cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
814
Views
10
Helpful
3
Replies

CME and CUBE on ISR 4331 question

hkkmr19
Level 1
Level 1

I have configured CME + CUBE + SIP Trunk (Telco)

Customer uses 8861 SIP IP Phones

IOS ver: isr4300-universalk9.17.03.04a.SPA.bin

 

As per ITSP/Telco requirements, below commands must be turned off:

no ip http server
no ip http secure-server
no ip nat service sip tcp port 5060
no ip nat service sip udp port 5060

 

Customer requires Speed Dial and Phonebook feature on CME but understood from Cisco CME Guide from Cisco website, I need to turn on the service "ip http server" before Cisco web server to work and before Speed Dial and Phonebook feature to be enabled. Since the ITSP requirement is to turn this service off, is there any other workaround?

 

Source:

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucme/admin/configuration/manual/cmeadm/cmespeed.html

 

I also tried executing below commands but the speed dial is not showing after resetting the SIP Phones. I am using the firmware version cmterm-88xx.14-1-1-0001-125 on the 8861 SIP IP phones.

Note:

When I execute the below commands, I still didn't turn on "ip http server". I'm just trying my luck

 

  1. enable
  2. configure terminal
  3. voice register pool pool-tag
  4. speed-dial speed-tag digit-string label label-text
  5. end

 

3 Replies 3

Robert Shaw
Level 3
Level 3

Hi,

Ideally your CUBE would be sat behind a firewall which is configured to allow the appropriate ports through for VoIP.  Failing that, I would enable your http server.  Then just block ports 22, 80 and 443 coming in from your external interface using an ACL.

Thanks
Rob

Hello Robert,

 

Our CUBE is connected directly to ITSP/Telco interface. There's no firewall in between.

 

Will try this and see.

 

Thank you!

Instead of blocking specific ports I would recommend to allow what is needed for the ITSP service, ie create a ACL that allows the IPs or networks from your service provider and the required ports for the SIP service to your gateway and attach this to your interface facing your service provider. The rest would be blocked automatically by the default deny any that’s implicitly in a ACL.

Having HTTP service running should not be something that your service provider should have options about and it would not in any way affect the SIP service.



Response Signature