Franske ITC-2300 Assignment: Difference between revisions
BenFranske (talk | contribs) |
BenFranske (talk | contribs) |
||
(127 intermediate revisions by the same user not shown) | |||
Line 2: | Line 2: | ||
You are responsible for completing ALL of these labs. You must submit a [[Franske Lab Report Format|lab report (click for details about how to write these)]] for each topic. Each lab report is worth up to 20 points. This falls into the Labs/Homework category of your course grade. | You are responsible for completing ALL of these labs. You must submit a [[Franske Lab Report Format|lab report (click for details about how to write these)]] for each topic. Each lab report is worth up to 20 points. This falls into the Labs/Homework category of your course grade. | ||
== | ==Virtualization Labs== | ||
===Proxmox VE Installation Lab=== | |||
Find instructions for the [[Proxmox VE Installation Lab|Proxmox VE Installation Lab here]]. | |||
== | ===Proxmox VE Containers and Cluster Lab=== | ||
= | Find instructions for the [[Proxmox VE Containers and Cluster Lab|Proxmox VE Containers and Cluster Lab here]]. | ||
| | |||
===vmWare ESXi Installation Lab=== | ===vmWare ESXi Installation Lab=== | ||
Find instructions for the [[vmWare ESXi Installation Lab|vmWare ESXi Installation Lab here]]. | |||
===vmWare vSphere vCenter Server Installation Lab=== | ===vmWare vSphere vCenter Server Installation Lab=== | ||
Find instructions for the [[vmWare vSphere vCenter Server Installation Lab|vmWare vSphere vCenter Server Installation Lab here]]. | |||
===vmWare vSphere Administration Lab=== | ===vmWare vSphere Administration Lab=== | ||
Find instructions for the [[vmWare vSphere Administration Lab|vmWare vSphere Administration Lab here]]. | |||
==Cloud Labs== | |||
===Introduction to the Cloud=== | |||
* [https://docs.microsoft.com/en-us/learn/modules/create-an-azure-account/3-exercise-create-an-azure-account Create an Azure Account Exercise] | |||
** NOTE: Do this through the [https://azure.microsoft.com/en-us/free/students/ Azure for Students page] to get a $100 credit on your account. You will need a .EDU email account to do this. [https://www.inverhills.edu/CampusResources/TechnologyServices/email.aspx Find out how to get a .EDU address from Inver Hills if you don't have one setup yet.] | |||
* [https://docs.microsoft.com/en-us/learn/modules/tour-azure-portal/4-exercise-work-with-blades Manage Services in the Azure Portal: Work with Blades] | |||
* [https://docs.microsoft.com/en-us/learn/modules/tour-azure-portal/5-exercise-navigate-the-portal Manage Services in the Azure Portal: Use the Azure Portal] | |||
* [https://docs.microsoft.com/en-us/learn/modules/tour-azure-portal/7-exercise-customize-the-dashboard Manage Services in the Azure Portal: Customize the Dashboard] | |||
* [https://docs.microsoft.com/en-us/learn/modules/welcome-to-azure/ Core Cloud Services: Introduction to Azure] | |||
===Using Azure Virtual Machines=== | |||
* [https://docs.microsoft.com/en-us/learn/modules/intro-to-azure-virtual-machines/3-create-a-vm Create a VM Using the Azure Portal] | |||
* [https://docs.microsoft.com/en-us/learn/modules/create-linux-virtual-machine-in-azure/index Create a Linux Virtual Machine in Azure] | |||
* [https://docs.microsoft.com/en-us/learn/modules/create-windows-virtual-machine-in-azure/index Create a Windows Virtual Machine in Azure] | |||
* [https://docs.microsoft.com/en-us/learn/modules/manage-virtual-machines-with-azure-cli/ Manage Virtual Machines with the Azure CLI] | |||
===Scaling Azure Virtual Machines=== | |||
* [https://docs.microsoft.com/en-us/learn/modules/keep-your-virtual-machines-updated/3-exercise-use-update-management-on-a-virtual-machine Use Update Management on a virtual machine] | |||
* [https://docs.microsoft.com/en-us/learn/modules/keep-your-virtual-machines-updated/5-exercise-use-azure-log-analytics-and-schedule-updates Use azure log analytics and schedule updates] | |||
* [https://docs.microsoft.com/en-us/learn/modules/configure-network-for-azure-virtual-machines/2-describe-azure-virtual-networking Explore Azure virtual networking] | |||
* [https://docs.microsoft.com/en-us/learn/modules/configure-network-for-azure-virtual-machines/3-exercise-create-azure-virtual-network Create an Azure virtual network] | |||
* [https://docs.microsoft.com/en-us/learn/modules/configure-network-for-azure-virtual-machines/5-exercise-create-azure-vpn-gateway Create an Azure VPN gateway] | |||
* [https://docs.microsoft.com/en-us/learn/modules/build-azure-vm-templates/4-deploy-a-vm-quickstart-template?pivots=linux-cloud Deploy a VM using an Azure Quickstart template] | |||
* [https://docs.microsoft.com/en-us/learn/modules/build-azure-vm-templates/6-extend-the-quickstart-template?pivots=linux-cloud Extend the Quickstart template to deploy a basic web site] | |||
* [https://docs.microsoft.com/en-us/learn/modules/add-and-size-disks-in-azure-virtual-machines/3-exercise-add-data-disks-to-azure-virtual-machines Add a data disk to a VM] | |||
* [https://docs.microsoft.com/en-us/learn/modules/add-and-size-disks-in-azure-virtual-machines/6-exercise-resize-disks Resize a VM disk] | |||
==Network Programmability Labs== | |||
===Getting Started with DevNet Lab=== | |||
* Complete [https://developer.cisco.com/learning/modules/dev-setup DevNet Developer Workstation and Environment Setup Lab] | |||
** '''NOTE:''' In this lab activity you will, amongst other things download and install the OpenConnect VPN client which is used to connect to the DevNet sandbox labs. Unfortunately there is a bug in this software which prevents OpenVPN (which you may use for connecting to ITCnet to reach Netlab) from resetting Windows DNS server addresses. This will prevent you from accessing ITCnet resources such as Netlab, even after disconnecting from the DevNet sandbox VPN in OpenConnect. To fix this after EACH time you use OpenConnect to access DevNet sandboxes after disconnecting you will need to open your network adapter properties for the "TAP-Windows Adapter" and open the IPv4 settings. You will see that OpenConnect has left DNS set as "Use the following DNS server addresses" with two addresses filled in. Change the setting back to "Obtain DNS server address automatically" and save the settings. The next time you connect to OpenVPN you should have access to the ITCnet DNS server and resources again. | |||
* Complete the Programming Fundamentals Module from the [https://developer.cisco.com/learning/tracks/devnet-beginner DevNet Beginner] track | |||
** Note that in Step 2 of the "A Brief Introduction to Git" lab you are told you should have already downloaded a Git repository or you should follow the link at the top with instructions for setting up your workstation. Follow that link and see the section titled '''Using Git to Copy Code and Setting Up the Local Environment'''. You should clone and use the Data Center Infrastructure: https://github.com/CiscoDevNet/dciv2-code repository. | |||
===REST API Fundamentals & Network Programmability Lab=== | |||
* Complete the REST API Fundamentals Module from the [https://developer.cisco.com/learning/tracks/devnet-beginner DevNet Beginner] track | |||
* Complete the Network Programmability Module from the [https://developer.cisco.com/learning/tracks/devnet-beginner DevNet Beginner] track | |||
** Note that on page 2 of the "Cisco DNA Center Platform - Authentication" lab and in some future labs you may receive an error about SSL certificates when running code. Because the Cisco DNAC has a self-signed certificate you will need to change Python Requests function calls from things like: <code>requests.post(url, auth=HTTPBasicAuth(DNAC_USER, DNAC_PASSWORD))</code> to things like <code>requests.post(url, auth=HTTPBasicAuth(DNAC_USER, DNAC_PASSWORD), verify=False)</code> by setting the verify flag to false you can tell the Python requests library to ignore SSL certificate verification. | |||
** Note that in the "End to End Visibility and Assurance with Path Trace and Cisco DNA Center Platform" lab you should re-check the "How To Setup Your Own Computer" link at the top of the page. There is a new GitHub repo to clone which contains the path_trace.py file. Also, we don't expect you to be able to write the entire path_trace.py program by yourself at this point. Instead, you should reference that file while reading through the lab's explanation of some of the functions so you can see (and hopefully understand) how the program works and what sorts of information are being pulled from the API when you execute the program. You can also try using Postman to make the same API requests and get the same data that you're getting though Python. | |||
** Note that if you want to see what the GUI interface for Cisco DNA Center looks like you can go to https://sandboxdnac2.cisco.com and sign in with the username devnet and password Cisco123! | |||
=== | ===Model Driven Network Programmability and IOS XE Lab=== | ||
* Complete all modules in the [https://developer.cisco.com/learning/tracks/iosxe-programmability IOS XE Programmability] track | |||
** Note that the SSH instructions in the "Exploring IOS XE YANG Data Models with NETCONF" lab are designed for use on an *NIX based system so they will work best with a Linux computer/VM, a Mac, or in the Windows Subsystem for Linux (WSL). | |||
== | ===Getting Started with Ansible for Network Programmability Lab=== | ||
* | * Complete all modules in the [https://developer.cisco.com/learning/modules/sdx-ansible-intro Introduction to Ansible] track | ||
* Complete the "Introduction to Configuration Management" and "Introduction to Ansible" modules in the [https://developer.cisco.com/learning/modules/intro-ansible-iosxe Introduction to Ansible for IOS XE Configuration Management] track | |||
* Complete the [https://developer.cisco.com/learning/modules/industrial-netdevops/iot-industrial-netdevops-ansible/step/1 "Managing IoT Harware with Ansible" module]. | |||
=Homework= | =Homework= | ||
Any homework assigned in the course will go here. This falls into the homework category of your course grade. | Any homework assigned in the course will go here. This falls into the homework category of your course grade. | ||
* | * Participate in an online forum discussion (typically 3 quality posts or more) of each topic on the CLASS server site. See [[Franske Forum Posting Format|forum posting page]] for details. (up to 10 points each topic based on quality) | ||
=Participation Activities= | =Participation Activities= | ||
Any participation activities completed in the course will go here. This falls into the participation category of your course grade. | Any participation activities completed in the course will go here. This falls into the participation category of your course grade. | ||
* For each topic you need to meet with the instructor at least once to check on your status and understanding of the topic. Each meeting will be worth up to 10 points. | * For each topic you need to meet with the instructor at least once to check on your status and understanding of the topic. Each meeting will be worth up to 10 points. | ||
* You will need to complete peer evaluations of all course projects, these evaluations will be worth 10 participation points total | |||
=Topic Assessments= | =Topic Assessments= | ||
Line 221: | Line 84: | ||
=Course Project= | =Course Project= | ||
The course project will take the place of the skills exam in this course and will allow you to continue to experiment with one of the topic areas covered in the course. | The course project will take the place of the skills exam in this course and will allow you and your lab partner to continue to experiment with one of the topic areas covered in the course. You will need to present your project in a presentation/demonstration to the class which is expected to last 10 minutes. | ||
The project should be related to one of the three topics covered in the course (cloud, virtualization, and/or network programmability). You may either expand on one of the tools that we used in the course or explore a different tool in the same topic area. Your project plan should be approved by the instructor. Remember that the project is 15% of your final grade so it is expected to be a substantial amount of work. | |||
==Presentations Tips== | |||
* Presentations should be very close to 10 minutes in length. While there is not a part of your score that is directly tied to timing if they are much longer or shorter you probably have either over-covered or under-covered what you did (or didn't do enough work) which will definitely show up in your score. | |||
* I suggest spending about half the time giving some background on your project (why you chose it, what are the key things you learned, what all did you do). You can have slides for this if you'd like. | |||
* If you use slides I normally suggest no more than one slide per minute of presentation time (excluding a title slide) so probably stick to only about 5 slides of content. Also, follow good presentation tips for using slides (don't make them overly complicated, don't try to put too much information on one slide, don't read your slides to us as part of your presentation, etc.) There are lots of good resources online that talk about creating effective presentation slides. Two examples are: https://edu.gcfglobal.org/en/powerpoint-tips/simple-rules-for-better-powerpoint-presentations/1/ and https://www.unl.edu/gradstudies/connections/tips-creative-effective-powerpoint-presentations | |||
* I suggest spending the other half of the time giving a demonstration about some part of your project. Don't try to show off everything you did, cramming 3 weeks of work into 5 minutes is not possible. Pick one specific part of your project that you can demonstrate in 5 minutes and show that. You're not trying to give a "how-to" presentation so you don't need to show every step. Just give people an idea of what you did in your project. Stage things ahead of time and skip steps as needed to keep on time. | |||
==Lab Report Tips== | |||
* The format is the same as a regular lab report (what you did, problems you had, how you tested, and what you learned) but the report must be much longer (about 4 pages single spaced) because it includes 3 weeks of work. It should be clear how you spent the three weeks and that it really was the equivalent amount of work as three weeks of regular classwork. | |||
* You should thoroughly describe what you did (not exact steps, but an overview of the major things you accomplished), and what new things you learned by doing the project. | |||
* It should be clear how the project relates to one of the topics from class. | |||
* This should also be written like a paper explaining your project so don't include a bunch of lists, etc. which are just there to fill space as that will not produce a quality report. | |||
==Grading== | |||
There will be two primary components to your grade for the project, a lab report and a presentation. | |||
You will be turning in a lab report using the same format you have used for other lab reports in the class but it will be longer as this is a much more substantial project. Lab reports for this project should be about 4 pages long (single spaced) and include all the regular sections of a lab report (what you did, what problems you had, how you tested, and what you learned. The project lab report will be worth 100 points. | |||
In addition you will receive a grade on a 10 minute presentation to the class. The presentation should be interesting, engaging, informative, and factually correct. It is a good idea to show off your actual work as much as possible (not just talk about it) so you are strongly encouraged to find a way to demonstrate something "live" during the presentation. | |||
The presentation score is comprised of: | |||
* Topic Content (30 Points) | |||
** Was the topic appropriate for the course project? Was the content presented accurate and did it provide a good overview of the topic and the work done? Was the amount of work done appropriate for a large course project? | |||
* Presentation Skills (30 Points) | |||
** How well did the group do ''explaining'' the content? Were they able to adequately answer appropriate questions from the class? Was the presentation professional and well prepared? | |||
* Engagement (20 Points) | |||
** How well did the group engage the class in their presentation? This could include getting or asking questions of the class, using appropriate visual aids, etc. How well did the group express excitement and interest in the topic of their presentation? | |||
* Overall Quality (20 Points) | |||
** Did you learn something or get something clarified in your mind? Did you feel listening to this presentation was worth your time? Was this a "good" presentation? Are you interested to learn more about this topic having heard this presentation? Do you have a good understanding of how you could use this to solve future problems you come across? | |||
Finally, a small portion of your grade for the project presentation (10% of the presentation score) will be writing a short review of each of the other project presentations. These are not simply participation points for filling out a review, your review will be graded for quality so be sure you listen carefully and provide useful feedback in your review. | |||
= Archived Labs = | |||
'''This section contains information about labs that have been used in this class in the past. You are NOT responsible for completing these labs.''' | |||
==Asterisk VoIP Labs== | |||
===Introduction to VoIP Labs=== | |||
# Use one of the Cisco 2811 routers and Cisco 3750 POE+ switches to create a segregated network for your VoIP environment. See [[ITC-2300 VoIP Lab Switch and Router Configurations|these sample switch and router configurations]] (needs to be modified with correct IP addressing for your pod). | |||
#* Connect Fa0/0 on the router to the ITCNet switch and configure it with the same IP address used for your VCSA system in the VMware labs | |||
#* Setup Fa0/1.10 on the router as your "Internal VOIP Network" with an IP address of 192.168.10.1/24 on VLAN 10 | |||
#* Setup NAT Overload (PAT) on the router with Fa0/0 on the outside and Fa0/1.10 on the inside | |||
#* Setup a DHCP server on the router on the 192.168.10.0/24 subnet with a default router of 192.168.10.1 and a DNS server of 172.17.139.10, exclude 192.168.10.1-192.168.10.20 | |||
#* Connect Port Fa0/1 on your router to a Cisco 3750 POE+ switch on Port 24 and setup the port as a trunk port and VLAN 10 as an active VLAN on the switch, use 192.168.10.2 as the management IP for the switch on VLAN 10 | |||
# Move your PC to your "Internal VOIP Network" by connecting it to your switch on Gi1/0/1 configured as a VLAN 10 access port and ensure it gets a DHCP address and has working Internet connectivity | |||
# Create a new Virtual Machine named "Debian Asterisk CLI" and Install Debian Linux | |||
#* VM Specs: 4GB RAM, 50GB HDD, Bridged Networking | |||
# Install Debian Linux onto the VM | |||
#* Make sure you have a working Internet connection through your VoIP network to your host machine (and VM) before starting the installation | |||
#* Set a hostname of PodX-AsteriskCLI (replace the X with your Pod number) | |||
#* Be sure to choose an online mirror for packages or you won't be able to install packages from the Internet once your installation finishes | |||
#* Be sure to '''uncheck "Debian Desktop Environemnt"''' when asked about packages to install. (Press the space bar when this option is highlighted to uncheck it) | |||
#* You can save some time later if you '''check "SSH Server"''' when asked about packages to install. (Press the space bar when this option is highlighted to check it) | |||
# On your Debian system set a static IP Address of 192.168.10.3/24 Default Router of 192.168.10.1 and DNS Server of 172.17.139.10 | |||
# On your Debian system comment out the CDROM source from /etc/apt/sources.list | |||
# Install the Asterisk VoIP PBX using the Debian Package | |||
#* '''apt update''' | |||
#* '''apt install asterisk''' | |||
# Install the '''tftpd-hpa''' package on your Debian system to enable it to be a TFTP server | |||
# Install the '''openssh-server''' package on your Debian system to enable SSH access to it from your PC (and your partner's PC if they connect their PC to VLAN 10 on the switch as well) | |||
# Install the '''sudo''' package on your Debian system and add your regular user to the sudo group on the system so the account has administrative command access | |||
#* NOTE: After this point you have everything needed to connect to your Asterisk system with SSH for configuration and file transfer (PuTTY and Filezilla). It's strongly suggested you connect to and work on your system over SSH from this point on instead of trying to use the VMWare Workstation console. Cut and paste support is much better in PuTTY than in the VM console and you and your partner can both be logged in from different PCs (if they are on your internal VoIP network) and working on things at the same time (as long as you aren't trying to edit the same file at the same time). | |||
# Create a file '''XMLDefault.cnf.xml''' on your host PC with [[ITC-2300 VoIP Lab XMLDefault File|these contents]] and transfer it to the '''/srv/tftp/XMLDefault.cnf.xml''' location on your Debian system | |||
# Download the Chan-SCCP driver with '''wget https://download.opensuse.org/repositories/home:/chan-sccp-b:/asterisk-16/Debian_10/amd64/chan-sccp_4.3.2_amd64.deb''' | |||
# Install the Chan-SCCP driver with '''dpkg --install chan-sccp_4.3.2_amd64.deb''' | |||
# Edit the '''/etc/asterisk/modules.conf''' file and disable loading of chan_skinny.so and enable loading of chan_sccp.so | |||
#* NOTE: Changes to which modules are loaded and not loaded need to be in the [modules] section of this file and not the [global] section | |||
# Restart the Asterisk software. This can be done with the '''systemctl restart asterisk''' command. | |||
# Open the Asterisk console on your Debian system '''asterisk -rvvvvvc''' | |||
# Connect two Cisco IP phones to ports Gi1/0/2 & Gi1/0/3 of your switch | |||
# After the phones boot and attempt to connect to your Asterisk server (you should see notifications of this in your Asterisk console window) use the '''sccp show devices''' Asterisk CLI command to see a list of the phones. | |||
#* NOTE: If one or more of your phones does not register it may be locked to a previous sever see the instructions for [[Clearing Cisco IP Phone Security Files]] | |||
# Configure your two IP phones in the [[ITC-2300 VoIP Lab Sample sccp.conf File|'''sccp.conf''' file]]. | |||
# Setup one line button on each phone with a valid [[ITC-2300 VoIP Lab Extensions and Numbers|extension number for your pod]]. Assign these lines to the default context. | |||
#* NOTE: This requires putting a button line in for the phone device section as well as creating a line configuration section in the [[ITC-2300 VoIP Lab Sample sccp.conf File|'''sccp.conf''' file]]. | |||
# Connect to the Asterisk CLI and issue the '''reload''' command | |||
# Verify you can successfully place a call to Extension 1000 | |||
# Modify your [[ITC-2300 VoIP Lab Sample extensions.conf File|'''extensions.conf''' file]] to add the two phone extensions and allow calling between phones | |||
# Test calling between phones | |||
# Safely shutdown your Debian system, erase your switch/router configuration, and put away all equipment and cables. Be sure to note which phones you have so that next week you'll be able to get the same two phones. | |||
===Provisioning, Voicemail, and SIP Labs=== | |||
Note: It's expected that you have done your readings before beginning this lab. The lab will outline the tasks to do and make helpful notes but the readings contain details about how to configure the various parts of this lab. | |||
# Begin by setting up your network wiring, router, and switch in the same way it was setup for the previous lab | |||
# Power on your Asterisk Server VM | |||
# Ensure you have working dialing between your two phone extensions before continuing | |||
====Voicemail==== | |||
# Create a new extension 2x99 which will call into the voicemail system and allow users to retrieve messages | |||
#* HINT: What file manages the dialplan? You'll need to edit this file and add a new extension which calls into the Voicemail application when a user dials that extension. | |||
# Create voicemail mailboxes for your 2x01 and 2x02 extensions with the PIN set to 1234 | |||
#* HINT: This is done in the voicemail configuration file. You will need to add two new extensions with PINs to this file. You don't need fancy features like email setup. Just a simple mailbox with a PIN is needed for each extension. | |||
# Try accessing both voicemail boxes by dialing 2x99 and change the greetings on each voicemail box so that you can tell the two apart. Note that you will need to reload the dialplan and voicemail configurations in Asterisk after making the changes to them. | |||
# Create and modify the required entries in your dialplan to send callers for both the 2x01 and 2x02 extensions to the correct voicemail box with the unavailable greeting if the call is not answered within 10 seconds. Note that you will need to reload the dialplan in Asterisk after making the changes to it before they take effect. | |||
#* HINT: You'll need to add more priorities to each extension. The first one will ring the phone for 10 seconds and the phone for the specified amount of time and then if it's no answered the second will send the call to the voicemail box and play the unavailable greeting. | |||
# Test leaving and retrieving messages from both extensions. | |||
# Enable and test the Message Waiting Indicator (MWI) for the phones in the SCCP configuration. See the [[ITC-2300_VoIP_Lab_Sample_sccp.conf_File|sample sccp.conf file]] and the pages linked to from there for hints on doing this. | |||
#* NOTE: You may need to restart the Asterisk software on your VM in order to get the MWI lights to work. This can be done with the '''systemctl restart asterisk''' command. | |||
====SIP Phone Setup==== | |||
# Configure port Gi1/0/4 on your switch the same way your other VoIP phone ports are configured | |||
# Get an Asterisk A25 phone, mark it with your pod number on tape, and connect it to port Gi1/0/4 on your switch | |||
# Use the menus on the phone to obtain the IP address for your new phone | |||
# We will be manually provisioning the phone using the web interface so open a web browser on a PC attached to your VoIP network (for example your VM host PC) and browse to the IP address of the new phone. Login with the username '''admin''' and password '''789''' | |||
# Edit your pjsip.conf file as required to create a new transport, line, authentication, and AoR section to use on the phone at extension 2x03. See the [[ITC-2300_VoIP_Lab_Sample_pjsip.conf_File|sample pjsip.conf file]] for some hints. Note that after modifying the pjsip.conf file you will need to at least reload the pjsip configuration in Asterisk and if you are setting up your first transport you should restart Asterisk instead of just reloading the configuration. This can be done with the '''systemctl restart asterisk''' command. | |||
# On the phone admin line settings webpage configure SIP Line 1 with the required user name, display name, authentication name, authentication password, SIP Proxy server address (the IP of your Asterisk server), and check the box to activate the line. | |||
# Modify your dialplan to configure extension 29x3 to call your PJSIP line. Remember that you need to reload your dialplan to have this take effect. | |||
# Create a voicemail box for 2x03 and enable support for MWI subscribe notifications in the PJSIP configuration file | |||
# Modify the advanced SIP Line configuration webpage on the phone to enable "Subscribe for Voice Message" and set the Voice Message Number to 2x99 | |||
# Test leaving a voicemail for the new phone and ensure the MWI light blinks when there is a message. | |||
# Modify the advanced Phone Settings -> Power LED settings webpage on the phone to enable the SMS/MWI function. | |||
# Test leaving a voicemail for the new phone and ensure the power led comes on when there is a message. | |||
====Digium DPMA Phone Provisioning==== | |||
# Sign up for an account on the Digium store and [http://store.digium.com/productview.php?product_code=804-00032 "purchase" a free DPMA key]. | |||
# Install the '''avahi-daemon''' and '''libavahi-client3''' packages on your Asterisk server | |||
# Follow the [https://wiki.asterisk.org/wiki/display/DIGIUM/DPMA+Installation Digium instructions] to download the registration program (be sure to use the 64 bit one!) as well as to download and install the DPMA module (again you want the 64 bit one for Asterisk version 16) | |||
#* NOTE: Make sure to get the current one for Asterisk Version 16. If you get one for a different version of Asterisk you will crash Asterisk when you try to load it. | |||
# Configure port Gi1/0/5 on your switch the same way your other VoIP phone ports are configured | |||
# Get a Digium D60 phone and label it with your pod number on tape. Do NOT connect it to the switch yet. | |||
# Create a basic res_digium_phone.conf file for your phone with the correct MAC address and settings for a 2x04 extension. See the [[ITC-2300_VoIP_Lab_Sample_res_digium_phone.conf_File|sample res_digium_phone.conf file]] for some hints. | |||
# Create the required global entries in your PJSIP file for DPMA configuration use | |||
# Create the required entries for the 2x04 line in your PJSIP, Voicemail, and dialplan configuration files as well. | |||
# You probably want to restart the Asterisk software on your system again at this point to re-load all the configuration files and re-load all the modules. If you make further changes to configuration files make sure that the config file is reloaded by Asterisk so the changes are applied. | |||
# Plug your D60 phone into the switch. It should find the Asterisk server and configure itself entirely in a similar way to the SCCP phones | |||
# Test calling to and from the D60 phone as well as leaving and retrieving messages from the phone. Be sure to test the voicemail button on the phone to see an example of a visual voicemail application as well. | |||
====Cleanup==== | |||
# Safely shutdown your Debian system, erase your switch/router configuration, and put away all equipment and cables. Be sure to note which phones you have so that next week you'll be able to get the same four phones. | |||
===T1 and PSTN Access Labs=== | |||
Note: It's expected that you have done your readings before beginning this lab. The lab will outline the tasks to do and make helpful notes but the readings contain details about how to configure the various parts of this lab. | |||
# Begin by setting up your network wiring, router, and switch in the same way it was setup for the previous lab | |||
# Power on your Asterisk Server VM | |||
# Ensure you have working dialing between your two phone extensions before continuing | |||
====T1 PSTN Access==== | |||
In this activity we will configure your Asterisk server to contact the "PSTN" using a dedicated T1 PRI voice trunk to a telephone company. This would normally be a service which you would pay for incoming and outgoing (termination and origination) connections to the PSTN and which you would access over a dedicated digital T1 voice trunk. | |||
# Get an ISDN PRI T1 connection from the "phone company" (your instructor) to your router. This will require connecting a T1 crossover cable to the correct port on the PSTN ISDN Switch Simulator. | |||
#* NOTE: Just like with a regular phone line coming in the wall you need to plug your Pod into the correct port on the PSTN ISDN Switch Simulator. This is not an IP network where you can plug in wherever you'd like. Pod 1 goes into the farthest right port on the PSTN ISDN Switch Simulator and pod numbers increase as you go to the left. Also, be sure to use a special T1 crossover cable for this connection. | |||
# Update your [[ITC-2300 VoIP Lab Switch and Router Configurations|router configuration]] to allow it to serve as an ISDN<->SIP gateway device which will convert ISDN T1 calls to and from SIP VoIP calls which can be routed by Asterisk. | |||
# Update your [[ITC-2300_VoIP_Lab_Sample_pjsip.conf_File|pjsip.conf file]] to add the router as a SIP endpoint which can be used to place calls out to the PSTN or receive calls from the PSTN. Note that we specify the IP address for the router for incoming and outgoing calls instead of having the router register with a username and password to the PJSIP module. | |||
# Modify your [[ITC-2300 VoIP Lab Sample extensions.conf File|'''extensions.conf''' file]] to allow internal extensions to place calls out to the PSTN through the ISDNrouter SIP device (which will convert the calls to a T1 PRI trunk call) if the number begins with a 9 for an outside line. | |||
#* NOTE: You will want to think about all the different types of numbers someone could call and create dialplan rules in Asterisk to handle all of them. For some of these you will need to use pattern matching, for others like 911, you probably want to match the exact number for dialing timeout speed reasons. | |||
#* NOTE: Most states now require phone systems to allow people to dial 911 directly, without needing to dial 9-911 for an outside line. You should program your system to call 911 on the PSTN for BOTH 911 and 9-911. | |||
# Try placing calls out to the PSTN | |||
#* Test at least the following types of calls: | |||
#** Local calls (both by dialing 7-digit numbers and 10-digit numbers) | |||
#** Long distance calls (calls to a different area code than the 510 area code, and which begin with a 1) | |||
#** Toll-free numbers (1-800, 1-888, etc.) | |||
#** Per-minute premium charge numbers (1-900) | |||
#** Emergency Services (911, 9-911) | |||
#** Directory Assistance (411) | |||
#** International Numbers (Numbers beginning with 011) | |||
# While you are placing test calls monitor the output from your router's console port, you should see the calls being placed over the T1 connection. You should also try placing calls and while the call is active running the '''show voice call status''' command on the router. Finally try turning on ISDN Q.931 debugging with the '''debug isdn q931''' command before placing a test call. You should see the router dialing the phone number on the ISDN T1 connection to the PSTN as the call is being setup. Run '''undebug all''' on your router to disable the debugging. | |||
# It's important to think about toll fraud and you should setup your dialplan (at least after initial testing) to restrict callers from places like elevators calling certain numbers. In Asterisk you can do this using a variety of different dialplan contexts. Follow the [[ITC-2300 VoIP Lab Sample extensions.conf File|sample '''extensions.conf''' file]] instructions for dividing up your extensions into elevator/lobby/general staff/executive restrictions on calls. Put one of your extensions in each of these different contexts and verif the restrictions are working. | |||
# Modify your [[ITC-2300 VoIP Lab Sample extensions.conf File|'''extensions.conf''' file]] to allow calls FROM the PSTN to your internal phones (each extension has a phone number like 510555XXXX where XXXX is the extension number). | |||
# Find another pod who has calling out to the PSTN working over their T1 and try placing calls from each pod to the other pod to verify incoming PSTN calls are working. | |||
#* NOTE: In our lab the SIP and T1 PSTN are separate PSTN networks and you cannot place calls between the SIP and T1 PSTN so the other pod must be using the same type of PSTN connection. In the real world there is only one PSTN so how you connect to the PSTN should not affect who you can call. | |||
====SIP PSTN Access==== | |||
In this activity we will configure your Asterisk server to contact the "PSTN" using a SIP trunk to an ITSP provider. This would normally be a service which you would pay for incoming and outgoing (termination and origination) connections to the PSTN and which you would access over your regular Internet connection. | |||
# Disconnect the ISDN PRI T1 connection from the "phone company" (your instructor) to your router. | |||
# Update your [[ITC-2300 VoIP Lab Switch and Router Configurations|router configuration]] to add a dedicated NAT address for incoming SIP calls from the ITC network which will pass the SIP traffic through to your Asterisk system. | |||
# Update your [[ITC-2300_VoIP_Lab_Sample_pjsip.conf_File|pjsip.conf file]] to add the required registration, endpoint, aors, auth, and identity sections required to connect to your ITSP. | |||
# Modify your [[ITC-2300 VoIP Lab Sample extensions.conf File|'''extensions.conf''' file]] to allow internal extensions to place calls out to the PSTN through the sipPSTN SIP device (which is the connection to your ITSP) if the number begins with a 9 for an outside line. If you had a working T1 SIP gateway PSTN configuration this will just involve changing which endpoint those calls are being directed to. | |||
#* NOTE: You will want to think about all the different types of numbers someone could call and create dialplan rules in Asterisk to handle all of them. For some of these you will need to use pattern matching, for others like 911, you probably want to match the exact number for dialing timeout speed reasons. | |||
#* NOTE: Most states now require phone systems to allow people to dial 911 directly, without needing to dial 9-911 for an outside line. You should program your system to call 911 on the PSTN for BOTH 911 and 9-911. | |||
# Try placing calls out to the PSTN | |||
#* Test at least the following types of calls: | |||
#** Local calls (both by dialing 7-digit numbers and 10-digit numbers) | |||
#** Long distance calls (calls to a different area code than the 510 area code, and which begin with a 1) | |||
#** Toll-free numbers (1-800, 1-888, etc.) | |||
#** Per-minute premium charge numbers (1-900) | |||
#** Emergency Services (911, 9-911) | |||
#** Directory Assistance (411) | |||
#** International Numbers (Numbers beginning with 011) | |||
# Verify all your toll-fraud preventions you had in place for calling out from various types of extensions to the PSTN for the T1 gateway are still working. | |||
# Verify your [[ITC-2300 VoIP Lab Sample extensions.conf File|'''extensions.conf''' file]] is still setup to allow calls FROM the PSTN to your internal phones (each extension has a phone number like 510555XXXX where XXXX is the extension number). If the calls from your ITSP are coming into the same context as the calls from your T1 gateway were there should be no changes required. | |||
# Find another pod who has calling out to the PSTN working over the ITSP and try placing calls from each pod to the other pod to verify incoming PSTN calls are working. | |||
#* NOTE: In our lab the SIP and T1 PSTN are separate PSTN networks and you cannot place calls between the SIP and T1 PSTN so the other pod must be using the same type of PSTN connection. In the real world there is only one PSTN so how you connect to the PSTN should not affect who you can call. | |||
====Cleanup==== | |||
# Safely shutdown your Debian system, erase your switch/router configuration, and put away all equipment and cables. Be sure to note which phones you have so that next week you'll be able to get the same four phones. | |||
===GUI Asterisk Configuration Labs=== | |||
Note: It's expected that you have done your readings before beginning this lab. The lab will outline the tasks to do and make helpful notes but the readings contain details about how to configure the various parts of this lab. | |||
# Begin by setting up your network wiring, router, and switch in the same way it was setup for the previous lab | |||
====Installing FreePBX==== | |||
# Create a new Virtual Machine named "FreePBX" | |||
#* VM Specs: 4GB RAM, 100GB HDD, Bridged Networking | |||
#* The FreePBX ISO is already downloaded at D:\CNTFiles\ITC 2300\SNG7-FPBX-64bit-1904-2.iso | |||
# Install "FreePBX (Asterisk 13) - Recommended" | |||
#* Use "Installation - Output to VGA" and the "FreePBX Standard" options | |||
#* Be sure to set the root password to something you will remember | |||
# Login to the CLI as the root user to obtain the IP address and then visit that IP address in a browser on your host system or another system on your VoIP network. | |||
# Create an "admin" user account | |||
# Login and register/activate your FreePBX system | |||
# In the Admin -> System Admin -> Network Settings page of FreePBX set a static IP Address of 192.168.10.3/24 and Default Router of 192.168.10.1 | |||
====Configuring SIP Phones==== | |||
# Connect your Digium A-25 phone to the network | |||
# Add the required PJSIP extension in FreePBX for the phone | |||
#* Note: You will need to update the phone username/password and voicemail number (*97) configured on the phone. You should let FreePBX create a new user for the phone automatically (probably the extension number) and then use that username but the extension "secret" as the password on the phones | |||
#* Note: The version of Asterisk (13) running on FreePBX is a little buggy with PJSIP phones. If you have problems set the phone up as a CHAN_SIP phone instead. Note that PJSIP is probably already running on port 5060 so the CHAN_SIP phones will use port 5160 for SIP messages and you'll need to change that on the phone line configuration as well. | |||
# Test calling yourself and leaving a message, MWI capability, and checking the message | |||
====Configuring SIP Trunks==== | |||
# Correct the "External Address" under Settings -> Asterisk SIP Settings so that it correctly reflects the outside IP being forwarded to your FreePBX system through NAT (172.17.144.XX) which is your ESXi-1 IP address. | |||
#* Note: This will probably be auto-detected incorrectly because we're not actually using an ITSP on the Internet on our test network which is why we need to change this value. | |||
# Create a new FreePBX PJSIP trunk pointed to the ITC SIP Phone Company (172.17.139.25) using your Pod credentials. | |||
#* Note: In addition to setting your username and secret you also need to set the "From User" on the advanced page of PJSIP trunk settings. THis should be set to the same username you use for registration to the ITSP. | |||
# Create outbound routes for the different types of outside numbers you can call (emergency, premium, international, long distance, toll-free, local) which route the traffic out the SIP trunk to the ITSP | |||
# Test calling out to all of these destinations and ensure they are working correctly. | |||
# Create at least one inbound route for one of your 5105552XXX numbers and point it to your extension | |||
# Test inbound calling by having another pod call you through the ITSP | |||
#* Note: If there is not another pod available when you need to test inbound calling you can setup another pod yourself (another router, switch, phones, and PC running FreePBX) that you can use for testing. | |||
====Configuring DPMA Phones==== | |||
# Go to Connectivity -> Digium Phones and follow the instructions to install the DPMA module | |||
# Reboot your FreePBX system to enable the DPMA module | |||
# Create another PJSIP extension with voicemail | |||
# Connect your Digium D-series phone to your VoIP network | |||
# Select the new extension on the D-series phone to configure the phone with the extension | |||
# Test calling between extensions, voicemail, calling out to the PSTN through the ITSP, and all other functionality configured so far | |||
====Configuring SCCP Phones==== | |||
# Install Chan-SCCP following the instructions from your readings for FreePBX | |||
# Restart your FreePBX VM | |||
# Setup a phone, button, line, etc. in your sccp.conf file as we have done before | |||
# Add a "Custom Extension" for the SCCP phone in FreePBX being sure to set a dial string for the SCCP device. | |||
# Test calling between extensions, voicemail, calling out to the PSTN through the ITSP, and all other functionality configured so far | |||
==Cisco VoIP Labs== | |||
* CUCM Install & Chapter 8 Lab (One report for these) | |||
* Chapter 9 Labs (One report for these) | |||
** NOTE: You will not need to complete the Active Directory (LDAP) Integration lab | |||
* Chapter 10 Labs (One report for these) | |||
===VoIP Lab IP Addressing and Extensions=== | |||
You need to be assigned a pod number by the instructor. In the information below you will replace the X with your pod number. | |||
====NTP Network (Simulated WAN) Information==== | |||
* You need to physically connect Fa0/1 on your router to the NTP switch. The NTP switch is shared by all students in the class and is also connected to the "Phone Company" router Fa0/1 interface. There is no special configuration on the NTP switch, just an empty configuration. | |||
* The Fa0/1 interface on your router should be assigned IP 10.0.0.x/24 | |||
* The default route on your router should be 10.0.0.254 (and you should be able to ping that address). | |||
* NTP on your router should be set to get time from 10.0.0.254 | |||
====LAN Information==== | |||
You will have 3 VLANs on the LAN side (Fa0/0) of your router. | |||
{| class="wikitable" | |||
|- | |||
! VLAN Name | |||
! VLAN Number | |||
! Router Subinterface Addressing | |||
|- | |||
| Management | |||
| x1 | |||
| 10.x1.0.1/24 | |||
|- | |||
| Data | |||
| x0 | |||
| 10.x0.0.1/24 | |||
|- | |||
| Voice | |||
| x5 | |||
| 10.x5.0.1/24 | |||
|} | |||
So, for example IF YOU ARE POD 5 your data VLAN is number 50 and your IP address for the router subinterface on that VLAN is 10.50.0.1/24. | |||
You will need to setup DHCP pools on the DATA and VOICE VLANs as well. These pools should provide IP addresses, the correct default-router for each VLAN and the DHCP Option 150 should be set to the address of your CUCM server (see below). You should exclude addresses .1-.10 from each VLANs DHCP pool. | |||
On your switch you will need to create all three VLANs, set the port connecting to your router as an 802.1q trunk port, and set the remaining ports on your switch as access ports on the data VLAN with a secondary voice VLAN set ('''switchport voice vlan x5'''). | |||
Your switch should have a management IP of 10.x1.0.2/24 on the management VLAN and a default gateway set to the IP of the router on the management VLAN. | |||
====CUCM Information==== | |||
Your CUCM server should be assigned the IP address of 10.x0.0.5/24 (in other words host 5 on the Data VLAN). The default gateway for CUCM should be 10.x0.0.1 because that is the router interface on that VLAN. The NTP server for your CUCM server should also be the address of your router on the data VLAN (10.x0.0.1). | |||
Note that NTP must be fully synchronized on your router before CUCM will allow you to complete the network addressing portion of the installation. | |||
====Phone Extension Information==== | |||
{| class="wikitable" | |||
|- | |||
! Extension Range | |||
! First DID Number | |||
! CUC Pilot Number | |||
|- | |||
| 2x00-2x99 | |||
| 5105552x00 | |||
| 2x90 | |||
|} | |||
So, for example if you are Pod 3 your extension numbers are 2300-2399, your first DID number is 5105552300 and your CUC Pilot number is 2390. | |||
====Phone Security Key Reset Procedure==== | |||
The first time you try to register a used Cisco IP phone to a CUCM server it will likely fail. This is because when the phones register to a server they get a set of unique keys that will only allow them to register to that same server. These keys can be cleared out from the phone itself only (not from CUCM). The procedure is as follows: | |||
# Press the "Settings" button on the phone | |||
# Scroll down and select "Security Configuration" | |||
# Scroll down and select "Trust List" | |||
# Determine whether CTL and/or ITL files are installed on your phone (you will need to repeat this if both are set) | |||
# Scroll down and select the installed CTL or ITL file you wish to remove | |||
# Press "**#" on your phone to unlock the Trust List settings page | |||
# Use the soft-key at the bottom of the screen to "Unlock" the CTL or ITL file | |||
# Press the "more" soft key at the bottom of the screen | |||
# Press the "Erase" soft key at the bottom of the screen | |||
# Repeat if needed to clear the other (CTL or ITL) file from the Trust List settings page. Both should show "Not Installed" in order to register to a new CUCM server. | |||
==Storage Labs== | |||
===FreeNAS Installation Lab=== | |||
# Connect your PC to the ITC network | |||
# Create a new VM for FreeNAS in VMware Workstation with the following specifications. Be sure to save the VM to a location on the D drive outside of the CNT Files folder. | |||
#* 12 GB RAM | |||
#* 32 GB Primary Hard Drive | |||
#* Quantity 3 - 100 GB Data Hard Drives | |||
# Complete the FreeNAS installation onto the 32GB hard drive making note of your root password and using the same static IP address as your third ESXi server above using the installation ISO from your D drive. | |||
# Boot into your FreeNAS system | |||
# Access the web interface from your host PC (or another PC on the ITC network) and complete the Initial Configuration Wizard. | |||
#* Setup the data disks in a raidz1 pool | |||
# See if you can get a Windows (SMB) share working and copy some files from your host PC D: drive onto the share. Refer to the FreeNAS documentation as necessary. Here are some hints: | |||
#* You need to create a FreeNAS user account and activate the "Microsoft Account" option for the user | |||
#* You need to create a location on your raidz storage pool for the 10 GB file share to exist on, you need to make sure that the user and group you want to have access to the files is the owner of this location (requires changing permissions) | |||
#* You need to create the SMB file share and point it to the storage location | |||
#* You can access a file share in Windows by opening a Run dialog box and entering \\ip.address.of.freenas\ opening your share, and giving the correct username and password when prompted | |||
#* NOTE: Because of changes in Windows 10 you will need to add the user account you log in to Windows 10 with to FreeNAS before you will be able to access the share from a Windows 10 system | |||
# Safely shut down your FreeNAS VM | |||
# Ensure your computer is reconnected to the campus network and you have a working Internet connection | |||
===FreeNAS iSCSI Lab=== | |||
# Connect your PC to the ITC network | |||
# Power on your FreeNAS VM | |||
# Use a web browser on your host machine to access the configuration web site of your FreeNAS server. | |||
# Access the Sharing -> Block (iSCSI) settings page and review the target global configuration parameters for iSCSI. | |||
#* Make a note of the Base Name, the other settings are not required | |||
# Create a new iSCSI portal in FreeNAS to allow iSCSI connections on a certain IP address associated with your FreeNAS server. | |||
#* Given that we are working on a private network in a non-production environment we will not be setting up authentication or security on our iSCSI system so the Discovery Auth Method and Group can remain set to "None". | |||
#* Make a note of the portal Group ID | |||
# Add an initiator to FreeNAS (really this is an access control list for initiators, the actual initiator is the system which will be accessing the iSCSI volume) | |||
#* Even without authentication it's possible to restrict iSCSI access to certain systems (initiators) by IP address or network address but because we'll be working today with an initiator with a dynamic IP we need to set up initiator access for ALL hostnames from ALL networks. | |||
#* Make a note of the Group ID number for this access control list | |||
# Now create an iSCSI Target | |||
#* You must pick a target name such as "win7-drive" which is similar to a DNS host name, it will have the global base name automatically added to it. | |||
#* Set the portal group ID and initiator group ID to match the portal and initiators you just configured. | |||
#* Given that we are working on a private network in a non-production environment we will not be setting up authentication or security on our iSCSI system so the Auth Method and Authentication Group number can remain set to "None". | |||
# At this point you have done most of the iSCSI configuration but it's not yet connected to any particular storage volume/disk/virtual disk. iSCSI calls these storage devices "extents" so the next step is to create an extent. There are two types of extents which can be created, device extents and file extents. Device extents are used if you want to make all of a physical hard drive or ZFS volume available through the iSCSI target. They offer better performance as they are essentially a remote drive but they have less flexibility as you need to dedicate an entire drive or ZFS volume to each target. File extents are like virtual hard drives for VMs, each one exists inside of a file stored on a physical drive so multiple targets can share the same physical drive or ZFS volume offering much more flexibility. The downside is that performance can be worse. For our simple test setup file based extents will provide more flexibility so we'll stick with those. | |||
# Create a file based extent | |||
#* Set the path where you want the extent to be stored (remember this is a file based extent so we need to store the "virtual hard drive" file somewhere on one of the ZFS volumes on our server) | |||
#* Set the extent size to 2500 MB (2.5 GB) | |||
# Now we need to associate the iSCSI target (think of this as the share) we previously created with the extent (where the data will actually be stored). This mapping is done in the "Associated Targets" tab of the iSCSI configuration. | |||
# Start the iSCSI service in Services -> Control Services | |||
# Power on your Windows 7 VM in VMware Workstation (not in ESXi) which you used to install vCenter Server. | |||
# Use the built in iSCSI Initiator (search in the start menu to find it) to connect to the iSCSI target you have created on FreeNAS | |||
# Once you have successfully connected the system to the iSCSI target it should show up as a secondary hard drive in the system just like any other hard drive would. Check in the Windows Disk Management control panel to find it and format the new iSCSI drive with NTFS and try storing some files on it. | |||
# Now we're going to try to increase the size of the iSCSI "drive". It's safest to do this when the system is disconnected from the iSCSI target so the first step will be to shut down the Windows 7 VM. | |||
# Try following the instructions in the FreeNAS documentation to grow the size of the file based extent LUN (basically increase the size of the virtual drive) from 2.5 GB to 5 GB. | |||
# After increasing the size of the extent you either need to stop and restart the iSCSI service on FreeNAS OR delete the target and then re-add a "new" target with the same name and extent location so that the new size is recognized by the iSCSI process on the storage server. | |||
# Power back on your Windows 7 VM and ensure you are reconnected to the iSCSI target. | |||
# Check the target (iSCSI "drive") size in Windows explorer. Has it increased to 5 GB? | |||
# Try checking in the Windows "Disk Management" control panel now. What you should see is the drive size has grown to 5 GB but the NTFS partition is still only 2.5 GB because that's what it was formatted as. | |||
# There are two solutions to fixing this problem. First, you could re-format the drive but in that case you would loose any data on the drive. A better option, because NTFS supports it, might be to try and grow the size of the NTFS partition from 2.5 GB to 5 GB. See if you can figure out how to use Windows tools such as DISKPART to grow the size of the NTFS partition on the drive. | |||
# Check to see that you haven't lost any of the files you tried storing on the iSCSI drive during the grow process. | |||
# Download the [http://crystalmark.info/software/CrystalDiskMark/index-e.html CrystalDiskMark] drive benchmarking software and install it in your VM. | |||
# Run the CrystalDiskMark software on both your C: drive and your iSCSI drive in Windows 7 and compare the results. Because we have several layers of virtualization occurring and are using software based targets and initiators for the iSCSI side speeds are likely to be poor on both drives but you should get some idea of how you can compare local drives with iSCSI drives. There are also many other tools which can be used for benchmarking specific types of storage loads such as database transactions, I/O per second (IOPS), etc. | |||
# If time allows configure another iSCSI target & extent on your own and try to get it connected and mounted on a Debian Linux VM. | |||
# Safely shut down your Windows 7, Debian, and finally FreeNAS VMs | |||
# Ensure your computer is reconnected to the campus network and you have a working Internet connection | |||
===Storage for Virtualization Lab=== | |||
The following are key goals of this lab, this time we'll leave the specific instructions up to you to figure out. A suggestion though is to tackle the iSCSI work for both VMware and Proxmox first and then do the NFS work (but that's up to you): | |||
# Get VMware vCenter connected to your FreeNAS server (using the FreeNAS server as a datastore) using BOTH an iSCSI share and an NFS share. | |||
#* HINT: Remember that FreeNAS is using the same IP as ESXi-3 so you should NOT boot ESXi-3 (or Proxmox-3) while working on this lab and also should not have VMware and Proxmox systems booted at the same time (because they also share IPs). | |||
# Ensure you are able to create and migrate VMware VMs using the FreeNAS iSCSI and NFS storage | |||
#* Note: this doesn't mean migrating between two types of storage, this means migrating a VM instance from one host to another | |||
# Get your Proxmox cluster connected to your FreeNAS server using BOTH iSCSI and NFS (different shares than you used for VMware) | |||
#* HINT: Shared iSCSI configuration in Proxmox can be a little tricky as it requires setting up an iSCSI connection and then LVM on top of that. | |||
# Ensure that you are able to create and migrate Proxmox VMs and containers using the FreeNAS iSCSI and NFS storage. | |||
#* NOTE: Specifically you should be able to live migrate in Proxmox now that you have shared storage in place. | |||
#* Note: this doesn't mean migrating between two types of storage, this means migrating a VM instance from one host to another | |||
# Ensure your computer is reconnected to the campus network and you have a working Internet connection before you leave. | |||
[[Franske ITC-2300|Return to ITC-2300 Homepage]] | [[Franske ITC-2300|Return to ITC-2300 Homepage]] |
Latest revision as of 18:19, 9 December 2021
Labs
You are responsible for completing ALL of these labs. You must submit a lab report (click for details about how to write these) for each topic. Each lab report is worth up to 20 points. This falls into the Labs/Homework category of your course grade.
Virtualization Labs
Proxmox VE Installation Lab
Find instructions for the Proxmox VE Installation Lab here.
Proxmox VE Containers and Cluster Lab
Find instructions for the Proxmox VE Containers and Cluster Lab here.
vmWare ESXi Installation Lab
Find instructions for the vmWare ESXi Installation Lab here.
vmWare vSphere vCenter Server Installation Lab
Find instructions for the vmWare vSphere vCenter Server Installation Lab here.
vmWare vSphere Administration Lab
Find instructions for the vmWare vSphere Administration Lab here.
Cloud Labs
Introduction to the Cloud
- Create an Azure Account Exercise
- NOTE: Do this through the Azure for Students page to get a $100 credit on your account. You will need a .EDU email account to do this. Find out how to get a .EDU address from Inver Hills if you don't have one setup yet.
- Manage Services in the Azure Portal: Work with Blades
- Manage Services in the Azure Portal: Use the Azure Portal
- Manage Services in the Azure Portal: Customize the Dashboard
- Core Cloud Services: Introduction to Azure
Using Azure Virtual Machines
- Create a VM Using the Azure Portal
- Create a Linux Virtual Machine in Azure
- Create a Windows Virtual Machine in Azure
- Manage Virtual Machines with the Azure CLI
Scaling Azure Virtual Machines
- Use Update Management on a virtual machine
- Use azure log analytics and schedule updates
- Explore Azure virtual networking
- Create an Azure virtual network
- Create an Azure VPN gateway
- Deploy a VM using an Azure Quickstart template
- Extend the Quickstart template to deploy a basic web site
- Add a data disk to a VM
- Resize a VM disk
Network Programmability Labs
Getting Started with DevNet Lab
- Complete DevNet Developer Workstation and Environment Setup Lab
- NOTE: In this lab activity you will, amongst other things download and install the OpenConnect VPN client which is used to connect to the DevNet sandbox labs. Unfortunately there is a bug in this software which prevents OpenVPN (which you may use for connecting to ITCnet to reach Netlab) from resetting Windows DNS server addresses. This will prevent you from accessing ITCnet resources such as Netlab, even after disconnecting from the DevNet sandbox VPN in OpenConnect. To fix this after EACH time you use OpenConnect to access DevNet sandboxes after disconnecting you will need to open your network adapter properties for the "TAP-Windows Adapter" and open the IPv4 settings. You will see that OpenConnect has left DNS set as "Use the following DNS server addresses" with two addresses filled in. Change the setting back to "Obtain DNS server address automatically" and save the settings. The next time you connect to OpenVPN you should have access to the ITCnet DNS server and resources again.
- Complete the Programming Fundamentals Module from the DevNet Beginner track
- Note that in Step 2 of the "A Brief Introduction to Git" lab you are told you should have already downloaded a Git repository or you should follow the link at the top with instructions for setting up your workstation. Follow that link and see the section titled Using Git to Copy Code and Setting Up the Local Environment. You should clone and use the Data Center Infrastructure: https://github.com/CiscoDevNet/dciv2-code repository.
REST API Fundamentals & Network Programmability Lab
- Complete the REST API Fundamentals Module from the DevNet Beginner track
- Complete the Network Programmability Module from the DevNet Beginner track
- Note that on page 2 of the "Cisco DNA Center Platform - Authentication" lab and in some future labs you may receive an error about SSL certificates when running code. Because the Cisco DNAC has a self-signed certificate you will need to change Python Requests function calls from things like:
requests.post(url, auth=HTTPBasicAuth(DNAC_USER, DNAC_PASSWORD))
to things likerequests.post(url, auth=HTTPBasicAuth(DNAC_USER, DNAC_PASSWORD), verify=False)
by setting the verify flag to false you can tell the Python requests library to ignore SSL certificate verification. - Note that in the "End to End Visibility and Assurance with Path Trace and Cisco DNA Center Platform" lab you should re-check the "How To Setup Your Own Computer" link at the top of the page. There is a new GitHub repo to clone which contains the path_trace.py file. Also, we don't expect you to be able to write the entire path_trace.py program by yourself at this point. Instead, you should reference that file while reading through the lab's explanation of some of the functions so you can see (and hopefully understand) how the program works and what sorts of information are being pulled from the API when you execute the program. You can also try using Postman to make the same API requests and get the same data that you're getting though Python.
- Note that if you want to see what the GUI interface for Cisco DNA Center looks like you can go to https://sandboxdnac2.cisco.com and sign in with the username devnet and password Cisco123!
- Note that on page 2 of the "Cisco DNA Center Platform - Authentication" lab and in some future labs you may receive an error about SSL certificates when running code. Because the Cisco DNAC has a self-signed certificate you will need to change Python Requests function calls from things like:
Model Driven Network Programmability and IOS XE Lab
- Complete all modules in the IOS XE Programmability track
- Note that the SSH instructions in the "Exploring IOS XE YANG Data Models with NETCONF" lab are designed for use on an *NIX based system so they will work best with a Linux computer/VM, a Mac, or in the Windows Subsystem for Linux (WSL).
Getting Started with Ansible for Network Programmability Lab
- Complete all modules in the Introduction to Ansible track
- Complete the "Introduction to Configuration Management" and "Introduction to Ansible" modules in the Introduction to Ansible for IOS XE Configuration Management track
- Complete the "Managing IoT Harware with Ansible" module.
Homework
Any homework assigned in the course will go here. This falls into the homework category of your course grade.
- Participate in an online forum discussion (typically 3 quality posts or more) of each topic on the CLASS server site. See forum posting page for details. (up to 10 points each topic based on quality)
Participation Activities
Any participation activities completed in the course will go here. This falls into the participation category of your course grade.
- For each topic you need to meet with the instructor at least once to check on your status and understanding of the topic. Each meeting will be worth up to 10 points.
- You will need to complete peer evaluations of all course projects, these evaluations will be worth 10 participation points total
Topic Assessments
You are responsible for completing an online assessment for each topic. These fall into the online assessments category of your course grade.
Other
You are also responsible for completing these things, see the course syllabus for category and weighting information.
- Online Final Exam
- Course Project
Course Project
The course project will take the place of the skills exam in this course and will allow you and your lab partner to continue to experiment with one of the topic areas covered in the course. You will need to present your project in a presentation/demonstration to the class which is expected to last 10 minutes.
The project should be related to one of the three topics covered in the course (cloud, virtualization, and/or network programmability). You may either expand on one of the tools that we used in the course or explore a different tool in the same topic area. Your project plan should be approved by the instructor. Remember that the project is 15% of your final grade so it is expected to be a substantial amount of work.
Presentations Tips
- Presentations should be very close to 10 minutes in length. While there is not a part of your score that is directly tied to timing if they are much longer or shorter you probably have either over-covered or under-covered what you did (or didn't do enough work) which will definitely show up in your score.
- I suggest spending about half the time giving some background on your project (why you chose it, what are the key things you learned, what all did you do). You can have slides for this if you'd like.
- If you use slides I normally suggest no more than one slide per minute of presentation time (excluding a title slide) so probably stick to only about 5 slides of content. Also, follow good presentation tips for using slides (don't make them overly complicated, don't try to put too much information on one slide, don't read your slides to us as part of your presentation, etc.) There are lots of good resources online that talk about creating effective presentation slides. Two examples are: https://edu.gcfglobal.org/en/powerpoint-tips/simple-rules-for-better-powerpoint-presentations/1/ and https://www.unl.edu/gradstudies/connections/tips-creative-effective-powerpoint-presentations
- I suggest spending the other half of the time giving a demonstration about some part of your project. Don't try to show off everything you did, cramming 3 weeks of work into 5 minutes is not possible. Pick one specific part of your project that you can demonstrate in 5 minutes and show that. You're not trying to give a "how-to" presentation so you don't need to show every step. Just give people an idea of what you did in your project. Stage things ahead of time and skip steps as needed to keep on time.
Lab Report Tips
- The format is the same as a regular lab report (what you did, problems you had, how you tested, and what you learned) but the report must be much longer (about 4 pages single spaced) because it includes 3 weeks of work. It should be clear how you spent the three weeks and that it really was the equivalent amount of work as three weeks of regular classwork.
- You should thoroughly describe what you did (not exact steps, but an overview of the major things you accomplished), and what new things you learned by doing the project.
- It should be clear how the project relates to one of the topics from class.
- This should also be written like a paper explaining your project so don't include a bunch of lists, etc. which are just there to fill space as that will not produce a quality report.
Grading
There will be two primary components to your grade for the project, a lab report and a presentation.
You will be turning in a lab report using the same format you have used for other lab reports in the class but it will be longer as this is a much more substantial project. Lab reports for this project should be about 4 pages long (single spaced) and include all the regular sections of a lab report (what you did, what problems you had, how you tested, and what you learned. The project lab report will be worth 100 points.
In addition you will receive a grade on a 10 minute presentation to the class. The presentation should be interesting, engaging, informative, and factually correct. It is a good idea to show off your actual work as much as possible (not just talk about it) so you are strongly encouraged to find a way to demonstrate something "live" during the presentation.
The presentation score is comprised of:
- Topic Content (30 Points)
- Was the topic appropriate for the course project? Was the content presented accurate and did it provide a good overview of the topic and the work done? Was the amount of work done appropriate for a large course project?
- Presentation Skills (30 Points)
- How well did the group do explaining the content? Were they able to adequately answer appropriate questions from the class? Was the presentation professional and well prepared?
- Engagement (20 Points)
- How well did the group engage the class in their presentation? This could include getting or asking questions of the class, using appropriate visual aids, etc. How well did the group express excitement and interest in the topic of their presentation?
- Overall Quality (20 Points)
- Did you learn something or get something clarified in your mind? Did you feel listening to this presentation was worth your time? Was this a "good" presentation? Are you interested to learn more about this topic having heard this presentation? Do you have a good understanding of how you could use this to solve future problems you come across?
Finally, a small portion of your grade for the project presentation (10% of the presentation score) will be writing a short review of each of the other project presentations. These are not simply participation points for filling out a review, your review will be graded for quality so be sure you listen carefully and provide useful feedback in your review.
Archived Labs
This section contains information about labs that have been used in this class in the past. You are NOT responsible for completing these labs.
Asterisk VoIP Labs
Introduction to VoIP Labs
- Use one of the Cisco 2811 routers and Cisco 3750 POE+ switches to create a segregated network for your VoIP environment. See these sample switch and router configurations (needs to be modified with correct IP addressing for your pod).
- Connect Fa0/0 on the router to the ITCNet switch and configure it with the same IP address used for your VCSA system in the VMware labs
- Setup Fa0/1.10 on the router as your "Internal VOIP Network" with an IP address of 192.168.10.1/24 on VLAN 10
- Setup NAT Overload (PAT) on the router with Fa0/0 on the outside and Fa0/1.10 on the inside
- Setup a DHCP server on the router on the 192.168.10.0/24 subnet with a default router of 192.168.10.1 and a DNS server of 172.17.139.10, exclude 192.168.10.1-192.168.10.20
- Connect Port Fa0/1 on your router to a Cisco 3750 POE+ switch on Port 24 and setup the port as a trunk port and VLAN 10 as an active VLAN on the switch, use 192.168.10.2 as the management IP for the switch on VLAN 10
- Move your PC to your "Internal VOIP Network" by connecting it to your switch on Gi1/0/1 configured as a VLAN 10 access port and ensure it gets a DHCP address and has working Internet connectivity
- Create a new Virtual Machine named "Debian Asterisk CLI" and Install Debian Linux
- VM Specs: 4GB RAM, 50GB HDD, Bridged Networking
- Install Debian Linux onto the VM
- Make sure you have a working Internet connection through your VoIP network to your host machine (and VM) before starting the installation
- Set a hostname of PodX-AsteriskCLI (replace the X with your Pod number)
- Be sure to choose an online mirror for packages or you won't be able to install packages from the Internet once your installation finishes
- Be sure to uncheck "Debian Desktop Environemnt" when asked about packages to install. (Press the space bar when this option is highlighted to uncheck it)
- You can save some time later if you check "SSH Server" when asked about packages to install. (Press the space bar when this option is highlighted to check it)
- On your Debian system set a static IP Address of 192.168.10.3/24 Default Router of 192.168.10.1 and DNS Server of 172.17.139.10
- On your Debian system comment out the CDROM source from /etc/apt/sources.list
- Install the Asterisk VoIP PBX using the Debian Package
- apt update
- apt install asterisk
- Install the tftpd-hpa package on your Debian system to enable it to be a TFTP server
- Install the openssh-server package on your Debian system to enable SSH access to it from your PC (and your partner's PC if they connect their PC to VLAN 10 on the switch as well)
- Install the sudo package on your Debian system and add your regular user to the sudo group on the system so the account has administrative command access
- NOTE: After this point you have everything needed to connect to your Asterisk system with SSH for configuration and file transfer (PuTTY and Filezilla). It's strongly suggested you connect to and work on your system over SSH from this point on instead of trying to use the VMWare Workstation console. Cut and paste support is much better in PuTTY than in the VM console and you and your partner can both be logged in from different PCs (if they are on your internal VoIP network) and working on things at the same time (as long as you aren't trying to edit the same file at the same time).
- Create a file XMLDefault.cnf.xml on your host PC with these contents and transfer it to the /srv/tftp/XMLDefault.cnf.xml location on your Debian system
- Download the Chan-SCCP driver with wget https://download.opensuse.org/repositories/home:/chan-sccp-b:/asterisk-16/Debian_10/amd64/chan-sccp_4.3.2_amd64.deb
- Install the Chan-SCCP driver with dpkg --install chan-sccp_4.3.2_amd64.deb
- Edit the /etc/asterisk/modules.conf file and disable loading of chan_skinny.so and enable loading of chan_sccp.so
- NOTE: Changes to which modules are loaded and not loaded need to be in the [modules] section of this file and not the [global] section
- Restart the Asterisk software. This can be done with the systemctl restart asterisk command.
- Open the Asterisk console on your Debian system asterisk -rvvvvvc
- Connect two Cisco IP phones to ports Gi1/0/2 & Gi1/0/3 of your switch
- After the phones boot and attempt to connect to your Asterisk server (you should see notifications of this in your Asterisk console window) use the sccp show devices Asterisk CLI command to see a list of the phones.
- NOTE: If one or more of your phones does not register it may be locked to a previous sever see the instructions for Clearing Cisco IP Phone Security Files
- Configure your two IP phones in the sccp.conf file.
- Setup one line button on each phone with a valid extension number for your pod. Assign these lines to the default context.
- NOTE: This requires putting a button line in for the phone device section as well as creating a line configuration section in the sccp.conf file.
- Connect to the Asterisk CLI and issue the reload command
- Verify you can successfully place a call to Extension 1000
- Modify your extensions.conf file to add the two phone extensions and allow calling between phones
- Test calling between phones
- Safely shutdown your Debian system, erase your switch/router configuration, and put away all equipment and cables. Be sure to note which phones you have so that next week you'll be able to get the same two phones.
Provisioning, Voicemail, and SIP Labs
Note: It's expected that you have done your readings before beginning this lab. The lab will outline the tasks to do and make helpful notes but the readings contain details about how to configure the various parts of this lab.
- Begin by setting up your network wiring, router, and switch in the same way it was setup for the previous lab
- Power on your Asterisk Server VM
- Ensure you have working dialing between your two phone extensions before continuing
Voicemail
- Create a new extension 2x99 which will call into the voicemail system and allow users to retrieve messages
- HINT: What file manages the dialplan? You'll need to edit this file and add a new extension which calls into the Voicemail application when a user dials that extension.
- Create voicemail mailboxes for your 2x01 and 2x02 extensions with the PIN set to 1234
- HINT: This is done in the voicemail configuration file. You will need to add two new extensions with PINs to this file. You don't need fancy features like email setup. Just a simple mailbox with a PIN is needed for each extension.
- Try accessing both voicemail boxes by dialing 2x99 and change the greetings on each voicemail box so that you can tell the two apart. Note that you will need to reload the dialplan and voicemail configurations in Asterisk after making the changes to them.
- Create and modify the required entries in your dialplan to send callers for both the 2x01 and 2x02 extensions to the correct voicemail box with the unavailable greeting if the call is not answered within 10 seconds. Note that you will need to reload the dialplan in Asterisk after making the changes to it before they take effect.
- HINT: You'll need to add more priorities to each extension. The first one will ring the phone for 10 seconds and the phone for the specified amount of time and then if it's no answered the second will send the call to the voicemail box and play the unavailable greeting.
- Test leaving and retrieving messages from both extensions.
- Enable and test the Message Waiting Indicator (MWI) for the phones in the SCCP configuration. See the sample sccp.conf file and the pages linked to from there for hints on doing this.
- NOTE: You may need to restart the Asterisk software on your VM in order to get the MWI lights to work. This can be done with the systemctl restart asterisk command.
SIP Phone Setup
- Configure port Gi1/0/4 on your switch the same way your other VoIP phone ports are configured
- Get an Asterisk A25 phone, mark it with your pod number on tape, and connect it to port Gi1/0/4 on your switch
- Use the menus on the phone to obtain the IP address for your new phone
- We will be manually provisioning the phone using the web interface so open a web browser on a PC attached to your VoIP network (for example your VM host PC) and browse to the IP address of the new phone. Login with the username admin and password 789
- Edit your pjsip.conf file as required to create a new transport, line, authentication, and AoR section to use on the phone at extension 2x03. See the sample pjsip.conf file for some hints. Note that after modifying the pjsip.conf file you will need to at least reload the pjsip configuration in Asterisk and if you are setting up your first transport you should restart Asterisk instead of just reloading the configuration. This can be done with the systemctl restart asterisk command.
- On the phone admin line settings webpage configure SIP Line 1 with the required user name, display name, authentication name, authentication password, SIP Proxy server address (the IP of your Asterisk server), and check the box to activate the line.
- Modify your dialplan to configure extension 29x3 to call your PJSIP line. Remember that you need to reload your dialplan to have this take effect.
- Create a voicemail box for 2x03 and enable support for MWI subscribe notifications in the PJSIP configuration file
- Modify the advanced SIP Line configuration webpage on the phone to enable "Subscribe for Voice Message" and set the Voice Message Number to 2x99
- Test leaving a voicemail for the new phone and ensure the MWI light blinks when there is a message.
- Modify the advanced Phone Settings -> Power LED settings webpage on the phone to enable the SMS/MWI function.
- Test leaving a voicemail for the new phone and ensure the power led comes on when there is a message.
Digium DPMA Phone Provisioning
- Sign up for an account on the Digium store and "purchase" a free DPMA key.
- Install the avahi-daemon and libavahi-client3 packages on your Asterisk server
- Follow the Digium instructions to download the registration program (be sure to use the 64 bit one!) as well as to download and install the DPMA module (again you want the 64 bit one for Asterisk version 16)
- NOTE: Make sure to get the current one for Asterisk Version 16. If you get one for a different version of Asterisk you will crash Asterisk when you try to load it.
- Configure port Gi1/0/5 on your switch the same way your other VoIP phone ports are configured
- Get a Digium D60 phone and label it with your pod number on tape. Do NOT connect it to the switch yet.
- Create a basic res_digium_phone.conf file for your phone with the correct MAC address and settings for a 2x04 extension. See the sample res_digium_phone.conf file for some hints.
- Create the required global entries in your PJSIP file for DPMA configuration use
- Create the required entries for the 2x04 line in your PJSIP, Voicemail, and dialplan configuration files as well.
- You probably want to restart the Asterisk software on your system again at this point to re-load all the configuration files and re-load all the modules. If you make further changes to configuration files make sure that the config file is reloaded by Asterisk so the changes are applied.
- Plug your D60 phone into the switch. It should find the Asterisk server and configure itself entirely in a similar way to the SCCP phones
- Test calling to and from the D60 phone as well as leaving and retrieving messages from the phone. Be sure to test the voicemail button on the phone to see an example of a visual voicemail application as well.
Cleanup
- Safely shutdown your Debian system, erase your switch/router configuration, and put away all equipment and cables. Be sure to note which phones you have so that next week you'll be able to get the same four phones.
T1 and PSTN Access Labs
Note: It's expected that you have done your readings before beginning this lab. The lab will outline the tasks to do and make helpful notes but the readings contain details about how to configure the various parts of this lab.
- Begin by setting up your network wiring, router, and switch in the same way it was setup for the previous lab
- Power on your Asterisk Server VM
- Ensure you have working dialing between your two phone extensions before continuing
T1 PSTN Access
In this activity we will configure your Asterisk server to contact the "PSTN" using a dedicated T1 PRI voice trunk to a telephone company. This would normally be a service which you would pay for incoming and outgoing (termination and origination) connections to the PSTN and which you would access over a dedicated digital T1 voice trunk.
- Get an ISDN PRI T1 connection from the "phone company" (your instructor) to your router. This will require connecting a T1 crossover cable to the correct port on the PSTN ISDN Switch Simulator.
- NOTE: Just like with a regular phone line coming in the wall you need to plug your Pod into the correct port on the PSTN ISDN Switch Simulator. This is not an IP network where you can plug in wherever you'd like. Pod 1 goes into the farthest right port on the PSTN ISDN Switch Simulator and pod numbers increase as you go to the left. Also, be sure to use a special T1 crossover cable for this connection.
- Update your router configuration to allow it to serve as an ISDN<->SIP gateway device which will convert ISDN T1 calls to and from SIP VoIP calls which can be routed by Asterisk.
- Update your pjsip.conf file to add the router as a SIP endpoint which can be used to place calls out to the PSTN or receive calls from the PSTN. Note that we specify the IP address for the router for incoming and outgoing calls instead of having the router register with a username and password to the PJSIP module.
- Modify your extensions.conf file to allow internal extensions to place calls out to the PSTN through the ISDNrouter SIP device (which will convert the calls to a T1 PRI trunk call) if the number begins with a 9 for an outside line.
- NOTE: You will want to think about all the different types of numbers someone could call and create dialplan rules in Asterisk to handle all of them. For some of these you will need to use pattern matching, for others like 911, you probably want to match the exact number for dialing timeout speed reasons.
- NOTE: Most states now require phone systems to allow people to dial 911 directly, without needing to dial 9-911 for an outside line. You should program your system to call 911 on the PSTN for BOTH 911 and 9-911.
- Try placing calls out to the PSTN
- Test at least the following types of calls:
- Local calls (both by dialing 7-digit numbers and 10-digit numbers)
- Long distance calls (calls to a different area code than the 510 area code, and which begin with a 1)
- Toll-free numbers (1-800, 1-888, etc.)
- Per-minute premium charge numbers (1-900)
- Emergency Services (911, 9-911)
- Directory Assistance (411)
- International Numbers (Numbers beginning with 011)
- Test at least the following types of calls:
- While you are placing test calls monitor the output from your router's console port, you should see the calls being placed over the T1 connection. You should also try placing calls and while the call is active running the show voice call status command on the router. Finally try turning on ISDN Q.931 debugging with the debug isdn q931 command before placing a test call. You should see the router dialing the phone number on the ISDN T1 connection to the PSTN as the call is being setup. Run undebug all on your router to disable the debugging.
- It's important to think about toll fraud and you should setup your dialplan (at least after initial testing) to restrict callers from places like elevators calling certain numbers. In Asterisk you can do this using a variety of different dialplan contexts. Follow the sample extensions.conf file instructions for dividing up your extensions into elevator/lobby/general staff/executive restrictions on calls. Put one of your extensions in each of these different contexts and verif the restrictions are working.
- Modify your extensions.conf file to allow calls FROM the PSTN to your internal phones (each extension has a phone number like 510555XXXX where XXXX is the extension number).
- Find another pod who has calling out to the PSTN working over their T1 and try placing calls from each pod to the other pod to verify incoming PSTN calls are working.
- NOTE: In our lab the SIP and T1 PSTN are separate PSTN networks and you cannot place calls between the SIP and T1 PSTN so the other pod must be using the same type of PSTN connection. In the real world there is only one PSTN so how you connect to the PSTN should not affect who you can call.
SIP PSTN Access
In this activity we will configure your Asterisk server to contact the "PSTN" using a SIP trunk to an ITSP provider. This would normally be a service which you would pay for incoming and outgoing (termination and origination) connections to the PSTN and which you would access over your regular Internet connection.
- Disconnect the ISDN PRI T1 connection from the "phone company" (your instructor) to your router.
- Update your router configuration to add a dedicated NAT address for incoming SIP calls from the ITC network which will pass the SIP traffic through to your Asterisk system.
- Update your pjsip.conf file to add the required registration, endpoint, aors, auth, and identity sections required to connect to your ITSP.
- Modify your extensions.conf file to allow internal extensions to place calls out to the PSTN through the sipPSTN SIP device (which is the connection to your ITSP) if the number begins with a 9 for an outside line. If you had a working T1 SIP gateway PSTN configuration this will just involve changing which endpoint those calls are being directed to.
- NOTE: You will want to think about all the different types of numbers someone could call and create dialplan rules in Asterisk to handle all of them. For some of these you will need to use pattern matching, for others like 911, you probably want to match the exact number for dialing timeout speed reasons.
- NOTE: Most states now require phone systems to allow people to dial 911 directly, without needing to dial 9-911 for an outside line. You should program your system to call 911 on the PSTN for BOTH 911 and 9-911.
- Try placing calls out to the PSTN
- Test at least the following types of calls:
- Local calls (both by dialing 7-digit numbers and 10-digit numbers)
- Long distance calls (calls to a different area code than the 510 area code, and which begin with a 1)
- Toll-free numbers (1-800, 1-888, etc.)
- Per-minute premium charge numbers (1-900)
- Emergency Services (911, 9-911)
- Directory Assistance (411)
- International Numbers (Numbers beginning with 011)
- Test at least the following types of calls:
- Verify all your toll-fraud preventions you had in place for calling out from various types of extensions to the PSTN for the T1 gateway are still working.
- Verify your extensions.conf file is still setup to allow calls FROM the PSTN to your internal phones (each extension has a phone number like 510555XXXX where XXXX is the extension number). If the calls from your ITSP are coming into the same context as the calls from your T1 gateway were there should be no changes required.
- Find another pod who has calling out to the PSTN working over the ITSP and try placing calls from each pod to the other pod to verify incoming PSTN calls are working.
- NOTE: In our lab the SIP and T1 PSTN are separate PSTN networks and you cannot place calls between the SIP and T1 PSTN so the other pod must be using the same type of PSTN connection. In the real world there is only one PSTN so how you connect to the PSTN should not affect who you can call.
Cleanup
- Safely shutdown your Debian system, erase your switch/router configuration, and put away all equipment and cables. Be sure to note which phones you have so that next week you'll be able to get the same four phones.
GUI Asterisk Configuration Labs
Note: It's expected that you have done your readings before beginning this lab. The lab will outline the tasks to do and make helpful notes but the readings contain details about how to configure the various parts of this lab.
- Begin by setting up your network wiring, router, and switch in the same way it was setup for the previous lab
Installing FreePBX
- Create a new Virtual Machine named "FreePBX"
- VM Specs: 4GB RAM, 100GB HDD, Bridged Networking
- The FreePBX ISO is already downloaded at D:\CNTFiles\ITC 2300\SNG7-FPBX-64bit-1904-2.iso
- Install "FreePBX (Asterisk 13) - Recommended"
- Use "Installation - Output to VGA" and the "FreePBX Standard" options
- Be sure to set the root password to something you will remember
- Login to the CLI as the root user to obtain the IP address and then visit that IP address in a browser on your host system or another system on your VoIP network.
- Create an "admin" user account
- Login and register/activate your FreePBX system
- In the Admin -> System Admin -> Network Settings page of FreePBX set a static IP Address of 192.168.10.3/24 and Default Router of 192.168.10.1
Configuring SIP Phones
- Connect your Digium A-25 phone to the network
- Add the required PJSIP extension in FreePBX for the phone
- Note: You will need to update the phone username/password and voicemail number (*97) configured on the phone. You should let FreePBX create a new user for the phone automatically (probably the extension number) and then use that username but the extension "secret" as the password on the phones
- Note: The version of Asterisk (13) running on FreePBX is a little buggy with PJSIP phones. If you have problems set the phone up as a CHAN_SIP phone instead. Note that PJSIP is probably already running on port 5060 so the CHAN_SIP phones will use port 5160 for SIP messages and you'll need to change that on the phone line configuration as well.
- Test calling yourself and leaving a message, MWI capability, and checking the message
Configuring SIP Trunks
- Correct the "External Address" under Settings -> Asterisk SIP Settings so that it correctly reflects the outside IP being forwarded to your FreePBX system through NAT (172.17.144.XX) which is your ESXi-1 IP address.
- Note: This will probably be auto-detected incorrectly because we're not actually using an ITSP on the Internet on our test network which is why we need to change this value.
- Create a new FreePBX PJSIP trunk pointed to the ITC SIP Phone Company (172.17.139.25) using your Pod credentials.
- Note: In addition to setting your username and secret you also need to set the "From User" on the advanced page of PJSIP trunk settings. THis should be set to the same username you use for registration to the ITSP.
- Create outbound routes for the different types of outside numbers you can call (emergency, premium, international, long distance, toll-free, local) which route the traffic out the SIP trunk to the ITSP
- Test calling out to all of these destinations and ensure they are working correctly.
- Create at least one inbound route for one of your 5105552XXX numbers and point it to your extension
- Test inbound calling by having another pod call you through the ITSP
- Note: If there is not another pod available when you need to test inbound calling you can setup another pod yourself (another router, switch, phones, and PC running FreePBX) that you can use for testing.
Configuring DPMA Phones
- Go to Connectivity -> Digium Phones and follow the instructions to install the DPMA module
- Reboot your FreePBX system to enable the DPMA module
- Create another PJSIP extension with voicemail
- Connect your Digium D-series phone to your VoIP network
- Select the new extension on the D-series phone to configure the phone with the extension
- Test calling between extensions, voicemail, calling out to the PSTN through the ITSP, and all other functionality configured so far
Configuring SCCP Phones
- Install Chan-SCCP following the instructions from your readings for FreePBX
- Restart your FreePBX VM
- Setup a phone, button, line, etc. in your sccp.conf file as we have done before
- Add a "Custom Extension" for the SCCP phone in FreePBX being sure to set a dial string for the SCCP device.
- Test calling between extensions, voicemail, calling out to the PSTN through the ITSP, and all other functionality configured so far
Cisco VoIP Labs
- CUCM Install & Chapter 8 Lab (One report for these)
- Chapter 9 Labs (One report for these)
- NOTE: You will not need to complete the Active Directory (LDAP) Integration lab
- Chapter 10 Labs (One report for these)
VoIP Lab IP Addressing and Extensions
You need to be assigned a pod number by the instructor. In the information below you will replace the X with your pod number.
NTP Network (Simulated WAN) Information
- You need to physically connect Fa0/1 on your router to the NTP switch. The NTP switch is shared by all students in the class and is also connected to the "Phone Company" router Fa0/1 interface. There is no special configuration on the NTP switch, just an empty configuration.
- The Fa0/1 interface on your router should be assigned IP 10.0.0.x/24
- The default route on your router should be 10.0.0.254 (and you should be able to ping that address).
- NTP on your router should be set to get time from 10.0.0.254
LAN Information
You will have 3 VLANs on the LAN side (Fa0/0) of your router.
VLAN Name | VLAN Number | Router Subinterface Addressing |
---|---|---|
Management | x1 | 10.x1.0.1/24 |
Data | x0 | 10.x0.0.1/24 |
Voice | x5 | 10.x5.0.1/24 |
So, for example IF YOU ARE POD 5 your data VLAN is number 50 and your IP address for the router subinterface on that VLAN is 10.50.0.1/24.
You will need to setup DHCP pools on the DATA and VOICE VLANs as well. These pools should provide IP addresses, the correct default-router for each VLAN and the DHCP Option 150 should be set to the address of your CUCM server (see below). You should exclude addresses .1-.10 from each VLANs DHCP pool.
On your switch you will need to create all three VLANs, set the port connecting to your router as an 802.1q trunk port, and set the remaining ports on your switch as access ports on the data VLAN with a secondary voice VLAN set (switchport voice vlan x5).
Your switch should have a management IP of 10.x1.0.2/24 on the management VLAN and a default gateway set to the IP of the router on the management VLAN.
CUCM Information
Your CUCM server should be assigned the IP address of 10.x0.0.5/24 (in other words host 5 on the Data VLAN). The default gateway for CUCM should be 10.x0.0.1 because that is the router interface on that VLAN. The NTP server for your CUCM server should also be the address of your router on the data VLAN (10.x0.0.1).
Note that NTP must be fully synchronized on your router before CUCM will allow you to complete the network addressing portion of the installation.
Phone Extension Information
Extension Range | First DID Number | CUC Pilot Number |
---|---|---|
2x00-2x99 | 5105552x00 | 2x90 |
So, for example if you are Pod 3 your extension numbers are 2300-2399, your first DID number is 5105552300 and your CUC Pilot number is 2390.
Phone Security Key Reset Procedure
The first time you try to register a used Cisco IP phone to a CUCM server it will likely fail. This is because when the phones register to a server they get a set of unique keys that will only allow them to register to that same server. These keys can be cleared out from the phone itself only (not from CUCM). The procedure is as follows:
- Press the "Settings" button on the phone
- Scroll down and select "Security Configuration"
- Scroll down and select "Trust List"
- Determine whether CTL and/or ITL files are installed on your phone (you will need to repeat this if both are set)
- Scroll down and select the installed CTL or ITL file you wish to remove
- Press "**#" on your phone to unlock the Trust List settings page
- Use the soft-key at the bottom of the screen to "Unlock" the CTL or ITL file
- Press the "more" soft key at the bottom of the screen
- Press the "Erase" soft key at the bottom of the screen
- Repeat if needed to clear the other (CTL or ITL) file from the Trust List settings page. Both should show "Not Installed" in order to register to a new CUCM server.
Storage Labs
FreeNAS Installation Lab
- Connect your PC to the ITC network
- Create a new VM for FreeNAS in VMware Workstation with the following specifications. Be sure to save the VM to a location on the D drive outside of the CNT Files folder.
- 12 GB RAM
- 32 GB Primary Hard Drive
- Quantity 3 - 100 GB Data Hard Drives
- Complete the FreeNAS installation onto the 32GB hard drive making note of your root password and using the same static IP address as your third ESXi server above using the installation ISO from your D drive.
- Boot into your FreeNAS system
- Access the web interface from your host PC (or another PC on the ITC network) and complete the Initial Configuration Wizard.
- Setup the data disks in a raidz1 pool
- See if you can get a Windows (SMB) share working and copy some files from your host PC D: drive onto the share. Refer to the FreeNAS documentation as necessary. Here are some hints:
- You need to create a FreeNAS user account and activate the "Microsoft Account" option for the user
- You need to create a location on your raidz storage pool for the 10 GB file share to exist on, you need to make sure that the user and group you want to have access to the files is the owner of this location (requires changing permissions)
- You need to create the SMB file share and point it to the storage location
- You can access a file share in Windows by opening a Run dialog box and entering \\ip.address.of.freenas\ opening your share, and giving the correct username and password when prompted
- NOTE: Because of changes in Windows 10 you will need to add the user account you log in to Windows 10 with to FreeNAS before you will be able to access the share from a Windows 10 system
- Safely shut down your FreeNAS VM
- Ensure your computer is reconnected to the campus network and you have a working Internet connection
FreeNAS iSCSI Lab
- Connect your PC to the ITC network
- Power on your FreeNAS VM
- Use a web browser on your host machine to access the configuration web site of your FreeNAS server.
- Access the Sharing -> Block (iSCSI) settings page and review the target global configuration parameters for iSCSI.
- Make a note of the Base Name, the other settings are not required
- Create a new iSCSI portal in FreeNAS to allow iSCSI connections on a certain IP address associated with your FreeNAS server.
- Given that we are working on a private network in a non-production environment we will not be setting up authentication or security on our iSCSI system so the Discovery Auth Method and Group can remain set to "None".
- Make a note of the portal Group ID
- Add an initiator to FreeNAS (really this is an access control list for initiators, the actual initiator is the system which will be accessing the iSCSI volume)
- Even without authentication it's possible to restrict iSCSI access to certain systems (initiators) by IP address or network address but because we'll be working today with an initiator with a dynamic IP we need to set up initiator access for ALL hostnames from ALL networks.
- Make a note of the Group ID number for this access control list
- Now create an iSCSI Target
- You must pick a target name such as "win7-drive" which is similar to a DNS host name, it will have the global base name automatically added to it.
- Set the portal group ID and initiator group ID to match the portal and initiators you just configured.
- Given that we are working on a private network in a non-production environment we will not be setting up authentication or security on our iSCSI system so the Auth Method and Authentication Group number can remain set to "None".
- At this point you have done most of the iSCSI configuration but it's not yet connected to any particular storage volume/disk/virtual disk. iSCSI calls these storage devices "extents" so the next step is to create an extent. There are two types of extents which can be created, device extents and file extents. Device extents are used if you want to make all of a physical hard drive or ZFS volume available through the iSCSI target. They offer better performance as they are essentially a remote drive but they have less flexibility as you need to dedicate an entire drive or ZFS volume to each target. File extents are like virtual hard drives for VMs, each one exists inside of a file stored on a physical drive so multiple targets can share the same physical drive or ZFS volume offering much more flexibility. The downside is that performance can be worse. For our simple test setup file based extents will provide more flexibility so we'll stick with those.
- Create a file based extent
- Set the path where you want the extent to be stored (remember this is a file based extent so we need to store the "virtual hard drive" file somewhere on one of the ZFS volumes on our server)
- Set the extent size to 2500 MB (2.5 GB)
- Now we need to associate the iSCSI target (think of this as the share) we previously created with the extent (where the data will actually be stored). This mapping is done in the "Associated Targets" tab of the iSCSI configuration.
- Start the iSCSI service in Services -> Control Services
- Power on your Windows 7 VM in VMware Workstation (not in ESXi) which you used to install vCenter Server.
- Use the built in iSCSI Initiator (search in the start menu to find it) to connect to the iSCSI target you have created on FreeNAS
- Once you have successfully connected the system to the iSCSI target it should show up as a secondary hard drive in the system just like any other hard drive would. Check in the Windows Disk Management control panel to find it and format the new iSCSI drive with NTFS and try storing some files on it.
- Now we're going to try to increase the size of the iSCSI "drive". It's safest to do this when the system is disconnected from the iSCSI target so the first step will be to shut down the Windows 7 VM.
- Try following the instructions in the FreeNAS documentation to grow the size of the file based extent LUN (basically increase the size of the virtual drive) from 2.5 GB to 5 GB.
- After increasing the size of the extent you either need to stop and restart the iSCSI service on FreeNAS OR delete the target and then re-add a "new" target with the same name and extent location so that the new size is recognized by the iSCSI process on the storage server.
- Power back on your Windows 7 VM and ensure you are reconnected to the iSCSI target.
- Check the target (iSCSI "drive") size in Windows explorer. Has it increased to 5 GB?
- Try checking in the Windows "Disk Management" control panel now. What you should see is the drive size has grown to 5 GB but the NTFS partition is still only 2.5 GB because that's what it was formatted as.
- There are two solutions to fixing this problem. First, you could re-format the drive but in that case you would loose any data on the drive. A better option, because NTFS supports it, might be to try and grow the size of the NTFS partition from 2.5 GB to 5 GB. See if you can figure out how to use Windows tools such as DISKPART to grow the size of the NTFS partition on the drive.
- Check to see that you haven't lost any of the files you tried storing on the iSCSI drive during the grow process.
- Download the CrystalDiskMark drive benchmarking software and install it in your VM.
- Run the CrystalDiskMark software on both your C: drive and your iSCSI drive in Windows 7 and compare the results. Because we have several layers of virtualization occurring and are using software based targets and initiators for the iSCSI side speeds are likely to be poor on both drives but you should get some idea of how you can compare local drives with iSCSI drives. There are also many other tools which can be used for benchmarking specific types of storage loads such as database transactions, I/O per second (IOPS), etc.
- If time allows configure another iSCSI target & extent on your own and try to get it connected and mounted on a Debian Linux VM.
- Safely shut down your Windows 7, Debian, and finally FreeNAS VMs
- Ensure your computer is reconnected to the campus network and you have a working Internet connection
Storage for Virtualization Lab
The following are key goals of this lab, this time we'll leave the specific instructions up to you to figure out. A suggestion though is to tackle the iSCSI work for both VMware and Proxmox first and then do the NFS work (but that's up to you):
- Get VMware vCenter connected to your FreeNAS server (using the FreeNAS server as a datastore) using BOTH an iSCSI share and an NFS share.
- HINT: Remember that FreeNAS is using the same IP as ESXi-3 so you should NOT boot ESXi-3 (or Proxmox-3) while working on this lab and also should not have VMware and Proxmox systems booted at the same time (because they also share IPs).
- Ensure you are able to create and migrate VMware VMs using the FreeNAS iSCSI and NFS storage
- Note: this doesn't mean migrating between two types of storage, this means migrating a VM instance from one host to another
- Get your Proxmox cluster connected to your FreeNAS server using BOTH iSCSI and NFS (different shares than you used for VMware)
- HINT: Shared iSCSI configuration in Proxmox can be a little tricky as it requires setting up an iSCSI connection and then LVM on top of that.
- Ensure that you are able to create and migrate Proxmox VMs and containers using the FreeNAS iSCSI and NFS storage.
- NOTE: Specifically you should be able to live migrate in Proxmox now that you have shared storage in place.
- Note: this doesn't mean migrating between two types of storage, this means migrating a VM instance from one host to another
- Ensure your computer is reconnected to the campus network and you have a working Internet connection before you leave.