|
Cookbook | 
|
|
 |
|||
 |
|||
Contents
SIP.edu and Configuring Cisco 2620XM PSTN Gatewaysa Proxy Server (draft)
Steve Blair
<blairs@isc.upenn.edu> (May 2005(November 2004)
Overview
Cisco Systems manufactures
several products which can be used to provide
connectivity between traditional TDM based telephony
systems and LAN/Internet Protocol (IP) based voice-over-ip (VoIP)
systems. This document describes one possible way to
configure such a gateway, the 2620XM, with a T1/PRI
connection.
The 2620XM is an IOS based multi-protocol modular router. If you deploy
this router you must purchase it with, or upgrade memory to,
128MB of DRAM to accommodate modern
(12.3.x) versions
of IOS. As of this writing IOS version c2600-ipvoice-mz.123-11.T3.bin
is recommended. A VWIC interface is also required. We are using a VWIC
1MFT-T1.
I. Architecture
In order to map
email addresses to PBX extensions,
a call that comes in to the Avaya SIP proxy will first attempt to
deliver it to
a registered station
(check- is
it trying to deliver it to a registered or a recorded (but offline)
station?). If the call
cannot be delivered via the
Avaya proxy it is handed off to the Avaya gateway connected by PRI to our
legacy 5ESS PBX.
Challenges (may not be necessary to include all of this)
Some of the
Avaya user
documentation is out of date
and use of
this cookbook as a guide is recommended. The
hardest part was
getting
console access and an administrative interface. There
were several required passwords missing or wrong.
I. The Basics
First configure the 2620XM's IP address, mask and default gateway. To this configuration add authentication statements per your site's authentication policy. IP routing must be enabled on voice gateways but a routing protocol is not required. A default gateway is suffice. Logging parameters may also need to be defined.
Here is an example configuration with FastEthernet interface 0/0 configured to connect to the IP network through which your SIP proxy is reachable.
interface
FastEthernet0/0
description
SIP-PSTN gateway
ip address <site-specific-ip-address> <site-specific-subnet-mask>
no ip
mroute-cache
speed
100
full-duplex
no cdp
enable
ip default-gateway <site-specific-gateway-ip-address>
ip route 0.0.0.0 0.0.0.0 <site-specific-gateway-ip-address>
Notice that we have disabled the Cisco Discovery Protocol (CDP). This is a site specific configuration option. Check with your Networking support staff to determine how this parameter should be set for your institution.
A commonly accepted practice is to define a loopback address in order to create a consistent identity for this router. This is especially useful when modeling the router in a Network Management System.
interface
Loopback0
ip address <site-specific-ip-address> <site-specific-subnet-mask>
no
snmp trap link-status
Defining codecs
Some sites may use a single codec while others may find it advantageous to define a list of available codecs in the order in which they should be tried during call setup. If you choose to implement a list you accomplish this task using the voice class codec command. Note that this only defines the list of available codecs. Once defined the list must be applied each applicable dial-peer using the voice-class codec command. Dial-peer commands will be described later in this document.
voice
class codec 1
codec
preference 1 g711ulaw
codec
preference 2 g729r8 bytes 40
codec
preference 3 g723r63 bytes 96
codec
preference 4 g726r16 bytes 80
codec
preference 5 gsmfr bytes 132
Thoughts on digit manipulation
Digit manipulation can be accomplished using the number-expansion and voice translation-rule commands. Note: Number expansion is performed before dial-peer matching. This behavior is helpful when performing wholesale changes on inbound numbers but can completely destroy your dial plan if not implemented properly.
If your Service Provider delivers the same number of digits as your proxy server is configured to see, you do not need number expansion. For discussion purposes let’s assume our proxy uses a ten digit number for the username and our SP sends only 5 digits. To convert from the five to ten digit called party number we would add the following statements to the router.
num-exp
68... 2157468...
num-exp
85... 2158985...
The "." character is a wildcard that matches one and only one digit. If
a call arrives for the user assigned to extension 68123 the router
will expand 68123 into 2157468123. A dial-peer statement matching 2157468123 would have to exist for
a match and the call to proceed. See Cisco Systems web site for more
information on number expansion rules.
Translation
rules are
another number string conversion method Translation
rules are called from dial-peers, so
the conversion occurs after dial-peer matching. This means the previous
caution
regarding number expansion does not apply.
In our environment translation rules are used to convert the five digit calling party number into a ten digit number to insure that an off campus recipient of a call can recognize the caller id and redial the number in their call history display. To accomplish this we define a translation rule that maps each five digit oncampus extension range into the corresponding ten digit range. In this example the number 3 is an arbitrary number used to uniquely identify this rule.
voice
translation-rule 3
rule 1
/^6\(....\)/ /215746\1/
rule 2
/^3\(....\)/ /215573\1/
rule 3
/^8\(....\)/ /215898\1/
rule 4
/^7\(....\)/ /215417\1/
The translation-rule shown above can be used to manipulate digits. If you wish greater control, such as the ability to specify to which number the rule should be applied then translation-profiles are also needed.
Returning
to our example, we define
translation-rules to insure that the recipient of an IP phone call has
the
correct number to return the call or apply caller-id screening. To use
the
translation-rule for this purpose we define a translation-profile that
will be
applied to all appropriate dial-peer statements. In the following
example the
name "prefix" is an arbitrary string used to identify the profile.
voice
translation-profile Prefix
translate
calling 3
Hopefully this example
gives you an idea of the power of translation rules. Review the Cisco
documentation and IOS online help to see other options available under
translation-rules and translation-profiles.
II. Configuring the WAN interface
This section is highly site specific. It is quite possible that the examples shown here will not apply to your site. Your mileage may vary. No laundry returned without ticket. Routers configured incorrectly will be towed by Ted & Bob's hauling.
At the time of this writing we were using a T1/PRI circuit terminated in a VWIC 1MFT-T1 interface for connectivity to a Verizon DMS100 Central Office switch. To configure a WAN circuit in this environment requires three steps. First define the physical layer (T1 specific) parameters. These should be self explanatory. If not check with your site Networking representative for help.
controller
T1 1/0
framing
esf
linecode
b8zs
cablelength
short 133
pri-group
timeslots 1-24
description
T1/PRI trunk to Verizon Centrex
Next define an ISDN PRI serial interface. The switch-type parameter may need to be changed depending upon the type of switch in use. Likewise the address plan and type command is also site/carrier specific and will most likely need to be changed. Finally note that here again we disable Cisco's CDP. This is a local decision that may or may not apply to your site. Check with your Networking department if you are uncertain about this setting.
interface
Serial1/0:23
description
Service Provider Circuit ID: <it is a good idea to put the circuit
id here for documentation>
no ip
address
no
logging event link-status
isdn
switch-type primary-dms100
isdn
incoming-voice voice
isdn
map address . plan isdn type national
isdn
send-alerting
isdn
outgoing ie redirecting-number
isdn
outgoing ie high-layer-compat
isdn
outgoing ie user-user
no cdp
enable
Finally define the voice specific port and map it to the serial interface defined above. The voice port will be referenced by dial-peer statements. It is through this port that calls will be received and sent. The actual parameters you apply to this port again will vary.
voice-port
1/0:23
output
attenuation 2
echo-cancel
coverage 32
playout-delay
nominal 70
playout-delay
minimum low
playout-delay
mode fixed
no
comfort-noise
III. Configuring dial-peers
The dial-peer is where forwarding decisions are made based upon destination-pattern pattern matching. If more than one peer is matched the preference parameter determines the order in which the peers are tried. The dial-peer statement is also where translation-rules and codec decisions are made.
Continuing with our example installation suppose we have the following dial-peers defined. We know that our Service Provider will deliver five digits in the called party number so we match based on five digit numeric values. The following dial-peer will be matched whenever the called party number is a value between 68001 and 68009. Notice how a range can be specified in the destination-pattern match to simplify configuration.
In this example we also see that this peer has preference value 2 which means only matching peers with a preference value of 1 will override this peer. We also see that the list of supported codecs is specified in the voice-class codec statement and point to codec list #2 described above.
A new item is the session target sip-server command. This command identifies the sip-ua through which this call will be forwarded. This is a UA that is internal to the Cisco box and is described below.
Note: Remeber that number expansion is performed before dial-peer matching. This behavior is helpful when performing wholesale changes on inbound numbers but can completely destroy your dial plan if not implemented properly.
dial-peer voice 680010 voip
description Only peer for inbound to SIP Proxy 215-746-8001:8009 extensions
huntstop
preference 2
destination-pattern
6800[1-9]
progress_ind
setup enable 3
voice-class
codec 1
session
protocol sipv2
session
target sip-server
dtmf-relay
rtp-nte
no vad
If instead of a range of extensions we wish to only match a single extension then the following sample dial-peer would be used. In this example the destination-pattern is a full five digit string. Given that the pattern matching happens on a longest string match no other perr will match this same extension therefore the call will be sent to the session target identified in the peer.
dial-peer
voice 89386 voip
description
Only peer for inbound to SIP Proxy
215-898-9386 extension
huntstop
preference
2
destination-pattern
89386
progress_ind
setup enable 3
voice-class
codec 1
session
protocol sipv2
session
target sip-server
dtmf-relay
rtp-nte
no vad
These examples are pretty straight forward and describe what the router should do when presented with a call destined for a point on the VoIP network but what if the call is from the VoIP network and destined for the Public Switched Telephone Network (PSTN)? This case is shown in the following example.
Remember back in the WAN interface section we setup a voice-port? Well here is where that port is used. In this case we have an IP phone user who wishes to call an on-campus analog telephone using five digit dialing. The prefix statement has been added in order to present a full ten digit calling party number.
dial-peer
voice 61 pots
translation-profile outgoing Prefix
preference 3
destination-pattern 6....
direct-inward-dial
port 1/0:23
prefix 215746
VI. Configuring the SIP UA
In a SIP environment each
entity the originates or receives SIP messages is called a user agent
(UA). UAs are comprised of two components a user agent client (UAC) and
user agent server (UAS). The UAC is configured using the sip-ua
command. In our example we have the sip-ua configured as follows.
sip-ua
retry
invite 3
retry
response 3
retry
bye 3
retry
cancel 3
timers
expires 300000
sip-server
dns:upenn.edu
In the above example the sip-server is the most interesting. The
command sip-server dns:upenn.edu tells the router to use DNS to resolve
the name upenn.edu into a usable address. In this case upenn.edu is the
domain name in a SRV record. The domain name in our example resolves
into two A records each with their own weight and priority. This is
part of the failover mechanism used in our environment.
V. What is missing
This is just a
sample configuration. Most likely your configuration will be different.
You may want to add access control lists to restrict access to/from the
proxy server and any associated hosts. A commonly accepted set of
ACLs follow. Keep in mind this is just a sample list. You
application and installation may require additional list entires.
access-list 104 permit ip host
<proxy-server ip> host <pstn gwy ip>
access-list 104 permit ip host
<proxy-server ip> host <pstn gwy ip>
access-list 104 deny tcp any host
<pstn gwy ip> eq 5060
access-list 104 deny udp any host
<pstn gwy ip> eq 5060
access-list 104 permit ip any any
This configuration does not configuration options which are not related
to SIP. For example we do not discuss SNMP configuration. If you wish
to enable SNMP monitoring and traps you will most likely want to
consider the following:
snmp-server enable traps envmon
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps voice poor-qov
I've found that these trap messages are a bit generic and not very helpful. An alternative is to use RADIUS accounting messages however you will need to decide which approach works best for your institution.
VI. Putting it all together
isdn
switch-type primary-dms100
voice
class codec 1
codec
preference 1 g711ulaw
codec
preference 2 g729r8 bytes 40
codec
preference 3 g723r63 bytes 96
codec
preference 4 g726r16 bytes 80
codec
preference 5 gsmfr bytes 132
!
voice
translation-rule 3
rule
1 /^6\(....\)/ /215746\1/
rule
2 /^3\(....\)/ /215573\1/
rule
3 /^8\(....\)/ /215898\1/
rule
4 /^7\(....\)/ /215417\1/
!
voice
translation-profile prefix
translate
calling 3
!
controller
T1 1/0
framing
esf
linecode
b8zs
cablelength
short 133
pri-group
timeslots 1-24
description
T1/PRI trunk to Service Provider
interface
Loopback0
ip address <site-specific-ip-address> <site-specific-subnet-mask>
no
snmp trap link-status
!
interface
FastEthernet0/0
description
SIP-PSTN gateway
ip address <site-specific-ip-address> <site-specific-subnet-mask>
no
ip mroute-cache
speed
100
full-duplex
no
cdp enable
!
interface
Serial1/0:23
description Circuit ID: <it is a good idea to put the circuit id here for documentation>
no
ip address
no
logging event link-status
isdn
switch-type primary-dms100
isdn
incoming-voice voice
isdn send-alerting
isdn outgoing ie redirecting-number
no cdp enable
!
access-list 104 permit ip host
<proxy-server ip> host <pstn gwy ip>
access-list 104 permit ip host
<proxy-server ip> host <pstn gwy ip>
access-list 104 deny tcp any host
<pstn gwy ip> eq 5060
access-list 104 deny udp any host
<pstn gwy ip> eq 5060
access-list 104 permit ip any any
ip default-gateway <site-specific-gateway-ip-address>
ip route 0.0.0.0 0.0.0.0 <site-specific-gateway-ip-address>
!
! Note: The following snmp info is incomplete. This
section is for reference only.
!
snmp-server
location <My Site Server Room>
snmp-server
contact <Me, Myself and I>
snmp-server
chassis-id <2620XM SIP-PSTN Gateway>
snmp-server
enable traps tty
snmp-server
enable traps envmon
snmp-server
enable traps isdn layer2
snmp-server
enable traps isdn chan-not-avail
snmp-server
enable traps isdn ietf
snmp-server
enable traps voice poor-qov
no cdp
run
!
voice-port
1/0:23
output
attenuation 2
echo-cancel
coverage 32
playout-delay
nominal 70
playout-delay
minimum low
playout-delay
mode fixed
no
comfort-noise
!
dial-peer
voice 680010 voip
description
Only peer for inbound to SIP Proxy
215-746-8001:8009 extensions
huntstop
preference
2
destination-pattern
6800[1-9]
progress_ind
setup enable 3
voice-class
codec 2
session
protocol sipv2
session
target sip-server
dtmf-relay
rtp-nte
no
vad
!
dial-peer
voice 89386 voip
description
Only peer for inbound to SIP Proxy
215-898-9386 extension
huntstop
preference
2
destination-pattern
89386
progress_ind
setup enable 3
voice-class
codec 2
session
protocol sipv2
session
target sip-server
dtmf-relay
rtp-nte
no
vad
!
dial-peer
voice 61 pots
description
Only peer for outbound 5-digit 746
campus calls
translation-profile
outgoing Prefix
preference
3
destination-pattern
6....
direct-inward-dial
port
1/0:23
prefix
215746
!
dial-peer
voice 90 pots
description
Test peer for outbound calls to
PSTN
preference
1
destination-pattern
.T
direct-inward-dial
port
1/0:23
!
sip-ua
retry
invite 3
retry
response 3
retry
bye 3
retry
cancel 3
timers
expires 300000
sip-server
dns:upenn.edu
!