BGP

1. BGP Protocol

  • RFC 4271
  • classless
  • path vector – uses attributes to identify the best path (very slow)
  • supports VLSM and Summarization
  • it’s an application(layer 7) that uses TCP port 179
  • uses AS numbers as boundaries
    • Public AS (1-64511) –  Only public autonomous system numbers should be sent to eBGP neighbors on the Internet
    • Private AS (64512-65535)
//use this command to  to remove private AS numbers from the AS-Path attribute; is available only for eBGP neighbors.
neighbor {ip-address | peer-group-name} remove-private-as [all
[replace-as]]

2. BGP Messages

After the TCP connection is established the following messages are exchanged:

Read More »

Network Path Control

1. CEF Switching

Each of the many processes of a router or switch can be assigned to one of three conceptual planes of operation:

  • Forwarding Plane – Moves packets from input to output
  • Control Plane – Determines how packets should be forwarded
  • Management Plane – Methods of configuring the control plane (CLI, SNMP, etc.)

There are 2 types of switching: circuit switching used in the telephone networks, packet switching means the message is broken into packets that can travel through different routes to the destination. Types of packet switching:

  • Process switching: This switching method is the slowest of the three methods.
    Every packet is examined by the CPU in the control plane and all forwarding decisions are made in software.
  • Fast switching: This switching method is faster than process switching. With fast
    switching, the initial packet of a traffic flow is process switched. This means that it
    is examined by the CPU and the forwarding decision is made in software. However,
    the forwarding decision is also stored in the data plane hardware fast-switching
    cache. When subsequent frames in the flow arrive, the destination is found in the
    hardware fast-switching cache and the frames are then forwarded without interrupting the CPU.
  • Cisco Express Forwarding: This switching method is the fastest switching mode
    and is less CPU-intensive than fast switching and process switching. The control
    plane CPU of a CEF-enabled router creates two hardware-based tables called the
    Forwarding Information Base (FIB) table and an adjacency table using Layer 3 and 2
    tables including the routing and Address Resolution Protocol (ARP) tables. When a
    network has converged, the FIB and adjacency tables contain all the information a
    router would have to consider when forwarding a packet.

Read More »

Route Filtering

1. Distribute List with ACL

Options in the distribute-list command allow updates to be filtered based on three factors:

  • Incoming interface
distribute-list [access-list-number | name] in [interface-type interface-number]
  • Outgoing interface
distribute-list [access-list-number | name] out [interface-type interface-number | routing process | autonomous-system-number]
  • Redistribution from another routing protocol
R(config)# ip access-list standard ROUTE-FILTER 
R(config-std-nacl)# permit 10.10.11.0 0.0.0.255 
R(config-std-nacl)# permit 10.10.12.0 0.0.0.255 
R(config-std-nacl)# exit 
R(config)# router ospf 10 
R(config-router)# redistribute eigrp 100 metric 40 subnets 
R(config-router)# distribute-list ROUTE-FILTER out eigrp 100

Read More »

DHCP Snooping prevention

To deny access to rogue DHCP servers into your network you need to configure DHCP Snooping on a Cisco switch. DHCP Snooping must be enabled on the interface to the DHCP Server.

S1(config)# ip dhcp snooping
S1(config)# interface fa0/1
S1(config-if)# ip dhcp snooping trust
S1(config-if)# ip dhcp snooping vlan 1,3,4

CUCM Configuration

0. Services

In order to function CUCM should have at least the following services enabled:

  • Cisco CallManager
  • Cisco Tftp
  • Cisco IP Voice Media Streaming

1. Configure CUCM Groups specific to your environment

Device Pool – Create a device pool for each group of devices/phones that requires a specific configuration. For example a device pool for each site location.

CM Group – Can contain up to 3 CUCM nodes for failover.

Date/Time Group – Create a group for each different time zone that connects to your CUCM environment.

Region – Establish the codec used in a region or between regions(G.711/G.729). For example G.711 for communicating in the same region and G.729 between different regions.

SRST Reference(Survivable Remote Site Telephony) – Can be used as a failover in case the CM Group nodes do not respond. You can leave it disabled or configure a new SRST Reference for your environment.

2. Adding Cisco Phones to CUCM

Manual – In case you have a small environment you can add the phones’ MAC address manually.

Automatic – Enable Auto-Registration on one of the CUCM nodes(usually the Publisher) and specify the directory number range. You need to have a DHCP configured(you can configure a CUCM node as a DHCP server).

Device->Device Settings->Device Defaults – you can specify the default auto-registration device pool

System->Enterprise Parameters->Auto Registration Phone Protocol – you can specify the default auto-registration phone protocol(SCCP/SIP)

3. Adding Users to CUCM

Local Users (no LDAP) – If you want to manage users separately from LDAP.

  • Create End-User (User Management->End User)
  • Associate Phone to End User
  • Add End User to User Group(End Users)

LDAP Syncronization – Data is imported from LDAP but is read only. Passwords are managed from CUCM.

  • Enable the service Cisco DirSync from Cisco Unified Serviceablility
  • Enable Syncronization from LDAP Server(System->LDAP->LDAP System)
  • Create the syncronization (System->LDAP->LDAP Directory)

LDAP Authentication – Passwords are managed from LDAP. Authentication against LDAP database.

  • Enable LDAP Authentication for End Users (System->LDAP->LDAP Authentication)

 4. Create Dial-Plan

  • Create devices (Device->Gateway)
  • Create route group (Call Routing->Route/Hunt->Route Group). Specify the device order. As a Distribution Algorithm you should use “Top Down” instead of “Circular”.
  • Create route list (Call Routing->Route/Hunt->Route List). Specify the route group order.
  • Create route pattern (Call Routing->Route/Hunt->Route Pattern). You can associate a route list or a gateway to a route pattern.

5. Create Transformations

Transformation pattern is digit manipulation after routing decision while translation pattern is digit manipulation before routing decision. You usually work with transformation patterns.

You can apply transformations to:

  • Pattern/Route Pattern (Call Routing->Route/Hunt->Route Pattern->Select the route pattern)
  • Route Group (Call Routing->Route/Hunt->Route List->Select the route list->Select the route group) – the route group transformation overrides any calling or called party number transformations made on a route pattern. Used when you have a PSTN backup for your WAN connection and you need to apply a transformation only when the calls are routed to the PSTN.

6. Configure COS

  • Create Partitions (Call Routing->Class of Service->Partition) – Create partitions like Local, PSTN, International, etc.
  • Assign Partition – Partitions are collections of DNs, RPs (Route Patterns), transformation patterns and translation patterns that divide the Dial Plan into segments. Partitions can contain anything that has a number.
  • Create CSSs (Call Routing->Class of Service->Calling Search Space) – Create CSSs like Local, PSTN, International, etc. and specify what partitions can each CSS call.
  • Assign CSSs – CSS can be assigned to DNs, phone devices, translation patterns, gateways and trunks. CSS can be assigned to any dialing entity, anything that can make a call.

7. Troubleshooting

  • Streaming Statistics – in order to view statistics for your phone device you first have to enable the web access(Device->Phone->select a phone device->Web Access) and then access the webpage of that device using the device IP address(http://P_address).
  • Route Plan Report (Call Routing->Route Plan Report)
  • Cisco Dialed Number Analyzer – first you have to enable the DNA service from the Cisco Unified Serviceability page, then you can access this service at https://cucm_ip/dna

8. Phone Features

All basic phone features that are often used are enabled by default if you have enabled the service “Cisco IP Voice Media Streaming App”. These features are:

  • Phone Directory (Device->Device Settings->Phone Services)
  • Call Forwarding
  • Call Transfer
  • Call Hold
  • Intercom (Call Routing->Intercom)
  • Time-of-day routing

Other important features that need to be activated will be presented next:

  • Call Park (Call Routing->Call Park)
  • Call Pickup (Call Routing->Call Pickup Group)
  • Shared Lines (assign a DN to multiple phones)
  • Do Not Disturb (add a DND softkey to the Softkey Template)
  • Call Back (add a Call Back softkey to the Softkey Template)
  • Barge and Privacy
  • Services (Device->Device Settings->Phone Services)
  • Extension Mobility (an XML service that allows users to log into phones, like a roaming user)
  • Paging (feature does not exist in CUCM, it requires an external server)

Implementing Class of Restriction (COR)

CUCM – Class of Control

Partitions – Partitions are collections of DNs, RPs (Route Patterns), transformation patterns and translation patterns that divide the Dial Plan into segments. Partitions can contain anything that has a number.
Calling Search Space – CSS can be assigned to DNs, phone devices, translation patterns, gateways and trunks. CSS can be assigned to any dialing entity, anything that can make a call.

CME – Class of Restriction

//Steps
1.Define the COR tags we will use for the restrictions. (one tag for each outbound dial-peer)
2.Create the outbound COR lists.
3.Create the inbound COR lists.
4.Assign the outbound COR lists.
5.Assign the inbound COR lists.

//Rules
Rule 1: If there is no outgoing COR list applied, the call is always routed.
Rule 2: If there is no incoming COR list applied, the call is always routed.

Defining COR List Tags
Router(config)# dial-peer cor custom
Router(config-dp-cor)# name NATIONAL
Router(config-dp-cor)# name INTERNATIONAL

Creating Outgoing COR Lists
Router(config)#dial-peer cor list NATIONAL-CALL
Router(config-dp-corlist)#member NATIONAL
Router(config)#dial-peer cor list INTERNATIONAL-CALL
Router(config-dp-corlist)#member INTERNATIONAL

Creating Incoming COR Lists
Router(config)#dial-peer cor list NATIONAL-ONLY
Router(config-dp-corlist)#member NATIONAL
Router(config)#dial-peer cor list NATIONAL-INTERNATIONAL
Router(config-dp-corlist)#member NATIONAL
Router(config-dp-corlist)#member INTERNATIONAL

Assigning Outbound and Inbound COR Lists
Router(config)#dial-peer voice 10 pots
Router(config-dial-peer)#corlist outgoing NATIONAL-CALL
Router(config)#dial-peer voice 11 pots
Router(config-dial-peer)#corlist outgoing INTERNATIONAL-CALL
Router(config)#ephone-dn 1
Router(config-ephone-dn)#corlist incoming NATIONAL-ONLY
Router(config)#ephone-dn 2
Router(config-ephone-dn)#corlist incoming NATIONAL-INTERNATIONAL

Ephone 1 will be able to place only National calls, while Ephone 2 will be able to place both National and International calls.