Thursday, April 30, 2015
Cisco NCS: "Twice" The Space Needed
One of the things I have learned here lately, is that when you want to backup your config for your Cisco wireless NCS server, you have to have "twice" the space of your config free on your partition. This is somewhat of a bummer if you have a large config. As you can see below, this one is sitting at 77% used space, which does not work for us. We will have to delete some files for sure.
Wednesday, April 29, 2015
NetSetMan
I don't advertise for companies unless I actually use the tools/products I'm talking about. This is just a cool tool I like that I do use. It doesn't troubleshoot anything for you. But it sure is convenient if you change IPs a lot. There are several customers I have where I'm given a static IP to use. That IP may have special privileges, etc, because I'm part of the IT department. This tool, called NetSetMan, is a tool I use to quickly move to the IP address I need, instead of going into Microsoft TCP/IP properties and manually adjusting it myself. Once I set it up (one time), then I'm seconds away from getting the IP I need. I highly recommend you check this out. I use it regularly and it saves me time.
http://www.netsetman.com/
http://www.netsetman.com/
Tuesday, April 28, 2015
Cisco Voice Gateway: How To See A Call On A Voice FXO Line
Back during when I was doing some troubleshooting, I had look at who was making calls or calling in. This little command can give you some good info on a CME or UC500.
UC520# show voice call 0/1/1
0/1/1
vtsp level 0 state = S_CONNECTvpm level 1 state = FXOLS_OFFHOOK
vpm level 0 state = S_UP
calling number 2555557643, calling name Edenstien Andy A , calling time 04/07 15:36
UC520# show voice call 0/1/1
0/1/1
vtsp level 0 state = S_CONNECTvpm level 1 state = FXOLS_OFFHOOK
vpm level 0 state = S_UP
calling number 2555557643, calling name Edenstien Andy A , calling time 04/07 15:36
Monday, April 27, 2015
CAT5 Breaks
These little breaks in a cat5 are a pain. When you turned the cable, you could see the break. But under normal circumstances, you couldn't. This makes troubleshooting take a little longer.
Sunday, April 26, 2015
Sunday Thought: Brother
If you are reading this post today, maybe this is for you. Brother - Needtobreathe
Saturday, April 25, 2015
Pic Of The Week: A Recent Visit To A Familiar Place
The place where I grew up has changed a lot since I've moved off. But one place has not, and it brought back some good memories. I thought I would share some pictures of a place I spent a lot of time at while a teenager.
Friday, April 24, 2015
SonicWall Firewall: How To Change The IP Address In The GUI
I wrote down some instructions on how to change the IP address on a SonicWall firewall for a guy who was "going at it alone". It sounded like he was changing providers and needed to change the public IP scheme. Here are some instructions I wrote down for him.
1. Go to https://10.14.16.1:4444/main.html
2. Click on "Network" on the left side.
3. Click on "Interfaces" on the left side.
4. Under "Interface settings", click on "Configure" (the pencil)
5. A window opens up, select "static" and enter in the information the ISP tells you.
6. Click "OK", then "accept" at the top of the original screen.
1. Go to https://10.14.16.1:4444/main.html
2. Click on "Network" on the left side.
3. Click on "Interfaces" on the left side.
4. Under "Interface settings", click on "Configure" (the pencil)
5. A window opens up, select "static" and enter in the information the ISP tells you.
6. Click "OK", then "accept" at the top of the original screen.
Thursday, April 23, 2015
Company Culture: Part 1
Part 1 ~ of what I hope to do a series on company culture over time.
What is it like at the company you work for? I mean, what is the company culture like? I have been giving this a lot of thought over the past few months. I look back at several jobs I have had and compare them and I think some places were certainly better than others. What makes some companies better to work at than others?
To me, this gets interesting. Maybe this is different for everyone, but I think the leadership of the company makes to company culture good or bad. As I talk to people, here are some of the examples that I hear that make a bad company culture. (I'm sure there are way more):
Lack of concern for the growth and investment of employees.
Management will lie to employees.
Lack of work related communication from management.
Lack of social interaction (at the workplace) with employees from management.
Lack of respect from management.
Lack of praise and encouragement from management.
Employee frustration is high.
It may be easy to see, from these examples, that a company's culture is bad. The thing is, you wont be able to see these signs until after you have taken the position. I think what will end up happening is that you will stay there for a short amount of time, the move on. I typically see an average of about a year and a half when someone really gets fed up with this.
What is it like at the company you work for? I mean, what is the company culture like? I have been giving this a lot of thought over the past few months. I look back at several jobs I have had and compare them and I think some places were certainly better than others. What makes some companies better to work at than others?
To me, this gets interesting. Maybe this is different for everyone, but I think the leadership of the company makes to company culture good or bad. As I talk to people, here are some of the examples that I hear that make a bad company culture. (I'm sure there are way more):
Lack of concern for the growth and investment of employees.
Management will lie to employees.
Lack of work related communication from management.
Lack of social interaction (at the workplace) with employees from management.
Lack of respect from management.
Lack of praise and encouragement from management.
Employee frustration is high.
It may be easy to see, from these examples, that a company's culture is bad. The thing is, you wont be able to see these signs until after you have taken the position. I think what will end up happening is that you will stay there for a short amount of time, the move on. I typically see an average of about a year and a half when someone really gets fed up with this.
Wednesday, April 22, 2015
Cisco NCS: Create Repository For Backup In CLI
While troubleshooting the backup of an NCS server, I had to go in and create another repository for backups. Here is how I did this in CLI.
BHMNCS/admin#
BHMNCS/admin# config t
Enter configuration commands, one per line. End with CNTL/Z.
BHMNCS/admin(config)# repository ?
<WORD> Repository name (Max Size - 80)
BHMNCS/admin(config)# repository Shane
BHMNCS/admin(config-Repository)# url ftp://192.168.1.11
BHMNCS/admin(config-Repository)# user shane password plain nonenone
BHMNCS/admin(config-Repository)# exit
BHMNCS/admin(config)#
BHMNCS/admin#
BHMNCS/admin# config t
Enter configuration commands, one per line. End with CNTL/Z.
BHMNCS/admin(config)# repository ?
<WORD> Repository name (Max Size - 80)
BHMNCS/admin(config)# repository Shane
BHMNCS/admin(config-Repository)# url ftp://192.168.1.11
BHMNCS/admin(config-Repository)# user shane password plain nonenone
BHMNCS/admin(config-Repository)# exit
BHMNCS/admin(config)#
Monday, April 20, 2015
Cisco Router: TFTP Gets Extremely Slow
A few days back, I had this phone system die. It was a Cisco UC500, and it was in a continuous reboot. To make this long story short, I basically grabbed whatever equipment I could just to get something operational for them for a phone system. One of the things I had to do was to TFTP the IOS, phone system loads, etc onto the flash card. Well, right about 20%, I started getting timeouts increasing on my TFTP server. The TFTP started crawling at this point. Well, Im not one to wait around, so I restarted this TFTP and the second time it worked fine. Why did that happen? I have no idea, but I have seen that many times in the past. I have always jut restarted the TFTP and usually, it works out the second time. That was with my laptop directly connected to the router. Go figure, but if you run into that problem, just restart the TFTP again.
Sunday, April 19, 2015
Saturday, April 18, 2015
Friday, April 17, 2015
Brocade Switch: Template For ICX64XX Access Closets
I recently put together another ICX access closet template for myself, as I had several new ICX6450s to put in. Making the template takes a little time up front, but then you can just modify the IP address and hostname, then paste it all in at one time. I think I had about a 3 minute interval between the 7 switches that I configured. That was booting two units up, pasting the config in, then going to the next two, and so on.
These switches do not have phones attached. They are just for data connectivity.
===== Template for ICX64XX ========
enable
config t
default-vlan-id 499
hostname ICX
vlan 1
tagged eth 1/2/1
tagged eth 1/2/3
vlan 7
tagged eth 1/2/1
tagged eth 1/2/3
untagg eth 1/1/1 to 1/1/24
exit
no ip dhcp-client enable
int eth 1/2/1
trust dscp
spanning-tree 802-1w admin-pt2pt-mac
int eth 1/2/3
trust dscp
spanning-tree 802-1w admin-pt2pt-mac
int eth 1/1/1 to 1/1/24
loop-detection
stp-bpdu-guard
spanning-tree 802-1w admin-edge-port
trust dscp
exit
telnet server
enable super-user-password newpassword
fdp run
cdp run
lldp run
ip add 192.168.0.8 255.255.255.0
ip default-gateway 192.168.0.1
clock timezone us central
clock summer-time
exit
These switches do not have phones attached. They are just for data connectivity.
===== Template for ICX64XX ========
enable
config t
default-vlan-id 499
hostname ICX
vlan 1
tagged eth 1/2/1
tagged eth 1/2/3
vlan 7
tagged eth 1/2/1
tagged eth 1/2/3
untagg eth 1/1/1 to 1/1/24
exit
no ip dhcp-client enable
int eth 1/2/1
trust dscp
spanning-tree 802-1w admin-pt2pt-mac
int eth 1/2/3
trust dscp
spanning-tree 802-1w admin-pt2pt-mac
int eth 1/1/1 to 1/1/24
loop-detection
stp-bpdu-guard
spanning-tree 802-1w admin-edge-port
trust dscp
exit
telnet server
enable super-user-password newpassword
fdp run
cdp run
lldp run
ip add 192.168.0.8 255.255.255.0
ip default-gateway 192.168.0.1
clock timezone us central
clock summer-time
exit
Thursday, April 16, 2015
Cisco CME: SIP Toll Fraud Prevention Through ACL
I had a customer that called and complained that they could not make or receive calls on their UC500. They only have two analog lines coming in, 0/1/1 and 0/1/2, both being used.
UC520# show voice call sum
PORT CODEC VAD VTSP STATE VPM STATE
============== ========= === ==================== ======================
0/0/0 - - - FXSLS_ONHOOK
0/0/1 - - - FXSLS_ONHOOK
0/0/2 - - - FXSLS_ONHOOK
0/0/3 - - - FXSLS_ONHOOK
0/1/0 - - - FXOLS_ONHOOK
0/1/1 g711ulaw y S_CONNECT FXOLS_OFFHOOK
0/1/2 g711ulaw y S_CONNECT FXOLS_OFFHOOK
0/1/3 - - - FXOLS_ONHOOK
0/4/0 g711ulaw n S_CONNECT EM_CONNECT
So as I walked through the small office, no one was on the phone. Odd.
So I looked further and found this:
UC520# show voice call 0/1/1
0/1/1
vtsp level 0 state = S_CONNECTvpm level 1 state = FXOLS_OFFHOOK
vpm level 0 state = S_UP
calling number 2568357643, calling name Ed Andy A , calling time 04/07 15:36
UC520# show voice call 0/1/2
0/1/2
vtsp level 0 state = S_CONNECTvpm level 1 state = FXOLS_OFFHOOK
vpm level 0 state = S_UP
UC520# show voice call sum
PORT CODEC VAD VTSP STATE VPM STATE
============== ========= === ==================== ======================
0/0/0 - - - FXSLS_ONHOOK
0/0/1 - - - FXSLS_ONHOOK
0/0/2 - - - FXSLS_ONHOOK
0/0/3 - - - FXSLS_ONHOOK
0/1/0 - - - FXOLS_ONHOOK
0/1/1 g711ulaw y S_CONNECT FXOLS_OFFHOOK
0/1/2 g711ulaw y S_CONNECT FXOLS_OFFHOOK
0/1/3 - - - FXOLS_ONHOOK
0/4/0 g711ulaw n S_CONNECT EM_CONNECT
So as I walked through the small office, no one was on the phone. Odd.
So I looked further and found this:
UC520# show voice call 0/1/1
0/1/1
vtsp level 0 state = S_CONNECTvpm level 1 state = FXOLS_OFFHOOK
vpm level 0 state = S_UP
calling number 2568357643, calling name Ed Andy A , calling time 04/07 15:36
UC520# show voice call 0/1/2
0/1/2
vtsp level 0 state = S_CONNECTvpm level 1 state = FXOLS_OFFHOOK
vpm level 0 state = S_UP
Well, someone was on the phone, for sure. Then I came across this:
019290: Apr 7 15:24:33.608: %VOICE_IEC-3-GW: CCAPI: Internal Error (Trunk-group select fail): IEC=1.1.182.1.23.53 on callID 19723 GUID=EFE82995DC9A11E4B7F8E6497FD6A81C
019291: Apr 7 15:24:33.876: %VOICE_IEC-3-GW: CCAPI: Internal Error (Trunk-group select fail): IEC=1.1.182.1.23.53 on callID 19724 GUID=F0110E00DC9A11E4B7FDE6497FD6A81C
019292: Apr 7 15:24:35.752: %VOICE_IEC-3-GW: CCAPI: Internal Error (Trunk-group select fail): IEC=1.1.182.1.23.53 on callID 19725 GUID=F12EB306DC9A11E4B802E6497FD6A81C
019293: Apr 7 15:24:36.020: %VOICE_IEC-3-GW: CCAPI: Internal Error (Trunk-group select fail): IEC=1.1.182.1.23.53 on callID 19726
So someone is using the phones, and no one in the office is on the phone. It looks like someone from the outside is doing this. So I put this ACL in place, as a temporary measure to see what would happen:
UC520(config-if)#access ex 101
UC520(config-ext-nacl)#2 deny udp any an eq 5060
UC520(config-ext-nacl)#3 deny udp any an eq 1720
UC520(config-ext-nacl)#3 deny tcp any an eq 1720
UC520(config-ext-nacl)#4 deny tcp any an eq 5060
Once I got this in place, all the calls dropped and the toll fraud was stopped. Im going to make a better solution, but this stopped it for now.
Wednesday, April 15, 2015
Cisco Router: How To Get An IOS On A Flash Card When There Is Nothing On It, When You Have Nothing But The Router
What do you do when you have a blank flash card for a router and nothing to get the image on with? Well, you use the router and TFTP. You boot up the router, with the flash card in, and you put the IP information on the router (as seen below) and get the image on the flash card. Below is how you do it. Then you boot up to the IOS.
rommon 1 > IP_ADDRESS=192.168.1.2
rommon 2 > IP_SUBNET_MASK=255.255.255.0
rommon 3 > DEFAULT_GATEWAY=192.168.1.1
rommon 4 > TFTP_SERVER=192.168.1.6
rommon 5 > TFTP_FILE=c2800nm-ipvoicek9-mz.124-24.T8.BIN
rommon 6 > set
PS1=rommon ! >
FE_PORT=0
?=0
WARM_REBOOT=FALSE
RET_2_RTS=20:46:35 UTC Mon Jan 26 2015
BSI=0
RET_2_RCALTS=
RANDOM_NUM=637180415
IP_ADDRESS=192.168.1.2
IP_SUBNET_MASK=255.255.255.0
DEFAULT_GATEWAY=192.168.1.1
TFTP_SERVER=192.168.1.6
TFTP_FILE=c2800nm-ipvoicek9-mz.124-24.T8.BIN
rommon 7 > tftpdnld
IP_ADDRESS: 192.168.1.2
IP_SUBNET_MASK: 255.255.255.0
DEFAULT_GATEWAY: 192.168.1.1
TFTP_SERVER: 192.168.1.6
TFTP_FILE: c2800nm-ipvoicek9-mz.124-24.T8.BIN
TFTP_VERBOSE: Progress
TFTP_RETRY_COUNT: 18
TFTP_TIMEOUT: 7200
TFTP_CHECKSUM: Yes
TFTP_MACADDR: 00:23:5e:46:fc:68
FE_PORT: Fast Ethernet 0
FE_SPEED_MODE: Auto
Invoke this command for disaster recovery only.
WARNING: all existing data in all partitions on flash: will be lost!
Do you wish to continue? y/n: [n]: y
.
Receiving c2800nm-ipvoicek9-mz.124-24.T8.BIN from 192.168.1.6 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
rommon 1 > IP_ADDRESS=192.168.1.2
rommon 2 > IP_SUBNET_MASK=255.255.255.0
rommon 3 > DEFAULT_GATEWAY=192.168.1.1
rommon 4 > TFTP_SERVER=192.168.1.6
rommon 5 > TFTP_FILE=c2800nm-ipvoicek9-mz.124-24.T8.BIN
rommon 6 > set
PS1=rommon ! >
FE_PORT=0
?=0
WARM_REBOOT=FALSE
RET_2_RTS=20:46:35 UTC Mon Jan 26 2015
BSI=0
RET_2_RCALTS=
RANDOM_NUM=637180415
IP_ADDRESS=192.168.1.2
IP_SUBNET_MASK=255.255.255.0
DEFAULT_GATEWAY=192.168.1.1
TFTP_SERVER=192.168.1.6
TFTP_FILE=c2800nm-ipvoicek9-mz.124-24.T8.BIN
rommon 7 > tftpdnld
IP_ADDRESS: 192.168.1.2
IP_SUBNET_MASK: 255.255.255.0
DEFAULT_GATEWAY: 192.168.1.1
TFTP_SERVER: 192.168.1.6
TFTP_FILE: c2800nm-ipvoicek9-mz.124-24.T8.BIN
TFTP_VERBOSE: Progress
TFTP_RETRY_COUNT: 18
TFTP_TIMEOUT: 7200
TFTP_CHECKSUM: Yes
TFTP_MACADDR: 00:23:5e:46:fc:68
FE_PORT: Fast Ethernet 0
FE_SPEED_MODE: Auto
Invoke this command for disaster recovery only.
WARNING: all existing data in all partitions on flash: will be lost!
Do you wish to continue? y/n: [n]: y
.
Receiving c2800nm-ipvoicek9-mz.124-24.T8.BIN from 192.168.1.6 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Monday, April 13, 2015
Cisco CUBE: ATT SIP To Cisco Cube Router Configuration Example
One thing I have noticed is that working on a SIP config for an AT&T SIP trunk is not the same as most other providers. In fact, its been really hard to even find a config out there to look at. All I could find is the several hundred pages of an AT&T document. So Im pasting my router config here in the hopes this helps someone looking for an AT&T SIP config for their CUBE. See below. I hope its helpful.
One thing to note is that in the dial-peers, you do not have to point to the AT&T media servers. You only have to point your dial-peers to the SIP proxy servers.
======== Cisco CUBE config for AT&T SIP trunk ========
CUBE#sh run
Building configuration...
Current configuration : 9877 bytes
!
! Last configuration change at 23:16:45 CDT Thu Apr 2 2015 by admin
version 15.2
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
service sequence-numbers
!
hostname CUBE
!
boot-start-marker
boot-end-marker
!
!
no logging queue-limit
logging buffered 1000000
no logging rate-limit
no logging console
no logging monitor
!
no aaa new-model
clock timezone CST -6 0
clock summer-time CDT recurring
!
ip cef
!
!
ip dhcp excluded-address 10.10.10.1
!
!
!
ip domain name company.com
no ipv6 cef
!
multilink bundle-name authenticated
!
!
voice-card 0
dspfarm
dsp services dspfarm
!
!
voice service voip
address-hiding
mode border-element
allow-connections sip to sip
no supplementary-service sip moved-temporarily
redirect ip2ip
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
h323
sip
bind control source-interface GigabitEthernet0/0
error-passthru
asserted-id pai
early-offer forced
midcall-signaling passthru
privacy-policy passthru
g729 annexb-all
!
voice class codec 1
codec preference 1 g729r8 bytes 30
codec preference 2 g711ulaw
!
voice class sip-profiles 1
response ANY sip-header Allow-Header modify "UPDATE," ""
request INVITE sdp-header Audio-Attribute modify "a=ptime:20" "a=ptime:30"
response ANY sdp-header Audio-Attribute modify "a=ptime:20" "a=ptime:30"
request REINVITE sdp-header Attribute modify "a=T38FaxFillBitRemoval:0" ""
request INVITE sdp-header Audio-Attribute add "a=ptime:30"
!
!
voice iec syslog
!
!
voice translation-rule 9
rule 1 /^9/ //
!
!
voice translation-profile outbound
translate called 9
!
!
hw-module pvdm 0/0
!
hw-module pvdm 0/1
!
!
redundancy
!
ip tftp source-interface GigabitEthernet0/0
ip ssh version 2
!
!
interface Loopback0
no ip address
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description Local LAN
ip address 192.168.1.2 255.255.255.0
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description ATT Network
ip address 12.13.14.10 255.255.255.248
duplex full
speed 100
!
interface GigabitEthernet0/2
description VLAN1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/2.1
description VLAN1
encapsulation dot1Q 1 native
ip address 192.168.1.3 255.255.255.0
!
!
ip forward-protocol nd
!
no ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 12.194.138.0 255.255.255.0 12.13.14.9
!
!
control-plane
!
!
mgcp profile default
!
sccp local GigabitEthernet0/0
sccp ccm 192.168.1.13 identifier 2 priority 1 version 7.0
sccp ccm 192.168.1.12 identifier 1 priority 2 version 7.0
sccp
!
sccp ccm group 1
associate ccm 2 priority 1
associate ccm 1 priority 2
associate profile 1 register ATNAL-DC-xcode
associate profile 2 register ATNAL-DC-cfb
!
dspfarm profile 1 transcode
description DC Xcoder
codec g711ulaw
codec g711alaw
codec g729ar8
codec g729abr8
maximum sessions 20
associate application SCCP
!
dspfarm profile 2 conference
description DC conference bridge
codec g711ulaw
codec g711alaw
codec g729ar8
codec g729abr8
codec g729r8
codec g729br8
maximum sessions 20
associate application SCCP
!
dial-peer voice 1 voip
description Incoming 10-digit calls from AT&T - Facing CUBE for destination
session protocol sipv2
incoming called-number [2-9]..[2-9]......$
voice-class codec 1
voice-class sip asymmetric payload full
voice-class sip asserted-id pai
voice-class sip profiles 1
voice-class sip bind control source-interface GigabitEthernet0/1
voice-class sip bind media source-interface GigabitEthernet0/1
dtmf-relay rtp-nte
fax-relay sg3-to-g3
fax rate 14400 bytes 48
fax protocol t38 version 0 ls-redundancy 5 hs-redundancy 1 fallback none
no vad
!
dial-peer voice 2 voip
description Incoming Peer for Outbound calls to AT&T - Facing CUBE for desti
session protocol sipv2
incoming called-number 9T
voice-class codec 1
voice-class sip asymmetric payload full
voice-class sip asserted-id pai
voice-class sip privacy-policy passthru
voice-class sip profiles 1
voice-class sip bind control source-interface GigabitEthernet0/0
voice-class sip bind media source-interface GigabitEthernet0/0
dtmf-relay rtp-nte
fax-relay sg3-to-g3
fax rate 14400 bytes 48
fax protocol t38 version 0 ls-redundancy 5 hs-redundancy 1 fallback none
no vad
!
dial-peer voice 12 voip
description Destination of 10-digit calls from AT&T - Facing CUCM Publisher
destination-pattern [2-9]..[2-9]......$
session protocol sipv2
session target ipv4:192.168.1.12
voice-class codec 1
voice-class sip asymmetric payload full
voice-class sip asserted-id pai
voice-class sip privacy-policy passthru
voice-class sip profiles 1
voice-class sip bind control source-interface GigabitEthernet0/0
voice-class sip bind media source-interface GigabitEthernet0/0
dtmf-relay rtp-nte
fax-relay sg3-to-g3
fax rate 14400 bytes 48
fax protocol t38 version 0 ls-redundancy 5 hs-redundancy 1 fallback none
no vad
!
dial-peer voice 13 voip
description Destination of 10-digit calls from AT&T - Facing CUCM Subscriber
destination-pattern [2-9]..[2-9]......$
session protocol sipv2
session target ipv4:192.168.1.13
voice-class codec 1
voice-class sip asymmetric payload full
voice-class sip asserted-id pai
voice-class sip privacy-policy passthru
voice-class sip profiles 1
voice-class sip bind control source-interface GigabitEthernet0/0
voice-class sip bind media source-interface GigabitEthernet0/0
dtmf-relay rtp-nte
fax-relay sg3-to-g3
fax rate 14400 bytes 48
fax protocol t38 version 0 ls-redundancy 5 hs-redundancy 1 fallback none
no vad
!
dial-peer voice 20 voip
description Outgoing calls to AT&T - Facing AT&T Network for Call Setup
translation-profile outgoing outbound
destination-pattern 9T
session protocol sipv2
session target ipv4:12.194.138.181 <----------- AT&T SIP Proxy
voice-class codec 1
voice-class sip asymmetric payload full
voice-class sip asserted-id pai
voice-class sip privacy-policy passthru
voice-class sip profiles 1
voice-class sip bind control source-interface GigabitEthernet0/1
voice-class sip bind media source-interface GigabitEthernet0/1
dtmf-relay rtp-nte
fax-relay sg3-to-g3
fax rate 14400 bytes 48
fax protocol t38 version 0 ls-redundancy 5 hs-redundancy 1 fallback none
no vad
!
dial-peer voice 30 voip
description Outgoing calls to AT&T - Facing AT&T Network for Call Media Stre
translation-profile outgoing outbound
destination-pattern 9T
session protocol sipv2
session target ipv4:12.194.138.69 <----------- AT&T SIP Proxy
voice-class codec 1
voice-class sip asymmetric payload full
voice-class sip asserted-id pai
voice-class sip privacy-policy passthru
voice-class sip profiles 1
voice-class sip bind control source-interface GigabitEthernet0/1
voice-class sip bind media source-interface GigabitEthernet0/1
dtmf-relay rtp-nte
fax-relay sg3-to-g3
fax rate 14400 bytes 48
fax protocol t38 version 0 ls-redundancy 5 hs-redundancy 1 fallback none
no vad
!
!
sip-ua
!
!
!
gatekeeper
shutdown
!
!
!
scheduler allocate 20000 1000
ntp server us.pool.ntp.org
!
end
CUBE#term len 24
CUBE#
One thing to note is that in the dial-peers, you do not have to point to the AT&T media servers. You only have to point your dial-peers to the SIP proxy servers.
======== Cisco CUBE config for AT&T SIP trunk ========
CUBE#sh run
Building configuration...
Current configuration : 9877 bytes
!
! Last configuration change at 23:16:45 CDT Thu Apr 2 2015 by admin
version 15.2
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
service sequence-numbers
!
hostname CUBE
!
boot-start-marker
boot-end-marker
!
!
no logging queue-limit
logging buffered 1000000
no logging rate-limit
no logging console
no logging monitor
!
no aaa new-model
clock timezone CST -6 0
clock summer-time CDT recurring
!
ip cef
!
!
ip dhcp excluded-address 10.10.10.1
!
!
!
ip domain name company.com
no ipv6 cef
!
multilink bundle-name authenticated
!
!
voice-card 0
dspfarm
dsp services dspfarm
!
!
voice service voip
address-hiding
mode border-element
allow-connections sip to sip
no supplementary-service sip moved-temporarily
redirect ip2ip
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
h323
sip
bind control source-interface GigabitEthernet0/0
error-passthru
asserted-id pai
early-offer forced
midcall-signaling passthru
privacy-policy passthru
g729 annexb-all
!
voice class codec 1
codec preference 1 g729r8 bytes 30
codec preference 2 g711ulaw
!
voice class sip-profiles 1
response ANY sip-header Allow-Header modify "UPDATE," ""
request INVITE sdp-header Audio-Attribute modify "a=ptime:20" "a=ptime:30"
response ANY sdp-header Audio-Attribute modify "a=ptime:20" "a=ptime:30"
request REINVITE sdp-header Attribute modify "a=T38FaxFillBitRemoval:0" ""
request INVITE sdp-header Audio-Attribute add "a=ptime:30"
!
!
voice iec syslog
!
!
voice translation-rule 9
rule 1 /^9/ //
!
!
voice translation-profile outbound
translate called 9
!
!
hw-module pvdm 0/0
!
hw-module pvdm 0/1
!
!
redundancy
!
ip tftp source-interface GigabitEthernet0/0
ip ssh version 2
!
!
interface Loopback0
no ip address
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description Local LAN
ip address 192.168.1.2 255.255.255.0
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description ATT Network
ip address 12.13.14.10 255.255.255.248
duplex full
speed 100
!
interface GigabitEthernet0/2
description VLAN1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/2.1
description VLAN1
encapsulation dot1Q 1 native
ip address 192.168.1.3 255.255.255.0
!
!
ip forward-protocol nd
!
no ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 12.194.138.0 255.255.255.0 12.13.14.9
!
!
control-plane
!
!
mgcp profile default
!
sccp local GigabitEthernet0/0
sccp ccm 192.168.1.13 identifier 2 priority 1 version 7.0
sccp ccm 192.168.1.12 identifier 1 priority 2 version 7.0
sccp
!
sccp ccm group 1
associate ccm 2 priority 1
associate ccm 1 priority 2
associate profile 1 register ATNAL-DC-xcode
associate profile 2 register ATNAL-DC-cfb
!
dspfarm profile 1 transcode
description DC Xcoder
codec g711ulaw
codec g711alaw
codec g729ar8
codec g729abr8
maximum sessions 20
associate application SCCP
!
dspfarm profile 2 conference
description DC conference bridge
codec g711ulaw
codec g711alaw
codec g729ar8
codec g729abr8
codec g729r8
codec g729br8
maximum sessions 20
associate application SCCP
!
dial-peer voice 1 voip
description Incoming 10-digit calls from AT&T - Facing CUBE for destination
session protocol sipv2
incoming called-number [2-9]..[2-9]......$
voice-class codec 1
voice-class sip asymmetric payload full
voice-class sip asserted-id pai
voice-class sip profiles 1
voice-class sip bind control source-interface GigabitEthernet0/1
voice-class sip bind media source-interface GigabitEthernet0/1
dtmf-relay rtp-nte
fax-relay sg3-to-g3
fax rate 14400 bytes 48
fax protocol t38 version 0 ls-redundancy 5 hs-redundancy 1 fallback none
no vad
!
dial-peer voice 2 voip
description Incoming Peer for Outbound calls to AT&T - Facing CUBE for desti
session protocol sipv2
incoming called-number 9T
voice-class codec 1
voice-class sip asymmetric payload full
voice-class sip asserted-id pai
voice-class sip privacy-policy passthru
voice-class sip profiles 1
voice-class sip bind control source-interface GigabitEthernet0/0
voice-class sip bind media source-interface GigabitEthernet0/0
dtmf-relay rtp-nte
fax-relay sg3-to-g3
fax rate 14400 bytes 48
fax protocol t38 version 0 ls-redundancy 5 hs-redundancy 1 fallback none
no vad
!
dial-peer voice 12 voip
description Destination of 10-digit calls from AT&T - Facing CUCM Publisher
destination-pattern [2-9]..[2-9]......$
session protocol sipv2
session target ipv4:192.168.1.12
voice-class codec 1
voice-class sip asymmetric payload full
voice-class sip asserted-id pai
voice-class sip privacy-policy passthru
voice-class sip profiles 1
voice-class sip bind control source-interface GigabitEthernet0/0
voice-class sip bind media source-interface GigabitEthernet0/0
dtmf-relay rtp-nte
fax-relay sg3-to-g3
fax rate 14400 bytes 48
fax protocol t38 version 0 ls-redundancy 5 hs-redundancy 1 fallback none
no vad
!
dial-peer voice 13 voip
description Destination of 10-digit calls from AT&T - Facing CUCM Subscriber
destination-pattern [2-9]..[2-9]......$
session protocol sipv2
session target ipv4:192.168.1.13
voice-class codec 1
voice-class sip asymmetric payload full
voice-class sip asserted-id pai
voice-class sip privacy-policy passthru
voice-class sip profiles 1
voice-class sip bind control source-interface GigabitEthernet0/0
voice-class sip bind media source-interface GigabitEthernet0/0
dtmf-relay rtp-nte
fax-relay sg3-to-g3
fax rate 14400 bytes 48
fax protocol t38 version 0 ls-redundancy 5 hs-redundancy 1 fallback none
no vad
!
dial-peer voice 20 voip
description Outgoing calls to AT&T - Facing AT&T Network for Call Setup
translation-profile outgoing outbound
destination-pattern 9T
session protocol sipv2
session target ipv4:12.194.138.181 <----------- AT&T SIP Proxy
voice-class codec 1
voice-class sip asymmetric payload full
voice-class sip asserted-id pai
voice-class sip privacy-policy passthru
voice-class sip profiles 1
voice-class sip bind control source-interface GigabitEthernet0/1
voice-class sip bind media source-interface GigabitEthernet0/1
dtmf-relay rtp-nte
fax-relay sg3-to-g3
fax rate 14400 bytes 48
fax protocol t38 version 0 ls-redundancy 5 hs-redundancy 1 fallback none
no vad
!
dial-peer voice 30 voip
description Outgoing calls to AT&T - Facing AT&T Network for Call Media Stre
translation-profile outgoing outbound
destination-pattern 9T
session protocol sipv2
session target ipv4:12.194.138.69 <----------- AT&T SIP Proxy
voice-class codec 1
voice-class sip asymmetric payload full
voice-class sip asserted-id pai
voice-class sip privacy-policy passthru
voice-class sip profiles 1
voice-class sip bind control source-interface GigabitEthernet0/1
voice-class sip bind media source-interface GigabitEthernet0/1
dtmf-relay rtp-nte
fax-relay sg3-to-g3
fax rate 14400 bytes 48
fax protocol t38 version 0 ls-redundancy 5 hs-redundancy 1 fallback none
no vad
!
!
sip-ua
!
!
!
gatekeeper
shutdown
!
!
!
scheduler allocate 20000 1000
ntp server us.pool.ntp.org
!
end
CUBE#term len 24
CUBE#
Sunday, April 12, 2015
Sunday Thought: Devils Been Talkin'
Just a good song all around, and there is some good lyrics to this song. You all know I like Christian music.
Needtobreathe - Devils Been Talkin'
Needtobreathe - Devils Been Talkin'
Saturday, April 11, 2015
Friday, April 10, 2015
Palo Alto: Changing The Management Access Port For HTTPS
It used to be that HTTPS access to the firewall was just that for management. 443 was just secure management, and that was it. Now, its for VPN access. Now you have to change the management port number from 443 to something else if you enable VPN nowadays. I found a good document on the Palo site for this, so I'm going to just copy and paste it here. I couldn't have said this any better than the guy who created it.
With that said, I think that this process should be easier. It seems to me, just like in Check Point, that you should just be able to go to one place, type in the new port number, and go with it. Maybe in a future release.
With that said, I think that this process should be easier. It seems to me, just like in Check Point, that you should just be able to go to one place, type in the new port number, and go with it. Maybe in a future release.
1. Configure a loopback interface on the firewall and assign an interface Management Profile permitting the desired type of access.
Note: The management profile permitting access only needs to be on the loopback interface, and not
the Untrust interface.
2. Configure custom services for the nondefault ports that will allow access to the firewall. In this example, TCP/7777 is chosen for HTTPS and TCP/7778 for SSH access. (choose your own ports)
3. Configure individual destination NAT policies to translate the custom ports to the default access ports.
4. Configure a security policy allowing inbound access to the Untrust interface. Optionally, the specific ports to be allowed in this security policy can be included.
5. Commit the changes.
6. Try to access the unit on the new port.
Thursday, April 9, 2015
Brocade Switch: Uptimes Are Good
Cisco has a reputation for having good uptimes on their equipment. I have seen up to eight years before on Cisco switching gear. Well, I think its too early to say on the Brocade gear, but I think its looking good so far, from what I see. Below is an example of a customer I went to the other day for an FCX switch. The second switch was one I added later on.
FCX#show version
...
STACKID 1 system uptime is 614 days 16 hours 2 minutes 13 seconds
STACKID 2 system uptime is 167 days 17 hours 28 minutes 18 seconds
FCX#show version
...
STACKID 1 system uptime is 614 days 16 hours 2 minutes 13 seconds
STACKID 2 system uptime is 167 days 17 hours 28 minutes 18 seconds
Wednesday, April 8, 2015
Brocade ICX Switch: Increasing The Buffered Logging To 100 Instead Of The Default Of 50
Ever do a "show log" on an ICX switch and get no more than 50 lines? You can increase that to 100 if you want to. Or decrease it if you like. Either way, here is how you go about it below.
Notice that the default is 50.
ICX6450-24P Switch#sh log
Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
...
Dynamic Log Buffer (50 lines):
...
Now, lets increase the number. I misstyped the high number on purpose, so we could see what the limit is:
ICX6450-24P Switch(config)#logg buff 1000
Error - Invalid input 1000. Valid range is between 1 and 100
ICX6450-24P Switch(config)#logg buff 100
Reload required. Please write memory and then reload or power cycle.
ICX6450-24P Switch(config)#exit
After I rebooted the switch:
ICX6450-24P Switch>sh log
Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
...
Dynamic Log Buffer (100 lines):
...
Notice that the default is 50.
ICX6450-24P Switch#sh log
Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
...
Dynamic Log Buffer (50 lines):
...
Now, lets increase the number. I misstyped the high number on purpose, so we could see what the limit is:
ICX6450-24P Switch(config)#logg buff 1000
Error - Invalid input 1000. Valid range is between 1 and 100
ICX6450-24P Switch(config)#logg buff 100
Reload required. Please write memory and then reload or power cycle.
ICX6450-24P Switch(config)#exit
After I rebooted the switch:
ICX6450-24P Switch>sh log
Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
...
Dynamic Log Buffer (100 lines):
...
Tuesday, April 7, 2015
ShoreTel: Using File Based MOH
ShoreTel really makes things simple to configure. I like the product and like installing it, although I do feel there are some weaknesses to it.
One of the things that is easy in ShoreTel, is using file based MOH (music on hold). Below are the steps I use to configure it when needed.
Select "Enable File Based Music On Hold" and select an available extension.
Goto the file you want to use.
And select "File Based" for your selected music file.
One of the things that is easy in ShoreTel, is using file based MOH (music on hold). Below are the steps I use to configure it when needed.
Select "Enable File Based Music On Hold" and select an available extension.
Goto the file you want to use.
And select "File Based" for your selected music file.
Sunday, April 5, 2015
Sunday Thought: No Turning Back
You know there are some things in life, that once you made the decision, there is just no turning back? Accepting salvation is one of those things for me. I guess the question really is, how could you turn back? How could you turn away from something so powerful and wonderful. If you don't know what I'm talking about, then it's time for you to call out to the Messiah.
This song below is just encouraging. I hope it is to all my brothers and sisters out there.
https://m.youtube.com/watch?v=P_TGh9-iabM
By the way, Happy Easter. He is risen!
This song below is just encouraging. I hope it is to all my brothers and sisters out there.
https://m.youtube.com/watch?v=P_TGh9-iabM
By the way, Happy Easter. He is risen!
Saturday, April 4, 2015
Friday, April 3, 2015
Good Friday To All
Good Friday to everyone. Jesus (Yeshua) died for you and me to take away your sins and mine. Thank God for the plan of salvation!
Thursday, April 2, 2015
Cisco Voice: CallerID - Who Is Not Getting It Right?
CallerID is an important feature to some customers, and when its not reported correctly to the "called party", then it can be a big deal. For example, most companies want the callerID to be the main line DID of the company, so that when you call back, you dont get the direct DID of the called party. You get the operator, or auto attendant, or something else besides the actual person who called you. So when the callerID doesnt report correctly to the called party, who is to blame? Well, that depends on who is controlling callerID.
Below, you can see that I want the calling persons callerID to be 2052505555. I have that set on the Cisco CME, and every call going out should report that. I know this, because I configured it do this. Here is the proof that Im sending it out that way:
038167: Feb 2 09:08:37.631: ISDN Se0/3/0:23 Q931: TX -> SETUP pd = 8 callref
0x159D
Bearer Capability i = 0x8090A2
Standard = CCITT
Transfer Capability = Speech
Transfer Mode = Circuit
Transfer Rate = 64 kbit/s
Channel ID i = 0xA98396
Exclusive, Channel 22
Progress Ind i = 0x8183 - Origination address is non-ISDN
Calling Party Number i = 0x2180, '2052505555'
Plan:ISDN, Type:National
Called Party Number i = 0x80, '12054444444'
Plan:Unknown, Type:Unknown
Here is my config on the CME:
voice translation-rule 10
rule 1 /..../ /2052505555/
voice translation-profile set-cli
translate calling 10
dial-peer voice 3 pots
translation-profile outgoing set-cli
destination-pattern 9[2-9]......
port 0/3/0:23
So, below is the callerID shown on my cell phone:
Hmmm. Its something else besides what I told it to be. Its time to call the carrier. They are controlling it.
Below, you can see that I want the calling persons callerID to be 2052505555. I have that set on the Cisco CME, and every call going out should report that. I know this, because I configured it do this. Here is the proof that Im sending it out that way:
038167: Feb 2 09:08:37.631: ISDN Se0/3/0:23 Q931: TX -> SETUP pd = 8 callref
0x159D
Bearer Capability i = 0x8090A2
Standard = CCITT
Transfer Capability = Speech
Transfer Mode = Circuit
Transfer Rate = 64 kbit/s
Channel ID i = 0xA98396
Exclusive, Channel 22
Progress Ind i = 0x8183 - Origination address is non-ISDN
Calling Party Number i = 0x2180, '2052505555'
Plan:ISDN, Type:National
Called Party Number i = 0x80, '12054444444'
Plan:Unknown, Type:Unknown
Here is my config on the CME:
voice translation-rule 10
rule 1 /..../ /2052505555/
voice translation-profile set-cli
translate calling 10
dial-peer voice 3 pots
translation-profile outgoing set-cli
destination-pattern 9[2-9]......
port 0/3/0:23
So, below is the callerID shown on my cell phone:
Hmmm. Its something else besides what I told it to be. Its time to call the carrier. They are controlling it.
Wednesday, April 1, 2015
NYC In Pictures
NYC is a great place. I guess its for some people and not for others. I think the people are great and I just love the vibe of the city. Here are some pictures I took with my phone that I thought I would share with you all.
360 from Brooklyn Bridge:
Van Gogh:
View from Brooklyn Bridge:
Monet:
From Central Park:
360 from Brooklyn Bridge:
Van Gogh:
View from Brooklyn Bridge:
Monet:
From Central Park:
Subscribe to:
Posts (Atom)