[cisco-voip] Configure Cisco 871 Branch Office VoIP

Lead Solution lead.solution at gmail.com
Mon Nov 20 10:38:56 EST 2006 

Hi All,
Bellow is the configuration of our one of the branch office VoIP router. I
would like to share it with you guys and see whether someone can suggest
me better VLAN, QoS configuration. Also, I have policy map 2MB spplied for
FastEthernet 4 and Tunnel. Is this right?
I would greatly appreciate your comments.

Best regards,
Manoj

Building configuration...

Current configuration : 7520 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname XXXXX_871
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable password xxxxxxxx
!
aaa new-model
!
!
!
aaa session-id common
!
resource policy
!
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.5.1 192.168.5.99
ip dhcp excluded-address 192.168.5.151 192.168.5.254
ip dhcp excluded-address 172.198.10.1 172.198.10.99
ip dhcp excluded-address 172.198.10.151 172.198.10.254
!
ip dhcp pool VLAN10
   network 172.198.10.0 255.255.255.0
   default-router 172.198.10.1
   domain-name xxxx.com
   dns-server 211.129.14.134
   lease 7
!
ip dhcp pool VLAN20
   network 192.168.5.0 255.255.255.0
   default-router 192.168.5.1
   domain-name xxxx.com
   dns-server 211.129.14.134
   option 150 ip 172.16.0.10
   lease 7
!
!
no ip domain lookup
ip domain name xxxx.com
!
!
crypto pki trustpoint TP-self-signed-1440134037
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1440134037
 revocation-check none
 rsakeypair TP-self-signed-1440134037
!
!
crypto pki certificate chain TP-self-signed-1440134037
 certificate self-signed 01
  3082024A 308201B3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  quit
username pbxl privilege 15 secret 5 $1$Ce8g$9S4kDri6Yyg2gBCVSS1LI0
!
!
class-map match-any AutoQoS-VoIP-RTP-Trust
 match ip dscp ef
class-map match-any AutoQoS-VoIP-Control-Trust
 match ip dscp cs3
 match ip dscp af31
!
!
policy-map AutoQoS-Policy-Trust
 class AutoQoS-VoIP-RTP-Trust
  priority percent 70
 class AutoQoS-VoIP-Control-Trust
  bandwidth percent 5
 class class-default
  fair-queue
policy-map Shape-2MB
 class class-default
  shape average 2000000
  service-policy AutoQoS-Policy-Trust
!
!
!
crypto isakmp policy 10
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp key 6 xxxxxx address 210.181.112.194 no-xauth
!
!
crypto ipsec transform-set XXXLKAMIYA esp-3des esp-md5-hmac
!
crypto ipsec profile GREPRO
 set transform-set XXXLKAMIYA
!
!
!
!
!
interface Tunnel0
 bandwidth 2000
 ip address 10.0.20.2 255.255.255.0
 tunnel source Dialer0
 tunnel destination 210.181.112.194
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile GREPRO
 service-policy output Shape-2MB
!
interface FastEthernet0
 description ********** PC/VoIP **********
 switchport trunk native vlan 10
 switchport mode trunk
 switchport voice vlan 20
 auto qos voip trust
 spanning-tree portfast
 service-policy output AutoQoS-Policy-Trust
!
interface FastEthernet1
 description ********** PC/VoIP **********
 switchport trunk native vlan 10
 switchport mode trunk
 switchport voice vlan 20
 auto qos voip trust
 spanning-tree portfast
 service-policy output AutoQoS-Policy-Trust
!
interface FastEthernet2
 description ********** PC/VoIP **********
 switchport trunk native vlan 10
 switchport mode trunk
 switchport voice vlan 20
 auto qos voip trust
 spanning-tree portfast
 service-policy output AutoQoS-Policy-Trust
!
interface FastEthernet3
 description ********** PC/VoIP **********
 switchport trunk native vlan 10
 switchport mode trunk
 switchport voice vlan 20
 auto qos voip trust
 spanning-tree portfast
 service-policy output AutoQoS-Policy-Trust
!
interface FastEthernet4
 bandwidth 2000
 no ip address
 ip nat outside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
 duplex auto
 speed auto
 pppoe enable
 pppoe-client dial-pool-number 1
 service-policy output Shape-2MB
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
 ip address 172.198.1.1 255.255.255.0
!
interface Vlan10
 description Data Vlan 1
 ip address 172.198.10.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
interface Vlan20
 description Voice Vlan 1
 ip address 192.168.5.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
interface Dialer0
 bandwidth 2000
 ip address negotiated
 ip mtu 1452
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname xxxxxx8 at ffa.xxx.xxx.com
 ppp chap password 0 xxxx93
 ppp pap sent-username xxxxxx8 at ffa.xxx.xxx.com password 0 cyum93
!
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 172.16.0.0 255.255.0.0 Tunnel0
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 permit 192.168.5.0 0.0.0.255
access-list 1 permit 172.198.10.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
control-plane
!
rmon event 33333 log trap AutoQoS description "AutoQoS SNMP traps for Voice
Drops" owner AutoQoS
rmon alarm 33333 cbQosCMDropBitRate.18.3164929 30 absolute rising-threshold
1 33333 falling-threshold 0 owner AutoQoS
rmon alarm 33334 cbQosCMDropBitRate.34.5364641 30 absolute rising-threshold
1 33333 falling-threshold 0 owner AutoQoS
rmon alarm 33335 cbQosCMDropBitRate.50.14618161 30 absolute rising-threshold
1 33333 falling-threshold 0 owner AutoQoS
rmon alarm 33336 cbQosCMDropBitRate.66.2065329 30 absolute rising-threshold
1 33333 falling-threshold 0 owner AutoQoS
banner login ^C
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a
privilege level of 15.

Please change these publicly known initial credentials using SDM or the IOS
CLI.
Here are the Cisco IOS commands.

username <myuser>  privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want to
use.

For more information about SDM please follow the instructions in the QUICK
START
GUIDE for your router or go to http://www.cisco.com/go/sdm
-----------------------------------------------------------------------
^C
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 length 0
 transport input telnet ssh
!
scheduler max-task-time 5000
end
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://puck.nether.net/pipermail/cisco-voip/attachments/20061121/165532b9/attachment.html

More information about the cisco-voip mailing list