Authorized Self-Study Guide
Implementing Cisco Unified
Communications Manager,
Part2(CIPT2)
Chris Olsen, CCSI, CCVP
Cisco Press
8 0 0 East 96th Street
Indianapolis, IN 46240 USA
Implementing Cisco Unified Communications Manager, Part 2 (CIPT2)
Chris Olsen
Copyright © 2009 Cisco Systems, Inc.
Published by:
Cisco Press
800 East 96th Street
Indianapolis, IN 46240 USA
All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or by any information storage and retrieval system, without written
permission from the publisher, except for the inclusion of brief quotations in a review.
Printed in the United States of America
First Printing October 2008
Library of Congress Control Number: 2008014863
ISBN-13: 978-1-58705-561-4
ISBN-10: 1-58705-561-9
Warning and Disclaimer
This book is designed to provide information about Cisco Unified Communications administration and to provide test
preparation for the CIPT Part 2 exam, which is part of the CCVP certification. Every effort has been made to make this
book as complete and accurate as possible, but no warranty or fitness is implied.
The information is provided on an "as is" basis. The author, Cisco Press, and Cisco Systems, Inc. shall have neither
liability nor responsibility to any person or entity with respect to any loss or damages arising from the information
contained in this book or from the use of the discs or programs that may accompany it.
The opinions expressed in this book belong to the author and are not necessarily those of Cisco Systems, Inc.
Trademark Acknowledgments
All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Cisco Press or Cisco Systems, Inc., cannot attest to the accuracy of this information. Use of a term in this book
should not be regarded as affecting the validity of any trademark or service mark.
Corporate and Government Sales
The publisher offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales,
which may include electronic versions and/or custom covers and content particular to your business, training goals
marketing focus, and branding interests. For more information, please contact: U.S. Corporate and Government
Sales 1-800-382-3419
For sales outside the United States, please contact: Internationa) Sales
The Cisco Press self-study book series is as described, intended for self-study. It has not been designed for
use in a classroom environment. Only Cisco Learning Partners displaying the following logos are authorized
providers of Cisco curriculum. If you are using this book within the classroom of a training company that
does not carry one of these logos, then you are not preparing with a Cisco trained and authorized provider.
For information on Cisco Learning Partners please visit:www.cisco.com/go/authorizedtraining. To provide
Cisco with any information about what you may believe is unauthorized use of Cisco trademarks or
copyrighted training material, please visit: />
il|lil | I
CISCO
• 1111111
CISCO
Learning
Solutions
Partner
Learning
Partner
Feedback Information
At Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each book is crafted
with care and precision, undergoing rigorous development that involves the unique expertise of members from the
professional technical community.
Readers* feedback is a natural continuation of this process. If you have any comments regarding how we
could improve the quality of this book, or otherwise alter it to better suit your needs, you can contact us through
e-mail at Please make sure to include the book title and ISBN in your message.
We greatly appreciate your assistance.
Publisher: Paul Boger
Copy Editor: Gayle Johnson
Associate Publisher: Dave Dusthimer
Technical Editors: James Mclnvaille, Joseph Parlas
Cisco Representative: Anthony Wolfenden
Editorial Assistant: Vanessa Evans
Cisco Press Program Manager: Jeff Brady
Book Designer: Louisa Adair
Executive Editor: Brett Bartow
Composition: Octal Publishing, Inc.
Managing Editor: Patrick Kanouse
Indexer: Brad Herriman
Development Editor: Kimberley Debus
Proofreader: Paula Lowell
Project Editor: Seth Kerney
About the Author
Chris Olsen, CCSI and CCVP, has been an IT and telephony consultant for 12 years and
has been a technical trainer for more than 17 years. He has taught more than 60 different
courses in Cisco, Microsoft, and Novell and for the last four years has specialized in Cisco
Unified Communications. Chris and his wife, Antonia, live in Chicago and Mapleton,
Illinois. He can be reached at
About the Technical Reviewers
James Mclnvaille, CCSI No. 21904, is a Certified Cisco Systems Instructor for Cisco
Learning Partner Global Knowledge Network, Inc., as well as a contract consultant. As an
instructor, he is responsible for training students worldwide and consulting in the deployment of
routing, switching, and IP telephony solutions. Previously, Mr. Mclnvaille was a Solutions
Engineer for EDS for the Bank of America voice transformation project. Prior to EDS,
Mr. Mclnvaille was a Senior Network Engineer for iPath Technologies, based in Reston,
Virginia. In this role, he provided technical training and professional services to Service
Providers and Enterprise users of Juniper Networks routing and security product line.
During this time, Mr. Mclnvaille earned his Juniper Networks Certified Internet Professional
(JNCIP #297) certification. Prior to iPath, Mr. Mclnvaille was the Lead Technical Consultant
(LTC) for the Carolina's region of Dimension Data, NA. As an LTC, his responsibilities
included the support and guidance of five engineers and technicians involved in the consultation,
implementation, delivery, and training of VoIP and IP telephony solutions, as well as highlevel routing and switching designs. In his spare time, Mr. Mclnvaille and his beautiful wife
Lupe enjoy riding their Harley Davidson near their home in Kershaw, South Carolina.
Joe Parlas, CCSI No. 21904, has been an instructor for more than eight years, concentrating
specifically on Cisco Voice technologies. He has consulted for numerous Fortune 500 and
Fortune 1000 companies, such as Sweetheart Cup, Inc., Black and Decker, and McCormick
Spice. He has also acted as a senior consultant with Symphony Health Services, Inc. in
various capacities. Joe holds the CCNP, CCNA, A+, and MCSE: Messaging 2003 industry
certifications and primarily teaches for Global Knowledge Network, Inc. as a contract
instructor. Joe recently relocated his company, Parlas Enterprises, to the San Diego area,
where he lives with his wife Parvin Shaybany.
Dedication
This book is dedicated to my beautiful wife, Antonia. Her unending support, love, and
compassion are always a driving force in my life.
Acknowledgments
I would like to thank the entire team at Global Knowledge for their excellent support and
creation of a high-quality learning environment. Thanks also to the staff at Cisco Press for
their excellent support and advice.
Contents at a Glance
Foreword
Introduction
xx
xxi
Chapter 1
Identifying Issues in a Multisite Deployment
Chapter 2
Identifying Multisite Deployment Solutions
Chapter 3
Implementing Multisite Connections
Chapter 4
Implementing a Dial Plan for Multisite Deployments
Chapter 5
Examining Remote-Site Redundancy Options
Chapter 6
Implementing Cisco Unified SRST and MGCP Fallback
Chapter 7
Implementing Cisco Unified Communications Manager Express in
SRST M o d e
3
23
53
79
97
123
157
Chapter 8
Implementing Bandwidth Management
Chapter 9
Implementing Call Admission Control
Chapter 10
Implementing Call Applications on Cisco IOS Gateways
Chapter 11
Chapter 12
Implementing Device Mobility 277
Implementing Extension Mobility 3 0 1
Chapter 13
Implementing Cisco Unified Mobility
Chapter 14
Understanding C r y p t o g r a p h i c Fundamentals and PKI
Chapter 15
Understanding Native CUCM Security Features and
CUCMPKI
Implementing Security in CUCM
Appendix A
A n s w e r s to Chapter Review Questions
472
207
255
327
391
Chapter 16
ndex
177
419
465
359
viii
Contents
Foreword
xx
Introduction
Chapter 1
xxi
Identifying Issues in a Multisite Deployment
3
Chapter Objectives 3
Multisite Deployment Challenge Overview 3
Quality Challenges 5
Bandwidth Challenges 6
Availability Challenges 8
Dial Plan Challenges 9
Overlapping and Nonconsecutive Numbers
12
Fixed Versus Variable-Length Numbering Plans
13
Variable-Length Numbering, E.l 64 Addressing, and DID 15
Optimized Call Routing and PSTN Backup
15
NAT and Security Issues 17
Chapter Summary 18
References 19
Review Questions 19
Chapter 2
Identifying Multisite Deployment Solutions
23
Chapter Objectives 23
Multisite Deployment Solution Overview 24
Quality of Service 24
QoS Advantages
25
Solutions to Bandwidth Limitations 26
Low-Bandwidth Codecs and RTP-Header Compression
Codec Configuration in CUCM
29
Disabled Annunciator
29
Local Versus Remote Conference Bridges
30
Mixed Conference Bridge
Transcoders
31
30
Multicast MOH from the Branch Router Flash 33
Availability 37
PSTN Backup 38
MGCP Fallback
39
Fallback for IP Phones 40
Using CFUR During WAN Failure
42
Using CFUR to Reach Users on Cell Phones
AAR and CFNB
42
43
Mobility Solutions 44
Dial Plan Solutions 44
Dial Plan Components in Multisite Deployments
45
28
ix
NAT and Security Solutions 46
Cisco Unified Border Element in Flow-Through Mode
46
Summary 48
References 48
Review Questions 48
Chapter 3
Implementing Multisite Connections 53
Chapter Objectives 53
Examining Multisite Connection Options 54
MGCP Gateway Characteristics
H.323 Gateway Characteristics
SIP Trunk Characteristics
56
55
55
H.323 Trunk Overview 56
H.323 Trunk Comparison
57
MGCP Gateway Implementation 59
H.323 Gateway Implementation 61
Cisco I OS H.323 Gateway Configuration 63
CUCM H.323 Gateway Configuration
64
Trunk Implementation Overview 65
Gatekeeper-Controlled ICT and H.225 Trunk Configuration
Implementing SIP Trunks 67
Implementing Intercluster and H.225 Trunks
69
66
CUCM Gatekeeper-Controlled ICT and H.225 Trunk Configuration 70
Summary 73
References 73
Review Questions 74
Chapter 4
Implementing a Dial Plan for Multisite Deployments
Chapter Objectives 79
Multisite Dial Plan Overview 79
Implementing Access and Site Codes 80
79
Implementing Site Codes for On-Net Calls 80
Digit-Manipulation Requirements When Using Access and Site Codes
80
Access and Site Code Requirements for Centralized CallProcessing Deployments
82
Implementing PSTN Access 83
Transformation of Incoming Calls Using ISDN TON
84
Implementing Selective PSTN Breakout 86
Configure IP Phones to Use Remote Gateways for Backup PSTN Access 87
Considerations When Using Backup PSTN Gateways
88
Implementing PSTN Backup for On-Net Intersite Calls 89
Digit-Manipulation Requirements for PSTN Backup of On-Net Intersite Calls
Implementing Tail-End Hop-Off 91
Considerations When Using TEHO
92
89
Summary 92
Review Questions 93
Chapter 5
Examining Remote-Site Redundancy Options
Chapter Objectives 97
Remote-Site Redundancy Overview 98
Remote-Site Redundancy Technologies 99
Basic Cisco Unified SRST Usage 101
Cisco Unified SIP SRST Usage
CUCME in SRST Mode Usage
Cisco Unified SRST Operation
SRST Function
SRST Function
SRST Function
SRST Timing
Fallback
Gateway
Gateway
Gateway
101
102
102
of Switchover Signaling
103
of the Call Flow After Switchover
of Switchback
105
105
MGCP Fallback Usage
MGCP
MGCP
MGCP
MGCP
97
104
107
Operation
107
Fallback During Switchover
Fallback During Switchback
Fallback Process
110
108
109
Cisco Unified SRST Versions and Feature Support
SRST 4.0 Platform Density
112
112
Dial Plan Requirements for MGCP Fallback and SRST Scenarios
113
Ensuring Connectivity for Remote Sites
114
Ensuring Connectivity from the Main Site Using Call Forward Unregistered 115
CFUR Considerations
115
Keeping Calling Privileges Active in SRST Mode
SRST Dial Plan Example
117
Summary 118
References 119
Review Questions
Chapter 6
117
119
Implementing Cisco Unified SRST and MGCP Fallback
Chapter Objectives 123
MGCP Fallback and SRST Configuration
123
124
Configuration Requirements for MGCP Fallback and Cisco Unified SRST
Cisco Unified SRST Configuration in CUCM
SRST Reference Definition
CUCM Device Pool
126
125
125
SRST Configuration on the Cisco IOS Gateway
SRST Activation Commands
127
SRST Phone Definition Commands
127
SRST Performance Commands
128
Cisco Unified SRST Configuration Example
126
129
124
xi
MGCP-Gateway-Fallback Configuration on the Cisco IOS Gateway
MGCP Fallback Activation Commands
MGCP Fallback Configuration Example
130
131
131
Dial Plan Configuration for SRST Support in CUCM 132
SRST Dial Plan of CFUR and CSS 133
SRST Dial Plan: Max Forward UnRegistered Hops to DN 134
MGCP Fallback and SRST Dial Plan Configuration in the Cisco IOS Gateway 135
SRST Dial Plan Components for Normal Mode Analogy 135
SRST Dial Plan Dial Peer Commands 136
SRST Dial Plan Commands: Open Numbering Plans 140
SRST Dial Plan Voice Translation-Profile Commands for Digit Manipulation 142
SRST Dial Plan Voice Translation-Rule Commands for
Number Modification
143
SRST Dial Plan Profile Activation Commands for Number Modification
SRST Dial Plan Class of Restriction Commands
SRST Dial Plan Example
145
146
Telephony Features Supported by Cisco Unified SRST
150
Special Requirements for Voice-Mail Integration Using Analog Interfaces
Summary 152
References 152
Review Questions
Chapter 7
144
151
152
Implementing Cisco Unified Communications Manager Express in
SRST M o d e
157
Chapter Objectives 157
CUCME Overview 158
CUCME in SRST Mode
158
Standalone CUCME Versus CUCM and CUCME in SRST Mode
CUCME Features
161
CUCME Features and Versions
Other CUCME Features
162
General Configuration of CUCME
CUCME Basic Configuration
161
163
164
CUCME Configuration Providing Phone Loads
CUCME Configuration for Music On Hold
Configuring CUCME in SRST Mode 167
Phone-Provisioning Options 168
Advantages of CUCME SRST 169
Phone Registration Process 169
Configuring CUCME for SRST 170
CUCME for SRST Mode Configuration 172
Summary 173
References 173
Review Questions
173
165
165
159
xii
Chapter 8
Implementing Bandwidth Management
Chapter Objectives 177
Bandwidth Management Overview 177
CUCM Codec Configuration 178
Review of CUCM Codecs
177
179
Local Conference Bridge Implementation
Transcoder Implementation 184
181
Implementing a Transcoder at the Main Site
185
Configuration Procedure for Implementing Transcoders
Multicast MOH from Branch Router Flash Implementation
187
191
Implementing Multicast MOH from Branch Router Flash 192
Configuration Procedure for Implementing Multicast MOH from Branch Router
Flash 194
Summary 202
References 203
Review Questions 203
Chapter 9
Implementing Call Admission Control
Chapter Objectives 207
Call Admission Control Overview 208
Call Admission Control in CUCM 208
Locations 209
Locations: Hub-and-Spoke Topology
207
210
Locations: Full-Mesh Topology
211
Configuration Procedure for Implementing Locations-Based CAC
Locations Configuration Example of a Hub-and-Spoke Topology
212
212
RSVP-Enabled Locations 215
Three Call Legs with RSVP-Enabled Locations
215
Characteristics of Phone-to-RSVP Agent Call Legs
216
Characteristics of RSVP Agent-to-RSVP Agent Call Legs
RSVP Basic Operation
217
RSVP-Enabled Location Configuration
220
217
Configuration Procedure for Implementing RSVP-Enabled Locations-Based
CAC 221
Step 1: Configure RSVP Service Parameters
221
Step 2: Configure RSVP Agents in Cisco IOS Software
225
Step 3: Add RSVP A gents to CUCM 22 7
Step 4: Enable RSVP Between Location Pairs
228
Automated Alternate Routing 230
Automated Alternate Routing Characteristics
AAR Example 231
AAR Considerations
233
AAR Configuration Procedure
234
231
xi
H.323 Gatekeeper CAC 239
H.323 Gatekeeper Used for Call Routing for Address Resolution Only 240
Using an H323 Gatekeeper for CAC 243
H.323 Gatekeeper Also Used for Call Admission Control 245
Provide PSTN Backup for Calls Rejected by CAC
247
Configuration Procedure for Implementing H.323 Gatekeeper-Controlled Trunks
with CAC 248
Summary 249
References 249
Review Questions 250
Chapter 10
Implementing Call Applications on Cisco IOS Gateways
Chapter Objectives 255
Call Applications Overview 256
Tel Scripting Language
256
VoiceXML Markup Language
257
The Analogy Between HTML and VoiceXML
Advantages of VoiceXML
259
258
Cisco IOS Call Application Support 259
Tel Versus VoiceXML Features in Cisco IOS
260
Cisco IOS Call Application Support Requirements
261
Examples of Cisco IOS Call Applications Available for
Download at Cisco.com
262
Call Application Auto-Attendant Script Example
263
Remote-Site Gateway Using an Auto-Attendant Script
During a WAN Failure
265
Auto-Attendant Tel Script Flowchart
Call Application Configuration
Step
Step
Step
Step
Step
Call
266
267
1: Download the Application from Cisco.com
268
2: Upload and Uncompress the Script to Flash
268
3a: Configure the Call Application Service Definition
269
3b: Configure the Call Application Service Parameters
269
4: Associate the Call Application with a Dial Peer
270
Application Configuration Example
270
Summary 272
References 272
Review Questions 272
Chapter 11
Implementing Device Mobility
277
Chapter Objectives 277
Issues with Devices Roaming Between Sites 277
Issues with Roaming Devices
278
Device Mobility Solves Issues of Roaming Devices
279
255
xiv
Device Mobility Overview 280
Dynamic Device Mobility Phone Configuration Parameters
280
Device Mobility Dynamic Configuration by Location-Dependent
Device Pools
282
Device Mobility Configuration Elements
283
The Relationship Between Device Mobility Configuration Elements
Device Mobility Operation
284
285
Device Mobility Operation Flowchart
286
Device Mobility Considerations
289
Review of Line and Device CSSs 289
Device Mobility and CSSs
290
Examples of Different Call-Routing Paths Based on Device Mobility Groups and
TEHO 290
Device Mobility Configuration
293
Steps 1 and 2: Configure Physical Locations and Device Mobility Groups
Step 3: Configure Device Pools
293
Step 4: Configure Device Mobility Infos
294
Step 5a: Set the Device Mobility Mode CCM Service Parameter
295
Step 5b: Set the Device Mobility Mode for Individual Phones
296
293
Summary 297
References 297
Review Questions 297
Chapter 12
Implementing Extension Mobility 3 0 1
Chapter Objectives 301
Issues with Users Roaming Between Sites 301
Issues with Roaming Users
302
Extension Mobility Solves Issues of Roaming Users
303
CUCM Extension Mobility Overview 303
Extension Mobility: Dynamic Phone Configuration Parameters
304
Extension Mobility with Dynamic Phone Configuration by Device Profiles
CUCM Extension Mobility Configuration Elements
306
The Relationship Between Extension Mobility Configuration Elements
CUCM Extension Mobility Operation
307
308
Issues in Environments with Different Phone Models
310
Extension Mobility Solution to Phone Model Differences
310
Extension Mobility and Calling Search Spaces (CSS)
311
Alternatives to Mismatching Phone Models and CSS Implementations
CUCM Extension Mobility Configuration
Step
Step
Step
Step
Step
305
313
1: Activate the Cisco Extension Mobility Feature Service
313
2: Set Cisco Extension Mobility Service Parameters
314
3: Add the Cisco Extension Mobility Phone Service
315
4: Create Default Device Profiles
315
5a: Create Device Profiles
316
312
XV
Step 5b: Subscribe the Device Profile to the Extension Mobility Phone
Service 316
Step 6: Associate Users with Device Profiles
318
Step 7a: Configure Phones for Cisco Extension Mobility 318
Step 7b: Subscribe the Phone to the Extension Mobility Phone Service
320
Summary 320
References 321
Review Questions 321
Chapter 13
Implementing Cisco Unified Mobility
Chapter Objectives 327
Cisco Unified Mobility Overview 327
327
Mobile Connect and Mobile Voice Access Characteristics
Cisco Unified Mobility Features
328
329
Cisco Unified Mobility Call Flow 330
Mobile Connect Call Flow of Internal Calls Placed from a Remote Phone 330
Mobile Voice Access Call Flow
331
Cisco Unified Mobility Components 332
Cisco Unified Mobility Configuration Elements
333
Shared Line Between the Phone and the Remote Destination Profile
Relationship Between Cisco Unified Mobility Configuration Elements
Cisco Unified Mobility Configuration
Configuring Mobile Connect
338
338
Configuring Mobile Voice Access
348
Summary 355
References 355
Review Questions 355
Chapter 14
Understanding Cryptographic Fundamentals and PKI
Chapter Objectives 359
Cryptographic Services 359
Symmetric Versus Asymmetric Encryption 362
Algorithm Example: AES
363
Asymmetric Encryption
364
Algorithm Example: RSA
365
Two Ways to Use Asymmetric Encryption
359
366
Hash-Based Message Authentication Codes 366
Algorithm Example: SHA-1
367
No Integrity Provided by Pure Hashing
368
Hash-Based Message Authentication Code, or "Keyed Hash "
Digital Signatures 370
369
335
336
xv i
Public Key Infrastructure
372
Symmetric Key Distribution Protected by Asymmetric Encryption
Public Key Distribution in Asymmetric Cryptography
373
PKI as a Trusted Third-Party Protocol
374
PKI: Generating Key Pairs
374
PKI: Distributing the Public Key of the Trusted Introducer
PKI: Requesting Signed Certificates
376
PKI: Signing Certificates
376
372
374
PKI: Providing Entities with Their Certificates
377
PKI: Exchanging Public Keys Between Entities Using Their
Signed Certificates
378
PKI Entities
379
X.509v3 Certificates
380
PKI Example: SSL on the Internet 381
Internet Web Browser: Embedded Internet-CA Certificates
Obtaining the Authentic Public Key of the Web Server
Web Server Authentication
384
Exchanging Symmetric Session Keys
385
Session Encryption
382
383
386
Summary 387
References 387
Review Questions 387
Chapter 15
Understanding Native CUCM Security Features and C U C M PKI
Chapter Objectives 391
CUCM Security Features Overview 391
CUCM Security Feature Support
393
Cisco Unified Communications Security Considerations
CUCM IPsec Support 395
IPsec Scenarios in Cisco Unified Communications
IPsec on Network Infrastructure Devices
397
395
Signed Phone Loads 397
SIP Digest Authentication 398
SIP Digest Authentication Configuration Procedure
SIP Digest Authentication Configuration Example
399
399
SIP Trunk Encryption 400
SIP Trunk Encryption Configuration Procedure
SIP Trunk Encryption Configuration
401
401
394
391
xvii
CUCM PKI 402
Self-Signed Certificates
402
Manufacturing Installed Certificates
403
Locally Significant Certificates
403
Multiple PKI Roots in CUCM Deployments
404
Cisco Certificate Trust List
405
Cisco CTL Client Function
406
Initial CTL Download
408
IP Phone Verification of a New Cisco CTL
409
IP Phone Usage of the CTL 410
PKI Topology with Secure SRST 410
Trust Requirements with Secure SRST 412
Secure SRST: Certificate Import: CUCM
412
Secure SRST: Certificate Import: Secure SRST Gateway
Certificate Usage in Secure SRST
413
414
Summary 415
References 416
Review Questions 416
Chapter 16
Implementing Security in C U C M
419
Chapter Objectives 419
Enabling PKI-Based Security Features in CUCM 420
Configuration Procedure for PKI-Based CUCM Security Features
Enabling Services Required for Security 422
Installing the Cisco CTL Client 422
Cisco CTL Client Usage
423
Setting the Cluster Security Mode
Updating the CTL 425
421
424
CAPF Configuration and LSC Enrollment 425
CAPF Service Configuration Parameter
CAPF Phone Configuration Options
426
426
First-Time Installation of a Certificate with a Manually Entered Authentication
String 428
Certificate Upgrade Using an Existing MIC 429
Generating a CAPF Report to Verify LSC Enrollment
Finding Phones by Their LSC Status
431
Signed and Encrypted Configuration Files 431
Encrypted Configuration Files
432
Obtaining Phone Encrypted Configuration Files
433
Configuring Encrypted Configuration Files
434
Phone Security Profiles
434
Default SCCP Phone Security Profiles
435
Configuring TFTP Encrypted Configuration Files
436
430
xviii
Secure Signaling 436
Certificate Exchange in TLS 438
Server'-to-Phone Authentication
438
Phone-to-Server Authentication
439
TLS Session Key Exchange
440
Secure Signaling Using TLS 441
Secure Media Transmission Between Cisco IP Phones 441
SRTP Protection
442
SRTP Packet Format
443
SRTP Encryption
443
SRTP Authentication
444
Secure Call Flow Summary
445
Configuring IP Phones to Use Secure Signaling and Media Exchange
446
The Actual Security Mode Depends on the Configuration of Both Phones 447
Secure Media Transmission to H.323 and MGCP Gateways 447
H.323 SRTP CUCM
448
SRTP to MGCP Gateways
450
Secure Conferencing 450
Secure Conferencing Considerations
451
Secure Conferencing Configuration Procedure
452
Summary 458
References 459
Review Questions 459
Appendix A
A n s w e r s to Chapter Review Questions
Index
472
465
xix
Icons Used in This Book
Cisco Unified
Communications
Manager
Unified CM
Express
Cisco Unified
Border Element
Cisco Unity
Server
Router
Voice-Enabled
Router
WW0
SRST-Enabled
Router
Server
PC
Ethernet
Connection
Voice
Gateway
Security
Management
Laptop
Certificate
Authority
Switch
IP
Communicator
IP Phone
Analog
Phone
Conference
Bridge
Transcoder
Web
Server
Web
Browser
Cell Phone
Relational
Database
Z
Serial Line
Connection
Network Cloud
Command Syntax Conventions
The conventions used to present command syntax in this book are the same conventions
used in the IOS Command Reference. The Command Reference describes these
conventions as follows:
•
Boldface indicates commands and keywords that are entered literally as shown. In
actual configuration examples and output (not general command syntax), boldface
indicates commands that are manually input by the user (such as a show command).
•
Italic indicates arguments for which you supply actual values.
•
Vertical bars (I) separate alternative, mutually exclusive elements.
•
Square brackets ([ ]) indicate an optional element.
•
Braces ({ }) indicate a required choice.
•
Braces within brackets ([{ }]) indicate a required choice within an optional element.
XX
Foreword
Cisco certification self-study guides are excellent self-study resources for networking
professionals to maintain and increase their internetworking skills and to prepare for Cisco
Career Certification exams. Cisco Career Certifications are recognized worldwide and
provide valuable, measurable rewards to networking professionals and their employers.
Cisco Press exam certification guides and preparation materials offer exceptional—and
flexible—access to the knowledge and information required to stay current in one's field
of expertise, or to gain new skills. Whether used to increase internetworking skills or as a
supplement to a formal certification preparation course, these materials offer networking
professionals the information and knowledge they need to perform on-the-job tasks
proficiently.
Developed in conjunction with the Cisco certifications and training team, Cisco Press
books are the only self-study books authorized by Cisco. They offer students a series of
exam practice tools and resource materials to help ensure that learners fully grasp the
concepts and information presented.
Additional authorized Cisco instructor-led courses, e-learning, labs, and simulations are
available exclusively from Cisco Learning Solutions Partners worldwide. To learn more,
visit />I hope you will find this guide to be an essential part of your exam preparation and
professional development, as well as a valuable addition to your personal library.
Drew Rosen
Manager, Learning and Development
Learning@Cisco
September 2008
xx i
Introduction
Professional certifications have been an important part of the computing industry for many
years and will continue to become more important. Many reasons exist for these certifications, but the most popularly cited reason is that of credibility. All other considerations held
equal, a certified employee/consultant/job candidate is considered more valuable than one
who is not.
Goals and Methods
The most important goal of this book is to provide you with knowledge and skills in
Unified Communications, deploying the Cisco Unified Communications Manager product.
Another goal of this book is to help you with the Cisco IP Telephony (OPT) Part 2 exam,
which is part of the Cisco Certified Voice Professional (CCVP) certification. The methods
used in this book are designed to be helpful in both your job and the CCVP Cisco IP
Telephony exam. This book provides questions at the end of each chapter to reinforce
the chapter content. Additional test preparation software from companies such as http://
www.selftestsoftware.com will give you additional test preparation questions to arm you
for exam success.
The organization of this book will help you discover the exam topics that you need to
review in more depth, help you fully understand and remember those details, and help you
test the knowledge you have retained on those topics. This book does not try to help you
pass by memorization, but helps you truly learn and understand the topics. The Cisco IP
Telephony Part 2 exam is one of the foundation topics in the CCVP certification. The
knowledge contained in this book is vitally important for you to consider yourself a truly
skilled Unified Communications (UC) engineer. The book aims to help you pass the Cisco
IP Telephony exam by using the following methods:
•
Helping you discover which test topics you have not mastered
•
Providing explanations and information to fill in your knowledge gaps
•
Providing practice exercises on the topics and the testing process via test questions at
the end of each chapter
Who Should Read This Book?
This book is designed to be both a general Cisco Unified Communications Manager book
and a certification preparation book. This book is intended to provide you with the
knowledge required to pass the CCVP Cisco IP Telephony exam for O P T Part 2.
Why should you want to pass the CCVP Cisco IP Telephony exam? The second O P T test
is one of the milestones toward getting the CCVP certification. The CCVP could mean a
raise, promotion, new job, challenge, success, or recognition, but ultimately you determine
what it means to you. Certifications demonstrate that you are serious about continuing the
learning process and professional development. In technology, it is impossible to stay at the
same level when the technology all around you is advancing. Engineers must continually
retrain themselves, or they find themselves with out-of-date commodity-based skill sets.
Strategies for Exam Preparation
The strategy you use for exam preparation might be different than strategies used by others.
It will be based on skills, knowledge, experience, and finding the recipe that works best
for you. If you have attended the O P T course, you might take a different approach than
someone who learned Cisco Unified Communications Manager on the job. Regardless of
the strategy you use or your background, this book is designed to help you get to the point
where you can pass the exam. Cisco exams are quite thorough, so don't skip any chapters.
How This Book Is Organized
The book covers the following topics:
•
Chapter 1, "Identifying Issues in a Multisite Deployment," sets the stage for this
book by identifying all the relevant challenges in multisite deployments requiring
Unified Communications solutions.
•
Chapter 2, "Identifying Multisite Deployment Solutions" is an overview of the
solutions to the challenges identified in Chapter 1 that are described in this book.
•
Chapter 3, "Implementing Multisite Connections " provides the steps to configure
Media Gateway Control Protocol (MGCP) and H.323 gateways as well as Session
Initiation Protocol (SIP) and intercluster trunks to function with Cisco Unified
Communications Manager (CUCM).
•
Chapter 4, "Implementing a Dial Plan for Multisite Deployments " provides a dial
plan solution and addresses toll bypass, tail-end hop-off (TEHO), and digit manipulation techniques in a multisite CUCM deployment.
•
Chapter 5, "Examining Remote-Site Redundancy Options " provides the foundation for maintaining redundancy at a remote site in the event of an IP WAN failure by
exploring the options for implementing Survivable Remote Site Telephony (SRST) and
MGCP fallback.
xxi
•
Chapter 6, Implementing Cisco Unified SRST and MGCP Fallback" presents the
configurations to implement SRST and MGCP fallback, along with implementing a
gateway dial plan and voice features in the SRST router.
•
Chapter 7, "Implementing Cisco Unified Communications Manager Express in
SRST Mode ," discusses the configuration approaches of Cisco Unified Communications Manager Express (CUCME) to support SRST fallback.
•
Chapter 8, "Implementing Bandwidth Managementshows you how to implement
bandwidth management with Call Admission Control (CAC) to ensure a high level of
audio quality for voice calls over IP WAN links by preventing oversubscription.
•
Chapter 9, "Implementing Call Admission Control" describes the methods of
implementing CAC in gatekeepers and CUCM and explores the benefits of Resource
Reservation Protocol (RSVP) and Automated Alternate Routing (AAR) in CUCM.
•
Chapter 10, "Implementing Call Applications on Cisco IOS Gateways," describes
Toolkit Command Language (Tel) and VoiceXML to implement call applications on
gateways.
•
Chapter 11, "Implementing Device Mobility," describes challenges for users
traveling between sites and provides the solution of mobility.
•
Chapter 12, "Implementing Extension Mobility," describes the concept of Extension Mobility and gives the procedure for implementing Extension Mobility for users
traveling to different sites.
•
Chapter 13, "Implementing Cisco Unified Mobility," gives the procedure for
implementing both Mobile Connect and Mobile Voice Application of Unified Mobility
in CUCM and a gateway.
•
Chapter 14, "Understanding Cryptographic Fundamentals and PKI," describes
the required fundamental principles and concepts of cryptography that are relevant to
implementing secure voice implementations in a Cisco Unified Communications
installation.
•
Chapter 15, "Understanding Native CUCM Security Features and CUCM PKI,"
helps you understand the security protocols of IPsec, Transport Layer Security (TLS),
SRTP, and SIP digest and the methods to implement secure voice in a CUCM
installation.
Chapter 16, "Implementing Security in CUCM," demonstrates how to further
implement security in a CUCM installation by securing IP Phones for their
configurations, signaling, and secure media for audio and conference calls.
CHAPTER
1
Identifying Issues in a
Multisite Deployment
Deploying Cisco Unified Communications Manager in a multisite environment has considerations
that pertain only to multisite deployments. Deploying Cisco Unified Communications solutions
between multiple sites requires an appropriate dial plan, enough bandwidth between the sites,
implementing quality of service (QoS), and a design that can survive IP WAN failures. This chapter
identifies the issues that can arise in a multisite Cisco Unified Communications Manager
deployment.
Chapter Objectives
Upon completing this chapter, you will be able to explain issues pertaining to multisite deployment
and relate those issues to multisite connection options. You will be able to meet these objectives:
•
Describe issues pertaining to multisite deployments
•
Describe quality issues in multisite deployments
•
Describe issues with bandwidth in multisite deployments
•
Describe availability issues in multisite deployments
•
Describe dial plan issues in multisite deployments
•
Describe Network Address Translation (NAT) and security issues in multisite deployments
Multisite Deployment Challenge Overview
In a multisite deployment, some of the challenges that can arise include the following:
•
Quality issues: Real-time communications of voice and video must be prioritized over a
packet-switching network. All traffic is treated equally by default in routers and switches. Voice
and video are delay-sensitive packets that need to be given priority to avoid delay and jitter
(variable delay), which would result in decreased voice quality.