Authentication with Single Default Password

Hi,
Is there a way to extract username out of a database of users, but actually have their passwords all the same... Trying to get around not having to create a large amount of accounts...
Thanks
AJ

Hi,
If you have a user database and you are trying to upload it into ACS, you can have a look at the following link to import users in ACS:
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs41/user/a_csutil.htm#wp365101
Hope this helps
~Rohit

Similar Messages

Configuring Basic Authentication with Username and password on BizTalk Schema Service

Hi,
I have published my schema as a webservice with WCF-BASICHTTP adapter in IIS 8.0.
I wanted to have a Basic Authentication(User name and password restriction).
I made the Receive location with Security mode as Transport and Transport Client Crediential Type as Basic.
I also set the Service in IIS with Basic Authentication only enabled.
But I don't know how to provide a UserName and Password Authentication.
Please provide your suggestions
Regards, Vignesh S

Hi,
Try & go through the below MSDN link as it explains configuring WCF BasicHttp adapter very well.
http://msdn.microsoft.com/en-us/library/bb246064(v=bts.80).aspx
HTH,
Sumit
Sumit Verma - MCTS BizTalk 2006/2010 - Please indicate "Mark as Answer" or "Mark as Helpful" if this post has answered the question

Unity Connection - Users with system default password getting locked out

Hi all, hope everyone is well !!
I am experiencing a strange problem and hope someone can give me some direction on where to start digging on this issue.
I am getting a good number of users reporting they are getting locked out of their voice mail and they all claim that they have not changed their password and some user even got their greeting recorded by someone else. One thing in common for the users who reported the issue is that they all using the system default password. I am trying to trace to find out who/what has access to these users' mailbox but so far I have not had any luck.
Thanks in advance !!
Danny

Thanks, yes am doing that now and cant really find any new/unique pattern. Plus the trace is pretty hard to follow. Cant really figure out any times stamps in the trace also. The current trace file is defaultTrace.18.trc and it has very simiiar content as some of the older ones before the problem. Right now the ESS portal is working and the slddsuser password is not locked. It seems the problem takes place on start up?
/usr/sap/ESS/JC77/j2ee/cluster/server0/log
Tough thing to test in production.
I wonder what takes place at startup that would kick this problem off?
brad

Sqlplus can't log in with the default password

Hello,
I tried to log in as JE user in order to run a script (I've read that the default password is the same as the schema name JE in this case) but it gives the error:
SQL> connect
Enter user-name: JE
Enter password:
ERROR:
ORA-01017: invalid username/password; logon denied
Any Ideas what could be the default password for JE, or how to change it as sysdba?
Thanks

EBS schema passwords must be changed using the FNDCPASS executable
How to Change Applications Passwords using Applications Schema Password Change Utility (FNDCPASS or AFPASSWD) [ID 437260.1]
FNDCPASS Troubleshooting Guide For Login and Changing Applications Passwords [ID 1306938.1]
You should not use the "ALTER USER" commands for changing any EBS related schema passwords - this command should only be used for seeded Oracle database accounts such as SYS, SYSTEM, CTXSYS, DBSNMP etc
HTH
Srini

LDAP authentication with MD5 passwords

Hi,
in one of our Linux servers we have MD5 passwords stored in /etc/shadow. We want to implement pam_ldap on that machine, and move passwords to an LDAP database.
I know it is to be done with {crypt} storage scheme.
This works with DS 5.2 running on a Linux box, but under Solaris 8 I couldn't get it working. I know that Solaris 8 doesn't support MD5 passwords in its crypt(3) function, and I suppose Directory Server uses that. Somewhere I read that, however crypt() in Solaris 9 does support MD5.
Can you confirm that after upgrading to Solaris 9, authentication with MD5-hashed passwords will be possible? Has anyone tried it?
Thanks in advance,
Kristof

Thanks you for your reply.
Our openldap version is openldap-2.3.39
And all passwords are encrypted with : Base 64 encoded md5
Below is a sample password:
{md5}2FeO34RYzgb7xbt2pYxcpA==Thanks again for any help..

Pluggable Authentication and Single Sign On

When using pluggable authentication with single sign on enabled, does RD forward the credentials of the client to the session host or those of the identity provided by the ITSGAuthenticatiionEngine.AuthenticateUser implementation's call to ITSGAuthenticateUserSink::OnUserAuthenticated?
I have a PAA authentication plug-in (ITSGAuthenticatiionEngine) implementation and am trying to determine the potential security impact of this API.
David L-

Hi David,
As far as I know, RDS only supports single-sign-on through enabling group policy Allow Delegating Default Credentials.
How to enable Single Sign-On for my Terminal Server connections
http://blogs.msdn.com/b/rds/archive/2007/04/19/how-to-enable-single-sign-on-for-my-terminal-server-connections.aspx
You may need to contact Microsoft Customer Support and Services to find out whether the pluggable authentication
method for single sign on works or not.
You can find phone number for your region accordingly from here:
Global Customer Service phone numbers
http://support.microsoft.com/gp/customer-service-phone-numbers/en-au
Best Regards,
Amy
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]

Authentication and Single Sign-On

Does the Ironport support LDAP authentication with Single Sign-On. Or, is it only supported on NTLM? Can you setup multiple authentication realms to the same AD server, but call different AD groups? What I am trying to accomplish is to have single sign-on working and also have users places in certain access policies according to which AD group they are in. For instance, the marketing group would be placed into on access policy while HR would be place in another.

Hello,
Single Sign on is done on NTLM.
If you go to your GUI? Top Right Hand side > Support and Help Dropdown > Select On Line Help > Then search for working with authentication realms
You will see as follows :
An authentication realm is a set of authentication servers (or a single server) supporting a single authentication protocol with a particular configuration.
You can perform any of the following tasks when configuring authentication:
Include up to three authentication servers in a realm.
Create zero or more LDAP realms.
Create zero or one NTLM realm.
Include an authentication server in multiple realms.
Include one or more realms in an authentication sequence.
Include realms of different protocols in a single authentication sequence.
Assign a realm or a sequence to an Access Policy group.
You can do what you are trying to do with NTLM.
I hope this answers your query.
Regards,
Eric

Publish RD Gateway and Web Access with One-Time Password (OTP) / Two-factor Authentication WITHOUT ISA/TMG server

Hi everybody,
I've been struggeling with this problem for a few weeks now and can't find a way to solve it.
We have an RD farm (Server 2012) which consists of two Remote Desktop Servers with Connection Broker and Web Access.
I've recently published a new server, containing RD Gateway and Web Access in our perimeter network.
Now we've got restrictions that OTP/2FA must be used for the external deployment and we've decided to go for a solution from Gemalto.
The "program" is called IDConfim and the server is called SA Server (Strong Authentication).
Also it's important that NO ISA/TMG server is supposed to be used, the OTP/2FA is supposed to work seamless with the Web Access/Gateway.
After hours discuss we came to a point were their NPS agent setup would be the only way to accomplish our goals.
The setup is supposed to be like this:
LAN:
1 DC (2008 R2)
RD Farm (2012)
1 SA Server (2012)
DMZ:
RD Gateway/Web Access (2012)
Were Gateway and Web Access should forward the authentications with NPS to the NPS agent on the SA server.
When you print your AD account to authenticate you add the 6 digits of OTP which you recieve from you mobile app.
Initially this seems to work, the Gateway forwards the request to the remote NPS server, BUT only if you write the correct AD password
(without the OTP extension).
If you write the correct AD password the authentication is forwarded to out SA Servern and it's beeing rejeced because the password doesn't
contain the correct OTP extension.
The problem comes here.
When you write you AD password along with the OTP extension you get a Windows Security error in the eventlog (On thw Gateway server) like this:
An account failed to log on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: user
Account Domain: domain
Failure Information:
Failure Reason: Unknown username or password.
Status: 0xc000006d
Sub Status: 0x0
Process Information:
Caller Process ID: 0x0
Caller Process Name: -
Network Information:
Workstation Name: server
Source Network Address: 192.168.x.x
Source Port: 63003
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon request fails. It is generated on the computer where access was attempted.
The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
The Process Information fields indicate which account and process on the system requested the logon.
The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
What i can see it's a NTLM error, but hey?! aren't we supposed to forward all authentication handeling to the remote NPS server?
The problem is that no matter what i try the above problem stays there.
Is it not possible to just forward ALL authentication handeling to a remote server?
The only solution I've found to get it working someday in the future is this:
"Remote Desktop Pluggable Authentication and Authorization", which is supposed to be introduced in 2012 R2.
Also this link describes it:
http://archive.msdn.microsoft.com/Release/ProjectReleases.aspx?ProjectName=rdsdev&ReleaseId=3745
Please, bring me some answers before my head explodes! :)
PS, long question = maybe some errors, ask me if something is unclear.

Hi,
Based on our experience, if the NTLM error occurs, please check the password.
Regards,
Mike
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Solaris 10 openldap authentication with md5 passwords

Hello to everyone,
We are trying to enable ldap authentication with pam_ldap and md5 passwords on a Solaris 10 system to an openldap server. If passwords are stored using crypt, everything works correctly. But if the password in openldap is in md5, then authentication fails.
We have installed openldap client along with pam_ldap and nss_ldap from padl (http://www.padl.com/pam_ldap.html)
The error messages when trying to 'su -' to the ldap user are:
Jun 1 18:35:23 servername su: [ID 896952 auth.debug] pam_unix_auth: entering pam_sm_authenticate()
Jun 1 18:35:23 servername su: [ID 810491 auth.crit] 'su ldapuser' failed for mike on /dev/pts/4and for ssh:
Jun 1 18:35:54 servername sshd[14197]: [ID 896952 auth.debug] pam_unix_auth: entering pam_sm_authenticate()
Jun 1 18:35:54 servername sshd[14191]: [ID 800047 auth.error] error: PAM: Authentication failed for ldapuser from pc7395.sa.example.int
Jun 1 18:36:00 servername sshd[14224]: [ID 896952 auth.debug] pam_unix_auth: entering pam_sm_authenticate()
Jun 1 18:36:00 servername sshd[14191]: [ID 800047 auth.error] error: PAM: Authentication failed for ldapuser from pc7395.sa.example.int
Jun 1 18:36:02 servername sshd[14278]: [ID 800047 auth.info] Accepted publickey for scponly from 10.24.4.52 port 35390 ssh2
Jun 1 18:36:04 servername sshd[14270]: [ID 896952 auth.debug] pam_unix_auth: entering pam_sm_authenticate()
Jun 1 18:36:04 servername sshd[14191]: [ID 800047 auth.error] error: PAM: Authentication failed for ldapuser from pc7395.sa.example.int
Jun 1 18:36:04 servername sshd[14191]: [ID 800047 auth.info] Failed keyboard-interactive/pam for ldapuser from 192.168.1.25 port 41075 ssh2
Jun 1 18:36:08 servername sshd[14191]: [ID 896952 auth.debug] pam_unix_auth: entering pam_sm_authenticate()
Jun 1 18:36:08 servername sshd[14191]: [ID 800047 auth.info] Failed password for ldapuser from 192.168.1.25 port 41075 ssh2
Jun 1 18:36:12 servername sshd[14191]: [ID 896952 auth.debug] pam_unix_auth: entering pam_sm_authenticate()
Jun 1 18:36:12 servername sshd[14191]: [ID 800047 auth.info] Failed password for ldapuser from 192.168.1.25 port 41075 ssh2
Jun 1 18:36:17 servername sshd[14191]: [ID 896952 auth.debug] pam_unix_auth: entering pam_sm_authenticate()
Jun 1 18:36:17 servername sshd[14191]: [ID 800047 auth.info] Failed password for ldapuser from 192.168.1.25 port 41075 ssh2Below are the configuration files (pam.conf, nsswitch.conf, ldap.conf) and anything else that I imagine could help (comments of the files have been removed).
Please feel free to ask for any other configuration file:
*/etc/pam.conf*
login   auth requisite        pam_authtok_get.so.1
login   auth required         pam_dhkeys.so.1
login   auth required         pam_unix_cred.so.1
login   auth required         pam_dial_auth.so.1
login   auth sufficient       pam_unix_auth.so.1 server_policy debug
login   auth required           /usr/lib/security/pam_ldap.so.1 debug
rlogin auth sufficient       pam_rhosts_auth.so.1
rlogin auth requisite        pam_authtok_get.so.1
rlogin auth required         pam_dhkeys.so.1
rlogin auth required         pam_unix_cred.so.1
rlogin auth required          pam_unix_auth.so.1 use_first_pass
rsh    auth sufficient       pam_rhosts_auth.so.1
rsh    auth required         pam_unix_cred.so.1
rsh    auth required         pam_unix_auth.so.1
ppp     auth requisite        pam_authtok_get.so.1
ppp     auth required         pam_dhkeys.so.1
ppp     auth required         pam_dial_auth.so.1
ppp     auth sufficient       pam_unix_auth.so.1 server_policy
other   auth sufficient         /usr/lib/security/pam_ldap.so.1 debug
other   auth required           pam_unix_auth.so.1 use_first_pass debug
passwd auth sufficient          pam_passwd_auth.so.1 server_policy
passwd auth required           /usr/lib/security/pam_ldap.so.1 debug
cron    account required      pam_unix_account.so.1
other   account requisite     pam_roles.so.1
other   account sufficient       pam_unix_account.so.1 server_policy
other   account required        /usr/lib/security/pam_ldap.so.1 debug
other   session required      pam_unix_session.so.1
other   password required     pam_dhkeys.so.1
other   password requisite    pam_authtok_get.so.1
other   password requisite    pam_authtok_check.so.1
other   password required     pam_authtok_store.so.1 server_policy*/etc/ldap.conf*
base ou=users,ou=Example,dc=staff,dc=example
ldap_version 3
scope sub
pam_groupdn [email protected],ou=groups,ou=Example,dc=staff,dc=example
pam_member_attribute memberUid
nss_map_attribute uid displayName
nss_map_attribute cn sn
pam_password_prohibit_message Please visit https://changepass.exapmle.int/ to change your password.
uri ldap://ldapserver01/
ssl no
bind_timelimit 1
bind_policy soft
timelimit 10
nss_reconnect_tries 3
host klnsds01
nss_base_group         ou=system_groups,ou=Example,dc=staff,dc=example?sub
pam_password md5*/etc/nsswitch.conf*
passwd:     files ldap
group:      files ldap
hosts:      files dns
ipnodes:   files dns
networks:   files
protocols: files
rpc:        files
ethers:     files
netmasks:   files
bootparams: files
publickey: files
netgroup:   files
automount: files
aliases:    files
services:   files
printers:       user files
auth_attr: files
prof_attr: files
project:    files
tnrhtp:     files
tnrhdb:     files*/etc/security/policy.conf*
AUTHS_GRANTED=solaris.device.cdrw
PROFS_GRANTED=Basic Solaris User
CRYPT_ALGORITHMS_DEPRECATE=__unix__
LOCK_AFTER_RETRIES=YES
CRYPT_ALGORITHMS_ALLOW=1,2a,md5
CRYPT_DEFAULT=1Thanks in advance for any response...!!

Thanks you for your reply.
Our openldap version is openldap-2.3.39
And all passwords are encrypted with : Base 64 encoded md5
Below is a sample password:
{md5}2FeO34RYzgb7xbt2pYxcpA==Thanks again for any help..

ı have 2 account one gamecenter with single emaill and password.it is like a identical twins of different.how can ı make it single?

ı have 2 account one gamecenter with single emaill and password.it is like a identical twins of different.how can ı make it single?

Are you referring to 2 iTunes accounts/Apple ID's? If so you can't, all purchases are tied to each Apple ID so if you need to say reload an app or update, it would be with that account.

How i replace default password policy with my custom password policy

Hi All,
can anybody help me to replace idm default password policy with my custom password policy?

1. Go to Security --> Policies
2. New --> String Quality Policy --> define rules --> save
3. New --> Identity System account policy --> define rules and set the policy created in step2 to for password policy --> save
4. Assign the policy created in step 3 to the user
a. when create a user, under the 'Security' tab , for the 'Account policy' select the policy created in step
b. Programattically, create /check out user view, assign the step 3 policy
<set name='user.waveset.assignedLhPolicy'>
<s>step 3 policy</s>
</set>
and checkin the view

What is the default password after creating a user with wwsec_api.add_portal_user ?

Hi,
I created 850 Portal users with the WWSEC_API calls in PORTAL30 and PORTAL30_SSO. I can logon with an account if manually reset the password for a specific user. But what is the default password of a user after creating it with the API calls ? I tried "password" and the username, but that didn't work.

The WWSEC_API should not be used to create the user account in the SSO schema. As you noted the WWSEC_API calls do not set the password - these are intended to be used only for setting up Portal profile information. For creating the user that can log in, use the Login Server APIs - in sso/ssoumgt.pks:
WWSSO_APP_USER_ADMIN.CREATE_USER.

Unlock iPad with default password

I have recently (3 days back) bought iPad2 ( iOS5.0 ) with smart cover. I have used it for 2 days and it's asking me to enter passcode to start the iPad. I have not even set the password to the iPad and not sure why it's asking the password to enter. Is there any default password to iPad? How can I unlock it now ?
Thanks
Sanjay

iPhone, iPad, iPod touch: Wrong passcode results in red disabled screen
If you don't have the Passcode, you need to restore the device from the computer it was last synced with. There is no "default" passcode.
Follow the instructions for putting the device in recovery mode > iPhone and iPod touch: Unable to update or restore

SIP Trunk - No voice with Single Number Reach

Hi Community.
I setup SIP Trunk with the CCA. Everything is working Call In and Call Out. Call Forward and so on.
But with Single Number reach is something wrong. The mobile phone is ringing and I can get the call, but I hear not any voice.
Can someone please help me out? Below the config.
version 15.1
parser config cache interface
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service internal
service compress-config
service sequence-numbers
dot11 ssid cisco-data
vlan 1
authentication open
dot11 ssid cisco-voice
vlan 100
authentication open
ip source-route
ip cef
ip dhcp relay information trust-all
ip dhcp excluded-address 10.1.1.1 10.1.1.9
ip dhcp excluded-address 10.1.1.241 10.1.1.255
ip dhcp pool phone
network 10.1.1.0 255.255.255.0
default-router 10.1.1.1
option 150 ip 10.1.1.1
ip domain name site1.365873.trk.ipvoip.ch
ip name-server 8.8.8.8
ip inspect WAAS flush-timeout 10
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp router-traffic
ip inspect name SDM_LOW udp router-traffic
ip inspect name SDM_LOW vdolive
no ipv6 cef
multilink bundle-name authenticated
stcapp ccm-group 1
stcapp
isdn switch-type basic-net3
voice call send-alert
voice rtp send-recv
voice service voip
ip address trusted list
ipv4 0.0.0.0 0.0.0.0
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
supplementary-service h450.12
no supplementary-service sip refer
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback pass-through g711ulaw
sip
registrar server expires max 3600 min 3600
localhost dns:site1.365873.trk.ipvoip.ch
no update-callerid
voice class codec 1
codec preference 1 g711alaw
voice register global
mode cme
source-address 10.1.1.1 port 5060
load 9971 sip9971.9-2-2
load 9951 sip9951.9-2-2
load 8961 sip8961.9-2-2
timezone 23
voice source-group CCA_SIP_SOURCE_GROUP_CUE_CME
access-list 2
translation-profile incoming SIP_Incoming
voice source-group CCA_SIP_SOURCE_GROUP_EXTERNAL
access-list 3
voice translation-rule 9
rule 1 /0041449475090/ /90/
rule 2 /0041449475091/ /91/
rule 3 /0041449475092/ /92/
rule 4 /0041449475093/ /93/
rule 5 /0041449475094/ /94/
rule 6 /0041449475095/ /95/
rule 7 /0041449475096/ /96/
rule 8 /0041449475097/ /97/
rule 9 /0041449475098/ /98/
rule 10 /0041449475099/ /99/
voice translation-rule 410
rule 1 /^0$.*$/ /\1/
rule 15 /^..$/ /0041449475090/
voice translation-rule 411
rule 1 /^0$.*$/ /ABCD0\1/
voice translation-rule 412
rule 1 /^ABCD$.*$/ /\1/
voice translation-rule 422
rule 15 /^ABCD$.*$/ /\1/
voice translation-rule 1000
rule 1 /.*/ //
voice translation-rule 1111
rule 1 /^9$[1-9]$$/ /004144947509\1/
rule 15 /^..$/ /0041449475090/
voice translation-rule 1112
rule 1 /^0/ //
voice translation-rule 2000
rule 1 /0041449475098/ /98/
voice translation-rule 2001
rule 1 /0041449475097/ /97/
voice translation-rule 2002
rule 1 /^6/ //
voice translation-rule 2222
voice translation-profile AA_Profile
translate called 2001
voice translation-profile CALLER_ID_TRANSLATION_PROFILE
translate calling 1111
voice translation-profile CallBlocking
translate called 2222
voice translation-profile OUTGOING_TRANSLATION_PROFILE
translate called 1112
voice translation-profile PSTN_CallForwarding
translate redirect-target 410
translate redirect-called 410
voice translation-profile PSTN_Outgoing
translate calling 1111
translate called 1112
translate redirect-target 410
translate redirect-called 410
voice translation-profile SIP_Called_9
translate calling 3265
translate called 9
voice translation-profile SIP_Incoming
translate called 411
voice translation-profile SIP_Passthrough
translate called 412
voice translation-profile SIP_Passthrough_CallBlocking
translate called 422
voice translation-profile VM_Profile
translate called 2000
voice translation-profile XFER_TO_VM_PROFILE
translate redirect-called 2002
voice translation-profile nondialable
translate called 1000
voice-card 0
dspfarm
dsp services dspfarm
fax interface-type fax-mail
license udi pid UC540W-BRI-K9 sn FGL163220SL
archive
log config
logging enable
logging size 600
hidekeys
username admin privilege 15 secret xxx
username xxx password 0 ""
username xxx password 0 ""
ip tftp source-interface Loopback0
bridge irb
interface Loopback0
description $FW_INSIDE$
ip address 10.1.10.2 255.255.255.252
ip access-group 101 in
ip nat inside
ip virtual-reassembly in
interface FastEthernet0/0
description $FW_OUTSIDE$
no ip address
ip inspect SDM_LOW out
ip virtual-reassembly in
ip verify unicast reverse-path
load-interval 30
shutdown
duplex auto
speed auto
interface Integrated-Service-Engine0/0
description cue is initialized with default IMAP group
ip unnumbered Loopback0
ip nat inside
ip virtual-reassembly in
service-module ip address 10.1.10.1 255.255.255.252
service-module ip default-gateway 10.1.10.2
interface FastEthernet0/1/0
no ip address
macro description cisco-desktop
spanning-tree portfast
interface FastEthernet0/1/1
switchport voice vlan 100
no ip address
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/2
switchport voice vlan 100
no ip address
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/3
switchport voice vlan 100
no ip address
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/4
switchport voice vlan 100
no ip address
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/5
switchport voice vlan 100
no ip address
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/6
switchport voice vlan 100
no ip address
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/7
switchport voice vlan 100
no ip address
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/8
no ip address
macro description cisco-desktop
spanning-tree portfast
interface BRI0/1/0
no ip address
isdn switch-type basic-net3
isdn point-to-point-setup
isdn incoming-voice voice
isdn sending-complete
isdn static-tei 0
interface BRI0/1/1
no ip address
shutdown
isdn switch-type basic-net3
isdn point-to-point-setup
isdn incoming-voice voice
isdn sending-complete
isdn static-tei 0
interface Dot11Radio0/5/0
no ip address
ssid cisco-data
ssid cisco-voice
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
antenna receive right
antenna transmit right
interface Dot11Radio0/5/0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0/5/0.100
encapsulation dot1Q 100
bridge-group 100
bridge-group 100 subscriber-loop-control
bridge-group 100 spanning-disabled
bridge-group 100 block-unknown-source
no bridge-group 100 source-learning
no bridge-group 100 unicast-flooding
interface Vlan1
no ip address
bridge-group 1
bridge-group 1 spanning-disabled
interface Vlan100
no ip address
bridge-group 100
bridge-group 100 spanning-disabled
interface BVI1
description $FW_INSIDE$
ip address 192.168.10.2 255.255.255.0
ip access-group 102 in
ip nat inside
ip virtual-reassembly in
interface BVI100
description $FW_INSIDE$
ip address 10.1.1.1 255.255.255.0
ip access-group 103 in
ip nat inside
ip virtual-reassembly in
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http path flash:/gui
ip dns server
ip nat inside source list 1 interface FastEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 192.168.10.1
ip route 10.1.10.1 255.255.255.255 Integrated-Service-Engine0/0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.1.1.0 0.0.0.255
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 1 permit 10.1.10.0 0.0.0.3
access-list 2 remark CCA_SIP_SOURCE_GROUP_ACL_INTERNAL
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 192.168.10.2
access-list 2 permit 10.1.10.0 0.0.0.3
access-list 2 permit 192.168.10.0 0.0.0.255
access-list 2 permit 10.1.1.0 0.0.0.255
access-list 3 remark CCA_SIP_SOURCE_GROUP_ACL_EXTERNAL
access-list 3 remark SDM_ACL Category=1
access-list 3 permit 212.147.47.216
access-list 3 deny   any
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny   ip 192.168.10.0 0.0.0.255 any
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration##NO_ACES_8##
access-list 101 remark SDM_ACL Category=1
access-list 101 permit tcp 10.1.1.0 0.0.0.255 eq 2000 any
access-list 101 permit udp 10.1.1.0 0.0.0.255 eq 2000 any
access-list 101 deny   ip 10.1.1.0 0.0.0.255 any
access-list 101 deny   ip 192.168.10.0 0.0.0.255 any
access-list 101 deny   ip 192.168.1.0 0.0.0.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 permit ip any any
access-list 102 remark auto generated by SDM firewall configuration##NO_ACES_6##
access-list 102 remark SDM_ACL Category=1
access-list 102 deny   ip 10.1.10.0 0.0.0.3 any
access-list 102 deny   ip 10.1.1.0 0.0.0.255 any
access-list 102 deny   ip 192.168.1.0 0.0.0.255 any
access-list 102 deny   ip host 255.255.255.255 any
access-list 102 deny   ip 127.0.0.0 0.255.255.255 any
access-list 102 permit ip any any
access-list 103 remark auto generated by SDM firewall configuration##NO_ACES_8##
access-list 103 remark SDM_ACL Category=1
access-list 103 permit tcp 10.1.10.0 0.0.0.3 any eq 2000
access-list 103 permit udp 10.1.10.0 0.0.0.3 any eq 2000
access-list 103 deny   ip 10.1.10.0 0.0.0.3 any
access-list 103 deny   ip 192.168.10.0 0.0.0.255 any
access-list 103 deny   ip 192.168.1.0 0.0.0.255 any
access-list 103 deny   ip host 255.255.255.255 any
access-list 103 deny   ip 127.0.0.0 0.255.255.255 any
access-list 103 permit ip any any
access-list 104 remark auto generated by SDM firewall configuration##NO_ACES_14##
access-list 104 remark SDM_ACL Category=1
access-list 104 deny   ip 10.1.10.0 0.0.0.3 any
access-list 104 deny   ip 10.1.1.0 0.0.0.255 any
access-list 104 permit ip any any
access-list 104 permit udp host 8.8.8.8 eq domain any
access-list 104 permit icmp any any echo-reply
access-list 104 permit icmp any any time-exceeded
access-list 104 permit icmp any any unreachable
access-list 104 deny   ip 10.0.0.0 0.255.255.255 any
access-list 104 deny   ip 172.16.0.0 0.15.255.255 any
access-list 104 deny   ip 192.168.0.0 0.0.255.255 any
access-list 104 deny   ip 127.0.0.0 0.255.255.255 any
access-list 104 deny   ip host 255.255.255.255 any
access-list 104 deny   ip host 0.0.0.0 any
access-list 104 deny   ip any any
control-plane
bridge 1 route ip
bridge 100 route ip
voice-port 0/0/0
cptone CH
station-id name FAX
station-id number 99
caller-id enable
voice-port 0/0/1
cptone CH
shutdown
caller-id enable
voice-port 0/0/2
cptone CH
shutdown
caller-id enable
voice-port 0/0/3
cptone CH
shutdown
caller-id enable
voice-port 0/1/0
compand-type a-law
cptone CH
bearer-cap Speech
voice-port 0/1/1
compand-type a-law
cptone CH
bearer-cap Speech
voice-port 0/4/0
auto-cut-through
signal immediate
input gain auto-control -15
description Music On Hold Port
sccp local Loopback0
sccp ccm 10.1.1.1 identifier 1 version 4.0
sccp
sccp ccm group 1
associate ccm 1 priority 1
associate profile 2 register mtpa4934c6ee4e0
dspfarm profile 2 transcode
description CCA transcoding for SIP Trunk VTX
codec g711ulaw
codec g711alaw
codec g729ar8
codec g729abr8
maximum sessions 10
associate application SCCP
dial-peer cor custom
name internal
name local
name local-plus
name international
name national
name national-plus
name emergency
name toll-free
dial-peer cor list call-internal
member internal
dial-peer cor list call-local
member local
dial-peer cor list call-local-plus
member local-plus
dial-peer cor list call-national
member national
dial-peer cor list call-national-plus
member national-plus
dial-peer cor list call-international
member international
dial-peer cor list call-emergency
member emergency
dial-peer cor list call-toll-free
member toll-free
dial-peer cor list user-internal
member internal
member emergency
dial-peer cor list user-local
member internal
member local
member emergency
member toll-free
dial-peer cor list user-local-plus
member internal
member local
member local-plus
member emergency
member toll-free
dial-peer cor list user-national
member internal
member local
member local-plus
member national
member emergency
member toll-free
dial-peer cor list user-national-plus
member internal
member local
member local-plus
member national
member national-plus
member emergency
member toll-free
dial-peer cor list user-international
member internal
member local
member local-plus
member international
member national
member national-plus
member emergency
member toll-free
dial-peer voice 1 pots
destination-pattern 99
port 0/0/0
no sip-register
dial-peer voice 2 pots
port 0/0/1
no sip-register
dial-peer voice 3 pots
port 0/0/2
no sip-register
dial-peer voice 4 pots
port 0/0/3
no sip-register
dial-peer voice 5 pots
description ** MOH Port **
destination-pattern ABC
port 0/4/0
no sip-register
dial-peer voice 6 pots
description tcatch all dial peer for BRI/PRIv
translation-profile incoming nondialable
incoming called-number .%
direct-inward-dial
dial-peer voice 50 pots
description ** incoming dial peer **
incoming called-number ^AAAA$
direct-inward-dial
port 0/1/0
dial-peer voice 51 pots
description ** incoming dial peer **
incoming called-number ^AAAA$
direct-inward-dial
port 0/1/1
dial-peer voice 2000 voip
description ** cue voicemail pilot number **
translation-profile outgoing XFER_TO_VM_PROFILE
destination-pattern 98
b2bua
session protocol sipv2
session target ipv4:10.1.10.1
voice-class sip outbound-proxy ipv4:10.1.10.1
dtmf-relay rtp-nte
codec g711ulaw
no vad
dial-peer voice 2001 voip
description ** cue auto attendant number **
translation-profile outgoing PSTN_CallForwarding
destination-pattern 97
b2bua
session protocol sipv2
session target ipv4:10.1.10.1
voice-class sip outbound-proxy ipv4:10.1.10.1
dtmf-relay rtp-nte
codec g711ulaw
no vad
dial-peer voice 2012 voip
description ** cue prompt manager number **
translation-profile outgoing PSTN_CallForwarding
destination-pattern 96
b2bua
session protocol sipv2
session target ipv4:10.1.10.1
voice-class sip outbound-proxy ipv4:10.1.10.1
dtmf-relay rtp-nte
codec g711ulaw
no vad
dial-peer voice 1000 voip
permission term
description ** Incoming call from SIP trunk (VTX) **
session protocol sipv2
session target sip-server
incoming called-number .%
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
fax rate 14400
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback pass-through g711ulaw
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1001 voip
corlist outgoing call-local
description ** star code to SIP trunk (VTX) **
destination-pattern *..
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
fax rate 14400
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback pass-through g711ulaw
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1003 voip
description ** Passthrough Inbound Calls for PSTN from CUE **
translation-profile incoming SIP_Passthrough
b2bua
session protocol sipv2
session target ipv4:10.1.10.1
incoming called-number ABCDT
dtmf-relay rtp-nte
codec g711ulaw
no vad
dial-peer voice 1005 voip
description ** Passthrough Inbound Calls for MWI from CUE **
b2bua
session protocol sipv2
session target ipv4:10.1.10.1
incoming called-number A80T
dtmf-relay rtp-nte
codec g711ulaw
no vad
dial-peer voice 1009 voip
description ** Passthrough Inbound Calls for Internal Extensions from CUE **
b2bua
session protocol sipv2
session target ipv4:10.1.10.1
incoming called-number ^..$
dtmf-relay rtp-nte
codec g711ulaw
no vad
dial-peer voice 1033 voip
corlist outgoing call-local
description **CCA*Switzerland*Short Code Services**
translation-profile outgoing PSTN_Outgoing
preference 1
destination-pattern 0187
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1042 voip
corlist outgoing call-emergency
description **CCA*Switzerland*Ambulance / Poisioning**
translation-profile outgoing CALLER_ID_TRANSLATION_PROFILE
preference 1
destination-pattern 0014[45]
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1041 voip
corlist outgoing call-emergency
description **CCA*Switzerland*REGA Air Rescue**
translation-profile outgoing CALLER_ID_TRANSLATION_PROFILE
preference 1
destination-pattern 00333333333
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1025 voip
corlist outgoing call-national
description **CCA*Switzerland*National Destination Numbers**
translation-profile outgoing PSTN_Outgoing
preference 1
destination-pattern 00[789]1.......
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1020 voip
corlist outgoing call-national
description **CCA*Switzerland*Regional Announcement VM**
translation-profile outgoing PSTN_Outgoing
preference 1
destination-pattern 01600
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1040 voip
corlist outgoing call-emergency
description **CCA*Switzerland*REGA Air Rescue**
translation-profile outgoing CALLER_ID_TRANSLATION_PROFILE
preference 1
destination-pattern 000333333333
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1043 voip
corlist outgoing call-emergency
description **CCA*Switzerland*Ambulance / Poisioning**
translation-profile outgoing CALLER_ID_TRANSLATION_PROFILE
preference 1
destination-pattern 014[45]
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1035 voip
corlist outgoing call-national
description **CCA*Switzerland*Mobile Numbers**
translation-profile outgoing PSTN_Outgoing
preference 1
destination-pattern 007[46789].......
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1024 voip
corlist outgoing call-national-plus
description **CCA*Switzerland*Personal Numbering**
translation-profile outgoing PSTN_Outgoing
preference 1
destination-pattern 00878......
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1029 voip
corlist outgoing call-national
description **CCA*Switzerland*Voicemail Access**
translation-profile outgoing PSTN_Outgoing
preference 1
destination-pattern 00860.........
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1036 voip
corlist outgoing call-national
description **CCA*Switzerland*VPN Access**
translation-profile outgoing PSTN_Outgoing
preference 1
destination-pattern 00869.............
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1027 voip
corlist outgoing call-national-plus
description **CCA*Switzerland*Premium Rate (Business)**
translation-profile outgoing PSTN_Outgoing
preference 1
destination-pattern 00900......
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1026 voip
corlist outgoing call-national
description **CCA*Switzerland*Test Numbers**
translation-profile outgoing PSTN_Outgoing
preference 1
destination-pattern 00868T
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1034 voip
corlist outgoing call-national-plus
description **CCA*Switzerland*Shared Cost numbers**
translation-profile outgoing PSTN_Outgoing
preference 1
destination-pattern 0084[0248]......
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1038 voip
corlist outgoing call-emergency
description **CCA*Switzerland*Emergency**
translation-profile outgoing CALLER_ID_TRANSLATION_PROFILE
preference 1
destination-pattern 0011[278]
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1037 voip
corlist outgoing call-toll-free
description **CCA*Switzerland*Toll Free Numbers**
translation-profile outgoing PSTN_Outgoing
preference 1
destination-pattern 00800......
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1039 voip
corlist outgoing call-emergency
description **CCA*Switzerland*Emergency**
translation-profile outgoing CALLER_ID_TRANSLATION_PROFILE
preference 1
destination-pattern 011[278]
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1032 voip
corlist outgoing call-national
description **CCA*Switzerland*National Destination Numbers**
translation-profile outgoing PSTN_Outgoing
preference 1
destination-pattern 00[23456]........
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1023 voip
corlist outgoing call-international
description **CCA*Switzerland*International Calls**
translation-profile outgoing PSTN_Outgoing
preference 1
destination-pattern 000T
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1031 voip
description **CCA*Switzerland*Premium Rate (Social)**
translation-profile outgoing PSTN_Outgoing
preference 1
destination-pattern 0090[16]......
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1030 voip
corlist outgoing call-national
description **CCA*Switzerland*Short Code**
translation-profile outgoing PSTN_Outgoing
preference 1
destination-pattern 014[0357]
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1045 voip
corlist outgoing call-emergency
description **CCA*Switzerland*REGA/Glaciers Air Rescue**
translation-profile outgoing CALLER_ID_TRANSLATION_PROFILE
preference 1
destination-pattern 0141[45]
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1028 voip
corlist outgoing call-national-plus
description **CCA*Switzerland*Directory Enquiries**
translation-profile outgoing PSTN_Outgoing
preference 1
destination-pattern 018[15].
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1021 voip
corlist outgoing call-national
description **CCA*Switzerland*Short Code**
translation-profile outgoing PSTN_Outgoing
preference 1
destination-pattern 011[45].
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1022 voip
corlist outgoing call-national
description **CCA*Switzerland*Short Code Services**
translation-profile outgoing PSTN_Outgoing
preference 1
destination-pattern 01[67].
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 1044 voip
corlist outgoing call-emergency
description **CCA*Switzerland*REGA/Glaciers Air Rescue**
translation-profile outgoing CALLER_ID_TRANSLATION_PROFILE
preference 1
destination-pattern 00141[45]
session protocol sipv2
session target sip-server
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
dial-peer voice 2002 voip
description ** cue voicemail PSTN number **
translation-profile outgoing VM_Profile
destination-pattern xxx$
b2bua
session protocol sipv2
session target ipv4:10.1.10.1
voice-class sip outbound-proxy ipv4:10.1.10.1
dtmf-relay rtp-nte
codec g711ulaw
no vad
dial-peer voice 2003 voip
description ** cue auto attendant PSTN number **
translation-profile outgoing AA_Profile
destination-pattern xxx$
b2bua
session protocol sipv2
session target ipv4:10.1.10.1
voice-class sip outbound-proxy ipv4:10.1.10.1
dtmf-relay rtp-nte
codec g711ulaw
no vad
dial-peer voice 1110 pots
preference 9
destination-pattern xxx
port 0/0/0
no sip-register
dial-peer voice 3006 voip
description SIP
translation-profile incoming SIP_Called_9
session protocol sipv2
session target sip-server
incoming called-number xxx.
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
no dial-peer outbound status-check pots
sip-ua
keepalive target dns:site1.365873.trk.ipvoip.ch
authentication username xxx password 7 xxx
no remote-party-id
retry invite 2
retry register 10
timers connect 100
timers keepalive active 100
registrar dns:site1.365873.trk.ipvoip.ch expires 3600
sip-server dns:site1.365873.trk.ipvoip.ch
host-registrar
telephony-service
sdspfarm units 5
sdspfarm transcode sessions 10
sdspfarm tag 2 mtpa4934c6ee4e0
video
fxo hook-flash
max-ephones 40
max-dn 300
ip source-address 10.1.1.1 port 2000
auto assign 1 to 1 type bri
calling-number initiator
service phone videoCapability 1
service phone ehookenable 1
service phone ehookEnable 1
service dnis overlay
service dnis dir-lookup
service dss
timeouts interdigit 5
system message SwissT.Net
url services http://10.1.10.1/voiceview/common/login.do
url authentication http://10.1.10.1/voiceview/authentication/authenticate.do
cnf-file location flash:
cnf-file perphone
user-locale U4 load CME-locale-de_DE-German-8.1.2.2.tar
network-locale U4
load 521G-524G cp524g-8-1-17
load 525G spa525g-7-5-4
load 501G spa50x-30x-7-5-2b
load 502G spa50x-30x-7-5-2b
load 504G spa50x-30x-7-5-2b
load 508G spa50x-30x-7-5-2b
load 509G spa50x-30x-7-5-2b
load 525G2 spa525g-7-5-4
load 301 spa50x-30x-7-5-2b
load 303 spa50x-30x-7-5-2b
time-zone 23
time-format 24
date-format dd-mm-yy
keepalive 30 auxiliary 4
voicemail 98
max-conferences 8 gain -6
call-forward pattern .T
call-forward system redirecting-expanded
hunt-group logout HLog
moh flash:/media/music-on-hold.au
multicast moh 239.10.16.16 port 2000
web admin system name cisco secret 5 xxx
dn-webedit
time-webedit
transfer-system full-consult dss
transfer-pattern .T
transfer-pattern 0.T
transfer-pattern 6.. blind
secondary-dialtone 0
night-service day Sun 17:00 09:00
night-service day Mon 17:00 09:00
night-service day Tue 17:00 09:00
night-service day Wed 17:00 09:00
night-service day Thu 17:00 09:00
night-service day Fri 17:00 09:00
night-service day Sat 17:00 09:00
fac standard
create cnf-files version-stamp Jan 01 2002 00:00:00
ephone-template 1
url services 1 http://10.1.10.1/voiceview/common/login.do VoiceviewExpress
service phone webAccess 0
softkeys remote-in-use Newcall
softkeys idle Redial Pickup Mobility Newcall Cfwdall Gpickup Dnd Login
softkeys seized Cfwdall Endcall Redial Pickup Gpickup Callback
softkeys connected Hold Endcall Trnsfer Mobility TrnsfVM Confrn Acct Park
button-layout 7931 2
ephone-template 15
url services 1 http://10.1.10.1/voiceview/common/login.do VoiceviewExpress
softkeys remote-in-use Newcall
softkeys idle Redial Newcall Mobility Cfwdall Pickup Gpickup Dnd Login
softkeys seized Cfwdall Endcall Redial Pickup Gpickup Callback
softkeys connected Hold Endcall Mobility Trnsfer TrnsfVM Confrn Acct Park
button-layout 7931 2
ephone-template 16
url services 1 http://10.1.10.1/voiceview/common/login.do VoiceviewExpress
softkeys remote-in-use Newcall
softkeys idle Redial Newcall Mobility Cfwdall Pickup Gpickup Dnd Login
softkeys seized Cfwdall Endcall Redial Pickup Gpickup Callback
softkeys connected Hold Endcall Mobility Trnsfer TrnsfVM Confrn Acct Park
ephone-template 17
url services 1 http://10.1.10.1/voiceview/common/login.do VoiceviewExpress
softkeys remote-in-use CBarge Newcall
softkeys idle Redial Newcall Mobility Cfwdall Pickup Gpickup Dnd Login
softkeys seized Cfwdall Endcall Redial Pickup Gpickup Callback
softkeys connected Hold Endcall Mobility Trnsfer TrnsfVM Confrn Acct Park
ephone-template 18
url services 1 http://10.1.10.1/voiceview/common/login.do VoiceviewExpress
softkeys remote-in-use CBarge Newcall
softkeys idle Redial Newcall Mobility Cfwdall Pickup Gpickup Dnd Login
softkeys seized Cfwdall Endcall Redial Pickup Gpickup Callback
softkeys connected Hold Endcall Mobility Trnsfer TrnsfVM Confrn Acct Park
button-layout 7931 2
ephone-dn 9
number BCD no-reg primary
description MoH
moh out-call ABC
ephone-dn 292
number xxx
description SIP Main Number registration
preference 10
ephone-dn 293 dual-line
number 90 secondary xxx no-reg both
label Zentrale
description 90
name Zentrale
call-forward busy 98
call-forward noan 98 timeout 20
ephone-dn 294 dual-line
number 94 secondary xxx no-reg both
label LL
description Lehrling Lehrnende
name Lehrling Lehrnende
mobility
snr xxx delay 1 timeout 30 cfwd-noan 98
snr ring-stop
call-forward busy 98
call-forward noan 98 timeout 20
ephone-dn 295 dual-line
number 93 secondary xxx no-reg both
label CM
description
name
snr xxx delay 1 timeout 30 cfwd-noan 98
snr ring-stop
call-forward busy 98
call-forward noan 98 timeout 10
ephone-dn 296 dual-line
number 92 secondary xxx no-reg both
label EE
description
name
mobility
call-forward busy 98
call-forward noan 98 timeout 20
ephone-dn 297 dual-line
number 91 secondary xxx no-reg both
label RS
description
name
mobility
snr xxx delay 1 timeout 30 cfwd-noan 98
snr ring-stop
call-forward busy 98
call-forward noan 98 timeout 10
ephone-dn 298
number 6.. no-reg primary
description ***CCA XFER TO VM EXTENSION***
call-forward all 98
ephone-dn 299
number A801.. no-reg primary
mwi off
ephone-dn 300
number A800.. no-reg primary
mwi on
ephone 1
device-security-mode none
mac-address A44C.11A0.B648
ephone-template 1
max-calls-per-button 2
username "xxx" password xxx
type 525G2
button 1:296 2:293 3m297 4m295
button 5m294
ephone 2
device-security-mode none
mac-address A44C.11A0.B566
ephone-template 1
max-calls-per-button 2
username "xxx" password xxx
type 525G2
button 1:297 2:293 3m296 4m295
button 5m294
ephone 3
device-security-mode none
mac-address A44C.11A0.B5C4
ephone-template 1
max-calls-per-button 2
username "xxx" password xxx
type 525G2
button 1:295 2:293 3m297 4m296
button 5m294
ephone 4
device-security-mode none
mac-address A44C.11A0.B67A
ephone-template 1
max-calls-per-button 2
username "xxx" password xxx
type 525G2
button 1:294 2:293 3m297 4m296
button 5m295
alias exec cca_voice_mode PBX
alias exec cca_vm_notification schedule from_time=00 to_time=24
alias exec clid-ALL_BRI ;1:0-4;1:0-9;1:0-9;1:1-9
alias exec clid-SIP ;1:1-9;1:1-9;1:1-9
banner login ^CCisco Configuration Assistant. Version: 3.2 (3). Fri Jul 04 13:18:33 CEST 2014^C
line con 0
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
transport preferred none
transport input all
line vty 5 100
transport preferred none
transport input all
ntp master
ntp server 91.240.0.5 prefer
en

Hi Patrick
I am working on this one as well. I have a UC560 with SIP Trunk provider Les.NET.
It was working fine until a few weeks ago when something changed on the provider end and broke it. My hunch it is something to do with the SIP REFER.
http://www.cisco.com/c/en/us/support/docs/voice-unified-communications/unified-communications-manager-express/91535-cme-sip-trunking-config.html
Here is an excerpt from the above page:
Call Transfer
When a call comes in on an SIP trunk to an SCCP Phone or CUE AutoAttendant (AA) and is transferred, the CME by default will send a SIP REFER message to the SP proxy. Most SP Proxy Servers do not support the REFER method. This needs to be configured in order to force the CME to hairpin the call:
Router(config)#voice service voip
Router(conf-voi-serv)#no supplementary-service sip refer
Figure 3 shows the behavior of the CME system with the REFER method disabled.

ISE and Selfservice with single SSID

Hi, i have:
WLAN 2504 Controller with 7.2 Software
ISE 1.1.2
A single SSID with 802.1x Authentication
Today the wireless users are authenticated against an cisco acs. I want to switch to the ISE and make use of the mydevices portal. I want to re-use my single SSID and don't want to make any provisioning.
- The user connects to the single SSID
- The user configures peap authentication on his device
- The user authenticates to a ldap directory with username and password
- After successfull authentication the user will be redirected to the mydevices portal
- he logs in with his ldap credentials
- the mac address of his current device is listed in the mydevice portal
- user adds his device to the known devices list
- manual reconnect to my ssid
Is this possible with ISE? Is there a howto out there with exact this scenario?
Kind regards

Hello Andreas,
WLC 2504 supports CWA, CoA & dACL.
This wireless controller also supports MAC filtering with RADIUS lookup. For WLCs that support version 7.2.103.0, there is support for session ID and COA with MAC filtering so it is more MAB-like. So it should fulfill your requirement and you can use single SSID.
For more detailed help review “Universal WLC Configuration Guide” & “ISE 1.1.x Network Component Compatibility” at the following location:
http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_11_universal_wlc_config.pdf
http://www.cisco.com/en/US/partner/docs/security/ise/1.1.1/compatibility/ise_sdt.html
Regards,
Ashok

Authentication with Single Default Password

Similar Messages

Maybe you are looking for