Date post: | 20-Feb-2015 |
Category: |
Documents |
Upload: | shady-hosny |
View: | 91 times |
Download: | 0 times |
1© 2005 Cisco Systems, Inc. All rights reserved.9-13-2006 Cisco Confidential
Cisco Call Manager ExpressFeatures and Design
Greg LandersUnified Communnications System EngineerCisco [email protected]
Colorado Springs Cisco Users Group
2© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
AGENDA• Open Format – Casual• What is Unified Call Manager Express• What is Unity Express• Design Considerations
RedundancyCall Adminission Control
• UCME as SRST for Unified Call Manager• Security considerations on UCME• Remote Teleworker
3© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Cisco Unified Communications Portfolio
Number of Users per System0 25 500 2500+100 200
Hybrid / PBX
KSU
Small PBX
Centrex
Prod
uctiv
ity B
enef
itsVo
ice
Feat
ure
Focu
s
Cisco CallManager Express - Robust IP Telephony, and much more – Office Communications for the Small Office
Cisco Unified CallManager
High End PBXCisco Unified CallManager
Express
4© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Cisco CallManager Express / Unity Express Router Portfolio
2811261xXM262xXM
• Extended modular connectivity (EVM, NM, AIM, WIC/VIC)
• Modularity with performance optimized for “all-in-one” solution (HSDM, NM, EVM, AIM, WIC/VIC)
Con
curr
ent S
ervi
ces
and
Perf
orm
ance
Small Office Enterprise Branch OfficeSmall Branch
• Modular connectivity (WIC/VIC)
2801
1751/1760
24 Phones
36 Phones
48 Phones
37253745
285128212651
96 Phones
38253845
144/192 Phones
168/240 Phones
• Local Auto Attendant and Voice Mail system with 12-100 mailboxes, 4-8 sessions, 100 hours of storage
Multiple Services
Low-Density Services
High-Density Services
Cisco Unity Express
3845 Integrated Service Router (ISR)
Supports 240 Phones
5© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
FEATU
RES
Cisco IP Phone 7905G andCisco IP Phone 7905G andCisco IP Phone 7912GCisco IP Phone 7912G
• Basic Business Phone • Pixel Display• Single Line • Four Dynamic “Soft Keys”• Cisco IP Phone 7912G has
Integrated Ethernet Switch
Cisco IP Phone 7940/41G/7960/61GCisco IP Phone 7940/41G/7960/61G• Ideal Knowledge Worker Phone• Large Pixel Display with Two Lines • Four Dynamic “Soft Keys” • Built-in Headset Port • High-quality Speaker Phone• Integrated Ethernet Switch
Cisco ATA 186/188Cisco ATA 186/188• 2 FXS Ports• 1 RJ-45 10BaseT uplink (Cisco 186 ATA)• 1 RJ-45 10/100BaseT data port
(Cisco ATA 188)
Cisco IP Phone 7911G+SWCisco IP Phone 7911G+SW •Entry Level Phone•Character Display•Single Line•Six Configurable Features•Cisco IP Phone 7910+SW has Integrated Ethernet Switch
Unified CallManager Express Phone Portfolio: IP Phones and Analog Adaptors
Cisco IP Phone 7902GCisco IP Phone 7902G• Entry-level Business Phone• Single Line • Fixed Features
Cisco IP Phone 7970/71GCisco IP Phone 7970/71G • Executive Business Phone• Color Display with Touchscreen• Large Pixel Display with Eight
Lines• Five Dynamic “Soft Keys” • High-quality Speaker Phone• Integrated Ethernet Switch
Cisco Wireless IP Cisco Wireless IP Phone 7920Phone 7920• 802.11b wireless IP phone• 6 extensions / speed dials • Standard and Extended Li-ion
Batteries
Cisco IP Conference Cisco IP Conference Station 7936Station 7936
• High-quality speaker• Hands-free Conference Phone• Three Dynamic “Soft Keys”
Cisco IP Expansion Module 7914• Attendant Console Solution• Up to 34 possible buttons• Monitor, Manage, & Cover calls
Cisco IP CommunicatorCisco IP Communicator• PC based “soft phone”• Emulates Cisco 7961
6© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
UNIFIED COMMUNICATION EXPRESS:
CallManager Express v 4.0
666
7© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Cisco CallManager Express—What is it? Key Benefits:• Cost-effective—
Specifically designed for the SMB or branch office
• Application integration Leveraging Desktop and
CRM solutions • Network Integration Secure voice, video and
data convergence • Investment protection Solution grows with you• Breadth of Solution Deployment and
Endpoint choices• Feature velocity Continued Investment
equals continual research and design
• Configurable IP PBX or IP Key System functionality for 240 station market
• Full Featured Solution that meets the Needs of the Small Business, Branch Office, or Service Provider Managed Service solution
• Provides Robust Networking Across Sites 5 digit dial, VM Networking
• Voicemail, Integrated and Unified Messaging Options
• Integrated Video Communications• Intuitive / Easy to use GUI for day two
system administration• Centralized Management for Multi-Site
Scenarios options
8© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Cisco CallManager Express Key Call Control Features
• Support for Either PBX or Key System Functionality• Legacy Telephony Features:
Call Transfer, Paging, Intercom, Call Coverage
Call Park, MOH, Night Bell
Hunt Groups, Basic ACD and Reporting Ad Hoc & “Meet Me” conferencing
DID / Operator Console
• Converged IP Communications Features:Video Telephony
Wireless (802.11) Integration
Soft Phone support
Desk Top Integration
SIP Support
9© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Cisco CallManager Express Version 4.0Enhancements to Legacy Telephony Features
• ACD, AA & Hunt Group Enhancements– Dynamic registration with Huntgroups– Huntgroup logon / logoff (normal calls still allowed)– Improved waiting call notification– Enhanced B-ACD Reporting in EXCEL Format
• Conferencing Enhancements– Retain conference call when conference initiator drops
• Call Forwarding, Park, Transfer Enhancements
– Night Service Call Forwarding– Park Call Recall– Dedicated Park Slot per extension– Call Transfer blocking
• Enhanced Phone Features– Headset Auto Answer– Distinctive Ring Patterns for Internal or External Calls
• Integration with Legacy PBXSupport for QSIG protocols to communicate with TDM-
based PBX’sCallManager Express
New
IP C
all C
ontro
l
10© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Cisco CallManager Express Version 4.0Enhancements for Converged IP Communications
• Remote Teleworker Support– IP Phone Registration across VPN connection
• Video Telephony & PC Soft TelephonySupport for Cisco VT Advantage for video telephonySupport for Cisco IP Communicator for soft phone
• SIP Trunking Enhancements Enhanced call control with SIP protocols to SIP trunk
• Survivable Remote Site Telephony featuresProvide backup call control in a branch office when part of
a centralized Cisco CallManager telephony network• New Phone Support
New 7941 and 7961 Display Phones
CallManager Express
New
IP C
all C
ontro
l
11© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
CCME 4.0 New System Features
System Features:• Remote teleworker support• Dynamic failover to secondary CME• 10,000 number bulk speed-dial• Feature Access Code (FAC) support• QSIG supplementary feature support• ATA SCCP Fax Passthrough Support• Multiple user locales per system• User defined locales• Line selectable MWI• Revert to originator or alternate number after
call park timeout• Select last-redirect or originator as redirect
number for call-forward to VM• Dedicated call-park slot per phone• Conference last-party drop• Distinctive ringing based on called number
Call Center Features:• Audio and visual display of calls
in queue• Call-forward to alternate number during night-
service• Music on hold from live feed• Customizable message display when all hunt-
group agents logged out • DID Invalid extension system prompt • Disable call-forward for local calls• Block hunting for local calls• Headset auto-answer• Hunt-group automatic agent logout• Hunt-group dynamic membership• Hunt-group logout per extension• Selective call-forward based on DNIS • Timeouts per hunt-group member• Revert to originator after hunt timeout
111111
12© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Additional CCME 4.0 Enhancements
Phone Features:• Cisco IP Communicator support • Cisco 7911/7941/61 support• Cisco VT Advantage with video call support• Enhanced TAPI 2.0 Interface
Security Enhancements:• IP Phone authentication• Disable Auto Registration• CFwdAll, Confrn, GpickUp, Park, PickUp, and
Trnsfer feature blocking • Call transfer number length restriction • Disable directed call-pickup• Block PC port and setting button access • Restrict conference preservation to
local parties
Manageability Enhancements:• CCME MIB• CME Quick Configuration Tool 2.0• Enhanced CDR for tracking supplementary
features• External storage of configuration files and
phone firmware files• Replace mac-address without deleting ephone
configuration• Disable gatekeeper and SIP proxy registration
globally• Night-service parameter for weekdays,
weekends, or every day • Default changed to transfer-system
full-consult • Increase max ephone-templates to 20
121212
13© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Cisco Unified CRM Connector v3.0
• Increases employee productivity, efficiencies by:– Providing immediate information on inbound
and outbound calls– Enabling fast, easy “click to dial” from CRM
database records– Providing call duration tracking, information
capture and record creation• New features include:
– Support for Microsoft CRM 3.0– Support Cisco Unified CallManager Express
4.0, Cisco Unified CallManager 5.0 and Cisco Unified Contact Center Express 4.5
– IVR / digit collection via Cisco Unified Contact Center Express
– IP Phone Service to display results of a CRM Connector lookup
Integrates Cisco Unified CallManager Express, Unified CallManager and Unified Contact Center Express With Microsoft CRM Software
Cisco CRM Connector Lead: Ted Allen
Topic: Wants 200 UnitsCompany: XYZ CorporationRating: Hot
Job Title: Purchasing Manager
Customer Service Case: CAS-0014
SmartSimpleSecure
14© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Supports click-to-dial feature from a Microsoft CRM contact record
Free CCO Download
Cisco CRM Communications Connector:Application Integration with Microsoft CRM
Opens contact record and creates new activity record as call arrivesCreates screen pops from click-to-dial calls and manually dialed outbound calls
Accurately tracks duration of phone call and associates with phone activity record
Captures incoming and outgoing call information, including calling number, called number, and call start and end times
Easily creates a new CRM record when new customer call arrives
• Screen pops
• Click to dial
• Call-duration tracking
• Call-information capture
•Customer-record creation
15© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
UNIFIED COMMUNICATION EXPRESS:
Cisco Unity Express v 2.3
151515
16© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Cisco Unity Express—What is it? • Autoattendant and voice-mail system for the
small and medium office• Supports Cisco® CallManager or Cisco
CallManager Express deployment scenarios• Choice of Network Module or Advanced
Integration Module for complete flexibility• Supported on broad range of Cisco routers—
industry leading Cisco 2800 and 3800 series and widely deployed 2600XM and 3700 series
• 12 to 250 mailboxes, 4 to 16 ports• VPIM Networking with Cisco Unity® Express or
Cisco Unity • International language support• SNMP agent for remote monitoring, data
collection and trap management
Key Benefits:• Cost-effective—
Specifically designed for the SMB or branch office
• Application integration— Fewer devices to manage
• Intuitive user interface— Uses same menu and prompts as Cisco Unity
• Investment protection— Increase mailbox capacity via simple software upgrade
• Broad range of configurations and scale
• Feature velocity—High feature velocity to meet market and customer needs quickly
17© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Cisco Unity Express Key Voice Mail Features
• Individual and General Delivery Voice Mailboxes Message Waiting IndicatorSave, delete, forward, reply, pause, fast forward, rewindTag messages as urgent or privateDistribution list and broadcast messagesAllocate mailbox capacity on per user basisRetrieve accidentally deleted messages from the
telephone user interfacePersonal Operator - “Zero-out” from voice mail to
alternate number definable on per user basis Undelete messages within the same sessionSpoken name confirmation for all local and many remote
recipientsOptional CLID for calls originated on local system or
PSTNMessage Notification configurable by User
• Network messaging with other Cisco Unity Express or Cisco Unity sites
18© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Cisco Unity Express -Key Automated Attendant Features • Multiple automated attendants (up to 5)
per systemStandard dial-by-name, dial-by-extension auto-attendant is provided
• Cisco Unity Express EditorGraphical scripting tool creates customized automated attendant menu flowsSupports time-of-day, day-of-week routingUnlimited menu items and unlimited nesting
• Administration via telephonyRecord AA prompts from phone or computer Create and manage broadcast messagesRecord location names and spoken names for remote users
• Alternate or Emergency GreetingsHoliday schedules / CalendarBusiness Hours schedule Alerts for temporary emergency schedule changes (i.e. snow, earthquakes, etc.)
19© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Cisco Unity Express Version 2.3• New Desktop Applications
– IMAP Compliant E-mail Client Application Integration– “Browse” Voice Mailbox Using Cisco IP Phone
Display – VoiceView Express– New/Urgent Message Notification To Email, Text
Based E-page, Numeric Page, Phone
• Solution Scalability– New 150, 200, 250 Voice Mailbox
• Extensible, Open– SIP Enhancements– Five New Languages: Japanese, Mexican Spanish,
French Canadian, Chinese (Mandarin) And Korean– Internetworking with Cisco CallManager 4.1, 4.2 and
5.0
• Easy To Configure, Deploy, Manage– Remote Monitoring And Management With SNMP
Voic
emai
l
Cisco Unity Express
New
20© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Cisco Unity Express Version 2.3 (FCS 2QCY06)
Easy, Affordable Voice Mail And Automated Attendant
• Capacity Enhancement New 150, 200, 250 Mailbox NM-CUE-EC Licences
• Desktop IntegrationIMAP Compliant E-mail Client Application IntegrationVM Messages Could Also Be Attached, Forwarded To Other
E-mail Services
• Visual Voice Mail Voice View Express Allows Subscriber To “Browse” Voice
Mailbox Using Cisco IP Phone Display
• Remote Notification Subscriber Service Notifies Arrival Of New/Urgent Messages
To Email, Text Based E-page, Numeric Page, Phone
• LocalizationJapanese, Mexican Spanish, French Canadian, Chinese
(Mandarin) and Korean
• SIP Enhancements
21© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
CUE 2.3 Feature Enhancements
System and Capacity Features:• 150, 200, 250 mailbox license levels on the NM-
CUE-EC• CCM connectivity to 4.2 and 5.0• Unity 4.05 TUI prompt parity• Localization—several more languages:
ItalianBrazilian PortugueseLatin American SpanishDanishBritish (UK) English
AA Features:• Re-recording of prompts• Alternate greeting enhancement• AA Script debugging• CME Script Control on Xfer• New editor steps
SIP Features:• Mailboxes for CME and CCM SIP phones• MWI updates in SRST mode• RFC2833 DTMF support
Voice Mail Features:• Integrated Messaging (IMAP-compliant
e-mail client application support)• VoiceView Express—visual access to voice mail• Message notification—outcalling• Future message delivery• Voice mailbox mask support for CCM• Local broadcast privilege• Mandatory message expiry• Original-called-number (OCN)/Last-redirect-
number (LRD)
22© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Cisco Unity Express Modules
• Voice message storage: 100 hours• Session/port capacity – 8 or 16 • Up to 250 mailboxes supported• Hard Drive – 20GB, 500 MHz
processor, 256MB/512MB DRAM
• Voice message storage: up to 14 hours beginning with release 2.0
• Session/port capacity 4 or 6 depending on router
• Up to 65 mailboxes supported• Industrial Grade Compact Flash –1 GB
beginning release 2.0 – 300 MHz processor, 256MB DRAM
NM-CUE or NM-CUE-EC AIM-CUE
23© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Integrated Messaging for Improved Responsiveness, Productivity
Cisco Unity Express IMAP
TUI or Display
POP (.wav)
Desktop messages are accessible via:
IMAP enabled e-mail clients.wav attachments to e-mail (PDA, other e-mail accounts) Cisco IP Phone display using VoiceView Express
24© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Cisco Unity Express:Integrated Messaging across different devices
Lotus Notes
Outlook
VoiceView Express
Voicemail TUI
Outlook Express
IMAP
IMAP
IMAP
SMTP
/PO
P
VoiceMail TUI or email notification
HTTP/XML
VoIP
25© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Integrated Messaging Client View: Example
26© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Integrated Messaging Operation• Integrated view of email and voice mail on the same
clientRetrieve, delete and change the state of voicemail messages through a standard IMAP-capable email clientIMAP enabled email clients.wav attachments to email
• IMAP4rev1 protocol – RFC3501Message store and MWI synchronizationAuthentication (client login) via SSL
• A single CUE “Inbox” folder on PC clientAll the messages (new, saved and deletedmessages) appear in the Inbox The appearance of messages are client-specific
27© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
VoiceView Express – Cisco Unity Express• Provides a visual interface into subscribers’ voice
mailbox to view and manage messages, mailbox settings and other message management tasks
• Allows access of voice messages based on their importance to the user, rather than based on their sequential chronologic order.
• Allows users to sort the saved messages based on date and time, caller or sender name/number, or priority
• Provides customization of personal voice mail box settings via phone display
Home Page
List of Voice MessagesVoice Mail SortDetailed envelope
information
28© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Cisco Unity Express 2.3Message Notification Operation• Message Notification (Outcalling)
This is a system service that notifies a subscriber upon the arrival of new/urgent messagesSystem-wide and per user/GDM configuration options
• Notification DestinationsNumeric devices/destinations (uses a voice port): 4Text devices/destinations (uses no voice ports): 2
• Notification PreferencesConfigurable for All messages; or just for Urgent messages
Broadcast messages and DDRs do not generate notificationsConfigurable per system, per user and per destinationSubscriber can set up a schedule per device/destination for notifications
• Notification MethodAll configured and enabled destinations are notified simultaneouslyNo “chaining” or “cascading” of notifications supportedNo retries or NDRs are generated for notification failures
29© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
UNIFIED COMMUNICATION EXPRESS:
Design Considerations
292929
30© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Cisco CallManager Express IOS Release Version Summary
12.4(6)TVG224, IP-IP GW12.4(4)XC1CME 4.0(1) (Laverda)12.4(4)TCME 3.4 (Piaggio + Speedbird)
IOS VersionCME Release Version
12.4(3d) or higherCME 3.3 (Aprilia on Mainline)12.3(11)T10CME 3.2 (Aprilia)12.3(8)T11CME 3.1 (Segway)
12.4(6th release)TCME 4.0(2) GA 12.4(4)XC3CME 4.0(2) Early Adopter
IOS VersionCME Release Version12.4(9)T CME 4.0 (Laverda) GA
Future
Shipping
31© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
CME 4.0(x) Features
CME 4.0(1)Early Adopter Release: 12.4.(4)XC1, Currently Available3. FXO Trunk dn transfer and line optimization for call
coverage4. Silent ring over-ride for night-service5. Automatic line selection for answering incoming
callCME 4.0(2)Early Adopter Release: 12.4.(4)XC3, FCS July 068. 7931(Goped), 7906G9. CIPC Video Support with CVTA 2.0 10.Localization for 797X/61/41/11
32© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
DSLFaxCisco ISR, Including:• CallManager Express, • Cisco Unity Express• Cisco IOS Firewall• Integrated 24 port PoE switch
GUI Management
Station
Employee PC,Cisco IP Phone
7961G and Voice Mail
Application server
Printer
Cisco IP Phone 7905 in Lobby, Break Room, or
Conference Room
Dial Backup and POS
Analog Phones
Cisco IP Phone 7970+ 7914 as the Attendant
Console Wireless LAN Access Point
Cisco IP VoWLAN 7920
Phone
CO Line 1, 2, 3, 4
Standalone SMB Deployment—Full Office Communications on a Single Platform
Table PC
Public Interne
t
PSTN
33© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Deployment Highlights—SMB
• Single box solution for IP communications, including telephony, video, routing, switching, WLAN, and security
• Connectivity with existing CO lines and analog devices as well as with SIP trunks from service providers
• Key-system features such as shared trunk lines, monitoring of trunk status from phone display, auto attendant
• PBX features such as DID extensions, basic ACD, hunt groups, voicemail, and many more
• Remote phone support for tele-workers or for small offices where a full CME system is not justified
• Video telephony, soft phone support, enable productivity of mobile workforce• Day two GUI administration support• Investment protection for upgrade to multi-site VoIP network with converged
applications
34© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Large Enterprise with Retail Branch
• Call routing to 400+ CME stores handled by GK
• G.729 calls forwarded to Unity converted to G.711 by DSPfarm transcoder registered to CCM
• Unity sends MWI status to MWI relay server using SCCP outdial
• MWI relay server relays MWI status to Store CMEs using SIP subscribe notify
CME Store1
HQ CCMCluster
CME Store2 CME Store3 CME Store4
Gatekeeper
MWI Relay server
Unity
XcodePSTN GW
GK
WANPSTN
35© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Deployment Highlights:Large Enterprise with Retail Branch
• Unified Dialplan for Store-to-Store communication• Leverage existing MoH feed at branch stores• Scalable Dialplan and Call Admission Control provided by
H323 Gatekeeper• One VM box for each CME. Used by branch manager to
receive broadcast voice messaging from HQ• Shared voicemail and directory with HQ CCM and branch
CME • Synchronized MWI notification for 400+ branch IP phones
when message received from HQ
36© 2005 Cisco Systems, Inc. All rights reserved.9-13-2006 Cisco Confidential
Redundancy
Redundancy
37© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
IP Phone Redundancy: HSRP
• Prior to CME 4.0, IP phones must register to HSRP address for redundancy• All inbound/outbound calls to HSRP address are process switched, increasing CPU
utilization for VoIP calls—not an issue for small sites• HSRP address cannot be registered to GK
HSRP Address10.1.1.1Primary CME
10.1.1.2
telephony-serviceip source-address 10.1.1.1 port 2000!interface FastEthernet0/0 ip address 10.1.1.2 255.255.255.0 standby ip 10.1.1.1 standby priority 200 standby preempt
Secondary CME
10.1.1.3
Call Manager 1: 10.1.1.1 ActiveIP Phone Network Configuration
telephony-serviceip source-address 10.1.1.1 port 2000!interface FastEthernet0/0 ip address 10.1.1.3 255.255.255.0 standby ip 10.1.1.1 standby priority 100
38© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
IP Phone Redundancy: Secondary CME
• Starting with CME 4.0, IP phones can home to secondary CME when keepalives to primary CME expires—same behavior as CCM
• HSRP can still be used for data redundancy
CME1: 10.1.1.1
telephony-serviceip source-address 10.1.1.1 port 2000 secondary 10.1.1.2
CME2: 10.1.1.2
Primary CME Secondary CME
Call Manager 1: 10.1.1.1 ActiveCall Manager 2: 10.1.1.2
IP Phone Network Configuration
39© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
CCME PSTN Redundancy Options
• Hybrid schemeAdvantages of consolidating circuits in a PRI/T1-CAS with backup FXOs for 911 in case of T1 failure
• PRI/T1-CAS atoreOne PRI/T1-CAS per CMEEach PRI/T1-CAS uses a diverse route with a diverse carrier
• FXO-Only storeAll FXOs can be physically split between both routers in case of loss of CMEMust set “ringer option 1” on CME-Primary voice-portsMust set “ringer option 3” on CME-Secondary voice-ports
100-240 V ~ 3A50/60H z
DO N OT REMOVE DU RING NETWORK OPERATION
CF
Cisco 3800 Series
SYS ACT PWRSYS
RPS PW R AIM0 AIM1 PVDM0 PVDM 1 PVDM2 PVDM3AUX
CME-Primary
100-240 V ~ 3A50/60H z
DO NOT REM OVE DURING NETW ORK OPERAT ION
CF
Cisco 3800 Series
SYS A CT PWRSYS
RPS PWR A IM0 AIM1 PVDM 0 PVDM1 PVDM 2 PVDM3AUX
CME-Secondary
PSTN
Physically Split FXOs
PRI orT1-CAS
FXO-2
FXO-1
Hybrid Scheme
40© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Combining IP Phone and PSTN Redundancy
• Ephone-dns are always present, even when IP phones are not registered• If PSTN to primary is down, but IP phones are still registered to primary, incoming
calls routed to secondary CME are routed to ephone-dn without an associated IP phone—call will receive busy tone
• To prevent this, ephone-dn on secondary CME needs to be set at lower preference than VoIP dial-peer that routes call to primary CME
• Advanced config—not common
Primary CME (10.1.1.1)
Registration
Secondary CME ephone-dn 1
number 1000preference 10!dial-peer voice 1 voipdestination-pattern 1000session target ipv4:10.1.1.1preference 1
ephone-dn 1number 1000
PSTN
41© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Redundant CME with GK
• Ephone-dn from both primary and secondary CME register to GK simultaneously, with no preference associated
• Preference must be set statically at GK for each CME site to route calls to primary CME first, secondary CME second
81…
interface Loopback0 ip address 192.168.100.1 255.255.255.0 h323-gateway voip interface h323-gateway voip id siteA ipaddr 10.10.10.1 1719 h323-gateway voip h323-id CME1 h323-gateway voip tech-prefix 1# h323-gateway voip bind srcaddr 192.168.100.1
CME1192.168.100.1
interface Loopback0 ip address 192.168.100.2 255.255.255.0 h323-gateway voip interface h323-gateway voip id siteA ipaddr 10.10.10.1 1719 h323-gateway voip h323-id CME2 h323-gateway voip tech-prefix 1# h323-gateway voip bind srcaddr 192.168.100.2
CME2192.168.100.2
gatekeeper zone local NYC cisco.com 10.10.10.1 zone prefix NYC 81... gw-priority 10 CME1 zone prefix NYC 81... gw-priority 9 CME2 gw-type-prefix 1#* default-technology
Gatekeeper
10.10.10.1
WAN GK
42© 2005 Cisco Systems, Inc. All rights reserved.9-13-2006 Cisco Confidential
Call Admission Control (CAC)
Call Admission Control (CAC)
43© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
IP WAN
CCME
Call Admission ControlWhy Is It Needed?
PSTN
Circuit-Switched Networks
Packet-Switched Networks
PBX
PhysicalTrunks
STOP
IP WAN Link Provisionedfor Two VoIP Calls (Equivalent
to Two “Virtual” Trunks)
3rd CallRejected
No Physical Limitation on IP Links
If 3rd Call Accepted,Voice Quality of All
Calls Degrades
Call Adm. Control Limits # of VoIP Calls on Each WAN Link
IP WANLink
44© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Call Admission ControlDistributed Deployments: Gatekeeper
• In purely distributed CME deployments, Gatekeeper provides CAC for both hub-and-spoke and full-mesh topologies
• Define Gatekeeper zones for each CME sitecluster to limit bandwidth in and out of each site
• Up to 500 zones per GK
SJC
RTP NYC
Gatekeeper
gatekeeper zone local RTP cisco.com zone local SJC cisco.com zone local NYC cisco.com bandwidth interzone zone NYC 256 bandwidth interzone zone RTP 256 bandwidth interzone zone SJC 256
GK
IP WAN
45© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Call Admission ControlDial-Peer Max-Conn
• Maximum number of calls can be set using max-conn on dial-peer
• Both inbound and outbound calls count towards maximum limit
• Calls routed through other dial-peers on system do not count towards limit
• All outbound and inbound calls must be routed through single dial-peer to be effective
dial-peermax-conn 2
WAN
STOP
3rd CallRejected
46© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
WAN
Call Admission ControlCall Threshold
• Maximum number of calls can be set per interface using call threshold
• Both inbound and outbound calls count towards maximum limit
• Calls routed across multiple dial-peers count towards maximum limit
• Must be set on physical interfaces Does not work across IPsec or virtual interfaces
dial-peer 1
dial-peer 2
call threshold interface GigabitEthernet0/0 int-calls low 3 high 3
GE0/0
STOP
3rd CallRejected
47© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Call Admission ControlRSVP
• RSVP agent on CME and voice gateways in call path reserve bandwidth for set number of calls
• Effective for networks were all the voice gateways used for call routing support RSVP
Site ASite A Site B
RSVP
WAN
48© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
CME 4.0: CME-SRST Fallback
49© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
CME-SRST Fallback Overview
• CCM phones fallback to CME during WAN outage• SRST Features such as call preservation, auto
provisioning and failover are supported• CME Features are available during failover: Call
park, Hunt-group, MWI, Overlay-DN, SCCP Unity, Softkey Templates
• FL-SRST and FL-CCME licenses are interchangeable, only config on router needs to be modified to switch between CME and SRST
50© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
When to use SRST
• Site has 240+ phones. SRST can support max 720 phones
• Simple, one-time configuration required for basic functionality. CME adds more features but requires additional configuration
• SRTP media encryption is required • SIP Phone Failover is required• VG248 support is required
51© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
CME-SRST Fallback Options
(config-telephony)#srst mode auto-provision ?all SRST mode ON (include both learned DNs and phones into running config)dn SRST mode ON (include only learned DNs
into running config)none SRST mode ON (include NONE of the
learned DNs/ephones into running config)• In general, you will want to use srst mode auto-
provision none to always use dynamic provisioning
52© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
CME-SRST Fallback Steps (1)
1) WAN connectivity to CCM is lost2) IP phones re-register to CME ip address specified in
SRST Reference3) CME will read IP phone mac-address, DN and speed-dial
settings from IP phone flash4) If the DN number of CCM phone matches the number set
on a preconfigured ephone-dn, the IP phone will assign the preconfigured ephone-dn to itself
1000
ephone-dn 1 number 1000
2000
ephone-dn 2 number 2000
53© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
CME-SRST Fallback Steps (2)
1) If the DN number of CCM phone does not match the number set on a preconfigured ephone-dn, CME will create an ephone-dn that matches the IP phone’s extension, with the SRST ephone-dn-template applied
2) The IP phone will register with the auto-provisioned ephone-dn with SRST ephone-template applied
3) If auto-provision none is configured, none of the auto-provisioned ephone or ephone-dn configs are written to running-configIf the IP phone is replaced and MAC address changes, no configuration change is required on CME
54© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Provisioning CME-SRST Fallback
1) Configure and register IP phones to CCM2) Configure CME address as SRST Reference on CCM3) Enable SRST mode on CME with auto-provision none4) Define SRST ephone-template for shared softkey ordering,
speed-dial, fastdials and transfer-blocking5) Define SRST ephone-dn-template for call-forward, pickup-groups6) Configure Per-phone ephone-dns, these DNs should match the
numbering plans configured on your CCM phones7) Configure ephone-hunt. You must have ephone-dns configured
before setting up ephone-hunt8) Configure system ephone-dns: Call park, MWI, etc.9) Save config• Once you are done with these steps, you do not have to
modify CME settings unless your CCM dialplan changes
55© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
CME 4.0 Platform Density
288962851
120242801
7202403845
5001683825
Max. DN
500
500
288144144
120
Max. SCCP + SIP phone
192
144
724836
24
3745
Platform
3725
26912821, 265xXM
2811, 2600XM, 262xXM
1751, 1760
56© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
SRST 4.0 Platform Density
800480CMM
384962851
120242801
96072038459603363825
Max. DN
960
576
288
192
144
120Max phones
480
144
72
48
36
24
3745
Platform
3725
2691
2821, 265xXM
2811, 261xXM, 262xXM
1751, 1760
57© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
CME 4.0: Remote Teleworker
58© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Remote Teleworker Requirements• Minimum bandwidth of
one T1 (1.536 Mbps) or E1 (2.048Mbps) of bandwidth at HQ CME site
• Minimum 128 Kbps upload bandwidth for each remote phone. Business class broadband recommended
• Maximum number of remote phones constrained by WAN bandwidth
• CUE, PSTN must be hosted on hub CME
• No SRST Support
IPsec Tunnels
87X
87X
87X
87X
Internet
PSTN
Data
Voice
LAN
CME
59© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Remote Teleworker : Background
• Prior to CME 4.0, there were issues with one-way audio for calls made to hub VM or PSTN by remote phones over direct IPsec tunnel.
• The workaround was using “loopback” interfaces and GRE tunnels.
• CME 4.0 solves this problem by sending the RTP (UDP) packets through the IOS IP switching engine, instead of encapsulating it and queuing it to the egress interface itself.
• The changes introduced by this feature makes CME behave the same way as Cisco VoIP (H.323 or SIP) gateway, in the sourcing of RTP packets for remote phones.
60© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Remote phones, no MTPCharacteristics• Media flow-around for spoke to spoke calls PSTN, VM access requires media flow-through to CME• All IP phones require routable address• UDP/TCP ports must be open between remote and LAN IP phones
Media(RTP)
Signaling (SCCP)87X
87XWAN
CMEephone 1
ephone 2VM
PSTN
61© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Remote phones with MTPCharacteristics• All non-LAN calls flow-through CME source address• Only CME source address needs to be routable • Remote phones can use NATed addresses• UDP/TCP ports must be open between remote IP phones and CME source address
VM
Media(RTP)
Signaling (SCCP)
ephone 1 mtp
ephone 2 mtp
CME source address on routable nework
fixup protocol skinny configured on PIXfor private address on remote LAN
87X
87XWAN
CME
PSTN
62© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Remote phone G.729
• With g.729 dspfarm-assist configured, DSPfarm will be used to transcode G.729 to G.711 for call-forward/transfer to CUE and 3-party conferencing
• If no DSP transcoding resources available, remote phones will use G.711
• ATA, VG224 do not support dspfarm-assist, will always use G.711 for CUE and 3-party conferencing
• Enter total number of remote phones in DSP calculator > Advanced Options > “G.711 to G.729a/ GSM-FR” field to calculate DSP resources required for transcoding:
http://www.cisco.com/cgi-bin/Support/DSP/cisco_prodsel.pl
63© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Recommended Design for Remote phones over IPsec•IPsec tunnel between CME and 87X/PIX (Recommended for QoS, VPN acceleration)
• IPSec pass-through through 3rd party router with Cisco VPN concentrator at head-end and Cisco VPN Client + CIPC at Remote site
87X/PIXWAN
Linksys router
CME/VPN server Cisco VPN client w/IPC
IPsec tunnel
64© 2005 Cisco Systems, Inc. All rights reserved.9-13-2006 Cisco Confidential
CME Security Considerations
65© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
CME/Cisco IOS Firewall with H.323
• CBAC inspects H.323 connections initiated from CME/firewall• ACL on CME/firewall allows H.323 call control traffic on TCP
port 1720• Inspection of CME/Firewall initiated traffic enables dynamic opening of
pinholes on the interface ACL to allow return traffic for dynamically negotiated call control and RTP ports
SCCP phone
Private
Public
SIP phone
Private
NYC SJC
H.323 Trunk
SCCP Port Access Restricted to LAN IP Address Space
ACL Allows Inbound/Outbound H.323
Packets on CME Source IP Address, TCP Port 1720
SIP Port Access Restricted to LAN IP Address Space
66© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
CME/Cisco IOS Firewall with SIP
• CBAC on external firewall inspects CME initiated SIP connections• ACL on firewall allows SIP call control traffic on TCP port 5060• External firewall inspects CME initiated traffic, dynamically opening pinholes on
the firewall ACL to allow return traffic for dynamically negotiated call control and RTP ports
• Inspection of SIP and SCCP for co-resident CME and firewall will be supported in Q1 CY’07
SCCP phone
Private
PublicSIP phone
Private
NYC SJCFW FW
Public Address Translated by Firewall to Private CME
Source Address
Public Address Translated by Firewall to Private CME
Source Address
ACL Allows Inbound/Outbound SIP
Packets on TCP Port 5060
SIP Trunk
67© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
SJCNYCH.323/SIP Trunk
CME Site-to-Site VPN
• All SIP/H.323 call control and RTP media can be encrypted over IPsec tunnel established between CME/VPN routers
• CME 3.X and below requires GRE. CME 4.0 and above does not require GRE, supports dynamic, static crypto, EZ-VPN, DMVPN.
• Recommended design for remote SCCP phones
SCCP phone
Private
Public
SIP phone
Private
CME Source Address Uses Loopback Routable Over
IPsec Tunnel
CME Source Address Uses Loopback Routable
over IPsec TunnelIPsec Tunnel Established Between
Public Address on CME/VPN Server
IPsec tunnel
68© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
CME Security Toolbox
• COR (Class of Restriction)
• After-hours call blocking
• Forced authorization code
• Direct inward dial
Toll Restriction• Transfer-pattern
• Transfer max-length
• Softkey template
• Call-forward max-length
• Disable call-forward local
• Disable directed pickup
Features Restriction
• TACACS/radius authentication
• SSH/HTTPS secure access
Administrative Restriction• Customized GUI access
• Disable auto-registration
69© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Toll Restriction: After-Hours block
• After-hours block globally defines specific blocks patterns that cannot be dialed during non-business hours
• Maximum of 32 block patterns can be defined per system• Block pattern with 7–24 always blocked for all phones• When stop time is earlier than start time, the stop time is in the next day of the week; i.e.
Sat 13:00 9:00 sets non-business hours from Saturday, 13:00 to Sunday, 9:00AM
telephony-serviceafter-hours block pattern 1 91after-hours block pattern 2 91900 7-24after-hours day sun 9:00 8:00after-hours day mon 19:00 8:00after-hours day tue 19:00 8:00after-hours day wed 19:00 8:00after-hours day thu 19:00 8:00after-hours day fri 19:00 10:00after-hours day sat 13:00 9:00
Numbers Starting with 91 Blocked During Non-Business Hours
Numbers Starting with 91900 Always Blocked, 24–7
Business Hours Set to 8:00–19:00 Monday–Friday, 10–13:00 Saturday, Closed Sunday
70© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Toll Restriction: After-Hours Exemption
• After-hour exempt will exempt IP phone from all after-hours blocking • After-hours PIN over-ride will suspend after-hours block when user enters four to eightdigit PIN;
block pattern with 7–24 suffix will still be enforced even after PIN entry• After-hours suspension in effect until login timeout expires• PIN is defined per IP phone
telephony-service after-hours block pattern 1 91 after-hours block pattern 2 91900 7-24 login timeout 10 ! ephone 1 ! ephone 2 after-hour exempt ! ephone 3 pin 1234
Numbers Starting with 91 or 91900 Blocked
ephone 1
STOP
ephone 2
No Numbers Blocked
ephone 3
After PIN Entry: Only Numbers Starting with 91900 are
BlockedSTOP
71© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Toll Restriction: Class of Restriction (COR)
• COR denies or allow calls based on group membership. These groups are called COR lists• An ephone-dn or dial-peer can become a member of a single COR list• Ephone-dn and dial-peer that are not members of COR lists are exempt from COR rules
Dial-peer cor custom name 911 name 408!Dial-peer cor list call911 Member 911!Dial-peer cor list call408 Member 408!Dial-peer cor list Lobby Member 911!Dial-peer cor list Office Member 408 Member 911
Define Outbound COR Lists and Add COR Members
Define Inbound COR Lists and Add COR Members
Define COR Names, Maximum 64 Allowed
72© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Toll Restriction:Class of Restriction Logic (1)
Incoming COR List
Outgoing COR List
Outgoing Dial-peer
PSTN/VOIP
Call Allowed: Member 911 Matches for Incoming and Outgoing COR List
Call Blocked: No Member Match for Incoming and Outgoing COR
ListSTOP
Call Allowed: Member 911 and 408 Match for Incoming and Outgoing COR List
IncomingEphone-dn
ephone-dn 1ephone-dn 1 number 1111number 1111 cor incoming Lobbycor incoming Lobby
dial-peer cor list Lobbydial-peer cor list Lobbymember 911member 911
Dial-peer cor list call911Dial-peer cor list call911 member 911member 911
dial-peer 1 voice potsdial-peer 1 voice pots corlist outgoing call911corlist outgoing call911 destination-pattern 9911destination-pattern 9911 port 1/0/0port 1/0/0
dial-peer 2 voice potsdial-peer 2 voice pots corlist outgoing call408corlist outgoing call408 destination-pattern 408…….destination-pattern 408……. port 1/0/0port 1/0/0
Dial-peer cor list call408Dial-peer cor list call408 member 408member 408
dial-peer cor list Officedial-peer cor list Officemember 911member 911member 408member 408
ephone-dn 2ephone-dn 2 number 2222number 2222 cor incoming Officecor incoming Office
73© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Toll Restriction: Class of Restriction Logic (2)
Incoming COR List
IncomingEphone-dn Outgoing
COR ListOutgoing Dial-peer
Call Allowed: Dial-peers with No COR List Applied Accepts all Calls
Call Allowed: Ephone-dn with No COR List Applied Can Make Calls to any dial-peer
Call Blocked: No Member Match for Incoming and
Outgoing COR List
STOP
PSTN/VOIP
NO COR LISTNO COR LIST
Dial-peer cor list call845Dial-peer cor list call845 member 845member 845
dial-peer voice 4 potsdial-peer voice 4 pots destination-pattern 408…….destination-pattern 408……. port 1/0/0port 1/0/0
NO COR LISTNO COR LIST
dial-peer cor list Officedial-peer cor list Officemember 911member 911member 408member 408
ephone-dn 3ephone-dn 3number 3333number 3333
ephone-dn 2ephone-dn 2 number 2222number 2222 cor incoming Officecor incoming Office
dial-peer voice 3 potsdial-peer voice 3 pots corlist outgoing call845corlist outgoing call845 destination-pattern 845…….destination-pattern 845……. port 1/0/0port 1/0/0
74© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Toll Restriction: COR vs. After-Block
COR After-Hours Block
Pros• Multiple COR groups can be defined
• Can be applied to non-sccp devices such as analog phones fax machines and CUE
Cons• Settings must be applied per DN
• Provisioning on CLI only
• No time-of-day or PIN override
Pros• Provisioning is simple, settings applied per
phone
• Can be provisioned on GUI
• Rules can be selectively enforced according to time-of-day or PIN override
Cons• All phones must follow single global set of
rules
• Supported on SCCP and SIP phones only
75© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Securing CUE: Message Notification
• System-wide settings to determine valid numeric destinations• Checked when numeric destination
is enteredAlready configured numbers are not checkedwhen the rules are altered
• Min/Max digits allowed: 1–30• Up to ten rules or call patterns
Rules can contain wildcards* matches zero or more digits. matches one digit (single digit placeholder)
Each rule: allowed or deniedRules are searched sequentially until a matchis found, then exit
• Default: all numbers allowed
*Call Pattern
YesAllowed
Yes*No91……..
9011*Call Pattern
NoAllowed
Yes*No91408…….Yes91408555121
2
9011*Call Pattern
NoAllowed
76© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Call Forward Restriction: Call-Forward Max-Length
• Call-forward max-length restricts maximum number of digits that can be entered for call forward destination with CfwdAll softkey on a per DN basis
• Max-length for ephone-dn assigned to button 1 will be enforced when pressing CfwdAll softkey while onhook or by lifting handset
• Max-length for ephone-dn assigned to other buttons only enforced when specific button is selected; if button 2 is selected and CwdFall softkey is pressed, max-length for ephone-dn assigned to button 2 is enforced
• Call forward max-length is not enforced for destinations entered in GUI or CLI
Button 1: Forward to 1002 Allowed
Button 1: Forward to 5551212 Blocked
Button 2: Forward to 5551212 Allowed
STOP
Button 2: Forward to 19103335555 Blocked STOP
ephone-dn 1 number 1000 call-forward max-length 4!ephone-dn 2 number 1001 call-forward max-length 7!ephone 1 button 1:1 2:2
77© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Call Forward Restriction: No Forward Local-Calls
• No forward local-calls introduced in CME 4.0, will block call-forwarding of incoming calls from local CME IP phones
• Set on a per ephone-dn basis• All other incoming calls will
obey ephone-dn call-forward settings
Call Forward Not Enforced
PSTN
1000
Call Forwarded to 2000
ephone-dn 1number 1000call-forward busy 2000 call-forward noan 2000 timeout 10no forward local-calls!ephone 1 button 1:1
78© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Call Transfer Restriction: Transfer-Pattern
• Call transfer to POTS or VoIP destination that does not match the transfer-pattern is blocked; this includes “local” destinations such as CUE and B-ACD
• One transfer-pattern is allowed per system and is enforced on all phones• By default, no transfer-pattern is set, so all call transfers to POTS or VoIP destinations are
blocked• transfer-pattern still allows transfers to ephone-dn and ephone-hunt numbers defined on local
CME• Transfer-pattern .T will allow call transfers to any destination
Transfer to 4085551212 allowed
Transfer to 9102223333 blocked
Transfer to 12345 allowed
PSTNSTOP
12345
telephony-servicetransfer-pattern 408555….
79© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Call Transfer Restriction: Transfer-Pattern Blocked
• transfer-pattern blocked introduced in CME 4.0 over-rides transfer-pattern and disables call transfer to POTS or VoIP destination
• transfer-pattern blocked still allows transfers to ephone-dn and ephone-hunt numbers defined on local CME
• Can be applied on ephone or ephone-template
Ephone 1: Transfer to 5551212 allowed
Ephone 2: Transfer to 5551212 blocked
Ephone 2: Transfer to 12345 allowed
PSTNSTOP
12345
telephony-servicetransfer-pattern .T!ephone-template 1transfer-pattern blocked!ephone 1!ephone 2ephone-template1
80© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Call Transfer Restriction: Transfer-Pattern Max-Length
• transfer-pattern max-length introduced in CME 4.0 overrides transfer-pattern and enforces maximum digits you are allowed to enter for transfer destination on a per phone basis
• Can only be applied on ephone-template• Max-length not enforced for ephone-dn or ephone-hunt numbers on
local CME
Ephone 1: Transfer to 9911 allowed
PSTNSTOP
Ephone 1: Transfer to 12345 allowed
12345
Ephone 1: Transfer to 5551212 blocked
telephony-servicetransfer-pattern .T!ephone-template 1transfer-pattern max-length 4!ephone 1ephone-template1
81© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
ephone-template 1 softkeys idle Redial Dnd Pickup Login Gpickup softkeys seized Pickup Redial Endcall Gpickup!ephone 1ephone-template 1
Features Restriction:Softkey Templates
• Ephone-template can be used to disable access to features by removing softkeys
• Supported on all phones with LCD display
• Template can include softkey settings for: alerting, connected, idle and seized states
• CME 3.x supports max 5 templates, CME 4.0 supports max 20 templates per system
Idle
Seized
Prevent Call Forward by Removing CFwdAll Softkey
from IP Phone User Interface
82© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Features Restriction:Feature Access Code (FAC) Blocking
• CME 4.0 adds feature access codes (FAC), which allow endpoints such as VG224 to enter * or # codes to invoke features
• Set features blocked under ephone-template to block specific phones from being able to use FAC
telephony-service fac custom callfwd all *3!ephone-template 1 features blocked CFwdAll!ephone 1 button 1:1!ephone 2 ephone-template 1 button 1:2
CME VG224
ephone 2
ephone 1Enter Dial *3 + Fwd
Destination to Set Call Forward All
Dial *3 Does Nothing
83© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Features Restriction:Disable Directed Pickup
• Directed call pickup allows any call on local CME to be picked up by pressing pickup softkey followed by ringing extension
• no service directed-pickup, introduced in CME 4.0 disables directed call pickup globally; group call-pickup is not blocked.
• Pressing pickup softkey executes local group pickup; emulates CCM behavior
telephony-serviceno service directed-pickup !ephone-dn 1number 123pickup-group 1!ephone-dn 2number 130!ephone-dn 1number 124pickup-group 1
123
130
124
Pickup softkey + 123 blocked
Pickup softkey does local group pickup
Ringing
STOP
84© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Toll Restriction: Inbound Call Best Practices
• By default, incoming calls to a CME voice port presents incoming caller with secondary dial-tone; this allows the incoming caller to dial any number defined on CME, including long distance and international numbers; very dangerous
• PLAR to an AA or attendant phone if your telco does not present DID• Enable direct-inward-dial and translate to match internal dial-plan if telco presents DID
Default: Incoming Call Receives Secondary Dialtone
Attendant
CUE AAPLAR or DID Enabled: Call is Routed to Internal party
International CallsIncoming Caller can Reach Any Number
Defined on CME
85© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
“You Have Reached an Invalid Extension.
This Call Will Be Disconnected”
Toll Restriction:DID Translation Script
• TCL Script adds a prefix from 1–99 to any incoming DID
• If prefix + DID matches CME numbering plan, call is routed to new destination; if there is no match, script plays invalid number prompt and disconnects call
Incoming DID Call to 30
Script Appends Prefix 1 to DID
Match
No Match
DID Script
TCL130
STOP
86© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Securing CUE: AA PSTN Access
• CUE system AA script contains a variable to allow/deny PSTN access from the AA
• Recommendation: Build a similar capability in any custom AA scripts used on CUE
If PSTN access from the AA is required, limit the numbers (or range of numbers) that are considered valid by the script
Allow/Deny PSTN Transfers Out of the AA
87© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Disable Auto-Registration
• With CME 4.0, no auto-reg-ephone will reject registration attempts by IP phones with MAC address that are not provisioned in CME
• show ephone attempted-registrations will show MAC address, phone type and datestamp for failed registration attempts
• Disabling auto registration will disable GUI ephone provisioning and CME SRST Fallback
• With CME 3.x and below, provision ephones before configuring ip source address to workaround auto-registration behavior
STOP telephony-service ip source address 10.1.1.1 no auto-reg-ephone!ephone 1 mac-address AAAA.BBBB.CCCC button 1:1
AAAA.BBBB.CCCC
BBBB.AAAA.DDDD
REJECT:mac-address Not Provisioned in CME
88© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Secure CME
1. IP phone downloads CTL file generated by CTL client; after CTL files is validated, IP phone downloads signed config, locale and firmware files
2. IP phone initiates TLS session on port 3804 to CAPF server specified in config file
3. IP phone user enters password to authenticate to CAPF; after password is validated, CAPF enrolls certificate request to CA and provides certificate to IP phone
4. IP phone stores certificate and establishes TLS session on port 2443 to register to CME
fCME CAPF
CTL Client
Certificate Authority
IP Phone
SSL/TLS
TFTP
Cisco IOS PKI
TLSTLS
1.TFTP
2.
3.
4.
Cisco IOS
89© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
AAA Model for CCME
• If AAA for administration of Cisco IOS-based equipment is already in use, it should be leveraged for CCME
Use CiscoSecure ACS and TACACS+ or some other off-box mechanism
• AuthenticationFollow corporate standards
• AuthorizationCCME administrators only should be allowed access to options under global config such as dial-peers, ephones, ephone-dns, telephony-service, etc.
Show commands and other exec level instructions can be restricted as desired
• Accounting Command level accounting should be enabled as appropriate to at least monitor config changes within CCME
90© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
HTTPS and SSH Secure Access
• SSH encrypts user logon data when accessing CME CLI• HTTPS encrypts user logon data when accessing
CME GUI• SSH included in all Cisco IOS images in 12.4• HTTPS require K9 image to provision• HTTPS and HTTP can run concurrently• IP phones do not support HTTPS; if HTTP is disabled on CME, the
following phone features may cease to function:
Local directoryXML speed dialCUE GUI
91© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
TACACS/Radius Authentication forCME GUI/CLI
• CME GUI and CLI administrative access can be authenticated to external TACACS/Radius server
• CLI access can be limited to specific commands based on privilege level, level 15 gives you full access
• Only CME GUI admin can be authenticated by TACACS/Radius. End user GUI accounts must be local
• Not supported in CUE GUI
TACACS/RADIUS server
Authenticate username/password
telnet/SSH
HTTP/HTTPS
92© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
CME 4.0: Video
93© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
CME Video Call Flows
PSTN
ACCM
VideoVideoVoiceVoice
• Supported Video Call Flows: CME SCCP CME Local SCCPCME SCCP CME Remote SCCPCME SCCP H.323 VideoCME SCCP H.323 CCM SCCP Video
IPH.323
H.323
CVTA
H323 Video EP
CVTA
94© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
2 PC initiates CAST messages to phone over TCP/IP. CAST packets are routed up to layer-3 boundary between VLANs. Firewalls and/or ACLs must permit TCP port 4224
3 Phone acts as SCCP proxy between VT Advantage and CCME. CCME tells phone to open video channels per call. Phone proxies those messages to PC via CAST protocol
4 Phone sends/receives audio. PC sends/receives video on RTP port 5445. Audio and video marked DSCP AF41. Switch port must be set to trust DSCP (or use an ACL) instead of trust COS or else VT Advantage packets will be rewritten to DSCP 0
SCCP EndpointsHow VT Advantage Works
PC VLAN = 10 Phone VLAN = 110
IP
VT Advantage 171.70.10.100
IP Phone: 10.70.110.100802.1Q/p
1 Phone and PC exchange CDP. Phone begins listening for CAST messages on TCP port 4224 from IP address of CDP neighbor
CDP
““CAST: : Open video channel”
“CAST: I want to associate with you”
“SCCP: Open video channel”
Video packets
Audio packets
IP S iS i
CCME
95© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
CME VTA Support
• Supported on 7960/40, 7941/61, 7970/71 firmware version 7.x and above. 7985 NOT supported
• Video-Capabilities enabled per phone in CME 4.0 CLI
• VT Advantage automatically “associates” with IP Phone. All dialing and supplementary services done through phone
• CDP installed on PC Ethernet NIC. Must be physically connected to PC port on back of IP Phone (e.g. no wireless, no associating from a different network jack)
• Cisco USB Camera required (e.g. No 3rd-party cameras)
• Codecs supported:H.263, H.261, G.729, and G.711
telephony-service video maximum bit-rate 384 service phone videoCapability 1!ephone 1 video Case-Sensitive!
96© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
SRST Video Support
CVTA Supported with SRST 4.0, 12.4(4)XC
call-manager-fallbackvideomaximum bit-rate 384max-conferences 16 gain -6transfer-system full-consultip source-address 20.1.1.1 port 2000max-ephones 52max-dn 110
97© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
CME Video Fall Back to Audio Scenarios
• Call between Video-capable EP and Audio-only EP• Video-capable EPs have mismatch Video codec or
formats• System Video Minimum Video Bit-rate not met (e.g.
max-bit-rate < 64 kbps)• Call transfer or forward to Audio-only EPs• Initiate Conference between 3 video-capable EPs
- RTP stream are mixed by CME, fall back to Audio
98© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
CME Video over H323
• H323 Slow Start only • H.450 Call Transfer and Forward only• H.323 to H.323 Hairpin not supported• All RTP streams (audio + video) flow-through
CMEs, not like skinny skinny flow-around
99© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
CME/SRST IP Phone Decoder Ring
No
No
H.323
SCCP
SCCP
SCCP
SCCP
SCCP/SIP
SCCP/SIP (7911 not tested)
SCCP/SIP
SCCP/SIP
SRST
3.4 – 12.4(6)T
Golden Brdg
SRST Voice OnlyNoNoNo7985
SCCPNoNoCIPC 2.0 OnlyCIPC 2.0 & VTA 1.0
SCCP/H.323H.323H.323H.323ATA Fax
SCCP/SIPSCCPSCCP/SIPSCCPATA Voice
SCCP*SCCPSCCPSCCP7914
SCCPSCCPSCCPSCCP7936
SCCPSCCPSCCPSCCP7920
SCCP/SIPSCCP/SIPSCCP/SIPSCCP7905/12
SCCP (SIP SRST Only)
SIP SRST OnlyNoSCCP(SRST only)
7941/61/11
SCCP/SIPSCCP/SIPSCCP/SIPSCCP7960/40
SCCPSCCPSCCPSCCP7970/7971
CME/SRST
4.0 – 12.4(4)XC
SRST
3.4 – 12.4(4)T
CME
3.4 – 12.4(4)T
CME/SRST
3.3 (12.4)
* 7961/70/71 support for 7914 added with CME 4.0
100© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
7941/61/11 Support
• Supported firmware files will be posted on CME 4.0 Spec sheet below:
http://www.cisco.com/en/US/products/sw/voicesw/ps4625/products_documentation_roadmap09186a0080189132.html
Beware of available flash!• 7941/61:5 files, 5MB• 7911:7 files, 5.5MB • 7970/71:5 files, 5MB • SDM: 7MB• CME(B-ACD/GUI/MoH):
2.5MB• IOS: 25 - 35MB
tftp-server flash:TERM41.DEFAULT.loads tftp-server flash:TERM61.DEFAULT.loads tftp-server flash:TERM41.x-x-x-xS.loads tftp-server flash:CVM41.x-x-x-xx.sbn tftp-server flash:Jar41.x-x-x-xx.sbn tftp-server flash:cnu41.x-x-x-xx.sbn ! tftp-server flash:TERM11.DEFAULT.loads tftp-server flash:SCCP11.x-x-x-xS.loads tftp-server flash:cnu11.x-x-x-xx.sbn tftp-server flash:dsp11.x-x-x-xx.sbn tftp-server flash:apps11.x-x-x-xxdev.sbn tftp-server flash:jar11.x-x-x-xx.sbn tftp-server flash:cvm11.x-x-x-xx.sbn !telephony-service load 7941GE TERM41.x-x-x-xS load 7941 TERM41.x-x-x-xS load 7961GE TERM41.x-x-x-xS load 7961 TERM41.x-x-x-xS load 7911 SCCP11.x-x-x-xS
101© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Quick Config Tool (QCT) v. 2.0Simplified CME Configuration
• QCT configures CME system in under 30 minutes without using IOS CLI.
• QCT v. 2.0 includes new features:
– BAT file input of users & extensions from MS Excel format.
– Configuration of separate VLANS for voice and data traffic
– Automated reset of CME & CUE to configurable factory default status
– Advanced T1 / E1 configuration parameters, including PSTN switch type.
• QCT v.1.0 has been downloaded almost 10,000 times since release in July, 2005
102© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Quick Config Tool (QCT)Improvements in Installation of CME and CUE— Saves You Time—Makes You Money!
“We were very happy to find the QCT application. We had a CME/CUE installation to be performed by a less-skilled engineer, which quite frankly made us a little nervous. We were very happy with the outcome; the engineer finished the job in a day, doubling the profit. We will definitely use this tool on future CME/CUE installs.”
--Cisco Partner, Computer Software Innovations (CSI)
00.5
11.5
22.5
33.5
44.5
5
InstallTime
(hours)
TACCalls
IOS CLIQCT
“We were impressed that QCT can build a PBX system with only two screens of data, while other products involve from 2 to 10 times as many setup screens to configure a new IP PBX system. This setup is faster and requires less telephony or data network expertise than virtually any other system in the SMB class that Miercom has previously tested.”
“We built the PBX configuration for our six phone system using QCT in about 20 minutes.”
“The QCT generated a configuration that would otherwise require over 300 command line entries.”
103© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Other Q and A
104© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Where to Find More Information
104
• IPC productswww.cisco.com/go/ccmecue (Cisco® CallManager Express and Cisco Unity® Express information)www.cisco.com/go/isr (integrated services platforms) www.cisco.com/en/US/products/hw/phones/index.html (Cisco IP Phones) www.cisco.com/en/US/products/hw/switches/ps646/index.html (switches)
• IPC service and support solutionswww.cisco.com/en/US/products/svcs/ps2961/ps2664/serv_group_home.html www.cisco.com/en/US/products/svcs/ps11/ps2445/ps3040/serv_home.html
• IPC technology and services specializationswww.cisco.com/go/specialization
• Financingwww.cisco.com/go/ciscocapital
105© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Resources
• General Cisco ISR Information:www.cisco.com/go/isr
• Miercom and Current Analysis Reports:www.cisco.com/go/isr
• Cisco Unified Communications Datasheet:http://www.cisco.com/en/US/products/ps5855/products_data_sheet0900aecd80169812.html
• CallManager Express: www.cisco.com/go/ccme
• Cisco Unity Express: www.cisco.com/go/cue
• Voice Gateways: http://www.cisco.com/en/US/products/ps5855/products_data_sheet09186a0080182d38.html
106© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
1© 2005 Cisco Systems, Inc. All rights reserved.9-13-2006 Cisco Confidential
Cisco Call Manager ExpressFeatures and Design
Greg LandersUnified Communnications System EngineerCisco [email protected]
Colorado Springs Cisco Users Group
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
2
2© 2005 Cisco Sy stems, Inc. All rights reserv ed.Session NumberPresentation_ID Cisco Confidential
AGENDA• Open Format – Casual• What is Unified Call Manager Express• What is Unity Express• Design Considerations
RedundancyCall Adminission Control
• UCME as SRST for Unified Call Manager• Security considerations on UCME• Remote Teleworker
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
3
3© 2005 Cisco Sy stems, Inc. All rights reserv ed.Session NumberPresentation_ID Cisco Confidential
Cisco Unified Communications Portfolio
Number of Users per System0 25 500 2500+100 200
Hybrid / PBX
KSU
Small PBX
Centrex
Prod
uctiv
ity B
enef
itsVo
ice
Feat
ure
Focu
s
Cisco CallManager Express - Robust IP Telephony, and much more – Office Communications for the Small Office
Cisco Unified CallManager
High End PBXCisco Unified CallManager
Express
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
4
4© 2005 Cisco Sy stems, Inc. All rights reserv ed.Session NumberPresentation_ID Cisco Confidential
Cisco CallManager Express / Unity Express Router Portfolio
2811261xXM262xXM
• Extended modular connectivity (EVM, NM, AIM, WIC/VIC)
• Modularity with performance optimized for “all-in-one” solution (HSDM, NM, EVM, AIM, WIC/VIC)
Con
curr
ent S
ervi
ces
and
Perf
orm
ance
Small Office Enterprise Branch OfficeSmall Branch
• Modular connectivity (WIC/VIC)
2801
1751/1760
24 Phones
36 Phones
48 Phones
37253745
285128212651
96 Phones
38253845
144/192 Phones
168/240 Phones
• Local Auto Attendant and Voice Mail system with 12-100 mailboxes, 4-8 sessions, 100 hours of storage
Multiple Services
Low-Density Services
High-Density Services
Cisco Unity Express
3845 Integrated Service Router (ISR)
Supports 240 Phones
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
5
5© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
FEATURES
Cisco IP Phone 7905G andCisco IP Phone 7905G andCisco IP Phone 7912GCisco IP Phone 7912G
• Basic Business Phone • Pixel Display• Single Line • Four Dynamic “Soft Keys”• Cisco IP Phone 7912G has
Integrated Ethernet Switch
Cisco IP Phone 7940/41G/7960/61GCisco IP Phone 7940/41G/7960/61G• Ideal Knowledge Worker Phone• Large Pixel Display with Two Lines • Four Dynamic “Soft Keys” • Built-in Headset Port • High-quality Speaker Phone• Integrated Ethernet Switch
Cisco ATA 186/188Cisco ATA 186/188• 2 FXS Ports• 1 RJ-45 10BaseT uplink (Cisco 186 ATA)• 1 RJ-45 10/100BaseT data port
(Cisco ATA 188)
Cisco IP Phone 7911G+SWCisco IP Phone 7911G+SW •Entry Level Phone•Character Display•Single Line•Six Configurable Features•Cisco IP Phone 7910+SW has Integrated Ethernet Switch
Unified CallManager Express Phone Portfolio: IP Phones and Analog Adaptors
Cisco IP Phone 7902GCisco IP Phone 7902G• Entry-level Business Phone• Single Line • Fixed Features
Cisco IP Phone 7970/71GCisco IP Phone 7970/71G • Executive Business Phone• Color Display with Touchscreen• Large Pixel Display with Eight
Lines• Five Dynamic “Soft Keys” • High-quality Speaker Phone• Integrated Ethernet Switch
Cisco Wireless IP Cisco Wireless IP Phone 7920Phone 7920• 802.11b wireless IP phone• 6 extensions / speed dials • Standard and Extended Li-ion
Batteries
Cisco IP Conference Cisco IP Conference Station 7936Station 7936
• High-quality speaker• Hands-free Conference Phone• Three Dynamic “Soft Keys”
Cisco IP Expansion Module 7914• Attendant Console Solution• Up to 34 possible buttons• Monitor, Manage, & Cover calls
Cisco IP CommunicatorCisco IP Communicator• PC based “soft phone”• Emulates Cisco 7961
• The Cisco 7910G and 7910G+SW are basic telephones primarily for common-use areas that require only basic features, such as lobbies, break rooms, and hallways.
• The Cisco IP Phone 7940G is a second-generation, full-featured IP phone for low to medium traffic users who require a minimum of directory numbers. It provides two programmable line/feature buttons capable of four simultaneous calls and four interactive soft keys that guide a user through call features and functions.
• The Cisco IP Phone 7960G is a second-generation, full-featured IP phone primarily for manager and executive needs. It provides six programmable line/feature buttons and four interactive soft keys that guide a user through call features and functions. The Cisco IP Phone 7960G also features a large, pixel-based LCD display. The display provides features such as date and time, calling party name, calling party number, and digits dialed. The graphic capability of the display allows for the inclusion of present and future features.
• The Cisco IP Conference Station 7935 couples state-of-the-art conference room speaker-phone technologies from Polycom with the Cisco award-winning AVVID-voice communication technologies. The net result is a conference room phone that offers superior voice and microphone quality, with simplified wiring and administrative cost benefits which are derived when converging voice, video, and data across a common IP infrastructure.
• The Cisco IP Conference Station 7935 voice instrument is a full-featured, IP-based, full-duplex hands-free conference station for use on desktops and offices, and in small to medium-sized conference rooms. This device easily attaches to a Catalyst® 10/100 Ethernet switch port with a simple RJ-45 connection, and dynamically configures itself to the IP network via the Dynamic Host Control Protocol (DHCP). Other than connecting the Cisco 7935 to an Ethernet switch port, no other administration is necessary. The Cisco 7935 dynamically registers to the Cisco CallManager for connection services and receives the appropriate endpoint phone number, and any software enhancements or personalized settings, which are pre-loaded within Cisco CallManager.
• The Cisco ATA 186 Analog Telephone Adaptor is a handset-to-Ethernet adaptor that interfaces regular analog telephones with IP-based telephony networks. The adaptor turns traditional telephones into IP telephones, and thus takes advantage of many new and exciting IP telephony applications.
• Call coverage is a critical capability for administrative assistants and others who must monitor, manage, and cover the various status of calls. This requires the ability to instantly determine the status of a number of lines beyond the six-line capability of the Cisco IP Phone 7960.
• The Cisco IP Phone Expansion Module 7914 extends the capabilities of the Cisco IP Phone 7960 with additional buttons and an LCD display. With this expansion module, you add 14 buttons to the existing six buttons of the Cisco IP Phone 7960, increasing the total number of buttons to 20 with one module or 34 when you add two Cisco 7914 Expansion Modules. You can use up to two Cisco 7914 Expansion Modules with a Cisco IP Phone 7960 (Figure 1).
• The Cisco IP Phones are standards-based communication devices that deliver true next-generation voice-over-IP (VoIP) terminals to businesses worldwide.
• The newest member of the family, the Cisco IP Phone 7905, is a full-featured IP telephone primarily designed as an entry-level device to fulfill business requirements for cost-effective IP telephony. It is specifically suited for enterprise and service provider applications, including the following end-user environments: enterprises, small and medium-sized businesses (SMB), small offices, home offices (SOHO), and
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
6
6© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
UNIFIED COMMUNICATION EXPRESS:
CallManager Express v 4.0
666
• Hopefully the majority of you are already familiar with or have heard of the new Cisco Integrated Services Routers that were introduced last fall.
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
7
7© 2005 Cisco Sy stems, Inc. All rights reserv ed.Session NumberPresentation_ID Cisco Confidential
Cisco CallManager Express—What is it? Key Benefits:• Cost-effective—
Specifically designed for the SMB or branch office
• Application integration Leveraging Desktop and
CRM solutions • Network Integration Secure voice, video and
data convergence • Investment protection Solution grows with you• Breadth of Solution Deployment and
Endpoint choices• Feature velocity Continued Investment
equals continual research and design
• Configurable IP PBX or IP Key System functionality for 240 station market
• Full Featured Solution that meets the Needs of the Small Business, Branch Office, or Service Provider Managed Service solution
• Provides Robust Networking Across Sites 5 digit dial, VM Networking
• Voicemail, Integrated and Unified Messaging Options
• Integrated Video Communications
• Intuitive / Easy to use GUI for day two system administration
• Centralized Management for Multi-Site Scenarios options
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
8
8© 2005 Cisco Sy stems, Inc. All rights reserv ed.Session NumberPresentation_ID Cisco Confidential
Cisco CallManager Express Key Call Control Features
• Support for Either PBX or Key System Functionality• Legacy Telephony Features:
Call Transfer, Paging, Intercom, Call Coverage
Call Park, MOH, Night Bell
Hunt Groups, Basic ACD and Reporting Ad Hoc & “Meet Me” conferencing
DID / Operator Console
• Converged IP Communications Features:Video Telephony
Wireless (802.11) Integration
Soft Phone support
Desk Top Integration
SIP Support
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
9
9© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Cisco CallManager Express Version 4.0Enhancements to Legacy Telephony Features
• ACD, AA & Hunt Group Enhancements– Dynamic registration with Huntgroups– Huntgroup logon / logoff (normal calls still allowed)– Improved waiting call notification– Enhanced B-ACD Reporting in EXCEL Format
• Conferencing Enhancements– Retain conference call when conference initiator drops
• Call Forwarding, Park, Transfer Enhancements
– Night Service Call Forwarding– Park Call Recall– Dedicated Park Slot per extension– Call Transfer blocking
• Enhanced Phone Features– Headset Auto Answer– Distinctive Ring Patterns for Internal or External Calls
• Integration with Legacy PBXSupport for QSIG protocols to communicate with TDM-
based PBX’sCallManager Express
New
IP C
all C
ontro
l
• Today we support 120 mailboxes, new sizing provides parity with CME• Desktop integration means Voice messages appear and can be
managed with an IMAP client such as Outlook• VM messages can also be forwarded to other devices for play• SIP enhancements: RFC2833, MWI in SRST mode, etc.• Support for CCM 5.0 and 4.2
• And Cisco Unity Express provides voicemail and automated attendant
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
10
10© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Cisco CallManager Express Version 4.0Enhancements for Converged IP Communications
• Remote Teleworker Support– IP Phone Registration across VPN connection
• Video Telephony & PC Soft TelephonySupport for Cisco VT Advantage for video telephonySupport for Cisco IP Communicator for soft phone
• SIP Trunking Enhancements Enhanced call control with SIP protocols to SIP trunk
• Survivable Remote Site Telephony featuresProvide backup call control in a branch office when part of
a centralized Cisco CallManager telephony network• New Phone Support
New 7941 and 7961 Display Phones
CallManager Express
New
IP C
all C
ontro
l
• Today we support 120 mailboxes, new sizing provides parity with CME• Desktop integration means Voice messages appear and can be
managed with an IMAP client such as Outlook• VM messages can also be forwarded to other devices for play• SIP enhancements: RFC2833, MWI in SRST mode, etc.• Support for CCM 5.0 and 4.2
• And Cisco Unity Express provides voicemail and automated attendant
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
11
11© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
CCME 4.0 New System Features
System Features:• Remote teleworker support• Dynamic failover to secondary CME• 10,000 number bulk speed-dial• Feature Access Code (FAC) support• QSIG supplementary feature support• ATA SCCP Fax Passthrough Support• Multiple user locales per system• User defined locales• Line selectable MWI• Revert to originator or alternate number after
call park timeout• Select last-redirect or originator as redirect
number for call-forward to VM• Dedicated call-park slot per phone• Conference last-party drop• Distinctive ringing based on called number
Call Center Features:• Audio and visual display of calls
in queue• Call-forward to alternate number during night-
service• Music on hold from live feed• Customizable message display when all hunt-
group agents logged out • DID Invalid extension system prompt • Disable call-forward for local calls• Block hunting for local calls• Headset auto-answer• Hunt-group automatic agent logout• Hunt-group dynamic membership• Hunt-group logout per extension• Selective call-forward based on DNIS • Timeouts per hunt-group member• Revert to originator after hunt timeout
111111
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
12
12© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Additional CCME 4.0 Enhancements
Phone Features:• Cisco IP Communicator support • Cisco 7911/7941/61 support• Cisco VT Advantage with video call support• Enhanced TAPI 2.0 Interface
Security Enhancements:• IP Phone authentication• Disable Auto Registration• CFwdAll, Confrn, GpickUp, Park, PickUp, and
Trnsfer feature blocking • Call transfer number length restriction • Disable directed call-pickup• Block PC port and setting button access • Restrict conference preservation to
local parties
Manageability Enhancements:• CCME MIB• CME Quick Configuration Tool 2.0• Enhanced CDR for tracking supplementary
features• External storage of configuration files and
phone firmware files• Replace mac-address without deleting ephone
configuration• Disable gatekeeper and SIP proxy registration
globally• Night-service parameter for weekdays,
weekends, or every day • Default changed to transfer-system
full-consult • Increase max ephone-templates to 20
121212
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
13
13© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Cisco Unified CRM Connector v3.0
• Increases employee productivity, efficiencies by:– Providing immediate information on inbound
and outbound calls– Enabling fast, easy “click to dial” from CRM
database records– Providing call duration tracking, information
capture and record creation• New features include:
– Support for Microsoft CRM 3.0– Support Cisco Unified CallManager Express
4.0, Cisco Unified CallManager 5.0 and Cisco Unified Contact Center Express 4.5
– IVR / digit collection via Cisco Unified Contact Center Express
– IP Phone Service to display results of a CRM Connector lookup
Integrates Cisco Unified CallManager Express, Unified CallManager and Unified Contact Center Express With Microsoft CRM Software
Cisco CRM Connector Lead: Ted Allen
Topic: Wants 200 UnitsCompany: XYZ CorporationRating: Hot
Job Title: Purchasing Manager
Customer Service Case: CAS-0014
SmartSimpleSecure
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
14
14© 2005 Cisco Sy stems, Inc. All rights reserv ed.Session NumberPresentation_ID Cisco Confidential
Supports click-to-dial feature from a Microsoft CRM contact record
Free CCO Download
Cisco CRM Communications Connector:Application Integration with Microsoft CRM
Opens contact record and creates new activity record as call arrivesCreates screen pops from click-to-dial calls and manually dialed outbound calls
Accurately tracks duration of phone call and associates with phone activity record
Captures incoming and outgoing call information, including calling number, called number, and call start and end times
Easily creates a new CRM record when new customer call arrives
• Screen pops
• Click to dial
• Call-duration tracking
• Call-information capture
•Customer-record creation
• Cisco CRM Communications Connector is a free application available to Cisco IPC Express Resellers as a way to integrate CME with Microsoft CRM application.
• The Communications Connector is designed to be installed in less then an hour in most cases and does not require any customization for most deployments.
• The application is a middleware application that resides between Microsoft TAPI integration with CME to pass calling party number (caller ID) from/to the CRM database.
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
15
15© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
UNIFIED COMMUNICATION EXPRESS:
Cisco Unity Express v 2.3
151515
• Hopefully the majority of you are already familiar with or have heard of the new Cisco Integrated Services Routers that were introduced last fall.
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
16
16© 2005 Cisco Sy stems, Inc. All rights reserv ed.Session NumberPresentation_ID Cisco Confidential
Cisco Unity Express—What is it? • Autoattendant and voice-mail system for the
small and medium office• Supports Cisco® CallManager or Cisco
CallManager Express deployment scenarios• Choice of Network Module or Advanced
Integration Module for complete flexibility• Supported on broad range of Cisco routers—
industry leading Cisco 2800 and 3800 series and widely deployed 2600XM and 3700 series
• 12 to 250 mailboxes, 4 to 16 ports• VPIM Networking with Cisco Unity® Express or
Cisco Unity • International language support• SNMP agent for remote monitoring, data
collection and trap management
Key Benefits:• Cost-effective—
Specifically designed for the SMB or branch office
• Application integration— Fewer devices to manage
• Intuitive user interface— Uses same menu and prompts as Cisco Unity
• Investment protection— Increase mailbox capacity via simple software upgrade
• Broad range of configurations and scale
• Feature velocity—High feature velocity to meet market and customer needs quickly
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
17
17© 2005 Cisco Sy stems, Inc. All rights reserv ed.Session NumberPresentation_ID Cisco Confidential
Cisco Unity Express Key Voice Mail Features
• Individual and General Delivery Voice Mailboxes Message Waiting IndicatorSave, delete, forward, reply, pause, fast forward, rewindTag messages as urgent or privateDistribution list and broadcast messagesAllocate mailbox capacity on per user basisRetrieve accidentally deleted messages from the
telephone user interfacePersonal Operator - “Zero-out” from voice mail to
alternate number definable on per user basis Undelete messages within the same sessionSpoken name confirmation for all local and many remote
recipientsOptional CLID for calls originated on local system or
PSTNMessage Notification configurable by User
• Network messaging with other Cisco Unity Express or Cisco Unity sites
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
18
18© 2005 Cisco Sy stems, Inc. All rights reserv ed.Session NumberPresentation_ID Cisco Confidential
Cisco Unity Express -Key Automated Attendant Features • Multiple automated attendants (up to 5)
per systemStandard dial-by-name, dial-by-extension auto-attendant is provided
• Cisco Unity Express EditorGraphical scripting tool creates customized automated attendant menu flowsSupports time-of-day, day-of-week routingUnlimited menu items and unlimited nesting
• Administration via telephonyRecord AA prompts from phone or computer Create and manage broadcast messagesRecord location names and spoken names for remote users
• Alternate or Emergency GreetingsHoliday schedules / CalendarBusiness Hours schedule Alerts for temporary emergency schedule changes (i.e. snow, earthquakes, etc.)
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
19
19© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Cisco Unity Express Version 2.3• New Desktop Applications
– IMAP Compliant E-mail Client Application Integration– “Browse” Voice Mailbox Using Cisco IP Phone
Display – VoiceView Express– New/Urgent Message Notification To Email, Text
Based E-page, Numeric Page, Phone
• Solution Scalability– New 150, 200, 250 Voice Mailbox
• Extensible, Open– SIP Enhancements– Five New Languages: Japanese, Mexican Spanish,
French Canadian, Chinese (Mandarin) And Korean– Internetworking with Cisco CallManager 4.1, 4.2 and
5.0
• Easy To Configure, Deploy, Manage– Remote Monitoring And Management With SNMP
Voic
emai
l
Cisco Unity Express
New
• Today we support 120 mailboxes, new sizing provides parity with CME• Desktop integration means Voice messages appear and can be
managed with an IMAP client such as Outlook• VM messages can also be forwarded to other devices for play• SIP enhancements: RFC2833, MWI in SRST mode, etc.• Support for CCM 5.0 and 4.2
• And Cisco Unity Express provides voicemail and automated attendant
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
20
20© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Cisco Unity Express Version 2.3 (FCS 2QCY06)
Easy, Affordable Voice Mail And Automated Attendant
• Capacity Enhancement New 150, 200, 250 Mailbox NM-CUE-EC Licences
• Desktop IntegrationIMAP Compliant E-mail Client Application IntegrationVM Messages Could Also Be Attached, Forwarded To Other
E-mail Services
• Visual Voice Mail Voice View Express Allows Subscriber To “Browse” Voice
Mailbox Using Cisco IP Phone Display
• Remote Notification Subscriber Service Notifies Arrival Of New/Urgent Messages
To Email, Text Based E-page, Numeric Page, Phone
• LocalizationJapanese, Mexican Spanish, French Canadian, Chinese
(Mandarin) and Korean
• SIP Enhancements
• And Cisco Unity Express provides voicemail and automated attendant
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
21
21© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
CUE 2.3 Feature Enhancements
System and Capacity Features:• 150, 200, 250 mailbox license levels on the NM-
CUE-EC• CCM connectivity to 4.2 and 5.0• Unity 4.05 TUI prompt parity• Localization—several more languages:
ItalianBrazilian PortugueseLatin American SpanishDanishBritish (UK) English
AA Features:• Re-recording of prompts• Alternate greeting enhancement• AA Script debugging• CME Script Control on Xfer• New editor steps
SIP Features:• Mailboxes for CME and CCM SIP phones• MWI updates in SRST mode• RFC2833 DTMF support
Voice Mail Features:• Integrated Messaging (IMAP-compliant
e-mail client application support)• VoiceView Express—visual access to voice mail• Message notification—outcalling• Future message delivery• Voice mailbox mask support for CCM• Local broadcast privilege• Mandatory message expiry• Original-called-number (OCN)/Last-redirect-
number (LRD)
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
22
22© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Cisco Unity Express Modules
• Voice message storage: 100 hours• Session/port capacity – 8 or 16 • Up to 250 mailboxes supported• Hard Drive – 20GB, 500 MHz
processor, 256MB/512MB DRAM
• Voice message storage: up to 14 hours beginning with release 2.0
• Session/port capacity 4 or 6 depending on router
• Up to 65 mailboxes supported• Industrial Grade Compact Flash –1 GB
beginning release 2.0 – 300 MHz processor, 256MB DRAM
NM-CUE or NM-CUE-EC AIM-CUE
• AIM-CUE---Resides directly on the motherboard• AIM-CUE---Frees network module slot for additional telephony, VPN, Security,
Switching or other services• AIM-CUE---Lowers entry-level system price• AIM-CUE ---2691 and 2600XM support 4 ports all other routers support 6 ports
beginning w/release 2.1 • NM-CUE-EC---Will support more than 100 mboxes in future release. NM-CUE will
not go above 120
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
23
23© 2005 Cisco Sy stems, Inc. All rights reserv ed.Session NumberPresentation_ID Cisco Confidential
Integrated Messaging for Improved Responsiveness, Productivity
Cisco Unity Express IMAP
TUI or Display
POP (.wav)
Desktop messages are accessible via:
IMAP enabled e-mail clients.wav attachments to e-mail (PDA, other e-mail accounts) Cisco IP Phone display using VoiceView Express
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
24
24© 2005 Cisco Sy stems, Inc. All rights reserv ed.Session NumberPresentation_ID Cisco Confidential
Cisco Unity Express:Integrated Messaging across different devices
Lotus Notes
Outlook
VoiceView Express
Voicemail TUI
Outlook Express
IMAP
IMAP
IMAP
SMTP
/PO
P
VoiceMail TUI or email notification
HTTP/XML
VoIP
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
25
25© 2005 Cisco Sy stems, Inc. All rights reserv ed.Session NumberPresentation_ID Cisco Confidential
Integrated Messaging Client View: Example
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
26
26© 2005 Cisco Sy stems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Integrated Messaging Operation• Integrated view of email and voice mail on the same
clientRetrieve, delete and change the state of voicemail messages through a standard IMAP-capable email clientIMAP enabled email clients.wav attachments to email
• IMAP4rev1 protocol – RFC3501Message store and MWI synchronizationAuthentication (client login) via SSL
• A single CUE “Inbox” folder on PC clientAll the messages (new, saved and deletedmessages) appear in the Inbox The appearance of messages are client-specific
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
27
27© 2005 Cisco Sy stems, Inc. All rights reserv ed.Session NumberPresentation_ID Cisco Confidential
VoiceView Express – Cisco Unity Express• Provides a visual interface into subscribers’ voice
mailbox to view and manage messages, mailbox settings and other message management tasks
• Allows access of voice messages based on their importance to the user, rather than based on their sequential chronologic order.
• Allows users to sort the saved messages based on date and time, caller or sender name/number, or priority
• Provides customization of personal voice mail box settings via phone display
Home Page
List of Voice MessagesVoice Mail SortDetailed envelope
information
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
28
28© 2005 Cisco Sy stems, Inc. All rights reserv ed.Session NumberPresentation_ID Cisco Confidential
Cisco Unity Express 2.3Message Notification Operation• Message Notification (Outcalling)
This is a system service that notifies a subscriber upon the arrival of new/urgent messagesSystem-wide and per user/GDM configuration options
• Notification DestinationsNumeric devices/destinations (uses a voice port): 4Text devices/destinations (uses no voice ports): 2
• Notification PreferencesConfigurable for All messages; or just for Urgent messages
Broadcast messages and DDRs do not generate notificationsConfigurable per system, per user and per destinationSubscriber can set up a schedule per device/destination for notifications
• Notification MethodAll configured and enabled destinations are notified simultaneouslyNo “chaining” or “cascading” of notifications supportedNo retries or NDRs are generated for notification failures
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
29
29© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
UNIFIED COMMUNICATION EXPRESS:
Design Considerations
292929
• Hopefully the majority of you are already familiar with or have heard of the new Cisco Integrated Services Routers that were introduced last fall.
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
30
30© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Cisco CallManager Express IOS Release Version Summary
12.4(6)TVG224, IP-IP GW12.4(4)XC1CME 4.0(1) (Laverda)12.4(4)TCME 3.4 (Piaggio + Speedbird)
IOS VersionCME Release Version
12.4(3d) or higherCME 3.3 (Aprilia on Mainline)12.3(11)T10CME 3.2 (Aprilia)12.3(8)T11CME 3.1 (Segway)
12.4(6th release)TCME 4.0(2) GA 12.4(4)XC3CME 4.0(2) Early Adopter
IOS VersionCME Release Version12.4(9)T CME 4.0 (Laverda) GA
Future
Shipping
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
31
31© 2005 Cisco Sy stems, Inc. All rights reserv ed.Session NumberPresentation_ID Cisco Confidential
CME 4.0(x) Features
CME 4.0(1)Early Adopter Release: 12.4.(4)XC1, Currently Available3. FXO Trunk dn transfer and line optimization for call
coverage4. Silent ring over-ride for night-service5. Automatic line selection for answering incoming
callCME 4.0(2)Early Adopter Release: 12.4.(4)XC3, FCS July 068. 7931(Goped), 7906G9. CIPC Video Support with CVTA 2.0 10.Localization for 797X/61/41/11
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
32
32© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
DSLFaxCisco ISR, Including:• CallManager Express, • Cisco Unity Express• Cisco IOS Firewall• Integrated 24 port PoE switch
GUI Management
Station
Employee PC,Cisco IP Phone
7961G and Voice Mail
Application server
Printer
Cisco IP Phone 7905 in Lobby, Break Room, or
Conference Room
Dial Backup and POS
Analog Phones
Cisco IP Phone 7970+ 7914 as the Attendant
ConsoleWireless LAN Access Point
Cisco IP VoWLAN 7920
Phone
CO Line 1, 2, 3, 4
Standalone SMB Deployment—Full Office Communications on a Single Platform
Table PC
Public Interne
t
PSTN
• Small Standalone Office Deployment• Traditionally, this office would have been equipped with a data router and a key system
for voice services. These functions and applications are now integrated into the Cisco 3725 CME router shown at the center of the configuration. Components include:
• PSTN interface: A small office would typically prefer key system operation (i.e. line appearances on buttons on the phones) where each CO line is individually mapped. For a small office, low-density analog FXO is the most common CO connectivity; larger offices might use BRI or fractional T1/E1.
• Internet interface: For a small standalone office, a DSL connection to the ITSP is likely the most cost-effective. Larger offices could choose a fractional or full T1/E1.
• Employee desktops: Cisco 7960 phone with a computer attached behind it is a common configuration.
• Applications servers: Business-specific office applications and print servers would be connected to the LAN.
• Attendant console: Cisco 7914 is a good choice for receptionist or attendant.• Other components: Phones in lobbies, conference rooms; fax and other voice services.• Management: GUI access to the CME/CUE interfaces is available from any computer for
management and adds, moves, changes.
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
33
33© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Deployment Highlights—SMB
• Single box solution for IP communications, including telephony, video, routing, switching, WLAN, and security
• Connectivity with existing CO lines and analog devices as well as with SIP trunks from service providers
• Key-system features such as shared trunk lines, monitoring of trunk status from phone display, auto attendant
• PBX features such as DID extensions, basic ACD, hunt groups, voicemail, and many more
• Remote phone support for tele-workers or for small offices where a full CME system is not justified
• Video telephony, soft phone support, enable productivity of mobile workforce• Day two GUI administration support• Investment protection for upgrade to multi-site VoIP network with converged
applications
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
34
34© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Large Enterprise with Retail Branch
• Call routing to 400+ CME stores handled by GK
• G.729 calls forwarded to Unity converted to G.711 by DSPfarm transcoder registered to CCM
• Unity sends MWI status to MWI relay server using SCCP outdial
• MWI relay server relays MWI status to Store CMEs using SIP subscribe notify
CME Store1
HQ CCMCluster
CME Store2 CME Store3 CME Store4
Gatekeeper
MWI Relay server
Unity
XcodePSTN GW
GK
WANPSTN
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
35
35© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Deployment Highlights:Large Enterprise with Retail Branch
• Unified Dialplan for Store-to-Store communication• Leverage existing MoH feed at branch stores• Scalable Dialplan and Call Admission Control provided by
H323 Gatekeeper• One VM box for each CME. Used by branch manager to
receive broadcast voice messaging from HQ• Shared voicemail and directory with HQ CCM and branch
CME • Synchronized MWI notification for 400+ branch IP phones
when message received from HQ
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
36© 2005 Cisco Systems, Inc. All rights reserved.9-13-2006 Cisco Confidential
Redundancy
Redundancy
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
37
37© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
IP Phone Redundancy: HSRP
• Prior to CME 4.0, IP phones must register to HSRP address for redundancy
• All inbound/outbound calls to HSRP address are process switched, increasing CPU utilization for VoIP calls—not an issue for small sites
• HSRP address cannot be registered to GK
HSRP Address10.1.1.1Primary CME
10.1.1.2
telephony-serviceip source-address 10.1.1.1 port 2000!interface FastEthernet0/0 ip address 10.1.1.2 255.255.255.0 standby ip 10.1.1.1 standby priority 200 standby preempt
Secondary CME
10.1.1.3
Call Manager 1: 10.1.1.1 ActiveIP Phone Network Configuration
telephony-serviceip source-address 10.1.1.1 port 2000!interface FastEthernet0/0 ip address 10.1.1.3 255.255.255.0 standby ip 10.1.1.1 standby priority 100
• Rehome can options 0-65535 seconds
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
38
38© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
IP Phone Redundancy: Secondary CME
• Starting with CME 4.0, IP phones can home to secondary CME when keepalives to primary CME expires—same behavior as CCM
• HSRP can still be used for data redundancy
CME1: 10.1.1.1
telephony-serviceip source-address 10.1.1.1 port 2000 secondary 10.1.1.2
CME2: 10.1.1.2
Primary CME Secondary CME
Call Manager 1: 10.1.1.1 ActiveCall Manager 2: 10.1.1.2
IP Phone Network Configuration
• Rehome can options 0-65535 seconds
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
39
39© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
CCME PSTN Redundancy Options
• Hybrid schemeAdvantages of consolidating circuits in a PRI/T1-CAS with backup FXOs for 911 in case of T1 failure
• PRI/T1-CAS atoreOne PRI/T1-CAS per CMEEach PRI/T1-CAS uses a diverse route with a diverse carrier
• FXO-Only storeAll FXOs can be physically split between both routers in case of loss of CMEMust set “ringer option 1” on CME-Primary voice-portsMust set “ringer option 3” on CME-Secondary voice-ports
1 00 -24 0 V ~ 3 A50/6 0H z
DO NOT R EM O VE DUR ING N ETWORK OPERA TION
CF
Cisco 3800 Series
SYS AC T PWRSYS
R PS PWR A IM0 AIM 1 PVD M 0 PVDM 1 PVDM 2 PVDM 3AU X
CME-Primary
10 0- 24 0 V ~ 3 A5 0/6 0H z
D O N OT REM OVE D URIN G NETWO RK O PERATIO N
CF
Cisco 3800 Series
SYS ACT PWRSYS
RPS PWR AIM 0 AIM1 PVDM 0 PVDM 1 PVD M 2 PVDM 3AUX
CME-Secondary
PSTN
Physically Split FXOs
PRI orT1-CAS
FXO-2
FXO-1
Hybrid Scheme
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
40
40© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Combining IP Phone and PSTN Redundancy
• Ephone-dns are always present, even when IP phones are not registered• If PSTN to primary is down, but IP phones are still registered to primary, incoming
calls routed to secondary CME are routed to ephone-dn without an associated IP phone—call will receive busy tone
• To prevent this, ephone-dn on secondary CME needs to be set at lower preference than VoIP dial-peer that routes call to primary CME
• Advanced config—not common
Primary CME (10.1.1.1)
Registration
Secondary CME ephone-dn 1
number 1000preference 10!dial-peer voice 1 voipdestination-pattern 1000session target ipv4:10.1.1.1preference 1
ephone-dn 1number 1000
PSTN
• Rehome can options 0-65535 seconds
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
41
41© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Redundant CME with GK
• Ephone-dn from both primary and secondary CME register to GK simultaneously, with no preference associated
• Preference must be set statically at GK for each CME site to route calls to primary CME first, secondary CME second
81…
interface Loopback0 ip address 192.168.100.1 255.255.255.0 h323-gateway voip interface h323-gateway voip id siteA ipaddr 10.10.10.1 1719 h323-gateway voip h323-id CME1 h323-gateway voip tech-prefix 1# h323-gateway voip bind srcaddr 192.168.100.1
CME1192.168.100.1
interface Loopback0 ip address 192.168.100.2 255.255.255.0 h323-gateway voip interface h323-gateway voip id siteA ipaddr 10.10.10.1 1719 h323-gateway voip h323-id CME2 h323-gateway voip tech-prefix 1# h323-gateway voip bind srcaddr 192.168.100.2
CME2192.168.100.2
gatekeeper zone local NYC cisco.com 10.10.10.1 zone prefix NYC 81... gw-priority 10 CME1 zone prefix NYC 81... gw-priority 9 CME2 gw-type-prefix 1#* default-technology
Gatekeeper
10.10.10.1
WAN GK
• Rehome can options 0-65535 seconds
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
42© 2005 Cisco Systems, Inc. All rights reserved.9-13-2006 Cisco Confidential
Call Admission Control (CAC)
Call Admission Control (CAC)
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
43
43© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
IP WAN
CCME
Call Admission ControlWhy Is It Needed?
PSTN
Circuit-Switched Networks
Packet-Switched Networks
PBX
PhysicalTrunks
STOP
IP WAN Link Provisionedfor Two VoIP Calls (Equivalent
to Two “Virtual” Trunks)
3rd CallRejected
No Physical Limitation on IP Links
If 3rd Call Accepted,Voice Quality of All
Calls Degrades
Call Adm. Control Limits # of VoIP Calls on Each WAN Link
IP WANLink
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
44
44© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Call Admission ControlDistributed Deployments: Gatekeeper
• In purely distributed CME deployments, Gatekeeper provides CAC for both hub-and-spoke and full-mesh topologies
• Define Gatekeeper zones for each CME sitecluster to limit bandwidth in and out of each site
• Up to 500 zones per GK
SJC
RTP NYC
Gatekeeper
gatekeeper zone local RTP cisco.com zone local SJC cisco.com zone local NYC cisco.com bandwidth interzone zone NYC 256 bandwidth interzone zone RTP 256 bandwidth interzone zone SJC 256
GK
IP WAN
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
45
45© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Call Admission ControlDial-Peer Max-Conn
• Maximum number of calls can be set using max-conn on dial-peer
• Both inbound and outbound calls count towards maximum limit
• Calls routed through other dial-peers on system do not count towards limit
• All outbound and inbound calls must be routed through single dial-peer to be effective
dial-peermax-conn 2
WAN
STOP
3rd CallRejected
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
46
46© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
WAN
Call Admission ControlCall Threshold
• Maximum number of calls can be set per interface using call threshold
• Both inbound and outbound calls count towards maximum limit
• Calls routed across multiple dial-peers count towards maximum limit
• Must be set on physical interfaces Does not work across IPsec or virtual interfaces
dial-peer 1
dial-peer 2
call threshold interface GigabitEthernet0/0 int-calls low 3 high 3
GE0/0
STOP
3rd CallRejected
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
47
47© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Call Admission ControlRSVP
• RSVP agent on CME and voice gateways in call path reserve bandwidth for set number of calls
• Effective for networks were all the voice gateways used for call routing support RSVP
Site ASite A Site B
RSVP
WAN
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
48
48© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
CME 4.0: CME-SRST Fallback
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
49
49© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
CME-SRST Fallback Overview
• CCM phones fallback to CME during WAN outage• SRST Features such as call preservation, auto
provisioning and failover are supported• CME Features are available during failover: Call
park, Hunt-group, MWI, Overlay-DN, SCCP Unity, Softkey Templates
• FL-SRST and FL-CCME licenses are interchangeable, only config on router needs to be modified to switch between CME and SRST
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
50
50© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
When to use SRST
• Site has 240+ phones. SRST can support max 720 phones
• Simple, one-time configuration required for basic functionality. CME adds more features but requires additional configuration
• SRTP media encryption is required • SIP Phone Failover is required• VG248 support is required
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
51
51© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
CME-SRST Fallback Options
(config-telephony)#srst mode auto-provision ?
all SRST mode ON (include both learned DNs and phones into running config)
dn SRST mode ON (include only learned DNs into running config)
none SRST mode ON (include NONE of the learned DNs/ephones into running config)
• In general, you will want to use srst mode auto-provision none to always use dynamic provisioning
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
52
52© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
CME-SRST Fallback Steps (1)
1) WAN connectivity to CCM is lost
2) IP phones re-register to CME ip address specified in SRST Reference
3) CME will read IP phone mac-address, DN and speed-dial settings from IP phone flash
4) If the DN number of CCM phone matches the number set on a preconfigured ephone-dn, the IP phone will assign the preconfigured ephone-dn to itself
1000
ephone-dn 1 number 1000
2000
ephone-dn 2 number 2000
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
53
53© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
CME-SRST Fallback Steps (2)
1) If the DN number of CCM phone does not match the number set on a preconfigured ephone-dn, CME will create an ephone-dn that matches the IP phone’s extension, with the SRST ephone-dn-template applied
2) The IP phone will register with the auto-provisioned ephone-dn with SRST ephone-template applied
3) If auto-provision none is configured, none of the auto-provisioned ephone or ephone-dn configs are written to running-config
If the IP phone is replaced and MAC address changes, no configuration change is required on CME
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
54
54© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Provisioning CME-SRST Fallback
1) Configure and register IP phones to CCM2) Configure CME address as SRST Reference on CCM3) Enable SRST mode on CME with auto-provision none4) Define SRST ephone-template for shared softkey ordering,
speed-dial, fastdials and transfer-blocking5) Define SRST ephone-dn-template for call-forward, pickup-groups6) Configure Per-phone ephone-dns, these DNs should match the
numbering plans configured on your CCM phones7) Configure ephone-hunt. You must have ephone-dns configured
before setting up ephone-hunt8) Configure system ephone-dns: Call park, MWI, etc.9) Save config• Once you are done with these steps, you do not have to
modify CME settings unless your CCM dialplan changes
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
55
55© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
CME 4.0 Platform Density
288962851
120242801
7202403845
5001683825
Max. DN
500
500
288144144
120
Max. SCCP + SIP phone
192
144
724836
24
3745
Platform
3725
26912821, 265xXM
2811, 2600XM, 262xXM
1751, 1760
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
56
56© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
SRST 4.0 Platform Density
800480CMM
384962851
120242801
96072038459603363825
Max. DN
960
576
288
192
144
120Max phones
480
144
72
48
36
24
3745
Platform
3725
2691
2821, 265xXM
2811, 261xXM, 262xXM
1751, 1760
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
57
57© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
CME 4.0: Remote Teleworker
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
58
58© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Remote Teleworker Requirements• Minimum bandwidth of
one T1 (1.536 Mbps) or E1 (2.048Mbps) of bandwidth at HQ CME site
• Minimum 128 Kbps upload bandwidth for each remote phone. Business class broadband recommended
• Maximum number of remote phones constrained by WAN bandwidth
• CUE, PSTN must be hosted on hub CME
• No SRST Support
IPsec Tunnels
87X
87X
87X
87X
Internet
PSTN
Data
Voice
LAN
CME
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
59
59© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Remote Teleworker : Background
• Prior to CME 4.0, there were issues with one-way audio for calls made to hub VM or PSTN by remote phones over direct IPsec tunnel.
• The workaround was using “loopback” interfaces and GRE tunnels.
• CME 4.0 solves this problem by sending the RTP (UDP) packets through the IOS IP switching engine, instead of encapsulating it and queuing it to the egress interface itself.
• The changes introduced by this feature makes CME behave the same way as Cisco VoIP (H.323 or SIP) gateway, in the sourcing of RTP packets for remote phones.
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
60
60© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Remote phones, no MTPCharacteristics• Media flow-around for spoke to spoke calls PSTN, VM access requires media flow-through to CME• All IP phones require routable address• UDP/TCP ports must be open between remote and LAN IP phones
Media(RTP)
Signaling (SCCP)87X
87XWAN
CMEephone 1
ephone 2VM
PSTN
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
61
61© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Remote phones with MTPCharacteristics• All non-LAN calls flow-through CME source address• Only CME source address needs to be routable • Remote phones can use NATed addresses• UDP/TCP ports must be open between remote IP phones and CME source address
VM
Media(RTP)
Signaling (SCCP)
ephone 1 mtp
ephone 2 mtp
CME source address on routable nework
fixup protocol skinny configured on PIXfor private address on remote LAN
87X
87XWAN
CME
PSTN
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
62
62© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Remote phone G.729
• With g.729 dspfarm-assist configured, DSPfarm will be used to transcode G.729 to G.711 for call-forward/transfer to CUE and 3-party conferencing
• If no DSP transcoding resources available, remote phones will use G.711
• ATA, VG224 do not support dspfarm-assist, will always use G.711 for CUE and 3-party conferencing
• Enter total number of remote phones in DSP calculator > Advanced Options > “G.711 to G.729a/ GSM-FR” field to calculate DSP resources required for transcoding:
http://www.cisco.com/cgi-bin/Support/DSP/cisco_prodsel.pl
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
63
63© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Recommended Design for Remote phones over IPsec•IPsec tunnel between CME and 87X/PIX (Recommended for QoS, VPN acceleration)
• IPSec pass-through through 3rd party router with Cisco VPN concentrator at head-end and Cisco VPN Client + CIPC at Remote site
87X/PIXWAN
Linksys router
CME/VPN server Cisco VPN client w/IPC
IPsec tunnel
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
64© 2005 Cisco Systems, Inc. All rights reserved.9-13-2006 Cisco Confidential
CME Security Considerations
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
65
65© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
CME/Cisco IOS Firewall with H.323
• CBAC inspects H.323 connections initiated from CME/firewall• ACL on CME/firewall allows H.323 call control traffic on TCP
port 1720• Inspection of CME/Firewall initiated traffic enables dynamic opening of
pinholes on the interface ACL to allow return traffic for dynamically negotiated call control and RTP ports
SCCP phone
Private
Public
SIP phone
Private
NYC SJC
H.323 Trunk
SCCP Port Access Restricted to LAN IP Address Space
ACL Allows Inbound/Outbound H.323
Packets on CME Source IP Address, TCP Port 1720
SIP Port Access Restricted to LAN IP Address Space
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
66
66© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
CME/Cisco IOS Firewall with SIP
• CBAC on external firewall inspects CME initiated SIP connections• ACL on firewall allows SIP call control traffic on TCP port 5060• External firewall inspects CME initiated traffic, dynamically opening pinholes on
the firewall ACL to allow return traffic for dynamically negotiated call control and RTP ports
• Inspection of SIP and SCCP for co-resident CME and firewall will be supported in Q1 CY’07
SCCP phone
Private
PublicSIP phone
Private
NYC SJCFW FW
Public Address Translated by Firewall to Private CME
Source Address
Public Address Translated by Firewall to Private CME
Source Address
ACL Allows Inbound/Outbound SIP
Packets on TCP Port 5060
SIP Trunk
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
67
67© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
SJCNYCH.323/SIP Trunk
CME Site-to-Site VPN
• All SIP/H.323 call control and RTP media can be encrypted over IPsec tunnel established between CME/VPN routers
• CME 3.X and below requires GRE. CME 4.0 and above does not require GRE, supports dynamic, static crypto, EZ-VPN, DMVPN.
• Recommended design for remote SCCP phones
SCCP phone
Private
Public
SIP phone
Private
CME Source Address Uses Loopback Routable Over
IPsec Tunnel
CME Source Address Uses Loopback Routable
over IPsec TunnelIPsec Tunnel Established Between
Public Address on CME/VPN Server
IPsec tunnel
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
68
68© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
CME Security Toolbox
• COR (Class of Restriction)
• After-hours call blocking
• Forced authorization code
• Direct inward dial
Toll Restriction• Transfer-pattern
• Transfer max-length
• Softkey template
• Call-forward max-length
• Disable call-forward local
• Disable directed pickup
Features Restriction
• TACACS/radius authentication
• SSH/HTTPS secure access
Administrative Restriction• Customized GUI access
• Disable auto-registration
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
69
69© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Toll Restriction: After-Hours block
• After-hours block globally defines specific blocks patterns that cannot be dialed during non-business hours
• Maximum of 32 block patterns can be defined per system• Block pattern with 7–24 always blocked for all phones• When stop time is earlier than start time, the stop time is in the next day of the week; i.e.
Sat 13:00 9:00 sets non-business hours from Saturday, 13:00 to Sunday, 9:00AM
telephony-serviceafter-hours block pattern 1 91after-hours block pattern 2 91900 7-24after-hours day sun 9:00 8:00after-hours day mon 19:00 8:00after-hours day tue 19:00 8:00after-hours day wed 19:00 8:00after-hours day thu 19:00 8:00after-hours day fri 19:00 10:00after-hours day sat 13:00 9:00
Numbers Starting with 91 Blocked During Non-Business Hours
Numbers Starting with 91900 Always Blocked, 24–7
Business Hours Set to 8:00–19:00 Monday–Friday, 10–13:00 Saturday, Closed Sunday
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
70
70© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Toll Restriction: After-Hours Exemption
• After-hour exempt will exempt IP phone from all after-hours blocking • After-hours PIN over-ride will suspend after-hours block when user enters four to eightdigit PIN;
block pattern with 7–24 suffix will still be enforced even after PIN entry• After-hours suspension in effect until login timeout expires• PIN is defined per IP phone
telephony-service after-hours block pattern 1 91 after-hours block pattern 2 91900 7-24 login timeout 10 ! ephone 1 ! ephone 2 after-hour exempt ! ephone 3 pin 1234
Numbers Starting with 91 or 91900 Blocked
ephone 1
STOP
ephone 2
No Numbers Blocked
ephone 3
After PIN Entry: Only Numbers Starting with 91900 are
BlockedSTOP
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
71
71© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Toll Restriction: Class of Restriction (COR)
• COR denies or allow calls based on group membership. These groups are called COR lists• An ephone-dn or dial-peer can become a member of a single COR list• Ephone-dn and dial-peer that are not members of COR lists are exempt from COR rules
Dial-peer cor custom name 911 name 408!Dial-peer cor list call911 Member 911!Dial-peer cor list call408 Member 408!Dial-peer cor list Lobby Member 911!Dial-peer cor list Office Member 408 Member 911
Define Outbound COR Lists and Add COR Members
Define Inbound COR Lists and Add COR Members
Define COR Names, Maximum 64 Allowed
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
72
72© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Toll Restriction:Class of Restriction Logic (1)
Incoming COR List
Outgoing COR List
Outgoing Dial-peer
PSTN/VOIP
Call Allowed: Member 911 Matches for Incoming and Outgoing COR List
Call Blocked: No Member Match for Incoming and Outgoing COR
ListSTOP
Call Allowed: Member 911 and 408 Match for Incoming and Outgoing COR List
IncomingEphone-dn
ephone-dn 1ephone-dn 1 number 1111number 1111 cor incoming Lobbycor incoming Lobby
dial-peer cor list Lobbydial-peer cor list Lobbymember 911member 911
Dial-peer cor list call911Dial-peer cor list call911 member 911member 911
dial-peer 1 voice potsdial-peer 1 voice pots corlist outgoing call911corlist outgoing call911 destination-pattern 9911destination-pattern 9911 port 1/0/0port 1/0/0
dial-peer 2 voice potsdial-peer 2 voice pots corlist outgoing call408corlist outgoing call408 destination-pattern 408…….destination-pattern 408……. port 1/0/0port 1/0/0
Dial-peer cor list call408Dial-peer cor list call408 member 408member 408
dial-peer cor list Officedial-peer cor list Officemember 911member 911member 408member 408
ephone-dn 2ephone-dn 2 number 2222number 2222 cor incoming Officecor incoming Office
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
73
73© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Toll Restriction: Class of Restriction Logic (2)
Incoming COR List
IncomingEphone-dn Outgoing
COR ListOutgoing Dial-peer
Call Allowed: Dial-peers with No COR List Applied Accepts all Calls
Call Allowed: Ephone-dn with No COR List Applied Can Make Calls to any dial-peer
Call Blocked: No Member Match for Incoming and
Outgoing COR List
STOP
PSTN/VOIP
NO COR LISTNO COR LIST
Dial-peer cor list call845Dial-peer cor list call845 member 845member 845
dial-peer voice 4 potsdial-peer voice 4 pots destination-pattern 408…….destination-pattern 408……. port 1/0/0port 1/0/0
NO COR LISTNO COR LIST
dial-peer cor list Officedial-peer cor list Officemember 911member 911member 408member 408
ephone-dn 3ephone-dn 3number 3333number 3333
ephone-dn 2ephone-dn 2 number 2222number 2222 cor incoming Officecor incoming Office
dial-peer voice 3 potsdial-peer voice 3 pots corlist outgoing call845corlist outgoing call845 destination-pattern 845…….destination-pattern 845……. port 1/0/0port 1/0/0
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
74
74© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Toll Restriction: COR vs. After-Block
COR After-Hours Block
Pros• Multiple COR groups can be defined
• Can be applied to non-sccp devices such as analog phones fax machines and CUE
Cons• Settings must be applied per DN
• Provisioning on CLI only
• No time-of-day or PIN override
Pros• Provisioning is simple, settings applied per
phone
• Can be provisioned on GUI
• Rules can be selectively enforced according to time-of-day or PIN override
Cons• All phones must follow single global set of
rules
• Supported on SCCP and SIP phones only
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
75
75© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Securing CUE: Message Notification
• System-wide settings to determine valid numeric destinations• Checked when numeric destination
is enteredAlready configured numbers are not checkedwhen the rules are altered
• Min/Max digits allowed: 1–30• Up to ten rules or call patterns
Rules can contain wildcards* matches zero or more digits. matches one digit (single digit placeholder)
Each rule: allowed or deniedRules are searched sequentially until a matchis found, then exit
• Default: all numbers allowed
*Call Pattern
YesAllowed
Yes*No91……..
9011*Call Pattern
NoAllowed
Yes*No91408…….Yes91408555121
2
9011*Call Pattern
NoAllowed
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
76
76© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Call Forward Restriction: Call-Forward Max-Length
• Call-forward max-length restricts maximum number of digits that can be entered for call forward destination with CfwdAll softkey on a per DN basis
• Max-length for ephone-dn assigned to button 1 will be enforced when pressing CfwdAll softkey while onhook or by lifting handset
• Max-length for ephone-dn assigned to other buttons only enforced when specific button is selected; if button 2 is selected and CwdFall softkey is pressed, max-length for ephone-dn assigned to button 2 is enforced
• Call forward max-length is not enforced for destinations entered in GUI or CLI
Button 1: Forward to 1002 Allowed
Button 1: Forward to 5551212 Blocked
Button 2: Forward to 5551212 Allowed
STOP
Button 2: Forward to 19103335555 Blocked STOP
ephone-dn 1 number 1000 call-forward max-length 4!ephone-dn 2 number 1001 call-forward max-length 7!ephone 1 button 1:1 2:2
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
77
77© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Call Forward Restriction: No Forward Local-Calls
• No forward local-calls introduced in CME 4.0, will block call-forwarding of incoming calls from local CME IP phones
• Set on a per ephone-dn basis• All other incoming calls will
obey ephone-dn call-forward settings
Call Forward Not Enforced
PSTN
1000
Call Forwarded to 2000
ephone-dn 1number 1000call-forward busy 2000 call-forward noan 2000 timeout 10no forward local-calls!ephone 1 button 1:1
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
78
78© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Call Transfer Restriction: Transfer-Pattern
• Call transfer to POTS or VoIP destination that does not match the transfer-pattern is blocked; this includes “local” destinations such as CUE and B-ACD
• One transfer-pattern is allowed per system and is enforced on all phones• By default, no transfer-pattern is set, so all call transfers to POTS or VoIP destinations are
blocked• transfer-pattern still allows transfers to ephone-dn and ephone-hunt numbers defined on local
CME• Transfer-pattern .T will allow call transfers to any destination
Transfer to 4085551212 allowed
Transfer to 9102223333 blocked
Transfer to 12345 allowed
PSTNSTOP
12345
telephony-servicetransfer-pattern 408555….
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
79
79© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Call Transfer Restriction: Transfer-Pattern Blocked
• transfer-pattern blocked introduced in CME 4.0 over-rides transfer-pattern and disables call transfer to POTS or VoIP destination
• transfer-pattern blocked still allows transfers to ephone-dn and ephone-hunt numbers defined on local CME
• Can be applied on ephone or ephone-template
Ephone 1: Transfer to 5551212 allowed
Ephone 2: Transfer to 5551212 blocked
Ephone 2: Transfer to 12345 allowed
PSTNSTOP
12345
telephony-servicetransfer-pattern .T!ephone-template 1transfer-pattern blocked!ephone 1!ephone 2ephone-template1
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
80
80© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Call Transfer Restriction: Transfer-Pattern Max-Length
• transfer-pattern max-length introduced in CME 4.0 overrides transfer-pattern and enforces maximum digits you are allowed to enter for transfer destination on a per phone basis
• Can only be applied on ephone-template• Max-length not enforced for ephone-dn or ephone-hunt numbers on
local CME
Ephone 1: Transfer to 9911 allowed
PSTNSTOP
Ephone 1: Transfer to 12345 allowed
12345
Ephone 1: Transfer to 5551212 blocked
telephony-servicetransfer-pattern .T!ephone-template 1transfer-pattern max-length 4!ephone 1ephone-template1
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
81
81© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
ephone-template 1 softkeys idle Redial Dnd Pickup Login Gpickup softkeys seized Pickup Redial Endcall Gpickup!ephone 1ephone-template 1
Features Restriction:Softkey Templates
• Ephone-template can be used to disable access to features by removing softkeys
• Supported on all phones with LCD display
• Template can include softkey settings for: alerting, connected, idle and seized states
• CME 3.x supports max 5 templates, CME 4.0 supports max 20 templates per system
Idle
Seized
Prevent Call Forward by Removing CFwdAll Softkey
from IP Phone User Interface
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
82
82© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Features Restriction:Feature Access Code (FAC) Blocking
• CME 4.0 adds feature access codes (FAC), which allow endpoints such as VG224 to enter * or # codes to invoke features
• Set features blocked under ephone-template to block specific phones from being able to use FAC
telephony-service fac custom callfwd all *3!ephone-template 1 features blocked CFwdAll!ephone 1 button 1:1!ephone 2 ephone-template 1 button 1:2
CME VG224
ephone 2
ephone 1Enter Dial *3 + Fwd
Destination to Set Call Forward All
Dial *3 Does Nothing
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
83
83© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Features Restriction:Disable Directed Pickup
• Directed call pickup allows any call on local CME to be picked up by pressing pickup softkey followed by ringing extension
• no service directed-pickup, introduced in CME 4.0 disables directed call pickup globally; group call-pickup is not blocked.
• Pressing pickup softkey executes local group pickup; emulates CCM behavior
telephony-serviceno service directed-pickup !ephone-dn 1number 123pickup-group 1!ephone-dn 2number 130!ephone-dn 1number 124pickup-group 1
123
130
124
Pickup softkey + 123 blocked
Pickup softkey does local group pickup
Ringing
STOP
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
84
84© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Toll Restriction: Inbound Call Best Practices
• By default, incoming calls to a CME voice port presents incoming caller with secondary dial-tone; this allows the incoming caller to dial any number defined on CME, including long distance and international numbers; very dangerous
• PLAR to an AA or attendant phone if your telco does not present DID
• Enable direct-inward-dial and translate to match internal dial-plan if telco presents DID
Default: Incoming Call Receives Secondary Dialtone
Attendant
CUE AAPLAR or DID Enabled: Call is Routed to Internal party
International CallsIncoming Caller can Reach Any Number
Defined on CME
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
85
85© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
“You Have Reached an Invalid Extension.
This Call Will Be Disconnected”
Toll Restriction:DID Translation Script
• TCL Script adds a prefix from 1–99 to any incoming DID
• If prefix + DID matches CME numbering plan, call is routed to new destination; if there is no match, script plays invalid number prompt and disconnects call
Incoming DID Call to 30
Script Appends Prefix 1 to DID
Match
No Match
DID Script
TCL130
STOP
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
86
86© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Securing CUE: AA PSTN Access
• CUE system AA script contains a variable to allow/deny PSTN access from the AA
• Recommendation: Build a similar capability in any custom AA scripts used on CUE
If PSTN access from the AA is required, limit the numbers (or range of numbers) that are considered valid by the script
Allow/Deny PSTN Transfers Out of the AA
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
87
87© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Disable Auto-Registration
• With CME 4.0, no auto-reg-ephone will reject registration attempts by IP phones with MAC address that are not provisioned in CME
• show ephone attempted-registrations will show MAC address, phone type and datestamp for failed registration attempts
• Disabling auto registration will disable GUI ephone provisioning and CME SRST Fallback
• With CME 3.x and below, provision ephones before configuring ip source address to workaround auto-registration behavior
STOP telephony-service ip source address 10.1.1.1 no auto-reg-ephone!ephone 1 mac-address AAAA.BBBB.CCCC button 1:1
AAAA.BBBB.CCCC
BBBB.AAAA.DDDD
REJECT:mac-address Not Provisioned in CME
• Phones will continuously attempt to register as long as network connectivity exists
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
88
88© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Secure CME
1. IP phone downloads CTL file generated by CTL client; after CTL files is validated, IP phone downloads signed config, locale and firmware files
2. IP phone initiates TLS session on port 3804 to CAPF server specified in config file
3. IP phone user enters password to authenticate to CAPF; after password is validated, CAPF enrolls certificate request to CA and provides certificate to IP phone
4. IP phone stores certificate and establishes TLS session on port 2443 to register to CME
fCME CAPF
CTL Client
Certificate Authority
IP Phone
SSL/TLS
TFTP
Cisco IOS PKI
TLSTLS
1.TFTP
2.
3.
4.
Cisco IOS
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
89
89© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
AAA Model for CCME
• If AAA for administration of Cisco IOS-based equipment is already in use, it should be leveraged for CCME
Use CiscoSecure ACS and TACACS+ or some other off-box mechanism
• AuthenticationFollow corporate standards
• AuthorizationCCME administrators only should be allowed access to options under global config such as dial-peers, ephones, ephone-dns, telephony-service, etc.
Show commands and other exec level instructions can be restricted as desired
• Accounting Command level accounting should be enabled as appropriate to at least monitor config changes within CCME
• Security mechanisms for CLI – expand upon the existing
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
90
90© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
HTTPS and SSH Secure Access
• SSH encrypts user logon data when accessing CME CLI• HTTPS encrypts user logon data when accessing
CME GUI• SSH included in all Cisco IOS images in 12.4• HTTPS require K9 image to provision• HTTPS and HTTP can run concurrently• IP phones do not support HTTPS; if HTTP is disabled on CME, the
following phone features may cease to function:
Local directoryXML speed dialCUE GUI
• Stuff I created for Depot and pursued further for Wal-Mart
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
91
91© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
TACACS/Radius Authentication forCME GUI/CLI
• CME GUI and CLI administrative access can be authenticated to external TACACS/Radius server
• CLI access can be limited to specific commands based on privilege level, level 15 gives you full access
• Only CME GUI admin can be authenticated by TACACS/Radius. End user GUI accounts must be local
• Not supported in CUE GUI
TACACS/RADIUS server
Authenticate username/password
telnet/SSH
HTTP/HTTPS
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
92
92© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
CME 4.0: Video
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
93
93© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
CME Video Call Flows
PSTN
ACCM
VideoVideoVoiceVoice
• Supported Video Call Flows: CME SCCP CME Local SCCPCME SCCP CME Remote SCCPCME SCCP H.323 VideoCME SCCP H.323 CCM SCCP Video
IPH.323
H.323
CVTA
H323 Video EP
CVTA
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
94
94© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
2 PC initiates CAST messages to phone over TCP/IP. CAST packets are routed up to layer-3 boundary between VLANs. Firewalls and/or ACLs must permit TCP port 4224
3 Phone acts as SCCP proxy between VT Advantage and CCME. CCME tells phone to open video channels per call. Phone proxies those messages to PC via CAST protocol
4 Phone sends/receives audio. PC sends/receives video on RTP port 5445. Audio and video marked DSCP AF41. Switch port must be set to trust DSCP (or use an ACL) instead of trust COS or else VT Advantage packets will be rewritten to DSCP 0
SCCP EndpointsHow VT Advantage Works
PC VLAN = 10 Phone VLAN = 110
IP
VT Advantage 171.70.10.100
IP Phone: 10.70.110.100802.1Q/p
1 Phone and PC exchange CDP. Phone begins listening for CAST messages on TCP port 4224 from IP address of CDP neighbor
CDP
““CAST: : Open video channel”
“CAST: I want to associate with you”
“SCCP: Open video channel”
Video packets
Audio packets
IP S iS i
CCME
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
95
95© 2005 Cisco Sy stems, Inc. All rights reserv ed.Session NumberPresentation_ID Cisco Confidential
CME VTA Support
• Supported on 7960/40, 7941/61, 7970/71 firmware version 7.x and above. 7985 NOT supported
• Video-Capabilities enabled per phone in CME 4.0 CLI
• VT Advantage automatically “associates” with IP Phone. All dialing and supplementary services done through phone
• CDP installed on PC Ethernet NIC. Must be physically connected to PC port on back of IP Phone (e.g. no wireless, no associating from a different network jack)
• Cisco USB Camera required (e.g. No 3rd-party cameras)
• Codecs supported:H.263, H.261, G.729, and G.711
telephony-service video maximum bit-rate 384 service phone videoCapability 1!ephone 1 video Case-Sensitive!
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
96
96© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
SRST Video Support
CVTA Supported with SRST 4.0, 12.4(4)XC
call-manager-fallbackvideomaximum bit-rate 384max-conferences 16 gain -6transfer-system full-consultip source-address 20.1.1.1 port 2000max-ephones 52max-dn 110
• The SRST configuration on above slide is not a complete SRST configuration.
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
97
97© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
CME Video Fall Back to Audio Scenarios
• Call between Video-capable EP and Audio-only EP• Video-capable EPs have mismatch Video codec or
formats• System Video Minimum Video Bit-rate not met (e.g.
max-bit-rate < 64 kbps)• Call transfer or forward to Audio-only EPs• Initiate Conference between 3 video-capable EPs
- RTP stream are mixed by CME, fall back to Audio
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
98
98© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
CME Video over H323
• H323 Slow Start only • H.450 Call Transfer and Forward only• H.323 to H.323 Hairpin not supported• All RTP streams (audio + video) flow-through
CMEs, not like skinny skinny flow-around
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
99
99© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
CME/SRST IP Phone Decoder Ring
No
No
H.323
SCCP
SCCP
SCCP
SCCP
SCCP/SIP
SCCP/SIP (7911 not tested)
SCCP/SIP
SCCP/SIP
SRST
3.4 – 12.4(6)T
Golden Brdg
SRST Voice OnlyNoNoNo7985
SCCPNoNoCIPC 2.0 OnlyCIPC 2.0 & VTA 1.0
SCCP/H.323H.323H.323H.323ATA Fax
SCCP/SIPSCCPSCCP/SIPSCCPATA Voice
SCCP*SCCPSCCPSCCP7914
SCCPSCCPSCCPSCCP7936
SCCPSCCPSCCPSCCP7920
SCCP/SIPSCCP/SIPSCCP/SIPSCCP7905/12
SCCP (SIP SRST Only)
SIP SRST OnlyNoSCCP(SRST only)
7941/61/11
SCCP/SIPSCCP/SIPSCCP/SIPSCCP7960/40
SCCPSCCPSCCPSCCP7970/7971
CME/SRST
4.0 – 12.4(4)XC
SRST
3.4 – 12.4(4)T
CME
3.4 – 12.4(4)T
CME/SRST
3.3 (12.4)
* 7961/70/71 support for 7914 added with CME 4.0
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
100
100© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
7941/61/11 Support
• Supported firmware files will be posted on CME 4.0 Spec sheet below:
http://www.cisco.com/en/US/products/sw/voicesw/ps4625/products_documentation_roadmap09186a0080189132.html
Beware of available flash!• 7941/61:5 files, 5MB• 7911:7 files, 5.5MB • 7970/71:5 files, 5MB • SDM: 7MB• CME(B-ACD/GUI/MoH):
2.5MB• IOS: 25 - 35MB
tftp-server flash:TERM41.DEFAULT.loads tftp-server flash:TERM61.DEFAULT.loads tftp-server flash:TERM41.x-x-x-xS.loads tftp-server flash:CVM41.x-x-x-xx.sbn tftp-server flash:Jar41.x-x-x-xx.sbn tftp-server flash:cnu41.x-x-x-xx.sbn ! tftp-server flash:TERM11.DEFAULT.loads tftp-server flash:SCCP11.x-x-x-xS.loads tftp-server flash:cnu11.x-x-x-xx.sbn tftp-server flash:dsp11.x-x-x-xx.sbn tftp-server flash:apps11.x-x-x-xxdev.sbn tftp-server flash:jar11.x-x-x-xx.sbn tftp-server flash:cvm11.x-x-x-xx.sbn !telephony-service load 7941GE TERM41.x-x-x-xS load 7941 TERM41.x-x-x-xS load 7961GE TERM41.x-x-x-xS load 7961 TERM41.x-x-x-xS load 7911 SCCP11.x-x-x-xS
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
101
101© 2005 Cisco Sy stems, Inc. All rights reserv ed.Session NumberPresentation_ID Cisco Confidential
Quick Config Tool (QCT) v. 2.0Simplified CME Configuration
• QCT configures CME system in under 30 minutes without using IOS CLI.
• QCT v. 2.0 includes new features:
– BAT file input of users & extensions from MS Excel format.
– Configuration of separate VLANS for voice and data traffic
– Automated reset of CME & CUE to configurable factory default status
– Advanced T1 / E1 configuration parameters, including PSTN switch type.
• QCT v.1.0 has been downloaded almost 10,000 times since release in July, 2005
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
102
102© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Quick Config Tool (QCT)Improvements in Installation of CME and CUE— Saves You Time—Makes You Money!
“We were very happy to find the QCT application. We had a CME/CUE installation to be performed by a less-skilled engineer, which quite frankly made us a little nervous. We were very happy with the outcome; the engineer finished the job in a day, doubling the profit. We will definitely use this tool on future CME/CUE installs.”
--Cisco Partner, Computer Software Innovations (CSI)
00.5
11.5
22.5
33.5
44.5
5
InstallTime
(hours)
TACCalls
IOS CLIQCT
“We were impressed that QCT can build a PBX system with only two screens of data, while other products involve from 2 to 10 times as many setup screens to configure a new IP PBX system. This setup is faster and requires less telephony or data network expertise than virtually any other system in the SMB class that Miercom has previously tested.”
“We built the PBX configuration for our six phone system using QCT in about 20 minutes.”
“The QCT generated a configuration that would otherwise require over 300 command line entries.”
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
103
103© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Other Q and A
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
104
104© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential
Where to Find More Information
104
• IPC productswww.cisco.com/go/ccmecue (Cisco® CallManager Express and Cisco Unity® Express information)www.cisco.com/go/isr (integrated services platforms) www.cisco.com/en/US/products/hw/phones/index.html (Cisco IP Phones) www.cisco.com/en/US/products/hw/switches/ps646/index.html (switches)
• IPC service and support solutionswww.cisco.com/en/US/products/svcs/ps2961/ps2664/serv_group_home.html www.cisco.com/en/US/products/svcs/ps11/ps2445/ps3040/serv_home.html
• IPC technology and services specializationswww.cisco.com/go/specialization
• Financingwww.cisco.com/go/ciscocapital
• Here are some URLs to help your customer in their SMB IP Communications plans and deployments.
• (View in slide show format to click on links.)
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
105
105© 2005 Cisco Sy stems, Inc. All rights reserv ed.Session NumberPresentation_ID Cisco Confidential
Resources
• General Cisco ISR Information:www.cisco.com/go/isr
• Miercom and Current Analysis Reports:www.cisco.com/go/isr
• Cisco Unified Communications Datasheet:http://www.cisco.com/en/US/products/ps5855/products_data_sheet0900aecd80169812.html
• CallManager Express: www.cisco.com/go/ccme
• Cisco Unity Express: www.cisco.com/go/cue
• Voice Gateways: http://www.cisco.com/en/US/products/ps5855/products_data_sheet09186a0080182d38.html
© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
106
106© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential