Hi, about to install first UC320w and wanted some sample 800 series router configurations showing required port fowarding, ACL entries and QoS examples.
A couple of questions first. Are you using SIP trunking for the UC320? Are you just using the 800 series for firewall in front of the UC320? Will there be port forwards for email servers, application servers, or any other server?
Yes this for a SBS 2011 network so the usual stuff there. I have a working config for that so am interested in how the VoIP/QoS stuff is configured.
Yes the uc320w will have two sip trunks from the same provider.
Router for this one is an 871 running c870-advipservicesk9-mz.124-15.T6.bin. WAN is connected to FE4 via an Ethernet connected WISP radio.
You will have to forward port 5060 (or whatever port your SIP provider uses) to the WAN IP of the UC320. Turn off SIP inspection. Having this on will normally mess up SIP traffic inside of the 800 series router. Lock down your firewall to this or something similar.
30 permit udp host PROVIDERIPORDOMAIN any eq 5060
40 permit udp host PROVIDERIPORDOMAIN eq 5060 any
50 deny udp any any eq 5061
60 deny tcp any any eq 5060
70 deny tcp any any eq 5061
80 deny udp any any eq 5060
Some people will tell you to close H323 and MGCP ports as well, but I don't think the UC320 has these capabilities anyway.
QoS is trickier, however, I have attached a handy worksheet for you to use. The UC320 has some capability built in, but just apply the policy the worksheet creates outbound on your 800 series WAN interface. Unfortunately, there isn't really a good way to do QoS inbound on the Cisco router. You may need to tweak the percentages a bit to fit your application, but I've found that the worksheet does a pretty good job of creating a policy.
If you have any more questions, just let me know.
thats great - thanks for that. router config appears to be ok with trunks registered and incoming and outgoing calls all ok.
i am having a couple of issues though.
1. rebooting the uc320w appears to freeze my 3com 4924 switch.
2. some outgoing calls appear to fail (phone reports busy everywhere) or timeout (starts call then cuts out after about 5 or 10 seconds)
I have the uc320w wan connected to a port on my main switch and the lan connect to a srw2008mp switch which the ip phones are conected to via poe
I read here that maybe the uc320w wan does'nt like meing connected in this way and that it may need to have it own vlan
Any ideas what might be at play here?
Can you obtain a wireshark trace on the WAN side of a failed call? Then the SIP trace can be reviewed and determine where the calls are failing.
A topology diagram would be great to help understand how the devices are interconnected.
Chris found a handy tool to build diagrams: http://www.diagram.ly/
You might want to reach out to 3com on the 4924 switch to determine why if freezes.