UW-STOUT ITM Atlanta Times Co. Telephony Design ITM 330 Final Project Bill Osborne, Eric Berg, Scott Green, Trevor Blankenship 5/1/2013 Contents Executive Summary:...................................................................................................................................... 2 Goals and Objectives..................................................................................................................................... 3 Proposal: ....................................................................................................................................................... 3 Routing and Switching: ............................................................................................................................. 3 MGCP Gateways: ...................................................................................................................................... 4 Requirements................................................................................................................................................ 5 Technical ................................................................................................................................................... 5 Constraints ................................................................................................................................................ 5 Cisco Unified Communication Management Design .................................................................................... 5 IP Addressing................................................................................................................................................. 6 New Cisco Phones ..................................................................................................................................... 7 Active Directory Design/Windows Server 2008 R2....................................................................................... 8 Basic Server Configuration ........................................................................................................................ 8 Users and Computers................................................................................................................................ 9 Quality of Service (QoS) .............................................................................................................................. 10 WAN ........................................................................................................................................................ 10 Access Layer ............................................................................................................................................ 10 Distribution/Core .................................................................................................................................... 10 Design: .................................................................................................................................................... 10 Budget ......................................................................................................................................................... 11 Appendix ..................................................................................................................................................... 11 ATL_Router2 ............................................................................................................................................... 19 ATL_Switch .................................................................................................................................................. 31 ISP................................................................................................................................................................ 39 WIS_Router2 ............................................................................................................................................... 44 WIS_Switch ................................................................................................................................................. 58 Executive Summary: The Atlanta Times Company has recently been assigned new data requirements for a more reliable voice over IP integration. Voice over Internet Protocol or VoIP is the simplest resolution toward a low maintenance and low cost approach to communication. Because their current PBX system is outdated, PodD has been assigned to update the equipment while also providing design implementations that will offer Atlanta Times a solution to voice. For the headquarter location, Atlanta Times employs over 400 staff and news reporters while the companies branch location only staffs roughly 130. Both locations require their own network virtual local area networks, or VLANS while also support for four-digit dialing between both sites. To achieve these requirements, QoS will be added to the existing network providing a streamlined solution to data with voice applications. Atlanta will see no downtime with the devices selected and full integration with Microsoft Active Directory allowing staff members to login to any phone. To offer a unified calling console for network engineers, Cisco Unified Communications Manager or CUCM will be installed at the corporate office allowing full control and visibility of Atlanta’s voice devices. Along with any new design comes a price. For this design and implementation, the budget totals to $377,360.00 Keywords: Voice, Cisco, VoIP, Phones, Digital, QoS, Solutions, Design, CUCM, VLANS. Goals and Objectives PodD’s goals & Objectives for the Atlanta Times Companies network are as follows: Add 530 phones to the company High redundancies and failovers Cisco Unified Communication Manager Active Directory Integration for Cisco Mobility Public Switch Telephone Network Integration Quality of Service Proposal: Atlanta Times Company needs a solution for an IP based voice network in both locations. To do this, PodD has created a detail proposal that will go over basic design elements to complex data evaluations. Routing and Switching: Within any voice network, Cisco devices are needed to run the backbone that routes calls from place to place. The router chosen for this network implementation has been the Cisco 2911, an integrated service router with C2911-VSEC/K9 as the voice and security bundle. The routers have been purchased for $3,644.00 from a trust Cisco retailer, CDW.com. For Atlanta Times, the 2911 is a perfect match that can route normal data to FTP servers while keeping voice calls moving without any hassle. The implementation of the test network began with three routers. One for the Atlanta location, Wisconsin location and ISP. Within these three routers, the Atlanta and Wisconsin location have a GRE tunnel or Generic Routing Encapsulation tunnel between both locations. This specific tunnel contains an extended access list that only traffic destined for each location will use. For example, traffic destined for the web will not use the tunnel because it does not have encapsulated packets for the internal network. This tunnel allows for private data transfer and voice calls with four digit dialing. With the routers, we have implemented DHCP servers for both Atlanta and Wisconsin that both point use option 150 to point to our CUCM server. The CUCM server will be explained in further detail below in the document. Each computer and phone will pull an IP address that corresponds to the DHCP server. From there, the router can route traffic to and from the company’s locations. Each telephony device must either use a dedicated power supply or power over Ethernet or PoE through a network switch. For Atlanta Times, the best option would be 24 or 48 port PoE gigabit switches. Any Cisco switch with a PoE module will provide the level of access each user needs. The Cisco VoIP phones, which will be described in further detail below, can access the switch through a standard Ethernet cable and provide the user with a PC input as well. This allows better cable management and less stress for network engineers. For our implementation, we have selected Cisco 3560 PoE switches for normal voice use. Each port contains one of the two data VLAN’s and one voice VLAN so each device can be on its dedicated network. The end user data ports will also have spanning tree portfast enabled with switchport security that can block unwanted attacks or hacks to the network. All switchports will also use QoS, no matter if a trunk link or end user connection. The router and switches chosen for Atlanta Times are used to provide the best redundancy and uptime. We will now discuss MGCP gateways and how they are used within the routers. MGCP Gateways: Media Gateway Control Protocol or MGCP gateways are used if any voice network wants to connect to the outside world. In brief, the MGCP gateway allows user to dial any North American dial plan and be connected like an analog phone. For our network implementation, it was important that MGCP be placed on both locations for not only phone calls to the outside world, but redundancy. If the WAN link to the ISP locations goes down on either router, MGCP can route digital calls through the analog public switched telephone network. This practice was tested and implemented in the topology. 911 and other emergency numbers were also formatted in each router for the use fast dialing to local services. CUCM provides configurations for our gateways while the routers needed to be configured manually for MGCP to operate. Once this was configured, calling between both sites without a WAN link was successful. Requirements The Atlanta Times Co. has set a few requirements but they very important to follow. These requirements are listed as follows. Technical Needs 24/7 technical support Connectivity between HQ and remote office Need to have video conferencing Must have quality of service and little to no downtime Must implement VoIP and also integrate with active directory and Outlook Must have Cisco Unity Unified Messaging WAN connects to HQ and Wisconsin remote office using GRE over IP Sec site to site VPN tunnel Constraints New system must reduce cost, improve productivity and increase collaboration Need to extend the life and the value of the company’s investment with cisco VoIP Enough IP phones and equipment to support over 500 staff Voice, data must be on different VLANs Design should address high volume data traffic Must provide Music on Hold as a marketing tool Need to implement in a pilot network before putting into the production network Cisco Unified Communication Management Design The Cisco Unified Communications Manager can help Atlanta Times with their phone service in many ways. It’s an enterprise-class IP communications processing system for up to 40,000 users Increased video accessibility allowing multiple users to video conference at once It can help boost productivity Allows access to a larger number of applications Helps accelerate business innovation Reduces the complexity of IT Better user mobility allowing single number access to desk phone, mobile phone increasing reach regardless of your location Access to company voicemail Able to check the availability of employees in real time Supports higher-resolution color displays on Cisco Unified IP Phones Voice quality is better with support for low bandwidth and high-definition audio codecs Cisco TelePresence conferencing allows face-to-face communication over the network Phone designer lets you customize ring tones and background images Allows you to view, listen and respond to voicemail messages directly from your IP Phone Networking costs per employee are, on average, almost 50 percent lower IP Addressing For the Atlanta Times company we had to provide enough scalability to the corporation that would allow for future growth. Currently the Atlanta Times corporation has 300 staff members and 100 news reporters at the headquarters in Atlanta. The company also has 100 staff members and 30 news reporters. Keeping this in mind, we wanted to provide a proper IP addressing scheme for each location to account for the future expansion. At the headquarter location in Atlanta, we decided to use IP addresses of 10.60.100.1/24 for news reporters and 10.60.200.1/23 for the staff members. This is essentially the same at the remote office in Wisconsin using IP addresses of 10.50.100.1/24 for news reporters and 10.50.200.1/23 for staff members. This IP addressing scheme will allow the Atlanta location to have 254 news reporters and 512 staff members. The remote site at Wisconsin is also providing scalability for more users allowing 254 available IP addresses for news reporters and 512 for staff members. Each location also needed enough available IP addresses to provide for the voice traffic across the network. The addresses used for this traffic is 10.60.20.0/23 at the Atlanta site and 10.50.20.0 /23 at the Wisconsin site which will provide for 512 voice IP addresses at each location. The IP addresses described in the next section pertain to the more technical aspect of setting up this VoIP network. It will detail all the IP addresses Network Administrators will need to know to manage the VoIP network with some additional information. In order to manage the switches we have also set up a management VLAN in the network with an IP address of 10.60.99.1/24 and 10.50.99.1/24. This will allow Network Administrators to telnet into switches and gain remote access for any management needs. The address of the CUCM server will be 10.60.30.10 which will allow Network Administrators to navigate to the CUCM administration page by using the Internet Explorer Web browser which allows CUCM configuration as needed. This address also had to be specified in the router configurations with a few other commands. The first is specifying option 150 which defines the TFTP server (CUCM) to download the phone configuration files. The address for the ccm-manager config server command will specify the TFTP server which the Media Gateway Control Protocol (MGCP) gateway will use to download configuration files from the CUCM. The mgcp call-agent address will also be used to configure the address and protocol of the call agent for the MGCP endpoints to use on the media gateway. An IPsec tunnel is also set up to provide a private-to-private network with the need for the internet for the two sites to be able to communicate. For this to be achieved we set up a tunnel interface at each location. For the Atlanta Location the tunnel IP address is 10.60.1.1/24 and at the Wisconsin location the tunnel IP address is 10.90.1.2/24. With this set up the two sites should always be able to route traffic between each other. Each location of the tunnel also has to specify a source and destination address so it knows where to route traffic to, once leaving the local network or essentially how to travel through the IPsec tunnel. To accommodate for these needs the Atlanta time will have a tunnel source IP address of 99.99.99.1 and a destination of 98.98.98.1. The Wisconsin site will be vice versa with a source IP address of 98.98.98.1 and a destination IP address of 99.99.99.1. A routing protocol will also be needed to permit routing to all the networks specified. To do this we are going to use EIGRP which is a great routing protocol that is easy to manage and troubleshoot any issues. New Cisco Phones The reason for purchasing new Cisco IP phones is to upgrade any outdated equipment the Atlanta Times company may still be using and give them the ability to use video conferencing between the headquarter location in Atlanta and the remote site in Wisconsin. The Atlanta Times company is growing and we felt their technology should advance with the company, that’s why we recommend purchasing next generation Cisco 9971 IP phones. Purchasing this type of Cisco IP phone will ensure that technology doesn’t outdate the phones in the near future and this phone was also tested in a working prototype network for the Atlanta Times. This device also supports all the proper specifications and features need for the Atlanta Times VoIP solution. The list below provides the specifications and features of the Cisco 9971 IP phone. LCD Display/Touch Screen H.264 video codes needed for video conferencing Support of G.711 and G.729 voice codecs Has Class 3 Power over Ethernet capability Runs all the proper Network protocols CDP, DNS, HTTP, LLDP, RTCP, SRTP, TFTP and VoIP protocols of RTCP, SIP, SRTP Works with CUCM 7.1 or later IP addressing can be applied either statically or through DHCP. The Cisco 9971 IP phone seems like a great option for the Atlanta Times company’s VoIP solution and we hope they consider our recommendation. Active Directory Design/Windows Server 2008 R2 Atlanta Times has a Windows Server 2008 R2 running active directory. They have 100 users in their Atlanta News organizational unit, 300 in Atlanta Staff, and 100 in Wisconsin Staff. Atlanta Times has requested that the Windows server 2008 should be used to populate phone and voice mail users. Basic Server Configuration We decided to use Windows Server 2008 R2 to distribute users, computers, and VoIP phone. We installed the active directory role, DNS, and opted to leave DHCP up to our main router in Atlanta. We added users into our network users CSV, implementing all of their attributes at once. Our network configuration for the server is as follows: 1. 2. 3. 4. IP Address: Subnet Mask: Default Gateway: DNS Server: 10.60.30.254 255.255.255.0 10.60.30.1 10.60.30.254 Users and Computers We added users to active directory by using a CSV file and implementing the CSVDE command. This was a quick and easy way to add all the necessary users in Active Directory without inputting them all in by hand. The steps we took are as follows: 1. Open Notepad. 2. Use the following syntax to add users into active directory a. DN,sAMAccountNAme,userPrincipalName,telphoneNumber,objectclass b. “cn=[name],ou=[organizational unit name], dc=[domain],dc=[com]” [username],[useremail],[userPhoneNumber], user i. [name] = user1, (do not use the brackets) 3. Save the document as a .csv file extension (not the save location, I like to save to C:/ ) 4. Go to start in type in CMD in the search bar, this opens command prompt 5. Ensure the directory of command prompt is the same as the location of the file. a. i.e. if it is saved in C:/ make sure command prompt shows C:/ not C:/users/file… i. you can get to cd by using the cd .. command 6. Type csvde –I –f <File_location_and_name> (example C:/AddUsers.csv) 7. After pressing enter, the file should load the users to active directory a. Make sure to go into active directory and enable all the accounts you added! i. Right click on user and select “enable user” We added computers in a similarly efficient manner using the netdom add command. This command is a simple command that will add a computer with a specific name to your Computer OU. The process to accomplish this is as follows. 1. Open notepad. 2. Using the following syntax add computers a. Netdom add [name of computer] i. i.e. netdom add computer1 ii. This will add a computer named computer1 to active directory 3. After you have entered all the computers into notepad open command prompt 4. Select start and enter CMD in the search bar, this will open command prompt 5. Go to your notepad file of computers and copy the text. 6. Go into command prompt and paste the text, (you may have to right click) 7. Command prompt will then enter in the computers to active directory. 8. Ensure that the desired computer have been added to active directory Quality of Service (QoS) To meet voice quality standards we implemented QoS throughout our network, giving priority to voice traffic and trusting class of service. This will be deployed through the network to meet and exceed Atlanta Times VoIP requirements. WAN As requested from Atlanta Times we will prioritize voice traffic without starving the other traffic on the network. We implemented Access Layer Access layer ports going straight to phones and computers will be using port fast and trust CoS/Qos for voice traffic. Following cisco’s recommendations we prioritized voice traffic above regular data traffic from the computer. This is to illuminate latency in the phone call. We will be using AutoQos specifically since it will provide a sufficient QoS plan above Atlanta Times requirements. Distribution/Core AutoQoS will also be used here due to its high automatic standard. We will also trust CoS/QoS Design: Budget We bought 530 Cisco 9971 IP phones at $712.00 a piece with all licenses. This totaled out to be $377,360. As explained in the phone section of this document these are the perfect phones for Atlanta Times. Appendix Pic 1 Pic 2 Pic 3 Pic 4 Pic 5 Pic 5 Pic 6 Pic 7 Pic 8 Pic 9 Pic 10 Pic 11 Pic 12 Pic 13 Pic 14 ATL_Router2 ATL_Router#show run Building configuration... Current configuration : 5606 bytes ! ! Last configuration change at 15:58:16 CST Sat May 4 2013 ! NVRAM config last updated at 15:58:18 CST Sat May 4 2013 ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ATL_Router ! boot-start-marker boot-end-marker ! card type t1 0 3 ! no aaa new-model ! resource policy ! memory-size iomem 10 clock timezone CST -5 network-clock-participate wic 3 ! ! ip cef no ip dhcp use vrf connected ip dhcp excluded-address 10.60.100.1 10.60.100.9 ip dhcp excluded-address 10.60.200.1 10.60.200.9 ip dhcp excluded-address 10.60.30.1 10.60.30.9 ip dhcp excluded-address 10.60.20.1 10.60.20.9 ! ip dhcp pool 100 network 10.60.100.0 255.255.255.0 default-router 10.60.100.1 dns-server 8.8.8.8 ! ip dhcp pool 200 network 10.60.200.0 255.255.254.0 default-router 10.60.200.1 dns-server 8.8.8.8 ! ip dhcp pool 20 network 10.60.20.0 255.255.254.0 default-router 10.60.20.1 option 150 ip 10.60.30.10 ! ! no ip domain lookup ! ! isdn switch-type primary-ni ! voice-card 0 no dspfarm ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! controller T1 0/3/0 framing esf linecode b8zs cablelength short 133 pri-group timeslots 1-8,24 service mgcp ! class-map match-any AutoQoS-VoIP-Remark match ip dscp ef match ip dscp cs3 match ip dscp af31 class-map match-any AutoQoS-VoIP-Control-UnTrust match access-group name AutoQoS-VoIP-Control class-map match-any AutoQoS-VoIP-RTP-UnTrust match protocol rtp audio match access-group name AutoQoS-VoIP-RTCP ! ! policy-map AutoQoS-Policy-UnTrust class AutoQoS-VoIP-RTP-UnTrust priority percent 70 set dscp ef class AutoQoS-VoIP-Control-UnTrust bandwidth percent 5 set dscp af31 class AutoQoS-VoIP-Remark set dscp default class class-default fair-queue ! ! ! crypto isakmp policy 10 encr aes 256 authentication pre-share group 5 lifetime 3600 crypto isakmp key cisco123 address 98.98.98.1 ! crypto ipsec security-association lifetime seconds 1800 ! crypto ipsec transform-set 50 esp-aes 256 esp-sha-hmac ! crypto map CMAP 10 ipsec-isakmp set peer 98.98.98.1 set security-association lifetime seconds 900 set transform-set 50 set pfs group5 match address Tunnel ! ! ! ! ! interface Tunnel0 ip address 10.90.1.1 255.255.255.0 tunnel source 99.99.99.1 tunnel destination 98.98.98.1 ! interface FastEthernet0/0 no ip address duplex auto speed auto auto qos voip service-policy output AutoQoS-Policy-UnTrust ! interface FastEthernet0/0.20 description ROUTER INTERFACE FOR Voice encapsulation dot1Q 20 ip address 10.60.20.1 255.255.254.0 ! interface FastEthernet0/0.30 encapsulation dot1Q 30 ip address 10.60.30.1 255.255.255.0 ! interface FastEthernet0/0.99 description ROUTER INTERFACE FOR MANAGEMENT VLAN encapsulation dot1Q 99 ip address 10.60.99.1 255.255.255.0 ! interface FastEthernet0/0.100 encapsulation dot1Q 100 ip address 10.60.100.1 255.255.255.0 ! interface FastEthernet0/0.200 description ROUTER INTERFACE FOR DATA_Staff encapsulation dot1Q 200 ip address 10.60.200.1 255.255.254.0 ! interface FastEthernet0/1 ip address 99.99.99.1 255.255.255.0 duplex auto speed auto auto qos voip crypto map CMAP service-policy output AutoQoS-Policy-UnTrust ! interface Serial0/0/0 no ip address shutdown no fair-queue clock rate 2000000 ! interface Serial0/0/1 no ip address shutdown clock rate 2000000 ! interface Serial0/1/0 no ip address shutdown clock rate 2000000 ! interface Serial0/1/1 no ip address shutdown clock rate 2000000 ! interface Serial0/3/0:23 no ip address encapsulation hdlc isdn switch-type primary-ni isdn incoming-voice voice isdn bind-l3 ccm-manager no cdp enable ! router eigrp 1 redistribute static network 10.60.20.0 0.0.1.255 network 10.60.30.0 0.0.0.255 network 10.60.99.0 0.0.0.255 network 10.60.100.0 0.0.0.255 network 10.60.200.0 0.0.1.255 network 99.99.99.0 0.0.0.255 no auto-summary ! ip route 98.98.98.0 255.255.255.0 FastEthernet0/1 ! ! ip http server no ip http secure-server ! ip access-list extended AutoQoS-VoIP-Control permit tcp any any eq 1720 permit tcp any any range 11000 11999 permit udp any any eq 2427 permit tcp any any eq 2428 permit tcp any any range 2000 2002 permit udp any any eq 1719 permit udp any any eq 5060 ip access-list extended AutoQoS-VoIP-RTCP permit udp any any range 16384 32767 ip access-list extended Tunnel permit ip 10.60.20.0 0.0.1.255 10.50.20.0 0.0.1.255 permit ip 10.60.200.0 0.0.1.255 10.50.200.0 0.0.1.255 permit ip 10.60.100.0 0.0.1.255 10.50.100.0 0.0.1.255 ! ! ! ! ! ! ! control-plane ! rmon event 33333 log trap AutoQoS description "AutoQoS SNMP traps for Voice Drops" owner AutoQoS rmon alarm 33333 cbQosCMDropBitRate.34.14175073 30 absolute rising-threshold 1 33333 fallingthreshold 0 owner AutoQoS ! ! voice-port 0/3/0:23 ! ccm-manager mgcp ccm-manager music-on-hold ccm-manager config server 10.60.30.10 ccm-manager config ! mgcp mgcp call-agent 10.60.30.10 2427 service-type mgcp version 0.1 mgcp dtmf-relay voip codec all mode out-of-band mgcp rtp unreachable timeout 1000 action notify mgcp modem passthrough voip mode nse mgcp package-capability rtp-package no mgcp package-capability res-package mgcp package-capability sst-package no mgcp package-capability fxr-package mgcp package-capability pre-package no mgcp timer receive-rtcp mgcp sdp simple mgcp rtp payload-type g726r16 static ! mgcp profile default ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 login length 0 line vty 1 4 login ! scheduler allocate 20000 1000 ntp master ! End ATL_Switch ATL_Switch#show run Building configuration... Current configuration : 4440 bytes ! version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ATL_Switch ! boot-start-marker boot-end-marker ! ! ! ! no aaa new-model system mtu routing 1500 ip routing ! ! ! mls qos map cos-dscp 0 8 16 24 32 46 48 56 mls qos srr-queue input bandwidth 70 30 mls qos srr-queue input threshold 1 80 90 mls qos srr-queue input priority-queue 2 bandwidth 30 mls qos srr-queue input cos-map queue 1 threshold 2 3 mls qos srr-queue input cos-map queue 1 threshold 3 6 7 mls qos srr-queue input cos-map queue 2 threshold 1 4 mls qos srr-queue input dscp-map queue 1 threshold 2 24 mls qos srr-queue input dscp-map queue 1 threshold 3 48 49 50 51 52 53 54 55 mls qos srr-queue input dscp-map queue 1 threshold 3 56 57 58 59 60 61 62 63 mls qos srr-queue input dscp-map queue 2 threshold 3 32 33 40 41 42 43 44 45 mls qos srr-queue input dscp-map queue 2 threshold 3 46 47 mls qos srr-queue output cos-map queue 1 threshold 3 4 5 mls qos srr-queue output cos-map queue 2 threshold 1 2 mls qos srr-queue output cos-map queue 2 threshold 2 3 mls qos srr-queue output cos-map queue 2 threshold 3 6 7 mls qos srr-queue output cos-map queue 3 threshold 3 0 mls qos srr-queue output cos-map queue 4 threshold 3 1 mls qos srr-queue output dscp-map queue 1 threshold 3 32 33 40 41 42 43 44 45 mls qos srr-queue output dscp-map queue 1 threshold 3 46 47 mls qos srr-queue output dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23 mls qos srr-queue output dscp-map queue 2 threshold 1 26 27 28 29 30 31 34 35 mls qos srr-queue output dscp-map queue 2 threshold 1 36 37 38 39 mls qos srr-queue output dscp-map queue 2 threshold 2 24 mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55 mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63 mls qos srr-queue output dscp-map queue 3 threshold 3 0 1 2 3 4 5 6 7 mls qos srr-queue output dscp-map queue 4 threshold 1 8 9 11 13 15 mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14 mls qos queue-set output 1 threshold 1 100 100 50 200 mls qos queue-set output 1 threshold 2 125 125 100 400 mls qos queue-set output 1 threshold 3 100 100 100 400 mls qos queue-set output 1 threshold 4 60 150 50 200 mls qos queue-set output 1 buffers 15 25 40 20 mls qos ! ! auto qos srnd4 ! ! ! spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! ! ! ! interface FastEthernet0/1 switchport trunk encapsulation dot1q switchport mode trunk srr-queue bandwidth share 1 30 35 5 priority-queue out mls qos trust cos auto qos trust ! interface FastEthernet0/2 switchport access vlan 100 switchport mode access switchport voice vlan 20 srr-queue bandwidth share 1 30 35 5 priority-queue out mls qos trust cos auto qos trust spanning-tree portfast ! interface FastEthernet0/3 switchport access vlan 200 switchport mode access switchport voice vlan 20 srr-queue bandwidth share 1 30 35 5 priority-queue out mls qos trust cos auto qos trust spanning-tree portfast ! interface FastEthernet0/4 shutdown ! interface FastEthernet0/5 shutdown ! interface FastEthernet0/6 shutdown ! interface FastEthernet0/7 shutdown ! interface FastEthernet0/8 shutdown ! interface FastEthernet0/9 shutdown ! interface FastEthernet0/10 shutdown ! interface FastEthernet0/11 shutdown ! interface FastEthernet0/12 shutdown ! interface FastEthernet0/13 shutdown ! interface FastEthernet0/14 shutdown ! interface FastEthernet0/15 shutdown ! interface FastEthernet0/16 shutdown ! interface FastEthernet0/17 shutdown ! interface FastEthernet0/18 shutdown ! interface FastEthernet0/19 shutdown ! interface FastEthernet0/20 shutdown ! interface FastEthernet0/21 shutdown ! interface FastEthernet0/22 shutdown ! interface FastEthernet0/23 shutdown ! interface FastEthernet0/24 description TOP 3 Server with CUCM on it switchport access vlan 30 switchport mode access spanning-tree portfast ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 no ip address ! interface Vlan99 ip address 10.60.99.2 255.255.255.0 ! ! router eigrp 1 network 10.60.99.0 0.0.0.255 ! ip classless ip http server ip http secure-server ! ! ip sla enable reaction-alerts ! ! ! line con 0 exec-timeout 0 0 logging synchronous line vty 0 4 login length 0 line vty 5 15 login length 0 ! ntp peer 10.60.99.1 end ISP ISP#show run Building configuration... Current configuration : 1445 bytes ! ! Last configuration change at 18:25:21 UTC Mon Apr 22 2013 version 15.1 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ISP ! boot-start-marker boot-end-marker ! ! ! no aaa new-model ! memory-size iomem 10 ! no ipv6 cef ip source-route ip cef ! ! ! ! ! ! multilink bundle-name authenticated ! ! crypto pki token default removal timeout 0 ! ! license udi pid CISCO2911/K9 sn FTX1633AJH6 ! ! ! redundancy ! ! ! ! ! ! ! ! ! ! ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 ip address 99.99.99.2 255.255.255.0 duplex auto speed auto ip nat in ! interface GigabitEthernet0/1 ip address 98.98.98.2 255.255.255.0 duplex auto speed auto ip nat in ! interface GigabitEthernet0/2 ip address dhcp duplex auto speed auto ip nat out ! interface Serial0/0/0 no ip address shutdown clock rate 2000000 ! interface Serial0/0/1 no ip address shutdown clock rate 2000000 ! ! router eigrp 1 red stat passive-interface gi0/2 network 98.98.98.0 0.0.0.255 network 99.99.99.0 0.0.0.255 no au ! ip nat inside source list 100 interface gi0/2 overload access-list 100 permit ip 10.0.0.0 0.255.255.255 any ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ! ! ! ! ! ! ! control-plane ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line 2 no activation-character no exec transport preferred none transport input all transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 login transport input all ! scheduler allocate 20000 1000 end WIS_Router2 Wis_Router#show run Building configuration... Current configuration : 6533 bytes ! ! Last configuration change at 21:56:31 UTC Sat May 4 2013 ! NVRAM config last updated at 21:10:57 UTC Sat May 4 2013 ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Wis_Router ! boot-start-marker boot-end-marker ! card type t1 0 3 logging message-counter syslog ! no aaa new-model memory-size iomem 10 network-clock-participate wic 3 ! dot11 syslog ip source-route ! ! ip cef ip dhcp excluded-address 10.50.100.1 10.50.100.9 ip dhcp excluded-address 10.50.200.1 10.50.200.9 ip dhcp excluded-address 10.50.30.1 10.50.30.9 ip dhcp excluded-address 10.50.20.1 10.50.20.9 ! ip dhcp pool 100 network 10.50.100.0 255.255.255.0 default-router 10.50.100.1 dns-server 8.8.8.8 ! ip dhcp pool 200 network 10.50.200.0 255.255.254.0 default-router 10.50.200.1 dns-server 8.8.8.8 ! ip dhcp pool 20 network 10.50.20.0 255.255.254.0 default-router 10.50.20.1 option 150 ip 10.60.30.10 ! ! no ip domain lookup ! no ipv6 cef multilink bundle-name authenticated ! ! isdn switch-type primary-ni ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! voice translation-rule 1 rule 1 /^17152324\(...\)/ /3\1/ ! voice translation-rule 2 rule 2 /^4\(...\)/ /14045578\1/ ! ! voice translation-profile comein translate called 1 ! voice translation-profile exit translate called 2 ! ! voice-card 0 no dspfarm ! ! application global service alternate default ! ! ! ! ! ! archive log config hidekeys ! ! crypto isakmp policy 10 encr aes 256 authentication pre-share group 5 lifetime 3600 crypto isakmp key cisco123 address 99.99.99.1 ! crypto ipsec security-association lifetime seconds 1800 ! crypto ipsec transform-set 50 esp-aes 256 esp-sha-hmac ! crypto map CMAP 10 ipsec-isakmp set peer 99.99.99.1 set security-association lifetime seconds 900 set transform-set 50 set pfs group5 match address Tunnel ! ! ! controller T1 0/3/0 framing esf linecode b8zs cablelength short 220 pri-group timeslots 1-8,24 service mgcp ! ! class-map match-any AutoQoS-VoIP-Remark match ip dscp ef match ip dscp cs3 match ip dscp af31 class-map match-any AutoQoS-VoIP-Control-UnTrust match access-group name AutoQoS-VoIP-Control class-map match-any AutoQoS-VoIP-RTP-UnTrust match protocol rtp audio match access-group name AutoQoS-VoIP-RTCP ! ! policy-map AutoQoS-Policy-UnTrust class AutoQoS-VoIP-RTP-UnTrust priority percent 70 set dscp ef class AutoQoS-VoIP-Control-UnTrust bandwidth percent 5 set dscp af31 class AutoQoS-VoIP-Remark set dscp default class class-default fair-queue ! ! ! ! ! interface Tunnel0 ip address 10.90.1.2 255.255.255.0 tunnel source 98.98.98.1 tunnel destination 99.99.99.1 ! interface FastEthernet0/0 no ip address duplex auto speed auto auto qos voip service-policy output AutoQoS-Policy-UnTrust ! interface FastEthernet0/0.20 description ROUTER INTERFACE FOR Voice encapsulation dot1Q 20 ip address 10.50.20.1 255.255.254.0 ! interface FastEthernet0/0.99 description ROUTER INTERFACE FOR MANAGEMENT VLAN encapsulation dot1Q 99 ip address 10.50.99.1 255.255.255.0 ! interface FastEthernet0/0.100 encapsulation dot1Q 100 ip address 10.50.100.1 255.255.255.0 ! interface FastEthernet0/0.200 description ROUTER INTERFACE FOR DATA_Staff encapsulation dot1Q 200 ip address 10.50.200.1 255.255.254.0 ! interface FastEthernet0/1 ip address 98.98.98.1 255.255.255.0 duplex auto speed auto auto qos voip crypto map CMAP service-policy output AutoQoS-Policy-UnTrust ! interface Serial0/0/0 no ip address shutdown no fair-queue clock rate 2000000 ! interface Serial0/0/1 no ip address shutdown clock rate 2000000 ! interface Serial0/3/0:23 no ip address encapsulation hdlc isdn switch-type primary-ni isdn incoming-voice voice isdn bind-l3 ccm-manager no cdp enable ! router eigrp 1 redistribute static network 10.50.20.0 0.0.1.255 network 10.50.99.0 0.0.0.255 network 10.50.100.0 0.0.0.255 network 10.50.200.0 0.0.1.255 network 98.98.98.0 0.0.0.255 no auto-summary ! ip forward-protocol nd ip route 99.99.99.0 255.255.255.0 FastEthernet0/1 no ip http server no ip http secure-server ! ! ! ip access-list extended AutoQoS-VoIP-Control permit tcp any any eq 1720 permit tcp any any range 11000 11999 permit udp any any eq 2427 permit tcp any any eq 2428 permit tcp any any range 2000 2002 permit udp any any eq 1719 permit udp any any eq 5060 ip access-list extended AutoQoS-VoIP-RTCP permit udp any any range 16384 32767 ip access-list extended Tunnel permit ip 10.50.20.0 0.0.1.255 10.60.20.0 0.0.1.255 permit ip 10.50.200.0 0.0.1.255 10.60.200.0 0.0.1.255 permit ip 10.50.100.0 0.0.1.255 10.60.100.0 0.0.1.255 ! ! ! ! ! ! ! ! control-plane ! rmon event 33333 log trap AutoQoS description "AutoQoS SNMP traps for Voice Drops" owner AutoQoS rmon alarm 33333 cbQosCMDropBitRate.34.14175073 30 absolute rising-threshold 1 33333 fallingthreshold 0 owner AutoQoS ! ! voice-port 0/3/0:23 ! ccm-manager fallback-mgcp ccm-manager mgcp ccm-manager music-on-hold ccm-manager config server 10.60.30.10 ccm-manager config ! mgcp mgcp call-agent 10.60.30.10 2427 service-type mgcp version 0.1 mgcp rtp unreachable timeout 1000 action notify mgcp modem passthrough voip mode nse mgcp package-capability rtp-package mgcp package-capability sst-package mgcp package-capability pre-package no mgcp package-capability res-package no mgcp timer receive-rtcp mgcp sdp simple mgcp rtp payload-type g726r16 static ! mgcp profile default ! ! ! dial-peer voice 1 pots destination-pattern 91[2-9]......... port 0/3/0:23 forward-digits 11 ! dial-peer voice 2 pots destination-pattern 9[2-9]......... port 0/3/0:23 forward-digits 10 ! dial-peer voice 3 pots translation-profile incoming comein incoming called-number . direct-inward-dial ! dial-peer voice 4 pots translation-profile outgoing exit destination-pattern 4... port 0/3/0:23 ! dial-peer voice 5 pots destination-pattern 911 port 0/3/0:23 forward-digits 3 ! dial-peer voice 6 pots destination-pattern 1[2-9]......... port 0/3/0:23 forward-digits 11 ! ! ! ! call-manager-fallback max-conferences 8 gain -6 transfer-system full-consult ip source-address 10.50.20.1 port 2000 max-ephones 10 max-dn 10 system message primary ATL Network is Down! dialplan-pattern 1 4045778... extension-length 4 ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 password cisco login length 0 line vty 1 4 login ! scheduler allocate 20000 1000 ntp peer 10.60.99.1 end WIS_Switch WIS_Switch#show run Building configuration... Current configuration : 4376 bytes ! version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname WIS_Switch ! boot-start-marker boot-end-marker ! enable secret 5 $1$5oGq$TWCsbYoNAwlTUhiN4WZMK0 ! ! ! no aaa new-model system mtu routing 1500 ip routing ! ! ! mls qos map cos-dscp 0 8 16 24 32 46 48 56 mls qos srr-queue input bandwidth 70 30 mls qos srr-queue input threshold 1 80 90 mls qos srr-queue input priority-queue 2 bandwidth 30 mls qos srr-queue input cos-map queue 1 threshold 2 3 mls qos srr-queue input cos-map queue 1 threshold 3 6 7 mls qos srr-queue input cos-map queue 2 threshold 1 4 mls qos srr-queue input dscp-map queue 1 threshold 2 24 mls qos srr-queue input dscp-map queue 1 threshold 3 48 49 50 51 52 53 54 55 mls qos srr-queue input dscp-map queue 1 threshold 3 56 57 58 59 60 61 62 63 mls qos srr-queue input dscp-map queue 2 threshold 3 32 33 40 41 42 43 44 45 mls qos srr-queue input dscp-map queue 2 threshold 3 46 47 mls qos srr-queue output cos-map queue 1 threshold 3 4 5 mls qos srr-queue output cos-map queue 2 threshold 1 2 mls qos srr-queue output cos-map queue 2 threshold 2 3 mls qos srr-queue output cos-map queue 2 threshold 3 6 7 mls qos srr-queue output cos-map queue 3 threshold 3 0 mls qos srr-queue output cos-map queue 4 threshold 3 1 mls qos srr-queue output dscp-map queue 1 threshold 3 32 33 40 41 42 43 44 45 mls qos srr-queue output dscp-map queue 1 threshold 3 46 47 mls qos srr-queue output dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23 mls qos srr-queue output dscp-map queue 2 threshold 1 26 27 28 29 30 31 34 35 mls qos srr-queue output dscp-map queue 2 threshold 1 36 37 38 39 mls qos srr-queue output dscp-map queue 2 threshold 2 24 mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55 mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63 mls qos srr-queue output dscp-map queue 3 threshold 3 0 1 2 3 4 5 6 7 mls qos srr-queue output dscp-map queue 4 threshold 1 8 9 11 13 15 mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14 mls qos queue-set output 1 threshold 1 100 100 50 200 mls qos queue-set output 1 threshold 2 125 125 100 400 mls qos queue-set output 1 threshold 3 100 100 100 400 mls qos queue-set output 1 threshold 4 60 150 50 200 mls qos queue-set output 1 buffers 15 25 40 20 mls qos ! ! auto qos srnd4 ! ! ! spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! ! ! ! interface FastEthernet0/1 switchport trunk encapsulation dot1q switchport mode trunk srr-queue bandwidth share 1 30 35 5 priority-queue out mls qos trust cos auto qos trust ! interface FastEthernet0/2 switchport access vlan 100 switchport mode access switchport voice vlan 20 srr-queue bandwidth share 1 30 35 5 priority-queue out mls qos trust cos auto qos trust spanning-tree portfast ! interface FastEthernet0/3 switchport access vlan 200 switchport mode access switchport voice vlan 20 srr-queue bandwidth share 1 30 35 5 priority-queue out mls qos trust cos auto qos trust spanning-tree portfast ! interface FastEthernet0/4 shutdown ! interface FastEthernet0/5 shutdown ! interface FastEthernet0/6 shutdown ! interface FastEthernet0/7 shutdown ! interface FastEthernet0/8 shutdown ! interface FastEthernet0/9 shutdown ! interface FastEthernet0/10 shutdown ! interface FastEthernet0/11 shutdown ! interface FastEthernet0/12 shutdown ! interface FastEthernet0/13 shutdown ! interface FastEthernet0/14 shutdown ! interface FastEthernet0/15 shutdown ! interface FastEthernet0/16 shutdown ! interface FastEthernet0/17 shutdown ! interface FastEthernet0/18 shutdown ! interface FastEthernet0/19 shutdown ! interface FastEthernet0/20 shutdown ! interface FastEthernet0/21 shutdown ! interface FastEthernet0/22 shutdown ! interface FastEthernet0/23 shutdown ! interface FastEthernet0/24 shutdown ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 no ip address shutdown ! interface Vlan99 ip address 10.50.99.2 255.255.255.0 ! ! router eigrp 1 network 10.50.99.0 0.0.0.255 ! ip classless ip http server ip http secure-server ! ! ip sla enable reaction-alerts ! ! ! line con 0 exec-timeout 0 0 logging synchronous line vty 0 4 password cisco login length 0 line vty 5 15 login ! end