Authorized Self-Study Guide

Implementing Cisco Unified
Communications Manager,
Part2(CIPT2)
Chris Olsen, CCSI, CCVP

Cisco Press
8 0 0 East 96th Street
Indianapolis, IN 46240 USA


Implementing Cisco Unified Communications Manager, Part 2 (CIPT2)
Chris Olsen
Copyright © 2009 Cisco Systems, Inc.
Published by:
Cisco Press
800 East 96th Street
Indianapolis, IN 46240 USA
All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or by any information storage and retrieval system, without written
permission from the publisher, except for the inclusion of brief quotations in a review.
Printed in the United States of America
First Printing October 2008
Library of Congress Control Number: 2008014863
ISBN-13: 978-1-58705-561-4
ISBN-10: 1-58705-561-9

Warning and Disclaimer
This book is designed to provide information about Cisco Unified Communications administration and to provide test

preparation for the CIPT Part 2 exam, which is part of the CCVP certification. Every effort has been made to make this
book as complete and accurate as possible, but no warranty or fitness is implied.
The information is provided on an "as is" basis. The author, Cisco Press, and Cisco Systems, Inc. shall have neither
liability nor responsibility to any person or entity with respect to any loss or damages arising from the information
contained in this book or from the use of the discs or programs that may accompany it.
The opinions expressed in this book belong to the author and are not necessarily those of Cisco Systems, Inc.

Trademark Acknowledgments
All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Cisco Press or Cisco Systems, Inc., cannot attest to the accuracy of this information. Use of a term in this book
should not be regarded as affecting the validity of any trademark or service mark.

Corporate and Government Sales
The publisher offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales,
which may include electronic versions and/or custom covers and content particular to your business, training goals
marketing focus, and branding interests. For more information, please contact: U.S. Corporate and Government
Sales 1-800-382-3419
For sales outside the United States, please contact: Internationa) Sales



The Cisco Press self-study book series is as described, intended for self-study. It has not been designed for
use in a classroom environment. Only Cisco Learning Partners displaying the following logos are authorized
providers of Cisco curriculum. If you are using this book within the classroom of a training company that
does not carry one of these logos, then you are not preparing with a Cisco trained and authorized provider.
For information on Cisco Learning Partners please visit:www.cisco.com/go/authorizedtraining. To provide
Cisco with any information about what you may believe is unauthorized use of Cisco trademarks or
copyrighted training material, please visit: />
il|lil | I

CISCO


• 1111111
CISCO

Learning
Solutions
Partner

Learning
Partner


Feedback Information
At Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each book is crafted
with care and precision, undergoing rigorous development that involves the unique expertise of members from the
professional technical community.
Readers* feedback is a natural continuation of this process. If you have any comments regarding how we
could improve the quality of this book, or otherwise alter it to better suit your needs, you can contact us through
e-mail at Please make sure to include the book title and ISBN in your message.
We greatly appreciate your assistance.
Publisher: Paul Boger

Copy Editor: Gayle Johnson

Associate Publisher: Dave Dusthimer

Technical Editors: James Mclnvaille, Joseph Parlas

Cisco Representative: Anthony Wolfenden


Editorial Assistant: Vanessa Evans

Cisco Press Program Manager: Jeff Brady

Book Designer: Louisa Adair

Executive Editor: Brett Bartow

Composition: Octal Publishing, Inc.

Managing Editor: Patrick Kanouse

Indexer: Brad Herriman

Development Editor: Kimberley Debus

Proofreader: Paula Lowell

Project Editor: Seth Kerney


About the Author
Chris Olsen, CCSI and CCVP, has been an IT and telephony consultant for 12 years and
has been a technical trainer for more than 17 years. He has taught more than 60 different
courses in Cisco, Microsoft, and Novell and for the last four years has specialized in Cisco
Unified Communications. Chris and his wife, Antonia, live in Chicago and Mapleton,
Illinois. He can be reached at


About the Technical Reviewers

James Mclnvaille, CCSI No. 21904, is a Certified Cisco Systems Instructor for Cisco
Learning Partner Global Knowledge Network, Inc., as well as a contract consultant. As an
instructor, he is responsible for training students worldwide and consulting in the deployment of
routing, switching, and IP telephony solutions. Previously, Mr. Mclnvaille was a Solutions
Engineer for EDS for the Bank of America voice transformation project. Prior to EDS,
Mr. Mclnvaille was a Senior Network Engineer for iPath Technologies, based in Reston,
Virginia. In this role, he provided technical training and professional services to Service
Providers and Enterprise users of Juniper Networks routing and security product line.
During this time, Mr. Mclnvaille earned his Juniper Networks Certified Internet Professional
(JNCIP #297) certification. Prior to iPath, Mr. Mclnvaille was the Lead Technical Consultant
(LTC) for the Carolina's region of Dimension Data, NA. As an LTC, his responsibilities
included the support and guidance of five engineers and technicians involved in the consultation,
implementation, delivery, and training of VoIP and IP telephony solutions, as well as highlevel routing and switching designs. In his spare time, Mr. Mclnvaille and his beautiful wife
Lupe enjoy riding their Harley Davidson near their home in Kershaw, South Carolina.
Joe Parlas, CCSI No. 21904, has been an instructor for more than eight years, concentrating
specifically on Cisco Voice technologies. He has consulted for numerous Fortune 500 and
Fortune 1000 companies, such as Sweetheart Cup, Inc., Black and Decker, and McCormick
Spice. He has also acted as a senior consultant with Symphony Health Services, Inc. in
various capacities. Joe holds the CCNP, CCNA, A+, and MCSE: Messaging 2003 industry
certifications and primarily teaches for Global Knowledge Network, Inc. as a contract
instructor. Joe recently relocated his company, Parlas Enterprises, to the San Diego area,
where he lives with his wife Parvin Shaybany.


Dedication
This book is dedicated to my beautiful wife, Antonia. Her unending support, love, and
compassion are always a driving force in my life.

Acknowledgments
I would like to thank the entire team at Global Knowledge for their excellent support and

creation of a high-quality learning environment. Thanks also to the staff at Cisco Press for
their excellent support and advice.


Contents at a Glance
Foreword
Introduction

xx
xxi

Chapter 1

Identifying Issues in a Multisite Deployment

Chapter 2

Identifying Multisite Deployment Solutions

Chapter 3

Implementing Multisite Connections

Chapter 4

Implementing a Dial Plan for Multisite Deployments

Chapter 5

Examining Remote-Site Redundancy Options


Chapter 6

Implementing Cisco Unified SRST and MGCP Fallback

Chapter 7

Implementing Cisco Unified Communications Manager Express in
SRST M o d e

3
23

53
79

97
123

157

Chapter 8

Implementing Bandwidth Management

Chapter 9

Implementing Call Admission Control

Chapter 10


Implementing Call Applications on Cisco IOS Gateways

Chapter 11
Chapter 12

Implementing Device Mobility 277
Implementing Extension Mobility 3 0 1

Chapter 13

Implementing Cisco Unified Mobility

Chapter 14

Understanding C r y p t o g r a p h i c Fundamentals and PKI

Chapter 15

Understanding Native CUCM Security Features and
CUCMPKI

Implementing Security in CUCM

Appendix A

A n s w e r s to Chapter Review Questions
472

207

255

327

391

Chapter 16

ndex

177

419
465

359


viii

Contents
Foreword

xx

Introduction
Chapter 1

xxi


Identifying Issues in a Multisite Deployment

3

Chapter Objectives 3
Multisite Deployment Challenge Overview 3
Quality Challenges 5
Bandwidth Challenges 6
Availability Challenges 8
Dial Plan Challenges 9
Overlapping and Nonconsecutive Numbers
12
Fixed Versus Variable-Length Numbering Plans
13
Variable-Length Numbering, E.l 64 Addressing, and DID 15
Optimized Call Routing and PSTN Backup
15

NAT and Security Issues 17
Chapter Summary 18
References 19
Review Questions 19
Chapter 2

Identifying Multisite Deployment Solutions

23

Chapter Objectives 23
Multisite Deployment Solution Overview 24

Quality of Service 24
QoS Advantages

25

Solutions to Bandwidth Limitations 26
Low-Bandwidth Codecs and RTP-Header Compression
Codec Configuration in CUCM
29
Disabled Annunciator
29
Local Versus Remote Conference Bridges
30
Mixed Conference Bridge
Transcoders
31

30

Multicast MOH from the Branch Router Flash 33

Availability 37
PSTN Backup 38
MGCP Fallback
39
Fallback for IP Phones 40
Using CFUR During WAN Failure

42


Using CFUR to Reach Users on Cell Phones
AAR and CFNB

42

43

Mobility Solutions 44
Dial Plan Solutions 44
Dial Plan Components in Multisite Deployments

45

28


ix

NAT and Security Solutions 46
Cisco Unified Border Element in Flow-Through Mode

46

Summary 48
References 48
Review Questions 48
Chapter 3

Implementing Multisite Connections 53
Chapter Objectives 53

Examining Multisite Connection Options 54
MGCP Gateway Characteristics
H.323 Gateway Characteristics
SIP Trunk Characteristics
56

55
55

H.323 Trunk Overview 56
H.323 Trunk Comparison

57

MGCP Gateway Implementation 59
H.323 Gateway Implementation 61
Cisco I OS H.323 Gateway Configuration 63
CUCM H.323 Gateway Configuration
64

Trunk Implementation Overview 65
Gatekeeper-Controlled ICT and H.225 Trunk Configuration
Implementing SIP Trunks 67
Implementing Intercluster and H.225 Trunks
69

66

CUCM Gatekeeper-Controlled ICT and H.225 Trunk Configuration 70
Summary 73

References 73
Review Questions 74
Chapter 4

Implementing a Dial Plan for Multisite Deployments
Chapter Objectives 79
Multisite Dial Plan Overview 79
Implementing Access and Site Codes 80

79

Implementing Site Codes for On-Net Calls 80
Digit-Manipulation Requirements When Using Access and Site Codes

80

Access and Site Code Requirements for Centralized CallProcessing Deployments
82

Implementing PSTN Access 83
Transformation of Incoming Calls Using ISDN TON

84

Implementing Selective PSTN Breakout 86
Configure IP Phones to Use Remote Gateways for Backup PSTN Access 87
Considerations When Using Backup PSTN Gateways
88

Implementing PSTN Backup for On-Net Intersite Calls 89

Digit-Manipulation Requirements for PSTN Backup of On-Net Intersite Calls

Implementing Tail-End Hop-Off 91
Considerations When Using TEHO

92

89


Summary 92
Review Questions 93
Chapter 5

Examining Remote-Site Redundancy Options
Chapter Objectives 97
Remote-Site Redundancy Overview 98
Remote-Site Redundancy Technologies 99
Basic Cisco Unified SRST Usage 101
Cisco Unified SIP SRST Usage
CUCME in SRST Mode Usage
Cisco Unified SRST Operation
SRST Function
SRST Function
SRST Function
SRST Timing
Fallback
Gateway
Gateway
Gateway


101
102
102

of Switchover Signaling
103
of the Call Flow After Switchover
of Switchback
105
105

MGCP Fallback Usage
MGCP
MGCP
MGCP
MGCP

97

104

107

Operation
107
Fallback During Switchover
Fallback During Switchback
Fallback Process
110


108
109

Cisco Unified SRST Versions and Feature Support
SRST 4.0 Platform Density

112

112

Dial Plan Requirements for MGCP Fallback and SRST Scenarios

113

Ensuring Connectivity for Remote Sites
114
Ensuring Connectivity from the Main Site Using Call Forward Unregistered 115
CFUR Considerations
115
Keeping Calling Privileges Active in SRST Mode
SRST Dial Plan Example
117

Summary 118
References 119
Review Questions
Chapter 6

117


119

Implementing Cisco Unified SRST and MGCP Fallback

Chapter Objectives 123
MGCP Fallback and SRST Configuration

123

124

Configuration Requirements for MGCP Fallback and Cisco Unified SRST

Cisco Unified SRST Configuration in CUCM
SRST Reference Definition
CUCM Device Pool
126

125

125

SRST Configuration on the Cisco IOS Gateway
SRST Activation Commands
127
SRST Phone Definition Commands
127
SRST Performance Commands
128

Cisco Unified SRST Configuration Example

126

129

124


xi

MGCP-Gateway-Fallback Configuration on the Cisco IOS Gateway
MGCP Fallback Activation Commands
MGCP Fallback Configuration Example

130

131
131

Dial Plan Configuration for SRST Support in CUCM 132
SRST Dial Plan of CFUR and CSS 133
SRST Dial Plan: Max Forward UnRegistered Hops to DN 134
MGCP Fallback and SRST Dial Plan Configuration in the Cisco IOS Gateway 135
SRST Dial Plan Components for Normal Mode Analogy 135
SRST Dial Plan Dial Peer Commands 136
SRST Dial Plan Commands: Open Numbering Plans 140
SRST Dial Plan Voice Translation-Profile Commands for Digit Manipulation 142
SRST Dial Plan Voice Translation-Rule Commands for
Number Modification

143
SRST Dial Plan Profile Activation Commands for Number Modification

SRST Dial Plan Class of Restriction Commands
SRST Dial Plan Example

145

146

Telephony Features Supported by Cisco Unified SRST

150

Special Requirements for Voice-Mail Integration Using Analog Interfaces

Summary 152
References 152
Review Questions
Chapter 7

144

151

152

Implementing Cisco Unified Communications Manager Express in
SRST M o d e
157

Chapter Objectives 157
CUCME Overview 158
CUCME in SRST Mode
158
Standalone CUCME Versus CUCM and CUCME in SRST Mode

CUCME Features

161

CUCME Features and Versions
Other CUCME Features
162

General Configuration of CUCME
CUCME Basic Configuration

161

163
164

CUCME Configuration Providing Phone Loads
CUCME Configuration for Music On Hold

Configuring CUCME in SRST Mode 167
Phone-Provisioning Options 168
Advantages of CUCME SRST 169
Phone Registration Process 169
Configuring CUCME for SRST 170

CUCME for SRST Mode Configuration 172

Summary 173
References 173
Review Questions

173

165

165

159


xii

Chapter 8

Implementing Bandwidth Management
Chapter Objectives 177
Bandwidth Management Overview 177
CUCM Codec Configuration 178
Review of CUCM Codecs

177

179

Local Conference Bridge Implementation

Transcoder Implementation 184

181

Implementing a Transcoder at the Main Site
185
Configuration Procedure for Implementing Transcoders

Multicast MOH from Branch Router Flash Implementation

187

191

Implementing Multicast MOH from Branch Router Flash 192
Configuration Procedure for Implementing Multicast MOH from Branch Router
Flash 194

Summary 202
References 203
Review Questions 203
Chapter 9

Implementing Call Admission Control
Chapter Objectives 207
Call Admission Control Overview 208
Call Admission Control in CUCM 208
Locations 209
Locations: Hub-and-Spoke Topology


207

210

Locations: Full-Mesh Topology
211
Configuration Procedure for Implementing Locations-Based CAC
Locations Configuration Example of a Hub-and-Spoke Topology

212
212

RSVP-Enabled Locations 215
Three Call Legs with RSVP-Enabled Locations
215
Characteristics of Phone-to-RSVP Agent Call Legs
216
Characteristics of RSVP Agent-to-RSVP Agent Call Legs
RSVP Basic Operation
217
RSVP-Enabled Location Configuration
220

217

Configuration Procedure for Implementing RSVP-Enabled Locations-Based
CAC 221
Step 1: Configure RSVP Service Parameters
221
Step 2: Configure RSVP Agents in Cisco IOS Software

225
Step 3: Add RSVP A gents to CUCM 22 7
Step 4: Enable RSVP Between Location Pairs
228

Automated Alternate Routing 230
Automated Alternate Routing Characteristics
AAR Example 231
AAR Considerations
233
AAR Configuration Procedure

234

231


xi

H.323 Gatekeeper CAC 239
H.323 Gatekeeper Used for Call Routing for Address Resolution Only 240
Using an H323 Gatekeeper for CAC 243
H.323 Gatekeeper Also Used for Call Admission Control 245
Provide PSTN Backup for Calls Rejected by CAC
247
Configuration Procedure for Implementing H.323 Gatekeeper-Controlled Trunks
with CAC 248

Summary 249
References 249

Review Questions 250
Chapter 10

Implementing Call Applications on Cisco IOS Gateways
Chapter Objectives 255
Call Applications Overview 256
Tel Scripting Language

256

VoiceXML Markup Language
257
The Analogy Between HTML and VoiceXML
Advantages of VoiceXML
259

258

Cisco IOS Call Application Support 259
Tel Versus VoiceXML Features in Cisco IOS
260
Cisco IOS Call Application Support Requirements
261
Examples of Cisco IOS Call Applications Available for
Download at Cisco.com
262
Call Application Auto-Attendant Script Example
263
Remote-Site Gateway Using an Auto-Attendant Script
During a WAN Failure

265
Auto-Attendant Tel Script Flowchart

Call Application Configuration
Step
Step
Step
Step
Step
Call

266

267

1: Download the Application from Cisco.com
268
2: Upload and Uncompress the Script to Flash
268
3a: Configure the Call Application Service Definition
269
3b: Configure the Call Application Service Parameters
269
4: Associate the Call Application with a Dial Peer
270
Application Configuration Example
270

Summary 272
References 272

Review Questions 272
Chapter 11

Implementing Device Mobility

277

Chapter Objectives 277
Issues with Devices Roaming Between Sites 277
Issues with Roaming Devices

278

Device Mobility Solves Issues of Roaming Devices

279

255


xiv

Device Mobility Overview 280
Dynamic Device Mobility Phone Configuration Parameters
280
Device Mobility Dynamic Configuration by Location-Dependent
Device Pools
282

Device Mobility Configuration Elements


283

The Relationship Between Device Mobility Configuration Elements

Device Mobility Operation

284

285

Device Mobility Operation Flowchart

286

Device Mobility Considerations
289
Review of Line and Device CSSs 289
Device Mobility and CSSs
290
Examples of Different Call-Routing Paths Based on Device Mobility Groups and
TEHO 290

Device Mobility Configuration

293

Steps 1 and 2: Configure Physical Locations and Device Mobility Groups
Step 3: Configure Device Pools
293

Step 4: Configure Device Mobility Infos
294
Step 5a: Set the Device Mobility Mode CCM Service Parameter
295
Step 5b: Set the Device Mobility Mode for Individual Phones
296

293

Summary 297
References 297
Review Questions 297
Chapter 12

Implementing Extension Mobility 3 0 1
Chapter Objectives 301
Issues with Users Roaming Between Sites 301
Issues with Roaming Users

302

Extension Mobility Solves Issues of Roaming Users

303

CUCM Extension Mobility Overview 303
Extension Mobility: Dynamic Phone Configuration Parameters
304
Extension Mobility with Dynamic Phone Configuration by Device Profiles


CUCM Extension Mobility Configuration Elements

306

The Relationship Between Extension Mobility Configuration Elements

CUCM Extension Mobility Operation

307

308

Issues in Environments with Different Phone Models
310
Extension Mobility Solution to Phone Model Differences
310
Extension Mobility and Calling Search Spaces (CSS)
311
Alternatives to Mismatching Phone Models and CSS Implementations

CUCM Extension Mobility Configuration
Step
Step
Step
Step
Step

305

313


1: Activate the Cisco Extension Mobility Feature Service
313
2: Set Cisco Extension Mobility Service Parameters
314
3: Add the Cisco Extension Mobility Phone Service
315
4: Create Default Device Profiles
315
5a: Create Device Profiles
316

312


XV

Step 5b: Subscribe the Device Profile to the Extension Mobility Phone
Service 316
Step 6: Associate Users with Device Profiles
318
Step 7a: Configure Phones for Cisco Extension Mobility 318
Step 7b: Subscribe the Phone to the Extension Mobility Phone Service

320

Summary 320
References 321
Review Questions 321
Chapter 13


Implementing Cisco Unified Mobility
Chapter Objectives 327
Cisco Unified Mobility Overview 327

327

Mobile Connect and Mobile Voice Access Characteristics
Cisco Unified Mobility Features

328

329

Cisco Unified Mobility Call Flow 330
Mobile Connect Call Flow of Internal Calls Placed from a Remote Phone 330
Mobile Voice Access Call Flow
331

Cisco Unified Mobility Components 332
Cisco Unified Mobility Configuration Elements
333
Shared Line Between the Phone and the Remote Destination Profile
Relationship Between Cisco Unified Mobility Configuration Elements

Cisco Unified Mobility Configuration
Configuring Mobile Connect

338


338

Configuring Mobile Voice Access

348

Summary 355
References 355
Review Questions 355
Chapter 14

Understanding Cryptographic Fundamentals and PKI
Chapter Objectives 359
Cryptographic Services 359
Symmetric Versus Asymmetric Encryption 362
Algorithm Example: AES
363
Asymmetric Encryption
364
Algorithm Example: RSA
365
Two Ways to Use Asymmetric Encryption

359

366

Hash-Based Message Authentication Codes 366
Algorithm Example: SHA-1
367

No Integrity Provided by Pure Hashing

368

Hash-Based Message Authentication Code, or "Keyed Hash "

Digital Signatures 370

369

335
336


xv i

Public Key Infrastructure

372

Symmetric Key Distribution Protected by Asymmetric Encryption
Public Key Distribution in Asymmetric Cryptography
373
PKI as a Trusted Third-Party Protocol
374
PKI: Generating Key Pairs
374
PKI: Distributing the Public Key of the Trusted Introducer
PKI: Requesting Signed Certificates
376

PKI: Signing Certificates
376

372

374

PKI: Providing Entities with Their Certificates
377
PKI: Exchanging Public Keys Between Entities Using Their
Signed Certificates
378
PKI Entities
379
X.509v3 Certificates
380

PKI Example: SSL on the Internet 381
Internet Web Browser: Embedded Internet-CA Certificates
Obtaining the Authentic Public Key of the Web Server
Web Server Authentication
384
Exchanging Symmetric Session Keys
385
Session Encryption

382

383


386

Summary 387
References 387
Review Questions 387
Chapter 15

Understanding Native CUCM Security Features and C U C M PKI
Chapter Objectives 391
CUCM Security Features Overview 391
CUCM Security Feature Support

393

Cisco Unified Communications Security Considerations

CUCM IPsec Support 395
IPsec Scenarios in Cisco Unified Communications
IPsec on Network Infrastructure Devices
397

395

Signed Phone Loads 397
SIP Digest Authentication 398
SIP Digest Authentication Configuration Procedure
SIP Digest Authentication Configuration Example

399
399


SIP Trunk Encryption 400
SIP Trunk Encryption Configuration Procedure
SIP Trunk Encryption Configuration

401

401

394

391


xvii

CUCM PKI 402
Self-Signed Certificates
402
Manufacturing Installed Certificates
403
Locally Significant Certificates
403
Multiple PKI Roots in CUCM Deployments

404

Cisco Certificate Trust List
405
Cisco CTL Client Function

406
Initial CTL Download
408
IP Phone Verification of a New Cisco CTL
409
IP Phone Usage of the CTL 410
PKI Topology with Secure SRST 410
Trust Requirements with Secure SRST 412
Secure SRST: Certificate Import: CUCM
412
Secure SRST: Certificate Import: Secure SRST Gateway
Certificate Usage in Secure SRST

413

414

Summary 415
References 416
Review Questions 416
Chapter 16

Implementing Security in C U C M

419

Chapter Objectives 419
Enabling PKI-Based Security Features in CUCM 420
Configuration Procedure for PKI-Based CUCM Security Features
Enabling Services Required for Security 422

Installing the Cisco CTL Client 422
Cisco CTL Client Usage
423
Setting the Cluster Security Mode
Updating the CTL 425

421

424

CAPF Configuration and LSC Enrollment 425
CAPF Service Configuration Parameter
CAPF Phone Configuration Options

426
426

First-Time Installation of a Certificate with a Manually Entered Authentication
String 428
Certificate Upgrade Using an Existing MIC 429
Generating a CAPF Report to Verify LSC Enrollment
Finding Phones by Their LSC Status

431

Signed and Encrypted Configuration Files 431
Encrypted Configuration Files
432
Obtaining Phone Encrypted Configuration Files
433

Configuring Encrypted Configuration Files
434
Phone Security Profiles
434
Default SCCP Phone Security Profiles
435
Configuring TFTP Encrypted Configuration Files

436

430


xviii

Secure Signaling 436
Certificate Exchange in TLS 438
Server'-to-Phone Authentication
438
Phone-to-Server Authentication
439
TLS Session Key Exchange
440
Secure Signaling Using TLS 441

Secure Media Transmission Between Cisco IP Phones 441
SRTP Protection
442
SRTP Packet Format
443

SRTP Encryption
443
SRTP Authentication
444
Secure Call Flow Summary

445

Configuring IP Phones to Use Secure Signaling and Media Exchange
446
The Actual Security Mode Depends on the Configuration of Both Phones 447

Secure Media Transmission to H.323 and MGCP Gateways 447
H.323 SRTP CUCM
448
SRTP to MGCP Gateways

450

Secure Conferencing 450
Secure Conferencing Considerations

451

Secure Conferencing Configuration Procedure

452

Summary 458
References 459

Review Questions 459
Appendix A

A n s w e r s to Chapter Review Questions

Index

472

465


xix

Icons Used in This Book

Cisco Unified
Communications
Manager

Unified CM
Express

Cisco Unified
Border Element

Cisco Unity
Server

Router


Voice-Enabled
Router

WW0
SRST-Enabled
Router

Server

PC

Ethernet
Connection

Voice
Gateway

Security
Management

Laptop

Certificate
Authority

Switch

IP
Communicator


IP Phone

Analog
Phone

Conference
Bridge

Transcoder

Web
Server

Web
Browser

Cell Phone

Relational
Database

Z
Serial Line
Connection

Network Cloud

Command Syntax Conventions
The conventions used to present command syntax in this book are the same conventions

used in the IOS Command Reference. The Command Reference describes these
conventions as follows:
•

Boldface indicates commands and keywords that are entered literally as shown. In
actual configuration examples and output (not general command syntax), boldface
indicates commands that are manually input by the user (such as a show command).

•

Italic indicates arguments for which you supply actual values.

•

Vertical bars (I) separate alternative, mutually exclusive elements.

•

Square brackets ([ ]) indicate an optional element.

•

Braces ({ }) indicate a required choice.

•

Braces within brackets ([{ }]) indicate a required choice within an optional element.


XX


Foreword
Cisco certification self-study guides are excellent self-study resources for networking
professionals to maintain and increase their internetworking skills and to prepare for Cisco
Career Certification exams. Cisco Career Certifications are recognized worldwide and
provide valuable, measurable rewards to networking professionals and their employers.
Cisco Press exam certification guides and preparation materials offer exceptional—and
flexible—access to the knowledge and information required to stay current in one's field
of expertise, or to gain new skills. Whether used to increase internetworking skills or as a
supplement to a formal certification preparation course, these materials offer networking
professionals the information and knowledge they need to perform on-the-job tasks
proficiently.
Developed in conjunction with the Cisco certifications and training team, Cisco Press
books are the only self-study books authorized by Cisco. They offer students a series of
exam practice tools and resource materials to help ensure that learners fully grasp the
concepts and information presented.
Additional authorized Cisco instructor-led courses, e-learning, labs, and simulations are
available exclusively from Cisco Learning Solutions Partners worldwide. To learn more,
visit />I hope you will find this guide to be an essential part of your exam preparation and
professional development, as well as a valuable addition to your personal library.
Drew Rosen
Manager, Learning and Development
Learning@Cisco
September 2008


xx i

Introduction
Professional certifications have been an important part of the computing industry for many

years and will continue to become more important. Many reasons exist for these certifications, but the most popularly cited reason is that of credibility. All other considerations held
equal, a certified employee/consultant/job candidate is considered more valuable than one
who is not.

Goals and Methods
The most important goal of this book is to provide you with knowledge and skills in
Unified Communications, deploying the Cisco Unified Communications Manager product.
Another goal of this book is to help you with the Cisco IP Telephony (OPT) Part 2 exam,
which is part of the Cisco Certified Voice Professional (CCVP) certification. The methods
used in this book are designed to be helpful in both your job and the CCVP Cisco IP
Telephony exam. This book provides questions at the end of each chapter to reinforce
the chapter content. Additional test preparation software from companies such as http://
www.selftestsoftware.com will give you additional test preparation questions to arm you
for exam success.
The organization of this book will help you discover the exam topics that you need to
review in more depth, help you fully understand and remember those details, and help you
test the knowledge you have retained on those topics. This book does not try to help you
pass by memorization, but helps you truly learn and understand the topics. The Cisco IP
Telephony Part 2 exam is one of the foundation topics in the CCVP certification. The
knowledge contained in this book is vitally important for you to consider yourself a truly
skilled Unified Communications (UC) engineer. The book aims to help you pass the Cisco
IP Telephony exam by using the following methods:
•

Helping you discover which test topics you have not mastered

•

Providing explanations and information to fill in your knowledge gaps


•

Providing practice exercises on the topics and the testing process via test questions at
the end of each chapter

Who Should Read This Book?
This book is designed to be both a general Cisco Unified Communications Manager book
and a certification preparation book. This book is intended to provide you with the
knowledge required to pass the CCVP Cisco IP Telephony exam for O P T Part 2.


Why should you want to pass the CCVP Cisco IP Telephony exam? The second O P T test
is one of the milestones toward getting the CCVP certification. The CCVP could mean a
raise, promotion, new job, challenge, success, or recognition, but ultimately you determine
what it means to you. Certifications demonstrate that you are serious about continuing the
learning process and professional development. In technology, it is impossible to stay at the
same level when the technology all around you is advancing. Engineers must continually
retrain themselves, or they find themselves with out-of-date commodity-based skill sets.

Strategies for Exam Preparation
The strategy you use for exam preparation might be different than strategies used by others.
It will be based on skills, knowledge, experience, and finding the recipe that works best
for you. If you have attended the O P T course, you might take a different approach than
someone who learned Cisco Unified Communications Manager on the job. Regardless of
the strategy you use or your background, this book is designed to help you get to the point
where you can pass the exam. Cisco exams are quite thorough, so don't skip any chapters.

How This Book Is Organized
The book covers the following topics:
•


Chapter 1, "Identifying Issues in a Multisite Deployment," sets the stage for this
book by identifying all the relevant challenges in multisite deployments requiring
Unified Communications solutions.

•

Chapter 2, "Identifying Multisite Deployment Solutions" is an overview of the
solutions to the challenges identified in Chapter 1 that are described in this book.

•

Chapter 3, "Implementing Multisite Connections " provides the steps to configure
Media Gateway Control Protocol (MGCP) and H.323 gateways as well as Session
Initiation Protocol (SIP) and intercluster trunks to function with Cisco Unified
Communications Manager (CUCM).

•

Chapter 4, "Implementing a Dial Plan for Multisite Deployments " provides a dial
plan solution and addresses toll bypass, tail-end hop-off (TEHO), and digit manipulation techniques in a multisite CUCM deployment.

•

Chapter 5, "Examining Remote-Site Redundancy Options " provides the foundation for maintaining redundancy at a remote site in the event of an IP WAN failure by
exploring the options for implementing Survivable Remote Site Telephony (SRST) and
MGCP fallback.


xxi


•

Chapter 6, Implementing Cisco Unified SRST and MGCP Fallback" presents the
configurations to implement SRST and MGCP fallback, along with implementing a
gateway dial plan and voice features in the SRST router.

•

Chapter 7, "Implementing Cisco Unified Communications Manager Express in
SRST Mode ," discusses the configuration approaches of Cisco Unified Communications Manager Express (CUCME) to support SRST fallback.

•

Chapter 8, "Implementing Bandwidth Managementshows you how to implement
bandwidth management with Call Admission Control (CAC) to ensure a high level of
audio quality for voice calls over IP WAN links by preventing oversubscription.

•

Chapter 9, "Implementing Call Admission Control" describes the methods of
implementing CAC in gatekeepers and CUCM and explores the benefits of Resource
Reservation Protocol (RSVP) and Automated Alternate Routing (AAR) in CUCM.

•

Chapter 10, "Implementing Call Applications on Cisco IOS Gateways," describes
Toolkit Command Language (Tel) and VoiceXML to implement call applications on
gateways.


•

Chapter 11, "Implementing Device Mobility," describes challenges for users
traveling between sites and provides the solution of mobility.

•

Chapter 12, "Implementing Extension Mobility," describes the concept of Extension Mobility and gives the procedure for implementing Extension Mobility for users
traveling to different sites.

•

Chapter 13, "Implementing Cisco Unified Mobility," gives the procedure for
implementing both Mobile Connect and Mobile Voice Application of Unified Mobility
in CUCM and a gateway.

•

Chapter 14, "Understanding Cryptographic Fundamentals and PKI," describes
the required fundamental principles and concepts of cryptography that are relevant to
implementing secure voice implementations in a Cisco Unified Communications
installation.

•

Chapter 15, "Understanding Native CUCM Security Features and CUCM PKI,"
helps you understand the security protocols of IPsec, Transport Layer Security (TLS),
SRTP, and SIP digest and the methods to implement secure voice in a CUCM
installation.
Chapter 16, "Implementing Security in CUCM," demonstrates how to further

implement security in a CUCM installation by securing IP Phones for their
configurations, signaling, and secure media for audio and conference calls.


CHAPTER

1

Identifying Issues in a
Multisite Deployment
Deploying Cisco Unified Communications Manager in a multisite environment has considerations
that pertain only to multisite deployments. Deploying Cisco Unified Communications solutions
between multiple sites requires an appropriate dial plan, enough bandwidth between the sites,
implementing quality of service (QoS), and a design that can survive IP WAN failures. This chapter
identifies the issues that can arise in a multisite Cisco Unified Communications Manager
deployment.

Chapter Objectives
Upon completing this chapter, you will be able to explain issues pertaining to multisite deployment
and relate those issues to multisite connection options. You will be able to meet these objectives:
•

Describe issues pertaining to multisite deployments

•

Describe quality issues in multisite deployments

•


Describe issues with bandwidth in multisite deployments

•

Describe availability issues in multisite deployments

•

Describe dial plan issues in multisite deployments

•

Describe Network Address Translation (NAT) and security issues in multisite deployments

Multisite Deployment Challenge Overview
In a multisite deployment, some of the challenges that can arise include the following:
•

Quality issues: Real-time communications of voice and video must be prioritized over a
packet-switching network. All traffic is treated equally by default in routers and switches. Voice
and video are delay-sensitive packets that need to be given priority to avoid delay and jitter
(variable delay), which would result in decreased voice quality.