Accepted Solutions
Multisite Design Requirements and Guidelines
Only the following network topologies are supported for individual customer sites that are members of a multisite deployment. Any of these site topologies can be combined as long as the total number of sites is 5 or fewer. The sites are configured with a full-mesh VPN — that is, every site has a direct link to every other site.
- A single UC500 connected to the WAN.
- A single SR520-T1 secure router combined with a UC500. The SR520-T1 is connected to the WAN and provides advanced security features, and the UC500 provides voice and data to the site. In this type of deployment, the data VLAN must be unique for both the SR520-T1 and the UC500.
For the current release, only the model SR520-T1 secure router is supported for use in Cisco SBCS multisite deployments configured using CCA.
IMPORTANT Each site must have a UC500 for voice and data. The Multisite Manager cannot be used to configure any of the following types of deployments:
This diagram shows a simple example of a deployment with two sites that illustrates the supported topologies and some of the design requirements discussed in this section.
The above example illustrates these key elements of multisite configuration:
- Site topology. The Charlotte site provides an example of a site that has a UC500 behind an SR520-T1, while the San Jose site has a UC500 only.
- Data VLAN IP addressing must be unique. Since the data VLAN IP addresses must be unique across all sites for any UC500 and also for any SR520-T1, the data VLAN IP for the UC500 at the Charlotte site is set to 192.168.10.1/24, and the data VLAN IP for the UC500 San Jose is set to 192.168.20.1/24. The VLAN IP for the SR520-T1 at the Charlotte site is 192.168.75.0/24, and there is no SR520-T1 present at the San Jose site (otherwise a unique data VLAN IP would also be required for it).
- Dial plan and intersite dialing. For this configuration, we have chosen to use an intersite dialing prefix of "8." The Charlotte site ID is set to "1", and the San Jose site ID is set to 2. As shown in the example, phone users dial the IntersiteDialingPrefix + Site ID + extension to reach other sites. Both sites have their extension length set to 3. Although it is not required that sites use the same extension length, it is recommended for ease of use and configuration.
- Static IP or DHCP WAN IP addressing is supported. The Charlotte site uses a static WAN IP address, while the San Jose site is configured to use DHCP. Since DHCP is used, Dynamic DNS (DDNS) is configured for the San Jose site.
- Full-mesh VPN with authentication using pre-shared key. A global pre- shared key is configured identically for each site to provide authentication for the VPN tunnel.
- Call admission control. Both sites are configured to allow a maximum of
4 simultaneous calls over the WAN.
This table lists and describes multisite design requirements and guidelines in more details.
IMPORTANT Existing out-of-band configuration is not supported by the Multisite Manager. You must remove existing out-of-band multisite configuration before you can use the Multisite Manager.
Configuration Item | Requirements/Recommended Guidelines |
|---|---|
Number of sites | Up to 5 sites in a full-mesh topology. |
Number of IPsec tunnels | For UC520 and UC540 platforms, each customer site supports up to 10 IPsec tunnels. For UC560 platforms, each customer site supports up to 20 IPsec tunnels. This include EZVPN tunnels, SSL VPN tunnels, multisite VPN tunnels, and SPA525G phone VPN tunnels. When a site is part of a multisite deployment, |
Firewall | Cisco Zone-Based Firewall (ZBF) on SR500 or Cisco IOS-based CBAC policy on the UC500. Third-party firewalls are not supported. |
Data VLAN addressing | The data VLAN IP address for each UC500 and SR520- T1 must be unique across all sites. If each site is at factory default, you must remember to modify the default data VLAN address during the initial configuration of each additional site member to ensure that it is unique. Use the Telephony Setup Wizard to configure the initial settings. If one of the remote sites has an existing data VLAN IP address that is not unique, you must modify its data VLAN address. For a site that is not at factory default state, this can only be done through the Multisite Manager. After modifying the data VLAN IP address, you will lose connectivity to the UC500, and must request and obtain a new IP address from the UC500. To do this, go to Start > Run on your PC and enter |
WAN connection type | Sites can use either DHCP with DDNS configured or static IP addressing. For sites that use DHCP to dynamically obtain an IP address, DDNS (Dynamic Domain Name Service) or some other DNS registration method must be used to manage dynamic addresses. When configuring DDNS, the DDNS provider name, hostname for each site, and authentication information (username and password) must be provided as part of the multisite connection configuration. See Configuring DDNS. The DDNS hostname must be unique for each site. |
DDNS (Dynamic DNS) hosting service | DDNS must be configured for sites with DHCP WAN connections that are part of a multisite deployment. Sites that are configured with a static IP address are not required to configure DDNS. These DDNS hosting services can be selected from the HTTP DDNS section in the Modify Internet Connection window (Configure > Routing > Internet Connection > Modify > Connection Settings). Accounts with these DDNS providers must be established outside of Configuration Assistant. TIP Cisco recommends that you upgrade from the free package to a paid or premium package from the DDNS provider. For example, some free packages are designed to expire due to inactivity (for example, if the IP address is not updated in 30 days). Loss of the DNS support for a domain name means that the VPN tunnels can become inoperable or fail to come up, resulting in service interruptions. |
Traffic Shaping/ Quality of Service (QoS) | Optional. Although this setting is optional, it is strongly recommended. Sites that have limited bandwidth should enable traffic shaping and configure QoS settings for multisite deployments. |
Codec | You must choose either G.711 or G.729 as the codec to use for intersite calls. The G.729 codec offers higher compression, which can translate into significant bandwidth savings, but can result in poorer quality for some types of audio such as Music on Hold. |
Call Admission Control | Optional. Configure Maximum Calls (maximum simultaneous calls) to ensure voice quality for intersite and VoIP calls by helping to prevent the Internet connection from being over-subscribed. Configuration Assistant uses the currently configured QoS settings for upstream bandwidth, codec preference, and bandwidth reservation for voice media to provide recommendations for call admission control. |
Dial Plan | Specify an Intersite Dialing Prefix for site-to-site calling. To dial another site, phone users must dial: Intersite Dialing Prefix + SiteID + Extension This feature allows for flexibility in extension assignments for sites. Prefix digit that are already in use are not available for selection. |
Extension length | It is recommended, but not required, that all sites in a multisite configuration use the same extension length. |
Hostname | To avoid confusion when selecting the hostname from Configuration Assistant menus, it is recommended that you define system hostnames to be unique across all sites. The system hostname is displayed in Configuration Assistant hostname selection menus and system prompts. |
----------------------
So after review of the above, which is from the CCA HELP, you can see the following:
1) SRP is not supported
2) The extension dialing is not over the VPN, rather direct connect via a SIP/H323 dial peer and translation rule (does not go to the SIP Trunk)
3) Each site has its own AA, Directory, Dial Plan and users are NOT shared among a UC500 multisite.
Multisite Design Requirements and Guidelines
Only the following network topologies are supported for individual customer sites that are members of a multisite deployment. Any of these site topologies can be combined as long as the total number of sites is 5 or fewer. The sites are configured with a full-mesh VPN — that is, every site has a direct link to every other site.
- A single UC500 connected to the WAN.
- A single SR520-T1 secure router combined with a UC500. The SR520-T1 is connected to the WAN and provides advanced security features, and the UC500 provides voice and data to the site. In this type of deployment, the data VLAN must be unique for both the SR520-T1 and the UC500.
For the current release, only the model SR520-T1 secure router is supported for use in Cisco SBCS multisite deployments configured using CCA.
IMPORTANT Each site must have a UC500 for voice and data. The Multisite Manager cannot be used to configure any of the following types of deployments:
This diagram shows a simple example of a deployment with two sites that illustrates the supported topologies and some of the design requirements discussed in this section.
The above example illustrates these key elements of multisite configuration:
- Site topology. The Charlotte site provides an example of a site that has a UC500 behind an SR520-T1, while the San Jose site has a UC500 only.
- Data VLAN IP addressing must be unique. Since the data VLAN IP addresses must be unique across all sites for any UC500 and also for any SR520-T1, the data VLAN IP for the UC500 at the Charlotte site is set to 192.168.10.1/24, and the data VLAN IP for the UC500 San Jose is set to 192.168.20.1/24. The VLAN IP for the SR520-T1 at the Charlotte site is 192.168.75.0/24, and there is no SR520-T1 present at the San Jose site (otherwise a unique data VLAN IP would also be required for it).
- Dial plan and intersite dialing. For this configuration, we have chosen to use an intersite dialing prefix of "8." The Charlotte site ID is set to "1", and the San Jose site ID is set to 2. As shown in the example, phone users dial the IntersiteDialingPrefix + Site ID + extension to reach other sites. Both sites have their extension length set to 3. Although it is not required that sites use the same extension length, it is recommended for ease of use and configuration.
- Static IP or DHCP WAN IP addressing is supported. The Charlotte site uses a static WAN IP address, while the San Jose site is configured to use DHCP. Since DHCP is used, Dynamic DNS (DDNS) is configured for the San Jose site.
- Full-mesh VPN with authentication using pre-shared key. A global pre- shared key is configured identically for each site to provide authentication for the VPN tunnel.
- Call admission control. Both sites are configured to allow a maximum of
4 simultaneous calls over the WAN.
This table lists and describes multisite design requirements and guidelines in more details.
IMPORTANT Existing out-of-band configuration is not supported by the Multisite Manager. You must remove existing out-of-band multisite configuration before you can use the Multisite Manager.
Configuration Item | Requirements/Recommended Guidelines |
|---|---|
Number of sites | Up to 5 sites in a full-mesh topology. |
Number of IPsec tunnels | For UC520 and UC540 platforms, each customer site supports up to 10 IPsec tunnels. For UC560 platforms, each customer site supports up to 20 IPsec tunnels. This include EZVPN tunnels, SSL VPN tunnels, multisite VPN tunnels, and SPA525G phone VPN tunnels. When a site is part of a multisite deployment, |
Firewall | Cisco Zone-Based Firewall (ZBF) on SR500 or Cisco IOS-based CBAC policy on the UC500. Third-party firewalls are not supported. |
Data VLAN addressing | The data VLAN IP address for each UC500 and SR520- T1 must be unique across all sites. If each site is at factory default, you must remember to modify the default data VLAN address during the initial configuration of each additional site member to ensure that it is unique. Use the Telephony Setup Wizard to configure the initial settings. If one of the remote sites has an existing data VLAN IP address that is not unique, you must modify its data VLAN address. For a site that is not at factory default state, this can only be done through the Multisite Manager. After modifying the data VLAN IP address, you will lose connectivity to the UC500, and must request and obtain a new IP address from the UC500. To do this, go to Start > Run on your PC and enter |
WAN connection type | Sites can use either DHCP with DDNS configured or static IP addressing. For sites that use DHCP to dynamically obtain an IP address, DDNS (Dynamic Domain Name Service) or some other DNS registration method must be used to manage dynamic addresses. When configuring DDNS, the DDNS provider name, hostname for each site, and authentication information (username and password) must be provided as part of the multisite connection configuration. See Configuring DDNS. The DDNS hostname must be unique for each site. |
DDNS (Dynamic DNS) hosting service | DDNS must be configured for sites with DHCP WAN connections that are part of a multisite deployment. Sites that are configured with a static IP address are not required to configure DDNS. These DDNS hosting services can be selected from the HTTP DDNS section in the Modify Internet Connection window (Configure > Routing > Internet Connection > Modify > Connection Settings). Accounts with these DDNS providers must be established outside of Configuration Assistant. TIP Cisco recommends that you upgrade from the free package to a paid or premium package from the DDNS provider. For example, some free packages are designed to expire due to inactivity (for example, if the IP address is not updated in 30 days). Loss of the DNS support for a domain name means that the VPN tunnels can become inoperable or fail to come up, resulting in service interruptions. |
Traffic Shaping/ Quality of Service (QoS) | Optional. Although this setting is optional, it is strongly recommended. Sites that have limited bandwidth should enable traffic shaping and configure QoS settings for multisite deployments. |
Codec | You must choose either G.711 or G.729 as the codec to use for intersite calls. The G.729 codec offers higher compression, which can translate into significant bandwidth savings, but can result in poorer quality for some types of audio such as Music on Hold. |
Call Admission Control | Optional. Configure Maximum Calls (maximum simultaneous calls) to ensure voice quality for intersite and VoIP calls by helping to prevent the Internet connection from being over-subscribed. Configuration Assistant uses the currently configured QoS settings for upstream bandwidth, codec preference, and bandwidth reservation for voice media to provide recommendations for call admission control. |
Dial Plan | Specify an Intersite Dialing Prefix for site-to-site calling. To dial another site, phone users must dial: Intersite Dialing Prefix + SiteID + Extension This feature allows for flexibility in extension assignments for sites. Prefix digit that are already in use are not available for selection. |
Extension length | It is recommended, but not required, that all sites in a multisite configuration use the same extension length. |
Hostname | To avoid confusion when selecting the hostname from Configuration Assistant menus, it is recommended that you define system hostnames to be unique across all sites. The system hostname is displayed in Configuration Assistant hostname selection menus and system prompts. |
----------------------
So after review of the above, which is from the CCA HELP, you can see the following:
1) SRP is not supported
2) The extension dialing is not over the VPN, rather direct connect via a SIP/H323 dial peer and translation rule (does not go to the SIP Trunk)
3) Each site has its own AA, Directory, Dial Plan and users are NOT shared among a UC500 multisite.
