Install SSL Certificate in F5 Load Balancer

The installation procedure to upload a SSL certificate from Verisign into F5 load balancer is given below

STEP I: Export Certificate and Private Key from the first IIS 6.0 server

Create an MMC Snap-in for Managing Certificates:

1. Start > run > MMC

2. Go into the Console Tab > File > Add/Remove Snap-in

3. Click on Add > Click Certificates > Add

4. Choose Computer Account

5. Choose Local Computer

6. Close the Add Standalone Snap-in window.

7. Click OK at the Add/Remove Snap-in window.

Export the Certificate with Private Key attached:

8. Expand Certificates in the Console Tree

9. Look for a folder called Personal > Certificates

10. Select the Certificate that you wish to back up.

11. Right-click on the file and choose > ALL TASKS > Export

12. The Certificate Export Wizard will start up. Click Next

13. Choose Yes, export the private key

14. Select Include all certificates in the certification path and click Next

15. Set a password to protect the export of the Private key file with the Certificate. Click Next

16. Choose to save the file to a set location.

Type the file name in the 'File Name' box, and click Save

Click Next

The file is given a *.pfx file-name extension

Login into F5 and change the directory to var/tmp

start the ftp prompt

Bin

get .pfx file

exit ftp

convert the .pfx file into .pem file by

openssl pkcs12 -in sap.ltg.info.pfx -out sap.ltg.info.pem –nodes

export the .pem file into your workstation.

open the pem file using wordpad

copy the key to notepad and save all ALL files .key

copy cert to not a notepad and save ALL file .crt

Load the key into F5 and then CRT file. Once the certificate is loaded, the certificate details will be displayed under SSL certificates tab.

Voice VLAN Configuration

•Before you enable voice VLAN, we recommend that you enable QoS on the switch by entering the mls qos global configuration command and configure the port trust state to trust by entering the mls qos trust cos interface configuration command.

• The Port Fast feature is automatically enabled when voice VLAN is configured. When you disable voice VLAN, the Port Fast feature is not automatically disabled.

• When you enable port security on an interface that is also configured with a voice VLAN, you must set the maximum allowed secure addresses on the port to at least two.

• If any type of port security is enabled on the access VLAN, dynamic port security is automatically enabled on the voice VLAN.

• You cannot configure static secure or sticky secure MAC addresses on a voice VLAN.
Configuring a Port to Connect to a Cisco 7960 IP Phone

VOICE VLAN CONFIGURATION:

Because a Cisco 7960 IP Phone also supports a connection to a PC or other device, a port connecting the switch to a Cisco 7960 IP Phone can carry mixed traffic.

You can configure the port to carry voice traffic in one of these ways:

• Configuring Ports to Carry Voice Traffic in 802.1Q Frames

• Configuring Ports to Carry Voice Traffic in 802.1P Priority-Tagged Frames
You can configure the IP phone to carry data traffic in one of these ways:

• Overriding the CoS Priority of Incoming Data Frames

• Configuring the IP Phone to Trust the CoS Priority of Incoming Data Frames
switchport voice vlan dot1p :

Instruct the switch port to use IEEE 802.1p priority tagging for voice traffic and to use the default native VLAN (VLAN 0) to carry all traffic. By default, the Cisco IP phone forwards the voice traffic with an IEEE 802.1p priority of 5.
switchport voice vlan vlan-id

Instruct the Cisco IP Phone to forward all voice traffic through the specified VLAN. By default, the Cisco IP Phone forwards the voice traffic with an 802.1Q priority of 5. Valid VLAN IDs are from 1 to 4094.
switchport priority extend cos value :

Set the IP phone access port to override the priority received from the PC or the attached device.
The CoS value is a number from 0 to 7. Seven is the highest priority. The default is 0.

switchport priority extend trust
Set the IP phone access port to trust the priority received from the PC or the attached device.

Installation of Cisco Expansion module 7916

Installation of Cisco Expansion module 7916

When you add an expansion module new Cisco IP phone, the module acts weird. Sometimes there is no label displayed.
First reset the phone by unplugging the Ethernet cable and plug back in. Press # during the power up time. Press 123456789*0# when the button lights are moving one to another. Wait until the phone downgraded to factory default. Then the phone will be upgraded to latest firmware from the call manager. Once the phone is upgraded to latest firmware, the firmware will be displayed under active ID in call manager under device properties. Then plug the module, add the module name under device, module section and save the config. Then apply the config. The expansion module will start to work.

Missed calls log missing

It happens to some Cisco IP phones that missed calls log become empty. It is a weird situation and it may confuse the end users. You may see this behavior in ccm 7.x version. The problem won't go away even if you reset the firmware to default version and then upgrade to the latest version. The best solution is to remove the phone device and directory number from the data base. make a search that directory number does not exist in call manager. Then create the phone and assign the directory number to the phone.

Music on Hold for Remote site

Cisco solution
Remote site router config
. Remote site in in G.729 region. G.729 will be used for voice calls.
!
Using MGCP back to CallManager for the analog devices.
ccm-manager fallback-mgcp
ccm-manager mgcp
ccm-manager music-on-hold
ccm-manager config server x.x.x.x
ccm-manager config
!
mgcp
mgcp call-agent x.x.x.x 2427 service-type mgcp version 0.1
mgcp dtmf-relay voip codec all mode out-of-band
mgcp rtp unreachable timeout 1000 action notify
mgcp modem passthrough voip mode nse
mgcp package-capability rtp-package
no mgcp package-capability res-package
mgcp package-capability sst-package
no mgcp package-capability fxr-package
mgcp package-capability pre-package
no mgcp timer receive-rtcp
mgcp sdp simple
mgcp rtp payload-type g726r16 static
!
mgcp profile default
!
!
dial-peer voice 1 pots
incoming called-number .
port 0/2/0
!
dial-peer voice 2 voip
destination-pattern [1-8]...
session target ipv4:x.x.x.x
dtmf-relay h245-alphanumeric
codec g711ulaw !
!
dial-peer voice 3 pots
incoming called-number .
port 0/2/1
!
dial-peer voice 999020 pots
service mgcpapp
port 0/2/0
!
dial-peer voice 999030 pots
service mgcpapp
port 0/3/0
!
dial-peer voice 999021 pots
service mgcpapp
port 0/2/1
!
! Dial-peer 100 for SRST out dialing.
dial-peer voice 100 pots
port #
destination-pattern 9[2-9]......
!
! Need the gateway command to invoke H.323.
gateway
timer receive-rtp 1200
!
!
### SRST COMMANDS
call-manager-fallback
secondary-dialtone 9
max-conferences 8 gain -6
ip source-address x.x.x.x port 2000
max-ephones 5
max-dn 10
system message primary CM Failed, NOW on SRST
moh music-on-hold.au Our music file stored in flash.

Here is where the router enabled multicat MoH. Must put the same IP and port as specified in the CallManager MoH server.
multicast moh 239.1.1.1 port 16384 route xx.x.x.1 xx.x.x.x
!

!
End

Cisco Voice Router Commands

show isdn status
shows D channel
Layer 2 status should be Multiple_Frame_Established

show voice port summary
shows B channel

show controller t1
intervals are in 15 seconds
check for errors

no mgcp
perform in config t mode

mgcp
perform in config t mode

debug Q931

debug mgcp pack
check mgcp packets

reload in
reload the router after certain time in seconds


reload cancel
to cancel the reload

show tcp brief : inc port#

mgcp ports are 2427 and 2428
binds to 2428

show ccm host

no ccm-manager mgcp-
to shut down mgcp
ccm-manager mgcp

show dial-peer voice summary


show voice port summary
display port status

show voice port (port)
get a detailed port status

show voice call summary
shows call state info

show voice dsp
shows current status of DSP channels

show call active brief
displays truncated version of call information

show voice dsp
displays codecs being supported by the routers DSP’s

debug vtsp all
shows the voice telephony service provider stats

debug voice ccapi inout

show diag

show environment power
check total power supply output

show inlinepower
checks switch blade and port power usage

show call-manager-fallback all

show call-manager-fallback dial-peer

show ccm-manager fallback-mgcp

show call history voice brief

show voice busyout

show service module




csim start (dialstring)-
check the dialing 1 pots
destination-pattern 9T
port s0/0/x

Test commands
test voice port (slot/physicalport/logicalport) inject-tone local 500hz
test voice port (slot/physicalport/logicalport) inject-tone local disable
test voice port (slot/physicalport/logicalport) relay ring on
test voice port (slot/physicalport/logicalport) relay ring disable




opcagt –kill



+3 out attenuation
-3 input gain


CUE
service-module service-engine 0/0 session

service-module service-engine 0/0 status

service-module service-engine 0/0 reload

After logging into CUE

sh ccn status ccm-manager
shows whether it is registered with CallManager

To Turn on Buffering
buffer logging xxxx

reomote mobility voip phone set up for a group

Cisco Remote Mobility phone set up for a group of people:

By default we can add 4 cell phone numbers for remote destination in call manager. There are certain timers that we can adjust to get the preferred cell phone ring first.

The following timer settings will ring the preferred cell phone number first.

Preferred cell phone Number 1
Answer too soon timer : 2000
Answer too late timer : 19000
Delay Before Ringing timer: 0

Cell Phone 2


Answer too soon timer : 2000
Answer too late timer : 19000
Delay Before Ringing timer: 15000

Cell Phone 3


Answer too soon timer : 2000
Answer too late timer : 19000
Delay Before Ringing timer: 18000

Cell Phone 4


Answer too soon timer : 2000
Answer too late timer : 19000
Delay Before Ringing timer: 19000