Wednesday, December 28, 2011

Cisco ISR G2 Video Conferencing Configuration

Hi Guys

As promised a second blog post is here!

In this blog post, I am going to discuss a feature that when i first heard about it, i thought was the best thing since sliced bread.

Cisco Video Conferencing On ISR G2 PVDM3 or ISR G2 Video Conferencing Services
Basically what this feature allows you to do is use your ISR G2 PVDM3's as Video Conferencing Resources there are several modes supported and quite a few restrictions you should know about, First let's get down to pro's and con's


I searched out all over the internet, for a Step by step guide on how to configure this service, and the internet came up extremely lacking, so I am going to fill that gap!


First of all, here is what you will need
  •  You must be running at Least Version 8.6 of CUCM (or CME)
  •  You must be running IOS 15.1(4)M or later
  •  You must have video capable phones (duh)
  •  You must be using PVDM3's
Pro's:
  • Uses existing ISR G2 PVDM3 modules, you just enable the service
  • In Homogenous mode (more on that later) you can support video conferences with very little PVDMs!
  • Supports transcoding (Video Mixing) if you have enough PDVM3's

Con's:
  • Only mode of video layout supported is loudest speaker (CME does also have lecture mode, but that can be more pain than it is worth)
  • Can't seem to get it to work with E20 Handsets (internet, if you want to help I am all ears!)

So, let's get started!

In my configuration example, I have three 9951 handsets with some Video Cameras, a few VT Advantage users and an E20 that I was unable to get working with this :(.

Let's concentrate first on making sure your video is going to work 100 percent.

So the first thing you need to do, is ensure that you have a seperate Device Pool for your video devices that uses a seperate region and seperate location.

In your region you need to make sure you have this set:






So as you can see, make sure you have your region set to allow max video call bit rate, I specified an insanely high  bit rate, you can specify whatever it is you prefer, but for your initial testing I recommend setting it quite high.

Next, you need to do something similiar for the location:






So make sure your location is set to allow unlimited video too (well, whatever you want to do over your WAN link really, but for me this was all local, so I chose to make it unlimited, but please flavour to taste)

OK, done

So, at this point you just need to add in your phones, make sure that you have video enabled for each of the endpoints:




For 9951 you must say cisco camera enabled and video capabilities enabled, but for most other handsets  you just need video capabilities enabled.

At this point, you should be able to make a very high quality call between your handsets and get some video,

DO THIS FIRST before proceeding any further and make sure it all works, if it does not, double/triple check that you have put the camera in right, double check that you can see local video, double check your region and location configurations are correctly applied to the phone etc. etc.


Don't bother going any further until you can confirm that your endpoints can call each other.

The 9971 phones are painfully difficult to work out what video codec there using, the only advice I can give is try and use the web interface on the phone and go to "Stream" during a call to have a guesstimate as to what video codec they are using.


So  now we know our video is working and we are ready for the conferencing. As I mentioned previously, there are two types of video conferencing available


-> Homogeneous, which means that all the video endpoints must use the exact same codec, and your conferencing resource will only support that single codec you select

-> Heterogeneous, which means that multiple codecs and multiple bit rates are supported










It is important to note that you need a _lot_ of DSP's to do Heterogeneous, you need at least 2 x 128 PVDM3's, in my case I just did not have access to that kind of equipment, so this explanation is only for Homogeneous, sorry guys! But to be fair, you should just be able to replace the word Homogeneous with Heterogeneous and you should be laughing .Just remember to specify multiple codecs in your dspfarm profile

Ok, So first go to CUCM - > Media Resources - > Conference Bridge, add in a conference bridge with a name of your choosing, 

BE SURE TO PLACE IT IN THE DEVICE POOL WITH THE VIDEO REGION YOU CREATED EARLIER AND THE LOCATION YOU CREATED EARLIER





if you forget this step, you will have problems :).




Next, login to your router that has PVDM3's and configure the following, replacing 1.1.1.1 and 2.2.2.2 with the IP addresses of your CUCM servers, and the VIDEOCONFRESOURCE with the name of the video conference bridge you specified in the above step.









voice-card 0
 voice-service dsp-reservation 50
!
!
This step specifies how many DSP resources you wish to dedicate entirely to voice services, since in my case I had a router spare with a PVDM3 I specified 0 percent, but in the example above to be safe I have said 50 percent, you will need to calculate how much percentage of your PVDM's you need for normal voice when doing this calculation.







sccp local GigabitEthernet0/0
sccp ccm  1.1.1.1 identifier 2 version 7.0
sccp ccm  2.2.2.2 identifier 1 version 7.0
sccp
!
sccp ccm group 1
 associate ccm 2 priority 1
 associate ccm 1 priority 2
 associate profile 1 register VIDEOCONFRESOURCES
!
dspfarm profile 1 conference video homogeneous
 codec g722-64
 codec g711ulaw
 codec g711alaw
 codec g729ar8
 codec g729abr8
 codec g729r8
 codec g729br8
 codec h264 w360p frame-rate 30 bitrate 1mbps
 maximum sessions
 associate application SCCP

 no shut
!


make sure you specify a maximum number of sessions, the codec (h264) that you should use depends on what endpoints your using, it can be quite difficult to work out what codec your endpoints support, here is a little trick I did to make it easier for me to work out what codecs my endpoints supported, I setup a meetme number and then had my endpoint set up the conference, if video showed up, that meant that the endpoint would support the codec (easier way to troubleshoot than setting up conferences again and again)





Do a show sccp to make sure your conference bridge has registered to your CUCM, then order your MRGL's in such a way that the Video Conference Resource is picked first by your video conferencing endpoints. If your not sure if this is happening, for example, maybe all your conferences end up as audio only, go to your device with your PVDM3's and do a show voip rtp connection and see if your endpoint addresses are listed, this will tell you if it is being selected as a conference bridge


If you try a multiparty conference now (either ad-hoc or meetme)  you should be able to get a three way conference going, remember that the layout is loudest speaker, so only one person will show on the screen at any one time (the person speaking the loudest)



Finally, you might find the following URL with some FAQ's etc. very helpful in working all this out :)

http://www.cisco.com/en/US/prod/collateral/voicesw/ps6790/gatecont/ps4952/qa_c67-649850.html

I had no luck getting my E20 to join in on this conference, it would join the conference but would hang up straight away, i tried a variety of codecs to no avail, and tried lots of other tricks to try and get it working but was unable to achieve it. If anyone knows the trick on how to get the E20 to join these conferences (as according to Cisco, it is supported) I am all ears!



I hope this helps someone out there









Cisco IOS 15 Licensing (Count Based) for CME and SRST

Hi Guys

Your up for two blog posts in one day today! You lucky guys! (Cough)

So first thing, I wanted to briefly talk about the new licensing again in IOS 15, by now you probably know that you have four basic licenses:

  • Base
  • Security
  • Voice
  • Data

You get base for free, you add on the other ones, pretty simple right?

What has not always been mentioned and covered off very well is COUNTED licenses, the  fact that licenses such as CME and SRST, which used to be honour based, as of the IOS I am looking at  (Version 15.2(2)T) are now counted, check out the output of a show license:

Index 1 Feature: ipbasek9
        Period left: Life time
        License Type: Permanent
        License State: Active, In Use
        License Count: Non-Counted
        License Priority: Medium
Index 2 Feature: securityk9
        Period left: Not Activated
        Period Used: 0  minute  0  second
        License Type: EvalRightToUse
        License State: Not in Use, EULA not accepted
        License Count: Non-Counted
        License Priority: None
Index 3 Feature: uck9
        Period left: Life time
        License Type: Permanent
        License State: Active, In Use
        License Count: Non-Counted
        License Priority: Medium
Index 4 Feature: datak9
        Period left: Not Activated
        Period Used: 0  minute  0  second
        License Type: EvalRightToUse
        License State: Not in Use, EULA not accepted
        License Count: Non-Counted
        License Priority: None
Index 5 Feature: gatekeeper
        Period left: Not Activated
        Period Used: 0  minute  0  second
        License Type: EvalRightToUse
        License State: Not in Use, EULA not accepted
        License Count: Non-Counted
        License Priority: None
Index 6 Feature: LI
Index 7 Feature: SSL_VPN

        Period left: Not Activated
        Period Used: 0  minute  0  second
        License Type: EvalRightToUse
        License State: Not in Use, EULA not accepted
        License Count: 0/0  (In-use/Violation)

        License Priority: None
Index 8 Feature: ios-ips-update
        Period left: Not Activated
        Period Used: 0  minute  0  second
        License Type: EvalRightToUse
        License State: Not in Use, EULA not accepted
        License Count: Non-Counted
        License Priority: None
Index 9 Feature: SNASw
        Period left: Not Activated
        Period Used: 0  minute  0  second
        License Type: EvalRightToUse
        License State: Not in Use, EULA not accepted
        License Count: Non-Counted
        License Priority: None
Index 10 Feature: hseck9
Index 11 Feature: cme-srst
        Period left: 8  weeks 3  days
        Period Used: 4  hours 56 minutes
        License Type: EvalRightToUse
        License State: Active, In Use

        License Count: 265/0  (In-use/Violation)

        License Priority: Low
Index 12 Feature: WAAS_Express
        Period left: Not Activated
        Period Used: 0  minute  0  second
        License Type: EvalRightToUse
        License State: Not in Use, EULA not accepted
        License Count: Non-Counted
        License Priority: None
Index 13 Feature: UCVideo
        Period left: 8  weeks 3  days
        Period Used: 4  hours 28 minutes
        License Type: EvalRightToUse
        License State: Active, In Use
        License Count: Non-Counted
        License Priority: Low

From here you can see that I have set a license count for my CME/SRST, for 265 users, but chances are from a counted perspective I probably don't have that many licenses!

I can't help but notice too that even though technically for CME your meant to buy handset licenses.. don't actually see it listed there...

UCVideo is a feature im using that i will cover off in another blog post, WAAS Express is exactly as written. It's WAAS express and finally IOS-IPS and SSL_VPN counts for security are in their too.

This shows briefly my IOS 15 counted licenses tutorial, I hope it helps someone out there work out what they will need to license :)



Friday, December 23, 2011

How to use individual E1 channels for certain purposes on voice routers

Hi Guys

Quick voice update here, I have been doing a lot more voice work recently, which is good for me. Obviously as a CCIE in Voice I need to keep the voice stuff up :p, but recently I had been doing more routing and switching.

Anyway, I came across something that I have always heard about, but never actually understood how to do, and It never came up in my CCIE Voice studies, so i thought I would post it here for all of you

Let's go through two scenarios, let's say you have a customer who has a 30 channel E1, and says i must ALWAYS be able to dial this number, even if all the channels are busy, there should be 1 channel free for emergency calls (in australia, 000 is our emergency number)

Here is how you would do it:

first, create two trunk groups

trunk group ISDN_OUT

trunk group EMER_OUT

then go to your E1 card and specify the timeslots:

controller E1 0/0/0

pri-group timeslots 1-31

trunk-group EMER_OUT timeslots 31

trunk-group ISDN_OUT timeslots 1-30

!

Walla! You now have two trunk groups, each with a seperate amount of channels, then you would just have some dial-peers (roughly) configured like this:



dial-peer voice 100 pots

pref 1

destination-pattern 000

trunk-group EMER_OUT

!


Then a normal dial-peer for all other calls, the great thing about voice router dial-peer matching is that, if the above is busy (so someone is already on an emergency call to triple 0), the voice router wont give up, it will fall to the next available dialpeer shown below (even though it does not strictly match), so that means you always have the ability to dial 000 and have more than one call, but at LEAST one call to 000 will always get through


dial-peer voice 1002 pots

destination-pattern 0T

trunk-group ISDN_OUT

!

You could use this same trunkgroup concept to take a failed channel out of service (i think there is an easier way to do it though)

I hope this helps someone out there


Excellent UCS article

Hi Guys

I found this article on UCS, i was so impressed i felt compelled to share it
http://www.networkworld.com/reviews/2011/121911-cisco-ucs-test-253603.html?page=1

VERY good explanation of what UCS is and why you might want it

Saturday, December 3, 2011

WAN Acceleration: It Does Work, even for Teleworkers (An introduction to Cisco WAAS Mobile)

Hi Guys

So this video blog post is yet more evidence (as if there was not enough overwhelming evidence already) that YES, WAN acceleration _really_ does work, and it can give huge benefits to your end users.

This particular blog post though deals with a product called Cisco WAAS Mobile.

So WAN acceleration has typically been targeted at the branch: You put a WAN accelerator out at the branch office(s), you have a WAN accelerator at your head office, and therefore everyone at the branch office(s) accessing resources at your head office gets a great experience. Easy right?

Ok, so what about your teleworkers, people connected over the internet maybe with 3G or 4G cellular networks, and they have a VPN client and they need access to CIFS just like you, they need to get to the intranet, etc. etc.

This is the area for Cisco WAAS Mobile, Cisco WAAS mobile consists of a client and a server application, the server application sits on your LAN, while you install the client on your teleworker PC's. The client connects up to the server and then acts as a WAN accelerator for all the users traffic. It works _EXTREMELY_ well, as you will witness in my video

Video is located here:
http://www.youtube.com/watch?v=wHOw1E8Npmo



CIFS file copying goes from maybe 300k a second over a 2 megabit link (showing how damn badly written CIFS is) to 1.8 megabits, objects are cached (including pictures) which makes downloading similai documents that much faster, and the end user is happy as he gets a LAN like experience over the WAN.

Cisco WAAS Mobile is available as a 30 day trial! anyone struggling with remote teleworkers having a bad experience I strongly encourage you to give it a 30 day Trial and see how you like it!

I hope this helps someone out there

Monday, November 28, 2011

asa/pix pre-shared-key is ****

Hi Guys

So if your anything like me, you've logged onto an ASA or pix trying to troubleshoot VPN connectivity.. you go to check the preshared key and all you see is:

preshared-key ***

damnit!

If your anything like you assumed it was hidden and could not be recovered.. Wrong!

simply do a:

more system:running-config

and you will be provided with the pre-shared-key in all its unencrypted glory!

Enjoy!

Tuesday, November 22, 2011

Toll Fraud in IOS 15.1

Hi Guys

Came across this link and thought i would share:
https://supportforums.cisco.com/docs/DOC-12228

It's cisco discussing the toll fraud prevention feature in the latest IOS. One of the more interesting things I found out from this document is that any dial-peer session target addresses are automagically (love that word) added to the list of trusted sources, but still worth understanding this tech and how it works.

I hope this helps someone out there!

Friday, November 18, 2011

Hello Jaluri!

Hey guys, this is just a test post to make sure I am being fed into jaluri.com, i really like it and wanna make sure i am listed on it, plus here is some free advertising for all you readers of my blog (all 3 of you!) for jaluri.com, awesome networking blog aggregator.

Guys on jaluri you may have missed my last post (which has my first video post!) on Cisco Unified Provisioning Manager, a way to easily add phones to your CUCM, 90 day trial available, check out more at:

http://www.ccierants.com/2011/11/cisco-unified-provisioning-manager.html

Cheers!


Tuesday, November 8, 2011

Cisco Unified Provisioning Manager

Hi Guys
(People using aggregates please see; http://www.ccierants.com/2011/11/cisco-unified-provisioning-manager.html)


So, this is the first time I have ever done a Video blog post, so if it feels rushed and unscripted.. that is because it is! Sorry! I did it as a Video because only a Video could really show how easy Cisco Unified Provisioning Manager can make adding new phones/users/enabling "services" for users with CUCM.

Here are some quick facts:
What: Cisco Unified Provisioning Manager 8.6 is a tool that integrates with your existing CUCM, CUC and CUPs servers to provide a single management pane to easily add users to all three and ensure they are added consistently and accurately.

Essentially it provides templates for line and phone settings to add users to CUCM. So for example, you can create a template called SiteA (As I do in the video) that contains all the settings for SiteA users telephones, lines, voicemail, remote destination profiles and extension mobility profiles and easily add new users with just a few clicks, making changes if you need to.

The provisioning tool takes care of all the little details such as associating the users with their phones, associating the user to the line, updating the primary extension etc. etc. and means you can _very_ rapidly deploy new phones.

It even looks after your number blocks, so you can specify directory numbers for particular sites and it will manage their allocation for you, ensuring they don't overlap, allowing you to reserve some numbers and also showing you an inventory of which are available.

Here is a video showing more:




Higher quality video: http://youtu.be/c6LL-4rZf_4


How: A 90 day trial license is available to make sure it is for you, it's got a list price of 12k for 500 users, so you should half that to get an idea of how much it might cost. I would say it is targeted at quite large organizations who make a lot of add's moves and changes or who have a very complicated CUCM setup.




Caveats: It has a few limitations that I came across such as you cannot use keywords everywhere (keywords like ${FIRSTNAME} and ${EXTENSION} allow you to specify

More Information: I still have not fully explored options such as what about removing services from a user, (i.e. decommissioning a users phone) as I imagine that is quite common task.

If you have had some of your own experience with Cisco Unified Provisioning Manager I would love to hear about it! Leave a comment below


Tuesday, November 1, 2011

YACFCMEHCUCMD or Yet Another Cool Feature CME has CUCM does not

HI Guys

(People visiting from Aggregators please visit: http://www.ccierants.com/2011/11/yacfcmehcucmd-or-yet-another-cool.html)

Introducing Unlocked MeetMe Conferences.

Like my very Long acronym in the title? Yes it's time for yet another great feature that CCME has that CUCM does not, the list just keeps getting longer and longer, I am a Cisco fan boy through and through but it boggles my mind that CME gets features that CUCM does not, CUCM is meant to be the flagship.

Plus if you believe the rumors, the plan is to remove CUE running on modules and instead have SRE running Unity Connection, so if that is there plan long term for unity connection, you have to wonder if the next logical step is to do the same for CUCM (you can already do it too, CUCM will run on SRE modules as far as I know)

So anyway, on to the feature

So we all know and love Meet me conference on CCME and CUCM i assume, it is a pretty funky feature where you can setup a conference by pressing the meetme button, dialling the number of the conference 'Room" and then having your participants dial the meeting number (either externally or internally) This means you as the conference organiser don't have to dial everyone in, you can just say

Ring me at 5:00pm on this number to join the conference, deal with it.

Your participants then just dial in, pretty simple and effective hey.

But it has a few small limitations, for some it is a hassle to have to press the meetme soft key, they forget to do it. To me though one of the main limitations is that you actually have to be infront of a Cisco Handset in order to start the conference off, what if you want a conference but your away from your desk when the conference starts, maybe an important customer wants to talk business so you hop into your car to go see him before realising, DAMN, i forgot about my conference, and i can't even start the conference now because I am on the road.

Well, conference meetme unlocked is what your after in this situation.

With Conference Meetme unlocked, you can have a meetme number that is always ready to go, simply dial in and the conference starts, even if your the first one to start the conference!

It is super easy to configure as well, here is a quick example configuration:


ephone-dn 6 octo-line
number 3000
conference meetme unlocked
!

Easy as that guys, just that simple keyword at the end of conference meetme "unlocked" and walla your ready to go.

Let's use a show command to get a bit more info:

PeterCCIE18371#show ephone-dn conference meetme
type active inactive numbers
=======================================
Meetme 1 7 3000
DN tags: 6
All DN tags unlocked.


now for those of you who have never even setup a normal meet me conference I have included all my configuration for you just to give you a bit more to work with :)

Just quickly, 10.0.0.3 is my local CCME, (which is Fa0/1 IP address)

sccp local FastEthernet0/1
sccp ccm 10.0.0.3 identifier 1 version 7.0
sccp
sccp ccm group 1
associate ccm 1 priority 1
associate profile 1 register CONFHQ
dspfarm profile 1 conference
codec g711ulaw
codec g711alaw
codec g729ar8
codec g729abr8
codec g729r8
codec g729br8
maximum sessions 1
associate application SCCP
telephony-service
sdspfarm units 1
sdspfarm tag 1 CONFHQ
conference hardware
ephone-dn 6 octo-line
number 3000
conference meetme unlocked

!

Of course you must be careful from a security perspective to ensure that only people within your organization can dial this number, this can be accomplished with COR's (incoming COR's and Outgoing COR"S) I have even seen some smart cookies out there on internet land who have setup AA scripts so there meet me's have a PIN!

I hope this helps someone out there!