02-20-2020 05:57 PM
Can CUCM nodes be part of different sub domain?
For example,
Pub.xxx.abc.com
sub.yyy.abc.com
Thanks,
02-20-2020 07:11 PM
Interesting question. In theory I see problems with certificates as any multisan cert adds it domain name into the SAN names. Not sure how it would handle multiple. Can say I have never seen this design. The SRND calls out setting up a seperate subdomain per cluster for CUCM to make routing easier with multiple clusters.
You can always install without needing domains or DNS and that is a valid configuration. Installing without DNS or domain isn't really a best practice anymore if you want to take advantage of jabber or anything that is going to validate FQDN names with certs which is most stuff these days.
It is a best practice to put them into the same sub domain, what is the reason for breaking it apart?
02-21-2020 01:49 PM - edited 02-22-2020 02:22 AM
@Gregory Brunn wrote:The SRND calls out setting up a seperate subdomain per cluster for CUCM to make routing easier with multiple clusters.
The domain of the cluster nodes name have actually not anything to do with call routing. It use the fully qualified name of the cluster and a route string for this if you use SIP route patterns and GDPR. These are recommended to keep separete from the actual real names of the system to not confuse things.
Recommend you to have a look at the presentation BRKUCC-3000 by Johannes Krohn from Cisco Live if you have the possibility. He goes into great details about how this works and what the recommendations are for this.
02-24-2020 06:14 PM
Yeah know the session and my statement was more around keeping the DNS domains and dialing patterns in line. SRND best practices stuff.
Per SRND below.
When DNS is used, Cisco recommends defining each Unified CM cluster as a member of a valid sub-domain within the larger organizational DNS domain, defining the DNS domain on each Cisco Unified CM server, and defining the primary and secondary DNS server addresses on each Unified CM
server. Table 3-4 shows an example of how DNS server could use A records (Hostname-to-IP-address resolution), Cname records (aliases), and SRV records (service records for redundancy, load balancing, and service discovery) in a Unified CM environment.
For Jabber clients, refer to the Cisco Jabber DNS Configuration Guide, available at https://www.cisco.com/web/products/voice/jabber.html
02-21-2020 09:01 AM
@NikolaiMomolay wrote:Can CUCM nodes be part of different sub domain?
For example,
Pub.xxx.abc.com
sub.yyy.abc.com
Thanks,
Yes this will work. We had a system at one of our DC that had this setup for various reasons.
02-24-2020 06:15 PM
Good to know + 5 Did you get your certs signed? Were you in mixed mode?
Any problem with the addition domain name just in the SANs?
02-25-2020 06:35 AM - edited 10-02-2021 11:15 PM
@Gregory Brunn wrote:
Good to know + 5 Did you get your certs signed? Were you in mixed mode?
Any problem with the addition domain name just in the SANs?
Yes our tomcat and callmanager certificates was signed by a CA. There was no problem as such with this, but we did once run into a defect in one of the 11.5 versions that was caused by having multiple domains in the SAN. I don't recall the bugID or version as it's around 2 years ago or so since we faced this. We do not run in mixed mode.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide