Skip to Content

December 2008

MGCP Configuration for Voice Gateways

Wed, 2008-12-10 07:41

I put this here primarily for my reference. I always end up forgetting one of the global commands when configuring a voice gateway for MGCP...this assumes a Cisco CallManager @ 172.30.100.104:

Router(config)#mgcp
Router(config)#mgcp call-agent 172.30.100.104
Router(config)#ccm-manager mgcp

!Now, the redundant CCM hosts:

Router(config)#ccm-manager redundant-host 172.30.100.105 172.30.100.106

!Now, the TFTP server configuration...gateway should be configured in CCM by this point.

Router(config)#ccm-manager config server 172.30.100.104
Router(config)#ccm-manager config

!In newer IOS/CCM versions, voice dial-peers are created automatically...older versions need this to place each port under MGCP control.

A Switch Powered by PoE

Tue, 2008-12-16 12:40

Interesting find: Cisco now makes a switch (8 ports) POWERED by PoE (not one that supplies PoE power, but receives it and does not need to be plugged in). Check it out: Catalyst 2960PD-8TT-L.

Cisco SmartNET Gets Better: "Smart Call Home"

Thu, 2008-12-18 17:00

If I get one more email about this from Cisco...I'm adding them to my SPAM list. Cisco is HEAVILY pushing the new "Smart Call Home" feature, implemented primarily on Cat 6500s and data center gear. Just to save you some reading, this feature allows Cisco devices to automatically create a secure connection to Cisco TAC to transmit troubleshooting / diagnostic information. It's supposed to hit the ISR series (800, 1800, 2800, etc...) in "Late 2009". Seems nice...as long as your device still has Internet access...

Configuring (simple) SNMPv3

Fri, 2008-12-19 07:31

SNMP is awesome...All the free SNMP utilities for Cisco devices are even more awesome...but the most popular versions of SNMP (Version 1 and 2c) are completely clear text, completely insecure. SNMPv3 adds authentication and encryption capabilities, however, GOOD LUCK finding an easy, working configuration on Cisco's website. Here's an SNMPv3 configuration that will provide both authentication and encryption services on Cisco routers and switches:

Router(config)#snmp-server group TESTGROUP v3 priv
Router(config)#snmp-server user Jeremy TESTGROUP v3 auth sha JeremyPassword priv des56 3NCRYPT!0NK3Y

*Note: "auth" methods support both md5 and sha
**Note: "priv" also allows AES encryption
***Note: Most SNMP utilities I've seen only support DES encryption

Blocking Instant Messaging and Peer-to-Peer

Tue, 2008-12-30 12:50

Cisco has published a complete white paper on how to block IM and P2P applications using the Cisco IOS Firewall (the artist formerly known as CBAC). While there are many commands to be discussed for IOS Firewall, here's the core syntax needed:

appfw policy-name abuse-control
  application http
   port-misuse default action reset alarm

The complete white paper can be found here.



Dr. Radut