Various gateway protocols are supported with Cisco Unified Communications Manager (CUCM). The gateway protocols include H.323, MGCP (Media Gateway Control Protocol), SIP (Session Initiation Protocol), and SCCP (Skinny Client Control Protocol). Protocol selection should be based on various criteria including the following:
This blog entry will focus on the Cisco IOS proficiency level required to configure an H.323 or SIP dial peer. A high IOS proficiency level is required with H.323 and SIP gateway protocols because gateway requires extensive Cisco IOS dial-peer configuration. The dial-plan for call routing is configured on both the CUCM server and the gateway router in the case of both H.323 and SIP.
H.323
SIP
Both of the above dial peers will route any 5 digit phone calls beginning with the digits 11 (destination-pattern) to the CUCM server at the 10.1.1.100 IP address (session target). The dial-peer destination-patterns are used for outbound call routing after matching the necessary dialed digits.
Dual-Tone Multi-Frequency (DTMF) digits will be converted and passed via H.245 alphanumeric or signal for the H.323 dial-peer while the SIP dial-peer is using the named telephony events (NTE) capabilities of RFC2833 (DTMF-Relay).
This VoIP dial-peer will also be used to answer inbound calls consisting of any digit strings passed to the router as long as one dialed digit is received (incoming called-number .T).
The default audio codec used in a VoIP dial-peer is the compressed G.729 audio codec. Our VoIP dial-peers have been configured to use the G.711 uncompressed audio codec because CUCM is accessible over LAN interfaces.
Voice Activity Detection (VAD) is a silence suppression mechanism which is turned on by default for VoIP dial peers. VAD saves bandwidth by not sending packets when there is silence in a conversation. The disadvantage of VAD is the voice clipping at the beginning and ending of voice samples when VAD is turned on and off. It is best practice to disable VAD unless routing calls over low bandwidth, high cost circuits.
The ip qos cs3 signaling command was used to ensure the end-to-end QoS design follows the cs3 marking for signaling and not the older marking of AF31.
Post to this blog the different aspects of dial peer configuration that you would add, change, or remove in your dial peer configurations. Post any questions you have regarding the configurations as well.
Dennis Hartmann, CCIE No. 15651, is a Unified Communications consultant and author of Implementing Cisco Unified Communications Manager, Part 1. Dennis is also a lead instructor at Global Knowledge. Dennis was first exposed to CallManager during the CallManager 2.0 time frame when Cisco acquired Selsius. Dennis has various certifications, including the Cisco CCVP, CCSI, CCNP, CCIP, and the Microsoft MCSE. Dennis has worked for various Fortune 500 companies, including AT&T, Sprint, Merrill Lynch, KPMG, and Cabletron Systems. He lives with his wife and children in Hopewell Junction, New York.
Check out the Cisco course catalog from Global Knowledge.
|
|
Future Blog Posts
Future blog posts will cover the configuration of MGCP and SCCP gateways. This conversation will continue until we have covered the various reasons why one gateway protocol might be selected versus another.
Topics:
Cisco IOS proficiency level
Hardware Selection
Cisco IOS access level
Telephony feature support
Fault Tolerance Requirements
IOS Revision
Cisco Training requirements for Gateways and Gatekeepers
Dennis,
I've noticed that Cisco has discontinued the requirement for Gateways and Gatekeepers as a stand alone test in the CCVP certification track.
Has this material been moved into other Cisco certification tests?
GWGK / CCVP / CVOICE
Most of the content from the GWGK class has been moved into the newly revised CVOICEv6 class. Some of the other GWGK courseware and lab material has moved into the new 5-day CIPT2v6 class. A listing of all these courses can be found at the following URL:
SIP Security
Dennis,
While I like SIP as possible VOIP protocol for the future. The security issues of clear text and no man-in-the-middle mechanism with SIP concern me.
Any hope for more security with SIP?
Bill Harrison
Rackspace Network Security
SIP Security
Cisco has supported secure SIP signaling since Call Manager 5.0. The secure SIP signaling uses AES (Advanced Encryption Standard) with a 128 bit key length. The media (RTP channels) are then encrypted with SRTP (secure Real-Time Protocol). The Cisco security solution creates a PKI (public key infrastructure) in which X.509v3 certificates are downloaded to the phone's flash. The Call Manager acts as a certificate authority (CA) using the CAPF (Certificate Authority Proxy Function) service. Cisco uses a client called the CTL (certificate trust list) to group all of the Call Manager server's self signed certificates. These common server public certificates are then signed by the CA (CAPF) and downloaded to all of the phone's non-volatile memory when the Cisco IP phone receives its files from the TFTP server component in the Call Manager cluster.
Additional information can be found in the Cisco Unified Communications Manager 6.x SRND at www.cisco.com/go/srnd.
.
Cisco Unified Communications Manager Express has supported secure SCCP signaling since version 4.2, but does not currently handle secure SIP signaling.
Third-Party SIP Client Security - Digest Authentication
In my last reply, I forgot to mention the security mechanisms that are supported on both SIP trunks and SIP third-party clients starting in CUCM 5.0. Although neither one of these device types support secure, encrypted SRTP calls, the devices are authenticated using a username that is encrypted in an MD5 (message digest) hash. This mechanism is based on RFC2617. Cisco normally authenticates Cisco IP phones based on the phone's built in 48-bit hexadecimal MAC address. The IETF standardized on MD5 as an authentication mechanism. To ensure multi-vendor interoperability, Cisco supports this mechanism. SIP based Cisco IP Phones still use MAC address as an authenticator during the phone registration process.
SIP Security for SRTP Media / TLS security for SIP signaling
I have done some research and discovered that I was wrong about IOS support for secure SIP signaling. SRTP and TLS (transport layer security) are supported in IOS gateways starting with IOS 12.4(15T). Read Configuring SIP Support for SRTP on www.cisco.com for more details...