This is the fourth in a planned series of templates. It provides a
baseline template for an MGCP gateway with basic SRST (i.e. not CME in SRST mode). The MGCP configuration in CUCM should match, so be sure to update both the CLI & GUI with the correct switch type, framing, cptone/network locale, etc. for your deployment. Inline commentary explains various settings.
!
! Disable unnecessary services
no ip source-route
!
! Don't use ip options drop if you're using RSVP
! Don't use no service dhcp if you're using DHCP Relay
ip options drop
no ip http server
no ip http secure-server
no service tcp-small-servers
no service udp-small-servers
no service dhcp
no ip bootp server
no ip finger
no ip identd
no service config
no mop enabled
no service pad
!
! Enable password encryption, TCP keepalives & faster config viewing
service password-encryption
service tcp-keepalives-in
service tcp-keepalives-out
parser config cache interface
!
! Enable CDP & LLDP
cdp run
lldp run global
!
! Optimise TFTP transfers
ip tftp blocksize 8192
!
! Enable buffer overflow detection & correction
exception memory ignore overflow io
exception memory ignore overflow processor
!
! Enable log time stamps with the timezone & logging to a syslog server
service timestamps debug datetime msec
service timestamps log datetime localtime msec show-timezone
logging buffered 16384
logging host x.x.x.x
!
! Enable voice Internal Error Codes to syslog
voice iec syslog
!
! Enable SSH v2, reduce SSH session establish timeout & create 2048 bit SSH key
hostname [name]
ip domain-name [domain name]
crypto key generate rsa modulus 2048
ip ssh time-out 120
ip ssh version 2
!
! Block logins for 5 minutes after 4 failed attempts within 2 minutes, also log login attempts
login block-for 300 attempts 4 within 120
login delay 2
login on-failure log
login on-success log
!
! Define a login banner
banner login ^
************************************************************************
You have logged on to a [COMPANY] proprietary device.
This device may be used only for the authorized business purposes
of [COMPANY]. Anyone found using this device or its information for
any unauthorized purpose may be subject to disciplinary action
and/or prosecution.
************************************************************************
^
!
! Define an admin user, configure local authentication & authorisation (ideally use RADIUS/TACACS+)
username [user] privilege 15 secret [password]
aaa new-model
aaa authentication login default local
aaa authentication enable default enable
!
! Set correct time zone & configure multiple NTP servers via DNS
ip name-server 208.67.220.220 208.67.222.222
clock timezone GMT 0
clock summer-time BST recurring last Sun Mar 1:00 last Sun Oct 2:00
ntp server 0.uk.pool.ntp.org
ntp server 1.uk.pool.ntp.org
ntp update-calendar
!
! ISDN settings
card type e1 0 0
!
! ISR G1 & G2 clocking commands
network-clock-participate wic 0
network-clock-select 1 e1 0/0/0
!
! 4000 series clocking commands
network-clock synchronization automatic
network-clock input-source 1 controller E1 0/1/0
!
! 4000 series CSCvb01800 bug workaround for clock slips
no network-clock synchronization participate 0/1
!
isdn switch-type primary-net5
!
controller E1 0/0/0
pri-group timeslots 1-31 service mgcp
!
! 4000 series clocking command
clock source line primary
!
! Enable B channel negotiation
interface Serial 0/0/0:15
isdn negotiate-bchan
!
! Example 6-digit translations
voice translation-rule 1
rule 1 /^25\(2...\)/ /\1/
rule 2 /^75\(3...\)/ /\1/
!
voice translation-rule 2
rule 1 /^\(2...\)$/ /0130525\1/
rule 2 /^\(3...\)$/ /0130575\1/
rule 3 /^....$/ /01305252600/
!
voice translation-rule 3
rule 1 /\(.*\)/ /90\1/
!
voice translation-rule 4
rule 1 /^9/ //
!
voice translation-profile PSTN_In
translate calling 3
translate called 1
!
voice translation-profile PSTN_Out
translate calling 2
!
voice-port 0/0/0:15
translation-profile outgoing PSTN_Out
translation-profile incoming PSTN_In
echo-cancel coverage 64
bearer-cap Speech
cptone GB
!
! Enable MGCP fallback & related settings
application
global
service alternate Default
!
!
ccm-manager fallback-mgcp
ccm-manager redundant-host 10.10.10.240
ccm-manager mgcp
ccm-manager music-on-hold
ccm-manager switchback graceful
!
! Tweaked MGCP parameters, such a QoS & DTMF relay
mgcp
mgcp dtmf-relay voip codec all mode out-of-band
mgcp call-agent 10.10.10.243 2427 service-type mgcp version 0.1
mgcp rtp unreachable timeout 1000 action notify
mgcp modem passthrough voip mode nse
mgcp package-capability rtp-package
mgcp package-capability sst-package
mgcp package-capability pre-package
no mgcp package-capability res-package
no mgcp timer receive-rtcp
mgcp sdp simple
mgcp ip qos dscp cs3 signaling
!
! Improves T38 reliability
no ccm-manager fax protocol cisco
no mgcp fax t38 inhibit
mgcp package-capability fxr-package
mgcp default-package fxr-package
no mgcp fax t38 ecm
mgcp fax t38 nsf 000000
!
mgcp profile default
!
! Enable SIP to SIP calls and SIP registrar
voice service voip
allow-connections sip to sip
sip
bind control source-interface x
bind media source-interface x
registrar server
!
sip-ua
host-registrar
!
! Minimal dial plan
dial-peer voice 1 pots
description Calls to or from the PSTN
destination-pattern 9T
incoming called-number .T
direct-inward-dial
port 0/0/0:15
!
dial-peer voice 2 pots
description Emergency services
destination-pattern 9999
port 0/0/0:15
forward-digits 3
!
dial-peer voice 3 pots
description Emergency services
destination-pattern 9112
port 0/0/0:15
forward-digits 3
!
! Minimal SCCP SRST config
call-manager-fallback
secondary-dialtone 9
max-conferences 4 gain -6
transfer-system full-consult
timeouts interdigit 5
ip source-address x.x.x.x port 2000
max-ephones 52
max-dn 104 dual-line
keepalive 20
time-zone 21
time-format 24
date-format dd-mm-yy
transfer-pattern .T
call-forward pattern .T
!
! Minimal SIP SRST config
voice register global
timeouts interdigit 5
max-dn 104
max-pool 52
timezone 21
time-format 24
date-format D/M/Y
network-locale GB
!
! Allow SIP phones from specified network to register
voice register pool 1
id network x.x.x.x mask 255.255.255.0
dtmf-relay sip-kpml
codec g711ulaw
no vad
!
! Restrict vty access to SSH & set 15 minute timeout on console & vty
ip access-list standard VTY-IN
permit x.x.x.x x.x.x.x
line con 0
logging synchronous
transport preferred none
exec-timeout 15
line vty 0 15
logging synchronous
transport preferred none
transport input ssh
access-class VTY-IN in
exec-timeout 15