Sunday, May 31, 2009

QoS Recommendations for Avaya VoIP Phones

QOS facilities are required to insure that VoIP packets take transmission precedence over data traffic.  These same facilities insure that sufficient bandwidth exists for VoIP traffic so as to minimize packet delay, jitter and discard while preserving sufficient bandwidth for data traffic. 

Layer 3 (Router) – Since it is an IETF standard and it allows the priority markings to be placed on packets by the IP telephony devices themselves, the customer should pursue options that support Differentiated Services (DiffServ) for the Layer 3 routed environment at the network edges. When implementing DiffServ, the recommended value that should be set on all Avaya telephony equipment is a 46 which equates to “EF” (Expedited Forwarding). The Avaya Servers and IP phones should be configured to mark both call control IP packets and audio IP packets with a DiffServ value consistent with the network capabilities of the data infrastructure.  Once the telephony gear has been set to mark all packets with the DiffServ values, the network routers must also be configured to prioritize packets based on this packet marking.   

In cases where IP softphone is used, it may be necessary to prioritize packets based on RTP protocol, IP addresses or destination to MedPro IP addresses.  This is a result of limitations in the operating system being able to properly mark packets with appropriate markings.

In scenario where IP Telephony will traverse the WAN, and to provide optimal audio quality, the routers should be upgraded to support QOS.

Layer 2 (Switch) – In order to mark Layer 2 Ethernet frames on the IP telephony endpoints, as is optimal, usage on switched ports should be configured to support 802.1p/Q on the CLAN/MedPro and IP phone Ethernet interfaces.  802.1p/Q is the IEEE standard for Layer 2 Quality of Service.  The 802.1p priority identifier is customer selectable and the recommended setting is 6.  Most new Ethernet LAN switches have multiple hardware queues for priority frame processing and this support typically has to be enabled on the switches.

VLAN Separation - Avaya C-LAN, MedPro board, Gateway and IP phones should be deployed on their own VLAN to isolate them from network data traffic broadcasts.  The 802.1/Q VLAN identifier is customer selectable.  For IP phones an 802.1Q trunk should be configured on the LAN switch port, with the phone being on the designated voice VLAN and a PC connected through the phone switch base being on the native or designated data VLAN.  Avaya boards and Gateways should be on their own VLAN which is not an 802.1Q trunk with this VLAN being the native one for the switch port.

Configure SSH on Cisco PIX Firewall

hostname erniefirewall
domain-name networkengineerblog.com
ca gen rsa key 1024
ssh 10.4.1.5 255.255.255.255 inside (allows ssh from 10.4.1.5 on inside interface)
ssh timeout 60
passwd YourPasswordGoesHere
ca save all

Other Configurations:
ssh 0.0.0.0 0.0.0.0 outside (allow access from any address on outside interface)
ssh 0.0.0.0 0.0.0.0 outside (allow access from any address on inside interface)

Friday, May 29, 2009

Load a new Cisco PIX software image from a TFTP server

If you don't already have a TFTP server to use I recommend using Solarwinds Free TFTP Server.
  1. Copy bin file to TFTP Server
  2. Configure Ethernet Interface on the firewall so you can connect to the TFTP Server (test by pinging the server)
  3. copy tftp://192.168.100.25/filename.bin flash
  4. Restart firewall using 'reload' command

Reset HP Switch to Factory Default Configuration

  1. Using pointed objects, simultaneously press both the Reset and Clear buttons on the front of the switch.
  2. Continue to press the Clear button while releasing the Reset button.
  3. As soon as the Test LED begins to flash, release the Clear button.
The switch will then complete its self test and begin operating with its
configuration restored to the factory default settings.

Configure 802.1q trunk between HP switches

Goal:
Configure 802.1q trunk between 2 HP switches going over port F21 on both switches.

Switch 1 Config:
vlan 1
tagged F21

vlan 2
tagged F21

Switch 2 Config:
vlan 1
tagged F21

vlan 2
tagged F21

Cisco switch: 802.1q trunk to router (router-on-a-stick)

Switch Config:
vlan 100
name data
state active

vlan 200
name data
state active

interface fastethernet 1/0/1
switchport trunk encapsulation dot1q
switchport mode trunk

Router Config:
interface fastethernet 0/0
no ip address

interface fastethernet 0/0.1
encapsulation dot1q 1 native (native vlan on switch is vlan 1)

interface fastethernet 0/0.100
encapsulation dot1q 100
ip address 192.168.100.1 255.255.255.0

interface fastethernet 0/0.200
encapsulation dot1q 200
ip address 192.168.200.1 255.255.255.0


Thursday, May 28, 2009

Configuring Cisco Hot Standby Router Protocol (HSRP)

Goal:
Configure HSRP.

Config:
Router 1:
interface FastEthernet0/1
ip address 10.1.2.3 255.255.255.0
duplex auto
speed auto
standby preempt
standby 1 ip 10.1.2.1
standby 1 priority 105 (higher priority, will be active)
standby 1 preempt
standby 1 track FastEthernet0/0 (
If fa0/0 goes down, the router priority will be decremented by the default 10)

Router 2:
interface FastEthernet0/1
ip address 10.1.2.2 255.255.255.0
duplex auto
speed auto
standby preempt
standby 1 ip 10.1.2.1
standby 1 priority 100
standby 1 preempt
standby 1 track FastEthernet0/0 (
If fa0/0 goes down, the router priority will be decremented by the default 10)

Show Commands:
show standby

Enable and password protect telnet logins to Cisco routers

Goal:
Enable telnet login to router and protect with password.

Config:
conf t
line vty 0 4
login
password ernierocks

How to enable local logging on a Cisco router

Goal:
Enable local logging on Cisco router so we can view the log on the router.

Config:
logging buffered

Show Commands:
show log

Route selection by host reachability with Cisco SLA

Goal:
Monitor an Internet address and change default route if that address is unreachable.

Remote IP to Monitor: 4.4.4.4
Primary Provider Gateway: 1.1.1.2
Backup Provider Gateway: 2.2.2.2

Config:

ip route 4.4.4.4 255.255.255.255 1.1.1.2

ip sla 1
icmp-echo 4.4.4.4
ip sla schedule 1 life forever start-time now

track 1 ip sla 1 reachability

ip route 0.0.0.0 0.0.0.0 1.1.1.2 track 1
ip route 0.0.0.0 0.0.0.0 2.2.2.2 200

Show Commands:

router#sh ip sla statistics
IPSLAs Latest Operation Statistics
IPSLA operation id: 1
Latest RTT: 1 milliseconds
Latest operation start time: *16:00:53.925 UTC Tue Jan 27 2009
Latest operation return code: OK
Number of successes: 33
Number of failures: 0
Operation time to live: Forever

router#sh track 1
Track 1
IP SLA 1 reachability
Reachability is Up
1 change, last change 11:14:51
Latest operation return code: OK
Latest RTT (millisecs) 1
Tracked by:


Login Banner for Cisco Router

config t
banner motd #
******************************************
* Unauthorized access prohibited
******************************************
#