Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to discuss Voice: Gateway and Gatekeeper: H323 VOIP/VOFR, SRST and ITS with Cisco expert Taimoor Husain. Taimoor is a Senior Engineer of the Multiservice group in Technical Assistance Center (TAC) and is CCIE #9315. Feel free to post any questions relating to Voice: Gateway and Gatekeeper: H323 VOIP/VOFR, SRST and IT. Remember to use the rating system to let Taimoor know if youve received an adequate response.
Taimoor might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through October 25. Visit this forum often to view responses to your questions and the questions of other community members.
Hello Taimoor ,
We have just set up a VoIP service with AS5350 GW , 2600 series GK and are using 827-4V routers for endpoints. So far the endpoints are all used for the same client and they are allowed to call endpoint - endpoint within the IP network free of charge. We now need to set up other endpoints for different customers but need to deny calls between the new customers , and existing customers endpoints.
What do I need to do to set up new companies , restricting free calls between different companies endpoints , inside the VoIP network ?
There are a few ways to acomplish what you are trying to do. The 827 Router uses a dialplan, like any other IOS based voice gateway, so if configuration of the dialplan is limited only to you and not accessible to the customers, you can make sure that you only tell the 827 how to reach the endpoints you want to. When it does not have a dialplan to go, the call will not be routed.
If Configuration alone is not a viable solution, then you may apply a firewall between customer site, that specifically block the rtp ports that the cisco device uses for communication. Cisco devices use udp ports 16384 through 32767 for the media stream. You could accomplish this by using local access lists on the router as well.
Additionally, if you are using a gatekeeper in your solution and have all your endpoints pointing to the gatekeeper, you may use the gatekeeper "arq reject-unknow-prefix" command which will route only the prefixes it knows of and reject everything else.
Thanks for your answer .
Is it possible to set up different zones in the gatekeeper and put customers in their own zones ? I´m not sure how this would work with the PSTN gateway though - wouldnt it have to register as gateway for each GK zone ID ?
You can have multiple zones in a gatekeeper, and you can route specific prefixes to specifc zones. You can route calls coming in from a different zone to anohter zone as well. So the PSTN gateway does not have to be registered with each zone, the gatekeeper just needs to know what prefixes to route to that gateway. You can route prefixes statically to a gateway rather than a zone as well, with the command : gw-type-prefix
I didn't find any button on this forum pages on how to post own question, therefore I want to use this question place as it's the closest to my topic.
I'm now working on some study of implementing private VoIP VPNs for customers, using the CVM 2.1 software. As this GUI software just creates database and configures/manages the VoIP gateways and gatekeepers with a limited set of IOS commands, I want to know in advance - by asking you, if and how I can do the routing of possible overlapping dialplans in scenario, where the common gatekeeper is included in each private VoIP VPN (with different IP spaces) containing VoIP gateways. Also CVM 2.1 will have access to VPNs in order to configure devices in them.
I want to know, whether the gatekeeper enables proper and separated routing of prefixes (E.164 full numbers or just PABX 4digit extensions) of same length and range, if each VPN's gateways have a dedicated zone assigned, or through some techprefixes before numbers (e.g. CompanyA phone space is 100#5xxx, ComB is 200#5xxx). If it's either option possible, enables you CVM to do that in its environment, or have I to do some CLI action?
Thanks very much in advance for your answer.
Unfortunately I do not have experience with the CVM 2.1 software, so im not sure if I can answer your question. You might think of posting on the VPN and/or Infrastructure section.
It is possible with your gatekeeper to have different endpoints register with their own tech prefixes and route either PABX extensions or full E.164 numbers to various endpoints and reject others.
I have a multipart design question here...
I am in the middle of a design for a client with 75 small offices that connect into a larger headquarters office. Their requirements are to leave the existing legacy small office key systems and hybrid switches in place with Call Manager brokering toll bypass gateway calls between sites. Some very small offices will be converted to 79xx phones with SRST. The strategy is to move to a complete CallManager & IP Phone solution as leases and maintenance contracts expire on the existing infrastrucure.
With SRST, I have been told that the phones MUST have layer 2 connectivity to the router running SRST. Is this indeed a requirement? What are the ramifications of not having layer2 connectivity?
Can you point me to any white papers or success stories with a large hub and spoke gateway design intended to do toll bypass?
I am strongly leaning towards H.323 on my gateways (primarily 2600 class routers) due to the control and troubleshooting advantage I have experienced over MGCP. I also like that with H.323, I can reset a single voice port rather having to reset the entire MGCP gateway. It also seems that while the CIPT types on TAC can help with MGCP or H.323, with H.323, I also get access to CVOICE resources. Having said all that, what is your opinion on the use of MGCP versus H.323 in a 75 site deployment with the intention of doing toll bypass?
When the link fails or the call manager goes down and the Phones go in SRST mode, they must be able to establish a tcp connection with the router. That is the only way they can register to the SRST router and be able to route the calls. If calls go out the gateway to the local PSTN or over IP through the gateway the media stream is established between the gateway and the IP phone. So in answer to your first question, yes it is a requirement. It would be a good idea to contact your local Sales Rep or Account team, to get more information about design guides and success stories.
As for the argument of H323 vs MGCP, youre judgements are correct so far. The master slave environment that MGCP proposes has not been developed enough to give you the control over the IOS based gateway as H323 does. Its really a matter of opinion, the popularity of MGCP comes from its ease of maintainence and is more practical for large scale deployments. However if you are comfortable with H323 and being independant of a call agent, it does give you more of an advantage from a troubleshooting point of view. I personally prefer H323 on Cisco's IOS based gateways interacting with Call manager. It has been around for much longer and currently, seems to be more mature than MGCP.
Getting back to the Phone learning the SRST device, you only talk about a phone establishing a TCP connection with the router , which would indicate that the phone needs layer 3 and not necessarily direct layer2 connectivity... I could not find anything on cco about how the phone's learn the SRST router's IP address except that it should be the phone's default gateway. Since it looks like the phone stores the SRST router's IP address in it's config, is that something that could be set during Skinny registration with Call Manager or via some DHCP option.
I have some instances where I have relatively large sites with a decent sized routing hierachy, but with just a small number of IP phones that use a remote Call Manager. Even if we had to manually configure SRST IP addresses in the handsets, that would be better than rearchitecting vlans and routing. So as a follow on, is there a way to have IP phones at a remote site that do not have the SRST router as it's default gateway? The router would be a gateway that the phone transits during registration with Call Manager.
Unfortunately, the answer to your question is no. SRST requires that the SRST router be the default gateway of the IP Phone.
this is very interesting as we have a quite big remote site, and SRST is not working, now we know why...the default gateway of the IP Phones is not the router which is used for SRST.
The fact is that I did not see anywhere in CCO that this is a requirement and as the collegue mentioned, there are limited information about how SRST really works.
I think it limits the design too, as this means that all voice traffic has to pass through that router ( for example in our case we wanted to use that router as the local voice gateway to PSTN. Now it has to route all voice traffic, for all kinds of calls, on-net to other sites too.)
Anyway, thanks for the tip, it would be great though if there was more info about that feature in CCO.
Also there are limited information about how locations work. We are currently experiencing problems and we need more information in order to be able to troubleshoot it better.
You may want to reconsider the use of MGCP as in current versions of CallManager 3.1 or above MGCP supports call preservation. So for your cleints who are on a call the call drops using H323. There are some dependancies on the gateway...
I have a couple of questions. The first being whether you know of an IOS for the 1760 which supports SRST and also Multicast MoH streaming to the PSTN. I have a version which apparently supports MMoH, but I cannot see the ccm-manager command which I have used to allow multicast streaming to PSTN users connected to it.
The second question is whether you have an example config of an FXO port connected to the UK PSTN. I am having trouble programming the ports to disconnect properly. the signalling does not seem to be carried across the router to Call Manager or vica versa.
Any suggestions appreciated!
Support for SRST for the 1760 came out with 12.2.(4)YB. Support for Multicast Music on Hold for SRST I beleive is not out yet for the 1760 platform. The Multicast MOH that is available right now is for ITS applications (IOS Telephony Service).
The FXO card has a Diconnect problem and you can learn more about that here :
You have a few options, you can use supervisory disconnect on the voice ports, or you can ourchase an FXO-M1 card, which has more features which have disconnect supervision.
Could you give me an advise how to solve voice call accounting problem.
The test includes 1750 GW with 2 phones connected. I need to receive an accounting information on my RADIUS server from this GW when I make a local call (from one phone to another both connected to the same GW). 1750 sends only records about pickup, dialed number events and does not send any information about connection/disconnection of the call.
Next problem. Will I be able to receive accounting information from AS5300 working in TDM switching mode?
Your first scenario should work. The only reason I can think of why it owuld not work, is because there is no H323 or IP call leg for the call you are making. They way the accounting code was written, might not have incorporated this scenario since it is not typical to bill calls that remain local on the router. Nonethelss, if you would like to pursue this, I suggest contacting TAC so we can gather information and determine the course of action or suggestion.
For your next problem, with the AS5300, if the call is originating on the router or terminating on the router, you should be able to bill of that. If you mean a call coming into the server on a tdm interface and leaving the server on a tdm interface with no ip call leg involved, again there is no IP leg, so not sure what this would do with regards to billing. This is an issue that should be handled by TAC.
Your problem is probably that you didn't enable the H.323 or VoIP-specific RADIUS tickets with "gw-accouting h323 voip" and "gw-accouting h323 vsa" commands (latest replaced by "gw-accounting aaa" in 12.2T, which is not running at all), without them, the gateway just sends ordinary accounting tickets with no info like connect, disconnect times and so.
In my VoIP network, I have those times and other info visible also for local gateway calls.
I am using a 3640 as a H.323 gateway for a CallManager. Is there any limitations as to the total number of calls this router should be able to handle from a H.323 perspective ?
Also, is the version that supports MGCP on PRI stable on this platform yet or is it best to continue to hold off a bit ?
I am assuming that your 3640 gateway is interacting with PBX/PSTN through tdm interfaces. The limitations you have are hardware limitations, the gateway has four slots which would allow theoretically 8 T1's. Ofcourse with 8T1's you would see performance of the gateway suffer, but you shoould be able to temrinate those calls on the gateway and send them to the call manager. There is no such hard number as to how many IP call legs you can establish with this gateway, but in your scenario, you should e ok.
PRI backhaul to the call manager using MGCP is supported with 12.2.XN and also with 12.2.11T. There have been some issues, but overall it seems to be stabilizing. If you are looking towards an MGCP implementation as a solution, now is as good a time as any, though H323 does make troubleshooting easier.
Hello Taimoor ,
there are problems. :-)
We have following devices: ata186 (2.15), 827-4v (12.2-4.YA3), 5850 (12.2(2)XB7).
Ata, 827 are used as end-points and 5850 - core logical function. There is task: adjust ATA, 827 to solve voice,(analog) modem, fax calls to outside (send) and back (receive mode). I.e. these devices have to pass voice, modem and fax signals in both directions via 5850 as central point.
We came to the following decision:
dial-peer voice 100 voip
incoming called-number .T
voice-class codec 1
fax rate disable
fax protocol none
dial-peer voice 300 voip
fax rate disable
fax protocol none
AudioMode:0x00120012 (disable fax detection)
I.e. voice pass OK in both directions, fax pass -OK (but only a deceit - 'fax rate disable') in both directions, modem pass at 9600 only from 827-4v to ouside ( dont back).....
It is known, that ata 186-support fax Pass-through; Cisco 827 - Pass-through, Relay; 5850 - Relay (dont support modem pass-through). ONLY!
When all these devices will support T.38 and modem pass-through?
Maybe another decisions? (based on another IOS or Hardware versions?
So, how to make our dreams come TRUE?
So it looks like right now the only problem you are having is for modems coming back into the 827 router. Due to the complexity of this issue and the nature of the question, id suggest contacting TAC about this as they would probably need to take a look at parametrs you have set in the ATA and the 827 as well as the 5850. You are right about what product supports what, but i assume this scenario u should be able to get everything to work.
Hello... I am getting cause code 0x64 when I send a call to the PSTN from a 5300..... docs say something about bad Info Element....
any idea where to start to find out what the PSTN switch is complaining about
I have a capture of "debug voip ccapi inout" on the 5300 for a test call
The cause code you mentioned refers to a D channel problem. On the terminating router you can turn on debug isdn q931, which will tell you where the disconnect cause is coming from. The exact Cause code value is Invalid IE (information elements) contents. In other words the PSTN does not like some of the IE fields that the gateway is sending. You need to call the telco and ask them what they do not like about the setup message or anything that follows.
Are you aware of a means for originating calls from Callmanager to an endpoint that requires H.323 Fast Connect? There are a growing number of services offering Long Distance calling via IP. The one requirement of the particular carrier that we are talking to is that we originate and terminate H.323 Fast Connect.
Your response is greatly appreciated!
Unfortunately there is no way to use fast connect outbound from the call manager. The Call manager will always use slow connect, however for inbound, if the call is setup with fast connect, then the call manager can do fast connect as well. Theres a service parameter under cisco call manager and advanced service parameters, that you can set, for the call manager to switch up to fast connect if the origination device requires it.
Usually when devices are using fast start and the other device cannot do fast start, the gateway should be able to default to slow connect, at least in the cisco gateways, not sure baout most third party vendors.
Is it possible to do tandem switching between VoFR and VoATM call legs on a 3745? And if so, will it work over standards-based FRF.11 or FRF.12 FR PVCs (for interoperability with non-Cisco equipment)?
Unfortunately, what you are trying to do is not possible. We cannot tandem a call coming in on a Vofr leg and going toa VoATM leg.
Just a thought, if you have IP connectivity between the originating and terminating device, you could simply do VOIP and get the job done that way.
We have H.323 network with 5300GW, 3620 GK and 827-4v endpoints.
The 827 and 5300 they are authentificated in the gatekeeper with Radius System, but we want too authorization the calls according source and target.
A 827 with source E.164(628111000 my VOiP network) is authorizated to call target (928555001 Public Network), but it is not authorizated to call to target (91555002 Public Network).
Too there are other posibility, a 827 with E.164(628111002) is not authorizated to call target any Public Network (91*, 928*,etc) but it is authorizated to call target any H.323 VOiP Private Network.
Is possible empower the call in the gatekeeper through of Radius and not in the 5300GW with TCL IVR?
I know that Cisco Gatekeeper they are "Direct Endpoint Signaling " and the call setup messages are NOT directed through the gatekeeper.
I know that I need a script in the Radius machin for authorization call, but this is not problem, I can programmer this
You are right, there are a bunch of ways to do what you are trying to do. You could reject the call on the endpoint itself by not having a dialplan configured for it. You could reject the call on the gatekeeper as well, if you do not have a prefix to route to it and you can use arq reject-unknown-prefixes.
COming to your question, how you can use your GK and raidus server to authenticate the call. You Radius server will be sent a bunch of VSA's, like calling number, called number, setup time etc. It is up to your radius server to authenticate that call based on the VSA's or not. It will be a functionality of the radius server to authenticate that call or not. Not sure what kind of radius server you are using, but you should be able to tell it to authenticate on the calling number field.
Additionally you could write a TCL script for this as well, but you may have to hard code a lot of numbers in the script and place it on the 5300, which does not sound like an acceptable scenario.
Incidentally, you can have the setup messages etc pass through the gatekeeper if you use it as an H323 proxy.