Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
811
Views
25
Helpful
8
Replies

MRA CUCM environment IP vs FQDN

iverson.justin
Level 1
Level 1

‎01-09-2019 07:54 AM - edited ‎03-18-2019 02:33 PM

I am new to the MRA expressway environment but wanted to get a poll.  Is it recommended to have everything in CUCM as FQDN vs IP when doing a Jabber and MRA with traditional 7900 IP phones and such?  I have it working on my CUCM IP environment but seems Cisco is pushing more for FQDN these days, back in early 2000 it was IP all the way.  

Labels:
0 Helpful
8 Replies 8

Anurag Srivastava
Cisco Employee
Cisco Employee

‎01-09-2019 08:08 PM


Hi Justin,

 

What is the problem that you are facing when putting the FQDN? If you have a DNS server reachable to CUCM I think there should be no issues.
But I am not sure what configurations you are referring to? Because it is not mandatory to put FQDN.
There could be some issues with certificates, but you can put IPs also in SAN list.
So I think you can use both according to your deployment.

Also for more information on MRA please see the below link-

https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-11/Mobile-Remote-Access-via-Expressway-Deployment-Guide-X8-11-4.pdf

 

Thanks.

 

Please rate if it is useful...

 

 

Nick Halbert-Lillyman
Level 8
Level 8

‎01-10-2019 07:19 PM

Definitely use FQDN if you can.  If you define your servers by IP, you will usually get certificate errors.

Maren Mahoney
VIP
VIP
In response to Nick Halbert-Lillyman

‎01-11-2019 04:14 AM - edited ‎01-11-2019 04:16 AM

And I would say to define your servers as IP because of the other internal benefits there. You can avoid the MRA certificate-related issues by adding a Subject Alternate Name (SAN) of the IP address when creating your certificates.

The last time I looked, Cisco's design recommendation is still to have servers defined in CUCM as IP. That said, the DNS records will all be FQDN of course.

Nick Halbert-Lillyman
Level 8
Level 8
In response to Maren Mahoney

‎01-11-2019 02:38 PM - edited ‎01-11-2019 02:39 PM

Cisco's recommendations have changed on this, they FQDN is now the way to go, unless you don't have reliable DNS or something.

Maren Mahoney
VIP
VIP
In response to Nick Halbert-Lillyman

‎01-11-2019 03:27 PM

Oh, right. They started that with 10 when they added IMP into the CUCM cluster. Most of the systems I see are still IP-based, but if their certificates don't have the IP as a SAN can it end up making Jabber have issues.

0 Helpful

Jonathan Schulenberg
Hall of Fame
Hall of Fame
In response to Maren Mahoney

‎01-13-2019 06:57 AM - edited ‎01-13-2019 06:58 AM

+1 to DNS FQDN everywhere, including under System > Servers and the service URLs under Enterprise Parameters. Arguing that DNS could go down is sort of like arguing that the airplane could depressurize at 40k feet: it could but making a phone call in that circumstance won’t be your most urgent problem.
Also, no public CA will sign a CSR with IPv4 SANs, especially RFC1918 addresses. Including them is only possible when using an internal CA. There should be no need to do that though.

iverson.justin
Level 1
Level 1
In response to Jonathan Schulenberg

‎01-23-2019 09:11 PM

Do my CUBEs and SBCs have to support DNS then also to talk to CUCM or can I have them talk by IP

As these are my SIP Trunks

0 Helpful

Anurag Srivastava
Cisco Employee
Cisco Employee
In response to iverson.justin

‎01-23-2019 09:41 PM

Hi Justin,

 

No, i think IP communication will be fine between CUCM and your SBCs or CUBEs, no need for DNS or FQDN for them.

 

Thanks

 

Please rate if it is helpful...

 

0 Helpful
Customers Also Viewed These Support Documents