Smart Business Communications System 1.1 Design Guide pptx
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (1.25 MB, 45 trang )
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Smart Business Communications System
1.1 Design Guide
Cisco Validated Design I
March 3, 2007
Text Part Number: OL-15367-01
Cisco Validated Design
The Cisco Validated Design Program consists of systems and solutions designed, tested, and documented to facilitate faster, more
reliable, and more predictable customer deployments. For more information visit www.cisco.com/go/validateddesigns.
ALL DESIGNS, SPECIFICATIONS, STATEMENTS, INFORMATION, AND RECOMMENDATIONS (COLLECTIVELY,
"DESIGNS") IN THIS MANUAL ARE PRESENTED "AS IS," WITH ALL FAULTS. CISCO AND ITS SUPPLIERS DISCLAIM
ALL WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE WARRANTY OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE
PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL,
CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR
DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THE DESIGNS, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
THE DESIGNS ARE SUBJECT TO CHANGE WITHOUT NOTICE. USERS ARE SOLELY RESPONSIBLE FOR THEIR
APPLICATION OF THE DESIGNS. THE DESIGNS DO NOT CONSTITUTE THE TECHNICAL OR OTHER PROFESSIONAL
ADVICE OF CISCO, ITS SUPPLIERS OR PARTNERS. USERS SHOULD CONSULT THEIR OWN TECHNICAL ADVISORS
BEFORE IMPLEMENTING THE DESIGNS. RESULTS MAY VARY DEPENDING ON FACTORS NOT TESTED BY CISCO.
CCDE, CCVP, Cisco Eos, Cisco StadiumVision, the Cisco logo, DCE, and Welcome to the Human Network are trademarks; Changing
the Way We Work, Live, Play, and Learn is a service mark; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You,
Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS,
Cisco
Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation,
Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive,
HomeLink, Internet Quotient, IOS, iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, IronPort, the
IronPort
logo, LightStream, Linksys, MediaTone, MeetingPlace, MGX, Networkers, Networking Academy, Network Registrar,
PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to
Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its
affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner
does not imply a partnership relationship between Cisco and any other company. (0801R)
Smart Business Communications System 1.1 Design Guide
© 2008 Cisco Systems, Inc. All rights reserved.
1
Smart Business Communications System 1.1 Design Guide
OL-15367-01
CONTENTS
Overview 3
Solution Components 5
Secure Network Foundation 6
Local Area Network Design 6
Virtual Local Area Networks 7
IEEE 802.1Q Trunking 8
Spanning Tree 8
SmartPort Roles 8
Cisco Smart Assist 9
Power-over-Ethernet 9
Wide Area Network Design 10
Layer-3 Design 10
IP Addressing 10
Trivial File Transfer Protocol 12
Domain Name System 13
Network Address Translation 13
IP Routing 14
Network Time Protocol 15
Quality of Service 15
Basic Concepts of QoS 15
LAN QoS 17
WAN QoS 17
Integrated Security Design 18
Infrastructure Protection 19
Policy Enforcement 19
Secure Connectivity 20
Unified Communications 21
Call Processing Capabilities 21
Call Coverage Features 22
Call Handling Features 22
IP Phone Features 22
Remote IP Phones 23
Ephones and Ephone-DNs 24
Dial Plan 25
Contents
2
Smart Business Communications System 1.1 Design Guide
OL-15367-01
Analog Devices 25
Cisco Unified IP End-points 26
Voice Gateway 27
Telephony Interfaces 27
Digital Signal Processor Resources 28
SIP Trunking 29
Messaging and Auto Attendant 29
System Parameters 30
Mailboxes, Users, and Groups 30
Auto Attendant (AA) 31
Wireless LAN—The Cisco Mobility Express 32
Wireless LAN Overview 32
Cisco Mobility Express Solution 32
Autonomous Wireless Networks 33
Controller-based Wireless Networks 34
Selecting the Optimal WLAN Solution 35
Key Design Recommendations for Cisco Mobility Express Solution 36
System Management 36
Cisco Configuration Assistant 37
Network Monitoring 37
Cisco Monitor Manager 37
Cisco Monitor Director 37
External Application Integration 37
References 38
Product References 38
Technology References 38
Bill of Materials 40
Corporate Headquarters:
Copyright © 2007 Cisco Systems, Inc. All rights reserved.
Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA
Smart Business Communications System 1.1
Design Guide
Overview
The Cisco Smart Business Communications System is designed for small- and medium-sized businesses
(SMB) to provide voice, data, video, security, and wireless capabilities—while integrating with existing
applications, such as calendar, E-mail, and customer relationship management (CRM). The Cisco Smart
Business Communications System provides a complete portfolio of Cisco Unified Communications
products, as well as wired and wireless networking solutions. It provides access to the right mix of key
communications, productivity, and business applications.
This document provides practical design guidance for a secure business networking solution where
everyday communications are made more efficient. Cisco partners and resellers can help
small-to-medium businesses (SMBs) leverage the full value of their voice and data networks by
deploying reliable and secure Cisco Unified Communications 500 Series devices (UC520), Cisco
Catalyst Express 520 Series switches (CE520), Cisco 500 Series Wireless Express Mobility Controllers
(WLC526), autonomous or controller-based (AP521 or LAP521) access points (AP), and IP end points
from Cisco Systems. The Cisco Smart Business Communications System is provisioned using Cisco
Configuration Assistant (CCA)—an easy-to-use Graphical User Interface (GUI)-based tool. The design
guidance provided in this document and the implementation guidance covered in the Smart Business
Communications System 1.1 Implementation Guide combine to provide a verified reference that ensures
each individual system component, and those configurable using Cisco Configuration Assistant, work
well together.
This design guide explains how to implement a secure voice and data network that supports up to 48
voice users and up to 250 data users with centralized, controller-based WLAN capability. The core of
this design is the Cisco Unified Communications 500 Series device, which provides data networking,
integrated security, local call processing, integrated messaging, and voice gateway services. A
Cisco
871w router at a home office or mobile worker location provides data networking as well as
integrated security services, but leverages the main office for call processing, messaging, and voice
gateway services.
To summarize this solution, the Cisco Smart Business Communications System provides the following
capabilities:
• Wide Area Network (WAN) access
• Local Area Network (LAN) switching
4
Smart Business Communications System 1.1 Design Guide
OL-15367-01
Overview
• Controller-based Wireless LAN roaming connectivity
• Integrated security
• Call processing
• Integrated messaging
• GUI-based provisioning using Cisco Configuration Assistant
• GUI-based network management using Cisco Monitor Director Agent and Cisco Monitor Director
This design provides enhanced functionality; however, it is implemented with the objective of reducing
overall system complexity. This enables partners and customers with varying levels of technical
knowledge to deploy the Cisco Smart Business Communications System solution.
Figure 1 shows a typical network topology of Smart Business Communication System:
Figure 1 Smart Business Communications System 1.1 Topology
WAN connectivity on the UC520 device is provided through a FastEthernet port by connecting the
UC520 LAN port to the LAN port of the device provided by the Internet service provider—such as a
cable or DSL modem. PSTN trunks can be either analog FXO, ISDN BRI, T1/E1 PRI or a mix of two
such connections. Data connectivity is not supported on via BRI or PRI of a UC520 device—only voice
can be used.
222712
WS-CE520
Fax
UC520
Cisco
871W
Main Office
Teleworker
At Home Office (optional)
Mobile Worker
At any public place
(optional)
Cisco Configuration
Assistant and
Cisco Monitor Director Agent
Cable/DSL
Modem
Cisco Monitor Director
V
Internet
IP
PSTN
IP
V
Partner Site
WLC526
LAP521
IP
5
Smart Business Communications System 1.1 Design Guide
OL-15367-01
Overview
Solution Components
Two general network schemes are addressed in this publication: fully wired networks; and networks
supporting wireless clients.
Table 1 provides a list of the hardware platforms used to build the system
without wireless. Table 2 provides a list of hardware and capacity to add the wireless solution in Smart
Business Communications System system. PSTN voice calls, and Analog stations capacity as same as
shown in
Table 1.
Note Even though one AP can support seven 802.11b or 12 802.11g wireless IP phones, very large numbers
of wireless data users on a single AP might impact wireless voice quality.
Table 3 lists the various software applications required to provision and manage all of the products in
the design summarized in this publication. Download the latest version of software to a common
directory of your laptop PC.
Ta b l e 1 Hardware Platforms for SBCS Wired-only Solution—Sample Configuration
Number of
Voice-Users
Wired
Data-Users
PSTN Voice
Calls
1
1. The VIC slot in all models can be used to increase the number of supported PSTN calls or analog stations by four.
Analog
Stations
1
UC Device Access Switch
0-8 8 4 4 UC520-8U No
9-16 16 4 4 UC520-16U WS-CE520-8PC
17-24 24 8 4 UC520-24U WS-CE520-8PC (2)
25-32 32 8 0 UC520-32U WS-CE520-24PC
33-48 56 12
2
2. If the 48-user model has T1/E1 port, the number of PSTN calls can be 23 or 30.
0 UC520-48U WS-CE520-24PC (2)
Home Office 4 NA NA C871 No
Ta b l e 2 Hardware Platforms for SBSC with Wireless Solution—Sample Configuration
Number of
Voice-Users
Wired
Data-Users
Wireless
Data-Users
UC Device Access Switch Wireless LAN Solution
0-8 8 Up to 20 UC520W-8U No Integrated AP
9-16 16 Up to 60 UC520W-16U WS-CE520-8PC Integrated AP or 1-2 AP521s
1
1. Up to three autonomous Cisco IOS-based AP-521s (including a UC520W’s integrated AP) can be used to increase coverage when there are fewer users,
but those users are spread across a large area. Only controller-based WLANs be used for more that 16 voice-users Smart Business Communications
System solution.
17-24 24 Up to 90 UC520-24U UC520-24U Three AP521 or WLC526 & 3-6
LAP521
25-32 32 Up to 120 UC520-32U WS-CE520-24PC WLC526 (1), LAP521s (3-6)
33-48 56 Up to 240 UC520-48U WS-CE520-24PC (2) WLC526 (1-2), LAP521s (4-12)
Home Office 4 NA C871 No Integrated AP
6
Smart Business Communications System 1.1 Design Guide
OL-15367-01
Secure Network Foundation
The Bill of Materials for the design described in this document is provided in the “Bill of Materials”
section on page 40.
Secure Network Foundation
The Secure Network Foundation (SNF) addresses small business requirements for a secure network
infrastructure. SNF design implements the LAN, WAN, and integrated security services and thus builds
the foundation for the Cisco Smart Business Communications System. The SNF design is flexible,
modular, and scalable and allows future introduction of enhanced capabilities in network. It is a fully
adapted design for the unified communications need of a small business with up to 48 voice-users and
up to 250 data-users.
Local Area Network Design
For larger deployments, LAN designs consist of core, distribution, and access layers. Core and
distribution layers are often collapsed into one layer for smaller deployments. LAN designs are typically
deployed in one of three ways. Each of these deployment options provides certain benefits. These three
types of LAN designs are:
• Layer-2 switching between all layers
Ta b l e 3 Software Applications Required
Location Purpose Software Applications
A PC at
customer’s main
office
Provision of all devices listed in
Table 1 or Table 2.
Cisco Configuration Assistant, Version 1.5 from:
(click download software)
Upgrading UC520 device. Version 4.2.6 of UC520-Complete ZIP/TAR with all components
from:
/>Upgrading CE520 switch.
Click Switches Software. On next web page click LAN Switches
and navigate to download Cisco IOS software for applicable
Catalyst Express 520 switch.
Upgrading WLC-526 Controller />LAN_controller
Network Monitoring & Management Cisco Monitor Manager version 1.1.2 Follow this link to
download:
/>Mobile worker’s
laptop PC
Access to main office Appropriate Cisco VPN Client Software from:
/>IP Phone connected to main office Cisco IP Communicator, version 2.1.2 from:
/>Teleworker’s
home-office
Cisco IOS image on Cisco 871 router c870-advipservicesk9-mz.124-11.XW5 image from
A PC at the
partner site
Monitoring and management of
customer network
Cisco Monitor Director version 1.1.2 Follow this link to download:
/>
7
Smart Business Communications System 1.1 Design Guide
OL-15367-01
Secure Network Foundation
• Layer-3 routing between the core and distribution layers, with Layer-2 switching between the
distribution and access layers
• Layer-3 routing between all layers
The LAN design used in this system consists only of Layer-2 switching, mainly because of its simplicity.
The design, regardless of the number of users supported, contains only an access layer, no redundant
components, and a loop-free, Layer-2 topology.
Virtual Local Area Networks
Virtual LANs (VLANs) are logical connections that enable groups of devices, such as PCs, desktops,
and IP phones, to communicate as if they were connected to the same physical wire even though they
might be connected to completely different LAN switches.
In this design, VLANs are used to group voice devices on the Cisco Voice VLAN (assigned the value of
100) and data devices on the Cisco Data VLAN (assigned the value of 1). In contrast to large unified
network designs, this design uses only two VLANs even after adding centralized controller-based
WLAN. When AP-521s are used to expand the WLAN, VLANs are assigned in same manner as with the
integrated AP. In this design, WLC-526 and LAP-521 are used to build a centralized, controller -based
WLAN. This design continues to use only two VLANs by manually synchronizing VLANs between the
WLC-526 and UC520. Use of only two VLAN makes it very simple to separate the two types of devices
and eases other tasks, such as Dynamic Host Configuration Protocol (DHCP) server administration and
IP addressing.
Figure 2 illustrates the Layer-2 characteristics of the LAN design.
Figure 2 Layer-2 LAN in Smart Business Communications System 1.1 Design
Note One benefit of using IEEE 802.1q trunking on Cisco IP Phones is that it permits PC access via an IP
phone port. Most Cisco IP Phones have a built-in three-port switch: One port is invisible and is used
internally for IP phones using the Voice VLAN; one port is used to connect a PC using the Data VLAN;
223089
LAP521
V
Layer 2 LAN
V
IP
WS-CE520
WLC526
Cisco-Data VLAN 100
Cisco-Voice VLAN 1
Native VLAN for 802.1Q
802.1Q Trunk over physical connection between Switchports
UC520
IP
8
Smart Business Communications System 1.1 Design Guide
OL-15367-01
Secure Network Foundation
and, one port is used to connect the IP phone to a switch using an IEEE 802.1q trunk. With this setup,
when an IP phone is added to a switch there is no loss of ports. The PC that is to be connected to the
switch can be connected to the network via the access port of the IP phone.
IEEE 802.1Q Trunking
Trunking enables the physical connections between devices to carry traffic from multiple VLANs
configured on these devices. It is pre-configured on the UC520 and CE520. WLC-526s and LAP-521s
(or AP-521s) are configured to match this factory default trunking configuration. A native VLAN (such
as VLAN 1 in this solution) is required to configure the IEEE 802.1Q trunk. When deployed in this
manner, security risks—such as VLAN hopping and double IEEE 802.1Q tagging attacks—are
mitigated.
Spanning Tree
The Spanning Tree Protocol (STP) is used by Layer-2 devices to enable them to dynamically discover
loops in the network and to block them. STP is not an issue in this design because no physical loops
exist. However, STP is enabled as a precautionary measure to prevent any issues in the event that two
switches are connected together with two separate cables. STP provides following capabilities:
• Fast convergence using IEEE 802.1w; enabled by default
• PortFast or fast-start feature: Supported for Desktop, IP phone + Desktop, Printer, and Server
SmartPort roles
The IEEE 802.1d-based STP dictates that the port starts out blocking, and then immediately moves
through the listening and learning phases, before going to the forwarding or disabled state. Cisco
switches use the IEEE 802.1w standard where disabled, blocking, and listening states are merged in
discarded state, and thus enable fast convergence.
The PortFast, or fast-start, feature of STP assumes that the port is not part of a loop, immediately moves
to the forwarding state, and does not go through the blocking, listening, or learning states. It does not
disable STP, but makes STP skip the initial steps (unnecessary steps, in this circumstance) on the
selected port.
SmartPort Roles
The SmartPort roles are Cisco-verified feature templates based on the type of devices (such as desktops,
IP phones, servers, and switches) that are connected to the switch ports. These templates consistently
and reliably configure essential Layer-2 switching, security, Power-over-Ethernet (PoE) for IP phones
and wireless APs, and Quality of Service (QoS) features with minimal effort and expertise. The
templates also streamline the configuration process by reducing redundant command entries and
preventing problems caused by switch port misconfiguration. The SmartPort role for a switchport is
selected from a drop-down menu in GUI-based provisioning application. A SmartPort role reflects the
type of device to be connected.
Table 4shows the recommended SmartPort roles for this design.
9
Smart Business Communications System 1.1 Design Guide
OL-15367-01
Secure Network Foundation
Cisco Smart Assist
Cisco Smart Assist is a collection of features that provided auto-configuration and service activation
between Cisco products and applications. This technology enables plug-and-play functionality to reduce
setup time and optimize network setting. It is embedded in Cisco configuration assistant. Cisco Smart
Assist features are supported on all products in the Smart Business Communications System. These
features facilitate:
• Improved ease-of-set up and deployment of Cisco products
• Optimized network performance and security
• Simplified ongoing operation of growing Cisco networks
Cisco Smart Assist features take place as devices and applications are discovered within the Cisco
network. These features implement pre-defined network settings or behaviors in areas such as network
security, QoS, and software activation.
Power-over-Ethernet
Power-over-Ethernet (PoE) is a 48-volt DC power supply capability provided over standard Ethernet
unshielded twisted-pair (UTP) cable. PoE enables IP phones, AP-521s, LAP-521s, and other inline
powered devices (PDs) to obtain power via an Ethernet connection. The switches providing PoE must be
inline power-capable. Deploying inline power-capable switches that are powered with uninterrupted
power supplies (UPS) ensures that all devices remain operational during power failure situations and that
IP phones can still make and receive calls. CE520 switches used in this design provide inline power by
default. The CE520 used in this design supports both Cisco PoE inline power and the IEEE 802.3af PoE
standard. All 24 PoE ports on the CE520-24PC can supply up to 15.4W (IEEE 802.3af standard
maximum) of PoE for a total of 370W of inline power.
Ta b l e 4 Recommended Smartports Role
Device Port Type and Number
Recommended Port
Role
Recommended Device
Connection
UC520 8-port internal Switch: FastEthernet port 1/0 to 1/7 IP Phone+Desktop IP Phone/Desktop
Access Point AP-521/LAP-521
Access Point WLC-526
Expansion Port: FastEthernet 1/8 Switch WS-CE520 series of
switch
WAN Port: FastEthernet 0/0 Cannot be changed. LAN port of DSL/Cable
Modem
WS-CE520-24PC FastEthernet 1 to 24 IP Phone+Desktop IP Phone/Desktop
Access Point AP-521/LAP-521
Access Point WLC-526
Expansion Slots: GigabitEthernet 1 to 2 Switch UC520 or another
WS-CE520 switch
10
Smart Business Communications System 1.1 Design Guide
OL-15367-01
Secure Network Foundation
Wide Area Network Design
Wide Area Networks (WANs) are built with many technologies and are delivered by different types of
service providers. Some WAN access methods provide guaranteed levels of service for bandwidth and
quality based on Service Level Agreement (SLA); others provide best effort services.
Table 5 provide a
list of both guaranteed and best effort WAN services.
The WAN access method used for this design is based on a DSL or cable connection. This is a best effort
type of service. However, this option is growing in popularity due to the lower monthly price, the ease
of installation, and the higher bandwidth available with the service.
The UC520 in the main office and the Cisco 871w in the home office are connected to a modem device
and provided by a service provider via designated WAN port, which is a FastEthernet port on either
device.
Layer-3 Design
Layer-3 functionality provides the capabilities necessary to forward traffic between Layer-2 switching
segments, or VLANs. Layer-3 designs consist of several components, including IP addressing, Network
Address Translation (NAT), and IP routing. This section covers each of these components and describes
how they are deployed within the design presented.
IP Addressing
The IP addressing scheme is integral to the process of routing IP traffic through a network. Each IP
address has specific components and follows a basic format. Using IPv4, as in this design, each host on
a TCP/IP network is assigned a unique 32-bit logical address that is divided into two main parts: the
network number and the host number. The network number identifies a range of IP addresses and the
host number identifies a single device within the network.
IP addressing can be assigned in either a static or dynamic method. If a static method is used, specific
addresses are assigned to devices by a network administrator or service provider. This method is
recommended for a device that must maintain a consistent address because it is offering services to other
devices. An example of this type of device is an E-mail server.
If a dynamic method is used, the Dynamic Host Configuration Protocol (DHCP) assigns IP addresses to
devices as they are needed. This eases the administration of IP addresses because they need not be
statically assigned to end points. For example, DHCP enables users to move their devices, such as
laptops, to different locations without having to manually change the IP address of the device. DHCP
also helps preserve IP addresses because they can be reallocated if an end point no longer needs an IP
address. In addition to IP addresses, DHCP can deliver other network information, such as a default
gateway, subnet mask, and server addresses to reduce the configuration effort and time.
Figure 3 shows the DHCP server running on the UC520.
Ta b l e 5WAN Services
SLA-based Guaranteed Service Best Effort Service
Leased lines, MPLS VPN Cable
Metro Ethernet Digital Subscriber Line (DSL)
11
Smart Business Communications System 1.1 Design Guide
OL-15367-01
Secure Network Foundation
Figure 3 DHCP Server Running on the UC520
This design deploys a combination of static and dynamic IP addressing. It is important to note that the
IP addresses are separated into two distinct domains. One domain is managed by the service provider
and the other is managed by the customer (or partner). The UC520 WAN interface resides in the service
provider domain and is assigned an IP address, either statically or via DHCP, by the service provider.
The UC520 LAN interfaces, switchports, and servers reside in the customer domain and are assigned
static IP addresses because other devices rely on them for services such as E-mail, Internet access, and
default gateway routing. The remaining end points, including the PCs, desktops, and IP phones, reside
in the customer domain are assigned dynamic IP addresses using the DHCP pools.
The DHCP service is provided by the UC520 in this design. The DHCP server running on the UC520 is
configured with the address ranges for the Cisco Data and Cisco Voice VLANs. The DHCP server also
provides a default gateway IP address to the end points. For the Cisco Voice VLAN, the DHCP server is
configured with option 150 in order to provide the TFTP server address to the IP phones. Finally, the
DHCP server is configured with specific addresses that are excluded from the dynamic address range
because they are assigned to the UC520 itself, additional switches, WLC-526s and servers and must not
be assigned to other devices.
The UC520 is configured with an additional DHCP scope that serves remote locations. This DHCP
address pool is allocated for the Virtual Private Network (VPN) tunnel endpoint at remote location. This
VPN tunnel endpoint is located either on the WAN interface of Cisco 871w or on the mobile worker
laptop with software VPN client.
IP phones, desktops, and laptops at the home office also require dynamic IP address assignment. The
Cisco 871w router at the home office is configured with a DHCP address scope. These IP addresses are
for the devices connected to the LAN and WLAN of the home office.
Table 6 provides the IP addressing scheme used in this design. IP addresses under data VLAN 1 and
voice VLAN 100 are pre-configured on UC520.
191895
IP
V
Laptop
IP Phone
UC520
DHCP
Serve
r
Voice VLAN Scope
Data VLAN Scope
Ta b l e 6 IP Addressing Scheme
Description IP Address Assignment Method
WAN interface of the main office
UC520
100.100.1.2/24 From ISP
1
WAN interface of a home office
(optional)
100.100.1.3/24 From ISP
2
VPN network between main
office and home offices
(optional)
10.20.10.2/24 - 10.20.10.20/24 Dynamic (from main office
UC520)
Main office Cisco Data
VLAN
(1)
192.168.10.1/24 Static
12
Smart Business Communications System 1.1 Design Guide
OL-15367-01
Secure Network Foundation
Trivial File Transfer Protocol
Trivial File Transfer Protocol (TFTP) is a simplified version of File Transfer Protocol (FTP) that allows
files to be transferred from one computer to another over a network, usually without the use of client
authentication (for example, username and password).
In a Unified Communications system, IP phones rely on a TFTP server to acquire configuration
information. This information is contained in a configuration file that is unique to each IP phone. The
file is assigned a name based on the MAC address of the IP phone. For example, an IP phone with the
MAC address of ABCDEF123456 would be associated with a file named SEPABCDEF123456.cnf.xml.
In addition to configuration information, such as the Cisco Unified Communications Manager Express
source address at UC520 (in this case, 10.1.1.1), the file also contains the version of software for the IP
phone. If the IP phone does not have the version of software specified in the configuration file, it
downloads the correct version.
This design guide recommends configuring the UC520 as the TFTP server. This is accomplished by
using the IP address of the UC520 in Option 150 of the DHCP scope, which is used for voice devices
and is part of the factory default configuration. The configuration files and IP phone software are stored
in UC520.
Figure 4 shows a diagram of the DHCP and TFTP servers running on the UC520 and is provided as
reference.
Main office Cisco Voice
VLAN
(100)
10.1.1.1/24 Static
Main office servers,
Management VLAN of
WLC-526
192.168.10.1/24 -
192.168.10.10/24
Static
Main office data end points 192.168.10.11/24 -
192.168.10.254/24
Dynamic
Main office voice end points 10.1.1.11/24 - 10.1.1.254/24 Dynamic
VPN Tunnel endpoints at remote
location (optional)
192.168.20.1/24 -
192.168.20.10/24
Dynamic
Home office endpoints
(connected to Cisco 871w) -
optional
10.10.10.1/29 - 10.10.10.6/29 Dynamic
1. These WAN IP addresses are simulated to validate this design. In real-life, the Internet Service Provider (ISP) assigns these
addresses either statically or dynamically via DHCP.
2. These WAN IP addresses are simulated to validate this design. In real-life, the Internet Service Provider (ISP) assigns these
addresses either statically or dynamically via DHCP.
Table 6 IP Addressing Scheme (continued)
Description IP Address Assignment Method
13
Smart Business Communications System 1.1 Design Guide
OL-15367-01
Secure Network Foundation
Figure 4 DHCP and TFTP Servers Running on the UC520
If the design includes the optional teleworker/home offices that are connected to the main office via the
Internet, the IP phones at these locations must also be configured to use the UC520’s Cisco Unified
Communications Manager Express source address (10.1.1.1 in this case) at the main office as the TFTP
server.
Domain Name System
A Domain Name System (DNS) is a system used on the Internet and in intranets for translating host
names of network devices into IP addresses. Host names, such as www.cisco.com, are typically easier to
remember than IP addresses.
Network Address Translation
Network Address Translation (NAT) translates a private IP address (defined by RFC-1918) to a public
IP address, which is recognized and routable in the public Internet. It enables devices connected to
private (inside) IP networks to communicate with the public (outside) Internet.
There are three types of NAT:
• Static NAT—Static one-to-one mapping
• Dynamic NAT—Dynamic one-to-one mapping using address pools
• Overload NAT (often referred to as Port Address Translation or PAT)—Dynamic one-to-many
mapping of multiple private IP addresses to one public IP address.
NAT is used on a UC520 that connects two networks in order to translate the private address space into
the public address space. For example, if a customer uses the IP address range of 192.168.10.0/24 for
the devices on its private network, the customer must use NAT to translate those addresses into an IP
address or range of IP addresses that are registered for use on the public Internet. This allows for external
communication. NAT simplifies and conserves IP address usage by reducing the customer requirement
for a large number of publicly registered IP addresses. See
Figure 5.
191896
IP
V
Laptop
IP Phone
DHCP
Server
TFTP
Server
V
Voice VLAN Scope
Phone Configuration
and Software
Data VLAN Scope
UC520
14
Smart Business Communications System 1.1 Design Guide
OL-15367-01
Secure Network Foundation
Figure 5 Network Address Translation on UC520
In this design, overload NAT, or PAT, is configured by default on the UC520 because the number of IP
addresses (provided or purchased from the DSL or cable provider) are insufficient to support one-to-one
mapping of inside-to-outside addresses. Typically, the customer is given only one public IP address that
is assigned to the WAN interface of the UC520 and is unique on the Internet. When devices on the private
network must access the Internet, the UC520 translates the IP address of the internal device into this
external IP address and assigns a specific port number to this translation. The port number helps the
UC520 identify which translation is mapped to the internal device.
Note If a customer has a Demilitarized Zone (DMZ) where it provides host servers for external users, then
Static NAT is required. DMZ is not common for SMBs and is not discussed in Smart Business
Communication System network design.
If the design includes teleworkers or home offices connected to the main office via the Internet, NAT is
not explicitly configured on the Cisco 871w router at the home offices. EasyVPN client on the Cisco
871w router invisibly configures overload NAT for LAN devices at a home office to map to a single IP
address assigned by UC520 at the main office. There is no split tunnel at home office router; both internal
and external traffic travel through a VPN connection established with the UC520 at main office.
IP Routing
IP routing protocols, such as Open Shortest Path First (OSPF) and Enhanced Interior Gateway Routing
Protocol (Enhanced IGRP) are used in large designs that contain many different networks and multiple
entry and exit points to the network from the service providers. These protocols are essential for
providing optimum and redundant forwarding paths for IP traffic.
Device A
10.1.1.11
UC520
WS-CE520
Cable/DSL Modem
223090
Inside
Device B
10.1.1.12
Private IP Address Space
10.1.1.11-10.1.1.254
Outside
Public IP Address
of UC520
100.100.1.2
Device
1
10
Inside IP
10.1.1.1
10.1.1.10
Outside IP
100.100.1.2:5001
100.100.1.2:5002
NAT Translation Table
V
Internet
IP
IP
V
15
Smart Business Communications System 1.1 Design Guide
OL-15367-01
Secure Network Foundation
However, in smaller deployments, such as the design described in this document, routing protocols are
not necessary because they add a layer of provisioning and overhead that is unnecessary. This design is
for such small deployments without redundant paths to Internet. There is only one entry and exit point
to the service provider via the designated WAN interface of the UC520. In light of these factors, only a
simple static default route is required on the UC520 to forward traffic to the Internet. For internal traffic,
routing protocols are not necessary because the UC520 is directly connected to every Layer-2 VLAN
within the design and serves as the default gateway for each VLAN.
Network Time Protocol
The Network Time Protocol (NTP) is a standard protocol built on top of TCP/IP that ensures accurate
local time synchronization within a network that consists of routers, switches, and other devices. The
time is maintained by a master source, which is typically a radio or atomic clock located on the Internet.
This protocol is capable of synchronizing distributed clocks within milliseconds over long time periods.
NTP is critical in any network because it ensures that all devices contain accurate and synchronized time
stamps. This is especially important if the network contains IP communications components, such as
UC520 and IP phones, all of which require time synchronization to function properly. NTP also ensures
that network events and messages, which are captured in error and security logs, traces and system
reports, contain accurate time information that helps when troubleshooting and managing any network.
Additionally, NTP is important for collecting call detail records and generating billing reports.
We recommend, if possible, referencing one of the master clocks located on the Internet as the NTP
server within a network. If this is not an option, the UC520 at the main office can be used as the NTP
master as configured by default and the other network devices can reference this UC520 as the NTP
server. It is important to note that the UC520 is not the best option for the NTP master because the clock
time is not maintained during UC520 reboots and power outages.
Quality of Service
Quality of Service (QoS) relates to the ability of a network to provide differentiated service to selected
types of network traffic over various underlying technologies such as DSL, cable, Frame Relay, ATM,
and Ethernet. QoS delivers improved and more predictable network service by providing the following:
• Dedicated bandwidth support for specific types of traffic
• Improved traffic loss characteristics
• Network congestion avoidance and management techniques
• Traffic shaping to smooth intermittent bursts
• Traffic prioritization across a network
QoS can be used in both the LAN and WAN. If voice traffic is sent and received via the WAN connection,
then QoS must be configured in order to provide a certain amount of dedicated bandwidth and to
prioritize voice over other types of network traffic.
Basic Concepts of QoS
This section introduces some fundamental QoS concepts. Traffic is classified as it enters the network,
where it is marked for appropriate treatment. Common methods to differentiate traffic are Layer-2 CoS
or IEEE 802.1p, Layer-3 Type of Service (ToS), or Layer-3 Differentiated Services Code Point (DSCP).
16
Smart Business Communications System 1.1 Design Guide
OL-15367-01
Secure Network Foundation
Each port on a network device has a series of input and output queues: input queues for ingress (inbound
traffic) and output queues for egress traffic (outbound traffic). Queues are temporary storage areas for
data. The amount assigned for a queue (temporary storage) is known as buffer.
Data waits in input queues before it can be taken in for switching; or waits in output queues before it can
be transmitted out. When a frame arrives at a port at times of congestion, it is placed into a RX (input)
queue. The decision behind which queue the frame is placed in is done based on the CoS (Class of
Service) value in the Ethernet header of the incoming frame.
On egress, a scheduling algorithm is employed to empty the TX (output) queue. For each queue, a
weighting is used to dictate how much data will be emptied from the queue before moving onto the next
queue. The weighting assigned by a number from 1 to 255 assigned to each TX queue.
At the time of congestion packets may get dropped. It results in TCP re-transmission making congestion
even worse, which results in buffer overflow. To avoid this situation threshold values are assigned to each
queue. Thresholds are imaginary levels that define utilization points at which the congestion
management algorithm can start dropping data from the queue.
In the context of QoS, frames are assigned with different priorities based on CoS, and mapped to these
thresholds. As the buffer begins to fill and thresholds are breached, the frames identified by CoS to
threshold mapping are dropped. This mapping can be used in QoS decisions such follows:
• At what thresholds, frames with specific CoS values are eligible to be dropped (default)
• Which queue a frame is placed into, based on its CoS value (default)
QoS policy (mapping) can override the default policies shown above:
• CoS values on an incoming frame to a DSCP value
• IP precedence values on an incoming frame to a DSCP value
• DSCP values to a CoS value for an outgoing frame
• CoS values to drop thresholds on receive queues
• CoS values to drop thresholds on transmit queues
• DSCP markdown values for frames that exceed policing statements
• CoS values to a frame with a specific destination MAC address
Figure 6 describes IP Precedence, DSCP, and ToS. DSCP (Differentiated Services Code Point) is a
five-bit value in the one-byte ToS (Type of Service) field in IPV4 header.
17
Smart Business Communications System 1.1 Design Guide
OL-15367-01
Secure Network Foundation
Figure 6 QoS as Element of IPV4 ToS Field
LAN QoS
For this design, QoS in the LAN is dynamically configured via SmartPort roles when the templates are
assigned to the switch ports. The templates automatically map the CoS and DSCP values to specific
queues and set the round robin queuing allocations for the switch ports.
For example, if the IP phone+Desktop SmartPort role is assigned to a switch port, voice traffic from the
IP phone is always prioritized over the data traffic from the connected desktop device. The voice traffic
is then sent to one of four available queues within the switch port of the device. This queue is provisioned
with a specific amount of dedicated bandwidth that is only available to voice traffic. The other three
queues share the remaining bandwidth in a round robin fashion for other data traffic.
WAN QoS
In most networks, the connection between the integrated switchports in the LAN is typically 10 or 100
Mbps while the WAN connection ranges from only 1.5 Mbps to 10 Mbps. This often creates a situation
where the UC520 must process more traffic from the LAN than it can send on the WAN. As a result, the
WAN interface becomes congested because it cannot handle all of the traffic coming upstream from the
LAN. In the absence of QoS on WAN of UC520, critical outgoing traffic, such as routing, VoIP signaling,
and real-time voice traffic will suffer. Please note that congestion is not issue with downstream traffic
received from the WAN because the LAN has more than enough bandwidth to handle the incoming
traffic.
To prevent congestion in outgoing traffic on the WAN interface, specific traffic classes must be designed
and an adequate amount of bandwidth must be assigned to each class to ensure that all traffic is provided
with the necessary QoS. When VoIP is present in the network, a special Low Latency Queue (LLQ) must
be provisioned. The LLQ is designed not only to provide a certain amount of bandwidth to voice bearer
traffic, but also to prioritize voice bearer traffic over other types of traffic using expedited forwarding
(EF) to help prevent delay, jitter, and packet retransmissions. Voice signaling traffic requires special
223091
Version
Length
ToS
1 Byte
ToS = 10100000 =160
IP Prec = 101 = 5 DSCP = 101000 = 40
Len ID Offset TTL Proto Data
1
IPV4
FCS IP-SA IP-DA
01 00000
PP P T RD
Delay
0 Normal
1 Minimise
Monetary
Cost
0 Normal
1 Minimise
Reserved
*ALWAYS*
set to zero
Troughput
0 Normal
1 Maximise
Reliability
0 Normal
1 Maximise
MR
Differentiated
Services Code
Point (DSCP)
IP Presedence
111 Network Control
110 Internetwork Ctl
101 Critical
100 Flash Overide
011 Flash
010 Immediate
001 Priority
000 Routine
3 bit called IP Presedence for
differentiated services
18
Smart Business Communications System 1.1 Design Guide
OL-15367-01
Secure Network Foundation
treatment as well, but is not as delay-sensitive as the voice bearer traffic. Therefore, voice signaling is
allocated to a Class-Based Weighted Fair Queue (CBWFQ) with assured forwarding (AF). Finally, all
other data traffic is assigned to the remaining CBWFQ, but is only provided with best effort service.
Table 7 lists the traffic classes and bandwidth allocations used in this design. If the design includes the
optional teleworker/home office, the same parameters are used on Cisco 871w.
Integrated Security Design
Network security, including wireless security, is critical to protect a business and its resources from
various threats, such as viruses, worms, and denial-of-service (DoS) attacks. When a comprehensive
security strategy is implemented, protective measures can be implemented to identify, prevent, and
mitigate security threats effectively. Integrating these security measures into the network infrastructure
components not only helps protect the network, but also eliminates the need for autonomous security
devices. The same functionality can be delivered and managed from existing devices.
This section describes several areas of network security, including infrastructure protection, policy
enforcement, and secure connectivity, all of which have been deployed within this design. Each security
function is integrated into the appropriate device within the network. All of the network devices,
including the UC520, CE520, WLC-526, LAP-521, and Cisco 871w, provide infrastructure protection
services. The UC520 also provides policy enforcement and secure connectivity services.
Figure 7 shows where the areas of security are deployed in the design.
Ta b l e 7 Traffic Classes and Bandwidth Provisioning for the WAN
Traffic Class Description IP Precedence
1
1. Refer to Figure 6
Per Hop
Behavior (PHB) Queuing Type
Bandwidth
(BW)
Guarantee
Real Time Voice Bearer 5 EF PQ (LLQ) 33 to 50
percent
Signaling Voice
Signaling
3 AF CBWFQ 10 percent
Best Effort Data Traffic 0, 1, 4 Best Effort CBWFQ Remains after
PQ
19
Smart Business Communications System 1.1 Design Guide
OL-15367-01
Secure Network Foundation
Figure 7 Areas of Integrated Security Design
Infrastructure Protection
The network infrastructure is the foundation on which critical business applications, such as sales tools,
voice services, and E-mail access are deployed. As a result, the components of the network infrastructure
are often targets of attacks that can directly or indirectly disrupt business operations. In order to ensure
the availability of the network, it is critical to implement the security tools and the security best practices
that help protect each network component and the infrastructure as a whole.
In this design, the UC520 is configured with infrastructure protection services using the Security Audit
feature of the Cisco Configuration Assistant (CCA). The security audit is performed on the UC520
during the initial configuration to ensure that:
• Unused services, such as IP source routing and IP BOOTP server, are disabled.
• Necessary services, such as password encryption and logging, are enabled.
• Secure device access for console, Telnet, SSH, and HTTP connections are enabled.
The integrated switchports are configured with infrastructure protection services using the SmartPort
feature. Each SmartPort role configures specific security features based on the connected device. These
security features include items such as BPDU guard and filtering, broadcast storm control, and port
security.
Policy Enforcement
Policy enforcement defines the acceptable and unacceptable use of the network resources and other
devices attached to the network. For this design, a basic integrated firewall is deployed within the UC520
to uphold policy enforcement. The firewall is configured with access and inspection rules on the WAN
interface and does not permit any external traffic into the network unless the traffic arrives via the VPN
(optional) or is a reply to a session that was originally sourced from the internal network.
223092
V
V
Infrastructure Protection
Secure Device Access
Port-Based Security
Disable Unused Services
Traffic Control
Spanning Tree Protection
Enable Necessary Services
Policy Enforcement
Anti-Spoofing Services
Unauthorized access
prevention
Secure Connectivity
Virtual Private Network
UC520
Cisco 871W
WS-CE520 WLC526
LAP521
20
Smart Business Communications System 1.1 Design Guide
OL-15367-01
Secure Network Foundation
Note There is no DMZ in this design, so an advanced firewall configuration is not required.
Secure Connectivity
Secure connectivity provides measures to protect against the interception and alteration of information
being transported within untrusted environments. The objective is to ensure the confidentiality of the
information. VPNs can be used to provide secure connectivity because they help extend the network
from a main office to branch offices, home offices, and mobile workers.
VPNs enable IP traffic to travel securely over a public IP network, such as the Internet, by encrypting all
of the traffic from one network to another or from one device to another. To encrypt the information,
protocols, such as the Digital Encryption Standard (DES) or Advanced Encryption Standard (AES), are
employed. In addition to encryption, other security features are used to build VPNs. Authentication
mechanisms, such as pre-shared keys or RSA signatures, are used to authenticate each side of the VPN
tunnel; hash algorithms, such as Message Digest 5 (MD5) and Secure Hash Algorithm (SHA), are used
to authenticate the data sent within the tunnel. Together, these security features form secure tunnels that
help ensure voice and data privacy and authenticity. In addition to the protocols that a VPN is comprised
of, there are several different types of VPNs, including site-to-site IPSec VPNs, Dynamic Multipoint
IPSec VPNs, Easy VPNs, and Secure Socket Layer (SSL) VPNs. Each option provides its own set of
benefits for the appropriate deployment.
For this design, EasyVPN is used for the optional teleworker/home office and mobile worker because it
simplifies the deployment by centralizing the management of all devices to ensure that consistent
policies are used and to ease the administration of remote devices. There are two components with
EasyVPN, a centralized server and the remote VPN devices/clients. The server runs on the UC520 at the
main office and delivers the VPN policies to the remote devices. The remote VPN component runs on
either the Cisco 871w router at the home office or a software-based VPN client on the laptop of a mobile
worker. The remote device receives the VPN policies from the server which minimizes the configuration
requirements in remote home offices and mobile locations. This design does not support split-tunneling,
therefore all traffic from home office, including the traffic for Internet, travel through VPN connection
established with the UC520 at main office. Both the EasyVPN server and remote clients are easily
configured using CCA. See
Figure 8.
Figure 8 VPN Deployment
The recommendations listed in this section provide an ideal scenario. It is important that any partner or
customer compare these recommendations to an existing company security policy before implementing
them. Additionally, it is important to determine whether software clients, such as the Cisco EasyVPN
client, support the recommendations and specific customer security policies
223093
UC520
Main Office Home Office
Internet
VPN Tunnel (No CAC or QoS)
V
Cisco 871W
Easy VPN Server Easy VPN Remote
VPN Policies
21
Smart Business Communications System 1.1 Design Guide
OL-15367-01
Unified Communications
Unified Communications
This section discusses the Unified Communications design used for the Smart Business Communications
System. Descriptions are included of the features that are implemented to provide call processing
capability, voice gateway functionality, and integrated messaging. Many of these features are
pre-configured and ready-to-use with the initial installation.
Call Processing Capabilities
The UC520 is a feature-rich IP telephony system that provides the call processing for small and medium
businesses and is at the core of the Smart Business Communications System. The Cisco Smart Business
Communications System provides a secure network infrastructure, thereby reducing the number of
devices deployed within the network. By using a single platform to deliver data, security, and voice
services, partners and customers are able to streamline operations and reduce maintenance costs. The
Unified Communications 500 Series offers the following services:
• Extension number assignment and speed dial provisioning to registered IP phones
• Call processing for IP phone-to-IP phone, IP phone-to-PSTN, and PSTN-to-IP phone calls
• Supplementary services such as call hold and transfer, Music-on-Hold (MoH), hardware
(DSP)-based transcoding, and conferencing (up to eight party and Meet-me feature)
• Skinny Client Control Protocol (SCCP) and Session Initiation Protocol (SIP) IP phones
• Integrated Voicemail—IMAP (Internet Mail Access Protocol) integration and VoiceView Express
• Automated Attendant
• Analog device support, including traditional telephones, fax machines, and modems
• Remote IP phones for teleworkers at home offices and mobile workers
The Smart Business Communications System can be deployed in one of three ways:
• PBX Model—Incoming PSTN calls are routed to a receptionist at an attendant console or to an AA.
Phone users may be in separate offices or be geographically separated and therefore often use the
telephone to contact each other.
• Keyswitch Model—All IP phones shares lines and are able to answer any incoming PSTN call at any
time without the aid of a receptionist or AA. Phone users are generally in close proximity and have
little need to use the telephone to contact each other.
• Hybrid (PBX + Keyswitch) Model—This is the combination of both PBX and keyswitch model; it
includes both unique per-phone extension and shared PSTN lines depending on phone user’s role in
the organization.
Note The Smart Business Communications System provides a critical communications component in any
customer network. Therefore, Cisco recommends that all elements of the Cisco Smart Business
Communications System always remain connected to an uninterrupted power supply (UPS).
Traditional telephony systems are based on physical connections between analog endpoints (such as
telephones and fax machines) and a circuit-switched telephony system (such as PBXs and the PSTN).
The capabilities of these traditional telephony systems are limited and expensive. The Cisco IP telephony
system is a packet-switched telephony system. It is based on software-constructs that represent IP end
points and voice channels. These constructs provide greater flexibility when provisioning end points,
phone numbers, and voice channels. The Smart Business Communications System includes the Cisco IP
22
Smart Business Communications System 1.1 Design Guide
OL-15367-01
Unified Communications
telephony system pre-configured on the UC520. The following section, although not required for
completing an installation of the Cisco Smart Business Communications System, is provided for a better
understanding of underlying calling features, technology, and concepts.
Call Coverage Features
Call coverage features ensure that all incoming calls are answered by a user or application, such as AA
or voicemail, regardless of whether the originally dialed number is busy or does not answer. This is
accomplished by a class of supplementary services available in UC520. The key call coverage features
implemented with this design include the following:
• Call Waiting—If a second call is delivered to a user that is already connected to a call, the user has
the ability to either answer the call or let the system forward the incoming call to AA or voicemail.
• Call Forwarding—Diverts a call to an alternate answering point based on a specific condition such
as no answer, busy, all calls, or night service hours.
• Call Hunt—When a call is placed to a specific extension it is sent to multiple phones, often in a
preferred order, until the call is answered.
• Call Pickup—Enables a user at one phone to answer an incoming call to another phone.
Call Handling Features
Call handling features enable users to manipulate existing calls in various ways. This is accomplished
by a class of supplementary services available in UC520. The key call handling features implemented
this design includes the following:
• Call Hold—Places an existing call into hold state to answer another incoming call.
• Call Transfer—Changes the connection of a call from one destination to another without
disconnecting the caller. Call transfers can be blind or consultative. A blind transfer is one in which
the transferring extension connects the caller to a destination extension before ringback begins. A
consultative transfer is one in which the transferring party either connects the caller to a ringing
phone (ringback heard) or speaks with the third party before connecting the caller to the third party.
• Conferencing—Creates calls that consist of three or more parties in a single conversation.
Three-party conferencing can be hosted on an IP phone. Up to eight-party conferencing and
Meet-me conferencing can be hosted using the DSP resources of a UC520 with special provisioning.
• Call Park—Places a call on hold by using a special extension that functions as a temporary parking
spot for the call, and then another user or phone in the system can retrieve the call.
• Call Blocking—Prevents users from placing unauthorized outgoing calls to specific number patterns
during certain time periods throughout the day.
IP Phone Features
IP phone features are the appearance or operation of an IP phone. These features can be changed by a
class of supplementary services available in UC520. The key IP phone features are:
• Speed Dials—Enables users to associate frequently dialed numbers with phone buttons so the
system can quickly dial the number when the corresponding button is used.
• Intercom—Establishes a dedicated two-way audio path between two IP phones that enables users to
speak to each other regardless of whether one of them is already connected with another call.
23
Smart Business Communications System 1.1 Design Guide
OL-15367-01
Unified Communications
• Paging —Provides a one-way audio path to idle IP phones that have been designated to receive
paging, which automatically answer the call using the speakerphone.
• Music-on-Hold (MoH) —When put on hold, plays an audio stream to the caller who is calling via
the PSTN or VoIP. This audio stream can be either stored in UC520 or fed from via MoH port. But
if the caller is a local IP phone, only a periodic repeating tone is played.
Remote IP Phones
In addition to local IP phones connected on PoE ports, the UC52 8/16-user models provide two
additional licenses and 32/48-user models provide four additional licenses to support remote IP phones
at a home office or mobile worker laptop PC. The total number of IP phones cannot exceed licenses
shown in
Table 8.
Remote IP phones are configured in the same manner as local IP phones and functions just as any other
IP phone. UC520 supports transcoding to translate G.711 CODEC to G.729 CODEC for remote workers
with low bandwidth Internet connection.
Figure 9 Remote IP Phones
To implement remote IP phones in this design, the following recommendations are provided:
• The Cisco Smart Business Communications System does not support emergency services via E911
support for teleworker/home office IP phones. Emergency calls placed from remote IP phones are
routed through the UC520 at the main office to the local Public Safety Answering Point (PSAP).
The PSAP has information for the main office, but does not have valid information for the remote
IP phone location. Therefore, we recommend that users in teleworker/home offices use the PSTN
phone for emergency calls because the local PSAP already has valid information for that device.
• The teleworker/home office must have a broadband connection such as cable or DSL. A single VoIP
call requires approximately 128 Kbps of bi-directional bandwidth when using G.711 CODEC that
uses the payload of 160 byte. Bandwidth requirement reduces to 28 kbps if low bandwidth when
using G.729 CODEC that uses payload of 20 bytes. Broadband connections, in general, provide
much higher downstream bandwidth. The upstream bandwidth is much lower (256 to 384 Kbps in
general), but still sufficient to support one or two VoIP calls. Quality of voice is affected if there is
congestion due to data traffic by other applications. In such a case, use of G.729 CODEC is
recommended.
• If the main office also uses a broadband connection, it must have a premium service with higher
upstream bandwidth. Higher upstream bandwidth is a requirement at the main office because it
serves as the aggregation point for all the teleworker/home offices. When using the G.711 CODEC,
four calls with remote IP phones require (128 * 4) 512 Kbps upstream bandwidth. Whereas only 112
223094
No E911 Support
V
Main Office
Home Office
IP
IP Phone
UC520
Remote IP Phone with
G.711 Codec
(transcoding support)
(for low bandwidth remote workers)
Cisco 871W
VPN Tunnel
VPN Tunnel
Internet
Mobile Worker
with Softphone
