- Cisco Community
- Technology and Support
- Networking
- Switching
- Cisco 881 Vlan Issue
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-02-2014 11:06 AM - edited 03-07-2019 05:21 PM
Hi I have tried this both creating my own config and also using cisco cp and both have left me scratching my head for a few days.
I have tried a similar basic config on a cisco 1861srst router and it works fine but I am having problems with the C881
Internet is working without any issues, just problems with the the c881 setup, the phones don't get an ip from dhcp error on the phone shows IPv4 DHCP Timeout.
setup is as follows
VirginMedia Cable Modem>Cisco 881>Cisco Small Business SF302-08MP Switch (switch removed from a working uc540 setup where the vlan setup is exactly the same.)
connected to the switch is a Cisco BE3000 and a vmware server running CUCM 8.6
Vlans are setup on switch which works fine with the 1861 if you conenct it to the expansion port the phones get an ip in the rage of 10.1.1.X but not when connected to the C881
IPIPGW#sh ver
Cisco IOS Software, C880 Software (C880VOICE-UNIVERSALK9-M), Version 15.3(1)T1,
RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Mon 25-Mar-13 18:08 by prod_rel_team
ROM: System Bootstrap, Version 12.4(22r)YB5, RELEASE SOFTWARE (fc1)
config is below,
Any Help or advise would be great!
!
! Last configuration change at 18:37:36 UTC Thu Jan 2 2014 byXXXXXXXX
version 15.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname IPIPGW
!
boot-start-marker
boot-end-marker
!
!
logging buffered 52000
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-1503032486
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1503032486
revocation-check none
rsakeypair TP-self-signed-1503032486
!
!
crypto pki certificate chain TP-self-signed-1503032486
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31353033 30333234 3836301E 170D3134 30313031 31323337
30335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 35303330
33323438 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CC04 1F0DD2FC C845A126 3FA2697F 3CD8F704 4CD37035 11B9A897 F724AF1C
C171B5A1 0C6AD2C1 8AF94B78 3469ED8B 018DD723 C9C1DA2D 18A2A3BF A74924CB
F840D7BD E5E54D52 99F09984 71567FB6 51CD031C BA83F2D6 36385BC1 7A932476
B00E3DA2 90F0A434 FDFEA6DD 68631CA9 97076EB3 CCA56DC0 353187E1 0D0DDC4C
AEE30203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14DC957B 43726B30 DF26798E A8C5BB9C 7E1F08CB 13301D06
03551D0E 04160414 DC957B43 726B30DF 26798EA8 C5BB9C7E 1F08CB13 300D0609
2A864886 F70D0101 05050003 818100A8 A5727D64 37F818D6 CE21ACC0 8C5AE855
B4460B43 55F7B4D9 A40B56F1 29199CD1 EB2AB507 6A192E8D 0DA3E7D4 FEEFA367
EFFC3AED 44C74821 C7171B30 FBA7AC60 21ACCE7D CE174B28 FF48B227 FDE56D3E
565B8214 A3835B58 F818D589 79128FA9 57C3C8F1 41A0F4FB 96DECF35 F9D3E4C2
671B5B56 8CFCDAC3 B95DC74B B4E5C6
quit
!
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.9
ip dhcp excluded-address 192.168.1.201 192.168.1.254
ip dhcp excluded-address 10.1.1.1 10.1.1.10
!
ip dhcp pool ccp-pool
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
lease 0 2
!
ip dhcp pool voice
network 10.1.1.0 255.255.255.0
default-router 10.1.1.1
option 150 ip 192.168.1.250
!
!
!
no ip domain lookup
ip domain name yourdomain.com
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
license udi pid C881-CUBE-K9 sn XXXXXXXXXXXXXXX
!
!
username XXXXXXX privilege 15 secret 4 XXXXXXXXX
!
!
!
!
!
!
class-map type inspect match-any SDM_BOOTPC
match access-group name SDM_BOOTPC
class-map type inspect match-any ccp-skinny-inspect
match protocol skinny
class-map type inspect match-any sdm-cls-bootps
match protocol bootps
class-map type inspect match-any ccp-h323nxg-inspect
match protocol h323-nxg
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-any ccp-h225ras-inspect
match protocol h225ras
class-map type inspect match-any ccp-h323annexe-inspect
match protocol h323-annexe
class-map type inspect match-any ccp-cls-insp-traffic
match protocol dns
match protocol ftp
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-any ccp-h323-inspect
match protocol h323
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect match-any ccp-sip-inspect
match protocol sip
class-map type inspect match-all ccp-protocol-http
match protocol http
class-map type inspect match-any SDM_DHCP_CLIENT_PT
match class-map SDM_BOOTPC
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
!
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
drop log
class type inspect ccp-protocol-http
inspect
class type inspect ccp-insp-traffic
inspect
class type inspect ccp-sip-inspect
inspect
class type inspect ccp-h323-inspect
inspect
class type inspect ccp-h323annexe-inspect
inspect
class type inspect ccp-h225ras-inspect
inspect
class type inspect ccp-h323nxg-inspect
inspect
class type inspect ccp-skinny-inspect
inspect
class class-default
drop
policy-map type inspect ccp-permit
class type inspect SDM_DHCP_CLIENT_PT
pass
class type inspect ccp-sip-inspect
inspect
class type inspect ccp-h323-inspect
inspect
class type inspect ccp-h323annexe-inspect
inspect
class type inspect ccp-h225ras-inspect
inspect
class type inspect ccp-h323nxg-inspect
inspect
class type inspect ccp-skinny-inspect
inspect
class class-default
drop
policy-map type inspect ccp-permit-icmpreply
class type inspect sdm-cls-bootps
pass
class type inspect ccp-sip-inspect
inspect
class type inspect ccp-h323-inspect
inspect
class type inspect ccp-h323annexe-inspect
inspect
class type inspect ccp-h225ras-inspect
inspect
class type inspect ccp-h323nxg-inspect
inspect
class type inspect ccp-skinny-inspect
inspect
class type inspect ccp-icmp-access
inspect
class class-default
pass
!
zone security in-zone
zone security out-zone
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
!
interface FastEthernet0
switchport mode trunk
no ip address
!
interface FastEthernet1
switchport voice vlan 100
no ip address
!
interface FastEthernet2
switchport voice vlan 100
no ip address
!
interface FastEthernet3
switchport voice vlan 100
no ip address
!
interface FastEthernet4
description $FW_OUTSIDE$
ip address dhcp
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
zone-member security out-zone
duplex auto
speed auto
!
interface Vlan1
description $ETH_LAN$$FW_INSIDE$
ip address 192.168.1.1 255.255.255.0
ip access-group 1 in
ip nat inside
ip virtual-reassembly in
zone-member security in-zone
ip tcp adjust-mss 1452
!
interface Vlan100
description $FW_INSIDE$
ip address 10.1.1.1 255.255.255.0
ip access-group 1 in
ip nat inside
ip virtual-reassembly in
zone-member security in-zone
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 1 interface FastEthernet4 overload
!
ip access-list extended SDM_BOOTPC
remark CCP_ACL Category=0
permit udp any any eq bootpc
!
no cdp run
!
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.1.1.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 23 permit 192.168.1.0 0.0.0.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
banner exec
% Password expiration warning.
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you
want to use.
-----------------------------------------------------------------------
banner login
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.
YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE
PUBLICLY-KNOWN CREDENTIALS
Here are the Cisco IOS commands.
username <myuser> privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want
to use.
IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL
NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.
For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
-----------------------------------------------------------------------
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
!
end
Solved! Go to Solution.
- Labels:
-
LAN Switching
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-02-2014 11:26 AM
Hi Alan.
Have tried to remove access-group from vlan100 interface?
Let me know
Regards
Carlo
Sent from Cisco Technical Support iPhone App
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-02-2014 11:26 AM
Hi Alan.
Have tried to remove access-group from vlan100 interface?
Let me know
Regards
Carlo
Sent from Cisco Technical Support iPhone App
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-03-2014 04:25 PM
HI Carlo,
Many Thanks for your reply I pulled an allnighter last night as this was doing my head in, Finally recreated the config and got it working. the config is below. the only issue i am having is when I place a call from CUCM to the sip trunk the call won't last for more than 16 minutes before it goes dead, and if I call a number and then place it on hold and retreve the call we get one way audio the can here me i can hear them.
major diffrence is I used Cp to setup the zone firewall but it seams to be blocking some sip traffic from my provider I have tried changing the fire wall to allow all sip traffic from there network which is on the 91.151.0.0/20 network but I am doing somthing wrong. As as soon as i change the fire wall settings no calls will compleate.
Building configuration...
Current configuration : 35248 bytes
!
! Last configuration change at 21:25:06 UTC Fri Jan 3 2014 by
version 15.3
parser config cache interface
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service internal
service compress-config
service sequence-numbers
!
hostname IPIPGW
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-
revocation-check none
rsakeypair TP-self-signed-
!
!
crypto pki certificate chain TP-self-signed-
certificate self-signed 01
!
!
!
!
!
ip port-map user-protocol--2 port tcp 32004
ip port-map user-protocol--3 port tcp 32007
ip port-map user-protocol--1 port udp 3389
!
ip dhcp relay information trust-all
ip dhcp excluded-address 10.1.1.241 10.1.1.255
ip dhcp excluded-address 192.168.1.1 192.168.1.9
ip dhcp excluded-address 192.168.1.241 192.168.1.255
ip dhcp excluded-address 10.1.1.1 10.1.1.9
!
ip dhcp pool Data
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
!
ip dhcp pool phone
network 10.1.1.0 255.255.255.0
default-router 10.1.1.1
option 150 ip 192.168.1.200
!
!
!
no ip bootp server
no ip domain lookup
ip domain name sip.voip-unlimited.net
ip name-server 212.159.13.49
ip name-server 212.159.13.50
ip multicast-routing
no ip mfib
ip inspect WAAS flush-timeout 10
ip cef
no ipv6 cef
!
!
stcapp ccm-group 1
!
!
parameter-map type inspect global
log dropped-packets enable
max-incomplete low 18000
max-incomplete high 20000
spoofed-acker off
!
multilink bundle-name authenticated
!
!
voice rtp send-recv
!
voice service voip
ip address trusted list
ipv4 192.168.1.250
ipv4 91.151.2.130
address-hiding
mode border-element
media flow-around
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
no supplementary-service sip refer
redirect ip2ip
fax protocol pass-through g711ulaw
sip
bind control source-interface BVI100
bind media source-interface BVI100
header-passing
error-passthru
referto-passing
registrar server expires max 3600 min 3600
asserted-id pai
privacy pstn
localhost dns:sip.voip-unlimited.net
outbound-proxy dns:sip.voip-unlimited.net
no update-callerid
authenticate redirecting-number
early-offer forced
midcall-signaling passthru
privacy-policy passthru
g729 annexb-all
no call service stop
!
voice class codec 1
codec preference 1 g729r8
codec preference 2 g711ulaw
!
!
!
voice register global
!
!
voice source-group CCA_SIP_SOURCE_GROUP_CUE_CME
access-list 2
translation-profile incoming SIP_Incoming
!
voice source-group CCA_SIP_SOURCE_GROUP_EXTERNAL
access-list 3
!
voice translation-rule 4
rule 15 /^...$/ /03302020201/
!
voice translation-rule 6
rule 1 /03302020201/ /501/
!
voice translation-rule 410
rule 1 /^9\(.*\)/ /\1/
rule 15 /^...$/ /03302020201/
!
voice translation-rule 411
rule 1 /^9\(.*\)/ /ABCD9\1/
!
voice translation-rule 412
rule 1 /^ABCD\(.*\)/ /\1/
!
voice translation-rule 422
rule 1 /^ABCD909[01]......../ //
rule 2 /^ABCD9090[89]......./ //
rule 3 /^ABCD9098\(.*\)/ //
rule 15 /^ABCD\(.*\)/ /\1/
!
voice translation-rule 1000
rule 1 /.*/ //
!
voice translation-rule 1111
rule 15 /^...$/ /03302020201/
!
voice translation-rule 1112
rule 1 /^9/ //
!
voice translation-rule 2001
!
voice translation-rule 2002
rule 1 /^6/ //
!
voice translation-rule 2222
rule 1 /^909[01]......../ //
rule 2 /^9090[89]......./ //
rule 3 /^9098\(.*\)/ //
!
!
voice translation-profile BRI0-BG_Called_6
translate calling 3265
translate called 6
!
voice translation-profile CALLER_ID_TRANSLATION_PROFILE
translate calling 1111
!
voice translation-profile CallBlocking
translate called 2222
!
voice translation-profile OUTGOING_TRANSLATION_PROFILE
translate called 1112
!
voice translation-profile PROFILE_ALL_BRI
translate calling 4
!
voice translation-profile PSTN_CallForwarding
translate redirect-target 410
translate redirect-called 410
!
voice translation-profile PSTN_Outgoing
translate calling 1111
translate called 1112
translate redirect-target 410
translate redirect-called 410
!
voice translation-profile SIP_Incoming
translate called 411
!
voice translation-profile SIP_Passthrough
translate called 412
!
voice translation-profile SIP_Passthrough_CallBlocking
translate called 422
!
voice translation-profile XFER_TO_VM_PROFILE
translate redirect-called 2002
!
voice translation-profile nondialable
translate called 1000
!
!
license udi pid C881-CUBE-K9 sn
!
!
username
!
!
!
!
!
!
class-map type inspect match-any SDM_BOOTPC
match access-group name SDM_BOOTPC
class-map type inspect match-all sdm-nat-user-protocol--3-1
match access-group 103
match protocol user-protocol--3
class-map type inspect match-all sdm-nat-user-protocol--2-1
match access-group 103
match protocol user-protocol--2
class-map type inspect match-all sdm-nat-http-1
match access-group 104
match protocol http
class-map type inspect match-all sdm-nat-user-protocol--1-1
match access-group 102
match protocol user-protocol--1
class-map type inspect match-all sdm-nat-smtp-1
match access-group 101
match protocol smtp
class-map match-all _class_Voice0
match ip dscp ef
class-map match-all _class_Voice1
match ip dscp cs3
class-map type inspect match-any ccp-skinny-inspect
match protocol skinny
class-map match-all L3-to-L2_VoIP-Cntrl
match ip dscp af31
class-map type inspect match-any sdm-cls-bootps
match protocol bootps
class-map match-all L3-to-L2_VoIP-RTP
match ip dscp ef
class-map type inspect match-any ccp-h323nxg-inspect
match protocol h323-nxg
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-any ccp-h225ras-inspect
match protocol h225ras
class-map type inspect match-any ccp-h323annexe-inspect
match protocol h323-annexe
class-map type inspect match-any ccp-cls-insp-traffic
match protocol dns
match protocol ftp
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map match-all SIP
match protocol sip
class-map match-all RTP
match protocol rtp
class-map type inspect match-any ccp-h323-inspect
match protocol h323
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map match-any media
match dscp ef
class-map type inspect match-all sdm-nat-x11-1
match access-group 103
match protocol x11
class-map type inspect match-any ccp-sip-inspect
match protocol sip
class-map type inspect match-all sdm-nat-https-1
match access-group 101
match protocol https
class-map match-any signaling
match dscp cs3
match dscp af31
class-map type inspect match-all ccp-protocol-http
match protocol http
class-map type inspect match-any SDM_DHCP_CLIENT_PT
match class-map SDM_BOOTPC
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-all ccp-cls-ccp-permit-1
match class-map ccp-sip-inspect
match access-group name voipunlimited
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
!
policy-map output-L3-to-L2
class L3-to-L2_VoIP-RTP
set cos 5
class L3-to-L2_VoIP-Cntrl
set cos 3
policy-map Voice
class _class_Voice0
set cos 6
class _class_Voice1
set cos 3
policy-map EthOut
class RTP
policy-map queue
class signaling
bandwidth percent 5
class media
priority percent 75
class class-default
fair-queue
policy-map shape
class class-default
shape average 1024000
service-policy queue
policy-map type inspect sdm-pol-NATOutsideToInside-1
class type inspect sdm-nat-smtp-1
inspect
class type inspect sdm-nat-https-1
inspect
class type inspect sdm-nat-user-protocol--1-1
inspect
class type inspect sdm-nat-user-protocol--2-1
inspect
class type inspect sdm-nat-user-protocol--3-1
inspect
class type inspect sdm-nat-x11-1
inspect
class type inspect sdm-nat-http-1
inspect
class class-default
drop
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
drop log
class type inspect ccp-protocol-http
inspect
class type inspect ccp-insp-traffic
inspect
class type inspect ccp-sip-inspect
pass
class type inspect ccp-h323-inspect
inspect
class type inspect ccp-h323annexe-inspect
inspect
class type inspect ccp-h225ras-inspect
inspect
class type inspect ccp-h323nxg-inspect
inspect
class type inspect ccp-skinny-inspect
inspect
class class-default
drop
policy-map type inspect ccp-permit
class type inspect SDM_DHCP_CLIENT_PT
pass
class type inspect ccp-cls-ccp-permit-1
pass
class type inspect ccp-h323-inspect
inspect
class type inspect ccp-h323annexe-inspect
inspect
class type inspect ccp-h225ras-inspect
inspect
class type inspect ccp-h323nxg-inspect
inspect
class type inspect ccp-skinny-inspect
inspect
class class-default
drop
policy-map type inspect ccp-permit-icmpreply
class type inspect sdm-cls-bootps
pass
class type inspect ccp-sip-inspect
pass
class type inspect ccp-h323-inspect
inspect
class type inspect ccp-h323annexe-inspect
inspect
class type inspect ccp-h225ras-inspect
inspect
class type inspect ccp-h323nxg-inspect
inspect
class type inspect ccp-skinny-inspect
inspect
class type inspect ccp-icmp-access
inspect
class class-default
pass
!
zone security out-zone
zone security in-zone
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone
service-policy type inspect sdm-pol-NATOutsideToInside-1
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
!
!
!
!
!
bridge irb
!
!
!
!
!
interface Loopback1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Null0
no ip unreachables
!
interface FastEthernet0
switchport voice vlan 100
no ip address
macro description cisco-phone
spanning-tree portfast
!
interface FastEthernet1
switchport voice vlan 100
no ip address
macro description cisco-phone
spanning-tree portfast
!
interface FastEthernet2
switchport voice vlan 100
no ip address
macro description cisco-phone
spanning-tree portfast
!
interface FastEthernet3
switchport voice vlan 100
no ip address
macro description cisco-phone
spanning-tree portfast
!
interface FastEthernet4
description $ETH-WAN$$FW_OUTSIDE$
bandwidth 1024
ip address dhcp client-id FastEthernet4
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
zone-member security out-zone
duplex auto
speed auto
no cdp enable
service-policy output shape
!
interface Vlan1
description $ETH_LAN$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip tcp adjust-mss 1452
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Vlan100
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
bridge-group 100
bridge-group 100 spanning-disabled
!
interface Dialer0
no ip address
no cdp enable
!
interface BVI1
description $FW_INSIDE$
ip address 192.168.1.1 255.255.255.0
ip access-group 105 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
zone-member security in-zone
ip tcp adjust-mss 1412
!
interface BVI100
description $FW_INSIDE$
ip address 10.1.1.1 255.255.255.0
ip access-group 106 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip pim dense-mode
ip nat inside
ip virtual-reassembly in
zone-member security in-zone
ip tcp adjust-mss 1412
!
no ip classless
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip http path flash:
!
!
ip dns server
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.1.21 25 interface FastEthernet4 25
ip nat inside source static tcp 192.168.1.21 443 interface FastEthernet4 443
ip nat inside source static udp 192.168.1.2 3389 interface FastEthernet4 3389
ip nat inside source static tcp 192.168.1.120 32004 interface FastEthernet4 32004
ip nat inside source static tcp 192.168.1.120 32007 interface FastEthernet4 32007
ip nat inside source static tcp 192.168.1.120 6060 interface FastEthernet4 6060
ip nat inside source static tcp 192.168.1.120 6061 interface FastEthernet4 6061
ip nat inside source static tcp 10.1.10.1 80 172.16.16.2 80 extendable
ip route 0.0.0.0 0.0.0.0 FastEthernet4
!
ip access-list extended SDM_BOOTPC
remark CCP_ACL Category=0
permit udp any any eq bootpc
ip access-list extended voipunlimited
remark CCP_ACL Category=128
permit ip 91.151.0.0 0.0.0.255 any
!
logging trap debugging
no cdp run
!
snmp-server community changeme-rw RW 10
snmp-server community changeme-ro RO 10
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 10.1.1.0 0.0.0.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 remark CCP_ACL Category=0
access-list 101 permit ip any host 192.168.1.21
access-list 102 remark CCP_ACL Category=0
access-list 102 permit ip any host 192.168.1.2
access-list 103 remark CCP_ACL Category=0
access-list 103 permit ip any host 192.168.1.120
access-list 104 remark CCP_ACL Category=0
access-list 104 permit ip any host 10.1.10.1
!
control-plane
!
bridge 1 route ip
bridge 100 route ip
!
ccm-manager music-on-hold
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
dial-peer voice 100 voip
incoming called-number ^9.T
dtmf-relay rtp-nte
no vad
!
dial-peer voice 110 voip
destination-pattern ^999$
session protocol sipv2
session target sip-server
incoming called-number ^999$
dtmf-relay rtp-nte
no vad
!
dial-peer voice 200 voip
destination-pattern 03302020201
session protocol sipv2
session target ipv4:192.168.1.200
dtmf-relay rtp-nte
no vad
!
dial-peer voice 1000 voip
translation-profile outgoing PSTN_Outgoing
destination-pattern 901.......T
session protocol sipv2
session target sip-server
dtmf-relay rtp-nte
no vad
!
dial-peer voice 2000 voip
translation-profile incoming BRI0-BG_Called_6
session protocol sipv2
session target sip-server
incoming called-number 03302020201
dtmf-relay rtp-nte
no vad
!
dial-peer voice 1020 voip
description **CCA*UK-6-Digit-Local-Numbers*Mobile**
translation-profile outgoing PSTN_Outgoing
preference 1
destination-pattern 907[1-5,7-9]........
session protocol sipv2
session target sip-server
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
fallback pass-through g711ulaw
no vad
!
!
sip-ua
credentials username XXXXXXXXXX password 7 XXXXXXXXXXXX realm sip.voip-unlimited.net
keepalive target dns:sip.voip-unlimited.net
authentication username XXXXXXXXX password 7 XXXXXXXXXXXXX realm sip.voip-unlimited.net
authentication username XXXXXXXXXXX password 7 XXXXXXXXXXXXXXXXXXXX
no remote-party-id
retry invite 2
retry register 10
timers connect 100
registrar dns:sip.voip-unlimited.net expires 3600
sip-server dns:sip.voip-unlimited.net:5060
host-registrar
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
!
end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
