Need help - Catalyst 3550 on CCM4.1 Voip

Similar Messages

• Need help for NAT, ACL for VoIP

  Dear experts
  I configure my PBX server to work with one VoIP provider. When I put the server in blank network, mean that without VLANs.
  The IP PBX server can register to the VoIP provider system normally and I can make call out and receive calls normally.
  However,  when I put the PBX behind the Cisco router with some configuration. The  PBX cannot register with the VoIP provider system.
  Eventhough I can receive calls from outside but can not make a call from inside to outside, because of the PBX cannot register.
  Could you please help me to point out what is wrong with my Cisco router configuration.
  Thanks a lot
  Building configuration...
  Current configuration : 1982 bytes
  ! Last configuration change at 17:18:27 UTC Mon Feb 24 2014
  version 15.1
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname Router
  boot-start-marker
  boot-end-marker
  enable secret 5 $1$ZJEF$8np0QvQTD1nTaOosa9yGW1
  no aaa new-model
  memory-size iomem 20
  no ipv6 cef
  ip source-route
  ip cef
  multilink bundle-name authenticated
  crypto pki token default removal timeout 0
  license udi pid CISCO2911/K9 sn FTX1603AH9C
  interface Embedded-Service-Engine0/0
  no ip address
  interface GigabitEthernet0/0
  description internal-LAN
  ip address x.x.x.4 255.255.0.0
  ip nat inside
  ip virtual-reassembly in
  duplex auto
  speed auto
  interface GigabitEthernet0/1
  no ip address
  duplex auto
  speed auto
  interface GigabitEthernet0/1.1
  encapsulation dot1Q 11
  ip address 172.x.x.1 255.255.240.0
  interface GigabitEthernet0/2
  description internet
  ip address 50.x.x.93 255.255.x.x
  ip nat outside
  ip virtual-reassembly in
  duplex auto
  speed auto
  ip forward-protocol nd
  no ip http server
  no ip http secure-server
  ip nat inside source list 100 interface GigabitEthernet0/2 overload
  ip nat inside source static udp x.x.x.8 5060 50.x.x.93 5060 extendable
  ip route profile
  ip route 0.0.0.0 0.0.0.0 50.x.x.94
  ip route 172.16.240.0 255.255.x.0 x.x.x.5
  ip route 172.16.242.0 255.255.x.0 x.x.x.5
  access-list 100 permit ip x.x.0.0 0.0.255.255 any
  access-list 100 permit ip 172.16.240.0 0.0.0.255 any
  access-list 100 permit ip 172.16.242.0 0.0.0.255 any
  access-list 100 permit udp any any range 5004 5090
  access-list 100 permit udp any any range 10000 20000
  control-plane
  line con 0

  Hello.
  Do you have the same static NAT mapping for TCP 5060?

• I need help refreshing my Adobe Creative Cloud membership in Business Catalyst.

  I need help refreshing my Adobe Creative Cloud membership in Business Catalyst.
  Hello, I had an Adobe Muse membership and I have changed it to a full Adobe Creative cloud membership. The problem is when I login in to business catalyst and try to push live  a second site, it tells me as follows:  Your Adobe Creative Cloud Membership has reached its limit for hosted sites.
  I think business catalyst has not recognize jet that I have change my Adobe Creative Cloud Membership and does not allow me access to the 5 sites that are supposed to come with my adobe creative cloud.
  Please help me refresh my status on business catalyst so I can publish my 5 sites.
  thanks

  Hi,
  Please reach out to our direct support via case or live chat as this may require escalation.  It appears your account is not syncing with your adobe ID for whatever reason and will require further investigation to help resolve.  We'll need your ID(s) plus any additional details so we can correct this for you. 
  - http://helpx.adobe.com/contact.html
  Thanks,
  -Sidney

• Need help in setting up PSTN to VOIP gateway with only one VOIP account.

  Hi!
  I am having hard time configuring SPA 3102 for # 3 and # 4 in following requirement list. I have only one VOIP account and my provider does not support simultaneous registrations even on different port. So I want to setup gateway without PSTN line being registered, so only Line 1 is registered with a VSP.
  1. POT terminal can dial out using PSTN or VOIP based on dialplan. Done!
  2. POT terminal can receive call from VOIP. Done!
  3. If a call is received at PSTN line then it should be dealt as gateway call if from particular number, otherwise it is sent to POT Terminal.
  4. If the call is not attended thru POT Terminal then it should be redirected to a particular number using VOIP after certain number of rings.
  Regards,
  Babar.

  #3
  i think that it is not possible,
  - the default bahaviour of the SPA3102 is to recieve the call from the PSTN line, forward it to the phone connected to the FXS port.
  - if there is no answer on the FXS it is then forwarded to a certain number via voip or given a second dial tone.
  #4
  This is functioning ans is the default scenario.,
   register the PSTN line the same as the Line 1.
  set the register to " NO"
  make call without register to "NO"
  ans call without regsiter to "NO"
  - if you need to forward that to a voip number of your choice
  set the PSTN To VOIP dial plan to 2 and change the dial plan on the PSTN line to S0 < : target phone number >

• Need help in voip design

  hi,
  our customer having nearly 30 branches. 20 are connected to central office via leased lines.
  And 10 branches are connected by internet.
  Now customer willing to use voip on all these branches.
  That is From central office to leased line offices and internet offices vice versa..
  And there are analog phones with PBXs.
  present along with them soft and hard IP phones are required with redundancy.
  so anybody can help me in designing this voip setup? (designing means what are the required equipments and protocols for this setup)
  Regards
  skrao
  Regards
  skrao

  Skrao,
  Several ways to go here I don't really recommend the VOIP over the internet but your going to have to do a user count and peak call utilzation survey for each site.
  Your probably going to go with one of the ASxxxx models for the central site and 2800 or 1800 for the remote sites. As for the VPN offices you might try CME Call Manager Express for them or keep there existing PBX's kinda depends on what there Goals are.
  I can't give you specific parts because there is such a huge combination of different ways to go but your gist is you'll probably have a couple of Access-Servers to handle your primary site PSTN connections and then put something that can handle SRST Survivable Remote Site Telephony at each branch office. For your VPN sites your going to want to use Call Manager Express.
  Patrick

• Using Catalyst 3550 Switch with Linksys Home Router and Cable Internet

  I've about pulled what little hair I have out of my head on this one, and need some configuration help.
  I have a Cisco Catalyst 3550 switch with five Windows 7 desktops, an Avaya PBX and five Avaya IP phones attached.  All of these devices are on a 192.168.0.0/24 subnet, and are communicating properly.  I will refer to this as network # 1. I also have SEPARATE network, we'll call network # 2, using AT&T ADSL service and a Netgear 4-port/wireless router/ADSL modem combo device, which is functioning properly with a couple of other Windows 7 desktops over its own wired Ethernet network, using DHCP, and also on a 192.168.0.0/24 subnet.  I thought it would be a simple integration, just plugging one of the 3550's ports to one of the DSL router's ports, in order to give the five Windows 7 desktop computers on network # 1 internet access via the DSL modem. Guess I was wrong.  When I connect the two switches together, although I get a good connectivity (green lights on both ports) and am able to ping the DSL router's gateway address (192.168.0.252) from network # 1's computers, the computers on network # 1 cannot access the internet. Also, the working computers on network # 2 lose their internet access as long as the two switches are connected together. I am not a Cisco guru, but there's got to be a way to make this scenario work.  Can someone provide me with a 3550 configuration that will allow me to extend my internet service from network # 2 on the DSL router to my 3550 switch and their computers?  Here's what I am looking for:
  INTERNET ---> ADSL MODEM ---> NETGEAR ROUTER ---> CISCO 3550 SWITCH ---> NETWORK DEVICES WITH INTERNET ACCESS

  The Netgear router is probably what's doing the natting. Is the 3550 configured for routing or is it straight L2? If you have the 3550 configured as L3, then it's going to be easy to do what you want. Just add a static route on the Netgear to point the subnet that it doesn't know about to the 3550. For example, if the Netgear is addressed at 192.168.1.1 and the Cisco 3550 is addressed at 192.168.1.2, but it also knows about the 192.168.0.0/24 (separate vlan), then you would put a static route on your Netgear for 192.168.0.0/24 to go to 192.168.1.2.
  The way that I would do it is to create a separate vlan on the 3550 and assign an address to it. Once you do that, make the port that the other switch connects to an access port of that vlan. (It would need to be on the same subnet as the existing equipment.) All of your devices would use it as a default gateway and then you would do the rest as above. You could also use RIP between the Netgear and Cisco if you can't do static routing.
  HTH,
  John

• 802.1x EAP-PEAP over Ethernet need help !!!

  I am trying to get wired 802.1x EAP-PEAP to work and after spending about 8 hours
  troubleshooting this, I am not sure what else to do.  Need help.  Here
  is the scenario:
  - Cisco Catalyst 3350 switch running IOS versionc3550-ipservicesk9-mz.122-44.SE6.bin,
  - Steelbelted/JUniper Radius Server version 6.1.6 on a windows 2003 server
  with IP address of 129.174.2.7.  This device is connected to the same switch above.
  Firewall is OFF on the server, allow ALL,
  - Windows 2003 Enterprise Server supplicant with the latest Service pack and patches.  Again,
  Firewall is OFF on the server, allow ALL.  Juniper has verified the configuration settings
  on the Supplicant machine.  The supplicant has a static IP address of 129.174.2.15, same subnet
  as the radius server, I just want enable EAP-PEAP so that user is forced to authenticate before
  the port is activate to be "hot".
  - Juniper TAC has verified the configuration on the Steelbelted radius for eap-peap
  and that everything is looking fine,
  I have verified that the switch can communicate fine with the radius server.
  - Configuration on the switch for 802.1x:
  aaa new-model
  aaa authentication dot1x default group radius
  radius-server host 129.174.2.7 auth-port 1812 acct-port 1813 key 123456
  interface FastEthernet0/39
    description windows 2003 Supplicant
    switchport access vlan 401
    switchport mode access
    dot1x port-control auto
    no spanning-tree portfast (does not matter if this is enable or disable)
  lab-sw-1#
  .May 20 07:52:47.334: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.0000
  .May 20 07:52:47.338: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1  id: 0x2  length: 0x0005 type: 0x1  data:
  .May 20 07:52:47.338: EAPOL pak dump Tx
  .May 20 07:52:47.338: EAPOL Version: 0x2  type: 0x0  length: 0x0005
  .May 20 07:52:47.338: EAP code: 0x1  id: 0x2  length: 0x0005 type: 0x1
  .May 20 07:52:47.338: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authenticator
  lab-sw-1#
  lab-sw-1#sh dot1x interface f0/39
  Dot1x Info for FastEthernet0/39
  PAE                       = AUTHENTICATOR
  PortControl               = AUTO
  ControlDirection          = Both
  HostMode                  = SINGLE_HOST
  Violation Mode            = PROTECT
  ReAuthentication          = Disabled
  QuietPeriod               = 60
  ServerTimeout             = 30
  SuppTimeout               = 30
  ReAuthPeriod              = 3600 (Locally configured)
  ReAuthMax                 = 2
  MaxReq                    = 2
  TxPeriod                  = 30
  RateLimitPeriod           = 0
  lab-sw-1#
  I am at a complete lost here.  don't know what else to do.  Someone with expertise in this realm please
  help me how to make this work.
  Many thanks in advance,

  #1:  dot1x system-auth-control is already in the switch configuration
  #2:  Not sure if you're already aware, the minute I entered "dot1x port-control auto", the command "dot1x pae authenticator" automatically appears on the interface configuration
  The case is being worked on by Cisco TAC.  One of the issues is the windows 2003 server supplicant refuses to work.  Windows XP supplicant uses machine-authentication instead of user-authentication.  Cisco TAC is looking into this issue.

• Need help for access list problem

  Cisco 2901 ISR
  I need help for my configuration.... although it is working fine but it is not secured cause everybody can access the internet
  I want to deny this IP range and permit only TMG server to have internet connection. My DHCP server is the 4500 switch.
  Anybody can help?
           DENY       10.25.0.1 – 10.25.0.255
                            10.25.1.1 – 10.25.1.255
  Permit only 1 host for Internet
                  10.25.7.136  255.255.255.192 ------ TMG Server
  Using access-list.
  ( Current configuration  )
  object-group network IP
  description Block_IP
  range 10.25.0.2 10.25.0.255
  range 10.25.1.2 10.25.1.255
  interface GigabitEthernet0/0
  ip address 192.168.2.3 255.255.255.0
  ip nat inside
  ip virtual-reassembly in max-fragments 64 max-reassemblies 256
  duplex auto
  speed auto
  interface GigabitEthernet0/1
  description ### ADSL WAN Interface ###
  no ip address
  pppoe enable group global
  pppoe-client dial-pool-number 1
  interface ATM0/0/0
  no ip address
  no atm ilmi-keepalive
  interface Dialer1
  description ### ADSL WAN Dialer ###
  ip address negotiated
  ip mtu 1492
  ip nat outside
  no ip virtual-reassembly in
  encapsulation ppp
  dialer pool 1
  dialer-group 1
  ppp authentication pap callin
  ppp pap sent-username xxxxxxx password 7 xxxxxxxxx
  ip nat inside source list 101 interface Dialer1 overload
  ip route 0.0.0.0 0.0.0.0 Dialer1
  ip route 10.25.0.0 255.255.0.0 192.168.2.1
  access-list 101 permit ip 10.25.0.0 0.0.255.255 any
  access-list 105 deny   ip object-group IP any
  From the 4500 Catalyst switch
  ( Current Configuration )
  interface GigabitEthernet0/48
  no switchport
  ip address 192.168.2.1 255.255.255.0 interface GigabitEthernet2/42
  ip route 0.0.0.0 0.0.0.0 192.168.2.3

  Hello,
  Host will can't get internet connection
  I remove this configuration......         access-list 101 permit ip 10.25.0.0 0.0.255.255 any
  and change the configuration ....      ip access-list extended 101
                                                              5 permit ip host 10.25.7.136 any
  In this case I will allow only host 10.25.7.136 but it isn't work.
  No internet connection from the TMG Server.

• Catalyst 3550: Loading IOS via TFTP from ROMmon?

  Hi everybody,
  I need to load an IOS from ROMmon-mode to a Catalyst 3550.
  Of cause I could do that via xmodem but I thought it should also be possible via TFTP.
  What I did:
  switch: IP_ADDRESS=192.168.1.1
  switch: IP_SUBNET_MASK=255.255.255.0
  switch: TFTP_SERVER=192.168.1.2
  switch: TFTP_FILE=c3550-ipservicesk9-mz.122-35.SE5.bin
  switch: DEFAULT_GATEWAY=192.168.1.1
  switch: set
  BOOT=tftp://192.168.1.2/c3550-ipservicesk9-mz.122-35.SE5.bin
  DEFAULT_GATEWAY=192.168.1.1
  IP_ADDRESS=192.168.1.1
  IP_SUBNET_MASK=255.255.255.0
  MAC_ADDR=00:0F:90:7F:B1:00
  MODEL_NUM=WS-C3550-48-SMI
  MODEL_REVISION_NUM=L0
  MOTHERBOARD_ASSEMBLY_NUM=73-5701-09
  MOTHERBOARD_REVISION_NUM=A0
  MOTHERBOARD_SERIAL_NUM=CAT08130PUT
  POWER_SUPPLY_PART_NUM=34-0967-02
  POWER_SUPPLY_SERIAL_NUM=DTH08094HH7
  SYSTEM_SERIAL_NUM=CAT0813Z29A
  TFTP_FILE=c3550-ipservicesk9-mz.122-35.SE5.bin
  TFTP_SERVER=192.168.1.2
  switch: boot tftp://192.168.1.2/c3550-ipservicesk9-mz.122-35.SE5.bin
  Loading "tftp://192.168.1.2/c3550-ipservicesk9-mz.122-35.SE5.bin"...tftp://192.168.1.2/c35 50-ipservicesk9-mz.122-35.SE5.bin: permission denied
  Error loading "tftp://192.168.1.2/c3550-ipservicesk9-mz.122-35.SE5.bin"
  Interrupt within 5 seconds to abort boot process.
  Boot process failed...
  switch: boot
  Loading "tftp://192.168.1.2/c3550-ipservicesk9-mz.122-35.SE5.bin"...tftp://192.168.1.2/c35 50-ipservicesk9-mz.122-35.SE5.bin: permission denied
  Error loading "tftp://192.168.1.2/c3550-ipservicesk9-mz.122-35.SE5.bin"
  Interrupt within 5 seconds to abort boot process.
  Boot process failed...
  Am I doing something wrong or is it generally impossible to load an IOS via TFTP to a 3550?
  Thanks in advance
  Rolf

  I am pretty sure you can't boot from a TFTP server with the Catalyst 3550 (or any of the other standalone access switches - 2950, 3550, 3560 3750 etc). If you want to recover one you need to recover it using XModem via the console:
  http://www.cisco.com/en/US/products/hw/switches/ps628/products_tech_note09186a0080169696.shtml
  I used to think you had to do this at 9600-baud, however you can increase the baudrate and it only takes 10-20 minutes (I couldn't get 115200 to work but 57600 worked OK and took about 20-minutes).
  You need to remember to put the baud rate back to 9600 when the image is back on as it gets stored in NVRAM and reboots etc are at the stored speed (i.e. changing it after it has booted under the line con 0 doesn't get saved to NVRAM).
  HTH
  Andy

• I need help from muse pro's

  I have a client wanting a site similar to this link.
  http://www.charliegerken.com/
  I can do most everything layout and content wise but where I need help is with the complex searches and the integrated maps. Any input would be very much appreciated. Thank you.

  Hi JtB!
  Here are some example websites which have been produced with Business Catalyst.
  - http://www.rentersguide.com/ (made by SimpleFlame - http://simpleflame.com/)
  - http://uguru-realestate-us.businesscatalyst.com/ (ready template - BCgurus - http://www.bcgurus.com/templates)
  Ask consulting offers these two companies. I know for sure that they are reliable and they can help you.
  Best Regards
  TaikaJim

• Catalyst 3550-48 unable to boot

  Hi,
  I have a catalyst 3550-48 switch which is running the ios image c3550-ipbase-mz.122-25.SEB4.bin. the problem is now its not booting, it directly goes to rommon mode from there if I issue the command boot flash:c3550-ipbase-mz.122-25.SEB4.bin it gives me the error message like loading ...... c3550-ipbase-mz.122-25.SEB4.bin .....magic number mismatch:bad mzip file
  please help me to resolve the issue

  Hi Friend,
  Seems to be a corrupt image. The best solution will be to xmodem the same image again.
  Download the same image again from cisco.com and xmodem to the switch.
  Have a look at this xmodem procedure
  http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a0080320001.html
  HTH, if yes please rate the post.
  Ankur

• Catalyst 3550 & 3560/3750 command 'show mls qos interface statistics'

  On the Catalyst 3550 the command 'show mls qos interface statistics' will show ingress packet (or byte) counts with DSCP values. If you have policers configured then it also shows a count of packets that have been marked down to another DSCP value due to policing or any that have been dropped (obviously 'mls qos monitor dscp x' needs configuring). The same command on the 3560/3750 only shows the ingress & egress DSCP values, there is no column that shows packets (or bytes) that have been policed or dropped. Is there any command to display the same information with the 3560/3750?
  Neither platform show counters when the command 'show policy-map interface x/x' is used so this won't work.
  Thanks
  Andy

  Hi, I believe there is a command on the 3560 'sh mls qos interface policers' may be what you are looking for.
  Here is what the command says it outputs:
  To display QoS information at the interface level. This information includes:
  The configuration of the egress queues and the CoS3-to-egress-queue map
  Which interfaces have configured policers
  Ingress and egress statistics, which includes the number of bytes that have been dropped

• Need help with BARS 4.0.12 - 4.0.13 upgrade

  Hello,
  I'm a VoIP noob and need help with a BARS upgrade. To resolve a known problem (Bug #CSCsi32637) we need to upgrade BARS from 4.0.12 to 4.0.13. This is per TAC. However, no one in our company has done this before. I've reviewed the 4.0.12 Admin Guide since I was unable to find any admin docs for 4.0.13. However, I have several questions about this upgrade that hopefully someone here can help with:
  1) The install for 4.0.12 requires a reboot of the server. Is this the same for 4.0.13?
  2) CCM version is 4.1(3)sr6; any problems known with BARS 4.0.13 and this version of CCM? I didn't see
  anything in the Rel Notes or via the Bug Toolkit (figure it never hurts to ask).
  3) Will the previously input configuration settings (i.e., Data Source Servers, Storage Location, Schedule) be preserved or will I have to reinput these settings?
  4) Any known issues with performing this upgrade while controlling the server via VNC?
  5) The 4.0.12 docs state that "To successfully back up the Cisco Unified CallManager database, the backup server and backup targets must exist in the same cluster and have the same version of BARS installed". So BARS must be installed on my publisher (the Backup Server) AND my three subscribers? I'm not finding BARS on these subscribers now.
  Many Thanks for any input,
  Brian Read

  1) Yes, any version requires reboot after install
  2) not that i'm aware of
  4) you'll need to reconfigure it
  5) no
  6) although it's recommended there is no real need to backup any other server than the PUB which contains the master DB, any SUB only needs to pull the info from PUB in case of crash and reinstall
  HTH
  java
  if this helps, please rate

• Catalyst 3550 Strong Cryptographic Software

  What do you lose/gain using Catalyst 3550 Strong Cryptographic Software for features. Are there any authentication features/services not available in the non-crypto image. Need to answer this for a HIPAA review.

  I have used Cisco's Software Advisor to look for differences in the crypto and non-crypto images. For several releases the Advisor does not list any differences. I did find a release 12.1EA1 where it did list differences. As far as authentication services there were no differences listed. It did list support for SSH in the crypto image which is not in the non-crypto image. So depending on how broad your definition of services is there may be a difference that you might care about.
  HTH
  Rick

• ACL's in VLAN Catalyst 3550

  Hello !!
  We have a Switch Catalyst 3550 - 12G
  IOS : Version 12.2(25)SEA
  I need to implement ACL security in VLAN's. But, it did't work.
  VLAN 11 Definition :
  interface Vlan11
  description VLAN - RED WAN
  ip address 192.168.21.1 255.255.255.0
  Interface association (g0/7) with VLAN 11 and extended ACL (ip1)
  interface GigabitEthernet0/7
  switchport access vlan 11
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 11
  switchport mode dynamic desirable
  ip access-group ip1 in
  ACL definition :
  ip access-list extended ip1
  permit ip 192.168.70.0 0.0.0.255 any
  deny ip any any
  This configuration must allow ip communication between 192.168.70.0 / 24 and 192.168.21.0 / 24. However it does't work.
  Inter VLAN communication are ok.
  Any Suggest ?
  .... Switch Conf. attach
  Tks.
  John Nanez E.

  Try putting on the SVI for vlan 11 (interface vlan 11) . don't think you can put it on a individual interface and have it work . Also they way you wrote it you'll have to put it as out on the vlan because you are permitting a address from another network to the vlan 11 address space thus it would have to block the traffic "out" to the devices on vlan 11 .