CCME 4 Feaure and Design Important)

1© 2005 Cisco Systems, Inc. All rights reserved.9-13-2006 Cisco Confidential

Cisco Call Manager ExpressFeatures and Design

Greg LandersUnified Communnications System EngineerCisco [email protected]

Colorado Springs Cisco Users Group

2© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential

AGENDA• Open Format – Casual• What is Unified Call Manager Express• What is Unity Express• Design Considerations

RedundancyCall Adminission Control

• UCME as SRST for Unified Call Manager• Security considerations on UCME• Remote Teleworker


Cisco Unified Communications Portfolio

Number of Users per System0 25 500 2500+100 200

Hybrid / PBX

KSU

Small PBX

Centrex

Prod

uctiv

ity B

enef

itsVo

ice

Feat

ure

Focu

s

Cisco CallManager Express - Robust IP Telephony, and much more – Office Communications for the Small Office

Cisco Unified CallManager

High End PBXCisco Unified CallManager

Express


Cisco CallManager Express / Unity Express Router Portfolio

2811261xXM262xXM

• Extended modular connectivity (EVM, NM, AIM, WIC/VIC)

• Modularity with performance optimized for “all-in-one” solution (HSDM, NM, EVM, AIM, WIC/VIC)

Con

curr

ent S

ervi

ces

and

Perf

orm

ance

Small Office Enterprise Branch OfficeSmall Branch

• Modular connectivity (WIC/VIC)

2801

1751/1760

24 Phones

36 Phones

48 Phones

37253745

285128212651

96 Phones

38253845

144/192 Phones

168/240 Phones

• Local Auto Attendant and Voice Mail system with 12-100 mailboxes, 4-8 sessions, 100 hours of storage

Multiple Services

Low-Density Services

High-Density Services

Cisco Unity Express

3845 Integrated Service Router (ISR)

Supports 240 Phones


FEATU

RES

Cisco IP Phone 7905G andCisco IP Phone 7905G andCisco IP Phone 7912GCisco IP Phone 7912G

• Basic Business Phone • Pixel Display• Single Line • Four Dynamic “Soft Keys”• Cisco IP Phone 7912G has

Integrated Ethernet Switch

Cisco IP Phone 7940/41G/7960/61GCisco IP Phone 7940/41G/7960/61G• Ideal Knowledge Worker Phone• Large Pixel Display with Two Lines • Four Dynamic “Soft Keys” • Built-in Headset Port • High-quality Speaker Phone• Integrated Ethernet Switch

Cisco ATA 186/188Cisco ATA 186/188• 2 FXS Ports• 1 RJ-45 10BaseT uplink (Cisco 186 ATA)• 1 RJ-45 10/100BaseT data port

(Cisco ATA 188)

Cisco IP Phone 7911G+SWCisco IP Phone 7911G+SW •Entry Level Phone•Character Display•Single Line•Six Configurable Features•Cisco IP Phone 7910+SW has Integrated Ethernet Switch

Unified CallManager Express Phone Portfolio: IP Phones and Analog Adaptors

Cisco IP Phone 7902GCisco IP Phone 7902G• Entry-level Business Phone• Single Line • Fixed Features

Cisco IP Phone 7970/71GCisco IP Phone 7970/71G • Executive Business Phone• Color Display with Touchscreen• Large Pixel Display with Eight

Lines• Five Dynamic “Soft Keys” • High-quality Speaker Phone• Integrated Ethernet Switch

Cisco Wireless IP Cisco Wireless IP Phone 7920Phone 7920• 802.11b wireless IP phone• 6 extensions / speed dials • Standard and Extended Li-ion

Batteries

Cisco IP Conference Cisco IP Conference Station 7936Station 7936

• High-quality speaker• Hands-free Conference Phone• Three Dynamic “Soft Keys”

Cisco IP Expansion Module 7914• Attendant Console Solution• Up to 34 possible buttons• Monitor, Manage, & Cover calls

Cisco IP CommunicatorCisco IP Communicator• PC based “soft phone”• Emulates Cisco 7961


UNIFIED COMMUNICATION EXPRESS:

CallManager Express v 4.0

666


Cisco CallManager Express—What is it? Key Benefits:• Cost-effective—

Specifically designed for the SMB or branch office

• Application integration Leveraging Desktop and

CRM solutions • Network Integration Secure voice, video and

data convergence • Investment protection Solution grows with you• Breadth of Solution Deployment and

Endpoint choices• Feature velocity Continued Investment

equals continual research and design

• Configurable IP PBX or IP Key System functionality for 240 station market

• Full Featured Solution that meets the Needs of the Small Business, Branch Office, or Service Provider Managed Service solution

• Provides Robust Networking Across Sites 5 digit dial, VM Networking

• Voicemail, Integrated and Unified Messaging Options

• Integrated Video Communications• Intuitive / Easy to use GUI for day two

system administration• Centralized Management for Multi-Site

Scenarios options


Cisco CallManager Express Key Call Control Features

• Support for Either PBX or Key System Functionality• Legacy Telephony Features:

Call Transfer, Paging, Intercom, Call Coverage

Call Park, MOH, Night Bell

Hunt Groups, Basic ACD and Reporting Ad Hoc & “Meet Me” conferencing

DID / Operator Console

• Converged IP Communications Features:Video Telephony

Wireless (802.11) Integration

Soft Phone support

Desk Top Integration

SIP Support


Cisco CallManager Express Version 4.0Enhancements to Legacy Telephony Features

• ACD, AA & Hunt Group Enhancements– Dynamic registration with Huntgroups– Huntgroup logon / logoff (normal calls still allowed)– Improved waiting call notification– Enhanced B-ACD Reporting in EXCEL Format

• Conferencing Enhancements– Retain conference call when conference initiator drops

• Call Forwarding, Park, Transfer Enhancements

– Night Service Call Forwarding– Park Call Recall– Dedicated Park Slot per extension– Call Transfer blocking

• Enhanced Phone Features– Headset Auto Answer– Distinctive Ring Patterns for Internal or External Calls

• Integration with Legacy PBXSupport for QSIG protocols to communicate with TDM-

based PBX’sCallManager Express

New

IP C

all C

ontro

l


Cisco CallManager Express Version 4.0Enhancements for Converged IP Communications

• Remote Teleworker Support– IP Phone Registration across VPN connection

• Video Telephony & PC Soft TelephonySupport for Cisco VT Advantage for video telephonySupport for Cisco IP Communicator for soft phone

• SIP Trunking Enhancements Enhanced call control with SIP protocols to SIP trunk

• Survivable Remote Site Telephony featuresProvide backup call control in a branch office when part of

a centralized Cisco CallManager telephony network• New Phone Support

New 7941 and 7961 Display Phones

CallManager Express

New

IP C

all C

ontro

l


CCME 4.0 New System Features

System Features:• Remote teleworker support• Dynamic failover to secondary CME• 10,000 number bulk speed-dial• Feature Access Code (FAC) support• QSIG supplementary feature support• ATA SCCP Fax Passthrough Support• Multiple user locales per system• User defined locales• Line selectable MWI• Revert to originator or alternate number after

call park timeout• Select last-redirect or originator as redirect

number for call-forward to VM• Dedicated call-park slot per phone• Conference last-party drop• Distinctive ringing based on called number

Call Center Features:• Audio and visual display of calls

in queue• Call-forward to alternate number during night-

service• Music on hold from live feed• Customizable message display when all hunt-

group agents logged out • DID Invalid extension system prompt • Disable call-forward for local calls• Block hunting for local calls• Headset auto-answer• Hunt-group automatic agent logout• Hunt-group dynamic membership• Hunt-group logout per extension• Selective call-forward based on DNIS • Timeouts per hunt-group member• Revert to originator after hunt timeout

111111


Additional CCME 4.0 Enhancements

Phone Features:• Cisco IP Communicator support • Cisco 7911/7941/61 support• Cisco VT Advantage with video call support• Enhanced TAPI 2.0 Interface

Security Enhancements:• IP Phone authentication• Disable Auto Registration• CFwdAll, Confrn, GpickUp, Park, PickUp, and

Trnsfer feature blocking • Call transfer number length restriction • Disable directed call-pickup• Block PC port and setting button access • Restrict conference preservation to

local parties

Manageability Enhancements:• CCME MIB• CME Quick Configuration Tool 2.0• Enhanced CDR for tracking supplementary

features• External storage of configuration files and

phone firmware files• Replace mac-address without deleting ephone

configuration• Disable gatekeeper and SIP proxy registration

globally• Night-service parameter for weekdays,

weekends, or every day • Default changed to transfer-system

full-consult • Increase max ephone-templates to 20

121212


Cisco Unified CRM Connector v3.0

• Increases employee productivity, efficiencies by:– Providing immediate information on inbound

and outbound calls– Enabling fast, easy “click to dial” from CRM

database records– Providing call duration tracking, information

capture and record creation• New features include:

– Support for Microsoft CRM 3.0– Support Cisco Unified CallManager Express

4.0, Cisco Unified CallManager 5.0 and Cisco Unified Contact Center Express 4.5

– IVR / digit collection via Cisco Unified Contact Center Express

– IP Phone Service to display results of a CRM Connector lookup

Integrates Cisco Unified CallManager Express, Unified CallManager and Unified Contact Center Express With Microsoft CRM Software

Cisco CRM Connector Lead: Ted Allen

Topic: Wants 200 UnitsCompany: XYZ CorporationRating: Hot

Job Title: Purchasing Manager

Customer Service Case: CAS-0014

SmartSimpleSecure

http://images.google.com/imgres?imgurl=http://www.abacoinc.com/grphx/microsoft.gif&imgrefurl=http://www.abacoinc.com/c_microsoft.html&h=150&w=150&sz=8&tbnid=thiHwxwEdmsJ:&tbnh=90&tbnw=90&start=16&prev=/images%3Fq%3Dmicrosoft%2Blogo%26hl%3Den%26lr%3D%26ie%3DUTF-8


Supports click-to-dial feature from a Microsoft CRM contact record

Free CCO Download

Cisco CRM Communications Connector:Application Integration with Microsoft CRM

Opens contact record and creates new activity record as call arrivesCreates screen pops from click-to-dial calls and manually dialed outbound calls

Accurately tracks duration of phone call and associates with phone activity record

Captures incoming and outgoing call information, including calling number, called number, and call start and end times

Easily creates a new CRM record when new customer call arrives

• Screen pops

• Click to dial

• Call-duration tracking

• Call-information capture

•Customer-record creation



Cisco Unity Express v 2.3

151515


Cisco Unity Express—What is it? • Autoattendant and voice-mail system for the

small and medium office• Supports Cisco® CallManager or Cisco

CallManager Express deployment scenarios• Choice of Network Module or Advanced

Integration Module for complete flexibility• Supported on broad range of Cisco routers—

industry leading Cisco 2800 and 3800 series and widely deployed 2600XM and 3700 series

• 12 to 250 mailboxes, 4 to 16 ports• VPIM Networking with Cisco Unity® Express or

Cisco Unity • International language support• SNMP agent for remote monitoring, data

collection and trap management

Key Benefits:• Cost-effective—


• Application integration— Fewer devices to manage

• Intuitive user interface— Uses same menu and prompts as Cisco Unity

• Investment protection— Increase mailbox capacity via simple software upgrade

• Broad range of configurations and scale

• Feature velocity—High feature velocity to meet market and customer needs quickly


Cisco Unity Express Key Voice Mail Features

• Individual and General Delivery Voice Mailboxes Message Waiting IndicatorSave, delete, forward, reply, pause, fast forward, rewindTag messages as urgent or privateDistribution list and broadcast messagesAllocate mailbox capacity on per user basisRetrieve accidentally deleted messages from the

telephone user interfacePersonal Operator - “Zero-out” from voice mail to

alternate number definable on per user basis Undelete messages within the same sessionSpoken name confirmation for all local and many remote

recipientsOptional CLID for calls originated on local system or

PSTNMessage Notification configurable by User

• Network messaging with other Cisco Unity Express or Cisco Unity sites


Cisco Unity Express -Key Automated Attendant Features • Multiple automated attendants (up to 5)

per systemStandard dial-by-name, dial-by-extension auto-attendant is provided

• Cisco Unity Express EditorGraphical scripting tool creates customized automated attendant menu flowsSupports time-of-day, day-of-week routingUnlimited menu items and unlimited nesting

• Administration via telephonyRecord AA prompts from phone or computer Create and manage broadcast messagesRecord location names and spoken names for remote users

• Alternate or Emergency GreetingsHoliday schedules / CalendarBusiness Hours schedule Alerts for temporary emergency schedule changes (i.e. snow, earthquakes, etc.)


Cisco Unity Express Version 2.3• New Desktop Applications

– IMAP Compliant E-mail Client Application Integration– “Browse” Voice Mailbox Using Cisco IP Phone

Display – VoiceView Express– New/Urgent Message Notification To Email, Text

Based E-page, Numeric Page, Phone

• Solution Scalability– New 150, 200, 250 Voice Mailbox

• Extensible, Open– SIP Enhancements– Five New Languages: Japanese, Mexican Spanish,

French Canadian, Chinese (Mandarin) And Korean– Internetworking with Cisco CallManager 4.1, 4.2 and

5.0

• Easy To Configure, Deploy, Manage– Remote Monitoring And Management With SNMP

Voic

emai

l

Cisco Unity Express

New


Cisco Unity Express Version 2.3 (FCS 2QCY06)

Easy, Affordable Voice Mail And Automated Attendant

• Capacity Enhancement New 150, 200, 250 Mailbox NM-CUE-EC Licences

• Desktop IntegrationIMAP Compliant E-mail Client Application IntegrationVM Messages Could Also Be Attached, Forwarded To Other

E-mail Services

• Visual Voice Mail Voice View Express Allows Subscriber To “Browse” Voice

Mailbox Using Cisco IP Phone Display

• Remote Notification Subscriber Service Notifies Arrival Of New/Urgent Messages

To Email, Text Based E-page, Numeric Page, Phone

• LocalizationJapanese, Mexican Spanish, French Canadian, Chinese

(Mandarin) and Korean

• SIP Enhancements


CUE 2.3 Feature Enhancements

System and Capacity Features:• 150, 200, 250 mailbox license levels on the NM-

CUE-EC• CCM connectivity to 4.2 and 5.0• Unity 4.05 TUI prompt parity• Localization—several more languages:

ItalianBrazilian PortugueseLatin American SpanishDanishBritish (UK) English

AA Features:• Re-recording of prompts• Alternate greeting enhancement• AA Script debugging• CME Script Control on Xfer• New editor steps

SIP Features:• Mailboxes for CME and CCM SIP phones• MWI updates in SRST mode• RFC2833 DTMF support

Voice Mail Features:• Integrated Messaging (IMAP-compliant

e-mail client application support)• VoiceView Express—visual access to voice mail• Message notification—outcalling• Future message delivery• Voice mailbox mask support for CCM• Local broadcast privilege• Mandatory message expiry• Original-called-number (OCN)/Last-redirect-

number (LRD)


Cisco Unity Express Modules

• Voice message storage: 100 hours• Session/port capacity – 8 or 16 • Up to 250 mailboxes supported• Hard Drive – 20GB, 500 MHz

processor, 256MB/512MB DRAM

• Voice message storage: up to 14 hours beginning with release 2.0

• Session/port capacity 4 or 6 depending on router

• Up to 65 mailboxes supported• Industrial Grade Compact Flash –1 GB

beginning release 2.0 – 300 MHz processor, 256MB DRAM

NM-CUE or NM-CUE-EC AIM-CUE


Integrated Messaging for Improved Responsiveness, Productivity

Cisco Unity Express IMAP

TUI or Display

POP (.wav)

Desktop messages are accessible via:

IMAP enabled e-mail clients.wav attachments to e-mail (PDA, other e-mail accounts) Cisco IP Phone display using VoiceView Express


Cisco Unity Express:Integrated Messaging across different devices

Lotus Notes

Outlook

VoiceView Express

Voicemail TUI

Outlook Express

IMAP

IMAP

IMAP

SMTP

/PO

P

VoiceMail TUI or email notification

HTTP/XML

VoIP


Integrated Messaging Client View: Example


Integrated Messaging Operation• Integrated view of email and voice mail on the same

clientRetrieve, delete and change the state of voicemail messages through a standard IMAP-capable email clientIMAP enabled email clients.wav attachments to email

• IMAP4rev1 protocol – RFC3501Message store and MWI synchronizationAuthentication (client login) via SSL

• A single CUE “Inbox” folder on PC clientAll the messages (new, saved and deletedmessages) appear in the Inbox The appearance of messages are client-specific


VoiceView Express – Cisco Unity Express• Provides a visual interface into subscribers’ voice

mailbox to view and manage messages, mailbox settings and other message management tasks

• Allows access of voice messages based on their importance to the user, rather than based on their sequential chronologic order.

• Allows users to sort the saved messages based on date and time, caller or sender name/number, or priority

• Provides customization of personal voice mail box settings via phone display

Home Page

List of Voice MessagesVoice Mail SortDetailed envelope

information


Cisco Unity Express 2.3Message Notification Operation• Message Notification (Outcalling)

This is a system service that notifies a subscriber upon the arrival of new/urgent messagesSystem-wide and per user/GDM configuration options

• Notification DestinationsNumeric devices/destinations (uses a voice port): 4Text devices/destinations (uses no voice ports): 2

• Notification PreferencesConfigurable for All messages; or just for Urgent messages

Broadcast messages and DDRs do not generate notificationsConfigurable per system, per user and per destinationSubscriber can set up a schedule per device/destination for notifications

• Notification MethodAll configured and enabled destinations are notified simultaneouslyNo “chaining” or “cascading” of notifications supportedNo retries or NDRs are generated for notification failures



Design Considerations

292929


Cisco CallManager Express IOS Release Version Summary

12.4(6)TVG224, IP-IP GW12.4(4)XC1CME 4.0(1) (Laverda)12.4(4)TCME 3.4 (Piaggio + Speedbird)

IOS VersionCME Release Version

12.4(3d) or higherCME 3.3 (Aprilia on Mainline)12.3(11)T10CME 3.2 (Aprilia)12.3(8)T11CME 3.1 (Segway)

12.4(6th release)TCME 4.0(2) GA 12.4(4)XC3CME 4.0(2) Early Adopter

IOS VersionCME Release Version12.4(9)T CME 4.0 (Laverda) GA

Future

Shipping


CME 4.0(x) Features

CME 4.0(1)Early Adopter Release: 12.4.(4)XC1, Currently Available3. FXO Trunk dn transfer and line optimization for call

coverage4. Silent ring over-ride for night-service5. Automatic line selection for answering incoming

callCME 4.0(2)Early Adopter Release: 12.4.(4)XC3, FCS July 068. 7931(Goped), 7906G9. CIPC Video Support with CVTA 2.0 10.Localization for 797X/61/41/11


DSLFaxCisco ISR, Including:• CallManager Express, • Cisco Unity Express• Cisco IOS Firewall• Integrated 24 port PoE switch

GUI Management

Station

Employee PC,Cisco IP Phone

7961G and Voice Mail

Application server

Printer

Cisco IP Phone 7905 in Lobby, Break Room, or

Conference Room

Dial Backup and POS

Analog Phones

Cisco IP Phone 7970+ 7914 as the Attendant

Console Wireless LAN Access Point

Cisco IP VoWLAN 7920

Phone

CO Line 1, 2, 3, 4

Standalone SMB Deployment—Full Office Communications on a Single Platform

Table PC

Public Interne

t

PSTN


Deployment Highlights—SMB

• Single box solution for IP communications, including telephony, video, routing, switching, WLAN, and security

• Connectivity with existing CO lines and analog devices as well as with SIP trunks from service providers

• Key-system features such as shared trunk lines, monitoring of trunk status from phone display, auto attendant

• PBX features such as DID extensions, basic ACD, hunt groups, voicemail, and many more

• Remote phone support for tele-workers or for small offices where a full CME system is not justified

• Video telephony, soft phone support, enable productivity of mobile workforce• Day two GUI administration support• Investment protection for upgrade to multi-site VoIP network with converged

applications


Large Enterprise with Retail Branch

• Call routing to 400+ CME stores handled by GK

• G.729 calls forwarded to Unity converted to G.711 by DSPfarm transcoder registered to CCM

• Unity sends MWI status to MWI relay server using SCCP outdial

• MWI relay server relays MWI status to Store CMEs using SIP subscribe notify

CME Store1

HQ CCMCluster

CME Store2 CME Store3 CME Store4

Gatekeeper

MWI Relay server

Unity

XcodePSTN GW

GK

WANPSTN


Deployment Highlights:Large Enterprise with Retail Branch

• Unified Dialplan for Store-to-Store communication• Leverage existing MoH feed at branch stores• Scalable Dialplan and Call Admission Control provided by

H323 Gatekeeper• One VM box for each CME. Used by branch manager to

receive broadcast voice messaging from HQ• Shared voicemail and directory with HQ CCM and branch

CME • Synchronized MWI notification for 400+ branch IP phones

when message received from HQ


Redundancy

Redundancy


IP Phone Redundancy: HSRP

• Prior to CME 4.0, IP phones must register to HSRP address for redundancy• All inbound/outbound calls to HSRP address are process switched, increasing CPU

utilization for VoIP calls—not an issue for small sites• HSRP address cannot be registered to GK

HSRP Address10.1.1.1Primary CME

10.1.1.2

telephony-serviceip source-address 10.1.1.1 port 2000!interface FastEthernet0/0 ip address 10.1.1.2 255.255.255.0 standby ip 10.1.1.1 standby priority 200 standby preempt

Secondary CME

10.1.1.3

Call Manager 1: 10.1.1.1 ActiveIP Phone Network Configuration

telephony-serviceip source-address 10.1.1.1 port 2000!interface FastEthernet0/0 ip address 10.1.1.3 255.255.255.0 standby ip 10.1.1.1 standby priority 100


IP Phone Redundancy: Secondary CME

• Starting with CME 4.0, IP phones can home to secondary CME when keepalives to primary CME expires—same behavior as CCM

• HSRP can still be used for data redundancy

CME1: 10.1.1.1

telephony-serviceip source-address 10.1.1.1 port 2000 secondary 10.1.1.2

CME2: 10.1.1.2

Primary CME Secondary CME

Call Manager 1: 10.1.1.1 ActiveCall Manager 2: 10.1.1.2

IP Phone Network Configuration


CCME PSTN Redundancy Options

• Hybrid schemeAdvantages of consolidating circuits in a PRI/T1-CAS with backup FXOs for 911 in case of T1 failure

• PRI/T1-CAS atoreOne PRI/T1-CAS per CMEEach PRI/T1-CAS uses a diverse route with a diverse carrier

• FXO-Only storeAll FXOs can be physically split between both routers in case of loss of CMEMust set “ringer option 1” on CME-Primary voice-portsMust set “ringer option 3” on CME-Secondary voice-ports

100-240 V ~ 3A50/60H z

DO N OT REMOVE DU RING NETWORK OPERATION

CF

Cisco 3800 Series

SYS ACT PWRSYS

RPS PW R AIM0 AIM1 PVDM0 PVDM 1 PVDM2 PVDM3AUX

CME-Primary

100-240 V ~ 3A50/60H z

DO NOT REM OVE DURING NETW ORK OPERAT ION

CF

Cisco 3800 Series

SYS A CT PWRSYS

RPS PWR A IM0 AIM1 PVDM 0 PVDM1 PVDM 2 PVDM3AUX

CME-Secondary

PSTN

Physically Split FXOs

PRI orT1-CAS

FXO-2

FXO-1

Hybrid Scheme


Combining IP Phone and PSTN Redundancy

• Ephone-dns are always present, even when IP phones are not registered• If PSTN to primary is down, but IP phones are still registered to primary, incoming

calls routed to secondary CME are routed to ephone-dn without an associated IP phone—call will receive busy tone

• To prevent this, ephone-dn on secondary CME needs to be set at lower preference than VoIP dial-peer that routes call to primary CME

• Advanced config—not common

Primary CME (10.1.1.1)

Registration

Secondary CME ephone-dn 1

number 1000preference 10!dial-peer voice 1 voipdestination-pattern 1000session target ipv4:10.1.1.1preference 1

ephone-dn 1number 1000

PSTN


Redundant CME with GK

• Ephone-dn from both primary and secondary CME register to GK simultaneously, with no preference associated

• Preference must be set statically at GK for each CME site to route calls to primary CME first, secondary CME second

81…

interface Loopback0 ip address 192.168.100.1 255.255.255.0 h323-gateway voip interface h323-gateway voip id siteA ipaddr 10.10.10.1 1719 h323-gateway voip h323-id CME1 h323-gateway voip tech-prefix 1# h323-gateway voip bind srcaddr 192.168.100.1

CME1192.168.100.1


CME2192.168.100.2

gatekeeper zone local NYC cisco.com 10.10.10.1 zone prefix NYC 81... gw-priority 10 CME1 zone prefix NYC 81... gw-priority 9 CME2 gw-type-prefix 1#* default-technology

Gatekeeper

10.10.10.1

WAN GK


Call Admission Control (CAC)



IP WAN

CCME

Call Admission ControlWhy Is It Needed?

PSTN

Circuit-Switched Networks

Packet-Switched Networks

PBX

PhysicalTrunks

STOP

IP WAN Link Provisionedfor Two VoIP Calls (Equivalent

to Two “Virtual” Trunks)

3rd CallRejected

No Physical Limitation on IP Links

If 3rd Call Accepted,Voice Quality of All

Calls Degrades

Call Adm. Control Limits # of VoIP Calls on Each WAN Link

IP WANLink


Call Admission ControlDistributed Deployments: Gatekeeper

• In purely distributed CME deployments, Gatekeeper provides CAC for both hub-and-spoke and full-mesh topologies

• Define Gatekeeper zones for each CME sitecluster to limit bandwidth in and out of each site

• Up to 500 zones per GK

SJC

RTP NYC

Gatekeeper

gatekeeper zone local RTP cisco.com zone local SJC cisco.com zone local NYC cisco.com bandwidth interzone zone NYC 256 bandwidth interzone zone RTP 256 bandwidth interzone zone SJC 256

GK

IP WAN


Call Admission ControlDial-Peer Max-Conn

• Maximum number of calls can be set using max-conn on dial-peer

• Both inbound and outbound calls count towards maximum limit

• Calls routed through other dial-peers on system do not count towards limit

• All outbound and inbound calls must be routed through single dial-peer to be effective

dial-peermax-conn 2

WAN

STOP

3rd CallRejected


WAN

Call Admission ControlCall Threshold

• Maximum number of calls can be set per interface using call threshold


• Calls routed across multiple dial-peers count towards maximum limit

• Must be set on physical interfaces Does not work across IPsec or virtual interfaces

dial-peer 1

dial-peer 2

call threshold interface GigabitEthernet0/0 int-calls low 3 high 3

GE0/0

STOP

3rd CallRejected


Call Admission ControlRSVP

• RSVP agent on CME and voice gateways in call path reserve bandwidth for set number of calls

• Effective for networks were all the voice gateways used for call routing support RSVP

Site ASite A Site B

RSVP

WAN


CME 4.0: CME-SRST Fallback


CME-SRST Fallback Overview

• CCM phones fallback to CME during WAN outage• SRST Features such as call preservation, auto

provisioning and failover are supported• CME Features are available during failover: Call

park, Hunt-group, MWI, Overlay-DN, SCCP Unity, Softkey Templates

• FL-SRST and FL-CCME licenses are interchangeable, only config on router needs to be modified to switch between CME and SRST


When to use SRST

• Site has 240+ phones. SRST can support max 720 phones

• Simple, one-time configuration required for basic functionality. CME adds more features but requires additional configuration

• SRTP media encryption is required • SIP Phone Failover is required• VG248 support is required


CME-SRST Fallback Options

(config-telephony)#srst mode auto-provision ?all SRST mode ON (include both learned DNs and phones into running config)dn SRST mode ON (include only learned DNs

into running config)none SRST mode ON (include NONE of the

learned DNs/ephones into running config)• In general, you will want to use srst mode auto-

provision none to always use dynamic provisioning


CME-SRST Fallback Steps (1)

1) WAN connectivity to CCM is lost2) IP phones re-register to CME ip address specified in

SRST Reference3) CME will read IP phone mac-address, DN and speed-dial

settings from IP phone flash4) If the DN number of CCM phone matches the number set

on a preconfigured ephone-dn, the IP phone will assign the preconfigured ephone-dn to itself

1000

ephone-dn 1 number 1000

2000




1) If the DN number of CCM phone does not match the number set on a preconfigured ephone-dn, CME will create an ephone-dn that matches the IP phone’s extension, with the SRST ephone-dn-template applied

2) The IP phone will register with the auto-provisioned ephone-dn with SRST ephone-template applied

3) If auto-provision none is configured, none of the auto-provisioned ephone or ephone-dn configs are written to running-configIf the IP phone is replaced and MAC address changes, no configuration change is required on CME


Provisioning CME-SRST Fallback

1) Configure and register IP phones to CCM2) Configure CME address as SRST Reference on CCM3) Enable SRST mode on CME with auto-provision none4) Define SRST ephone-template for shared softkey ordering,

speed-dial, fastdials and transfer-blocking5) Define SRST ephone-dn-template for call-forward, pickup-groups6) Configure Per-phone ephone-dns, these DNs should match the

numbering plans configured on your CCM phones7) Configure ephone-hunt. You must have ephone-dns configured

before setting up ephone-hunt8) Configure system ephone-dns: Call park, MWI, etc.9) Save config• Once you are done with these steps, you do not have to

modify CME settings unless your CCM dialplan changes


CME 4.0 Platform Density

288962851

120242801

7202403845

5001683825

Max. DN

500

500

288144144

120

Max. SCCP + SIP phone

192

144

724836

24

3745

Platform

3725

26912821, 265xXM

2811, 2600XM, 262xXM

1751, 1760


SRST 4.0 Platform Density

800480CMM

384962851

120242801

96072038459603363825

Max. DN

960

576

288

192

144

120Max phones

480

144

72

48

36

24

3745

Platform

3725

2691

2821, 265xXM

2811, 261xXM, 262xXM

1751, 1760


CME 4.0: Remote Teleworker


Remote Teleworker Requirements• Minimum bandwidth of

one T1 (1.536 Mbps) or E1 (2.048Mbps) of bandwidth at HQ CME site

• Minimum 128 Kbps upload bandwidth for each remote phone. Business class broadband recommended

• Maximum number of remote phones constrained by WAN bandwidth

• CUE, PSTN must be hosted on hub CME

• No SRST Support

IPsec Tunnels

87X

87X

87X

87X

Internet

PSTN

Data

Voice

LAN

CME


Remote Teleworker : Background

• Prior to CME 4.0, there were issues with one-way audio for calls made to hub VM or PSTN by remote phones over direct IPsec tunnel.

• The workaround was using “loopback” interfaces and GRE tunnels.

• CME 4.0 solves this problem by sending the RTP (UDP) packets through the IOS IP switching engine, instead of encapsulating it and queuing it to the egress interface itself.

• The changes introduced by this feature makes CME behave the same way as Cisco VoIP (H.323 or SIP) gateway, in the sourcing of RTP packets for remote phones.


Remote phones, no MTPCharacteristics• Media flow-around for spoke to spoke calls PSTN, VM access requires media flow-through to CME• All IP phones require routable address• UDP/TCP ports must be open between remote and LAN IP phones

Media(RTP)

Signaling (SCCP)87X

87XWAN

CMEephone 1

ephone 2VM

PSTN


Remote phones with MTPCharacteristics• All non-LAN calls flow-through CME source address• Only CME source address needs to be routable • Remote phones can use NATed addresses• UDP/TCP ports must be open between remote IP phones and CME source address

VM

Media(RTP)

Signaling (SCCP)

ephone 1 mtp

ephone 2 mtp

CME source address on routable nework

fixup protocol skinny configured on PIXfor private address on remote LAN

87X

87XWAN

CME

PSTN


Remote phone G.729

• With g.729 dspfarm-assist configured, DSPfarm will be used to transcode G.729 to G.711 for call-forward/transfer to CUE and 3-party conferencing

• If no DSP transcoding resources available, remote phones will use G.711

• ATA, VG224 do not support dspfarm-assist, will always use G.711 for CUE and 3-party conferencing

• Enter total number of remote phones in DSP calculator > Advanced Options > “G.711 to G.729a/ GSM-FR” field to calculate DSP resources required for transcoding:

http://www.cisco.com/cgi-bin/Support/DSP/cisco_prodsel.pl



Recommended Design for Remote phones over IPsec•IPsec tunnel between CME and 87X/PIX (Recommended for QoS, VPN acceleration)

• IPSec pass-through through 3rd party router with Cisco VPN concentrator at head-end and Cisco VPN Client + CIPC at Remote site

87X/PIXWAN

Linksys router

CME/VPN server Cisco VPN client w/IPC

IPsec tunnel


CME Security Considerations


CME/Cisco IOS Firewall with H.323

• CBAC inspects H.323 connections initiated from CME/firewall• ACL on CME/firewall allows H.323 call control traffic on TCP

port 1720• Inspection of CME/Firewall initiated traffic enables dynamic opening of

pinholes on the interface ACL to allow return traffic for dynamically negotiated call control and RTP ports

SCCP phone

Private

Public

SIP phone

Private

NYC SJC

H.323 Trunk

SCCP Port Access Restricted to LAN IP Address Space

ACL Allows Inbound/Outbound H.323

Packets on CME Source IP Address, TCP Port 1720

SIP Port Access Restricted to LAN IP Address Space


CME/Cisco IOS Firewall with SIP

• CBAC on external firewall inspects CME initiated SIP connections• ACL on firewall allows SIP call control traffic on TCP port 5060• External firewall inspects CME initiated traffic, dynamically opening pinholes on

the firewall ACL to allow return traffic for dynamically negotiated call control and RTP ports

• Inspection of SIP and SCCP for co-resident CME and firewall will be supported in Q1 CY’07

SCCP phone

Private

PublicSIP phone

Private

NYC SJCFW FW

Public Address Translated by Firewall to Private CME

Source Address


Source Address

ACL Allows Inbound/Outbound SIP

Packets on TCP Port 5060

SIP Trunk


SJCNYCH.323/SIP Trunk

CME Site-to-Site VPN

• All SIP/H.323 call control and RTP media can be encrypted over IPsec tunnel established between CME/VPN routers

• CME 3.X and below requires GRE. CME 4.0 and above does not require GRE, supports dynamic, static crypto, EZ-VPN, DMVPN.

• Recommended design for remote SCCP phones

SCCP phone

Private

Public

SIP phone

Private

CME Source Address Uses Loopback Routable Over

IPsec Tunnel

CME Source Address Uses Loopback Routable

over IPsec TunnelIPsec Tunnel Established Between

Public Address on CME/VPN Server

IPsec tunnel


CME Security Toolbox

• COR (Class of Restriction)

• After-hours call blocking

• Forced authorization code

• Direct inward dial

Toll Restriction• Transfer-pattern

• Transfer max-length

• Softkey template

• Call-forward max-length

• Disable call-forward local

• Disable directed pickup

Features Restriction

• TACACS/radius authentication

• SSH/HTTPS secure access

Administrative Restriction• Customized GUI access

• Disable auto-registration


Toll Restriction: After-Hours block

• After-hours block globally defines specific blocks patterns that cannot be dialed during non-business hours

• Maximum of 32 block patterns can be defined per system• Block pattern with 7–24 always blocked for all phones• When stop time is earlier than start time, the stop time is in the next day of the week; i.e.

Sat 13:00 9:00 sets non-business hours from Saturday, 13:00 to Sunday, 9:00AM

telephony-serviceafter-hours block pattern 1 91after-hours block pattern 2 91900 7-24after-hours day sun 9:00 8:00after-hours day mon 19:00 8:00after-hours day tue 19:00 8:00after-hours day wed 19:00 8:00after-hours day thu 19:00 8:00after-hours day fri 19:00 10:00after-hours day sat 13:00 9:00

Numbers Starting with 91 Blocked During Non-Business Hours

Numbers Starting with 91900 Always Blocked, 24–7

Business Hours Set to 8:00–19:00 Monday–Friday, 10–13:00 Saturday, Closed Sunday


Toll Restriction: After-Hours Exemption

• After-hour exempt will exempt IP phone from all after-hours blocking • After-hours PIN over-ride will suspend after-hours block when user enters four to eightdigit PIN;

block pattern with 7–24 suffix will still be enforced even after PIN entry• After-hours suspension in effect until login timeout expires• PIN is defined per IP phone

telephony-service after-hours block pattern 1 91 after-hours block pattern 2 91900 7-24 login timeout 10 ! ephone 1 ! ephone 2 after-hour exempt ! ephone 3 pin 1234

Numbers Starting with 91 or 91900 Blocked

ephone 1

STOP

ephone 2

No Numbers Blocked

ephone 3

After PIN Entry: Only Numbers Starting with 91900 are

BlockedSTOP


Toll Restriction: Class of Restriction (COR)

• COR denies or allow calls based on group membership. These groups are called COR lists• An ephone-dn or dial-peer can become a member of a single COR list• Ephone-dn and dial-peer that are not members of COR lists are exempt from COR rules

Dial-peer cor custom name 911 name 408!Dial-peer cor list call911 Member 911!Dial-peer cor list call408 Member 408!Dial-peer cor list Lobby Member 911!Dial-peer cor list Office Member 408 Member 911

Define Outbound COR Lists and Add COR Members

Define Inbound COR Lists and Add COR Members

Define COR Names, Maximum 64 Allowed


Toll Restriction:Class of Restriction Logic (1)

Incoming COR List

Outgoing COR List

Outgoing Dial-peer

PSTN/VOIP

Call Allowed: Member 911 Matches for Incoming and Outgoing COR List

Call Blocked: No Member Match for Incoming and Outgoing COR

ListSTOP

Call Allowed: Member 911 and 408 Match for Incoming and Outgoing COR List

IncomingEphone-dn

ephone-dn 1ephone-dn 1 number 1111number 1111 cor incoming Lobbycor incoming Lobby

dial-peer cor list Lobbydial-peer cor list Lobbymember 911member 911

Dial-peer cor list call911Dial-peer cor list call911 member 911member 911

dial-peer 1 voice potsdial-peer 1 voice pots corlist outgoing call911corlist outgoing call911 destination-pattern 9911destination-pattern 9911 port 1/0/0port 1/0/0

dial-peer 2 voice potsdial-peer 2 voice pots corlist outgoing call408corlist outgoing call408 destination-pattern 408…….destination-pattern 408……. port 1/0/0port 1/0/0


dial-peer cor list Officedial-peer cor list Officemember 911member 911member 408member 408

ephone-dn 2ephone-dn 2 number 2222number 2222 cor incoming Officecor incoming Office


Toll Restriction: Class of Restriction Logic (2)

Incoming COR List

IncomingEphone-dn Outgoing

COR ListOutgoing Dial-peer

Call Allowed: Dial-peers with No COR List Applied Accepts all Calls

Call Allowed: Ephone-dn with No COR List Applied Can Make Calls to any dial-peer

Call Blocked: No Member Match for Incoming and

Outgoing COR List

STOP

PSTN/VOIP

NO COR LISTNO COR LIST


dial-peer voice 4 potsdial-peer voice 4 pots destination-pattern 408…….destination-pattern 408……. port 1/0/0port 1/0/0



ephone-dn 3ephone-dn 3number 3333number 3333


dial-peer voice 3 potsdial-peer voice 3 pots corlist outgoing call845corlist outgoing call845 destination-pattern 845…….destination-pattern 845……. port 1/0/0port 1/0/0


Toll Restriction: COR vs. After-Block

COR After-Hours Block

Pros• Multiple COR groups can be defined

• Can be applied to non-sccp devices such as analog phones fax machines and CUE

Cons• Settings must be applied per DN

• Provisioning on CLI only

• No time-of-day or PIN override

Pros• Provisioning is simple, settings applied per

phone

• Can be provisioned on GUI

• Rules can be selectively enforced according to time-of-day or PIN override

Cons• All phones must follow single global set of

rules

• Supported on SCCP and SIP phones only


Securing CUE: Message Notification

• System-wide settings to determine valid numeric destinations• Checked when numeric destination

is enteredAlready configured numbers are not checkedwhen the rules are altered

• Min/Max digits allowed: 1–30• Up to ten rules or call patterns

Rules can contain wildcards* matches zero or more digits. matches one digit (single digit placeholder)

Each rule: allowed or deniedRules are searched sequentially until a matchis found, then exit

• Default: all numbers allowed

*Call Pattern

YesAllowed

Yes*No91……..

9011*Call Pattern

NoAllowed

Yes*No91408…….Yes91408555121

2

9011*Call Pattern

NoAllowed


Call Forward Restriction: Call-Forward Max-Length

• Call-forward max-length restricts maximum number of digits that can be entered for call forward destination with CfwdAll softkey on a per DN basis

• Max-length for ephone-dn assigned to button 1 will be enforced when pressing CfwdAll softkey while onhook or by lifting handset

• Max-length for ephone-dn assigned to other buttons only enforced when specific button is selected; if button 2 is selected and CwdFall softkey is pressed, max-length for ephone-dn assigned to button 2 is enforced

• Call forward max-length is not enforced for destinations entered in GUI or CLI

Button 1: Forward to 1002 Allowed

Button 1: Forward to 5551212 Blocked


STOP

Button 2: Forward to 19103335555 Blocked STOP

ephone-dn 1 number 1000 call-forward max-length 4!ephone-dn 2 number 1001 call-forward max-length 7!ephone 1 button 1:1 2:2


Call Forward Restriction: No Forward Local-Calls

• No forward local-calls introduced in CME 4.0, will block call-forwarding of incoming calls from local CME IP phones

• Set on a per ephone-dn basis• All other incoming calls will

obey ephone-dn call-forward settings

Call Forward Not Enforced

PSTN

1000

Call Forwarded to 2000

ephone-dn 1number 1000call-forward busy 2000 call-forward noan 2000 timeout 10no forward local-calls!ephone 1 button 1:1


Call Transfer Restriction: Transfer-Pattern

• Call transfer to POTS or VoIP destination that does not match the transfer-pattern is blocked; this includes “local” destinations such as CUE and B-ACD

• One transfer-pattern is allowed per system and is enforced on all phones• By default, no transfer-pattern is set, so all call transfers to POTS or VoIP destinations are

blocked• transfer-pattern still allows transfers to ephone-dn and ephone-hunt numbers defined on local

CME• Transfer-pattern .T will allow call transfers to any destination

Transfer to 4085551212 allowed

Transfer to 9102223333 blocked


PSTNSTOP

12345

telephony-servicetransfer-pattern 408555….


Call Transfer Restriction: Transfer-Pattern Blocked

• transfer-pattern blocked introduced in CME 4.0 over-rides transfer-pattern and disables call transfer to POTS or VoIP destination

• transfer-pattern blocked still allows transfers to ephone-dn and ephone-hunt numbers defined on local CME

• Can be applied on ephone or ephone-template

Ephone 1: Transfer to 5551212 allowed

Ephone 2: Transfer to 5551212 blocked


PSTNSTOP

12345

telephony-servicetransfer-pattern .T!ephone-template 1transfer-pattern blocked!ephone 1!ephone 2ephone-template1


Call Transfer Restriction: Transfer-Pattern Max-Length

• transfer-pattern max-length introduced in CME 4.0 overrides transfer-pattern and enforces maximum digits you are allowed to enter for transfer destination on a per phone basis

• Can only be applied on ephone-template• Max-length not enforced for ephone-dn or ephone-hunt numbers on

local CME


PSTNSTOP


12345


telephony-servicetransfer-pattern .T!ephone-template 1transfer-pattern max-length 4!ephone 1ephone-template1


ephone-template 1 softkeys idle Redial Dnd Pickup Login Gpickup softkeys seized Pickup Redial Endcall Gpickup!ephone 1ephone-template 1

Features Restriction:Softkey Templates

• Ephone-template can be used to disable access to features by removing softkeys

• Supported on all phones with LCD display

• Template can include softkey settings for: alerting, connected, idle and seized states

• CME 3.x supports max 5 templates, CME 4.0 supports max 20 templates per system

Idle

Seized

Prevent Call Forward by Removing CFwdAll Softkey

from IP Phone User Interface


Features Restriction:Feature Access Code (FAC) Blocking

• CME 4.0 adds feature access codes (FAC), which allow endpoints such as VG224 to enter * or # codes to invoke features

• Set features blocked under ephone-template to block specific phones from being able to use FAC

telephony-service fac custom callfwd all *3!ephone-template 1 features blocked CFwdAll!ephone 1 button 1:1!ephone 2 ephone-template 1 button 1:2

CME VG224

ephone 2

ephone 1Enter Dial *3 + Fwd

Destination to Set Call Forward All

Dial *3 Does Nothing


Features Restriction:Disable Directed Pickup

• Directed call pickup allows any call on local CME to be picked up by pressing pickup softkey followed by ringing extension

• no service directed-pickup, introduced in CME 4.0 disables directed call pickup globally; group call-pickup is not blocked.

• Pressing pickup softkey executes local group pickup; emulates CCM behavior

telephony-serviceno service directed-pickup !ephone-dn 1number 123pickup-group 1!ephone-dn 2number 130!ephone-dn 1number 124pickup-group 1

123

130

124

Pickup softkey + 123 blocked

Pickup softkey does local group pickup

Ringing

STOP


Toll Restriction: Inbound Call Best Practices

• By default, incoming calls to a CME voice port presents incoming caller with secondary dial-tone; this allows the incoming caller to dial any number defined on CME, including long distance and international numbers; very dangerous

• PLAR to an AA or attendant phone if your telco does not present DID• Enable direct-inward-dial and translate to match internal dial-plan if telco presents DID

Default: Incoming Call Receives Secondary Dialtone

Attendant

CUE AAPLAR or DID Enabled: Call is Routed to Internal party

International CallsIncoming Caller can Reach Any Number

Defined on CME


“You Have Reached an Invalid Extension.

This Call Will Be Disconnected”

Toll Restriction:DID Translation Script

• TCL Script adds a prefix from 1–99 to any incoming DID

• If prefix + DID matches CME numbering plan, call is routed to new destination; if there is no match, script plays invalid number prompt and disconnects call

Incoming DID Call to 30

Script Appends Prefix 1 to DID

Match

No Match

DID Script

TCL130

STOP


Securing CUE: AA PSTN Access

• CUE system AA script contains a variable to allow/deny PSTN access from the AA

• Recommendation: Build a similar capability in any custom AA scripts used on CUE

If PSTN access from the AA is required, limit the numbers (or range of numbers) that are considered valid by the script

Allow/Deny PSTN Transfers Out of the AA


Disable Auto-Registration

• With CME 4.0, no auto-reg-ephone will reject registration attempts by IP phones with MAC address that are not provisioned in CME

• show ephone attempted-registrations will show MAC address, phone type and datestamp for failed registration attempts

• Disabling auto registration will disable GUI ephone provisioning and CME SRST Fallback

• With CME 3.x and below, provision ephones before configuring ip source address to workaround auto-registration behavior

STOP telephony-service ip source address 10.1.1.1 no auto-reg-ephone!ephone 1 mac-address AAAA.BBBB.CCCC button 1:1

AAAA.BBBB.CCCC

BBBB.AAAA.DDDD

REJECT:mac-address Not Provisioned in CME


Secure CME

1. IP phone downloads CTL file generated by CTL client; after CTL files is validated, IP phone downloads signed config, locale and firmware files

2. IP phone initiates TLS session on port 3804 to CAPF server specified in config file

3. IP phone user enters password to authenticate to CAPF; after password is validated, CAPF enrolls certificate request to CA and provides certificate to IP phone

4. IP phone stores certificate and establishes TLS session on port 2443 to register to CME

fCME CAPF

CTL Client

Certificate Authority

IP Phone

SSL/TLS

TFTP

Cisco IOS PKI

TLSTLS

1.TFTP

2.

3.

4.

Cisco IOS


AAA Model for CCME

• If AAA for administration of Cisco IOS-based equipment is already in use, it should be leveraged for CCME

Use CiscoSecure ACS and TACACS+ or some other off-box mechanism

• AuthenticationFollow corporate standards

• AuthorizationCCME administrators only should be allowed access to options under global config such as dial-peers, ephones, ephone-dns, telephony-service, etc.

Show commands and other exec level instructions can be restricted as desired

• Accounting Command level accounting should be enabled as appropriate to at least monitor config changes within CCME


HTTPS and SSH Secure Access

• SSH encrypts user logon data when accessing CME CLI• HTTPS encrypts user logon data when accessing

CME GUI• SSH included in all Cisco IOS images in 12.4• HTTPS require K9 image to provision• HTTPS and HTTP can run concurrently• IP phones do not support HTTPS; if HTTP is disabled on CME, the

following phone features may cease to function:

Local directoryXML speed dialCUE GUI


TACACS/Radius Authentication forCME GUI/CLI

• CME GUI and CLI administrative access can be authenticated to external TACACS/Radius server

• CLI access can be limited to specific commands based on privilege level, level 15 gives you full access

• Only CME GUI admin can be authenticated by TACACS/Radius. End user GUI accounts must be local

• Not supported in CUE GUI

TACACS/RADIUS server

Authenticate username/password

telnet/SSH

HTTP/HTTPS


CME 4.0: Video


CME Video Call Flows

PSTN

ACCM

VideoVideoVoiceVoice

• Supported Video Call Flows: CME SCCP CME Local SCCPCME SCCP CME Remote SCCPCME SCCP H.323 VideoCME SCCP H.323 CCM SCCP Video

IPH.323

H.323

CVTA

H323 Video EP

CVTA


2 PC initiates CAST messages to phone over TCP/IP. CAST packets are routed up to layer-3 boundary between VLANs. Firewalls and/or ACLs must permit TCP port 4224

3 Phone acts as SCCP proxy between VT Advantage and CCME. CCME tells phone to open video channels per call. Phone proxies those messages to PC via CAST protocol

4 Phone sends/receives audio. PC sends/receives video on RTP port 5445. Audio and video marked DSCP AF41. Switch port must be set to trust DSCP (or use an ACL) instead of trust COS or else VT Advantage packets will be rewritten to DSCP 0

SCCP EndpointsHow VT Advantage Works

PC VLAN = 10 Phone VLAN = 110

IP

VT Advantage 171.70.10.100

IP Phone: 10.70.110.100802.1Q/p

1 Phone and PC exchange CDP. Phone begins listening for CAST messages on TCP port 4224 from IP address of CDP neighbor

CDP

““CAST: : Open video channel”

“CAST: I want to associate with you”

“SCCP: Open video channel”

Video packets

Audio packets

IP S iS i

CCME


CME VTA Support

• Supported on 7960/40, 7941/61, 7970/71 firmware version 7.x and above. 7985 NOT supported

• Video-Capabilities enabled per phone in CME 4.0 CLI

• VT Advantage automatically “associates” with IP Phone. All dialing and supplementary services done through phone

• CDP installed on PC Ethernet NIC. Must be physically connected to PC port on back of IP Phone (e.g. no wireless, no associating from a different network jack)

• Cisco USB Camera required (e.g. No 3rd-party cameras)

• Codecs supported:H.263, H.261, G.729, and G.711

telephony-service video maximum bit-rate 384 service phone videoCapability 1!ephone 1 video Case-Sensitive!


SRST Video Support

CVTA Supported with SRST 4.0, 12.4(4)XC

call-manager-fallbackvideomaximum bit-rate 384max-conferences 16 gain -6transfer-system full-consultip source-address 20.1.1.1 port 2000max-ephones 52max-dn 110


CME Video Fall Back to Audio Scenarios

• Call between Video-capable EP and Audio-only EP• Video-capable EPs have mismatch Video codec or

formats• System Video Minimum Video Bit-rate not met (e.g.

max-bit-rate < 64 kbps)• Call transfer or forward to Audio-only EPs• Initiate Conference between 3 video-capable EPs

- RTP stream are mixed by CME, fall back to Audio


CME Video over H323

• H323 Slow Start only • H.450 Call Transfer and Forward only• H.323 to H.323 Hairpin not supported• All RTP streams (audio + video) flow-through

CMEs, not like skinny skinny flow-around


CME/SRST IP Phone Decoder Ring

No

No

H.323

SCCP

SCCP

SCCP

SCCP

SCCP/SIP

SCCP/SIP (7911 not tested)

SCCP/SIP

SCCP/SIP

SRST

3.4 – 12.4(6)T

Golden Brdg

SRST Voice OnlyNoNoNo7985

SCCPNoNoCIPC 2.0 OnlyCIPC 2.0 & VTA 1.0

SCCP/H.323H.323H.323H.323ATA Fax

SCCP/SIPSCCPSCCP/SIPSCCPATA Voice

SCCP*SCCPSCCPSCCP7914

SCCPSCCPSCCPSCCP7936


SCCP/SIPSCCP/SIPSCCP/SIPSCCP7905/12

SCCP (SIP SRST Only)

SIP SRST OnlyNoSCCP(SRST only)

7941/61/11


SCCPSCCPSCCPSCCP7970/7971

CME/SRST

4.0 – 12.4(4)XC

SRST

3.4 – 12.4(4)T

CME

3.4 – 12.4(4)T

CME/SRST

3.3 (12.4)

* 7961/70/71 support for 7914 added with CME 4.0


7941/61/11 Support

• Supported firmware files will be posted on CME 4.0 Spec sheet below:

http://www.cisco.com/en/US/products/sw/voicesw/ps4625/products_documentation_roadmap09186a0080189132.html

Beware of available flash!• 7941/61:5 files, 5MB• 7911:7 files, 5.5MB • 7970/71:5 files, 5MB • SDM: 7MB• CME(B-ACD/GUI/MoH):

2.5MB• IOS: 25 - 35MB

tftp-server flash:TERM41.DEFAULT.loads tftp-server flash:TERM61.DEFAULT.loads tftp-server flash:TERM41.x-x-x-xS.loads tftp-server flash:CVM41.x-x-x-xx.sbn tftp-server flash:Jar41.x-x-x-xx.sbn tftp-server flash:cnu41.x-x-x-xx.sbn ! tftp-server flash:TERM11.DEFAULT.loads tftp-server flash:SCCP11.x-x-x-xS.loads tftp-server flash:cnu11.x-x-x-xx.sbn tftp-server flash:dsp11.x-x-x-xx.sbn tftp-server flash:apps11.x-x-x-xxdev.sbn tftp-server flash:jar11.x-x-x-xx.sbn tftp-server flash:cvm11.x-x-x-xx.sbn !telephony-service load 7941GE TERM41.x-x-x-xS load 7941 TERM41.x-x-x-xS load 7961GE TERM41.x-x-x-xS load 7961 TERM41.x-x-x-xS load 7911 SCCP11.x-x-x-xS



Quick Config Tool (QCT) v. 2.0Simplified CME Configuration

• QCT configures CME system in under 30 minutes without using IOS CLI.

• QCT v. 2.0 includes new features:

– BAT file input of users & extensions from MS Excel format.

– Configuration of separate VLANS for voice and data traffic

– Automated reset of CME & CUE to configurable factory default status

– Advanced T1 / E1 configuration parameters, including PSTN switch type.

• QCT v.1.0 has been downloaded almost 10,000 times since release in July, 2005


Quick Config Tool (QCT)Improvements in Installation of CME and CUE— Saves You Time—Makes You Money!

“We were very happy to find the QCT application. We had a CME/CUE installation to be performed by a less-skilled engineer, which quite frankly made us a little nervous. We were very happy with the outcome; the engineer finished the job in a day, doubling the profit. We will definitely use this tool on future CME/CUE installs.”

--Cisco Partner, Computer Software Innovations (CSI)

00.5

11.5

22.5

33.5

44.5

5

InstallTime

(hours)

TACCalls

IOS CLIQCT

“We were impressed that QCT can build a PBX system with only two screens of data, while other products involve from 2 to 10 times as many setup screens to configure a new IP PBX system. This setup is faster and requires less telephony or data network expertise than virtually any other system in the SMB class that Miercom has previously tested.”

“We built the PBX configuration for our six phone system using QCT in about 20 minutes.”

“The QCT generated a configuration that would otherwise require over 300 command line entries.”


Other Q and A


Where to Find More Information

104

• IPC productswww.cisco.com/go/ccmecue (Cisco® CallManager Express and Cisco Unity® Express information)www.cisco.com/go/isr (integrated services platforms) www.cisco.com/en/US/products/hw/phones/index.html (Cisco IP Phones) www.cisco.com/en/US/products/hw/switches/ps646/index.html (switches)

• IPC service and support solutionswww.cisco.com/en/US/products/svcs/ps2961/ps2664/serv_group_home.html www.cisco.com/en/US/products/svcs/ps11/ps2445/ps3040/serv_home.html

• IPC technology and services specializationswww.cisco.com/go/specialization

• Financingwww.cisco.com/go/ciscocapital

http://www.cisco.com/go/ccmecue

http://www.cisco.com/go/isr

http://www.cisco.com/en/US/products/hw/phones/index.html

http://www.cisco.com/en/US/products/hw/switches/ps646/index.html

http://www.cisco.com/en/US/products/svcs/ps2961/ps2664/serv_group_home.html

http://www.cisco.com/en/US/products/svcs/ps11/ps2445/ps3040/serv_home.html

http://www.cisco.com/go/specialization

http://www.cisco.com/go/ciscocapital




Resources

• General Cisco ISR Information:www.cisco.com/go/isr

• Miercom and Current Analysis Reports:www.cisco.com/go/isr

• Cisco Unified Communications Datasheet:http://www.cisco.com/en/US/products/ps5855/products_data_sheet0900aecd80169812.html

• CallManager Express: www.cisco.com/go/ccme

• Cisco Unity Express: www.cisco.com/go/cue

• Voice Gateways: http://www.cisco.com/en/US/products/ps5855/products_data_sheet09186a0080182d38.html



http://www.cisco.com/en/US/products/ps5855/products_data_sheet0900aecd80169812.html

http://www.cisco.com/go/ccme

http://www.cisco.com/en/US/products/ps5855/products_data_sheet09186a0080182d38.html


© 2005, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr


Cisco Call Manager ExpressFeatures and Design

Greg LandersUnified Communnications System EngineerCisco [email protected]

Colorado Springs Cisco Users Group


2

2© 2005 Cisco Sy stems, Inc. All rights reserv ed.Session NumberPresentation_ID Cisco Confidential

AGENDA• Open Format – Casual• What is Unified Call Manager Express• What is Unity Express• Design Considerations

RedundancyCall Adminission Control

• UCME as SRST for Unified Call Manager• Security considerations on UCME• Remote Teleworker


3


Cisco Unified Communications Portfolio

Number of Users per System0 25 500 2500+100 200

Hybrid / PBX

KSU

Small PBX

Centrex

Prod

uctiv

ity B

enef

itsVo

ice

Feat

ure

Focu

s

Cisco CallManager Express - Robust IP Telephony, and much more – Office Communications for the Small Office

Cisco Unified CallManager

High End PBXCisco Unified CallManager

Express


4


Cisco CallManager Express / Unity Express Router Portfolio

2811261xXM262xXM

• Extended modular connectivity (EVM, NM, AIM, WIC/VIC)

• Modularity with performance optimized for “all-in-one” solution (HSDM, NM, EVM, AIM, WIC/VIC)

Con

curr

ent S

ervi

ces

and

Perf

orm

ance

Small Office Enterprise Branch OfficeSmall Branch

• Modular connectivity (WIC/VIC)

2801

1751/1760

24 Phones

36 Phones

48 Phones

37253745

285128212651

96 Phones

38253845

144/192 Phones

168/240 Phones

• Local Auto Attendant and Voice Mail system with 12-100 mailboxes, 4-8 sessions, 100 hours of storage

Multiple Services

Low-Density Services

High-Density Services

Cisco Unity Express

3845 Integrated Service Router (ISR)

Supports 240 Phones


5


FEATURES

Cisco IP Phone 7905G andCisco IP Phone 7905G andCisco IP Phone 7912GCisco IP Phone 7912G

• Basic Business Phone • Pixel Display• Single Line • Four Dynamic “Soft Keys”• Cisco IP Phone 7912G has

Integrated Ethernet Switch

Cisco IP Phone 7940/41G/7960/61GCisco IP Phone 7940/41G/7960/61G• Ideal Knowledge Worker Phone• Large Pixel Display with Two Lines • Four Dynamic “Soft Keys” • Built-in Headset Port • High-quality Speaker Phone• Integrated Ethernet Switch

Cisco ATA 186/188Cisco ATA 186/188• 2 FXS Ports• 1 RJ-45 10BaseT uplink (Cisco 186 ATA)• 1 RJ-45 10/100BaseT data port

(Cisco ATA 188)

Cisco IP Phone 7911G+SWCisco IP Phone 7911G+SW •Entry Level Phone•Character Display•Single Line•Six Configurable Features•Cisco IP Phone 7910+SW has Integrated Ethernet Switch

Unified CallManager Express Phone Portfolio: IP Phones and Analog Adaptors

Cisco IP Phone 7902GCisco IP Phone 7902G• Entry-level Business Phone• Single Line • Fixed Features

Cisco IP Phone 7970/71GCisco IP Phone 7970/71G • Executive Business Phone• Color Display with Touchscreen• Large Pixel Display with Eight

Lines• Five Dynamic “Soft Keys” • High-quality Speaker Phone• Integrated Ethernet Switch

Cisco Wireless IP Cisco Wireless IP Phone 7920Phone 7920• 802.11b wireless IP phone• 6 extensions / speed dials • Standard and Extended Li-ion

Batteries

Cisco IP Conference Cisco IP Conference Station 7936Station 7936

• High-quality speaker• Hands-free Conference Phone• Three Dynamic “Soft Keys”

Cisco IP Expansion Module 7914• Attendant Console Solution• Up to 34 possible buttons• Monitor, Manage, & Cover calls

Cisco IP CommunicatorCisco IP Communicator• PC based “soft phone”• Emulates Cisco 7961

• The Cisco 7910G and 7910G+SW are basic telephones primarily for common-use areas that require only basic features, such as lobbies, break rooms, and hallways.

• The Cisco IP Phone 7940G is a second-generation, full-featured IP phone for low to medium traffic users who require a minimum of directory numbers. It provides two programmable line/feature buttons capable of four simultaneous calls and four interactive soft keys that guide a user through call features and functions.

• The Cisco IP Phone 7960G is a second-generation, full-featured IP phone primarily for manager and executive needs. It provides six programmable line/feature buttons and four interactive soft keys that guide a user through call features and functions. The Cisco IP Phone 7960G also features a large, pixel-based LCD display. The display provides features such as date and time, calling party name, calling party number, and digits dialed. The graphic capability of the display allows for the inclusion of present and future features.

• The Cisco IP Conference Station 7935 couples state-of-the-art conference room speaker-phone technologies from Polycom with the Cisco award-winning AVVID-voice communication technologies. The net result is a conference room phone that offers superior voice and microphone quality, with simplified wiring and administrative cost benefits which are derived when converging voice, video, and data across a common IP infrastructure.

• The Cisco IP Conference Station 7935 voice instrument is a full-featured, IP-based, full-duplex hands-free conference station for use on desktops and offices, and in small to medium-sized conference rooms. This device easily attaches to a Catalyst® 10/100 Ethernet switch port with a simple RJ-45 connection, and dynamically configures itself to the IP network via the Dynamic Host Control Protocol (DHCP). Other than connecting the Cisco 7935 to an Ethernet switch port, no other administration is necessary. The Cisco 7935 dynamically registers to the Cisco CallManager for connection services and receives the appropriate endpoint phone number, and any software enhancements or personalized settings, which are pre-loaded within Cisco CallManager.

• The Cisco ATA 186 Analog Telephone Adaptor is a handset-to-Ethernet adaptor that interfaces regular analog telephones with IP-based telephony networks. The adaptor turns traditional telephones into IP telephones, and thus takes advantage of many new and exciting IP telephony applications.

• Call coverage is a critical capability for administrative assistants and others who must monitor, manage, and cover the various status of calls. This requires the ability to instantly determine the status of a number of lines beyond the six-line capability of the Cisco IP Phone 7960.

• The Cisco IP Phone Expansion Module 7914 extends the capabilities of the Cisco IP Phone 7960 with additional buttons and an LCD display. With this expansion module, you add 14 buttons to the existing six buttons of the Cisco IP Phone 7960, increasing the total number of buttons to 20 with one module or 34 when you add two Cisco 7914 Expansion Modules. You can use up to two Cisco 7914 Expansion Modules with a Cisco IP Phone 7960 (Figure 1).

• The Cisco IP Phones are standards-based communication devices that deliver true next-generation voice-over-IP (VoIP) terminals to businesses worldwide.

• The newest member of the family, the Cisco IP Phone 7905, is a full-featured IP telephone primarily designed as an entry-level device to fulfill business requirements for cost-effective IP telephony. It is specifically suited for enterprise and service provider applications, including the following end-user environments: enterprises, small and medium-sized businesses (SMB), small offices, home offices (SOHO), and


6



CallManager Express v 4.0

666

• Hopefully the majority of you are already familiar with or have heard of the new Cisco Integrated Services Routers that were introduced last fall.


7


Cisco CallManager Express—What is it? Key Benefits:• Cost-effective—


• Application integration Leveraging Desktop and

CRM solutions • Network Integration Secure voice, video and

data convergence • Investment protection Solution grows with you• Breadth of Solution Deployment and

Endpoint choices• Feature velocity Continued Investment

equals continual research and design

• Configurable IP PBX or IP Key System functionality for 240 station market

• Full Featured Solution that meets the Needs of the Small Business, Branch Office, or Service Provider Managed Service solution

• Provides Robust Networking Across Sites 5 digit dial, VM Networking

• Voicemail, Integrated and Unified Messaging Options

• Integrated Video Communications

• Intuitive / Easy to use GUI for day two system administration

• Centralized Management for Multi-Site Scenarios options


8


Cisco CallManager Express Key Call Control Features

• Support for Either PBX or Key System Functionality• Legacy Telephony Features:

Call Transfer, Paging, Intercom, Call Coverage

Call Park, MOH, Night Bell

Hunt Groups, Basic ACD and Reporting Ad Hoc & “Meet Me” conferencing

DID / Operator Console

• Converged IP Communications Features:Video Telephony

Wireless (802.11) Integration

Soft Phone support

Desk Top Integration

SIP Support


9


Cisco CallManager Express Version 4.0Enhancements to Legacy Telephony Features

• ACD, AA & Hunt Group Enhancements– Dynamic registration with Huntgroups– Huntgroup logon / logoff (normal calls still allowed)– Improved waiting call notification– Enhanced B-ACD Reporting in EXCEL Format

• Conferencing Enhancements– Retain conference call when conference initiator drops

• Call Forwarding, Park, Transfer Enhancements

– Night Service Call Forwarding– Park Call Recall– Dedicated Park Slot per extension– Call Transfer blocking

• Enhanced Phone Features– Headset Auto Answer– Distinctive Ring Patterns for Internal or External Calls

• Integration with Legacy PBXSupport for QSIG protocols to communicate with TDM-

based PBX’sCallManager Express

New

IP C

all C

ontro

l

• Today we support 120 mailboxes, new sizing provides parity with CME• Desktop integration means Voice messages appear and can be

managed with an IMAP client such as Outlook• VM messages can also be forwarded to other devices for play• SIP enhancements: RFC2833, MWI in SRST mode, etc.• Support for CCM 5.0 and 4.2

• And Cisco Unity Express provides voicemail and automated attendant


10


Cisco CallManager Express Version 4.0Enhancements for Converged IP Communications

• Remote Teleworker Support– IP Phone Registration across VPN connection

• Video Telephony & PC Soft TelephonySupport for Cisco VT Advantage for video telephonySupport for Cisco IP Communicator for soft phone

• SIP Trunking Enhancements Enhanced call control with SIP protocols to SIP trunk

• Survivable Remote Site Telephony featuresProvide backup call control in a branch office when part of

a centralized Cisco CallManager telephony network• New Phone Support

New 7941 and 7961 Display Phones

CallManager Express

New

IP C

all C

ontro

l





11


CCME 4.0 New System Features

System Features:• Remote teleworker support• Dynamic failover to secondary CME• 10,000 number bulk speed-dial• Feature Access Code (FAC) support• QSIG supplementary feature support• ATA SCCP Fax Passthrough Support• Multiple user locales per system• User defined locales• Line selectable MWI• Revert to originator or alternate number after

call park timeout• Select last-redirect or originator as redirect

number for call-forward to VM• Dedicated call-park slot per phone• Conference last-party drop• Distinctive ringing based on called number

Call Center Features:• Audio and visual display of calls

in queue• Call-forward to alternate number during night-

service• Music on hold from live feed• Customizable message display when all hunt-

group agents logged out • DID Invalid extension system prompt • Disable call-forward for local calls• Block hunting for local calls• Headset auto-answer• Hunt-group automatic agent logout• Hunt-group dynamic membership• Hunt-group logout per extension• Selective call-forward based on DNIS • Timeouts per hunt-group member• Revert to originator after hunt timeout

111111


12


Additional CCME 4.0 Enhancements

Phone Features:• Cisco IP Communicator support • Cisco 7911/7941/61 support• Cisco VT Advantage with video call support• Enhanced TAPI 2.0 Interface

Security Enhancements:• IP Phone authentication• Disable Auto Registration• CFwdAll, Confrn, GpickUp, Park, PickUp, and

Trnsfer feature blocking • Call transfer number length restriction • Disable directed call-pickup• Block PC port and setting button access • Restrict conference preservation to

local parties

Manageability Enhancements:• CCME MIB• CME Quick Configuration Tool 2.0• Enhanced CDR for tracking supplementary

features• External storage of configuration files and

phone firmware files• Replace mac-address without deleting ephone

configuration• Disable gatekeeper and SIP proxy registration

globally• Night-service parameter for weekdays,

weekends, or every day • Default changed to transfer-system

full-consult • Increase max ephone-templates to 20

121212


13


Cisco Unified CRM Connector v3.0

• Increases employee productivity, efficiencies by:– Providing immediate information on inbound

and outbound calls– Enabling fast, easy “click to dial” from CRM

database records– Providing call duration tracking, information

capture and record creation• New features include:

– Support for Microsoft CRM 3.0– Support Cisco Unified CallManager Express

4.0, Cisco Unified CallManager 5.0 and Cisco Unified Contact Center Express 4.5

– IVR / digit collection via Cisco Unified Contact Center Express

– IP Phone Service to display results of a CRM Connector lookup

Integrates Cisco Unified CallManager Express, Unified CallManager and Unified Contact Center Express With Microsoft CRM Software

Cisco CRM Connector Lead: Ted Allen

Topic: Wants 200 UnitsCompany: XYZ CorporationRating: Hot

Job Title: Purchasing Manager

Customer Service Case: CAS-0014

SmartSimpleSecure


14


Supports click-to-dial feature from a Microsoft CRM contact record

Free CCO Download

Cisco CRM Communications Connector:Application Integration with Microsoft CRM

Opens contact record and creates new activity record as call arrivesCreates screen pops from click-to-dial calls and manually dialed outbound calls

Accurately tracks duration of phone call and associates with phone activity record

Captures incoming and outgoing call information, including calling number, called number, and call start and end times

Easily creates a new CRM record when new customer call arrives

• Screen pops

• Click to dial

• Call-duration tracking

• Call-information capture

•Customer-record creation

• Cisco CRM Communications Connector is a free application available to Cisco IPC Express Resellers as a way to integrate CME with Microsoft CRM application.

• The Communications Connector is designed to be installed in less then an hour in most cases and does not require any customization for most deployments.

• The application is a middleware application that resides between Microsoft TAPI integration with CME to pass calling party number (caller ID) from/to the CRM database.


15



Cisco Unity Express v 2.3

151515



16


Cisco Unity Express—What is it? • Autoattendant and voice-mail system for the

small and medium office• Supports Cisco® CallManager or Cisco

CallManager Express deployment scenarios• Choice of Network Module or Advanced

Integration Module for complete flexibility• Supported on broad range of Cisco routers—

industry leading Cisco 2800 and 3800 series and widely deployed 2600XM and 3700 series

• 12 to 250 mailboxes, 4 to 16 ports• VPIM Networking with Cisco Unity® Express or

Cisco Unity • International language support• SNMP agent for remote monitoring, data

collection and trap management

Key Benefits:• Cost-effective—


• Application integration— Fewer devices to manage

• Intuitive user interface— Uses same menu and prompts as Cisco Unity

• Investment protection— Increase mailbox capacity via simple software upgrade

• Broad range of configurations and scale

• Feature velocity—High feature velocity to meet market and customer needs quickly


17


Cisco Unity Express Key Voice Mail Features

• Individual and General Delivery Voice Mailboxes Message Waiting IndicatorSave, delete, forward, reply, pause, fast forward, rewindTag messages as urgent or privateDistribution list and broadcast messagesAllocate mailbox capacity on per user basisRetrieve accidentally deleted messages from the

telephone user interfacePersonal Operator - “Zero-out” from voice mail to

alternate number definable on per user basis Undelete messages within the same sessionSpoken name confirmation for all local and many remote

recipientsOptional CLID for calls originated on local system or

PSTNMessage Notification configurable by User

• Network messaging with other Cisco Unity Express or Cisco Unity sites


18


Cisco Unity Express -Key Automated Attendant Features • Multiple automated attendants (up to 5)

per systemStandard dial-by-name, dial-by-extension auto-attendant is provided

• Cisco Unity Express EditorGraphical scripting tool creates customized automated attendant menu flowsSupports time-of-day, day-of-week routingUnlimited menu items and unlimited nesting

• Administration via telephonyRecord AA prompts from phone or computer Create and manage broadcast messagesRecord location names and spoken names for remote users

• Alternate or Emergency GreetingsHoliday schedules / CalendarBusiness Hours schedule Alerts for temporary emergency schedule changes (i.e. snow, earthquakes, etc.)


19


Cisco Unity Express Version 2.3• New Desktop Applications

– IMAP Compliant E-mail Client Application Integration– “Browse” Voice Mailbox Using Cisco IP Phone

Display – VoiceView Express– New/Urgent Message Notification To Email, Text

Based E-page, Numeric Page, Phone

• Solution Scalability– New 150, 200, 250 Voice Mailbox

• Extensible, Open– SIP Enhancements– Five New Languages: Japanese, Mexican Spanish,

French Canadian, Chinese (Mandarin) And Korean– Internetworking with Cisco CallManager 4.1, 4.2 and

5.0

• Easy To Configure, Deploy, Manage– Remote Monitoring And Management With SNMP

Voic

emai

l

Cisco Unity Express

New





20


Cisco Unity Express Version 2.3 (FCS 2QCY06)

Easy, Affordable Voice Mail And Automated Attendant

• Capacity Enhancement New 150, 200, 250 Mailbox NM-CUE-EC Licences

• Desktop IntegrationIMAP Compliant E-mail Client Application IntegrationVM Messages Could Also Be Attached, Forwarded To Other

E-mail Services

• Visual Voice Mail Voice View Express Allows Subscriber To “Browse” Voice

Mailbox Using Cisco IP Phone Display

• Remote Notification Subscriber Service Notifies Arrival Of New/Urgent Messages

To Email, Text Based E-page, Numeric Page, Phone

• LocalizationJapanese, Mexican Spanish, French Canadian, Chinese

(Mandarin) and Korean

• SIP Enhancements



21


CUE 2.3 Feature Enhancements

System and Capacity Features:• 150, 200, 250 mailbox license levels on the NM-

CUE-EC• CCM connectivity to 4.2 and 5.0• Unity 4.05 TUI prompt parity• Localization—several more languages:

ItalianBrazilian PortugueseLatin American SpanishDanishBritish (UK) English

AA Features:• Re-recording of prompts• Alternate greeting enhancement• AA Script debugging• CME Script Control on Xfer• New editor steps

SIP Features:• Mailboxes for CME and CCM SIP phones• MWI updates in SRST mode• RFC2833 DTMF support

Voice Mail Features:• Integrated Messaging (IMAP-compliant

e-mail client application support)• VoiceView Express—visual access to voice mail• Message notification—outcalling• Future message delivery• Voice mailbox mask support for CCM• Local broadcast privilege• Mandatory message expiry• Original-called-number (OCN)/Last-redirect-

number (LRD)


22


Cisco Unity Express Modules

• Voice message storage: 100 hours• Session/port capacity – 8 or 16 • Up to 250 mailboxes supported• Hard Drive – 20GB, 500 MHz

processor, 256MB/512MB DRAM

• Voice message storage: up to 14 hours beginning with release 2.0

• Session/port capacity 4 or 6 depending on router

• Up to 65 mailboxes supported• Industrial Grade Compact Flash –1 GB

beginning release 2.0 – 300 MHz processor, 256MB DRAM

NM-CUE or NM-CUE-EC AIM-CUE

• AIM-CUE---Resides directly on the motherboard• AIM-CUE---Frees network module slot for additional telephony, VPN, Security,

Switching or other services• AIM-CUE---Lowers entry-level system price• AIM-CUE ---2691 and 2600XM support 4 ports all other routers support 6 ports

beginning w/release 2.1 • NM-CUE-EC---Will support more than 100 mboxes in future release. NM-CUE will

not go above 120


23


Integrated Messaging for Improved Responsiveness, Productivity

Cisco Unity Express IMAP

TUI or Display

POP (.wav)

Desktop messages are accessible via:

IMAP enabled e-mail clients.wav attachments to e-mail (PDA, other e-mail accounts) Cisco IP Phone display using VoiceView Express


24


Cisco Unity Express:Integrated Messaging across different devices

Lotus Notes

Outlook

VoiceView Express

Voicemail TUI

Outlook Express

IMAP

IMAP

IMAP

SMTP

/PO

P

VoiceMail TUI or email notification

HTTP/XML

VoIP


25


Integrated Messaging Client View: Example


26

26© 2005 Cisco Sy stems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Confidential

Integrated Messaging Operation• Integrated view of email and voice mail on the same

clientRetrieve, delete and change the state of voicemail messages through a standard IMAP-capable email clientIMAP enabled email clients.wav attachments to email

• IMAP4rev1 protocol – RFC3501Message store and MWI synchronizationAuthentication (client login) via SSL

• A single CUE “Inbox” folder on PC clientAll the messages (new, saved and deletedmessages) appear in the Inbox The appearance of messages are client-specific


27


VoiceView Express – Cisco Unity Express• Provides a visual interface into subscribers’ voice

mailbox to view and manage messages, mailbox settings and other message management tasks

• Allows access of voice messages based on their importance to the user, rather than based on their sequential chronologic order.

• Allows users to sort the saved messages based on date and time, caller or sender name/number, or priority

• Provides customization of personal voice mail box settings via phone display

Home Page

List of Voice MessagesVoice Mail SortDetailed envelope

information


28


Cisco Unity Express 2.3Message Notification Operation• Message Notification (Outcalling)

This is a system service that notifies a subscriber upon the arrival of new/urgent messagesSystem-wide and per user/GDM configuration options

• Notification DestinationsNumeric devices/destinations (uses a voice port): 4Text devices/destinations (uses no voice ports): 2

• Notification PreferencesConfigurable for All messages; or just for Urgent messages

Broadcast messages and DDRs do not generate notificationsConfigurable per system, per user and per destinationSubscriber can set up a schedule per device/destination for notifications

• Notification MethodAll configured and enabled destinations are notified simultaneouslyNo “chaining” or “cascading” of notifications supportedNo retries or NDRs are generated for notification failures


29



Design Considerations

292929



30


Cisco CallManager Express IOS Release Version Summary

12.4(6)TVG224, IP-IP GW12.4(4)XC1CME 4.0(1) (Laverda)12.4(4)TCME 3.4 (Piaggio + Speedbird)

IOS VersionCME Release Version

12.4(3d) or higherCME 3.3 (Aprilia on Mainline)12.3(11)T10CME 3.2 (Aprilia)12.3(8)T11CME 3.1 (Segway)

12.4(6th release)TCME 4.0(2) GA 12.4(4)XC3CME 4.0(2) Early Adopter

IOS VersionCME Release Version12.4(9)T CME 4.0 (Laverda) GA

Future

Shipping


31


CME 4.0(x) Features

CME 4.0(1)Early Adopter Release: 12.4.(4)XC1, Currently Available3. FXO Trunk dn transfer and line optimization for call

coverage4. Silent ring over-ride for night-service5. Automatic line selection for answering incoming

callCME 4.0(2)Early Adopter Release: 12.4.(4)XC3, FCS July 068. 7931(Goped), 7906G9. CIPC Video Support with CVTA 2.0 10.Localization for 797X/61/41/11


32


DSLFaxCisco ISR, Including:• CallManager Express, • Cisco Unity Express• Cisco IOS Firewall• Integrated 24 port PoE switch

GUI Management

Station

Employee PC,Cisco IP Phone

7961G and Voice Mail

Application server

Printer

Cisco IP Phone 7905 in Lobby, Break Room, or

Conference Room

Dial Backup and POS

Analog Phones

Cisco IP Phone 7970+ 7914 as the Attendant

ConsoleWireless LAN Access Point

Cisco IP VoWLAN 7920

Phone

CO Line 1, 2, 3, 4

Standalone SMB Deployment—Full Office Communications on a Single Platform

Table PC

Public Interne

t

PSTN

• Small Standalone Office Deployment• Traditionally, this office would have been equipped with a data router and a key system

for voice services. These functions and applications are now integrated into the Cisco 3725 CME router shown at the center of the configuration. Components include:

• PSTN interface: A small office would typically prefer key system operation (i.e. line appearances on buttons on the phones) where each CO line is individually mapped. For a small office, low-density analog FXO is the most common CO connectivity; larger offices might use BRI or fractional T1/E1.

• Internet interface: For a small standalone office, a DSL connection to the ITSP is likely the most cost-effective. Larger offices could choose a fractional or full T1/E1.

• Employee desktops: Cisco 7960 phone with a computer attached behind it is a common configuration.

• Applications servers: Business-specific office applications and print servers would be connected to the LAN.

• Attendant console: Cisco 7914 is a good choice for receptionist or attendant.• Other components: Phones in lobbies, conference rooms; fax and other voice services.• Management: GUI access to the CME/CUE interfaces is available from any computer for

management and adds, moves, changes.


33


Deployment Highlights—SMB

• Single box solution for IP communications, including telephony, video, routing, switching, WLAN, and security

• Connectivity with existing CO lines and analog devices as well as with SIP trunks from service providers

• Key-system features such as shared trunk lines, monitoring of trunk status from phone display, auto attendant

• PBX features such as DID extensions, basic ACD, hunt groups, voicemail, and many more

• Remote phone support for tele-workers or for small offices where a full CME system is not justified

• Video telephony, soft phone support, enable productivity of mobile workforce• Day two GUI administration support• Investment protection for upgrade to multi-site VoIP network with converged

applications


34


Large Enterprise with Retail Branch

• Call routing to 400+ CME stores handled by GK

• G.729 calls forwarded to Unity converted to G.711 by DSPfarm transcoder registered to CCM

• Unity sends MWI status to MWI relay server using SCCP outdial

• MWI relay server relays MWI status to Store CMEs using SIP subscribe notify

CME Store1

HQ CCMCluster

CME Store2 CME Store3 CME Store4

Gatekeeper

MWI Relay server

Unity

XcodePSTN GW

GK

WANPSTN


35


Deployment Highlights:Large Enterprise with Retail Branch

• Unified Dialplan for Store-to-Store communication• Leverage existing MoH feed at branch stores• Scalable Dialplan and Call Admission Control provided by

H323 Gatekeeper• One VM box for each CME. Used by branch manager to

receive broadcast voice messaging from HQ• Shared voicemail and directory with HQ CCM and branch

CME • Synchronized MWI notification for 400+ branch IP phones

when message received from HQ



Redundancy

Redundancy


37


IP Phone Redundancy: HSRP

• Prior to CME 4.0, IP phones must register to HSRP address for redundancy

• All inbound/outbound calls to HSRP address are process switched, increasing CPU utilization for VoIP calls—not an issue for small sites

• HSRP address cannot be registered to GK

HSRP Address10.1.1.1Primary CME

10.1.1.2

telephony-serviceip source-address 10.1.1.1 port 2000!interface FastEthernet0/0 ip address 10.1.1.2 255.255.255.0 standby ip 10.1.1.1 standby priority 200 standby preempt

Secondary CME

10.1.1.3

Call Manager 1: 10.1.1.1 ActiveIP Phone Network Configuration

telephony-serviceip source-address 10.1.1.1 port 2000!interface FastEthernet0/0 ip address 10.1.1.3 255.255.255.0 standby ip 10.1.1.1 standby priority 100

• Rehome can options 0-65535 seconds


38


IP Phone Redundancy: Secondary CME

• Starting with CME 4.0, IP phones can home to secondary CME when keepalives to primary CME expires—same behavior as CCM

• HSRP can still be used for data redundancy

CME1: 10.1.1.1

telephony-serviceip source-address 10.1.1.1 port 2000 secondary 10.1.1.2

CME2: 10.1.1.2

Primary CME Secondary CME

Call Manager 1: 10.1.1.1 ActiveCall Manager 2: 10.1.1.2

IP Phone Network Configuration



39


CCME PSTN Redundancy Options

• Hybrid schemeAdvantages of consolidating circuits in a PRI/T1-CAS with backup FXOs for 911 in case of T1 failure

• PRI/T1-CAS atoreOne PRI/T1-CAS per CMEEach PRI/T1-CAS uses a diverse route with a diverse carrier

• FXO-Only storeAll FXOs can be physically split between both routers in case of loss of CMEMust set “ringer option 1” on CME-Primary voice-portsMust set “ringer option 3” on CME-Secondary voice-ports

1 00 -24 0 V ~ 3 A50/6 0H z

DO NOT R EM O VE DUR ING N ETWORK OPERA TION

CF

Cisco 3800 Series

SYS AC T PWRSYS

R PS PWR A IM0 AIM 1 PVD M 0 PVDM 1 PVDM 2 PVDM 3AU X

CME-Primary

10 0- 24 0 V ~ 3 A5 0/6 0H z

D O N OT REM OVE D URIN G NETWO RK O PERATIO N

CF

Cisco 3800 Series

SYS ACT PWRSYS

RPS PWR AIM 0 AIM1 PVDM 0 PVDM 1 PVD M 2 PVDM 3AUX

CME-Secondary

PSTN

Physically Split FXOs

PRI orT1-CAS

FXO-2

FXO-1

Hybrid Scheme


40


Combining IP Phone and PSTN Redundancy

• Ephone-dns are always present, even when IP phones are not registered• If PSTN to primary is down, but IP phones are still registered to primary, incoming

calls routed to secondary CME are routed to ephone-dn without an associated IP phone—call will receive busy tone

• To prevent this, ephone-dn on secondary CME needs to be set at lower preference than VoIP dial-peer that routes call to primary CME

• Advanced config—not common

Primary CME (10.1.1.1)

Registration

Secondary CME ephone-dn 1

number 1000preference 10!dial-peer voice 1 voipdestination-pattern 1000session target ipv4:10.1.1.1preference 1

ephone-dn 1number 1000

PSTN



41


Redundant CME with GK

• Ephone-dn from both primary and secondary CME register to GK simultaneously, with no preference associated

• Preference must be set statically at GK for each CME site to route calls to primary CME first, secondary CME second

81…


CME1192.168.100.1


CME2192.168.100.2

gatekeeper zone local NYC cisco.com 10.10.10.1 zone prefix NYC 81... gw-priority 10 CME1 zone prefix NYC 81... gw-priority 9 CME2 gw-type-prefix 1#* default-technology

Gatekeeper

10.10.10.1

WAN GK







43


IP WAN

CCME

Call Admission ControlWhy Is It Needed?

PSTN

Circuit-Switched Networks

Packet-Switched Networks

PBX

PhysicalTrunks

STOP

IP WAN Link Provisionedfor Two VoIP Calls (Equivalent

to Two “Virtual” Trunks)

3rd CallRejected

No Physical Limitation on IP Links

If 3rd Call Accepted,Voice Quality of All

Calls Degrades

Call Adm. Control Limits # of VoIP Calls on Each WAN Link

IP WANLink


44


Call Admission ControlDistributed Deployments: Gatekeeper

• In purely distributed CME deployments, Gatekeeper provides CAC for both hub-and-spoke and full-mesh topologies

• Define Gatekeeper zones for each CME sitecluster to limit bandwidth in and out of each site

• Up to 500 zones per GK

SJC

RTP NYC

Gatekeeper

gatekeeper zone local RTP cisco.com zone local SJC cisco.com zone local NYC cisco.com bandwidth interzone zone NYC 256 bandwidth interzone zone RTP 256 bandwidth interzone zone SJC 256

GK

IP WAN


45


Call Admission ControlDial-Peer Max-Conn

• Maximum number of calls can be set using max-conn on dial-peer


• Calls routed through other dial-peers on system do not count towards limit

• All outbound and inbound calls must be routed through single dial-peer to be effective

dial-peermax-conn 2

WAN

STOP

3rd CallRejected


46


WAN

Call Admission ControlCall Threshold

• Maximum number of calls can be set per interface using call threshold


• Calls routed across multiple dial-peers count towards maximum limit

• Must be set on physical interfaces Does not work across IPsec or virtual interfaces

dial-peer 1

dial-peer 2

call threshold interface GigabitEthernet0/0 int-calls low 3 high 3

GE0/0

STOP

3rd CallRejected


47


Call Admission ControlRSVP

• RSVP agent on CME and voice gateways in call path reserve bandwidth for set number of calls

• Effective for networks were all the voice gateways used for call routing support RSVP

Site ASite A Site B

RSVP

WAN


48


CME 4.0: CME-SRST Fallback


49


CME-SRST Fallback Overview

• CCM phones fallback to CME during WAN outage• SRST Features such as call preservation, auto

provisioning and failover are supported• CME Features are available during failover: Call

park, Hunt-group, MWI, Overlay-DN, SCCP Unity, Softkey Templates

• FL-SRST and FL-CCME licenses are interchangeable, only config on router needs to be modified to switch between CME and SRST


50


When to use SRST

• Site has 240+ phones. SRST can support max 720 phones

• Simple, one-time configuration required for basic functionality. CME adds more features but requires additional configuration

• SRTP media encryption is required • SIP Phone Failover is required• VG248 support is required


51


CME-SRST Fallback Options

(config-telephony)#srst mode auto-provision ?

all SRST mode ON (include both learned DNs and phones into running config)

dn SRST mode ON (include only learned DNs into running config)

none SRST mode ON (include NONE of the learned DNs/ephones into running config)

• In general, you will want to use srst mode auto-provision none to always use dynamic provisioning


52



1) WAN connectivity to CCM is lost

2) IP phones re-register to CME ip address specified in SRST Reference

3) CME will read IP phone mac-address, DN and speed-dial settings from IP phone flash

4) If the DN number of CCM phone matches the number set on a preconfigured ephone-dn, the IP phone will assign the preconfigured ephone-dn to itself

1000


2000



53



1) If the DN number of CCM phone does not match the number set on a preconfigured ephone-dn, CME will create an ephone-dn that matches the IP phone’s extension, with the SRST ephone-dn-template applied

2) The IP phone will register with the auto-provisioned ephone-dn with SRST ephone-template applied

3) If auto-provision none is configured, none of the auto-provisioned ephone or ephone-dn configs are written to running-config

If the IP phone is replaced and MAC address changes, no configuration change is required on CME


54


Provisioning CME-SRST Fallback

1) Configure and register IP phones to CCM2) Configure CME address as SRST Reference on CCM3) Enable SRST mode on CME with auto-provision none4) Define SRST ephone-template for shared softkey ordering,

speed-dial, fastdials and transfer-blocking5) Define SRST ephone-dn-template for call-forward, pickup-groups6) Configure Per-phone ephone-dns, these DNs should match the

numbering plans configured on your CCM phones7) Configure ephone-hunt. You must have ephone-dns configured

before setting up ephone-hunt8) Configure system ephone-dns: Call park, MWI, etc.9) Save config• Once you are done with these steps, you do not have to

modify CME settings unless your CCM dialplan changes


55


CME 4.0 Platform Density

288962851

120242801

7202403845

5001683825

Max. DN

500

500

288144144

120

Max. SCCP + SIP phone

192

144

724836

24

3745

Platform

3725

26912821, 265xXM

2811, 2600XM, 262xXM

1751, 1760


56


SRST 4.0 Platform Density

800480CMM

384962851

120242801

96072038459603363825

Max. DN

960

576

288

192

144

120Max phones

480

144

72

48

36

24

3745

Platform

3725

2691

2821, 265xXM

2811, 261xXM, 262xXM

1751, 1760


57


CME 4.0: Remote Teleworker


58


Remote Teleworker Requirements• Minimum bandwidth of

one T1 (1.536 Mbps) or E1 (2.048Mbps) of bandwidth at HQ CME site

• Minimum 128 Kbps upload bandwidth for each remote phone. Business class broadband recommended

• Maximum number of remote phones constrained by WAN bandwidth

• CUE, PSTN must be hosted on hub CME

• No SRST Support

IPsec Tunnels

87X

87X

87X

87X

Internet

PSTN

Data

Voice

LAN

CME


59


Remote Teleworker : Background

• Prior to CME 4.0, there were issues with one-way audio for calls made to hub VM or PSTN by remote phones over direct IPsec tunnel.

• The workaround was using “loopback” interfaces and GRE tunnels.

• CME 4.0 solves this problem by sending the RTP (UDP) packets through the IOS IP switching engine, instead of encapsulating it and queuing it to the egress interface itself.

• The changes introduced by this feature makes CME behave the same way as Cisco VoIP (H.323 or SIP) gateway, in the sourcing of RTP packets for remote phones.


60


Remote phones, no MTPCharacteristics• Media flow-around for spoke to spoke calls PSTN, VM access requires media flow-through to CME• All IP phones require routable address• UDP/TCP ports must be open between remote and LAN IP phones

Media(RTP)

Signaling (SCCP)87X

87XWAN

CMEephone 1

ephone 2VM

PSTN


61


Remote phones with MTPCharacteristics• All non-LAN calls flow-through CME source address• Only CME source address needs to be routable • Remote phones can use NATed addresses• UDP/TCP ports must be open between remote IP phones and CME source address

VM

Media(RTP)

Signaling (SCCP)

ephone 1 mtp

ephone 2 mtp

CME source address on routable nework

fixup protocol skinny configured on PIXfor private address on remote LAN

87X

87XWAN

CME

PSTN


62


Remote phone G.729

• With g.729 dspfarm-assist configured, DSPfarm will be used to transcode G.729 to G.711 for call-forward/transfer to CUE and 3-party conferencing

• If no DSP transcoding resources available, remote phones will use G.711

• ATA, VG224 do not support dspfarm-assist, will always use G.711 for CUE and 3-party conferencing

• Enter total number of remote phones in DSP calculator > Advanced Options > “G.711 to G.729a/ GSM-FR” field to calculate DSP resources required for transcoding:



63


Recommended Design for Remote phones over IPsec•IPsec tunnel between CME and 87X/PIX (Recommended for QoS, VPN acceleration)

• IPSec pass-through through 3rd party router with Cisco VPN concentrator at head-end and Cisco VPN Client + CIPC at Remote site

87X/PIXWAN

Linksys router

CME/VPN server Cisco VPN client w/IPC

IPsec tunnel



CME Security Considerations


65


CME/Cisco IOS Firewall with H.323

• CBAC inspects H.323 connections initiated from CME/firewall• ACL on CME/firewall allows H.323 call control traffic on TCP

port 1720• Inspection of CME/Firewall initiated traffic enables dynamic opening of

pinholes on the interface ACL to allow return traffic for dynamically negotiated call control and RTP ports

SCCP phone

Private

Public

SIP phone

Private

NYC SJC

H.323 Trunk

SCCP Port Access Restricted to LAN IP Address Space

ACL Allows Inbound/Outbound H.323

Packets on CME Source IP Address, TCP Port 1720

SIP Port Access Restricted to LAN IP Address Space


66


CME/Cisco IOS Firewall with SIP

• CBAC on external firewall inspects CME initiated SIP connections• ACL on firewall allows SIP call control traffic on TCP port 5060• External firewall inspects CME initiated traffic, dynamically opening pinholes on

the firewall ACL to allow return traffic for dynamically negotiated call control and RTP ports

• Inspection of SIP and SCCP for co-resident CME and firewall will be supported in Q1 CY’07

SCCP phone

Private

PublicSIP phone

Private

NYC SJCFW FW


Source Address


Source Address

ACL Allows Inbound/Outbound SIP

Packets on TCP Port 5060

SIP Trunk


67


SJCNYCH.323/SIP Trunk

CME Site-to-Site VPN

• All SIP/H.323 call control and RTP media can be encrypted over IPsec tunnel established between CME/VPN routers

• CME 3.X and below requires GRE. CME 4.0 and above does not require GRE, supports dynamic, static crypto, EZ-VPN, DMVPN.

• Recommended design for remote SCCP phones

SCCP phone

Private

Public

SIP phone

Private

CME Source Address Uses Loopback Routable Over

IPsec Tunnel

CME Source Address Uses Loopback Routable

over IPsec TunnelIPsec Tunnel Established Between

Public Address on CME/VPN Server

IPsec tunnel


68


CME Security Toolbox

• COR (Class of Restriction)

• After-hours call blocking

• Forced authorization code

• Direct inward dial

Toll Restriction• Transfer-pattern

• Transfer max-length

• Softkey template

• Call-forward max-length

• Disable call-forward local

• Disable directed pickup

Features Restriction

• TACACS/radius authentication

• SSH/HTTPS secure access

Administrative Restriction• Customized GUI access

• Disable auto-registration


69


Toll Restriction: After-Hours block

• After-hours block globally defines specific blocks patterns that cannot be dialed during non-business hours

• Maximum of 32 block patterns can be defined per system• Block pattern with 7–24 always blocked for all phones• When stop time is earlier than start time, the stop time is in the next day of the week; i.e.

Sat 13:00 9:00 sets non-business hours from Saturday, 13:00 to Sunday, 9:00AM

telephony-serviceafter-hours block pattern 1 91after-hours block pattern 2 91900 7-24after-hours day sun 9:00 8:00after-hours day mon 19:00 8:00after-hours day tue 19:00 8:00after-hours day wed 19:00 8:00after-hours day thu 19:00 8:00after-hours day fri 19:00 10:00after-hours day sat 13:00 9:00

Numbers Starting with 91 Blocked During Non-Business Hours

Numbers Starting with 91900 Always Blocked, 24–7

Business Hours Set to 8:00–19:00 Monday–Friday, 10–13:00 Saturday, Closed Sunday


70


Toll Restriction: After-Hours Exemption

• After-hour exempt will exempt IP phone from all after-hours blocking • After-hours PIN over-ride will suspend after-hours block when user enters four to eightdigit PIN;

block pattern with 7–24 suffix will still be enforced even after PIN entry• After-hours suspension in effect until login timeout expires• PIN is defined per IP phone

telephony-service after-hours block pattern 1 91 after-hours block pattern 2 91900 7-24 login timeout 10 ! ephone 1 ! ephone 2 after-hour exempt ! ephone 3 pin 1234

Numbers Starting with 91 or 91900 Blocked

ephone 1

STOP

ephone 2

No Numbers Blocked

ephone 3

After PIN Entry: Only Numbers Starting with 91900 are

BlockedSTOP


71


Toll Restriction: Class of Restriction (COR)

• COR denies or allow calls based on group membership. These groups are called COR lists• An ephone-dn or dial-peer can become a member of a single COR list• Ephone-dn and dial-peer that are not members of COR lists are exempt from COR rules

Dial-peer cor custom name 911 name 408!Dial-peer cor list call911 Member 911!Dial-peer cor list call408 Member 408!Dial-peer cor list Lobby Member 911!Dial-peer cor list Office Member 408 Member 911

Define Outbound COR Lists and Add COR Members

Define Inbound COR Lists and Add COR Members

Define COR Names, Maximum 64 Allowed


72


Toll Restriction:Class of Restriction Logic (1)

Incoming COR List

Outgoing COR List

Outgoing Dial-peer

PSTN/VOIP

Call Allowed: Member 911 Matches for Incoming and Outgoing COR List

Call Blocked: No Member Match for Incoming and Outgoing COR

ListSTOP

Call Allowed: Member 911 and 408 Match for Incoming and Outgoing COR List

IncomingEphone-dn

ephone-dn 1ephone-dn 1 number 1111number 1111 cor incoming Lobbycor incoming Lobby

dial-peer cor list Lobbydial-peer cor list Lobbymember 911member 911


dial-peer 1 voice potsdial-peer 1 voice pots corlist outgoing call911corlist outgoing call911 destination-pattern 9911destination-pattern 9911 port 1/0/0port 1/0/0

dial-peer 2 voice potsdial-peer 2 voice pots corlist outgoing call408corlist outgoing call408 destination-pattern 408…….destination-pattern 408……. port 1/0/0port 1/0/0





73


Toll Restriction: Class of Restriction Logic (2)

Incoming COR List

IncomingEphone-dn Outgoing

COR ListOutgoing Dial-peer

Call Allowed: Dial-peers with No COR List Applied Accepts all Calls

Call Allowed: Ephone-dn with No COR List Applied Can Make Calls to any dial-peer

Call Blocked: No Member Match for Incoming and

Outgoing COR List

STOP

PSTN/VOIP



dial-peer voice 4 potsdial-peer voice 4 pots destination-pattern 408…….destination-pattern 408……. port 1/0/0port 1/0/0



ephone-dn 3ephone-dn 3number 3333number 3333


dial-peer voice 3 potsdial-peer voice 3 pots corlist outgoing call845corlist outgoing call845 destination-pattern 845…….destination-pattern 845……. port 1/0/0port 1/0/0


74


Toll Restriction: COR vs. After-Block

COR After-Hours Block

Pros• Multiple COR groups can be defined

• Can be applied to non-sccp devices such as analog phones fax machines and CUE

Cons• Settings must be applied per DN

• Provisioning on CLI only

• No time-of-day or PIN override

Pros• Provisioning is simple, settings applied per

phone

• Can be provisioned on GUI

• Rules can be selectively enforced according to time-of-day or PIN override

Cons• All phones must follow single global set of

rules

• Supported on SCCP and SIP phones only


75


Securing CUE: Message Notification

• System-wide settings to determine valid numeric destinations• Checked when numeric destination

is enteredAlready configured numbers are not checkedwhen the rules are altered

• Min/Max digits allowed: 1–30• Up to ten rules or call patterns

Rules can contain wildcards* matches zero or more digits. matches one digit (single digit placeholder)

Each rule: allowed or deniedRules are searched sequentially until a matchis found, then exit

• Default: all numbers allowed

*Call Pattern

YesAllowed

Yes*No91……..

9011*Call Pattern

NoAllowed

Yes*No91408…….Yes91408555121

2

9011*Call Pattern

NoAllowed


76


Call Forward Restriction: Call-Forward Max-Length

• Call-forward max-length restricts maximum number of digits that can be entered for call forward destination with CfwdAll softkey on a per DN basis

• Max-length for ephone-dn assigned to button 1 will be enforced when pressing CfwdAll softkey while onhook or by lifting handset

• Max-length for ephone-dn assigned to other buttons only enforced when specific button is selected; if button 2 is selected and CwdFall softkey is pressed, max-length for ephone-dn assigned to button 2 is enforced

• Call forward max-length is not enforced for destinations entered in GUI or CLI


Button 1: Forward to 5551212 Blocked


STOP

Button 2: Forward to 19103335555 Blocked STOP

ephone-dn 1 number 1000 call-forward max-length 4!ephone-dn 2 number 1001 call-forward max-length 7!ephone 1 button 1:1 2:2


77


Call Forward Restriction: No Forward Local-Calls

• No forward local-calls introduced in CME 4.0, will block call-forwarding of incoming calls from local CME IP phones

• Set on a per ephone-dn basis• All other incoming calls will

obey ephone-dn call-forward settings

Call Forward Not Enforced

PSTN

1000

Call Forwarded to 2000

ephone-dn 1number 1000call-forward busy 2000 call-forward noan 2000 timeout 10no forward local-calls!ephone 1 button 1:1


78


Call Transfer Restriction: Transfer-Pattern

• Call transfer to POTS or VoIP destination that does not match the transfer-pattern is blocked; this includes “local” destinations such as CUE and B-ACD

• One transfer-pattern is allowed per system and is enforced on all phones• By default, no transfer-pattern is set, so all call transfers to POTS or VoIP destinations are

blocked• transfer-pattern still allows transfers to ephone-dn and ephone-hunt numbers defined on local

CME• Transfer-pattern .T will allow call transfers to any destination


Transfer to 9102223333 blocked


PSTNSTOP

12345

telephony-servicetransfer-pattern 408555….


79


Call Transfer Restriction: Transfer-Pattern Blocked

• transfer-pattern blocked introduced in CME 4.0 over-rides transfer-pattern and disables call transfer to POTS or VoIP destination

• transfer-pattern blocked still allows transfers to ephone-dn and ephone-hunt numbers defined on local CME

• Can be applied on ephone or ephone-template




PSTNSTOP

12345

telephony-servicetransfer-pattern .T!ephone-template 1transfer-pattern blocked!ephone 1!ephone 2ephone-template1


80


Call Transfer Restriction: Transfer-Pattern Max-Length

• transfer-pattern max-length introduced in CME 4.0 overrides transfer-pattern and enforces maximum digits you are allowed to enter for transfer destination on a per phone basis

• Can only be applied on ephone-template• Max-length not enforced for ephone-dn or ephone-hunt numbers on

local CME


PSTNSTOP


12345


telephony-servicetransfer-pattern .T!ephone-template 1transfer-pattern max-length 4!ephone 1ephone-template1


81


ephone-template 1 softkeys idle Redial Dnd Pickup Login Gpickup softkeys seized Pickup Redial Endcall Gpickup!ephone 1ephone-template 1

Features Restriction:Softkey Templates

• Ephone-template can be used to disable access to features by removing softkeys

• Supported on all phones with LCD display

• Template can include softkey settings for: alerting, connected, idle and seized states

• CME 3.x supports max 5 templates, CME 4.0 supports max 20 templates per system

Idle

Seized

Prevent Call Forward by Removing CFwdAll Softkey

from IP Phone User Interface


82


Features Restriction:Feature Access Code (FAC) Blocking

• CME 4.0 adds feature access codes (FAC), which allow endpoints such as VG224 to enter * or # codes to invoke features

• Set features blocked under ephone-template to block specific phones from being able to use FAC

telephony-service fac custom callfwd all *3!ephone-template 1 features blocked CFwdAll!ephone 1 button 1:1!ephone 2 ephone-template 1 button 1:2

CME VG224

ephone 2

ephone 1Enter Dial *3 + Fwd

Destination to Set Call Forward All

Dial *3 Does Nothing


83


Features Restriction:Disable Directed Pickup

• Directed call pickup allows any call on local CME to be picked up by pressing pickup softkey followed by ringing extension

• no service directed-pickup, introduced in CME 4.0 disables directed call pickup globally; group call-pickup is not blocked.

• Pressing pickup softkey executes local group pickup; emulates CCM behavior

telephony-serviceno service directed-pickup !ephone-dn 1number 123pickup-group 1!ephone-dn 2number 130!ephone-dn 1number 124pickup-group 1

123

130

124

Pickup softkey + 123 blocked

Pickup softkey does local group pickup

Ringing

STOP


84


Toll Restriction: Inbound Call Best Practices

• By default, incoming calls to a CME voice port presents incoming caller with secondary dial-tone; this allows the incoming caller to dial any number defined on CME, including long distance and international numbers; very dangerous

• PLAR to an AA or attendant phone if your telco does not present DID

• Enable direct-inward-dial and translate to match internal dial-plan if telco presents DID

Default: Incoming Call Receives Secondary Dialtone

Attendant

CUE AAPLAR or DID Enabled: Call is Routed to Internal party

International CallsIncoming Caller can Reach Any Number

Defined on CME


85


“You Have Reached an Invalid Extension.

This Call Will Be Disconnected”

Toll Restriction:DID Translation Script

• TCL Script adds a prefix from 1–99 to any incoming DID

• If prefix + DID matches CME numbering plan, call is routed to new destination; if there is no match, script plays invalid number prompt and disconnects call

Incoming DID Call to 30

Script Appends Prefix 1 to DID

Match

No Match

DID Script

TCL130

STOP


86


Securing CUE: AA PSTN Access

• CUE system AA script contains a variable to allow/deny PSTN access from the AA

• Recommendation: Build a similar capability in any custom AA scripts used on CUE

If PSTN access from the AA is required, limit the numbers (or range of numbers) that are considered valid by the script

Allow/Deny PSTN Transfers Out of the AA


87


Disable Auto-Registration

• With CME 4.0, no auto-reg-ephone will reject registration attempts by IP phones with MAC address that are not provisioned in CME

• show ephone attempted-registrations will show MAC address, phone type and datestamp for failed registration attempts

• Disabling auto registration will disable GUI ephone provisioning and CME SRST Fallback

• With CME 3.x and below, provision ephones before configuring ip source address to workaround auto-registration behavior

STOP telephony-service ip source address 10.1.1.1 no auto-reg-ephone!ephone 1 mac-address AAAA.BBBB.CCCC button 1:1

AAAA.BBBB.CCCC

BBBB.AAAA.DDDD

REJECT:mac-address Not Provisioned in CME

• Phones will continuously attempt to register as long as network connectivity exists


88


Secure CME

1. IP phone downloads CTL file generated by CTL client; after CTL files is validated, IP phone downloads signed config, locale and firmware files

2. IP phone initiates TLS session on port 3804 to CAPF server specified in config file

3. IP phone user enters password to authenticate to CAPF; after password is validated, CAPF enrolls certificate request to CA and provides certificate to IP phone

4. IP phone stores certificate and establishes TLS session on port 2443 to register to CME

fCME CAPF

CTL Client

Certificate Authority

IP Phone

SSL/TLS

TFTP

Cisco IOS PKI

TLSTLS

1.TFTP

2.

3.

4.

Cisco IOS


89


AAA Model for CCME

• If AAA for administration of Cisco IOS-based equipment is already in use, it should be leveraged for CCME

Use CiscoSecure ACS and TACACS+ or some other off-box mechanism

• AuthenticationFollow corporate standards

• AuthorizationCCME administrators only should be allowed access to options under global config such as dial-peers, ephones, ephone-dns, telephony-service, etc.

Show commands and other exec level instructions can be restricted as desired

• Accounting Command level accounting should be enabled as appropriate to at least monitor config changes within CCME

• Security mechanisms for CLI – expand upon the existing


90


HTTPS and SSH Secure Access

• SSH encrypts user logon data when accessing CME CLI• HTTPS encrypts user logon data when accessing

CME GUI• SSH included in all Cisco IOS images in 12.4• HTTPS require K9 image to provision• HTTPS and HTTP can run concurrently• IP phones do not support HTTPS; if HTTP is disabled on CME, the

following phone features may cease to function:

Local directoryXML speed dialCUE GUI

• Stuff I created for Depot and pursued further for Wal-Mart


91


TACACS/Radius Authentication forCME GUI/CLI

• CME GUI and CLI administrative access can be authenticated to external TACACS/Radius server

• CLI access can be limited to specific commands based on privilege level, level 15 gives you full access

• Only CME GUI admin can be authenticated by TACACS/Radius. End user GUI accounts must be local

• Not supported in CUE GUI

TACACS/RADIUS server

Authenticate username/password

telnet/SSH

HTTP/HTTPS


92


CME 4.0: Video


93


CME Video Call Flows

PSTN

ACCM

VideoVideoVoiceVoice

• Supported Video Call Flows: CME SCCP CME Local SCCPCME SCCP CME Remote SCCPCME SCCP H.323 VideoCME SCCP H.323 CCM SCCP Video

IPH.323

H.323

CVTA

H323 Video EP

CVTA


94


2 PC initiates CAST messages to phone over TCP/IP. CAST packets are routed up to layer-3 boundary between VLANs. Firewalls and/or ACLs must permit TCP port 4224

3 Phone acts as SCCP proxy between VT Advantage and CCME. CCME tells phone to open video channels per call. Phone proxies those messages to PC via CAST protocol

4 Phone sends/receives audio. PC sends/receives video on RTP port 5445. Audio and video marked DSCP AF41. Switch port must be set to trust DSCP (or use an ACL) instead of trust COS or else VT Advantage packets will be rewritten to DSCP 0

SCCP EndpointsHow VT Advantage Works

PC VLAN = 10 Phone VLAN = 110

IP

VT Advantage 171.70.10.100

IP Phone: 10.70.110.100802.1Q/p

1 Phone and PC exchange CDP. Phone begins listening for CAST messages on TCP port 4224 from IP address of CDP neighbor

CDP

““CAST: : Open video channel”

“CAST: I want to associate with you”

“SCCP: Open video channel”

Video packets

Audio packets

IP S iS i

CCME


95


CME VTA Support

• Supported on 7960/40, 7941/61, 7970/71 firmware version 7.x and above. 7985 NOT supported

• Video-Capabilities enabled per phone in CME 4.0 CLI

• VT Advantage automatically “associates” with IP Phone. All dialing and supplementary services done through phone

• CDP installed on PC Ethernet NIC. Must be physically connected to PC port on back of IP Phone (e.g. no wireless, no associating from a different network jack)

• Cisco USB Camera required (e.g. No 3rd-party cameras)

• Codecs supported:H.263, H.261, G.729, and G.711

telephony-service video maximum bit-rate 384 service phone videoCapability 1!ephone 1 video Case-Sensitive!


96


SRST Video Support

CVTA Supported with SRST 4.0, 12.4(4)XC

call-manager-fallbackvideomaximum bit-rate 384max-conferences 16 gain -6transfer-system full-consultip source-address 20.1.1.1 port 2000max-ephones 52max-dn 110

• The SRST configuration on above slide is not a complete SRST configuration.


97


CME Video Fall Back to Audio Scenarios

• Call between Video-capable EP and Audio-only EP• Video-capable EPs have mismatch Video codec or

formats• System Video Minimum Video Bit-rate not met (e.g.

max-bit-rate < 64 kbps)• Call transfer or forward to Audio-only EPs• Initiate Conference between 3 video-capable EPs

- RTP stream are mixed by CME, fall back to Audio


98


CME Video over H323

• H323 Slow Start only • H.450 Call Transfer and Forward only• H.323 to H.323 Hairpin not supported• All RTP streams (audio + video) flow-through

CMEs, not like skinny skinny flow-around


99


CME/SRST IP Phone Decoder Ring

No

No

H.323

SCCP

SCCP

SCCP

SCCP

SCCP/SIP

SCCP/SIP (7911 not tested)

SCCP/SIP

SCCP/SIP

SRST

3.4 – 12.4(6)T

Golden Brdg

SRST Voice OnlyNoNoNo7985

SCCPNoNoCIPC 2.0 OnlyCIPC 2.0 & VTA 1.0

SCCP/H.323H.323H.323H.323ATA Fax

SCCP/SIPSCCPSCCP/SIPSCCPATA Voice

SCCP*SCCPSCCPSCCP7914




SCCP (SIP SRST Only)

SIP SRST OnlyNoSCCP(SRST only)

7941/61/11


SCCPSCCPSCCPSCCP7970/7971

CME/SRST

4.0 – 12.4(4)XC

SRST

3.4 – 12.4(4)T

CME

3.4 – 12.4(4)T

CME/SRST

3.3 (12.4)

* 7961/70/71 support for 7914 added with CME 4.0


100


7941/61/11 Support

• Supported firmware files will be posted on CME 4.0 Spec sheet below:


Beware of available flash!• 7941/61:5 files, 5MB• 7911:7 files, 5.5MB • 7970/71:5 files, 5MB • SDM: 7MB• CME(B-ACD/GUI/MoH):

2.5MB• IOS: 25 - 35MB

tftp-server flash:TERM41.DEFAULT.loads tftp-server flash:TERM61.DEFAULT.loads tftp-server flash:TERM41.x-x-x-xS.loads tftp-server flash:CVM41.x-x-x-xx.sbn tftp-server flash:Jar41.x-x-x-xx.sbn tftp-server flash:cnu41.x-x-x-xx.sbn ! tftp-server flash:TERM11.DEFAULT.loads tftp-server flash:SCCP11.x-x-x-xS.loads tftp-server flash:cnu11.x-x-x-xx.sbn tftp-server flash:dsp11.x-x-x-xx.sbn tftp-server flash:apps11.x-x-x-xxdev.sbn tftp-server flash:jar11.x-x-x-xx.sbn tftp-server flash:cvm11.x-x-x-xx.sbn !telephony-service load 7941GE TERM41.x-x-x-xS load 7941 TERM41.x-x-x-xS load 7961GE TERM41.x-x-x-xS load 7961 TERM41.x-x-x-xS load 7911 SCCP11.x-x-x-xS


101


Quick Config Tool (QCT) v. 2.0Simplified CME Configuration

• QCT configures CME system in under 30 minutes without using IOS CLI.

• QCT v. 2.0 includes new features:

– BAT file input of users & extensions from MS Excel format.

– Configuration of separate VLANS for voice and data traffic

– Automated reset of CME & CUE to configurable factory default status

– Advanced T1 / E1 configuration parameters, including PSTN switch type.

• QCT v.1.0 has been downloaded almost 10,000 times since release in July, 2005


102


Quick Config Tool (QCT)Improvements in Installation of CME and CUE— Saves You Time—Makes You Money!

“We were very happy to find the QCT application. We had a CME/CUE installation to be performed by a less-skilled engineer, which quite frankly made us a little nervous. We were very happy with the outcome; the engineer finished the job in a day, doubling the profit. We will definitely use this tool on future CME/CUE installs.”

--Cisco Partner, Computer Software Innovations (CSI)

00.5

11.5

22.5

33.5

44.5

5

InstallTime

(hours)

TACCalls

IOS CLIQCT

“We were impressed that QCT can build a PBX system with only two screens of data, while other products involve from 2 to 10 times as many setup screens to configure a new IP PBX system. This setup is faster and requires less telephony or data network expertise than virtually any other system in the SMB class that Miercom has previously tested.”

“We built the PBX configuration for our six phone system using QCT in about 20 minutes.”

“The QCT generated a configuration that would otherwise require over 300 command line entries.”


103


Other Q and A


104


Where to Find More Information

104

• IPC productswww.cisco.com/go/ccmecue (Cisco® CallManager Express and Cisco Unity® Express information)www.cisco.com/go/isr (integrated services platforms) www.cisco.com/en/US/products/hw/phones/index.html (Cisco IP Phones) www.cisco.com/en/US/products/hw/switches/ps646/index.html (switches)

• IPC service and support solutionswww.cisco.com/en/US/products/svcs/ps2961/ps2664/serv_group_home.html www.cisco.com/en/US/products/svcs/ps11/ps2445/ps3040/serv_home.html

• IPC technology and services specializationswww.cisco.com/go/specialization

• Financingwww.cisco.com/go/ciscocapital

• Here are some URLs to help your customer in their SMB IP Communications plans and deployments.

• (View in slide show format to click on links.)


105


Resources

• General Cisco ISR Information:www.cisco.com/go/isr

• Miercom and Current Analysis Reports:www.cisco.com/go/isr

• Cisco Unified Communications Datasheet:http://www.cisco.com/en/US/products/ps5855/products_data_sheet0900aecd80169812.html

• CallManager Express: www.cisco.com/go/ccme

• Cisco Unity Express: www.cisco.com/go/cue

• Voice Gateways: http://www.cisco.com/en/US/products/ps5855/products_data_sheet09186a0080182d38.html


106


Documents

CCME 4 Feaure and Design Important)