Documente Academic
Documente Profesional
Documente Cultură
Cuprins
1. Prezentarea reţelei......................................................................................................3
2. Configurarea centralelor CME...................................................................................7
2.1. Centrala CME cu semnalizare SIP......................................................................7
2.2. Centrala CME cu semnalizare SCCP................................................................11
3. Configurarea ruterului pentru centrala CUCM ........................................................18
4. Configurarea serverului CUCM...............................................................................21
5. Configurarea serverului Asterisk .............................................................................23
6. Probleme şi lucruri de urmărit .................................................................................25
2
Reţele VPN şi IPsec
1. Prezentarea reţelei
În lucrarea de faţă ne propunem interconectarea pentru asigurarea serviciului
de voce a patru tipuri de centrale diferite soft şi hard, propritare şi open source.
Ne dorim ca la sfârşitul laboratorului să putem realiza apeluri atât în cele patru
reţele locale cât şi între reţelele locale folosind şase trunkuri de tip SIP (Session
Initiation Protocol).
În figura următoare este prezentată schema de ansamblu a subreţelelor şi
centralelor interconectate.
LAN 3 CUCM
Vlan 3 : 172.16.1.0/ 24
Fa0
Fa1
.3 R3 .3 LAN 20
CUCM
10.13.0.0/24 10.23.0.0/24
Vlan 20 : 192.168.2.0/ 24
Vlan 10 : 192.168.1.0/ 24
G1/0 G1/0
.1 10.12.0.0/24 .2
LAN 10 LAN 8
G0/0 G0/0
R1 R2
CME CME Asterisk
(SIP) (SCCP)
WAN Vlan 8 : 192.168.8.0/ 24
3
Reţele VPN şi IPsec
CIPC
7001
1003
.1.10
PC1
Vlan 3 : 172.16.1.0/ 24
Fa0 CIPC
Fa1
2210
.3 R3 .3
Telefon IP
CUCM PC10
Cisco 7940
.2.110
10.13.0.0/24 10.23.0.0/24
Vlan 10 : 192.168.1.0/ 24
Vlan 20 : 192.168.2.0/ 24
Telefon IP G1/0
G1/0 Telefon soft
Cisco 7940 10.12.0.0/24
.1 Linphone
.1.103 .2
G0/0
G0/0
Xlite PC3 R1 R2
1103 .8.100 Asterisk
CME CME
192.168.8.2
(SIP) (SCCP)
Vlan 8 : 192.168.8.0/ 24
CIPC .1.109
2203
Monitorizare trafic
4
Reţele VPN şi IPsec
LAN 3 CUCM
Vlan 3 : 172.16.1.0/ 24
Vlan 20 : 192.168.2.0/ 24
Fa0
Fa1
.3 R3 .3 LAN 20
Trunk 11xx – 7xxx/10xx CUCM
Trunk 2xxx – 7xxx/10xx
10.13.0.0/24
10.23.0.0/24
Trunk 8xxx – 2xxx
Este important de notat că este necesar să fim foarte atenţi la adresele IP ce vor
fi setate pentru capetele trunkurilor SIP. Se vor folosi adresele interfeţelor WAN
pentru centralele hard şi interfeţele serverelor pentru centralele soft (CUCM –
172.16.1.2, Asterisk – 192.168.8.2). În figura 4 sunt prezentate extensiile ce vor fi
interconectate prin aceste trunchiuri şi adresele IP ale capetelor de trunchi.
5
Reţele VPN şi IPsec
CUCM
172.16.1.2
CIPC
7001
1003
.1.10
PC1
Vlan 3 : 172.16.1.0/ 24
6
Reţele VPN şi IPsec
Ruterul R1:
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
!
no aaa new-model
memory-size iomem 5
!
!
!
dot11 syslog
ip source-route
!
!
ip cef
!
ip dhcp pool telefonie
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
option 150 ip 192.168.1.1
!
!
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
voice service voip
allow-connections sip to sip
fax protocol cisco
sip
registrar server expires max 1200 min 300
!
!
!
!
7
Reţele VPN şi IPsec
!
!
!
!
!
!
!
!
!
!
!
voice register global
mode cme
source-address 192.168.1.1 port 5060
max-dn 25
max-pool 20
tftp-path flash:
create profile sync 0001471524443551
!
voice register dn 1
number 1101
!
voice register dn 2
number 1102
!
voice register dn 3
number 1103
!
voice register dn 4
number 1104
!
voice register dn 7
number 1107
!
voice register dn 10
number 1110
!
voice register dn 11
number 1111
!
voice register dn 12
number 1112
!
voice register dn 21
number 1121
!
voice register dn 22
number 1122
!
voice register pool 1
id mac 0019.990A.B247
number 1 dn 1
dtmf-relay sip-notify
codec g711ulaw
!
voice register pool 2
id mac 0019.990A.AF0A
number 1 dn 2
dtmf-relay sip-notify
codec g711ulaw
8
Reţele VPN şi IPsec
!
voice register pool 3
id mac 0019.990A.525C
number 1 dn 3
dtmf-relay sip-notify
codec g711ulaw
!
voice register pool 7
id mac 0040.F46A.29BF
number 1 dn 7
dtmf-relay sip-notify
codec g711ulaw
!
voice register pool 10
id mac 0019.990A.6290
number 1 dn 10
dtmf-relay sip-notify
codec g711ulaw
!
voice register pool 11
id mac 0022.9059.B89D
type 7940
number 1 dn 11
number 2 dn 12
dtmf-relay sip-notify
codec g711ulaw
!
voice register pool 12
id mac 0022.9059.B964
type 7940
number 1 dn 21
number 2 dn 22
dtmf-relay sip-notify
codec g711ulaw
!
!
!
voice-card 0
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
!
interface GigabitEthernet0/0
ip address 10.12.0.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 10.13.0.1 255.255.255.0
9
Reţele VPN şi IPsec
duplex auto
speed auto
!
interface FastEthernet0/1/0
switchport access vlan 10
!
interface FastEthernet0/1/1
switchport access vlan 10
!
interface FastEthernet0/1/2
switchport access vlan 10
!
interface FastEthernet0/1/3
switchport access vlan 10
!
interface FastEthernet0/1/4
switchport access vlan 10
!
interface FastEthernet0/1/5
switchport access vlan 10
!
interface FastEthernet0/1/6
switchport access vlan 10
!
interface FastEthernet0/1/7
switchport access vlan 10
!
interface FastEthernet0/1/8
switchport access vlan 10
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 192.168.1.1 255.255.255.0
!
router ospf 1
log-adjacency-changes
network 10.12.0.0 0.0.0.255 area 0
network 10.13.0.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.12.0.2
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
!
tftp-server P0S3-8-12-00.bin
tftp-server P0S3-8-12-00.loads
tftp-server P0S3-8-12-00.sb2
tftp-server P003-8-12-00.sbn
!
control-plane
10
Reţele VPN şi IPsec
!
!
!
!
!
!
!
dial-peer voice 8 voip
destination-pattern 8...
session protocol sipv2
session target ipv4:192.168.8.2
codec g711ulaw
!
dial-peer voice 10 voip
destination-pattern 10..
session protocol sipv2
session target ipv4:172.16.1.2
codec g711ulaw
!
dial-peer voice 2 voip
destination-pattern 2...
session protocol sipv2
session target ipv4:192.168.2.1
codec g711ulaw
!
dial-peer voice 7 voip
destination-pattern 7...
session protocol sipv2
session target ipv4:172.16.1.2
dtmf-relay h245-alphanumeric
codec g711ulaw
!
!
!
!
line con 0
line aux 0
line vty 0 4
privilege level 15
no login
!
scheduler allocate 20000 1000
end
!
Ruterul R2:
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
11
Reţele VPN şi IPsec
12
Reţele VPN şi IPsec
hidekeys
!
!
!
!
!
!
interface GigabitEthernet0/0
ip address 10.12.0.2 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 10.23.0.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1/0
switchport access vlan 20
!
interface FastEthernet0/1/1
switchport access vlan 20
!
interface FastEthernet0/1/2
switchport access vlan 20
!
interface FastEthernet0/1/3
switchport access vlan 20
!
interface FastEthernet0/1/4
switchport access vlan 20
!
interface FastEthernet0/1/5
switchport access vlan 20
!
interface FastEthernet0/1/6
switchport access vlan 8
!
interface FastEthernet0/1/7
switchport access vlan 8
!
interface FastEthernet0/1/8
switchport access vlan 20
!
interface Dot11Radio0/2/0
no ip address
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0/2/1
no ip address
shutdown
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
no ip address
!
interface Vlan8
13
Reţele VPN şi IPsec
14
Reţele VPN şi IPsec
!
dial-peer voice 8 voip
destination-pattern 8...
session protocol sipv2
session target ipv4:192.168.8.2
dtmf-relay h245-alphanumeric
codec g711ulaw
!
dial-peer voice 7 voip
destination-pattern 7...
session protocol sipv2
session target ipv4:172.16.1.2
dtmf-relay h245-alphanumeric
codec g711ulaw
!
!
!
!
telephony-service
max-ephones 10
max-dn 25
ip source-address 192.168.2.1 port 2000
cnf-file location flash:
cnf-file perphone
load 7960-7940 P00308010200
max-conferences 8 gain -6
transfer-system full-consult
create cnf-files version-stamp Jan 01 2002 00:00:00
!
!
ephone-dn 1
number 2201
!
!
ephone-dn 2
number 2202
!
!
ephone-dn 3
number 2203
!
!
ephone-dn 7
number 2207
!
!
ephone-dn 9
number 2209
!
!
ephone-dn 10
number 2210
!
!
ephone-dn 11
number 2211
!
!
ephone-dn 12
number 2212
15
Reţele VPN şi IPsec
!
!
ephone-dn 21
number 2221
!
!
ephone-dn 22
number 2222
!
!
ephone 1
device-security-mode none
mac-address 0019.990A.B247
button 1:1
!
!
!
ephone 2
device-security-mode none
mac-address 0019.990A.AF0A
button 1:2
!
!
!
ephone 3
device-security-mode none
mac-address 0019.990A.525C
button 1:3
!
!
!
ephone 7
device-security-mode none
mac-address 0040.F46A.29BF
button 1:7
!
!
!
ephone 10
device-security-mode none
mac-address 0019.990A.6290
button 1:10
!
!
!
ephone 11
device-security-mode none
mac-address 0022.9059.B89D
type 7940
button 1:11 2:12
!
!
!
ephone 12
device-security-mode none
mac-address 0022.9059.B964
type 7940
button 1:21 2:22
!
!
16
Reţele VPN şi IPsec
!
line con 0
line aux 0
line vty 0 4
privilege level 15
no login
!
scheduler allocate 20000 1000
end
17
Reţele VPN şi IPsec
18
Reţele VPN şi IPsec
interface FastEthernet3
switchport access vlan 3
switchport voice vlan 3
!
interface FastEthernet4
switchport access vlan 3
switchport voice vlan 3
!
interface FastEthernet5
switchport access vlan 3
switchport voice vlan 3
!
interface FastEthernet6
switchport access vlan 3
switchport voice vlan 3
!
interface FastEthernet7
switchport access vlan 3
switchport voice vlan 3
!
interface FastEthernet8
switchport access vlan 3
switchport voice vlan 3
!
interface FastEthernet9
switchport access vlan 3
switchport voice vlan 3
!
interface Vlan1
no ip address
!
interface Vlan3
ip address 172.16.1.1 255.255.255.0
!
interface Async1
no ip address
encapsulation slip
!
router ospf 1
log-adjacency-changes
network 10.13.0.0 0.0.0.255 area 0
network 10.23.0.0 0.0.0.255 area 0
network 172.16.1.0 0.0.0.255 area 0
!
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
control-plane
!
!
line con 0
line 1
19
Reţele VPN şi IPsec
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
privilege level 15
no login
!
end
20
Reţele VPN şi IPsec
https://172.16.1.2:8443/ccmadmin
admin
admin
https://172.16.1.2:8443/ccmservice/
admin
admin
21
Reţele VPN şi IPsec
• System > Security > SIP Trunk Security Profile > No Secure SIP Trunk Profile >
Outgoing Transport Type: ”UDP” > Save > Reset
• Next
• SIP Trunk Security Profile > Non Secure SIP Trunk Security Profile
• SIP Profile > Standard SIP Profile > Save > Apply > Reset
• Call Routing > Route/Hunt > Route Pattern > Add New > 8xxx
22
Reţele VPN şi IPsec
Interconectarea centralelor
• La secțiunea peer details se vor introduce informațiile cu refererire la serverul către
care se face legătura (respectiv CUCM).
type=peer
port=5060
host=172.16.1.2
type=friend
insecure=port,invite
dtmf=rfc2833
canreinvite=no
nat=no
context=from-internal
host=10.12.0.2
type=friend
insecure=port,invite
dtmf=rfc2833
canreinvite=no
nat=no
Outgoing Settings
23
Reţele VPN şi IPsec
host=10.12.0.1
type=peer
insecure=port,invite
dtmf=rfc2833
canreinvite=no
nat=no
Incoming Settings
type=user
context=from-internal
24
Reţele VPN şi IPsec
25