ITC-2300 VoIP Lab Switch and Router Configurations
Don't forget to modify for the information specific to your Pod:
- Change the hostname of both the Router and Switch to include your Pod Number
- Change the IP Address on the Router Fa0/0 interface to the correct IP for your pod
You may want to make some additional changes for administration ease:
- Set an enable secret
- Setup a username and secret on both devices
- Setup SSH on both devices
Basic Router Configuration
hostname PodX-Router ! ip dhcp excluded-address 192.168.10.1 192.168.10.20 ! ip dhcp pool internal-voip network 192.168.10.0 255.255.255.0 dns-server 172.17.139.10 default-router 192.168.10.1 option 150 ip 192.168.10.3 ! interface FastEthernet0/0 ip address 172.17.144.XX 255.255.255.0 ip nat outside no shutdown ! interface FastEthernet0/1 no shutdown ! interface FastEthernet0/1.10 encapsulation dot1Q 10 ip address 192.168.10.1 255.255.255.0 ip nat inside no shutdown ! ip route 0.0.0.0 0.0.0.0 172.17.144.1 ! ip nat inside source list 1 interface FastEthernet0/0 overload ! access-list 1 permit 192.168.10.0 0.0.0.255
Basic Switch Configuration
hostname PodX-Switch ! vtp mode transparent ! vlan 10 ! spanning-tree portfast default ! ! interface GigabitEthernet1/0/1 description Asterisk Server PC switchport access vlan 10 switchport mode access ! interface GigabitEthernet1/0/2 description VoIP Phone 1 switchport access vlan 10 switchport mode access switchport voice vlan 10 spanning-tree portfast ! interface GigabitEthernet1/0/3 description VoIP Phone 2 switchport access vlan 10 switchport mode access switchport voice vlan 10 spanning-tree portfast ! interface GigabitEthernet1/0/10 description Second PC switchport access vlan 10 spanning-tree portfast ! ! interface GigabitEthernet1/0/24 description Trunk Connection to Router switchport mode trunk no shutdown ! interface Vlan10 ip address 192.168.10.2 255.255.255.0 ! ip route 0.0.0.0 0.0.0.0 192.168.10.1 !
Adding NAT for SIP Trunking Support to the Router
In order to get SIP signaling traffic (port 5060) and RTP audio traffic (ports 10000-20000) to our Asterisk system from our SIP trunking provider we need to forward that traffic to the internal IP address of our Asterisk system. On some firewall devices you could do this just with port forwarding but Cisco does not have a way to forward a large number of ports with a single command (ports 10000-20000 need to all be forwarded for RTP audio traffic). So on our router we'll use a second outside IP address and forward all traffic to that IP address to our Asterisk server. Note that this effectively puts our Asterisk server on an outside IP address and in a production environment we would want to ensure the Asterisk system has a firewall and other safeguards such as intrusion prevention systems in place to block dangerous traffic.
! Change the XX on this line to the same IP as the ESXi-1 server address for your pod. ip nat inside source static 192.168.10.3 172.17.144.XX
Adding ISDN <-> SIP Gateway Support to the Router
These additions to the configuration of your router allow it to act as a VoIP gateway which converts a digital ISDN PRI trunk from the Public Switched Telephone Network (PSTN) to a SIP trunk which Asterisk can send and receive calls on. This means that calls sent to the router (only from the IP of our Asterisk server thanks to the ACLs) are able to be sent to the PSTN over a T1 PRI voice trunk with guaranteed quality and calls coming from the PSTN can be converted into VoIP by the router and sent on to Asterisk.
! Put the T1/E1 card found in slot 0 , subslot 3 into T1 mode card type t1 0 3 ! ! Setup ISDN on the router to use signaling for PRI connections to a National ISDN switch isdn switch-type primary-ni ! ! Tell the router to synchronize the DSP clock to the card in WIC slot 3 network-clock-participate wic 3 ! ! Enable SIP VoIP capabilities on the router and set the router to use the IP on the VoIP internal network for SIP signalling voice service voip sip bind control source-interface FastEthernet0/1.10 bind media source-interface FastEthernet0/1.10 ! ! Configure the T1 settings on port 0 in subslot 3, slot 0 to use the correct modes for the ISDN switch and to use only the first 6 channels on the T1 PRI (due to limited DSP resources on our routers) controller T1 0/3/0 framing esf linecode b8zs clock source line pri-group timeslots 1-6 ! ! Prevent any connections to the router's SIP port from the outside network ip access-list extended block-sip-outside ! change the next two lines to have the correct outside IP address for your router deny tcp any host 172.17.144.XX eq 5060 deny udp any host 172.17.144.XX eq 5060 permit ip any any ! ! Prevent any connections to the router's SIP port from the inside EXCEPT from the Asterisk server ip access-list extended block-sip-inside permit udp host 192.168.10.3 host 192.168.10.1 eq 5060 deny tcp any host 192.168.10.1 eq 5060 deny udp any host 192.168.10.1 eq 5060 permit ip any any ! ! Apply the outside ACL interface FastEthernet0/0 ip access-group block-sip-outside in ! ! Apply the inside ACL interface FastEthernet0/1.10 ip access-group block-sip-inside in ! ! Send calls to any phone number received by the router (from Asterisk) to the PSTN over the T1. ! Note this is why we need the ACLs to only allow access from Asterisk, otherwise anyone could send a SIP call to the router out over our T1 which could cause us to be charged! dial-peer voice 1 pots description Calls from Asterisk to PSTN destination-pattern .T port 0/3/0:23 ! ! Send calls to 510555ZZ.. numbers to the Asterisk server using SIP to route further dial-peer voice 2 voip description Calls from PSTN to Asterisk ! change the two ZZs in the next line to match the incoming numbers for your pod (the last two characters should be periods to match any number) destination-pattern 510555ZZ.. session protocol sipv2 session target ipv4:192.168.10.3:5060 incoming called-number .T dtmf-relay rtp-nte codec g711ulaw no vad ! dial-peer voice 3 pots description Inbound calls from PSTN will pass to dial peer 2 which will send them to Asterisk ! change the two ZZs in the next line to match the incoming numbers for your pod (the last two characters should be periods to match any number) incoming called-number 510555ZZ.. direct-inward-dial port 0/3/0:23 !