[cisco-voip] Configure Cisco 871 Branch Office VoIP

omar parihuana omar.parihuana at gmail.com
Mon Nov 20 13:12:27 EST 2006 

Hi,

Regarding to:

"If you want to track MoS and other IP voice related statistics, you may
want to implement IP SLA"

Could you provide any suggestions about IP SLA, it's possible track MoS for
Voice over Internet?

Rgds.





On 11/20/06, Linsemier, Matthew <MLinsemier at apcapital.com> wrote:
>
>  Manoj,
>
>
>
> Can you provide a few more details?
>
>
>
>    - Is this a public or private circuit?
>    - Is this a symmetrical 2mb link?
>
>
>
> Some things to look at:
>
>
>
>    - No IOS firewall has been enabled (if this is a public link, you
>    will want to do this)
>    - As a best practice Cisco states that you should keep your Priority
>    Queue / LLQ < 35% of total bandwidth
>    - As a security best practice you may want to disable telnet and
>    http and stick with ssh and https
>    - If you want to track MoS and other IP voice related statistics,
>    you may want to implement IP SLA
>
>
>
> Matt
>
>
>
>
>  ------------------------------
>
> *From:* cisco-voip-bounces at puck.nether.net [mailto:
> cisco-voip-bounces at puck.nether.net] *On Behalf Of *Lead Solution
> *Sent:* Monday, November 20, 2006 10:39 AM
> *To:* cisco-voip at puck.nether.net
> *Subject:* [cisco-voip] Configure Cisco 871 Branch Office VoIP
>
>
>
> Hi All,
>
> Bellow is the configuration of our one of the branch office VoIP router. I
> would like to share it with you guys and see whether someone can suggest
> me better VLAN, QoS configuration. Also, I have policy map 2MB spplied for
> FastEthernet 4 and Tunnel. Is this right?
>
> I would greatly appreciate your comments.
>
>
>
> Best regards,
>
> Manoj
>
>
>
> Building configuration...
>
> Current configuration : 7520 bytes
> !
> version 12.4
> no service pad
> service timestamps debug datetime msec
> service timestamps log datetime msec
> no service password-encryption
> !
> hostname XXXXX_871
> !
> boot-start-marker
> boot-end-marker
> !
> logging buffered 51200 warnings
> enable password xxxxxxxx
> !
> aaa new-model
> !
> !
> !
> aaa session-id common
> !
> resource policy
> !
> ip cef
> !
> !
> no ip dhcp use vrf connected
> ip dhcp excluded-address 192.168.5.1 192.168.5.99
> ip dhcp excluded-address 192.168.5.151 192.168.5.254
> ip dhcp excluded-address 172.198.10.1 172.198.10.99
> ip dhcp excluded-address 172.198.10.151 172.198.10.254
> !
> ip dhcp pool VLAN10
>    network 172.198.10.0 255.255.255.0
>    default-router 172.198.10.1
>    domain-name xxxx.com
>    dns-server 211.129.14.134
>    lease 7
> !
> ip dhcp pool VLAN20
>    network 192.168.5.0 255.255.255.0
>    default-router 192.168.5.1
>    domain-name xxxx.com
>    dns-server 211.129.14.134
>    option 150 ip 172.16.0.10
>    lease 7
> !
> !
> no ip domain lookup
> ip domain name xxxx.com
> !
> !
> crypto pki trustpoint TP-self-signed-1440134037
>  enrollment selfsigned
>  subject-name cn=IOS-Self-Signed-Certificate-1440134037
>  revocation-check none
>  rsakeypair TP-self-signed-1440134037
> !
> !
> crypto pki certificate chain TP-self-signed-1440134037
>  certificate self-signed 01
>   3082024A 308201B3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
>   quit
> username pbxl privilege 15 secret 5 $1$Ce8g$9S4kDri6Yyg2gBCVSS1LI0
> !
> !
> class-map match-any AutoQoS-VoIP-RTP-Trust
>  match ip dscp ef
> class-map match-any AutoQoS-VoIP-Control-Trust
>  match ip dscp cs3
>  match ip dscp af31
> !
> !
> policy-map AutoQoS-Policy-Trust
>  class AutoQoS-VoIP-RTP-Trust
>   priority percent 70
>  class AutoQoS-VoIP-Control-Trust
>   bandwidth percent 5
>  class class-default
>   fair-queue
> policy-map Shape-2MB
>  class class-default
>   shape average 2000000
>   service-policy AutoQoS-Policy-Trust
> !
> !
> !
> crypto isakmp policy 10
>  encr 3des
>  hash md5
>  authentication pre-share
>  group 2
> crypto isakmp key 6 xxxxxx address 210.181.112.194 no-xauth
> !
> !
> crypto ipsec transform-set XXXLKAMIYA esp-3des esp-md5-hmac
> !
> crypto ipsec profile GREPRO
>  set transform-set XXXLKAMIYA
> !
> !
> !
> !
> !
> interface Tunnel0
>  bandwidth 2000
>  ip address 10.0.20.2 255.255.255.0
>  tunnel source Dialer0
>  tunnel destination 210.181.112.194
>  tunnel mode ipsec ipv4
>  tunnel protection ipsec profile GREPRO
>  service-policy output Shape-2MB
> !
> interface FastEthernet0
>  description ********** PC/VoIP **********
>  switchport trunk native vlan 10
>  switchport mode trunk
>  switchport voice vlan 20
>  auto qos voip trust
>  spanning-tree portfast
>  service-policy output AutoQoS-Policy-Trust
> !
> interface FastEthernet1
>  description ********** PC/VoIP **********
>  switchport trunk native vlan 10
>  switchport mode trunk
>  switchport voice vlan 20
>  auto qos voip trust
>  spanning-tree portfast
>  service-policy output AutoQoS-Policy-Trust
> !
> interface FastEthernet2
>  description ********** PC/VoIP **********
>  switchport trunk native vlan 10
>  switchport mode trunk
>  switchport voice vlan 20
>  auto qos voip trust
>  spanning-tree portfast
>  service-policy output AutoQoS-Policy-Trust
> !
> interface FastEthernet3
>  description ********** PC/VoIP **********
>  switchport trunk native vlan 10
>  switchport mode trunk
>  switchport voice vlan 20
>  auto qos voip trust
>  spanning-tree portfast
>  service-policy output AutoQoS-Policy-Trust
> !
> interface FastEthernet4
>  bandwidth 2000
>  no ip address
>  ip nat outside
>  ip virtual-reassembly
>  ip tcp adjust-mss 1452
>  duplex auto
>  speed auto
>  pppoe enable
>  pppoe-client dial-pool-number 1
>  service-policy output Shape-2MB
> !
> interface Vlan1
>  description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
>  ip address 172.198.1.1 255.255.255.0
> !
> interface Vlan10
>  description Data Vlan 1
>  ip address 172.198.10.1 255.255.255.0
>  ip nat inside
>  ip virtual-reassembly
>  ip tcp adjust-mss 1452
> !
> interface Vlan20
>  description Voice Vlan 1
>  ip address 192.168.5.1 255.255.255.0
>  ip nat inside
>  ip virtual-reassembly
>  ip tcp adjust-mss 1452
> !
> interface Dialer0
>  bandwidth 2000
>  ip address negotiated
>  ip mtu 1452
>  ip nat outside
>  ip virtual-reassembly
>  encapsulation ppp
>  dialer pool 1
>  dialer-group 1
>  no cdp enable
>  ppp authentication chap pap callin
>  ppp chap hostname xxxxxx8 at ffa.xxx.xxx.com
>  ppp chap password 0 xxxx93
>  ppp pap sent-username xxxxxx8 at ffa.xxx.xxx.com password 0 cyum93
> !
> ip route 0.0.0.0 0.0.0.0 Dialer0
> ip route 172.16.0.0 255.255.0.0 Tunnel0
> !
> !
> ip http server
> ip http access-class 23
> ip http authentication local
> ip http secure-server
> ip http timeout-policy idle 60 life 86400 requests 10000
> ip nat inside source list 1 interface Dialer0 overload
> !
> access-list 1 permit 192.168.5.0 0.0.0.255
> access-list 1 permit 172.198.10.0 0.0.0.255
> dialer-list 1 protocol ip permit
> no cdp run
> !
> !
> !
> !
> control-plane
> !
> rmon event 33333 log trap AutoQoS description "AutoQoS SNMP traps for
> Voice Drops" owner AutoQoS
> rmon alarm 33333 cbQosCMDropBitRate.18.3164929 30 absolute
> rising-threshold 1 33333 falling-threshold 0 owner AutoQoS
> rmon alarm 33334 cbQosCMDropBitRate.34.5364641 30 absolute
> rising-threshold 1 33333 falling-threshold 0 owner AutoQoS
> rmon alarm 33335 cbQosCMDropBitRate.50.14618161 30 absolute
> rising-threshold 1 33333 falling-threshold 0 owner AutoQoS
> rmon alarm 33336 cbQosCMDropBitRate.66.2065329 30 absolute
> rising-threshold 1 33333 falling-threshold 0 owner AutoQoS
> banner login ^C
> -----------------------------------------------------------------------
> Cisco Router and Security Device Manager (SDM) is installed on this
> device.
> This feature requires the one-time use of the username "cisco"
> with the password "cisco". The default username and password have a
> privilege level of 15.
>
> Please change these publicly known initial credentials using SDM or the
> IOS CLI.
> Here are the Cisco IOS commands.
>
> username <myuser>  privilege 15 secret 0 <mypassword>
> no username cisco
>
> Replace <myuser> and <mypassword> with the username and password you want
> to use.
>
> For more information about SDM please follow the instructions in the QUICK
> START
> GUIDE for your router or go to http://www.cisco.com/go/sdm
> -----------------------------------------------------------------------
> ^C
> !
> line con 0
>  no modem enable
> line aux 0
> line vty 0 4
>  length 0
>  transport input telnet ssh
> !
> scheduler max-task-time 5000
> end
>
>
>
> ------------------------------
>
> CONFIDENTIALITY STATEMENT
> This communication and any attachments are CONFIDENTIAL and may be
> protected by one or more legal privileges. It is intended solely for the use
> of the addressee identified above. If you are not the intended recipient,
> any use, disclosure, copying or distribution of this communication is
> UNAUTHORIZED. Neither this information block, the typed name of the sender,
> nor anything else in this message is intended to constitute an electronic
> signature unless a specific statement to the contrary is included in this
> message. If you have received this communication in error, please
> immediately contact me and delete this communication from your computer.
> Thank you.
>
> ------------------------------
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
>


-- 
Omar E.P.T
-----------------
Certified Networking Professionals make better Connections!

http://omarept.blogspot.com/

  Usysnet Corp
Open Source Solutions
www.usysnet.com.pe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://puck.nether.net/pipermail/cisco-voip/attachments/20061120/3f58b285/attachment-0001.html

More information about the cisco-voip mailing list