close
Top Panel
Top Panel
Top Panel
UC: Feature-rich branch router config with CCME PDF Print E-mail
Written by Alexei Spirin   
Friday, 09 July 2010 21:28

Branch router configuration with VPN, Call Manager Express, CBAC (firewall), PSTN connection, Fax machine and uplink to the corporate CUCM. UC is a killer here.

UC IOS Config: Branch router configuration with advanced services
version 15.0
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname branch-router
!
boot-start-marker
boot system flash0:/c2900-universalk9-mz.SPA.150-1.M2.bin
boot-end-marker
!
logging buffered 640000
no logging console
enable secret PLeaseChangeMe!
!
aaa new-model
!
!
aaa authentication login default group tacacs+ local
aaa authorization console
aaa authorization exec default group tacacs+ local
aaa accounting exec default
action-type start-stop
group tacacs+
!
aaa accounting commands 15 default
action-type start-stop
group tacacs+
!
!
!
!
!
!
aaa session-id common
!
!
!
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
network-clock-participate wic 1
network-clock-participate wic 2
!
no ipv6 cef
no ip source-route
ip cef
!
!
ip multicast-routing
!
!
no ip domain lookup
ip domain name company.local
ip inspect name ProtectLocal tcp
ip inspect name ProtectLocal udp
ip inspect name ProtectLocal icmp
ip inspect name ProtectLocal http java-list 91
!
multilink bundle-name authenticated
!
!
!
!
isdn switch-type basic-net3
!
!
crypto pki trustpoint TP-self-signed-164654246
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-164654246
revocation-check none
rsakeypair TP-self-signed-164654246
!
!
voice-card 0
dsp services dspfarm
!
!
voice call disc-pi-off
!
voice service pots
!
voice service voip
allow-connections h323 to h323
supplementary-service h450.12
fax protocol pass-through g711ulaw
h323
h225 h245-address on-connect
!
voice class codec 1
codec preference 1 g711ulaw
codec preference 2 g729r8
codec preference 3 g711alaw
!
voice class h323 10
telephony-service ccm-compatible
ccm-compatible
!
voice class custom-cptone ConfLeaveTone
dualtone conference
frequency 300 600
cadence 50 50 50 50
!
voice class custom-cptone ConfJoinTone
dualtone conference
frequency 900 1500
cadence 50 50 50 50
!
!
!
voice translation-rule 1
rule 1 // /000/ type international international
rule 2 // /00/ type national national
!
!
voice translation-profile PSTN_Incoming
translate calling 1
!
!
license udi pid CISCO2911/K9 sn XXXXXXX
license boot module c2900 technology-package securityk9
license boot module c2900 technology-package uck9
hw-module pvdm 0/0
!
!
!
object-group network Branch
description Local Office
172.16.0.0 255.240.0.0
!
object-group network Corporate
description Corporate Summary
10.0.0.0 255.0.0.0
!
username Administrator privilege 15 secret PLeaseChangeMe!
!
redundancy
!
!
controller SHDSL 0/0/0
dsl-group 0 pairs 0
shdsl rate auto
!
!
ip ftp source-interface Loopback0
ip tftp source-interface GigabitEthernet0/2
ip ssh source-interface Loopback0
!
translation-rule 1
!
!
!
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 5
crypto isakmp key PLeaseChangeMe! address 192.0.2.10 no-xauth
!
!
crypto ipsec transform-set ts1 esp-aes 256 esp-sha-hmac
!
crypto map crM1 10 ipsec-isakmp
set peer 192.0.2.10
set transform-set ts1
match address Branch-2-HQ
reverse-route
!
!
!
!
!
interface Loopback0
ip address 172.16.255.1 255.255.255.255
ip nat inside
ip virtual-reassembly
!
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
!
interface GigabitEthernet0/1
description LAN
ip address 172.16.1.2 255.255.255.0
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip ospf message-digest-key 172 md5 PLeaseChangeMe!
ip ospf priority 250
duplex auto
speed auto
standby 255 ip 172.16.1.1
standby 255 priority 250
standby 255 preempt delay minimum 60
standby 255 authentication md5 key-string PLeaseChangeMe!
!
!
interface GigabitEthernet0/2
description Voice Subnet (CCME)
ip address 172.16.16.16 255.255.255.0
ip pim dense-mode
duplex auto
speed auto
h323-gateway voip bind srcaddr 172.16.16.16
!
!
interface BRI0/1/0
no ip address
isdn switch-type basic-net3
isdn point-to-point-setup
isdn incoming-voice voice
isdn map address . plan unknown type unknown
isdn static-tei 0
!
!
interface BRI0/1/1
no ip address
isdn switch-type basic-net3
isdn point-to-point-setup
isdn incoming-voice voice
isdn map address . plan unknown type unknown
isdn static-tei 0
!
!
interface BRI0/2/0
no ip address
isdn switch-type basic-net3
isdn point-to-point-setup
isdn incoming-voice voice
isdn map address . plan unknown type unknown
isdn static-tei 0
!
!
interface BRI0/2/1
no ip address
isdn switch-type basic-net3
isdn point-to-point-setup
!
!
interface ATM0/0/0
no ip address
no atm ilmi-keepalive
!
pvc 0 0/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Dialer0
ip address 192.0.2.5 255.255.255.252
ip access-group InetIn in
ip nat outside
ip inspect ProtectLocal out
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp pap sent-username BranchRouter password PLeaseChangeMe!
crypto map crM1
!
!
router ospf 1
log-adjacency-changes
area 1 authentication message-digest
passive-interface default
no passive-interface GigabitEthernet0/1
network 10.0.0.0 0.255.255.255 area 0
network 172.16.0.0 0.15.255.255 area 172
default-information originate metric 10
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
ip http path flash0:/cme7.1
!
ip nat inside source list Nat2Inet interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 172.17.0.0 255.255.0.0 172.16.16.1 !To reach user subnet behind 3750 switch
ip route 172.18.0.0 255.255.0.0 172.16.1.5 !To reach ip phone subnet behind 3750 switch
ip tacacs source-interface Loopback0
!
ip access-list standard SnmpMonitor
permit 10.130.40.0 0.0.0.255
ip access-list standard TrustedNTP
permit 10.130.40.50
permit 10.130.40.51
deny any log
!
ip access-list extended Branch-2-HQ
permit ip 172.16.0.0 0.15.255.255 10.0.0.0 0.255.255.255
ip access-list extended InetIn
permit icmp any host 192.0.2.5
permit udp any eq ntp any eq ntp
permit udp any any eq isakmp
permit udp any any eq non500-isakmp
permit esp any any
permit ahp any any
deny ip any any
ip access-list extended MgmtAccess
permit ip 10.130.40.0 0.0.0.255 any log-input
deny ip any any log-input
ip access-list extended Nat2Inet
deny ip object-group Branch object-group Corporate
permit ip object-group Branch any
!
logging trap debugging
logging source-interface Loopback0
logging 10.130.40.40
access-list 91 permit any
!
!
!
!
!
snmp-server community PLeaseChangeMe! RO SnmpMonitor
!
tftp-server flash0:/phones/ringtones/Analog1.raw alias Analog1.raw
tftp-server flash0:/phones/ringtones/Analog2.raw alias Analog2.raw
tftp-server flash0:/phones/ringtones/AreYouThere.raw alias AreYouThere.raw
tftp-server flash0:/phones/ringtones/Bass.raw alias Bass.raw
tftp-server flash0:/phones/ringtones/CallBack.raw alias CallBack.raw
tftp-server flash0:/phones/ringtones/Chime.raw alias Chime.raw
tftp-server flash0:/phones/ringtones/Classic1.raw alias Classic1.raw
tftp-server flash0:/phones/ringtones/Classic2.raw alias Classic2.raw
tftp-server flash0:/phones/ringtones/ClockShop.raw alias ClockShop.raw
tftp-server flash0:/phones/ringtones/FilmScore.raw alias FilmScore.raw
tftp-server flash0:/phones/ringtones/HarpSynth.raw alias HarpSynth.raw
tftp-server flash0:/phones/ringtones/Jamaica.raw alias Jamaica.raw
tftp-server flash0:/phones/ringtones/KotoEffect.raw alias KotoEffect.raw
tftp-server flash0:/phones/ringtones/MusicBox.raw alias MusicBox.raw
tftp-server flash0:/phones/ringtones/Piano1.raw alias Piano1.raw
tftp-server flash0:/phones/ringtones/Piano2.raw alias Piano2.raw
tftp-server flash0:/phones/ringtones/Pop.raw alias Pop.raw
tftp-server flash0:/phones/ringtones/Pulse1.raw alias Pulse1.raw
tftp-server flash0:/phones/ringtones/Ring1.raw alias Ring1.raw
tftp-server flash0:/phones/ringtones/Ring2.raw alias Ring2.raw
tftp-server flash0:/phones/ringtones/Ring3.raw alias Ring3.raw
tftp-server flash0:/phones/ringtones/Ring4.raw alias Ring4.raw
tftp-server flash0:/phones/ringtones/Ring5.raw alias Ring5.raw
tftp-server flash0:/phones/ringtones/Ring6.raw alias Ring6.raw
tftp-server flash0:/phones/ringtones/Ring7.raw alias Ring7.raw
tftp-server flash0:/phones/ringtones/Sax1.raw alias Sax1.raw
tftp-server flash0:/phones/ringtones/Sax2.raw alias Sax2.raw
tftp-server flash0:/phones/ringtones/Vibe.raw alias Vibe.raw
tftp-server flash0:/phones/ringtones/RingList.xml alias RingList.xml
tftp-server flash0:/phones/ringtones/DistinctiveRingList.xml alias DistinctiveRingList.xml
tftp-server flash0:/phones/ringtones/Drums1.raw alias Drums1.raw
tftp-server flash0:/phones/ringtones/Drums2.raw alias Drums2.raw
!
tacacs-server host 10.130.40.10 key PLeaseChangeMe!
!
control-plane
!
!
!
voice-port 0/1/0
translation-profile incoming PSTN_Incoming
compand-type a-law
cptone GB
bearer-cap Speech
!
voice-port 0/1/1
translation-profile incoming PSTN_Incoming
compand-type a-law
cptone GB
bearer-cap Speech
!
voice-port 0/2/0
translation-profile incoming PSTN_Incoming
compand-type a-law
cptone GB
bearer-cap Speech
!
voice-port 0/2/1
translation-profile incoming PSTN_Incoming
compand-type a-law
cptone GB
bearer-cap Speech
!
!
!
sccp local GigabitEthernet0/2
sccp ccm 172.16.16.16 identifier 1 version 4.0
sccp
!
sccp ccm group 1
bind interface GigabitEthernet0/2
associate ccm 1 priority 1
associate profile 1 register con172.16.16.16
keepalive retries 5
!
dspfarm profile 1 conference
codec g711ulaw
codec g711alaw
maximum sessions 2
conference-join custom-cptone ConfJoinTone
conference-leave custom-cptone ConfLeaveTone
associate application SCCP
!
dial-peer voice 1 pots
destination-pattern 0.T
progress_ind setup enable 3
direct-inward-dial
port 0/1/0
!
dial-peer voice 2 pots
destination-pattern 0.T
progress_ind setup enable 3
direct-inward-dial
port 0/1/1
!
dial-peer voice 3 pots
destination-pattern 0.T
progress_ind setup enable 3
direct-inward-dial
port 0/2/0
!
dial-peer voice 10 voip
destination-pattern 1...
session target ipv4:10.150.150.10 !Corporate CallManager
voice-class h323 10
codec g711ulaw
!
!
num-exp 102030400 2010
num-exp 102030401 2001
num-exp 102030402 2002
num-exp 102030403 2003
!
!
gatekeeper
shutdown
!
!
telephony-service
sdspfarm units 4
sdspfarm tag 1 con172.16.16.16
conference hardware
max-ephones 58
max-dn 300
ip source-address 172.16.16.16 port 2000
auto assign 9 to 9
calling-number local
timeouts interdigit 5
system message Branch of Company
time-zone 23
time-format 24
date-format dd-mm-yy
dialplan-pattern 1 102030... extension-length 3
max-conferences 8 gain -6
call-forward pattern .T
moh flash:/phones/MoH-default.wav
multicast moh 239.1.15.1 port 2000 route 172.16.16.1 !To provide MoH to local calls
web admin system name admin secret PLeaseChangeMe!
transfer-system full-consult
transfer-pattern .T
secondary-dialtone 0
directory entry 1 2001 name User1
directory entry 2 2002 name User2
directory entry 3 2003 name User3
directory entry 10 2010 name FAX
create cnf-files
!
!
ephone-dn 1 dual-line
number 2001
pickup-group 1
label User1
description User1
name User1
call-forward noan 00605040301 timeout 25
!
!
ephone-dn 2 dual-line
number 2002
pickup-group 1
label User2
description User2
name User2
call-forward noan 00605040302 timeout 15
!
!
ephone-dn 3 dual-line
number 2003
label User3
description User3
name User3
call-forward noan 2001 timeout 25
!
ephone-dn 10
number 2010
label FAX
description FAX
name FAX
!
!
ephone-dn 181 dual-line
number 181
description Conference service number
conference ad-hoc
no huntstop
!
!
ephone-dn 182 dual-line
number 181
description Conference service number
conference ad-hoc
preference 1
no huntstop
!
!
ephone-dn 183 dual-line
number 181
description Conference service number
conference ad-hoc
preference 2
no huntstop
!
!
ephone-dn 184 dual-line
number 181
description Conference service number
conference ad-hoc
preference 3
!
!
ephone 1
device-security-mode none
description User1
mac-address AAA.BBB.1111
type 7942
button 1:1
!
!
!
ephone 2
device-security-mode none
description User3
mac-address AAA.BBB.2222
type 7911
button 1:2
!
!
!
ephone 3
device-security-mode none
description User3
mac-address AAA.BBB.3333
type 7911
button 1:3
!
!
!
ephone 10
device-security-mode none
description FAX
mac-address AAA.BBBB.A000
max-calls-per-button 2
mtp
type anl
button 1:10
!
!
!
!
voice-gateway system 1 !Reference to VG202 with FAX machine
type VG202
mac-address AAAA.BBBB.A290
voice-port 0
create cnf-files
!
!
alias exec ps show proc cpu | excl 0.00%__0.00%__0.00%
alias exec br show run | include interface | ip address | description
alias exec sciss show crypto isakmp sa
alias exec scips show crypto ipsec sa
alias exec ccs clear crypto sa
alias exec cci clear crypto isakmp
!
line con 0
logging synchronous
line aux 0
line vty 0 4
session-timeout 45
access-class MgmtAccess in
exec-timeout 30 0
privilege level 15
logging synchronous
transport input ssh
transport output telnet ssh
line vty 5 15
session-timeout 45
access-class MgmtAccess in
exec-timeout 30 0
privilege level 15
logging synchronous
transport input ssh
transport output telnet ssh
!
scheduler allocate 20000 1000
ntp source Loopback0
ntp access-group peer TrustedNTP
ntp server 10.130.40.50 prefer
ntp server 10.130.40.51
end
Last Updated on Friday, 09 July 2010 21:43