Author: ccie246

Cisco 360 workbooks

I have been spending the last few weeks doing labs on the Cisco360 portal and consistently find some surprises that seem to add and extra hour to my session every time.

  1. I find that regardless of which pod I am assigned, the BR2 phone is mis-configured on HQ-Pub and it always has a Skinny image even though the lab expects you to have SIP. The solution is simply getting the mac address via cdp from BR2 and updating the entry on HQ-Pub. since the image was originally Skinny it will take about 5-10 minutes to re-flash and register.
  2. Registering the BR2 phone on the BR2 router is not a simple matter as not only the phone is carrying the skinny firmware, it also has a trust list with only hq-pub/sub included. The solution requires;

a. register phone on Hq-Pub to get the image flashed to SIP

b. use the etel app to connect to the phone and remove the trust list (https://www.variphy.com/kb/delete-itl-file-on-cisco-7945-or-7965-ip-phone)

          Phone should now register just fine with BR2.

3. I have yet to get the jabber for video client working on the backbone pc as all the logins  I tried have been rejected. I will raise a ticket with the cisco360 team and update this entry.

Advertisements

Installing Jabber softphone

Recently after adding my jabber client to the HQ and BR1 sites I decided to setup one for my CUCM v11 at work only to run into an error where the registration complained saying “Unable to communicate with server”.

After some digging I realised since CUCM 10.x, there is an expectation that Jabber will discover the call manager server using SRV records set in DNS. I forced a workaround however by making entries in my local host file but that caused me to go looking for a cleaner solution without having to resort to DNS.

I came across this article from this website and it seems to be a more acceptable solution without having to edit local files on ever workstation running Jabber.

http://www.uccollaborationgeek.com/cisco-jabber-without-im-and-presence/

Setting up remote access

After getting my lab going I find ever so often while at work or on a business trip, I need to do a quick test of a scenario and I have no access to my equipment. When I had regular ADSL internet this was not a problem as I could easily configure DYNDNS on my modem and then vpn into my network from outside. This is no longer the case however with the new fiber service as now my provider has implemented CG-NAT and is leasing a routable public IP  for almost the same cost as the service.

I thought about using teamviewer but my lab network, by design is separated from my how network so not a viable option.

The next option I looked at is creating the equivalent of an hamachi tunnel where the remote sites dont need to rely on a local public IP but traffic between sites can be routed using the native private subnets.

My solution ended up looking like this.

lab

I created an ubuntu VPS on the amazon cloud and installed strongswan 5.3 then I setup a tunnel between my edge router and the strongswan server, publishing all the subnets for both my lab and the house network.

I then created a roadwarrior account on the strongswan for my laptop and tablet then by the magic of VPN I now have access to my home network using all private IPs and most importantly, without having to pony up a rental fee for a public IP.

Choose your PSTN simulator carefully

When trying to finalise my PSTN configuration for the required E1 and T1 lines to HQ, BR1 and BR2 I stumbled into a set of limitations with the 2801 router that caused me to stop and redo my topology.

Originally I had the following setup:

home-logical

 

The 2801 was configured as follows

Slot0-VWIC2-2MFT-T1/E1 (T1 crossover to HQ and BR1 )
Slot 1-
VWIC2-2MFT-T1/E1 (E1 crossover to BR2)
Slot 2-
WIC-2T
Slot 3-
WIC-2T

Frame relay switching was enabled with no issues for all three sites but when I tried to enable the pri timeslots on the controller in slot 0, I kept getting an error saying insufficient resources. At first I wasn’t sure what was wrong so moved on to the controller in slot 1 and configured the E1 pri timeslots with no problems. A quick google lookup pointed out that the 2801 routers can only use a T1 CAS voice card in slot 0 and nothing else. As the lab scenarios for HQ and BR1 required PRI and I was out of slots to relocate to, I now have to use the 2801 as a site router and replace it with a 2811 router instead.

Using one server for HQ and BR1

In my lab, server resources are very scarce so I have to make one server work for both HQ and BR1 vms.

As the labs have scenarios where DHCP runs from the Publisher or Subscriber, I know the phones must end up on the same vlan. This means the esx server must be connected to a trunk port on the main switch and each VM must be placed in their respective vlans.

This guide was very helpful to get that done as now I have my HQ vms in VLAN 5 and my BR1 vms in vlan 7 as per the 360 topology.

http://thesolving.com/virtualization/how-to-manage-vlans-and-virtual-switches-on-esxi-vsphere/

 

 

Preparing to Installing VMWARE ESXi

I confirmed that vmware 5.5 is compatible for CUCM 9.1 and also that it will run on my Dell Power edge 1430 server. Challenge now is how to actually install the ESX as the CDROM in this server is not working.

With some quick searching however I found these two articles which turned out to be very helpful. I actually got it working with the first method but was interested in a code approach so I did it again just for the fun of it and also to prove the second procedure.

In comparison however I must say the code approach was much cleaner and faster so will use that method for future needs to make USB drives bootable from a macbook.
1. http://blog.scottlowe.org/2009/01/08/creating-a-bootable-esxi-usb-stick-on-mac-os-x/

2. https://github.com/cbednarski/vmware-usb-osx

Building RJ45 Crossover cables

The topology for the lab has connections for WAN links to each site in addition to PSTN links providing T1 and E1 services. I am using a 2801 router for providing my PSTN services as I found the 2 port MFT1 cards are very cheap on ebay at this time.
The beauty about this setup is I didnt have to buy any funny WIC crossover cables as I was able to make my own using cat 5 cables and and a crimper
 t-1-crossover