Table Of Contents
SIP-to-SIP Connections on a Cisco Unified Border Element
Contents
Prerequisites for Configuring SIP-to-SIP Connections on a Cisco Unified Border Element
Restrictions for Configuring SIP-to-SIP Connections on a Cisco Unified Border Element
Information About Configuring SIP-to-SIP Connections on a Cisco Unified Border Element
How to Configure SIP-to-SIP Gateway Features
SIP-to-SIP Basic Functionality for Session Border Controller (SBC)
SIP-to-SIP Extended Feature Functionality for Session Border Controller (SBC)
SIP-to-SIP Supplementary Feature Interworking for Session Border Controller (SBC)
SIP-to-SIP Supplementary Services for Session Border Controller (SBC)
Configuring IP Address-Hiding
Restrictions
Configuring SIP-to-SIP Connections in a Cisco Unified Border Element
Restrictions
Configuring Delayed-Offer to Early-Offer for SIP Audio Calls
Prerequisites
Restrictions
Configuring Delayed-Offer to Early-Offer for SIP Audio Calls at the Global Level
Configuring Delayed-Offer to Early-Offer for SIP Audio Calls for a Dial-Peer
Configuring SIP Error Message Pass Through
Restrictions
Configuring Cisco Unified Border Element for Unsupported Content Pass-through
Prerequisites for Cisco UBE for Unsupported Content Pass-through
Restrictions for Cisco UBE for Unsupported Content Pass-through
Configuring Cisco UBE for Unsupported Content Pass-through at the Global Level
Configuring Cisco UBE for Unsupported Content Pass-through at the Dial Peer Level
Configuring Media Flow-Around
Prerequisites
Configuring Media Flow-Around for a Voice Class
Configuring Media Flow-Around at the Global Level
Configuring Media Flow-Around for a Dial-Peer
Restrictions
Configuring DTMF Relay Digit-Drop on a Cisco Unified Border Element
Restrictions
Examples
Troubleshooting tips
Configuring Support for Dynamic Payload Type Interworking for DTMF and Codec Packets for SIP-to-SIP Calls Feature
Symmetric and Asymmetric Calls
Restrictions
Configuring Dynamic Payload Support at the Global Level
Configuring Dynamic Payload Support for a Dial Peer
Troubleshooting the Dynamic Payload Type Interworking for DTMF and Codec Packets for SIP to SIP Calls Feature
Verifying Support for Dynamic Payload Type Interworking for DTMF and Codec Packets for SIP to SIP Calls Feature
Enabling In-Dialog OPTIONS to Monitor Active SIP Sessions
Methods to Determine Active SIP Sessions
Enabling In-dialog OPTIONS at the Global Level
Enabling in-dialog OPTIONS for a Dial-Peer
Restrictions
Configuring Cisco UBE Out-of-dialog OPTIONS Ping for Specified SIP Servers or Endpoints
Prerequisites
Restrictions
SUMMARY STEPS
Configuring an Error Response Code upon an Out-of-Dialog OPTIONS Ping Failure
Prerequisites
Restrictions
Configuring an Error Response Code upon an Out-of-Dialog OPTIONS Ping Failure at the Global Level
Configuring an Error Response Code upon an Out-of-Dialog OPTIONS Ping Failure at the Dial Peer Level
Troubleshooting Tips
Configuring SIP Parameters
Restrictions
Example
Configurable SIP Parameters via DHCP
Prerequisites for Configurable SIP Parameters via DHCP
Restrictions for Configurable SIP Parameters via DHCP
Information About Configurable SIP Parameters via DHCP
Cisco Unified Border Element Support for Configurable SIP Parameters via DHCP
DHCP to Provision SIP Server, Domain Name, and Phone Number
DHCP-SIP Call Flow
DHCP Message Details
How to Configure SIP Parameters via DHCP
Configuring the DHCP Client
Prerequisites
Enabling the SIP Configuration
Prerequisites
Troubleshooting Tips
Configuring a SIP Outbound Proxy Server
Configuring a SIP Outbound Proxy Server in Voice Service VoIP Configuration Mode
Configuring a SIP Outbound Proxy Server and Session Target in Dial Peer Configuration Mode
Restrictions
Enabling Forced Update of SIP Parameters via DHCP
Prerequisites
Restrictions
SUMMARY STEPS
Configuration Examples for Configurable SIP Parameters via DHCP
Configuring the DHCP Client: Example
Enabling the SIP Configuration: Example
Configuring a SIP Outbound Proxy Server in Voice Service VoIP Configuration Mode: Example
Configuring a SIP Outbound Proxy Server in Dial Peer Configuration Mode: Example
Enabling Forced Update of SIP Parameters via DHCP: Example
Configuring SIP Listening Port
Prerequisites
Restrictions
Configuring Bandwidth Parameters for SIP Calls
Prerequisites
Restrictions
Configuring Support for Session Refresh with Reinvites
Prerequisites
Restrictions
Sending a SIP Registration Message from a Cisco Unified Border Element
Prerequisites
Configuring Adjustable Timers for Registration Refresh and Retries
SUMMARY STEPS
Cisco Unified Border Element Support for SRTP-RTP Internetworking
Prerequisites for Cisco Unified Border Element Support for SRTP-RTP Internetworking
Restrictions for Cisco Unified Border Element Support for SRTP-RTP Internetworking
Information About Cisco Unified Border Element Support for SRTP-RTP Internetworking
How to Configure Cisco Unified Border Element Support for SRTP-RTP Internetworking
Configuring Cisco Unified Border Element Support for SRTP-RTP Internetworking
Configuring the Certificate Authority
Configuring a Trustpoint for the Secure Universal Transcoder
Configuring DSP Farm Services
Associating SCCP to the Secure DSP Farm Profile
Registering the Secure Universal Transcoder to the Cisco Unified Border Element
Prerequisites
Configuring SRTP-RTP Internetworking Support
Prerequisites
Restrictions
Troubleshooting Tips
Support for PAID, PPID, Privacy, PCPID, and PAURI Headers on the Cisco Unified Border Element
Configuring P-Header and Random-Contact Support on the Cisco Unified Border Element
Restrictions
Configuring P-Header Translation on a Cisco Unified Border Element
SUMMARY STEPS
Configuring P-Header Translation on an Individual Dial Peer
SUMMARY STEPS
Configuring P-Called-Party-Id Support on a Cisco Unified Border Element
SUMMARY STEPS
Configuring P-Called-Party-Id Support on an Individual Dial Peer
SUMMARY STEPS
Configuring Privacy Support on a Cisco Unified Border Element
SUMMARY STEPS
Configuring Privacy Support on an Individual Dial Peer
SUMMARY STEPS
Configuring Random-Contact Support on a Cisco Unified Border Element
SUMMARY STEPS
Configuring Random-Contact Support for an Individual Dial Peer
SUMMARY STEPS
Support for Preloaded Routes in Outgoing INVITE Messages Based on REGISTER Information
Configuring Preloaded Route Support on the Cisco Unified Border Element
SUMMARY STEPS
Configuring Preloaded Route Support on the Cisco Unified Border Element on an Individual Dial Peer
SUMMARY STEPS
Selectively Using sip: URI or tel: URL Formats on Individual SIP Headers
Configuring tel: URL Formats and Phone-Context Parameter
Configuring tel: URI Formats and Phone-Context Parameter on Individual SIP Headers
SUMMARY STEPS
Configuring tel: URI Formats and Phone-Context Parameter on Individual SIP Headers on an Individual Dial Peer
SUMMARY STEPS
Configuring tel: URI Formats on the To: Header
SUMMARY STEPS
Configuring tel: URI Formats on the To: Header on an Individual Dial Peer
SUMMARY STEPS
Configuring Selective Filtering of Outgoing Provisional Response on the Cisco Unified Border Element
Configuring Selective Filtering of Outgoing Provisional Response on the Cisco UBE at the Global Level
Configuring Selective Filtering of Outgoing Provisional Response on the Cisco UBE at the Dial Peer Level
Verifying and Troubleshooting SIP-to-SIP Connections on a Cisco Unified Border Element
Troubleshooting Tips
Verifying SIP-to-SIP Connections in an Cisco Unified Border Element
Configuration Examples for SIP-to-SIP Connections in a Cisco Unified Border Element
Basic SIP-to-SIP Call Flow: Example
SRTP-RTP Internetworking: Example
Where to Go Next
Additional References
Related Documents
Standards
MIBs
RFCs
Technical Assistance
Feature Information for SIP-to-SIP Connections on a Cisco Unified Border Element
SIP-to-SIP Connections on a Cisco Unified Border Element
Revised: October 27, 2009
First Published: June 19, 2006
Last Updated: October 27, 2009
This chapter describes how to configure and enable features for SIP-to-SIP connections in an Cisco Unified Border Element topology. A Cisco Unified Border Element (Cisco UBE), in this guide also called an IP-to-IP gateway (IPIPGW), border element (BE), or session border controller, facilitates connectivity between independent VoIP networks by enabling VoIP and videoconferencing calls from one IP network to another.
Activation
Cisco Product Authorization Key (PAK)—A Product Authorization Key (PAK) is required to configure some of the features described in this guide. Before you start the configuration process, please register your products and activate your PAK at the following URL
http://www.cisco.com/go/license.
Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "Cisco Unified Border Element Features Roadmap" section on page 1.
Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
For more information about Cisco IOS voice features, see the entire Cisco IOS Voice Configuration Library—including feature documents, and troubleshooting information—at http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124tcg/vcl.htm.
Contents
This chapter describes how to configure SIP-to-SIP connections in a Cisco Unified Border Element (Cisco UBE). It covers the following features:
•
Prerequisites for Configuring SIP-to-SIP Connections on a Cisco Unified Border Element
•Restrictions for Configuring SIP-to-SIP Connections on a Cisco Unified Border Element
•Information About Configuring SIP-to-SIP Connections on a Cisco Unified Border Element
•How to Configure SIP-to-SIP Gateway Features
•Configuration Examples for SIP-to-SIP Connections in a Cisco Unified Border Element
•Additional References
•Feature Information for SIP-to-SIP Connections on a Cisco Unified Border Element
Prerequisites for Configuring SIP-to-SIP Connections on a Cisco Unified Border Element
•Perform the prerequisites listed in the "Prerequisites for Cisco Unified Border Element Configuration" procedure on page -18in this guide.
•Perform fundamental gateway configuration listed in the "Prerequisites for Fundamental Cisco Unified Border Element Configuration" procedure on page -44 in this guide.
•Perform basic H.323 gateway configuration.
•Perform basic H.323 gatekeeper configuration.
Note For configuration instructions, see the "Configuring H.323 Gateways" and "Configuring H.323 Gatekeepers" chapters of the Cisco IOS Voice, Video, and Fax Configuration Guide, Release 12.2.
Restrictions for Configuring SIP-to-SIP Connections on a Cisco Unified Border Element
Cisco IOS Release 12.4(15)XY and later releases:
•Registration is not supported.
Cisco IOS Release 12.4(15)T and before:
•Delayed-Offer to Delayed-Offer is not supported.
•Codec T is not supported.
•Registration is not supported.
•Supplementary services are not supported.
•Transcoding is not supported.
•Like-to-like error messages are not passed from the incoming SIP leg to the outgoing SIP leg.
Cisco IOS Release 12.4(9)T and before:
•Topology and address hiding is not supported.
Cisco IOS Release 12.4(9)T and later releases:
•Media flow-around for Delayed-Offer to Early-Offer audio and video calls is not supported.
•DTMF Interworking rtp-nte to out of band is not supported when high density transcoder is enabled. Use normal transcoding for rtp-nte to out of band DTMF interworking.
Information About Configuring SIP-to-SIP Connections on a Cisco Unified Border Element
Note When you configure SIP on a router, the ports on all its interfaces are open by default. This makes the router vulnerable to malicious attackers who can execute toll fraud across the gateway if the router has a public IP address and a public switched telephone network (PSTN) connection. To eliminate the threat, you should bind an interface to private IP address that is not accessible by untrusted hosts. In addition, you should protect any public or untrusted interface by configuring a firewall or an access control list (ACL) to prevent unwanted traffic from traversing the router.
•Delayed-Offer to Early-Offer audio calls are supported.
•Delayed-Offer to Delayed-Offer calls are supported.
•Delayed-Offer to Delayed-Offer video calls are supported in Cisco IOS Release 12.4(15)XY and later.
•Delayed-Offer to Delayed-Offer audio calls are supported in Cisco IOS Release 12.4(15)T and later.
•Early-Offer to Early-Offer for audio calls are supported.
•Early-Offer to Early-Offer, Delayed-Offer to Early-Offer video calls are supported in 12.4(15)XZ and later.
•Fax relay is enabled by default for all systems. No further configuration is needed.
•Like-to-like dtmf, codec and fax are supported.
•Like-to-like error messages are not passed from the incoming SIP leg to the outgoing SIP leg. Error messages are passed through Cisco Unified BE when the header-passing error-passthru command is configured in Cisco IOS Release 12.4(15) T and later.
•Media flow-around (except for Delayed-Offer to Early-Offer audio and video calls) in Cisco IOS Release 12.4(9)T and later.
•reINVITE pass-through for Session Refresh is supported.
•SIP-to-SIP Video (including Delayed-Offer to Delayed-Offer, Early-Offer to Early-Offer, Delayed-Offer to Early-Offer calls) are supported.
•SRTP-to-SRTP support for SIP-to-SIP calls is supported.
How to Configure SIP-to-SIP Gateway Features
The following section provides configuration information for the following SIP-to-SIP features.
•SIP-to-SIP Basic Functionality for Session Border Controller (SBC)
•SIP-to-SIP Extended Feature Functionality for Session Border Controller (SBC)
•SIP-to-SIP Supplementary Services for Session Border Controller (SBC)
•SIP-to-SIP Supplementary Feature Interworking for Session Border Controller (SBC)
•Configuring IP Address-Hiding
•Configuring SIP-to-SIP Connections in a Cisco Unified Border Element
•Configuring Delayed-Offer to Early-Offer for SIP Audio Calls
•Configuring SIP Error Message Pass Through
•Configuring Cisco Unified Border Element for Unsupported Content Pass-through
•Configuring Media Flow-Around
•Configuring DTMF Relay Digit-Drop on a Cisco Unified Border Element
•Configuring Support for Dynamic Payload Type Interworking for DTMF and Codec Packets for SIP-to-SIP Calls Feature
•Enabling In-Dialog OPTIONS to Monitor Active SIP Sessions
•Configuring Cisco UBE Out-of-dialog OPTIONS Ping for Specified SIP Servers or Endpoints
•Configuring an Error Response Code upon an Out-of-Dialog OPTIONS Ping Failure
•Configuring SIP Parameters
•Configurable SIP Parameters via DHCP
•Configuring SIP Listening Port
•Configuring Bandwidth Parameters for SIP Calls
•Configuring Support for Session Refresh with Reinvites
•Sending a SIP Registration Message from a Cisco Unified Border Element
•Configuring Adjustable Timers for Registration Refresh and Retries
•Configuring Cisco Unified Border Element Support for SRTP-RTP Internetworking
•Support for PAID, PPID, Privacy, PCPID, and PAURI Headers on the Cisco Unified Border Element
•Support for Preloaded Routes in Outgoing INVITE Messages Based on REGISTER Information
•Selectively Using sip: URI or tel: URL Formats on Individual SIP Headers
•Configuring Selective Filtering of Outgoing Provisional Response on the Cisco Unified Border Element
•Verifying and Troubleshooting SIP-to-SIP Connections on a Cisco Unified Border Element
SIP-to-SIP Basic Functionality for Session Border Controller (SBC)
SIP-to-SIP Basic Functionality for SBC for Cisco UBE provides termination and reorigination of both signaling and media between VoIP and video networks using SIP signaling in conformance with RFC3261. The SIP-to-SIP protocol interworking capabilities of the Cisco Unified Border Element (Cisco UBE) support the following:
•Basic voice calls (Supported audio codecs include: G.711, G.729, G.728, G.726, G.723, G.722, gsmamr nb, AAC_LD, iLBC. Video codecs: H.263, and H.264)
•Codec transcoding
•Calling/called name and number
•DTMF relay interworking
–SIP RFC 2833 <-> SIP RFC 2833
–SIP Notify <-> SIP Notify
•Interworking between SIP early-media and SIP early-media signaling
•Interworking between SIP delayed-media and SIP delayed-media signaling
•RADIUS call-accounting records
•RSVP synchronized with call signaling
•SIP-SIP Video calls
•TCL IVR 2.0 for SIP, including media playout and digit collection (RFC 2833 DTMF relay)
•T.38 fax relay and Cisco fax relay
•UDP and TCP transport
SIP-to-SIP Extended Feature Functionality for Session Border Controller (SBC)
Enables the SIP-to-SIP functionality to conform with RFC 3261 to interoperate with SIP UAs. New SIP-to-SIP features available include:
•Call Admission Control (based on CPU, memory, total calls)
•Delayed Media Call
•ENUM support
•Configuring SIP Error Message Pass Through
•Interoperability with Cisco Unified Communications Manager 5.0 and BroadSoft.
•Lawful Intercept
•Media Inactivity
•Modem passthrough
•TCP and UDP interworking
•Tcl scripts with SIP NOTIFY VoiceXML with SIP-to-SIP
•Transport Layer Security (TLS)
SIP-to-SIP Supplementary Feature Interworking for Session Border Controller (SBC)
Provides enhanced termination and re-origination of signaling and media between VoIP and Video Networks in conformance with RFC3261. New SIP-to-SIP capabilities offered in this release on the Cisco 28xx, 38xx, 5350XM and 5400XM include:
•iLBC Codec
Codecs section of the Dial Peer Configuration on Voice Gateway Routers Guide
–http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/vvfax_c/int_c/dpeer_c/dp_ovrvw.htm#1035124
Dial Peer Features and Configuration section of the Dial Peer Configuration on Voice Gateway Routers Guide
–http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/vvfax_c/int_c/dpeer_c/dp_confg.htm
•G.711 Inband DTMF to RFC 2833
•Session refresh
•SIP-to-SIP Supplementary Services
–Refer/302 Based Supplementary Services Supported from 12.4(9)T onwards
–ReInvite Based Supplementary Services Supported from 12.4(15)XZ
SIP-to-SIP Supplementary Services for Session Border Controller (SBC)
This chapter describes the SIP-to-SIP supplementary service features for SBC. The SIP-to-SIP supplementary services feature enhances terminating and re-originating both signaling and media between VoIP and Video networks by supporting the following features:
•AMR-NB Codec support
•IP Address Hiding in all SIP messages including supplementary services
•Media
–Media Flow Around
•Support on Cisco AS5350XM and Cisco AS5400XM
•SIP-to-SIP Supplementary services using REFER/3xx method. The following features are enabled by default.
–Message Waiting Indication
–Call Waiting
–Call Transfer (Blind, Consult, Alerting)
–Call Forward (All, Busy, No Answer)
–Distinctive Ringing
–Call Hold/Resume
–Music on Hold
•Hosted NAT Traversal for SIP
Configuring IP Address-Hiding
Configuring address-hiding hides signaling and media peer addresses from the endpoints, especially for supplemental services when the Cisco Unified BE passes REFER/3xx messages from leg to leg. Configuring the address hiding feature ensures that the Cisco Unified BE is the only point of signaling and media entry/exit in all scenarios. To enable address-hiding in all SIP messages, perform the steps in this section.
Restrictions
When supplementary services are configured the endpoint sends messages to the SBC, this is then forwarded to the peer endpoint. Address-hiding is preserved during this message forwarding
SUMMARY STEPS
1. enable
2. configure terminal
3. voice service voip
4. address-hiding
5. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode. Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
voice service voip
Example:
Router(config)# voice service voip
|
Enters VoIP voice-service configuration mode.
|
Step 4
|
address-hiding
Example:
Router(conf-voi-serv)# address-hiding
|
Hides signaling and media peer addresses from the endpoints.
|
Step 5
|
exit
Example:
Router(conf-voi-serv)# exit
|
Exits the current mode.
|
Configuring SIP-to-SIP Connections in a Cisco Unified Border Element
To configure SIP-to-SIP connection types, perform the steps in this section.
Restrictions
•Connections are disabled by default in Cisco IOS images that support the Cisco UBE.
•This chapter covers only those features that require a unique configuration in order to support the Cisco UBE. For information on those H.323 gateway features not mentioned in this chapter, see the Cisco IOS Voice, Video, and Fax Configuration Guide.
SUMMARY STEPS
1. enable
2. configure terminal
3. voice service voip
4. allow-connections
5. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
voice service voip
Example:
Router(config)# voice service voip
|
Enters VoIP voice-service configuration mode.
|
Step 4
|
allow-connections from-type to to-type
Example:
Router(config-voi-serv)# allow-connections sip to
sip
|
Allows connections between specific types of endpoints in an Cisco UBE. Arguments are as follows:
•from-type—Type of connection. Valid values: h323, sip.
•to-type—Type of connection. Valid values: h323, sip.
Note H.323-to-H.323: By default, H.323-to-H.323 connections are disabled and POTS-to-any and any-to-POTS connections are enabled.
|
Step 5
|
exit
Example:
Router(config-voi-serv)# exit
|
Exits the current mode.
|
Configuring Delayed-Offer to Early-Offer for SIP Audio Calls
This feature the alters the default configuration of the Cisco Unified BE from not distinguishing SIP Delayed-Offer to Early-Offer call flows, to forcing the Cisco Unified BE to generate an Early-Offer with the configured codecs for a incoming Delayed-Offer INVITE. To configure a Cisco Unified Border Element to send a SIP invite with Early-Offer (EO) on the Out-Leg (OL) perform the steps in this section.
To Delayed-Offer to Early-Offer for SIP Audio Calls for all VoIP calls, or individual dial peers, perform the steps in this section. This section contains the following subsections:
•Configuring Delayed-Offer to Early-Offer for SIP Audio Calls at the Global Level
•Configuring Delayed-Offer to Early-Offer for SIP Audio Calls for a Dial-Peer
Prerequisites
•The allow-connections sip to sip command must be configured before you configure media flow-around. For more information and configuration steps see the "Configuring SIP-to-SIP Connections in a Cisco Unified Border Element" section of this chapter.
Restrictions
•Cisco Unified Communications Manager 5.x supports Early-Offer over SIP trunk for audio calls with MTP
•Support for Cisco Unified Communications Manager Early-Offer for video calls and audio calls without MTP is not supported
Table 1 shows a list of protocol interworking for SIP.
Table 1 Supported protocol interworking
Protocol
|
In Leg
|
Out Leg
|
Support
|
H.323-to-SIP
|
Fast Start
|
Early-Offer
|
Bi-Directional
|
| |
Slow Start
|
Delayed-Offer
|
Bi-Directional
|
SIP-to-SIP
|
Early-Offer
|
Early-Offer
|
Bi-Directional
|
| |
Delayed-Offer
|
Delayed-Offer
|
Bi-Directional
|
| |
Delayed-Offer
|
Early-Offer
|
Uni-Directional
|
Configuring Delayed-Offer to Early-Offer for SIP Audio Calls at the Global Level
To configure Delayed-Offer to Early-Offer for SIP Audio Calls at the global level, perform the steps in this section.
SUMMARY STEPS
1. enable
2. configure terminal
3. voice service voip
4. allow-connections sip
5. early-offer forced
6. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
voice service voip
Example:
Router(config)# voice service voip
|
Enters VoIP voice-service configuration mode.
|
Step 4
|
allow-connections from-type to to-type
Example:
Router(config-voi-serv)# allow-connections sip to
sip
|
Allows connections between specific types of endpoints in an Cisco UBE. Arguments are as follows:
•from-type—Type of connection. Valid values: h323, sip.
•to-type—Type of connection. Valid values: h323, sip.
Note H.323-to-H.323: By default, H.323-to-H.323 connections are disabled and POTS-to-any and any-to-POTS connections are enabled.
|
Step 5
|
early-offer forced
Example:
Router(config-voi-serv)# early-offer forced
|
Enables SIP Delayed-Offer to Early-Offer globally.
|
Step 6
|
exit
Example:
Router(config-voi-serv)# exit
|
Exits the current mode.
|
Configuring Delayed-Offer to Early-Offer for SIP Audio Calls for a Dial-Peer
To configure Delayed-Offer to Early-Offer for SIP Audio Calls for an individual dial-peer, perform the steps in this section.
SUMMARY STEPS
1. enable
2. configure terminal
3. dial-peer voice 1 voip
4. voice-class sip early-offer forced
5. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode. Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
dial-peer voice number voip
Example:
Router(config)# dial-peer voice 2 voip
|
Enters dial-peer configuration mode for the specified VoIP dial peer.
|
Step 4
|
voice-class sip early-offer forced
Example:
Router(config-dial-peer)# voice-class sip
early-offer forced
|
Forcefully send Early-Offer
|
Step 5
|
exit
Example:
Router(config-dial-peer)# exit
|
Exits the current mode.
|
Configuring SIP Error Message Pass Through
The SIP error message pass through feature allows a received error response from one SIP leg to pass transparently over to another SIP leg. This functionality will pass SIP error responses that are not yet supported on the Cisco UBE or will preserve the Q.850 cause code across two sip call-legs.
SIP error responses that are not supported on the Cisco UBE include: 300—Multiple choices, 301—Moved permanently, and 485—Ambiguous
Pre-leg SIP error responses that are not transparently passed though include:
Error code received
|
Corresponding error reported on the peer leg
|
400—Bad request
|
500—Internal error
|
401—Unauthorized
|
503—Service unavailable
|
406—Not acceptable
|
500—Internal error
|
407—Authentication required
|
503—Service unavailable
|
413—Request message body too large
|
500—Internal error
|
414—Request URI too large
|
500—Internal error
|
416—Unsupported URI scheme
|
500—Internal error
|
423—Interval too brief
|
500—Internal error
|
482—Loop detected
|
500—Internal error
|
483—Too many hops
|
500—Internal error
|
488—Not acceptable media (applicable only when the call is transcoded)
|
500—Internal error
|
Restrictions
•Configuring SIP error header passing in at the dial-peer level is not supported.
SUMMARY STEPS
1. enable
2. configure terminal
3. voice service voice
4. sip
5. header-passing error-pass through
6. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
voice service voip
Example:
Router(config)# voice service voip
|
Enters VoIP voice-service configuration mode.
|
Step 4
|
sip
Example:
Router(config-voi-srv)# sip
|
Enters SIP configuration mode.
|
Step 5
|
header-passing error-pass through
Example:
Router(conf-serv-sip)#header-passing error-pass
through
|
Passes received error responses from one SIP leg to pass transparently to another SIP leg.
|
Step 6
|
exit
Example:
Router(config-serv-sip) exit
|
Exit SIP configuration mode.
|
Configuring Cisco Unified Border Element for Unsupported Content Pass-through
This feature introduces the ability to configure the Cisco UBE to pass through end to end headers at a global or dial-peer level, that are not processed or understood in a SIP trunk to SIP trunk scenario. The pass through functionality includes all or only a configured list of unsupported or non-mandatory SIP headers, and all unsupported content/MIME types.
The Cisco Unified Border Element does not support end-to-end media negotiation between the two endpoints that establish a call session through the Cisco Unified Border Element. This is a limitation when the endpoints intend to negotiate codec/payload types that the Cisco Unified Border Element does not process, because currently, unsupported payload types will never be negotiated by the Cisco Unified Border Element. Unsupported content types include text/plain, image/jpeg and application/resource-lists+xml. To address this problem, SDP is configured to pass through transparently at the Cisco Unified Border Element, so that both the remote ends can negotiate media independently of the Cisco Unified Border Element.
SDP pass-through is addressed in two modes:
•Flow-through: Cisco Unified Border Element plays no role in the media negotiation, it blindly terminates and re-originates the RTP packets irrespective of the content type negotiated by both the ends. This supports address hiding and NAT traversal.
•Flow-around: Cisco Unified Border Element neither plays a part in media negotiation, nor does it terminate and re-originate media. Media negotiation and media exchange is completely end-to-end.
Prerequisites for Cisco UBE for Unsupported Content Pass-through
•Configuring the media flow-around command is required for SDP pass-through. When flow-around is not configured, the flow-through mode of SDP pass-through will be functional.
•When the dial-peer media flow mode is asymmetrically configured, the default behavior is to fallback to SDP pass-through with flow-through.
Restrictions for Cisco UBE for Unsupported Content Pass-through
When SDP pass-through is enabled, some of interworking that the Cisco Unified Border Element currently performs cannot be activated. These features include:
•Delayed Offer to Early Offer Interworking
•Supplementary Services with triggered Invites
•DTMF Interworking scenarios
•Fax Interworking/QoS Negotiation
•Transcoding
To enable Cisco UBE Unsupported Content Pass-through perform the steps in this section. This section contains the following subsections:
•Configuring Cisco UBE for Unsupported Content Pass-through at the Global Level
•Configuring Cisco UBE for Unsupported Content Pass-through at the Dial Peer Level
Configuring Cisco UBE for Unsupported Content Pass-through at the Global Level
To configure Unsupported Content Pass-through on an Cisco Unified Border Element at the global level, perform the steps in this section.
SUMMARY STEPS
1. enable
2. configure terminal
3. voice service voip
4. sip
5. pass-thru {content {sdp | unsupp} | headers {unsupp | list tag}}
6. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode. Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
voice service voip
Example:
Router(config)# voice service voip
|
Enters VoIP voice-service configuration mode.
|
Step 4
|
sip
Example:
Router(config-voi-srv)# sip
|
Enters SIP configuration mode.
|
Step 5
|
pass-thru {content {sdp | unsupp} | headers
{unsupp | list tag}}
Example:
Router(conf-serv-sip)# pass-thru {content {sdp |
unsupp} | headers {unsupp | list <tag>}}
|
Passes the SDP transparently from in-leg to the out-leg with no media negotiation.
|
Step 6
|
exit
Example:
Router(conf-voi-serv)# exit
|
Exits the current mode.
|
Configuring Cisco UBE for Unsupported Content Pass-through at the Dial Peer Level
To configure Unsupported Content Pass-through on an Cisco Unified Border Element at the dial-peer level, perform the steps in this section.
SUMMARY STEPS
1. enable
2. configure terminal
3. dial-peer voice number voip
4. voice-class sip pass-thru{{headers | content} {content {unsupp | sdp}}
5. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode. Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
dial-peer voice number voip
Example:
Router(config)# dial-peer voice 22 voip
|
Enters dial-peer configuration mode for the specified VoIP dial peer.
|
Step 4
|
voice-class sip pass-thru{{headers | content}
{content {unsupp | sdp}
Example:
Router (conf-dial-peer)# voice-class sip
pass-thru headers
|
Passes the SDP transparently from in-leg to the
out-leg with no media negotiation.
|
Step 5
|
exit
Example:
Router(conf-voi-serv)# exit
|
Exits the current mode.
|
Configuring Media Flow-Around
This feature adds media flow-around capability on the Cisco Unified Border Element by supporting the processing of call setup and teardown requests (VoIP call signaling) and for media streams (flow-through and flow-around). Media flow-around can be configured the global level or it must be configured on both incoming and outgoing dial peers. If configured only on either the incoming or outgoing dialpeer, the call will become a flow-through call.
Media flow-around is a good choice to improve scalability and performance when network-topology hiding and bearer-level interworking features are not required
With the default configuration, the Cisco UBE receives media packets from the inbound call leg, terminates them, and then reoriginates the media stream on an outbound call leg. Media flow-around enables media packets to be passed directly between the endpoints, without the intervention of the Cisco UBE. The Cisco UBE continues to handle routing and billing functions.
To specify media flow-around for voice class, all VoIP calls, or individual dial peers, perform the steps in this section. This section contains the following subsections:
•Configuring Media Flow-Around for a Voice Class
•Configuring Media Flow-Around at the Global Level
•Configuring Media Flow-Around for a Dial-Peer
Prerequisites
•The allow-connections sip to sip command must be configured before you configure media flow-around. For more information and configuration steps see the "Configuring SIP-to-SIP Connections in a Cisco Unified Border Element" section of this chapter.
Configuring Media Flow-Around for a Voice Class
To configure media flow-around for a voice class, perform the steps in this section.
SUMMARY STEPS
1. enable
2. configure terminal
3. voice class media 1
4. media flow-around
5. dial-peer voice 2 voip
6. voice-class media 1
7. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode. Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
voice class media tag
Example:
Router(config)# voice class media 1
|
Enters voice-class configuration mode and assign an identification tag for a media voice class.
|
Step 4
|
media flow-around
Example:
Router(config-class)# media flow-around
|
Enables media flow around.
|
Step 5
|
dial-peer voice tag voip
Example:
Router(config-class)# dial-peer voice 2 voip
|
Enters dial-peer configuration mode and assign an identification tag for VoIP.
|
Step 6
|
voice class media tag
Example:
Router(config-dial-peer)# voice class media 1
|
Assign an identification tag for a media voice class.
|
Step 7
|
exit
Example:
Router(config-dial-peer)# exit
|
Exit dial-peer configuration mode.
|
Configuring Media Flow-Around at the Global Level
To configure media flow-around at the global level, perform the steps in this section.
SUMMARY STEPS
1. enable
2. configure terminal
3. voice service voip
4. media flow-around
5. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode. Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
voice service voip
Example:
Router(config)# voice service voip
|
Enters VoIP voice-service configuration mode.
|
Step 4
|
media flow-around
Example:
Router(config-voi-serv)# media flow-around
|
Enables media flow-around.
|
Step 5
|
exit
Example:
Router(config-voi-serv)# exit
|
Exits the current mode.
|
Configuring Media Flow-Around for a Dial-Peer
To configure media flow-around for an individual dial-peer, perform the steps in this section.
Restrictions
If you plan to configure both incoming and outgoing dial peers, you must specify the transparent codec on the incoming dial peer.
SUMMARY STEPS
1. enable
2. configure terminal
3. dial-peer voice 1 voip
4. media flow-around
5. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode. Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
dial-peer voice number voip
Example:
Router(config)# dial-peer voice 2 voip
|
Enters dial-peer configuration mode for the specified VoIP dial peer.
|
Step 4
|
media flow-around
Example:
Router(config-dial-peer)# media flow-around
|
Enables media flow-around.
|
Step 5
|
exit
Example:
Router(config-dial-peer)# exit
|
Exits the current mode.
|
Configuring DTMF Relay Digit-Drop on a Cisco Unified Border Element
To avoid sending both in-band and out-of band tones to the outgoing leg when sending Cisco UBE calls in-band (rtp-nte) to out-of band (h245-alphanumeric), configure the dtmf-relay rtp-nte digit-drop command on the incoming SIP dial-peer. On the H.323 side configure either dtmf-relay h245-alphanumeric or dtmf-relay h245-signal command. This feature can also be used for H.323-to-SIP, and H.323-to-H.323 calls.
Note For a SIP (rtp-nte) to H.323 (h245-alphanumeric) via Cisco UBE call, if any RTP-NTE packets are sent before the H.323 Endpoint answers the call, the dual-tone multifrequency (DTMF) signal is not audible on a terminating gateway (TGW)
To configure DTMF relay digit drop on an Cisco UBE with Cisco Unified Communications Manager, perform the steps in this section.
Restrictions
•You should not configure digit-drop for inband to and from rtp-nte dtmf conversion (this involves transcoder), the digit-drop CLI prevents sending rtp-nte packets from the RTP lib.
•Configuring the digit-drop command is required for interworking between OOB and RTP NTE.
•Digit-drop for in-band rtp-nte DTMF conversion requiring a transcoder is not supported.
•IOS MTP should be used when the Cisco UBE does DTMF interworking between inband G.711 voice and RFC2833 with CCM SIP trunk.
SUMMARY STEPS
1. enable
2. configure terminal
3. dial-peer voice tag voip
4. dtmf-relay [cisco-rtp] [h245-alphanumeric] [h245-signal][rtp-nte [digit-drop]]
5. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
dial-peer voice tag voip
Example:
Router(config)# dial-peer voice 2 voip
|
Enters dial-peer voice configuration mode for the specified VoIP dial peer.
|
Step 4
|
dtmf-relay [cisco-rtp]
[h245-alphanumeric][h245-signal] [rtp-nte
[digit-drop]]
Example:
Router (config-dial-peer)# dtmf-relay rtp-nte
digit-drop
|
Forwards DTMF tones. Keywords are as follows:
•cisco-rtp—Forwards DTMF tones by using RTP with a Cisco-proprietary payload type.
•h245-alphanumeric—Forwards DTMF tones by using the H.245 alphanumeric method.
•h245-signal—Forwards DTMF tones by using the H.245 signal UII method.
•rtp-nte—Forwards DTMF tones by using Real-Time Transport Protocol (RTP) with the Named Telephone Event (NTE) payload type.
•digit-drop—Passes digits out-of-band; and drops in-band digits.
Note The digit-drop keyword is available only when the rtp-nte keyword is configured.
|
Step 5
|
exit
Example:
Router(config-dial-peer)# exit
|
Exits the current mode.
|
Examples
The following example shows DTMF-Relay digits configured to avoid sending both in-band and out-of-band tones to the outgoing leg in an Cisco Unified BE:
dtmf-relay h245-alphanumeric rtp-nte digit-drop
Troubleshooting tips
The debug output will show that the H245 out of band messages are sent to the TGW. However, entry of the digits are not audible on the phone.
Configuring Support for Dynamic Payload Type Interworking for DTMF and Codec Packets for SIP-to-SIP Calls Feature
The Support for Dynamic Payload Type Interworking for DTMF and Codec Packets for SIP-to-SIP Calls feature provides dynamic payload type interworking for dual tone multifrequency (DTMF) and codec packets for Session Initiation Protocol (SIP) to SIP calls.
Based on this feature, the Cisco Unified Border Element interworks between different dynamic payload type values across the call legs for the same codec. Also, Cisco UBE supports any payload type value for audio, video, named signaling events (NSEs), and named telephone events (NTEs) in the dynamic payload type range 96 to 127.
Symmetric and Asymmetric Calls
Cisco UBE supports dynamic payload type negotiation and interworking for all symmetric and asymmetric payload type combinations. A call leg on Cisco UBE is considered as symmetric or asymmetric based on the payload type value exchanged during offer answer with the endpoint:
•A symmetric endpoint accepts and sends the same payload type.
•An asymmetric endpoint can accept and send different payload types.
Default Behavior
The Support for Dynamic Payload Type Interworking for DTMF and Codec Packets for SIP to SIP Calls feature is enabled by default for a symmetric call. An offer is sent with a payload type based on the dial-peer configuration. The answer is sent with the same payload type as was received in the incoming offer. When the payload type values negotiated during the signaling are different, the Cisco UBE changes the Real-Time Transport Protocol (RTP) payload value in the VoIP to RTP media path.
CLI Behavior
The Support for Dynamic Payload Type Interworking for DTMF and Codec Packets for SIP to SIP Calls feature is not enabled by default for an asymmetric call leg. You must use the asymmetric payload command to configure this feature to support asymmetric call legs. The dynamic payload type value is passed across the call legs, and the RTP payload type interworking is not required. The RTP payload type handling is dependent on the endpoint receiving them.
Restrictions
The Support for Dynamic Payload Type Interworking for DTMF and Codec Packets for SIP to SIP Calls feature is not supported for the following:
•H323-to-H323 and H323-to-SIP calls.
•All transcoded calls.
•Secure Real-Time Protocol (SRTP) pass-through calls.
•Flow-around calls.
•Asymmetric payload types are not supported on early-offer (EO) call leg in a delayed-offer to early-offer (DO-EO) scenario.
•Multiple m lines with the same dynamic payload types, where m is:
m = audio <media-port1> RTP/AVP XXX
m = video <media-port2> RTP/AVP XXX
Configuring Dynamic Payload Support at the Global Level
Perform this task to configure the Support for Dynamic Payload Type Interworking for DTMF and Codec Packets for SIP to SIP Calls feature at the global level.
SUMMARY STEPS
1. enable
2. configure terminal
3. voice service voip
4. sip
5. asymmetric payload {dtmf | dynamic-codecs | full | system}
6. end
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
voice service voip
Example:
Router(config)# voice service voip
|
Enters voice service configuration mode.
|
Step 4
|
sip
Example:
Router(conf-voi-serv)# sip
|
Enters voice service SIP configuration mode.
|
Step 5
|
asymmetric payload {dtmf | dynamic-codecs |
full | system}
Example:
Router(conf-serv-sip)# asymmetric payload full
|
Configures global SIP asymmetric payload support.
Note The dtmf and dynamic-codecs keywords are internally mapped to the full keyword to provide asymmetric payload type support for audio and video codecs, DTMF, and NSEs.
|
Step 6
|
end
Example:
Router(conf-serv-sip)# end
|
Exits voice service SIP configuration mode and enters privileged EXEC mode.
|
Configuring Dynamic Payload Support for a Dial Peer
Perform this task to configure Support for Dynamic Payload Type Interworking for DTMF and Codec Packets for SIP to SIP Calls feature for a dial peer.
SUMMARY STEPS
1. enable
2. configure terminal
3. dial-peer voice tag voip
4. voice-class sip asymmetric payload {dtmf | dynamic-codecs | full | system}
5. end
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
dial-peer voice tag voip
Example:
Router(config)# dial-peer voice 77 voip
|
Enters dial peer voice configuration mode.
|
Step 4
|
voice-class sip asymmetric payload {dtmf |
dynamic-codecs | full | system}
Example:
Router(config-dial-peer)# voice-class sip
asymmetric payload full
|
Configures the dynamic SIP asymmetric payload support feature.
Note The dtmf and dynamic-codecs keywords are internally mapped to the full keyword to provide asymmetric payload type support for audio and video codecs, DTMF, and NSEs.
|
Step 5
|
end
Example:
Router(config-dial-peer)# end
|
(Optional) Exits dial peer voice configuration mode and enters privileged EXEC mode.
|
Troubleshooting the Dynamic Payload Type Interworking for DTMF and Codec Packets for SIP to SIP Calls Feature
Use the following commands to debug any errors that you may encounter when you configure the Support for Dynamic Payload Type Interworking for DTMF and Codec Packets for SIP to SIP Calls feature.
•debug ccsip all
•debug voip ccapi inout
•debug voip rtp
Verifying Support for Dynamic Payload Type Interworking for DTMF and Codec Packets for SIP to SIP Calls Feature
This task shows how to display information to verify Support for Dynamic Payload Type Interworking for DTMF and Codec Packets for SIP to SIP Calls configuration. These show commands need not be entered in any specific order.
SUMMARY STEPS
1. enable
2. show call active voice compact
3. show call active voice
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
show call active voice compact
Example:
Router# show call active voice compact
|
(Optional) Displays a compact version of call information.
|
Step 3
|
show call active voice
Example:
Router# show call active voice
|
(Optional) Displays call information for voice calls in progress.
|
Enabling In-Dialog OPTIONS to Monitor Active SIP Sessions
The two common methods to determine whether a SIP session is active; RTP/RTCP media inactivity timer and session timer have limitations when used with the Cisco UBE. The media inactivity (rtp/rtcp) method will not work if flow around mode is configured as the media is sent directly between endpoints without going through the Cisco UBE and session timer cannot be used if the SIP endpoint does not support session timer.
The in-dialog OPTIONS refresh feature introduces a refresh mechanism that addresses these two scenarios, and can be used on SIP-to-SIP and SIP-to-H.323 calls. The refresh with OPTIONS method is meant to only be hop-to-hop, and not end-to-end. Since session timer achieves similar results, the OPTIONs refresh/ping will not take affect when session timer is negotiated. The behavior on the H.323 endpoint is as if it was a TDM-SIP call. The generating in-dialog OPTIONS is enabled at the global level or dialpeer level. The system default setting is disabled. This feature can be use by both a TDM voice gateway and an Cisco UBE.
To enable in-dialog OPTIONS at the global level, or individual dial peers, perform the steps in this section. This section contains the following subsections:
•Methods to Determine Active SIP Sessions
•Enabling In-dialog OPTIONS at the Global Level
•Enabling in-dialog OPTIONS for a Dial-Peer
Methods to Determine Active SIP Sessions
RTP/RTCP
The SIP Media Inactivity Timer enables Cisco gateways to monitor and disconnect VoIP calls if no Real-Time Control Protocol (RTCP) packets are received within a configurable time period.
Session Timer
The SIP Session Timer periodically refresh Session Initiation Protocol (SIP) sessions by sending repeated INVITE requests. The repeated INVITE requests are sent during an active call leg to allow user agents (UA) or proxies to determine the status of a SIP session. The re-INVITES ensure that active sessions stay active and completed sessions are terminated.
Enabling In-dialog OPTIONS at the Global Level
To enable in-dialog OPTIONS at the global level, perform the steps in this section.
Note The global system default setting is disable.
SUMMARY STEPS
1. enable
2. configure terminal
3. voice service voip
4. sip
5. options-ping 90
6. exit
7. end
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
voice service voip
Example:
Router(config)# voice service voip
|
Enters VoIP voice-service configuration mode.
|
Step 4
|
sip
Example:
Router(config-voi-srv)# sip
|
Enters SIP configuration mode.
|
Step 5
|
options-ping
Example:
Router(conf-serv-sip)# options-ping 90
|
Enables in-dialog OPTIONS. OPTIONS transactions are sent, in seconds.
|
Step 6
|
exit
Example:
Router(conf-serv-sip)# exit
|
Exits the current mode.
|
Step 7
|
end
Example:
Router(config-voi-srv)# end
|
Returns to privileged EXEC mode.
|
Enabling in-dialog OPTIONS for a Dial-Peer
To enable in-dialog OPTIONS for an individual dial-peer, perform the steps in this section.
Restrictions
When configuring in-dialog OPTIONS at the dial-peer level OPTIONS must be configured on both incoming and outgoing dial peers.
SUMMARY STEPS
1. enable
2. configure terminal
3. dial-peer voice 1 voip
4. voice-class sip options-ping
5. exit
6. end
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
dial-peer voice number voip
Example:
Router(config)# dial-peer voice 2 voip
|
Enters dial-peer configuration mode for the specified VoIP dial peer.
|
Step 4
|
voice-class sip options-ping
Example:
Router(config-voip-peer)# voice-class sip
options-ping 65
|
Enables intervals OPTIONS transactions to be sent, in seconds.
|
Step 5
|
exit
Example:
Router(config-dial-peer)# exit
|
Exits the current mode.
|
Step 6
|
end
Example:
Router(config-voi-srv)# end
|
Returns to privileged EXEC mode.
|
Configuring Cisco UBE Out-of-dialog OPTIONS Ping for Specified SIP Servers or Endpoints
The Out-of-dialog (OOD) Options Ping feature provides a keepalive mechanism at the SIP level between any number of destinations. A generic heartbeat mechanism allows Cisco Unified Border Element to monitor the status of SIP servers or endpoints and provide the option of busying-out a dial-peer upon total heartbeat failure. When a monitored endpoint heartbeat fails, the dial-peer is busied out. If an alternate dial-peer is configured for the same destination pattern, the call is failed over to the next preferred dial peer, or else the on call is rejected with an error cause code.
The response to options ping will be considered unsuccessful and dial-peer will be busied out for following scenarios:
Table 2 Error Codes that busyout the endpoint
Error Code
|
Description
|
503
|
service unavailable
|
505
|
sip version not supported
|
no response
|
i.e. request timeout
|
All other error codes, including 400 are considered a valid response and the dial peer is not busied out.
Note The purpose of this feature is to determine if the SIP session protocol on the endpoint is UP and available to handle calls. It may not handle OPTIONS message but as long as the SIP protocol is available, it should be able to handle calls.
When a dial-peer is busied out, Cisco Unified Border Element continues the heartbeat mechanism and the dial-peer is set to active upon receipt of a response.
Prerequisites
The following are required for OOD Options ping to function. If any are missing, the Out-of-dialog (OOD) Options ping will not be sent and the dial peer is reset to the default active state.
•Dial-peer should be in active state
•Session protocol must be configured for SIP
•Configure Session target or outbound proxy must be configured. If both are configured, outbound proxy has preference over session target.
Restrictions
•The Cisco Unified Border Element OOD Options ping feature can only be configured at the VoIP Dial-peer level.
•All dial peers start in an active (not busied out) state on a router boot or reboot.
•If a dial-peer has both an outbound proxy and a session target configured, the OOD options ping is sent to the outbound proxy address first.
•Though multiple dial-peers may point to the same SIP server IP address, an independent OOD options ping is sent for each dial-peer.
•If a SIP server is configured as a DNS hostname, OOD Options pings are sent to all the returned addresses until a response is received.
•Configuration for Cisco Unified Border Element OOD and TDM Gateway OOD are different, but can co-exist.
SUMMARY STEPS
1. enable
2. configure terminal
3. dial-peer voice tag voip
4. voice-class sip options-keepalive
5. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode. Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
dial-peer voice tag voip
Example:
Router(config)# dial-peer voice 200 voip
|
Enters dial-peer configuration mode for the VoIP peer designated by tag.
|
Step 4
|
voice-class sip options-keepalive {up-interval
seconds | down-interval seconds | retry retries}
Example:
Router(config-dial-peer)# voice-class sip
options-keepalive up-interval 12 down-interval 65
retry 3
|
Monitors connectivity between endpoints.
•up-interval seconds — Number of up-interval seconds allowed to pass before marking the UA as unavailable.The range is 5-1200. The default is 60.
•down-interval seconds — Number of down-interval seconds allowed to pass before marking the UA as unavailable.The range is 5-1200. The default is 30.
•retry retries — Number of retry attempts before marking the UA as unavailable. The range is 1 to 10. The default is 5 attempts.
|
Step 5
|
exit
Example:
Router(config-dial-peer)# exit
|
Exits the current mode.
|
Troubleshooting Tips
The following commands can help troubleshoot the OOD Options Ping feature:
•debug ccsip all—shows all Session Initiation Protocol (SIP)-related debugging.
•show dial-peer voice x—shows configuration of keepalive information.
Router# show dial-peer voice | in options
voice class sip options-keepalive up-interval 60 down-interval 30 retry 5
voice class sip options-keepalive dial-peer action = active
•show dial-peer voice summary—shows Active or Busyout dial-peer status.
Router# show dial-peer voice summary
TAG TYPE MIN OPER PREFIX DEST-PATTERN KEEPALIVE
111 voip up up 0 syst active
9 voip up down 0 syst busy-out
Configuring an Error Response Code upon an Out-of-Dialog OPTIONS Ping Failure
Cisco Unified Border Element (Cisco UBE) provides an option to configure the error response code when a dial peer is busied out because of an Out-of-Dialog OPTIONS ping failure.
The OPTIONS ping mechanism monitors the status of a remote Session Initiation Protocol (SIP) server, proxy or endpoints. Cisco UBE monitors these endpoints periodically. When there is no response from these monitored endpoints, the configured dial peer is busied out. If the dial-peer endpoint is busied out due to an OPTIONS ping failure, the call is passed on to the next dial-peer endpoint if an alternate dial peer is configured for the same destination. Otherwise the error response 404 is sent. This feature provides the option of configuring the error response code to reroute the call. Therefore when a dial peer is busied out due to the OPTIONS ping failure, the SIP error code configured in the inbound dial-peer is sent as a response.
To configure the SIP error code response, perform the following tasks:
•"Configuring an Error Response Code upon an Out-of-Dialog OPTIONS Ping Failure at the Global Level" section (required)
•Configuring an Error Response Code upon an Out-of-Dialog OPTIONS Ping Failure at the Dial Peer Level (required)
Prerequisites
The Cisco UBE Out-of-Dialog (OOD) OPTIONS Ping for Specified SIP Servers or Endpoints feature should be configured before configuring this error response code for a ping OPTIONS failure.
Restrictions
The error code configuration will not have any effect if it is configured on the outbound dial peer.
Configuring an Error Response Code upon an Out-of-Dialog OPTIONS Ping Failure at the Global Level
Table 3 describes the SIP error codes.
Table 3 SIP Error Codes
Error Code Number
|
Description
|
400
|
Bad Request
|
401
|
Unauthorized
|
402
|
Payment Required
|
403
|
Forbidden
|
404
|
Not Found
|
408
|
Request Timed Out
|
416
|
Unsupported URI
|
480
|
Temporarily Unavailable
|
482
|
Loop Detected
|
484
|
Address Incomplete
|
486
|
Busy Here
|
487
|
Request Terminated
|
488
|
Not Acceptable Here
|
500-599
|
SIP 5xx—Server/Service Failure
|
500
|
Internal Server Error
|
502
|
Bad Gateway
|
503
|
Service Unavailable
|
600-699
|
SIP 6xx—Global Failure
|
To configure the error response code for the OPTIONS ping failure to support the Cisco Unified Border Element at the global level, perform the steps in this section.
SUMMARY STEPS
1. enable
2. configure terminal
3. voice service voip
4. sip
5. error-code-override options-keepalive failure sip-status-code-number
6. end
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
voice service voip
Example:
Router(config)# voice service voip
|
Enters voice service configuration mode.
|
Step 4
|
sip
Example:
Router(conf-voi-serv)# sip
|
Enters voice service SIP configuration mode.
|
Step 5
|
error-code-override options-keepalive failure
sip-status-code-number
Example:
Router(conf-serv-sip)# error-code-override
options-keepalive failure 402
|
Configures the specified SIP error code number.
•sip-status-code-number —SIP status code to be sent for an options keepalive failure. Range: 400 to 699. Default: 503.
•Table 3 provides more details about these error codes.
|
Step 6
|
end
Example:
Router(conf-serv-sip)# end
|
Exits voice service SIP configuration mode and returns to privileged EXEC mode.
|
Configuring an Error Response Code upon an Out-of-Dialog OPTIONS Ping Failure at the Dial Peer Level
To configure the error response code for the OPTIONS ping failure to support the Cisco Unified Border Element at the dial-peer level, perform the steps in this section.
SUMMARY STEPS
1. enable
2. configure terminal
3. dial-peer voice voice-dial-peer-tag voip
4. voice-class sip error-code-override options-keepalive failure {sip-status-code-number | system}
5. end
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
dial-peer voice voice-dial-peer-tag voip
Example:
Router(config)# dial-peer voice 234 voip
|
Enters dial peer voice configuration mode.
|
Step 4
|
voice-class sip error-code-error-override
options-keepalive failure
{sip-status-code-number | system}
Example:
Router(config-dial-peer)# voice-class sip
error-code-override options-keepalive failure
500
|
Configures the specified SIP error code number.
•sip-status-code-number —SIP status code to be sent for an options keepalive failure. Range: 400 to 699. Default: 503.
•Table 3 provides more details about these error codes.
Note If the system keyword is configured, the global level configuration will override the dial-peer configuration.
|
Step 5
|
end
Example:
Router(config-dial-peer)# end
|
Exits dial peer voice configuration mode and returns to privileged EXEC mode.
|
Troubleshooting Tips
The following debug commands display any error that occurs with the error code response:
•debug ccsip messages—shows SIP messages.
Router# debug ccsip messages
SIP Call messages tracing is enabled
•debug ccsip all—shows all SIP-related debugging.
This may severely impact system performance. Continue? [confirm]
All SIP Call tracing is enabled
Configuring SIP Parameters
The SIP Parameters feature allow customers to add, remove, or modify the SIP parameters in the SIP messages going out of a border element. The SIP message is generated from the standard signaling stack, but runs the message through a parser which can add, delete or modify specific parameters. This allows interoperability with additional third party devices that require specific SIP message formats. All SIP methods and responses are supported, profiles can be added either in dial-peer level or global level. Basic Regular Expression support would be provided for modification of header values. SDP parameters can also be added, removed or modified.
This feature is applicable only for outgoing SIP messages. Changes to the messages are applied just before they are sent out, and the SIP SPI code does not remember the changes. Because there are no restrictions on the changes that can be applied, users must be careful when configuring this feature - for example, the call might fail if a regular expression to change the To tag value is configured.
The all keyword is used to apply rules on all requests and responses.
Restrictions
•This feature applies to outgoing SIP messages.
•This feature is disabled by default.
•Removal of mandatory headers is not supported.
•This feature allows removal of entire MIME bodies from SIP messages. Addition of MIME bodies is not supported.
SUMMARY STEPS
1. enable
2. configure terminal
3. dial-peer voice number voip
4. voice-class sip profiles group-number
5. response option sip-header option ADD word CR
6. exit
7. end
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
voice service number voip
Example:
Router(config)# voice service 1 voip
|
Enters VoIP voice-service configuration mode.
|
Step 4
|
voice-class sip-profiles group-number
Example:
Router(config)# voice-class sip profiles 42
|
Establishes individual sip profiles defined by a group-number. Valid group-numbers are from 1 to 1000.
|
Step 5
|
response option sip-header option ADD word CR
Example:
Router(config)# request INVITE sip-header
supported remove
|
Add, change, or delete any SIP or SDP header in voice class or sip-profile submode.
|
Step 6
|
exit
Example:
Router(config-dial-peer)# exit
|
Exits the current mode.
|
Step 7
|
end
Example:
Router(config-voi-srv)# end
|
Returns to privileged EXEC mode.
|
Example
allow-connections sip to sip
midcall-signaling passthru
voice class sip-profiles 1
request INVITE sip-header Supported remove
request INVITE sip-header Min-SE remove
request INVITE sip-header Session-Expires remove
request INVITE sip-header Unsupported modify "Unsupported:" "timer"
Configurable SIP Parameters via DHCP
The Configurable SIP Parameters via DHCP feature allows a Dynamic Host Configuration Protocol (DHCP) server to provide Session Initiation Protocol (SIP) parameters via a DHCP client. These parameters are used for user registration and call routing.
The DHCP server returns the SIP Parameters via DHCP options 120 and 125. These options are used to specify the SIP user registration and call routing information. The SIP parameters returned are the SIP server address via Option 120, and vendor-specific information such as the pilot, contract or primary number, an additional range of secondary numbers, and the SIP domain name via Option 125.
In the event of changes to the SIP parameter values, this feature also allows a DHCP message called DHCPFORCERENEW to reset or apply a new set of values.
The SIP parameters provisioned by DHCP are stored, so that on reboot they can be reused.
Prerequisites for Configurable SIP Parameters via DHCP
•A DHCP interface has to be associated with SIP before configurable SIP parameters via DHCP can be enabled.
Restrictions for Configurable SIP Parameters via DHCP
•DHCP Option 120 is the standard DHCP option (RFC3361) to get a SIP server address, and this can be used by any vendor DHCP server. Only one address is supported, which is in the IPv4 address format. Multiple IPv4 address entries are not supported. Also, there is no support for a DNS name in this or for any port number given behind the IPv4 address.
•DHCP Option 125 (RFC 3925) provides vendor-specific information and its interpretation is associated with the enterprise identity. The primary and secondary phone numbers and domain are obtained using Option 125, which is vendor-specific. As long as other customers use the same format as in the Next Generation Network (NGN) DHCP specification, they can use this feature.
•A primary or contract number is required in suboption 202 of DHCP Option 125. There can be only one instance of the primary number and not multiple instances.
•Multiple secondary or numbers in suboption 203 of DHCP Option 125 are supported. Up to five numbers are accepted and the rest ignored. Also, they have to follow the contract number in the DHCP packet data.
•Authentication is not supported for REGISTER and INVITE messages sent from a Cisco Unified Border Element that uses DHCP provisioning
•The DHCP provisioning of SIP Parameters is supported only over one DHCP interface.
•The DHCP option is available only to be configured for the primary registrar. It will not be available for a secondary registrar.
Information About Configurable SIP Parameters via DHCP
To perform basic Configurable SIP Parameters via DHCP configuration tasks, you should understand the following concepts:
•Cisco Unified Border Element Support for Configurable SIP Parameters via DHCP
•DHCP to Provision SIP Server, Domain Name, and Phone Number
•DHCP-SIP Call Flow
•DHCP Message Details
Cisco Unified Border Element Support for Configurable SIP Parameters via DHCP
The Cisco Unified Border Element provides the support for the DHCP provisioning of the SIP parameters.
The NGN is modeled using SIP as a VoIP protocol. In order to connect to NGN, the User to Network Interface (UNI) specification is used. Cisco TelePresence Systems (CTS), consisting of an IP Phone, a codec, and Cisco Unified Communications Manager, are required to internetwork over the NGN for point-to-point and point-to-multipoint video calls. Because Cisco Unified Communications Manager does not provide a UNI interface, there has to be an entity to provide the UNI interface. The Cisco Unified Border Element provides the UNI interface and has several advantages such as demarcation, delayed offer to early offer, and registration.
Figure 1 shows the Cisco Unified Border Element providing the UNI interface for the NGN.
Figure 1 Cisco NGN with Cisco Unified Border Element providing UNI interface
DHCP to Provision SIP Server, Domain Name, and Phone Number
NGN requires Cisco Unified Border Element to support DHCP (RFC 2131 and RFC 2132) to provision the following:
•IP address for Cisco Unified Border Element's UNI interface facing NGN
•SIP server address using option 120
•Option 125 vendor specific information to get:
–Pilot number (also called primary or contract number), there is only one pilot number in DHCPACK, and REGISTER is done only for the pilot number
–Additional numbers, or secondary numbers, are in DHCPACK; there is no REGISTER for additional numbers
–SIP domain name
•DHCPFORCERENEW to reset or apply a new set of SIP parameters (RFC 3203)
DHCP-SIP Call Flow
The following scenario shows the DHCP messages involved in provisioning information such as the IP address for UNI interface, and SIP parameters including the SIP server address, phone number, and domain name, along with how SIP messages use the provisioned information.
Figure 2 shows the DHCP and SIP messages involved in obtaining the SIP parameters and using them for REGISTER and INVITE.
Figure 2 DHCP-SIP Call Flow
DHCP Message Details
The DHCP call flow involved in obtaining Cisco Unified Border Element provision information, including the IP address for UNI interface and SIP information such as phone number, domain, and SIP server, is shown in Figure 2.
Figure 3 DHCP Message Details
The DHCP messages involved in provisioning the SIP parameters are described in Steps 1 to 6.
1. F1: The Cisco Unified Border Element DHCP client sends a DHCPDISCOVER message to find the available NGN DHCP servers on the network and obtain a valid IPv4 address. The Cisco Unified Border Element DHCP client identity (computer name) and MAC address are included in this message.
2. F2: The Cisco Unified Border Element DHCP client receives a DHCPOFFER message from each available NGN DHCP server. The DHCPOFFER message includes the offered DHCP server's IPv4 address, the DHCP client's MAC address, and other configuration parameters.
3. F3: The Cisco Unified Border Element DHCP client selects an NGN DHCP server and its IPv4 address configuration from the DHCPOFFER messages it receives, and sends a DHCPREQUEST message requesting its usage. Note that this is where Cisco Unified Border Element requests SIP server information via DHCP Option 120 and vendor- identifying information via DHCP Option 125.
4. F4: The chosen NGN DHCP server assigns its IPv4 address configuration to the Cisco Unified Border Element DHCP client by sending a DHCPACK message to it. The Cisco Unified Border Element DHCP client receives the DHCPACK message. This is where the SIP server address, phone number and domain name information are received via DHCP options 120 and 125. The Cisco Unified Border Element will use the information for registering the phone number and routing INVITE messages to the given SIP server.
5. F5: When NGN has a change of information or additional information (such as changing SIP server address from 1.1.1.1 to 2.2.2.2) for assigning to Cisco Unified Border Element, the DHCP server initiates DHCPFORCERENEW to the Cisco Unified Border Element. If the authentication is successful, the Cisco Unified Border Element DHCP client accepts the DHCPFORCERENEW and moves to the next stage of sending DHCPREQUEST. Otherwise DHCPFORCERENEW is ignored and the current information is retained and used.
6. F6 and F7: In response to DHCPFORCERENEW, similar to steps F3 and F4, the Cisco Unified Border Element requests DHCP Options 120 and 125. Upon getting the response, SIP will apply these parameters if they are different by sending an UN-REGISTER message for the previous phone number and a REGISTER message for the new number. Similarly, a new domain and SIP server address will be used. If the returned information is the same as the current set, it is ignored and hence registration and call routing remains the same.
How to Configure SIP Parameters via DHCP
To configure SIP parameters via DHCP, perform the following tasks:
•Configuring the DHCP Client (Required)
•Enabling the SIP Configuration (Required)
•Configuring a SIP Outbound Proxy Server (Required)
•Enabling Forced Update of SIP Parameters via DHCP (Required)
Configuring the DHCP Client
To receive the SIP configuration parameters the Cisco Unified Border Element has to act as a DHCP client. This is because in the NGN network, a DHCP server pushes the configuration to a DHCP client. Thus the Cisco Unified Border Element must be configured as a DHCP client.
Perform this task to configure the DHCP client.
Prerequisites
You must configure the ip dhcp client commands before entering the ip address dhcp command on an interface to ensure that the DHCPDISCOVER messages that are generated contain the correct option values. The ip dhcp client commands are checked only when an IP address is acquired from DHCP. If any of the ip dhcp client commands are entered after an IP address has been acquired from DHCP, the DHCPDISCOVER messages' correct options will not be present or take effect until the next time the router acquires an IP address from DHCP. This means that the new configuration will only take effect after either the ip address dhcp command or the release dhcp and renew dhcp EXEC commands have been configured.
SUMMARY STEPS
1. enable
2. configure terminal
3. interface type number
4. ip address dhcp
5. ip dhcp client request sip-server-address
6. ip dhcp client request vendor-identifying-specific
7. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
interface type number
Example:
Router(config)# interface gigabitethernet 0/0
|
Configures an interface type and enters interface configuration mode.
|
Step 4
|
ip dhcp client request sip-server-address
Example:
Router(config-if)# ip dhcp client request
sip-server-address
|
Configures the DHCP client to request a SIP server address from a DHCP server.
|
Step 5
|
ip dhcp client request
vendor-identifying-specific
Example:
Router(config-if)# ip dhcp client request
vendor-identifying-specific
|
Configures the DHCP client to request vendor-specific information from a DHCP server.
|
Step 6
|
ip address dhcp
Example:
Router(config-if)# ip address dhcp
|
Acquires an IP address on the interface from the DHCP.
|
Step 7
|
exit
Example:
Router(config-if)# exit
|
Exits the current mode.
|
Enabling the SIP Configuration
Enabling the SIP configuration allows the Cisco Unified Border Element to use the SIP parameters received via DHCP for user registration and call routing.
Perform this task to enable the SIP configuration.
Prerequisites
The dhcp interface command has to be entered to declare the interface before the registrar and credential commands are entered.
SUMMARY STEPS
1. enable
2. configure terminal
3. interface type number
4. sip-ua
5. dhcp interface type number
6. registrar dhcp expires seconds random-contact refresh-ratio seconds
7. credentials dhcp password [0 | 7] password realm domain-name
8. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
interface type number
Example:
Router(config)# interface gigabitethernet 0/0
|
Configures an interface type and enters interface configuration mode.
|
Step 4
|
sip-ua
Example:
Router(config-if)# sip-ua
|
Enters SIP user-agent configuration mode.
|
Step 5
|
dhcp interface type number
Example:
Router(sip-ua)# dhcp interface gigabitethernet
0/0
|
Assigns a specific interface for DHCP provisioning of SIP parameters.
•Multiple interfaces on the CUBE can be configured with DHCP—this command specifies the DHCP interface used with SIP.
|
Step 6
|
registrar dhcp expires seconds random-contact
refresh-ratio seconds
Example:
Router(sip-ua)# registrar dhcp expires 100
random-contact refresh-ratio 90
|
Registers E.164 numbers on behalf of analog telephone voice ports (FXS) and IP phone virtual voice ports (EFXS) with an external SIP proxy or SIP registrar server.
•expires seconds—Specifies the default registration time, in seconds. Range is 60 to 65535. Default is 3600.
•refresh-ratio seconds—Specifies the refresh-ratio, in seconds. Range is 1 to 100 seconds. Default is 80.
|
Step 7
|
credentials dhcp password [0 | 7] password realm
domain-name
Example:
Router(sip-ua)# credentials dhcp password cisco
realm cisco.com
|
Sends a SIP registration message from a Cisco Unified Border Element in the UP state.
|
Step 8
|
exit
Example:
Router(sip-ua)# exit
|
Exits the current mode.
|
Troubleshooting Tips
To display information on DHCP and SIP interaction when SIP parameters are provisioned by DHCP, use the debug ccsip dhcp command in privileged EXEC mode.
Configuring a SIP Outbound Proxy Server
An outbound-proxy configuration sets the Layer 3 address (IP address) for any outbound REGISTER and INVITE SIP messages. The SIP server can be configured as an outbound proxy server in voice service SIP configuration mode or dial peer configuration mode. When enabled in voice service SIP configuration mode, all the REGISTER and INVITE messages are forwarded to the configured outbound proxy server. When enabled in dial-peer configuration mode, only the messages hitting the defined dial-peer will be forwarded to the configured outbound proxy server.
The configuration tasks in each mode are presented in the following sections:
•Configuring a SIP Outbound Proxy Server in Voice Service VoIP Configuration Mode
•Configuring a SIP Outbound Proxy Server and Session Target in Dial Peer Configuration Mode
Perform either of these tasks to configure the SIP server as a SIP outbound proxy server.
Configuring a SIP Outbound Proxy Server in Voice Service VoIP Configuration Mode
Perform this task to configure the SIP server as a SIP outbound proxy server in voice service SIP configuration mode.
SUMMARY STEPS
1. enable
2. configure terminal
3. voice service voip
4. sip
5. outbound-proxy dhcp
6. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
voice service voip
Example:
Router(config)# voice service voip
|
Enters voice service VoIP configuration mode and specifies VoIP as the voice-encapsulation type.
|
Step 4
|
sip
Example:
Router(config-voi-srv)# sip
|
Enters voice service SIP configuration mode.
|
Step 5
|
outbound-proxy dhcp
Example:
Router(conf-serv-sip)# outbound-proxy dhcp
|
Configures the DHCP client to request a SIP server address from a DHCP server.
|
Step 6
|
exit
Example:
Router(config-serv-sip)# exit
|
Exits the current mode.
|
Configuring a SIP Outbound Proxy Server and Session Target in Dial Peer Configuration Mode
Perform this task to configure the SIP server as a SIP outbound proxy server in dial peer configuration mode.
Restrictions
SIP must be configured on the dial pier before DHCP is configured. Therefore the session protocol sipv2 command must be executed before the session target dhcp command. DHCP is supported only with SIP configured on the dial peer.
SUMMARY STEPS
1. enable
2. configure terminal
3. dial-peer voice number voip
4. session protocol sipv2
5. voice-class sip outbound-proxy dhcp
6. session target dhcp
7. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
dial-peer voice number voip
Example:
Router(config)# dial-peer voice 10 voip
|
Defines a dial peer, specifies VoIP as the method of voice encapsulation, and enters dial peer configuration mode.
|
Step 4
|
session protocol sipv2
Example:
Router(config-dial-peer)# session protocol sipv2
|
Enters the session protocol type as SIP.
|
Step 5
|
voice-class sip outbound-proxy dhcp
Example:
Router(config-dial-peer)# voice-class sip
outbound-proxy dhcp
|
Configures the SIP server received from the DHCP server as a SIP outbound proxy server.
|
Step 6
|
session target dhcp
Example:
Router(config-dial-peer)# session target dhcp
|
Specifies that the DHCP protocol is used to determine the IP address of the session target.
|
Step 7
|
exit
Example:
Router(config-dial-peer)# exit
|
Exits the current mode.
|
Enabling Forced Update of SIP Parameters via DHCP
In the event of changes to the SIP parameter values, a DHCP message called DHCPFORCERENEW can reset or apply a new set of values. The NGN can add or change phone number, SIP server address and domain name by sending DHCPFORCERENEW. When the SIP server receives the SIP parameter values, it compares the existing values to see if they are the same or if they have changed. If they are the same, the existing SIP parameters continue to be used. If they are different, the current phone number is unregistered and the new one registered, and the new SIP server address and domain name are used.
Prerequisites
The DHCP provisioning of SIP parameters must be enabled.
This feature provides the ability for a DHCP server to add or change SIP signaling configuration and routing information related parameters via DHCP FORCERENEW. The DHCP client in IOS is required to restart REGISTRATION and use updated parameters for subsequent SIP dialogs
•Commands Required to turn on the feature.
–dhcp interface <intf>
–registrar dhcp
–credentials dhcp password <password> realm <realm>
Restrictions
•DHCP Option 120 is the standard DHCP option (RFC3361) to get an SIP server address, and this can be used by any vendor DHCP server. Only one address is supported, which is in the IPv4 address format. Multiple IPv4 address entries are not supported. Additionally, a DNS name and any port number given behind the IPv4 address is not supported.
•DHCP Option 125 (RFC3925) provides vendor specific information. Its interpretation is tied up with the enterprise id. The primary and secondary phone numbers and domain are obtained using option 125 which is vendor specific. As long as other customers use the same format as in the NGN DHCP specification, they can leverage this feature.
•The presence of the primary number in sub-option 202 of DHCP option 125 is mandatory. There can only be one instance of the primary number and not multiple instances.
•Multiple secondary numbers in sub-option 203 of DHCP option 125 are supported. Up to five numbers are accepted and the rest are ignored. Also, they have to follow behind the primary number in the DHCP packet data.
•Authentication is not supported for REGISTER and INVITE messages sent from a CUBE that uses DHCP provisioning.
•The DHCP provisioning of SIP Parameters is only supported over one DHCP interface.
•The DHCP option is only available to be configured for the primary registrar. It will not be available for a secondary registrar.
SUMMARY STEPS
1. enable
2. configure terminal
3. ip dhcp-client forcerenew
4. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode. Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
ip dhcp-client forcerenew
Example:
Router> ip dhcp-client forcerenew
|
Causes the DHCP server to force an immediate update to DHCP Client.
|
Step 4
|
exit
Example:
Router> exit
|
Exits the current mode.
|
Configuration Examples for Configurable SIP Parameters via DHCP
This section contains the following configuration examples:
•Configuring the DHCP Client: Example
•Enabling the SIP Configuration: Example
•Configuring a SIP Outbound Proxy Server in Voice Service VoIP Configuration Mode: Example
•Configuring a SIP Outbound Proxy Server in Dial Peer Configuration Mode: Example
•Enabling Forced Update of SIP Parameters via DHCP: Example
Configuring the DHCP Client: Example
The following is an example of how to enable the DHCP client:
Router# configure terminal
Router(config)# interface gigabitethernet 1/1
Router(config-if)# ip dhcp client request sip-server-address
Router(config-if)# ip dhcp client request vendor-identifying-specific
Router(config-if)# ip address dhcp
Enabling the SIP Configuration: Example
The following is an example of how to enable the SIP configuration:
Router# configure terminal
Router(config)# interface gigabitethernet 1/0
Router(config-if)# sip-ua
Router(sip-ua)# dhcp interface gigabitethernet 1/0
Router(sip-ua)# registrar dhcp expires 90 random-contact refresh-ratio 90
Router(sip-ua)# credentials dhcp password cisco realm cisco.com
Configuring a SIP Outbound Proxy Server in Voice Service VoIP Configuration Mode: Example
The following is an example of how to configure a SIP outbound proxy in voice service SIP
configuration mode:
Router# configure terminal
Router(config)# voice service voip
Router(config-voi-srv)# sip
Router(conf-serv-sip)# outbound-proxy dhcp
Router(config-serv-if)# exit
Configuring a SIP Outbound Proxy Server in Dial Peer Configuration Mode: Example
The following is an example of how to configure a SIP outbound proxy in dial peer
configuration mode:
Router# configure terminal
Router(config)# dial-peer voice 11 voip
Router(config-dial-peer)# session protocol sipv2
Router(config-dial-peer)# voice-class sip outbound-proxy dhcp
Router(config-dial-peer)# session target dhcp
Router(config-dial-peer)# exit
Enabling Forced Update of SIP Parameters via DHCP: Example
The following is an example of how to enable forced update of SIP parameters via DHCP:
Router# configure terminal
Router(config)# ip dhcp-client forcerenew
Configuring SIP Listening Port
To manually change the SIP listen port for UDP/TCP/TLS calls, perform the steps in this section:
Prerequisites
•Configure the shutdown command in sip configuration mode first. This ensures that there are no active calls when the SIP listen port is changed. If SIP service is not shutdown, the listen-port command flashes an error message saying "shutdown SIP service before changing SIP listen port".
•This feature is applicable for both incoming and outgoing call SIP.
•The IP-to-IP gateway port number defined in global configuration will be used for both IN leg and OUT leg.
Restrictions
•Configuring SIP listening port on a dial-peer basis is not supported.
•Configuring the same listening port for both UDP/TCP and TLS is not supported.
•Configuring SIP listen port to a port that is already in use is not supported, and results in an error message.
•Changing the SIP listening port when Transport Process (TCP/UDP/TLS) services are shutdown, will not close or reopen the port. The only result is that the new port number is updated. The new port is bound when transport services (TCP/UDP/TLS) is enabled.
•Both secure and non-secure keywords are supported on Crypto images
•The non-secure keyword is supported on non-Crypto images.
SUMMARY STEPS
1. enable
2. configure terminal
3. voice service voip
4. sip
5. listen-port {non-secure | secure} port-number
6. exit
7. end
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
voice service voip
Example:
Router(config)# voice service voip
|
Enters VoIP voice-service configuration mode.
|
Step 4
|
sip
Example:
Router(config-voi-srv)# sip
|
Enters SIP configuration mode.
|
Step 5
|
listen-port {non-secure | secure} port-number
Example:
Router (config-voip-peer)# listen-port secure
3000
|
Port number. Range: 1 to 65535. The default for UDP/TCP is 5060, the default for TLS is 5061.
Image Support
•The secure and non-secure keywords are supported on Crypto images.
•The non-secure keyword is supported on non-Crypto images.
|
Step 6
|
exit
Example:
Router(config-dial-peer)# exit
|
Exits the current mode.
|
Step 7
|
end
Example:
Router(config-voi-srv)# end
|
Returns to privileged EXEC mode.
|
Configuring Bandwidth Parameters for SIP Calls
This feature provides a CLI command that is configured under each dialpeer that is triggered when an outbound SIP call is made using this dialpeer. The configured value for the Bandwidth command overwrite the default bandwidth that is determined by the codec selected. This command is helpful to allow the bandwidth to be signalled independent of the specific codec used
To manually change the SIP listen port for UDP/TCP/TLS calls, perform the steps in this section:
Prerequisites
•Configure the shutdown command in sip configuration mode first. This ensures that there are no active calls when the SIP listen port is changed. If SIP service is not shutdown, the listen-port command flashes an error message saying "shutdown SIP service before changing SIP listen port".
•This feature is applicable for both incoming and outgoing call SIP.
•The Cisco Unified BE port number defined in global configuration will be used for both IN leg and OUT leg.
Restrictions
•Configuring SIP listening port on a dial-peer basis is not supported.
Configuring Support for Session Refresh with Reinvites
Configuring support for session refresh with reinvites expands the ability of the Cisco Unified BE to receive a REINVITE message that contains either a session refresh parameter or a change in media via a new SDP and ensure the session does not time out. The midcall-signaling command distinguishes between the way a Cisco Unified Communications Express and Cisco Unified Border Element releases signaling messages. Most SIP-to-SIP video and SIP-to-SIP ReInvite-based supplementary services features require the Configuring Session Refresh with Reinvites feature to be configured.
Cisco IOS Release 12.4(15)XZ and Earlier Releases
Session refresh support via OPTIONS method. For configuration information, see the "Enabling In-Dialog OPTIONS to Monitor Active SIP Sessions" section.
Cisco IOS Release 12.4(15)XZ and Later Releases
Cisco Unified BE transparently passes other session refresh messages and parameters so that UAs and proxies can establish keepalives on a call.
Prerequisites
•The allow-connections sip to sip command must be configured before you configure the Session refresh with Reinvites feature. For more information and configuration steps see the "Configuring SIP-to-SIP Connections in a Cisco Unified Border Element" section.
Restrictions
•SIP-to-SIP video calls and SIP-to-SIP ReInvite-based supplementary services fail if the midcall-signaling command is not configured.
Note The following features function if the midcall-signaling command is not configured: session refresh, fax, and refer-based supplementary services.
•Configuring Session Refresh with Reinvites is for SIP-to-SIP calls only. All other calls (H323-to-SIP, and H323-to-H323) do not require the midcall-signaling command be configured
•Configuring the Session Refresh with Reinvites feature on a dial-peer basis is not supported.
SUMMARY STEPS
1. enable
2. configure terminal
3. voice service voip
4. sip
5. midcall-signaling passthru
6. exit
7. end
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
voice service voip
Example:
Router(config)# voice service voip
|
Enters VoIP voice-service configuration mode.
|
Step 4
|
sip
Example:
Router(conf-voi-serv)# sip
|
Enters SIP configuration mode.
|
Step 5
|
midcall-signaling passthru
Example:
Router(conf-serv-sip)# midcall-signaling passthru
|
Passes SIP messages from one IP leg to another IP leg.
|
Step 6
|
exit
Example:
Router(conf-serv-sip)# exit
|
Exits the current mode.
|
Step 7
|
end
Example:
Router(conf-serv-sip) end
|
Returns to privileged EXEC mode.
|
Sending a SIP Registration Message from a Cisco Unified Border Element
The credentials command allows you to send a SIP registration message from a Cisco Unified Border Element in the UP state. Registration can include numbers, number ranges (such as E.164-numbers), or text information.
Before Cisco IOS Release12.4(24)T, a POTS dial peer was required to register numbers from a Cisco Unified Border Element in the UP state. The credentials command is modified in Release 12.4(24s)T to allow for registration of the E.164-numbers, if there is no POTS dial peer.
Prerequisites
Configure a registrar in sip user-agent configuration mode.
SUMMARY STEPS
1. enable
2. configure terminal
3. sip-uaF
4. credentials username username password password realm domain-name
5. exit
6. end
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
sip-ua
Example:
Router(config)# sip-ua
|
Enters sip user-agent configuration mode.
|
Step 4
|
credentials username username password password
realm domain-name
Example:
Router(config-sip-ua)# credentials username alex
password test realm cisco.com
|
Enters SIP digest credentials in sip-ua configuration mode.
|
Step 5
|
exit
Example:
Router(config-sip-ua)# exit
|
Exits the current mode.
|
Step 6
|
end
Example:
Router(config)# end
|
Returns to privileged EXEC mode.
|
Configuring Adjustable Timers for Registration Refresh and Retries
Configuring Adjustable Timers for Registration Refresh and Retries provides the ability for IOS software to refresh the REGISTER at a configurable fraction of the expiry timer specified in the 200 OK response of the REGISTER request. The feature also provides the ability to retransmit REGISTER upon receiving failure responses as per the min-expires header value in a "423 interval too brief" response, or retry-after if header value if present or terminal re-registration interval if retry-after header value is absent in 4xx/5xx/6xx responses. Additionally, the ability to retransmit REGISTER per Timer E up to 32 seconds, and at a command line interface controlled random interval thereafter.
This feature addresses the UNI SIP registration specification requirements on Cisco Unified Border Element to interwork CTS over NGN and includes the following are SIP registration enhancements:
423 Interval Too Brief Response Handling
Cisco Unified Border Element retransmits the REGISTER request with the received Min-Expires value in the 423 response. The retransmit interval is the same as the configured REGISTER refresh ratio.
If the registration response from the REGISTRAR server is a "423 Interval Too Brief", the configured registration expires time-value sent in the REGISTER message does not apply. The 423 response contains the acceptable expires time value in the Min-Expires header. The newly received time value is then used in the Expires header when the next registration refresh request is sent.
4xx/5xx/6xx Error Response Handling (Except 423)
If the registration response from the REGISTRAR server is a 4xx/5xx/6xx (except 423) message, an error has occurred. The retransmit interval uses the value in the Retry-After header if present in the 4xx/5xx/6xx response. The only supported Retry-After header format is `Retry-After:1800'. If "Retry-After" header is not present in the error response, the configured refresh ratio and "Expires" time value will be used to calculate the interval between the sending of the next REGISTER message or it will be the default retransmit interval.
Configurable REGISTER Refresh Ratio
The Cisco Unified Border Element sends REGISTER refresh at 40% to 50% of the expiry time as specified in 200 OK response of REGISTER request. Use the refresh-ratio keyword to configure the REGISTER refresh ratio. If the refresh-ratio option is not configured, the default REGISTER refresh ratio is 80% of the expiry timer. The minimum refresh interval is one minute.
No REGISTER Response Handling
The Cisco Unified Border Element handles no response to REGISTER by retransmitting at intervals Timer E for up to a maximum of 32 seconds. If no REGISTER response is received from the REGISTRAR server, the REGISTER message will be retransmitted. By configuring the retry register command to 10, the Cisco Unified Border Element retransmits the REGISTER (starting at 500 ms) and continues to retransmit at double the rate, to a maximum of 4 seconds. The default REGISTER retransmit count is six retries, after which the Cisco Unified Border Element retries REGISTER request at a random interval (5 to 10 minutes).
There is a two minute interval after which the REGISTER retransmits begin again. The retry register exhausted-random-interval command allows the user to set a desired interval after the number of REGISTER retransmits have been exhausted. This also allows the user to set a range in which a number (in minutes) is randomly generated and used as the interval between retransmission exhaustion.
The default REGISTER refresh ratio is eighty percent (80%) of the expiry time. The default REGISTER error retransmit interval is 5% of the configured expiry time or two minutes, whichever is greater.
Random String in REGISTER Contact
Cisco Unified Border Element uses a random string in the Contact header of the REGISTER message. The random string consists of alphanumeric characters. A different random string is generated and used for each number registered.
To configure Adjustable Timers for Registration Refresh and Retries, perform the steps in this section:
SUMMARY STEPS
1. enable
2. configure terminal
3. sip-ua
4. registrar expires seconds refresh-ratio seconds random-contact
5. retry register retries exhausted-random-interval minimum minutes maximum minutes
6. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode. Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
sip-ua
Example:
|
Enters the SIP user agent (sip-ua) configuration mode to configure SIP-UA related commands.
|
Step 4
|
registrar expires seconds refresh-ratio seconds
random-contact
Example:
Router(config-sip-ua)# registrar expires 60
refresh-ratio 45 random-contact
|
Configures the SIP registrar for retry attempts. The keywords are as follows:
•expires—Registration expires time. Range is 60 to 65535. Default is 3600.
•refresh-ratio—Registration refresh ratio expressed as a percentage. Valid entries are 1 to 100. The default is 80.
•random-contact—Random String Contact Header.
|
Step 5
|
retry register retries exhausted-random-interval
minimum minutes maximum minutes
Example:
Router(config-sip-ua)# retry register 4
exhausted-random-interval minimum 4 maximum 5
|
Sets the total number of SIP register messages that the gateway should send. The keywords are as follows:
•retries—Total number of register messages that the gateway should send. The range is from 1 to 10. The default is 10 retries.
•exhausted-random-interval—specifies that the register request is generated within the defined time interval.
•minimum minutes—Sets the minimum time interval, in minutes.
•maximum minutes—Sets the maximum time interval in minutes.
|
Step 6
|
exit
Example:
Router(config-sip-ua)# exit
|
Exits the current mode.
|
Cisco Unified Border Element Support for SRTP-RTP Internetworking
The Cisco Unified Border Element Support for SRTP-RTP Internetworking feature allows secure enterprise-to-enterprise calls. The feature also provides operational enhancements for Session Initiation Protocol (SIP) trunks from Cisco Unified Call Manager and Cisco Unified Call Manager Express. Support for Secure Real-Time Transport Protocol (SRTP)-RTP internetworking between one or multiple Cisco Unified Border Elements is enabled for SIP-SIP audio calls.
Prerequisites for Cisco Unified Border Element Support for SRTP-RTP Internetworking
The Cisco Unified Border Element Support for SRTP-RTP Internetworking feature is supported in Cisco Unified CallManager 7.0 and later releases.
Restrictions for Cisco Unified Border Element Support for SRTP-RTP Internetworking
The following features are not supported by the Cisco Unified Border Element Support for SRTP-RTP Internetworking feature:
•Voice-class codec
•Call admission control (CAC) support
•Rotary SIP-SIP
•T.38 Fax
•Early offer to delayed offer calls
•Delayed offer to early offer calls
Information About Cisco Unified Border Element Support for SRTP-RTP Internetworking
To configure support for SRTP-RTP internetworking, you should understand the following concepts:
•Cisco Unified Border Element Support for SRTP-RTP Internetworking
•TLS on the Cisco Unified Border Element
Cisco Unified Border Element Support for SRTP-RTP Internetworking
The Cisco Unified Border Element Support for SRTP-RTP Internetworking feature connects SRTP Cisco Unified CallManager domains with the following:
•RTP Cisco Unified CallManager domains. Domains that do not support SRTP, or have not been configured for SRTP, as shown in Figure 4.
•RTP Cisco applications or servers. For example, Cisco Unified MeetingPlace, Cisco WebEx, or Cisco Unity, which do not support SRTP, or have not been configured for SRTP, or are resident in a secure data center, as shown in Figure 4.
•RTP to third-party equipment. For example, IP trunks to PBXs or virtual machines, which do not support SRTP.
Figure 4 SRTP Domain Connections
The Cisco Unified Border Element Support for SRTP-RTP Internetworking feature connects SRTP enterprise domains to RTP SIP provider (SP) SIP trunks. SRTP-RTP internetworking connects RTP enterprise networks with SRTP over an external network between businesses. This provides flexible secure business-to-business communications without the need for static IPsec tunnels or the need to deploy SRTP within the enterprise, as shown in Figure 5. SRTP-RTP internetworking also connects SRTP enterprise networks with static IPsec over external networks, as shown in Figure 6.
Figure 5
Secure Business-to-Business Communications
Figure 6
SRTP Enterprise Network Connections
SRTP-RTP internetworking on the Cisco Unified Border Element in a network topology uses single pair key generation. Existing audio and dual-tone multifrequency (DTMF) transcoding is used to support voice calls. SRTP-RTP internetworking support is provided in both flow-through and high-density mode. SRTP-SRTP pass-through is not impacted.
SRTP is configured on one dial peer and RTP is configured on the other dial peer using the srtp and srtp fallback commands. The dial-peer configuration takes precedence over the global configuration on the Cisco Unified Border Element.
Fallback handling occurs if one of the call endpoints does not support SRTP. The call can fall back to RTP-RTP, or the call can fail, depending on the configuration. Fallback takes place only if the srtp fallback command is configured on the respective dial peer. RTP-RTP fall back occurs when no transcoding resources are available for SRTP-RTP internetworking.
TLS on the Cisco Unified Border Element
The Cisco Unified Border Element Support for SRTP-RTP Internetworking feature allows Transport Layer Security (TLS) to be enabled or disabled between the SCCP server and SCCP client. By default TLS is enabled, which provides added protection at transport level and ensures that SRTP keys are not easily accessible. Once TLS is disabled, the SRTP keys are not protected.
SRTP-RTP internetworking is available with normal and universal transcoders. The transcoder on the Cisco Unified Border Element is invoked using SCCP messaging between the SCCP server and the SCCP client. The SCCP messages carry the SRTP keys to the digital signal processor (DSP) farm at the SCCP client. The transcoder can be within the same router or can be located in a separate router. TLS should be disabled only when the transcoder is located in the same router. To disable TLS, configure the no form of the tls command in dsp farm profile configuration mode. Disabling TLS improves CPU performance.
How to Configure Cisco Unified Border Element Support for SRTP-RTP Internetworking
This section contains the following task:
•Configuring Cisco Unified Border Element Support for SRTP-RTP Internetworking (required)
Configuring Cisco Unified Border Element Support for SRTP-RTP Internetworking
Configuring the Cisco Unified Border Element Support for SRTP-RTP Internetworking feature consists of the following tasks:
•Configuring the Certificate Authority (required)
•Configuring a Trustpoint for the Secure Universal Transcoder (required)
•Configuring DSP Farm Services (required)
•Associating SCCP to the Secure DSP Farm Profile (required)
•Registering the Secure Universal Transcoder to the Cisco Unified Border Element (required)
•Configuring SRTP-RTP Internetworking Support (required)
Configuring the Certificate Authority
Perform the steps described in this section to configure the certificate authority.
SUMMARY STEPS
1. enable
2. configure terminal
3. ip http server
4. crypto pki server cs-label
5. database level complete
6. grant auto
7. no shutdown
8. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
ip http server
Example:
Router(config)# ip http server
|
Enables the HTTP server on your IP or IPv6 system, including the Cisco web browser user interface.
|
Step 4
|
crypto pki server cs-label
Example:
Router(config)# crypto pki server 3854-cube
|
Enables a Cisco IOS certificate server and enters certificate server configuration mode.
•In the example, 3845-cube is specified as the name of the certificate server.
|
Step 5
|
database level complete
Example:
Router(cs-server)# database level complete
|
Controls what type of data is stored in the certificate enrollment database.
•In the example, each issued certificate is written to the database.
|
Step 6
|
grant auto
Example:
Router(cs-server)# grant auto
|
Specifies automatic certificate enrollment.
|
Step 7
|
no shutdown
Example:
Router(cs-server)# no shutdown
|
Reenables the certificate server.
•Create and enter a new password when prompted.
|
Step 8
|
exit
Example:
Router(cs-server)# exit
|
Exits certificate server configuration mode.
|
Configuring a Trustpoint for the Secure Universal Transcoder
Perform the steps in this section to configure, authenticate, and enroll the trustpoint for the secure universal transcoder.
Prerequisites
Before you configure the trustpoint for the secure universal transcoder, you should configure the certificate authority, as described in the "Configuring the Certificate Authority" section.
SUMMARY STEPS
1. enable
2. configure terminal
3. crypto pki trustpoint name
4. enrollment url url
5. serial-number
6. revocation-check method
7. rsakeypair key-label
8. end
9. crypto pki authenticate name
10. crypto pki enroll name
11. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
crypto pki trustpoint name
Example:
Router(config)# crypto pki trustpoint secdsp
|
Declares the trustpoint that the router uses and enters ca-trustpoint configuration mode.
•In the example, the trustpoint is named secdsp.
|
Step 4
|
enrollment url url
Example:
Router(ca-trustpoint)# enrollment url
http://10.13.2.52:80
|
Specifies the enrollment parameters of a certification authority (CA).
•In the example, the URL is defined as http://10.13.2.52:80
|
Step 5
|
serial-number
Example:
Router(ca-trustpoint)# serial-number
|
Specifies whether the router serial number should be included in the certificate request.
|
Step 6
|
revocation-check method
Example:
Router(ca-trustpoint)# revocation-check crl
|
Checks the revocation status of a certificate.
•In the example, the certificate revocation list checks the revocation status.
|
Step 7
|
rsakeypair key-label
Example:
Router(ca-trustpoint)# rsakeypair 3845-cube
|
Specifies which key pair to associate with the certificate.
•In the example, the key pair, 3845-cube generated during enrollment is associated with the certificate.
|
Step 8
|
end
Example:
Router(ca-trustpoint)# end
|
Exits ca-trustpoint configuration mode.
|
Step 9
|
crypto pki authenticate name
Example:
Router(config)# crypto pki authenticate secdsp
|
Authenticates the CA.
•Accept the trustpoint CA certificate if prompted.
|
Step 10
|
crypto pki enroll name
Example:
Router(config)# crypto pki enroll secdsp
|
Obtains the certificate for the router from the CA.
•Create and enter a new password if prompted.
•Request a certificate from the CA if prompted.
|
Step 11
|
exit
Example:
Router(config)# exit
|
Exits global configuration mode.
|
Configuring DSP Farm Services
Perform the steps in this section to configure DSP farm services.
Prerequisites
Before you configure DSP farm services, you should configure the trustpoint for the secure universal transcoder, as described in the "Configuring a Trustpoint for the Secure Universal Transcoder" section.
SUMMARY STEPS
1. enable
2. configure terminal
3. voice-card slot
4. dspfarm
5. dsp services dspfarm
6. Repeat Steps 3,4, and 5 to configure a second voice card.
7. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
voice-card slot
Example:
Router(config)# voice-card 0
|
Configures a voice card and enters voice-card configuration mode.
•In the example, voice card 0 is configured.
|
Step 4
|
dspfarm
Example:
Router(config-voicecard)# dspfarm
|
Adds a specified voice card to those participating in a DSP resource pool.
|
Step 5
|
dsp services dspfarm
Example:
Router(config-voicecard)# dsp services dspfarm
|
Enables DSP farm services for a particular voice network module.
|
Step 6
|
Repeat Steps 3, 4, and 5 to configure a second voice card.
|
—
|
Step 7
|
exit
Example:
Router(config-voicecard)# exit
|
Exits voice-card configuration mode.
|
Associating SCCP to the Secure DSP Farm Profile
Perform the steps in this section to associate SCCP to the secure DSP farm profile.
Prerequisites
Before you associate SCCP to the secure DSP farm profile, you should configure DSP farm services, as described in the "Configuring DSP Farm Services" section.
SUMMARY STEPS
1. enable
2. configure terminal
3. sccp local interface-type interface-number
4. sccp ccm ip-address identifier identifier-number version version-number
5. sccp
6. associate ccm identifier-number priority priority-number
7. associate profile profile-identifier register device-name
8. dspfarm profile profile-identifier transcode universal security
9. trustpoint trustpoint-label
10. codec codec-type
11. Repeat Step 10 to configure required codecs.
12. maximum sessions number
13. associate application sccp
14. no shutdown
15. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
sccp local interface-type interface-number
Example:
Router(config)# sccp local GigabitEthernet 0/0
|
Selects the local interface that SCCP applications (transcoding and conferencing) use to register with Cisco CallManager.
•In the example, the following parameters are set:
–GigabitEthernet is defined as the interface type that the SCCP application uses to register with Cisco CallManager.
–The interface number that the SCCP application uses to register with Cisco CallManager is specified as 0/0.
|
Step 4
|
sccp ccm ip-address identifier identifier-number
version version-number
Example:
Router(config)# sccp ccm 10.13.2.52 identifier 1
version 5.0.1
|
Adds a Cisco Unified Communications Manager server to the list of available servers.
•In the example, the following parameters are set:
–10.13.2.52 is configured as the IP address of the Cisco Unified Communications Manager server.
–The number 1 identifies the Cisco Unified Communications Manager server.
–The Cisco Unified Communications Manager version is identified as 5.0.1.
|
Step 5
|
sccp
Example:
Router(config)# sccp
|
Enables the SCCP and its related applications (transcoding and conferencing) and enters SCCP Cisco CallManager configuration mode.
|
Step 6
|
associate ccm identifier-number priority
priority-number
Example:
Router(config-sccp-ccm)# associate ccm 1 priority 1
|
Associates a Cisco Unified CallManager with a Cisco CallManager group and establishes its priority within the group.
•In the example, the following parameters are set:
–The number 1 identifies the Cisco Unified CallManager.
–The Cisco Unified CallManager is configured with the highest priority within the Cisco CallManager group.
|
Step 7
|
associate profile profile-identifier register
device-name
Example:
Router(config-sccp-ccm)# associate profile 1
register sxcoder
|
Associates a DSP farm profile with a Cisco CallManager group.
•In the example, the following parameters are set:
–The number 1 identifies the DSP farm profile.
–Sxcoder is configured as the user-specified device name in Cisco Unified CallManager.
|
Step 8
|
dspfarm profile profile-identifier transcode
universal security
Example:
Router(config-sccp-ccm)# dspfarm profile 1 transcode
universal security
|
Defines a profile for DSP farm services and enters DSP farm profile configuration mode.
•In the example, the following parameters are set:
–Profile 1 is enabled for transcoding.
–Profile 1 is enabled for secure DSP farm services.
|
Step 9
|
trustpoint trustpoint-label
Example:
Router(config-dspfarm-profile)# trustpoint secdsp
|
Associates a trustpoint with a DSP farm profile.
•In the example, the trustpoint to be associated with the DSP farm profile is labeled secdsp.
|
Step 10
|
codec codec-type
Example:
Router(config-dspfarm-profile)# codec g711ulaw
|
Specifies the codecs that are supported by a DSP farm profile.
•In the example, the g711ulaw codec is specified.
|
Step 11
|
Repeat Step 10 to configure required codecs.
|
—
|
Step 12
|
maximum sessions number
Example:
Router(config-dspfarm-profile)# maximum sessions 84
|
Specifies the maximum number of sessions that are supported by the profile.
•In the example, a maximum of 84 sessions are supported by the profile. The maximum number of sessions depends on the number of DSPs available for transcoding.
|
Step 13
|
associate application sccp
Example:
Router(config-dspfarm-profile)# associate
application sccp
|
Associates SCCP to the DSP farm profile.
|
Step 14
|
no shutdown
Example:
Router(config-dspfarm-profile)# no shutdown
|
Allocates DSP farm resources and associates with the application.
|
Step 15
|
exit
Example:
Router(config-dspfarm-profile)# exit
|
Exits DSP farm profile configuration mode.
|
Registering the Secure Universal Transcoder to the Cisco Unified Border Element
Perform the steps in this section to register the secure universal transcoder to the Cisco Unified Border Element. The Cisco Unified Border Element Support for SRTP-RTP Internetworking feature supports both secure transcoders and secure universal transcoders.
Prerequisites
Before you register the secure universal transcoder to the Cisco Unified Border Element, you should associated SCCP to the secure DSP farm profile, as described in the "Associating SCCP to the Secure DSP Farm Profile" section.
SUMMARY STEPS
1. enable
2. configure terminal
3. telephony-service
4. sdspfarm transcode sessions number
5. sdspfarm tag number device-name
6. em logout time1 time2 time3
7. max-ephones max-phones
8. max-dn max-directory-numbers
9. ip source-address ip-address
10. secure-signaling trustpoint label
11. tftp-server-credentials trustpoint label
12. create cnf-files
13. no sccp
14. sccp
15. end
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router> configure terminal
|
Enters global configuration mode.
|
Step 3
|
telephony-service
Example:
Router(config)# telephony-service
|
Enters telephony-service configuration mode.
|
Step 4
|
sdspfarm transcode sessions number
Example:
Router(config-telephony)# sdspfarm transcode
sessions 84
|
Specifies the maximum number of transcoding sessions allowed per Cisco CallManager Express router.
•In the example, a maximum of 84 DSP farm sessions are specified.
|
Step 5
|
sdspfarm tag number device-name
Example:
Router(config-telephony)# sdspfarm tag 1
sxcoder
|
Permits a DSP farm to be to registered to Cisco Unified CallManager Express and associates it with an SCCP client interface's MAC address.
•In the example, DSP farm 1 is associated with the sxcoder device.
|
Step 6
|
em logout time1 time2 time3
Example:
Router(config-telephony)# em logout 0:0 0:0 0:0
|
Configures three time-of-day based timers for automatically logging out all Extension Mobility feature users.
•In the example, all users are logged out from Extension Mobility after 00:00.
|
Step 7
|
max-ephones 4
Example:
Router(config-telephony)# max-ephones 4
|
Sets the maximum number of Cisco IP phones to be supported by a Cisco CallManager Express router.
•In the example, a maximum of four phones are supported by the Cisco CallManager Express router.
|
Step 8
|
max-dn max-directory-numbers
Example:
Router(config-telephony)# max-dn 4
|
Sets the maximum number of extensions (ephone-dns) to be supported by a Cisco Unified CallManager Express router.
•In the example, a maximum of four extensions is allowed.
|
Step 9
|
ip source-address ip-address
Example:
Router(config-telephony)# ip source-address
10.13.2.52
|
Identifies the IP address and port through which IP phones communicate with a Cisco Unified CallManager Express router.
•In the example, 10.13.2.52 is configured as the router IP address.
|
Step 10
|
secure-signaling trustpoint label
Example:
Router(config-telephony)# secure-signaling
trustpoint secdsp
|
Specifies the name of the PKI trustpoint with the certificate to use for TLS handshakes with IP phones on TCP port 2443.
•In the example, PKI trustpoint secdsp is configured.
|
Step 11
|
tftp-server-credentials trustpoint label
Example:
Router(config-telephony)#
tftp-server-credentials trustpoint scme
|
Specifies the PKI trustpoint that signs the phone configuration files.
•In the example, PKI trustpoint scme is configured.
|
Step 12
|
create cnf-files
Example:
Router(config-telephony)# create cnf-files
|
Builds the XML configuration files that are required for IP phones in Cisco Unified CallManager Express.
|
Step 13
|
no sccp
Example:
Router(config-telephony)# no sccp
|
Disables SCCP and its related applications (transcoding and conferencing) and exits telephony-service configuration mode.
|
Step 14
|
sccp
Example:
Router(config)# sccp
|
Enables SCCP and its related applications (transcoding and conferencing).
|
Step 15
|
end
Example:
Router(config)# end
|
Exits global configuration mode.
|
Configuring SRTP-RTP Internetworking Support
Perform the steps in this section to enable SRTP-RTP internetworking support between one or multiple Cisco Unified Border Elements for SIP-SIP audio calls. In this task, RTP is configured on the incoming call leg and SRTP is configured on the outgoing call leg.
Prerequisites
Before you configure the Cisco Unified Border Element Support for SRTP-RTP Internetworking feature, you should register the secure universal transcoder to the Cisco Unified Border Element, as described in the "Registering the Secure Universal Transcoder to the Cisco Unified Border Element" section.
Restrictions
The Cisco Unified Border Element Support for SRTP-RTP Internetworking feature is available only on platforms that support transcoding on the Cisco Unified Border Element. The feature is also available only on secure Cisco IOS images on the Cisco Unified Border Element.
SUMMARY STEPS
1. enable
2. configure terminal
3. dial-peer voice tag voip
4. destination-pattern string
5. session protocol sipv2
6. session target ipv4:destination-address
7. incoming called-number string
8. codec codec
9. end
10. dial-peer voice tag voip
11. Repeat Steps 4, 5, 6, and 7 to configure a second dial peer.
12. srtp
13. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
dial-peer voice tag voip
Example:
Router(config)# dial-peer voice 201 voip
|
Defines a particular dial peer, to specify the method of voice encapsulation, and enters dial peer voice configuration mode.
•In the example, the following parameters are set:
–Dial peer 201 is defined.
–VoIP is shown as the method of encapsulation.
|
Step 4
|
destination-pattern string
Example:
Router(config-dial-peer)# destination-pattern
5550111
|
Specifies either the prefix or the full E.164 telephone number to be used for a dial peer string.
•In the example, 5550111 is specified as the pattern for the telephone number.
|
Step 5
|
session protocol sipv2
Example:
Router(config-dial-peer)# session protocol sipv2
|
Specifies a session protocol for calls between local and remote routers using the packet network.
•In the example, the sipv2 keyword is configured so that the dial peer uses the IEFTF SIP.
|
Step 6
|
session target ipv4:destination-address
Example:
Router(config-dial-peer)# session target
ipv4:10.13.25.102
|
Designates a network-specific address to receive calls from a VoIP or VoIPv6 dial peer.
•In the example, the IP address of the dial peer to receive calls is configured as 10.13.25.102.
|
Step 7
|
incoming called-number string
Example:
Router(config-dial-peer)# incoming called-number
5550111
|
Specifies a digit string that can be matched by an incoming call to associate the call with a dial peer.
•In the example, 5550111 is specified as the pattern for the E.164 or private dialing plan telephone number.
|
Step 8
|
codec codec
Example:
Router(config-dial-peer)# codec g711ulaw
|
Specifies the voice coder rate of speech for the dial peer.
•In the example, G.711 mu-law at 64,000 bps, is specified as the voice coder rate for speech.
|
Step 9
|
end
Example:
Router(config-dial-peer)# end
|
Exits dial peer voice configuration mode.
|
Step 10
|
dial-peer voice tag voip
Example:
Router(config)# dial-peer voice 200 voip
|
Defines a particular dial peer, to specify the method of voice encapsulation, and enters dial peer voice configuration mode.
•In the example, the following parameters are set:
–Dial peer 200 is defined.
–VoIP is shown as the method of encapsulation.
|
Step 11
|
Repeat Steps 4, 5, 6, and 7 to configure a second dial peer.
|
—
|
Step 12
|
srtp
Example:
Router(config-dial-peer)# srtp
|
Specifies that SRTP is used to enable secure calls for the dial peer.
|
Step 13
|
codec codec
Example:
Router(config-dial-peer)# codec g711ulaw
|
Specifies the voice coder rate of speech for the dial peer.
•In the example, G.711 mu-law at 64,000 bps, is specified as the voice coder rate for speech.
|
Step 14
|
exit
Example:
Router(config-dial-peer)# exit
|
Exits dial peer voice configuration mode.
|
Troubleshooting Tips
The following commands can help troubleshoot Cisco Unified Border Element support for SRTP-RTP internetworking:
•show crypto pki certificates
•show sccp
•show sdspfarm
Support for PAID, PPID, Privacy, PCPID, and PAURI Headers on the Cisco Unified Border Element
Figure 7 shows a typical network topology where the Cisco Unified Border Element is configured to route messages between a call manager system (such as the Cisco Unified Call Manager) and a Next Generation Network (NGN).
Figure 7 Cisco Unified Border Element and Next Generation Topology
Devices that connect to an NGN must comply with the User-Network Interface (UNI) specification. The Cisco Unified Border Element supports the NGN UNI specification and can be configured to interconnect NGN with other call manager systems, such us the Cisco Unified Call Manager.
The Cisco Unified Border Element supports the following:
•the use of P-Preferred Identity (PPID), P-Asserted Identity (PAID), Privacy, P-Called Party Identity (PCPID), in INVITE messages
•the translation of PAID headers to PPID headers and vice versa
•the translation of From: or RPID headers to PAID or PPID headers and vice versa
•the configuration and/or pass through of privacy header values
•the use of the PCPID header to route INVITE messages
•the use of multiple PAURI headers in the response messages (200 OK) it receives to REGISTER messages
P-Preferred Identity and P-Asserted Identity Headers
NGN servers use the PPID header to identify the preferred number that the caller wants to use. The PPID is part of INVITE messages sent to the NGN. When the NGN receives the PPID, it authorizes the value, generates a PAID based on the preferred number, and inserts it into the outgoing INVITE message towards the called party.
However, some call manager systems, such as Cisco Unified Call Manager 5.0, use the Remote-Party Identity (RPID) value to send calling party information. Therefore, the Cisco Unified Border Element must support building the PPID value for an outgoing INVITE message to the NGN, using the RPID value or the From: value received in the incoming INVITE message. Similarly, CUBE supports building the RPID and/or From: header values for an outgoing INVITE message to the call manager, using the PAID value received in the incoming INVITE message from the NGN.
In non-NGN systems, the Cisco Unified Border Element can be configured to translate between PPID and PAID values, and between From: or RPID values and PAID/PPID values, at global and dial-peer levels.
In configurations where all relevant servers support the PPID or PAID headers, the Cisco Unified Border Element can be configured to transparently pass the header.
Note If the NGN sets the From: value to anonymous, the PAID is the only value that identifies the caller.
Table 4 describes the types of INVITE message header translations supported by the Cisco Unified Border Element. It also includes information on the configuration commands to use to configure P-header translations.
Note Table 4 shows the P-header translation configuration settings only. In addition to configuring these settings, you must configure other system settings (such as the session protocol).
Table 4 P-header Configuration Settings
Incoming Header
|
Outgoing Header
|
Configuration Notes
|
From:
|
PPID
|
To enable the translation to PPID headers in the outgoing header at a global level, use the asserted-id ppi command in voice service VoIP SIP configuration mode. For example: Router(conf-serv-sip)# asserted-id ppi
To enable the translation to PPID headers in the outgoing header on a specific dial peer, use the voice-class sip asserted-id ppi command in dial peer voice configuration mode. For example: Router(config-dial-peer)# voice-class sip asserted-id ppi
|
From:
|
PAID
|
To enable the translation to PAID headers in the outgoing header at a global level, use the asserted-id pai command in voice service VoIP SIP configuration mode. For example: Router(conf-serv-sip)# asserted-id pai
To enable the translation to PAID headers in the outgoing header on a specific dial peer, use the voice-class sip asserted-id pai command in dial peer voice configuration mode. For example: Router(config-dial-peer)# voice-class sip asserted-id pai
|
From:
|
RPID
|
To enable the translation to RPID headers in the outgoing header, use the remote-party-id command in SIP user-agent configuration mode. For example: Router(config-sip-ua)# remote-party-id
This is the default system behavior.
Note If both, remote-party-id and asserted-id commands are configured, then the asserted-id command takes precedence over the remote-part-id command.
|
PPID
|
PAID
|
To enable the translation to PAID privacy headers in the outgoing header at a global level, use the asserted-id pai command in voice service VoIP SIP configuration mode. For example: Router(conf-serv-sip)# asserted-id pai
To enable the translation to PAID privacy headers in the outgoing header on a specific dial peer, use the voice-class sip asserted-id pai command in dial peer voice configuration mode. For example: Router(config-dial-peer)# voice-class sip asserted-id pai
|
PPID
|
From:
|
By default, the translation to RPID headers is enabled and the system translates PPID headers in incoming messages to RPID headers in the outgoing messages. To disable the default behavior and enable the translation from PPID to From: headers, use the no remote-party-id command in SIP user-agent configuration mode. For example: Router(config-sip-ua)# no remote-party-id
|
PPID
|
RPID
|
To enable the translation to RPID headers in the outgoing header, use the remote-party-id command in SIP user-agent configuration mode. For example: Router(config-sip-ua)# remote-party-id
This is the default system behavior.
|
PAID
|
PPID
|
To enable the translation to PPID privacy headers in the outgoing header at a global level, use the asserted-id ppi command in voice service VoIP SIP configuration mode. For example: Router(conf-serv-sip)# asserted-id ppi
To enable the translation to PPID privacy headers in the outgoing header on a specific dial peer, use the voice-class sip asserted-id ppi command in dial peer voice configuration mode. For example: Router(config-dial-peer)# voice-class sip asserted-id ppi
|
PAID
|
From:
|
By default, the translation to RPID headers is enabled and the system translates PPID headers in incoming messages to RPID headers in the outgoing messages. To disable the default behavior and enable the translation from PPID to From: headers, use the no remote-party-id command in SIP user-agent configuration mode. For example: Router(config-sip-ua)# no remote-party-id
|
PAID
|
RPID
|
To enable the translation to RPID headers in the outgoing header, use the remote-party-id command in SIP user-agent configuration mode. For example: Router(config-sip-ua)# remote-party-id
This is the default system behavior.
|
RPID
|
PPID
|
To enable the translation to PPID privacy headers in the outgoing header at a global level, use the asserted-id ppi command in voice service VoIP SIP configuration mode. For example: Router(conf-serv-sip)# asserted-id ppi
To enable the translation to PPID privacy headers in the outgoing header on a specific dial peer, use the voice-class sip asserted-id ppi command in dial peer voice configuration mode. For example: Router(config-dial-peer)# voice-class sip asserted-id ppi
|
RPID
|
PAID
|
To enable the translation to PAID privacy headers in the outgoing header at a global level, use the asserted-id pai command in voice service VoIP SIP configuration mode. For example: Router(conf-serv-sip)# asserted-id pai
To enable the translation to PAID privacy headers in the outgoing header on a specific dial peer, use the voice-class sip asserted-id pai command in dial peer voice configuration mode. For example: Router(config-dial-peer)# voice-class sip asserted-id pai
|
RPID
|
From:
|
By default, the translation to RPID headers is enabled and the system translates PPID headers in incoming messages to RPID headers in the outgoing messages. To disable the default behavior and enable the translation from PPID to From: headers, use the no remote-party-id command in SIP user-agent configuration mode. For example: Router(config-sip-ua)# no remote-party-id
|
Privacy
If the user is subscribed to a privacy service, the Cisco Unified Border Element can support privacy using one of the following methods:
•Using prefixes
The NGN dial plan can specify prefixes to enable privacy settings. For example, the dial plan may specify that if the caller dials a prefix of 184, the calling number is not sent to the called party.
The dial plan may also specify that the caller can choose to send the calling number to the called party by dialing a prefix of 186. Here, the Cisco Unified Border Element transparently passes the prefix as part of the called number in the INVITE message.
The actual prefixes for the network are specified in the dial plan for the NGN, and can vary from one NGN to another.
•Using the Privacy header
If the Privacy header is set to None, the calling number is delivered to the called party. If the Privacy header is set to a Privacy:id value, the calling number is not delivered to the called party.
•Using Privacy values from the peer call leg
If the incoming INVITE has a Privacy header or a RPID with privacy on, the outgoing INVITE can be set to Privacy: id. This behavior is enabled by configuring privacy pstn command globally or voice-class sip privacy pstn command on the selected dial-per.
Incoming INVITE can have multiple privacy header values, id, user, session, and so on. Configure the privacy-policy passthru command globally or voice-class sip privacy-policy passthru command to transparently pass across these multiple privacy header values.
Some NGN servers require a Privacy header to be sent even though privacy is not required. In this case the Privacy header must be set to none. The Cisco Unified Border Element can add a privacy header with the value None while forwarding the outgoing INVITE to NGN. Configure the privacy-policy send-always globally or voice-class sip privacy-policy send-always command in dial-peer to enable this behavior.
If the user is not subscribed to a privacy service, the Cisco Unified Border Element can be configured with no Privacy settings.
P-Called Party Identity
The Cisco Unified Border Element can be configured to use the PCPID header in an incoming INVITE message to route the call, and to use the PCPID value to set the To: value of outgoing INVITE messages.
The PCPID header is part of the INVITE messages sent by the NGN, and is used by Third Generation Partnership Project (3GPP) networks. The Cisco Unified Border Element uses the PCPID from incoming INVITE messages (from the NGN) to route calls to the Cisco Unified Call Manager.
Note The PCPID header supports the use of E.164 numbers only.
P-Associated URI
The Cisco Unified Border Element supports the use of PAURI headers sent as part of the registration process. After the Cisco Unified Border Element sends REGISTER messages using the configured E.164 number, it receives a 200 OK message with one or more PAURIs. The number in the first PAURI (if present) must match the contract number. The Cisco Unified Border Element supports a maximum of six PAURIs for each registration.
Note The Cisco Unified Border Element performs the validation process only when a PAURI is present in the 200 OK response.
The registration validation process works as follows:
•The Cisco Unified Border Element receives a REGISTER response message that includes PAURI headers that include the contract number and up to five secondary numbers.
•The Cisco Unified Border Element validates the contract number against the E.164 number that it is registering:
–If the values match, the Cisco Unified Border Element completes the registration process and stores the PAURI value. This allows administration tools to view or retrieve the PAURI if needed.
–If the values do not match, the Cisco Unified Border Element unregisters and then reregisters the contract number. The Cisco Unified Border Element performs this step until the values match.
Random Contact Support
The Cisco Unified Border Element can use random-contact information in REGISTER and INVITE messages so that user information is not revealed in the contact header.
To provide random contact support, the Cisco Unified Border Element performs SIP registration based on the random-contact value. The Cisco Unified Border Element then populates outgoing INVITE requests with the random-contact value and validates the association between the called number and the random value in the Request-URI of the incoming INVITE. The Cisco Unified Border Element routes calls based on the PCPID, instead of the Request-URI which contains the random value used in contact header of the REGISTER message.
The default contact header in REGISTER messages is the calling number. The Cisco Unified Border Element can generate a string of 32 random alphanumeric characters to replace the calling number in the REGISTER contact header. A different random character string is generated for each pilot or contract number being registered. All subsequent registration requests will use the same random character string.
The Cisco Unified Border Element uses the random character string in the contact header for INVITE messages that it forwards to the NGN. The NGN sends INVITE messages to the Cisco Unified Border Element with random-contact information in the Request URI. For example: INVITE sip:FefhH3zIHe9i8ImcGjDD1PEc5XfFy51G@10.12.1.46:5060.
The Cisco Unified Border Element will not use the To: value of the incoming INVITE message to route the call because it might not identify the correct user agent if supplementary services are invoked. Therefore, the Cisco Unified Border Element must use the PCPID to route the call to the Cisco Unified Call Manager. You can configure routing based on the PCPID at global and dial-peer levels.
Configuring P-Header and Random-Contact Support on the Cisco Unified Border Element
To enable random contact support you must configure the Cisco Unified Border Element to support Session Initiation Protocol (SIP) registration with random-contact information, as described in this section.
To enable the Cisco Unified Border Element to use the PCPID header in an incoming INVITE message to route the call, and to use the PCPID value to set the To: value of outgoing INVITE messages, you must configure P-Header support as described in this section.
This section contains the following tasks:
•Configuring P-Header Translation on a Cisco Unified Border Element
•Configuring P-Header Translation on an Individual Dial Peer
•Configuring P-Called-Party-Id Support on a Cisco Unified Border Element
•Configuring P-Called-Party-Id Support on an Individual Dial Peer
•Configuring Privacy Support on a Cisco Unified Border Element
•Configuring Privacy Support on an Individual Dial Peer
•Configuring Random-Contact Support on a Cisco Unified Border Element
•Configuring Random-Contact Support for an Individual Dial Peer
Restrictions
To enable random-contact support, you must configure the Cisco Unified Border Element to support SIP registration with random-contact information. In addition, you must configure random-contact support in VoIP voice-service configuration mode or on the dial peer.
If random-contact support is configured for SIP registration only, the system generates the random-contact information, includes it in the SIP REGISTER message, but does not include it in the SIP INVITE message.
If random-contact support is configured in VoIP voice-service configuration mode or on the dial peer only, no random contact is sent in either the SIP REGISTER or INVITE message.
Configuring P-Header Translation on a Cisco Unified Border Element
To configure P-Header translations on a Cisco Unified Border Element, perform the steps in this section.
SUMMARY STEPS
1. enable
2. configure terminal
3. voice service voip
4. sip
5. asserted-id header-type
6. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
voice service voip
Example:
Router(config)# voice service voip
|
Enters VoIP voice-service configuration mode.
|
Step 4
|
sip
Example:
Router(conf-voi-serv)# sip
|
Enters voice service VoIP SIP configuration mode.
|
Step 5
|
asserted-id header-type
Example:
Router(conf-serv-sip)# asserted-id ppi
|
Specifies the type of privacy header in the outgoing SIP requests and response messages.
|
Step 6
|
exit
Example:
Router(conf-serv-sip)# exit
|
Exits the current mode.
|
Configuring P-Header Translation on an Individual Dial Peer
To configure P-Header translation on an individual dial peer, perform the steps in this section.
SUMMARY STEPS
1. enable
2. configure terminal
3. dial-peer voice tag voip
4. voice-class sip asserted-id header-type
5. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
dial-peer voice tag voip
Example:
Router(config)# dial-peer voice 2611 voip
|
Defines the dial peer, specifies the method of voice encapsulation, and enters dial peer voice configuration mode.
|
Step 4
|
voice-class sip asserted-id header-type
Example:
Router(config-dial-peer)# voice-class sip
asserted-id ppi
|
Specifies the type of privacy header in the outgoing SIP requests and response messages, on this dial peer.
|
Step 5
|
exit
Example:
Router(config-dial-peer)# exit
|
Exits the current mode.
|
Configuring P-Called-Party-Id Support on a Cisco Unified Border Element
To configure P-Called-Party-Id support on a Cisco Unified Border Element, perform the steps in this section.
SUMMARY STEPS
1. enable
2. configure terminal
3. voice service voip
4. sip
5. call-route p-called-party-id
6. random-request-uri validate
7. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
voice service voip
Example:
Router(config)# voice service voip
|
Enters VoIP voice-service configuration mode.
|
Step 4
|
sip
Example:
Router(conf-voi-serv)# sip
|
Enters voice service VoIP SIP configuration mode.
|
Step 5
|
call-route p-called-party-id
Example:
Router(conf-serv-sip)# call-route
p-called-party-id
|
Enables the routing of calls based on the PCPID header.
|
Step 6
|
random-request-uri validate
Example:
Router(conf-serv-sip)# random-request-uri
validate
|
Enables the validation of the random string in the Request URI of the incoming INVITE message.
|
Step 7
|
exit
Example:
Router(conf-serv-sip)# exit
|
Exits the current mode.
|
Configuring P-Called-Party-Id Support on an Individual Dial Peer
To configure P-Called-Party-Id support on an individual dial peer, perform the steps in this section.
SUMMARY STEPS
1. enable
2. configure terminal
3. dial-peer voice tag voip
4. voice-class sip call-route p-called-party-id
5. voice-class sip random-request-uri validate
6. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
dial-peer voice tag voip
Example:
Router(config)# dial-peer voice 2611 voip
|
Defines the dial peer, specifies the method of voice encapsulation, and enters dial peer voice configuration mode.
|
Step 4
|
voice-class sip call-route p-called-party-id
Example:
Router(config-dial-peer)# voice-class sip
call-route p-called-party-id
|
Enables the routing of calls based on the PCPID header on this dial peer.
|
Step 5
|
voice-class sip random-request-uri validate
Example:
Router(config-dial-peer)# voice-class sip
random-request-uri validate
|
Enables the validation of the random string in the Request URI of the incoming INVITE message on this dial peer.
|
Step 6
|
exit
Example:
Router(config-dial-peer)# exit
|
Exits the current mode.
|
Configuring Privacy Support on a Cisco Unified Border Element
To configure privacy support on a Cisco Unified Border Element, perform the steps in this section.
SUMMARY STEPS
1. enable
2. configure terminal
3. voice service voip
4. sip
5. privacy privacy-option
6. privacy-policy privacy-policy-option
7. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
voice service voip
Example:
Router(config)# voice service voip
|
Enters VoIP voice-service configuration mode.
|
Step 4
|
sip
Example:
Router(conf-voi-serv)# sip
|
Enters voice service VoIP SIP configuration mode.
|
Step 5
|
privacy privacy-option
Example:
Router(conf-serv-sip)# privacy id
|
Enables the privacy settings for the header.
|
Step 6
|
privacy-policy privacy-policy-option
Example:
Router(conf-serv-sip)# privacy-policy passthru
|
Specifies the privacy policy to use when passing the privacy header from one SIP leg to the next.
|
Step 7
|
exit
Example:
Router(conf-serv-sip)# exit
|
Exits the current mode.
|
Configuring Privacy Support on an Individual Dial Peer
To configure privacy support on an individual dial peer, perform the steps in this section.
SUMMARY STEPS
1. enable
2. configure terminal
3. dial-peer voice tag voip
4. voice-class sip privacy privacy-option
5. voice-class sip privacy-policy privacy-policy-option
6. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
dial-peer voice tag voip
Example:
Router(config)# dial-peer voice 2611 voip
|
Defines the dial peer, specifies the method of voice encapsulation, and enters dial peer voice configuration mode.
|
Step 4
|
voice-class sip privacy privacy-option
Example:
Router(config-dial-peer)# voice-class sip privacy
id
|
Enables the privacy settings for the header on this dial peer.
|
Step 5
|
voice-class sip privacy-policy
privacy-policy-option
Example:
Router(config-dial-peer)# voice-class sip
privacy-policy passthru
|
Specifies the privacy policy to use when passing the privacy header from one SIP leg to the next, on this dial peer.
|
Step 6
|
exit
Example:
Router(config-dial-peer)# exit
|
Exits the current mode.
|
Configuring Random-Contact Support on a Cisco Unified Border Element
To configure random-contact support on a Cisco Unified Border Element, perform the steps in this section.
SUMMARY STEPS
1. enable
2. configure terminal
3. sip-ua
4. credentials username username password password realm domain-name
5. registrar ipv4:destination-address random-contact expires expiry
6. exit
7. voice service voip
8. sip
9. random-contact
10. exit
