parameter-problem
 permit icmp any any packet-too-big
 permit icmp any any administratively-prohibited
 permit icmp any any source-quench
 permit icmp any any echo-reply
 permit icmp any any ttl-exceeded
 deny   icmp any any
 permit tcp any gt 1023 host 192.168.1.5 eq www
 permit tcp any gt 1023 host 192.168.1.5 eq 443
 permit tcp any gt 1023 host 192.168.1.5 eq 22
 permit tcp any gt 1023 host 192.168.1.5 eq smtp
 permit tcp any gt 1023 host 192.168.1.5 eq ftp
 permit tcp any gt 1023 host 192.168.1.5 eq ftp-data
 permit udp any eq domain host 192.168.1.5 eq domain
 permit udp any eq domain host 192.168.1.2 eq domain
 permit udp any gt 1023 host 192.168.1.5 eq domain
 permit udp any gt 1023 host 192.168.1.2 eq domain
 permit tcp host 151.164.1.1 host 192.168.1.5 eq domain
 permit tcp host 151.164.11.218 host 192.168.1.5 eq domain
 permit tcp host 206.141.251.2 host 192.168.1.5 eq domain
 permit tcp host 206.141.193.168 host 192.168.1.5 eq domain
 deny   tcp any range 0 65535 any range 0 65535 log-input
 deny   udp any range 0 65535 any range 0 65535 log-input
 deny   ip any any log-input
ip access-list extended inside-out
 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
 permit ip 192.168.1.0 0.0.0.255 host 192.168.1.1
 permit ip 192.168.1.0 0.0.0.255 host 192.168.255.254
 permit udp host 0.0.0.0 eq bootpc host 255.255.255.255 eq bootps
log-input
 deny   ip any 0.0.0.0 0.255.255.255 log-input
 deny   ip any 10.0.0.0 0.255.255.255 log-input
 deny   ip any 127.0.0.0 0.255.255.255 log-input
 deny   ip any 169.254.0.0 0.0.255.255 log-input
 deny   ip any 172.16.0.0 0.15.255.255 log-input
 deny   ip any 192.168.0.0 0.0.255.255
 deny   ip any 224.0.0.0 15.255.255.255 log-input
 deny   udp any any eq netbios-ns
 deny   udp any any eq netbios-dgm
 deny   udp any any eq netbios-ss
 permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended internet-in
 deny   53 any any log-input
 deny   55 any any log-input
 deny   77 any any log-input
 deny   pim any any log-input
 deny   ip 0.0.0.0 0.255.255.255 any log-input
 deny   ip 10.0.0.0 0.255.255.255 any log-input
 deny   ip 127.0.0.0 0.255.255.255 any log-input
 deny   ip 169.254.0.0 0.0.255.255 any log-input
 deny   ip 172.16.0.0 0.15.255.255 any log-input
 deny   ip 192.168.0.0 0.0.255.255 any log-input
 deny   ip host 255.255.255.255 any log-input
 deny   ip 224.0.0.0 15.255.255.255 any log-input
 deny   icmp any any fragments
 permit icmp any any net-unreachable
 permit icmp any any host-unreachable
 permit icmp any any port-unreachable
 permit icmp any any parameter-problem
 permit icmp any any packet-too-big
 permit icmp any any administratively-prohibited
 permit icmp any any source-quench
 permit icmp any any echo-reply
 permit icmp any any ttl-exceeded
 deny   icmp any any
 deny   udp any any eq netbios-ns log
 deny   udp any any eq netbios-dgm log
 deny   udp any any eq netbios-ss log
 permit ip any any
!
logging history informational
logging origin-id hostname
logging facility local0
logging 192.168.1.5
access-list 10 permit 192.168.1.3
access-list 10 permit 192.168.1.2
access-list 10 permit 192.168.1.5
access-list 10 permit 128.46.154.76
access-list 10 permit 192.168.1.254
access-list 11 permit 192.168.1.0 0.0.0.255
access-list 13 permit 192.168.1.5
access-list 50 permit 209.251.120.18 log
access-list 50 permit 192.168.1.0 0.0.0.255 log
access-list 50 permit 155.181.130.0 0.0.0.255 log
access-list 80 permit 192.168.1.6
access-list 98 permit 192.168.1.5
access-list 99 permit 68.79.218.254
access-list 99 permit 192.168.1.10
access-list 110 deny   tcp any any eq 135
access-list 110 deny   tcp any any eq 137
access-list 110 deny   tcp any any eq 139
access-list 110 deny   tcp any any eq 445
access-list 110 permit ip any any
access-list 111 permit ip 192.168.1.0 0.0.0.255 any
access-list 112 permit ip any any
access-list 150 remark Police UDP
access-list 150 permit udp 192.168.1.0 0.0.0.255 any
access-list 160 remark CAR ICMP
access-list 160 permit icmp any any
access-list 170 remark Outbound hosting
access-list 170 permit tcp any eq www any
access-list 170 permit tcp any eq 443 any
access-list 170 permit tcp any eq ftp-data any
access-list 180 remark Outbound access
access-list 180 permit tcp any any eq www
access-list 180 permit tcp any any eq 443
access-list 180 permit tcp any any eq ftp-data
access-list 180 permit tcp any any eq 22
access-list 188 permit tcp 192.168.0.0 0.0.3.255 any eq www
access-list 188 permit tcp 192.168.0.0 0.0.3.255 any eq 443
access-list compiled
dialer-list 1 protocol ip permit
snmp-server community xxxxxx RO 13
snmp-server enable traps tty
!
!
!
route-map NAT permit 10
 match ip address NAT
!
!
!
tftp-server flash:P00308000500.bin
tftp-server flash:P00308000500.sbn
tftp-server flash:ringer1.pcm
tftp-server flash:P00308000500.sb2
tftp-server flash:P00308000500.loads
tftp-server flash:music-on-hold.au
tftp-server flash:NyukNyuk.raw
tftp-server flash:RingList.xml
tftp-server flash:Piano1.raw
tftp-server flash:Piano2.raw
tftp-server flash:Sax1.raw
tftp-server flash:Sax2.raw
!
control-plane
!
!
!
voice-port 1/0/0
 ren 5
 timeouts ringing infinity
 station-id name POTS
 station-id number 299
 caller-id enable
!
voice-port 1/0/1
!
voice-port 1/1/0
 trunk-group outbound 1
 translation-profile incoming default
 translate calling 91
 pre-dial-delay 0
 no vad
 timeouts ringing infinity
 timeouts wait-release 5
 timing hookflash-out 250
 description SBC xxx-xxx-xxxx
 station-id number xxxxxxxxxx
!
voice-port 1/1/1
!
ccm-manager config server r5418-1.thewaystation.com
ccm-manager download-tones
!
!
!
dial-peer cor custom
!
!
!
dial-peer voice 801 pots
 trunkgroup outbound
 description dial 8 for outside POTS line
 destination-pattern 81..........
 prefix 1
 no sip-register
!
dial-peer voice 802 pots
 trunkgroup outbound
 description local calls
 destination-pattern 8[2-9]......
 forward-digits 7
 no sip-register
!
dial-peer voice 803 pots
 description dial 0 for local operator
 destination-pattern 80
 port 1/1/0
 prefix 0
 no sip-register
!
dial-peer voice 804 pots
 description any 3 digit service ending in 11, ie 611, 411
 destination-pattern 8[2-9]11
 port 1/1/0
 forward-digits 3
 no sip-register
!
dial-peer voice 900 voip
 translation-profile outgoing SIP
 destination-pattern 9[2-9]11
 session protocol sipv2
 session target dns:newyork.vtnoc.net
 dtmf-relay rtp-nte
 codec g711ulaw
!
dial-peer voice 901 voip
 translation-profile outgoing SIP
 destination-pattern 91[2-9].........
 session protocol sipv2
 session target dns:newyork.vtnoc.net
 dtmf-relay sip-notify rtp-nte
 codec g711ulaw
!
dial-peer voice 902 voip
 translation-profile outgoing SIP
 destination-pattern 9[2-9]......
 session protocol sipv2
 session target dns:newyork.vtnoc.net
 dtmf-relay rtp-nte
 codec g711ulaw
!
dial-peer voice 903 voip
 translation-profile outgoing SIP
 destination-pattern 9011T
 session protocol sipv2
 session target dns:newyork.vtnoc.net
 dtmf-relay rtp-nte
 codec g711ulaw
!
dial-peer voice 904 voip
 translation-profile outgoing SIP
 destination-pattern 1[2-9].........
 session protocol sipv2
 session target dns:newyork.vtnoc.net
 dtmf-relay sip-notify rtp-nte
 codec g711ulaw
!
dial-peer voice 905 voip
 translation-profile outgoing SIP
 destination-pattern 011T
 session protocol sipv2
 session target dns:newyork.vtnoc.net
 dtmf-relay sip-notify rtp-nte
 codec g711ulaw
!
dial-peer voice 911 pots
 description dial 911 for 911 emergency service
 destination-pattern 911
 port 1/1/0
 prefix 911
 no sip-register
!
dial-peer voice 912 voip
 translation-profile outgoing SIP
 destination-pattern *1
 session protocol sipv2
 session target dns:newyork.vtnoc.net
 dtmf-relay sip-notify rtp-nte
 codec g711ulaw
!
dial-peer voice 913 voip
 translation-profile outgoing SIP
 destination-pattern *67[2-9]......
 session protocol sipv2
 session target dns:newyork.vtnoc.net
 dtmf-relay sip-notify rtp-nte
 codec g711ulaw
!
dial-peer voice 914 voip
 translation-profile outgoing SIP
 destination-pattern *671..........
 session protocol sipv2
 session target dns:newyork.vtnoc.net
 dtmf-relay sip-notify rtp-nte
 codec g711ulaw
!
dial-peer voice 915 voip
 translation-profile outgoing SIP
 destination-pattern *..
 session protocol sipv2
 session target dns:newyork.vtnoc.net
 dtmf-relay sip-notify rtp-nte
 codec g711ulaw
!
!
sip-ua
 authentication username 1614xxxxxxx password xxxxxxxxxxxxxxxxxxx
 no remote-party-id
 retry invite 4
 retry response 3
 retry bye 2
 retry cancel 2
 retry register 5
 timers register 250
 mwi-server dns:newyork.vtnoc.net expires 3600 port 5060 transport udp unsolicited
 registrar dns:newyork.vtnoc.net expires 3600
 sip-server dns:newyork.vtnoc.net:5060
!
!
!
!
telephony-service
 fxo hook-flash
 load 7960-7940 P00308000500
 max-ephones 48
 max-dn 192
 ip source-address 192.168.2.1 port 2000
 auto assign 1 to 1
 service phone displayIdleTimeout 00:30
 service phone displayOnDuration 1:00
 timeouts interdigit 8
 system message CME 4.0
 url services http://phone-xml.berbee.com/menu.xml
 time-zone 12
 time-format 24
 voicemail *123
 mwi relay
 max-conferences 4 gain -6
 call-forward pattern .T
 moh music-on-hold.au
 web admin system name user secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxx
 transfer-system full-consult
 transfer-pattern .T
 secondary-dialtone 9
 after-hours block pattern 1 1900 7-24
 after-hours block pattern 2 1976 7-24
 directory entry 1 xxxxxxx name "Scott"
 directory entry 2 xxxxxxx name "Kristi"
 create cnf-files version-stamp 7960 Apr 18 2006 08:29:50
!
!
ephone-template  1
 softkeys idle  Redial Newcall Pickup Cfwdall Dnd
 softkeys seized  Redial Endcall Cfwdall Pickup Gpickup
 softkeys alerting  Endcall Callback
 softkeys connected  Hold Confrn Flash Park Trnsfer
!
!
ephone-dn  21  dual-line
 call-waiting ring
 number 201 no-reg both
 label Den: 201
 name Den
!
!
ephone-dn  23  dual-line
 call-waiting ring
 number 202 no-reg both
 label Kitchen: 202
 name Kitchen
!
!
ephone-dn  25  dual-line
 call-waiting ring
 number 203 no-reg both
 label MBR: 203
 name Master Bedroom
!
!
ephone-dn  29  dual-line
 call-waiting ring
 number 1614xxxxxxx no-reg primary
 label 614-xxx-xxxx
!
!
ephone-dn 30 dual-line
 call-waiting ring
 number 1614xxxxxxx
 label VoIP 614-xxx-xxxx
!
!
ephone-dn  31
 number 311 no-reg both
 description Paging
 paging ip 225.54.18.211 port 5418
!
!
ephone  1
 device-security-mode none
 description Den
 username "user" password password
 mac-address XXXX.XXXX.XXXX
 ephone-template 1
 paging-dn 31
 type 7960
 keep-conference
 button  1:21 2:29 3:30
!
!
!
ephone  2
 device-security-mode none
 description Kitchen
 username "user" password password
 mac-address XXXX.XXXX.XXXX
 ephone-template 1
 paging-dn 31
 type 7960
 keep-conference
 button  1:23 2:29 3:30
!
!
!
ephone  3
 device-security-mode none
 description Master Bedroom
 username "user" password password
 mac-address XXXX.XXXX.XXXX
 ephone-template 1
 paging-dn 31
 type 7960
 keep-conference
 button  1:25 2:29 3:30
!
!
!
ephone  4
 device-security-mode none
 description Cisco ATA188 FXS Port 1
 mac-address XXXX.XXXX.XXXX
 type ata
 keep-conference
 button  1:29
!
!
!
ephone  5
 device-security-mode none
 description Cisco ATA188 FXS Port 2
 mac-address XXXX.XXXX.XXXX
 type ata
 keep-conference
 button  1:30
!
!
banner login ^C

                   Unauthorized Use Is Prohibited

       Access to this device or attached networks is expressly
            prohibited without express written permission.
         Violators will be prosecuted to the fullest extent
                  of both civil and criminal law.

^C
banner motd ^C

  Welcome to r5418-1.thewaystation.com!
  All activity is logged and audited.

^C
!
line con 0
 exec-timeout 0 0
 password 7 xxxxxxxxxxxxxxxx
 logging synchronous
 transport preferred none
line 1
 stopbits 1
 speed 115200
 flowcontrol hardware
line aux 0
 exec-timeout 5 0
 password 7 xxxxxxxxxxx
 logging synchronous
 modem InOut
 no exec
 stopbits 1
 speed 19200
 flowcontrol hardware
line vty 0 4
 access-class 50 in
 exec-timeout 0 0
 password 7 xxxxxxxxxxxxxxxx
 logging synchronous
 transport preferred ssh
 transport input telnet ssh
!
exception core-file r5418-1-core
exception protocol ftp
exception dump 192.168.1.5
ntp clock-period 17180609
ntp access-group peer 10
ntp access-group serve-only 11
ntp peer 192.168.1.3
ntp peer 192.168.1.2
ntp peer 192.168.1.5
ntp server 128.46.154.76 prefer
ntp peer 192.168.1.254
!
webvpn context Default_context
 ssl authenticate verify all
 !
 no inservice
!
!
end


DISCLAIMER

No Warranty of any kind is expressed or implied with respect to the information contained in this document!

The information found here is compiled for the convenience of anyone looking for general guidelines and best practices for configuration based on my own professional experience, as well as industry standards.

Use this information at your own risk!

Scott S. 2007


Advertisements

Responses

  1. Regrading to your nice work about Cisco cme , i wanna ask what if i can host Fax machine directly on cisco fxs Port on same router ( FXS—— CME —— FXO ) , the point that i face problem with accepting fax and when i dial it from PSTN number it don’t hear any fax tone ( i use cisco 2911 , vic-2fxs & vic-2fxo , cme V.8.6 .

    Like

  2. I spent several weeks troubleshooting with Viatalk and ended up with a different solution.

    Using ironhide.vtnoc.net we had DTMF issues that we could not resolve.

    Using soundwave.vtnoc.net, DTMF works fine. However, outbound calls would drop after 30 seconds and inbound calls had no audio.

    The solution was to disable PRACK. To do this in Cisco CME:

    2821-rtr(config)#voice service voip
    2821-rtr(conf-voi-serv)#sip
    2821-rtr(conf-serv-sip)# rel1xx ?
    disable Disables reliable-provisional responses
    require Requires reliable-provisional responses
    supported Supports reliable-provisional responses

    2821-rtr(conf-serv-sip)# rel1xx disable

    I hope this information is useful to others that experience these issues.

    Thanks for all of the detailed info in your blog!
    -Al

    Like

    • Thanks for this update Al. This is great info. Sounds like SIP was trying to use TCP for provisional responses which was breaking.

      I ended up canceling my ViaTalk service a few years back when I was still in Ohio because I was having quite a bit of call quality issues which I believe was primarily due to the legacy ADSL service I was forced to suffer which I could only obtain 512K upstream. I was getting to much jitter and delay and I didn’t have any time to spend figuring it out. So my wife made the executive decision to kill it. At the time, she was also annoyed with having to dial a 9 to use our POTS line or an 8 to dial using ViaTalk.

      My 2 older daughters are just getting to the age now where they want to Facetime and Skype and Instagram and text and sit on the phone all day with their friends and if I’m working from home it is getting annoying if I want a landline for a conference call. I have no desire to pay $35/month plus all the fees for a second U-verse line which works out to about $44/month. So, I’m planning to sign up for service again in the next few weeks, once I get a chance to get my CME platform back in working order. I ended up replacing my primary home network 3725 router with a 3825 and I’d rather not run voice on it just due to the pain I dealt with last time with buggy IOS causing it to crash all the time and take down my entire home network. So, I’m planning to run CME on a dedicated router behind my 3825. The good thing is I now have 45/6 U-verse service, so I have about 12 times the upstream bandwidth and should not experience the call quality issues like I did previously. I just need to build a dial plan that lets my wife use the U-verse voice line just like any regular old telephone without having to dial a 9. So, I’m going to need to brush up on my translation rules so I can get the system to run in kind of a hybrid mode. I thought about just keeping the 2 phone lines separate but where would be the fun in that? Then we couldn’t intercom between phones or dial between extensions etc. 😉 I’m looking forward to getting my ‘geek’ on again.

      Like

  3. disabling PRACK responses is the ticket for viatalk! Al hit it right on the nose with “rel1xx disable”! Thanks Al!

    Like

  4. Hi, great post, do you have anything similar for Call Manager 9.1+ ?

    Like


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: