i want to know how did u get these numbers of CBWFQ Const in below table
The Constant depends on the number of flow queues in WFQ.
Number of flows
... View more
Im really struggling with a Cisco 7941, was bought in hast to be honest and now just trying to make it work on SIP... no Call Manager. I am a semi novice at this so don't hate me!
I have been trying without luck, different FW versions, tweeking the config here and there but never gets past unprovisioned. today I notice that after the soft reset it wasn't even taking the FW, DHCP and TFTP checked, in fact on a test network, I have read about this Hard reset and after 2 weeks I thought I would give it a go. and now my 7941 is just blank, occasional DHCP request which it receives but that's it, has been in this state for 2 hours. Have I just made a Telephone paper weight?
Any advise would be appreciated.
... View more
Dont' you think Vivek, it would be better option to publish a video of this lengthy process> it's good to understand the logic & some configuration steps, but it needs some formattting: thanks:
... View more
I’m assuming you have already installed and configured cisco Call manager 7x. Two phones are already registered to it. Also assuming that you have done basic installation of Cisco presence server. As you know Installing Cisco presence is like installing Yahoo messenger in your windows XP. Step#1: Enable presence globally on Cisco Call manager By default presence subscription is disable on CCM. System>Service parameter>Cisco Call Manager> search for “Inter-presence” key word and set “Allow Subscription” Step#2: Create SIP trunk Security Profile in CCM Special setting is required for SIP trunk which runs from CCM to Presence. Copy “non Secure SIP Trunk Profile” to “Presence non-secure SIP trunk Proifle” Modify below parameters: 1. Device security mode: Non-Secure 2. Incoming Transport type: TCP+UDP 3. Outgoing Transport Type: TCP 4. Incoming Port 5060 (untick Enable digest authentication) 5. Enable application Level Authentication UNTICK 6. Accept Presence Subscription TICK 7. Accept Out-of-Dialogue REFER TICK 8. Accept Unsoliciliated Notification TICK 9. Accept Replace header TICK 10. Transforms security status UNTICK Save it Step#3: Add a SIP trunk now from CCM to Presence Device>TRUNK>SIP-trunk> Protocol = SIP fill below: 1. Device Name : PRESENCE-TRUNK 2. Description : blah blah 3. Device Pool : DP_HQ 4. Common Dev conf : None 5. call classification : On-Net 6. Media resource Grp : MRG_HQ 7. Location : HQ_LOC 8. AAR GROUP : HQ_AARG (if not using AAR leave empty) 9. Packet Capture mode : None 10. Packet Capture duration: 0 11. MTP required : TICK 12. Retry Video call as audio : TICK 13. SIP information – Desitnation Add: 220.127.116.11 DST is a SRV : UNTICK 1. Destination port : 5060 2. SIP PROFILE : Presence non-secure SIP trunk Proifle Save above. Step#3: Make your IP Phone presence capable 1. Register a phone 2001 name it HQ-Phone1 2. Create end user “test” and associate HQ-Phone1/2001 with the “test” user 3. Make sure test user is a part of “Standard CCM End User” and “standard CTI enable” 4. Make sure Primary extension “2001” is selected when you create the above “test” user Step#3: Add an application user for IPPM and MOC CTI ports This will be used by Presence server to initiate IP Phone services: A) Go to > User Management>Application User> 1. User ID : IPPM 2. pass : blah 3. Presence Grp : Standard 4. Groups : Standard CCM End User save it Repeat above “A” steps for moc_user as well. moc_user will be used by MOC CTI user in Presence. All user who want presence using Microsoft MOC client will be associated to this user. Make sure all “accept” tick boxes are TICKED on moc_user. B) Go to > SYSTEM>Application Server> Add NEW add Presence server IP address here I..e 18.104.22.168 save this as well. Damn too many things to save Step#4: Create IP Phone service URL Go to> Device>Device Settings> IP Phone Service 1. Service Name : IP PhoneMSG 2. ASCII Service Name : IP PhoneMSG 3. Service Description : Blah 4. Service URL : http://22.214.171.124:8081/ippm/default?name#Device blah 5. Service Category : XML Service 6. Service Type : Standard IP Phone Service 7. Blank 8. Blank 9. Enable : TICK It’s standard Phone URL we create and subscribe in CCM. Nothing new!! Make sure you copy the correct URL from the DOC CD. Save above as well. ****Then subscribe above service to HQ phone1/2001***** Step#5: Enable presence Licensing for each user Go to> System>License>Capability Assignment> Then Find the end user you want to assign the presence license. Tick the user and hit <Bulk Assignment> a new pop up window with pop-up. Tick both check-boxes in that and save. Enable CUP – TICK Enable CUPC - TICK Step#6: Add CUPC client in CCM for HQ 2001 phone The trick here is, this is a dummy phone which will control provide HQ Phone1/2001′s presence information to Presence server. Add this dummy presence client and add a HQ2001 DN to it. Go to> Device>Phone> add NEW Phone Type : Unified Personal Communicator then hit <NEXT> 1. Device Name : XXXCISCO 2. Device Pool : DP_HQ 3. Phone Button Templ : Personal Communicator SIP blah 4. CSS : Blah select all common things 5. Owner user ID : test ← a must 6. leave everything else default 7. Device security profile : Unified Personal Communicator Standard 8. SIP profile : Standard SIP profile 9. Digest User : test ← a must ** read more about this Save everything above so far so good , well done Now add a DN to this above device: (same as HQ phone1 shared one) 10. Directory Number : 2001 11. everything else … default or your customizeble >> Save above Once above dummy device is added, associate this device with “test” user we created previously. Now you remember we have 2 device associated with this user: A) 2001 phone and B) XXXCISCO Also Make Physical phone DN2001 has “test” user associated with it. This is the last option in line 2001′s setting before “save” button. If this has not been done and you run presence diagnostic it will keep telling you that “No line appreance existed in CCM blah blah” That s all we needed to do on Call Manager. Now Jump on the Presence BOX. Step#7: Presence box general configuration: After installing basic presence, you’ll see presence post install setup screen on your web browser by typing presence Server IP address on your browser and supplying credentials to the login screen. (hehe, I call it doggie screen, sitting like a dog waiting for your fingers to feed it like dog wait for food ) So you’ll see “Post Install Setup” screen with below options: 1. CUCM Publisher IP address : 126.96.36.199 (default, not changeble) 2. AXL User : Administrator (I’m too lazy to create a new one, for production server you must create a new AXL user for security reason.) 3. Axl password : blah blah.. 4. Confirm password : blah blah <then hit the “NEXT”> 5. Security password : blah blah (whatever you supplied during installation) 6. Then hit the “CONFIRM” (Ignore the warning) Finally you will get 3 options: A) Home B) Status C) TOPOLOGY 7. Click on “HOME” you’ll see you are in a new home i.e. preseence main admin page. Step#8: Upload License and Activate presence Services 1. first upload the license if you haven’t done that so far. 2. GO to > Cisco Unified Servicebility>>Tools>Activate services Activate all services, it will take 2-3 minutes. Step#9: Configure Presence Jump straight on Presence Admin page>>Diagnostic>System Troubleshootor Pay attention to RED crossed balls and yellow exclamation ! Signs and fix them one by one. 1. Under Presence Engine: Click on FIX under “no commnication presence” this will take you to add presence gateway: Add NEW> Presence Gateway type : CUCM description : blah Presence Gateway : 188.8.131.52 ← CCM IP Double check the settings under below menus: 2. SYSTEM> CCM Publisher : Check all parameter under this 3. SYSTEM> Application Listioner>Default class SIP TCP Listioner (make sure its what you have defined in the SIP trunk on CCM – transport method TCP or UDP, both should have the same protocol/port) we are using: Protocol = TCP PORT = 5060 4. SYSTEM> Security>INCOMING ACL Add NEW> description=blah/all address pattern=all Step#10: Tune the Presence Engine’s Service parameter (same as we do with CCM) SYSTEM>> Service Parameter>Select active CUPS Server> Select Presence Engine 1. Search “Proxy Domain” and set it to : 184.108.40.206 (or domain name) 2. Search “Transport Preferred Order” and set it to : TCP/UDP/TLS Step#10: Iconfigure P Phone Messenger on Presence server Application>IP Phone> Setting 1. IPPM Application Status : ON 2. Application user Name : IPPMSG (created in step 3A) 3. Application Password : blah… 4. confirm password : Blah 5. Max Instant message : 25 default 6. Subscription timeout : 3400 default 7. Publish timeout : 3600 default Hit “SAVE” Step#11: Select a SIP trunk between Presence to CCM Tell presence which SIP trunk should be used for pumping calls to CCM. Presence>>Setting> 1. CUP CVP Support : UNTICK 2. MAX Contact List Size : 200 3. Enable Instalt messeging : TICK 4. Enable SIP Publish on CUCM TICK 5. CUCM SIP Publish Trunk : <Select_Your_Trunk><– A MUST Don’t forget to save after above. Above SIP trunk will be automatically listed in above “5”. This we is the one we created on CCM. Step#12: Set TFTP address for IP COMMUNICATOR Clients Application>Unified IP Personal Communicator>Settings 1. Proxy Listenor : Default Cisco SIP proxy TCP Listenor 2. Primary TFTP : 220.127.116.11 (CCM pub tftp) 3. Backup TFTP : 18.104.22.168 (sub tftp) or whatever LDAP – if you are using LDAP put LDAP parameters there. Else disable it. Step#13: For MOC client define CTI Gateway Application>>CUCM CTI Gateway>Settings 1. Application Status : ON 2. Application Username : moc_user (make sure its created on CCM as app usr) 3. Application Password : blah 4. Confirmed Password : blah 5. CUCM Address : 22.214.171.124 (CCM address) Now time to run the Presence troubleshooter again. This will tell you whats remaining and how to fix it. Once those are done, activate the presence and other services and bingo.. you are ready to rocck!! on hang on, oh no!! Still remaining: 1. MOC integration 2. Creating users and testing presence 3. Voicemail integration with Presence
... View more
For all SCCP firmware upgrades from firmware release versions earlier than 8.3(3) to version 8.5(3) or greater, you must first upgrade your firmware to version 8.5(2). Once you have upgraded to version 8.5(2), you can upgrade your IP Phone to version 8.5(3) or later. For more information we can also check the Cisco Unified IP Phone Release Notes for Firmware Release 8.5(3) at the below URL: http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/firmware/8_5_3/english/release/notes/ 7900_853.html
... View more
I help test H323 - I ACL blocked all communication to Call Manager - triggering SRST - and the fault was still there The Telco eventually admitted the problem yesterday. Thanks for your help
... View more
CoPP - Control Plane Policing Definitions : Control Plane (CP): A collection of processes that run at the process level on the route-processor (RP). These processes collectively provide high-level controls for most IOS functions. Central Switch Engine: A device that is responsible for high-speed routing of IP packets. It also performs high-speed input and output services for non-distributed line cards. Distributed Switch Engine: A device that is responsible for high-speed routing of IP packets on distributed line cards without using resources from Central Switch Engine. All packets that are destined for CP must pass through the Central Switch Engine before they are forwarded to the process level. The CP and Central Switch Engine are part of the Route Processor (RP). Overview : The Control Plane Policing feature allows users to configure a QoS filter that manages the traffic flow of control plane packets to protect the CP of Cisco IOS routers and switches against various attacks like Denial-of-Service (DoS). The CoPP feature treats the CP as a separate entity with its own input and output ports. Hence a set of rules can be established and associated to the input and output ports of the CP. These rules are only applied if the packets are destined for the CP or they exit from the CP. Input CP services are executed after input port services and a routing decision on the input path have been made. CP security and packet QoS are applied on- Aggregate CP Services: An aggregate level by the Central Switch Engine and applied to all CP packets received from all line cards on the router Distributed CP Services: A distributed level by the Distributed Switch Engine of a line card and applied to all applied to all CP packets received from all line cards on the router. Types of packets forwarded to CP : The following L3 packets are forwarded to the CP and processed by aggregate and distributed control plane policing- Routing protocol control packets Packets destined for the local IP address of the router Packets from management protocols like SNMP, Telnet & SSH. CoPP Configuration : All Telnet traffic with source address 126.96.36.199 is allowed without constraint, however, any remaining Telnet traffic is policed at the specified rate. CoPP Configuration ip access-list extended CoPP_traffic deny tcp host 188.8.131.52 host 184.108.40.206 eq telnet ! Allow this traffic unconstrained permit tcp any any eq telnet ! Rate-limit this traffic ! class-map Telnet_class match access-group name CoPP_traffic ! policy-map CoPP_policy class Telnet_class police cir 8000 conform-action transmit exceed-action drop ! control-plane service-policy input CoPP_policy ! When a Telnet connection is initiated to 220.127.116.11 with source address 10.1.1.1, it matches the access-list and policing is imposed upon the traffic since the source address is not 18.104.22.168 debug ip packet detail IP: s=10.1.1.1 (Serial0/0), d=22.214.171.124, len 44, rcvd 4 TCP src=60033, dst=23, seq=2907233763, ack=0, win=4128 SYN IP: s=126.96.36.199 (local), d=10.1.1.1 (Serial0/0), len 44, sending TCP src=23, dst=60033, seq=3862546484, ack=2907233764, win=4128 ACK SYN IP: s=10.1.1.1 (Serial0/0), d=188.8.131.52, len 40, rcvd 4 TCP src=60033, dst=23, seq=2907233764, ack=3862546485, win=4128 ACK The show policy-map control-plane is used to display the service-policy associated to the control-plane. It also shows the packets that matched the class-map. This can be verified using show access-list command too. Policy-map verification R2# show policy-map control-plane Control Plane Service-policy input: CoPP_policy Class-map: Telnet_class (match-all) 62 packets, 2866 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: access-group name CoPP_traffic police: cir 8000 bps, bc 1500 bytes conformed 62 packets, 2866 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop conformed 0 bps, exceed 0 bps Class-map: class-default (match-any) 38 packets, 2944 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any R2# show access-list Extended IP access list CoPP_traffic 10 deny tcp host 184.108.40.206 host 220.127.116.11 eq telnet 20 permit tcp any any eq telnet (62 matches)
... View more
Hello Vivek, thank You for the hints. There are no Skinny-ATAs in the network and CPU usage is normal, but there are SIP-ATAs (used for T.38 Fax) registered as 'Third Party SIP Device'. Maybe the cause of the error message is a (second port of a) SIP-ATA that tries to register every 20 minutes. This could explain why the 'Name of Device' field in the error messages is empty. Regards, Martin
... View more
Dear Vivek, I am very much greatful for your kind support. It is most welcome if you have more to share helpful resources like this, it will be helpfull for guys like me. best regards, Ullas
... View more
Thank you for this article, but it does not solve all my client's issue, as some commands must be done as root: - show tech dbstateinfo - cdr list serv - dbl rpchello 172.20.0.1
But we don't have access to root account: apparently, root access to CUCM Publisher is reserved to Cisco TAC Agents.
Could you please help me?
Clément DESHAYES Unified Communication Engineer Dimension Data Belgium Tel: +32 (0) 2 745 04 56 clement.deshayes_AT_dimensiondata.com
... View more
Check your route patterns, and see if any digit stripping is being peformed there. If not, check your route list detail and see if the digit stripping is being performed there. Lastly, if you issue a debug voip dialpeer on the gateway, you will be able to see if the call even reaches the gateway and matches a dialpeer. Please advise as to your findings.
... View more
Integrating Active directory with Call Manager 6.X In order to initialize the LDAP system in Call Manager, you must first specify which type of LDAP server will be used. 1. From the System menu, choose LDAP > LDAP System. Figure 1 - Call Manager LDAP System option 2. At the choice between Microsoft AD and Netscape, choose Microsoft AD 3. Specify your LDAP System Information choices. Go to ->System ->Ldap->Ldap Directory There is nothing particularly unusual about this page to anyone who has configured an LDAP client: LDAP Configuration Name Enter a unique name (up to 40 characters) for the LDAP directory. LDAP Manager Distinguished Name Enter the user ID (up to 128 characters) of the LDAP Manager, who is an administrative user that has access rights to the LDAP directory in question. LDAP Password Enter a password (up to 128 characters) for the LDAP Manager. Confirm Password Reenter the password that you provided in the LDAP Password field. LDAP User Search Base Enter the location (up to 256 characters) where all LDAP users exist. This location acts as a container or a directory. This information varies depending on customer setup. C ) Create a schedule to download data upwards from every 7 Days. d) You can specify the attributes that will be downloaded, although there is no control over these, apart from the email address attribute. e) Enter the address of the server(s), with the possibility of entering multiple redundant servers for this download. Although the default is to use port 389, you can specify 636 and SSL. 5. Click Save to save these details. An initial connection to the LDAP server is made, and a simple one-level search of the target OU is performed to verify the credentials and search base that has been supplied. Following this, there is no further activity until the time and date that had been set earlier is reached. After that, the synchronization starts. After the synchronization occurs, inspection of the Call Manager Users reveals the following: Figure 5 - Users synchronized from eDirectory These users have synchronized over from eDirectory. There is one user marked as Inactive - this was a locally created user who will be purged from the system once LDAP synchronization starts, as you cannot have any users entered manually when you are downloading users by LDAP. Deletion of users is handled by a janitor process that runs overnight, so in the interim a user to be purged is flagged as inactive.These users may now access their telephone management pages after some further configuration is performed. 6. Select LDAP Authentication from the initial System Configuration tab. Figure 6 - LDAP Authentication and Server Information A simpler set of details is requested here, and the normal mechanism for LDAP authentication is used: a) Supply a privileged username and password. This is used to look up a user's CN (entered by them) to provide the Fully Distinguished Name. This is then used by the Call Manager to bind to the server using the user supplied password. b) The server specified here need not be the same as the one used for the LDAP synchronization. It doesn't even need to be in the same tree; the only requirement is that the UID attribute be the same in both. 7. Click Save to save the settings.
... View more