In this article I’ll go over how to build a SIP Trunk to a provider with Call Manager Express, in this case we’ll use Flowroute. I will be using my 3725 with IOS “c3725-adventerprisek9-mz.124-15.T10.bin”.
First we will enable SIP, then we configure the router to register with our provider, then we’ll configure our codecs and dial peer, finally we’ll go over some show commands to verify that everything works.
Here’s how to enable SIP:
voice service voip sip
Very simple, we just enable the SIP protocol.
Next we configure our router to register with Flowroute:
sip-ua authentication username xxxxx password 7 xxxxxxxxxx realm sip.flowroute.com calling-info pstn-to-sip from number set 1xxx7325736 no remote-party-id registrar dns:sip.flowroute.com expires 3600
This tells the router to register with “sip.flowroute.com” using the username and password we specified.
Next we configure our codecs:
voice class codec 1 codec preference 1 g729r8 codec preference 2 g711ulaw codec preference 3 g711alaw
Here we specify which codecs we want to use and what order we prefer them, 1 being most preferred and 3 being least preferred. I have chosen to use g729 whenever possible as it needs much less bandwidth and sounds great.
In this short article we will configure some Layer 2 EtherChannel links. These are used to aggregate switchports to increase bandwidth and provide redundancy. I am running a four port EtherChannel from my Edge router to my Core switch. This article is useful for CCNP (BCMSN) studies.
First we will configure our switchports, then we will configure the Port-Channel interface, then we’ll look at some show commands.
Here is the switchport configuration:
interface range GigabitEthernet0/23 - 26 switchport trunk encapsulation dot1q switchport trunk native vlan 10 switchport mode trunk channel-group 1 mode on
We’ve set the trunking encapsulation to 802.1q and turn trunking on, then we set the native VLAN (I use 10), the command to note is “channel-group”, we have made the group 1 and set the mode to “on”, this means the port will not negotiate to become an EtherChannel, it just is.
Next we configure the Port-Channel interface:
interface Port-channel1 switchport trunk encapsulation dot1q switchport trunk native vlan 10 switchport mode trunk
This is just a logical interface (somewhat similar to a Loopback). We do the same trunk configuration here.
In this article we will configure GRE/IPSEC tunnels. These are used in cases where there is a desire to run routing protocols across a VPN connection. This article is useful for CCNP (ISCW) and CCSP studies.
First we will create our ISAKMP Policy, then we will create a key and associate it with a peer, next we build our Transform Set, then the ACL with traffic to be encrypted, followed by the Crypto Map and finally to the Tunnel interface configuration.
Here’s our ISAKMP Policy:
crypto isakmp policy 10 encr aes 256 authentication pre-share group 5
We set the encryption to an AES 256 bit key, use pre-shared authentication (keys) and Diffie-Hellman Group 5.
Next we create a key and associate it with a peer:
crypto isakmp key Sup3rS3cr3tK3y address 22.214.171.124
Now we build the Transform Set:
crypto ipsec transform-set secure_transform esp-aes esp-sha-hmac
Next we make our ACL:
ip access-list extended GRE_IPSEC_TRAFFIC permit gre host 126.96.36.199 host 188.8.131.52
This is catching GRE traffic from 184.108.40.206 (us, the source) to 220.127.116.11 (our peer, the destination).
In this article we will configure semi-basic NAT with a Cisco router. This post will be useful for CCNA studies. First we’ll create an ACL specifying which addresses we want to be NATed, then we apply our NAT statement to the router (enabling NAT), then we tell the interfaces whether they are inside or outside. I will also throw in a little “port forwarding” as a bonus.
Here’s our NAT ACL:
ip access-list extended NAT permit ip 192.168.0.0 0.0.255.255 any
This ACL is permitting ANY 192.168.x.x address to be NATed. I’m doing it this way because I have a lot of subnets at home and it’s easier than a line for each. Most people would probably use something like this:
ip access-list extended NAT permit ip 192.168.10 0.0.0.255 any
Next we turn NAT on, we do it with this NAT statement:
ip nat inside source list NAT interface FastEthernet 0/0 overload
In this article we will be using the Modular Quality of Service CLI (MQC). This article will be useful for CCNP (ONT) or CCIP (QoS) studies.With MQC you first define traffic classes, then you build a policy map in which the actions are applied to your classes, finally you apply the policy to an interface. This is a 20/2 cable connection, before implementing QoS my P2P traffic was really beating up on all my other traffic.
First we’ll go over class maps. Class maps are used to match traffic. Here are my class maps:
class-map match-any NNTP description This is the Newsgroups traffic. match access-group name MATCH_NNTP match protocol nntp class-map match-any BT description This is the Bittorrent traffic. match protocol bittorrent match access-group name BT_PORT class-map match-any PRIORITY description This is all the traffic that gets priority. match protocol http match protocol dns match protocol secure-http match protocol ssh match access-group name MATCH_RDP
Class map NNTP is matching the port for newsgroups traffic using ACL MATCH_NNTP:
ip access-list extended MATCH_NNTP permit tcp any eq nntp any deny ip any any
Class map BT is matching my bitttorrent traffic using NBAR and the port specified in ACL BT_PORT:
ip access-list extended BT_PORT permit tcp any eq 32547 any deny ip any any
Class map PRIORITY is matching a lot of traffic, most of it is using Network Based Application Recognition (NBAR) (match protocol ______), we’re also using MATCH_RDP for Microsoft remote desktop traffic: