Cisco Unified Border Element (SP Edition) Configuration Guide: Unified Model
Appendix A: End-to-End Configuration Example
Downloads: This chapterpdf (PDF - 153.0KB) The complete bookPDF (PDF - 10.42MB) | Feedback

End-to-End Cisco Unified Border Element (SP Edition) Configuration Example

Table Of Contents

End-to-End Cisco Unified Border Element
(SP Edition) Configuration Example


End-to-End Cisco Unified Border Element
(SP Edition) Configuration Example


This section contains a complete Cisco Unified Border Element (SP Edition) configuration on the Cisco ASR 1000 Series Routers.

Router# show run
 
Building configuration...
 
   
Current configuration : 17580 bytes
!
! Last configuration change at 11:12:56 SGT Sun Nov 21 2010
!
version 15.1
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service internal
no platform punt-keepalive disable-kernel-core
platform shell
!
hostname ASR1002-2
!
boot-start-marker
boot system 
bootflash:asr1000rp1-adventerprisek9.BLD_V151_1_S_XE32_THROTTLE_LATEST_20101109_090050.bin
boot system bootflash:asr1000rp1-adventerprisek9.BLD_MCP_DEV_LATEST_20101109_222533.bin
boot-end-marker
!
!
vrf definition Mgmt-intf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
vrf definition h323-vrf-a
 description h323-vrf-a
 !
 address-family ipv4
 exit-address-family
!
vrf definition h323-vrf-b
 description h323-vrf-b
 !
 address-family ipv4
 exit-address-family
!
vrf definition l2e-vrf-a
 description VRF a-side for late-to-early 
 !
 address-family ipv4
 exit-address-family
!
vrf definition l2e-vrf-b
 description VFR b-side for late-to-early
 !
 address-family ipv4
 exit-address-family
!
vrf definition sigpinhole_customer_a
 description SigPinhole-VRF-Customer-A
 !
 address-family ipv4
 exit-address-family
!
vrf definition sigpinhole_customer_b
 description SigPinhole-VRF-Customer-B
 !
 address-family ipv4
 exit-address-family
!
vrf definition vrf_a
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
vrf definition vrf_b
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
logging buffered 10000000
enable secret 5 $1$wVYL$r.SbA2ka.6l9g7baSdHJx/
!
no aaa new-model
!
!
!
no process cpu extended history
no process cpu autoprofile hog
clock timezone SGT 8 0
ip source-route
!
!
!
!
!
ip domain name cisco.com
ip host t-mobile.com 10.0.48.236
ip host ibcf.t-mobile.com 10.0.48.236
ip host scscf.t-mobile.com 10.0.48.236
ip name-server 20.21.28.125
ip name-server vrf vrf_a 20.21.28.125
ip name-server vrf vrf_b 20.21.28.125
!
!
ipv6 host opensips.cisco.com 2001:20:21:28:20:21:28:93
ipv6 unicast-routing
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
redundancy
 mode none
 application redundancy
  group 1
   name CUBE-SP
   shutdown
   priority 255 failover threshold 100
   control GigabitEthernet0/0/1.726 protocol 1
   data GigabitEthernet0/0/2
  protocol 1
   authentication md5 key-string cisco
!         
!
!
ip ftp username fw
ip ftp password cisco
!
!
!
!
interface SBC1
 ip address 10.160.90.4 255.255.255.0 secondary
 ip address 10.160.90.11 255.255.255.0 secondary
 ip address 10.160.90.12 255.255.255.0 secondary
 ip address 10.160.90.13 255.255.255.0 secondary
 ip address 10.160.90.14 255.255.255.0 secondary
 ip address 10.160.90.15 255.255.255.0 secondary
 ip address 10.160.90.16 255.255.255.0 secondary
 ip address 10.160.90.17 255.255.255.0 secondary
 ip address 10.160.90.18 255.255.255.0 secondary
 ip address 10.160.90.19 255.255.255.0 secondary
 ip address 10.160.90.3 255.255.255.0 secondary
 ip address 20.24.34.1 255.255.255.0
 ipv6 address 2001:A401::10:160:90:1/64
 ipv6 address 2001:A401::10:160:90:2/64
 ipv6 address 2001:A405::20:24:34:1/64
!
interface SBC2
 ip address 10.190.6.2 255.255.255.224 secondary
 ip address 10.190.6.1 255.255.255.224
!
interface SBC3
 ip address 10.190.6.34 255.255.255.224 secondary
 ip address 10.190.6.33 255.255.255.224
!
interface SBC4
 ip address 10.190.7.66 255.255.255.224 secondary
 ip address 10.190.7.65 255.255.255.224
!
interface SBC5
 ip address 10.190.7.98 255.255.255.224 secondary
 ip address 10.190.7.97 255.255.255.224
!
interface SBC9
 ip address 9.1.1.1 255.255.255.0
!
interface SBC200
 ip address 20.24.31.1 255.255.255.0
 ipv6 address 2001:20:24:31:20:24:31:1/64
!
interface SBC749
 ip address 20.24.49.1 255.255.255.0
!
interface GigabitEthernet0/0/0
 ip address 1.1.1.2 255.255.255.0
negotiation auto
 cdp enable
 redundancy rii 10
!
interface GigabitEthernet0/0/1
 no ip address
 shutdown
 negotiation auto
 cdp enable
!
interface GigabitEthernet0/0/1.726
 encapsulation dot1Q 726
 ip address 20.21.26.120 255.255.255.0
!
interface GigabitEthernet0/0/2
 ip address 1.1.2.2 255.255.255.0
 negotiation auto
!         
interface GigabitEthernet0/0/3
 no ip address
 shutdown
 negotiation auto
!
interface FastEthernet0/1/0
 ip address 20.21.47.16 255.255.255.0 secondary
 ip address 20.21.47.13 255.255.255.0
 speed 100
 negotiation auto
!
interface FastEthernet0/1/1
 no ip address
 shutdown
 speed 100
 negotiation auto
!
interface FastEthernet0/1/2
 no ip address
 shutdown
 speed 100
 negotiation auto
!
interface FastEthernet0/1/3
 no ip address
 shutdown
 speed 100
 negotiation auto
!
interface GigabitEthernet0
 vrf forwarding Mgmt-intf
 ip address 10.74.48.165 255.255.255.224
 negotiation auto
!
!
no ip http server
no ip http secure-server
ip route 10.74.48.151 255.255.255.255 20.21.26.1
ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 10.74.48.161
ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 10.74.28.65
ip route vrf vrf_a 0.0.0.0 0.0.0.0 20.21.27.1
ip route vrf vrf_b 0.0.0.0 0.0.0.0 20.21.26.1
!
logging esm config
cdp run   
ipv6 route ::/0 2001:20:21:28:20:21:28:1
ipv6 route vrf vrf_b ::/0 2001:20:21:26:20:21:26:1
ipv6 route vrf vrf_a ::/0 2001:20:21:27:20:21:27:1
!
!
!
control-plane
!
!
sbc diagnostics sparse
!
!
sbc rls8
 sbe
   control address aaa ipv4 20.24.34.1
   radius authentication
    server freeRadius
     address ipv4 10.0.48.236
     mode local
     key cisco
   radius accounting Codenomicon
    concurrent-requests 4000
    retry-interval 5000
    retry-limit 9
    server Codenomicon
     address ipv4 10.0.48.236
     port 1812
     key cisco
   sip body-profile PASSALL
   sip parameter-profile test
    parameter aaa
     action strip
   sip parameter-profile testb
   sip parameter-profile proxy-param
    parameter firewall
     action strip
   sip parameter-profile access-param
    parameter firewall
     action add-or-replace value public-ip-address
   sip header-profile h1
    src-address
     header-prio 1 header-name P-Called-Party-ID
     header-prio 2 header-name P-Preferred-Identity
    header Allow entry 1
     action pass
    header Call-Info entry 1
     action pass
    header P-Asserted-Identity entry 1
     action pass
   sip header-profile 111
    header Allow entry 1
     action replace-value value "ddd"
   sip header-profile p-kt
    header P-KT-UE-IP entry 1
     action strip
    header P-KT-UE-IP entry 2
     action add-header value "${msg.rmt_ip_addr}"
   sip header-profile proxy
    header contact entry 1
     parameter-profile proxy-param
     action as-profile
   sip header-profile access
    header contact entry 1
     parameter-profile access-param
     action as-profile
   sip header-profile default
    blacklist
   sip header-profile IMS_Access
    blacklist
    header P-Called-Party-ID entry 1
     action strip
   sip header-profile P-Charging-Fucntion-Address
    blacklist
    header P-Charging-Function-Addresses entry 1
     action add-first-header value "1.1.1.1"
   sip method-profile PASS
    blacklist
   sip method-profile default
    blacklist
   sip option-profile default
    blacklist
   sip error-profile default
    cause rtg-no-route-found sub-cause rtg-src-adjacency status-code 604 reason "Q.850 
;cause=16 ;text=\"SBC: No route found based on src adjacency\""
   adjacency h323 H323CCM134-GK
    signaling-address ipv4 20.24.34.1
    signaling-port 1719
    remote-address ipv4 10.0.50.134 255.255.255.255
    signaling-peer gk 10.0.48.93
    tech-prefix 567
    dbe-location-id 0
    allow private info
    trunk trusted
    inbound secure
    attach
   adjacency h323 H323CCM134-vrfa
    vrf h323-vrf-a
    signaling-address ipv4 10.190.7.65
    remote-address ipv4 10.0.50.134 255.255.255.255
    signaling-peer 10.0.50.134
    dbe-location-id 0
    trunk trusted
    inbound secure
    attach
   adjacency sip SIPP1
    signaling-address ipv4 20.24.34.1
    statistics method summary
    signaling-port 5060
    remote-address ipv4 10.0.244.81 255.255.255.255
    signaling-peer 10.0.244.81
    dbe-location-id 0
    attach
   adjacency sip SIPP2
    signaling-address ipv4 20.24.34.1
    statistics method summary
    signaling-port 5060
    remote-address ipv4 10.0.244.82 255.255.255.255
    signaling-peer 10.0.244.82
    dbe-location-id 0
    attach
   adjacency sip UE-RX
    inherit profile preset-access
    signaling-address ipv4 192.168.2.1
    statistics method summary
    remote-address ipv4 10.0.120.19 255.255.255.255
    signaling-peer 10.0.120.19
    dbe-location-id 0
    reg-min-expiry 200
    fast-register disable
    attach
   adjacency sip adj1-o
    inherit profile preset-access
    visited network identifier ims.net
    signaling-address ipv4 192.168.2.1
    statistics method summary
    remote-address ipv4 192.168.1.1 255.255.255.255
    signaling-peer 192.168.1.1
    media bypass tag 1 a
    media bypass tag 2 b
    media bypass tag 3 c
    media bypass tag 4 d
    attach
   adjacency sip adj1-t
    inherit profile preset-access
    visited network identifier ims.net
    signaling-address ipv4 192.168.130.1
    statistics method summary
    remote-address ipv4 192.168.129.1 255.255.255.255
    signaling-peer 192.168.129.1
    media bypass tag 1 a
    media bypass tag 2 b
    media bypass tag 3 c
    media bypass tag 4 d
    attach
   adjacency sip CCM-132
    preferred-transport tcp
    signaling-address ipv4 20.24.34.1
    statistics method summary
    signaling-port 5060
    remote-address ipv4 10.0.50.132 255.255.255.255
    signaling-peer 10.0.50.132
    dbe-location-id 0
    ping-enable
     ping-suppression ood-request
     ping-bad-rsp-codes 503
    warrant match-order destination source diverted-by
    attach
   adjacency sip CCM-133
    admin-domain ad1
    vrf sigpinhole_customer_a
    signaling-address ipv4 10.190.6.33
    statistics method summary
    signaling-port 5060
    remote-address ipv4 10.0.50.133 255.255.255.255
    signaling-peer 10.0.50.133
    dbe-location-id 0
    dtmf disable sip notify
    attach
   adjacency sip CCM-135
    admin-domain ad1
    signaling-address ipv4 20.24.34.1
    statistics method summary
    signaling-port 5060
    remote-address ipv4 10.0.50.135 255.255.255.255
    signaling-peer 10.0.50.135
    dbe-location-id 0
    dtmf disable sip info
    attach
   adjacency sip OpensipsV6
    group IPv6
    nat force-off
    inherit profile preset-core
    signaling-address ipv6 2001:A401::10:160:90:1
    statistics method summary
    signaling-port 7060
    remote-address ipv6 2001::216:ECFF:FE3B:40DD/128
    signaling-peer 2001:A401::33:33:36:1
    dbe-location-id 0
    registration target address 2001:A401::33:33:36:2
    header-name From passthrough 
    dtmf prefer sip info
    attach
   adjacency sip OpenIMSCore
    inherit profile preset-core
    signaling-address ipv4 20.24.34.1
    statistics method summary
    signaling-port 4060
    remote-address ipv4 10.0.48.236 255.255.255.255
    signaling-peer 10.0.48.236
    dbe-location-id 0
    registration target address open-ims.test
    registration monitor
    header-name From passthrough 
    ims pani e2
    attach
   adjacency sip SoftphoneV6
    group IPv6
    nat force-on
    inherit profile preset-access
    signaling-address ipv6 2001:A401::10:160:90:1
    statistics method summary
    signaling-port 5060
    remote-address ipv6 2001::/64
    signaling-peer 2001::10:0:120:19
    dbe-location-id 0
    registration rewrite-register
    attach
   cac-policy-set 1
    first-cac-table SRC-ADJ
    first-cac-scope src-adjacency
    cac-table SRC-ADJ
     table-type limit src-adjacency
     entry 1
      match-value UE-RX
      caller inband-dtmf-mode always
      media police strip
      action cac-complete
     entry 2
      match-value CCM-132
      codec-preference-list pref-list1
      callee-privacy privacy-service always
      caller-privacy privacy-service never
      srtp support allow
      payload-type asymmetric allowed
      callee local-call-transfer allowed
      srtp caller forbid
      srtp callee mandate
      srtp interworking allow
      media police strip
      action cac-complete
     entry 3
      match-value CCM-133
      media police strip
      action next-table msmbtb1
    cac-table msmbtb1
     table-type policy-set
     entry 1
      media bypass type hairpin full 
      media police strip
      action cac-complete
    complete
   cac-policy-set global 1
   call-policy-set 1
    first-inbound-na-table natable1
    first-call-routing-table da1
    first-reg-routing-table REG-ROUTE-ON-SRC-ADJ
    rtg-dst-address-table da1
     entry 1
      match-address kate string
      dst-adjacency CCM-135
      action complete
     entry 2
      match-address bob string
      dst-adjacency CCM-133
      action complete
     entry 3
      match-address 44 digits
      dst-adjacency CCM-135
      action complete
      prefix
     entry 4
      match-address 86 digits
      dst-adjacency OpenIMSCore
      action complete
      prefix
    rtg-src-adjacency-table REG-ROUTE-ON-SRC-ADJ
     entry 1
      match-adjacency UE-RX
      dst-adjacency OpenIMSCore
      action complete
     entry 2
      match-adjacency SoftphoneV6
      dst-adjacency OpensipsV6
      action complete
     entry 3
      match-adjacency OpenIMSCore
      dst-adjacency adj1-o
      action complete
    na-dst-address-table natable1
     entry 1
      action next-table privacytb1
      edit-src add-prefix 1
      match-address 111 digits
     entry 2
      action accept
      edit-src add-prefix 12345
      match-address 112 digits
     entry 3
      action accept
      edit-src add-prefix abc
      match-address 113 digits
     entry 4
      action accept
      match-address ^201[a-d]ef regex
     entry 5
      action accept
    na-src-name-anonymous-table privacytb1
     entry 1
      action accept
      edit-dst add-prefix 3
      match-anonymous true
    complete
   call-policy-set 2
    first-call-routing-table ROUTE-ON-DEST-NUM
    rtg-dst-address-table ROUTE-ON-DEST-NUM
     entry 1
      match-address 1320X digits
      dst-adjacency CCM-132
      action complete
      edit-dst del-prefix 4
      prefix
    complete
   call-policy-set 3
    first-call-routing-table table1
    rtg-src-adjacency-table table1
     entry 1
      match-adjacency SIPP1
      dst-adjacency CCM-135
      action complete
     entry 2
      match-adjacency SIPP2
      dst-adjacency CCM-133
      action complete
    complete
   call-policy-set default 1 
   admin-domain ad1
    description This is a description for DOMAIN1
    call-policy-set inbound-na 3 
    call-policy-set rtg 3 
    ! using call-policy-set outbound-na default
   admin-domain ad2
    description This is a description for DOMAIN2
    call-policy-set inbound-na 2 
    call-policy-set rtg 2 
    call-policy-set outbound-na 2 
   enum 1
    req-timeout 60
    rsp-lifetime 34000
    nmr-buf-pool-size 500
    entry default
     server ipv4 10.0.120.33
    activate
   network-id 29599
   sip dns
    support-type sip-dns-srv
    cache lifetime 0
    cache limit 10
 !
 !
   codec list pref-list1
    codec G723 priority 1
    codec PCMU priority 2
 !
   codec variant codec G7231L
     variant G7231L
     standard G723
     fmtp annexa=yes
     fmtp bitrate=5.3
   billing
    local-address ipv4 20.24.34.1
    ldr-check 23 30
    method packetcable-em
    method xml
    packetcable-em 0 transport radius Codenomicon
     local-address ipv4 20.24.34.1
     attach
    xml 1
     cdr path usb0:Billing/
     cdr alarm minor 500000
     ldr-check 23 30
     attach
    activate
 !
 !
   blacklist global
    reason bad-address
     trigger-size 65535
    reason cac-policy-rejection
     trigger-size 65535
    reason spam
     trigger-size 65535
   blacklist vpn sigpinhole_customer_a
    reason authentication-failure
     trigger-size 65535
    reason endpoint-registration
     trigger-size 65535
     trigger-period 1 seconds
    reason cac-policy-rejection
    reason corrupt-message
     trigger-size 65535
     trigger-period 1 seconds
   blacklist global ipv6 2001::10:0:233:113
    reason authentication-failure
     trigger-size 65535
     trigger-period 1 seconds
    reason bad-address
     trigger-size 65535
     trigger-period 1 seconds
    reason endpoint-registration
     trigger-size 65535
     trigger-period 1 seconds
    reason cac-policy-rejection
     trigger-size 65535
     trigger-period 1 seconds
    reason corrupt-message
     trigger-size 65535
     trigger-period 1 seconds
    reason spam
     trigger-size 65535
     trigger-period 1 seconds
 !
 rtp-flood-detect
 media-address ipv4 10.160.90.3
  port-range 10000 11000 voice tag CCM-132
  port-range 11001 12000 video tag CCM-135
 media-address ipv6 2001:A401::10:160:90:1
  port-range 16384 32767 signaling
 activate
!
!
!
!
line con 0
 exec-timeout 0 0
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 exec-timeout 0 0
 no login
!
exception data-corruption buffer truncate
!
monitor session 22 type erspan-source
 description SOURCE_SESSION_FOR_Gi0/0/0
 source interface Gi0/0/0
 destination
  erspan-id 22
  ip address 10.0.100.100
  origin ip address 20.21.28.72
!
!
end