Before you begin

  • Due to detected vulnerabilities, Webex Calling will deprecate the RSAES-PKCS1-v1_5 encryption scheme used by the Site Survivability solution on September 1, 2024. Beyond this date, the RSAES-OAEP encryption scheme is mandatory.

    To ensure continued operation with this encryption scheme, upgrade your Site Survivability Gateways to Cisco IOS XE Dublin 17.12.3 before September 1, 2024. No configuration changes are required to use the new encryption scheme following this upgrade.

By default, Webex Calling endpoints operate in Active mode, connecting to the Webex cloud for SIP registration and call control. However, if the network connection to Webex breaks, endpoints switch automatically to Survivability mode and registrations fall back to the Survivability Gateway within the local network. While endpoints are in Survivability mode, the Survivability Gateway provides a basic backup calling service for those endpoints. After the network connection to Webex resumes, call control and registrations revert to the Webex cloud.

While endpoints are in Survivability mode, you can make the following calls:

  • Internal calling (intrasite) between supported Webex Calling endpoints

  • External calling (incoming and outgoing) using a local PSTN circuit or SIP trunk to external numbers and E911 providers

The following image shows a network failure scenario where the connection to Webex is broken and endpoints at the Webex site are operating in Survivability mode. In the image, the Survivability Gateway routes an internal call between two on-site endpoints without requiring a connection to Webex. In this case, the Survivability Gateway is configured with a local PSTN connection. As a result, on-site endpoints in Survivability mode can use the PSTN for incoming and outgoing calls to external numbers and E911 providers.

Webex Calling endpoints in survivability mode

To use this feature, you must configure a Cisco IOS XE router in the local network as a Survivability Gateway. The Survivability Gateway syncs calling information daily from the Webex cloud for endpoints at that location. If the endpoints switch to Survivability mode, the gateway can use this information to take over SIP registrations and provide basic calling services.

The following conditions apply to the Survivability Gateway:

  • The Webex cloud includes the Survivability Gateway IP address, hostname, and port in the device configuration file. As a result, endpoints are able to reach out to the Survivability Gateway for registration if the connection to Webex breaks.

  • The daily call data sync between the Webex cloud and the Survivability Gateway includes authentication information for registered users. As a result, endpoints can maintain secure registrations, even while operating in Survivability mode. The sync also includes routing information for those users.

  • The Survivability Gateway can route internal calls automatically using the routing information that Webex provides. Add a PSTN trunk configuration to the Survivability Gateway to provide external calling.

  • Each site that deploys Site Survivability requires a Survivability Gateway within the local network.

  • Registrations and call control both revert to the Webex cloud once the Webex network connection resumes for at least 30 seconds.

Feature support

Supported features and components

The following table provides information on supported features.

Table 1. Supported Calling features
Feature Comments

Intrasite Extension Calling

Supported automatically with no specific routing configuration required on the Survivability Gateway.

However, alternate numbers and virtual extensions aren’t supported with intrasite extension Calling.

Intersite and PSTN Calling (Inbound and Outbound)

PSTN Calling based on telco circuit or SIP trunk.

E911 Call Handling

E911 Calling requires a PSTN circuit or SIP trunk.

Outbound calls use a specific registered Emergency Location Identification Number (ELIN) for a defined Emergency Response Location (ERL). If the emergency operator returns a disconnected call, the Survivability Gateway directs the call to the last device that called the emergency number.

Call Hold and Resume

Supported

If you're using Music on Hold, provision the Survivability Gateway manually with a MOH file.

Attended Call Transfer

Supported

Blind Call Transfer

Supported

Inbound Caller ID (Name)

Supported

Inbound Caller ID (Name & Number)

Supported

Point-to-point Video Call

Supported

Three-way Calling

Not supported

Shared Call Appearance

Supported with Webex App and Desk Phone

On configuring the feature, Site Survivability is available for the following supported endpoints.

Table 2. Supported endpoint models
TypeModelsMinimum Version
Cisco IP Phone with Multiplatform (MPP) Firmware

6821, 6841, 6851, 6861, 6861 Wi-Fi, 6871

7811, 7821, 7841, 7861

8811, 8841, 8851, 8861

8845 (audio only), 8865 (audio only)

For more information on supported Cisco IP Phones with Multiplatform (MPP) Firmware, see:

12.0(1)

Cisco IP Conference Phone

7832, 8832

12.0(1)

Cisco Webex App

Windows, Mac

43.2

The following table provides details on Cisco IOS XE routers that can be configured as a Survivability Gateway. The table also provides information on the maximum number of endpoints that each platform supports and the minimum IOS XE version.

Table 3. Supported platform models
ModelMaximum Endpoint registrationsMinimum Version

Integrated Services Router 4321

50

Cisco IOS XE Dublin 17.12.3 or later releases

Integrated Services Router 4331

100

Integrated Services Router 4351

700

Integrated Services Router 4431

1200

Integrated Services Router 4451-X

2000

Integrated Services Router 4461

2000

Catalyst Edge 8200L-1N-4T

1500

Catalyst Edge 8200-1N-4T

2500

Catalyst Edge 8300-1N1S-6T

2500

Catalyst Edge 8300-2N2S-6T

2500

Catalyst Edge 8300-1N1S-4T2X

2500

Catalyst Edge 8300-2N2S-4T2X

2500

Catalyst Edge 8000V software small configuration

500

Catalyst Edge 8000V software medium configuration

1000

Catalyst Edge 8000V software large configuration

2000
Port reference information for Survivability Gateway
Table 4. Port reference information for Survivability Gateway

Connection purpose

Source addresses

Source ports

Protocol

Destination addresses

Destination ports

Call signaling to Survivability Gateway (SIP TLS)

Devices

5060-5080

TLS

Survivability Gateway

8933

Call media to Survivability Gateway (SRTP)

Devices

19560-19660

UDP

Survivability Gateway

8000-14198 (SRTP over UDP)

Call signaling to PSTN gateway (SIP)

Survivability Gateway

Ephemeral

TCP or UDP

Your ITSP PSTN gateway

5060

Call media to PSTN gateway (SRTP)

Survivability Gateway

8000-48198

UDP

Your ITSP PSTN gateway

Ephemeral

Time synchronization (NTP)

Survivability Gateway

Ephemeral

UDP

NTP server

123

Name resolution (DNS)

Survivability Gateway

Ephemeral

UDP

DNS server

53

Cloud Management

Connector

Ephemeral

HTTPS

Webex services

443, 8433

For operational guidance on the cloud-mode, refer to the Port Reference Information for Webex Calling Help article.

You can customize port setting values on Cisco IOS XE routers. This table uses default values to provide guidance.

Colocation with Unified SRST

The Survivability Gateway supports the colocation of a Webex Survivability configuration and a Unified SRST configuration on the same gateway. The gateway can support survivability for both Webex Calling endpoints and for endpoints that register to Unified Communications Manager. To configure colocation:

Call routing considerations for colocation

Consider the following when configuring call routing for colocation scenarios:

  • The Survivability Gateway routes internal calls automatically provided that both endpoints in the call are registered to the Survivability Gateway. Internal calls are automatically routed between any registered clients (SRST or Webex Calling).

  • It's possible to have a situation where the connection to one call control system goes down while the connection to the other call control system remains up. As a result, one set of endpoints registers to the Survivability Gateway while another set of endpoints at the same site registers to primary call control. In this case, you may need to route calls between the two sets of endpoints to a SIP trunk or PSTN circuit.

  • External calls and E911 calls can be routed to a SIP trunk or PSTN circuit.

Limitations and restrictions

  • Public Switched Telephone Network (PSTN) service availability depends on the SIP trunks or PSTN circuits available during a network outage.

  • Devices with 4G and 5G connectivity (for example, Webex App for mobile or tablet) could still be able to register to Webex Calling during outages. As a result, they could be unable to call other numbers from the same site location during an outage.

  • Dialing patterns could work differently in Survivability mode than Active mode.

  • This feature doesn't support call preservation during a fallback to the Survivability Gateway. However, calls are preserved when connectivity to the cloud service is reestablished..

  • When an outage occurs, it could take a few minutes for the devices to register successfully to the Survivability Gateway.

  • The Survivability Gateway must use an IPv4 address. IPv6 isn't supported.

  • An on-demand sync status update in the Control Hub could take up to 30 minutes.

  • Cisco Webex multicall window isn’t supported in the Release 43.2. If you’re using a multicall window, disable it in survivability mode, and use the main application to make or receive calls.

  • Don't configure SIP bind command in voice service voip configuration mode. It leads to registration failure of MPP phones with Survivability Gateway.

While in Survivability mode:

  • MPP Softkeys such as Park, Unpark, Barge, Pickup, Group Pickup, and Call Pull buttons aren’t supported. However, they don’t appear disabled.

  • Calls made to shared lines can ring on all devices. However, other shared line functionality such as Remote Line State Monitoring, Hold, Resume, Synchronized DND, and Call Forwarding settings aren’t available.

  • Conferencing or Three-way Calling isn’t available.

  • Local call history of placed, received, and missed calls isn’t available for MPP Phones.

Feature configuration

Site survivability configuration task flow

Complete the following tasks to add Site Survivability for an existing Webex Calling location. If the connection to the Webex cloud breaks, a Survivability Gateway in the local network can provide backup call control for endpoints at that location.

Before you begin

If you need to provision a new gateway to act as the Survivability Gateway, refer to the Webex article Enroll Cisco IOS Managed Gateways to Webex Cloud to add the gateway to Control Hub.

StepsCommand or ActionPurpose

1

Assign survivability service to a gateway

In Control Hub, assign the Survivability Gateway service to a gateway.

2

Download config template

Download the configuration template from Control Hub. You'll need the template when you configure the gateway command line.

3

Configure licensing

Configure licenses for the Survivability Gateway.

4

Configure certificates on Cisco IOS XE

Configure certificates for the Survivability Gateway.

5

Configure gateway as a survivability gateway

Use the configuration template that you downloaded earlier as a guide to configuring the gateway command line. Complete all of the mandatory configurations that are in the template.

Assign survivability service to a gateway
Use this procedure in Control Hub to assign an existing gateway as a Survivability Gateway.

Before you begin

If the gateway doesn't exist in Control Hub, see Enroll Cisco IOS Gateways to Webex Calling to add a new gateway instance.
1

Sign in to Control Hub at https://admin.webex.com.

If you’re a partner organization, Partner Hub launches. To open Control Hub, click the Customer view in Partner Hub and select the applicable customer, or select My Organization to open Control Hub settings for the partner organization.

2

In Control Hub, under SERVICES, click Calling and then click the Managed Gateways tab.

The Managed Gateways view displays the list of gateways that you manage through Control Hub. The Service column displays the current service assignment.
3

For the gateway that you want to assign as a Survivability Gateway, choose one of the following, based on the value of the Service field:

  • Unassigned (empty value)—Click Assign Service and go to the next step.

  • Survivability Gateway—If you want to edit existing gateway IP settings, go to Edit Survivability Gateway properties. Otherwise, go to the next procedure in the flow.

4

From the service type drop-down, select Survivability Gateway and complete the following fields:

  • Location—From the drop-down, select a location.

  • Host Name—Enter the Fully Qualified Domain Name (FQDN) used when creating the certificate for the gateway. It could be a name that is included in the certificate Subject Alternate Name field (SAN). The FQDN and the IP address are only used for establishing a secure connection with the gateway. Hence, it is not mandatory to populate it in DNS.

  • IP Address—In IPv4 format, enter the IP address of the Survivability Gateway. Devices register to this address while operating in Survivability mode.

5

Click Assign.

(Optional) Unassign the Survivability Service—If you want to remove the Survivability Gateway from a gateway, go to Unassign the Services of a Managed Gateway.
Download config template
Download the configuration template from Control Hub. You'll need the template when you configure the gateway command line.
1

Sign in to Control Hub at https://admin.webex.com.

If you’re a partner organization, Partner Hub launches. To open Control Hub, click the Customer view in Partner Hub and select the applicable customer, or select My Organization to open Control Hub settings for the partner organization.

2

In Control Hub, under SERVICES, click Calling and then click the Managed Gateways tab.

3

Click on the applicable Survivability Gateway.

4

Click Download Config Template and download the template to your desktop or laptop.

Configure licensing
Make sure that you have the appropriate platform licenses for your gateway. Configure licenses using the commands that are appropriate to your platform.
1

Enter global configuration mode on the router:

enable
 configure terminal
2

Configure licenses using the commands that apply only to your specific platform.

  • For Cisco ISR 4000 series:

    license boot level uck9
 license boot level securityk9

  • For Cisco Catalyst 8300 and 8200 Series Edge Platforms, use the DNA Network Advantage feature license, or better, and enter the required throughput level. The following example uses 25Mbps bidirectional crypto throughput. Select the appropriate level for the number of calls that you anticipate.

    license boot level network-advantage addon dna-advantage
 platform hardware throughput crypto 25M

  • For Cisco Catalyst 8000V Edge Software, use the DNA Network Essentials feature license, or better and enter the required throughput level. The following example uses 1Gbps throughput. Select the appropriate level for the number of calls that you anticipate.

    license boot level network-essentials addon dna-essentials
 platform hardware throughput level MB 1000
When configuring throughput higher than 250Mbp, you require an HSEC platform license.

Configure Certificates

Configure certificates on Cisco IOS XE

Complete the following steps to request and create certificates for the Survivability Gateway. Use certificates signed by a publicly known Certificate Authority.

Survivability Gateway platform only supports publicly known CA certificates. Private or enterprise CA certificates can’t be used for Survivability Gateway.

For a list of root certificate authorities that are supported for Webex Calling, see What Root Certificate Authorities are Supported for Calls to Cisco Webex Audio and Video Platforms?.

Survivability Gateway platform doesn’t support the wildcard certificate.

Run the commands from the sample code to complete the steps. For additional information on these commands, along with more configuration options, see the “ SIP TLS Support” chapter in the Cisco Unified Border Element Configuration Guide.

1

Enter global configuration mode by running the following commands:

enable
 configure terminal
2

Generate the RSA private key by running the following command. The private key modulus must be at least 2048 bits.

crypto key generate rsa general-keys label webex-sgw exportable modulus 2048
3

Configure a trustpoint to hold the Survivability Gateway certificate. The gateway fully qualified domain name (fqdn) must use the same value that you used when assigning the survivability service to the gateway.

crypto pki trustpoint webex-sgw 
 enrollment terminal 
 fqdn <gateway_fqdn> 
 subject-name cn=<gateway_fqdn>
 subject-alt-name <gateway_fqdn>
 revocation-check crl 
 rsakeypair webex-sgw
4

Generate a Certificate Signing Request by running the crypto pki enroll webex-sgw command.

When prompted, enter yes.

After the CSR displays on screen, use Notepad to copy the certificate to a file that you can send to a supported certificate authority (CA).

If your certificate signing provider requires a CSR in PEM (Privacy Enhanced Mail) format, add a header and footer before submitting. For example: 

-----BEGIN CERTIFICATE REQUEST-----
 <Insert CSR here>
 -----END CERTIFICATE REQUEST-----
5

After the CA issues you a certificate, run the crypto pki authenticate webex-sgw command to authenticate the certificate. You can run this command from either exec or config mode.

When prompted, paste the base 64 CER/PEM issuing CA certificate contents (not the device certificate) into the terminal.

6

Import the signed host certificate to the trustpoint using the crypto pki import webex-sgw certificate command.

When prompted, paste the base 64 CER/PEM certificate into the terminal.

7

Check that the root CA certificate is available:

Only publicly known certificate authorities are supported with the Webex Calling solution. Private or enterprise CA certificates aren’t supported.

  1. Find the root CA common name by running show crypto pki certificates webex-sgw | begin CA Cert. Look for the issuer cn= <value>.

  2. Run the show crypto pki trustpool | include cn= command and check whether this root CA certificate is installed with the Cisco CA bundle. If you see your CA, skip to step 9.

  3. If you don't see your certificate, you can do one of the following:

    • Import the missing certificates

    • Run the following command to install the extended IOS CA bundle.

      crypto pki trustpool import url http://www.cisco.com/security/pki/trs/ios_union.p7b

  4. Repeat these substeps to determine if the root CA certificate is now available. After you repeat the substeps:

    If the certificate isn’t available, go to step 8. If the certificate is available, go to step 9.

8

If your root CA certificate isn’t included in the bundle, acquire the certificate and import it to a new trustpoint.

Perform this step if a publicly known CA root certificate isn’t available with your Cisco IOS XE gateway.

crypto pki trustpoint <CA name>
 enrollment terminal
 revocation-check crl
 crypto pki authenticate <CA name>

When prompted, paste the base 64 CER/PEM certificate contents into the terminal.

9

Using configuration mode, specify the default trust point, TLS version and SIP-UA defaults with the following commands.

sip-ua 
 no remote-party-id 
 retry invite 2 
 transport tcp tls v1.2 
 crypto signaling default trustpoint webex-sgw 
 handle-replaces
Import certificates along with keypairs

You can import CA certificates and keypairs as a bundle using the PKCS12 format (.pfx or .p12). You can import the bundle from a local file system or a remote server. PKCS12 is a special type of certificate format. It bundles the entire certificate chain from the root certificate through the identity certificate, along with the RSA keypair. That is, the PKCS12 bundle you import would include the keypair, host certificates, and intermediate certificates. Import a PKCS12 bundle for the following scenarios:

  • Export from another Cisco IOS XE router and import into your Survivability Gateway router

  • Generation of the PKCS12 bundle outside Cisco IOS XE router using OpenSSL

Complete the following steps to create, export, and import certificates and keypairs for your Survivability Gateway router.

1

(Optional) Export the PKCS12 bundle required for your Survivability Gateway router.

crypto pki export webex-sgw pkcs12 terminal password xyz123

This step is applicable only if you export from another Cisco IOS XE router.

2

(Optional) Create a PKCS12 bundle using OpenSSL.

  1. Verify that the OpenSSL is installed on the system that this process is run on. For Mac OSX and GNU/Linux users, it’s installed by default.

  2. Switch to the directory where your keys, certificate, and chain files are stored.

    On Windows: By default, the utilities are installed in C:\Openssl\bin. Open a command prompt in this location.

    On Mac OSX/Linux: Open the Terminal window in the directory needed to create the PKCS12 certificate.

  3. In the directory, save the private key (privateKey.key), identity certificate (certificate.crt), and root CA certificate chain (CACert.crt) files.

    Combine the private key, identity certificate, and the root CA certificate chain into a PKCS12 file. Enter a passphrase to protect your PKCS12 certificate.

    console> openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

    Provide a password when using OpenSSL to generate the PKCS12 file.

This step is applicable only if you generate a PKCS12 bundle outside Cisco IOS XE using OpenSSL.

3

Import the file bundle in PKCS12 format.

crypto pki import <trustpoint name> pkcs12 <certificate file location> password <file password>

The following is a sample configuration for the command and details regarding the configurable parameters: 

crypto pki import webex-sgw pkcs12 bootflash:certificate.pfx password xyz123

  • <trustpoint name>—Name of the trustpoint that is created when using this command (For example, webex-sgw).

  • <certificate file location>—Local or network URL pointing to the certificate file (For example, bootflash:certificate.pfx)

  • <file password>—The password that's used when creating the PKCS12 file (For example, xyz123).

The crypto pki import command automatically builds the trustpoint to accommodate the certificate.

4

Using configuration mode, specify the default trust point, TLS version and SIP-UA defaults with the following commands.

sip-ua 
 no remote-party-id 
 retry invite 2 
 transport tcp tls v1.2 
 crypto signaling default trustpoint webex-sgw 
 handle-replaces

Configure Survivability Gateway

Configure gateway as a survivability gateway

Use the configuration template that you downloaded earlier as a guide to configuring the gateway command line. Complete the mandatory configurations in the template.

The following steps contain sample commands along with an explanation of the commands. Edit the settings to fit your deployment. The angled brackets (for example, <settings>) identify settings where you should enter values that apply to your deployment. The various <tag> settings use numerical values to identify and assign sets of configurations.

  • Unless stated otherwise, this solution requires that you complete all the configurations in this procedure.

  • When applying settings from the template, replace %tokens% with your preferred values before you copy to the gateway.

  • For more information on the commands, see Webex Managed Gateway Command Reference. Use this guide unless the command description refers you to a different document.

1

Enter into global configuration mode.

enable
 configure terminal

where:

  • enable—Enables privileged EXEC mode.

  • configure terminal—Enables global configuration mode.

2

Perform the voice service configurations:

voice service voip
 ip address trusted list
    ipv4 <ip_address> <subnet_mask>
    ipv4 <ip_address> <subnet_mask>
  allow-connections sip to sip
  supplementary-service media-renegotiate
  no supplementary-service sip refer
  trace
  sip
   asymmetric payload full
   registrar server

Explanation of commands:

  • ip address trusted list—Defines a list of nonregistering addresses that the Survivability Gateway must accept SIP messages from. For example, a SIP trunk peer address.

  • <ip_address> and <subnet_mask> represent trusted address ranges. You don't need to enter directly connected subnets as the Survivability Gateway trusts them automatically.

  • allow-connections sip to sip—Allows SIP to SIP connections in a VoIP network.

  • no supplementary-service sip refer—Disable REFER method for call forward and call transfer supplementary services. Webex Calling doesn’t use these methods.

  • sip—Enters service SIP configuration mode.

  • registrar server—Enable the SIP registrar to allow Webex Calling clients to register to the gateway.

  • asymmetric payload full—Enables video calling in survivability mode.

3

Enable Survivability on the router:

voice register global
 mode webex-sgw
 max-dn 50
 max-pool 50
 exit

Explanation of commands:

  • voice register global—Enters global voice registration mode.

  • mode webex-sgw—Enables Webex Calling Survivability mode and Survivable Remote Site Telephony for Unified Communications Manager endpoints.

    After mode webex-sgw configuration, Survivability Gateway listens on port 8933 for incoming secure connections from endpoints.

  • max-dn—Limits the number of directory numbers that the router can handle. For this solution, always configure the maximum value available for your platform.

  • max-pool—Sets the maximum number of devices that can register to the gateway. Set this value to the maximum that your platform allows, as described in Table 3.

4

Configure NTP servers:

ntp server <ip_address_of_primary_NTP_server>
 ntp server <ip_address_of_secondary_NTP_server>

5

(Optional). Configure general Class of Restriction call permissions:

dial-peer cor custom
 name Wx_calling_Internal
 name Wx_calling_Toll-free
 name Wx_calling_National
 name Wx_calling_International
 name Wx_calling_Operator_Assistance
 name Wx_calling_Chargeable_Directory_Assistance
 name Wx_calling_Special_Services1
 name Wx_calling_Special_Services2
 name Wx_calling_Premium_Services1
 name Wx_calling_Premium_Services2

The preceding example creates a set of custom class of restriction named categories (for example, Wx_calling_International). For details on how to use Class of Restrictions with dial peers, see "Class of Restrictions" in Dial Peer Configuration Guide, Cisco IOS Release 15M&T.

6

Configure a list of preferred codecs. For example, the following list specifies g711ulaw as the preferred codec, followed by g711alaw.

voice class codec 1
 codec preference 1 g711ulaw
 codec preference 2 g711alaw

Explanation of commands:

  • voice class codec 1 enters voice-class configuration mode for the codec group 1.

  • codec preference identifies the preferred codecs for this codec group.

7

Configure default voice register pools per location:

voice register pool 1
 id network 0.0.0.0 mask 0.0.0.0
 dtmf-relay rtp-nte
 voice-class codec 1

Explanation of commands:

  • voice register pool 1—Enters voice register pool configuration mode for SIP devices in this pool.

  • id network and mask identify a SIP device, or set of network devices that use this pool. Use the addresses and masks that apply to your deployment. The address 0.0.0.0 allows devices from anywhere to register (if the device addresses are in the permit list).

  • id extension-number—The pool applies to the Webex Calling user at extension 1234 specifically. Use the appropriate extensions for your network.

  • dtmf-relay specifies the rtp-nte method for sending DTMF digits. In this example, Real-Time Transport (RTP) with Named phone event (NTE) payload type.

  • voice-class codec 1—Assigns codec group 1 to this pool.

8

Configure emergency calling:

voice emergency response location 1
 elin 1 <number>
 subnet 1 <ip-group> <subnet-mask>

 voice emergency response location 2
 elin 1 <number>
 subnet 1 <ip-group> <subnet-mask>

 voice emergency response zone 1
 location 1
 location 2

 voice class e164-pattern-map 301
 voice class e164-pattern-map 351

Explanation of commands:

  • voice emergency response location 1—Creates emergency response location group 1 for the enhanced 911 service. A subsequent command creates emergency response location group 2.

  • elin 1 <number>—Assigns an elin to the emergency response location. For this elin, the <number> portion defines a PSTN number to replace the extension of the 911 caller (for example, 14085550100).

  • subnet 1 <ip-group> <subnet-mask>—Defines a subnet group along with a specific subnet address for this emergency response location. Use this command to identify the caller network via an IP address and subnet mask. For example, subnet 1 192.168.100.0 /26.

  • voice emergency response zone 1—Defines an emergency response zone.

  • location 1 (and 2)—Assigns emergency response locations 1 and 2 to this emergency response zone.

  • voice class e164-pattern-map 301 (and 351)—Identifies e164 pattern maps 301 and 351 for this voice class. You can use the map to define dial plans and emergency location identifiers.

If the WiFi overlay doesn't match to IP subnets accurately, then emergency calling for nomadic devices may not have the correct ELIN mapping.
9

Configure dial peers for the PSTN. For an example of the dial peer configuration, see PSTN connection examples.

10

Optional. Enable Music on Hold for the router. You must store a music file in the router flash memory in G.711 format. The file can be in .au or .wav file format, but the file format must contain 8-bit 8-kHz data (for example, ITU-T A-law or mu-law data format).

call-manager-fallback
 moh enable-g711 "bootflash:<MOH_filename>"

Explanation of commands:

  • call-manager-fallback—Enters SRST configuration mode.

  • moh enable-g711 "bootflash:<MOH_filename>"—Enables unicast Music on Hold using G.711. Also provides the directory and audio filename (for example, bootflash:music-on-hold.au). The filename can’t exceed 128 characters.

Complete on-demand sync

Optional. Complete this procedure only if you want to complete an immediate on-demand sync. This procedure isn’t mandatory as the Webex cloud syncs call data to the Survivability Gateway once per day, automatically.

1

Sign in to Control Hub at https://admin.webex.com.

If you’re a partner organization, Partner Hub launches. To open Control Hub, click the Customer view in Partner Hub and select the applicable customer or select My Organization to open Control Hub settings for the partner organization.

2

In Control Hub, under SERVICES, click Calling and then click the Managed Gateways tab.

3

Click on the applicable Survivability Gateway to open the Survivability Service view for that gateway.

4

Click the Sync button.

5

Click Submit.

It may take up to 10 minutes to complete the sync.
Edit Survivability Gateway properties
Use this optional procedure only if you want to edit settings for an existing Survivability Gateway.
1

Sign in to Control Hub at https://admin.webex.com.

If you’re a partner organization, Partner Hub launches. To open Control Hub, click the Customer view in Partner Hub and select the applicable customer, or select My Organization to open Control Hub settings for the partner organization.

2

In Control Hub, under SERVICES, click Calling and then click the Managed Gateways tab.

3

Click on the applicable Survivability Gateway to open the Survivability Service view for that gateway.

4

Click the Edit button and update settings for the following.

  • Host Name—Use the host name or Fully Qualified Domain Name of the certificate to establish the TLS connection with clients and IP Address.

  • IP Address—In IPv4 format, enter the IP address of the gateway to which devices register while operating in Survivability mode.

5

Click Submit.

If you want to delete a Survivability Gateway from Control Hub, unassign the Survivability Gateway service first. For more details, see Assign Services to Managed Gateways.

Configuration examples

PSTN connection examples

For external calling, configure a connection to the PSTN. This topic outlines some of the options and provides sample configurations. The two main options are:

  • Voice Interface Card (VIC) connection to PSTN

  • SIP trunk to PSTN gateway

Voice interface card connection to PSTN

You can install a Voice Interface Card (VIC) on the router and configure a port connection to the PSTN.

SIP trunk to PSTN gateway

You can configure a SIP trunk connection that points to a PSTN gateway. To configure the trunk connection on the gateway, use the voice-class-tenant configuration. Following is a sample configuration. 

voice class tenant 300 
  sip-server ipv4:<ip_address>:<port>
  session transport udp 
  bind all source-interface GigabitEthernet0/0/1

Dial peer configuration

For trunk connections, configure inbound and outbound dial peers for the trunk connection. The configuration depends on your requirements. For detailed configuration information, see Dial Peer Configuration Guide, Cisco IOS Release 15M&T.

Following are sample configurations:

Outbound dial-peers to the PSTN with UDP and RTP

dial-peer voice 300 voip 
 description outbound to PSTN 
 destination-pattern +1[2-9]..[2-9]......$ 
 translation-profile outgoing 300
 rtp payload-type comfort-noise 13 
 session protocol sipv2 
 session target sip-server
 voice-class codec 1 
 voice-class sip tenant 300 
 dtmf-relay rtp-nte 
 no vad

Inbound dial-peer from the PSTN using UDP with RTP

voice class uri 350 sip 
 host ipv4:<ip_address> 
 !
dial-peer voice 190 voip 
 description inbound from PSTN 
 translation-profile incoming 350 
 rtp payload-type comfort-noise 13 
 session protocol sipv2 
 voice-class codec 1 
 voice-class sip tenant 300 
 dtmf-relay rtp-nte 
 no vad

Number translations

For PSTN connections, you may need to use translation rules to translate internal extensions to an E.164 number that the PSTN can route. Following are sample configurations:

From PSTN translation rule with non +E164 

voice translation-rule 350 
 rule 1 /^\([2-9].........\)/ /+1\1/ 
 voice translation-profile 300 
 translate calling 300 
 translate called 300

From phone system translation rule with +E164 

voice translation-rule 300 
 rule 1 /^\+1\(.*\)/ /\1/ 
 voice translation-profile 300 
 translate calling 300 
 translate called 300
Emergency calling example

The following example contains an example of an emergency calling configuration.

If the WiFi overlay doesn't match to IP subnets accurately, then emergency calling for nomadic devices may not have a correct ELIN mapping.

Emergency response locations (ERLs)


voice emergency response location 1
 elin 1 14085550100
 subnet 1 192.168.100.0 /26
 !
voice emergency response location 2
 elin 1 14085550111
 subnet 1 192.168.100.64 /26
 !
voice emergency response zone 1
 location 1 
 location 2

Outgoing dial peers


voice class e164-pattern-map 301
 description Emergency services numbers
  e164 911
  e164 988
 !
voice class e164-pattern-map 351
 description Emergency ELINs
  e164 14085550100
  e164 14085550111
 !
dial-peer voice 301 pots
 description Outbound dial-peer for E911 call
 emergency response zone 1 
 destination e164-pattern-map 301
 !
 dial-peer voice 301 pots
 description Inbound dial-peer for E911 call
 emergency response callback
 incoming called e164-pattern-map 351
 direct-inward-dial