ITC-2300 VoIP Lab Switch and Router Configurations

From ITCwiki
Revision as of 22:34, 13 November 2019 by BenFranske (talk | contribs)
Jump to navigation Jump to search

Notes

Don't forget to modify for the information specific to your Pod:

  • Change the hostname of both the Router and Switch to include your Pod Number
  • Change the IP Address on the Router Fa0/0 interface to the correct IP for your pod

You may want to make some additional changes for administration ease:

  • Set an enable secret
  • Setup a username and secret on both devices
  • Setup SSH on both devices

Basic Router Configuration

hostname PodX-Router
!
ip dhcp excluded-address 192.168.10.1 192.168.10.20
!
ip dhcp pool internal-voip
   network 192.168.10.0 255.255.255.0
   dns-server 172.17.139.10
   default-router 192.168.10.1
   option 150 ip 192.168.10.3
!
interface FastEthernet0/0
 ip address 172.17.144.XX 255.255.255.0
 ip nat outside
 no shutdown
!
interface FastEthernet0/1
 no shutdown
!
interface FastEthernet0/1.10
 encapsulation dot1Q 10
 ip address 192.168.10.1 255.255.255.0
 ip nat inside
 no shutdown
!
ip route 0.0.0.0 0.0.0.0 172.17.144.1
!
ip nat inside source list 1 interface FastEthernet0/0 overload
!
access-list 1 permit 192.168.10.0 0.0.0.255

Basic Switch Configuration

hostname PodX-Switch
!
vtp mode transparent
!
vlan 10
!
spanning-tree portfast default
!
!
interface GigabitEthernet1/0/1
 description Asterisk Server PC
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/2
 description VoIP Phone 1
 switchport access vlan 10
 switchport mode access
 switchport voice vlan 10
 spanning-tree portfast
!
interface GigabitEthernet1/0/3
 description VoIP Phone 2
 switchport access vlan 10
 switchport mode access
 switchport voice vlan 10
 spanning-tree portfast
!
interface GigabitEthernet1/0/10
 description Second PC
 switchport access vlan 10
 spanning-tree portfast
!
!
interface GigabitEthernet1/0/24
 description Trunk Connection to Router
 switchport mode trunk
 no shutdown
!
interface Vlan10
 ip address 192.168.10.2 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 192.168.10.1
!

Adding NAT for SIP Trunking Support to the Router

In order to get SIP signaling traffic (port 5060) and RTP audio traffic (ports 10000-20000) to our Asterisk system from our SIP trunking provider we need to forward that traffic to the internal IP address of our Asterisk system. On some firewall devices you could do this just with port forwarding but Cisco does not have a way to forward a large number of ports with a single command (ports 10000-20000 need to all be forwarded for RTP audio traffic). So on our router we'll use a second outside IP address and forward all traffic to that IP address to our Asterisk server. Note that this effectively puts our Asterisk server on an outside IP address and in a production environment we would want to ensure the Asterisk system has a firewall and other safeguards such as intrusion prevention systems in place to block dangerous traffic. 

! Change the XX on this line to the same IP as the ESXi-1 server address for your pod.
ip nat inside source static 192.168.10.3 172.17.144.XX

Adding ISDN <-> SIP Gateway Support to the Router

These additions to the configuration of your router allow it to act as a VoIP gateway which converts a digital ISDN PRI trunk from the Public Switched Telephone Network (PSTN) to a SIP trunk which Asterisk can send and receive calls on. This means that calls sent to the router (only from the IP of our Asterisk server thanks to the ACLs) are able to be sent to the PSTN over a T1 PRI voice trunk with guaranteed quality and calls coming from the PSTN can be converted into VoIP by the router and sent on to Asterisk. 

!
card type t1 0 3
!
isdn switch-type primary-ni
!
network-clock-participate wic 3
!
voice service voip
 sip
  bind control source-interface FastEthernet0/1.10
  bind media source-interface FastEthernet0/1.10
!
controller T1 0/3/0
 framing esf
 linecode b8zs
 clock source line
 pri-group timeslots 1-6
!
ip access-list extended block-sip-outside
 ! change the next two lines to have the correct outside IP address for your router
 deny   tcp any host 172.17.144.XX eq 5060
 deny   udp any host 172.17.144.XX eq 5060
 permit ip any any
ip access-list extended block-sip-inside
 permit udp host 192.168.10.3 host 192.168.10.1 eq 5060
 deny   tcp any host 192.168.10.1 eq 5060
 deny   udp any host 192.168.10.1 eq 5060
 permit ip any any
!
interface FastEthernet0/0
 ip access-group block-sip-outside in
!
interface FastEthernet0/1.10
 ip access-group block-sip-inside in
!
dial-peer voice 1 pots
 description Calls from Asterisk to PSTN
 destination-pattern .T
 port 0/3/0:23
!
dial-peer voice 2 voip
 description Calls from PSTN to Asterisk
 ! change the two ZZs in the next line to match the incoming numbers for your pod (the last two characters should be periods)
 destination-pattern 510555ZZ..
 session protocol sipv2
 session target ipv4:192.168.10.3:5060
 incoming called-number .T
 dtmf-relay rtp-nte
 codec g711ulaw
 no vad
!
dial-peer voice 3 pots
 description Inbound calls from PSTN
 incoming called-number .T
 direct-inward-dial
 port 0/3/0:23
!
Retrieved from "https://wiki.ihitc.net/mediawiki/index.php?title=ITC-2300_VoIP_Lab_Switch_and_Router_Configurations&oldid=7900"