Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Multiple SIP Trunks with UC520

I wanted to know when there will be multiple SIP trunks on the UC520 (command line or CCA -- don't care which)?  I've seen a document http://www.cisco.com/en/US/docs/ios/voice/sip/configuration/guide/sip_cg-multi-registrars.html

but I don't think it works yet for the UC520.

Thanks.

Joe

Everyone's tags (3)
39 REPLIES
Community Member

Re: Multiple SIP Trunks with UC520

Hi Joe,

works as described in the document. I have a UC500 connected to a "standard" SIP Trunk Voice Service Provider and Skype for SIP.

regards,

Alfred

Community Member

Re: Multiple SIP Trunks with UC520

Hi Alfred,

What UC5x0 do you have --  20,40, or 60?  I don't want to assume it's on all units.  When I goto the CLI on the UC520 it says that I can only have one authentication and to remove the one I have in there.  That's where I got stuck.  I was able to add the register 1, register 2 though.  The Doc doesn't mention anything about authentication 1, authentication 2 etc.  Besides I did a authentication ? anyway.  So, it won't let me add more then one authentication.  I need it for my main SIP provider and Skype like yourself.

I have the latest CCA and software pack (IOS, etc.).

Any tips?

Thanks.

Joe

Community Member

Re: Multiple SIP Trunks with UC520

Hi Joe,

UC520 running ios 15.0(1)XA2/CME8.0

You can use different authentications, but the username has to be the same - not very flexible.

I don't need authentication for my main SIP Provider...

regards,

Alfred

Community Member

Re: Multiple SIP Trunks with UC520

Hi Alfred,

Thought so...that's the part I'm hoping will change on the 520.  I'll need the two different authentications.  I heard it was coming out very soon (maybe already) to the 540.

Joe

Community Member

Re: Multiple SIP Trunks with UC520

This has been an 'issue' with CME for quite a while.  I have spoken with the business group about it and was told that they get very little requests for this.  In general, most corporate SIP providers secure based on source/destination address whereas most residential providers are reliant on user/pass requirements.  Hence the low amount of requests.

Community Member

Re: Multiple SIP Trunks with UC520

Mine is enterprise and uses User Name and Password.  Total Requests + 1.

Community Member

Re: Multiple SIP Trunks with UC520

Preachin' to the choir here!

Bronze

Re: Multiple SIP Trunks with UC520

Check the FAQ below:

https://supportforums.cisco.com/docs/DOC-9830#Does_UC500_support_multiple_SIP_trunks

With the 8.0.x software pack on the UC500s (any model) - you can support multiple SIP trunk providers with different authentication and registrar servers - note this is only via CLI and is NOT CCA compatible at this time, so be aware of that.

Snip from link in FAQ above:

The Support for Multiple Registrars on SIP Trunks on a Cisco Unified  Border Element, on Cisco IOS SIP TDM Gateways, and on Cisco Unified  Communications Manager Express feature provides support for simultaneous  registration with multiple registrars for endpoints on Cisco IOS SIP  TDM gateways, Cisco UBEs, and Cisco Unified CME. This feature allows  outbound and inbound traffic to be distributed across different service  providers while simultaneously providing redundancy for users supported  on these devices.

...

The authentication behavior can handle  challenges from different service providers for SIP REGISTER and SIP  INVITE/Other messages.

You can specify a realm, which acts as a  unique key for picking up username and password authentication details  for each endpoint.

Community Member

Re: Multiple SIP Trunks with UC520

That's great.  However I get the message:

Only one username per device supported
Please unconfigure previous authentication information

This is what prompted the original post.  So, if you have any tips of what I could be doing wrong, I'd appreciate it.

Thanks.

Community Member

Re: Multiple SIP Trunks with UC520

Actually, after reading the example again I see it uses MyUsername and MyPassword1, MyPassword2, etc.  This makes me think that the Username has to be identical, which has been my problem right from the begining.  That's a pretty important piece of information but I don't see it anywhere in the doc.  As well, what are the chances two ITSPs give you the same Username?  I don't get why this is not possible after all this time since it's release.

Community Member

Re: Multiple SIP Trunks with UC520

Out of curiousity, what provider are you using?

Bronze

Re: Multiple SIP Trunks with UC520

Currently this is a limitation which is documented at below:

http://www.cisco.com/en/US/docs/ios/voice/sip/configuration/guide/sip_cg-multi-registrars.html#wp1070133

Note Configuring more than one username is not  supported—you must remove any currently configured username before  configuring a new username.

We are looking at removing this restriction in the next major SW release - 8.1.x. See the schedule below:

https://supportforums.cisco.com/docs/DOC-9827

Community Member

Re: Multiple SIP Trunks with UC520

Thanks for the info.  That's great it's on the roadmap.

If my ITSP allows registration by public IP address and the other is by authentication username and password, then how does that get setup on the command line?  Anything you can write out or doc to point me to?

Skype allows authentication by username or IP so that might solve my problem.  I just don't know how to change it to IP on the UC because it talks about usernames and passwords?

Thanks.

Bronze

Re: Multiple SIP Trunks with UC520

If the registration is based on IP address, what that means the SP is only going to accept SIP messages from a specific IP address. Hence you need to use a static IP address on the WAN side of the UC520 and UC520 will use that for SIP messages to the SP. Make sure the SP allows this IP address. No other config is required on the UC520 per se.

Community Member

Re: Multiple SIP Trunks with UC520

I'm also trying to get my head around multiple SIP trunks. I have read the Cisco setup documented at http://www.cisco.com/en/US/docs/ios/voice/sip/configuration/guide/sip_cg-multi-registrars.html#wp1070223 but what I'm fighting with is how to select a particular registrar and its associated authentication from the sip-ua since it seems to be global and the dial plan only defines session target sip-server.

The below config works for all incoming numbers from all 4 registrars and outgoing using registrar 1 and authentication username aaaaaaaaa but what I need to do is to use registrar 2 and its associated authentication username bbbbbbbbbbb to be selected when I dial numbers starting with 59....... which are local numbers in a different country where the registrar 2 registers.

My current config is as follows:

sip-ua
credentials username aaaaaaaaaa password 7 xxxxxxxxxxxxx realm 58.96.1.2

credentials username bbbbbbbbbb password 7 yyyyyyyyyyyyy realm 802.cz
credentials username cccccccccc password 7 zzzzzzzzzzzzz realm sip.microelmark.com.au
credentials username dddddddddd password 7 xxxxxxxxxxxxx realm 58.96.1.2
authentication username aaaaaaaaaa password 7 xxxxxxxxxxxxx
no remote-party-id
retry invite 2
retry register 10
timers connect 100
registrar 1 ipv4:58.96.1.2:5060 expires 240
registrar 2 dns:sip.802.cz expires 240
registrar 3 dns:sip.microelmark.com expires 240
sip-server ipv4:58.96.1.2:5060
host-registrar

dial-peer voice 1062 voip
description **CCA*Australia*ITSP_2**
translation-profile outgoing ITSP_2
preference 1
destination-pattern 059.......
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad

Any help or clarification if this is possible would be much appreciated.

Cisco Employee

Re: Multiple SIP Trunks with UC520

You have sip-server defined as 58.96.1.2:5060 so all calls to 'sip-server' will go there.

Your better bet is to configure your dial-peers to ipv4: instead of using sip-server when you have multiple registrar servers.

Community Member

Re: Multiple SIP Trunks with UC520

I've tried that also but I had no luck with it but perhaps I have missed something...

If I define it in the dial-peer how would the unit know how to authenticate with that particular ipv4 address and what credentials to use? If there would be any way to define in the dial-peer authertication to the ipv4 address I think that would work.

Any suggestions?

Cisco Employee

Re: Multiple SIP Trunks with UC520

Have you read this document?


http://www.cisco.com/en/US/docs/ios/voice/sip/configuration/guide/sip_cg-multi-registrars_ps10592_TSD_Products_Configuration_Guide_Chapter.html

Determination of Authentication Details

When a SIP INVITE or SIP REGISTER request is challenged, the username and password details for authentication are determined in the following order:


Note     Configuring more than one username is not supported—you must remove any currently configured username before configuring a new username.


     1.     If the realm specified in the challenge matches the realm in the authentication configuration for a POTS dial peer, the system uses the corresponding username and password.

     2.     If the realm specified in the challenge doesn't match the configured authentication for the POTS dial peer, then it will check for credentials configured for SIP UA.

     3.     If the realm specified in the challenge does not match the realm configured for credentials, then it will check for authentication configurations for SIP UA.

     4.     If the system does not find a matching authentication or credential for the received realm, then the request is terminated.

     5.     If there is no realm specified for the authentication configuration, then the system uses the username received from the challenge to build the response message.

Do you see the router attempting a re-invite after the 401 unauthorized?  Does the 401 have a realm which matches you've got configured for that authentication?  Read that document, and then its time to do some SIP debugging.

Community Member

Re: Multiple SIP Trunks with UC520

Steven, thank you for your prompt reply.

I have looked at the document and the good information you have provided but I would like to confirm something. The document talks about defining credentials under POTS but because I try to sent the call through voip only this will have no effect correct?

I have modified the setup as such that the dial-peer voice now has session target se to dns:sip.802.cz

Because the realm of the provider is only 802.cz I suppose the match won't ever be found and all will default to authentication defined under sip-ua.

Here is the current setup and I have also attached degug of the call where origin number (my number was 910...) and the number at the destination was 597...

dial-peer voice 1063 voip
description **CCA*Australia*Czech Numbers**
translation-profile outgoing PSTN_Outgoing
preference 1
destination-pattern 059[5-7]......
session protocol sipv2
session target dns:sip.802.cz
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad

sip-ua
credentials username 02800xxxxx password 7 xxxxxxxxxxxx realm 58.96.1.2
credentials username 6128090xxxx password 7 xxxxxxxxxxx realm sip.microelmark.com.au
credentials username 91080xxxxxx password 7 xxxxxxxxxxxxx realm 802.cz
credentials username 02820xxxxx password 7 xxxxxxxxxxxx realm 58.96.1.2
authentication username 02800xxxx password 7 xxxxxxxxxxxxxxxx
no remote-party-id
retry invite 2
retry register 10
timers connect 100
registrar 1 ipv4:58.96.1.2:5060 expires 240
registrar 2 dns:sip.802.cz expires 240
registrar 3 dns:sip.microelmark.com.au expires 240
sip-server ipv4:58.96.1.2:5060
host-registrar

Cisco Employee

Re: Multiple SIP Trunks with UC520

Marek,

You see the 407 come back from the ITSP with this realm:

Proxy-Authenticate: Digest realm="802.cz", nonce="4cacf27900014869da003628ac882272928567ee463b61d4"

But the router is using these authentication credentials for a response:
Proxy-Authorization: Digest username="0280080090",realm="802.cz",uri="sip:597431212@sip.802.cz:5060",response="d7d3d4a49517dfc2298bee55f1c1b837",nonce="4cacf27900014869da003628ac882272928567ee463b61d4",algorithm=md5

I think that is because that username is configured as an auth credential without a realm defined.  Can you try removing that line 'authentication username 02800xxxx password 7 xxxxxxxxxxxxxxxx'?

Once that line is gone, since the 407 has the realm 802.cz, it should authenticate off of the credentials found under the realm here:

credentials username 91080xxxxxx password 7 xxxxxxxxxxxxx realm 802.cz

If you still have issues, post new SIP debugs, and current config and version and I'll investigate further.

Community Member

Re: Multiple SIP Trunks with UC520

Steven,

I have tried that but as soon as I remove the authentication I can't maky any calls including calls to the dial-peer voice 1058 which is to call local numbers. I have even modified this dial-peer to session target ipv4:58.96.1.2 which is the correct ip for the local call ITSP registrar but still no luck.

I have attached config and traces for both, the local ITSP and Czech ITSP providers.

dial-peer voice 1058 voip
corlist outgoing call-national
description **CCA*Australia*NSW Numbers**
translation-profile outgoing PSTN_Outgoing
preference 1
destination-pattern 002........
session protocol sipv2
session target ipv4:58.96.1.2
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad

dial-peer voice 1061 voip
description **CCA*Australia*Czech Numbers**
translation-profile outgoing PSTN_Outgoing
preference 1
destination-pattern 059[5-7]......
session protocol sipv2
session target dns:802.cz
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad

sip-ua
credentials username 0280080090 password 7 012637320826252476786F realm 58.96.1.2
credentials username 61280903590 password 7 0317420F080A381E1E5849 realm sip.microelmark.com.au
credentials username 910806353 password 7 044812020124551C594855 realm 802.cz
credentials username 0282058458 password 7 005534525C0353365C realm 58.96.1.2
no remote-party-id
retry invite 2
retry register 10
timers connect 100
registrar 1 ipv4:58.96.1.2:5060 expires 240
registrar 2 dns:sip.802.cz expires 240
registrar 3 dns:sip.microelmark.com.au expires 240
sip-server ipv4:58.96.1.2:5060
host-registrar

Community Member

Re: Multiple SIP Trunks with UC520

I have been trying this also, but as I understand, where the ITSP requires each SIP trunk to provide digest authentication, this can't be done.

My client has 2 lines from their ITSP, however both require authentication, so as far as I understand, this cannot be done. I can only register and authenticate their main line.

I am thinking of putting in a workaround by using a SPA ATA to register the second line and connecting via analogue... It is rather unfortunate that UC500/CME is not up to this task.

Dear Cisco, not all clients have high-end multi-line SIP trunks with single authentication in a SBCS environment. Please look into it as a feature request!

Community Member

Re: Multiple SIP Trunks with UC520

Scott,

Thank you for your input. So far I'm also leaning towards to the conclusion that it can't be done but still hoping that Steve can get it investigated and let us know if this will be added in any future releases as it is important part of the least cost routing feature which otherwise doesn't work.

The way I have set the system up now is same as you are thinking. All outgoing calls to the secondary provider I'm sending out through PSTN port where I have ATA that isn't normally registered to the ITSP and makes SIP calls without requiring registration. This way all the incoming calls are still coming directly to the UC500 but all outgoing are going through PSTN.

The downside of the solution is the capacity that would be limited by the number of ATA's attached, which isn't really viable option for large deployment.

The disappointment really is that this system replaced SPA9000 Linksys system that did not have any problem with this functionality but this new whiz-bang system can’t do it. Well let’s be fair, there is much more functionality in the UC500 system so the pros overweigh the cons but if we wouldn’t find workable solution it wouldn’t be good.

Could Cisco please give us some sort of closure to this issue and let us know if there is a plan on including it in future build if it can't be done in the current release?

Community Member

Re: Multiple SIP Trunks with UC520

I think it's a core CME limitation - rather than specific to UC5x0.

I'm using a SPA2102 which handles two lines and registrations/authentications just nicely. Intersting that a $50 product can do this but thousands of dollars worth of gear cannot...

My only problem is, I need this for another client but they've got the BRI version - so no FXOs unfortunately - and hardly worth purchasing an FXO card when this will hopefully be fixed in future CME software upgrades.  I wonder if the FXS/DID ports could be configured to do this?

Regardless, we need multiple SIP authentications in CME please Cisco!

Community Member

Re: Multiple SIP Trunks with UC520

I finally got this to work.  I did have to use username authentication for one ITSP (BabyTEL) and IP authentication for the second ITSP (Skype). I still have not got it to work with two ITSP's using username authentication.  Although, at least now it allows two usernames authentication lines whereas before it did not.  So it either works now or seems like it will be in soon-to-be future release.

Community Member

Re: Multiple SIP Trunks with UC520

Direct from the config document: http://www.cisco.com/en/US/docs/ios/voice/sip/configuration/guide/sip_cg-multi-registrars.html

Configuring more than one username is not supported—you must remove any currently configured username before configuring a new username.

Why on earth would you have the same username with two ITSPs? This is especially odd considering the username is the DID number in most cases.

I have a situation where the multiple SIP trunks are from the same provider - nice and easy to configure you might think, however they both require username authentication which means I can only register one at a time.

Unfortunately IP based authentication isn't an option in my case. Glad you got it to work though.

Community Member

Re: Multiple SIP Trunks with UC520

I don't -- that was the point in the early posts.  The whole issue started with wanting to register two different ITSP's with username authentication that also didn't have the same username.

Community Member

Re: Multiple SIP Trunks with UC520

We are in the same boat then... let's grumble in unison

Cisco Employee

Re: Multiple SIP Trunks with UC520

Instead of 'grumbling,' I urge all of you that would like to see this feature to be proactive about it, so that the right people see that this is an important feature to have.

Anyone looking for this feature should talk to their account team and have them file a product enhancement request (PERS) for this, so that it gets tracked and tied to business cases.  That is the way you can drive new features in products into the business unit.

I thought there was a section on CSC somewhere for feature requests with SBCS products (heard this in a meeting yesterday), but I haven't been able to find it yet.  If anyone knows where that is, that could also be an approriate channel for this.

12019
Views
9
Helpful
39
Replies
CreatePlease to create content