Implementing Cisco Unified Communications Manager, Part 2 (CIPT2) (Authorized Self-Study Guide), Vol. 2

Foreword xx Introduction xxiChapter 1 Identifying Issues in a Multisite Deployment 3Chapter Objectives 3Multisite Deployment Challenge Overview 3Quality Challenges 5Bandwidth Challenges 6Availability Challenges 8Dial Plan Challenges 9Overlapping and Nonconsecutive Numbers 12Fixed Versus Variable-Length Numbering Plans 13Variable-Length Numbering, E.164 Addressing, and DID 15Optimized Call Routing and PSTN Backup 15NAT and Security Issues 17Chapter Summary 18References 19Review Questions 19Chapter 2 Identifying Multisite Deployment Solutions 23Chapter Objectives 23Multisite Deployment Solution Overview 24Quality of Service 24QoS Advantages 25Solutions to Bandwidth Limitations 26Low-Bandwidth Codecs and RTP-Header Compression 28Codec Configuration in CUCM 29Disabled Annunciator 29Local Versus Remote Conference Bridges 30Mixed Conference Bridge 30Transcoders 31Multicast MOH from the Branch Router Flash 33Availability 37PSTN Backup 38MGCP Fallback 39Fallback for IP Phones 40Using CFUR During WAN Failure 42Using CFUR to Reach Users on Cell Phones 42AAR and CFNB 43Mobility Solutions 44Dial Plan Solutions 44Dial Plan Components in Multisite Deployments 45NAT and Security Solutions 46Cisco Unified Border Element in Flow-Through Mode 46Summary 48References 48Review Questions 48Chapter 3 Implementing Multisite Connections 53Chapter Objectives 53Examining Multisite Connection Options 54MGCP Gateway Characteristics 55H.323 Gateway Characteristics 55SIP Trunk Characteristics 56H.323 Trunk Overview 56H.323 Trunk Comparison 57MGCP Gateway Implementation 59H.323 Gateway Implementation 61Cisco IOS H.323 Gateway Configuration 63CUCM H.323 Gateway Configuration 64Trunk Implementation Overview 65Gatekeeper-Controlled ICT and H.225 Trunk Configuration 66Implementing SIP Trunks 67Implementing Intercluster and H.225 Trunks 69CUCM Gatekeeper-Controlled ICT and H.225 Trunk Configuration 70Summary 73References 73Review Questions 74Chapter 4 Implementing a Dial Plan for Multisite Deployments 79Chapter Objectives 79Multisite Dial Plan Overview 79Implementing Access and Site Codes 80Implementing Site Codes for On-Net Calls 80Digit-Manipulation Requirements When Using Access and Site Codes 80Access and Site Code Requirements for Centralized Call-Processing Deployments 82Implementing PSTN Access 83Transformation of Incoming Calls Using ISDN TON 84Implementing Selective PSTN Breakout 86Configure IP Phones to Use Remote Gateways for Backup PSTN Access 87Considerations When Using Backup PSTN Gateways 88Implementing PSTN Backup for On-Net Intersite Calls 89Digit-Manipulation Requirements for PSTN Backup of On-Net Intersite Calls 89Implementing Tail-End Hop-Off 91Considerations When Using TEHO 92Summary 92Review Questions 93Chapter 5 Examining Remote-Site Redundancy Options 97Chapter Objectives 97Remote-Site Redundancy Overview 98Remote-Site Redundancy Technologies 99Basic Cisco Unified SRST Usage 101Cisco Unified SIP SRST Usage 101CUCME in SRST Mode Usage 102Cisco Unified SRST Operation 102SRST Function of Switchover Signaling 103SRST Function of the Call Flow After Switchover 104SRST Function of Switchback 105SRST Timing 105MGCP Fallback Usage 107MGCP Fallback Operation 107MGCP Gateway Fallback During Switchover 108MGCP Gateway Fallback During Switchback 109MGCP Gateway Fallback Process 110Cisco Unified SRST Versions and Feature Support 112SRST 4.0 Platform Density 112Dial Plan Requirements for MGCP Fallback and SRST Scenarios 113Ensuring Connectivity for Remote Sites 114Ensuring Connectivity from the Main Site Using Call Forward Unregistered 115CFUR Considerations 115Keeping Calling Privileges Active in SRST Mode 117SRST Dial Plan Example 117Summary 118References 119Review Questions 119Chapter 6 Implementing Cisco Unified SRST and MGCP Fallback 123Chapter Objectives 123MGCP Fallback and SRST Configuration 124Configuration Requirements for MGCP Fallback and Cisco Unified SRST 124Cisco Unified SRST Configuration in CUCM 125SRST Reference Definition 125CUCM Device Pool 126SRST Configuration on the Cisco IOS Gateway 126SRST Activation Commands 127SRST Phone Definition Commands 127SRST Performance Commands 128Cisco Unified SRST Configuration Example 129MGCP-Gateway-Fallback Configuration on the Cisco IOS Gateway 130MGCP Fallback Activation Commands 131MGCP Fallback Configuration Example 131Dial Plan Configuration for SRST Support in CUCM 132SRST Dial Plan of CFUR and CSS 133SRST Dial Plan: Max Forward UnRegistered Hops to DN 134MGCP Fallback and SRST Dial Plan Configuration in the Cisco IOS Gateway 135SRST Dial Plan Components for Normal Mode Analogy 135SRST Dial Plan Dial Peer Commands 136SRST Dial Plan Commands: Open Numbering Plans 140SRST Dial Plan Voice Translation-Profile Commands for Digit Manipulation 142SRST Dial Plan Voice Translation-Rule Commands for Number Modification 143SRST Dial Plan Profile Activation Commands for Number Modification 144SRST Dial Plan Class of Restriction Commands 145SRST Dial Plan Example 146Telephony Features Supported by Cisco Unified SRST 150Special Requirements for Voice-Mail Integration Using Analog Interfaces 151Summary 152References 152Review Questions 152Chapter 7 Implementing Cisco Unified Communications Manager Express in SRST Mode 157Chapter Objectives 157CUCME Overview 158CUCME in SRST Mode 158Standalone CUCME Versus CUCM and CUCME in SRST Mode 159CUCME Features 161CUCME Features and Versions 161Other CUCME Features 162General Configuration of CUCME 163CUCME Basic Configuration 164CUCME Configuration Providing Phone Loads 165CUCME Configuration for Music On Hold 165Configuring CUCME in SRST Mode 167Phone-Provisioning Options 168Advantages of CUCME SRST 169Phone Registration Process 169Configuring CUCME for SRST 170CUCME for SRST Mode Configuration 172Summary 173References 173Review Questions 173Chapter 8 Implementing Bandwidth Management 177Chapter Objectives 177Bandwidth Management Overview 177CUCM Codec Configuration 178Review of CUCM Codecs 179Local Conference Bridge Implementation 181Transcoder Implementation 184Implementing a Transcoder at the Main Site 185Configuration Procedure for Implementing Transcoders 187Multicast MOH from Branch Router Flash Implementation 191Implementing Multicast MOH from Branch Router Flash 192Configuration Procedure for Implementing Multicast MOH from Branch Router Flash 194Summary 202References 203Review Questions 203Chapter 9 Implementing Call Admission Control 207Chapter Objectives 207Call Admission Control Overview 208Call Admission Control in CUCM 208Locations 209Locations: Hub-and-Spoke Topology 210Locations: Full-Mesh Topology 211Configuration Procedure for Implementing Locations-Based CAC 212Locations Configuration Example of a Hub-and-Spoke Topology 212RSVP-Enabled Locations 215Three Call Legs with RSVP-Enabled Locations 215Characteristics of Phone-to-RSVP Agent Call Legs 216Characteristics of RSVP Agent-to-RSVP Agent Call Legs 217RSVP Basic Operation 217RSVP-Enabled Location Configuration 220Configuration Procedure for Implementing RSVP-Enabled Locations-Based CAC 221Step 1: Configure RSVP Service Parameters 221Step 2: Configure RSVP Agents in Cisco IOS Software 225Step 3: Add RSVP Agents to CUCM 227Step 4: Enable RSVP Between Location Pairs 228Automated Alternate Routing 230Automated Alternate Routing Characteristics 231AAR Example 231AAR Considerations 233AAR Configuration Procedure 234H.323 Gatekeeper CAC 239H.323 Gatekeeper Used for Call Routing for Address Resolution Only 240Using an H.323 Gatekeeper for CAC 243H.323 Gatekeeper Also Used for Call Admission Control 245Provide PSTN Backup for Calls Rejected by CAC 247Configuration Procedure for Implementing H.323 Gatekeeper-Controlled Trunks with CAC 248Summary 249References 249Review Questions 250Chapter 10 Implementing Call Applications on Cisco IOS Gateways 255Chapter Objectives 255Call Applications Overview 256Tcl Scripting Language 256VoiceThe Analogy Between HTML and VoiceAdvantages of VoiceCisco IOS Call Application Support 259Tcl Versus VoiceCisco IOS Call Application Support Requirements 261Examples of Cisco IOS Call Applications Available for Download at Cisco.com 262Call Application Auto-Attendant Script Example 263Remote-Site Gateway Using an Auto-Attendant Script During a WAN Failure 265Auto-Attendant Tcl Script Flowchart 266Call Application Configuration 267Step 1: Download the Application from Cisco.com 268Step 2: Upload and Uncompress the Script to Flash 268Step 3a: Configure the Call Application Service Definition 269Step 3b: Configure the Call Application Service Parameters 269Step 4: Associate the Call Application with a Dial Peer 270Call Application Configuration Example 270Summary 272References 272Review Questions 272Chapter 11 Implementing Device Mobility 277Chapter Objectives 277Issues with Devices Roaming Between Sites 277Issues with Roaming Devices 278Device Mobility Solves Issues of Roaming Devices 279Device Mobility Overview 280Dynamic Device Mobility Phone Configuration Parameters 280Device Mobility Dynamic Configuration by Location-Dependent Device Pools 282Device Mobility Configuration Elements 283The Relationship Between Device Mobility Configuration Elements 284Device Mobility Operation 285Device Mobility Operation Flowchart 286Device Mobility Considerations 289Review of Line and Device CSSs 289Device Mobility and CSSs 290Examples of Different Call-Routing Paths Based on Device Mobility Groups and TEHO 290Device Mobility Configuration 293Steps 1 and 2: Configure Physical Locations and Device Mobility Groups 293Step 3: Configure Device Pools 293Step 4: Configure Device Mobility Infos 294Step 5a: Set the Device Mobility Mode CCM Service Parameter 295Step 5b: Set the Device Mobility Mode for Individual Phones 296Summary 297References 297Review Questions 297Chapter 12 Implementing Extension Mobility 301Chapter Objectives 301Issues with Users Roaming Between Sites 301Issues with Roaming Users 302Extension Mobility Solves Issues of Roaming Users 303CUCM Extension Mobility Overview 303Extension Mobility: Dynamic Phone Configuration Parameters 304Extension Mobility with Dynamic Phone Configuration by Device Profiles 305CUCM Extension Mobility Configuration Elements 306The Relationship Between Extension Mobility Configuration Elements 307CUCM Extension Mobility Operation 308Issues in Environments with Different Phone Models 310Extension Mobility Solution to Phone Model Differences 310Extension Mobility and Calling Search Spaces (CSS) 311Alternatives to Mismatching Phone Models and CSS Implementations 312CUCM Extension Mobility Configuration 313Step 1: Activate the Cisco Extension Mobility Feature Service 313Step 2: Set Cisco Extension Mobility Service Parameters 314Step 3: Add the Cisco Extension Mobility Phone Service 315Step 4: Create Default Device Profiles 315Step 5a: Create Device Profiles 316Step 5b: Subscribe the Device Profile to the Extension Mobility Phone Service 316Step 6: Associate Users with Device Profiles 318Step 7a: Configure Phones for Cisco Extension Mobility 318Step 7b: Subscribe the Phone to the Extension Mobility Phone Service 320Summary 320References 321Review Questions 321Chapter 13 Implementing Cisco Unified Mobility 327Chapter Objectives 327Cisco Unified Mobility Overview 327Mobile Connect and Mobile Voice Access Characteristics 328Cisco Unified Mobility Features 329Cisco Unified Mobility Call Flow 330Mobile Connect Call Flow of Internal Calls Placed from a Remote Phone 330Mobile Voice Access Call Flow 331Cisco Unified Mobility Components 332Cisco Unified Mobility Configuration Elements 333Shared Line Between the Phone and the Remote Destination Profile 335Relationship Between Cisco Unified Mobility Configuration Elements 336Cisco Unified Mobility Configuration 338Configuring Mobile Connect 338Configuring Mobile Voice Access 348Summary 355References 355Review Questions 355Chapter 14 Understanding Cryptographic Fundamentals and PKI 359Chapter Objectives 359Cryptographic Services 359Symmetric Versus Asymmetric Encryption 362Algorithm Example: AES 363Asymmetric Encryption 364Algorithm Example: RSA 365Two Ways to Use Asymmetric Encryption 366Hash-Based Message Authentication Codes 366Algorithm Example: SHA-1 367No Integrity Provided by Pure Hashing 368Hash-Based Message Authentication Code, or “Keyed Hash” 369Digital Signatures 370Public Key Infrastructure 372Symmetric Key Distribution Protected by Asymmetric Encryption 372Public Key Distribution in Asymmetric Cryptography 373PKI as a Trusted Third-Party Protocol 374PKI: Generating Key Pairs 374PKI: Distributing the Public Key of the Trusted Introducer 374PKI: Requesting Signed Certificates 376PKI: Signing Certificates 376PKI: Providing Entities with Their Certificates 377PKI: Exchanging Public Keys Between Entities Using Their Signed Certificates 378PKI Entities 379X.509v3 Certificates 380PKI Example: SSL on the Internet 381Internet Web Browser: Embedded Internet-CA Certificates 382Obtaining the Authentic Public Key of the Web Server 383Web Server Authentication 384Exchanging Symmetric Session Keys 385Session Encryption 386Summary 387References 387Review Questions 387Chapter 15 Understanding Native CUCM Security Features and CUCM PKI 391Chapter Objectives 391CUCM Security Features Overview 391CUCM Security Feature Support 393Cisco Unified Communications Security Considerations 394CUCM IPsec Support 395IPsec Scenarios in Cisco Unified Communications 395IPsec on Network Infrastructure Devices 397Signed Phone Loads 397SIP Digest Authentication 398SIP Digest Authentication Configuration Procedure 399SIP Digest Authentication Configuration Example 399SIP Trunk Encryption 400SIP Trunk Encryption Configuration Procedure 401SIP Trunk Encryption Configuration 401CUCM PKI 402Self-Signed Certificates 402Manufacturing Installed Certificates 403Locally Significant Certificates 403Multiple PKI Roots in CUCM Deployments 404Cisco Certificate Trust List 405Cisco CTL Client Function 406Initial CTL Download 408IP Phone Verification of a New Cisco CTL 409IP Phone Usage of the CTL 410PKI Topology with Secure SRST 410Trust Requirements with Secure SRST 412Secure SRST: Certificate Import: CUCM 412Secure SRST: Certificate Import: Secure SRST Gateway 413Certificate Usage in Secure SRST 414Summary 415References 416Review Questions 416Chapter 16 Implementing Security in CUCM 419Chapter Objectives 419Enabling PKI-Based Security Features in CUCM 420Configuration Procedure for PKI-Based CUCM Security Features 421Enabling Services Required for Security 422Installing the Cisco CTL Client 422Cisco CTL Client Usage 423Setting the Cluster Security Mode 424Updating the CTL 425CAPF Configuration and LSC Enrollment 425CAPF Service Configuration Parameter 426CAPF Phone Configuration Options 426First-Time Installation of a Certificate with a Manually Entered Authentication String 428Certificate Upgrade Using an Existing MIC 429Generating a CAPF Report to Verify LSC Enrollment 430Finding Phones by Their LSC Status 431Signed and Encrypted Configuration Files 431Encrypted Configuration Files 432Obtaining Phone Encrypted Configuration Files 433Configuring Encrypted Configuration Files 434Phone Security Profiles 434Default SCCP Phone Security Profiles 435Configuring TFTP Encrypted Configuration Files 436Secure Signaling 436Certificate Exchange in TLS 438Server-to-Phone Authentication 438Phone-to-Server Authentication 439TLS Session Key Exchange 440Secure Signaling Using TLS 441Secure Media Transmission Between Cisco IP Phones 441SRTP Protection 442SRTP Packet Format 443SRTP Encryption 443SRTP Authentication 444Secure Call Flow Summary 445Configuring IP Phones to Use Secure Signaling and Media Exchange 446The Actual Security Mode Depends on the Configuration of Both Phones 447Secure Media Transmission to H.323 and MGCP Gateways 447H.323 SRTP CUCM 448SRTP to MGCP Gateways 450Secure Conferencing 450Secure Conferencing Considerations 451Secure Conferencing Configuration Procedure 452Summary 458References 459Review Questions 459Appendix A Answers to Chapter Review Questions 465Index 472