2014年2月27日星期四

B-ACD with Non CME 2900 series H232 Gateway

I got a request to block non-notice (calls with blank calling numbers) calls with voice prompt. The calls are comming Cisco 2921 price   from BRI configured in a 2921 H323 gateway.

For this I am thinking of putting BACD application with a welcome prompt for the caller and drop through after that to a random number to end the call. This is only the requirtement and not planing to use the ACD feature of the script.

Can I do this with a h232 gateway 2921 that is not CME (only CME-SRST)? is there any other better way to do this. In normal mode calls are going to CUCM 6.1 using voip dialpeers. Callmanager related configurations are not shown here.

Configuration:

------------------------------------------------------------------------------------------------------------ Identifying blank calls

voice translation-rule 1
rule 1  / /  /100/

voice translation-profile PSTN_Calls
translate calling 1

dial-peer voice 1 pots
translation-profile incoming PSTN_Calls
incoming called-number .
direct-inward-dial
port 0/1/1

-------------------------------------------------------------------------------------------------------------------- Call application Configuration

dial-peer voice 2 voip
service aa
session target ipv4: <srst-cme ip>
incoming called-number 100$
dtmf-relay h245-alphanumeric
codec g711ulaw

application
service queue flash:app-b-acd-2.1.0.0.tcl
param aa-hunt 200

service aa flash:app-b-acd-a-2.1.0.0.tcl
  paramspace english index 1
  paramspace english language en
  paramspace english location flash:
  param service-name queue
  param handoff-string aa
  param aa-pilot 100
  param welcome-prompt custome_welcome.au
  param drop-through-prompt custome_welcome.au

--------------------------------------------------------------------------------------------------- To block call to 200 afer the prompt

voice translation-rule 2
rule 1  reject /200/

voice translation- profile UNKNOWN_BLOCK
translate called 2

dial-peer voice 2 voip
translation- profile outgoing BLOCK
session target ipv4: <srst-cme ip>
incoming called-number 200$
-------------------------------------------------------------------------------------------------- Telephony service for SRST and Transcoding in CME mode

telephoney service
srst mode auto-provision all
ip source address <loopback>
max-dn 2
max-ephone 2

Though you could do it with BACD & a drop through, I wouldn't do it like that.  A cleaner solution is to throw the call to your AA (Unity, CUE, IPCC).

voice translation-rule 1
rule 1 /.*/ /8675309/

voice translation-profile block
translate called 1

dial-peer voice 1 pots
answer-address ^$
translation-profile incoming block
direct-inward-dial
port 0/0/0:23

dial-peer voice 2 voip
destination-pattern 8675309
Add other h323 peer stuff here....

What this does is match peer 1 inbound for any inbound POTS call that doesn't contain an ANI.  It then takes that call and translates the DNIS to a special pattern, and sends it to CUCM.  Then configure CUCM/Unity/whatever to router 8675309 to an AA that say 'Hey your call is being blocked because you aren't presenting CLID  Cisco 2951 price   ' and hang up.

2014年2月25日星期二

DHCP Issue on 3560 Switch

I'm aiming to achieve something WS-C3560X-48T-L    so simple I cannot believe it isn't working already!
Essentially I have a 24 port 3560 switch in our company DMZ. All ports on the switch are in VLAN98 (DMZ VLAN). A few servers with static IPs in the relevant range (192.168.98.0/24) are currently connected to the switch and work just fine.
I now want to create a DHCP pool on this switch as it is going to provide IP addresses for hosts connecting to public WiFi in the building.
The pool is as follows:
Start Address: 192.168.98.192
End Address: 192.168.98.254
x2 excluded addresses: 192.168.98.198 & 192.168.98.199
Default gateway: 192.168.98.1

Granted the address block is a little odd but I needed to grab the end of the subnet range in a way that would be easy to summarise the IP addresses for the firewall ACL (wanted to use 192.168.98.200-254 but 192.168.98.192 was the closest summary for that)

My switch config looks as attached - I have used Cisco documentation to do it but my connected client is not getting an IP address and the "debug dhcp" command has resulted in no output so far.
It's gotta be something silly but I cant see what. Any help greatly appreciated.

(The client is plugged into fa0/2 - all other unused ports are in the shutdown state)

that won't work. You pool must be a /24 if it's a /24

ip dhcp excluded-address 192.168.98.1 192.168.98.192
ip dhcp excluded-address 192.168.98.198 192.168.98.199

!
ip dhcp pool DMZ_Pool
   network 192.168.98.0 255.255.255.0
   default-router  WS-C3560X-48T-S    192.168.98.1

2014年2月24日星期一

How to configure policy based routing on 3750

In our datacenter we have a WS-C3750X-12S-S   stack with IP base image.  I have enabled PBR and reloaded the switch.  Show sdm prefer says i am using default template.  The reason i want to use PBR is that we have 2 firewalls on the same work and want to be able to have granular control over which gateway out of the network they use but still be able to access all internal resouces accross wan and locally.

Created access list to identify traffic:

access-list 10 permit 10.2.3.59 (test workstation on vlan 3)

Created policy:

route-map TestASA permit 10
match ip address 10
set ip next-hop 10.2.0.3

Assigned policy to the user vlan3:

ip policy route-map TestASA

Results:
It changed the default gateway to the above gateway but i could not access any resources on any other vlan, could not access resouces accross wan.

Jason, the deny statement will prevent that traffic of be select by PBR. Then that traffic will be forwarded by normal routing table.

But I did a mistake. The ACL must be:
access-list 102 deny  ip host 10.2.4.240 YOUR_VLAN_1
access-list 102 deny  ip host 10.2.4.240 YOUR_VLAN_4
access-list 102 deny  ip host 10.2.4.240 YOUR_VLAN_254
access  WS-C3750V2-48PS-S   -list 102 permit ip host 10.2.4.240 any

2014年2月18日星期二

3900 ios gateway Software MTP

I currently have 3  Cisco 3925E    call manager clusters.

Cluster 1

Cluster 2

SME Cluster

I have two 3900 gateways currently connected to cluster 2 that are configured for as 500 software MTP's. That is all these gatways do now, nothing else.

I would like to share these software MTP's with the other 2 call manager cluster.  I do not see a way to do this.

 Is it possable to share the software MTP's between mulitple CUCM 9.x clusters?


You cannot share the same dspfarm. You can however create separate dspfarms (subdividing the total capacity in the process) and separate call manager groups which point to   Cisco 3945     separate clusters.

2014年2月13日星期四

SPAN configuration on 3750

I'm trying to configure a mirror port on a WS-C3750X-48T-L  . This configuration needs to replicate data from local ports, but I need that also act as a regular access port.

With the initial configuration, SPAN port, there is no problem, all the data of the configurated ports is replicating in the configurated port. On the port configurated as mirror there is a PC connected for audio recording. When the port is not operating as SPAN there is communications without problem over the LAN. But when I configure the port as SPAN, communication is interrupted.

Here is the actual configuration:

SWITCH1-PISO7#sh monitor session 1

Session 1

Type                   : Local Session

Source Ports           :

    Both               : Fa1/0/1-7,Fa1/0/9-12,Fa1/0/32-33,Fa1/0/35,Fa1/0/38

Destination Ports      : Fa1/0/47

    Encapsulation      : Native

          Ingress      : Enabled, default VLAN = 215

    Ingress encap : Untagged

SWITCH1-PISO7#sh run int fa1/0/47

Building configuration...

Current configuration : 112 bytes

interface FastEthernet1/0/47

switchport access vlan 215

switchport mode access

spanning-tree portfast

end

SWITCH1-PISO7#sh ver

Cisco IOS Software, C3750 Software (C3750-IPSERVICES-M), Version 12.2(50)SE1, RELEASE SOFTWARE (fc2)

****output omitted****

Switch Ports Model              SW Version            SW Image

*    1 52    WS-C3750V2-48PS    12.2(50)SE1           C3750-IPSERVICES-M

****output omitted****

beforehand thanks for your help


For the 3750 family, the span destination ingress forwarding  capability's only purpose is to enable ingress traffic forwarding of  frames received on the span destination port from an Intrusion Detection  Systems (IDS) or comparable device. Like a span destination port  without ingress forwarding, MAC address learning is disabled on a span  destination port with ingress forwarding, and a span destination port  with ingress forwarding does not transmit any traffic except that WS-C3750X-48T-S    required for the SPAN session.