Cisco UC520 for SIPconnect Configuration Guide Developed by: Cisco Systems, Inc. Date: 01/27/2009 Version 1.9
Cisco UC520 for SIPconnect
Configuration Guide
Developed by:
Cisco Systems, Inc.
Date: 01/27/2009
Version 1.9
2
TABLE OF CONTENTS
1 DOCUMENT OVERVIEW................................................................................................................. 4
1.1 INTRODUCTION................................................................................................................................ 4 1.2 SCOPE.............................................................................................................................................. 4 1.3 REVISION CONTROL ........................................................................................................................ 4 1.4 USAGE ............................................................................................................................................. 5 1.5 QUESTIONS...................................................................................................................................... 5 1.6 SUGGESTIONS / CORRECTIONS......................................................................................................... 5 1.7 WHAT’S NEW IN CCA 1.9 ............................................................................................................... 6 1.8 RELEASE 1.8.................................................................................................................................... 7 1.9 RELEASE 1.7.................................................................................................................................... 8 1.10 RELEASE 1.6.................................................................................................................................... 8 1.11 RELEASE 1.5.................................................................................................................................... 8 1.12 RELEASE 1.1.................................................................................................................................... 9
2 UC520 FOR SIPCONNECT OVERVIEW ...................................................................................... 10
2.1 PRODUCT DESCRIPTION................................................................................................................. 10 2.2 UC520 SIPCONNECT QUALIFICATION AND TEMPLATES................................................................ 10 2.3 SUPPORTED LINE-SIDE PROTOCOLS............................................................................................... 11 2.4 UC520 SECURITY - PLEASE REVIEW JUNE 08 SECURITY NOTICE BELOW ..................................... 11 2.5 TEMPLATE LAN TOPOLOGY FOR UC520 INSTALLATION .............................................................. 12
3 REQUIREMENTS ............................................................................................................................. 14
3.1 HARDWARE REQUIREMENTS ......................................................................................................... 14 3.2 SOFTWARE REQUIREMENTS........................................................................................................... 15
4 CONFIGURATION ........................................................................................................................... 15
4.1 INSTALLATION............................................................................................................................... 15 4.2 INITIAL CONFIGURATION............................................................................................................... 15 4.3 USING CCA TO CONFIGURE THE UC500 FOR CBEYOND ............................................................... 17 4.4 OUTBOUND PROXY SUPPORT (CCA 1.0 -> CCA 1.8, NOT REQUIRED IN CCA 1.9) ........................ 44 4.5 CCA FEATURE SUPPORT MATRIX ................................................................................................. 45 4.6 TROUBLESHOOTING....................................................................................................................... 56
Table of Figures
FIGURE 1, LAN TEMPLATE ........................................................................................................................... 13 FIGURE 2 CCA CONNECT .............................................................................................................................. 17 FIGURE 3 CERTIFICATE WARNING................................................................................................................. 18 FIGURE 4 LOGIN ............................................................................................................................................ 18 FIGURE 5 TOPOLOGY VIEW ........................................................................................................................... 19 FIGURE 6 LEFT PANE..................................................................................................................................... 20 FIGURE 7 DHCP POOLS ................................................................................................................................ 21 FIGURE 8 MODIFY DHCP POOL .................................................................................................................... 22 FIGURE 9 DNS SETTINGS .............................................................................................................................. 23 FIGURE 10 DNS SETTINGS, CONTINUED....................................................................................................... 24 FIGURE 11 CHANGE THE HOSTNAME............................................................................................................. 25 FIGURE 12 SYSTEM TIME .............................................................................................................................. 26 FIGURE 13 NTP............................................................................................................................................. 27 FIGURE 14 NTP, CONTINUED ........................................................................................................................ 28 FIGURE 15 USERS AND PASSWORDS ............................................................................................................. 29
3
FIGURE 16 WAN INTERFACE SETTINGS ........................................................................................................ 30 FIGURE 17 SAVE THE CONFIGURATION ......................................................................................................... 31 FIGURE 18 ENTER AUTO ATTENDANT INFORMATION.................................................................................... 32 FIGURE 19 SYSTEM ....................................................................................................................................... 33 FIGURE 20 DIAL PLAN .................................................................................................................................. 34 FIGURE 21 DIDS........................................................................................................................................... 34 FIGURE 22 VOICEMAIL ................................................................................................................................. 35 FIGURE 23 DON'T CLICK OK ........................................................................................................................ 36 FIGURE 24 SIP TRUNK PARAMETERS ............................................................................................................ 37 FIGURE 25 VOICE FEATURES......................................................................................................................... 38 FIGURE 26 USER PARAMETERS ..................................................................................................................... 39 FIGURE 27 USER PARAMETERS, CONTINUED................................................................................................. 40 FIGURE 28 USER PARAMETERS, CONTINUED................................................................................................. 41 FIGURE 29 USER PARAMETERS, CONTINUED................................................................................................. 42 FIGURE 30 VOICE FEATURES, CONTINUED .................................................................................................... 43 FIGURE 31 SAVE THE CONFIGURATION , AGAIN ............................................................................................ 44
4
1 Document Overview
1.1 Introduction
Cbeyond offers a service based on the SIPconnect Interface Specification, which
allows Cbeyond to support customer IP PBXs over SIP trunks. SIPconnect builds
on existing Internet Engineering Task Force (IETF) standards to define a model of
interconnection between IP PBXs and VoIP service provider networks.
SIPconnect was conceived and developed by Cbeyond Engineering. Vendors
initially supporting the effort were Cisco Systems, Avaya, Mitel, Broadsoft, and
Talkswitch. By August 2006, SIPconnect gained industry-wide support via work
completed by the SIP Forum.1
In support of Cbeyond’s SIPconnect service, Cisco Systems has worked with
Cbeyond engineering to qualify Cisco’s UC520 as a supported PBX/voicemail
system under SIPconnect. This document details the topology and supporting
configurations for Cbeyond VARs and customers who wish to install and operate
the UC520 with Cbeyond’s service.
1.2 Scope
This document is intended for systems integrators responsible for configuring and
deploying UC520 for Cbeyond’s SIPconnect customers. It is also intended for use
by Cbeyond and Cisco personnel for troubleshooting issues associated with the
integration of Cisco UC520 and Cbeyond’s SIPconnect offering. It addresses the
Cisco Configuration Assistant (CCA) for UC520, the graphical configuration
interface, but not UC520 usage.
1.3 Revision Control
Release Release Date Approval Changes to this Version
1.0 6/4/07 Jeff Pilgrim Initial release.
1.1 6/11/07 Jeff Pilgrim Response to comments from Bob at
Cbeyond
1.2 7/23/07 Greg Rothman Added Cbeyond Support Information
in Section 1.5
1.3 7/24/07 Greg Rothman Updated Section 3.3.2 with the CCA
Release information
1.4 9/24/07 Jeff Pilgrim Updated UC500 version requirements
and added section 4.4
1.5 10/9/07 Corbett Nelson Changed 4.4.2 to reflect firewall
configuration change caveat. Added
4.4.3 caveat for issues with voice mail
boxes.
1.6 02/12/08 Dipen Shah Updated guide for CCA version 1.5
1 See http://www.sipforum.org/sipconnect
5
1.7 05/19/08 Corbett Nelson Updated for outbound proxy
configuration.
1.8 06/13/08 Corbett Nelson Updated security section
1.9 01/27/09 Corbett Nelson Updated for CCA version 1.9
Includes outbound proxy support
Voice GUI updated from 1.8
1.4 Usage
This document details how to deploy the UC520 using the Cisco Configuration
Agent (CCA) graphical configuration tool. A specific example is provided that
must be adapted to customer parameters and other requirements.
1.5 Questions
For any sales related questions about Cbeyond’s BeyondVoice with SIPconnect
service, please contact a Cbeyond sales representative.
Cbeyond Support Before or During Service Activation
Please contact your Cbeyond Service Coordinator if you need assistance
Cbeyond Support Post Service Activation
Please contact the Cbeyond Customer Support Center:
www.cbeyondonline.net
Anytime access to web-enabled account tools.
Billing & Account Management
M-F — 8am-10pm (EST)
1-866-424-5100
24-hour Technical Support or Call
1-866-424-5100
1.6 Suggestions / Corrections
Please send any suggestions or error reports related to this document to
6
1.7 What’s New in CCA 1.9 (NOTE: Menus changed in Release 1.9 of CCA)
These new and enhanced features are supported in Release 1.9 of Cisco Configuration
Assistant:
Feature Now You Can...
Device Support • Configure Cisco IP Phone SPA525G devices.
Wireless Setup
Wizard
• Launch the Wireless Setup Wizard to guide you through the
steps required for initial installation and configuration of
wireless network settings for the Cisco UC520 platform,
Cisco SPA525G IP phones, and up to two external Cisco
AP521 access points.
Application
Control
• Enable applications, including Unified Messaging, Video
Telephony, and Live Record. To access this feature, choose
Applications from the feature bar, then click Applications
Control.
Schedules • Configure business and night service schedules for use with
the Auto Attendant and Night Service features. To access this
feature, choose Configure > Telephony from the feature bar,
then click Schedules. You must configure schedules before
you can configure AA and Night Service features.
Voice Features • Configure night service extensions with either a call forward
number or night service bell, configure night service phones,
and set a toggle code for night service bell (Voice Features
tab).
• Configure Call Blast Groups (Voice Features tab).
• Add new SIP providers (SIP Trunks tab)
• Use the enhanced Dial Plan configuration interface to
configure outgoing and incoming call handling, and outgoing
caller identification (Dial Plan tab). Country-specific dial
plan templates are included for the following locales:
Australia, France, Germany, Italy, Japan, North America,
New Zealand, and Spain.
• Configure multiple Auto Attendants
• Configure multi-level Auto Attendant menus.
• Auto Attendant features are now configured in a separate
window. To access Auto Attendant configuration, choose
Configure > Telephony > Auto Attendant.
• Record Auto Attendant prompt using a built-in recorder or
via phones.
7
• Manage Auto Attendant prompts and scripts
Security • Configure URL Filtering and IPS (Intrusion Prevention
System).
User Interface
Changes and
Enhancements
• Auto Attendant configuration has been moved from the
Voicemail tab and now displays in a separate window.
• Voice Features window tabs have been renamed. The new tab
names are (from left to right) System, Region, Network,
Voicemail, SIP Trunk, Dial Plan, and Users.
• Hunt Groups can now be configured with a call forward
target (No Answer Forward To field). A member selection
dialog is also provided for easier selection of hunt group
members.
• System speed dial configuration has been moved into a
separate window (Configure > Telephony > System Speed
Dial).
• Call Pickup option has been removed from the Voice
Features window. Call Pickup is always enabled.
Music On Hold configuration in the Voice Features window
now includes options for enabling the external MoH port on
the UC500 and enabling MoH for internal calls.
• The Caller ID Per Call Block Code is now configured on the
Dial Plan tab in the Voice Features window.
• WLAN (SSIDs) window now includes a section for
configuring channel and power level settings for autonomous
access points.
1.8 Release 1.8
These new and enhanced features are supported in Release 1.8 of Cisco Configuration
Assistant:
Feature Now You Can...
Device Support Configure Cisco SR500 devices
Configure multiple Auto Attendants and Multi-level Auto Attendant.
Record and set Auto Attendant prompts from a phone. Voice
(enhanced)
8
1.9 Release 1.7
These enhancements are supported in Release 1.7 of Cisco Configuration Assistant:
Feature Now You Can...
Configure Bearer Capability for PRI.
Configure Bearer Capability and Static TEI for BRI.
Configure Call Progress Tone.
Voice
(enhanced)
1.10 Release 1.6
These new devices are supported in Release 1.6 of Cisco Configuration Assistant:
Feature Now You Can...
Manage these models of the Cisco Unified IP Phone 500 Series:
521G
524G
Device Support
1.11 Release 1.5
These new and enhanced features are in Release 1.5 of Cisco Configuration Assistant:
Feature Now You Can...
Device Setup Wizard (new) Set up Catalyst Express 520 switches, Cisco Unified Communications 500
Series platforms, Cisco 526 Wireless Express Mobility Controllers, and
autonomous Cisco 521 Wireless Express Access Points.
Wireless Controller
Dashboard (new) Display information for all of the Wireless LAN controllers in the community.
Convert to LAP (new) Convert autonomous access points to lightweight access points.
WLAN Users (new) Add wireless user on the Wireless LAN controllers and customize the content
and appearance of the Web login page for WLAN users.
License Management (new) Modify a license to support additional telephony users.
Voice (enhanced) Configure SIP phones and SIP trunking.
VLANs (enhanced) Create VLANs on Wireless LAN controllers.
WLAN (SSIDs), formerly
Wireless Networks
(enhanced)
Create WLANs (data, guest, or voice) on Wireless LAN controllers that are
running a 4.2 image.
Restart/Reset (enhanced) Restart devices as in earlier releases or restore the settings that they had when
they were new from the factory.
Topology View (enhanced) Add a network cloud to the topology map and manually add a link between
nodes on the map.
9
Communities (enhanced) Associate a company or organization name with a community in the Create
Community window or the Modify Community window. The name becomes
the default SSID for your network.
Configuration Archive
(enhanced) Apply a configuration to a selected device that was backed up from a similar
device.
Device Support Manage these additional models of the Cisco Unified
Communications 500 Series platform:
UC520-24U-8FXO-K9
UC520-24U-4BRI-K9
1.12 Release 1.1
These new and enhanced features are in Release 1.1 of Cisco Configuration Assistant:
Feature Now You Can...
Non-English
GUIs Install French, Spanish, Italian, German, Russian, Japanese, and simplified Chinese
versions of the Configuration Assistant GUI.
Voice
(enhanced) Configure T1/E1 voice port adapters in the Voice window.
Manage these additional models of the Cisco Unified Communications 500
Series platform:
UC520-32U-8FXO-K9
UC520-32U-4BRI-K9
UC520-48U-12FXO-K9
UC520-48U-6BRI-K9
UC520-48U-T/E/F-K9
UC520-48U-T/E/B-K9
Manage these additional models of the Catalyst Express 520 Series switch:
WS-CE520-24PC-K9
WS-CE520-24LC-K9
WS-CE520-24TT-K9
WS-CE520G-24TC-K9
Device Support
Manage these additional models of the Cisco Unified IP Phone:
7942-G
7962-G
7945-G
7965-G
7975-G
10
2 UC520 for SIPconnect Overview
2.1 Product Description
Cisco’s UC520 is a Cisco IOS-based appliance that provides IP PBX, voicemail,
and firewall functionality, based on Cisco Unified CallManager Express (CME),
Cisco Unity Express (CUE), and the Cisco Configuration Assistant (CCA)
software.
UC520 provides the following benefits:
• Cost-effective, converged data and voice solution in an appliance.
• Key system/small PBX features plus innovative convergence applications
for up to 16 users with the use of an optional expansion switch.
• Intuitive graphical user interface for easy installation, adds, moves, and
changes.
• Firewall and VPN support, based on US DoD certified IOS firewall
technologies.
• Fully integrated voice-mail and automated attendant capabilities for IP and
analog phone users.
2.2 UC520 SIPconnect Qualification and Templates
Cbeyond and Cisco engineers worked together to qualify UC520 for SIPconnect.
This included the design of a “template” topology, the creation of configuration
templates for the UC520 which are imbedded into the Cisco Configuration
Assistant (CCA), the supporting SIPconnect service components, and addressing
any software issues with respect to UC520’s support for Cbeyond’s network. The
intent of the qualification process was to ensure that UC520 would function
correctly in a SIPconnect environment.
Cbeyond’s demarcation point with a network customer is at the managed Cisco
Integrated Access Device (IAD) that Cbeyond deploys, which provides network
access services for IP voice and data traffic. Any equipment on the customer
premise, including PBXs supported by the SIPconnect service, are the
responsibility of Cbeyond’s customer and a supporting VAR. With that in mind,
it should be understood that the main focus in developing a UC520 configuration
template was to validate a configuration that works and that enables
communication between the CPE-based equipment and Cbeyond’s SIPconnect
Broadsoft call agent. Basic voice features including on-net and off-net calling,
call transfers and forwarding, voicemail access, and any other network-based
voice services upon which a PBX/voicemail system depends, fall into the testing
and qualification effort by Cbeyond and Cisco. More customer-specific features
such as hunt-group definitions, paging groups, and the like, have been tested by
Cisco but are left to VARs and customers to configure.
The templates that resulted from the testing efforts, particularly with respect to
LAN topology, are tested recommendations that are subject to VAR and end-
customer requirements. The only exceptions to this are required UC520 SIP
11
connect parameters that must be configured for communication with Cbeyond’s
Broadsoft platforms.
2.3 Supported Line-side Protocols
Although UC520 can also support SIP on the line side to SIP phones, this
document does not address such configurations. Future versions of UC520
templates will be developed and documented in revisions to this guide.
At present, UC520 acts as a protocol converter and SIP user-agent between the
SIP trunk to Cbeyond’s Broadsoft call agent and Cisco IP phones running SCCP
(“Skinny”) images. In keeping with the SIPconnect specification, a single
directory number, the designated “main number”, is configured on UC520 to
register with the Cbeyond servers for authentication and AOR functionality. All
other directory numbers are configured such that UC520 does not register them
with Cbeyond.
2.4 UC520 Security - Please review June 08 Security Notice below
Securing IP Telephony installations such as UC520 is a topic that is beyond the
scope of this document and has not been directly addressed in the development of
SIPconnect UC520 installation templates. Security is an area in which Cbeyond’s
partners may provide additional value to SIPconnect customers, if executed
properly. Cisco’s IOS firewall, for example, can be configured on UC520 to
enable the appropriate access-lists and other elements of the firewall.
UC520’s IOS cryptographic image may also be configured to enable SSH and
HTTPS (SSL) access to the UC520 management interfaces. Administrative access
to the UC520 management interfaces may also be configured through the use of
local usernames and password, privilege levels, and the use of AAA servers such
as Cisco’s Access Control Server (ACS) which provides Radius and TACACS+
services. These configuration efforts may be performed by the VAR or end-
customer through CCA.
The UC520 templates also include Class of Restriction (COR) to enable access
control for different classes of users. International number dialing, for example,
may be restricted to specific phones.
Care should be taken by the VAR or customer to avoid disabling call control,
voicemail, and phone features when enabling security features manually. As an
example, many security administrators will limit access to the HTTP server in
IOS through the use of access control lists (ACLs). If those ACLs, however,
inadvertently prevent IP phones from reaching the HTTP server imbedded in
UC520 then features such as user directories and IP phone services will be
disabled.
June 13, 2008 Security Notice for Preventing Toll Fraud
If a security configuration is not already in place to prevent outside callers from
using a UC500 for fraudulent calls, then steps are required to prevent this. Not
securing the SIP trunk on the UC500 will allow anonymous SIP connections. The
result of this is that it can be used by outside parties to send unauthorized calls. To
12
prevent this requires adding a command to the SIP Incoming Trunk configuration
on Dial Peer 1000 from the command line. The configuration addition is listed
below.
Method: Add “permission term” to the incoming SIP trunk dial peer
Telnet to the UC500 and enter configure mode. Look for the dial-peer labeled
“** Incoming call from SIP Trunk **” this should be dial-peer 1000.
uc500# config terminal
uc500(config)# dial-peer voice 1000 voip
uc500#(config-dial-peer)# permission term
uc500#(config-dial-peer)# end
uc500# write memory
Upon completion the dial-peer should look like the example below.
uc500#show run | section dial-peer voice 1000 voip
dial-peer voice 1000 voip
permission term description ** Incoming call from SIP trunk **
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
session protocol sipv2
session target sip-server
incoming called-number .%
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
2.5 Template LAN Topology for UC520 Installation
There are several ways in which a UC520 system can be integrated into a
customer’s local area network in the context of SIPconnect. The key factor to
consider in the implementation, however, is that the managed Cisco IADs which
Cbeyond customers enjoy as “managed access routers” are generally not modified
according to various CPE scenarios. The IAD provides a SIP ALG and NAT
router for local private network addressing, but does not participate in local
routing decisions for subnets and VLANs defined by the end-customer or VAR.
This enables Cbeyond to provide reliable, consistent, and supportable IAD
configurations across a wide customer base.
With this consideration in mind, Figure 1 depicts the LAN topology that was used
to develop to UC520 configuration templates with SIPconnect.
13
Figure 1, LAN Template
In this topology, UC520 is placed inline between the managed IAD and any CPE
devices including IP phones and personal computers. UC520 becomes the default
gateway, TFTP, and DHCP server for the phones and PCs. Requirements for this
configuration include:
• A layer 2 Ethernet switch or cross over cable between the Cbeyond IAD
and UC520
• Cisco UC520 appliance
14
• Cisco IP Phones, up to 16 if the UC520 expansion switch is employed.
• Misc analog phones or other devices such as fax machines
This template for a LAN topology also supports running the IOS firewall feature
set on the UC520 platform although a firewall configuration is not presented in
this document.
Considerations for this topology include:
• The “WAN” segment between the Cbeyond IAD and the UC520 can also
support other data devices, such as personal computers, just as if UC520
were not present. This is the default LAN supported by Cbeyond IADs, is
DHCP enabled by default, and by default falls into the 10.0.1.0/24 subnet.
Both DHCP support and the subnet can be modified by the VAR or end-
customer so long as the subnet changes are addressed in the UC520
“WAN” interface and routing configuration.
• “VLAN 1”, “Voice VLAN 100”, and the subnets depicted can be
modified by the VAR or end-customer to suit customer requirements.
• PCs may or may not be attached through Cisco IP phones according to
customer preference, but the total number of ports supported by UC520 is
16.
• Inline power support is provided by UC520.
• The UC520 provides routing for all devices in VLANs 1 and 100, and
also NATs the template 192.168.10.0/24 address space for the data VLAN
1. The result is that data traffic from VLAN 1 is NATed twice: Once by
the UC520 and once by the Cbeyond IAD. Without this NATing on the
UC520, the managed IAD has no destination for inbound traffic. Testing
by Cbeyond and Cisco has not revealed any particular difficulty with this
practice.
• Some customers may prefer to obtain a publicly routable address for
UC520 rather than use a private “10.x” address behind the Cbeyond IAD.
Cbeyond provides this as an option and also configures the IAD to route
“inside” for a block of public IP addresses. This has the benefit of
avoiding “double-NATing” and can simplify remote access to the UC520,
whether or not VPN access is configured on the appliance platform.
• If remote access to the UC520 is desired Cisco recommends the use SSH
connections rather than the use of telnet.
3 Requirements
3.1 Hardware Requirements
The UC520 appliance supports Cisco IP phones and Cbeyond service. An
Uninterruptable Power Supply (UPS) is strongly recommended for UC500, which
runs a version of Linux in the embedded Unity Express module. This appliance is
15
fairly robust but nevertheless involves a spinning hard disk drive that is subject to
errors in the event of sudden power loss.
3.2 Software Requirements
Cbeyond and Cisco have qualified the following software versions for SIPconnect
and UC500. No other versions of software on UC500 are currently supported.
Note that as of this writing, the UC500 has not been released; packaging on CCO
may be different than that of CME/CUE installation:
Component Supported
IOS Release uc500-advipservicesk9-mz.124-11.XW5.bin
UC520 Release 4.2(5)
CCA Release 1.5
4 Configuration
The UC500 may be configured with either the Cisco Configuration Assistant
(CCA) or command line interface (CLI) although there are some tasks that may
only be achieved through CLI at this time. This guide documents the CCA
configurations tasks plus additional CLI-based configuration that must be applied,
as recognized at the time of this document update.
4.1 Installation
Please refer to the “Getting Started Guide” located at
http://www.cisco.com/en/US/products/ps7293/products_getting_started_guide091
86a0080824095.html for instructions about physically connecting the UC500’s
ports. In a nutshell, connect the “WAN” port to the same Ethernet segment as the
inside interface of the Cbeyond IAD. This may be accomplished either with a
crossover cable or with a LAN switch. Connect IP phones to the FastEthernet
ports on the front of the UC500. PCs should generally be connected to the switch
port on the phones. Any analog devices may be connected to the FXS ports on the
UC500.
Software for the platform may be downloaded from CCO at
http://www.cisco.com/cgi-bin/tablebuild.pl/UC520. Links are provided on this
page for the UC520 download, a link to the IOS page, and to various individual
support files.
Cisco Configuration Assistant (CCA) may be found at
http://tools.cisco.com/support/downloads/pub/Redirect.x?mdfid=281010085.
Install CCA on a PC connected to one of the FastEthernet ports on the front of the
UC500. Make sure this PC is configured to negotiate and IP address with UC500
over DHCP.
4.2 Initial Configuration
If the UC500 platform has been configured for testing or other purposes prior to
the customer installation, be sure to reset it to the factory default configuration.
16
UC500 uses factory default configuration files, for example “UC520-16U-4FXO-
K9-factory.cfg”. The exact name of this file depends on the UC500 model but the
procedure to restore the configuration to the factory default is the same: Using a
console connection, copy this file to the startup-config in NVRAM. For example:
UC520#copy flash:UC520-16U-4FXO-K9-factory.cfg startup-config
Destination filename [startup-config]?
[OK]
11553 bytes copied in 2.340 secs (4937 bytes/sec)
UC520#
Then reload the UC500.
17
4.3 Using CCA to Configure the UC500 for Cbeyond
With the UC500 in a default configuration, launch CCA on the workstation
attached to a FastEthernet port. CCA begins with a prompt to connect. This may
be populated with a value. If not, enter 192.168.10.1 in the “Connect to:” field as
follows:
Figure 2 CCA Connect
18
An SSH certificate warning may appear:
Figure 3 Certificate Warning
Select “Yes” or “Always” to continue to a login prompt:
Figure 4 Login
For the first login enter a Username of “cisco” and a Password of “cisco”.
19
A topology view should appear after a minute or so of network discovery:
Figure 5 Topology View
20
In this example there is a single phone connected to the UC500. To continue the
configuration click on “Configure” in the left pane:
Figure 6 Left Pane
21
Many of the elements of the default configuration may be accepted or changed
depending on the preference of the VAR or end user.
The “Smartports” configuration option, for example, allows changing VLAN and
voice VLAN assignments away from the recommended defaults that are assumed
in this document. “Ports/Port Settings” allows the assignment of static duplex and
speed settings, power management, and enablement. VARs are recommended to
use the “Smartports” configuration options to validate or specify the type of the
device plugged into each port, e.g. another switch. Otherwise accept the default
values.
The Security tree allows the creation or modifications of NAT, VPN server and
Firewall options. This will not be addressed in this document but are discussed in
the UC500 product documentation.
The Telephony tree in the left panel is where the majority of configuration for
SIPconnect takes place, and will be addressed in the next section of this
document.
Cisco recommends that Cbeyond VARs leave the Switching and Routing tabs at
their default settings unless integration into a customer network requires the
addition of IP interfaces, VLANs or static routing decisions.
“DHCP Server” should be selected so that DNS settings may be applied:
Figure 7 DHCP Pools
22
For the “data” pool, configure DNS server addresses and domain names.
Cbeyond typically offers DNS server addresses of 64.238.96.12 and 66.180.96.12,
depending on where the end customer is located. Cbeyond will also host domain
names for customers upon request. Update the fields appropriately:
Figure 8 Modify DHCP Pool
Click “OK” to continue.
23
Select “Device Properties/IP Addresses” to update DNS settings for the UC500
itself:
Figure 9 DNS Settings
24
Inspect the VLAN settings and then select the “Device Configuration” tab and
configure DNS server addresses and the domain name appropriately:
Figure 10 DNS Settings, Continued
Be sure to click “OK” to continue.
25
Select “Device Properties/Hostname” to change the hostname assigned to the
UC500, if desired, then click “OK”:
Figure 11 Change the Hostname
Note that CCA will rediscover the UC500 after updating the hostname.
26
Click on “Device Properties/System Time” to set the system clock. Click the
Device name (e.g. “Pilgrim”) and then the “Modify” button. Make the
appropriate selections and click “OK”:
Figure 12 System Time
27
Cbeyond supplies NTP server information that can be configured in UC500 as
well. This is usually simply primary and secondary IP addresses. NTP server
keys and encryption settings are not used:
Figure 13 NTP
28
Click “OK” and “OK”, at which a notification will appear.
Figure 14 NTP, Continued
Disregard this for the moment and click “OK to continue.
29
Click on “Device Properties/Users and Password” to configure an administrative
username and password for the system. This is strongly recommended:
Figure 15 Users and Passwords
Click “OK” to continue.
30
Click “Internet Connection” from the left panel to configure the WAN interface
with a static IP address. This is a mandatory step when using CCA for UC500
configuration. Click the FastEthernet 0/0 interface and then the Modify button.
Complete the dialog box:
Figure 16 WAN Interface Settings
This example shows the recommended static address of 10.0.1.2 for a default
Cbeyond IAD configuration. Modify the numbers as required or preferred.
Click “OK” to continue, then “OK” again.
31
At this point, saving the configuration to NVRAM is strongly recommended.
Save the configuration by clicking on the “Save Configuration” link in the left
configuration pane.
Figure 17 Save the Configuration
32
Before Configuring the “Voice” section you will want to configure the Auto
Attendent number as it is pulled into the Voice configuration sections.
Figure 18 Enter Auto Attendant Information
33
Continue to the Telephony configuration by clicking “Telephony/Voice” from the
left panel. Note that the window that appears will switch to the “System” tab
automatically. This will display the basics of the sytem. Please enter the System
message, Voice System Type, and Number of Digits for extensions.
Figure 19 System
Note that changing the number of digits in an extension causes CCA to identify ANY
extension number field, in the Dial Plan and Voicemail tabs and also in all others in the
Voice configuration that must be increased or decreased in length to ensure consistent
extension numbering. In this example, 3-digit extensions will be employed.
34
Now switch to the Dial Plan Tab.
The Numbering Plan Locale is selected as North American. Now pull down the Caller ID
Main PSTN Number menu and select the auto attendant previously configured in Figure
17. Additionally select a Caller ID block code if desired.
Figure 20 Dial Plan
Enter any DIDs required by clicking on the Configure button at the bottom of the screen.
Figure 21 DIDs
35
Now enter the Voicemail Access extension and PSTN numbers. This is a new screen
from previous CCA versions where Voicemail and Dial Plan were on one screen.
Figure 22 Voicemail
Clicking “Apply” or “OK” at this point may result in an error, so do not click
either one, as explained below.
36
If “Ok” or “Apply” is selected, an error dialog will appear as show below. This
occurs because other extension fields, in other tabs of the voice configuration,
have not yet be changed to 4 or more digit extensions. This error will not occur if
3-digits extensions, the default, are accepted:
Figure 23 Don't Click OK
In the event that this dialog occurs, click “OK” in the error box and then click the
“SIP Trunk Parameters” tab to continue.
37
Complete the SIP Trunk Parameters tab according to the example below:
First, Select Cbeyond as the Service Provider in the drop down menu.
Figure 24 SIP Trunk Parameters
The registrar server hostname, proxy server hostname (if different), Outbound
Proxy Server, and SIP domain name are all given in the install profile provided
by Cbeyond during customer provisioning.
The DIDs, or 10-digit NPA numbers, that are assigned for the auto attendant and
voicemail pilots, are chosen from a pool provided by Cbeyond or ported from a
previous customer installation.
The Digest Authentication username and password are also provided by Cbeyond.
This usually corresponds to the “main” number that was established by or for the
customer during signup for the SIPconnect service.
Typically this “main number” is assigned to the AA or to a receptionist if an AA
is not configured.
Click the “Voice Features” tab to continue.
38
In this screen, select the telephony features that should be enabled for this
installation:
Figure 25 Voice Features
Note that extension defaults are supplied by this screen. It is strongly
recommended that these are NOT changed, to avoid conflicts with other
extensions, and more importantly with dial plan elements that are “built in” and
not visible through CCA. If, for example, “9” is used as the “Outgoing call
dialtone digit” but some extension 9xxx is chosen for a feature or phone, there is a
strong possibility that a user dialing “9” to place an offnet call will instead dial a
local of extension or feature number.
Night Service can be configured on this Tab for forwarding calls after business
hours. After finishing the Voice configuration a Schedule can be configured using
the Schedules section of the Telephony menu on the left hand side of the CCA
screen.
Click on the “User Parameters” tab to continue.
39
This screen is the source of the error dialog that may have occurred earlier if
“OK” or “Apply” has been clicked, since the extensions for phones and analog
devices default to 3-digit numbers. The problem areas are highlighted in red;
assuming 4-digit extensions, change all the extensions on this page to 4 digits. In
this example, the extension “201” should be changed. If the analog ports (FXS)
will not be used, delete those lines from the screen.
Figure 26 User Parameters
40
Delete or change the devices shown, as appropriate, and complete the fields by
clicking in places along the highlighted blue device line. The user names,
UserIDs, and password fields are used by the UC500 to authenticate TAPI and
XML application connections:
Figure 27 User Parameters, Continued
Note that in this example a manual entry for a 7971 has been completed for the
purpose of showing Intercom configuration in the next step.
41
Click on “more”, the last device field, to complete a phone configuration:
Figure 28 User Parameters, Continued
Under the “Type” field additional parameters can be configured including extra
extensions and Intercoms.
Click “OK” to continue configuring phones.
42
When finished with the phones, click “Apply”. Do NOT click “OK” just yet.
The configuration will be applied to the UC500:
Figure 29 User Parameters, Continued
Still in the Voice configuration module, click on the Voicemail, Voice Features, and Dial
plan tabs and review the information presented:
43
If desired, create paging groups, Night Service configuration, Hunt groups, and
enable Music on Hold. Select “music-on-hold.au” from the drop down list for the
standard MOH file provided by Cisco:
Figure 30 Voice Features, Continued
Click “Apply” to apply the settings to the running-configuration and then “OK” to
exit Voice configuration. Error messages with respect to applying the
configuration generally indicate a loss of network connectivity during the
configuration session. Restarting CCA and reconnecting will generally “fix” the
problem.
44
Acknowledge that the configuration was sent to the UC500, then be sure to click
“Save Configuration” from the left panel:
Figure 31 Save the Configuration , Again
UC500 configuration with CCA is now complete.
4.4 Outbound proxy support (CCA 1.0 -> CCA 1.8, not required in CCA 1.9)
This feature allows the UC500 to send all SIP packets to a pre defined IP instead of the IP / DNS defined in the proxy server field defined previously. This is a common method used where an SBC (Session Border Controller), interfaces with customer IP PBXes from the SP point of view. Cbeyond has deployed SBCs and the configuration must be manually added to the UC500 configuration. The outbound proxy hostname will be provided by Cbeyond where it is required. Telnet/SSH or use a console cable to connect to the UC500 to manually enter the configuration below: voice service voip sip outbound-proxy dns:<OUTBOUND Proxy Name>.cbeyond.net
Note: As the interface between UC500 & CUE (voicemail / AA) is also SIP – when configuring this make sure all SIP dial-peers on UC500 pointing to CUE have the below added. The IP address listed in the dial peer would represent the existing IP address for the CUE interface.
45
dial-peer voice 2000 voip description ** cue voicemail pilot number ** voice-class sip outbound-proxy ipv4:10.1.10.1 ! dial-peer voice 2001 voip description ** cue auto attendant number ** voice-class sip outbound-proxy ipv4:10.1.10.1
Note: Additionally, to help secure the SIP trunk please add the following commands to the configuration on dial peer 1000 to help reduce toll fraud potential if another security method is not in place to secure the SIP trunk
uc500# config terminal
uc500(config)# dial-peer voice 1000 voip
uc500#(config-dial-peer)# permission term
uc500#(config-dial-peer)# end
uc500# write memory
4.5 CCA Feature Support Matrix
The following table lists the voice features that are supported by CCA 1.5 and those that require
the use of other interfaces.
Table 1
CCA Voice Feature Support Category Feature v 1.0 v 1.1 v 1.5 Description
Basic Network Config
WAN IP Address � � �
DHCP � � �
Time Zone � � �
Data & Voice VLANs � � �
IP Address on pre-existing data VLAN (VLAN 1) cannot be changed via CCA. Use CCA to create a new VLAN if required
Routing � � � Only Static Routing supported
Voice Deployment Scenarios
Key System / Square Mode � � �
Supported for FXO and T1/E1 CAS
PBX Mode � � � Support for DID and DOD
Hybrid Mode (Key System with AA) �
Adds AA support to Key System mode
Remote Teleworker � � �
Multi-site SBCS deployment Supported via CLI only
46
Key System Deployment
Trunk Monitor � � � Supported for pure Key System (w/o AA)
Paging Groups � � �
Intercom � � �
Multiple intercom is CLI. Only supported on button #2
Speed Dials �
System Speed Dials supported via CCA. All others must be configured via CLI
CO Trunk (FXO) � � � Trunk line appearances on IP Phones
Analog DID � Only supported on the expansion VIC slot
BRI � � �
Not supported on BRI SKU (unless VIC slot has FXO/T1/E1 module)
T1 (PRI) including fractional � �
E1(PRI) including fractional � �
T1 (CAS) including fractional �
E&M (Wink Start & Immediate Start signaling types supported). For FXS/FXO, loop start and ground start signaling types supported.
E1(CAS) including fractional �
E&M (Wink Start & Immediate Start signaling types supported). For FXS/FXO, loop start and ground start signaling types supported.
Auto Attendant �
Only supported in Hybrid of Key System & PBX. Incoming call handed off to AA.
E1 - R2 Supported via CLI only
FXO Hook Flash Supported via CLI only
Busy Lamp Field (BLF) Supported via CLI only
Line Monitoring Supported via CLI only
Dial Plan (PBX Mode)
Inbound Call Handling � � �
Call handling for FXO, BRI/T1/E1 incoming call handling mechanism
Outbound Call Handling � � �
Ability to specify multiple emergency numbers, customized call blocking capability
PSTN Number Mapping (DID) �
Ability to 1-to-1 and 1-to-many DID to internal extension mapping.
Call Forward Busy � � � Not supported for non-primary dn - requires CLI
Call Forward No Answer � � � Not supported for non-primary dn - requires CLI
Inbound Caller ID Support � � � Supported onFXO, BRI, PRI, SIP
47
Outbound Caller ID Support � � �
Supported on BRI, PRI, SIP. If DID range is non-contiguous, outbound caller ID is AA number.
Caller ID blocking � � �
Call Blocking � � �
Added ability to customize upto 5 call block numbers or ranges
Outbound Dialing Restrictions (COR) � � �
Based on outgoing dial-plans. Only North American dial plans supported. Limited support for outside US. Customization for outside US requires CLI.
After Hours Dialing Restrictions Supported via CLI only
48
PSTN Trunks(PBX Mode)
CO Trunk (FXO) � � �
Call handling per FXO port can be customized to redirect to AA/operator/hunt group/shared line, etc
Analog DID � Only supported on the expansion VIC slot
BRI � � �
T1 (PRI) including fractional � �
E1(PRI) including fractional � �
T1 (CAS) including fractional �
E&M (Wink Start & Immediate Start signaling types supported). For FXS/FXO, loop start and ground start signaling types supported.
E1(CAS) including fractional �
E&M (Wink Start & Immediate Start signaling types supported). For FXS/FXO, loop start and ground start signaling types supported.
E1 - R2 Supported via CLI only
Analog Station Ports (Integrated FXS) � � �
Outbound Caller ID supported via CLI only
SIP Trunks � � �
Added support for AT&T in CCA 1.5. Other providers may require CLI configuration.
Voice System Features(PBX Mode)
Call Pickup � � �
Call Park � � �
Hunt Groups � � � Final destination parameter unsupported
Paging Groups � � �
Intercom � � �
Multiple intercom is CLI. Only supported on button #2
Adhoc Conferencing �
For 8/16 user system, max number of conferences is 4. For 32/48 user system, this limit is at 8.
MeetMe Conferencing Supported via CLI only
Basic Automatic Call Distribution Supported via CLI only
Night Service Supported via CLI only
URL Provision Supported via CLI only
FAX support Supported via CLI only
CDR Integration Supported via CLI only
Users/phones/extensions(PBX Mode)
Multiple extensions per phone �
Shared line � Cannot share primary DN
2 calls per line � � �
49
Overlay DN �
Cannot overlay primary DN. Use CLI for Call Waiting Overlay
Busy Line Monitoring �
PSTN Line Appearance � � �
Speed Dials �
System Speed Dials supported via CCA. All others must be configured via CLI
SIP Phone support � Cisco 39xx only
Soft Key Templates Supported via CLI only
Extension Mobility Supported via CLI only
Distinctive Ring/Silent Ring Supported via CLI only
Voice Mail (PBX Mode and Key System Mode)
Mailbox � � �
Voice View Xpress � � � Automatically configured by CCA
IMAP � � �
Automatically configured by CCA. IMAP client must be configured manually.
Greeting Administered by Telephony UI
Message Notification (Email/page)
Supported via CUE GUI only
Auto Attendant (PBX Mode and Hybrid Mode)
AA_transfer script customization �
AA_SBCS_v01 script support
Supported via CUE GUI and CLI
Custom Script creation Requires CUE Script Editor ver 2.3.4
Prompt mgmt Supported via CUE GUI and CLI
Holiday/Business Hrs Requires CUE GUI + script modification
UC-520 Administration (All Deployment Modes)
Backup/Restore of Config/Data � � �
Both UC-520 and vmail data backed up. Vmail only works with CUE 2.3.x (CUE 3.0 not supported)
Reset to factory default �
IOS Upgrade � � � drag-n-drop
CME/CUE localization � � �
Phone loads � � �
Phone loads should be in the phone load folder in CCA
Music on Hold (MOH) � � � .au & .wav files can be drag-n-dropped
CUE upgrade Supported via CLI only
Ring tones NA NA NA Included in 4.2.5 s/w bundle
Background Images NA NA NA Included in 4.2.5 s/w bundle
50
Remote Teleworker Deployment
Video Support via VT Advantage NA NA NA
Point-to-Point supported via UC-500 default config
Soft phone (CIPC) � � �
871W � � � EzVPN Client on 871W
Codec Config Supported via CLI only
Firewall/NAT Traversal(MTP) Supported via CLI only
Transcoding Supported via CLI only
Multi-site SBCS Deployment
H.323 and SIP VoIP parameters Supported via CLI only
Call admission control (CAC) Supported via CLI only
Vmail Networking (VPIM) Supported via CUE GUI only
Broadcast lists Supported via CUE GUI only
Distribution list Supported via CUE GUI only
51
CCA Switching Feature Support The following table lists the switching features that are supported by CCA 1.5 and those that
require the use of other interfaces.
Table 2
CCA Switch Feature Support Category Feature v 1.0 v 1.1 v 1.5 Description Layer 2 Switching
• Fast convergence using 802.1w, enabled by default
Spanning Tree Protocol
� � � • Portfast: supported on "Desktop," "Phone + Desktop," "Printer," and "Server" Smartports roles
MAC addresses � � � 8000 MAC addresses
Virtual LANs (VLANs) � � �
Up to 32 VLANs (1000 range) and support for 802.1Q trunking using Cisco Smartports
• 4 queues per port
• Shaped Round Robin (SRR) queuing
Number and type of queues
� � � • Support for differentiated services code point (DSCP) and class of service (CoS) using Cisco Smartports • Support for Cisco EtherChannel
® and IEEE
802.3ad
• Up to 6 groups
Port grouping
� � �
• Up to 8 ports per group
Smartports (Preset Cisco Recommended Network Enhancements, QoS, and Security)
• Optimized for desktop connectivity
• Configurable VLAN setting
Desktop
� � � • Port security enabled to limit unauthorized access to the network
• Optimized QoS for IP phone + desktop configurations
• Voice traffic is placed on "Cisco-Voice" VLAN
• Configurable data VLAN
• QoS level assures voice-over-IP (VoIP) traffic takes precedence
IP Phone + Desktop
� � �
• Port security enabled to limit unauthorized access to the network
Router � � �
Configured for optimal connection to a router or firewall for WAN connectivity
• Configured as an uplink port to a backbone switch for fast convergence
Switch
� � �
• Enables 802.1Q trunking
• Configured for optimal connection to a wireless access point
Access Point
� � �
• Configurable VLAN
Can be classified as trusted, critical, business, or standard server:
• Trusted: for use with Cisco CallManager Express, same QoS setting as voice (VoIP traffic is prioritized)
• Critical: for critical servers with QoS set higher than default
• Business: default setting; QoS higher than desktop Internet traffic
Server
� � �
• Standard: for servers set to same level as regular desktop Internet traffic Configurable VLAN port security enabled to limit unauthorized access to the network
52
• QoS settings for "Printer" are the same as "Desktop," "Access Point," and "Standard Server"
• Configurable VLAN
Printer
� � �
• Port security enabled to limit unauthorized access to the network
• Guests are allowed access to the Internet, but not to the company network
• All guest ports are placed on the "Cisco-Guest" VLAN
Guest
� � �
• Port security enabled to limit unauthorized access to the network
• "Other" Smartports role allows for flexible connectivity of nonspecified devices
• Configurable VLAN
• No security
Other
� � �
• No QoS policy
Diagnostic
� � �
Customers can connect diagnostics devices to monitor traffic on other switches (configurable using Cisco Configuration Assistant only)
Security
SSL � � �
SSL support: encrypts all HTTP traffic, allowing secure access to the browser-based management GUI in the switch Three security levels: low, medium, and high (configurable using Cisco Configuration Assistant only):
• Low: for business environments where there is limited guest access; limited number of devices are allowed per port
• Medium: for business environments where security is important; only authorized devices (by MAC address) are allowed on the company network
Security policy slider
� � �
• High: for business environments where security is critical; only authorized devices (by MAC address) and authenticated users (using IEEE 802.1x) are allowed on the company network
• High-bandwidth video traffic is optimized so that it does not affect other applications on the network.
Multicast
� � �
• Internet Group Management Protocol (IGMP) (v1, v2, and v3) snooping: IGMP snooping constrains multicast traffic at Layer 2 by configuring Layer 2 LAN ports dynamically to forward multicast traffic only to those ports that want to receive it.
53
CCA Wireless Feature Support The following table lists the wireless features that are supported by CCA 1.5 and those that
require the use of other interfaces.
Table 3
CCA Wireless Feature Support Category Feature v 1.0 v 1.1 v 1.5 Description
Basic Device Config
Host Name � � �
System Time � � �
Day-Light Saving Time � � � AAP521 only
Time Zone � � �
NTP � � �
HTTP Authentication � � � AAP521 only
Enable Password � � � AAP521 only
Local User Name & Password � � �
Telnet & Console Passwords � � � AAP521 only
VLAN � � � For AAP521, VLAN is created as part of WLANs
Data, Voice and Guest VLANs Usability � WLC526 only
Save Configuration � � �
WLAN Deployment Scenarios
WLAN � � �
Data WLAN Usability � WLC526 only with version 4.2.x.x
Voice WLAN Usability � WLC526 only with version 4.2.x.x
Guest VLAN Usability � WLC526 only with version 4.2.x.x
Secure Authentication � � �
WEP, EAP, WPA, WPA-PSK, WPA2, WPA2-PSK, MAC, MAC+EAP
Web Authentication � WLC526 only with version 4.2.x.x
Fast Roaming (CCKM) � WLC526 only with version 4.2.x.x
Voice CAC � WLC526 only with version 4.2.x.x
WLAN Users
Guest User � WLC526 only with version 4.2.x.x
non-Guest User � WLC526 only with version 4.2.x.x
Web Login Page �
WLC526 only with version 4.2.x.x; both internal & customized web login page
Convert To LAP
Convert AAP to LAP � AAP521 only
54
Reports
Inventory � � � LAP521s are displayed under their respective WLC526
Wireless Radios � � � WLC526 only
Wireless Clients � � � WLC526 only
Views
Topology � � �
Front Panel View � WLC526 only
Monitor
Events � � � Includes acknowledgements
System Messages � � �
Maintenance
Software Upgrade � � �
Configuration Archive � � � Includes RMA setup
Restart (i.e. reboot) � � �
Reset to Factory Default �
Upload Troubleshooting Log �
Out-0f-box Setup
Device Setup Wizard � WLC526 only with version 4.2.x.x
Online Help
All Features � � � Per device type context
Wireless Client Setup �
7921 Mobile IP Phone Setup �
55
CCA Security Feature Support The following table lists the security features that are supported by CCA 1.5 and those that
require the use of other interfaces.
Table 4
CCA Security Feature Support Category Feature v 1.0 v 1.1 v 1.5 Description
Firewall
Application firewall � � �
• Provides high, medium, and low security levels for firewall policy settings to enable accelerated and easy deployment • Low-For business environments that do not need to track P2P and IM applications on the network or check for protocol conformance • Medium-For business environments where security is important and there is a need to track the use of IM and P2P applications and check for HTTP and e-mail protocol conformance • High-For business environments where security is critical, and there is a need for protocol anomaly detection services to drop non conformant HTTP and e-mail traffic and prevent use of P2P and IM applications
VPN
Cisco Easy VPN Remote � � �
Scalable, easy-to-manage, secure remote access for teleworkers or small offices on hub routers or branch office access routers
Cisco Easy VPN Server � � � Offers wizard-based configuration of remote-access VPN server configuration for UC-500
Split Tunneling � � �
Other
SSL- and SSHv2-based Secure Remote Access � � �
• Provides for secure management between PC and UC-500 • Automatically uses SSHv2 for all encrypted communication between CCA and UC-500
Network Address Translation (NAT) � � �
1-to-1 static port mapping for TCP and UDP ports
DMZ � � �
A DMZ network enables Internet users to access a company's public servers, including Web and File Transfer Protocol (FTP) servers, while maintaining security for the company's private LAN.
Security Audit � � �
• Assesses vulnerability of existing UC-500 • Provides quick compliance to best-practices (Cisco TAC, ICSA recommendations) security policies for UC-500
56
4.6 Troubleshooting
Common issues with CME/CUE and the UC500 are simple misconfiguration or
“fat-finger” errors. The best diagnoses are found in IOS debugs running from the
UC500 CLI, but it is possible to try a few simple alternatives:
• If no inbound or outbound calls are successful DNS resolution may not be
working
o From the CLI, attempt to ping a Broadsoft server hostname, e.g.
“sipconnect.atl0.cbeyond.net”.
o Check “ip nameserver” addresses.
o Make sure that “no ip domain-lookup” is NOT configured, as is
often the case.
• If outbound calls are successful but not inbound calls, UC500 registration
with the Broadsoft server may be failing
o Perform a “sh sip reg stat” and verify that the “main” number is
registering with Broadsoft
o If it is not, verify the authentications username in the “SIP-UA”
section of the configuration. The password may be incorrect.
o A “debug ccsip message” will show failing registration attempts.