Monday, 23 October 2017

MGCP / SRST Template

This is the fourth in a planned series of templates. It provides a baseline template for an MGCP gateway with basic SRST (i.e. not CME in SRST mode). The MGCP configuration in CUCM should match, so be sure to update both the CLI & GUI with the correct switch type, framing, cptone/network locale, etc. for your deployment. Inline commentary explains various settings.
! Disable unnecessary services
no ip source-route
! Don't use ip options drop if you're using RSVP
! Don't use no service dhcp if you're using DHCP Relay
ip options drop
no ip http server
no ip http secure-server
no service tcp-small-servers
no service udp-small-servers
no service dhcp
no ip bootp server
no ip finger
no ip identd
no service config
no mop enabled
no service pad
! Enable password encryption, TCP keepalives & faster config viewing
service password-encryption
service tcp-keepalives-in
service tcp-keepalives-out
parser config cache interface
! Enable CDP & LLDP
cdp run
lldp run global
! Optimise TFTP transfers
ip tftp blocksize 8192
! Enable buffer overflow detection & correction
exception memory ignore overflow io
exception memory ignore overflow processor
! Enable log time stamps with the timezone & logging to a syslog server
service timestamps debug datetime msec
service timestamps log datetime localtime msec show-timezone
logging buffered 16384
logging host x.x.x.x
! Enable voice Internal Error Codes to syslog
voice iec syslog
! Enable SSH v2, reduce SSH session establish timeout & create 2048 bit SSH key
hostname [name]
ip domain-name [domain name]
crypto key generate rsa modulus 2048
ip ssh time-out 120
ip ssh version 2
! Block logins for 5 minutes after 4 failed attempts within 2 minutes, also log login attempts
login block-for 300 attempts 4 within 120
login delay 2
login on-failure log
login on-success log
! Define a login banner
banner login ^
You have logged on to a [COMPANY] proprietary device.

This device may be used only for the authorized business purposes
of [COMPANY]. Anyone found using this device or its information for
any unauthorized purpose may be subject to disciplinary action
and/or prosecution.
! Define an admin user, configure local authentication & authorisation (ideally use RADIUS/TACACS+)
username [user] privilege 15 secret [password]
aaa new-model
aaa authentication login default local
aaa authentication enable default enable
! Set correct time zone & configure multiple NTP servers via DNS
ip name-server
clock timezone GMT 0
clock summer-time BST recurring last Sun Mar 1:00 last Sun Oct 2:00
ntp server
ntp server
ntp update-calendar
! ISDN settings
card type e1 0 0
! ISR G1 & G2 clocking commands
network-clock-participate wic 0
network-clock-select 1 e1 0/0/0
! 4000 series clocking commands
network-clock synchronization automatic
network-clock input-source 1 controller E1 0/1/0

! 4000 series CSCvb01800 bug workaround for clock slips
no network-clock synchronization participate 0/1
isdn switch-type primary-net5
controller E1 0/0/0
 pri-group timeslots 1-31 service mgcp
 ! 4000 series clocking command
 clock source line primary
! Enable B channel negotiation
interface Serial 0/0/0:15
 isdn negotiate-bchan
! Example 6-digit translations
voice translation-rule 1
 rule 1 /^25\(2...\)/ /\1/
 rule 2 /^75\(3...\)/ /\1/
voice translation-rule 2
 rule 1 /^\(2...\)$/ /0130525\1/
 rule 2 /^\(3...\)$/ /0130575\1/
 rule 3 /^....$/ /01305252600/
voice translation-rule 3
 rule 1 /\(.*\)/ /90\1/
voice translation-rule 4
 rule 1 /^9/ //
voice translation-profile PSTN_In
 translate calling 3
 translate called 1
voice translation-profile PSTN_Out
 translate calling 2
voice-port 0/0/0:15
 translation-profile outgoing PSTN_Out
 translation-profile incoming PSTN_In
 echo-cancel coverage 64
 bearer-cap Speech
 cptone GB
! Enable MGCP fallback & related settings
  service alternate Default
ccm-manager fallback-mgcp
ccm-manager redundant-host
ccm-manager mgcp
ccm-manager music-on-hold
ccm-manager switchback graceful
! Tweaked MGCP parameters, such a QoS & DTMF relay
mgcp dtmf-relay voip codec all mode out-of-band
mgcp call-agent 2427 service-type mgcp version 0.1
mgcp rtp unreachable timeout 1000 action notify
mgcp modem passthrough voip mode nse
mgcp package-capability rtp-package
mgcp package-capability sst-package
mgcp package-capability pre-package
no mgcp package-capability res-package
no mgcp timer receive-rtcp
mgcp sdp simple
mgcp ip qos dscp cs3 signaling
! Improves T38 reliability
no ccm-manager fax protocol cisco
no mgcp fax t38 inhibit
mgcp package-capability fxr-package
mgcp default-package fxr-package
no mgcp fax t38 ecm
mgcp fax t38 nsf 000000
mgcp profile default
! Enable SIP to SIP calls and SIP registrar
voice service voip
 allow-connections sip to sip
  bind control source-interface x
  bind media source-interface x
  registrar server
! Minimal dial plan
dial-peer voice 1 pots
 description Calls to or from the PSTN
 destination-pattern 9T
 incoming called-number .T
 port 0/0/0:15
dial-peer voice 2 pots
 description Emergency services
 destination-pattern 9999
 port 0/0/0:15
 forward-digits 3
dial-peer voice 3 pots
 description Emergency services
 destination-pattern 9112
 port 0/0/0:15
 forward-digits 3
! Minimal SCCP SRST config
 secondary-dialtone 9
 max-conferences 4 gain -6
 transfer-system full-consult
 timeouts interdigit 5
 ip source-address x.x.x.x port 2000
 max-ephones 52
 max-dn 104 dual-line
 keepalive 20
 time-zone 21
 time-format 24
 date-format dd-mm-yy
 transfer-pattern .T
 call-forward pattern .T
! Minimal SIP SRST config
voice register global
 timeouts interdigit 5
 max-dn 104
 max-pool 52
 timezone 21
 time-format 24
 date-format D/M/Y
 network-locale GB
! Allow SIP phones from specified network to register
voice register pool 1
 id network x.x.x.x mask
 dtmf-relay sip-kpml
 codec g711ulaw
 no vad
! Restrict vty access to SSH & set 15 minute timeout on console & vty
ip access-list standard VTY-IN
 permit x.x.x.x x.x.x.x
line con 0
 logging synchronous
 transport preferred none
 exec-timeout 15
line vty 0 15
 logging synchronous
 transport preferred none
 transport input ssh
 access-class VTY-IN in
 exec-timeout 15

No comments:

Post a Comment