Home Largest collection of Cisco BGP sample configuration, BGP commands and troubleshooting tips & tutorials http://www.ipbalance.com/component/content/frontpage.html Sun, 28 May 2017 10:12:05 +0000 Joomla! 1.5 - Open Source Content Management en-gb CUCME - Sample Configuration for Cisco SIP trunk - VoIP.ms http://www.ipbalance.com/voip/voip-cucme/1449-how-to-configure-sip-trunk-on-cucme-voipms.html http://www.ipbalance.com/voip/voip-cucme/1449-how-to-configure-sip-trunk-on-cucme-voipms.html I couldn't find a good example of how to setup SIP trunk with CUCME/CME out there. Here is some information to help. I have a SIP trunk service from VoIP.ms to my lab.



CUCME version : 8.6

DID number : 703 544 xxxx
Local IP Phone number : 1001
SIP server washington.voip.ms (
SIP username : x8xxxx
SIP authorization username : x8xxx
SIP PWD : 3edcvfr4#



voice service voip
 ip address trusted list
  ipv4         !Current IP address for washington.voip.ms at the time of this writing.
 ip address trusted call-block cause not-in-cug
 clid substitute name
 allow-connections sip to sip
 no supplementary-service sip moved-temporarily
 no supplementary-service sip refer
  transport switch udp tcp
  asserted-id ppi
  localhost dns:dns.name.of.your.device
  midcall-signaling passthru
  no call service stop

  credentials username x8xxxx0 3edcvfr4# realm washington.voip.ms
  authentication username x8xxxxpassword 0 3edcvfr4# realm washington.voip.ms
  registrar 1 ipv4: expires 300

voice translation-rule 1
 rule 1 /703544xxxx/ /1001/
voice translation-profile INBOUND
 translate called 1

!This dial peer will match all incoming calls for an specific DID
dial-peer voice 1 voip
 translation-profile incoming INBOUND
 destination-pattern 703544xxxx !Switch the # with your DID Number
 session protocol sipv2
 session target ipv4: !Your Call Manager IP Address
 incoming called-number .
 dtmf-relay cisco-rtp rtp-nte
 codec g711ulaw
 no vad

!This dial peer is for outgoing calls
dial-peer voice 2 voip
 destination-pattern [2-9]..[2-9]......
 session protocol sipv2
 session target ipv4:: !Your preferred server's IP address 
 no voice-class sip early-offer forced
 clid network-number 703544xxxx
 dtmf-relay h245-alphanumeric
 codec g711ulaw
 no vad

!Incoming Dial-Peer
dial-peer voice 4 voip
 session protocol sipv2
 session target ipv4:: !Your preferred server's IP address
 incoming called-number .
 dtmf-relay cisco-rtp rtp-nte
 codec g711ulaw





- SIP signaling : TCP or UDP 5060 (TLS 5060)
- RTP : UDP 10000 ~ 20000

As long as your CUCME IP is already configured with "overload", all traffic should be fine.

* debug ip nat sip

 Tips and troubleshooting

1. Keep loose registration link

CME#show sip register status
Line                             peer       expires(sec) registered P-Associ-URI
================================ ========== ============ ========== ============
1000                             20007      1188         no
1001                             20001      1188         no
1002                             20003      1188         no
1003                             20005      1188         no
1004                             20006      1188         no
1111                             100        1188         no
184953                           -1         0            yes
2000                             20008      1189         no

CME#show sip registration service
SIP Service is up

CME#show sip registration status
SIP User Agent Status
SIP User Agent for UDP : ENABLED
SIP User Agent for TCP : ENABLED

SIP User Agent for TLS over TCP : ENABLED
SIP User Agent bind status(signaling): ENABLED
SIP User Agent bind status(media): ENABLED
SIP early-media for 180 responses with SDP: ENABLED
SIP max-forwards : 70
SIP DNS SRV version: 2 (rfc 2782)
NAT Settings for the SIP-UA
Role in SDP: NONE
Check media source packets: DISABLED
Maximum duration for a telephone-event in NOTIFYs: 2000 ms
Redirection (3xx) message handling: ENABLED
Reason Header will override Response/Request Codes: DISABLED
Out-of-dialog Refer: DISABLED
Presence support is DISABLED
protocol mode is ipv4

SDP application configuration:
 Version line (v=) required
 Owner line (o=) required
 Timespec line (t=) required
 Media supported: audio video image
 Network types supported: IN
 Address types supported: IP4 IP6
 Transport types supported: RTP/AVP udptl

Your router handling NAT will need to support SIP inspection to properly rewrite the SIP Headers.  These are usually calles SIP Application-Level Gateways (ALGs).  This can be a CUBE or ASA or any 3rd party gateway that supports SIP inspection and rewrite.




contactus@wirethink.com (ip Balance) frontpage Thu, 03 Mar 2016 23:58:12 +0000
CUCME: How to setup hardware conference call bridge (meetme and Ad-hoc) http://www.ipbalance.com/voip/voip-cucme/1448-cme-how-to-setup-hardware-conference-bridge-meetme-and-ad-hoc.html http://www.ipbalance.com/voip/voip-cucme/1448-cme-how-to-setup-hardware-conference-bridge-meetme-and-ad-hoc.html

Cisco Unified Call Manager Express(CUCME) provides software conference as a default feature that only allows 3 calling parties on the conferencHow to setup hardware conference bridge -meetme, Ad-hoc on CUCMEe.

CUCME also provides more scalable hardware based conference bridge. Yes, it requires addition DSPs. ( PVDM module )


Software Conference

- No additional hardware(PVDM module) is required.
- Max 3 calling parties in conference.
- The participants must all be using the same codec.
- Ad-hoc only.

Hardware Conference

- Additional hardware(PVDM module) is required
- Max 16 parites for Ad-hoc conference mode
- Max 32 parites for meetme conference mode.


Hardware conference feature provides Ad-hoc and Meetme conference mode.


Ad-hoc : The person controlling the conference presses the telephone conference button and adds callers one by one.

Meetme : Participants call in to a central number and are joined in a single conference.

*Participants whose end devices use different codec types are joined in a single conference; no additional transcoding resource is needed.

]]> contactus@wirethink.com (ip Balance) frontpage Tue, 23 Feb 2016 19:31:41 +0000 How to setup Call Detail Records(CDR) from CUCME and Tips http://www.ipbalance.com/voip/voip-cucme/1446-how-to-setup-call-detais-recordscdr-from-cucme-and-tips.html http://www.ipbalance.com/voip/voip-cucme/1446-how-to-setup-call-detais-recordscdr-from-cucme-and-tips.html There are three ways to configure CDRs receiving from Cisco Unified Call Manager Express.

- Syslog Server
- RADIUS Server
- FTP Server

1. Syslog Server

1.-1. Pros

- Low Cost
- Quick Install
- Easy to configure
- Easy to interpriet (CSV format)

1-2. Cons

- Hard to read and parsing software needed.
- No CDR backup
- Syslog works over UDP(514)

1-3. Configuration

CUCME_Router(config)# Service timestamps log datetime msec localtime
CUCME_Router(config)# aaa new-model
CUCME_Router(config)# aaa authentication login default none / local
CUCME_Router(config)# aaa accounting connection h323 start-stop radius
CUCME_Router(config)# gw-accounting syslog
CUCME_Router(config)# logging host x.x.x.x ; syslog server IP


 1-4. Reference : Cisco CDR Logging Configuration with Syslog Servers

]]> contactus@wirethink.com (ip Balance) frontpage Sat, 06 Feb 2016 21:16:10 +0000 Useful Cisco Troubleooting Links http://www.ipbalance.com/vendor/cisco/1445-useful-cisco-troubleooting-links.html http://www.ipbalance.com/vendor/cisco/1445-useful-cisco-troubleooting-links.html Here is collection of Cisco Troubleshooting Links



1. Troubleshooting and Debugging VoIP Call Basics



1. T1 PRI Troubleshooting

2. T1 Alarm Troubleshooting

3. Troubleshooting Serial Line Problems

4. T1 Troubleshooting


Module (FXO/FXS)

1. Troubleshooting No Dial Tone Issues




More to come

contactus@wirethink.com (ip Balance) frontpage Fri, 05 Feb 2016 18:05:43 +0000
Windows Server 2012 as RADIUS for Cisco Router & Switch http://www.ipbalance.com/security/radius/1165-windows-server-2012-as-radius-for-cisco-router-a-switch.html http://www.ipbalance.com/security/radius/1165-windows-server-2012-as-radius-for-cisco-router-a-switch.html

If you have a lot of devices on your network, centralized authentication server is always handy for efficient control of devices, convenient and scalable.  I don't know about you, but I cannot remember or track all the passwords that are not using all the time. You don't have to use Microsoft Windows Server, since a lot of opensource RADIUS server out there. However, If you have a Microsoft Windows client on your network, probably you already have one. This article will explain how to setup Windows Server 2012 as a RADIUS authentication server in steps. Network Policy Server(NPS) will provide RADIUS server functionality and for the RADIUS client, we will use Cisco 3750 Switch in this case. Let's start.

Microsoft Windows Server 2012 as a RADIUS Authentication Server for Cisco Router & Switch


OS : Microsoft Windows Server 2012 essential. 4G RAM
Window server is joined as domain server.
IP : 


 1. Create a user group for specific people can access desiganted device to access. In this case, user group name is "Network_Eng"


contactus@wirethink.com (ip Balance) frontpage Mon, 13 Apr 2015 15:43:25 +0000
Cisco Unity Express License install, activate and transfer http://www.ipbalance.com/voip/voip-cue/1161-cisco-unity-express-license-install-activate-and-transfer.html http://www.ipbalance.com/voip/voip-cue/1161-cisco-unity-express-license-install-activate-and-transfer.html

Here is everything you need to know about Cisco Unity Express license activate, install and transfer. It shouldn't be that hard or difficult, but if you are not dealing with this stuff in everyday, it get confuse you easily.



Router platform : Cisco 2921
CME version : Ver 9.5
CUE module : ISM-SRE-K9-300
CUE version : ver 8.6.9
CUE license : 5 user license x 5

1. License volume & cost

; Buy it online where you get cheapest cost.

L-FL-CUE-MBX-5= : About $65 ~ 75
SCUE-LIC-25CME= : About $125 ~ 135
SCUE-LIC-50CME= : About $340 ~ 350
SCUE-LIC-100CME= : About $680 ~ 700
SCUE-LIC-100CME= : About $ xxx


2. Product Authorization Key(PAK) and registeration

- You will receive a paper with "Product Authorization Key(PAK)"


- Go to www.cisco.com/go/license and login with your CCO account
- And click "Continue Product License Registration"





- Put the PAK or Token ID and click "Fulfill " Buttom (See below picture)




- Check box for terms & condition and review your owner's info.

- Put a Unique Device Identifier(UDI) for CUE module(in this case ISM-SRE-K9-300)

* Do not put router's UDI#

- To find UDI of SRE module where is CUE installed, you must login SRE module


CUE_License# show license udi

Device# PID                     SN                      UDI
*0      ISM-SRE-300-K9          FOCX8313XBXX             ISM-SRE-300-K9:FOCX8313XBXX










- Generate a license file, *.llc (download or email to you)



- Downlaod and put it on FTP server (in this case, using Filezilla Server edition)


contactus@wirethink.com (ip Balance) frontpage Sun, 15 Mar 2015 02:11:59 +0000
How to configure Free SIP Phone X-Lite on Cisco CME8.6 http://www.ipbalance.com/voip/voip-cucme/1157-how-to-configure-free-sip-phone-x-lite-on-cisco-cme86.html http://www.ipbalance.com/voip/voip-cucme/1157-how-to-configure-free-sip-phone-x-lite-on-cisco-cme86.html

Here is a X-Lite free SIP phone configuration guide for Cisco CME(CUCME) 8.6.


- Cisco CME 8.6
- Cisco Router 2811 with Version 15.1(4)M8
- CME fa0/0 IP address :
- X-lite's IP address :
- Voice register global mode : CME


1. Router configuration


ip domain name wirethink.local
voice service voip
allow-connections sip to sip
redirect ip2ip
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
bind control source-interface FastEthernet0/0
bind media source-interface FastEthernet0/0
registrar server
no call service stop
voice class codec 1
codec preference 1  g711ulaw
voice register global
mode cme
source-address port 5060
max-dn 10
max-pool 10
authenticate register
authenticate realm wirethink.local
timezone 12
voicemail 8005
tftp-path flash:
voice register dn  1
number 7777
allow watch
name Chris
voice register pool  1
id mac 0000.0000.0001  ;  Any MAC address for X-Lite, but CUCM
number 1 dn 1
dtmf-relay rtp-nte sip-notify
voice-class codec 1
username Chris password happy ; Authorization name "Chris", password "happy" in this case.


2. X-Lite Account Setting

- User ID : extension # "7777" in this case.
- Domain : CME IP
- Password : Password under pool 1. "happy" in this case.
- Authorization name = Username under pool 1. "Chris" in this case.





contactus@wirethink.com (ip Balance) frontpage Sun, 01 Mar 2015 04:12:44 +0000
PowerShell: How to use SSH.NET Library for Cisco on Windows 7 http://www.ipbalance.com/programming/ms-powershell/1098-powershell-how-to-use-sshnet-library-for-cisco-on-windows-7.html http://www.ipbalance.com/programming/ms-powershell/1098-powershell-how-to-use-sshnet-library-for-cisco-on-windows-7.html As a network engineer, Expect script is handy on linux environment. Since working on Windows environment with limited power to install 3rd party software. Microsoft PowerShell is one of best option for alternative. I have tried Activestate perl with Expect module and plink.exec with "-m" option to use commands. However, partially worked or constantly met limitation and comparibility issue. Ended up, decided to find something always works. Here is what I found.


PowerShell : How to use SSH.NET Library on Windows 7


1. Download

Download SSH.NET Library from below Link.


"Download Script Module and DLL file: SSH-SessionsPSv3.zip"


1-1. Unzip it

1-2. Create a folder name as "SSH-Sessions" under


* In order to create a folder under the System32 directoy, it requires admin priviliege. If you don't have admin priviliege, create a folder under user dictory. Then you need to update "PS envi path" 


1-3. Open powershell console by start > windows powersheel.

1-4. From prompt >

PS C:\WINDOWS\system32\windowspowershell\v1.0\Modules> Import-Module SSH-Sessions


1-5. Make sure "New SshSession" cmlet from list.

 * Also, make sure your power shell is version 3.



contactus@wirethink.com (ip Balance) frontpage Wed, 12 Feb 2014 19:26:11 +0000
VMWare cloning - Device eth0 does not seem to be present http://www.ipbalance.com/vm/vmware/1079-vmware-cloning-device-eth0-does-not-seem-to-be-present.html http://www.ipbalance.com/vm/vmware/1079-vmware-cloning-device-eth0-does-not-seem-to-be-present.html

When cloned a CentOS 6.5 from Virtual Machine template, you might have a ethernet communication issue and getting below error messages.

"Device eth0 does not seem to be present"

The reason is that a previous/original machine already had claimed MAC address, duplicated MAC.

Here is the steps to fix it. 


1. Power on your Virtual machine (Cloned CentOS 6.5)

2. Open a file, /etc/udev/rules.d/70-persistent-net.rules.

- Edit the file and add new mac address which is not being used from previous cloning process.
* How can I get new MAC? try add new network card thru vSphere or vCenter, it will add new ethernet device on the file, 70-persistent-net.rules. See below screenshot which has few more PCI devices added.


 vmware clone VM caused eth0 issue 1


# PCI device 0x15ad:0x07b0 (vmxnet3)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", 
ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"



3. Open a file, /etc/sysconfig/network-scripts/ifcfg-eth0.





4. Verify MAC address on Virtual Machine cloned.


 vmware clone VM caused eth0 issue 2


5. Change default Gateway IP

Open a file, /etc/sysconfig/network




6. Power on the cloned Virtual Machin or or reload services .

5.1 Restart udev

# start_udev

5.2 Restart network configuration

# service network restart


7. Setup NTPD

[CentOS~]# yum install ntp ntpdate ntp-doc
[CentOS~]# chkconfig ntpd on ;Turn on service, enter
[CentOS~]# ntpdate pool.ntp.org ; Synchronize the system clock with 0.pool.ntp.org server

[CentOS~]# /etc/init.d/ntpd start ;Start the NTP server. The following will continuously adjusts system time from upstream NTP server.



I hope it is informative for you.


contactus@wirethink.com (ip Balance) frontpage Fri, 03 Jan 2014 23:58:36 +0000
Avaya ERS 55xx NTP setting http://www.ipbalance.com/vendor/avaya/1030-avaya-ers-55xx-ntp-setting.html http://www.ipbalance.com/vendor/avaya/1030-avaya-ers-55xx-ntp-setting.html Out of the box, Avaya ERS 55xx switch system will indicate below time clock.


ERS_5520# show clock
   System Clock time  :    THU JAN 01 00:02:01 1970
   Current SNTP time  :    Not Set
   Daylight saving recurring time is disabled
   Daylight saving time is disabled
   Time zone offset from UTC is 00:00

ERS_5520# show ntp
  NTP client enabled : false
  NTP polling interval : 15 minutes
  Last NTP update:

ERS_5520#show sntp
  SNTP Status:                    disabled
  Primary server address:
  Secondary server address:
  Sync interval:                  24 hours
  Last sync source:     
  Primary server sync failures:   1
  Secondary server sync failures: 0
  Last sync time:                 Not Set
  Next sync time:                 Not Set
  Current time:                   Not Set



Here is how to configure NTP by CLI.

Given condition

- NTP sources : &
- US Estern time zone
- Summer-time : 3/11/2013 ~ 11/4/2013.
- H/W : Avaya ERS 5500 with ver. v6.2.1.003

[Avaya ERS 5520]

ERS_5520# Conf t
ERS_5520(config)# sntp server primary address
ERS_5520(config)# sntp server secondary address
ERS_5520(config)# sntp enable
ERS_5520(config)# clock time-zone EST -5
ERS_5520(config)# clock summer-time recurring 2 sunday march 00:00 1 sunday november 00:00 60

ERS_5520(config)# clock summer-time EDT date march 11 2013 00:00 November 4 2013 00:00

* NTP summer-time recurring option is available after S/W ver.

ERS_5520# show clock




* NTP command will support by S/W ver.







contactus@wirethink.com (ip Balance) frontpage Tue, 11 Jun 2013 12:12:48 +0000