Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

ASK THE EXPERT- IP TELEPHONY

Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to discuss IP Telephony with Cisco expert Chris Spain. Chris is a Senior Manager for Enterprise Solutions Engineering. He leads teams that focus on Cisco AVVID Network Infrastructure, IP Telephony, Video Conferencing, IP Contact Centers and Storage Networking. Feel free to post any questions relating to IP Telephony.

Chris may not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through February 1. Visit this forum often to view responses to your questions and the questions of other community members.

114 REPLIES
New Member

Re: ASK THE EXPERT- IP TELEPHONY

I have one line appearance on my phone. If 4 people call at once I can't answer all 4 calls. When will multiple line appearance be a feature ?

Our receptionist was use to this in our old PBX and doesn't understand why each person needs multiple lines on her phone.

New Member

Re: ASK THE EXPERT- IP TELEPHONY

CallManager 3.1 supports upto 2 calls per line.

A future release will expand this to a configurable limit (far greater than 2).

Check with your account team for feature availability.

New Member

Re: ASK THE EXPERT- IP TELEPHONY

can a Picturetel 900 series make a voice call off net from a Cisco call manager?

New Member

Re: ASK THE EXPERT- IP TELEPHONY

Call Manager can support any standards based H.323 endpoint as a H.323 Client and enable voice calls. NetMeeting has been tested using G.711 for this purpose extensively.

While we have not tested this with a PictureTel 900 it should work.

New Member

Re: ASK THE EXPERT- IP TELEPHONY

Impersonating an IP Phone

How do you prevent a PC from impersonating an IP Phone and having all of it's traffic classified as EF?

Our setup is straight out of the AVVID QoS Design guide: user PCs connect to cisco 7960 IP Phones which connect to qos enabled catalyst 6000s. The ports for phones on the cat6000s are configured with a data vlan for the user PC, aux vlan for the phone, trust boundary extended to the phone and the acl to trust COS for all traffic coming in on the aux vlan.

The problem is that the switch trusts everything coming in on the aux vlan and rate-limits nothing.

It was incredibly easy to enable 802.1q on my Win95 PC and make it impersonate the phone. With a 3Com nic everything is GUI driven and the phone was a very obliging helper... it tells you the IP address to use [the phone's], default gateway, vlan, everything necessary to get your PC working on the aux vlan. After moving the cable from the phone to my PC everything worked.

To see if it really was that easy I point-n-clicked my way thru the menus to configure all telnet traffic from my PC to have a COS of 3, ran snoop on a machine three router hops away from my PC, telneted to that machine and sure enuf... telnet traffic received from my PC had a DSCP value of AF31.

So... how do we prevent user PCs from impersonating IP Phones? And if that's not possible, what kind of rate limits can we put on the aux vlan that will allow the phones to keep working and yet limit the disruption users can cause by setting their traffic to a non-zero COS?

New Member

Re: ASK THE EXPERT- IP TELEPHONY

There are plans underway to extend-trust to a device as opposed to simply extending trust.

This will allow network administrators to extend trust only to devices that are specified via a user defined ACL (such as an IP Phone). This will eliminate the problem you have described. The ACL could extend trust based on MAC address, OUI of the MAC or IP Addresses for example.

In the meantime it is possible to not extend trust to the IP Phone and use an ACL at the access or distribution to classify the control plane (AF-31) and media (EF).

For specific release vehicles and dates please work through your Cisco account team.

New Member

Re: ASK THE EXPERT- IP TELEPHONY

I can see how extending trust based on MAC or OUI raises the bar a bit... but don't most ethernet cards allow you to change the MAC address? eg. on my Win98 laptop - start/settings/control panel/network/nic properties and there is an entry for network address.

The phone tells you it's IP and MAC address. Even with the new scheme of extending trust to a device, it still seems like it would be fairly easy to impersonate a phone.

If I wanted to rate-limit priority traffic on network ingress, could I set the limits to

128Kb for COS = 5 (voice)

5Mb for COS = 3 (call setup)

unlimited for COS = 0 (tftp??)

64Kb or maybe even 0Kb for everything else

without impacting real phone traffic?

Thanks,

Lee

New Member

Re: ASK THE EXPERT- IP TELEPHONY

Ethernet NIC's do not typically allow the 48 bit MAC address to be changed. The Network address is an IP address.

Trust could be based on other criteria (I believe OUI is sufficient or indeed IP Address if the IP address is issued based on OUI, CNR can do this) such as the device support CDP (Cisco IP Phones do this).

New Member

Re: ASK THE EXPERT- IP TELEPHONY

I was under the impression that most, if not all, Ethernet cards allowed changing the MAC address.

On my Win98 laptop: start/settings/control panel/network/nic properties/network address

enter 001122334455, click ok, reboot, run winipcfg and it says my MAC addr is 00-11-22-33-44-55.

Verified with a sniffer - packets from my laptop (192.168.138.28) have a MAC address of 00-11-22-33-44-55

And my cisco800 agrees

c800#sh ip arp

Protocol Address Age (min) Hardware Addr Type Interface

Internet 192.168.138.28 4 0011.2233.4455 ARPA Ethernet0

Trust based onVlan, IP address, OUI, or MAC address is easily spoofed. There is no guess-work involved for the user... the IP Phone on their desk tells them the IP address, default gateway, Vlan and MAC address to use if they want to imitate the phone and send priority traffic.

If I want to limit the problems users can cause by impersonating a phone and sending some or all of their traffic with a non-zero COS, what are the lowest rate limits I can set for each COS that will not drop packets sent by a real IP Phone?

New Member

Re: ASK THE EXPERT- IP TELEPHONY

My apologies, and I learn't something today - thank you. Took me a while as I have win2K and XP on my machines but yes I could change the MAC address.

Trust will be better extended in the future to devices that support CDP or 802.1x for example. The benefit of using an ACL is the ability to be flexible with the method of trust extension.

MAC + IP Addr + CDP for example. Would be more secure.

Our recommendations for classification in the enterprise are:-

Voice

EF (DECP) 5 (IP Prec) 5 (CoS)

Video

AF41 (DSCP) 4 (IP Prec) 4 (Cos)

Signaling for Voice and Video

AF31 (DSCP) 3 (IP Prec) 3 (Cos)

High Priority Data (Gold)

AF2X (DSCP) 2 (IP Prec) 2 (Cos)

Medium Priority Data (Silver)

AF1X (DSCP) 1 (IP Prec) 1 (Cos)

Normal Priority

0 (DSCP) 0 (IP Prec) 0 (CoS)

For the control plane traffic (AF31) 8k bits is more than enough bandwdith. This is the minimum queue size that can be configured on an IOS router.

For the Media Stream for Voice (EF) the value will depend on codec. For G.711 @ 50 packets per second

64K + (50 * 40 * 8 (IP Overhead)) + (50 * 18 * 8 (MAC Header)) = ~88K

So if you wanted to inimize the effects and mitigate the gains of erroneously classifying traffic these would be ballpark values to police traffic to.

New Member

Re: ASK THE EXPERT- IP TELEPHONY

My question does not relate to the technology as much as it does to the updates to the technology.

To date the only way I have been able to find updates to Call Manager, Unity, or other voice applications is to log in a check the web page. Is there a way to be automatically notified of updates to certain products or is that plans in the future for this?

New Member

Re: ASK THE EXPERT- IP TELEPHONY

There is currently no tool, which automatically informs users that a new version of code is available. Where new features and functionality are required product roadmaps and release schedules are the optimum method of attaining this information. This can best be gained via consultation with your Cisco representatives.

Tools do exist to track known caveats (ddts) and these will indicate where a particular issue is resolved.

New Member

Re: ASK THE EXPERT- IP TELEPHONY

7935 support of Call Manager 3.0(x).

Hi Chris,

Is there any support or a hack of the 7935 with Call Manager 3.0(11)? I have tried to create a 7910 and a 7960 and using the P005S301 phone load. No joy so far. A have a multi-site installation that is very reluctant to upgrade their Call Manager installation due to fax/modem and I3 TAPI concerns.

Thanks!

gp

New Member

Re: ASK THE EXPERT- IP TELEPHONY

I would suggest you look at upgrading the Call Manager to a version that officially supports the 7935.

CallManager 3.1 adds increased CTI (TAPI/JTAPI) scalability and also CTI redundancy (you would need to check with I3 to see if they use our latest TSP). Both of these are significant enhancements over CM 3.0.

New Member

Re: ASK THE EXPERT- IP TELEPHONY

Hi Chris, CM3.1 notes greater redundancy and scalability for CTI, does this mean one IP-IVR component could manage one Call Manager Cluster of one Publisher and one Subscriber? I then assume with CM3.0, an IP-IVR server is required for each Call Manager of a Cluster for call centre redundancy. For example one IP-IVR for the Publisher if it becomes enabled and one for the Subscriber. Thanks, Evan.

New Member

Re: ASK THE EXPERT- IP TELEPHONY

Upto 800 CTI ports can be supported on a CallManager server as of CM 3.1. The exact number will vary based upon BHCC. This compares to 200 with CM 3.0

CTI redundancy can also be configured with CM 3.1. This was not possible with CM 3.0 where CTI connected devices could not failover to an alternative CallManager.

New Member

Re: ASK THE EXPERT- IP TELEPHONY

Hi Christopher,

Please tell me that how much bandwidth is consumed for the call processing.

for eg. If there is a centralized callmanager and the

remote offices ip telephones get registered to this callmanager. For any calls from the remote sites to anywhere, will be processed by the callmanager.And after the call is processed the callmanager is not in picture.

I just want to know that how much bandwidth is consumed for this processing and for the initial ip telephones registeration

Please revert back to very very urgently.

Please mail me on ashraf_memon@rediffmail.com

Warm Regards,

Ashraf I. Memon

New Member

Re: ASK THE EXPERT- IP TELEPHONY

Ashraf

I e-mailed you the document from which the information below is extracted. I trust it helped.

With No CTI Appplications

Branch Office Size(Number of IP Phones and Gateways) Minimum Bandwidth for Control Traffic Recommended Bandwidth for Control Traffic

1 to 50 8 kbps 8 kbps

60 8 kbps 9 kbps

70 9 kbps 11 kbps

80 10 kbps 12 kbps

90 11 kbps 14 kbps

100 12 kbps 15 kbps

110 14 kbps 17 kbps

120 15 kbps 18 kbps

130 16 kbps 20 kbps

140 17 kbps 21 kbps

150 18 kbps 23 kbps

With CTI Apps

Branch Office Size(Number of IP Phones and Gateways) Minimum Bandwidth for Control Traffic Recommended Bandwidth for Control Traffic

1 to 30 8 kbps 8 kbps

40 8 kbps 9 kbps

50 9 kbps 11 kbps

60 11 kbps 14 kbps

cnr
New Member

Re: ASK THE EXPERT- IP TELEPHONY

WSX6608 E1 - Nortel Meridian Connectivity. We cannot get the two devices to make calls. Has Chris got a known working Meridian config that we could use as a starting point as Cisco TAC Europe cannot help us......

New Member

Re: ASK THE EXPERT- IP TELEPHONY

Tac can reference a working configuration to a Nortel PBX using T1 here. This should be useful as a starting point.

http://wwwin.cisco.com/ent/ese/solutions/voice/app-notes/legacy-pbx.shtml

Also have TAC take a look at ENG-105396 this references an E! integration via a DE-30+. This is basically the same thing.

cnr
New Member

Re: ASK THE EXPERT- IP TELEPHONY

Hi, Thanks for the speedy response. I cannot open that URL. Can you check it? Thanks Chris

New Member

Re: ASK THE EXPERT- IP TELEPHONY

The url is internal, you will need to work via TAC to access the information.

cnr
New Member

Re: ASK THE EXPERT- IP TELEPHONY

Hi, Our BT Engineer want us to find out exactly what the Cisco implementation of Euro-ISDN consists of. The comment was made that Q931 is not a signalling standard on its own. The engineer is asking me whether the implementation is Euro-ISDN, Q931 or MCDN. Where individual parameters vary from the book standards. The ideal from his point of view would be a complete list of the parameters that matched the Nortel configuration sheet :)

New Member

Re: ASK THE EXPERT- IP TELEPHONY

Please open a case and work with your local TAC.

New Member

Re: ASK THE EXPERT- IP TELEPHONY

Hi I think you might need a new BT engineer our one managed to get Euro and Qsig running for me on two differing models of Meridian. Plus I have a config for DPNSS " which is not supposed to work " but can be done, not set-up by me but it seems to work.

New Member

Re: ASK THE EXPERT- IP TELEPHONY

For the partners who bought the Unity 2.46 NFR, will an update be made available for the specialized partners to move to Unity 3.x?

New Member

Re: ASK THE EXPERT- IP TELEPHONY

This issue should be addressed via your sales representitive.

Silver

Re: ASK THE EXPERT- IP TELEPHONY

Hi Chris,

Is there a limit of 360 H323 calls that a Call Manager forwards to a single H323 device? Using 3.0(11) I was bound by that limit while placing calls to a H323 gateway, but when I upgraded to 3.0(12), I could place about 384 calls to a single H323 gateway. Does the limit depend on versions??

New Member

Re: ASK THE EXPERT- IP TELEPHONY

Yes the limit is version dependant.

Call Manager 3.1 upto 500 calls per device maximum. Approximately 500 H.323 calls per server.

Call Manager 3.2 (due in Q1 2002) upto 1000 calls per H.323 device and a maximum of 1000 calls per server.

135
Views
0
Helpful
114
Replies