Video Configuration Examples for IPIP GW or CUBE
From DocWiki
(→Show running-config) |
|||
(5 intermediate revisions not shown) | |||
Line 1: | Line 1: | ||
- | + | ==Introduction== | |
- | [[Category:Configuration Examples]] | + | This is the basic config for any ISR router 2800 / 3800 series which runs IOS with CUBE and GK feature set. |
+ | |||
+ | ==Design== | ||
+ | |||
+ | The example toplogy: | ||
+ | |||
+ | Tandberg VT A - H.323 GK zone A - CUBE - H.323 GK zone B - Tandberg VT B | ||
+ | |||
+ | Let assume that Tandberg A is located on Public Internet. | ||
+ | And we want to allow it to place calls to Tandberg B, or say MCU on an internal network only through CUBE. | ||
+ | Let name the zone A - PUBLICINET-with-IPIPGW | ||
+ | And zone B - MCU | ||
+ | |||
+ | We also have to make some assumptions about the dial-plan. | ||
+ | Let assume that all endpoints on the internet side will have numbers starting with 00 and all endpoints on internal network will have numbers starting with 2. | ||
+ | |||
+ | 00* <-----CUBE------> 2* | ||
+ | |||
+ | We also assume that CUBE has two IP addresses. | ||
+ | One IP should be public IP reachable form internet, and naturally it also should be reachable from inside of your network. | ||
+ | In this example the internet will be represented by the subnet 33.33.33.0/24 | ||
+ | The internal network can have IP from any private subnet range as 10.x.x.x, 172.x.x.x or 192.x.x.x | ||
+ | |||
+ | 33.33.33.0 - CUBE - 10.x.x.x | ||
+ | |||
+ | ==Configuration== | ||
+ | |||
+ | 1. First we need to register GW and the video endpoints to the GK and we can run GK feature on the same router if we have IOS with GK feature for example - C2800NM-IPVOICE_IVS-M. | ||
+ | The most simple setup will be if we register endpoints with full E164 numbers to their corresponding zones and register the CUBE to the GK in public zone. | ||
+ | The CUBE should be registered to the zone where we want to force your endpoints to use CUBE as an access point to your network, so it will be out Public zone with real IP reachable from Public Internet. | ||
+ | |||
+ | ! | ||
+ | gatekeeper | ||
+ | zone local PUBLICINET-with-IPIPGW test.com 33.33.33.1 invia PUBLICINET-with-IPIPGW outvia PUBLICINET-with-IPIPGW enable-intrazone | ||
+ | zone remote MCU mappets.com 10.52.218.98 1719 | ||
+ | no zone subnet PUBLICINET-with-IPIPGW default enable | ||
+ | zone subnet PUBLICINET-with-IPIPGW 33.33.33.1/32 enable | ||
+ | zone subnet PUBLICINET-with-IPIPGW 33.33.33.101/32 enable | ||
+ | zone subnet PUBLICINET-with-IPIPGW 33.33.33.102/32 enable | ||
+ | zone subnet PUBLICINET-with-IPIPGW 33.33.33.0/24 enable | ||
+ | no zone subnet PUBLICINET-with-IPIPGW 172.168.0.0/16 enable | ||
+ | no zone subnet PUBLICINET-with-IPIPGW 192.0.0.0/8 enable | ||
+ | no zone subnet PUBLICINET-with-IPIPGW 10.0.0.0/8 enable | ||
+ | zone prefix MCU 2* | ||
+ | no use-proxy PUBLICINET-with-IPIPGW default inbound-to terminal | ||
+ | no use-proxy PUBLICINET-with-IPIPGW default outbound-from terminal | ||
+ | no shutdown | ||
+ | ! | ||
+ | |||
+ | To have control over registration - we used "zone subnet" commands. | ||
+ | First we need them to disable registration of internal endpoints to the external zone. | ||
+ | And we also can use tighter restrictions - if we want to allow only some specific endpoints form internet to register the GK. | ||
+ | For example the command "zone subnet PUBLICINET-with-IPIPGW 33.33.33.101/32 enable" will allow to register endpoint with IP 33.33.33.101. | ||
+ | |||
+ | The matching CUBE config will be: | ||
+ | |||
+ | ! | ||
+ | voice service voip | ||
+ | allow-connections h323 to h323 | ||
+ | |||
+ | ! | ||
+ | interface FastEthernet0/0 | ||
+ | ip address 10.52.218.130 255.255.255.0 | ||
+ | ! | ||
+ | This interface is used only for routing, it is not involved in H.323 signaling. | ||
+ | ! | ||
+ | interface FastEthernet0/1.33 | ||
+ | encapsulation dot1Q 333 | ||
+ | ip address 33.33.33.1 255.255.255.0 | ||
+ | h323-gateway voip interface | ||
+ | h323-gateway voip id PUBLICINET-with-IPIPGW ipaddr 33.33.33.1 1719 | ||
+ | h323-gateway voip h323-id IPIPGW-130 | ||
+ | h323-gateway voip tech-prefix 130 | ||
+ | h323-gateway voip bind srcaddr 33.33.33.1 | ||
+ | ! | ||
+ | This interface is used for H.323 signaling, so it have to be reachable for endpoints on the Internet as well as from internal network. | ||
+ | |||
+ | The matching remote GK config(we can run other GK on any other router in the network): | ||
+ | ! | ||
+ | gatekeeper | ||
+ | zone local MCU mappets.com 10.52.218.98 | ||
+ | zone remote PUBLICINET-with-IPIPGW test.com 33.33.33.1 1719 | ||
+ | zone prefix PUBLICINET-with-IPIPGW 00* | ||
+ | no use-proxy MCU default inbound-to terminal | ||
+ | no use-proxy MCU default outbound-from terminal | ||
+ | no shutdown | ||
+ | ! | ||
+ | |||
+ | Here we can register any internal H.323 endpoints like Tandberg Video terminals or MCU for conferencing. | ||
+ | |||
+ | |||
+ | The final step would be the example of the VOIP dial-peers. Here we configured two dial-peers - but each of them play the role of incoming and outgoing dial-peer at the same time. | ||
+ | |||
+ | |||
+ | ! | ||
+ | dial-peer voice 2000 voip | ||
+ | destination-pattern 2... | ||
+ | session target ras | ||
+ | incoming called-number 2... | ||
+ | dtmf-relay h245-alphanumeric | ||
+ | codec transparent | ||
+ | no vad | ||
+ | ! | ||
+ | dial-peer voice 1000 voip | ||
+ | destination-pattern 00 | ||
+ | session target ras | ||
+ | incoming called-number 00 | ||
+ | dtmf-relay h245-alphanumeric | ||
+ | codec transparent | ||
+ | no vad | ||
+ | ! | ||
+ | |||
+ | The only specific part for video in this whole example is the "codec transparent" command :) | ||
+ | |||
+ | ==Related show Commands== | ||
+ | This section provides information you can use to confirm your configuration is working properly. | ||
+ | |||
+ | Certain show commands are supported by the [https://www.cisco.com/cgi-bin/Support/OutputInterpreter/home.pl Output Interpreter Tool (registered customers only)], which allows you to view an analysis of show command output. | ||
+ | |||
+ | |||
+ | show dial-peer voice summary | ||
+ | show voice call status | ||
+ | |||
+ | There also some useful commands to add and they can be used on All routers in production as well: | ||
+ | |||
+ | |||
+ | service nagle | ||
+ | service tcp-keepalives-in | ||
+ | service tcp-keepalives-out | ||
+ | service timestamps debug datetime msec | ||
+ | service timestamps log datetime msec | ||
+ | |||
+ | ! | ||
+ | logging message-counter syslog | ||
+ | logging queue-limit 100000 | ||
+ | logging buffered 5000000 | ||
+ | logging rate-limit 10000 | ||
+ | no logging console | ||
+ | |||
+ | And some very useful aliases :) | ||
+ | |||
+ | ! | ||
+ | alias exec c conf t | ||
+ | alias exec r sh run | ||
+ | alias exec i sh ip ro | ||
+ | alias exec ib sh ip int brie | ||
+ | alias exec gs show run | s gatekeeper | ||
+ | alias exec ge sho gatekeeper end | ||
+ | alias exec sg sho gatekeeper | ||
+ | alias exec rs sh run | s | ||
+ | alias exec ri sh run | i | ||
+ | alias exec rb sh run | b | ||
+ | alias exec dp sh run | be dial-p | ||
+ | ! | ||
+ | |||
+ | Enjoy :) | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ==Related Information== | ||
+ | [http://www.cisco.com/web/psa/products/index.html Technical Support & Documentation - Cisco Systems] | ||
+ | |||
+ | <!--List links to related information--> | ||
+ | |||
+ | <!--Add appropriate categories--> | ||
+ | |||
+ | [[Category:VoIP Configuration Examples]] | ||
+ | [[Category:Video Configuration Examples]] |
Latest revision as of 18:11, 30 June 2010
Contents |
Introduction
This is the basic config for any ISR router 2800 / 3800 series which runs IOS with CUBE and GK feature set.
Design
The example toplogy:
Tandberg VT A - H.323 GK zone A - CUBE - H.323 GK zone B - Tandberg VT B
Let assume that Tandberg A is located on Public Internet. And we want to allow it to place calls to Tandberg B, or say MCU on an internal network only through CUBE. Let name the zone A - PUBLICINET-with-IPIPGW And zone B - MCU
We also have to make some assumptions about the dial-plan. Let assume that all endpoints on the internet side will have numbers starting with 00 and all endpoints on internal network will have numbers starting with 2.
00* <-----CUBE------> 2*
We also assume that CUBE has two IP addresses. One IP should be public IP reachable form internet, and naturally it also should be reachable from inside of your network. In this example the internet will be represented by the subnet 33.33.33.0/24 The internal network can have IP from any private subnet range as 10.x.x.x, 172.x.x.x or 192.x.x.x
33.33.33.0 - CUBE - 10.x.x.x
Configuration
1. First we need to register GW and the video endpoints to the GK and we can run GK feature on the same router if we have IOS with GK feature for example - C2800NM-IPVOICE_IVS-M. The most simple setup will be if we register endpoints with full E164 numbers to their corresponding zones and register the CUBE to the GK in public zone. The CUBE should be registered to the zone where we want to force your endpoints to use CUBE as an access point to your network, so it will be out Public zone with real IP reachable from Public Internet.
!
gatekeeper zone local PUBLICINET-with-IPIPGW test.com 33.33.33.1 invia PUBLICINET-with-IPIPGW outvia PUBLICINET-with-IPIPGW enable-intrazone zone remote MCU mappets.com 10.52.218.98 1719 no zone subnet PUBLICINET-with-IPIPGW default enable zone subnet PUBLICINET-with-IPIPGW 33.33.33.1/32 enable zone subnet PUBLICINET-with-IPIPGW 33.33.33.101/32 enable zone subnet PUBLICINET-with-IPIPGW 33.33.33.102/32 enable zone subnet PUBLICINET-with-IPIPGW 33.33.33.0/24 enable no zone subnet PUBLICINET-with-IPIPGW 172.168.0.0/16 enable no zone subnet PUBLICINET-with-IPIPGW 192.0.0.0/8 enable no zone subnet PUBLICINET-with-IPIPGW 10.0.0.0/8 enable zone prefix MCU 2* no use-proxy PUBLICINET-with-IPIPGW default inbound-to terminal no use-proxy PUBLICINET-with-IPIPGW default outbound-from terminal no shutdown
!
To have control over registration - we used "zone subnet" commands. First we need them to disable registration of internal endpoints to the external zone. And we also can use tighter restrictions - if we want to allow only some specific endpoints form internet to register the GK. For example the command "zone subnet PUBLICINET-with-IPIPGW 33.33.33.101/32 enable" will allow to register endpoint with IP 33.33.33.101.
The matching CUBE config will be:
!
voice service voip allow-connections h323 to h323
!
interface FastEthernet0/0 ip address 10.52.218.130 255.255.255.0
! This interface is used only for routing, it is not involved in H.323 signaling. !
interface FastEthernet0/1.33 encapsulation dot1Q 333 ip address 33.33.33.1 255.255.255.0 h323-gateway voip interface h323-gateway voip id PUBLICINET-with-IPIPGW ipaddr 33.33.33.1 1719 h323-gateway voip h323-id IPIPGW-130 h323-gateway voip tech-prefix 130 h323-gateway voip bind srcaddr 33.33.33.1
! This interface is used for H.323 signaling, so it have to be reachable for endpoints on the Internet as well as from internal network.
The matching remote GK config(we can run other GK on any other router in the network): !
gatekeeper zone local MCU mappets.com 10.52.218.98 zone remote PUBLICINET-with-IPIPGW test.com 33.33.33.1 1719 zone prefix PUBLICINET-with-IPIPGW 00* no use-proxy MCU default inbound-to terminal no use-proxy MCU default outbound-from terminal no shutdown
!
Here we can register any internal H.323 endpoints like Tandberg Video terminals or MCU for conferencing.
The final step would be the example of the VOIP dial-peers. Here we configured two dial-peers - but each of them play the role of incoming and outgoing dial-peer at the same time.
!
dial-peer voice 2000 voip destination-pattern 2... session target ras incoming called-number 2... dtmf-relay h245-alphanumeric codec transparent no vad
!
dial-peer voice 1000 voip destination-pattern 00 session target ras incoming called-number 00 dtmf-relay h245-alphanumeric codec transparent no vad
!
The only specific part for video in this whole example is the "codec transparent" command :)
Related show Commands
This section provides information you can use to confirm your configuration is working properly.
Certain show commands are supported by the Output Interpreter Tool (registered customers only), which allows you to view an analysis of show command output.
show dial-peer voice summary show voice call status
There also some useful commands to add and they can be used on All routers in production as well:
service nagle service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec service timestamps log datetime msec
!
logging message-counter syslog logging queue-limit 100000 logging buffered 5000000 logging rate-limit 10000 no logging console
And some very useful aliases :)
!
alias exec c conf t alias exec r sh run alias exec i sh ip ro alias exec ib sh ip int brie alias exec gs show run | s gatekeeper alias exec ge sho gatekeeper end alias exec sg sho gatekeeper alias exec rs sh run | s alias exec ri sh run | i alias exec rb sh run | b alias exec dp sh run | be dial-p
!
Enjoy :)