You may notice some articles displaying content inconsistently. Pardon our dust as we update our site.
cross icon
In this article
dropdown icon
Prepare your environment
    General prerequisites
      Hardware and Software Requirements for Local Gateway
        License Requirements for Local Gateways
          Certificate and Security Requirements for Local Gateway
            Firewall, NAT Traversal, and Media Path Optimization Requirements for Local Gateway
            Configure Webex Calling for your organization
              dropdown icon
              Configure Local Gateway on Cisco IOS XE for Webex Calling
                Overview
                dropdown icon
                Implement CUBE high availability as Local Gateway
                  Fundamentals
                    Configure Redundancy on Both CUBEs
                      Configure a Local Gateway on Both CUBEs
                      dropdown icon
                      Configure Unified CM for Webex Calling
                        Configure SIP Trunk Security Profile for Trunk to Local Gateway
                          Configure SIP Profile for the Local Gateway Trunk
                            Create a Calling Search Space for Calls From Webex
                              Configure a SIP Trunk To and From Webex
                                Configure Route Group for Webex
                                  Configure Route List for Webex
                                    Create a Partition for Webex Destinations
                                      Configure Route Patterns for Webex Destinations
                                        Configure Abbreviated Intersite Dialing Normalization for Webex
                                        dropdown icon
                                        Set up your Webex Calling features
                                          Set up a hunt group
                                            Create a call queue
                                              Create a receptionist client
                                                Create and manage auto attendants
                                                  Configure a paging group
                                                    Set up call pickup
                                                      Set up call park
                                                        Enable barge-in for users
                                                          Enable privacy for a user
                                                            Configure monitoring
                                                              Enable call bridge warning tone for users
                                                                Turn on hoteling for a user
                                                                dropdown icon
                                                                Adoption trends and usage reports for Webex Calling
                                                                  View calling reports
                                                                    Run the CScan tool
                                                                    In this article
                                                                    cross icon
                                                                    dropdown icon
                                                                    Prepare your environment
                                                                      General prerequisites
                                                                        Hardware and Software Requirements for Local Gateway
                                                                          License Requirements for Local Gateways
                                                                            Certificate and Security Requirements for Local Gateway
                                                                              Firewall, NAT Traversal, and Media Path Optimization Requirements for Local Gateway
                                                                              Configure Webex Calling for your organization
                                                                                dropdown icon
                                                                                Configure Local Gateway on Cisco IOS XE for Webex Calling
                                                                                  Overview
                                                                                  dropdown icon
                                                                                  Implement CUBE high availability as Local Gateway
                                                                                    Fundamentals
                                                                                      Configure Redundancy on Both CUBEs
                                                                                        Configure a Local Gateway on Both CUBEs
                                                                                        dropdown icon
                                                                                        Configure Unified CM for Webex Calling
                                                                                          Configure SIP Trunk Security Profile for Trunk to Local Gateway
                                                                                            Configure SIP Profile for the Local Gateway Trunk
                                                                                              Create a Calling Search Space for Calls From Webex
                                                                                                Configure a SIP Trunk To and From Webex
                                                                                                  Configure Route Group for Webex
                                                                                                    Configure Route List for Webex
                                                                                                      Create a Partition for Webex Destinations
                                                                                                        Configure Route Patterns for Webex Destinations
                                                                                                          Configure Abbreviated Intersite Dialing Normalization for Webex
                                                                                                          dropdown icon
                                                                                                          Set up your Webex Calling features
                                                                                                            Set up a hunt group
                                                                                                              Create a call queue
                                                                                                                Create a receptionist client
                                                                                                                  Create and manage auto attendants
                                                                                                                    Configure a paging group
                                                                                                                      Set up call pickup
                                                                                                                        Set up call park
                                                                                                                          Enable barge-in for users
                                                                                                                            Enable privacy for a user
                                                                                                                              Configure monitoring
                                                                                                                                Enable call bridge warning tone for users
                                                                                                                                  Turn on hoteling for a user
                                                                                                                                  dropdown icon
                                                                                                                                  Adoption trends and usage reports for Webex Calling
                                                                                                                                    View calling reports
                                                                                                                                      Run the CScan tool

                                                                                                                                      Webex Calling Configuration Workflow

                                                                                                                                      list-menuIn this article

                                                                                                                                      Get your bearings with all of the information available about Webex Calling, whether you're a partner, an administrator, or a user. Use the links provided here to help you get started using all of the services and features available with Webex Calling.

                                                                                                                                      Prepare your environment

                                                                                                                                      General prerequisites

                                                                                                                                      Before you configure a local gateway for Webex Calling, ensure that you:

                                                                                                                                      • Have a basic knowledge of VoIP principles

                                                                                                                                      • Have a basic working knowledge of Cisco IOS-XE and IOS-XE voice concepts

                                                                                                                                      • Have a basic understanding of the Session Initiation Protocol (SIP)

                                                                                                                                      • Have a basic understanding of Cisco Unified Communications Manager (Unified CM) if your deployment model includes Unified CM

                                                                                                                                      See the Cisco Unified Border Element (CUBE) Enterprise Configuration Guide for details.

                                                                                                                                      Hardware and Software Requirements for Local Gateway

                                                                                                                                      Make sure that your deployment has one or more of the local gateways, such as:

                                                                                                                                      • Cisco CUBE for IP-based connectivity

                                                                                                                                      • Cisco IOS Gateway for TDM-based connectivity

                                                                                                                                      See the Table 1 of the Local Gateway for Webex Calling Ordering Guide. Also, make sure that the platform is running a supported IOS-XE release as per the Local Gateway Configuration Guide.

                                                                                                                                      The local gateway helps you migrate to Webex Calling at your own pace. The local gateway integrates your existing on-premises deployment with Webex Calling. You can also use your existing PSTN connection. See Get started with Local Gateway

                                                                                                                                      Certificate and Security Requirements for Local Gateway

                                                                                                                                      Webex Calling requires secure signaling and media. The local gateway performs the encryption, and a TLS connection must be established outbound to the cloud with the following steps:

                                                                                                                                      • The LGW must be updated with the CA root bundle from Cisco PKI

                                                                                                                                      • A set of SIP digest credentials from Control Hub’s Trunk configuration page are used to configure the LGW (the steps are part of the configuration that follows)

                                                                                                                                      • CA root bundle validates presented certificate

                                                                                                                                      • Prompted for credentials (SIP digest provided)

                                                                                                                                      • The cloud identifies which local gateway is securely registered

                                                                                                                                      Firewall, NAT Traversal, and Media Path Optimization Requirements for Local Gateway

                                                                                                                                      In most cases, the local gateway and endpoints can reside in the internal customer network, using private IP addresses with NAT. The enterprise firewall must allow outbound traffic (SIP, RTP/UDP, HTTP) to specific IP addresses/ports, covered in Port Reference Information.

                                                                                                                                      If you want to utilize Media Path Optimization with ICE, the local gateway’s Webex Calling facing interface must have a direct network path to and from the Webex Calling endpoints. If the endpoints are in a different location and there is no direct network path between the endpoints and the local gateway’s Webex Calling facing interface, then the local gateway must have a public IP address assigned to the interface facing Webex Calling for calls between the local gateway and the endpoints to utilize media path optimization. Additionally, it must be running IOS-XE version 16.12.5.

                                                                                                                                      Configure Webex Calling for your organization

                                                                                                                                      The first step to get your Webex Calling services up and running is to complete the First Time Setup Wizard (FTSW). Once the FTSW is completed for your first location, it doesn’t need to be completed for additional locations.

                                                                                                                                      1

                                                                                                                                      Click the Getting Started link in the Welcome email you receive.

                                                                                                                                      Your administrator email address is automatically used to sign in to Control Hub, where you'll be prompted to create your administrator password. After you sign in, the setup wizard automatically starts.

                                                                                                                                      2

                                                                                                                                      Review and accept the terms of service.

                                                                                                                                      3

                                                                                                                                      Review your plan and then click Get Started.

                                                                                                                                      Your account manager is responsible for activating the first steps for FTSW. Contact your account manager if you receive a “Cannot Setup Your Call” notice, when you select Get Started.

                                                                                                                                      4

                                                                                                                                      Select the country that your data center should map to, and enter the customer contact and customer address information.

                                                                                                                                      5

                                                                                                                                      Click Next: Default Location.

                                                                                                                                      6

                                                                                                                                      Choose from the following options:

                                                                                                                                      • Click Save and Close if you’re a partner administrator and you want the customer administrator to complete the provisioning of Webex Calling.
                                                                                                                                      • Fill out the necessary location information. After you create the location in the wizard, you can create more locations later.

                                                                                                                                      After you complete the setup wizard make sure you add a main number to the location you create.

                                                                                                                                      7

                                                                                                                                      Make the following selections to apply to this location:

                                                                                                                                      • Announcement Language—For audio announcements and prompts for new users and features.
                                                                                                                                      • Email Language—For email communication for new users.
                                                                                                                                      • Country
                                                                                                                                      • Time Zone
                                                                                                                                      8

                                                                                                                                      Click Next.

                                                                                                                                      9

                                                                                                                                      Enter an available Cisco Webex SIP address and click Next and select Finish.

                                                                                                                                      Before you begin

                                                                                                                                      To create a new location, prepare the following information:

                                                                                                                                      • Location address

                                                                                                                                      • Desired phone numbers (optional)

                                                                                                                                      1

                                                                                                                                      Log in to Control Hub at https://admin.webex.com, go to Management > Location.

                                                                                                                                      A new location will be hosted in the regional data center that corresponds to the country you selected using the First Time Setup Wizard.
                                                                                                                                      2

                                                                                                                                      Configure the settings of the location:

                                                                                                                                      • Location Name—Enter a unique name to identify the location.
                                                                                                                                      • Country/Region—Choose a country to tie the location to. For example, you can create one location (headquarters) in the United States and another (branch) in the United Kingdom. The country that you choose determines the address fields that follow. The ones documented here use the U.S. address convention as an example.
                                                                                                                                      • Location Address—Enter the location's main mailing address.
                                                                                                                                      • City/Town—Enter a city for this location.
                                                                                                                                      • State/Province/Region—From the drop-down, choose a state.
                                                                                                                                      • ZIP/Postal Code—Enter the ZIP or postal code.
                                                                                                                                      • Announcement Language—Choose the language for audio announcements and prompts for new users and features.
                                                                                                                                      • Email Language—Choose the language for the email communication with new users.
                                                                                                                                      • Time zone—Choose the time zone for the location.
                                                                                                                                      3

                                                                                                                                      Click Save and then choose Yes/ No to add numbers to the location now or later.

                                                                                                                                      4

                                                                                                                                      If you clicked Yes, choose one of the following options:

                                                                                                                                      • Cisco PSTN —Choose this option if you'd like a Cloud PSTN solution from Cisco. The Cisco Calling Plan is a full PSTN replacement solution that provides emergency calling, inbound, and outbound domestic and international calling, and allows you to order new PSTN numbers or port existing numbers to Cisco.

                                                                                                                                        The Cisco PSTN option is only visible under the following conditions:

                                                                                                                                        • You have purchased at least one committed Cisco Calling Plan OCP (Outbound Calling Plan).

                                                                                                                                        • Your location is in a country where the Cisco Calling Plan is supported.

                                                                                                                                        • Your location is new. Pre-existing locations that have had other PSTN capabilities assigned aren't eligible for the Cisco Calling Plan at this time. Open a support case for guidance.

                                                                                                                                        • You’re hosted in a Webex Calling Data Center in a region in which the Cisco Calling Plan is supported.

                                                                                                                                      • Cloud Connected PSTN—Choose this option if you’re looking for a cloud PSTN solution from one of the many Cisco CCP partners or if the Cisco Calling Plan isn't available in your location. CCP partners offer PSTN replacement solutions, extensive global coverage, and a broad and varied range of features, packaging, and pricing.

                                                                                                                                        CCP partners and the geographic coverage are listed here. Only partners that support your location’s country are displayed. Partners are listed either with a logo, or as a brief string of text followed by a region, in brackets (Example: (EU), (US) or (CA)). Partners listed with a logo always offer Regional Media for CCP. For partners displaying as a string, choose the region closest to the country of your location to ensure Regional Media for CCP.

                                                                                                                                        If you see the option to Order numbers now under a listed provider, we recommend that you choose that option so that you can benefit from integrated CCP. Integrated CCP enables procuring and provisioning of phone numbers in Control Hub on a single pane of glass. Non-integrated CCP requires you to procure your phone numbers from the CCP partner outside of Control Hub.

                                                                                                                                      • Premises-based PSTN (Local Gateway)—You can choose this option if you want to keep your current PSTN provider or you want to connect non-cloud sites with cloud sites.

                                                                                                                                      The choice of PSTN option is at each location level (each location has only one PSTN option). You can mix and match as many options as you’d like for your deployment, but each location will have one option. Once you’ve selected and provisioned a PSTN option, you can change it by clicking Manage in the location PSTN properties. Some options, such as Cisco PSTN, however, may not be available after another option has been assigned. Open a support case for guidance.

                                                                                                                                      5

                                                                                                                                      Choose whether you want to activate the numbers now or later.

                                                                                                                                      6

                                                                                                                                      If you selected non-integrated CCP or Premises-based PSTN, enter Phone Numbers as comma-separated values, and then click Validate.

                                                                                                                                      Numbers are added for the specific location. Valid entries move to the Validated Numbers field, and invalid entries remain in the Add Numbers field accompanied by an error message.

                                                                                                                                      Depending on the location's country, the numbers are formatted according to local dialing requirements. For example, if a country code is required, you can enter numbers with or without the code and the code is prepended.

                                                                                                                                      7

                                                                                                                                      Click Save.

                                                                                                                                      What to do next

                                                                                                                                      After you create a location, you can enable emergency 911 services for that location. See RedSky Emergency 911 Service for Webex Calling for more information.

                                                                                                                                      Before you begin

                                                                                                                                      Get a list of the users and workspaces associated with a location: Go to Services > Calling > Numbers and from the drop-down menu, select the location to be deleted. You must delete those users and workspaces before you delete the location.

                                                                                                                                      Keep in mind that any numbers associated with this location will be released back to your PSTN provider; you'll no longer own those numbers.

                                                                                                                                      1

                                                                                                                                      Log in to Control Hub at https://admin.webex.com, go to Management > Location.

                                                                                                                                      2

                                                                                                                                      Click in the Actions column beside the location that you'd like to delete.

                                                                                                                                      3

                                                                                                                                      Choose Delete Location, and confirm that you want to delete that location.

                                                                                                                                      It typically takes a couple of minutes for the location to be permanently deleted, but it could take up to an hour. You can check the status by clicking beside the location name and selecting Deletion Status.

                                                                                                                                      You can change your PSTN setup, the name, time zone, and language of a location after it's created. Keep in mind though that the new language only applies to new users and devices. Existing users and devices continue to use the old language.

                                                                                                                                      For existing locations, you can enable emergency 911 services. See RedSky Emergency 911 Service for Webex Calling for more information.

                                                                                                                                      1

                                                                                                                                      Log in to the Control Hub at https://admin.webex.com, go to Management > Location.

                                                                                                                                      If you see a Caution symbol next to a location, it means that you haven't configured a telephone number for that location yet. You can't make or receive any calls until you configure that number.

                                                                                                                                      2

                                                                                                                                      (Optional) Under PSTN Connection, select either Cloud Connected PSTN or Premises-based PSTN (local gateway), depending on which one you've already configured. Click Manage to change that configuration, and then acknowledge the associated risks by selecting Continue. Then, choose one of the following options and click Save:

                                                                                                                                      • Cisco PSTN —Choose this option if you'd like a Cloud PSTN solution from Cisco. The Cisco Calling Plan is a full PSTN replacement solution that provides emergency calling, inbound, and outbound domestic and international calling, and allows you to order new PSTN numbers or port existing numbers to Cisco.

                                                                                                                                        The Cisco PSTN option is only visible under the following conditions:

                                                                                                                                        • You have purchased at least one committed Cisco Calling Plan OCP (Outbound Calling Plan).

                                                                                                                                        • Your location is in a country where the Cisco Calling Plan is supported.

                                                                                                                                        • Your location is new. Currently, preexisting locations that have had other PSTN capabilities assigned aren't eligible for the Cisco Calling Plan. Open a support case for guidance.

                                                                                                                                        • You’re hosted in a Webex Calling Data Center in a region in which the Cisco Calling Plan is supported.

                                                                                                                                      • Cloud Connected PSTN—Choose this option if you’re looking for a cloud PSTN solution from one of the many Cisco CCP partners or if the Cisco Calling Plan isn't available in your location. CCP partners offer PSTN replacement solutions, extensive global coverage, and a broad and varied range of features, packaging, and pricing.

                                                                                                                                        CCP partners and the geographic coverage are listed here. Only partners that support your location’s country are displayed. Partners are listed either with a logo, or as a brief string of text followed by a region, in brackets (Example: (EU), (US) or (CA)). Partners listed with a logo always offer Regional Media for CCP. For partners displaying as a string, choose the region closest to the country of your location to ensure Regional Media for CCP.

                                                                                                                                        If you see the option to Order numbers now under a listed provider, we recommend that you choose that option so that you can benefit from an integrated CCP. Integrated CCP enables procuring and provisioning of phone numbers in Control Hub on a single pane of glass. Nonintegrated CCP requires you to procure your phone numbers from the CCP partner outside of Control Hub.

                                                                                                                                      • Premises-based PSTN (Local Gateway)—You can choose this option if you want to keep your current PSTN provider or you want to connect noncloud sites with cloud sites.

                                                                                                                                        Webex Calling customers with locations that are previously configured with a Local Gateway will automatically be converted to premises-based PSTN with a corresponding trunk.

                                                                                                                                      3

                                                                                                                                      For the location, select the Main Number from the drop-down list to enable users in that location to make and receive calls.

                                                                                                                                      The Main Number can be assigned to the auto attendant so that the external callers can contact Webex Calling users at that location. Webex Calling users in that location can also use this number as their external caller ID when making calls.
                                                                                                                                      4

                                                                                                                                      (Optional) Under Emergency Calling, you can select Emergency Location Identifier to assign to this location.

                                                                                                                                      This setting is optional and is only applicable for countries that require it.

                                                                                                                                      In some countries (Example: France), regulatory requirements exist for cellular radio systems to establish the identity of the cell when you make an emergency call and is made available to the emergency authorities. Other countries like the U.S and Canada implement location determination using other methods. For more information, see Enhanced Emergency Calling.

                                                                                                                                      Your emergency call provider may need information about the access network and is achieved by defining a new private SIP extension header, P-Access-Network-Info. The header carries information relating to the access network.

                                                                                                                                      When you set the Emergency Location Identifier for a Location, the location value is sent to the provider as part of the SIP message. Contact your emergency call provider to see if you require this setting and use the value that is provided by your emergency call provider."

                                                                                                                                      5

                                                                                                                                      Select the Voicemail Number that users can call to check their voicemail for this location.

                                                                                                                                      6

                                                                                                                                      (Optional) Click the pencil icon at the top of the Location page to change the Location Name, Announcement Language, Email Language, Time Zone, or Address as needed, and then click Save.

                                                                                                                                      Changing the Announcement Language takes effect immediately for any new users and features added to this location. If existing users and/or features should also have their announcement language changed, when prompted, select Change for existing users and workspaces or Change for existing features. Click Apply. You can view progress on the Tasks page. You can't make any more changes until this is complete.

                                                                                                                                      Changing the Time Zone for a location doesn't update the time zones of the features associated with the location. To edit the time zones for features like auto attendant, hunt group, and call queue, go to the General Settings area of the specific feature you would like to update the time zone for and edit and save there.

                                                                                                                                      These settings are for internal dialing and are also available in the first-time setup wizard. As you change your dial plan, the example numbers in the Control Hub update to show these changes.

                                                                                                                                      You can configure outgoing calling permissions for a location. See these steps to configure outgoing calling permissions.

                                                                                                                                      1

                                                                                                                                      Sign in to Control Hub, go to Services > Calling > Service Settings, and then scroll to Internal Dialing.

                                                                                                                                      2

                                                                                                                                      Configure the following optional dialing preferences, as needed:

                                                                                                                                      • Location Routing Prefix Length—We recommend this setting if you've multiple locations. You can enter a length of 2-7 digits. If you have multiple locations with the same extension, users must dial a prefix when calling between locations. For example, if you have multiple stores, all with the extension 1000, you can configure a routing prefix for each store. If one store has a prefix of 888, you'd dial 8881000 to reach that store.

                                                                                                                                        Routing prefix lengths include the steering digit. For example, if you set the routing prefix length to four, only three digits can be used to specify the site.

                                                                                                                                        If you assign a routing prefix to a location, all appearances of extensions assigned to that location include the routing prefix in front of the extension number. For example, 888-1000 (routing prefix-extension).

                                                                                                                                      • Steering Digit in Routing Prefix—Choose the number which will be set as the first digit of every routing prefix.
                                                                                                                                      • Internal Extension Length—You can enter 2-10 digits and the default is 2.

                                                                                                                                        After you increase your extension length, existing speed dials to internal extensions aren’t automatically updated.

                                                                                                                                      • Allow extension dialing between locations—Allows you to customize the extension dialing between locations based on your organization's requirements.
                                                                                                                                        • Enable the toggle if your organization doesn’t have duplicate extensions across all its locations.

                                                                                                                                          By default, the toggle is enabled.

                                                                                                                                        • Disable the toggle if your organization has the same extension in different locations. When the toggle is disabled and the caller dials the extension, the call is routed to a user with matching extension in the same location as the caller. The caller must dial the Enterprise Significant Number (location routing prefix + extension) to reach an extension in other locations.

                                                                                                                                      3

                                                                                                                                      Specify internal dialing for specific locations. Go to Management > Locations, select a location from the list, and click Calling. Scroll to Dialing, and then change internal dialing as needed:

                                                                                                                                      • Internal Dialing—Specify the routing prefix that users at other locations need to dial in order to contact someone at this location. The routing prefix of each location must be unique. We recommend that the prefix length matches the length set at the organization level but it must be 2–7 digits long.
                                                                                                                                      4

                                                                                                                                      Specify external dialing for specific locations. Go to Management > Locations, select a location from the list, and click Calling. Scroll to Dialing, and then change external dialing as needed:

                                                                                                                                      • External Dialing—You can choose an outbound dial digit that users must dial to reach an outside line. The default is None and you can leave it if you don't require this dialing habit. If you do decide to use this feature, we recommend that you use a different number from your organization's steering digit.

                                                                                                                                        Users can include the outbound dial digit when making external calls to mimic how they dialed on legacy systems. However, all users can still make external calls without the outbound dial digit.

                                                                                                                                      • Optionally, you have the ability to Enforce dialing the outbound dial digit of this location, ensuring that the user must use the outbound dial digit set by the admin to place external calls.

                                                                                                                                        Emergency calls can still be dialed with or without the outbound dial digit when this feature is enabled.

                                                                                                                                        Once enabled, any external destination numbers such as those used for call forwarding will no longer work if an outbound dial digit isn’t included.

                                                                                                                                        If an extension is same as the national number, then the extension takes precedence over the national number. Hence, we recommend that you enable the outbound dial digit.
                                                                                                                                        We highly recommend using the E.164 numbering format for incoming and outgoing PSTN calls.

                                                                                                                                      Impact to users:

                                                                                                                                      • Users must restart their phones for changes in dialing preferences to take effect.

                                                                                                                                      • User extensions shouldn’t start with the same number as the location's steering digit or outbound dial digits.

                                                                                                                                      If you're a value added reseller, you can use these steps to start local gateway configuration in Control Hub. When this gateway is registered to the cloud, you can use it on one or more of your Webex Calling locations to provide routing toward an enterprise PSTN service provider.

                                                                                                                                      A location that has a local gateway can't be deleted when the local gateway is being used for other locations.

                                                                                                                                      Follow these steps to create a trunk in Control Hub.

                                                                                                                                      Before you begin

                                                                                                                                      • Once a location is added, and before configuring premises-based PSTN for a location, you must create a trunk.

                                                                                                                                      • Create any locations and specific settings and numbers to each one. Locations must exist before you can add a premises-based PSTN.

                                                                                                                                      • Understand the Premises-based PSTN (local gateway) requirements for Webex Calling.

                                                                                                                                      • You can't choose more than one trunk for a location with premises-based PSTN, but you can choose the same trunk for multiple locations.

                                                                                                                                      1

                                                                                                                                      Log in to Control Hub at https://admin.webex.com, go to Services > Calling > Call Routing, and select Add Trunk.

                                                                                                                                      2

                                                                                                                                      Select a location.

                                                                                                                                      3

                                                                                                                                      Name the trunk and click Save.

                                                                                                                                      The name can't be longer than 24 characters.

                                                                                                                                      What to do next

                                                                                                                                      You're presented with the relevant parameters that you'll need to configure on the trunk. You'll also generate a set of SIP digest credentials to secure the PSTN connection.

                                                                                                                                      Trunk information appears on the screen Register Domain, Trunk Group OTG/DTG, Line/Port, and Outbound Proxy Address.

                                                                                                                                      We recommend that you copy this information from Control Hub and paste it into a local text file or document so you can refer to it when you're ready to configure the premises-based PSTN.

                                                                                                                                      If you lose the credentials, you must generate them from the trunk information screen in Control Hub. Click Retrieve Username and Reset Password to generate a new set of authentication credentials to use on the trunk.

                                                                                                                                      1

                                                                                                                                      Log in to Control Hub at https://admin.webex.com, go to Management > Location.

                                                                                                                                      2

                                                                                                                                      Select a location to modify and click Manage.

                                                                                                                                      3

                                                                                                                                      Select Premises-based PSTN and click Next.

                                                                                                                                      4

                                                                                                                                      Choose a trunk from the drop-down menu.

                                                                                                                                      Visit the trunk page to manage your trunk group choices.

                                                                                                                                      5

                                                                                                                                      Click the confirmation notice, then click Save.

                                                                                                                                      What to do next

                                                                                                                                      You must take the configuration information that Control Hub generated and map the parameters into the local gateway (for example, on a Cisco CUBE that sits on the premises). This article walks you through this process. As a reference, see the following diagram for an example of how the Control Hub configuration information (on the left) maps onto parameters in the CUBE (on the right):

                                                                                                                                      After you successfully complete the configuration on the gateway itself, you can return to Services > Call > Locations in Control Hub and the gateway that you created will be listed in the location card that you assigned it to with a green dot to the left of the name. This status indicates that the gateway is securely registered to the calling cloud and is serving as the active PSTN gateway for the location.

                                                                                                                                      If you're trying out Webex services and you'd like to convert your trial to a paid subscription, you can submit an email request to your partner.

                                                                                                                                      1

                                                                                                                                      Log in to Control Hub at https://admin.webex.com, select the building icon .

                                                                                                                                      2

                                                                                                                                      Select the Subscriptions tab, and then click Purchase Now.

                                                                                                                                      An email is sent to your partner letting them know that you're interested in converting to a paid subscription.

                                                                                                                                      You can use Control Hub to set the priority of available calling options that users see in Webex App. You can also enable them for single click-to-call. For more information, see: Set calling options for Webex App users.

                                                                                                                                      You can control what calling application opens when users make calls. You can configure the calling client settings, including mixed-mode deployment for organizations with users entitled with Unified CM or Webex Calling and users without paid calling services from Cisco. For more information, see: Set up calling behavior.

                                                                                                                                      Configure Local Gateway on Cisco IOS XE for Webex Calling

                                                                                                                                      Overview

                                                                                                                                      Webex Calling currently supports two versions of Local Gateway:

                                                                                                                                      • Local Gateway

                                                                                                                                      • Local Gateway for Webex for Government

                                                                                                                                      • Before you begin, understand the premises-based Public Switched Telephone Network (PSTN) and Local Gateway (LGW) requirements for Webex Calling. See Cisco Preferred Architecture for Webex Calling for more information.

                                                                                                                                      • This article assumes that a dedicated Local Gateway platform is in place with no existing voice configuration. If you modify an existing PSTN gateway or CUBE Enterprise deployment to use as the Local Gateway function for Webex Calling, then pay careful attention to the configuration. Ensure that you don't interrupt the existing call flows and functionality because of the changes that you make.

                                                                                                                                      The procedures contain links to command reference documentation where you can learn more about the individual command options. All command reference links go to the Webex Managed Gateways Command Reference unless stated otherwise (in which case, the command links go to Cisco IOS Voice Command Reference). You can access all these guides at Cisco Unified Border Element Command References.

                                                                                                                                      For information on the supported third-party SBCs, refer to the respective product reference documentation.

                                                                                                                                      There are two options to configure the Local Gateway for your Webex Calling trunk:

                                                                                                                                      • Registration-based trunk

                                                                                                                                      • Certificate-based trunk

                                                                                                                                      Use the task flow either under the Registration-based Local Gateway or Certificate-based Local Gateway to configure Local Gateway for your Webex Calling trunk.

                                                                                                                                      See Get started with Local Gateway for more information on different trunk types. Perform the following steps on the Local Gateway itself, using the Command Line Interface (CLI). We use Session Initiation Protocol (SIP) and Transport Layer Security (TLS) transport to secure the trunk and Secure Real Time Protocol (SRTP) to secure the media between the Local Gateway and Webex Calling.

                                                                                                                                      Local Gateway for Webex for Government doesn’t support the following:

                                                                                                                                      • STUN/ICE-Lite for media path optimization

                                                                                                                                      • Fax (T.38)

                                                                                                                                      To configure Local Gateway for your Webex Calling trunk in Webex for Government, use the following option:

                                                                                                                                      • Certificate-based trunk

                                                                                                                                      Use the task flow under the Certificate-based Local Gateway to configure the Local Gateway for your Webex Calling trunk. For more details on how to configure a certificate-based Local Gateway, see Configure Webex Calling certificate-based trunk.

                                                                                                                                      It’s mandatory to configure FIPS-compliant GCM ciphers to support Local Gateway for Webex for Government. If not, the call setup fails. For configuration details, see Configure Webex Calling certificate-based trunk.

                                                                                                                                      Webex for Government doesn’t support registration-based Local Gateway.

                                                                                                                                      This section describes how to configure a Cisco Unified Border Element (CUBE) as a Local Gateway for Webex Calling, using a registering SIP trunk. The first part of this document illustrates how to configure a simple PSTN gateway. In this case, all calls from the PSTN are routed to Webex Calling and all calls from Webex Calling are routed to the PSTN. The image below highlights this solution and the high-level call routing configuration that will be followed.

                                                                                                                                      In this design, the following principal configurations are used:

                                                                                                                                      • voice class tenants: Used to create trunk specific configurations.

                                                                                                                                      • voice class uri: Used to classify SIP messages for the selection of an inbound dial-peer.

                                                                                                                                      • inbound dial-peer: Provides treatment for inbound SIP messages and determines the outbound route with a dial-peer group.

                                                                                                                                      • dial-peer group: Defines the outbound dial-peers used for onward call routing.

                                                                                                                                      • outbound dial-peer: Provides treatment for outbound SIP messages and routes them to the required target.

                                                                                                                                      Call routing from/to PSTN to/from Webex Calling configuration solution

                                                                                                                                      While IP and SIP have become the default protocols for PSTN trunks, TDM (Time Division Multiplexing) ISDN circuits are still widely used and are supported with Webex Calling trunks. To enable media optimization of IP paths for Local Gateways with TDM-IP call flows, it is currently necessary to use a two-leg call routing process. This approach modifies the call routing configuration shown above, by introducing a set of internal loop-back dial-peers between Webex Calling and PSTN trunks as illustrated in the image below.

                                                                                                                                      When connecting an on-premises Cisco Unified Communications Manager solution with Webex Calling, you can use the simple PSTN gateway configuration as a baseline for building the solution illustrated in the following diagram. In this case, Unified Communications Manager provides centralized routing and treatment of all PSTN and Webex Calling calls.

                                                                                                                                      Throughout this document, the host names, IP addresses, and interfaces illustrated in the following image are used.

                                                                                                                                      Use the configuration guidance in the rest of this document to complete your Local Gateway configuration as follows:

                                                                                                                                      • Step 1: Configure router baseline connectivity and security

                                                                                                                                      • Step 2: Configure Webex Calling Trunk

                                                                                                                                        Depending on your required architecture, follow either:

                                                                                                                                      • Step 3: Configure Local Gateway with SIP PSTN trunk

                                                                                                                                      • Step 4: Configure Local Gateway with existing Unified CM environment

                                                                                                                                        Or:

                                                                                                                                      • Step 3: Configure Local Gateway with TDM PSTN trunk

                                                                                                                                      Baseline configuration

                                                                                                                                      The first step in preparing your Cisco router as a Local Gateway for Webex Calling is to build a baseline configuration that secures your platform and establishes connectivity.

                                                                                                                                      • All registration-based Local Gateway deployments require Cisco IOS XE 17.6.1a or later versions. For the recommended versions, see the Cisco Software Research page. Search for the platform and select one of the suggested releases.

                                                                                                                                        • ISR4000 series routers must be configured with both Unified Communications and Security technology licenses.

                                                                                                                                        • Catalyst Edge 8000 series routers fitted with voice cards or DSPs require DNA Advantage licensing. Routers without voice cards or DSPs require a minimum of DNA Essentials licensing.

                                                                                                                                      • Build a baseline configuration for your platform that follows your business policies. In particular, configure the following and verify the working:

                                                                                                                                        • NTP

                                                                                                                                        • ACLs

                                                                                                                                        • User authentication and remote access

                                                                                                                                        • DNS

                                                                                                                                        • IP routing

                                                                                                                                        • IP addresses

                                                                                                                                      • The network toward Webex Calling must use an IPv4 address.

                                                                                                                                      • Upload the Cisco root CA bundle to the Local Gateway.

                                                                                                                                      Configuration

                                                                                                                                      1

                                                                                                                                      Ensure that you assign valid and routable IP addresses to any Layer 3 interfaces, for example:

                                                                                                                                      
                                                                                                                                      interface GigabitEthernet0/0/0
                                                                                                                                        description Interface facing PSTN and/or CUCM
                                                                                                                                        ip address 10.80.13.12 255.255.255.0
                                                                                                                                      !
                                                                                                                                      interface GigabitEthernet0/0/1
                                                                                                                                        description Interface facing Webex Calling (Private address)
                                                                                                                                        ip address 192.51.100.1 255.255.255.240

                                                                                                                                      2

                                                                                                                                      Protect registration and STUN credentials on the router using symmetric encryption. Configure the primary encryption key and encryption type as follows:

                                                                                                                                      
                                                                                                                                      key config-key password-encrypt YourPassword
                                                                                                                                      password encryption aes
                                                                                                                                      

                                                                                                                                      3

                                                                                                                                      Create a placeholder PKI trustpoint.

                                                                                                                                      Requires this trustpoint to configure TLS later. For registration-based trunks, this trustpoint doesn't require a certificate - as would be required for a certificate-based trunk.
                                                                                                                                      
                                                                                                                                      crypto pki trustpoint EmptyTP 
                                                                                                                                       revocation-check none
                                                                                                                                      
                                                                                                                                      4

                                                                                                                                      Enable TLS1.2 exclusivity and specify the default trustpoint using the following configuration commands. Transport parameters should also be updated to ensure a reliable secure connection for registration:

                                                                                                                                      The cn-san-validate server command ensures that the Local Gateway permits a connection if the host name configured in tenant 200 is included in either the CN or SAN fields of the certificate received from the outbound proxy.
                                                                                                                                      1. Set tcp-retry count to 1000 (5-msec multiples = 5 seconds).

                                                                                                                                      2. The timer connection establish command allows you to tune how long the LGW waits to set up a connection with a proxy before considering the next available option. The default for this timer is 20 seconds and the minimum 5 seconds. Start with a low value and increase if necessary to accommodate network conditions.

                                                                                                                                      
                                                                                                                                      sip-ua
                                                                                                                                       timers connection establish tls 5
                                                                                                                                       transport tcp tls v1.2
                                                                                                                                       crypto signaling default trustpoint EmptyTP cn-san-validate server
                                                                                                                                       tcp-retry 1000

                                                                                                                                      5

                                                                                                                                      Install the Cisco root CA bundle, which includes the DigiCert CA certificate used by Webex Calling. Use the crypto pki trustpool import clean url command to download the root CA bundle from the specified URL, and to clear the current CA trustpool, then install the new bundle of certificates:

                                                                                                                                      If you need to use a proxy for access to the internet using HTTPS, add the following configuration before importing the CA bundle:

                                                                                                                                      ip http client proxy-server yourproxy.com proxy-port 80
                                                                                                                                      
                                                                                                                                      ip http client source-interface GigabitEthernet0/0/1 
                                                                                                                                      crypto pki trustpool import clean url https://www.cisco.com/security/pki/trs/ios_core.p7b
                                                                                                                                      
                                                                                                                                      1

                                                                                                                                      Create a registration based PSTN trunk for an existing location in Control Hub. Make a note of the trunk information that is provided once the trunk has been created. These details, as highlighted in the following illustration, will be used in the configuration steps in this guide. For more information, see Configure trunks, route groups, and dial plans for Webex Calling.

                                                                                                                                      2

                                                                                                                                      Enter the following commands to configure CUBE as a Webex Calling Local Gateway:

                                                                                                                                       
                                                                                                                                      voice service voip
                                                                                                                                       ip address trusted list
                                                                                                                                        ipv4 x.x.x.x y.y.y.y
                                                                                                                                       mode border-element
                                                                                                                                       media statistics
                                                                                                                                       media bulk-stats 
                                                                                                                                       allow-connections sip to sip
                                                                                                                                       no supplementary-service sip refer  
                                                                                                                                       stun
                                                                                                                                        stun flowdata agent-id 1 boot-count 4
                                                                                                                                        stun flowdata shared-secret 0 Password123$
                                                                                                                                       sip
                                                                                                                                        asymmetric payload full
                                                                                                                                        early-offer forced  
                                                                                                                                      

                                                                                                                                      Here's an explanation of the fields for the configuration:

                                                                                                                                      
                                                                                                                                      ip address trusted list
                                                                                                                                       ipv4 x.x.x.x y.y.y.y
                                                                                                                                      • To protect against toll fraud, the trusted address list defines a list of hosts and networks from which the Local Gateway expects legitimate VoIP calls.

                                                                                                                                      • By default, Local Gateway blocks all incoming VoIP messages from IP addresses not in its trusted list. Statically configured dial-peers with “session target IP” or server group IP addresses are trusted by default, so do not need to be added to the trusted list.

                                                                                                                                      • When configuring your Local Gateway, add the IP subnets of your regional Webex Calling data center to the list. For more information, see Port Reference Information for Webex Calling. Also, add address ranges for Unified Communications Manager servers (if used) and PSTN trunk gateways.

                                                                                                                                        If your LGW is behind a firewall with restricted cone NAT, you may prefer to disable the IP address trusted list on the Webex Calling facing interface. The firewall already protects you from unsolicited inbound VoIP. Disable action reduces your longer-term configuration overhead, because we cannot guarantee that the addresses of the Webex Calling peers remain fixed, and you must configure your firewall for the peers in any case.

                                                                                                                                      mode border-element

                                                                                                                                      Enables Cisco Unified Border Element (CUBE) features on the platform.

                                                                                                                                      media statistics

                                                                                                                                      Enables media monitoring on the Local Gateway.

                                                                                                                                      media bulk-stats

                                                                                                                                      Enables the control plane to poll the data plane for bulk call statistics.

                                                                                                                                      For more information on these commands, see Media.

                                                                                                                                      allow-connections sip to sip

                                                                                                                                      Enable CUBE basic SIP back-to-back user agent functionality. For more information, see Allow connections.

                                                                                                                                      By default, T.38 fax transport is enabled. For more information, see fax protocol t38 (voice-service).

                                                                                                                                      stun

                                                                                                                                      Enables STUN (Session Traversal of UDP through NAT) globally.

                                                                                                                                      • When you forward a call to a Webex Calling user (for example, both the called and calling parties are Webex Calling subscribers and if you anchor media at the Webex Calling SBC), then the media cannot flow to the Local Gateway as the pinhole isn't open.

                                                                                                                                      • The STUN bindings feature on the Local Gateway allows locally generated STUN requests to be sent over the negotiated media path. This helps to open the pinhole in the firewall.

                                                                                                                                      For more information, see stun flowdata agent-id and stun flowdata shared-secret.

                                                                                                                                      asymmetric payload full

                                                                                                                                      Configures SIP asymmetric payload support for both DTMF and dynamic codec payloads. For more information on this command, see asymmetric payload.

                                                                                                                                      early-offer forced

                                                                                                                                      Forces the Local Gateway to send SDP information in the initial INVITE message instead of waiting for acknowledgment from the neighboring peer. For more information on this command, see early-offer.

                                                                                                                                      3

                                                                                                                                      Configure voice class codec 100 filter for the trunk. In this example, the same codec filter is used for all trunks. You can configure filters for each trunk for precise control.

                                                                                                                                      
                                                                                                                                      voice class codec 100
                                                                                                                                       codec preference 1 opus
                                                                                                                                       codec preference 2 g711ulaw
                                                                                                                                       codec preference 3 g711alaw
                                                                                                                                      

                                                                                                                                      Here's an explanation of the fields for the configuration:

                                                                                                                                      voice class codec 100

                                                                                                                                      Used to only allow preferred codecs for calls through SIP trunks. For more information, see voice class codec.

                                                                                                                                      Opus codec is supported only for SIP-based PSTN trunks. If the PSTN trunk uses a voice T1/E1 or analog FXO connection, exclude codec preference 1 opus from the voice class codec 100 configuration.

                                                                                                                                      4

                                                                                                                                      Configure voice class stun-usage 100 to enable ICE on the Webex Calling trunk.

                                                                                                                                      
                                                                                                                                      voice class stun-usage 100 
                                                                                                                                       stun usage firewall-traversal flowdata
                                                                                                                                       stun usage ice lite

                                                                                                                                      Here's an explanation of the fields for the configuration:

                                                                                                                                      stun usage ice lite

                                                                                                                                      Used to enable ICE-Lite for all Webex Calling facing dial-peers to allow media-optimization whenever possible. For more information, see voice class stun usage and stun usage ice lite.

                                                                                                                                      You require stun usage of ICE-lite for call flows using media path optimization. To provide media-optimization for a SIP to TDM gateway, configure a loopback dial-peer with ICE-Lite enabled on the IP-IP leg. For further technical details, contact the Account or TAC teams

                                                                                                                                      5

                                                                                                                                      Configure the media encryption policy for Webex traffic.

                                                                                                                                      
                                                                                                                                      voice class srtp-crypto 100
                                                                                                                                       crypto 1 AES_CM_128_HMAC_SHA1_80

                                                                                                                                      Here's an explanation of the fields for the configuration:

                                                                                                                                      voice class srtp-crypto 100

                                                                                                                                      Specifies SHA1_80 as the only SRTP cipher-suite CUBE offers in the SDP in offer and answer messages. Webex Calling only supports SHA1_80. For more information, see voice class srtp-crypto.

                                                                                                                                      6

                                                                                                                                      Configure a pattern to uniquely identify calls to a Local Gateway trunk based on its destination trunk parameter:

                                                                                                                                      
                                                                                                                                      voice class uri 100 sip
                                                                                                                                       pattern dtg=Dallas1463285401_LGU
                                                                                                                                      

                                                                                                                                      Here's an explanation of the fields for the configuration:

                                                                                                                                      voice class uri 100 sip

                                                                                                                                      Defines a pattern to match an incoming SIP invite to an incoming trunk dial-peer. When entering this pattern, use dtg= followed by the Trunk OTG/DTG value provided in Control Hub when the trunk was created. For more information, see voice class uri.

                                                                                                                                      7

                                                                                                                                      Configure sip profile 100, which will be used to modify SIP messages before they are sent to Webex Calling.

                                                                                                                                      
                                                                                                                                      voice class sip-profiles 100
                                                                                                                                       rule 10 request ANY sip-header SIP-Req-URI modify "sips:" "sip:"
                                                                                                                                       rule 20 request ANY sip-header To modify "<sips:" "<sip:"
                                                                                                                                       rule 30 request ANY sip-header From modify "<sips:" "<sip:"
                                                                                                                                       rule 40 request ANY sip-header Contact modify "<sips:(.*)>" "<sip:\1;transport=tls>" 
                                                                                                                                       rule 50 response ANY sip-header To modify "<sips:" "<sip:"
                                                                                                                                       rule 60 response ANY sip-header From modify "<sips:" "<sip:"
                                                                                                                                       rule 70 response ANY sip-header Contact modify "<sips:" "<sip:"
                                                                                                                                       rule 80 request ANY sip-header From modify ">" ";otg=dallas1463285401_lgu>"
                                                                                                                                       rule 90 request ANY sip-header P-Asserted-Identity modify "sips:" "sip:"

                                                                                                                                      Here's an explanation of the fields for the configuration:

                                                                                                                                      • rule 10 to 70 and 90

                                                                                                                                        Ensures that SIP headers used for call signaling use the sip, rather than sips scheme, which is required by Webex proxies. Configuring CUBE to use sips ensures that secure registration is used.

                                                                                                                                      • rule 80

                                                                                                                                        Modifies the From header to include the trunk group OTG/DTG identifier from Control Hub to uniquely identify a Local Gateway site within an enterprise.

                                                                                                                                      8

                                                                                                                                      Configure Webex Calling trunk:

                                                                                                                                      1. Create voice class tenant 100 to define and group configurations required specifically for the Webex Calling trunk. In particular, the trunk registration details provided in Control Hub earlier will be used in this step as detailed below. Dial-peers associated with this tenant later will inherit these configurations.

                                                                                                                                        The following example uses the values illustrated in Step 1 for the purpose of this guide (shown in bold). Replace these with values for your trunk in your configuration.

                                                                                                                                        
                                                                                                                                        voice class tenant 100
                                                                                                                                          registrar dns:98027369.us10.bcld.webex.com scheme sips expires 240 refresh-ratio 50 tcp tls
                                                                                                                                          credentials number Dallas1171197921_LGU username Dallas1463285401_LGU password 0 9Wt[M6ifY+ realm BroadWorks
                                                                                                                                          authentication username Dallas1463285401_LGU password 0 9Wt[M6ifY+ realm BroadWorks
                                                                                                                                          authentication username Dallas1463285401_LGU password 0 9Wt[M6ifY+ realm 98027369.us10.bcld.webex.com
                                                                                                                                          no remote-party-id
                                                                                                                                          sip-server dns:98027369.us10.bcld.webex.com
                                                                                                                                          connection-reuse
                                                                                                                                          srtp-crypto 100
                                                                                                                                          session transport tcp tls 
                                                                                                                                          url sips 
                                                                                                                                          error-passthru
                                                                                                                                          asserted-id pai 
                                                                                                                                          bind control source-interface GigabitEthernet0/0/1
                                                                                                                                          bind media source-interface GigabitEthernet0/0/1
                                                                                                                                          no pass-thru content custom-sdp 
                                                                                                                                          sip-profiles 100 
                                                                                                                                          outbound-proxy dns:dfw04.sipconnect-us.bcld.webex.com  
                                                                                                                                          privacy-policy passthru
                                                                                                                                        

                                                                                                                                        Here's an explanation of the fields for the configuration:

                                                                                                                                        voice class tenant 100

                                                                                                                                        Defines a set of configuration parameters that will be used only for the Webex Calling trunk. For more information, see voice class tenant.

                                                                                                                                        registrar dns:98027369.us10.bcld.webex.com scheme sips expires 240 refresh-ratio 50 tcp tls

                                                                                                                                        Registrar server for the Local Gateway with the registration set to refresh every two minutes (50% of 240 seconds). For more information, see registrar.

                                                                                                                                        Ensure that you use the Register Domain value from Control Hub here.

                                                                                                                                        credentials number Dallas1171197921_LGU username Dallas1463285401_LGU password 0 9Wt[M6ifY+ realm BroadWorks

                                                                                                                                        Credentials for trunk registration challenge. For more information, see credentials (SIP UA).

                                                                                                                                        Ensure that you use the Line/Port host, Authentication Username and Authentication Password values respectively from Control Hub here.

                                                                                                                                        authentication username Dallas1171197921_LGU password 0 9Wt[M6ifY+ realm BroadWorks
                                                                                                                                        authentication username Dallas1171197921_LGU password 0 9Wt[M6ifY+ realm 98027369.us10.bcld.webex.com

                                                                                                                                        Authentication challenge for calls. For more information, see authentication (dial-peer).

                                                                                                                                        Ensure that you use the Authentication Username, Authentication Password and Registrar Domain values respectively from Control Hub here.

                                                                                                                                        no remote-party-id

                                                                                                                                        Disable SIP Remote-Party-ID (RPID) header as Webex Calling supports PAI, which is enabled using CIO asserted-id pai. For more information, see remote-party-id.

                                                                                                                                        sip-server dns:us25.sipconnect.bcld.webex.com

                                                                                                                                        Configures the target SIP server for the trunk. Use the edge proxy SRV address provided in Control Hub when you created your trunk.

                                                                                                                                        connection-reuse

                                                                                                                                        Uses the same persistent connection for registration and call processing. For more information, see connection-reuse.

                                                                                                                                        srtp-crypto 100

                                                                                                                                        Configures the preferred cipher-suites for the SRTP call leg (connection) (specified in step 5). For more information, see voice class srtp-crypto.

                                                                                                                                        session transport tcp tls

                                                                                                                                        Sets transport to TLS. For more information, see session-transport.

                                                                                                                                        url sips

                                                                                                                                        SRV query must be SIPs as supported by the access SBC; all other messages are changed to SIP by sip-profile 200.

                                                                                                                                        error-passthru

                                                                                                                                        Specifies SIP error response pass-thru functionality. For more information, see error-passthru.

                                                                                                                                        asserted-id pai

                                                                                                                                        Turns on PAI processing in Local Gateway. For more information, see asserted-id.

                                                                                                                                        bind control source-interface GigabitEthernet0/0/1

                                                                                                                                        Configures the source interface and associated IP address for messages sent to WebexCalling. For more information, see bind.

                                                                                                                                        bind media source-interface GigabitEthernet0/0/1

                                                                                                                                        Configures the source interface and associated IP address for media sent to WebexCalling. For more information, see bind.

                                                                                                                                        no pass-thru content custom-sdp

                                                                                                                                        Default command under tenant. For more information on this command, see pass-thru content.

                                                                                                                                        sip-profiles 100

                                                                                                                                        Changes SIPs to SIP and modify Line/Port for INVITE and REGISTER messages as defined in sip-profiles 100. For more information, see voice class sip-profiles.

                                                                                                                                        outbound-proxy dns:dfw04.sipconnect-us.bcld.webex.com

                                                                                                                                        Webex Calling access SBC. Insert the Outbound Proxy Address provided in Control Hub when you created your trunk. For more information, see outbound-proxy.

                                                                                                                                        privacy-policy passthru

                                                                                                                                        Configures the privacy header policy options for the trunk to pass privacy values from the received message to the next call leg. For more information, see privacy-policy.

                                                                                                                                      2. Configure the Webex Calling trunk dial-peer.

                                                                                                                                        
                                                                                                                                        dial-peer voice 100 voip
                                                                                                                                         description Inbound/Outbound Webex Calling
                                                                                                                                         max-conn 250
                                                                                                                                         destination-pattern BAD.BAD
                                                                                                                                         session protocol sipv2
                                                                                                                                         session target sip-server
                                                                                                                                         incoming uri request 100
                                                                                                                                         voice-class codec 100
                                                                                                                                         dtmf-relay rtp-nte
                                                                                                                                         voice-class stun-usage 100
                                                                                                                                         no voice-class sip localhost
                                                                                                                                         voice-class sip tenant 100
                                                                                                                                         srtp
                                                                                                                                         no vad
                                                                                                                                        

                                                                                                                                        Here's an explanation of the fields for the configuration:

                                                                                                                                        
                                                                                                                                        dial-peer voice 100 voip
                                                                                                                                          description Inbound/Outbound Webex Calling
                                                                                                                                        

                                                                                                                                        Defines a VoIP dial-peer with a tag of 100 and gives a meaningful description for ease of management and troubleshooting.

                                                                                                                                        max-conn 250

                                                                                                                                        Restricts the number of concurrent inbound and outbound calls between the LGW and Webex Calling. For registration trunks, the maximum value configured should be 250. Usea lower value if that would be more appropriate for your deployment. For more information on concurrent call limits for Local Gateway, refer to the Get started with Local Gateway document.

                                                                                                                                        destination-pattern BAD.BAD

                                                                                                                                        A dummy destination pattern is required when routing outbound calls using an inbound dial-peer group. Any valid destination pattern may be used in this case.

                                                                                                                                        session protocol sipv2

                                                                                                                                        Specifies that dial-peer 100 handles SIP call legs. For more information, see session protocol (dial-peer).

                                                                                                                                        session target sip-server

                                                                                                                                        Indicates that the SIP server defined in tenant 100 is inherited and used for the destination for calls from this dial peer.

                                                                                                                                        incoming uri request 100

                                                                                                                                        To specify the voice class used to match a VoIP dial peer to the uniform resource identifier (URI) of an incoming call. For more information, see incoming uri.

                                                                                                                                        voice-class codec 100

                                                                                                                                        Configures the dial-peer to use the common codec filter list 100. For more information, see voice-class codec.

                                                                                                                                        voice-class stun-usage 100

                                                                                                                                        Allows locally generated STUN requests on the Local Gateway to be sent over the negotiated media path. STUN helps to open a firewall pinhole for media traffic.

                                                                                                                                        no voice-class sip localhost

                                                                                                                                        Disables substitution of the DNS local host name in place of the physical IP address in the From, Call-ID, and Remote-Party-ID headers of outgoing messages.

                                                                                                                                        voice-class sip tenant 100

                                                                                                                                        The dial-peer inherits all parameters configured globally and in tenant 100. Parameters may be overridden at the dial-peer level.

                                                                                                                                        srtp

                                                                                                                                        Enables SRTP for the call leg.

                                                                                                                                        no vad

                                                                                                                                        Disables voice activity detection.

                                                                                                                                      After you define tenant 100 and configure a SIP VoIP dial-peer, the gateway initiates a TLS connection toward Webex Calling. At this point the access SBC presents its certificate to the Local Gateway. The Local Gateway validates the Webex Calling access SBC certificate using the CA root bundle that was updated earlier. If the certificate is recognised, a persistent TLS session is established between the Local Gateway and Webex Calling access SBC. The Local Gateway is then able to use this secure connection to register with the Webex access SBC. When the registration is challenged for authentication:

                                                                                                                                      • The username, password, and realm parameters from the credentials configuration is used in the response.

                                                                                                                                      • The modification rules in sip profile 100 are used to convert SIPS URL back to SIP.

                                                                                                                                      Registration is successful when a 200 OK is received from the access SBC.

                                                                                                                                      Having built a trunk towards Webex Calling above, use the following configuration to create a non-encrypted trunk towards a SIP based PSTN provider:

                                                                                                                                      If your Service Provider offers a secure PSTN trunk, you may follow a similar configuration as detailed above for the Webex Calling trunk. Secure to secure call routing is supported by CUBE.

                                                                                                                                      If you are using a TDM / ISDN PSTN trunk, skip to next section Configure Local Gateway with TDM PSTN trunk.

                                                                                                                                      To configure TDM interfaces for PSTN call legs on the Cisco TDM-SIP Gateways, see  Configuring ISDN PRI.

                                                                                                                                      1

                                                                                                                                      Configure the following voice class uri to identify inbound calls from the PSTN trunk:

                                                                                                                                      
                                                                                                                                      voice class uri 200 sip
                                                                                                                                        host ipv4:192.168.80.13
                                                                                                                                      

                                                                                                                                      Here's an explanation of the fields for the configuration:

                                                                                                                                      voice class uri 200 sip

                                                                                                                                      Defines a pattern to match an incoming SIP invite to an incoming trunk dial-peer. When entering this pattern, use the IP address of you IP PSTN gateway. For more information, see  voice class uri.

                                                                                                                                      2

                                                                                                                                      Configure the following IP PSTN dial-peer:

                                                                                                                                      
                                                                                                                                      dial-peer voice 200 voip
                                                                                                                                       description Inbound/Outbound IP PSTN trunk
                                                                                                                                       destination-pattern BAD.BAD
                                                                                                                                       session protocol sipv2
                                                                                                                                       session target ipv4:192.168.80.13
                                                                                                                                       incoming uri via 200
                                                                                                                                       voice-class sip bind control source-interface GigabitEthernet0/0/0 
                                                                                                                                       voice-class sip bind media source-interface  GigabitEthernet0/0/0 
                                                                                                                                       voice-class codec 100
                                                                                                                                       dtmf-relay rtp-nte 
                                                                                                                                       no vad
                                                                                                                                      

                                                                                                                                      Here's an explanation of the fields for the configuration:

                                                                                                                                      
                                                                                                                                      dial-peer voice 200 voip
                                                                                                                                       description Inbound/Outbound IP PSTN trunk

                                                                                                                                      Defines a VoIP dial-peer with a tag of 200 and gives a meaningful description for ease of management and troubleshooting. For more information, see dial-peer voice.

                                                                                                                                      destination-pattern BAD.BAD

                                                                                                                                      A dummy destination pattern is required when routing outbound calls using an inbound dial-peer group. For more information, see destination-pattern (interface).

                                                                                                                                      session protocol sipv2

                                                                                                                                      Specifies that dial-peer 200 handles SIP call legs. For more information, see session protocol (dial peer).

                                                                                                                                      session target ipv4:192.168.80.13

                                                                                                                                      Indicates the destination’s target IPv4 address to send the call leg. The session target here is ITSP’s IP address. For more information, see  session target (VoIP dial peer).

                                                                                                                                      incoming uri via 200

                                                                                                                                      Defines a match criterion for the VIA header with the IP PSTN’s IP address. Matches all incoming IP PSTN call legs on the Local Gateway with dial-peer 200. For more information, see  incoming url.

                                                                                                                                      bind control source-interface GigabitEthernet0/0/0

                                                                                                                                      Configures the source interface and associated IP address for messages sent to the PSTN. For more information, see  bind.

                                                                                                                                      bind media source-interface GigabitEthernet0/0/0

                                                                                                                                      Configures the source interface and associated IP address for media sent to PSTN. For more information, see  bind.

                                                                                                                                      voice-class codec 100

                                                                                                                                      Configures the dial-peer to use the common codec filter list 100. For more information, see voice-class codec.

                                                                                                                                      dtmf-relay rtp-nte

                                                                                                                                      Defines RTP-NTE (RFC2833) as the DTMF capability expected on the call leg. For more information, see DTMF Relay (Voice over IP).

                                                                                                                                      no vad

                                                                                                                                      Disables voice activity detection. For more information, see vad (dial peer).

                                                                                                                                      3

                                                                                                                                      If you are configuring your Local Gateway to only route calls between Webex Calling and the PSTN, add the following call routing configuration. If you are configuring your Local Gateway with a Unified Communications Manager platform, skip to the next section.

                                                                                                                                      1. Create dial-peer groups to route calls towards Webex Calling or the PSTN. Define DPG 100 with outbound dial-peer 100 toward Webex Calling. DPG 100 is applied to the incoming dial-peer from the PSTN. Similarly, define DPG 200 with outbound dial-peer 200 toward the PSTN. DPG 200 is applied to the incoming dial-peer from Webex.

                                                                                                                                        
                                                                                                                                        voice class dpg 100 
                                                                                                                                         description Route calls to Webex Calling 
                                                                                                                                         dial-peer 100 
                                                                                                                                        voice class dpg 200 
                                                                                                                                         description Route calls to PSTN 
                                                                                                                                         dial-peer 200

                                                                                                                                        Here's an explanation of the fields for the configuration:

                                                                                                                                        dial-peer 100

                                                                                                                                        Associates an outbound dial-peer with a dial-peer group. For more information, see  voice-class dpg.

                                                                                                                                      2. Apply dial-peer groups to route calls from Webex to the PSTN and from the PSTN to Webex:

                                                                                                                                        
                                                                                                                                        dial-peer voice 100
                                                                                                                                         destination dpg 200
                                                                                                                                        dial-peer voice 200
                                                                                                                                         destination dpg 100 

                                                                                                                                        Here's an explanation of the fields for the configuration:

                                                                                                                                        destination dpg 200

                                                                                                                                        Specifies which dial-peer group, and therefore dial-peer should be used for the outbound treatment for calls presented to this incoming dial-peer.

                                                                                                                                        This concludes your Local Gateway configuration. Save the configuration and reload the platform if this is the first time CUBE features are configured.

                                                                                                                                      Having built a trunk towards Webex Calling, use the following configuration to create a TDM trunk for your PSTN service with loop-back call routing to allow media optimization on the Webex call leg.

                                                                                                                                      If you do not require IP media optimization, follow the configuration steps for a SIP PSTN trunk. Use a voice port and POTS dial-peer (as shown in Steps 2 and 3) instead of the PSTN VoIP dial-peer.
                                                                                                                                      1

                                                                                                                                      The loop-back dial-peer configuration uses dial-peer groups and call routing tags to ensure that calls pass correctly between Webex and the PSTN, without creating call routing loops. Configure the following translation rules that will be used to add and remove the call routing tags:

                                                                                                                                      
                                                                                                                                      voice translation-rule 100 
                                                                                                                                       rule 1 /^\+/ /A2A/ 
                                                                                                                                      
                                                                                                                                      voice translation-profile 100 
                                                                                                                                       translate called 100 
                                                                                                                                      
                                                                                                                                      voice translation-rule 200 
                                                                                                                                       rule 1 /^/ /A1A/ 
                                                                                                                                      
                                                                                                                                      voice translation-profile 200 
                                                                                                                                       translate called 200 
                                                                                                                                      
                                                                                                                                      voice translation-rule 11 
                                                                                                                                       rule 1 /^A1A/ // 
                                                                                                                                      
                                                                                                                                      voice translation-profile 11 
                                                                                                                                       translate called 11 
                                                                                                                                      
                                                                                                                                      voice translation-rule 12 
                                                                                                                                       rule 1 /^A2A44/ /0/
                                                                                                                                       rule 2/^A2A/ /00/
                                                                                                                                      
                                                                                                                                      voice translation-profile 12 
                                                                                                                                       translate called 12 
                                                                                                                                      

                                                                                                                                      Here's an explanation of the fields for the configuration:

                                                                                                                                      voice translation-rule

                                                                                                                                      Uses regular expressions defined in rules to add or remove call routing tags. Over-decadic digits (‘A’) are used to add clarity for troubleshooting.

                                                                                                                                      In this configuration, the tag added by translation-profile 100 is used to guide calls from Webex Calling towards the PSTN via the loopback dial-peers. Similarly, the tag added by translation-profile 200 is used to guide calls from the PSTN towards Webex Calling. Translation-profiles 11 and 12 remove these tags before delivering calls to the Webex and PSTN trunks respectively.

                                                                                                                                      This example assumes that called numbers from Webex Calling are presented in +E.164 format. Rule 100 removes the leading + to maintain a valid called number. Rule 12 then adds a national or international routing digit(s) when removing the tag. Use digits that suit your local ISDN national dial plan.

                                                                                                                                      If Webex Calling presents numbers in national format, adjust rules 100 and 12 to simply add and remove the routing tag respectively.

                                                                                                                                      For more information, see voice translation-profile and voice translation-rule.

                                                                                                                                      2

                                                                                                                                      Configure TDM voice interface ports as required by the trunk type and protocol used. For more information, see Configuring ISDN PRI. For example, the basic configuration of a Primary Rate ISDN interface installed in NIM slot 2 of a device might include the following:

                                                                                                                                      
                                                                                                                                      card type e1 0 2 
                                                                                                                                      isdn switch-type primary-net5 
                                                                                                                                      controller E1 0/2/0 
                                                                                                                                       pri-group timeslots 1-31 
                                                                                                                                      3

                                                                                                                                      Configure the following TDM PSTN dial-peer:

                                                                                                                                      
                                                                                                                                      dial-peer voice 200 pots 
                                                                                                                                       description Inbound/Outbound PRI PSTN trunk 
                                                                                                                                       destination-pattern BAD.BAD 
                                                                                                                                       translation-profile incoming 200 
                                                                                                                                       direct-inward-dial 
                                                                                                                                       port 0/2/0:15

                                                                                                                                      Here's an explanation of the fields for the configuration:

                                                                                                                                      
                                                                                                                                      dial-peer voice 200 pots
                                                                                                                                       description Inbound/Outbound PRI PSTN trunk

                                                                                                                                      Defines a VoIP dial-peer with a tag of 200 and gives a meaningful description for ease of management and troubleshooting. For more information, see dial-peer voice.

                                                                                                                                      destination-pattern BAD.BAD

                                                                                                                                      A dummy destination pattern is required when routing outbound calls using an inbound dial-peer group. For more information, see destination-pattern (interface).

                                                                                                                                      translation-profile incoming 200

                                                                                                                                      Assigns the translation profile that will add a call routing tag to the incoming called number.

                                                                                                                                      direct-inward-dial

                                                                                                                                      Routes the call without providing a secondary dial-tone. For more information, see direct-inward-dial.

                                                                                                                                      port 0/2/0:15

                                                                                                                                      The physical voice port associated with this dial-peer.

                                                                                                                                      4

                                                                                                                                      To enable media optimization of IP paths for Local Gateways with TDM-IP call flows, you can modify the call routing by introducing a set of internal loop-back dial-peers between Webex Calling and PSTN trunks. Configure the following loop-back dial-peers. In this case, all incoming calls will be routed initially to dial-peer 10 and from there to either dial-peer 11 or 12 based on the applied routing tag. After removal of the routing tag, calls will be routed to the outbound trunk using dial-peer groups.

                                                                                                                                      
                                                                                                                                      dial-peer voice 10 voip
                                                                                                                                       description Outbound loop-around leg
                                                                                                                                       destination-pattern BAD.BAD
                                                                                                                                       session protocol sipv2
                                                                                                                                       session target ipv4:192.168.80.14
                                                                                                                                       voice-class sip bind control source-interface GigabitEthernet0/0/0
                                                                                                                                       voice-class sip bind media source-interface GigabitEthernet0/0/0
                                                                                                                                       dtmf-relay rtp-nte
                                                                                                                                       codec g711alaw
                                                                                                                                       no vad 
                                                                                                                                      
                                                                                                                                      dial-peer voice 11 voip
                                                                                                                                       description Inbound loop-around leg towards Webex
                                                                                                                                       translation-profile incoming 11
                                                                                                                                       session protocol sipv2
                                                                                                                                       incoming called-number A1AT
                                                                                                                                       voice-class sip bind control source-interface GigabitEthernet0/0/0
                                                                                                                                       voice-class sip bind media source-interface GigabitEthernet0/0/0
                                                                                                                                       dtmf-relay rtp-nte
                                                                                                                                       codec g711alaw
                                                                                                                                       no vad 
                                                                                                                                      
                                                                                                                                      dial-peer voice 12 voip
                                                                                                                                       description Inbound loop-around leg towards PSTN
                                                                                                                                       translation-profile incoming 12
                                                                                                                                       session protocol sipv2
                                                                                                                                       incoming called-number A2AT
                                                                                                                                       voice-class sip bind control source-interface GigabitEthernet0/0/0
                                                                                                                                       voice-class sip bind media source-interface GigabitEthernet0/0/0
                                                                                                                                       dtmf-relay rtp-nte
                                                                                                                                       codec g711alaw 
                                                                                                                                       no vad 
                                                                                                                                      

                                                                                                                                      Here's an explanation of the fields for the configuration:

                                                                                                                                      
                                                                                                                                      dial-peer voice 10 pots
                                                                                                                                       description Outbound loop-around leg

                                                                                                                                      Defines a VoIP dial-peer and gives a meaningful description for ease of management and troubleshooting. For more information, see dial-peer voice.

                                                                                                                                      translation-profile incoming 11

                                                                                                                                      Applies the translation profile defined earlier to remove the call routing tag before passing to the outbound trunk.

                                                                                                                                      destination-pattern BAD.BAD

                                                                                                                                      A dummy destination pattern is required when routing outbound calls using an inbound dial-peer group. For more information, see destination-pattern (interface).

                                                                                                                                      session protocol sipv2

                                                                                                                                      Specifies that this dial-peer handles SIP call legs. For more information, see  session protocol (dial peer).

                                                                                                                                      session target 192.168.80.14

                                                                                                                                      Specifies the local router interface address as the call target to loop-back. For more information, see session target (voip dial peer).

                                                                                                                                      bind control source-interface GigabitEthernet0/0/0

                                                                                                                                      Configures the source interface and associated IP address for messages sent through the loop-back. For more information, see  bind.

                                                                                                                                      bind media source-interface GigabitEthernet0/0/0

                                                                                                                                      Configures the source interface and associated IP address for media sent through the loop-back. For more information, see  bind.

                                                                                                                                      dtmf-relay rtp-nte

                                                                                                                                      Defines RTP-NTE (RFC2833) as the DTMF capability expected on the call leg. For more information, see  DTMF Relay (Voice over IP).

                                                                                                                                      codec g711alaw

                                                                                                                                      Forces all PSTN calls to use G.711. Select a-law or u-law to match the companding method used by your ISDN service.

                                                                                                                                      no vad

                                                                                                                                      Disables voice activity detection. For more information, see  vad (dial peer).

                                                                                                                                      5

                                                                                                                                      Add the following call routing configuration:

                                                                                                                                      1. Create dial-peer groups to route calls between the PSTN and Webex trunks, via the loop-back.

                                                                                                                                        
                                                                                                                                        voice class dpg 100
                                                                                                                                         description Route calls to Webex Calling
                                                                                                                                         dial-peer 100
                                                                                                                                        voice class dpg 200
                                                                                                                                         description Route calls to PSTN
                                                                                                                                         dial-peer 200
                                                                                                                                        voice class dpg 10
                                                                                                                                         description Route calls to Loopback
                                                                                                                                         dial-peer 10

                                                                                                                                        Here's an explanation of the fields for the configuration:

                                                                                                                                        dial-peer 100

                                                                                                                                        Associates an outbound dial-peer with a dial-peer group. For more information, see  voice-class dpg.

                                                                                                                                      2. Apply dial-peer groups to route calls.

                                                                                                                                        
                                                                                                                                        dial-peer voice 100
                                                                                                                                         destination dpg 10
                                                                                                                                        dial-peer voice 200
                                                                                                                                         destination dpg 10
                                                                                                                                        dial-peer voice 11
                                                                                                                                         destination dpg 100
                                                                                                                                        dial-peer voice 12
                                                                                                                                         destination dpg 200

                                                                                                                                        Here's an explanation of the fields for the configuration:

                                                                                                                                        destination dpg 200

                                                                                                                                        Specifies which dial-peer group, and therefore dial-peer should be used for the outbound treatment for calls presented to this incoming dial-peer.

                                                                                                                                      This concludes your Local Gateway configuration. Save the configuration and reload the platform if this is the first time CUBE features are configured.

                                                                                                                                      The PSTN-Webex Calling configuration in the previous sections may be modified to include additional trunks to a Cisco Unified Communications Manager (UCM) cluster. In this case, all calls are routed via Unified CM. Calls from UCM on port 5060 are routed to the PSTN and calls from port 5065 are routed to Webex Calling. The following incremental configurations may be added to include this calling scenario.

                                                                                                                                      When creating the Webex Calling trunk in Unified CM, ensure that you configure the incoming port in the SIP Trunk Security Profile settings to 5065. This allows incoming messages on port 5065 and populate the VIA header with this value when sending messages to the Local Gateway.

                                                                                                                                      1

                                                                                                                                      Configure the following voice class URIs:

                                                                                                                                      1. Classifies Unified CM to Webex calls using SIP VIA port:

                                                                                                                                        
                                                                                                                                        voice class uri 300 sip
                                                                                                                                         pattern :5065
                                                                                                                                        
                                                                                                                                      2. Classifies Unified CM to PSTN calls using SIP via port:

                                                                                                                                        
                                                                                                                                        voice class uri 400 sip
                                                                                                                                         pattern 192\.168\.80\.6[0-5]:5060
                                                                                                                                        

                                                                                                                                        Classify incoming messages from the UCM towards the PSTN trunk using one or more patterns that describe the originating source addresses and port number. Regular expressions may be used to define matching patterns if required.

                                                                                                                                        In the example above, a regular expression is used to match any IP address in the range 192.168.80.60 to 65 and port number 5060.

                                                                                                                                      2

                                                                                                                                      Configure the following DNS records to specify SRV routing to Unified CM hosts:

                                                                                                                                      IOS XE uses these records for locally determining target UCM hosts and ports. With this configuration, it is not required to configure records in your DNS system. If you prefer to use your DNS, then these local configurations are not required.

                                                                                                                                      
                                                                                                                                      ip host ucmpub.mydomain.com 192.168.80.60
                                                                                                                                      ip host ucmsub1.mydomain.com 192.168.80.61
                                                                                                                                      ip host ucmsub2.mydomain.com 192.168.80.62
                                                                                                                                      ip host ucmsub3.mydomain.com 192.168.80.63
                                                                                                                                      ip host ucmsub4.mydomain.com 192.168.80.64
                                                                                                                                      ip host ucmsub5.mydomain.com 192.168.80.65
                                                                                                                                      ip host _sip._udp.wxtocucm.io srv 0 1 5065 ucmpub.mydomain.com
                                                                                                                                      ip host _sip._udp.wxtocucm.io srv 2 1 5065 ucmsub1.mydomain.com
                                                                                                                                      ip host _sip._udp.wxtocucm.io srv 2 1 5065 ucmsub2.mydomain.com
                                                                                                                                      ip host _sip._udp.wxtocucm.io srv 2 1 5065 ucmsub3.mydomain.com
                                                                                                                                      ip host _sip._udp.wxtocucm.io srv 2 1 5065 ucmsub4.mydomain.com
                                                                                                                                      ip host _sip._udp.wxtocucm.io srv 2 1 5065 ucmsub5.mydomain.com
                                                                                                                                      ip host _sip._udp.pstntocucm.io srv 0 1 5060 ucmpub.mydomain.com
                                                                                                                                      ip host _sip._udp.pstntocucm.io srv 2 1 5060 ucmsub1.mydomain.com
                                                                                                                                      ip host _sip._udp.pstntocucm.io srv 2 1 5060 ucmsub2.mydomain.com
                                                                                                                                      ip host _sip._udp.pstntocucm.io srv 2 1 5060 ucmsub3.mydomain.com
                                                                                                                                      ip host _sip._udp.pstntocucm.io srv 2 1 5060 ucmsub4.mydomain.com
                                                                                                                                      ip host _sip._udp.pstntocucm.io srv 2 1 5060 ucmsub5.mydomain.com
                                                                                                                                      

                                                                                                                                      Here's an explanation of the fields for the configuration:

                                                                                                                                      The following command creates a DNS SRV resource record. Create a record for each UCM host and trunk:

                                                                                                                                      ip host _sip._udp.pstntocucm.io srv 2 1 5060 ucmsub5.mydomain.com

                                                                                                                                      _sip._udp.pstntocucm.io: SRV resource record name

                                                                                                                                      2: The SRV resource record priority

                                                                                                                                      1: The SRV resource record weight

                                                                                                                                      5060: The port number to use for the target host in this resource record

                                                                                                                                      ucmsub5.mydomain.com: The resource record target host

                                                                                                                                      To resolve the resource record target host names, create local DNS A records. For example:

                                                                                                                                      ip host ucmsub5.mydomain.com 192.168.80.65

                                                                                                                                      ip host: Creates a record in the local IOS XE database.

                                                                                                                                      ucmsub5.mydomain.com: The A record host name.

                                                                                                                                      192.168.80.65: The host IP address.

                                                                                                                                      Create the SRV resource records and A records to reflect your UCM environment and preferred call distribution strategy.

                                                                                                                                      3

                                                                                                                                      Configure the following dial-peers:

                                                                                                                                      1. Dial-peer for calls between Unified CM and Webex Calling:

                                                                                                                                        
                                                                                                                                        dial-peer voice 300 voip
                                                                                                                                         description UCM-Webex Calling trunk
                                                                                                                                         destination-pattern BAD.BAD
                                                                                                                                         session protocol sipv2
                                                                                                                                         session target dns:wxtocucm.io
                                                                                                                                         incoming uri via 300
                                                                                                                                         voice-class codec 100
                                                                                                                                         voice-class sip bind control source-interface GigabitEthernet 0/0/0
                                                                                                                                         voice-class sip bind media source-interface GigabitEthernet 0/0/0
                                                                                                                                         dtmf-relay rtp-nte
                                                                                                                                         no vad
                                                                                                                                        

                                                                                                                                        Here's an explanation of the fields for the configuration:

                                                                                                                                        
                                                                                                                                        dial-peer voice 300 voip
                                                                                                                                         description UCM-Webex Calling trunk

                                                                                                                                        Defines a VoIP dial-peer with a tag 300 and gives a meaningful description for ease of management and troubleshooting.

                                                                                                                                        destination-pattern BAD.BAD

                                                                                                                                        A dummy destination pattern is required when routing outbound calls using an inbound dial-peer group. Any valid destination pattern may be used in this case.

                                                                                                                                        session protocol sipv2

                                                                                                                                        Specifies that dial-peer 300 handles SIP call legs. For more information, see  session protocol (dial-peer).

                                                                                                                                        session target dns:wxtocucm.io

                                                                                                                                        Defines the session target of multiple Unified CM nodes through DNS SRV resolution. In this case, the locally defined SRV record wxtocucm.io is used to direct calls.

                                                                                                                                        incoming uri via 300

                                                                                                                                        Uses voice class URI 300 to direct all incoming traffic from Unified CM using source port 5065 to this dial-peer. For more information, see  incoming uri.

                                                                                                                                        voice-class codec 100

                                                                                                                                        Indicates codec filter list for calls to and from Unified CM. For more information, see  voice class codec.

                                                                                                                                        bind control source-interface GigabitEthernet0/0/0

                                                                                                                                        Configures the source interface and associated IP address for messages sent to the PSTN. For more information, see  bind.

                                                                                                                                        bind media source-interface GigabitEthernet0/0/0

                                                                                                                                        Configures the source interface and associated IP address for media sent to PSTN. For more information, see  bind.

                                                                                                                                        dtmf-relay rtp-nte

                                                                                                                                        Defines RTP-NTE (RFC2833) as the DTMF capability expected on the call leg. For more information, see  DTMF Relay (Voice over IP).

                                                                                                                                        no vad

                                                                                                                                        Disables voice activity detection. For more information, see  vad (dial peer).

                                                                                                                                      2. Dial-peer for calls between Unified CM and the PSTN:

                                                                                                                                        
                                                                                                                                        dial-peer voice 400 voip
                                                                                                                                         description UCM-PSTN trunk
                                                                                                                                         destination-pattern BAD.BAD
                                                                                                                                         session protocol sipv2
                                                                                                                                         session target dns:pstntocucm.io
                                                                                                                                         incoming uri via 400
                                                                                                                                         voice-class codec 100 
                                                                                                                                         voice-class sip bind control source-interface GigabitEthernet 0/0/0
                                                                                                                                         voice-class sip bind media source-interface GigabitEthernet 0/0/0
                                                                                                                                         dtmf-relay rtp-nte
                                                                                                                                         no vad
                                                                                                                                        

                                                                                                                                        Here's an explanation of the fields for the configuration:

                                                                                                                                        
                                                                                                                                        dial-peer voice 400 voip
                                                                                                                                         description UCM-PSTN trunk

                                                                                                                                        Defines a VoIP dial-peer with a tag of 400 and gives a meaningful description for ease of management and troubleshooting.

                                                                                                                                        destination-pattern BAD.BAD

                                                                                                                                        A dummy destination pattern is required when routing outbound calls using an inbound dial-peer group. Any valid destination pattern may be used in this case.

                                                                                                                                        session protocol sipv2

                                                                                                                                        Specifies that dial-peer 400 handles SIP call legs. For more information, see  session protocol (dial-peer).

                                                                                                                                        session target dns:pstntocucm.io

                                                                                                                                        Defines the session target of multiple Unified CM nodes through DNS SRV resolution. In this case, the locally defined SRV record pstntocucm.io is used to direct calls.

                                                                                                                                        incoming uri via 400

                                                                                                                                        Uses voice class URI 400 to direct all incoming traffic from the specified Unified CM hosts using source port 5060 to this dial-peer. For more information, see  incoming uri.

                                                                                                                                        voice-class codec 100

                                                                                                                                        Indicates codec filter list for calls to and from Unified CM. For more information, see  voice class codec.

                                                                                                                                        bind control source-interface GigabitEthernet0/0/0

                                                                                                                                        Configures the source interface and associated IP address for messages sent to the PSTN. For more information, see  bind.

                                                                                                                                        bind media source-interface GigabitEthernet0/0/0

                                                                                                                                        Configures the source interface and associated IP address for media sent to PSTN. For more information, see  bind.

                                                                                                                                        dtmf-relay rtp-nte

                                                                                                                                        Defines RTP-NTE (RFC2833) as the DTMF capability expected on the call leg. For more information, see  DTMF Relay (Voice over IP).

                                                                                                                                        no vad

                                                                                                                                        Disables voice activity detection. For more information, see  vad (dial peer).

                                                                                                                                      4

                                                                                                                                      Add call routing using the following configurations:

                                                                                                                                      1. Create dial-peer groups to route calls between Unified CM and Webex Calling. Define DPG 100 with outbound dial-peer 100 towards Webex Calling. DPG 100 is applied to the associated incoming dial-peer from Unified CM. Similarly, define DPG 300 with outbound dial-peer 300 toward Unified CM. DPG 300 is applied to the incoming dial-peer from Webex.

                                                                                                                                        
                                                                                                                                        voice class dpg 100
                                                                                                                                         description Route calls to Webex Calling
                                                                                                                                         dial-peer 100
                                                                                                                                        voice class dpg 300
                                                                                                                                         description Route calls to Unified CM Webex Calling trunk
                                                                                                                                         dial-peer 300 
                                                                                                                                      2. Create a dial-peer groups to route calls between Unified CM and the PSTN. Define DPG 200 with outbound dial-peer 200 toward the PSTN. DPG 200 is applied to the associated incoming dial-peer from Unified CM. Similarly, define DPG 400 with outbound dial-peer 400 toward Unified CM. DPG 400 is applied to the incoming dial-peer from the PSTN.

                                                                                                                                        
                                                                                                                                        voice class dpg 200
                                                                                                                                         description Route calls to PSTN
                                                                                                                                         dial-peer 200
                                                                                                                                        voice class dpg 400
                                                                                                                                         description Route calls to Unified CM PSTN trunk
                                                                                                                                         dial-peer 400

                                                                                                                                        Here's an explanation of the fields for the configuration:

                                                                                                                                        dial-peer  100

                                                                                                                                        Associates an outbound dial-peer with a dial-peer group. For more information, see  voice-class dpg.

                                                                                                                                      3. Apply dial-peer groups to route calls from Webex to Unified CM and from Unified CM to Webex:

                                                                                                                                        
                                                                                                                                        dial-peer voice 100
                                                                                                                                         destination dpg 300
                                                                                                                                        dial-peer voice 300
                                                                                                                                         destination dpg 100

                                                                                                                                        Here's an explanation of the fields for the configuration:

                                                                                                                                        destination dpg 300

                                                                                                                                        Specifies which dial-peer group, and therefore dial-peer should be used for the outbound treatment for calls presented to this incoming dial-peer.

                                                                                                                                      4. Apply dial-peer groups to route calls from the PSTN to Unified CM and from Unified CM to the PSTN:

                                                                                                                                        
                                                                                                                                        dial-peer voice 200
                                                                                                                                         destination dpg 400
                                                                                                                                        dial-peer voice 400
                                                                                                                                         destination dpg 200 

                                                                                                                                        This concludes your Local Gateway configuration. Save the configuration and reload the platform if this is the first time CUBE features have been configured.

                                                                                                                                      Diagnostic Signatures (DS) proactively detects commonly observed issues in the IOS XE-based Local Gateway and generates email, syslog, or terminal message notification of the event. You can also install the DS to automate diagnostics data collection and transfer-collected data to the Cisco TAC case to accelerate resolution time.

                                                                                                                                      Diagnostic Signatures (DS) are XML files that contain information about problem trigger events and actions to be taken to inform, troubleshoot, and remediate the issue. You can define the problem detection logic using syslog messages, SNMP events and through periodic monitoring of specific show command outputs.

                                                                                                                                      The action types include collecting show command outputs:

                                                                                                                                      • Generating a consolidated log file

                                                                                                                                      • Uploading the file to a user-provided network location such as HTTPS, SCP, FTP server.

                                                                                                                                      TAC engineers author the DS files and digitally sign it for integrity protection. Each DS file has a unique numerical ID assigned by the system. Diagnostic Signatures Lookup Tool (DSLT) is a single source to find applicable signatures for monitoring and troubleshooting various problems.

                                                                                                                                      Before you begin:

                                                                                                                                      • Do not edit the DS file that you download from DSLT. The files that you modify fail installation due to the integrity check error.

                                                                                                                                      • A Simple Mail Transfer Protocol (SMTP) server you require for the Local Gateway to send out email notifications.

                                                                                                                                      • Ensure that the Local Gateway is running IOS XE 17.6.1 or higher if you wish to use the secure SMTP server for email notifications.

                                                                                                                                      Prerequisites

                                                                                                                                      Local Gateway running IOS XE 17.6.1a or higher

                                                                                                                                      1. Diagnostic Signatures is enabled by default.

                                                                                                                                      2. Configure the secure email server to be used to send proactive notification if the device is running Cisco IOS XE 17.6.1a or higher.

                                                                                                                                        configure terminal 
                                                                                                                                        call-home  
                                                                                                                                        mail-server <username>:<pwd>@<email server> priority 1 secure tls 
                                                                                                                                        end 

                                                                                                                                      3. Configure the environment variable ds_email with the email address of the administrator to notify you.

                                                                                                                                        configure terminal 
                                                                                                                                        call-home  
                                                                                                                                        diagnostic-signature 
                                                                                                                                        environment ds_email <email address> 
                                                                                                                                        end 

                                                                                                                                      The following shows an example configuration of a Local Gateway running on Cisco IOS XE 17.6.1a or higher to send the proactive notifications to tacfaststart@gmail.com using Gmail as the secure SMTP server:

                                                                                                                                      We recommend you to use the Cisco IOS XE Bengaluru 17.6.x or later versions.

                                                                                                                                      call-home  
                                                                                                                                      mail-server tacfaststart:password@smtp.gmail.com priority 1 secure tls 
                                                                                                                                      diagnostic-signature 
                                                                                                                                      environment ds_email "tacfaststart@gmail.com" 

                                                                                                                                      A Local Gateway running on Cisco IOS XE Software is not a typical web-based Gmail client that supports OAuth, so we must configure a specific Gmail account setting and provide specific permission to have the email from the device processed correctly:

                                                                                                                                      1. Go to Manage Google Account > Security and turn on the Less secure app access setting.

                                                                                                                                      2. Answer “Yes, it was me” when you receive an email from Gmail stating “Google prevented someone from signing into your account using a non-Google app.”

                                                                                                                                      Install diagnostic signatures for proactive monitoring

                                                                                                                                      Monitoring high CPU utilization

                                                                                                                                      This DS tracks CPU utilization for five seconds using the SNMP OID 1.3.6.1.4.1.9.2.1.56. When the utilization reaches 75% or more, it disables all debugs and uninstalls all diagnostic signatures that are installed in the Local Gateway. Use these steps below to install the signature.

                                                                                                                                      1. Use the show snmp command to enable SNMP. If you do not enable, then configure the snmp-server manager command.

                                                                                                                                        show snmp 
                                                                                                                                        %SNMP agent not enabled 
                                                                                                                                        
                                                                                                                                        config t 
                                                                                                                                        snmp-server manager 
                                                                                                                                        end 
                                                                                                                                        
                                                                                                                                        show snmp 
                                                                                                                                        Chassis: ABCDEFGHIGK 
                                                                                                                                        149655 SNMP packets input 
                                                                                                                                            0 Bad SNMP version errors 
                                                                                                                                            1 Unknown community name 
                                                                                                                                            0 Illegal operation for community name supplied 
                                                                                                                                            0 Encoding errors 
                                                                                                                                            37763 Number of requested variables 
                                                                                                                                            2 Number of altered variables 
                                                                                                                                            34560 Get-request PDUs 
                                                                                                                                            138 Get-next PDUs 
                                                                                                                                            2 Set-request PDUs 
                                                                                                                                            0 Input queue packet drops (Maximum queue size 1000) 
                                                                                                                                        158277 SNMP packets output 
                                                                                                                                            0 Too big errors (Maximum packet size 1500) 
                                                                                                                                            20 No such name errors 
                                                                                                                                            0 Bad values errors 
                                                                                                                                            0 General errors 
                                                                                                                                            7998 Response PDUs 
                                                                                                                                            10280 Trap PDUs 
                                                                                                                                        Packets currently in SNMP process input queue: 0 
                                                                                                                                        SNMP global trap: enabled 
                                                                                                                                        
                                                                                                                                      2. Download DS 64224 using the following drop-down options in Diagnostic Signatures Lookup Tool:

                                                                                                                                        Field Name

                                                                                                                                        Field Value

                                                                                                                                        Platform

                                                                                                                                        Cisco 4300, 4400 ISR Series or Cisco CSR 1000V Series

                                                                                                                                        Product

                                                                                                                                        CUBE Enterprise in Webex Calling Solution

                                                                                                                                        Problem Scope

                                                                                                                                        Performance

                                                                                                                                        Problem Type

                                                                                                                                        High CPU Utilization with Email Notification.

                                                                                                                                      3. Copy the DS XML file to the Local Gateway flash.

                                                                                                                                        LocalGateway# copy ftp://username:password@<server name or ip>/DS_64224.xml bootflash: 

                                                                                                                                        The following example shows copying the file from an FTP server to the Local Gateway.

                                                                                                                                        copy ftp://user:pwd@192.0.2.12/DS_64224.xml bootflash: 
                                                                                                                                        Accessing ftp://*:*@ 192.0.2.12/DS_64224.xml...! 
                                                                                                                                        [OK - 3571/4096 bytes] 
                                                                                                                                        3571 bytes copied in 0.064 secs (55797 bytes/sec) 
                                                                                                                                        
                                                                                                                                      4. Install the DS XML file in the Local Gateway.

                                                                                                                                        call-home diagnostic-signature load DS_64224.xml 
                                                                                                                                        Load file DS_64224.xml success 
                                                                                                                                      5. Use the show call-home diagnostic-signature command to verify that the signature is successfully installed. The status column should have a “registered” value.

                                                                                                                                        show call-home diagnostic-signature  
                                                                                                                                        Current diagnostic-signature settings: 
                                                                                                                                        Diagnostic-signature: enabled 
                                                                                                                                        Profile: CiscoTAC-1 (status: ACTIVE) 
                                                                                                                                        Downloading  URL(s):  https://tools.cisco.com/its/service/oddce/services/DDCEService 
                                                                                                                                        Environment variable: 
                                                                                                                                        ds_email: username@gmail.com 

                                                                                                                                        Download DSes:

                                                                                                                                        DS ID

                                                                                                                                        DS Name

                                                                                                                                        Revision

                                                                                                                                        Status

                                                                                                                                        Last Update (GMT+00:00)

                                                                                                                                        64224

                                                                                                                                        DS_LGW_CPU_MON75

                                                                                                                                        0.0.10

                                                                                                                                        Registered

                                                                                                                                        2020-11-07 22:05:33

                                                                                                                                        When triggered, this signature uninstalls all running DSs including itself. If necessary, reinstall DS 64224 to continue monitoring high CPU utilization on the Local Gateway.

                                                                                                                                      Monitoring SIP trunk registration

                                                                                                                                      This DS checks for unregistration of a Local Gateway SIP Trunk with Webex Calling cloud every 60 seconds. Once the unregistration event is detected, it generates an email and syslog notification and uninstalls itself after two unregistration occurrences. Use the steps below to install the signature:

                                                                                                                                      1. Download DS 64117 using the following drop-down options in Diagnostic Signatures Lookup Tool:

                                                                                                                                        Field Name

                                                                                                                                        Field Value

                                                                                                                                        Platform

                                                                                                                                        Cisco 4300, 4400 ISR Series or Cisco CSR 1000V Series

                                                                                                                                        Product

                                                                                                                                        CUBE Enterprise in Webex Calling Solution

                                                                                                                                        Problem Scope

                                                                                                                                        SIP-SIP

                                                                                                                                        Problem Type

                                                                                                                                        SIP Trunk Unregistration with Email Notification.

                                                                                                                                      2. Copy the DS XML file to the Local Gateway.

                                                                                                                                        copy ftp://username:password@<server name or ip>/DS_64117.xml bootflash: 
                                                                                                                                      3. Install the DS XML file in the Local Gateway.

                                                                                                                                        call-home diagnostic-signature load DS_64117.xml 
                                                                                                                                        Load file DS_64117.xml success 
                                                                                                                                        LocalGateway#  
                                                                                                                                      4. Use the show call-home diagnostic-signature command to verify that the signature is successfully installed. The status column must have a “registered” value.

                                                                                                                                      Monitoring abnormal call disconnects

                                                                                                                                      This DS uses SNMP polling every 10 minutes to detect abnormal call disconnect with SIP errors 403, 488 and 503.  If the error count increment is greater than or equal to 5 from the last poll, it generates a syslog and email notification. Please use the steps below to install the signature.

                                                                                                                                      1. Use the show snmp command to check whether SNMP is enabled. If it is not enabled, configure the snmp-server manager command.

                                                                                                                                        show snmp 
                                                                                                                                        %SNMP agent not enabled 
                                                                                                                                         
                                                                                                                                        
                                                                                                                                        config t 
                                                                                                                                        snmp-server manager 
                                                                                                                                        end 
                                                                                                                                        
                                                                                                                                        show snmp 
                                                                                                                                        Chassis: ABCDEFGHIGK 
                                                                                                                                        149655 SNMP packets input 
                                                                                                                                            0 Bad SNMP version errors 
                                                                                                                                            1 Unknown community name 
                                                                                                                                            0 Illegal operation for community name supplied 
                                                                                                                                            0 Encoding errors 
                                                                                                                                            37763 Number of requested variables 
                                                                                                                                            2 Number of altered variables 
                                                                                                                                            34560 Get-request PDUs 
                                                                                                                                            138 Get-next PDUs 
                                                                                                                                            2 Set-request PDUs 
                                                                                                                                            0 Input queue packet drops (Maximum queue size 1000) 
                                                                                                                                        158277 SNMP packets output 
                                                                                                                                            0 Too big errors (Maximum packet size 1500) 
                                                                                                                                            20 No such name errors 
                                                                                                                                            0 Bad values errors 
                                                                                                                                            0 General errors 
                                                                                                                                            7998 Response PDUs 
                                                                                                                                            10280 Trap PDUs 
                                                                                                                                        Packets currently in SNMP process input queue: 0 
                                                                                                                                        SNMP global trap: enabled 
                                                                                                                                        
                                                                                                                                      2. Download DS 65221 using the following options in Diagnostic Signatures Lookup Tool:

                                                                                                                                        Field Name

                                                                                                                                        Field Value

                                                                                                                                        Platform

                                                                                                                                        Cisco 4300, 4400 ISR Series or Cisco CSR 1000V Series

                                                                                                                                        Product

                                                                                                                                        CUBE Enterprise in Webex Calling Solution

                                                                                                                                        Problem Scope

                                                                                                                                        Performance

                                                                                                                                        Problem Type

                                                                                                                                        SIP abnormal call disconnect detection with Email and Syslog Notification.

                                                                                                                                      3. Copy the DS XML file to the Local Gateway.

                                                                                                                                        copy ftp://username:password@<server name or ip>/DS_65221.xml bootflash:
                                                                                                                                      4. Install the DS XML file in the Local Gateway.

                                                                                                                                        call-home diagnostic-signature load DS_65221.xml 
                                                                                                                                        Load file DS_65221.xml success 
                                                                                                                                        
                                                                                                                                      5. Use the show call-home diagnostic-signature command to verify that the signature is successfully installed. The status column must have a “registered” value.

                                                                                                                                      Install diagnostic signatures to troubleshoot a problem

                                                                                                                                      Use Diagnostic Signatures (DS) to resolve issues quickly. Cisco TAC engineers have authored several signatures that enable the necessary debugs that are required to troubleshoot a given problem, detect the problem occurrence, collect the right set of diagnostic data and transfer the data automatically to the Cisco TAC case. Diagnostic Signatures (DS) eliminate the need to manually check for the problem occurrence and makes troubleshooting of intermittent and transient issues a lot easier.

                                                                                                                                      You can use the Diagnostic Signatures Lookup Tool to find the applicable signatures and install them to self-solve a given issue or you can install the signature that is recommended by the TAC engineer as part of the support engagement.

                                                                                                                                      Here is an example of how to find and install a DS to detect the occurrence “%VOICE_IEC-3-GW: CCAPI: Internal Error (call spike threshold): IEC=1.1.181.1.29.0" syslog and automate diagnostic data collection using the following steps:

                                                                                                                                      1. Configure an additional DS environment variable ds_fsurl_prefix which is the Cisco TAC file server path (cxd.cisco.com) to which the collected diagnostics data are uploaded. The username in the file path is the case number and the password is the file upload token which can be retrieved from Support Case Manager in the following command. The file upload token can be generated in the Attachments section of the Support Case Manager, as needed.

                                                                                                                                        configure terminal 
                                                                                                                                        call-home  
                                                                                                                                        diagnostic-signature 
                                                                                                                                        LocalGateway(cfg-call-home-diag-sign)environment ds_fsurl_prefix "scp://<case number>:<file upload token>@cxd.cisco.com"  
                                                                                                                                        end 

                                                                                                                                        Example:

                                                                                                                                        call-home  
                                                                                                                                        diagnostic-signature 
                                                                                                                                        environment ds_fsurl_prefix " environment ds_fsurl_prefix "scp://612345678:abcdefghijklmnop@cxd.cisco.com"  
                                                                                                                                      2. Ensure that SNMP is enabled using the show snmp command. If it is not enabled, configure the snmp-server manager command.

                                                                                                                                        show snmp 
                                                                                                                                        %SNMP agent not enabled 
                                                                                                                                         
                                                                                                                                         
                                                                                                                                        config t 
                                                                                                                                        snmp-server manager 
                                                                                                                                        end 
                                                                                                                                      3. Ensure to install the High CPU monitoring DS 64224 as a proactive measure to disable all debugs and diagnostics signatures during the time of high CPU utilization. Download DS 64224 using the following options in Diagnostic Signatures Lookup Tool:

                                                                                                                                        Field Name

                                                                                                                                        Field Value

                                                                                                                                        Platform

                                                                                                                                        Cisco 4300, 4400 ISR Series or Cisco CSR 1000V Series

                                                                                                                                        Product

                                                                                                                                        CUBE Enterprise in Webex Calling Solution

                                                                                                                                        Problem Scope

                                                                                                                                        Performance

                                                                                                                                        Problem Type

                                                                                                                                        High CPU Utilization with Email Notification.

                                                                                                                                      4. Download DS 65095 using the following options in Diagnostic Signatures Lookup Tool:

                                                                                                                                        Field Name

                                                                                                                                        Field Value

                                                                                                                                        Platform

                                                                                                                                        Cisco 4300, 4400 ISR Series or Cisco CSR 1000V Series

                                                                                                                                        Product

                                                                                                                                        CUBE Enterprise in Webex Calling Solution

                                                                                                                                        Problem Scope

                                                                                                                                        Syslogs

                                                                                                                                        Problem Type

                                                                                                                                        Syslog - %VOICE_IEC-3-GW: CCAPI: Internal Error (Call spike threshold): IEC=1.1.181.1.29.0

                                                                                                                                      5. Copy the DS XML files to the Local Gateway.

                                                                                                                                        copy ftp://username:password@<server name or ip>/DS_64224.xml bootflash: 
                                                                                                                                        copy ftp://username:password@<server name or ip>/DS_65095.xml bootflash: 
                                                                                                                                      6. Install the High CPU monitoring DS 64224 and then DS 65095 XML file in the Local Gateway.

                                                                                                                                        call-home diagnostic-signature load DS_64224.xml 
                                                                                                                                        Load file DS_64224.xml success 
                                                                                                                                         
                                                                                                                                        call-home diagnostic-signature load DS_65095.xml 
                                                                                                                                        Load file DS_65095.xml success 
                                                                                                                                        
                                                                                                                                      7. Verify that the signature is successfully installed using the show call-home diagnostic-signature command. The status column must have a “registered” value.

                                                                                                                                        show call-home diagnostic-signature  
                                                                                                                                        Current diagnostic-signature settings: 
                                                                                                                                        Diagnostic-signature: enabled 
                                                                                                                                        Profile: CiscoTAC-1 (status: ACTIVE) 
                                                                                                                                        Downloading  URL(s):  https://tools.cisco.com/its/service/oddce/services/DDCEService 
                                                                                                                                        Environment variable: 
                                                                                                                                                   ds_email: username@gmail.com 
                                                                                                                                                   ds_fsurl_prefix: scp://612345678:abcdefghijklmnop@cxd.cisco.com 

                                                                                                                                        Downloaded DSes:

                                                                                                                                        DS ID

                                                                                                                                        DS Name

                                                                                                                                        Revision

                                                                                                                                        Status

                                                                                                                                        Last Update (GMT+00:00)

                                                                                                                                        64224

                                                                                                                                        00:07:45

                                                                                                                                        DS_LGW_CPU_MON75

                                                                                                                                        0.0.10

                                                                                                                                        Registered

                                                                                                                                        2020-11-08

                                                                                                                                        65095

                                                                                                                                        00:12:53

                                                                                                                                        DS_LGW_IEC_Call_spike_threshold

                                                                                                                                        0.0.12

                                                                                                                                        Registered

                                                                                                                                        2020-11-08

                                                                                                                                      Verify diagnostic signatures execution

                                                                                                                                      In the following command, the “Status” column of the show call-home diagnostic-signature command changes to “running” while the Local Gateway executes the action defined within the signature. The output of show call-home diagnostic-signature statistics is the best way to verify whether a diagnostic signature detects an event of interest and executes the action. The “Triggered/Max/Deinstall” column indicates the number of times the given signature has triggered an event, the maximum number of times it is defined to detect an event and whether the signature deinstalls itself after detecting the maximum number of triggered events.

                                                                                                                                      show call-home diagnostic-signature  
                                                                                                                                      Current diagnostic-signature settings: 
                                                                                                                                      Diagnostic-signature: enabled 
                                                                                                                                      Profile: CiscoTAC-1 (status: ACTIVE) 
                                                                                                                                      Downloading  URL(s):  https://tools.cisco.com/its/service/oddce/services/DDCEService 
                                                                                                                                      Environment variable: 
                                                                                                                                                 ds_email: carunach@cisco.com 
                                                                                                                                                 ds_fsurl_prefix: scp://612345678:abcdefghijklmnop@cxd.cisco.com 

                                                                                                                                      Downloaded DSes:

                                                                                                                                      DS ID

                                                                                                                                      DS Name

                                                                                                                                      Revision

                                                                                                                                      Status

                                                                                                                                      Last Update (GMT+00:00)

                                                                                                                                      64224

                                                                                                                                      DS_LGW_CPU_MON75

                                                                                                                                      0.0.10

                                                                                                                                      Registered

                                                                                                                                      2020-11-08 00:07:45

                                                                                                                                      65095

                                                                                                                                      DS_LGW_IEC_Call_spike_threshold

                                                                                                                                      0.0.12

                                                                                                                                      Running

                                                                                                                                      2020-11-08 00:12:53

                                                                                                                                      show call-home diagnostic-signature statistics

                                                                                                                                      DS ID

                                                                                                                                      DS Name

                                                                                                                                      Triggered/Max/Deinstall

                                                                                                                                      Average Run Time (seconds)

                                                                                                                                      Max Run Time (seconds)

                                                                                                                                      64224

                                                                                                                                      DS_LGW_CPU_MON75

                                                                                                                                      0/0/N

                                                                                                                                      0.000

                                                                                                                                      0.000

                                                                                                                                      65095

                                                                                                                                      DS_LGW_IEC_Call_spike_threshold

                                                                                                                                      1/20/Y

                                                                                                                                      23.053

                                                                                                                                      23.053

                                                                                                                                      The notification email that is sent during diagnostic signature execution contains key information such as issue type, device details, software version, running configuration, and show command outputs that are relevant to troubleshoot the given problem.

                                                                                                                                      Uninstall diagnostic signatures

                                                                                                                                      Use Diagnostic signatures for troubleshooting purposes are typically defined to uninstall after detection of some problem occurrences. If you want to uninstall a signature manually, retrieve the DS ID from the output of the show call-home diagnostic-signature command and run the following command:

                                                                                                                                      call-home diagnostic-signature deinstall <DS ID> 
                                                                                                                                      

                                                                                                                                      Example:

                                                                                                                                      call-home diagnostic-signature deinstall 64224 
                                                                                                                                      

                                                                                                                                      New signatures are added to Diagnostics Signatures Lookup Tool periodically, based on issues that are commonly observed in deployments. TAC currently doesn’t support requests to create new custom signatures.

                                                                                                                                      For better management of Cisco IOS XE Gateways, we recommend that you enroll and manage the gateways through the Control Hub. It is an optional configuration. When enrolled, you can use the configuration validation option in the Control Hub to validate your Local Gateway configuration and identify any configuration issues. Currently, only registration-based trunks support this functionality.

                                                                                                                                      For more information, refer the following:

                                                                                                                                      This section describes how to configure a Cisco Unified Border Element (CUBE) as a Local Gateway for Webex Calling, using certificate-based mutual TLS (mTLS) SIP trunk. The first part of this document illustrates how to configure a simple PSTN gateway. In this case, all calls from the PSTN are routed to Webex Calling and all calls from Webex Calling are routed to the PSTN. The following image highlights this solution and the high-level call routing configuration that will be followed.

                                                                                                                                      In this design, the following principal configurations are used:

                                                                                                                                      • voice class tenants: Used to create trunk specific configurations.

                                                                                                                                      • voice class uri: Used to classify SIP messages for the selection of an inbound dial-peer.

                                                                                                                                      • inbound dial-peer: Provides treatment for inbound SIP messages and determines the outbound route with a dial-peer group.

                                                                                                                                      • dial-peer group: Defines the outbound dial-peers used for onward call routing.

                                                                                                                                      • outbound dial-peer: Provides treatment for outbound SIP messages and routes them to the required target.

                                                                                                                                      Call routing from/to PSTN to/from Webex Calling configuration solution

                                                                                                                                      While IP and SIP have become the default protocols for PSTN trunks, TDM (Time Division Multiplexing) ISDN circuits are still widely used and are supported with Webex Calling trunks. To enable media optimization of IP paths for Local Gateways with TDM-IP call flows, it is currently necessary to use a two-leg call routing process. This approach modifies the call routing configuration shown above, by introducing a set of internal loop-back dial-peers between Webex Calling and PSTN trunks as illustrated in the image below.

                                                                                                                                      When connecting an on-premises Cisco Unified Communications Manager solution with Webex Calling, you can use the simple PSTN gateway configuration as a baseline for building the solution illustrated in the following diagram. In this case, Unified Communications Manager provides centralized routing and treatment of all PSTN and Webex Calling calls.

                                                                                                                                      Throughout this document, the host names, IP addresses, and interfaces illustrated in the following image are used. Options are provided for public or private (behind NAT) addressing. SRV DNS records are optional, unless load balancing across multiple CUBE instances.

                                                                                                                                      Use the configuration guidance in the rest of this document to complete your Local Gateway configuration as follows:

                                                                                                                                      • Step 1: Configure router baseline connectivity and security

                                                                                                                                      • Step 2: Configure Webex Calling Trunk

                                                                                                                                        Depending on your required architecture, follow either:

                                                                                                                                      • Step 3: Configure Local Gateway with SIP PSTN trunk

                                                                                                                                      • Step 4: Configure Local Gateway with existing Unified CM environment

                                                                                                                                        Or:

                                                                                                                                      • Step 3: Configure Local Gateway with TDM PSTN trunk

                                                                                                                                      Baseline configuration

                                                                                                                                      The first step in preparing your Cisco router as a Local Gateway for Webex Calling is to build a baseline configuration that secures your platform and establishes connectivity.

                                                                                                                                      • All certificate-based Local Gateway deployments require Cisco IOS XE 17.9.1a or later versions. For the recommended versions, see the Cisco Software Research page. Search for the platform and select one of the suggested releases.

                                                                                                                                        • ISR4000 series routers must be configured with both Unified Communications and Security technology licenses.

                                                                                                                                        • Catalyst Edge 8000 series routers fitted with voice cards or DSPs require DNA Essentials licensing. Routers without voice cards or DSPs require a minimum of DNA Essentials licensing.

                                                                                                                                        • For high-capacity requirements, you may also require a High Security (HSEC) license and additional throughput entitlement.

                                                                                                                                          Refer to Authorization Codes for further details.

                                                                                                                                      • Build a baseline configuration for your platform that follows your business policies. In particular, configure the following and verify the working:

                                                                                                                                        • NTP

                                                                                                                                        • ACLs

                                                                                                                                        • User authentication and remote access

                                                                                                                                        • DNS

                                                                                                                                        • IP routing

                                                                                                                                        • IP addresses

                                                                                                                                      • The network toward Webex Calling must use a IPv4 address. Local Gateway Fully Qualified Domain Names (FQDN) or Service Record (SRV) addresses must resolve to a public IPv4 address on the internet.

                                                                                                                                      • All SIP and media ports on the Local Gateway interface facing Webex must be accessible from the internet, either directly or via static NAT. Ensure that you update your firewall accordingly.

                                                                                                                                      • Install a signed certificate on the Local Gateway (the following provides detailed configuration steps).

                                                                                                                                        • A public Certificate Authority (CA) as detailed in  What Root Certificate Authorities are Supported for Calls to Cisco Webex Audio and Video Platforms? must sign the device certificate.

                                                                                                                                        • The FQDN configured in the Control Hub when creating a trunk must be the Common Name (CN) or Subject Alternate Name (SAN) certificate of the router. For example:

                                                                                                                                          • If a configured trunk in the Control Hub of your organization has cube1.lgw.com:5061 as FQDN of the Local Gateway, then the CN or SAN in the router certificate must contain cube1.lgw.com. 

                                                                                                                                          • If a configured trunk in the Control Hub of your organization has lgws.lgw.com as the SRV address of the Local Gateway(s) reachable from the trunk, then the CN or SAN in the router certificate must contain lgws.lgw.com. The records that the SRV address resolves to (CNAME, A Record, or IP Address) are optional in SAN.

                                                                                                                                          • Whether you use an FQDN or SRV for the trunk, the contact address for all new SIP dialogs from your Local Gateway uses the name configured in the Control Hub.

                                                                                                                                      • Ensure that certificates are signed for client and server usage.

                                                                                                                                      • Upload the Cisco root CA bundle to the Local Gateway.

                                                                                                                                      Configuration

                                                                                                                                      1

                                                                                                                                      Ensure that you assign valid and routable IP addresses to any Layer 3 interfaces, for example:

                                                                                                                                      
                                                                                                                                      interface GigabitEthernet0/0/0
                                                                                                                                       description Interface facing PSTN and/or CUCM
                                                                                                                                       ip address 192.168.80.14 255.255.255.0
                                                                                                                                      !
                                                                                                                                      interface GigabitEthernet0/0/1
                                                                                                                                       description Interface facing Webex Calling (Public address)
                                                                                                                                       ip address 198.51.100.1 255.255.255.240
                                                                                                                                      

                                                                                                                                      2

                                                                                                                                      Protect STUN credentials on the router using symmetric encryption. Configure the primary encryption key and encryption type as follows:

                                                                                                                                      
                                                                                                                                      key config-key password-encrypt YourPassword
                                                                                                                                      password encryption aes
                                                                                                                                      3

                                                                                                                                      Create an encryption trustpoint with a certificate signed by your preferred Certificate Authority (CA).

                                                                                                                                      1. Create an RSA key pair using the following exec command.

                                                                                                                                        crypto key generate rsa general-keys exportable label lgw-key modulus 4096

                                                                                                                                      2. When using cube1.lgw.com as the fqdn for the trunk, create a trustpoint for the signed certificate with the following configuration commands:

                                                                                                                                        
                                                                                                                                        crypto pki trustpoint LGW_CERT
                                                                                                                                         enrollment terminal pem
                                                                                                                                         fqdn cube1.lgw.com
                                                                                                                                         subject-name cn=cube1.lgw.com
                                                                                                                                         subject-alt-name cube1.lgw.com
                                                                                                                                         revocation-check none
                                                                                                                                         rsakeypair lgw-key

                                                                                                                                      3. Generate Certificate Signing Request (CSR) with the following exec or configuration command and use it to request a signed certificate from a supported CA provider:

                                                                                                                                        crypto pki enroll LGW_CERT

                                                                                                                                      4

                                                                                                                                      Authenticate your new certificate using your intermediate (or root) CA certificate, then import the certificate (Step 4). Enter the following exec or configuration command:

                                                                                                                                      
                                                                                                                                      crypto pki authenticate LGW_CERT
                                                                                                                                      <paste Intermediate X.509 base 64 based certificate here>
                                                                                                                                      

                                                                                                                                      5

                                                                                                                                      Import a signed host certificate using the following exec or configuration command:

                                                                                                                                      
                                                                                                                                      crypto pki import LGW_CERT certificate
                                                                                                                                      <paste CUBE host X.509 base 64 certificate here>
                                                                                                                                      

                                                                                                                                      6

                                                                                                                                      Enable TLS1.2 exclusivity and specify the default trustpoint using the following configuration commands:

                                                                                                                                      
                                                                                                                                       sip-ua
                                                                                                                                        crypto signaling default trustpoint LGW_CERT
                                                                                                                                        transport tcp tls v1.2
                                                                                                                                      
                                                                                                                                      

                                                                                                                                      7

                                                                                                                                      Install the Cisco root CA bundle, which includes the DigiCert CA certificate used by Webex Calling. Use the crypto pki trustpool import clean url command to download the root CA bundle from the specified URL, and to clear the current CA trustpool, then install the new bundle of certificates:

                                                                                                                                      If you need to use a proxy for access to the internet using HTTPS, add the following configuration before importing the CA bundle:

                                                                                                                                      ip http client proxy-server yourproxy.com proxy-port 80
                                                                                                                                      
                                                                                                                                      ip http client source-interface GigabitEthernet0/0/1 
                                                                                                                                      crypto pki trustpool import clean url https://www.cisco.com/security/pki/trs/ios_core.p7b
                                                                                                                                      1

                                                                                                                                      Create a CUBE certificate-based PSTN trunk for an existing location in Control Hub. For more information, see Configure trunks, route groups, and dial plans for Webex Calling.

                                                                                                                                      Make a note of the trunk information that is provided once the trunk is created. These details, as highlighted in the following illustration, will be used in the configuration steps in this guide.
                                                                                                                                      2

                                                                                                                                      Enter the following commands to configure CUBE as a Webex Calling Local Gateway:

                                                                                                                                      
                                                                                                                                      voice service voip
                                                                                                                                       ip address trusted list
                                                                                                                                        ipv4 x.x.x.x y.y.y.y
                                                                                                                                       mode border-element
                                                                                                                                       allow-connections sip to sip
                                                                                                                                       no supplementary-service sip refer
                                                                                                                                       stun
                                                                                                                                        stun flowdata agent-id 1 boot-count 4
                                                                                                                                        stun flowdata shared-secret 0 Password123$
                                                                                                                                       sip 
                                                                                                                                        asymmetric payload full
                                                                                                                                        early-offer forced
                                                                                                                                        sip-profiles inbound
                                                                                                                                      

                                                                                                                                      Here's an explanation of the fields for the configuration:

                                                                                                                                      
                                                                                                                                      ip address trusted list
                                                                                                                                       ipv4 x.x.x.x y.y.y.y
                                                                                                                                      • To protect against toll fraud, the trusted address list defines a list of hosts and networks entities from which the Local Gateway expects legitimate VoIP calls.

                                                                                                                                      • By default, Local Gateway blocks all incoming VoIP messages from IP addresses not in its trusted list. Statically configured dial-peers with “session target IP” or server group IP addresses are trusted by default so do not need to be added to the trusted list.

                                                                                                                                      • When configuring your Local Gateway, add the IP subnets for your regional Webex Calling data center to the list, see Port Reference Information for Webex Calling for more information. Also, add address ranges for Unified Communications Manager servers (if used) and PSTN trunk gateways.

                                                                                                                                      • For more information on how to use an IP address trusted list to prevent toll fraud, see IP address trusted.

                                                                                                                                      mode border-element

                                                                                                                                      Enables Cisco Unified Border Element (CUBE) features on the platform.

                                                                                                                                      allow-connections sip to sip

                                                                                                                                      Enable CUBE basic SIP back to back user agent functionality. For more information, see Allow connections.

                                                                                                                                      By default, T.38 fax transport is enabled. For more information, see fax protocol t38 (voice-service).

                                                                                                                                      stun

                                                                                                                                      Enables STUN (Session Traversal of UDP through NAT) globally.

                                                                                                                                      These global stun commands are only required when deploying your Local Gateway behind NAT.
                                                                                                                                      • When you forward a call to a Webex Calling user (for example, both the called and calling parties are Webex Calling subscribers and if you anchor media at the Webex Calling SBC), then the media cannot flow to the Local Gateway as the pinhole isn't open.

                                                                                                                                      • The STUN bindings feature on the Local Gateway allows locally generated STUN requests to be sent over the negotiated media path. This helps to open the pinhole in the firewall.

                                                                                                                                      For more information, see  stun flowdata agent-id and  stun flowdata shared-secret.

                                                                                                                                      asymmetric payload full

                                                                                                                                      Configures SIP asymmetric payload support for both DTMF and dynamic codec payloads. For more information on this command, see asymmetric payload.

                                                                                                                                      early-offer forced

                                                                                                                                      Forces the Local Gateway to send SDP information in the initial INVITE message instead of waiting for acknowledgment from the neighboring peer. For more information on this command, see early-offer.

                                                                                                                                      sip-profiles inbound

                                                                                                                                      Enables CUBE to use SIP profiles to modify messages as they are received. Profiles are applied via dial-peers or tenants.

                                                                                                                                      3

                                                                                                                                      Configure voice class codec 100 codec filter for the trunk. In this example, the same codec filter is used for all trunks. You can configure filters for each trunk for precise control.

                                                                                                                                      
                                                                                                                                      voice class codec 100
                                                                                                                                       codec preference 1 opus
                                                                                                                                       codec preference 2 g711ulaw
                                                                                                                                       codec preference 3 g711alaw
                                                                                                                                      

                                                                                                                                      Here's an explanation of the fields for the configuration:

                                                                                                                                      voice class codec 100

                                                                                                                                      Used to only allow preferred codecs for calls through SIP trunks. For more information, see voice class codec.

                                                                                                                                      Opus codec is supported only for SIP-based PSTN trunks. If the PSTN trunk uses a voice T1/E1 or analog FXO connection, exclude codec preference 1 opus from the voice class codec 100 configuration.

                                                                                                                                      4

                                                                                                                                      Configure voice class stun-usage 100 to enable ICE on the Webex Calling trunk. (This step is not applicable for Webex for Government)

                                                                                                                                      
                                                                                                                                      voice class stun-usage 100 
                                                                                                                                       stun usage firewall-traversal flowdata
                                                                                                                                       stun usage ice lite
                                                                                                                                      

                                                                                                                                      Here's an explanation of the fields for the configuration:

                                                                                                                                      stun usage ice lite

                                                                                                                                      Used to enable ICE-Lite for all Webex Calling facing dial-peers to allow media-optimization whenever possible. For more information, see voice class stun usage and stun usage ice lite.

                                                                                                                                      The stun usage firewall-traversal flowdata command is only required when deploying your Local Gateway behind NAT.
                                                                                                                                      You require stun usage of ICE-lite for call flows using media path optimization. To provide media-optimization for a SIP to TDM gateway, configure a loopback dial-peer with ICE-Lite enabled on the IP-IP leg. For further technical details, contact the Account or TAC teams.
                                                                                                                                      5

                                                                                                                                      Configure the media encryption policy for Webex traffic. (This step is not applicable for Webex for Government)

                                                                                                                                      
                                                                                                                                      voice class srtp-crypto 100
                                                                                                                                       crypto 1 AES_CM_128_HMAC_SHA1_80

                                                                                                                                      Here's an explanation of the fields for the configuration:

                                                                                                                                      voice class srtp-crypto 100

                                                                                                                                      Specifies SHA1_80 as the only SRTP cipher-suite CUBE offers in the SDP in offer and answer messages. Webex Calling only supports SHA1_80. For more information, see voice class srtp-crypto.

                                                                                                                                      6

                                                                                                                                      Configure FIPS-compliant GCM ciphers (This step is applicable only for Webex for Government).

                                                                                                                                      
                                                                                                                                      voice class srtp-crypto 100
                                                                                                                                      crypto 1 AEAD_AES_256_GCM
                                                                                                                                      

                                                                                                                                      Here's an explanation of the fields for the configuration:

                                                                                                                                      voice class srtp-crypto 100

                                                                                                                                      Specifies GCM as the cipher-suite that CUBE offers. It is mandatory to configure GCM ciphers for Local Gateway for Webex for Government.

                                                                                                                                      7

                                                                                                                                      Configure a pattern to uniquely identify calls to a Local Gateway trunk based on its destination FQDN or SRV:

                                                                                                                                      
                                                                                                                                      voice class uri 100 sip
                                                                                                                                       pattern cube1.lgw.com

                                                                                                                                      Here's an explanation of the fields for the configuration:

                                                                                                                                      voice class uri 100 sip

                                                                                                                                      Defines a pattern to match an incoming SIP invite to an incoming trunk dial-peer. When entering this pattern, use LGW FQDN or SRV configured in Control Hub while creating a trunk.

                                                                                                                                      8

                                                                                                                                      Configure SIP message manipulation profiles. If your gateway is configured with a public IP address, configure a profile as follows or skip to the next step if you are using NAT. In this example, cube1.lgw.com is the FQDN configured for the Local Gateway and "198.51.100.1" is the public IP address of the Local Gateway interface facing Webex Calling:

                                                                                                                                      
                                                                                                                                      voice class sip-profiles 100
                                                                                                                                       rule 10 request ANY sip-header Contact modify "@.*:" "@cube1.lgw.com:" 
                                                                                                                                       rule 20 response ANY sip-header Contact modify "@.*:" "@cube1.lgw.com:" 
                                                                                                                                       

                                                                                                                                      Here's an explanation of the fields for the configuration:

                                                                                                                                      rules 10 and 20

                                                                                                                                      To allow Webex to authenticate messages from your local gateway, the 'Contact' header in SIP request and responses messages must contain the value provisioned for the trunk in Control Hub. This will either be the FQDN of a single host, or the SRV domain name used for a cluster of devices.

                                                                                                                                      Skip the next step if you have configured your Local Gateway with public IP addresses.

                                                                                                                                      9

                                                                                                                                      If your gateway is configured with a private IP address behind static NAT, configure inbound and outbound SIP profiles as follows. In this example, cube1.lgw.com is the FQDN configured for the Local Gateway, "10.80.13.12" is the interface IP address facing Webex Calling and "192.65.79.20" is the NAT public IP address.

                                                                                                                                      SIP profiles for outbound messages to Webex Calling
                                                                                                                                      
                                                                                                                                      voice class sip-profiles 100
                                                                                                                                       rule 10 request ANY sip-header Contact modify "@.*:" "@cube1.lgw.com:"
                                                                                                                                       rule 20 response ANY sip-header Contact modify "@.*:" "@cube1.lgw.com:"
                                                                                                                                       rule 30 response ANY sdp-header Audio-Attribute modify "(a=candidate:1 1.*) 10.80.13.12" "\1 192.65.79.20"
                                                                                                                                       rule 31 response ANY sdp-header Audio-Attribute modify "(a=candidate:1 2.*) 10.80.13.12" "\1 192.65.79.20"
                                                                                                                                       rule 40 response ANY sdp-header Audio-Connection-Info modify "IN IP4 10.80.13.12" "IN IP4 192.65.79.20"
                                                                                                                                       rule 41 request ANY sdp-header Audio-Connection-Info modify "IN IP4 10.80.13.12" "IN IP4 192.65.79.20"
                                                                                                                                       rule 50 request ANY sdp-header Connection-Info modify "IN IP4 10.80.13.12" "IN IP4 192.65.79.20"
                                                                                                                                       rule 51 response ANY sdp-header Connection-Info modify "IN IP4 10.80.13.12" "IN IP4 192.65.79.20"
                                                                                                                                       rule 60 response ANY sdp-header Session-Owner modify "IN IP4 10.80.13.12" "IN IP4 192.65.79.20"
                                                                                                                                       rule 61 request ANY sdp-header Session-Owner modify "IN IP4 10.80.13.12" "IN IP4 192.65.79.20"
                                                                                                                                       rule 70 request ANY sdp-header Audio-Attribute modify "(a=rtcp:.*) 10.80.13.12" "\1 192.65.79.20"
                                                                                                                                       rule 71 response ANY sdp-header Audio-Attribute modify "(a=rtcp:.*) 10.80.13.12" "\1 192.65.79.20
                                                                                                                                       rule 80 request ANY sdp-header Audio-Attribute modify "(a=candidate:1 1.*) 10.80.13.12" "\1 192.65.79.20"
                                                                                                                                       rule 81 request ANY sdp-header Audio-Attribute modify "(a=candidate:1 2.*) 10.80.13.12" "\1 192.65.79.20"

                                                                                                                                      Here's an explanation of the fields for the configuration:

                                                                                                                                      rules 10 and 20

                                                                                                                                      To allow Webex to authenticate messages from your local gateway, the 'Contact' header in SIP request and responses messages must contain the value provisioned for the trunk in Control Hub. This will either be the FQDN of a single host, or the SRV domain name used for a cluster of devices.

                                                                                                                                      rules 30 to 81

                                                                                                                                      Convert private address references to the external public address for the site, allowing Webex to correctly interpret and route subsequent messages.

                                                                                                                                      SIP profile for inbound messages from Webex Calling
                                                                                                                                      
                                                                                                                                      voice class sip-profiles 110
                                                                                                                                       rule 10 response ANY sdp-header Video-Connection-Info modify "192.65.79.20" "10.80.13.12"
                                                                                                                                       rule 20 response ANY sip-header Contact modify "@.*:" "@cube1.lgw.com:"
                                                                                                                                       rule 30 response ANY sdp-header Connection-Info modify "192.65.79.20" "10.80.13.12"
                                                                                                                                       rule 40 response ANY sdp-header Audio-Connection-Info modify "192.65.79.20" "10.80.13.12"
                                                                                                                                       rule 50 response ANY sdp-header Session-Owner modify "192.65.79.20" "10.80.13.12"
                                                                                                                                       rule 60 response ANY sdp-header Audio-Attribute modify "(a=candidate:1 1.*) 192.65.79.20" "\1 10.80.13.12"
                                                                                                                                       rule 70 response ANY sdp-header Audio-Attribute modify "(a=candidate:1 2.*) 192.65.79.20" "\1 10.80.13.12"
                                                                                                                                       rule 80 response ANY sdp-header Audio-Attribute modify "(a=rtcp:.*) 192.65.79.20" "\1 10.80.13.12"

                                                                                                                                      Here's an explanation of the fields for the configuration:

                                                                                                                                      rules 10 to 80

                                                                                                                                      Convert public address references to the configured private address, allowing messages from Webex to be correctly processed by CUBE.

                                                                                                                                      For more information, see voice class sip-profiles.

                                                                                                                                      10

                                                                                                                                      Configure a SIP Options keepalive with header modification profile.

                                                                                                                                      
                                                                                                                                      voice class sip-profiles 115
                                                                                                                                       rule 10 request OPTIONS sip-header Contact modify "<sip:.*:" "<sip:cube1.lgw.com:" 
                                                                                                                                       rule 30 request ANY sip-header Via modify "(SIP.*) 10.80.13.12" "\1 192.65.79.20"
                                                                                                                                       rule 40 response ANY sdp-header Connection-Info modify "10.80.13.12" "192.65.79.20"  
                                                                                                                                       rule 50 response ANY sdp-header Audio-Connection-Info modify "10.80.13.12" "192.65.79.20"
                                                                                                                                      !
                                                                                                                                      voice class sip-options-keepalive 100
                                                                                                                                       description Keepalive for Webex Calling
                                                                                                                                       up-interval 5
                                                                                                                                       transport tcp tls
                                                                                                                                       sip-profiles 115

                                                                                                                                      Here's an explanation of the fields for the configuration:

                                                                                                                                      voice class sip-options-keepalive 100

                                                                                                                                      Configures a keepalive profile and enters voice class configuration mode. You can configure the time (in seconds) at which an SIP Out of Dialog Options Ping is sent to the dial-target when the heartbeat connection to the endpoint is in UP or Down status.

                                                                                                                                      This keepalive profile is triggered from the dial-peer configured towards Webex.

                                                                                                                                      To ensure that the contact headers include the SBC fully qualified domain name, SIP profile 115 is used. Rules 30, 40, and 50 are required only when the SBC is configured behind static NAT.

                                                                                                                                      In this example, cube1.lgw.com is the FQDN selected for the Local Gateway and if static NAT is used, "10.80.13.12" is the SBC interface IP address towards Webex Calling and "192.65.79.20" is the NAT public IP address.

                                                                                                                                      11

                                                                                                                                      Configure Webex Calling trunk:

                                                                                                                                      1. Create voice class tenant 100 to define and group configurations required specifically for the Webex Calling trunk. Dial-peers associated with this tenant later will inherit these configurations:

                                                                                                                                        The following example uses the values illustrated in Step 1 for the purpose of this guide (shown in bold). Replace these with values for your trunk in your configuration.

                                                                                                                                        
                                                                                                                                        voice class tenant 100
                                                                                                                                         no remote-party-id
                                                                                                                                         sip-server dns:us25.sipconnect.bcld.webex.com
                                                                                                                                         srtp-crypto 100
                                                                                                                                         localhost dns:cube1.lgw.com
                                                                                                                                         session transport tcp tls
                                                                                                                                         no session refresh
                                                                                                                                         error-passthru
                                                                                                                                         bind control source-interface GigabitEthernet0/0/1
                                                                                                                                         bind media source-interface GigabitEthernet0/0/1
                                                                                                                                         no pass-thru content custom-sdp
                                                                                                                                         sip-profiles 100 
                                                                                                                                         sip-profiles 110 inbound
                                                                                                                                         privacy-policy passthru
                                                                                                                                        !

                                                                                                                                        Here's an explanation of the fields for the configuration:

                                                                                                                                        voice class tenant 100

                                                                                                                                        We recommend that you use tenants to configure trunks which have their own TLS certificate, and CN or SAN validation list. Here, the tls-profile associated with the tenant contains the trust point to be used to accept or create new connections, and has the CN or SAN list to validate the incoming connections. For more information, see voice class tenant.

                                                                                                                                        no remote-party-id

                                                                                                                                        Disable SIP Remote-Party-ID (RPID) header as Webex Calling supports PAI, which is enabled using CIO asserted-id pai. For more information, see remote-party-id.

                                                                                                                                        sip-server dns:us25.sipconnect.bcld.webex.com

                                                                                                                                        Configures the target SIP server for the trunk. Use the edge proxy SRV address provided in Control Hub when you created your trunk

                                                                                                                                        srtp-crypto 100

                                                                                                                                        Configures the preferred cipher-suites for the SRTP call leg (connection) (specified in Step 5). For more information, see voice class srtp-crypto.

                                                                                                                                        localhost dns: cube1.lgw.com

                                                                                                                                        Configures CUBE to replace the physical IP address in the From, Call-ID, and Remote-Party-ID headers in outgoing messages with the provided FQDN.

                                                                                                                                        session transport tcp tls

                                                                                                                                        Sets transport to TLS for associated dial-peers. For more information, see session-transport.

                                                                                                                                        no session refresh

                                                                                                                                        Disables SIP session refresh globally.

                                                                                                                                        error-passthru

                                                                                                                                        Specifies SIP error response pass-thru functionality. For more information, see error-passthru.

                                                                                                                                        bind control source-interface GigabitEthernet0/0/1

                                                                                                                                        Configures the source interface and associated IP address for messages sent to Webex Calling. For more information, see bind.

                                                                                                                                        bind media source-interface GigabitEthernet0/0/1

                                                                                                                                        Configures the source interface and associated IP address for media sent to Webex Calling. For more information, see bind.

                                                                                                                                        voice-class sip profiles 100

                                                                                                                                        Applies the header modification profile (Public IP or NAT addressing) to use for outbound messages. For more information, see voice-class sip profiles.

                                                                                                                                        voice-class sip profiles 110 inbound

                                                                                                                                        Applies the header modification profile (NAT addressing only) to use for inbound messages. For more information, see voice-class sip profiles.

                                                                                                                                        privacy-policy passthru

                                                                                                                                        Configures the privacy header policy options for the trunk to pass privacy values from the received message to the next call leg. For more information, see privacy-policy.

                                                                                                                                      2. Configure the Webex Calling trunk dial-peer.

                                                                                                                                        
                                                                                                                                        dial-peer voice 100 voip
                                                                                                                                         description Inbound/Outbound Webex Calling
                                                                                                                                         destination-pattern BAD.BAD
                                                                                                                                         session protocol sipv2
                                                                                                                                         session target sip-server
                                                                                                                                         incoming uri request 100
                                                                                                                                         voice-class codec 100
                                                                                                                                         voice-class stun-usage 100
                                                                                                                                         voice-class sip rel1xx disable
                                                                                                                                         voice-class sip asserted-id pai
                                                                                                                                         voice-class sip tenant 100
                                                                                                                                         voice-class sip options-keepalive profile 100
                                                                                                                                         dtmf-relay rtp-nte 
                                                                                                                                         srtp
                                                                                                                                         no vad
                                                                                                                                        

                                                                                                                                        Here's an explanation of the fields for the configuration:

                                                                                                                                        
                                                                                                                                        dial-peer voice 100 voip
                                                                                                                                         description Inbound/Outbound Webex Calling

                                                                                                                                        Defines a VoIP dial-peer with a tag of 100 and gives a meaningful description for ease of management and troubleshooting. For more information, see dial-peer voice.

                                                                                                                                        destination-pattern BAD.BAD

                                                                                                                                        A dummy destination pattern is required when routing outbound calls using an inbound dial-peer group. Any valid destination pattern may be used in this case.

                                                                                                                                        session protocol sipv2

                                                                                                                                        Specifies that dial-peer 100 handles SIP call legs. For more information, see session protocol (dial-peer).

                                                                                                                                        session target sip-server

                                                                                                                                        Indicates that the SIP server defined in tenant 100 is inherited and used for the destination for calls from this dial peer.

                                                                                                                                        incoming uri request 100

                                                                                                                                        To specify the voice class used to match a VoIP dial peer to the uniform resource identifier (URI) of an incoming call. For more information, see  incoming uri.

                                                                                                                                        voice-class codec 100

                                                                                                                                        Indicates codec filter list for calls to and from Webex Calling. For more information, see voice class codec.

                                                                                                                                        voice-class stun-usage 100

                                                                                                                                        Allows locally generated STUN requests on the Local Gateway to be sent over the negotiated media path. STUN help to open a firewall pinhole for media traffic.

                                                                                                                                        voice-class sip asserted-id pai

                                                                                                                                        Sets the outgoing calling information using the privacy asserted ID (PAI) header. For more information, see voice-class sip asserted-id.

                                                                                                                                        voice-class sip tenant 100

                                                                                                                                        The dial-peer inherits all parameters configured globally and in tenant 100. Parameters may overridden at the dial-peer level. For more information, see  voice-class sip tenant.

                                                                                                                                        voice-class sip options-keepalive profile 100

                                                                                                                                        This command is used to monitor the availability of a group of SIP servers or endpoints using a specific profile (100).

                                                                                                                                        srtp

                                                                                                                                        Enables SRTP for the call leg.

                                                                                                                                      Having built a trunk towards Webex Calling above, use the following configuration to create a non-encrypted trunk towards a SIP based PSTN provider:

                                                                                                                                      If your Service Provider offers a secure PSTN trunk, you may follow a similar configuration as detailed above for the Webex Calling trunk. Secure to secure call routing is supported by CUBE.

                                                                                                                                      If you are using a TDM / ISDN PSTN trunk, skip to next section Configure Local Gateway with TDM PSTN trunk.

                                                                                                                                      To configure TDM interfaces for PSTN call legs on the Cisco TDM-SIP Gateways, see  Configuring ISDN PRI.

                                                                                                                                      1

                                                                                                                                      Configure the following voice class uri to identify inbound calls from the PSTN trunk:

                                                                                                                                      
                                                                                                                                      voice class uri 200 sip
                                                                                                                                        host ipv4:192.168.80.13
                                                                                                                                      

                                                                                                                                      Here's an explanation of the fields for the configuration:

                                                                                                                                      voice class uri 200 sip

                                                                                                                                      Defines a pattern to match an incoming SIP invite to an incoming trunk dial-peer. When entering this pattern, use the IP address of you IP PSTN gateway. For more information, see  voice class uri.

                                                                                                                                      2

                                                                                                                                      Configure the following IP PSTN dial-peer:

                                                                                                                                      
                                                                                                                                      dial-peer voice 200 voip
                                                                                                                                       description Inbound/Outbound IP PSTN trunk
                                                                                                                                       destination-pattern BAD.BAD
                                                                                                                                       session protocol sipv2
                                                                                                                                       session target ipv4:192.168.80.13
                                                                                                                                       incoming uri via 200
                                                                                                                                       voice-class sip bind control source-interface GigabitEthernet0/0/0 
                                                                                                                                       voice-class sip bind media source-interface  GigabitEthernet0/0/0 
                                                                                                                                       voice-class codec 100
                                                                                                                                       dtmf-relay rtp-nte 
                                                                                                                                       no vad
                                                                                                                                      

                                                                                                                                      Here's an explanation of the fields for the configuration:

                                                                                                                                      
                                                                                                                                      dial-peer voice 200 voip
                                                                                                                                       description Inbound/Outbound IP PSTN trunk

                                                                                                                                      Defines a VoIP dial-peer with a tag of 200 and gives a meaningful description for ease of management and troubleshooting. For more information, see dial-peer voice.

                                                                                                                                      destination-pattern BAD.BAD

                                                                                                                                      A dummy destination pattern is required when routing outbound calls using an inbound dial-peer group. For more information, see destination-pattern (interface).

                                                                                                                                      session protocol sipv2

                                                                                                                                      Specifies that dial-peer 200 handles SIP call legs. For more information, see session protocol (dial peer).

                                                                                                                                      session target ipv4:192.168.80.13

                                                                                                                                      Indicates the destination’s target IPv4 address to send the call leg. The session target here is ITSP’s IP address. For more information, see  session target (VoIP dial peer).

                                                                                                                                      incoming uri via 200

                                                                                                                                      Defines a match criterion for the VIA header with the IP PSTN’s IP address. Matches all incoming IP PSTN call legs on the Local Gateway with dial-peer 200. For more information, see  incoming url.

                                                                                                                                      bind control source-interface GigabitEthernet0/0/0

                                                                                                                                      Configures the source interface and associated IP address for messages sent to the PSTN. For more information, see  bind.

                                                                                                                                      bind media source-interface GigabitEthernet0/0/0

                                                                                                                                      Configures the source interface and associated IP address for media sent to PSTN. For more information, see  bind.

                                                                                                                                      voice-class codec 100

                                                                                                                                      Configures the dial-peer to use the common codec filter list 100. For more information, see voice-class codec.

                                                                                                                                      dtmf-relay rtp-nte

                                                                                                                                      Defines RTP-NTE (RFC2833) as the DTMF capability expected on the call leg. For more information, see DTMF Relay (Voice over IP).

                                                                                                                                      no vad

                                                                                                                                      Disables voice activity detection. For more information, see vad (dial peer).

                                                                                                                                      3

                                                                                                                                      If you are configuring your Local Gateway to only route calls between Webex Calling and the PSTN, add the following call routing configuration. If you are configuring your Local Gateway with a Unified Communications Manager platform, skip to the next section.

                                                                                                                                      1. Create dial-peer groups to route calls towards Webex Calling or the PSTN. Define DPG 100 with outbound dial-peer 100 toward Webex Calling. DPG 100 is applied to the incoming dial-peer from the PSTN. Similarly, define DPG 200 with outbound dial-peer 200 toward the PSTN. DPG 200 is applied to the incoming dial-peer from Webex.

                                                                                                                                        
                                                                                                                                        voice class dpg 100 
                                                                                                                                         description Route calls to Webex Calling 
                                                                                                                                         dial-peer 100 
                                                                                                                                        voice class dpg 200 
                                                                                                                                         description Route calls to PSTN 
                                                                                                                                         dial-peer 200

                                                                                                                                        Here's an explanation of the fields for the configuration:

                                                                                                                                        dial-peer 100

                                                                                                                                        Associates an outbound dial-peer with a dial-peer group. For more information, see  voice-class dpg.

                                                                                                                                      2. Apply dial-peer groups to route calls from Webex to the PSTN and from the PSTN to Webex:

                                                                                                                                        
                                                                                                                                        dial-peer voice 100
                                                                                                                                         destination dpg 200
                                                                                                                                        dial-peer voice 200
                                                                                                                                         destination dpg 100 

                                                                                                                                        Here's an explanation of the fields for the configuration:

                                                                                                                                        destination dpg 200

                                                                                                                                        Specifies which dial-peer group, and therefore dial-peer should be used for the outbound treatment for calls presented to this incoming dial-peer.

                                                                                                                                        This concludes your Local Gateway configuration. Save the configuration and reload the platform if this is the first time CUBE features are configured.

                                                                                                                                      Having built a trunk towards Webex Calling, use the following configuration to create a TDM trunk for your PSTN service with loop-back call routing to allow media optimization on the Webex call leg.

                                                                                                                                      If you do not require IP media optimization, follow the configuration steps for a SIP PSTN trunk. Use a voice port and POTS dial-peer (as shown in Steps 2 and 3) instead of the PSTN VoIP dial-peer.
                                                                                                                                      1

                                                                                                                                      The loop-back dial-peer configuration uses dial-peer groups and call routing tags to ensure that calls pass correctly between Webex and the PSTN, without creating call routing loops. Configure the following translation rules that will be used to add and remove the call routing tags:

                                                                                                                                      
                                                                                                                                      voice translation-rule 100 
                                                                                                                                       rule 1 /^\+/ /A2A/ 
                                                                                                                                      
                                                                                                                                      voice translation-profile 100 
                                                                                                                                       translate called 100 
                                                                                                                                      
                                                                                                                                      voice translation-rule 200 
                                                                                                                                       rule 1 /^/ /A1A/ 
                                                                                                                                      
                                                                                                                                      voice translation-profile 200 
                                                                                                                                       translate called 200 
                                                                                                                                      
                                                                                                                                      voice translation-rule 11 
                                                                                                                                       rule 1 /^A1A/ // 
                                                                                                                                      
                                                                                                                                      voice translation-profile 11 
                                                                                                                                       translate called 11 
                                                                                                                                      
                                                                                                                                      voice translation-rule 12 
                                                                                                                                       rule 1 /^A2A44/ /0/
                                                                                                                                       rule 2/^A2A/ /00/
                                                                                                                                      
                                                                                                                                      voice translation-profile 12 
                                                                                                                                       translate called 12 
                                                                                                                                      

                                                                                                                                      Here's an explanation of the fields for the configuration:

                                                                                                                                      voice translation-rule

                                                                                                                                      Uses regular expressions defined in rules to add or remove call routing tags. Over-decadic digits (‘A’) are used to add clarity for troubleshooting.

                                                                                                                                      In this configuration, the tag added by translation-profile 100 is used to guide calls from Webex Calling towards the PSTN via the loopback dial-peers. Similarly, the tag added by translation-profile 200 is used to guide calls from the PSTN towards Webex Calling. Translation-profiles 11 and 12 remove these tags before delivering calls to the Webex and PSTN trunks respectively.

                                                                                                                                      This example assumes that called numbers from Webex Calling are presented in +E.164 format. Rule 100 removes the leading + to maintain a valid called number. Rule 12 then adds a national or international routing digit(s) when removing the tag. Use digits that suit your local ISDN national dial plan.

                                                                                                                                      If Webex Calling presents numbers in national format, adjust rules 100 and 12 to simply add and remove the routing tag respectively.

                                                                                                                                      For more information, see voice translation-profile and voice translation-rule.

                                                                                                                                      2

                                                                                                                                      Configure TDM voice interface ports as required by the trunk type and protocol used. For more information, see Configuring ISDN PRI. For example, the basic configuration of a Primary Rate ISDN interface installed in NIM slot 2 of a device might include the following:

                                                                                                                                      
                                                                                                                                      card type e1 0 2 
                                                                                                                                      isdn switch-type primary-net5 
                                                                                                                                      controller E1 0/2/0 
                                                                                                                                       pri-group timeslots 1-31 
                                                                                                                                      3

                                                                                                                                      Configure the following TDM PSTN dial-peer:

                                                                                                                                      
                                                                                                                                      dial-peer voice 200 pots 
                                                                                                                                       description Inbound/Outbound PRI PSTN trunk 
                                                                                                                                       destination-pattern BAD.BAD 
                                                                                                                                       translation-profile incoming 200 
                                                                                                                                       direct-inward-dial 
                                                                                                                                       port 0/2/0:15

                                                                                                                                      Here's an explanation of the fields for the configuration:

                                                                                                                                      
                                                                                                                                      dial-peer voice 200 pots
                                                                                                                                       description Inbound/Outbound PRI PSTN trunk

                                                                                                                                      Defines a VoIP dial-peer with a tag of 200 and gives a meaningful description for ease of management and troubleshooting. For more information, see dial-peer voice.

                                                                                                                                      destination-pattern BAD.BAD

                                                                                                                                      A dummy destination pattern is required when routing outbound calls using an inbound dial-peer group. For more information, see destination-pattern (interface).

                                                                                                                                      translation-profile incoming 200

                                                                                                                                      Assigns the translation profile that will add a call routing tag to the incoming called number.

                                                                                                                                      direct-inward-dial

                                                                                                                                      Routes the call without providing a secondary dial-tone. For more information, see direct-inward-dial.

                                                                                                                                      port 0/2/0:15

                                                                                                                                      The physical voice port associated with this dial-peer.

                                                                                                                                      4

                                                                                                                                      To enable media optimization of IP paths for Local Gateways with TDM-IP call flows, you can modify the call routing by introducing a set of internal loop-back dial-peers between Webex Calling and PSTN trunks. Configure the following loop-back dial-peers. In this case, all incoming calls will be routed initially to dial-peer 10 and from there to either dial-peer 11 or 12 based on the applied routing tag. After removal of the routing tag, calls will be routed to the outbound trunk using dial-peer groups.

                                                                                                                                      
                                                                                                                                      dial-peer voice 10 voip
                                                                                                                                       description Outbound loop-around leg
                                                                                                                                       destination-pattern BAD.BAD
                                                                                                                                       session protocol sipv2
                                                                                                                                       session target ipv4:192.168.80.14
                                                                                                                                       voice-class sip bind control source-interface GigabitEthernet0/0/0
                                                                                                                                       voice-class sip bind media source-interface GigabitEthernet0/0/0
                                                                                                                                       dtmf-relay rtp-nte
                                                                                                                                       codec g711alaw
                                                                                                                                       no vad 
                                                                                                                                      
                                                                                                                                      dial-peer voice 11 voip
                                                                                                                                       description Inbound loop-around leg towards Webex
                                                                                                                                       translation-profile incoming 11
                                                                                                                                       session protocol sipv2
                                                                                                                                       incoming called-number A1AT
                                                                                                                                       voice-class sip bind control source-interface GigabitEthernet0/0/0
                                                                                                                                       voice-class sip bind media source-interface GigabitEthernet0/0/0
                                                                                                                                       dtmf-relay rtp-nte
                                                                                                                                       codec g711alaw
                                                                                                                                       no vad 
                                                                                                                                      
                                                                                                                                      dial-peer voice 12 voip
                                                                                                                                       description Inbound loop-around leg towards PSTN
                                                                                                                                       translation-profile incoming 12
                                                                                                                                       session protocol sipv2
                                                                                                                                       incoming called-number A2AT
                                                                                                                                       voice-class sip bind control source-interface GigabitEthernet0/0/0
                                                                                                                                       voice-class sip bind media source-interface GigabitEthernet0/0/0
                                                                                                                                       dtmf-relay rtp-nte
                                                                                                                                       codec g711alaw 
                                                                                                                                       no vad 
                                                                                                                                      

                                                                                                                                      Here's an explanation of the fields for the configuration:

                                                                                                                                      
                                                                                                                                      dial-peer voice 10 pots
                                                                                                                                       description Outbound loop-around leg

                                                                                                                                      Defines a VoIP dial-peer and gives a meaningful description for ease of management and troubleshooting. For more information, see dial-peer voice.

                                                                                                                                      translation-profile incoming 11

                                                                                                                                      Applies the translation profile defined earlier to remove the call routing tag before passing to the outbound trunk.

                                                                                                                                      destination-pattern BAD.BAD

                                                                                                                                      A dummy destination pattern is required when routing outbound calls using an inbound dial-peer group. For more information, see destination-pattern (interface).

                                                                                                                                      session protocol sipv2

                                                                                                                                      Specifies that this dial-peer handles SIP call legs. For more information, see  session protocol (dial peer).

                                                                                                                                      session target 192.168.80.14

                                                                                                                                      Specifies the local router interface address as the call target to loop-back. For more information, see session target (voip dial peer).

                                                                                                                                      bind control source-interface GigabitEthernet0/0/0

                                                                                                                                      Configures the source interface and associated IP address for messages sent through the loop-back. For more information, see  bind.

                                                                                                                                      bind media source-interface GigabitEthernet0/0/0

                                                                                                                                      Configures the source interface and associated IP address for media sent through the loop-back. For more information, see  bind.

                                                                                                                                      dtmf-relay rtp-nte

                                                                                                                                      Defines RTP-NTE (RFC2833) as the DTMF capability expected on the call leg. For more information, see  DTMF Relay (Voice over IP).

                                                                                                                                      codec g711alaw

                                                                                                                                      Forces all PSTN calls to use G.711. Select a-law or u-law to match the companding method used by your ISDN service.

                                                                                                                                      no vad

                                                                                                                                      Disables voice activity detection. For more information, see  vad (dial peer).

                                                                                                                                      5

                                                                                                                                      Add the following call routing configuration:

                                                                                                                                      1. Create dial-peer groups to route calls between the PSTN and Webex trunks, via the loop-back.

                                                                                                                                        
                                                                                                                                        voice class dpg 100
                                                                                                                                         description Route calls to Webex Calling
                                                                                                                                         dial-peer 100
                                                                                                                                        voice class dpg 200
                                                                                                                                         description Route calls to PSTN
                                                                                                                                         dial-peer 200
                                                                                                                                        voice class dpg 10
                                                                                                                                         description Route calls to Loopback
                                                                                                                                         dial-peer 10

                                                                                                                                        Here's an explanation of the fields for the configuration:

                                                                                                                                        dial-peer 100

                                                                                                                                        Associates an outbound dial-peer with a dial-peer group. For more information, see  voice-class dpg.

                                                                                                                                      2. Apply dial-peer groups to route calls.

                                                                                                                                        
                                                                                                                                        dial-peer voice 100
                                                                                                                                         destination dpg 10
                                                                                                                                        dial-peer voice 200
                                                                                                                                         destination dpg 10
                                                                                                                                        dial-peer voice 11
                                                                                                                                         destination dpg 100
                                                                                                                                        dial-peer voice 12
                                                                                                                                         destination dpg 200

                                                                                                                                        Here's an explanation of the fields for the configuration:

                                                                                                                                        destination dpg 200

                                                                                                                                        Specifies which dial-peer group, and therefore dial-peer should be used for the outbound treatment for calls presented to this incoming dial-peer.

                                                                                                                                      This concludes your Local Gateway configuration. Save the configuration and reload the platform if this is the first time CUBE features are configured.

                                                                                                                                      The PSTN-Webex Calling configuration in the previous sections may be modified to include additional trunks to a Cisco Unified Communications Manager (UCM) cluster. In this case, all calls are routed via Unified CM. Calls from UCM on port 5060 are routed to the PSTN and calls from port 5065 are routed to Webex Calling. The following incremental configurations may be added to include this calling scenario.

                                                                                                                                      1

                                                                                                                                      Configure the following voice class URIs:

                                                                                                                                      1. Classifies Unified CM to Webex calls using SIP VIA port:

                                                                                                                                        
                                                                                                                                        voice class uri 300 sip
                                                                                                                                         pattern :5065
                                                                                                                                        
                                                                                                                                      2. Classifies Unified CM to PSTN calls using SIP via port:

                                                                                                                                        
                                                                                                                                        voice class uri 400 sip
                                                                                                                                         pattern 192\.168\.80\.6[0-5]:5060
                                                                                                                                        

                                                                                                                                        Classify incoming messages from the UCM towards the PSTN trunk using one or more patterns that describe the originating source addresses and port number. Regular expressions may be used to define matching patterns if required.

                                                                                                                                        In the example above, a regular expression is used to match any IP address in the range 192.168.80.60 to 65 and port number 5060.

                                                                                                                                      2

                                                                                                                                      Configure the following DNS records to specify SRV routing to Unified CM hosts:

                                                                                                                                      IOS XE uses these records for locally determining target UCM hosts and ports. With this configuration, it is not required to configure records in your DNS system. If you prefer to use your DNS, then these local configurations are not required.

                                                                                                                                      
                                                                                                                                      ip host ucmpub.mydomain.com 192.168.80.60
                                                                                                                                      ip host ucmsub1.mydomain.com 192.168.80.61
                                                                                                                                      ip host ucmsub2.mydomain.com 192.168.80.62
                                                                                                                                      ip host ucmsub3.mydomain.com 192.168.80.63
                                                                                                                                      ip host ucmsub4.mydomain.com 192.168.80.64
                                                                                                                                      ip host ucmsub5.mydomain.com 192.168.80.65
                                                                                                                                      ip host _sip._udp.wxtocucm.io srv 0 1 5065 ucmpub.mydomain.com
                                                                                                                                      ip host _sip._udp.wxtocucm.io srv 2 1 5065 ucmsub1.mydomain.com
                                                                                                                                      ip host _sip._udp.wxtocucm.io srv 2 1 5065 ucmsub2.mydomain.com
                                                                                                                                      ip host _sip._udp.wxtocucm.io srv 2 1 5065 ucmsub3.mydomain.com
                                                                                                                                      ip host _sip._udp.wxtocucm.io srv 2 1 5065 ucmsub4.mydomain.com
                                                                                                                                      ip host _sip._udp.wxtocucm.io srv 2 1 5065 ucmsub5.mydomain.com
                                                                                                                                      ip host _sip._udp.pstntocucm.io srv 0 1 5060 ucmpub.mydomain.com
                                                                                                                                      ip host _sip._udp.pstntocucm.io srv 2 1 5060 ucmsub1.mydomain.com
                                                                                                                                      ip host _sip._udp.pstntocucm.io srv 2 1 5060 ucmsub2.mydomain.com
                                                                                                                                      ip host _sip._udp.pstntocucm.io srv 2 1 5060 ucmsub3.mydomain.com
                                                                                                                                      ip host _sip._udp.pstntocucm.io srv 2 1 5060 ucmsub4.mydomain.com
                                                                                                                                      ip host _sip._udp.pstntocucm.io srv 2 1 5060 ucmsub5.mydomain.com
                                                                                                                                      

                                                                                                                                      Here's an explanation of the fields for the configuration:

                                                                                                                                      The following command creates a DNS SRV resource record. Create a record for each UCM host and trunk:

                                                                                                                                      ip host _sip._udp.pstntocucm.io srv 2 1 5060 ucmsub5.mydomain.com

                                                                                                                                      _sip._udp.pstntocucm.io: SRV resource record name

                                                                                                                                      2: The SRV resource record priority

                                                                                                                                      1: The SRV resource record weight

                                                                                                                                      5060: The port number to use for the target host in this resource record

                                                                                                                                      ucmsub5.mydomain.com: The resource record target host

                                                                                                                                      To resolve the resource record target host names, create local DNS A records. For example:

                                                                                                                                      ip host ucmsub5.mydomain.com 192.168.80.65

                                                                                                                                      ip host: Creates a record in the local IOS XE database.

                                                                                                                                      ucmsub5.mydomain.com: The A record host name.

                                                                                                                                      192.168.80.65: The host IP address.

                                                                                                                                      Create the SRV resource records and A records to reflect your UCM environment and preferred call distribution strategy.

                                                                                                                                      3

                                                                                                                                      Configure the following dial-peers:

                                                                                                                                      1. Dial-peer for calls between Unified CM and Webex Calling:

                                                                                                                                        
                                                                                                                                        dial-peer voice 300 voip
                                                                                                                                         description UCM-Webex Calling trunk
                                                                                                                                         destination-pattern BAD.BAD
                                                                                                                                         session protocol sipv2
                                                                                                                                         session target dns:wxtocucm.io
                                                                                                                                         incoming uri via 300
                                                                                                                                         voice-class codec 100
                                                                                                                                         voice-class sip bind control source-interface GigabitEthernet 0/0/0
                                                                                                                                         voice-class sip bind media source-interface GigabitEthernet 0/0/0
                                                                                                                                         dtmf-relay rtp-nte
                                                                                                                                         no vad
                                                                                                                                        

                                                                                                                                        Here's an explanation of the fields for the configuration:

                                                                                                                                        
                                                                                                                                        dial-peer voice 300 voip
                                                                                                                                         description UCM-Webex Calling trunk

                                                                                                                                        Defines a VoIP dial-peer with a tag 300 and gives a meaningful description for ease of management and troubleshooting.

                                                                                                                                        destination-pattern BAD.BAD

                                                                                                                                        A dummy destination pattern is required when routing outbound calls using an inbound dial-peer group. Any valid destination pattern may be used in this case.

                                                                                                                                        session protocol sipv2

                                                                                                                                        Specifies that dial-peer 300 handles SIP call legs. For more information, see  session protocol (dial-peer).

                                                                                                                                        session target dns:wxtocucm.io

                                                                                                                                        Defines the session target of multiple Unified CM nodes through DNS SRV resolution. In this case, the locally defined SRV record wxtocucm.io is used to direct calls.

                                                                                                                                        incoming uri via 300

                                                                                                                                        Uses voice class URI 300 to direct all incoming traffic from Unified CM using source port 5065 to this dial-peer. For more information, see  incoming uri.

                                                                                                                                        voice-class codec 100

                                                                                                                                        Indicates codec filter list for calls to and from Unified CM. For more information, see  voice class codec.

                                                                                                                                        bind control source-interface GigabitEthernet0/0/0

                                                                                                                                        Configures the source interface and associated IP address for messages sent to the PSTN. For more information, see  bind.

                                                                                                                                        bind media source-interface GigabitEthernet0/0/0

                                                                                                                                        Configures the source interface and associated IP address for media sent to PSTN. For more information, see  bind.

                                                                                                                                        dtmf-relay rtp-nte

                                                                                                                                        Defines RTP-NTE (RFC2833) as the DTMF capability expected on the call leg. For more information, see  DTMF Relay (Voice over IP).

                                                                                                                                        no vad

                                                                                                                                        Disables voice activity detection. For more information, see  vad (dial peer).

                                                                                                                                      2. Dial-peer for calls between Unified CM and the PSTN:

                                                                                                                                        
                                                                                                                                        dial-peer voice 400 voip
                                                                                                                                         description UCM-PSTN trunk
                                                                                                                                         destination-pattern BAD.BAD
                                                                                                                                         session protocol sipv2
                                                                                                                                         session target dns:pstntocucm.io
                                                                                                                                         incoming uri via 400
                                                                                                                                         voice-class codec 100 
                                                                                                                                         voice-class sip bind control source-interface GigabitEthernet 0/0/0
                                                                                                                                         voice-class sip bind media source-interface GigabitEthernet 0/0/0
                                                                                                                                         dtmf-relay rtp-nte
                                                                                                                                         no vad
                                                                                                                                        

                                                                                                                                        Here's an explanation of the fields for the configuration:

                                                                                                                                        
                                                                                                                                        dial-peer voice 400 voip
                                                                                                                                         description UCM-PSTN trunk

                                                                                                                                        Defines a VoIP dial-peer with a tag of 400 and gives a meaningful description for ease of management and troubleshooting.

                                                                                                                                        destination-pattern BAD.BAD

                                                                                                                                        A dummy destination pattern is required when routing outbound calls using an inbound dial-peer group. Any valid destination pattern may be used in this case.

                                                                                                                                        session protocol sipv2

                                                                                                                                        Specifies that dial-peer 400 handles SIP call legs. For more information, see  session protocol (dial-peer).

                                                                                                                                        session target dns:pstntocucm.io

                                                                                                                                        Defines the session target of multiple Unified CM nodes through DNS SRV resolution. In this case, the locally defined SRV record pstntocucm.io is used to direct calls.

                                                                                                                                        incoming uri via 400

                                                                                                                                        Uses voice class URI 400 to direct all incoming traffic from the specified Unified CM hosts using source port 5060 to this dial-peer. For more information, see  incoming uri.

                                                                                                                                        voice-class codec 100

                                                                                                                                        Indicates codec filter list for calls to and from Unified CM. For more information, see  voice class codec.

                                                                                                                                        bind control source-interface GigabitEthernet0/0/0

                                                                                                                                        Configures the source interface and associated IP address for messages sent to the PSTN. For more information, see  bind.

                                                                                                                                        bind media source-interface GigabitEthernet0/0/0

                                                                                                                                        Configures the source interface and associated IP address for media sent to PSTN. For more information, see  bind.

                                                                                                                                        dtmf-relay rtp-nte

                                                                                                                                        Defines RTP-NTE (RFC2833) as the DTMF capability expected on the call leg. For more information, see  DTMF Relay (Voice over IP).

                                                                                                                                        no vad

                                                                                                                                        Disables voice activity detection. For more information, see  vad (dial peer).

                                                                                                                                      4

                                                                                                                                      Add call routing using the following configurations:

                                                                                                                                      1. Create dial-peer groups to route calls between Unified CM and Webex Calling. Define DPG 100 with outbound dial-peer 100 towards Webex Calling. DPG 100 is applied to the associated incoming dial-peer from Unified CM. Similarly, define DPG 300 with outbound dial-peer 300 toward Unified CM. DPG 300 is applied to the incoming dial-peer from Webex.

                                                                                                                                        
                                                                                                                                        voice class dpg 100
                                                                                                                                         description Route calls to Webex Calling
                                                                                                                                         dial-peer 100
                                                                                                                                        voice class dpg 300
                                                                                                                                         description Route calls to Unified CM Webex Calling trunk
                                                                                                                                         dial-peer 300 
                                                                                                                                      2. Create a dial-peer groups to route calls between Unified CM and the PSTN. Define DPG 200 with outbound dial-peer 200 toward the PSTN. DPG 200 is applied to the associated incoming dial-peer from Unified CM. Similarly, define DPG 400 with outbound dial-peer 400 toward Unified CM. DPG 400 is applied to the incoming dial-peer from the PSTN.

                                                                                                                                        
                                                                                                                                        voice class dpg 200
                                                                                                                                         description Route calls to PSTN
                                                                                                                                         dial-peer 200
                                                                                                                                        voice class dpg 400
                                                                                                                                         description Route calls to Unified CM PSTN trunk
                                                                                                                                         dial-peer 400

                                                                                                                                        Here's an explanation of the fields for the configuration:

                                                                                                                                        dial-peer  100

                                                                                                                                        Associates an outbound dial-peer with a dial-peer group. For more information, see  voice-class dpg.

                                                                                                                                      3. Apply dial-peer groups to route calls from Webex to Unified CM and from Unified CM to Webex:

                                                                                                                                        
                                                                                                                                        dial-peer voice 100
                                                                                                                                         destination dpg 300
                                                                                                                                        dial-peer voice 300
                                                                                                                                         destination dpg 100

                                                                                                                                        Here's an explanation of the fields for the configuration:

                                                                                                                                        destination dpg 300

                                                                                                                                        Specifies which dial-peer group, and therefore dial-peer should be used for the outbound treatment for calls presented to this incoming dial-peer.

                                                                                                                                      4. Apply dial-peer groups to route calls from the PSTN to Unified CM and from Unified CM to the PSTN:

                                                                                                                                        
                                                                                                                                        dial-peer voice 200
                                                                                                                                         destination dpg 400
                                                                                                                                        dial-peer voice 400
                                                                                                                                         destination dpg 200 

                                                                                                                                        This concludes your Local Gateway configuration. Save the configuration and reload the platform if this is the first time CUBE features have been configured.

                                                                                                                                      Diagnostic Signatures (DS) proactively detects commonly observed issues in the Cisco IOS XE-based Local Gateway and generates email, syslog, or terminal message notification of the event. You can also install the DS to automate diagnostics data collection and transfer collected data to the Cisco TAC case to accelerate resolution time.

                                                                                                                                      Diagnostic Signatures (DS) are XML files that contain information about problem trigger events and actions to inform, troubleshoot, and remediate the issue. Use syslog messages, SNMP events and through periodic monitoring of specific show command outputs to define the problem detection logic. The action types include:

                                                                                                                                      • Collecting show command outputs

                                                                                                                                      • Generating a consolidated log file

                                                                                                                                      • Uploading the file to a user provided network location such as HTTPS, SCP, FTP server

                                                                                                                                      TAC engineers author DS files and digitally sign it for integrity protection. Each DS file has the unique numerical ID assigned by the system. Diagnostic Signatures Lookup Tool (DSLT) is a single source to find applicable signatures for monitoring and troubleshooting various problems.

                                                                                                                                      Before you begin:

                                                                                                                                      • Do not edit the DS file that you download from DSLT. The files that you modify fail installation due to the integrity check error.

                                                                                                                                      • A Simple Mail Transfer Protocol (SMTP) server you require for the Local Gateway to send out email notifications.

                                                                                                                                      • Ensure that the Local Gateway is running IOS XE 17.6.1 or higher if you wish to use the secure SMTP server for email notifications.

                                                                                                                                      Prerequisites

                                                                                                                                      Local Gateway running IOS XE 17.6.1 or higher

                                                                                                                                      1. Diagnostic Signatures is enabled by default.

                                                                                                                                      2. Configure the secure email server that you use to send proactive notification if the device is running IOS XE 17.6.1 or higher.

                                                                                                                                        
                                                                                                                                        configure terminal 
                                                                                                                                        call-home  
                                                                                                                                        mail-server <username>:<pwd>@<email server> priority 1 secure tls 
                                                                                                                                        end 

                                                                                                                                      3. Configure the environment variable ds_email with the email address of the administrator to you notify.

                                                                                                                                        
                                                                                                                                        configure terminal 
                                                                                                                                        call-home  
                                                                                                                                        diagnostic-signature 
                                                                                                                                        LocalGateway(cfg-call-home-diag-sign)environment ds_email <email address> 
                                                                                                                                        end 

                                                                                                                                      Install diagnostic signatures for proactive monitoring

                                                                                                                                      Monitoring high CPU utilization

                                                                                                                                      This DS tracks 5-seconds CPU utilization using the SNMP OID 1.3.6.1.4.1.9.2.1.56. When the utilization reaches 75% or more, it disables all debugs and uninstalls all diagnostic signatures that you install in the Local Gateway. Use these steps below to install the signature.

                                                                                                                                      1. Ensure that you enabled SNMP using the command show snmp. If SNMP is not enabled, then configure the snmp-server manager command.

                                                                                                                                        
                                                                                                                                        show snmp 
                                                                                                                                        %SNMP agent not enabled  
                                                                                                                                        
                                                                                                                                        config t 
                                                                                                                                        snmp-server manager 
                                                                                                                                        end  
                                                                                                                                        
                                                                                                                                        show snmp 
                                                                                                                                        Chassis: ABCDEFGHIGK 
                                                                                                                                        149655 SNMP packets input 
                                                                                                                                            0 Bad SNMP version errors 
                                                                                                                                            1 Unknown community name 
                                                                                                                                            0 Illegal operation for community name supplied 
                                                                                                                                            0 Encoding errors 
                                                                                                                                            37763 Number of requested variables 
                                                                                                                                            2 Number of altered variables 
                                                                                                                                            34560 Get-request PDUs 
                                                                                                                                            138 Get-next PDUs 
                                                                                                                                            2 Set-request PDUs 
                                                                                                                                            0 Input queue packet drops (Maximum queue size 1000) 
                                                                                                                                        158277 SNMP packets output 
                                                                                                                                            0 Too big errors (Maximum packet size 1500) 
                                                                                                                                            20 No such name errors 
                                                                                                                                            0 Bad values errors 
                                                                                                                                            0 General errors 
                                                                                                                                            7998 Response PDUs 
                                                                                                                                            10280 Trap PDUs 
                                                                                                                                        Packets currently in SNMP process input queue: 0 
                                                                                                                                        SNMP global trap: enabled 
                                                                                                                                        
                                                                                                                                      2. Download DS 64224 using the following drop-down options in Diagnostic Signatures Lookup Tool:

                                                                                                                                        copy ftp://username:password@<server name or ip>/DS_64224.xml bootflash:

                                                                                                                                        Field Name

                                                                                                                                        Field Value

                                                                                                                                        Platform

                                                                                                                                        Cisco 4300, 4400 ISR Series, or Catalyst 8000V Edge Software

                                                                                                                                        Product

                                                                                                                                        CUBE Enterprise in Webex Calling solution

                                                                                                                                        Problem Scope

                                                                                                                                        Performance

                                                                                                                                        Problem Type

                                                                                                                                        High CPU Utilization with Email Notification

                                                                                                                                      3. Copy the DS XML file to the Local Gateway flash.

                                                                                                                                        copy ftp://username:password@<server name or ip>/DS_64224.xml bootflash:

                                                                                                                                        The following example shows copying the file from an FTP server to the Local Gateway.

                                                                                                                                        copy ftp://user:pwd@192.0.2.12/DS_64224.xml bootflash: 
                                                                                                                                        Accessing ftp://*:*@ 192.0.2.12/DS_64224.xml...! 
                                                                                                                                        [OK - 3571/4096 bytes] 
                                                                                                                                        3571 bytes copied in 0.064 secs (55797 bytes/sec) 
                                                                                                                                        
                                                                                                                                      4. Install the DS XML file in the Local Gateway.

                                                                                                                                        
                                                                                                                                        call-home diagnostic-signature load DS_64224.xml 
                                                                                                                                        Load file DS_64224.xml success  
                                                                                                                                      5. Use the show call-home diagnostic-signature command to verify that the signature is successfully installed. The status column must have a “registered” value.

                                                                                                                                        
                                                                                                                                        show call-home diagnostic-signature  
                                                                                                                                        Current diagnostic-signature settings: 
                                                                                                                                         Diagnostic-signature: enabled 
                                                                                                                                         Profile: CiscoTAC-1 (status: ACTIVE) 
                                                                                                                                         Downloading  URL(s):  https://tools.cisco.com/its/service/oddce/services/DDCEService 
                                                                                                                                         Environment variable: 
                                                                                                                                                   ds_email: username@gmail.com 

                                                                                                                                        Download DSes:

                                                                                                                                        DS ID

                                                                                                                                        DS Name

                                                                                                                                        Revision

                                                                                                                                        Status

                                                                                                                                        Last Update (GMT+00:00)

                                                                                                                                        64224

                                                                                                                                        DS_LGW_CPU_MON75

                                                                                                                                        0.0.10

                                                                                                                                        Registered

                                                                                                                                        2020-11-07 22:05:33

                                                                                                                                        When triggered, this signature uninstalls all running DSs including itself. If necessary, please reinstall DS 64224 to continue monitoring high CPU utilization on the Local Gateway.

                                                                                                                                      Monitoring abnormal call disconnects

                                                                                                                                      This DS uses SNMP polling every 10 minutes to detect abnormal call disconnect with SIP errors 403, 488 and 503.  If the error count increment is greater than or equal to 5 from the last poll, it generates a syslog and email notification. Please use the steps below to install the signature.

                                                                                                                                      1. Ensure that SNMP is enabled using the command show snmp. If SNMP is not enabled, configure the snmp-server manager command.

                                                                                                                                        show snmp 
                                                                                                                                        %SNMP agent not enabled  
                                                                                                                                        
                                                                                                                                        config t 
                                                                                                                                        snmp-server manager 
                                                                                                                                        end  
                                                                                                                                        
                                                                                                                                        show snmp 
                                                                                                                                        Chassis: ABCDEFGHIGK 
                                                                                                                                        149655 SNMP packets input 
                                                                                                                                            0 Bad SNMP version errors 
                                                                                                                                            1 Unknown community name 
                                                                                                                                            0 Illegal operation for community name supplied 
                                                                                                                                            0 Encoding errors 
                                                                                                                                            37763 Number of requested variables 
                                                                                                                                            2 Number of altered variables 
                                                                                                                                            34560 Get-request PDUs 
                                                                                                                                            138 Get-next PDUs 
                                                                                                                                            2 Set-request PDUs 
                                                                                                                                            0 Input queue packet drops (Maximum queue size 1000) 
                                                                                                                                        158277 SNMP packets output 
                                                                                                                                            0 Too big errors (Maximum packet size 1500) 
                                                                                                                                            20 No such name errors 
                                                                                                                                            0 Bad values errors 
                                                                                                                                            0 General errors 
                                                                                                                                            7998 Response PDUs 
                                                                                                                                            10280 Trap PDUs 
                                                                                                                                        Packets currently in SNMP process input queue: 0 
                                                                                                                                        SNMP global trap: enabled 
                                                                                                                                      2. Download DS 65221 using the following options in Diagnostic Signatures Lookup Tool:

                                                                                                                                        Field Name

                                                                                                                                        Field Value

                                                                                                                                        Platform

                                                                                                                                        Cisco 4300, 4400 ISR Series, or Catalyst 8000V Edge Software

                                                                                                                                        Product

                                                                                                                                        CUBE Enterprise in Webex Calling Solution

                                                                                                                                        Problem Scope

                                                                                                                                        Performance

                                                                                                                                        Problem Type

                                                                                                                                        SIP abnormal call disconnect detection with Email and Syslog Notification.

                                                                                                                                      3. Copy the DS XML file to the Local Gateway.

                                                                                                                                        copy ftp://username:password@<server name or ip>/DS_65221.xml bootflash:
                                                                                                                                      4. Install the DS XML file in the Local Gateway.

                                                                                                                                        
                                                                                                                                        call-home diagnostic-signature load DS_65221.xml 
                                                                                                                                        Load file DS_65221.xml success 
                                                                                                                                      5. Use the command show call-home diagnostic-signature to verify that the signature is successfully installed. The status column should have a “registered” value.

                                                                                                                                      Install diagnostic signatures to troubleshoot a problem

                                                                                                                                      You can also use Diagnostic Signatures (DS) to resolve issues quickly. Cisco TAC engineers have authored several signatures that enable the necessary debugs that are required to troubleshoot a given problem, detect the problem occurrence, collect the right set of diagnostic data and transfer the data automatically to the Cisco TAC case. This eliminates the need to manually check for the problem occurrence and makes troubleshooting of intermittent and transient issues a lot easier.

                                                                                                                                      You can use the Diagnostic Signatures Lookup Tool to find the applicable signatures and install them to selfsolve a given issue or you can install the signature that is recommended by the TAC engineer as part of the support engagement.

                                                                                                                                      Here is an example of how to find and install a DS to detect the occurrence “%VOICE_IEC-3-GW: CCAPI: Internal Error (call spike threshold): IEC=1.1.181.1.29.0" syslog and automate diagnostic data collection using the following steps:

                                                                                                                                      1. Configure another DS environment variable ds_fsurl_prefix as the Cisco TAC file server path (cxd.cisco.com) to upload the diagnostics data. The username in the file path is the case number and the password is the file upload token which can be retrieved from Support Case Manager as shown in the following. The file upload token can be generated in the Attachments section of the Support Case Manager, as required.

                                                                                                                                        
                                                                                                                                        configure terminal 
                                                                                                                                        call-home  
                                                                                                                                        diagnostic-signature 
                                                                                                                                        LocalGateway(cfg-call-home-diag-sign)environment ds_fsurl_prefix "scp://<case number>:<file upload token>@cxd.cisco.com"  
                                                                                                                                        end 

                                                                                                                                        Example:

                                                                                                                                        
                                                                                                                                        call-home  
                                                                                                                                        diagnostic-signature 
                                                                                                                                        environment ds_fsurl_prefix " environment ds_fsurl_prefix "scp://612345678:abcdefghijklmnop@cxd.cisco.com"  
                                                                                                                                      2. Ensure that SNMP is enabled using the command show snmp. If SNMP not enabled, configure the snmp-server manager command.

                                                                                                                                        
                                                                                                                                        show snmp 
                                                                                                                                        %SNMP agent not enabled 
                                                                                                                                         
                                                                                                                                        config t 
                                                                                                                                        snmp-server manager 
                                                                                                                                        end 
                                                                                                                                      3. We recommend installing the High CPU monitoring DS 64224 as a proactive measure to disable all debugs and diagnostics signatures during the time of high CPU utilization. Download DS 64224 using the following options in Diagnostic Signatures Lookup Tool:

                                                                                                                                        Field Name

                                                                                                                                        Field Value

                                                                                                                                        Platform

                                                                                                                                        Cisco 4300, 4400 ISR Series, or Catalyst 8000V Edge Software

                                                                                                                                        Product

                                                                                                                                        CUBE Enterprise in Webex Calling Solution

                                                                                                                                        Problem Scope

                                                                                                                                        Performance

                                                                                                                                        Problem Type

                                                                                                                                        High CPU Utilization with Email Notification.

                                                                                                                                      4. Download DS 65095 using the following options in Diagnostic Signatures Lookup Tool:

                                                                                                                                        Field Name

                                                                                                                                        Field Value

                                                                                                                                        Platform

                                                                                                                                        Cisco 4300, 4400 ISR Series, or Catalyst 8000V Edge Software

                                                                                                                                        Product

                                                                                                                                        CUBE Enterprise in Webex Calling Solution

                                                                                                                                        Problem Scope

                                                                                                                                        Syslogs

                                                                                                                                        Problem Type

                                                                                                                                        Syslog - %VOICE_IEC-3-GW: CCAPI: Internal Error (Call spike threshold): IEC=1.1.181.1.29.0

                                                                                                                                      5. Copy the DS XML files to the Local Gateway.

                                                                                                                                        
                                                                                                                                        copy ftp://username:password@<server name or ip>/DS_64224.xml bootflash: 
                                                                                                                                        copy ftp://username:password@<server name or ip>/DS_65095.xml bootflash: 
                                                                                                                                      6. Install the high CPU monitoring DS 64224 and then DS 65095 XML file in the Local Gateway.

                                                                                                                                        
                                                                                                                                        call-home diagnostic-signature load DS_64224.xml 
                                                                                                                                        Load file DS_64224.xml success 
                                                                                                                                        call-home diagnostic-signature load DS_65095.xml 
                                                                                                                                        Load file DS_65095.xml success 
                                                                                                                                        
                                                                                                                                      7. Verify that the signature is successfully installed using show call-home diagnostic-signature. The status column should have a “registered” value.

                                                                                                                                        
                                                                                                                                        show call-home diagnostic-signature  
                                                                                                                                        Current diagnostic-signature settings: 
                                                                                                                                         Diagnostic-signature: enabled 
                                                                                                                                         Profile: CiscoTAC-1 (status: ACTIVE) 
                                                                                                                                         Downloading  URL(s):  https://tools.cisco.com/its/service/oddce/services/DDCEService 
                                                                                                                                         Environment variable: 
                                                                                                                                                   ds_email: username@gmail.com 
                                                                                                                                                   ds_fsurl_prefix: scp://612345678:abcdefghijklmnop@cxd.cisco.com 

                                                                                                                                        Downloaded DSes:

                                                                                                                                        DS ID

                                                                                                                                        DS Name

                                                                                                                                        Revision

                                                                                                                                        Status

                                                                                                                                        Last Update (GMT+00:00)

                                                                                                                                        64224

                                                                                                                                        00:07:45

                                                                                                                                        DS_LGW_CPU_MON75

                                                                                                                                        0.0.10

                                                                                                                                        Registered

                                                                                                                                        2020-11-08:00:07:45

                                                                                                                                        65095

                                                                                                                                        00:12:53

                                                                                                                                        DS_LGW_IEC_Call_spike_threshold

                                                                                                                                        0.0.12

                                                                                                                                        Registered

                                                                                                                                        2020-11-08:00:12:53

                                                                                                                                      Verify diagnostic signatures execution

                                                                                                                                      In the following command, the “Status” column of the command show call-home diagnostic-signature changes to “running” while the Local Gateway executes the action defined within the signature. The output of show call-home diagnostic-signature statistics is the best way to verify whether a diagnostic signature detects an event of interest and executed the action. The “Triggered/Max/Deinstall” column indicates the number of times the given signature has triggered an event, the maximum number of times it is defined to detect an event and whether the signature deinstalls itself after detecting the maximum number of triggered events.

                                                                                                                                      show call-home diagnostic-signature  
                                                                                                                                      Current diagnostic-signature settings: 
                                                                                                                                       Diagnostic-signature: enabled 
                                                                                                                                       Profile: CiscoTAC-1 (status: ACTIVE) 
                                                                                                                                       Downloading  URL(s):  https://tools.cisco.com/its/service/oddce/services/DDCEService 
                                                                                                                                       Environment variable: 
                                                                                                                                                 ds_email: carunach@cisco.com 
                                                                                                                                                 ds_fsurl_prefix: scp://612345678:abcdefghijklmnop@cxd.cisco.com 

                                                                                                                                      Downloaded DSes:

                                                                                                                                      DS ID

                                                                                                                                      DS Name

                                                                                                                                      Revision

                                                                                                                                      Status

                                                                                                                                      Last Update (GMT+00:00)

                                                                                                                                      64224

                                                                                                                                      DS_LGW_CPU_MON75

                                                                                                                                      0.0.10

                                                                                                                                      Registered

                                                                                                                                      2020-11-08 00:07:45

                                                                                                                                      65095

                                                                                                                                      DS_LGW_IEC_Call_spike_threshold

                                                                                                                                      0.0.12

                                                                                                                                      Running

                                                                                                                                      2020-11-08 00:12:53

                                                                                                                                      show call-home diagnostic-signature statistics

                                                                                                                                      DS ID

                                                                                                                                      DS Name

                                                                                                                                      Triggered/Max/Deinstall

                                                                                                                                      Average Run Time (seconds)

                                                                                                                                      Max Run Time (seconds)

                                                                                                                                      64224

                                                                                                                                      DS_LGW_CPU_MON75

                                                                                                                                      0/0/N

                                                                                                                                      0.000

                                                                                                                                      0.000

                                                                                                                                      65095

                                                                                                                                      DS_LGW_IEC_Call_spike_threshold

                                                                                                                                      1/20/Y

                                                                                                                                      23.053

                                                                                                                                      23.053

                                                                                                                                      The notification email that is sent during Diagnostic Signature execution contains key information such as issue type, device details, software version, running configuration and show command outputs that are relevant to troubleshoot the given problem.

                                                                                                                                      Uninstall diagnostic signatures

                                                                                                                                      Use the diagnostic signatures for troubleshooting purposes are typically defined to uninstall after detection of some problem occurrences. If you wish to uninstall a signature manually, retrieve the DS ID from the output of show call-home diagnostic-signature and run the following command:

                                                                                                                                      call-home diagnostic-signature deinstall <DS ID> 

                                                                                                                                      Example:

                                                                                                                                      call-home diagnostic-signature deinstall 64224 
                                                                                                                                      

                                                                                                                                      New signatures are added to the Diagnostics Signatures Lookup Tool periodically, based on issues that are observed in deployments. TAC currently doesn’t support requests to create new custom signatures.

                                                                                                                                      Implement CUBE high availability as Local Gateway

                                                                                                                                      Fundamentals

                                                                                                                                      Prerequisites

                                                                                                                                      Before you deploy CUBE HA as a local gateway for Webex Calling, make sure you have an in-depth understanding of the following concepts:

                                                                                                                                      The configuration guidelines provided in this article assume a dedicated local gateway platform with no existing voice configuration. If an existing CUBE enterprise deployment is being modified to also utilize the local gateway function for Cisco Webex Calling, pay close attention to the configuration applied to ensure existing call flows and functionalities are not interrupted and make sure you're adhering to CUBE HA design requirements.

                                                                                                                                      Hardware and Software Components

                                                                                                                                      CUBE HA as local gateway requires IOS-XE version 16.12.2 or later and a platform on which both CUBE HA and LGW functions are supported.

                                                                                                                                      The show commands and logs in this article are based on minimum software release of Cisco IOS-XE 16.12.2 implemented on a vCUBE (CSR1000v).

                                                                                                                                      Reference Material

                                                                                                                                      Here are some detailed CUBE HA configuration guides for various platforms:

                                                                                                                                      Webex Calling Solution Overview

                                                                                                                                      Cisco Webex Calling is a collaboration offering that provides a multi-tenant cloud-based alternative to on-premise PBX phone service with multiple PSTN options for customers.

                                                                                                                                      The Local Gateway deployment (represented below) is the focus of this article. Local gateway (Premises-based PSTN) trunk in Webex Calling allows connectivity to a customer-owned PSTN service. It also provides connectivity to an on-premises IP PBX deployment such as Cisco Unified CM. All communication to and from the cloud is secured using TLS transport for SIP and SRTP for media.

                                                                                                                                      The figure below displays a Webex Calling deployment without any existing IP PBX and is applicable to a single or a multi-site deployment. Configuration outlined in this article is based on this deployment.

                                                                                                                                      Layer 2 Box-to-Box Redundancy

                                                                                                                                      CUBE HA layer 2 box-to-box redundancy uses the Redundancy Group (RG) infrastructure protocol to form an active/standby pair of routers. This pair share the same virtual IP address (VIP) across their respective interfaces and continually exchange status messages. CUBE session information is check-pointed across the pair of routers enabling the standby router to take all CUBE call processing responsibilities over immediately if the active router goes out of service, resulting in stateful preservation of signaling and media.

                                                                                                                                      Check pointing is limited to connected calls with media packets. Calls in transit are not check pointed (for example, a trying or ringing state).

                                                                                                                                      In this article, CUBE HA will refer to CUBE High Availability (HA) Layer 2 Box-to-box (B2B) redundancy for stateful call preservation

                                                                                                                                      As of IOS-XE 16.12.2, CUBE HA can be deployed as a Local Gateway for Cisco Webex Calling trunk (Premises-based PSTN) deployments and we’ll cover design considerations and configurations in this article. This figure displays a typical CUBE HA setup as Local Gateway for a Cisco Webex Calling trunk deployment.

                                                                                                                                      Redundancy Group Infra Component

                                                                                                                                      The Redundancy Group (RG) Infra component provides the box-to-box communication infrastructure support between the two CUBEs and negotiates the final stable redundancy state. This component also provides:

                                                                                                                                      • An HSRP-like protocol that negotiates the final redundancy state for each router by exchanging keepalive and hello messages between the two CUBEs (via the control interface)—GigabitEthernet3 in the figure above.

                                                                                                                                      • A transport mechanism for checkpointing the signaling and media state for each call from the active to the standby router (via the data interface)—GigabitEthernet3 in the figure above.

                                                                                                                                      • Configuration and management of the Virtual IP (VIP) interface for the traffic interfaces (multiple traffic interfaces can be configured using the same RG group) – GigabitEthernet 1 and 2 are considered traffic interfaces.

                                                                                                                                      This RG component has to be specifically configured to support voice B2B HA.

                                                                                                                                      Virtual IP (VIP) Address Management for Both Signaling and Media

                                                                                                                                      B2B HA relies on VIP to achieve redundancy. The VIP and associated physical interfaces on both CUBEs in the CUBE HA pair must reside on the same LAN subnet. Configuration of the VIP and binding of the VIP interface to a particular voice application (SIP) are mandatory for voice B2B HA support. External devices such as Unified CM, Webex Calling access SBC, service provider, or proxy, use VIP as the destination IP address for the calls traversing through the CUBE HA routers. Hence, from a Webex Calling point of view, the CUBE HA pairs acts as a single local gateway.

                                                                                                                                      The call signaling and RTP session information of established calls are checkpointed from the active router to the standby router. When the Active router goes down, the Standby router takes over, and continues to forward the RTP stream that was previously routed by the first router.

                                                                                                                                      Calls in a transient state at the time of failover will not be preserved post-switchover. For example, calls that aren't fully established yet or are in the process of being modified with a transfer or hold function. Established calls may be disconnected post-switchover.

                                                                                                                                      The following requirements exist for using CUBE HA as a local gateway for stateful failover of calls:

                                                                                                                                      • CUBE HA cannot have TDM or analog interfaces co-located

                                                                                                                                      • Gig1 and Gig2 are referred to as traffic (SIP/RTP) interfaces and Gig3 is Redundancy Group (RG) Control/data interface

                                                                                                                                      • No more than 2 CUBE HA pairs can be placed in the same layer 2 domain, one with group id 1 and the other with group id 2. If configuring 2 HA pairs with the same group id, RG Control/Data interfaces needs to belong to different layer 2 domains (vlan, separate switch)

                                                                                                                                      • Port channel is supported for both RG Control/data and traffic interfaces

                                                                                                                                      • All signaling/media is sourced from/to the Virtual IP Address

                                                                                                                                      • Anytime a platform is reloaded in a CUBE-HA relationship, it always boots up as Standby

                                                                                                                                      • Lower address for all the interfaces (Gig1, Gig2, Gig3) should be on the same platform

                                                                                                                                      • Redundancy Interface Identifier, rii should be unique to a pair/interface combination on the same Layer 2

                                                                                                                                      • Configuration on both the CUBEs must be identical including physical configuration and must be running on the same type of platform and IOS-XE version

                                                                                                                                      • Loopback interfaces cannot be used as bind as they are always up

                                                                                                                                      • Multiple traffic (SIP/RTP) interfaces (Gig1, Gig2) require interface tracking to be configured

                                                                                                                                      • CUBE-HA is not supported over a crossover cable connection for the RG-control/data link (Gig3)

                                                                                                                                      • Both platforms must be identical and be connected via a physical Switch across all likewise interfaces for CUBE HA to work, i.e. GE0/0/0 of CUBE-1 and CUBE-2 must terminate on the same switch and so on.

                                                                                                                                      • Cannot have WAN terminated on CUBEs directly or Data HA on either side

                                                                                                                                      • Both Active/Standby must be in the same data center

                                                                                                                                      • It is mandatory to use separate L3 interface for redundancy (RG Control/data, Gig3). i.e interface used for traffic cannot be used for HA keepalives and checkpointing

                                                                                                                                      • Upon failover, the previously active CUBE goes through a reload by design, preserving signaling and media

                                                                                                                                      Configure Redundancy on Both CUBEs

                                                                                                                                      You must configure layer 2 box-to-box redundancy on both CUBEs intended to be used in an HA pair to bring up virtual IPs.

                                                                                                                                      1

                                                                                                                                      Configure interface tracking at a global level to track the status of the interface.

                                                                                                                                      conf t
                                                                                                                                       track 1 interface GigabitEthernet1 line-protocol
                                                                                                                                       track 2 interface GigabitEthernet2 line-protocol
                                                                                                                                       exit
                                                                                                                                      

                                                                                                                                      VCUBE-1#conf t

                                                                                                                                      VCUBE-1(config)#track 1 interface GigabitEthernet1 line-protocol

                                                                                                                                      VCUBE-1(config-track)#track 2 interface GigabitEthernet2 line-protocol

                                                                                                                                      VCUBE-1(config-track)#exit

                                                                                                                                      VCUBE-2#conf t

                                                                                                                                      VCUBE-2(config)#track 1 interface GigabitEthernet1 line-protocol

                                                                                                                                      VCUBE-2(config-track)#track 2 interface GigabitEthernet2 line-protocol

                                                                                                                                      VCUBE-2(config-track)#exit

                                                                                                                                      Track CLI is used in RG to track the voice traffic interface state so that the active route will quite its active role after the traffic interface is down.

                                                                                                                                      2

                                                                                                                                      Configure an RG for use with VoIP HA under the application redundancy sub-mode.

                                                                                                                                      redundancy
                                                                                                                                        application redundancy
                                                                                                                                         group 1
                                                                                                                                          name LocalGateway-HA
                                                                                                                                          priority 100 failover threshold 75
                                                                                                                                          control GigabitEthernet3 protocol 1
                                                                                                                                          data GigabitEthernet3
                                                                                                                                          timers delay 30 reload 60
                                                                                                                                          track 1 shutdown
                                                                                                                                          track 2 shutdown
                                                                                                                                          exit
                                                                                                                                         protocol 1
                                                                                                                                          timers hellotime 3 holdtime 10
                                                                                                                                         exit
                                                                                                                                        exit
                                                                                                                                       exit
                                                                                                                                      

                                                                                                                                      VCUBE-1(config)#redundancy

                                                                                                                                      VCUBE-1(config-red)#application redundancy

                                                                                                                                      VCUBE-1(config-red-app)#group 1

                                                                                                                                      VCUBE-1(config-red-app-grp)#name LocalGateway-HA

                                                                                                                                      VCUBE-1(config-red-app-grp)#priority 100 failover threshold 75

                                                                                                                                      VCUBE-1(config-red-app-grp)#control GigabitEthernet3 protocol 1

                                                                                                                                      VCUBE-1(config-red-app-grp)#data GigabitEthernet3

                                                                                                                                      VCUBE-1(config-red-app-grp)#timers delay 30 reload 60

                                                                                                                                      VCUBE-1(config-red-app-grp)#track 1 shutdown

                                                                                                                                      VCUBE-1(config-red-app-grp)#track 2 shutdown

                                                                                                                                      VCUBE-1(config-red-app-grp)#exit

                                                                                                                                      VCUBE-1(config-red-app)#protocol 1

                                                                                                                                      VCUBE-1(config-red-app-prtcl)#timers hellotime 3 holdtime 10

                                                                                                                                      VCUBE-1(config-red-app-prtcl)#exit

                                                                                                                                      VCUBE-1(config-red-app)#exit

                                                                                                                                      VCUBE-1(config-red)#exit

                                                                                                                                      VCUBE-1(config)#

                                                                                                                                      VCUBE-2(config)#redundancy

                                                                                                                                      VCUBE-2(config-red)#application redundancy

                                                                                                                                      VCUBE-2(config-red-app)#group 1

                                                                                                                                      VCUBE-2(config-red-app-grp)#name LocalGateway-HA

                                                                                                                                      VCUBE-2(config-red-app-grp)#priority 100 failover threshold 75

                                                                                                                                      VCUBE-2(config-red-app-grp)#control GigabitEthernet3 protocol 1

                                                                                                                                      VCUBE-1(config-red-app-grp)#data GigabitEthernet3

                                                                                                                                      VCUBE-2(config-red-app-grp)#timers delay 30 reload 60

                                                                                                                                      VCUBE-2(config-red-app-grp)#track 1 shutdown

                                                                                                                                      VCUBE-2(config-red-app-grp)#track 2 shutdown

                                                                                                                                      VCUBE-2(config-red-app-grp)#exit

                                                                                                                                      VCUBE-2(config-red-app)#protocol 1

                                                                                                                                      VCUBE-2(config-red-app-prtcl)#timers hellotime 3 holdtime 10

                                                                                                                                      VCUBE-2(config-red-app-prtcl)#exit

                                                                                                                                      VCUBE-2(config-red-app)#exit

                                                                                                                                      VCUBE-2(config-red)#exit

                                                                                                                                      VCUBE-2(config)#

                                                                                                                                      Here's an explanation of the fields used in this configuration:

                                                                                                                                      • redundancy—Enters redundancy mode

                                                                                                                                      • application redundancy—Enters application redundancy configuration mode

                                                                                                                                      • group—Enters redundancy application group configuration mode

                                                                                                                                      • name LocalGateway-HA—Defines the name of the RG group

                                                                                                                                      • priority 100 failover threshold 75—Specifies the initial priority and failover thresholds for an RG

                                                                                                                                      • timers delay 30 reload 60—Configures the two times for delay and reload

                                                                                                                                        • Delay timer which is the amount of time to delay RG group’s initialization and role negotiation after the interface comes up – Default 30 seconds. Range is 0-10000 seconds

                                                                                                                                        • Reload—This is the amount of time to delay RG group initialization and role-negotiation after a reload – Default 60 seconds. Range is 0-10000 seconds

                                                                                                                                        • Default timers are recommended, though these timers may be adjusted to accommodate any additional network convergence delay that may occur during bootup/reload of the routers, in order to guarantee that the RG protocol negotiation takes place after routing in the network has converged to a stable point. For example, if it is seen after failover that it takes up to 20 sec for the new STANDBY to see the first RG HELLO packet from the new ACTIVE, then the timers should be adjusted to ‘timers delay 60 reload 120’ to factor in this delay.

                                                                                                                                      • control GigabitEthernet3 protocol 1—Configures the interface used to exchange keepalive and hello messages between the two CUBEs, and specifies the protocol instance that will be attached to a control interface and enters redundancy application protocol configuration mode

                                                                                                                                      • data GigabitEthernet3—Configures the interface used for checkpointing of data traffic

                                                                                                                                      • track—RG group tracking of interfaces

                                                                                                                                      • protocol 1—Specifies the protocol instance that will be attached to a control interface and enters redundancy application protocol configuration mode

                                                                                                                                      • timers hellotime 3 holdtime 10—Configures the two timers for hellotime and holdtime:

                                                                                                                                        • Hellotime— Interval between successive hello messages – Default 3 seconds. Range is 250 milliseconds-254 seconds

                                                                                                                                        • Holdtime—The interval between the receipt of a Hello message and the presumption that the sending router has failed. This duration has to be greater than the hello-time – Default 10 seconds. Range is 750 milliseconds-255 seconds

                                                                                                                                          We recommend that you configure the holdtime timer to be at least 3 times the value of the hellotime timer.

                                                                                                                                      3

                                                                                                                                      Enable box-to-box redundancy for the CUBE application. Configure the RG from the previous step under voice service voip. This enables the CUBE application to control the redundancy process.

                                                                                                                                      voice service voip
                                                                                                                                         redundancy-group 1
                                                                                                                                         exit

                                                                                                                                      VCUBE-1(config)#voice service voip

                                                                                                                                      VCUBE-1(config-voi-serv)#redundancy-group 1

                                                                                                                                      
                                                                                                                                                              % Created RG 1 association with Voice B2B HA; reload the router for the new configuration to take effect
                                                                                                                                                            

                                                                                                                                      VCUBE-1(config-voi-serv)# exit

                                                                                                                                      VCUBE-2(config)#voice service voip

                                                                                                                                      VCUBE-2(config-voi-serv)#redundancy-group 1

                                                                                                                                      
                                                                                                                                                              % Created RG 1 association with Voice B2B HA; reload the router for the new configuration to take effect
                                                                                                                                                            

                                                                                                                                      VCUBE-2(config-voi-serv)# exit

                                                                                                                                      redundancy-group 1—Adding and removing this command requires a reload for the updated configuration to take effect. We'll reload the platforms after all the configuration has been applied.

                                                                                                                                      4

                                                                                                                                      Configure the Gig1 and Gig2 interfaces with their respective virtual IPs as shown below and apply the redundancy interface identifier (rii)

                                                                                                                                      VCUBE-1(config)#interface GigabitEthernet1

                                                                                                                                      VCUBE-1(config-if)# redundancy rii 1

                                                                                                                                      VCUBE-1(config-if)# redundancy group 1 ip 198.18.1.228 exclusive

                                                                                                                                      VCUBE-1(config-if)# exit

                                                                                                                                      VCUBE-1(config)#

                                                                                                                                      VCUBE-1(config)#interface GigabitEthernet2

                                                                                                                                      VCUBE-1(config-if)# redundancy rii 2

                                                                                                                                      VCUBE-1(config-if)# redundancy group 1 ip 198.18.133.228 exclusive

                                                                                                                                      VCUBE-1(config-if)# exit

                                                                                                                                      VCUBE-2(config)#interface GigabitEthernet1

                                                                                                                                      VCUBE-2(config-if)# redundancy rii 1

                                                                                                                                      VCUBE-2(config-if)# redundancy group 1 ip 198.18.1.228 exclusive

                                                                                                                                      VCUBE-2(config-if)# exit

                                                                                                                                      VCUBE-2(config)#

                                                                                                                                      VCUBE-2(config)#interface GigabitEthernet2

                                                                                                                                      VCUBE-2(config-if)# redundancy rii 2

                                                                                                                                      VCUBE-2(config-if)# redundancy group 1 ip 198.18.133.228 exclusive

                                                                                                                                      VCUBE-v(config-if)# exit

                                                                                                                                      Here's an explanation of the fields used in this configuration:

                                                                                                                                      • redundancy rii—Configures the redundancy interface identifier for the redundancy group. Required for generating a Virtual MAC (VMAC) address. The same rii ID value must be used on the interface of each router (ACTIVE/STANDBY) that has the same VIP.

                                                                                                                                        If there is more than one B2B pair on the same LAN, each pair MUST have unique rii IDs on their respective interfaces (to prevent collision). ‘show redundancy application group all’ should indicate the correct local and peer information.

                                                                                                                                      • redundancy group 1—Associates the interface with the redundancy group created in Step 2 above. Configure the RG group, as well as the VIP assigned to this physical interface.

                                                                                                                                        It is mandatory to use a separate interface for redundancy, that is, the interface used for voice traffic cannot be used as control and data interface specified in Step 2 above. In this example, Gigabit interface 3 is used for RG control/data

                                                                                                                                      5

                                                                                                                                      Save the configuration of the first CUBE and reload it.

                                                                                                                                      The platform to reload last is always the Standby.

                                                                                                                                      VCUBE-1#wr

                                                                                                                                      
                                                                                                                                                              Building configuration...
                                                                                                                                                            

                                                                                                                                      
                                                                                                                                                              [OK]
                                                                                                                                                            

                                                                                                                                      VCUBE-1#reload

                                                                                                                                      
                                                                                                                                                              Proceed with reload? [confirm]
                                                                                                                                                            

                                                                                                                                      After VCUBE-1 boots up completely, save the configuration of VCUBE-2 and reload it.

                                                                                                                                      VCUBE-2#wr

                                                                                                                                      
                                                                                                                                                              Building configuration...
                                                                                                                                                            

                                                                                                                                      
                                                                                                                                                              [OK]
                                                                                                                                                            

                                                                                                                                      VCUBE-2#reload

                                                                                                                                      
                                                                                                                                                              Proceed with reload? [confirm]
                                                                                                                                                            

                                                                                                                                      6

                                                                                                                                      Verify that the box-to-box configuration is working as expected. Relevant output is highlighted in bold.

                                                                                                                                      We reloaded VCUBE-2 last and as per the design considerations; the platform to reload last will always be Standby.

                                                                                                                                      
                                                                                                                                      VCUBE-1#show redundancy application group all
                                                                                                                                      Faults states Group 1 info:
                                                                                                                                             Runtime priority: [100]
                                                                                                                                                     RG Faults RG State: Up.
                                                                                                                                                             Total # of switchovers due to faults:           0
                                                                                                                                                             Total # of down/up state changes due to faults: 0
                                                                                                                                      Group ID:1
                                                                                                                                      Group Name:LocalGateway-HA
                                                                                                                                        
                                                                                                                                      Administrative State: No Shutdown
                                                                                                                                      Aggregate operational state: Up
                                                                                                                                      My Role: ACTIVE
                                                                                                                                      Peer Role: STANDBY
                                                                                                                                      Peer Presence: Yes
                                                                                                                                      Peer Comm: Yes
                                                                                                                                      Peer Progression Started: Yes
                                                                                                                                      
                                                                                                                                      RF Domain: btob-one
                                                                                                                                               RF state: ACTIVE
                                                                                                                                               Peer RF state: STANDBY HOT
                                                                                                                                      
                                                                                                                                      RG Protocol RG 1
                                                                                                                                      ------------------
                                                                                                                                              Role: Active
                                                                                                                                              Negotiation: Enabled
                                                                                                                                              Priority: 100
                                                                                                                                              Protocol state: Active
                                                                                                                                              Ctrl Intf(s) state: Up
                                                                                                                                              Active Peer: Local
                                                                                                                                              Standby Peer: address 10.1.1.2, priority 100, intf Gi3
                                                                                                                                              Log counters:
                                                                                                                                                      role change to active: 1
                                                                                                                                                      role change to standby: 1
                                                                                                                                                      disable events: rg down state 0, rg shut 0
                                                                                                                                                      ctrl intf events: up 1, down 0, admin_down 0
                                                                                                                                                      reload events: local request 0, peer request 0
                                                                                                                                      
                                                                                                                                      RG Media Context for RG 1
                                                                                                                                      --------------------------
                                                                                                                                              Ctx State: Active
                                                                                                                                              Protocol ID: 1
                                                                                                                                              Media type: Default
                                                                                                                                              Control Interface: GigabitEthernet3
                                                                                                                                              Current Hello timer: 3000
                                                                                                                                              Configured Hello timer: 3000, Hold timer: 10000
                                                                                                                                              Peer Hello timer: 3000, Peer Hold timer: 10000
                                                                                                                                              Stats:
                                                                                                                                                  Pkts 1509, Bytes 93558, HA Seq 0, Seq Number 1509, Pkt Loss 0
                                                                                                                                                  Authentication not configured
                                                                                                                                                  Authentication Failure: 0
                                                                                                                                                  Reload Peer: TX 0, RX 0
                                                                                                                                                  Resign: TX 0, RX 0
                                                                                                                                          Standy Peer: Present. Hold Timer: 10000
                                                                                                                                                  Pkts 61, Bytes 2074, HA Seq 0, Seq Number 69, Pkt Loss 0
                                                                                                                                      
                                                                                                                                      VCUBE-1#
                                                                                                                                      
                                                                                                                                      VCUBE-2#show redundancy application group all
                                                                                                                                      Faults states Group 1 info:
                                                                                                                                             Runtime priority: [100]
                                                                                                                                                     RG Faults RG State: Up.
                                                                                                                                                             Total # of switchovers due to faults:           0
                                                                                                                                                             Total # of down/up state changes due to faults: 0
                                                                                                                                      Group ID:1
                                                                                                                                      Group Name:LocalGateway-HA
                                                                                                                                        
                                                                                                                                      Administrative State: No Shutdown
                                                                                                                                      Aggregate operational state: Up
                                                                                                                                      My Role: STANDBY
                                                                                                                                      Peer Role: ACTIVE
                                                                                                                                      Peer Presence: Yes
                                                                                                                                      Peer Comm: Yes
                                                                                                                                      Peer Progression Started: Yes
                                                                                                                                      
                                                                                                                                      RF Domain: btob-one
                                                                                                                                               RF state: ACTIVE
                                                                                                                                               Peer RF state: STANDBY HOT
                                                                                                                                      
                                                                                                                                      RG Protocol RG 1
                                                                                                                                      ------------------
                                                                                                                                              Role: Active
                                                                                                                                              Negotiation: Enabled
                                                                                                                                              Priority: 100
                                                                                                                                              Protocol state: Active
                                                                                                                                              Ctrl Intf(s) state: Up
                                                                                                                                              Active Peer: address 10.1.1.2, priority 100, intf Gi3
                                                                                                                                              Standby Peer: Local
                                                                                                                                              Log counters:
                                                                                                                                                      role change to active: 1
                                                                                                                                                      role change to standby: 1
                                                                                                                                                      disable events: rg down state 0, rg shut 0
                                                                                                                                                      ctrl intf events: up 1, down 0, admin_down 0
                                                                                                                                                      reload events: local request 0, peer request 0
                                                                                                                                      
                                                                                                                                      RG Media Context for RG 1
                                                                                                                                      --------------------------
                                                                                                                                              Ctx State: Active
                                                                                                                                              Protocol ID: 1
                                                                                                                                              Media type: Default
                                                                                                                                              Control Interface: GigabitEthernet3
                                                                                                                                              Current Hello timer: 3000
                                                                                                                                              Configured Hello timer: 3000, Hold timer: 10000
                                                                                                                                              Peer Hello timer: 3000, Peer Hold timer: 10000
                                                                                                                                              Stats:
                                                                                                                                                  Pkts 1509, Bytes 93558, HA Seq 0, Seq Number 1509, Pkt Loss 0
                                                                                                                                                  Authentication not configured
                                                                                                                                                  Authentication Failure: 0
                                                                                                                                                  Reload Peer: TX 0, RX 0
                                                                                                                                                  Resign: TX 0, RX 0
                                                                                                                                          Standy Peer: Present. Hold Timer: 10000
                                                                                                                                                  Pkts 61, Bytes 2074, HA Seq 0, Seq Number 69, Pkt Loss 0
                                                                                                                                      
                                                                                                                                      VCUBE-2#

                                                                                                                                      Configure a Local Gateway on Both CUBEs

                                                                                                                                      In our example configuration, we’re using the following trunk information from Control Hub to build the Local Gateway configuration on both the platforms, VCUBE-1 and VCUBE-2. The username and password for this setup are as follows:

                                                                                                                                      • Username: Hussain1076_LGU

                                                                                                                                      • Password: lOV12MEaZx

                                                                                                                                      1

                                                                                                                                      Ensure that a configuration key is created for the password, with the commands shown below, before it can be used in the credentials or shared secrets. Type 6 passwords are encrypted using AES cipher and this user-defined configuration key.

                                                                                                                                      
                                                                                                                                      LocalGateway#conf t
                                                                                                                                      LocalGateway(config)#key config-key password-encrypt Password123
                                                                                                                                      LocalGateway(config)#password encryption aes

                                                                                                                                      Here is the Local Gateway configuration that will apply to both platforms based on the Control Hub parameters displayed above, save and reload. SIP Digest credentials from Control Hub are highlighted in bold.

                                                                                                                                      
                                                                                                                                      configure terminal
                                                                                                                                      crypto pki trustpoint dummyTp
                                                                                                                                      revocation-check crl
                                                                                                                                      exit
                                                                                                                                      sip-ua
                                                                                                                                      crypto signaling default trustpoint dummyTp cn-san-validate server
                                                                                                                                      transport tcp tls v1.2
                                                                                                                                      end
                                                                                                                                      
                                                                                                                                      
                                                                                                                                      configure terminal
                                                                                                                                      crypto pki trustpool import clean url
                                                                                                                                      http://www.cisco.com/security/pki/trs/ios_core.p7b
                                                                                                                                      end
                                                                                                                                      
                                                                                                                                      
                                                                                                                                      configure terminal
                                                                                                                                      voice service voip
                                                                                                                                        ip address trusted list
                                                                                                                                          ipv4 x.x.x.x y.y.y.y
                                                                                                                                          exit
                                                                                                                                         allow-connections sip to sip
                                                                                                                                        media statistics
                                                                                                                                        media bulk-stats
                                                                                                                                        no supplementary-service sip refer
                                                                                                                                        no supplementary-service sip handle-replaces
                                                                                                                                        fax protocol pass-through g711ulaw
                                                                                                                                        stun
                                                                                                                                          stun flowdata agent-id 1 boot-count 4
                                                                                                                                          stun flowdata shared-secret 0 Password123!
                                                                                                                                        sip
                                                                                                                                          g729 annexb-all
                                                                                                                                          early-offer forced
                                                                                                                                          end
                                                                                                                                      
                                                                                                                                      
                                                                                                                                      configure terminal
                                                                                                                                      voice class sip-profiles 200
                                                                                                                                        rule 9 request ANY sip-header SIP-Req-URI modify "sips:(.*)"
                                                                                                                                      "sip:\1"
                                                                                                                                        rule 10 request ANY sip-header To modify "<sips:(.*)" "<sip:\1"
                                                                                                                                        rule 11 request ANY sip-header From modify "<sips:(.*)" "<sip:\1"
                                                                                                                                        rule 12 request ANY sip-header Contact modify "<sips:(.*)>"
                                                                                                                                      "<sip:\1;transport=tls>"
                                                                                                                                        rule 13 response ANY sip-header To modify "<sips:(.*)" "<sip:\1"
                                                                                                                                        rule 14 response ANY sip-header From modify "<sips:(.*)" "<sip:\1"
                                                                                                                                        rule 15 response ANY sip-header Contact modify "<sips:(.*)"
                                                                                                                                      "<sip:\1"
                                                                                                                                        rule 20 request ANY sip-header From modify ">"
                                                                                                                                      ";otg=hussain1076_lgu>"
                                                                                                                                        rule 30 request ANY sip-header P-Asserted-Identity modify
                                                                                                                                      "sips:(.*)" "sip:\1"
                                                                                                                                      
                                                                                                                                      
                                                                                                                                      voice class codec 99
                                                                                                                                        codec preference 1 g711ulaw
                                                                                                                                        codec preference 2 g711ulaw
                                                                                                                                        exit
                                                                                                                                      
                                                                                                                                      voice class srtp-crypto 200
                                                                                                                                        crypto 1 AES_CM_128_HMAC_SHA1_80
                                                                                                                                        exit
                                                                                                                                      
                                                                                                                                      voice class stun-usage 200
                                                                                                                                        stun usage firewall-traversal flowdata
                                                                                                                                        exit
                                                                                                                                      
                                                                                                                                      
                                                                                                                                      
                                                                                                                                      
                                                                                                                                      
                                                                                                                                      
                                                                                                                                      voice class tenant 200
                                                                                                                                        registrar dns:40462196.cisco-bcld.com scheme sips expires 240
                                                                                                                                      refresh-ratio 50 tcp tls
                                                                                                                                        credentials number Hussain5091_LGU username Hussain1076_LGU
                                                                                                                                      password 0 lOV12MEaZx realm Broadworks 
                                                                                                                                        authentication username Hussain5091_LGU password 0 lOV12MEaZx
                                                                                                                                      realm BroadWorks
                                                                                                                                      
                                                                                                                                        authentication username Hussain5091_LGU password 0 lOV12MEaZx
                                                                                                                                      realm 40462196.cisco-bcld.com
                                                                                                                                        no remote-party-id
                                                                                                                                        sip-server dns:40462196.cisco-bcld.com
                                                                                                                                        connection-reuse
                                                                                                                                        srtp-crypto 200
                                                                                                                                        session transport tcp tls
                                                                                                                                        url sips
                                                                                                                                        error-passthru
                                                                                                                                        asserted-id pai
                                                                                                                                        bind control source-interface GigabitEthernet1
                                                                                                                                        bind media source-interface GigabitEthernet1
                                                                                                                                        no pass-thru content custom-sdp
                                                                                                                                        sip-profiles 200
                                                                                                                                        outbound-proxy dns:la01.sipconnect-us10.cisco-bcld.com
                                                                                                                                        privacy-policy passthru
                                                                                                                                      
                                                                                                                                      
                                                                                                                                      voice class tenant 100
                                                                                                                                        session transport udp
                                                                                                                                        url sip
                                                                                                                                        error-passthru
                                                                                                                                        bind control source-interface GigabitEthernet2
                                                                                                                                        bind media source-interface GigabitEthernet2
                                                                                                                                        no pass-thru content custom-sdp
                                                                                                                                      
                                                                                                                                      voice class tenant 300
                                                                                                                                        bind control source-interface GigabitEthernet2
                                                                                                                                        bind media source-interface GigabitEthernet2
                                                                                                                                        no pass-thru content custom-sdp
                                                                                                                                        
                                                                                                                                      
                                                                                                                                      voice class uri 100 sip
                                                                                                                                       host ipv4:198.18.133.3
                                                                                                                                      
                                                                                                                                      voice class uri 200 sip
                                                                                                                                       pattern dtg=hussain1076.lgu
                                                                                                                                      
                                                                                                                                      
                                                                                                                                      
                                                                                                                                      dial-peer voice 101 voip
                                                                                                                                       description Outgoing dial-peer to IP PSTN
                                                                                                                                       destination-pattern BAD.BAD
                                                                                                                                       session protocol sipv2
                                                                                                                                       session target ipv4:198.18.133.3
                                                                                                                                       voice-class codec 99
                                                                                                                                       voice-class sip tenant 100
                                                                                                                                       dtmf-relay rtp-nte
                                                                                                                                       no vad
                                                                                                                                      
                                                                                                                                      dial-peer voice 201 voip
                                                                                                                                       description Outgoing dial-peer to Webex Calling
                                                                                                                                       destination-pattern BAD.BAD
                                                                                                                                       session protocol sipv2
                                                                                                                                       session target sip-server
                                                                                                                                       voice-class codec 99
                                                                                                                                       voice-class stun-usage 200
                                                                                                                                       no voice-class sip localhost
                                                                                                                                       voice-class sip tenant 200
                                                                                                                                       dtmf-relay rtp-nte
                                                                                                                                       srtp
                                                                                                                                       no vad
                                                                                                                                      
                                                                                                                                      
                                                                                                                                      voice class dpg 100
                                                                                                                                       description Incoming WebexCalling(DP200) to IP PSTN(DP101)
                                                                                                                                       dial-peer 101 preference 1
                                                                                                                                      
                                                                                                                                      voice class dpg 200
                                                                                                                                       description Incoming IP PSTN(DP100) to Webex Calling(DP201)
                                                                                                                                       dial-peer 201 preference 1
                                                                                                                                      
                                                                                                                                      
                                                                                                                                      
                                                                                                                                      
                                                                                                                                      
                                                                                                                                      dial-peer voice 100 voip
                                                                                                                                       desription Incoming dial-peer from IP PSTN
                                                                                                                                       session protocol sipv2
                                                                                                                                       destination dpg 200
                                                                                                                                       incoming uri via 100
                                                                                                                                       voice-class codec 99
                                                                                                                                       voice-class sip tenant 300
                                                                                                                                       dtmf-relay rtp-nte
                                                                                                                                       no vad
                                                                                                                                      
                                                                                                                                      dial-peer voice 200 voip
                                                                                                                                       description Incoming dial-peer from Webex Calling
                                                                                                                                       session protocol sipv2
                                                                                                                                       destination dpg 100
                                                                                                                                       incoming uri request 200
                                                                                                                                       voice-class codec 99
                                                                                                                                       voice-class stun-usage 200
                                                                                                                                       voice-class sip tenant 200
                                                                                                                                       dtmf-relay rtp-nte
                                                                                                                                       srtp
                                                                                                                                       no vad
                                                                                                                                      
                                                                                                                                      end
                                                                                                                                      
                                                                                                                                      copy run start
                                                                                                                                      

                                                                                                                                      To display the show command output, we've reloaded VCUBE-2 followed by VCUBE-1, making VCUBE-1 the standby CUBE and VCUBE-2 the active CUBE

                                                                                                                                      2

                                                                                                                                      At any given time, only one platform will maintain an active registration as the Local Gateway with the Webex Calling access SBC. Take a look at the output of the following show commands.

                                                                                                                                      show redundancy application group 1

                                                                                                                                      show sip-ua register status

                                                                                                                                      
                                                                                                                                      VCUBE-1#show redundancy application group 1
                                                                                                                                      Group ID:1
                                                                                                                                      Group Name:LocalGateway-HA
                                                                                                                                      
                                                                                                                                      Administrative State: No Shutdown
                                                                                                                                      Aggregate operational state : Up
                                                                                                                                      My Role: Standby
                                                                                                                                      Peer Role: ACTIVE
                                                                                                                                      Peer Presence: Yes
                                                                                                                                      Peer Comm: Yes
                                                                                                                                      Peer Progression Started: Yes
                                                                                                                                      
                                                                                                                                      RF Domain: btob-one
                                                                                                                                               RF state: STANDBY HOT
                                                                                                                                               Peer RF state: ACTIVE
                                                                                                                                      
                                                                                                                                      VCUBE-1#show sip-ua register status
                                                                                                                                      VCUBE-1#

                                                                                                                                      
                                                                                                                                      VCUBE-2#show redundancy application group 1
                                                                                                                                      Group ID:1
                                                                                                                                      Group Name:LocalGateway-HA
                                                                                                                                      
                                                                                                                                      Administrative State: No Shutdown
                                                                                                                                      Aggregate operational state : Up
                                                                                                                                      My Role: ACTIVE
                                                                                                                                      Peer Role: STATUS
                                                                                                                                      Peer Presence: Yes
                                                                                                                                      Peer Comm: Yes
                                                                                                                                      Peer Progression Started: Yes
                                                                                                                                      
                                                                                                                                      RF Domain: btob-one
                                                                                                                                               RF state: ACTIVE
                                                                                                                                               Peer RF state: STANDBY HOT
                                                                                                                                      
                                                                                                                                      VCUBE-2#show sip-ua register status
                                                                                                                                      
                                                                                                                                      Tenant: 200
                                                                                                                                      --------------------Registrar-Index  1 ---------------------
                                                                                                                                      Line                           peer       expires(sec) reg survival P-Associ-URI
                                                                                                                                      ============================== ========== ============ === ======== ============
                                                                                                                                      Hussain5091_LGU                -1          48          yes normal
                                                                                                                                      VCUBE-2#

                                                                                                                                      From the output above, you can see that VCUBE-2 is the active LGW maintaining the registration with Webex Calling access SBC, whereas the output of the “show sip-ua register status” is blank in VCUBE-1

                                                                                                                                      3

                                                                                                                                      Now enable the following debugs on VCUBE-1

                                                                                                                                      
                                                                                                                                      VCUBE-1#debug ccsip non-call
                                                                                                                                      SIP Out-of-Dialog tracing is enabled
                                                                                                                                      VCUBE-1#debug ccsip info
                                                                                                                                      SIP Call info tracing is enabled
                                                                                                                                      VCUBE-1#debug ccsip message

                                                                                                                                      4

                                                                                                                                      Simulate failover by issuing the following command on the active LGW, VCUBE-2 in this case.

                                                                                                                                      
                                                                                                                                      VCUBE-2#redundancy application reload group 1 self

                                                                                                                                      Switchover from the ACTIVE to the STANDBY LGW occurs in the following scenario as well besides the CLI listed above

                                                                                                                                      • When the ACTIVE router reloads

                                                                                                                                      • When the ACTIVE router power cycles

                                                                                                                                      • When any RG configured interface of the ACTIVE router is shutdown for which tracking is enabled

                                                                                                                                      5

                                                                                                                                      Check to see if VCUBE-1 has registered with Webex Calling access SBC. VCUBE-2 would have reloaded by now.

                                                                                                                                      
                                                                                                                                                    VCUBE-1#show sip-ua register status
                                                                                                                                      
                                                                                                                                      Tenant: 200
                                                                                                                                      --------------------Registrar-Index  1 ---------------------
                                                                                                                                      Line                           peer       expires(sec) reg survival P-Associ-URI
                                                                                                                                      ============================== ========== ============ === ======== ============
                                                                                                                                      Hussain5091_LGU                -1          56          yes normal
                                                                                                                                      VCUBE-1#

                                                                                                                                      VCUBE-1 is now the active LGW.

                                                                                                                                      6

                                                                                                                                      Look at the relevant debug log on VCUBE-1 sending a SIP REGISTER to Webex Calling VIA the virtual IP and receiving a 200 OK.

                                                                                                                                      
                                                                                                                                      VCUBE-1#show log
                                                                                                                                      
                                                                                                                                      Jan 9 18:37:24.769: %RG_MEDIA-3-TIMEREXPIRED: RG id 1 Hello Time Expired.
                                                                                                                                      Jan 9 18:37:24.771: %RG_PROTCOL-5-ROLECHANGE: RG id 1 role change from Standby to Active
                                                                                                                                      Jan 9 18:37:24.783: %VOICE_HA-2-SWITCHOVER_IND: SWITCHOVER, from STANDBY_HOT to ACTIVE state.
                                                                                                                                      Jan 9 18:37:24.783: //-1/xxxxxxxxxxxx/SIP/Info/info/4096/sip_ha_notify_active_role_event: Received notify active role event
                                                                                                                                      
                                                                                                                                      Jan 9 18:37:25.758: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
                                                                                                                                      Sent:
                                                                                                                                      REGISTER sip: 40462196.cisco-bcld.com:5061 SIP/2.0
                                                                                                                                      Via: SIP/2.0/TLS 198.18.1.228:5061;branch=z9hG4bK0374
                                                                                                                                      From: <sip:Hussain5091_LGU@40462196.cisco-bcld.com;otg=hussain1076_lgu>;tag=8D573-189
                                                                                                                                      To: <sip:Hussain5091_LGU@40462196.cisco-bcld.com>
                                                                                                                                      Date: Thu, 09 Jan 2020 18:37:24 GMT
                                                                                                                                      Call-ID: FFFFFFFFEA0684EF-324511EA-FFFFFFFF800281CD-FFFFFFFFB5F93B97
                                                                                                                                      User-Agent: Cisco-SIPGateway/IOS-16.12.02
                                                                                                                                      Max-Forwards: 70
                                                                                                                                      Timestamp: 1578595044
                                                                                                                                      CSeq: 2 REGISTER
                                                                                                                                      Contact: <sip:Hussain5091_LGU@198.18.1.228:5061;transport=tls>
                                                                                                                                      Expires: 240
                                                                                                                                      Supported: path
                                                                                                                                      Content-Length: 0
                                                                                                                                      

                                                                                                                                      Jan 9 18:37:25.995: //-1/000000000000/SIP/Msg/ccsipDisplayMsg:
                                                                                                                                      Received:
                                                                                                                                      SIP/2.0 401 Unauthorized
                                                                                                                                      Via: SIP/2.0/TLS 198.18.1.228:5061;received=173.38.218.1;branch=z9hG4bK0374;rport=4742
                                                                                                                                      From: <sip:Hussain5091_LGU@40462196.cisco-bcld.com;otg=hussain1076_lgu>;tag=8D573-189
                                                                                                                                      To: <sip:Hussain5091_LGU@40462196.cisco-bcld.com>;tag=SD1u8bd99-1324701502-1578595045969
                                                                                                                                      Date: Thu, 09 Jan 2020 18:37:24 GMT
                                                                                                                                      Call-ID: FFFFFFFFEA0684EF-324511EA-FFFFFFFF800281CD-FFFFFFFFB5F93B97
                                                                                                                                      Timestamp: 1578595044
                                                                                                                                      CSeq: 2 REGISTER
                                                                                                                                      WWW-Authenticate; DIGEST realm="BroadWorks",qop="auth",nonce="BroadWorksXk572qd01Ti58zliBW",algorithm=MD5
                                                                                                                                      Content-Length: 0
                                                                                                                                      

                                                                                                                                      Jan 9 18:37:26.000: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
                                                                                                                                      Sent:
                                                                                                                                      REGISTER sip:40462196.cisco-bcld.com:5061 SIP/2.0
                                                                                                                                      Via: SIP/2.0/TLS 198.18.1.228:5061;branch=z9hG4bK16DC
                                                                                                                                      From: <sip:Hussain5091_LGU@40462196.cisco-bcld.com;otg=hussain1076_lgu>;tag=8D573-189
                                                                                                                                      To: <sip:Hussain5091_LGU@40462196.cisco-bcld.com>
                                                                                                                                      Date: Thu, 09 Jan 2020 18:37:25 GMT
                                                                                                                                      Call-ID: FFFFFFFFEA0684EF-324511EA-FFFFFFFF800281CD-FFFFFFFFB5F93B97
                                                                                                                                      User-Agent:Cisco-SIPGateway/IOS-16.12.02
                                                                                                                                      Max-Forwards: 70
                                                                                                                                      Timestamp: 1578595045
                                                                                                                                      CSeq: 3 REGISTER
                                                                                                                                      Contact: <sip:Hussain5091_LGU@198.18.1.228:5061;transport=tls>
                                                                                                                                      Expires: 240
                                                                                                                                      Supported: path
                                                                                                                                      Authorization: Digest username="Hussain1076_LGU",realm="BroadWorks",uri="sips:40462196.cisco-bcld.com:5061",response="b6145274056437b9c07f7ecc08ebdb02",nonce="BroadWorksXk572qd01Ti58z1iBW",cnonce="3E0E2C4D",qop=auth,algorithm=MD5,nc=00000001
                                                                                                                                      Content-Length: 0
                                                                                                                                      

                                                                                                                                      Jan 9 18:37:26.190: //1/000000000000/SIP/Msg/ccsipDisplayMsg:
                                                                                                                                      
                                                                                                                                      Received:
                                                                                                                                      SIP/2.0 200 OK
                                                                                                                                      Via: SIP/2.0/TLS 198.18.1.228:5061;received=173.38.218.1;branch=z9hG4bK16DC;rport=4742
                                                                                                                                      From: <sip:Hussain5091_LGU@40462196.cisco-bcld.com;otg=hussain1076_lgu>;tag=8D573-189
                                                                                                                                      To: <sip:Hussain5091_LGU@40462196.cisco-bcld.com>;tag=SD1u8bd99-1897486570-1578595-46184
                                                                                                                                      Call-ID: FFFFFFFFEA0684EF-324511EA-FFFFFFFF800281CD-FFFFFFFFB5F93B97
                                                                                                                                      Timestamp: 1578595045
                                                                                                                                      CSeq: 3 REGISTER
                                                                                                                                      Contact: <sip:Hussain5091_LGU@198.18.1.228:5061;transport=tls>;expires=120;q=0.5
                                                                                                                                      Allow-Events: call-info,line-seize,dialog,message-summary,as-feature-event,x-broadworks-hoteling,x-broadworks-call-center-status,conference
                                                                                                                                      Content-Length: 0
                                                                                                                                      

                                                                                                                                      Configure Unified CM for Webex Calling

                                                                                                                                      Configure SIP Trunk Security Profile for Trunk to Local Gateway

                                                                                                                                      In cases where Local Gateway and PSTN gateway reside on the same device, Unified CM must be enabled to differentiate between two different traffic types (calls from Webex and from the PSTN) that are originating from the same device and apply differentiated class of service to these call types. This differentiated call treatment is achieved by provisioning two trunks between Unified CM and the combined local gateway and PSTN gateway device which requires different SIP listening ports for the two trunks.

                                                                                                                                      Create a dedicated SIP Trunk Security Profile for the Local Gateway trunk with the following settings:

                                                                                                                                      SettingValue
                                                                                                                                      NameUnique Name, such as Webex
                                                                                                                                      DescriptionMeaningful description, such as Webex SIP Trunk Security Profile
                                                                                                                                      Incoming PortNeeds to match port used in local gateway config for traffic to/from Webex: 5065

                                                                                                                                      Configure SIP Profile for the Local Gateway Trunk

                                                                                                                                      Create a dedicated SIP Profile for the Local Gateway trunk with the following settings:

                                                                                                                                      SettingValue
                                                                                                                                      NameUnique Name, such as Webex
                                                                                                                                      DescriptionMeaningful description, such as Webex SIP Profile
                                                                                                                                      Enable OPTIONS Ping to monitor destination status for Trunks with Service Type “None (Default)”Checked

                                                                                                                                      Create a Calling Search Space for Calls From Webex

                                                                                                                                      Create a calling search space for calls originating from Webex with the following settings:

                                                                                                                                      SettingValue
                                                                                                                                      NameUnique Name, such as Webex
                                                                                                                                      DescriptionMeaningful description, such as Webex Calling Search Space
                                                                                                                                      Selected Partitions

                                                                                                                                      DN (+E.164 directory numbers)

                                                                                                                                      ESN (abbreviated inter-site dialling)

                                                                                                                                      PSTNInternational (PSTN access)

                                                                                                                                      onNetRemote (GDPR learned destinations)

                                                                                                                                      The last partition onNetRemote is only used in a multi-cluster environment where routing information is exchanged between Unified CM clusters using Intercluster Lookup Service (ILS) or Global Dialplan Replication (GDPR).

                                                                                                                                      Configure a SIP Trunk To and From Webex

                                                                                                                                      Create a SIP trunk for the calls to and from Webex via the Local Gateway with the following settings:

                                                                                                                                      SettingValue
                                                                                                                                      Device Information
                                                                                                                                      DeviceNameA unique name, such as Webex
                                                                                                                                      DescriptionMeaningful description, such as Webex SIP Trunk
                                                                                                                                      Run On All Active Unified CM NodesChecked
                                                                                                                                      Inbound Calls
                                                                                                                                      Calling Search SpaceThe previously defined calling search space: Webex
                                                                                                                                      AAR Calling Search Space A calling search space with only access to PSTN route patterns: PSTNReroute
                                                                                                                                      SIP Information
                                                                                                                                      Destination AddressIP address of the Local Gateway CUBE
                                                                                                                                      Destination Port5060
                                                                                                                                      SIP Trunk Security ProfilePreviously defined: Webex
                                                                                                                                      SIP ProfilePreviously defined: Webex

                                                                                                                                      Configure Route Group for Webex

                                                                                                                                      Create a route group with the following settings:

                                                                                                                                      SettingValue
                                                                                                                                      Route Group Information
                                                                                                                                      Route Group NameA unique name, such as Webex
                                                                                                                                      Selected DevicesThe previously configured SIP trunk: Webex

                                                                                                                                      Configure Route List for Webex

                                                                                                                                      Create a route list with the following settings:

                                                                                                                                      SettingValue
                                                                                                                                      Route List Information
                                                                                                                                      NameA unique name, such as RL_Webex
                                                                                                                                      DescriptionMeaningful description, such as Route list for Webex
                                                                                                                                      Run On All Active Unified CM NodesChecked
                                                                                                                                      Route List Member Information
                                                                                                                                      Selected GroupsOnly the previously defined route group: Webex

                                                                                                                                      Create a Partition for Webex Destinations

                                                                                                                                      Create a partition for the Webex destinations with the following settings:

                                                                                                                                      SettingValue
                                                                                                                                      Route List Information
                                                                                                                                      NameUnique name, such as Webex
                                                                                                                                      DescriptionMeaningful description, such as Webex Partition

                                                                                                                                      What to do next

                                                                                                                                      Make sure to add this partition to all calling search spaces that should have access to Webex destinations. You must add this partition specifically to the calling search space that is used as the inbound calling search space on PSTN trunks, so that calls from the PSTN to Webex can be routed.

                                                                                                                                      Configure Route Patterns for Webex Destinations

                                                                                                                                      Configure route patterns for each DID range on Webex with the following settings:

                                                                                                                                      SettingValue
                                                                                                                                      Route PatternFull +E.164 pattern for the DID range in Webex with the leading “\”. For example: \+140855501XX
                                                                                                                                      Route PartitionWebex
                                                                                                                                      Gateway/Route ListRL_Webex
                                                                                                                                      Urgent PriorityChecked

                                                                                                                                      Configure Abbreviated Intersite Dialing Normalization for Webex

                                                                                                                                      If abbreviated inter-site dialing is required to Webex, then configure dialing normalization patterns for each ESN range on Webex with the following settings:

                                                                                                                                      SettingValue
                                                                                                                                      Translation PatternESN pattern for the ESN range in Webex. For example: 80121XX
                                                                                                                                      PartitionWebex
                                                                                                                                      DescriptionMeaningful description, such as Webex Normalization Pattern
                                                                                                                                      Use Originator's Calling Search SpaceChecked
                                                                                                                                      Urgent PriorityChecked
                                                                                                                                      Do Not Wait For Interdigit Timeout On Subsequent HopsChecked
                                                                                                                                      Called Party Transformation MaskMask to normalize the number to +E.164. For example: +140855501XX

                                                                                                                                      Set up your Webex Calling features

                                                                                                                                      Set up a hunt group

                                                                                                                                      Hunt groups route incoming calls to a group of users or workspaces. You can even configure a pattern to route to a whole group.

                                                                                                                                      For more information on how to set up a hunt group, see Hunt Groups in Cisco Webex Control Hub.

                                                                                                                                      Create a call queue

                                                                                                                                      You can set up a call queue so that when customers' calls can't be answered, they're provided with an automated answer, comfort messages, and music on hold until someone can answer their call.

                                                                                                                                      For more information on how to set up and manage a call queue, see Manage Call Queues in Cisco Webex Control Hub.

                                                                                                                                      Create a receptionist client

                                                                                                                                      Help support the needs of your front-office personnel. You can set up users as telephone attendants so they can screen incoming calls to certain people within your organization.

                                                                                                                                      For information about how to set up and view your receptionist clients, see Receptionist Clients in Cisco Webex Control Hub.

                                                                                                                                      Create and manage auto attendants

                                                                                                                                      You can add greetings, set up menus, and route calls to an answering service, a hunt group, a voicemail box, or a real person. Create a 24-hour schedule or provide different options when your business is open or closed.

                                                                                                                                      For information about how to create and manage auto attendants, see Manage Auto Attendants in Cisco Webex Control Hub.

                                                                                                                                      Configure a paging group

                                                                                                                                      Group paging allows a user to place a one-way call or group page to up to 75 target users and workspaces by dialing a number or extension assigned to a specific paging group.

                                                                                                                                      For information about how to set up and edit paging groups, see Configure a Paging Group in Cisco Webex Control Hub.

                                                                                                                                      Set up call pickup

                                                                                                                                      Enhance teamwork and collaboration by creating a call pickup group so users can answer each others calls. When you add users to a call pickup group and a group member is away or busy, another member can answer their calls.

                                                                                                                                      For information about how to set up a call pickup group, see Call Pickup in Cisco Webex Control Hub.

                                                                                                                                      Set up call park

                                                                                                                                      Call park allows a defined group of users to park calls against other available members of a call park group. Parked calls can be picked up by other members of the group on their phone.

                                                                                                                                      For more information about how to set up call park, see Call Park in Cisco Webex Control Hub.

                                                                                                                                      Enable barge-in for users

                                                                                                                                      1

                                                                                                                                      From the customer view in https://admin.webex.com, go to Management > Users.

                                                                                                                                      2

                                                                                                                                      Select a user and click Calling.

                                                                                                                                      3

                                                                                                                                      Go to the Between-user permissions section, and then select Barge in.

                                                                                                                                      4

                                                                                                                                      Turn on the toggle to allow other users to add themselves to this user's ongoing call.

                                                                                                                                      5

                                                                                                                                      Check Play a tone when this user Barges In on a call if you want to play a tone to others when this user barges in on their call.

                                                                                                                                      The Play a tone when this user Barges In on a call setting doesn't apply to Customer Experience Basic and Essentials supervisor barge-in functionality. Even if you enable this option for a supervisor, the system doesn't play the notification tone to the agent when a supervisor barges in on their call queue call.

                                                                                                                                      If you want to play a tone to an agent when a supervisor barges in on their call, you can enable it through ‘Notification tone for agents’ settings. For more information, see the Create a queue section in Webex Customer Experience Basic or Webex Customer Experience Essentials.

                                                                                                                                      6

                                                                                                                                      Click Save.

                                                                                                                                      Enable privacy for a user

                                                                                                                                      1

                                                                                                                                      Sign in to Control Hub, and go to Management > Users.

                                                                                                                                      2

                                                                                                                                      Choose a user and click Calling.

                                                                                                                                      3

                                                                                                                                      Go to the Between-user Permissions area and then choose Privacy.

                                                                                                                                      4

                                                                                                                                      Choose the appropriate Auto Attendant Privacy settings for this user.

                                                                                                                                      • Allow this user to be dialed by extension
                                                                                                                                      • Allow this user to be dialed by first or last name
                                                                                                                                      5

                                                                                                                                      Check the Enable Privacy check box. You can then decide to block everyone by not choosing members from the drop-down list. Alternatively, you can choose the users, workspaces, and virtual lines that can monitor the line status of this user.

                                                                                                                                      If you're a location administrator, only the users, workspaces, and virtual lines pertaining to your assigned locations appear in the drop-down list.

                                                                                                                                      Uncheck the Enable Privacy check box to allow everyone to monitor the line status.

                                                                                                                                      6

                                                                                                                                      Check the Enforce privacy for directed call pickup and barge-in check box to enable privacy for directed call pickup and barge-in.

                                                                                                                                      • If you enable this option, only the authorized users, virtual lines, and workspace devices can use directed call pickup and barge-in on this user. Otherwise, anyone in the organization can invoke directed call pickup and barge-in on a line.
                                                                                                                                      • For more information on barge-in, see Barge-in on someone else's phone call.
                                                                                                                                      • The supervisor can always barge-in to calls that the agents receive through the call queue. That is, privacy settings don’t affect a supervisor's barge-in option.
                                                                                                                                      7

                                                                                                                                      From Add member by name, choose the users, workspaces, and virtual lines that can monitor the phone line status and invoke directed call pickup and barge-in.

                                                                                                                                      8

                                                                                                                                      To filter the members that you select, use the filter by name, number or ext field.

                                                                                                                                      9

                                                                                                                                      Click Remove All to remove all the selected members.

                                                                                                                                      To remove an individual member, click Delete next to the member's name.
                                                                                                                                      10

                                                                                                                                      Click Save.

                                                                                                                                      Privacy settings

                                                                                                                                      Configure monitoring

                                                                                                                                      The maximum number of monitored lines for a user is 50. However, while configuring the monitoring list, consider the number of messages that impact the bandwidth between Webex Calling and your network. Also, determine the maximum monitored lines by the number of line buttons on the user's phone.

                                                                                                                                      1

                                                                                                                                      From the customer view in https://admin.webex.com, go to Management and then click Users.

                                                                                                                                      2

                                                                                                                                      Select the user you want to modify and click Calling.

                                                                                                                                      3

                                                                                                                                      Go to Between-user Permissions section, and select Monitoring.

                                                                                                                                      4

                                                                                                                                      Choose from the following:

                                                                                                                                      • Add Monitored Line
                                                                                                                                      • Add Call Park Extension

                                                                                                                                      You can include a virtual line in the Add Monitored Line list for user monitoring.

                                                                                                                                      5

                                                                                                                                      Choose if you wish to notify this user about parked calls, search for the person or call park extension to be monitored, and then click Save.

                                                                                                                                      The monitored lines list in Control Hub corresponds with the order of monitored lines that show on the user’s device. You can reorder the list of monitored lines at any time.

                                                                                                                                      The name that appears for the monitored line is the name entered in the Caller ID First Name and Last Name fields for the user, workspace, and virtual line.

                                                                                                                                      Want to see how it's done? Watch this video demonstration on how to manage monitoring settings for a user in Control Hub.

                                                                                                                                      Enable call bridge warning tone for users

                                                                                                                                      Before you begin

                                                                                                                                      You must have the shared line configured for the call bridge to be invoked. See how to configure shared lines before you enable the call bridge warning tone to play.
                                                                                                                                      1

                                                                                                                                      Sign in to Control Hub, and go to Management > Users.

                                                                                                                                      2

                                                                                                                                      Select a user and click the Calling tab.

                                                                                                                                      3

                                                                                                                                      Go to Between-user Permissions, and click Call Bridging Warning Tone.

                                                                                                                                      4

                                                                                                                                      Turn on Call Bridging Warning Tone, and then click Save.

                                                                                                                                      By default, this feature is enabled.

                                                                                                                                      For more information on call bridging on an MPP shared line, see Shared lines on your multiplatform desk phone.

                                                                                                                                      For more information on call bridging on a Webex App shared line, see Shared line appearance for WebexApp.

                                                                                                                                      Turn on hoteling for a user

                                                                                                                                      Enabling hoteling for a user allows them to work in another space while maintaining the functionality and features of their main desk phone.
                                                                                                                                      1

                                                                                                                                      From the customer view in https://admin.webex.com, go to Management and select Users.

                                                                                                                                      2

                                                                                                                                      Select a user and click the Calling tab.

                                                                                                                                      3

                                                                                                                                      Go to the Between-user Permissions section, and select Hoteling and turn on the toggle.

                                                                                                                                      4

                                                                                                                                      Enter the name or number of the hoteling host in the Hoteling Location search field and choose the hoteling host that you want to assign to the user.

                                                                                                                                      Only one hoteling host can be selected. If you choose another hoteling host, the first one gets deleted.

                                                                                                                                      If you're a location administrator, you can assign only the hoteling host pertaining to your assigned locations.
                                                                                                                                      5

                                                                                                                                      To limit the time a user can be associated to the hoteling host, choose the number of hours that the user can use the hoteling host from the Limit Association Period drop-down.

                                                                                                                                      The user will be logged out automatically after the chosen time.

                                                                                                                                      An error message is displayed in the screen if the limit association period specified for the user exceeds the limit association period of the chosen hoteling host. For example, if the hoteling host has a limit association period of 12 hours and the user's limit association period is 24 hours, an error message is displayed. In such cases, you need to extend the limit association period of the hoteling host if more time is needed for the user.

                                                                                                                                      6

                                                                                                                                      Click Save.

                                                                                                                                      A user can also search, and locate the hoteling host they want to use from the User Hub. For more information, see Access your calling profile from anywhere.

                                                                                                                                      Want to see how it's done? Watch this video demonstration on how to configure hoteling in the Control Hub.
                                                                                                                                      Was this article helpful?