Monday, April 14, 2014

Basic Cisco 1252 AP Express Setup WPA2 Personal AES CCMP Sample

ap_1252#sh run
Building configuration...

Current configuration : 1337 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname ap_1252
enable secret 5 $1$EjY.$FdGuuTgTAYrQMNt8hlXSQ.
no aaa new-model
dot11 ssid LauraAndRay
   authentication open
   authentication key-management wpa version 2
   wpa-psk ascii 7 0212015F00091528
power inline negotiation prestandard source
username rmaslanka privilege 15 password 7 105A0C1D0E1808020217
bridge irb
interface Dot11Radio0
 no ip address
 no ip route-cache
 encryption mode ciphers aes-ccm
 ssid LauraAndRay
 channel 2412
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
interface GigabitEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
interface BVI1
 ip address
 no ip route-cache
ip default-gateway
ip http server
no ip http secure-server
ip http help-path
bridge 1 route ip
line con 0
line vty 0 4
 login local

Friday, April 11, 2014

Enable SSH on a Cisco router

No secrets here. Just a succinct how to on enabling SSH on a router.  You can find this anywhere.

! set a hostname and domain name to use for encryption key
yourname (config)#hostname MyRouter
MyRouter(config)#ip domain-name MyDomain.local
! generate key
MyRouter(config)#crypto key generate rsa
(choosing 1024 will work)
! allow SSH on lines
MyRouter(config)#line vty 0 4
MyRouter(config-line)#login local
MyRouter(config-line)#transport input ssh
! setup a local user for access
MyRouter(config)#username MYUSERNAME privilege 15 secret MYPASSWORD
MyRouter(config)#line vty 0 4
! set SSH version as 2
MyRouter(config)#ip ssh version 2

Friday, April 04, 2014

Cisco CUCM BIB / Built In Bridge and WFO QM / Quality Manager recording administration

Note: This document describes high level components and techniques to configure Built In Bridge recording where those techniques are different that those used by desktop recording.  This document is not intended to replace or override official Cisco documentation, or a working knowledge of the information provided.  

More information related to Cisco CUCM can be found here:

More information related to Cisco QM can be found here:

CUCM server 

CUCM configuration 

A SIP trunk on CUCM is used by phones to signal / connect to the QM recording server.

The trunk at this site is named QualityManagerRecordingTrunk1 and points to the Quality Manager recording server at

When recording is appropriate, a route pattern is dialed by the phone to reach the trunk.
The route pattern at this site  is 4221. where Discard Digits is PreDot.

A Recording Profile points to the appropriate route pattern.
The Recording Profile at this site is named QualityManagerBIB and the destination address is 4221

Device Configuration

To configure the phone device for BIB recording:

  1. Set Built In Bridge to On
  2. Set Span to PC Port to Disabled
  3. Add the device to the Controlled Devices of the RMCMUser application user.

BIB on

Span to PC disabled

RMCMUser control

DN Configuration

To configure the DN for recording, assign the appropriate recording profile and options to every DN to be recorded:

  1. Set Recording Option to Automatic Call Recording Enabled
  2. Set Recording Profile to QualtiyManagerBIB
  3. Set Monitoring Calling Search Space to a CSS that has access to the DNs that may be monitored. 

Sample DN recording configuration

Calabrio Server

Enable devices for recording.

From VoIP Devices menu, choose Enable Devices for Recording. You need to enable both physical devices, as well as Extension Mobility profiles.

Enabling a device:

Enabling an Extension Mobility profile

Assigning Server / Type

Assign a Recording Server and Recording Type to physical devices to be recorded.  You do not need to assign these settings to the Extension Mobility devices.

Choose your recording server IP as the record server and Network Recording as the type.

The recording server in this example is at The Built In Bridge recording method referenced in CUCM documentation equates to Network Recording in Calabrio documentation.

Assign record server:

Assign record type:

Agent / Device association

Where an ACD agent is always associated with a physical device, find the device and select the associated agent from the agent column drop down.

Agent / EM association

Where ACD agents are only identified by EM profiles and not physical devices, assign the agent to the EM profile, then leave device to "user login required ".

EM and Agent association

User Login Required

Non ACD Agent recording note

When a line to be recorded is NOT associated with an ACD agent, you need to create a Knowledge Worker.

In User Administration, create a user.

License the user.

Then follow the Enable device for recording and Agent / Device association steps as usual (see steps above).

Note: because an Agent or Knowledge worker cannot be associated with multiple physical devices, if you are attempting to record a shared line, a separate user needs to be created and associated with each device where the shared line is configured.

Monitoring calls note

The line to be called when a supervisor selects a call to be monitored can be configured in the QM web GUI.  
  1. The line must be unique / not be shared on multiple devices.
  2. The line must have the Monitoring Calling Search Space defined.
  3. The device where the line is configured must be controlled by the RMCM user.
Since the line where monitoring will take place needs to be controlled by CUCM (Monitoring Calling Search Space) as well as the device (RMCM user association), entering a PSTN number is unacceptable.

Users wishing to monitor calls remotely can use IP Communicator or a similar device, configured in the same fashion, to have calls monitored directed off premise.

Wednesday, March 12, 2014

Cisco CUCM - The rhosts file on does not match the publisher

Just a brief note re: checking Cisco CUCM database replication.

I am fond of using the "Cisco Unified Reporting" option in the upper right drop down of the Cisco CUCM web admin interface to verify replication is good.  You can do the same via CLI or via RTMT, but the "Unified CM Database Status" report is a conglomeration of multiple CLI commands in on easy to run report.  Why try to remember all the options when you can run one report?

With that, had you only verified DB replication from CLI or RTMT, you might never encounter the "The rhosts file on XXX.XXX.XXX.XXX does not match the publisher" error.

The easiest first step to regenerate the rhosts file on the offending server is to restart the A Cisco DB service on the server in question.

SSH to the server with the rhosts file out of order.
Run utils service restart A Cisco DB and wait until the process completes.  You should see A Cisco DB[STARTED] when it's successful.
Run your "Unified CM Database Status" report again, and you should be all set.