Paetec SIP Configuration Guide The missing manual By: Alex Hannah CCIE Voice #25853 6/9/2010 Abstract: This document will go over the IOS Gateway configuration and CUCM configuration to connect a Cisco CUBE to Paetec s Broadsoft or G9 SBC platform. This serves as the missing manual and was crafted from the internal resources of TBL UC Engineering. Please DO NOT share with anyone other than TBL Staff.
1. IOS CUBE ( Cisco Unified Border Element ) Configuration is required in order to get the CUBE talking to the SBC in the Paetec Cloud. This section will list out the configuration necessary for the Broadsoft SBC switch as well as the differences for the G9 platform. Configuration was taken from a production MPLS and SIP Trunk 3845 for C&F Bank running IOS version 12.4.20T5 Advanced Enterprise Services c3845-adventerprisek9-mz.124-20.t5.bin ***Manditory commands are in bold face. Last configuration change at 12:47:10 EDT Fri May 28 2010 by tbluser NVRAM config last updated at 12:47:40 EDT Fri May 28 2010 by tbluser version 12.4 service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption hostname HQ-3845-MPLS-DS3 boot-start-marker boot-end-marker card type t3 1 logging message-counter syslog logging buffered 16384 informational enable secret 5 $1$hFUl$M2UB5IwB3T5Tk24Zzlpoj/ enable password 7 13024730020B362F2F aaa new-model aaa authentication login default group radius local-case aaa authentication login local-case group radius aaa authentication ppp network local-case aaa session-id common clock timezone EST -5 clock summer-time EDT recurring dot11 syslog ip source-route ip cef
ip domain name candfbank.local ip multicast-routing no ipv6 cef multilink bundle-name authenticated voice-card 0 no dspfarm dsp services dspfarm voice service voip allow-connections h323 to h323 ( Optional if H323 is used ) allow-connections h323 to sip ( Optional if H323 is used ) allow-connections sip to h323 ( Optional if H323 is used ) allow-connections sip to sip no supplementary-service sip moved-temporarily fax protocol pass-through g711ulaw no fax-relay sg3-to-g3 h323 modem passthrough nse codec g711ulaw sip bind control source-interface Serial1/0 bind media source-interface Serial1/0 header-passing error-passthru outbound-proxy ipv4:172.29.255.5 early-offer forced midcall-signaling passthru voice class codec 1 codec preference 1 g729r8 codec preference 2 g711ulaw ( IF Diversion Headers are required ) by Broadsoft or for SnR Functionality voice class sip-profiles 101 request ANY sip-header Allow-Header modify ", UPDATE" "" response ANY sip-header Allow-Header modify ", UPDATE" "" request INVITE sip-header Diversion add "Diversion: <sip:7579413080@172.255.2.5>;privacy=off;screen=no" request INVITE sip-header Diversion add "Diversion: <sip:7579413080@172.29.255.5>;privacy=off;screen=no"
voice translation-rule 2 rule 1 /^18...$/ /7579413080/ voice translation-rule 3 rule 1 /^8/ // voice translation-profile OutboundRedirecting translate called 3 translate redirect-called 2 crypto pki trustpoint TP-self-signed-3529333513 enrollment selfsigned subject-name cn=ios-self-signed-certificate-3529333513 revocation-check none rsakeypair TP-self-signed-3529333513 crypto pki certificate chain TP-self-signed-3529333513 certificate self-signed 01 3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 33353239 33333335 3133301E 170D3130 30323033 31363330 30365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 35323933 33333531 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100CD92 33BF263C 5ECF9865 FF7BF70F ED3E913C 5CFC3636 E6FAAD78 08D29278 2B6E5B16 9E912B57 BA0D52F0 148849A2 2D704125 D2EC30C8 4E9B3128 A04B5B98 DA4A3A9E 66CE133C 10326CEC 04CF6A05 D2F490E2 193D8717 C7131913 3256B661 5D51192A 84B7E19A B2E45163 ABCBC4A6 F700E589 0C188BF8 6CB7C861 D822B20A 9ED50203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603 551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D 301F0603 551D2304 18301680 143B3296 A964F2D1 3C001BB3 AE190ECD 9FCD32E0 4D301D06 03551D0E 04160414 3B3296A9 64F2D13C 001BB3AE 190ECD9F CD32E04D 300D0609 2A864886 F70D0101 04050003 818100A6 C39BD654 749A2ABE 213B7C49 A746D00C 71AC53AF C66AE596 9D6FA84F 871579E1 9710E1D4 C8A9B4CF 0FBD254B 61704693 F9F33415 F0515D4E 0AAB136D CC705867 E3E52767 F560D19F 003BC59E 753C19DE C7197FFD 1D1CDB3B 73CB5B7C BB1B22D3 188CA3EA 24E98207 B4079A05 8A43B883 87D6E601 E3362C34 AD9D3704 154121 quit
memory free low-watermark processor 32000 memory free low-watermark IO 10000 username c&f1td3partm3nt privilege 15 secret 5 $1$k2HU$vA5Z74H8ihOrhopd3cuYJ1 username paetec secret 5 $1$pvw6$Zgu.1lNl8DpgwZwLHMPAc0 archive log config hidekeys controller T3 1/0 clock source line description PaeTec - MPLS - Circuit ID: 19.HFGS.100001..COXC COX PID:108075 PaeTec: 3839985 PON# ip telnet source-interface GigabitEthernet0/1 ip ftp source-interface GigabitEthernet0/0 ip ssh source-interface GigabitEthernet0/1 class-map match-any VOICE-CTRL-LAN match ip dscp af21 class-map match-all VOICE match ip dscp ef class-map match-any VOICE-CTRL match ip dscp af31 match ip dscp cs3 policy-map LAN-EDGE class VOICE set ip dscp ef class VOICE-CTRL-LAN set ip dscp cs3 policy-map WAN-EDGE class VOICE priority 10000 set ip dscp ef class VOICE-CTRL bandwidth 2000 set ip dscp af21 interface Loopback0
ip address 10.1.1.3 255.255.255.255 no ip redirects no ip unreachables ip pim sparse-dense-mode ip virtual-reassembly interface GigabitEthernet0/0 description Stonehouse LAN ip address 10.1.90.1 255.255.255.0 no ip redirects no ip unreachables ip flow ingress ip flow egress ip pim sparse-dense-mode duplex auto speed auto media-type rj45 service-policy output LAN-EDGE interface GigabitEthernet0/1 description Unused Port no ip address shutdown duplex auto speed auto media-type rj45 interface Serial1/0 ip address 64.196.86.14 255.255.255.252 ip flow ingress ip flow egress encapsulation ppp dsu bandwidth 44210 service-policy output WAN-EDGE router eigrp 100 redistribute connected redistribute bgp 65000 metric 20000000 1 255 1 1500 route-map FILTER-BGP2 network 10.1.90.0 0.0.0.255 network 64.196.86.12 0.0.0.3 no auto-summary router bgp 65000 no synchronization bgp log-neighbor-changes bgp suppress-inactive redistribute eigrp 100 neighbor 64.196.86.13 remote-as 15270 default-information originate no auto-summary
ip forward-protocol nd no ip http server no ip http secure-server ip flow-export source GigabitEthernet0/0 ip flow-export version 5 ip flow-export destination 10.1.90.25 2055 logging trap debugging logging 10.1.90.167 access-list 10 permit 64.196.86.13 access-list 10 permit 10.0.0.0 0.255.255.255 access-list 10 permit 192.168.0.0 0.0.255.255 access-list 10 permit 172.16.0.0 0.15.255.255 access-list 10 deny any snmp-server community tech1st RO snmp-server community Rtr1927 RO snmp-server enable traps tty route-map FILTER-BGP2 permit 10 match ip address 10 route-map FILTER-BGP permit 10 match ip address 10 radius-server host 10.1.90.167 auth-port 1645 acct-port 1646 radius-server key 7 02050D4808095E731F control-plane call threshold global cpu-avg low 68 high 75 call threshold global total-mem low 75 high 85 call threshold global total-calls low 35 high 40 sccp local GigabitEthernet0/0 sccp ccm 10.101.90.10 identifier 2 version 5.0.1 sccp ccm 10.101.90.6 identifier 1 version 5.0.1 sccp sccp ccm group 1
associate ccm 2 priority 1 associate ccm 1 priority 2 associate profile 2 register XCODE0180_SIP associate profile 1 register CFB0180_SIP dspfarm profile 2 transcode codec g711ulaw codec g711alaw codec g729ar8 codec g729abr8 codec g729r8 codec g729br8 maximum sessions 15 associate application SCCP dspfarm profile 1 conference codec g711ulaw codec g729br8 codec g729ar8 codec g729abr8 codec g729r8 maximum sessions 2 associate application SCCP dial-peer voice 200 voip description To CUCM Sub for DID Ranges 757-941-3060 to 3079 preference 1 destination-pattern 757... voice-class codec 1 no voice-class sip outbound-proxy session protocol sipv2 session target ipv4:10.101.90.10 dtmf-relay rtp-nte no vad dial-peer voice 201 voip description To CUCM Pub for DID Ranges 757-941-3060 to 3079 preference 2 destination-pattern 757... voice-class codec 1 no voice-class sip outbound-proxy session protocol sipv2 session target ipv4:10.101.90.6 dtmf-relay rtp-nte no vad dial-peer voice 100 voip description Inbound from Paetec SIP voice-class codec 1
session protocol sipv2 session target sip-server incoming called-number 757...$ dtmf-relay rtp-nte no vad dial-peer voice 202 voip description Inbound from CUCM incoming called-number. dial-peer voice 102 voip description Local Dial Peer translation-profile outgoing OutboundRedirecting destination-pattern 8[2-9]...$ progress_ind setup enable 3 progress_ind connect enable 8 session protocol sipv2 session target sip-server session transport udp dtmf-relay rtp-nte dial-peer voice 103 voip description Long Distance Peer translation-profile outgoing OutboundRedirecting destination-pattern 81[2-9]..[2-9]... progress_ind setup enable 3 progress_ind connect enable 8 session protocol sipv2 session target sip-server session transport udp dtmf-relay rtp-nte no vad dial-peer voice 101 voip description 911 translation-profile outgoing OutboundRedirecting destination-pattern 911 progress_ind setup enable 3 progress_ind connect enable 8 session protocol sipv2 session target sip-server session transport udp dtmf-relay rtp-nte dial-peer voice 104 voip description Services translation-profile outgoing OutboundRedirecting destination-pattern [2-9]11 progress_ind setup enable 3 progress_ind connect enable 8
session protocol sipv2 session target sip-server session transport udp dtmf-relay rtp-nte NEXT SECTION DEPENDS ON IF CONNECTING TO BROADSOFT VS G9 PAY CLOSE ATTENTION TO SIP-UA IT MAKES ALL THE DIFFERENCE PAETEC BROADSOFT WEST SWITCH CONFIG, REQUIRES AUTHENTICATION sip-ua credentials username 7579413080 password 7 09786C252B0A141918 realm none authentication username 7579413080 password 7 1331353E3903072138 no remote-party-id retry invite 2 retry register 10 timers connect 100 registrar dns:172.29.255.5 expires 3600 sip-server dns:172.29.255.5 host-registrar PAETEC G9 SWITCH CONFIG, REQUIRES NO AUTHENTICATION sip-ua no remote-party-id retry invite 2 retry register 10 timers connect 100 sip-server dns:172.29.255.5 host-registrar banner motd ^CThis is a proprietary system, NOT for public or personal use. This system is actively monitored and accessed by C&F Bank. By logging onto this system, the user consents to such monitoring and access. All work products, communications, files, data or information directly or indirectly created, inputted or accessed on this system are and shall become the sole property of C&F Bank. USE OF THIS SYSTEM WITHOUT OR IN EXCESS OF THE PROPER AUTHORIZATION MAY SUBJECT THE USER TO DISCIPLINE AND/OR CIVIL AND CRIMINAL PENALTIES.^C line con 0 password 7 143A1D0E55166C0A30 logging synchronous
transport preferred telnet transport output all line aux 0 transport preferred telnet transport output all line vty 0 4 exec-timeout 60 0 privilege level 15 password 7 013E09010219402E35 logging synchronous transport preferred telnet transport input all transport output all line vty 5 15 exec-timeout 60 0 privilege level 15 password 7 013E09010219402E35 logging synchronous transport preferred telnet transport input all transport output all scheduler allocate 20000 1000 ntp server 10.1.90.47 end
2. Cisco Unified Communications Manager Configuration: This section will show screenshots and brief descriptions of what is necessary on CUCM to connect to the CUBE and place an outbound call using Paetec DynSIP solution. A SIP Trunk is required to connect to the CUBE, which can be configured under DEVICE > TRUNK in CUCM, select SIP Trunk. Details on the SIP Trunk can be seen in the following screen shots: ( Key things are DP, MRGL is optional b/c it inherits from DP, but I was lazy, Location, NO MTP is required, redirect diversion header for both outbound and inbound are checked, Destination IP ( CUBE IP ), DTMF type, and SIP Trunk security profile ).
SIP Trunk Security Profile: Make SURE the SIP Trunk Security Profile in CUCM is left at a default minimum level, this bit me hard the first go around with SIP Trunking, also ensure the bottom 4 check boxes are enabled.
3. Call Routing: This section will go over the standard concepts of Route Group, Route List, Route Patterns to show the call routing for sample SIP Configuration. Route Group: Route List:
Route Patterns: *** Note: All the normal patterns we would enable or Route Filters for outbound calling will point to the SIP Trunk Route List. Nothing new here. 4. Device Pool Settings ( Used for the device pool section under the SIP Trunk ) Import items are Region ( MUST BE G729 EVERYWHERE ), MRGL, Location.
Regions: G.729 must be enabled everywhere 5. Media Resource: Make sure to include the Hardware based XCODE and CFB we configured in the IOS section
6. Broadsoft West Security Settings with CUCM: Make sure to configure a Application User for the BTN in CUCM, used with security Digest Authentication on the CUCM. I Believe this is optional, but don t chance it