Settlements for Packet Voice, Phase 2
Available Languages
Table Of Contents
Settlements for Packet Voice, Phase 2
Related Features and Technologies
Supported Standards, MIBs, and RFCs
Configuring the Originating Gateway
Configuring the Settlement Provider
Configuring the Inbound POTS Dial Peer
Configuring the Outbound VoIP Dial Peer
Configuring the Terminating Gateway
Configuring the Settlement Provider
Configuring the Inbound VoIP Dial Peer
Configuring the Outbound POTS Dial Peer
Verifying Settlement Configuration
Configuring Settlement with Roaming
Configuring the Roaming Patterns on the OGW
Enabling the Roaming Feature for the Settlement Provider
Enabling the Roaming Feature in the Outbound Dial Peer
Configuring Settlement with PKI Multiple Roots
Configure a Settlement Server with PKI Multiple Roots on the OGW
Configure the Root Certificate for Token Validation on the TGW
Define the Token Validation on the TGW
Configuring Settlement with Suggested Route
Configuration Guidelines for Settle-Call and Session-Target Commands
Configuration of Settlement on the Originating Gateway Example
Configuration of Settlement on the Terminating Gateway Example
Example Configuration of Settlement with Roaming
Configuration of Settlement with PKI Multiple Roots Example
Common Problems When Setting Up Settlement
Settlement Database Not Set Up Properly
No session target settlement Set on OGW
No VoIP Inbound Dial Peer on TGW
No application Attribute on TGW
TGW Not Synchronized with Settlement Server
Settlement Provider Not Running
Router and Server Not Using SSL to Communicate
Multiple Dial Peers Have Random Order
H.323 Setup Connection Timeout
debug voip settlement security
debug voip settlement transaction
Settlements for Packet Voice, Phase 2
Feature History
The Settlements for Packet Voice, Phase 2 feature set consists of two new features developed for the Cisco implementation of Open Settlement Protocol (OSP): the Roaming feature and the public key infrastructure (PKI) Multiple Roots feature. The Settlements for Packet Voice, Phase 2 feature set is also known as Settlement Plus Roaming and PKI Multiple Roots on Cisco Access Platforms.
Phase 1 of the Cisco implementation of OSP is also known as Settlement for Packet Telephony on Cisco Access Platforms, and is described in the Cisco IOS Release 12.1 configuration and command reference documentation. This document includes the following sections:
•
Related Features and Technologies
•
Feature Overview
The Settlements for Packet Voice, Phase 2 feature contains two features that were not in the first Cisco implementation of OSP (Settlement for Packet Telephony on Cisco Access Platforms): Roaming and PKI Multiple Roots. Some settlement vendors have required roaming users to be authenticated and accounted for by the settlement clearinghouse. The Roaming and PKI Multiple Roots features address this requirement. Settlements for Packet Voice Feature History shows the history of the Settlement for Packet Voice features.
Settlement is the method used to divide the cost between different carriers involved in the completion of a telephone call. Traditionally, settlement agreements have been arranged between the carriers in a pairwise fashion. With the increase in voice and video conferencing over IP, pairwise settlement agreements have become cumbersome. A number of companies have entered the market offering settlement on a subscription basis. Service providers can implement a set of public interfaces that allow settlement on a subscription basis, resulting in a more manageable, many-to-one settlement system.
The Cisco gateway-based OSP interacts between carriers to create a single authentication at call initialization. The authentication is the basis for the establishment of a secure communication channel between the settlement system and the infrastructure component. This channel then allows the following three types of transactions to be handled.
•
•
•
Figure 1 shows a typical gateway based settlement network topology. A voice or fax call is originated and routed through the gateway (Cisco AS5300 access server, or a Cisco 2600 or 3600 series router) to a database server (RADIUS or TACACS+) for user authentication and intra-internet service provider (ISP) call accounting. Using tool command language (TCL) interactive voice response (IVR) scripts to gather and manipulate the caller's data, the gateway forwards the call to the settlement server, which authorizes the call and adds settlement details in a token. The call, now carrying its unique settlement token, passes through the originating gateway to the terminating gateway. The terminating gateway uses TCL IVR to validate the settlement token and forwards the call to the receiving telephone or fax machine.
Note
When the call is completed, both the terminating and originating gateways communicate the call details to the settlement server. The settlement server then reconciles the information it receives about the call from both gateways.
Figure 1 Gateway-Based Settlement Network Topology
Roaming
A caller is roaming when dialing into a gateway that is not the home gateway. A home gateway belongs to the user's service provider. Usually, the subscriber is billed with additional charges for roaming calls. The settlement server and the service provider need to know when a caller is roaming in order to create accurate billing statements.
A roaming caller must be authenticated before a call can go through a gateway. Both Authentication, Authorization, and Accounting (AAA) and the settlement server can authenticate a roaming user. If AAA fails to authenticate a roaming caller, the roaming call must be routed to a settlement server. If the settlement server cannot authenticate the caller, the call is terminated.
You can use the following methods to configure the Roaming feature on the gateway:
•
•
•
•
Roaming User Identification
The gateway can specify a list of patterns to be matched with a user account number to see if that user is roaming. The user enters the account number and PIN as part of the interaction with the TCL IVR prompts.
The roaming patterns are configured by using the settlement roam-pattern command in global configuration mode. See settlement roam-pattern.
For additional information about the IVR or AAA, refer to the following Cisco IOS documents:
•
•
Roaming Settlement Provider
Some settlement providers want to know if a user is roaming so they can apply the appropriate charge to a user account. Other settlement providers do not distinguish between local and roaming users.
A settlement provider can use the roam command in the settlement configuration mode to track roaming users. If a user is roaming and the settlement provider is tracking roaming, the gateway sends the user account number and PIN to the settlement server so that the user can be properly authenticated.
Roaming Dial Peer
A gateway can dictate if a particular outbound dial peer can terminate roaming calls and only permit local calls with the no roam command. The default of the dial peer is no roaming support. The gateway allows a roaming call to go through only if both the dial peer associated with that call and the settlement provider support roaming. In other words, a call fails if the dial peer has roaming enabled but the settlement provider does not, and vice versa. Therefore, the roaming feature must be explicitly enabled in the dial peer.
Dial Peer Settlement Option
The settle-call command forces the call to go through a settlement server regardless of the session target type. If the session target type is ipv4, dns, or RAS, the gateway resolves the terminating gateway address and asks the settlement server to authorize that terminating gateway (TGW).
Note
The restrictions and behaviors associated with use of the settle-call command with outbound dial peers are described in the "Configuration Guidelines for Settle-Call and Session-Target Commands" section.
PKI Multiple Roots
Cisco devices can share public keys using digital certificates. Digital certificates are normally issued by trusted third parties, which are called certificate authorities (CAs). Every router that uses digital certificates should enroll its public key with the CA server. During enrollment, the Certificate Administrator (a human) will manually verify if the requesting router is authentic and grant the certificate (some CA servers can authenticate the routers automatically).
A certificate has many fields, including a serial number, a fingerprint and an expiry date. A certificate can be revoked before its expiry date because of key compromise or other security reasons. The CA server maintains a list of revoked certificates, which is called Certificate Revocation List (CRL). Routers can be configured not to accept a peer certificate that has been revoked. A router downloads a CRL from the CA server for this purpose.
Cisco routers use a proprietary Certificate Enrollment Protocol (CEP) to communicate with the CA server. The CA server should understand CEP.
The PKI Multiple Roots feature is based on the Cisco security and PKI technology. For in-depth information about security, see the Cisco IOS Security Configuration Guide.
The PKI Multiple Roots feature allows a settlement server to use one certificate for a Secure Socket Layer (SSL) handshake and a different certificate for token signing. Different commands are used for the following purposes:
•
•
Note
Benefits
•
•
•
•
•
Restrictions
•
Note
•
•
Related Features and Technologies
Operation of the Settlements for Packet Voice, Phase 2 feature depends upon the interoperability of the following features:
•
•
Related Documents
Cisco customer documentation:
•
•
•
•
•
•
•
•
Other documentation:
•
•
•
•
Supported Platforms
•
•
•
•
•
•
Determining Platform Support Through Cisco Feature Navigator
Cisco IOS software is packaged in feature sets that support specific platforms. To get updated information regarding platform support for this feature, access Cisco Feature Navigator. Cisco Feature Navigator dynamically updates the list of supported platforms as new platform support is added for the feature.
Cisco Feature Navigator is a web-based tool that enables you to determine which Cisco IOS software images support a specific set of features and which features are supported in a specific Cisco IOS image. You can search by feature or release. Under the release section, you can compare releases side by side to display both the features unique to each software release and the features in common.
To access Cisco Feature Navigator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions at http://www.cisco.com/register.
Cisco Feature Navigator is updated regularly when major Cisco IOS software releases and technology releases occur. For the most current information, go to the Cisco Feature Navigator home page at the following URL:
Availability of Cisco IOS Software Images
Platform support for particular Cisco IOS software releases is dependent on the availability of the software images for those platforms. Software images for some platforms may be deferred, delayed, or changed without prior notice. For updated information about platform support and availability of software images for each Cisco IOS software release, refer to the online release notes or, if supported, Cisco Feature Navigator.
Supported Standards, MIBs, and RFCs
Standards
European Telecommunication Standards Institute (ETSI) Technical Specification (TS) 101 321
MIBS
No new or modified MIBs are supported by this feature.
To obtain lists of MIBs supported by platform and Cisco IOS release and to download MIB modules, go to the Cisco MIB web site on Cisco Connection Online (CCO) at http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml.
RFCs
No new or modified RFCs are supported by this feature.
Prerequisites
The Cisco AS5350 and Cisco AS5400 do not support the Mica Modem Card, Microcom Modem Card, or VoIP Feature Card. Voice and modem functions are provided by the Universal Port Dial Feature card running SPE firmware. See the Cisco AS5350 Universal Gateway Card Installation Guide and the Cisco AS5400 Universal Gateway Card Installation Guide for more information. All references to the Cisco AS5300 in this document apply to the Cisco AS5350 and Cisco AS5400 platforms with the following exceptions:
•
•
•
Other Prerequisites
•
•
•
•
•
Configuration Tasks
Before starting the settlement server configuration tasks, ensure that the Cisco Enrollment Protocol (CEP) router has obtained a security certificate. For detailed information, see the Certification Authority Interoperability documentation in the Cisco IOS Release 12.0 documentation set, or go to the online version.
See the following sections for configuration tasks for the Settlements for Packet Voice, Phase 2 feature. Each task in the list is identified as either optional or required.
•
–
–
–
•
–
–
–
•
•
•
–
Configuring the PKI
Note
To configure the PKI, use the following commands in global configuration mode:
Step 1
Router(config)# no crypto ca identity name
Clears the old CA identity if a previous one exists.
Step 2
Router(config)# crypto key zeroize rsa
Clears the existing RSA key.
Step 3
Router(config)# hostname router-name
Configures the host name of the router if this has not been done already.
Step 4
Router(config)# ip domain-name domain-name
Configures the IP domain name of the router.
Step 5
Router(config)# ip host CA-hostname CA-ipaddress
Enters the CA host name and IP address.
Step 6
Router(config)# crypto ca identity name
Declares a CA name. For example, the tag-name could be fieldlabs.cisco.com.
This command puts you into the CA-identity configuration mode.
Step 7
Router(ca-identity)# enrollment url url
The /cgi-bin/pkiclient.exe file is the default CGI script that Cisco IOS software assumes. The script path should be given in the URL if it is different from the default.
Note
Step 8
Router(ca-identity)# enrollment retry count number
(Optional) Specifies how many times the router will poll the CA server for the certificate status when the certificate requests are pending.
Note
Step 9
Router(ca-identity)# enrollment retry period minutes
(Optional) Specifies the interval between subsequent polls.
Default = 1 minute.
Note
Note
Step 10
Router(ca-identity)# exit
Exits CA-identity configuration mode.
Step 11
Router(config)# crypto ca authenticate identify-name
Obtains the CA's public key. Use the same name that you used when declaring the CA with the crypto ca identity command.
Step 12
Router(config)# crypto key generate rsa
Generates the RSA key pair.
Step 13
Router(config)# crypto ca enroll name
Obtains the router certificate for all your RSA key pairs.
Note
Note
Configuring the Originating Gateway
Perform the following tasks to configure the originating gateway:
•
•
•
Configuring the Settlement Provider
To configure the settlement provider to authorize calls, use the following commands in global configuration mode:
Note
Configuring the Inbound POTS Dial Peer
To configure the inbound POTS dial peer, use the following commands in global configuration mode:
Note
Configuring the Outbound VoIP Dial Peer
To configure the outbound VoIP dial peer, use the following commands in global configuration mode:
Step 1
Router(config)# dial-peer voice number voip
Enters dial-peer configuration mode to configure the outbound VoIP dial peer.
Step 2
Router(config-dial-peer)# destination-pattern [+]string[T]
Configures the destination pattern of the dial peer. Enter the number or pattern of the outbound called number.
The string is a series of digits that specify an E.164 or private dialing plan telephone number. Valid entries are the digits 0-9 and the letters A-D. The following special characters can be entered in the string:
•
•
•
•
The timer (T) keyword can be used to configure variable length dial plans.
Step 3
Router(config-dial-peer)# session target settlement [provider-number]
Defines settlement as the session target to resolve the terminating gateway address.
Note
Note
Configuring the Terminating Gateway
Caution
To configure the terminating gateway, perform the following tasks:
•
•
•
Configuring the Settlement Provider
To configure the settlement provider, use the following commands in global configuration mode:
Note
Configuring the Inbound VoIP Dial Peer
To configure the inbound VoIP dial peer, enter the following commands in global configuration mode:
Note
Step 1
Router(config)
#dial-peer voice number voipEnters dial-peer configuration mode to configure an inbound VoIP dial peer.
Step 2
Router(config-dial-peer)# application application name
Configures the application attribute and identifies the desired TCL script using the application name argument.
Step 3
Router(config-dial-peer)# incoming called-number string
Specifies the telephone number of the voice port associated with this dial peer. String characters include wildcards to create the number or pattern.
Step 4
Router(config-dial-peer)#
session target settlement [provider-number]Identifies settlement as the session target to resolve the terminating gateway address.
Note
Configuring the Outbound POTS Dial Peer
To configure the outbound POTS dial peer, enter the following commands in global configuration mode:
Note
Verifying Settlement Configuration
Use the show running configuration command to verify your configuration. See Figure 2.
Configuring Settlement with Roaming
To configure settlement with the roaming capability, perform the configuration tasks described in the following sections:
•
•
•
Configuring the Roaming Patterns on the OGW
To configure the roaming patterns on the originating gateway, enter the following commands in global configuration mode:
Enabling the Roaming Feature for the Settlement Provider
To enable the roaming feature for the settlement provider, enter the following commands in global configuration mode
Enabling the Roaming Feature in the Outbound Dial Peer
To enable the roaming feature in the outbound dial peer, enter the following commands in global configuration mode:
See Example Configuration of Settlement with Roaming.
Configuring Settlement with PKI Multiple Roots
To configure the PKI Multiple Roots capability, perform the configuration tasks described in the following sections:
•
•
•
Configure a Settlement Server with PKI Multiple Roots on the OGW
To configure a settlement server with PKI Multiple Roots on the OGW, enter the following commands in global configuration mode:
Configure the Root Certificate for Token Validation on the TGW
To configure the root certificate for token validation on the TGW, enter the following commands in global configuration mode:
Define the Token Validation on the TGW
To define the token validation on the TGW, enter the following commands in global configuration mode:
Configuring Settlement with Suggested Route
The session target command in the dial peer dictates how the gateway resolves the terminating address to complete the call. Besides settlement, the gateway could use the ipv4 or dns options if it knows the exact address of the TGW, or it could use the ras option to consult a gatekeeper.
To force a call to be authorized by a settlement server, enter the following commands in global configuration mode:
:
Configuration Guidelines for Settle-Call and Session-Target Commands
The following tables provide configuration guidelines for using the settle-call and session target commands.
Table 3 shows if settlement is enabled on a dial peer based on various combinations of the session target and settle-call commands.
Table 3 Settle-Call and Session Target Commands
settle-call
Settlement processing will occur; see Table 4.
Settlement processing will occur; see Table 4.
Illegal (legal once cc_ResolveAddress function is implemented).
no settle-call
Settlement processing will not occur; see Table 4.
Settlement processing will occur; see Table 4.
Settlement processing will not occur; see Table 4.
Note
Table 4 shows the results of using the session-target settlement command.
Table 4 Session-Target Settlement Command Results
User is authenticated and local
•
•
•
•
•
•
User is authenticated and roaming
•
•
•
•
•
•
•
•
User is roaming but not yet authenticated
•
•
•
•
•
•
•
•
1 CDR = call detail record.
Table 5 shows the results of using the session-target ipv4 or session-target dns command.
Table 6 shows the result of using the session-target ras command with no token.
Note
The gateway needs a way to decide whether the gatekeeper has done settlement authorization. The gateway checks to see if the returned ACF contains a settlement token. Table 6 applies to the case where no token is returned.
Table 7 shows the result of using the session-target ras command with token. InTable 7, the ACF returns a valid token, indicating that the call has already been authorized and routed by settlement.
Note
Table 8 shows what happens when an incoming VoIP call is detected, based on whether the setup message contains a token.
Configuration Examples
This section provides the following configuration examples:
•
•
•
•
Figure 2 shows example settlement configurations for both originating and terminating gateways.
Note
Figure 2 Settlement Configurations for Originating and Terminating Gateways
Configuration of Settlement on the Originating Gateway Example
The following example shows settlement configured on the originating gateway:
!version 12.0service timestamps debug uptimeservice timestamps log uptimeno service password-encryptionservice internalservice udp-small-serversservice tcp-small-servers!hostname c3620-px15!ip subnet-zero!settlement 0type ospurl http://1.14.115.100!voice-port 1/0/0alerting audible!voice-port 1/0/1alerting audible!dial-peer voice 1 potsapplication sessiondestination-pattern 5551111port 1/0/0!dial-peer voice 2 voipdestination-pattern 5552222session target settlement:0!interface Ethernet0/0ip address 172.22.65.131 255.255.255.224no ip directed-broadcastip route-cache same-interfacestandby 1 priority 110!interface Serial0/0no ip addressno ip directed-broadcastshutdown!interface Ethernet0/1no ip addressno ip directed-broadcastshutdown!router eigrp 109network 172.22.0.0!router ripnetwork 172.22.0.0!ip default-gateway 172.22.65.129no ip classlessip route 0.0.0.0 0.0.0.0 172.22.65.129!!line con 0transport input noneline aux 0line vty 0 4passwordlogin!endConfiguration of Settlement on the Terminating Gateway Example
The following example shows settlement configured on the terminating gateway:!version 12.0service timestamps debug uptimeservice timestamps log uptimeno service password-encryptionservice internalservice udp-small-serversservice tcp-small-servers!hostname 3620-px16!ip subnet-zeroip domain-name cisco.comip name-server 198.92.30.32!settlement 0type ospurl http://1.14.115.100!voice-port 1/0/0alerting audible!voice-port 1/0/1alerting audible!dial-peer voice 1 potsdestination-pattern 5552222port 1/0/0!dial-peer voice 2 voipapplication sessionincoming called-number 5552222session target settlement:0!interface Ethernet0/0ip address 172.22.65.143 255.255.255.224no ip directed-broadcastip route-cache same-interface!interface Serial0/0no ip addressno ip directed-broadcastshutdown!interface Ethernet0/1no ip addressno ip directed-broadcastshutdown!router eigrp 109network 172.22.0.0!router ripnetwork 172.22.0.0!ip default-gateway 172.22.65.129no ip classlessip route 0.0.0.0 0.0.0.0 172.22.65.129!snmp-server community public RO!line con 0exec-timeout 0 0transport input noneline aux 0line vty 0 4passwordlogin!endExample Configuration of Settlement with Roaming
This example shows settlement with roaming:!version 12.0service timestamps debug datetimeservice timestamps log datetimeno service password-encryptionservice internal!hostname as5300-05!enable secret 5 $1$lFSH$khsm3jB1lldHfXNlxqmaN1enable password lab1!!!resource-pool disable!!!ip subnet-zeroip host pkiserver 1.14.115.100ip domain-name fieldlabs.cisco.comip name-server 172.16.1.4!isdn switch-type primary-5essisdn voice-call-failure 0cns event-service servermta receive maximum-recipients 1024!!crypto cisco algorithm descrypto cisco algorithm 40-bit-des!crypto ca identity transnexusenrollment retry count 100enrollment retry period 2enrollment url http://pkiserver:80crypto ca certificate chain transnexuscertificate ca 01713082024C 308201B5 02020171 300D0609 2A864886 F70D0101 04050030 6E310B3009060355 04061302 55533110 300E0603 55040813 0747656F 72676961 3118301606035504 0A130F54 72616E73 4E657875 732C204C 4C433114 30120603 55040B130B446576 656C6F70 6D656E74 311D301B 06035504 03131454 52414E53 4E45585553204245 54412043 41203130 1E170D39 39303332 32313334 3630395A 170D303030333231 31333436 30395A30 6E310B30 09060355 04061302 55533110 300E060355040813 0747656F 72676961 31183016 06035504 0A130F54 72616E73 4E657875732C204C 4C433114 30120603 55040B13 0B446576 656C6F70 6D656E74 311D301B06035504 03131454 52414E53 4E455855 53204245 54412043 41203130 819F300D06092A86 4886F70D 01010105 0003818D 00308189 02818100 B1B8ACFC D78F0C950258D164 5B6BD8A4 6F5668BD 50E7524B 2339B670 DC306537 3E1E9381 DE2619B44698CD82 739CB251 91AF90A5 52736137 658DF200 FAFEFE6B 7FC7161D 89617E5E4584D67F F018EDAB 2858DDF9 5272F108 AB791A70 580F994B 4CA54F08 38C32DF5B44077E8 79830F95 96F1DA69 4CAE16F2 2879E07B 164F5F6D 02030100 01300D06092A8648 86F70D01 01040500 03818100 2FDCB580 C29E557C 52201151 A8DB5F47C06962D5 8FDA524E A69DE3EE C3FE166A D05C8B93 2844CD66 824A8859 974F22E046F69F7E 8027064F C19D28BC CA750E4E FF2DD68E 1AA9CA41 8BB89C68 7A61E9BF49CBE41E E3A42B16 AAEDAEC7 D3B4F676 4F1A817B A5B89ED8 F03A15B0 39A6EBB90AFA6968 17A9D381 FD62BBB7 A7D379E5quitcertificate 8697B659C0E190E1A8D48961EBED0DB130820247 308201B0 A0030201 02021100 8697B659 C0E190E1 A8D48961 EBED0DB1300D0609 2A864886 F70D0101 04050030 6E310B30 09060355 04061302 55533110300E0603 55040813 0747656F 72676961 31183016 06035504 0A130F54 72616E734E657875 732C204C 4C433114 30120603 55040B13 0B446576 656C6F70 6D656E74311D301B 06035504 03131454 52414E53 4E455855 53204245 54412043 412031301E170D39 39303430 36313833 3430315A 170D3030 30343036 31383334 30315A3081873181 84300F06 03550405 13083131 38313833 37393018 06092A86 4886F70D01090813 0B312E31 342E3131 352E3835 302A0609 2A864886 F70D0109 02161D6173353330 302D3035 2E666965 6C646C61 62732E63 6973636F 2E636F6D 302B060355040314 245B7472 616E736E 65787573 2E636F6D 20475749 443D3230 303020435349443D 31303030 5D305C30 0D06092A 864886F7 0D010101 0500034B 003048024100AF40 5CC8E37D 7211E3C4 2D036E52 70B5DA88 96600C12 8654B85E 7CEFE20427A9B9DD B0F6B85C 1EB561BB 0F3481A2 D4661087 2B0B403A 5A65B7E0 ED9A0165EBC10203 010001A3 0F300D30 0B060355 1D0F0404 030205A0 300D0609 2A864886F70D0101 04050003 8181005C 1E379447 C0FCBC3F 0ABC75FA ADF79A26 770419A402BEC849 ECB7BDB1 58EA815B 48844DB3 4E8934E8 397F4762 F04EB716 8413C4184289AA64 6E2EAFE1 9C9F1F31 3A5BE996 AF749623 18FBFD36 569732BF 8335C5224ACA0BCA CFCC27C6 294AD416 15472F07 C1609E93 E1FEDA66 B69DA603 1A99699E86937EC5 609A3D52 72A45Bquit!!xgcp snmp sgcp!controller T1 0framing esfclock source line primarylinecode b8zspri-group timeslots 1-24!controller T1 1clock source line secondary 1!controller T1 2!controller T1 3!!voice-port 0:D!!dial-peer voice 1 potsapplication sessiondestination-pattern 5710877port 0:D!dial-peer voice 5 voipapplication sessionincoming called-number +1404.......session target settlement:0!dial-peer voice 2 potsdestination-pattern +255....port 0:Dprefix 255!! Enable roaming for this dialpeer!dial-peer voice 6 voiproamingdestination-pattern 1512.......session target settlement!dial-peer voice 7 potsdestination-pattern +1650.......port 0:Dprefix 1650!dial-peer voice 8 voipapplication sessionincoming called-number +1650.......session target settlement:0!dial-peer voice 3 voipapplication sessionincoming called-number +1408.......session target settlement:0!dial-peer voice 12 potsdestination-pattern 1404.......port 0:Dprefix 1404!dial-peer voice 13 potsdestination-pattern 1512.......port 0:Dprefix 1512!! User with account number matching 875.... is a roaming caller!settlement roam-pattern 875.... roam!! Enable roaming for this settlement provider using the "roaming" attribute!settlement 0type ospurl https://1.14.115.100:8443/device-id 2000customer-id 1000roamingno shutdown!!interface Ethernet0ip address 1.14.115.85 255.255.0.0no ip directed-broadcastno ip mroute-cacheno cdp enable!interface Serial0:23no ip addressno ip directed-broadcastdialer-group 1isdn switch-type primary-5essisdn protocol-emulate userisdn incoming-voice modemfair-queue 64 256 0no cdp enable!interface FastEthernet0no ip addressno ip directed-broadcastno ip mroute-cacheshutdownduplex autospeed autono cdp enable!router igrp 200network 1.0.0.0!ip default-gateway 1.14.0.1ip classlessip route 172.16.0.0 255.255.0.0 1.14.115.65no ip http server!no cdp run!!line con 0logging synchronoustransport input noneline aux 0line vty 0 4password lablogin!scheduler interval 1000endConfiguration of Settlement with PKI Multiple Roots Example
The following example shows configuration of settlement with PKI Multiple Roots on the settlement server. As shown in the example, the router has been enrolled under VeriSign TestDerive CA. It has confided Netscape CMS as a trusted root. The Netscape CMS is installed on the server Ciscoca-ultra.
version 12.0service timestamps debug datetimeservice timestamps log datetimeno service password-encryptionservice internal!hostname as5300-04!enable secret 5 $1$Ld7z$CapnZCfz2kMSh8sMHh2hy0enable password lab1!!!resource-pool disable!!!!!ip subnet-zeroip domain-name fieldlabs.cisco.comip name-server 171.69.2.132!isdn switch-type primary-5essisdn voice-call-failure 0cns event-service servermta receive maximum-recipients 1024!!crypto cisco algorithm descrypto cisco algorithm des cfb-8crypto cisco algorithm 40-bit-des!! Configure the second root to be downloaded from tftp server!crypto ca trusted-root transnexus2root tftp 1.14.115.100 onsite_ca.der!crypto ca identity transnexusenrollment retry count 100enrollment retry period 2enrollment url http://hostnamecrypto ca certificate chain transnexuscertificate ca 01713082024C 308201B5 02020171 300D0609 2A864886 F70D0101 04050030 6E310B3009060355 04061302 55533110 300E0603 55040813 0747656F 72676961 3118301606035504 0A130F54 72616E73 4E657875 732C204C 4C433114 30120603 55040B130B446576 656C6F70 6D656E74 311D301B 06035504 03131454 52414E53 4E45585553204245 54412043 41203130 1E170D39 39303332 32313334 3630395A 170D303030333231 31333436 30395A30 6E310B30 09060355 04061302 55533110 300E060355040813 0747656F 72676961 31183016 06035504 0A130F54 72616E73 4E657875732C204C 4C433114 30120603 55040B13 0B446576 656C6F70 6D656E74 311D301B06035504 03131454 52414E53 4E455855 53204245 54412043 41203130 819F300D06092A86 4886F70D 01010105 0003818D 00308189 02818100 B1B8ACFC D78F0C950258D164 5B6BD8A4 6F5668BD 50E7524B 2339B670 DC306537 3E1E9381 DE2619B44698CD82 739CB251 91AF90A5 52736137 658DF200 FAFEFE6B 7FC7161D 89617E5E4584D67F F018EDAB 2858DDF9 5272F108 AB791A70 580F994B 4CA54F08 38C32DF5B44077E8 79830F95 96F1DA69 4CAE16F2 2879E07B 164F5F6D 02030100 01300D06092A8648 86F70D01 01040500 03818100 2FDCB580 C29E557C 52201151 A8DB5F47C06962D5 8FDA524E A69DE3EE C3FE166A D05C8B93 2844CD66 824A8859 974F22E046F69F7E 8027064F C19D28BC CA750E4E FF2DD68E 1AA9CA41 8BB89C68 7A61E9BF49CBE41E E3A42B16 AAEDAEC7 D3B4F676 4F1A817B A5B89ED8 F03A15B0 39A6EBB90AFA6968 17A9D381 FD62BBB7 A7D379E5quitcertificate B7DD210B9BFE007E41EEB177AF39F78C30820247 308201B0 A0030201 02021100 B7DD210B 9BFE007E 41EEB177 AF39F78C300D0609 2A864886 F70D0101 04050030 6E310B30 09060355 04061302 55533110300E0603 55040813 0747656F 72676961 31183016 06035504 0A130F54 72616E734E657875 732C204C 4C433114 30120603 55040B13 0B446576 656C6F70 6D656E74311D301B 06035504 03131454 52414E53 4E455855 53204245 54412043 412031301E170D39 39303430 36313833 3635325A 170D3030 30343036 31383336 35325A3081873181 84300F06 03550405 13083131 37363837 37353018 06092A86 4886F70D01090813 0B312E31 342E3131 352E3834 302A0609 2A864886 F70D0109 02161D6173353330 302D3034 2E666965 6C646C61 62732E63 6973636F 2E636F6D 302B060355040314 245B7472 616E736E 65787573 2E636F6D 20475749 443D3130 303020435349443D 31303030 5D305C30 0D06092A 864886F7 0D010101 0500034B 003048024100C82B 8E4CBD44 06C763FB 1DC1A78F 8D71F1DA 110EDAC3 C9AA6256 6E1BF15B79E48BEF 741D26CF DEBEACCC FA09D420 F54B76A1 F6CDCE33 02C8D9F7 5873E012AFC90203 010001A3 0F300D30 0B060355 1D0F0404 030205A0 300D0609 2A864886F70D0101 04050003 81810056 C05E1151 BE2D5515 624010AE 22F03D58 8BD9F2D3E037EBC8 376E321A 5C53D4C6 770CE32F CF1CB0F4 2FD44C0D CA8EE22C 2372EE64349FF062 137A6780 DC554F6A 3BA9F17C 85A7F390 D5B99E35 D7FBF927 75910E9E992C7052 54AE0887 ED1DEEA0 C6BCA9C4 49F3D98E 4835A5E2 0FD470B6 F6D727A88AA0F923 5D60985B F8DD19quitcrypto ca certificate root transnexus2 DB3882D37891B597970BF0F18B008F13308201F4 3082015D A0030201 02021100 DB3882D3 7891B597 970BF0F1 8B008F13300D0609 2A864886 F70D0101 04050030 15311330 11060355 040A130A 5472616E734E6578 7573301E 170D3939 30333138 30303030 30305A17 0D303930 3331383233353935 395A3015 31133011 06035504 0A130A54 72616E73 4E657875 7330819F300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100AB91 E2123C3FE83DE86A 3B8A18DF 750FB756 3034D692 2A363692 721F9E59 6CDB046F AAF9A2126B4B1033 9DDE94DB B132E768 085376EC 9EC7E2FD 0BB92B43 8FEC1243 35A33F8941390517 AF2D6D46 2FAAC116 8AE55865 C326C77A 3381C944 5BE107B1 E66CA111B3560313 A29A0081 201D84C5 FE24E452 6338C52C EFDE6B95 4A570203 010001A344304230 22060355 1D11041B 3019A417 30153113 30110603 55040313 0A4F6E7369746532 2D363230 0F060355 1D130408 30060101 FF020100 300B0603 551D0F0404030201 06300D06 092A8648 86F70D01 01040500 03818100 481E4F13 79EB3B5FD9BCEED9 9C756BF7 B42167B1 4DE11B8C 240D3446 5A14E2E1 A79D2454 1EA8410917EF6E8E 8AFD06C7 8209753B F760761C EC13A2D6 95348D69 4F73F0D5 9211DD950FE00D23 4583002A 242C769E 695FAFD4 EE12D014 580C5DFC F377F3FF F20F25D6831E4F2B 253DFA9C 8B3E00A8 002F03D7 BC0C19D8 7EA134A6quit!!xgcp snmp sgcp!controller T1 0framing esfclock source line primarylinecode b8zspri-group timeslots 1-24!controller T1 1clock source line secondary 1!controller T1 2!controller T1 3!!voice-port 0:D!!dial-peer voice 1 potsapplication sessiondestination-pattern 5710876port 0:D!dial-peer voice 7 voipdestination-pattern +255....session target settlement:0!dial-peer voice 13 potsdestination-pattern 1770.......port 0:Dprefix 1770!dial-peer voice 1770 voipincoming called-number 1770.......ip precedence 7session target settlement:0!dial-peer voice 1650 voipdestination-pattern +1650.......session target settlement:0!dial-peer voice 10 voipdestination-pattern 1408.......session target settlement!dial-peer voice 1404 voipdestination-pattern 1404.......session target settlement!dial-peer voice 1512 voipdestination-pattern 1512.......session target settlement!! Specify which root to use to validate the settlement token! via token-root-name attribute!settlement 0type ospurl https://1.14.115.100:8443/retry-delay 2device-id 1000customer-id 1000token-root-ca transnexus2no shutdown!!interface Ethernet0ip address 1.14.115.84 255.255.0.0no ip directed-broadcastno ip route-cacheno ip mroute-cacheno cdp enable!interface Serial0:23no ip addressno ip directed-broadcastdialer-group 1isdn switch-type primary-5essisdn protocol-emulate userisdn incoming-voice modemfair-queue 64 256 0no cdp enable!interface FastEthernet0no ip addressno ip directed-broadcastshutdownduplex autospeed autono cdp enable!router igrp 200network 1.0.0.0!ip default-gateway 1.14.0.1ip classlessno ip http server!no cdp run!!line con 0logging synchronoustransport input noneline aux 0line vty 0 4password lablogin!ntp clock-period 17180879ntp update-calendarntp server 1.14.42.23scheduler interval 1000endTroubleshooting Tips
This section offers helpful hints and reminders users may need while resolving problems with their feature configuration.
Common Problems When Setting Up Settlement
The following section is provided to assist in determining if your OSP network is set up correctly. The problems listed have been reported as the most common errors made when configuring settlement in a network. Each section describes a problem and a solution.
Settlement Database Not Set Up Properly
Problem
Calls are routed through a settlement server, but the OGW gets no response, or negative response.
Solution
Check with settlement provider to make sure that the router is properly registered with that provider. Router registration with settlement provider is normally done outside of OSP.
TCL IVR Script Not Called
Problem
TCL IVR script is not used on the OGW or TGW.
Solution
Configure a TCL IVR script for the dial peer using the application application name command.
Note
–
–
–
The following example shows the available scripts on the router.
router# show call application voice summaryname descriptionsession Basic app to do DID, or supply dialtone.fax_hop_on Script to talk to a fax redialerclid_authen Authenticate with (ani, dnis)clid_authen_collect Authenticate with (ani, dnis), collect if that failsclid_authen_npw Authenticate with (ani, NULL)clid_authen_col_npw Authenticate with (ani, NULL), collect if that failsclid_col_npw_3 Authenticate with (ani, NULL), and 3 tries collectingclid_col_npw_npw Authenticate with (ani, NULL) and 3 tries without pwSESSION Default system session applicationNo destination-pattern Set
Problem
The OGW inbound POTS dial peer has no destination-pattern set.
Solution
Because some PBX devices do not pass along the calling number in the setup message, the router uses the destination-pattern number or answer-address as an alternative, and calling number is a required field for settlement.
No session target settlement Set on OGW
Problem
The OGW outbound VoIP dial peer has no session target settlement.
The router could make successful calls, but not through a settlement server. The session target attribute dictates how the router resolves the TGW address for a particular called number.
Solution:
Configure the session target settlement [provider-number] command.
No VoIP Inbound Dial Peer on TGW
Problem
TGW has no VoIP inbound dial peer. Because the settlement token in the incoming setup message from the OGW cannot be validate, the TGW rejects the call.
Solution
Create an inbound dial peer with the session target settlement [provider-number] command.
No application Attribute on TGW
Problem:
TGW has an inbound dial peer configured, but with no application attribute. The default session application (SESSION) processes the call, but it does not support settlement.
Solution
The default session application (SESSION) does not support the settlement feature. Therefore, you must configure the application application name attribute in the inbound dial peer.
TGW Not Synchronized with Settlement Server
Problem:
TGW clock is not synchronized with the settlement server. The TGW rejects the call because it is too soon or too late to use the settlement token in the incoming setup message.
Solution
Use the ntp or clock set command to synchronize the clocks between the TGW and the settlement server.
Settlement Provider Not Running
Problem
The settlement provider on the OGW or TGW is not running. No settlement transaction processing is allowed unless the provider is running.
Solution
Enable settlement using the no shutdown command in settlement configuration mode. Use the show settlement command to verify the provider status.
Router and Server Not Using SSL to Communicate
Problem
The router cannot use SSL to communicate with the server because the server URL should be "https," not "http."
Solution
Configure a secured URL using "https."
Problem
The router cannot use SSL to communicate with the server because the certificates of the server or router were not properly obtained.
Solution
Check the certificate enrollment process for both the server and the router.
Multiple Dial Peers Have Random Order
Problem:
OGW has multiple dial peers for the same called number, and settlement is never used. The order for rotary dial peers is random, unless a dial peer preference is specified. The dial peer with lower preference is chosen first.
Solution:
Define dial peer preference using the preference number command.
H.323 Setup Connection Timeout
Problem:
The OGW cannot successfully set up a call with the first TGW that is returned from the OSP server. The problem occurs when a gateway attempts to setup the call with the terminating gateways in the order they are received. If for some reason the H.323 call setup is not successful, there is a 15-second timeout by default before the next terminating gateway on the list is contacted.
Solution:
The H.323 call setup timeout can be tuned using the h225 timeout command.
For example:
voice class h323 1h225 timeout tcp etablish <value 0 to 30 seconds>dial-peer voice 919 voipapplication sessiondestination-pattern 919555....voice-class codec 1voice-class h323 1session target settlementProblem Isolations
To isolate problems with settlement, perform the following tasks:
•
•
•
•
•
•
•
Command Reference
This section documents new commands. The asterisk (*) indicates the commands developed for the second phase of the settlement feature introduced in Cisco IOS Release 12.1(1)T. All other commands for this feature are documented in the Cisco IOS Release 12.0(4)XH, and 12.0(7)T feature modules and in the Cisco IOS Release 12.1 command references.
•
•
•
connection-timeout
To configure the time in seconds that a connection is maintained after completing a communication exchange, use the connection-timeout settlement configuration command. To reset to the default value, use the no form of this command.
connection-timeout number
no connection-timeout number
Syntax Description
Defaults
The default connection timeout is 3600 seconds (1 hour).
Command Modes
Settlement configuration
Command History
Usage Guidelines
The router maintains the connection for this period in anticipation of future communication exchanges to the same server.
Examples
The following example sets the connection-timeout to 3600 seconds (1 hour):
settlement 0connection timeout 3600
Related Commands
crypto ca authenticate
To authenticate the Certificate Authority (by getting the CA certificate), use the crypto ca authenticate global configuration command. To clear the CA authentication, use the no form of this command.
crypto ca authenticate [identify-name | trust-point-name]
no crypto ca authenticate identify-name
Syntax Description
identify-name
Specifies the name of the CA. This is the same name used when the CA was declared with the crypto ca identity command.
trust-point-name
Specifies the unique name of the trust point.
Defaults
There are no defaults for this command.
Command Modes
Global configuration
Command History
Usage Guidelines
This command is required when you initially configure CA support at your router.
This command authenticates the CA to your router by obtaining the self-signed certificate containing the CA public key. Because the CA signs its own certificate, you should manually authenticate the CA public key by contacting the CA administrator when you issue this command.
If you are using RA mode (using the enrollment mode ra command) when you issue the crypto ca authenticate command, then RA signing and encryption certificates will be returned from the CA in addition to the CA certificate.
This command is not saved to the router configuration; however, the public keys embedded in the received CA (and RA) certificates are saved to the configuration as part of the RSA public key record (called the "RSA public key chain").
If the CA does not respond by a timeout period after this command is issued, the terminal control will be returned so the CA will not be tied up. If the terminal control times out, you must reenter the command.
Examples
In this example, the router requests the CA certificate. The CA sends its certificate and the router prompts the administrator to verify the CA certificate by checking the CA certificate fingerprint. The CA administrator can also view the CA certificate fingerprint, and should compare it to what the router displays on the screen. If the fingerprint on the router screen matches the fingerprint viewed by the CA administrator, the certificate as valid.
Router# crypto ca authenticate mycaCertificate has the following attributes:Fingerprint: 0123 4567 89AB CDEF 0123Do you accept this certificate? [yes/no] yrouter#This example displays the usage of the crypto ca trusted-root command with CA root identity:
!Root CA identitycrypto ca trusted-root my_root_identityroot CEP http://my_root..exitRelated Commands
crypto ca trusted-root
To configure a root with a selected name, use the crypto ca trusted-root global configuration command. To reset to the default value, use the no form of this command.
crypto ca trusted-root identity
no crypto ca trusted-root identity
Syntax Description
Defaults
No default behavior or values.
Command Modes
Global configuration
Command History
Usage Guidelines
The root that signs the open settlement protocol settlement tokens can be set as a private root. Use of this command allows you to enter additional conditions as follows:
•
•
•
Examples
This section documents the new crypto ca trusted-root command.
!Root CA identity
crypto ca trusted-root my_root_identityroot CEP http://my_root
..exitRelated Commands
Authenticates the CA (by getting the CA's certificate).
crypto ca identity
Declares the CA your router should use.
Displays the roots confided in the router.
customer-id
To identify a carrier or Internet service provider with a settlement provider, use the customer-id settlement configuration command. To reset to the default value use the no form of this command.
customer-id number
no customer-id number
Syntax Description
Defaults
The default customer ID is 0.
Command Modes
Settlement configuration
Command History
Usage Guidelines
It is optional to identify a carrier or ISP with a settlement provider.
Examples
The following example identifies customer-id 1000:
settlement 0custom id 1000Related Commands
device-id
To identify a gateway associated with a settlement provider, use the device-id settlement configuration command. To reset to the default value use the no form of this command.
device-id number
no device-id number
Syntax Description
Defaults
The default device ID is 0.
Command Modes
Settlement configuration
Command History
Usage Guidelines
It is optional to identify a gateway associated with a settlement provider.
Examples
The following example sets the device-id to 1000:
settlement 0device-id 1000Related Commands
encryption
To set the algorithm to be negotiated with the provider, use the encryption settlement configuration command. To reset to the default value of this command use the no form of this command.
encryption {des-cbc-sha | des40-cbc-sha | dh-des-cbc-sha | dh-des40-cbc-sha | null-md5 | null-sha}
no encryption {des-cbc-sha | des40-cbc-sha | dh-des-cbc-sha | dh-des40-cbc-sha | null-md5 | null-sha}
Syntax Description
Defaults
The default encryption method is all. If none of the encryption methods is configured, then the system configures to use all of the encryption methods in the Secure Socket Layer session negotiation.
Command Modes
Settlement configuration
Command History
Usage Guidelines
For Cisco IOS Release 12.0(4)XH1, only one encryption method is allowed for each provider.
Examples
The following example sets the algorithm to be negotiated with the provider, using the encryption settlement configuration command:
settlement 0encryption des-cbc-shaRelated Commands
max-connection
To set the maximum number of simultaneous connections to be used for communication with a settlement provider, use the max-connection settlement configuration command. To reset to the default value use the no form of this command.
max-connection number
no max-connection number
Syntax Description
Defaults
The default is ten maximum connections.
Command Modes
Settlement configuration
Command History
Examples
The following example sets the maximum number of simultaneous connections to ten:
settlement 0max-connection 10Related Commands
response-timeout
To configure the maximum time, in milliseconds, to wait for a response from a server, use the response-timeout settlement configuration command. To reset to the default value use the no form of this command.
response-timeout number
no response-timeout number
Syntax Description
Defaults
The default response timeout is 1 second.
Command Modes
Settlement configuration
Command History
Usage Guidelines
If no response is received within this time limit, the current connection ends and the router attempts to contact the next service point.
Examples
The following example sets the maximum response-timeout time to 1 millisecond:
settlement 0response-timeout 1Related Commands
retry-delay
To set the time in seconds between attempts to connect with the settlement provider, use the retry-delay settlement configuration command. To reset to the default value use the no form of this command.
retry-delay number
no retry-delay number
Syntax Description
number
Length of time (in seconds) between attempts to connect with the settlement provider. The valid range for the retry delay is 1-600 seconds.
Defaults
The default retry delay is 2 seconds.
Command Modes
Settlement configuration
Command History
Usage Guidelines
After exhausting all service points for the provider, the router is delayed for this length of time before resuming connection attempts.
Examples
The following example sets the retry-delay time to 15 seconds:
settlement 0relay-delay 15Related Commands
retry-limit
To set the maximum number of connection attempts to the provider, use the retry-limit settlement configuration command. To reset to the default value use the no form of this command.
retry-limit number
no retry-limit number
Syntax Description
Defaults
The default retry limit is one retry.
Command Modes
Settlement configuration
Command History
Usage Guidelines
If no connection is established after the configured number of retries, the router ceases connection attempts. The retry limit number does not count the initial connection attempt. A retry limit of one (default) results in a total of two connection attempts to every service point.
Examples
The following example sets the maximum number of connection attempts in addition to the first attempt to one.
settlement 0relay-limit 1Related Commands
roaming (dial-peer)
To enable the roaming capability for the dial peer, use the roaming dial-peer configuration command. To disable the roaming capability use the no form of this command.
roaming
no roaming
Syntax Description
This command has no arguments or keywords.
Defaults
Roaming is off by default.
Command Modes
Dial-peer configuration
Command History
Usage Guidelines
Enable the roaming capability of a dial peer if that dial peer can terminate roaming calls.
If a dial peer is dedicated to local calls only, disable the roaming capability.
The roaming dial peer needs to work with a roaming service provider.
If the dial peer allows a roaming user and the service provider is not roaming enabled, the call fails.
Examples
The following example enables the roaming capability for the dial-peer:
dial-peer voice 10 voiproamingRelated Commands
roaming (settlement)
To enable the roaming capability for a settlement provider, use the roaming settlement configuration command. To disable the roaming capability use the no form of this command.
roaming
no roaming
Syntax Description
This command has no arguments or keywords.
Defaults
No roaming
Command Modes
Settlement configuration
Command History
Usage Guidelines
Enable roaming capability of a settlement provider if that provider can authenticate a roaming user and route roaming calls.
A roaming call is successful only if both the settlement provider and the outbound dial peer for that call are both roaming-enabled.
Examples
The following example enables the roaming capability for the settlement provider:settlement 0roamingRelated Commands
session target (VoIP)
To specify a network-specific address for a specified dial peer, use the session target dial-peer configuration command. To restore default values for this parameter, use the no form of this command.
Note
session target {ipv4:destination-address | dns:[$s$. | $d$. | $e$. | $u$.] host-name | loopback:rtp | loopback:compressed | loopback:uncompressed | ras | settlement}
no session target {ipv4:destination-address | dns:[$s$. | $d$. | $e$. | $u$.] host-name | loopback:rtp | loopback:compressed | loopback:uncompressed | ras | settlement}
Syntax Description
Defaults
The default for this command is enabled with no IP address or domain name defined.
Command Modes
Dial-peer configuration
Command History
Usage Guidelines
•
•
•
•
•
•
Examples
The following example configures a session target using DNS for host voice_router in the domain cisco.com:
dial-peer voice 10 voipsession target dns:voice_router.cisco.comThe following example configures a session target using DNS with the optional $u$. wildcard. In this example, the destination pattern has been configured to allow for any four-digit extension beginning with the numbers 1310222. The optional wildcard $u$. indicates that the router will use the unmatched portion of the dialed number—in this case, the four-digit extension —to identify the dial peer. As in the previous example, the domain is cisco.com:
dial-peer voice 10 voipdestination-pattern 1310222....session target dns:$u$.cisco.comThe following example configures a session target using DNS with the optional $d$. wildcard. In this example, the destination pattern has been configured for 13102221111. The optional wildcard $d$. indicates that the router will use the destination pattern to identify the dial peer in the cisco.com domain:
dial-peer voice 10 voipdestination-pattern 13102221111session target dns:$d$.cisco.comThe following example configures a session target using DNS with the optional $e$. wildcard. In this example, the destination pattern has been configured for 12345. The optional wildcard $e$. indicates that the router will reverse the digits in the destination pattern, add periods between the digits, and then use this reverse-exploded destination pattern to identify the dial peer in the cisco.com domain:
dial-peer voice 10 voipdestination-pattern 12345session target dns:$e$.cisco.comThe following example configures a session target using RAS:
dial-peer voice 11 voipdestination-pattern 13102221111session target rasThe following example configures a session target using settlement:
session target settlement:0Related Commands
session-timeout
To configure the lifetime, in seconds, of a single SSL session key, use the session-timeout settlement configuration command. To reset to the default value use the no form of this command.
session-timeout number
no session-timeout number
Syntax Description
Defaults
The default session timeout is 86,400 seconds (one day).
Command Modes
Settlement configuration
Command History
Usage Guidelines
When this time limit is exceeded, the router negotiates a new session key. Communication exchanges in progress are not interrupted when this time limit expires.
Examples
The following example sets the session-timeout to 86,400 seconds (one day):
settlement 0session timeout 86400Related Commands
settle-call
To force a call to be authorized with a settlement server that uses the address resolution method specified in the session target type command, use the settle-call dial-peer configuration command. To make sure that no authorization will be performed by a settlement server, have the terminating gateway address resolved by the method specified in the session target type command use the no form of this command.
settle-call [<provider-number>]
no settle-call [<provider-number>]
Syntax Description
Defaults
No default behavior or values.
Command Modes
Dial-peer configuration
Command History
Usage Guidelines
Using the session target command, a dial peer can determine the address of the terminating gateway through the ipv4, dns, ras and settlement keywords.
If the session target is not settlement, and the settle-call provider-number argument is set, the gateway resolves the terminating gateway's address using the specified method, and then requests the settlement server to authorize that address and create a settlement token for that particular address. If the server cannot authorize the terminating gateway address suggested by the gateway, the call fails.
Do not combine the session target types ras, and settle-call. Combination of session target types is not supported in Cisco IOS Release 12.1(1)T.
Examples
The following example sets a call to be authorized with a settlement server that uses the address resolution method specified in the session target:
dial-peer voice 10 voipdestination-pattern 1408.......session target ipv4:172.22.95.14settle-call 0Related Commands
settlement
To enter settlement configuration mode and specify the attributes specific to a settlement provider, use the settlement global configuration command. To reset to the default value use the no form of this command.
settlement provider-number
no settlement provider-number
Syntax Description
Defaults
The default is 0.
Command Modes
Global configuration
Command History
Usage Guidelines
For Cisco IOS Release 12.0(4)XH, only one clearinghouse per system is allowed, and the only valid value for the provider-number argument is 0.
Examples
The following example sets the attributes to a specific settlement provider:
settlement 0Related Commands
settlement roam-pattern
To configure a pattern to match when determining if a user is roaming, use the settlement roam-pattern global configuration command. To delete a particular pattern use the no form of this command.
settlement [provider-number] roam-pattern pattern {roaming | noroaming}
no settlement [provider-number] roam-pattern pattern {roaming | noroaming}
Syntax Description
provider-number
Digit defining the ID of particular settlement server. The only valid entry is 0.
pattern
Specifies a user account pattern.
roaming | noroaming
Determines if user is roaming.
Defaults
No default pattern
Command Modes
Global configuration
Command History
Usage Guidelines
Multiple "roam-patterns" could be entered on one gateway.
Examples
The following example will configure a pattern that determines if a user is roaming:
settlement 0 roam-pattern 1222 roamsettlement 0 roam-pattern 1333 noroamsettlement roam-pattern 1444 roamsettlement roam-pattern 1555 noroamRelated Commands
Enables the roaming capability for a settlement provider.
Enters settlement configuration mode.
show crypto ca roots
To display the roots confided in the router, use the show crypto ca roots privileged EXEC command.
show crypto ca roots
Syntax Description
This command has no arguments or key words.
Defaults
No default behavior or values.
Command Modes
Privileged EXEC
Command History
Examples
The following example is the configuration file from alice.cisco.com, and the console output after executing the show crypto ca roots, show crypto ca cert, and show crypto key pub rsa commands. The router alice.cisco.com has been enrolled under VeriSign TestDerive CA. It has confided Netscape CMS as a trusted root. The Netscape CMS is installed on the server Ciscoca-ultra:
version 12.0no service timestamps debug uptimeno service timestamps log uptimeno service password-encryptionservice udp-small-serversservice tcp-small-servers!hostname alice!hostname#hostname#show crypto ca rootsRoot netscape:Subject Name:CN = Certificate ManagerOU = On 07/01O = ciscoC = USSerial Number: 01Certificate configured.Root identity: netscapeCEP URL: http://cisco-ultraCRL query url: ldap://cisco-ultrahostname#Related Commands
Authenticates the CA (by getting the CA certificate).
Configures the root certificate that the server uses to sign the settlement tokens.
show settlement
To display the configuration for all settlement servers see the specific provider and transactions, use the show settlement privileged EXEC command. To reset to the default value use the no form of this command.
show settlement [provider-number [transactions]]
no show settlement [provider-number [transactions]]
Syntax Description
provider-number
Optional displays the attributes of a specific provider.
transactions
Optional displays the transaction status of a specific provider.
Defaults
No default behavior or values
Command Modes
Privileged EXEC
Command History
Usage Guidelines
Table 9 describes the significant fields that appear with the show settlement command output.
The provider attributes not configured are not shown.
Examples
The following example displays the configuration for all settlement servers:
Router#show settlementSettlement Provider 0Type = ospAddress url = https://1.14.115.100:6556/Encryption = all (default)Max Concurrent Connections = 20 (default)Connection Timeout = 3600 (s) (default)Response Timeout = 1 (s) (default)Retry Delay = 2 (s) (default)Retry Limit = 1 (default)Session Timeout = 86400 (s) (default)Customer Id = 1000Device Id = 1000Roaming = Disabled (default)Signed Token = onNumber of Connections = 0Number of Transactions = 7Example Output with Keywords
Router# show settlement 0 transactionsTransaction ID=8796304133625270342state=OSPC_GET_DEST_SUCCESS, index=0callingNumber=5710868, calledNumber=15125551212Example Settlement Output with Token Root Name
Router# show settlementSettlement Provider 0Operation Status = UPType = ospAddress url = https://1.14.115.100:xxxx/Encryption = all (default)Token Root Name = transnexus2Max Concurrent Connections = 20 (default)Connection Timeout = 3600 (s) (default)Response Timeout = 1 (s) (default)Retry Delay = 2 (s)Retry Limit = 1 (default)Session Timeout = 86400 (s) (default)Customer Id = 1000Device Id = 1000Roaming = Disabled (default)Signed Token = OnNumber of Connections = 0Number of Transactions = 0Related Commands
shutdown
To deactivate the settlement provider, use the shutdown settlement configuration command.To activate a settlement provider, use the no form of this command.
shutdown
no shutdown
Syntax Description
This command has no arguments or key words.
Defaults
The default status of a settlement provider is deactivated.
Command Modes
Settlement configuration
Command History
Usage Guidelines
Transactions will not go through the provider to be audited and charged if the shutdown command is not used.
Examples
The following example deactivates the settlement provider:
settlement 0shutdownRelated Commands
token-root-name
To specify which root or Certificate Authority certificate the router should use to validate the settlement token in the incoming setup message, use the token-root-name settlement configuration command. To reset to the default value of this command use the no form of this command.
token-root-name name
no token-root-name name
Syntax Description
name
Specifies the name that is the certificate identification as configured through the crypto ca identity name command or the crypto ca trusted-root name command.
Defaults
The terminating gateway uses the CA certificate to validate the settlement token.
Command Modes
Settlement configuration
Command History
Examples
The following example specifies the token-root-name:
token-root-name fooThe following example shows new output for the show settlement command to display the value of the token-root-name command:
Settlement Provider 0Operation Status = UPType = ospAddress url = https://1.14.115.100:8444/Encryption = all (default)Token Root Name = fooMax Concurrent Connections = 20 (default)Connection Timeout = 3600 (s) (default)Response Timeout = 1 (s) (default)Retry Delay = 2 (s) (default)Retry Limit = 1 (default)Session Timeout = 86400 (s) (default)Customer Id = 1000Device Id = 2000Roaming = Disabled (default)Signed Token = OnNumber of Connections = 1Number of Transactions = 0Related Commands
type
To point to the provider type and the specific settlement server, use the type settlement configuration command. To disable this command use the no form of this command.
type {osp}
no type
Syntax Description
Defaults
The default is osp.
Command Modes
Settlement configuration
Command History
Usage Guidelines
This command line defines the settlement server that is doing the accounting, and enables the server to do the accounting. In Cisco IOS Release 12.0(4)XH, the osp keyword is the only settlement server type supported.
Examples
The following example defines the osp settlement server:
settlement 0type ospRelated Commands
url
To configure the Internet service provider (ISP) address, use the url settlement configuration command. To disable this command use the no form of this command.
url url-address
no url url-address
Syntax Description
Defaults
No default behavior or values.
Command Modes
Settlement configuration
Command History
Usage Guidelines
You can configure the address type multiple times. If you configure multiple URLs for the settlement server, the gateway attempts to send the request to each URL in the order that you configured these addresses.
Examples
The following example configures the url to your company:
settlement 0url http://1.2.3.4/url http://1.2.3.4:80/url https://1.2.3.4:4444/url https://yourcompany.com:443/Related Commands
Debug Commands
This section documents new and modified debug commands associated with the settlement feature. All other commands used with this feature are documented in the Cisco Release 12.0 command references. All debug commands are EXEC commands.
•
•
•
debug voip ivr settlement
To debug the Interactive Voice Response application use the debug voip ivr command. To disable this command use the no form of this command.
Note
debug voip ivr [states | error | settlement | dynamic| all]
no debug voip ivr [states | error | settlement | dynamic| all]
Syntax Description
Defaults
Not enabled
Command History
Usage Guidelines
Error outputs only occurs if something is not working or an error condition has been raised. The output when the keyword states is used supplies information about the current status of the IVR script and the different events that occur in that state. This document for Cisco IOS Release 12.0(4)XH shows the debug voip ivr settlement command using the output for the keyword settlement only. IVR debug messages appear when a call is being actively handled by the IVR scripts.
The settlement output logs activities related to settlement when a call is processed.
Examples
The following example shows debug voip ivr settlement on the originating gateway:
Router # debug voip ivr settlementivr settlement activities debugging is onas5300-04#00:00:52:settlement_validate_token:cid(1), target=, tokenp=0x000:00:54:pcSettlementAuthorize:cid(1) authorizing using calling=408,called=1512555121200:00:54:pcSettlementAuthorize:cid(1) sending authorize request type=100:00:57:pcSettlementSetup:cid(1) settlement_curr_dest=0, num_dest=300:00:57:pcSettlementGetDestination:trans=0 gets error=0,credit_time=1440000:00:57:pcSettlementSetup:cid(1) placing call throughip(1.14.115.85), calling(408),called(15125551212), digits(15125551212)00:00:57:pcSettlementSetup:set settlement acct for cid(2) onip=1.14.115.85as5300-04#The following example shows debug voip ivr settlement on the terminating gateway:
Router # debug voip ivr settlementivr settlement activities debugging is onas5300-05#00:10:02:settlement_validate_token:cid(1), target=settlement,tokenp=0x618386B400:10:02:settlement_validate_token:cid(1) return 1, credit_time=1440000:10:02:Set settlement acct on cid(1) for trans=0, prov=0as5300-05#debug voip settlement all
To enable debugging in all settlement areas, use the debug voip settlement all EXEC command. To disable debugging output use the no form of this command.
debug voip settlement all
[no] debug voip settlement all
Syntax Description
Defaults
Not enabled
Command History
Usage Guidelines
The debug voip settlement all EXEC command enables the following debug settlement commands:
•
•
•
Examples
The following example shows debugging in all settlement areas
debug voip settlement enter
To show all settlement function entrances, use the debug voip settlement enter command. To disable debugging output use the no form of this command.
debug voip settlement enter
[no] debug voip settlement enter
Syntax Description
This command has no arguments or key words.
Defaults
Not enabled.
Command History
Examples
The following example shows all settlement function entrances:
00:43:40:OSP:ENTER:OSPPMimeMessageCreate()00:43:40:OSP:ENTER:OSPPMimeMessageInit()00:43:40:OSP:ENTER:OSPPMimeMessageSetContentAndLength()00:43:40:OSP:ENTER:OSPPMimeMessageBuild()00:43:40:OSP:ENTER:OSPPMimeDataFree()00:43:40:OSP:ENTER:OSPPMimePartFree()00:43:40:OSP:ENTER:OSPPMimePartFree()00:43:40:OSP:ENTER:OSPPMsgInfoAssignRequestMsg()00:43:40:OSP:ENTER:osppHttpSelectConnection00:43:40:OSP:ENTER:OSPPSockCheckServicePoint() ospvConnected = <1>00:43:40:OSP:ENTER:OSPPSockWaitTillReady()00:43:40:OSP:ENTER:osppHttpBuildMsg()00:43:40:OSP:ENTER:OSPPSSLSessionWrite()00:43:40:OSP:ENTER:OSPPSockWrite()00:43:40:OSP:ENTER:OSPPSockWaitTillReady()debug voip settlement error
To show all settlement errors, use the debug voip settlement error command. To disable debugging output use the no form of this command.
debug voip settlement error
[no] debug voip settlement error
Syntax Description
This command has no arguments or key words.
Defaults
Not enabled
Command History
Examples
The following example shows all settlement errors:
00:45:50:OSP:OSPPSockProcessRequest:http recv init header failed00:45:50:OSP:osppHttpSetupAndMonitor:attempt#0 on http=0x6141A514, limit=1 error=14310Usage Guidelines
the error code definitions are displayed below:
-1:OSP internal software error.16:A bad service was chosen.17:An invalid parameter was passed to OSP.9010:Attempted to access an invalid pointer.9020:A time related error occurred.10010:OSP provider module failed initialization.10020:OSP provider tried to access a NULL pointer.10030:OSP provider could not fine transaction collection.10040:OSP provider failed to obtain provider space.10050:OSP provider tried to access an invalid handle.10060:OSP provider has reached the maximum number of providers.11010:OSP transaction tried to delete a transaction which was not allowed.11020:OSP transaction tried a transaction which does not exist.11030:OSP transaction tried to start a transaction, but data had already been delivered.11040:OSP transaction could not identify the response given.11050:OSP transaction failed to obtain transaction space.11060:OSP transaction failed (possibly ran out) to allocate memory.11070:OSP transaction tried to perform a transaction which is not allowed.11080:OSP transaction found no more responses.11090:OSP transaction could not find a specified value.11100:OSP transaction did not have enough space to copy.11110:OSP transaction - call id did not match destination.11120:OSP transaction encountered an invalid entry.11130:OSP transaction tried to use a token too soon.11140:OSP transaction tried to use a token too late.11150:OSP transaction - source is invalid.11160:OSP transaction - destination is invalid.11170:OSP transaction - calling number is invalid.11180:OSP transaction - called number is invalid.11190:OSP transaction - call id is invalid.11200:OSP transaction - authentication id is invalid.11210:OSP transaction - call id was not found11220:OSP transaction - The IDS of the called number was invalid.11230:OSP transaction - function not implemented.11240:OSP transaction tried to access an invalid handle.11250:OSP transaction returned an invalid return code.11260:OSP transaction reported an invalid status code.11270:OSP transaction encountered an invalid token.11280:OSP transaction reported a status which could not be identified.11290:OSP transaction in now valid after it was not found.11300:OSP transaction could not find the specified destination.11310:OSP transaction is valid until not found.11320:OSP transaction - invalid signaling address.11330:OSP transaction could not find the ID of the transmitter.11340:OSP transaction could not find the source number.11350:OSP transaction could not find the destination number.11360:OSP transaction could not find the token.11370:OSP transaction could not find the list.11380:OSP transaction was not allowed to accumulate.11390:OSP transaction - transaction usage was already reported.11400:OSP transaction could not find statistics.11410:OSP transaction failed to create new statistics.11420:OSP transaction made an invalid calculation.11430:OSP transaction was not allowed to get the destination.11440:OSP transaction could not fine the authorization request.11450:OSP transaction - invalid transmitter ID.11460:OSP transaction could not find any data.11470:OSP transaction found no new authorization requests.12010:OSP security did not have enough space to copy.12020:OSP security received and invalid argument.12030:OSP security could not find the private key.12040:OSP security encountered an un-implemented function.12050:OSP security ran out of memory.12060:OSP security received an invalid signal.12065:OSP security could not initialize the SSL database.12070:OSP security could not find space for the certificate.12080:OSP security has no local certificate info defined.12090:OSP security encountered a zero length certificate.12100:OSP security encountered a certificate that is too big.12110:OSP security encountered an invalid certificate.12120:OSP security encountered a NULL certificate.12130:OSP security has too many certificates.12140:OSP security has no storage provided.12150:OSP security has no private key.12160:OSP security encountered an invalid context.12170:OSP security was unable to allocate space.12180:OSP security - CA certificates do not match.12190:OSP security found no authority certificates12200:OSP security - CA certificate index overflow.13010:OSP error message - failed to allocate memory.13110:OSP MIME error - buffer is too small.13115:OSP MIME error - failed to allocate memory.13120:OSP MIME error - could not find variable.13125:OSP MIME error - no input was found.13130:OSP MIME error - invalid argument.13135:OSP MIME error - no more space.13140:OSP MIME error - received an invalid type.13145:OSP MIME error - received an invalid subtype.13150:OSP MIME error - could not find the specified protocol.13155:OSP MIME error - could not find MICALG.13160:OSP MIME error - boundary was not found.13165:OSP MIME error - content type was not found.13170:OSP MIME error - message parts were not found.13301:OSP XML error - received incomplete XML data.13302:OSP XML error - bad encoding of XML data.13303:OSP XML error - bad entity in XML data.13304:OSP XML error - bad name in XML data.13305:OSP XML error - bad tag in XML data.13306:OSP XML error - bad attribute in XML data.13307:OSP XML error - bad CID encoding in XML data.13308:OSP XML error - bad element found in XML data.13309:OSP XML error - no element found in XML data.13310:OSP XML error - no attribute found in XML data.13311:OSP XML error - OSP received invalid arguments.13312:OSP XML error - failed to create a new buffer.13313:OSP XML error - failed to get the size of a buffer.13314:OSP XML error - failed to send the buffer.13315:OSP XML error - failed to read a block from the buffer.13316:OSP XML error - failed to allocate memory.13317:OSP XML error - could not find the parent.13318:OSP XML error - could not find the child.13319:OSP XML error - data type not found in XML data.13320:OSP XML error - failed to write a clock to the buffer.13410:OSP data error - no call id preset.13415:OSP data error - no token present.13420:OSP data error - bad number presented.13425:OSP data error - no destination found.13430:OSP data error - no usage indicator present.13435:OSP data error - no status present.13440:OSP data error - no usage configured.13445:OSP data error - no authentication indicator.13450:OSP data error - no authentication request.13455:OSP data error - no authentication response.13460:OSP data error - no authentication configuration.13465:OSP data error - no re-authentication request.13470:OSP data error - no re-authentication response.13475:OSP data error - invalid data type present.13480:OSP data error - no usage information available.13485:OSP data error - no token info present.13490:OSP data error - invalid data present.13500:OSP data error - no alternative info present.13510:OSP data error - no statistics available.13520:OSP data error - no delay present.13610:OSP certificate error - memory allocation failed.14010:OSP communications error - invalid communication size.14020:OSP communications error - bad communication value.14030:OSP communications error - parser error.14040:OSP communications error - no more memory available.14050:OSP communications error - communication channel currently in use.14060:OSP communications error - invalid argument passed.14070:OSP communications error - no service points present.14080:OSP communications error - no service points available.14085:OSP communications error - thread initialization failed.14086:OSP communications error - communications is shutdown.14110:OSP message queue error - no more memory available.14120:OSP message queue error - failed to add a request.14130:OSP message queue error - no event queue present.14140:OSP message queue error - invalid arguments passed.14210:OSP HTTP error - 100 - bad header.14220:OSP HTTP error - 200 - bad header.14221:OSP HTTP error - 400 - bad request.14222:OSP HTTP error - bas service port present.14223:OSP HTTP error - failed to add a request.14230:OSP HTTP error - invalid queue present.14240:OSP HTTP error - bad message received.14250:OSP HTTP error - invalid argument passed.14260:OSP HTTP error - memory allocation failed.14270:OSP HTTP error - failed to create a new connection.14280:OSP HTTP error - server error.14290:OSP HTTP error - HTTP server is shutdown.14292:OSP HTTP error - failed to create a new SSL connection.14295:OSP HTTP error - failed to create a new SSL context.14297:OSP HTTP error - service unavailable.14300:OSP socket error - socket select failed.14310:OSP socket error - socket receive failed.14315:OSP socket error - socket send failed.14320:OSP socket error - failed to allocate memory for the receive buffer.14320:OSP socket error - socket reset.14330:OSP socket error - failed to create the socket.14340:OSP socket error - failed to close the socket.14350:OSP socket error - failed to connect the socket.14360:OSP socket error - failed to block I/O on the socket.14370:OSP socket error - failed to disable nagle on the socket.14400:OSP SSL error - failed to allocate memory.14410:OSP SSL error - failed to initialize the context.14420:OSP SSL error - failed to retrieve the version.14430:OSP SSL error - failed to initialize the session.14440:OSP SSL error - failed to attach the socket.14450:OSP SSL error - handshake failed.14460:OSP SSL error - failed to close SSL.14470:OSP SSL error - failed to read from SSL.14480:OSP SSL error - failed to write to SSL.14490:OSP SSL error - could not get certificate.14495:OSP SSL error - no root certificate found.14496:OSP SSL error - failed to set the private key.14497:OSP SSL error - failed to parse the private key.14498:OSP SSL error - failed to add certificates.14499:OSP SSL error - failed to add DN.15410:OSP utility error - not enough space for copy.15420:OSP utility error - no time stamp has been created.15430:OSP utility error - value not found.15440:OSP utility error - failed to allocate memory.15450:OSP utility error - invalid argument passed.15500:OSP buffer error - buffer is empty.15510:OSP buffer error - buffer is incomplete.15980:OSP POW error.15990:OSP Operating system conditional variable timeout.16010:OSP X509 error - serial number undefined.16020:OSP X509 error - certificate undefined.16030:OSP X509 error - invalid context.16040:OSP X509 error - decoding error.16050:OSP X509 error - unable to allocate space.16060:OSP X509 error - invalid data present.16070:OSP X509 error - certificate has expired.16080:OSP X509 error - certificate not found.17010:OSP PKCS1 error - tried to access invalid private key pointer17020:OSP PKCS1 error - unable to allocate space.17030:OSP PKCS1 error - invalid context found.17040:OSP PKCS1 error - tried to access NULL pointer.17050:OSP PKCS1 error - private key overflow.18010:OSP PKCS7 error - signer missing.18020:OSP PKCS7 error - invalid signature found.18020:OSP PKCS7 error - unable to allocate space.18030:OSP PKCS7 error - encoding error.18040:OSP PKCS7 error - tried to access invalid pointer.18050:OSP PKCS7 error - buffer overflow.19010:OSP ASN1 error - tried to access NULL pointer.19020:OSP ASN1 error - invalid element tag found.19030:OSP ASN1 error - unexpected high tag found.19040:OSP ASN1 error - invalid primitive tag found.19050:OSP ASN1 error - unable to allocate space.19060:OSP ASN1 error - invalid context found.19070:OSP ASN1 error - invalid time found.19080:OSP ASN1 error - parser error occurred.19090:OSP ASN1 error - parsing complete.19100:OSP ASN1 error - parsing defaulted.19110:OSP ASN1 error - length overflow.19120:OSP ASN1 error - unsupported tag found.19130:OSP ASN1 error - object ID not found.19140:OSP ASN1 error - object ID mismatch.19150:OSP ASN1 error - unexpected int base.19160:OSP ASN1 error - buffer overflow.19170:OSP ASN1 error - invalid data reference ID found.19180:OSP ASN1 error - no content value for element found.19190:OSP ASN1 error - integer overflow.20010:OSP Crypto error - invalid parameters found.20020:OSP Crypto error - unable to allocate space.20030:OSP Crypto error - could not verify signature.20040:OSP Crypto error - implementation specific error.20050:OSP Crypto error - tried to access invalid pointer.20060:OSP Crypto error - not enough space to perform operation.21010:OSP PKCS8 error - invalid private key pointer found.21020:OSP PKCS8 error - unable to allocate space for operation.21030:OSP PKCS8 error - invalid context found.21040:OSP PKCS8 error - tried to access NULL pointer.21050:OSP PKCS8 error - private key overflow.22010:OSP Base 64 error - encode failed.22020:OSP Base 64 error - decode failed.22510:OSP audit error - failed to allocate memory.156010:OSP RSN failure error - no data present.156020:OSP RSN failure error - data is invalid.debug voip settlement exit
To show all settlement function exits, use the debug voip settlement exit command. To disable debugging output use the no form of this command.
debug voip settlement exit
[no] debug voip settlement exit
Syntax Description
This command has no arguments or key words.
Defaults
Not enabled
Command History
Examples
The following example shows all settlement function exist:
01:21:10:OSP:EXIT :OSPPMimeMessageInit()01:21:10:OSP:EXIT :OSPPMimeMessageSetContentAndLength()01:21:10:OSP:EXIT :OSPPMimeMessageBuild()01:21:10:OSP:EXIT :OSPPMimePartFree()01:21:10:OSP:EXIT :OSPPMimePartFree()01:21:10:OSP:EXIT :OSPPMimeDataFree()01:21:10:OSP:EXIT :OSPPMimeMessageCreate()01:21:10:OSP:EXIT :OSPPMsgInfoAssignRequestMsg()01:21:10:OSP:EXIT :osppHttpSelectConnection01:21:10:OSP:EXIT :OSPPSockCheckServicePoint() isconnected(1)01:21:10:OSP:EXIT :osppHttpBuildMsg()01:21:10:OSP:EXIT :OSPPSockWrite() (0)01:21:10:OSP:EXIT :OSPPSSLSessionWrite() (0)01:21:10:OSP:EXIT :OSPPSSLSessionRead() (0)01:21:10:OSP:EXIT :OSPPSSLSessionRead() (0)01:21:10:OSP:EXIT :OSPPHttpParseHeader01:21:10:OSP:EXIT :OSPPHttpParseHeader01:21:10:OSP:EXIT :OSPPSSLSessionRead() (0)01:21:10:OSP:EXIT :OSPPUtilMemCaseCmp()debug voip settlement misc
To show the details on the code flow of each settlement transaction, use the debug voip settlement misc command. To disable debugging output use the no form of this command.
debug voip settlement misc
[no] debug voip settlement misc
Syntax Description
This command has no arguments or key words.
Defaults
Not enabled
Command History
Examples
The following example show the details on the code flow for settlement transaction 0x6142770c:
00:52:03:OSP:osp_authorize:callp=0x6142770C00:52:03:OSP:OSPPTransactionRequestNew:ospvTrans=0x614278A800:52:03:OSP:osppCommMonitor:major:minor=(0x2:0x1)00:52:03:OSP:HTTP connection:reused00:52:03:OSP:osppHttpSetupAndMonitor:HTTP=0x6141A514, QUEUE_EVENT from eventQ=0x6141A87C, comm=0x613F16C4, msginfo=0x6142792C00:52:03:OSP:osppHttpSetupAndMonitor:connected = <TRUE>00:52:03:OSP:osppHttpSetupAndMonitor:HTTP=0x6141A514, build msginfo=0x6142792C, trans=0x200:52:04:OSP:osppHttpSetupAndMonitor:HTTP=0x6141A514, msg built and sent:error=0, msginfo=0x6142792C00:52:04:OSP:osppHttpSetupAndMonitor:monitor exit. errorcode=000:52:04:OSP:osppHttpSetupAndMonitor:msginfo=0x6142792C, error=0, shutdown=000:52:04:OSP:OSPPMsgInfoProcessResponse:msginfo=0x6142792C, err=0, trans=0x614278A8, handle=200:52:04:OSP:OSPPMsgInfoChangeState:transp=0x614278A8, msgtype=12 current state=200:52:04:OSP:OSPPMsgInfoChangeState:transp=0x614278A8, new state=400:52:04:OSP:OSPPMsgInfoProcessResponse:msginfo=0x6142792C, context=0x6142770C, error=000:52:04:OSP:osp_get_destination:trans_handle=2, get_first=1, callinfop=0x614275E000:52:04:OSP:osp_get_destination:callinfop=0x614275E0 get dest=1.14.115.51, validafter=1999-01-20T02:04:32Z, validuntil=1999-01-20T02:14:32Z00:52:04:OSP:osp_parse_destination:dest=1.14.115.5100:52:04:OSP:osp_get_destination:callinfop=0x614275E0, error=0, ip_addr=1.14.115.51, credit=6000:52:06:OSP:stop_settlement_ccapi_accounting:send report for callid=0x11, transhandle=200:52:06:OSP:osp_report_usage:transaction=2, duration=0, lostpkts=0, lostfrs=0, lostpktr=0, lostfrr=0debug voip settlement network
To show all the messages exchanged between a router and a settlement provider, use the debug voip settlement network command. To disable debugging output use the no form of this command.
debug voip settlement network
[no] debug voip settlement network
Syntax Description
This command has no arguments or key words.
Defaults
Not enabled
Command History
Examples
The following example uses the debug voip settlement network command shows the messages, in detail, in HTTP and XML formats.00:47:25:OSP:HTTP connection:reused00:47:25:OSP:OSPPSockWaitTillReady:HTTPCONN=0x6141A514, fd=000:47:25:OSP:OSPPSockWaitTillReady:read=0, timeout=0, select=100:47:25:OSP:osppHttpBuildAndSend():http=0x6141A514 sending:POST /scripts/simulator.dll?handler HTTP/1.1Host:1.14.115.12content-type:text/plainContent-Length:439Connection:Keep-AliveContent-Type:text/plainContent-Length:370<?xml version="1.0"?><Message messageId="1" random="8896"><AuthorisationRequest componentId="1"><Timestamp>1993-03-01T00:47:25Z</Timestamp><CallId><![CDATA[12]]></CallId><SourceInfo type="e164">5551111</SourceInfo><DestinationInfo type="e164">5552222</DestinationInfo><Service/><MaximumDestinations>3</MaximumDestinations></AuthorisationRequest></Message>00:47:25:OSP:OSPPSockWaitTillReady:HTTPCONN=0x6141A514, fd=000:47:25:OSP:OSPPSockWaitTillReady:read=0, timeout=1, select=100:47:25:OSP:OSPM_SEND:bytes_sent = 57700:47:25:OSP:OSPPSockProcessRequest:SOCKFD=0, Expecting 100, got00:47:25:OSP:OSPPSockWaitTillReady:HTTPCONN=0x6141A514, fd=000:47:25:OSP:OSPPSockWaitTillReady:read=1, timeout=1, select=100:47:25:OSP:OSPPSSLSessionRead() recving 1 bytes:HTTP/1.1 100 ContinueServer:Microsoft-IIS/4.0Date:Wed, 20 Jan 1999 02:01:54 GMT00:47:25:OSP:OSPPSockProcessRequest:SOCKFD=0, Expecting 200, got00:47:25:OSP:OSPPSockWaitTillReady:HTTPCONN=0x6141A514, fd=000:47:25:OSP:OSPPSockWaitTillReady:read=1, timeout=1, select=100:47:25:OSP:OSPPSSLSessionRead() recving 1 bytes:HTTP/1.1 200 OKServer:Microsoft-IIS/4.0Date:Wed, 20 Jan 1999 02:01:54 GMTConnection:Keep-AliveContent-Type:multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary=barContent-Length:168900:47:25:OSP:OSPPSockProcessRequest:SOCKFD=0, error=0, HTTP response00:47:25:OSP:OSPPSockWaitTillReady:HTTPCONN=0x6141A514, fd=000:47:25:OSP:OSPPSockWaitTillReady:read=1, timeout=1, select=100:47:25:OSP:OSPPSSLSessionRead() recving 1689 bytes:--barContent-Type:text/plainContent-Length:1510<?xml version="1.0"?><Message messageId="1" random="27285"><AuthorisationResponse componentId="1"><Timestamp>1999-01-20T02:01:54Z</Timestamp><Status><Description>success</Description><Code>200</Code></Status><TransactionId>101</TransactionId><Destination><AuthorityURL>http://www.myauthority.com</AuthorityURL><CallId><![CDATA[12]]></CallId><DestinationInfo type="e164">5552222</DestinationInfo><DestinationSignalAddress>1.14.115.51</DestinationSignalAddress><Token encoding="base64">PD94bWwgdmVyc2lvbj0xLjA/PjxNZXNzYWdlIG1lc3NhZ2VJZD0iMSIgcmFuZG9tPSIxODM0OSI+PFRva2VuSW5mbz 48U291cmNlSW5mbyB0eXBlPSJlMTY0Ij41NTUxMTExPC9Tb3VyY2VJbmZvPjxEZXN0aW5hdGlvbkluZm8gdHlwZT0i ZTE2NCI+NTU1MjIyMjwvRGVzdGluYXRpb25JbmZvPjxDYWxsSWQ+PCFbQ0RBVEFbMV1dPjwvQ2FsbElkPjxWYWxpZE FmdGVyPjE5OTgtMTItMDhUMjA6MDQ6MFo8L1ZhbGlkQWZ0ZXI+PFZhbGlkVW50aWw+MTk5OS0xMi0zMVQyMzo1OTo1 OVo8L1ZhbGlkVW50aWw+PFRyYW5zYWN0aW9uSWQ+MTAxPC9UcmFuc2FjdGlvbklkPjxVc2FnZURldGFpbD48QW1vdW 50PjE0NDAwPC9BbW91bnQ+PEluY3JlbWVudD4xPC9JbmNyZW1lbnQ+PFNlcnZpY2UvPjxVbml0PnM8L1VuaXQ+PC9V c2FnZURldGFpbD48L1Rva2VuSW5mbz48L01lc3NhZ2U+</Token><UsageDetail><Amount>60</Amount><Increment>1</Increment><Service/><Unit>s</Unit></UsageDetail><ValidAfter>1999-01-20T01:59:54Z</ValidAfter><ValidUntil>1999-01-20T02:09:54Z</ValidUntil></Destination><transnexus.com:DelayLimit critical="False">1000</transnexus.com:DelayLimit><transnexus.com:DelayPreference critical="False">1</transnexus.com:DelayPreference></AuthorisationResponse></Message>--barContent-Type:application/pkcs7-signatureContent-Length:31This is your response signature--bar--debug voip settlement security
To show all the tracing related to security, such as Security Socket Layer or S/MIME, use the debug voip settlement security command. To disable debugging output use the no form of this command.
debug voip settlement security
[no] debug voip settlement security
Syntax Description
This command has no arguments or key words.
Defaults
Not enabled
Command History
Examples
Not available due to security issues.
debug voip settlement transaction
To see all the attributes of the transactions on a settlement gateway, use the debug voip settlement transaction command. To disable debugging output use the no form of this command.
debug voip settlement transaction
[no] debug voip settlement transaction
Syntax Description
This command has no arguments or key words.
Defaults
Not enabled
Command History
Examples
The following is a sample output from an originating gateway:
00:44:54:OSP:OSPPTransactionNew:trans=0, err=000:44:54:OSP:osp_authorize:authorizing trans=0, err=0as5300-04>00:45:05:OSP:stop_settlement_ccapi_accounting:send report forcallid=7, trans=0, calling=5710868, called=15125551212, curr_Dest=100:45:05:OSP:OSPPTransactionDelete:deleting trans=0The following is a sample output from a terminating gateway:
00:44:40:OSP:OSPPTransactionNew:trans=0, err=000:44:40:OSP:osp_validate:validated trans=0, error=0, authorised=1Glossary
AAA—authentication authorization and accounting. A Cisco IOS security feature.
ACF—Admission Confirmation.
ARQ—Admission Request
CA—certificate authority.
CDR—call detail record.
CEP—Cisco Enrollment Protocol.
ETSI—European Telecommunication Standards Institute.
ISP—Internet service provider.
IVR—interactive voice response. A Cisco IOS software voice feature for Internet telephony service providers.
MD5—Message Digest 5. The algorithm used for message authentication in SNMP v.2; MDS verifies the integrity of the communication, authenticates the origin, and checks for timeliness.
OGW—originating gateway.
OSP—Open Settlement Protocol.
PKCS7—Public Key Cryptography Standard No.7.
PKI—public key infrastructure.
RADIUS—Database for authenticating modem and ISDN connections and for tracking connections.
RAS—Registration, Admission, and Status. RAS is the protocol that is used between endpoints and the gatekeeper to perform management functions.
ROOT—The ultimate CA that signs the certificates of the sub-CA.
RSA—Rivest, Shamir, and Aldeman. Inventors of the public-key cryptographic system used for encryption and authentication.
SSL—Secure Socket Layer. Encryption technology for the World Wide Web used to provide secure transactions, such as the transmission of credit card numbers for e-commerce.
TACACS—Terminal Access Controller Access Control System.
TCL—tool command language. TCL is an interpreted script language developed by Dr. John Ousterhout of the University of California, Berkeley, and is now developed and maintained by Sun Microsystems Laboratories.
TCP—Transmission Control Protocol.
TGW—terminating gateway.
VoIP—Voice over IP. The ability to carry normal telephone-style voice over an IP-based Internet with POTs-like functionality, reliability, and voice quality. VoIP is a blanket term, that generally refers to Cisco standards-based (for example, H.323) approach to IP voice traffic.
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)