Tuesday, April 22, 2014

CUCM outside caller still hears ringing after call is answered through H323 gateway

Call flow was SIP trunk -> CUBE -> H323 -> CUCM -> SCCP phone.

Symptom was inbound callers would call a PSTN number, the SCCP phone would ring and present caller ID, the SCCP phone user would pick up, and the outside caller would continue to hear ringing.  Reviewing debugs, I found via debug voice ccapi inot that the disconnect cause code was 47.

Apr 22 18:48:13.441: //2545/76D263EE875D/CCAPI/cc_api_call_disconnected: Cause Value=47, Interface=0x22ABFFE0, Call Id=2545

This typically is a result of codec mismatches or negotiations.  I threw in some easy peasy transcoding like so, with no luck.

dspfarm profile 1 transcode universal
 codec g729br8
 codec g729r8
 codec g711ulaw
 codec g711alaw
 codec g729ar8
 codec g729abr8
 maximum sessions 24
 associate application CUBE

My issue was because I was using the H323 trunk from the CUBE to CUCM, I needed to accommodate for what would be early offer on the SIP trunk.  Although I had transcoders available, the media exchange in the SDP (Session Description Protocol) where the codecs are negotiated was happening in the initial invite.  With that, the call through the H323 trunk was setting up without the carrier, CUBE and CUCM deciding on the appropriate CODEC.  Hence the disconnect cause 47.

On the CUCM and H323 gateway side, you can emulate the SIP early offer negotiation settings, via Enable Inbound FastStart and / or Wait for Far End H.245 Terminal Capability Set.

Cisco CUBE and Broadview SIP trunks

I was tasked with turning up a SIP trunk from Broadview with little information from the customer or provider.  There is also no interoperability guide for Cisco CUBE and Broadview SIP trunks that I could find. The only reference on their website is to the now defunct Small Business UC500 product line.  With that, I blew a bunch of time trying figure out from the tech on the phone who didn't have access to the Broadview switch nor any information himself re: registration or authentication requirements, and from hunt, peck and debug techniques how to make a poor phone call work.

Short story regarding where I was side tracked: they don't want you to register with them, but only provide the authenticating credentials when presenting a call to them. No registrar required.  Also seemed I had to bind media and control to individual dial-peers.

With that, here's the critical pieces I found successful.

voice service voip
 ip address trusted list
  ipv4 XXX.XXX.XXX.XXX (CUCM server)
  ipv4 XXX.XXX.XXX.XXX (Broadview SBC)
  ipv4 XXX.XXX.XXX.XXX (CUBE LAN Interface)
  ipv4 XXX.XXX.XXX.XXX (Phone device network, probably unneeded)
 mode border-element
 allow-connections h323 to h323
 allow-connections h323 to sip
 allow-connections sip to h323
 allow-connections sip to sip
 no supplementary-service sip moved-temporarily
 no supplementary-service sip refer
 fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
  registrar server
  early-offer forced
  midcall-signaling passthru
  sip-profiles 1000
voice class sip-profiles 1000
 request ANY sdp-header Connection-Info remove
 response ANY sdp-header Connection-Info remove

 credentials username TheUserNameThatTookTooLongToGetFromThem password TheAssociatedPassword realm aURLtheyThoughtMightWork.broadviewnet.net
 keepalive target ipv4:XXX.XXX.XXX.XXX:5060 (the Broadview SBC address)
 authentication username TheUserNameThatTookTooLongToGetFromThem password TheAssociatedPassword
 no remote-party-id
 retry invite 2
 retry response 3
 retry bye 3
 retry cancel 3
 retry register 10
 timers trying 1000
 timers connect 100
 timers keepalive active 100
 sip-server ipv4:XXX.XXX.XXX.XXX (the Broadview SBC address)

Monday, April 14, 2014

Basic Cisco 1252 AP Express Setup WPA2 Personal AES CCMP Sample

ap_1252#sh run
Building configuration...

Current configuration : 1337 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname ap_1252
enable secret 5 $1$EjY.$FdGuuTgTAYrQMNt8hlXSQ.
no aaa new-model
dot11 ssid LauraAndRay
   authentication open
   authentication key-management wpa version 2
   wpa-psk ascii 7 0212015F00091528
power inline negotiation prestandard source
username rmaslanka privilege 15 password 7 105A0C1D0E1808020217
bridge irb
interface Dot11Radio0
 no ip address
 no ip route-cache
 encryption mode ciphers aes-ccm
 ssid LauraAndRay
 channel 2412
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
interface GigabitEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
interface BVI1
 ip address
 no ip route-cache
ip default-gateway
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
line con 0
line vty 0 4
 login local

Friday, April 11, 2014

Enable SSH on a Cisco router

No secrets here. Just a succinct how to on enabling SSH on a router.  You can find this anywhere.

! set a hostname and domain name to use for encryption key
yourname (config)#hostname MyRouter
MyRouter(config)#ip domain-name MyDomain.local
! generate key
MyRouter(config)#crypto key generate rsa
(choosing 1024 will work)
! allow SSH on lines
MyRouter(config)#line vty 0 4
MyRouter(config-line)#login local
MyRouter(config-line)#transport input ssh
! setup a local user for access
MyRouter(config)#username MYUSERNAME privilege 15 secret MYPASSWORD
MyRouter(config)#line vty 0 4
! set SSH version as 2
MyRouter(config)#ip ssh version 2

Friday, April 04, 2014

Cisco CUCM BIB / Built In Bridge and WFO QM / Quality Manager recording administration

Note: This document describes high level components and techniques to configure Built In Bridge recording where those techniques are different that those used by desktop recording.  This document is not intended to replace or override official Cisco documentation, or a working knowledge of the information provided.  

More information related to Cisco CUCM can be found here: 

More information related to Cisco QM can be found here:

CUCM server 

CUCM configuration 

A SIP trunk on CUCM is used by phones to signal / connect to the QM recording server.

The trunk at this site is named QualityManagerRecordingTrunk1 and points to the Quality Manager recording server at

When recording is appropriate, a route pattern is dialed by the phone to reach the trunk.
The route pattern at this site  is 4221. where Discard Digits is PreDot.

A Recording Profile points to the appropriate route pattern.
The Recording Profile at this site is named QualityManagerBIB and the destination address is 4221

Device Configuration

To configure the phone device for BIB recording:

  1. Set Built In Bridge to On
  2. Set Span to PC Port to Disabled
  3. Add the device to the Controlled Devices of the RMCMUser application user.

BIB on

Span to PC disabled

RMCMUser control

DN Configuration

To configure the DN for recording, assign the appropriate recording profile and options to every DN to be recorded:

  1. Set Recording Option to Automatic Call Recording Enabled
  2. Set Recording Profile to QualtiyManagerBIB
  3. Set Monitoring Calling Search Space to a CSS that has access to the DNs that may be monitored. 

Sample DN recording configuration

Calabrio Server

Enable devices for recording.

From VoIP Devices menu, choose Enable Devices for Recording. You need to enable both physical devices, as well as Extension Mobility profiles.

Enabling a device:

Enabling an Extension Mobility profile

Assigning Server / Type

Assign a Recording Server and Recording Type to physical devices to be recorded.  You do not need to assign these settings to the Extension Mobility devices.

Choose your recording server IP as the record server and Network Recording as the type.

The recording server in this example is at The Built In Bridge recording method referenced in CUCM documentation equates to Network Recording in Calabrio documentation.

Assign record server:

Assign record type:

Agent / Device association

Where an ACD agent is always associated with a physical device, find the device and select the associated agent from the agent column drop down.

Agent / EM association

Where ACD agents are only identified by EM profiles and not physical devices, assign the agent to the EM profile, then leave device to "user login required ".

EM and Agent association

User Login Required

Non ACD Agent recording note

When a line to be recorded is NOT associated with an ACD agent, you need to create a Knowledge Worker.

In User Administration, create a user.

License the user.

Then follow the Enable device for recording and Agent / Device association steps as usual (see steps above).

Note: because an Agent or Knowledge worker cannot be associated with multiple physical devices, if you are attempting to record a shared line, a separate user needs to be created and associated with each device where the shared line is configured.

Monitoring calls note

The line to be called when a supervisor selects a call to be monitored can be configured in the QM web GUI.  
  1. The line must be unique / not be shared on multiple devices.
  2. The line must have the Monitoring Calling Search Space defined.
  3. The device where the line is configured must be controlled by the RMCM user.
Since the line where monitoring will take place needs to be controlled by CUCM (Monitoring Calling Search Space) as well as the device (RMCM user association), entering a PSTN number is unacceptable.

Users wishing to monitor calls remotely can use IP Communicator or a similar device, configured in the same fashion, to have calls monitored directed off premise.