Friday, August 24, 2012
Cisco CME with ATA186 using FAX Pass Through mode
This finally worked after getting a bad ATA the first time round that would not respond to https. The first thing you want to do is point your browser to the ATAs IP address (https://IPAddr/dev) and make the following changes:
I configured ATA with static IP address and disabled TFTP.
Network Parameters
UseTFTP=0
DHCP=0
StaticIP=172.17.100.9
StaticRoute=172.17.100.1
StaticNetMask=255.255.255.0
Audio Parameters
LBRCodec=3
AudioMode=0x00150015
ConnectMode=0x90000404
On the CME I had the fax DID number 5552496501 first get translated to extension 101 using a profile. With the usual suspects of dial-peers and ephones referencing 101, the Fax call is placed to port 1 (determined by the MAC address) of the ATA.
CME Configs
voice service voip
modem passthrough nse codec g711ulaw
voice translation-rule 9
rule 1 /^55522672\(..\)$/ /1\1/
rule 3 /^5552496501/ /101/ <---Fax number. Translates to 101
voice translation-profile SIP_IN
translate calling 3
translate called 9 <--Incoming SIP calls
tftp-server flash:ATA030203SCCP051201A.zup
dial-peer voice 101 voip
destination-pattern 101
modem passthrough nse codec g711ulaw
session target ipv4:172.17.100.9
codec g711ulaw
fax rate disable
no vad
telephony-service
load ata ATA030203SCCP051201A.zup
ephone-dn 101
number 101
ephone 28
device-security-mode none
mac-address 001D.4595.6401 <--MAC Address of Port 1 on ATA
max-calls-per-button 2
type ata
button 1:101
Saturday, August 11, 2012
Cisco 3560X License Update
We initially received wrong licenses from Cisco to upgrade the feature on our 3560X switches from ipbase to ipservices - we only realize this when we installed the .lic file. This is what we got:
Switch#sh license udi
Device# PID SN UDI
-----------------------------------------------------------------------------
*0 WS-C3560X-48T-S FDO1520P0KG WS-C3560X-48T-S:FDO1520P0KG
A wrongly generated .lic file from Cisco:
Switch#license install flash:FDO1520P0KG_20110622144858347.lic
Installing licenses from "flash:FDO1520P0KG_20110622144858347.lic"
% Error: Install failed. UDI L-C3560X-LIC=:FDO1520P0KG on license does not match any device
0/1 licenses were successfully installed
0/1 licenses were existing licenses
1/1 licenses were failed to install
In order to correct this just send an email to licensing@cisco.com with the PID and UDI to have them correct this. Then install as follows:
Copy the license to the flash and run the license install command.
Switch#copy tftp flash:
Address or name of remote host [10.10.1.200]?
Source filename [FDO1520P0KG_20110622144858347.lic]? FDO1520P0KG_20110622174501853.lic
Destination filename [FDO1520P0KG_20110622174501853.lic]?
Accessing tftp://10.10.1.200/FDO1520P0KG_20110622174501853.lic...
Loading FDO1520P0KG_20110622174501853.lic from 10.10.1.200 (via Vlan1): !
[OK - 1160 bytes]
1160 bytes copied in 8.204 secs (141 bytes/sec)
Switch#license install flash:FDO1520P0KG_20110622174501853.lic
Installing licenses from "flash:FDO1520P0KG_20110622174501853.lic"
Installing...Feature:ipservices...Successful:Supported
1/1 licenses were successfully installed
0/1 licenses were existing licenses
0/1 licenses were failed to install
Switch#
*Mar 1 00:10:29.657: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = c3560x Next reboot level = ipservices and License = ipservices
*Mar 1 00:10:30.118: %LICENSE-6-INSTALL: Feature ipservices 1.0 was installed in this device. UDI=WS-C3560X-48T-S:FDO1520P0KG; StoreIndex=1:Primary License Storage
Switch#
Switch#sh license feature
Feature name Enforcement Evaluation Clear Allowed Enabled
ipservices yes yes yes yes
ipbase yes no yes no
lanbase no no yes no
Switch#sh license all
License Store: Primary License Storage
StoreIndex: 0 Feature: ipbase Version: 1.0
License Type: Permanent
License State: Active, Not in Use
License Priority: Medium
License Count: Non-Counted
StoreIndex: 1 Feature: ipservices Version: 1.0
License Type: Permanent
License State: Active, In Use
License Priority: Medium
License Count: Non-Counted
License Store: Evaluation License Storage
StoreIndex: 0 Feature: ipservices Version: 1.0
License Type: Evaluation
License State: Inactive
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
License Priority: None
License Count: Non-Counted
Switch#sh license udi
Device# PID SN UDI
-----------------------------------------------------------------------------
*0 WS-C3560X-48T-S FDO1520P0KG WS-C3560X-48T-S:FDO1520P0KG
A wrongly generated .lic file from Cisco:
Switch#license install flash:FDO1520P0KG_20110622144858347.lic
Installing licenses from "flash:FDO1520P0KG_20110622144858347.lic"
% Error: Install failed. UDI L-C3560X-LIC=:FDO1520P0KG on license does not match any device
0/1 licenses were successfully installed
0/1 licenses were existing licenses
1/1 licenses were failed to install
In order to correct this just send an email to licensing@cisco.com with the PID and UDI to have them correct this. Then install as follows:
Copy the license to the flash and run the license install command.
Switch#copy tftp flash:
Address or name of remote host [10.10.1.200]?
Source filename [FDO1520P0KG_20110622144858347.lic]? FDO1520P0KG_20110622174501853.lic
Destination filename [FDO1520P0KG_20110622174501853.lic]?
Accessing tftp://10.10.1.200/FDO1520P0KG_20110622174501853.lic...
Loading FDO1520P0KG_20110622174501853.lic from 10.10.1.200 (via Vlan1): !
[OK - 1160 bytes]
1160 bytes copied in 8.204 secs (141 bytes/sec)
Switch#license install flash:FDO1520P0KG_20110622174501853.lic
Installing licenses from "flash:FDO1520P0KG_20110622174501853.lic"
Installing...Feature:ipservices...Successful:Supported
1/1 licenses were successfully installed
0/1 licenses were existing licenses
0/1 licenses were failed to install
Switch#
*Mar 1 00:10:29.657: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = c3560x Next reboot level = ipservices and License = ipservices
*Mar 1 00:10:30.118: %LICENSE-6-INSTALL: Feature ipservices 1.0 was installed in this device. UDI=WS-C3560X-48T-S:FDO1520P0KG; StoreIndex=1:Primary License Storage
Switch#
Switch#sh license feature
Feature name Enforcement Evaluation Clear Allowed Enabled
ipservices yes yes yes yes
ipbase yes no yes no
lanbase no no yes no
Switch#sh license all
License Store: Primary License Storage
StoreIndex: 0 Feature: ipbase Version: 1.0
License Type: Permanent
License State: Active, Not in Use
License Priority: Medium
License Count: Non-Counted
StoreIndex: 1 Feature: ipservices Version: 1.0
License Type: Permanent
License State: Active, In Use
License Priority: Medium
License Count: Non-Counted
License Store: Evaluation License Storage
StoreIndex: 0 Feature: ipservices Version: 1.0
License Type: Evaluation
License State: Inactive
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
License Priority: None
License Count: Non-Counted
Cisco ASA Management over VPN Client
Here is an example of a working configuration on version 8.4 to manage (via ssh and http or ASDM) a Cisco ASA over a VPN client.
interface GigabitEthernet0/0
nameif untrust
security-level 0
ip address 1.1.5.7 255.255.255.0
!
interface GigabitEthernet0/1
nameif trust
security-level 100
ip address 10.99.18.240 255.255.255.224
ip local pool vpnpool 10.99.81.1-10.99.81.254 mask 255.255.255.0
management-access trust
nat (trust,untrust) source static 10.99.0.0 10.99.0.0 destination static 10.99.81.0 10.99.81.0 route-lookup
ssh 10.99.81.0 255.255.255.0 trust
http 10.99.81.0 255.255.255.0 trust
This allows you to hit the trust interface with ASDM or ssh after you VPN into the Cisco ASA. Note that the 'route-lookup' switch under the nat (exempt) rule is often overlooked!
_k
interface GigabitEthernet0/0
nameif untrust
security-level 0
ip address 1.1.5.7 255.255.255.0
!
interface GigabitEthernet0/1
nameif trust
security-level 100
ip address 10.99.18.240 255.255.255.224
ip local pool vpnpool 10.99.81.1-10.99.81.254 mask 255.255.255.0
management-access trust
nat (trust,untrust) source static 10.99.0.0 10.99.0.0 destination static 10.99.81.0 10.99.81.0 route-lookup
ssh 10.99.81.0 255.255.255.0 trust
http 10.99.81.0 255.255.255.0 trust
This allows you to hit the trust interface with ASDM or ssh after you VPN into the Cisco ASA. Note that the 'route-lookup' switch under the nat (exempt) rule is often overlooked!
_k
Subscribe to:
Posts (Atom)