Beruflich Dokumente
Kultur Dokumente
VVT-2106
VVT-2106 12627_04_2006_c2
Cisco Public
Cisco Public
Agenda
CME/CUE Security CME Remote Teleworker CME Video CUE Advanced Applications CME/CUE Management Q and A Summary Backup
VVT-2106 12627_04_2006_c2
Cisco Public
CME/CUE Security
VVT-2106 12627_04_2006_c2
Cisco Public
NYC
Public
SJC
SIP phone
VVT-2106 12627_04_2006_c2
Cisco Public
FW SCCP phone
FW
NYC
SJC
SIP phone
Cisco Public
IPsec tunnel
SCCP phone H.323/SIP Trunk
NYC
Public
SJC
SIP phone
VVT-2106 12627_04_2006_c2
Cisco Public
Service Module
Bridged link
Service-Engine 4/0 VLAN1
Or
interface FastEthernet0/0 ip address 10.68.10.1 255.255.255.0 ! interface Service-Engine4/0 ip unnumbered FastEthernet0/0 service-module ip address 10.68.10.10 255.255.255.0 service-module ip default-gateway 10.68.10.1 ! ip route 10.68.10.10 255.255.255.255 Service-Engine4/0
Cisco Public 8
VVT-2106 12627_04_2006_c2
Cisco Public
Any other access to HTTP servers on the private LAN also requires configuration to use a port other than 80 A static NAT statement for port 21 might also be needed to enable remote FTP software installation or upgrade for CUE
VVT-2106 12627_04_2006_c2 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
10
SCCP SIP RTP RTP H.225 H.245 H.323 RAS H.323 RAS H.323 RAS TLS TLS
VVT-2106 12627_04_2006_c2
TCP 2000 TCP 5060 UDP 16384-32767 UDP 2000 TCP 1720 TCP 11000-65535 UDP 1718 UDP 1719 UDP 223.0.1.4 TCP 3804 TCP 2443
2006 Cisco Systems, Inc. All rights reserved.
Call Control for SCCP Phones Call Control for SIP Endpoints Media from CME to H.323/SIP Endpoint, Including CUE Media from CME to SCCP Phone H.323 Call Setup H.323 Call Control, Port Assignment Random GK Discovery GK Call Control GK Multicast Discovery CAPF Authentication Request Secure Call Control for SCCP Phones
Cisco Public 11
DHCP HTTP HTTPS/SSL NTP Radius Radius SNMP SSH Syslog Telnet TFTP
UDP 67 TCP 80 TCP 443 UDP 123 UDP 1645 UDP 1646 UDP 161 TCP 22 UDP 514 TCP 23 UDP 69
IP Addressing for IP Phones CME GUI Access, IP Phone Local Directory Access Secure CME GUI Access Time Sync for CUE, IP Phones Authentication for CME CLI/GUI Users CDR Accounting Traps for CME Monitoring Secure CME CLI Access System Monitoring, CDR Accounting CME CLI Access IP Phone Download of Firmware and Config Files
VVT-2106 12627_04_2006_c2
Cisco Public
12
Securing CUE:
Protocol DNS
Notes
FTP
FTP Server
VVT-2106 12627_04_2006_c2
Securing CUE:
Protocol Remote Source Port CUE Destination Port TCP 143 (Non-SSL) TCP 993 (SSL)
IMAP
PC Client
Integrated Messaging. Use of SSL Is Optional. Used for Call Control in CCM Deployments CUE/CME Admin and User Browser Access; Also Used by VVE Date/Time Server CUE Script Debugging and VVE. TwoThree Dynamic Ports in the 32xxx Are Used. IP Phone and Gateway Ports
Cisco Public 14
JTAPI HTTP NTP TCP 80 UDP 123 TCP 1099 TCP 32xxx UDP 1638432767 UDP UDP 163841638432767 32767
2006 Cisco Systems, Inc. All rights reserved.
TCP 2748
RMI
PC Client
RTP
VVT-2106 12627_04_2006_c2
UDP 1638432767
Voice Media
Securing CUE:
Protocol SSH Remote Source Port CUE Destination Port
Notes Not Supported on CUE. Use SSH to the Host Router. SIP Trunking Requires CUE 2.3 or Later Voice Mail Networking Between Sites CUE SNMP Requires CUE 2.2 or Later
Not Supported on CUE. Use Telnet to the Host Router. Used for Loading RAM Kernel
Cisco Public 15
TFTP Server
Features Restriction
Transfer-pattern Transfer max-length Softkey template Call-forward max-length Disable call-forward local Disable directed pickup
Administrative Restriction
TACACS/radius authentication SSH/HTTPS secure access
VVT-2106 12627_04_2006_c2
Cisco Public
16
Toll Restriction:
After-Hours block
telephony-service after-hours block pattern 1 91 after-hours block pattern 2 91900 7-24 after-hours day sun 9:00 8:00 after-hours day mon 19:00 8:00 after-hours day tue 19:00 8:00 after-hours day wed 19:00 8:00 after-hours day thu 19:00 8:00 after-hours day fri 19:00 10:00 after-hours day sat 13:00 9:00
Numbers Starting with 91 Blocked During Non-Business Hours Numbers Starting with 91900 Always Blocked, 247 Business Hours Set to 8:0019:00 MondayFriday, 1013:00 Saturday, Closed Sunday
After-hours block globally defines specific blocks patterns that cannot be dialed during non-business hours Maximum of 32 block patterns can be defined per system Block pattern with 724 always blocked for all phones When stop time is earlier than start time, the stop time is in the next day of the week; i.e. Sat 13:00 9:00 sets non-business hours from Saturday, 13:00 to Sunday, 9:00AM
VVT-2106 12627_04_2006_c2 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
17
Toll Restriction:
After-Hours Exemption
telephony-service after-hours block pattern 1 91 after-hours block pattern 2 91900 7-24 login timeout 10 ! ephone 1 ! ephone 2 after-hour exempt ! ephone 3 pin 1234
Numbers Starting with 91 or 91900 Blocked STOP
ephone 1
No Numbers Blocked
ephone 2
After PIN Entry: Only Numbers Starting with 91900 are Blocked STOP
ephone 3 After-hour exempt will exempt IP phone from all after-hours blocking After-hours PIN over-ride will suspend after-hours block when user enters four to eightdigit PIN; block pattern with 724 suffix will still be enforced even after PIN entry After-hours suspension in effect until login timeout expires PIN is defined per IP phone
VVT-2106 12627_04_2006_c2 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
18
Toll Restriction:
Dial-peer cor custom name 911 name 408 ! Dial-peer cor list call911 Member 911 ! Dial-peer cor list call408 Member 408 ! Dial-peer cor list Lobby Member 911 ! Dial-peer cor list Office Member 408 Member 911
COR denies or allow calls based on group membership. These groups are called COR lists An ephone-dn or dial-peer can become a member of a single COR list Ephone-dn and dial-peer that are not members of COR lists are exempt from COR rules
VVT-2106 12627_04_2006_c2 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
19
Toll Restriction:
Incoming Ephone-dn
ephone-dn 1 number 1111 cor incoming Lobby
Outgoing Dial-peer
dial-peer 1 voice pots corlist outgoing call911 destination-pattern 9911 port 1/0/0
Call Allowed: Member 911 Matches for Incoming and Outgoing COR List
Call Blocked: No Member Match for Incoming and Outgoing COR List dial-peer cor list Office member 911 member 408 ephone-dn 2 number 2222 cor incoming Office
STOP
dial-peer 2 voice pots corlist outgoing call408 destination-pattern 408. port 1/0/0
Call Allowed: Member 911 and 408 Match for Incoming and Outgoing COR List
VVT-2106 12627_04_2006_c2 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
20
Toll Restriction:
Incoming Ephone-dn
Outgoing Dial-peer
dial-peer voice 3 pots corlist outgoing call845 destination-pattern 845. port 1/0/0 Dial-peer cor list call845 Call Blocked: No Member STOP member 845 Match for Incoming and Outgoing COR List NO COR LIST
Call Allowed: Dial-peers with No COR List Applied Accepts all Calls
NO COR LIST
Call Allowed: Ephone-dn with No COR List Applied Can Make Calls to any dial-peer
VVT-2106 12627_04_2006_c2 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
21
After-Hours Block
Pros
Provisioning is simple, settings applied per phone Can be provisioned on GUI Rules can be selectively enforced according to time-ofday or PIN override
Cons
Settings must be applied per DN Provisioning on CLI only No time-of-day or PIN override
Cons
All phones must follow single global set of rules Supported on SCCP and SIP phones only
VVT-2106 12627_04_2006_c2
Cisco Public
22
Allowed
Yes
Call Pattern
9011* 91.. *
Allowed
No No Yes
Call Pattern
9011* 914085551212 91408. *
Allowed
No Yes No Yes
Cisco Public
23
STOP
STOP
Call-forward max-length restricts maximum number of digits that can be entered for call forward destination with CfwdAll softkey on a per DN basis Max-length for ephone-dn assigned to button 1 will be enforced when pressing CfwdAll softkey while onhook or by lifting handset Max-length for ephone-dn assigned to other buttons only enforced when specific button is selected; if button 2 is selected and CwdFall softkey is pressed, max-length for ephone-dn assigned to button 2 is enforced Call forward max-length is not enforced for destinations entered in GUI or CLI
VVT-2106 12627_04_2006_c2 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
24
No forward local-calls introduced in CME 4.0, will block call-forwarding of incoming calls from local CME IP phones Set on a per ephone-dn basis All other incoming calls will obey ephone-dn call-forward settings
1000
PSTN
VVT-2106 12627_04_2006_c2
Cisco Public
25
PSTN
Transfer to 9102223333 blocked STOP
12345 Call transfer to POTS or VoIP destination that does not match the transferpattern is blocked; this includes local destinations such as CUE and B-ACD
One transfer-pattern is allowed per system and is enforced on all phones By default, no transfer-pattern is set, so all call transfers to POTS or VoIP destinations are blocked transfer-pattern still allows transfers to ephone-dn and ephone-hunt numbers defined on local CME Transfer-pattern .T will allow call transfers to any destination
VVT-2106 12627_04_2006_c2 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
26
PSTN
Ephone 2: Transfer to 5551212 blocked STOP
12345
transfer-pattern blocked introduced in CME 4.0 over-rides transfer-pattern and disables call transfer to POTS or VoIP destination transfer-pattern blocked still allows transfers to ephone-dn and ephone-hunt numbers defined on local CME Can be applied on ephone or ephone-template
VVT-2106 12627_04_2006_c2 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
27
PSTN
Ephone 1: Transfer to 5551212 blocked STOP
12345
transfer-pattern max-length introduced in CME 4.0 overrides transfer-pattern and enforces maximum digits you are allowed to enter for transfer destination on a per phone basis Can only be applied on ephone-template Max-length not enforced for ephone-dn or ephone-hunt numbers on local CME
VVT-2106 12627_04_2006_c2 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
28
Features Restriction:
Softkey Templates
ephone-template 1 softkeys idle Redial Dnd Pickup Login Gpickup softkeys seized Pickup Redial Endcall Gpickup ! Prevent Call Forward by Removing CFwdAll Softkey ephone 1 from IP Phone User Interface ephone-template 1 Ephone-template can be used to disable access to features by removing softkeys Supported on all phones with LCD display Template can include softkey settings for: alerting, connected, idle and seized states CME 3.x supports max 5 templates, CME 4.0 supports max 20 templates per system
VVT-2106 12627_04_2006_c2 2006 Cisco Systems, Inc. All rights reserved.
Idle
Seized
Cisco Public
29
Features Restriction:
telephony-service fac custom callfwd all *3 ! ephone-template 1 features blocked CFwdAll ! ephone 1 button 1:1 ! ephone 2 ephone-template 1 button 1:2
CME
VG224
ephone 1
ephone 2
VVT-2106 12627_04_2006_c2 2006 Cisco Systems, Inc. All rights reserved.
Features Restriction:
Disable Directed Pickup
STOP Pickup softkey + 123 blocked
Ringing
130
Pickup softkey does local group pickup
123 124
telephony-service no service directed-pickup ! ephone-dn 1 number 123 pickup-group 1 ! ephone-dn 2 number 130 ! ephone-dn 1 number 124 pickup-group 1
Directed call pickup allows any call on local CME to be picked up by pressing pickup softkey followed by ringing extension no service directed-pickup, introduced in CME 4.0 disables directed call pickup globally; group call-pickup is not blocked. Pressing pickup softkey executes local group pickup; emulates CCM behavior
VVT-2106 12627_04_2006_c2 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
31
Toll Restriction:
Incoming Caller can Reach Any Number Defined on CME PLAR or DID Enabled: Call is Routed to Internal party
International Calls
CUE AA
Attendant
By default, incoming calls to a CME voice port presents incoming caller with secondary dial-tone; this allows the incoming caller to dial any number defined on CME, including long distance and international numbers; very dangerous PLAR to an AA or attendant phone if your telco does not present DID Enable direct-inward-dial and translate to match internal dial-plan if telco presents DID
VVT-2106 12627_04_2006_c2 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
32
Toll Restriction:
Match
130
TCL Script adds a prefix from 199 to any incoming DID If prefix + DID matches CME numbering plan, call is routed to new destination; if there is no match, script plays invalid number prompt and disconnects call
VVT-2106 12627_04_2006_c2
Cisco Public
33
VVT-2106 12627_04_2006_c2
Cisco Public
34
Disable Auto-Registration
With CME 4.0, no auto-reg-ephone will reject registration attempts by IP phones with MAC address that are not provisioned in CME show ephone attempted-registrations will show MAC address, phone type and datestamp for failed registration attempts Disabling auto registration will disable GUI ephone provisioning and CME SRST Fallback With CME 3.x and below, provision ephones before configuring ip source address to workaround auto-registration behavior REJECT:mac-address Not Provisioned in CME
STOP BBBB.AAAA.DDDD
telephony-service ip source address 10.1.1.1 no auto-reg-ephone ! ephone 1 mac-address AAAA.BBBB.CCCC button 1:1
Cisco Public 35
AAAA.BBBB.CCCC
VVT-2106 12627_04_2006_c2 2006 Cisco Systems, Inc. All rights reserved.
Secure CME
Certificate Authority
CTL Client
Cisco IOS
1. IP phone downloads CTL file generated by CTL client; after CTL files is validated, IP phone downloads signed config, locale and firmware files 2. IP phone initiates TLS session on port 3804 to CAPF server specified in config file 3. IP phone user enters password to authenticate to CAPF; after password is validated, CAPF enrolls certificate request to CA and provides certificate to IP phone 4. IP phone stores certificate and establishes TLS session on port 2443 to register to CME
Cisco Public 36
3.
TFTP CMEf SSL/TLS TFTP CAPF
1.
2.
TLS
4.
TLS
IP Phone
VVT-2106 12627_04_2006_c2
Authentication
Follow corporate standards
Authorization
CCME administrators only should be allowed access to options under global config such as dial-peers, ephones, ephone-dns, telephonyservice, etc. Show commands and other exec level instructions can be restricted as desired
Accounting
Command level accounting should be enabled as appropriate to at least monitor config changes within CCME
VVT-2106 12627_04_2006_c2 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
37
Cisco Public
38
Authenticate username/password
HTTP/HTTPS
telnet/SSH
CME GUI and CLI administrative access can be authenticated to external TACACS/Radius server CLI access can be limited to specific commands based on privilege level, level 15 gives you full access Only CME GUI admin can be authenticated by TACACS/Radius. End user GUI accounts must be local Not supported in CUE GUI
VVT-2106 12627_04_2006_c2 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
39
IP
Telnet
Router TTY Port; No Login Required by Default CUE Console CLI Access; No Login Required
VVT-2106 12627_04_2006_c2
IP
Router IP Address
Optional VPN
Cisco Public 41
VVT-2106 12627_04_2006_c2
Cisco Public
42
Voice
PSTN
Internet
CME
LAN
VVT-2106 12627_04_2006_c2
Cisco Public
43
Cisco Public
44
(IP Precedence 5)
IP Communicator
Signaling
DSCP = AF31 or CS3 [*]
(IP Precedence 3)
CME/Voice GW
Configurable Verify
dial-peer voice 10 voip ip qos dscp ef media ip qos dscp CS3 signaling
Cisco Public
45
ephone 1
CME
WAN 87X
VM
PSTN 87X
ephone 2
VVT-2106 12627_04_2006_c2
CME
WAN 87X
VM
PSTN
VVT-2106 12627_04_2006_c2
IPsec Tunnel
WAN
IPsec Tunnel
Cisco VPN client w/IPC 3rd party router
CME/VPN
VVT-2106 12627_04_2006_c2
Cisco Public
48
VVT-2106 12627_04_2006_c2
Cisco Public
49
CME Video
VVT-2106 12627_04_2006_c2
Cisco Public
50
IP
CVTA
CVTA
PSTN
H.323
H323 Video EP
Video Voice
Cisco Public
51
SCCP Endpoints
Si
IP
802.1Q/p IP Phone: 10.70.110.100
CCME
1 2 3 4
VVT-2106 12627_04_2006_c2
Phone and PC exchange CDP. Phone begins listening for CAST messages on TCP port 4224 from IP address of CDP neighbor PC initiates CAST messages to phone over TCP/IP. CAST packets are routed up to layer-3 boundary between VLANs; firewalls and/or ACLs must permit TCP port 4224 Phone acts as SCCP proxy between VT Advantage and CCME; CCME tells phone to open video channels per call; phone proxies those messages to PC via CAST protocol Phone sends/receives audio. PC sends/receives video on RTP port 5445. Audio and video marked DSCP AF41. Switch port must be set to trust DSCP (or use an ACL) instead of trust COS or else VT Advantage packets will be rewritten to DSCP 0
2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
52
telephony-service video maximum bit-rate 384 service phone videoCapability 1 ! ephone 1 Case-Sensitive video
VVT-2106 12627_04_2006_c2
CDP installed on PC Ethernet NIC; must be physically connected to PC port on back of IP phone (e.g. no wireless, no associating from a different network jack) Cisco USB camera required (e.g. no 3rd-party cameras) Codecs supported:H.263, H.261, G.729, and G.711
Cisco Public 53
Total (20%overhead)
153.6 kbps 153.6 kbps 460.8 kbps 460.8 kbps 921.6 kbps 921.6 kbps 1.766 Mbps 1.766 Mbps 2.458 Mbps 2.458 Mbps 8.4 Mbps 8.4 Mbps
VVT-2106 12627_04_2006_c2
Cisco Public
54
Video preservation not supported for H.323 hairpin call flows, such as, such as call transfer/forward between CCM and CME
VVT-2106 12627_04_2006_c2 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
55
VVT-2106 12627_04_2006_c2
Cisco Public
56
IP phone w/CVTA voice class h323 1 call start slow ! voice class h323 2 call start fast CUE
VVT-2106 12627_04_2006_c2 2006 Cisco Systems, Inc. All rights reserved.
VVT-2106 12627_04_2006_c2
Cisco Public
58
1 2 3
VVT-2106 12627_04_2006_c2
Cisco Public
59
2 3 4
VVT-2106 12627_04_2006_c2
Cisco Public
60
Press 1 for General Inquiries Press 2 to Check the Status of your Purchase Press 3 for a Refund noan, ephone-hunt 1 1 timeout
2 3 2 3 4
ephone-hunt 2 ephone-hunt 3
Store Hours are from 9AM to 5PM Our Store is Located at Dial by Extension
Cisco Public 61
VVT-2106 12627_04_2006_c2
CUE Announcement
ACD Agent
1 2
ephone-hunt 1
ephone-hunt 2
Store Hours are from 9AM to 9PM, Monday to Saturday. We Will Be Closed on Sundays and Public Holidays.
4
VVT-2106 12627_04_2006_c2
VVT-2106 12627_04_2006_c2
Cisco Public
63
Cisco Public
64
Integrated Messaging
Voicemail TUI
VoI P
I MA
IMA
OP
Outlook
/X TP HT
ML
VoiceView Express
SMT P/ P
AP IM
Lotus Notes
Cisco Public
66
IMAP Operation
Primary (Master) Message Store Secondary Message StoreMessages Retrieved from CUE via IMAP
IP
CUE User ID/password Checked Against Internal LDAP
Login/authentication (clear text or SSL) Retrieve messages Exchange/Change message state Send messages
IMAP Server
IMAP Client
Cisco Public
67
VVT-2106 12627_04_2006_c2
Invoking VVE
Login
Home Page
GDM Access
VVT-2106 12627_04_2006_c2
Change PIN
Cisco Public 70
2. CUE Evaluates Request and Relays It On To a Secondary Server if Not for VVE
IP
CME/CUE Management
VVT-2106 12627_04_2006_c2
Cisco Public
72
Cisco Public
73
CME supports one customer admin account which has customized access to CME GUI Access controlled by XML template, which specifies which menus are visible to customer admin account Can only be authenticated to local account specified under telephony-service Supported in CME GUI only
VVT-2106 12627_04_2006_c2 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
74
After-Hours Call Block Call Park Date and Time Settings Dial-Plan Pattern Ephone and Ephone-dn Configuration Hunt-Group Intercom IP Phone Service URLs Max Phone/Ephone-dn Settings Night-Service Bell time, Activation Code MoH file Phone Speed Dial and Fastdials User and Group Voicemail and MWI CUE AA Configuration and Management
7911/41/61, ATA, VG224, B-ACD COR Custom Ringtones Dial-Peer File Management Feature Access Code Gatekeeper Registration Primary/Secondary CME System Speed-Dials (Bulk, XML) TCL Scripts (B-ACD, hookflash) Transcoding Translation Rules
Cisco Public
75
Cisco Public
76
VVT-2106 12627_04_2006_c2
Cisco Public
77
Notes: CSV files need to have all quotes () deleted If commas (,) are needed, then they need to be replaced temporarily with a tilde (~) In word processor, replace comma (,) with a line breakfind and replace, more, special, manual line break In final cisco IOS text file, replace tilde (~) with (,)
VVT-2106 12627_04_2006_c2 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
78
HTTP
CME
HTTP CME
CME routers with minimal bootstrap configuration can be provisioned from Cisco CNS Configuration Engine (CE) at hub site Once router is connected to network, CME configuration is downloaded automatically from CNS server using HTTP CME template is mapped to router based on MAC or IP address
VVT-2106 12627_04_2006_c2 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
79
Template can be manually added, or uploaded from text file; unique variables such as hostname, passwords and extension numbers can also be applied to apply a common template to multiple CME routers Template is defined in XML format; the XML parser built into Cisco IOS will interpret and apply CME configuration to router
VVT-2106 12627_04_2006_c2 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
80
SNMP
Advanced centralized management interface for provisioning, polling, and alerting Often contains graphical reporting mechanisms as well
SOAP/AXL
XML based interface similar to the one used for Cisco CallManager If your company already is using SOAP/AXL, then this application could be expanded to include CallManager Express as well
VVT-2106 12627_04_2006_c2
Cisco Public
81
CME
SRST
Cisco Public 82
Reason
CME Started/Shutdown, Initialization Failure IP Phone Keepalive Expires
Possible Cause
Not Enough Memory, Removing TelephonyService Config Phone Disconnected from Network, IP Connectivity Issues
ccmeEPhoneDeceased
ccmeEphoneUnRegThresholdExceed
Number of Ephone Reset All, Switch Failure, Unregisters Exceeds IP Connectivity Issues Threshold Value Ephone Associate Number of IP Phones Failed: Maximum Attempting to Register Phone Count Exceeds Max-Ephone Exceeded on Socket Phone Registration State Change Phone Reset, Restart, Loss of Connectivity
ccmeEPhoneRegFailed
ccmeKeyEphoneRegChangeNotif
VVT-2106 12627_04_2006_c2
Cisco Public
83
SRST snmp-server community public RO snmp-server enable traps ccme snmp-server enable traps srst snmp-server host 2.2.2.2 public
CCME and SRST Share Ephone Related Tables/Traps so ccme Traps Need to be Enabled Enable SRST SNMP Notifications
VVT-2106 12627_04_2006_c2
Cisco Public
84
CDR Collection
CDR records can be collected either through Syslog or Radius Syslog
Syslog servers required for collection Simpler to configure Harder to manage UDP-based transport
Radius
External AAA devices required to capture information Configurations are more complex Easier to manage large amounts of data from multiple devices Reliable Transport mechanism for data
VVT-2106 12627_04_2006_c2
Cisco Public
85
PSTN/PTT
Cisco 1040
VVT-2106 12627_04_2006_c2
Cisco Public
86
CME/SRST Management
CME in service level views, automatic recognition of SRST configuration Real-time alerts on CME hardware and software status Real-time service quality alerts on calls supported by CME/SRST Discovery of CME and the inventory details Version, max # of ephones, extenstions, conf Current status (CME enabled/disabled) Phone details (phone status and status changes) Phone utilization (% ephones registered, key ephones registered) Synthetic tests (phone registration, dial-tone, end to end call) SNMP traps processed
VVT-2106 12627_04_2006_c2 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
87
CUE Management
CME in service level views, automatic recognition of SRST configuration Real-time alerts on CME h/w and s/w status Real-time service quality alerts on calls supported by CME/SRST Discovery of CME and the inventory details Current status (CUE VM up/down) Mailbox status, mailbox usage, and mailbox capacity details Mailbox details (message count, message length, greeting, active sessions) Mailbox utilization (% orphaned, sessions used, free capacity, messages, busy mailboxes) Synthetic tests (message waiting indicator test) SNMP traps processed
VVT-2106 12627_04_2006_c2 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
88
Q and A
VVT-2106 12627_04_2006_c2
Cisco Public
89
Summary
VVT-2106 12627_04_2006_c2
Cisco Public
90
Cisco Public
91
Recommended Reading
Continue your Networkers learning experience with further reading for this session from Cisco Press Check the Recommended Reading flyer for suggested books
Cisco Voice Gateways and Gatekeepers [158705-258-X] Cisco CallManager Fundamentals, Second Ed. [1-58705-192-3] Voice over IP Fundamentals, Second Ed. [158705-257-1] Cisco IP Communications Express: Cisco CallManager Express with Cisco Unity Express [1-58705-180-X]
Cisco Public
92
VVT-2106 12627_04_2006_c2
Cisco Public
93
Related Sessions
RST-2454: Cisco ISR Architecture CRT-2203: GWGK Exam PreparationImplementing Gateways CRT-2204: GWGK Exam PreparationImplementing Gatekeepers and IP-to-IP Gateways TEC-VVT1: Enterprise IP Telephony Design and Deployment TEC-VVT2: Session Initiation Protocol VVT-1001: Intro to IP Telephony or VoIP for the Enterprise VVT-2000: Intermediate Voice and Video Control Protocols: H.323 VVT-2008: Understanding Cisco CallManager Dial Plan Functionality
VVT-2106 12627_04_2006_c2
Cisco Public
94
Related Sessions
VVT-2015: Interconnection of Voice and Video Networks Using the Cisco Multiservice IP-to-IP Gateway VVT-2101: Designing and Deploying IP-Based Audio and Web Conferencing Solutions VVT-2105: Call Admission Control Design for the Enterprise Wide Area Network VVT-2014: Designing Cisco CallManager Express and Cisco Unity Express Network Architecture
VVT-2106 12627_04_2006_c2
Cisco Public
95
References (1)
Cisco Unified CME System Administrator Guide
http://www.cisco.com/en/US/products/sw/voicesw/ps4625/products_ administration_guide_book09186a00805f262e.html
Cisco Public
96
References (2)
Cisco Unified CME B-ACD and Tcl Call-Handling Applications
http://www.cisco.com/en/US/products/sw/voicesw/ps4625/products_ configuration_guide_book09186a00805f22ca.html
Cisco CME Basic Automatic Call Distribution and Cisco Unity Express Auto Attendant Interoperation Configuration Example
http://www.cisco.com/en/US/products/sw/voicesw/ps5520/products_ configuration_example09186a0080566c4a.shtml
VVT-2106 12627_04_2006_c2
Cisco Public
97
VVT-2106 12627_04_2006_c2
Cisco Public
98
Supplemental Slides
VVT-2106 12627_04_2006_c2
Cisco Public
99
VVT-2106 12627_04_2006_c2
Cisco Public
100
Toll Restriction:
RADIUS Server
Authenticate PIN Forced Authorization Code script prompts user for PIN for outbound call to PSTN/VoIP If PIN is authorized, the call is allowed If PIN is not authorized, call will be dropped FAC script can receive authorization from external Radius server (recommended) or user accounts defined locally on CME
VVT-2106 12627_04_2006_c2 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
101
Toll Restriction:
dial-peer voice 1 voip service acctfixedpin destination-pattern 91. session target ipv4:11.1.1.1 incoming called-number 91. dtmf-relay h245-alphanumeric codec g711ulaw no vad
ephone 1
No Numbers blocked
! dial-peer voice 2 pots corlist outgoing FAC-required destination-pattern 91. port 0/0/0
ephone 2
After PIN entry: only numbers starting with 91900 are blocked STOP
ephone 3
After-hour exempt will exempt IP phone from all after-hours blocking After-hours PIN over-ride will suspend after-hours block when user enters four to eight digit PIN; block pattern with 724 suffix will still be enforced even after PIN entry After-hours suspension in effect until login timeout expires PIN is defined per IP phone
VVT-2106 12627_04_2006_c2 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
102
Toll Restriction:
PSTN/ VOIP
IP Phone
CME
Outbound Dial-Peer
3. FAC script plays prompt to IP phone requesting PIN 4. User enters PIN 5. FAC script authenticates PIN with CME 6. CME authorizes PIN 7. FAC script joins call from IP phone to outbound dial-peer 8. Call established between IP phone and outbound dial-peer
VVT-2106 12627_04_2006_c2
Cisco Public
103
Toll Restriction:
CUE
dial-peer cor list Office dial-peer voice 11 voip number 7777 member 911 corlist incoming Office member 408 session protocol sipv2 session target ipv4:10.1.10.2 dtmf-relay sip-notify no vad
VVT-2106 12627_04_2006_c2 2006 Cisco Systems, Inc. All rights reserved.
Call Blocked: No Member Match for Incoming and Outgoing COR List
Cisco Public
104
Rationale
Overall Percentage of Successful, Failed and Abandoned Calls Network or Software Related Events can Cause Flapping IP Phone Registrations
Syslog
VoIP CDR Syslogs : %VOIPAAA-5VOIP_CALL_ HISTORY n/a
SNMP OID
SNMP Trap
n/a
n/a
n/a
n/a
ISgetDevEvts
Overall Registration Count per CME. Can n/a Slso be Set as a Trap Based on a Threshold. This is a Basic Metric Which, if Accurately Measured, can be Used to Compare Against the Bill Provided by the Telco.
ccmeEphone UnRegThreshold
n/a
n/a
n/a
Utilization is Available for Various Modes of Interconnect Including n/a ISDN PRI, T1 CAS, FXO, FXS, etc.
n/a
n/a
VVT-2106 12627_04_2006_c2
Cisco Public
105
Rationale
Anomaly Messages Which CME Communicates Back to the NMS Station Regarding Ephones Pull Up the Current Status of the Extension, and the Historical (Line Up/Line Down) Events Related to It
Syslog
IPPHONE-6-REGISTER_NEW IPPHONE-6UNREGISTER_ABNORMAL
n/a
n/a
n/a
ISgetDevice
T1 Controller health
T1 Health Info
n/a
linkDown
n/a
Automating CME Provisioning is Possible Through the XML Interface Useful for Inventory Reporting Per Store
n/a
n/a
n/a
n/a
n/a
VVT-2106 12627_04_2006_c2
Cisco Public
106
Operations Manager
Real-time alerting on IPC components and IP infrastructure Real-time service quality (voice quality) alerts and details Phone and device inventory reports (SCCP and SIP): phone status, phone tracking Context-based launching of other CiscoWorks tools Support for CCM (5.0/4.2/4.x/3.x), Unity, Unity Connection, CME, CUE, MeetingPlace Exp IPCC, IPCCE, GW, Routers, Switches, Phones and Applications (CCC, CER, PA,)
VVT-2106 12627_04_2006_c2 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
107
Service Monitor
Integrated Diagnostics Linked to Monitoring and Proactive Testing
Replicate End-User Activities (SCCP and SIP)
End-to-end call (signaling and RTP) Phone registration Dial-tone Message waiting indicator Conference Emergency call
EndEnd Testing (Signaling + Data Path) Node - Node testing (IP SLA)
PSTN
V V
WAN
VVT-2106 12627_04_2006_c2 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
108
cns id commands used to identify router ID to CE server; in example, the MAC address of the Fastethernet interface will be used as ID of CE server cns config command specifies CE server address
VVT-2106 12627_04_2006_c2 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
109
The CME router is mapped to a configuration template in CNS CE database CNS Event ID and CNS config ID should match MAC address of interface specified in bootstrap config
VVT-2106 12627_04_2006_c2 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
110
Service Monitor
Two-Component Solution That Monitors, Evaluates and Reports Voice Quality for Actual Calls
Real-time monitoring of voice quality for actual calls R-factor MOS for every 60 second interval Built-in system-level availability and redundancy Easily installs and configures itself just like a Cisco IP phone Uses switch SPAN port
VVT-2106 12627_04_2006_c2 2006 Cisco Systems, Inc. All rights reserved.
Real-time alerting with details Analysis and archival-based on MOS thresholds Integrates with OM or Manager of Managers
Cisco Public
111
ManageExpressScreenshots
VVT-2106 12627_04_2006_c2
Cisco Public
112
ManageExpressScreenshots
VVT-2106 12627_04_2006_c2
Cisco Public
113
VideoUsedBandwidth=2560
Total call-legs: 2 2458 ANS 2459 ORG T282 g711ulaw T282 g711ulaw TELE-VIDEO P1003 TELE-VIDEO P1004
VVT-2106 12627_04_2006_c2
Cisco Public
114
Displaying the signaling statistics at different aggregation levels Archiving the statistics on a console or send/format to TFP or syslog server Displaying the avail/used memory for collection of records Specifying thresholds for lost packets, packet jitter and latency
http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps5207/ products_feature_guide09186a00801d2ac1.html
VVT-2106 12627_04_2006_c2 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
115
CME XML monitoring support is implemented in several SOAP (Simple Object Access Protocol) messages AXL : AVVID XML Layer (AXL) Session layer protocol is HTTP HTTP payload encapsulated in SOAP Test AXL/SOAP using xml-test.html Polling requests from NMS sent in clear text format NetIQ VivinetManager or AppManager for CME is the First NMS Solution that has Leveraged this Capability
VVT-2106 12627_04_2006_c2 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
116
XML APIsFunctions
Monitoring and Performance
Get static information Get dynamic information Mark IP phone for special care (keyphone)
Configuration/provisioning
Execute CLI
VVT-2106 12627_04_2006_c2
Cisco Public
117
Cisco Public
118
VVT-2106 12627_04_2006_c2
Cisco Public
119
IPsec Tunnel
xx.74.162.156 via 10.1.81.0/24 via DHCP DHCP or PPPoE
rtr-vpn-1750#show ip nat trans | incl esp esp xx.74.162.156:0 192.168.10.7:A336AEF0 xx.102.223.4:0 xx.102.223.4:0 esp xx.74.162.156:0 192.168.10.7:0 xx.102.223.4:0 xx.102.223.4:67785E Residential DSL providers bundle a DSL router/firewall with the service Cable subscribers install 3rd party Ethernet/Ethernet router/firewalls However, not all implementations properly support this function IPsec transform set which includes AH will fail as IP header hashed
VVT-2106 12627_04_2006_c2 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
120
VVT-2106 12627_04_2006_c2
Cisco Public
121