Cisco Unified Border Element (SP Edition) Configuration Guide: Unified Model
Appendix A: End-to-End Configuration Example
Downloads: This chapterpdf (PDF - 128.0KB) The complete bookPDF (PDF - 9.9MB) | Feedback

Table of Contents

End-to-End Cisco Unified Border Element (SP Edition) Configuration Example

End-to-End Cisco Unified Border Element
(SP Edition) Configuration Example

This section contains a complete Cisco Unified Border Element (SP Edition) configuration on the Cisco ASR 1000 Series Routers.

Router# show run

Building configuration...
 
Current configuration : 17580 bytes
!
! Last configuration change at 11:12:56 SGT Sun Nov 21 2010
!
version 15.1
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service internal
no platform punt-keepalive disable-kernel-core
platform shell
!
hostname ASR1002-2
!
boot-start-marker
boot system bootflash:asr1000rp1-adventerprisek9.BLD_V151_1_S_XE32_THROTTLE_LATEST_20101109_090050.bin
boot system bootflash:asr1000rp1-adventerprisek9.BLD_MCP_DEV_LATEST_20101109_222533.bin
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition h323-vrf-a
description h323-vrf-a
!
address-family ipv4
exit-address-family
!
vrf definition h323-vrf-b
description h323-vrf-b
!
address-family ipv4
exit-address-family
!
vrf definition l2e-vrf-a
description VRF a-side for late-to-early
!
address-family ipv4
exit-address-family
!
vrf definition l2e-vrf-b
description VFR b-side for late-to-early
!
address-family ipv4
exit-address-family
!
vrf definition sigpinhole_customer_a
description SigPinhole-VRF-Customer-A
!
address-family ipv4
exit-address-family
!
vrf definition sigpinhole_customer_b
description SigPinhole-VRF-Customer-B
!
address-family ipv4
exit-address-family
!
vrf definition vrf_a
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition vrf_b
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
logging buffered 10000000
enable secret 5 $1$wVYL$r.SbA2ka.6l9g7baSdHJx/
!
no aaa new-model
!
!
!
no process cpu extended history
no process cpu autoprofile hog
clock timezone SGT 8 0
ip source-route
!
!
!
!
!
ip domain name cisco.com
ip host t-mobile.com 10.0.48.236
ip host ibcf.t-mobile.com 10.0.48.236
ip host scscf.t-mobile.com 10.0.48.236
ip name-server 20.21.28.125
ip name-server vrf vrf_a 20.21.28.125
ip name-server vrf vrf_b 20.21.28.125
!
!
ipv6 host opensips.cisco.com 2001:20:21:28:20:21:28:93
ipv6 unicast-routing
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
redundancy
mode none
application redundancy
group 1
name CUBE-SP
shutdown
priority 255 failover threshold 100
control GigabitEthernet0/0/1.726 protocol 1
data GigabitEthernet0/0/2
protocol 1
authentication md5 key-string cisco
!
!
!
ip ftp username fw
ip ftp password cisco
!
class-map type inspect match-any sip-traffic-class
match protocol sip
match protocol icmp
!
policy-map type inspect private-public-policy
class type inspect sip-traffic-class
inspect
class class-default
!
zone security private
zone security public
zone-pair security private-public source private destination public
service-policy type inspect private-public-policy
!
!
!
!
!
!
!
interface SBC1
ip address 10.160.90.4 255.255.255.0 secondary
ip address 10.160.90.11 255.255.255.0 secondary
ip address 10.160.90.12 255.255.255.0 secondary
ip address 10.160.90.13 255.255.255.0 secondary
ip address 10.160.90.14 255.255.255.0 secondary
ip address 10.160.90.15 255.255.255.0 secondary
ip address 10.160.90.16 255.255.255.0 secondary
ip address 10.160.90.17 255.255.255.0 secondary
ip address 10.160.90.18 255.255.255.0 secondary
ip address 10.160.90.19 255.255.255.0 secondary
ip address 10.160.90.3 255.255.255.0 secondary
ip address 20.24.34.1 255.255.255.0
ipv6 address 2001:A401::10:160:90:1/64
ipv6 address 2001:A401::10:160:90:2/64
ipv6 address 2001:A405::20:24:34:1/64
!
interface SBC2
ip address 10.190.6.2 255.255.255.224 secondary
ip address 10.190.6.1 255.255.255.224
!
interface SBC3
ip address 10.190.6.34 255.255.255.224 secondary
ip address 10.190.6.33 255.255.255.224
!
interface SBC4
ip address 10.190.7.66 255.255.255.224 secondary
ip address 10.190.7.65 255.255.255.224
!
interface SBC5
ip address 10.190.7.98 255.255.255.224 secondary
ip address 10.190.7.97 255.255.255.224
!
interface SBC9
ip address 9.1.1.1 255.255.255.0
!
interface SBC200
ip address 20.24.31.1 255.255.255.0
ipv6 address 2001:20:24:31:20:24:31:1/64
!
interface SBC749
ip address 20.24.49.1 255.255.255.0
!
interface GigabitEthernet0/0/0
ip address 1.1.1.2 255.255.255.0
zone-member security private
negotiation auto
cdp enable
redundancy rii 10
!
interface GigabitEthernet0/0/1
no ip address
shutdown
negotiation auto
cdp enable
!
interface GigabitEthernet0/0/1.726
encapsulation dot1Q 726
ip address 20.21.26.120 255.255.255.0
!
interface GigabitEthernet0/0/2
ip address 1.1.2.2 255.255.255.0
zone-member security public
negotiation auto
!
interface GigabitEthernet0/0/3
no ip address
shutdown
negotiation auto
!
interface FastEthernet0/1/0
ip address 20.21.47.16 255.255.255.0 secondary
ip address 20.21.47.13 255.255.255.0
speed 100
negotiation auto
!
interface FastEthernet0/1/1
no ip address
shutdown
speed 100
negotiation auto
!
interface FastEthernet0/1/2
no ip address
shutdown
speed 100
negotiation auto
!
interface FastEthernet0/1/3
no ip address
shutdown
speed 100
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address 10.74.48.165 255.255.255.224
negotiation auto
!
!
no ip http server
no ip http secure-server
ip route 10.74.48.151 255.255.255.255 20.21.26.1
ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 10.74.48.161
ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 10.74.28.65
ip route vrf vrf_a 0.0.0.0 0.0.0.0 20.21.27.1
ip route vrf vrf_b 0.0.0.0 0.0.0.0 20.21.26.1
!
logging esm config
cdp run
ipv6 route ::/0 2001:20:21:28:20:21:28:1
ipv6 route vrf vrf_b ::/0 2001:20:21:26:20:21:26:1
ipv6 route vrf vrf_a ::/0 2001:20:21:27:20:21:27:1
!
!
!
control-plane
!
!
sbc diagnostics sparse
!
!
sbc rls8
sbe
control address aaa ipv4 20.24.34.1
radius authentication
server freeRadius
address ipv4 10.0.48.236
mode local
key cisco
radius accounting Codenomicon
concurrent-requests 4000
retry-interval 5000
retry-limit 9
server Codenomicon
address ipv4 10.0.48.236
port 1812
key cisco
sip body-profile PASSALL
sip parameter-profile test
parameter aaa
action strip
sip parameter-profile testb
sip parameter-profile proxy-param
parameter firewall
action strip
sip parameter-profile access-param
parameter firewall
action add-or-replace value public-ip-address
sip header-profile h1
src-address
header-prio 1 header-name P-Called-Party-ID
header-prio 2 header-name P-Preferred-Identity
header Allow entry 1
action pass
header Call-Info entry 1
action pass
header P-Asserted-Identity entry 1
action pass
sip header-profile 111
header Allow entry 1
action replace-value value "ddd"
sip header-profile p-kt
header P-KT-UE-IP entry 1
action strip
header P-KT-UE-IP entry 2
action add-header value "${msg.rmt_ip_addr}"
sip header-profile proxy
header contact entry 1
parameter-profile proxy-param
action as-profile
sip header-profile access
header contact entry 1
parameter-profile access-param
action as-profile
sip header-profile default
blacklist
sip header-profile IMS_Access
blacklist
header P-Called-Party-ID entry 1
action strip
sip header-profile P-Charging-Fucntion-Address
blacklist
header P-Charging-Function-Addresses entry 1
action add-first-header value "1.1.1.1"
sip method-profile PASS
blacklist
sip method-profile default
blacklist
sip option-profile default
blacklist
sip error-profile default
cause rtg-no-route-found sub-cause rtg-src-adjacency status-code 604 reason "Q.850 ;cause=16 ;text=\"SBC: No route found based on src adjacency\""
adjacency h323 H323CCM134-GK
signaling-address ipv4 20.24.34.1
signaling-port 1719
remote-address ipv4 10.0.50.134 255.255.255.255
signaling-peer gk 10.0.48.93
tech-prefix 567
dbe-location-id 0
allow private info
trunk trusted
inbound secure
attach
adjacency h323 H323CCM134-vrfa
vrf h323-vrf-a
signaling-address ipv4 10.190.7.65
remote-address ipv4 10.0.50.134 255.255.255.255
signaling-peer 10.0.50.134
dbe-location-id 0
trunk trusted
inbound secure
attach
adjacency sip SIPP1
signaling-address ipv4 20.24.34.1
statistics method summary
signaling-port 5060
remote-address ipv4 10.0.244.81 255.255.255.255
signaling-peer 10.0.244.81
dbe-location-id 0
attach
adjacency sip SIPP2
signaling-address ipv4 20.24.34.1
statistics method summary
signaling-port 5060
remote-address ipv4 10.0.244.82 255.255.255.255
signaling-peer 10.0.244.82
dbe-location-id 0
attach
adjacency sip UE-RX
inherit profile preset-access
signaling-address ipv4 192.168.2.1
statistics method summary
remote-address ipv4 10.0.120.19 255.255.255.255
signaling-peer 10.0.120.19
dbe-location-id 0
reg-min-expiry 200
fast-register disable
attach
adjacency sip adj1-o
inherit profile preset-access
visited network identifier ims.net
signaling-address ipv4 192.168.2.1
statistics method summary
remote-address ipv4 192.168.1.1 255.255.255.255
signaling-peer 192.168.1.1
media bypass tag 1 a
media bypass tag 2 b
media bypass tag 3 c
media bypass tag 4 d
attach
adjacency sip adj1-t
inherit profile preset-access
visited network identifier ims.net
signaling-address ipv4 192.168.130.1
statistics method summary
remote-address ipv4 192.168.129.1 255.255.255.255
signaling-peer 192.168.129.1
media bypass tag 1 a
media bypass tag 2 b
media bypass tag 3 c
media bypass tag 4 d
attach
adjacency sip CCM-132
preferred-transport tcp
signaling-address ipv4 20.24.34.1
statistics method summary
signaling-port 5060
remote-address ipv4 10.0.50.132 255.255.255.255
signaling-peer 10.0.50.132
dbe-location-id 0
ping-enable
ping-suppression ood-request
ping-bad-rsp-codes 503
warrant match-order destination source diverted-by
attach
adjacency sip CCM-133
admin-domain ad1
vrf sigpinhole_customer_a
signaling-address ipv4 10.190.6.33
statistics method summary
signaling-port 5060
remote-address ipv4 10.0.50.133 255.255.255.255
signaling-peer 10.0.50.133
dbe-location-id 0
dtmf disable sip notify
attach
adjacency sip CCM-135
admin-domain ad1
signaling-address ipv4 20.24.34.1
statistics method summary
signaling-port 5060
remote-address ipv4 10.0.50.135 255.255.255.255
signaling-peer 10.0.50.135
dbe-location-id 0
dtmf disable sip info
attach
adjacency sip OpensipsV6
group IPv6
nat force-off
inherit profile preset-core
signaling-address ipv6 2001:A401::10:160:90:1
statistics method summary
signaling-port 7060
remote-address ipv6 2001::216:ECFF:FE3B:40DD/128
signaling-peer 2001:A401::33:33:36:1
dbe-location-id 0
registration target address 2001:A401::33:33:36:2
header-name From passthrough
dtmf prefer sip info
attach
adjacency sip OpenIMSCore
inherit profile preset-core
signaling-address ipv4 20.24.34.1
statistics method summary
signaling-port 4060
remote-address ipv4 10.0.48.236 255.255.255.255
signaling-peer 10.0.48.236
dbe-location-id 0
registration target address open-ims.test
registration monitor
header-name From passthrough
ims pani e2
attach
adjacency sip SoftphoneV6
group IPv6
nat force-on
inherit profile preset-access
signaling-address ipv6 2001:A401::10:160:90:1
statistics method summary
signaling-port 5060
remote-address ipv6 2001::/64
signaling-peer 2001::10:0:120:19
dbe-location-id 0
registration rewrite-register
attach
cac-policy-set 1
first-cac-table SRC-ADJ
first-cac-scope src-adjacency
cac-table SRC-ADJ
table-type limit src-adjacency
entry 1
match-value UE-RX
caller inband-dtmf-mode always
media police strip
action cac-complete
entry 2
match-value CCM-132
codec-preference-list pref-list1
callee-privacy privacy-service always
caller-privacy privacy-service never
srtp support allow
payload-type asymmetric allowed
callee local-call-transfer allowed
srtp caller forbid
srtp callee mandate
srtp interworking allow
media police strip
action cac-complete
entry 3
match-value CCM-133
media police strip
action next-table msmbtb1
cac-table msmbtb1
table-type policy-set
entry 1
media bypass type hairpin full
media police strip
action cac-complete
complete
cac-policy-set global 1
call-policy-set 1
first-inbound-na-table natable1
first-call-routing-table da1
first-reg-routing-table REG-ROUTE-ON-SRC-ADJ
rtg-dst-address-table da1
entry 1
match-address kate string
dst-adjacency CCM-135
action complete
entry 2
match-address bob string
dst-adjacency CCM-133
action complete
entry 3
match-address 44 digits
dst-adjacency CCM-135
action complete
prefix
entry 4
match-address 86 digits
dst-adjacency OpenIMSCore
action complete
prefix
rtg-src-adjacency-table REG-ROUTE-ON-SRC-ADJ
entry 1
match-adjacency UE-RX
dst-adjacency OpenIMSCore
action complete
entry 2
match-adjacency SoftphoneV6
dst-adjacency OpensipsV6
action complete
entry 3
match-adjacency OpenIMSCore
dst-adjacency adj1-o
action complete
na-dst-address-table natable1
entry 1
action next-table privacytb1
edit-src add-prefix 1
match-address 111 digits
entry 2
action accept
edit-src add-prefix 12345
match-address 112 digits
entry 3
action accept
edit-src add-prefix abc
match-address 113 digits
entry 4
action accept
match-address ^201[a-d]ef regex
entry 5
action accept
na-src-name-anonymous-table privacytb1
entry 1
action accept
edit-dst add-prefix 3
match-anonymous true
complete
call-policy-set 2
first-call-routing-table ROUTE-ON-DEST-NUM
rtg-dst-address-table ROUTE-ON-DEST-NUM
entry 1
match-address 1320X digits
dst-adjacency CCM-132
action complete
edit-dst del-prefix 4
prefix
complete
call-policy-set 3
first-call-routing-table table1
rtg-src-adjacency-table table1
entry 1
match-adjacency SIPP1
dst-adjacency CCM-135
action complete
entry 2
match-adjacency SIPP2
dst-adjacency CCM-133
action complete
complete
call-policy-set default 1
admin-domain ad1
description This is a description for DOMAIN1
call-policy-set inbound-na 3
call-policy-set rtg 3
! using call-policy-set outbound-na default
admin-domain ad2
description This is a description for DOMAIN2
call-policy-set inbound-na 2
call-policy-set rtg 2
call-policy-set outbound-na 2
enum 1
req-timeout 60
rsp-lifetime 34000
nmr-buf-pool-size 500
entry default
server ipv4 10.0.120.33
activate
network-id 29599
sip dns
support-type sip-dns-srv
cache lifetime 0
cache limit 10
!
!
codec list pref-list1
codec G723 priority 1
codec PCMU priority 2
!
codec variant codec G7231L
variant G7231L
standard G723
fmtp annexa=yes
fmtp bitrate=5.3
billing
local-address ipv4 20.24.34.1
ldr-check 23 30
method packetcable-em
method xml
packetcable-em 0 transport radius Codenomicon
local-address ipv4 20.24.34.1
attach
xml 1
cdr path usb0:Billing/
cdr alarm minor 500000
ldr-check 23 30
attach
activate
!
!
blacklist global
reason bad-address
trigger-size 65535
reason cac-policy-rejection
trigger-size 65535
reason spam
trigger-size 65535
blacklist vpn sigpinhole_customer_a
reason authentication-failure
trigger-size 65535
reason endpoint-registration
trigger-size 65535
trigger-period 1 seconds
reason cac-policy-rejection
reason corrupt-message
trigger-size 65535
trigger-period 1 seconds
blacklist global ipv6 2001::10:0:233:113
reason authentication-failure
trigger-size 65535
trigger-period 1 seconds
reason bad-address
trigger-size 65535
trigger-period 1 seconds
reason endpoint-registration
trigger-size 65535
trigger-period 1 seconds
reason cac-policy-rejection
trigger-size 65535
trigger-period 1 seconds
reason corrupt-message
trigger-size 65535
trigger-period 1 seconds
reason spam
trigger-size 65535
trigger-period 1 seconds
!
rtp-flood-detect
media-address ipv4 10.160.90.3
port-range 10000 11000 voice tag CCM-132
port-range 11001 12000 video tag CCM-135
media-address ipv6 2001:A401::10:160:90:1
port-range 16384 32767 signaling
activate
!
!
!
!
line con 0
exec-timeout 0 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
exec-timeout 0 0
no login
!
exception data-corruption buffer truncate
!
monitor session 22 type erspan-source
description SOURCE_SESSION_FOR_Gi0/0/0
source interface Gi0/0/0
destination
erspan-id 22
ip address 10.0.100.100
origin ip address 20.21.28.72
!
!
end