ITC-2300 VoIP Lab Switch and Router Configurations

From ITCwiki

Notes

Don't forget to modify for the information specific to your Pod:

  • Change the hostname of both the Router and Switch to include your Pod Number
  • Change the IP Address on the Router Fa0/0 interface to the correct IP for your pod

You may want to make some additional changes for administration ease:

  • Set an enable secret
  • Setup a username and secret on both devices
  • Setup SSH on both devices

Basic Router Configuration

hostname PodX-Router
!
ip dhcp excluded-address 192.168.10.1 192.168.10.20
!
ip dhcp pool internal-voip
   network 192.168.10.0 255.255.255.0
   dns-server 172.17.139.10
   default-router 192.168.10.1
   option 150 ip 192.168.10.3
!
interface FastEthernet0/0
 ip address 172.17.144.XX 255.255.255.0
 ip nat outside
 no shutdown
!
interface FastEthernet0/1
 no shutdown
!
interface FastEthernet0/1.10
 encapsulation dot1Q 10
 ip address 192.168.10.1 255.255.255.0
 ip nat inside
 no shutdown
!
ip route 0.0.0.0 0.0.0.0 172.17.144.1
!
ip nat inside source list 1 interface FastEthernet0/0 overload
!
access-list 1 permit 192.168.10.0 0.0.0.255

Basic Switch Configuration

hostname PodX-Switch
!
vtp mode transparent
!
vlan 10
!
spanning-tree portfast default
!
!
interface GigabitEthernet1/0/1
 description Asterisk Server PC
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/2
 description VoIP Phone 1
 switchport access vlan 10
 switchport mode access
 switchport voice vlan 10
 spanning-tree portfast
!
interface GigabitEthernet1/0/3
 description VoIP Phone 2
 switchport access vlan 10
 switchport mode access
 switchport voice vlan 10
 spanning-tree portfast
!
interface GigabitEthernet1/0/10
 description Second PC
 switchport access vlan 10
 spanning-tree portfast
!
!
interface GigabitEthernet1/0/24
 description Trunk Connection to Router
 switchport mode trunk
 no shutdown
!
interface Vlan10
 ip address 192.168.10.2 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 192.168.10.1
!

Adding NAT for SIP Trunking Support to the Router

In order to get SIP signaling traffic (port 5060) and RTP audio traffic (ports 10000-20000) to our Asterisk system from our SIP trunking provider we need to forward that traffic to the internal IP address of our Asterisk system. On some firewall devices you could do this just with port forwarding but Cisco does not have a way to forward a large number of ports with a single command (ports 10000-20000 need to all be forwarded for RTP audio traffic). So on our router we'll use a second outside IP address and forward all traffic to that IP address to our Asterisk server. Note that this effectively puts our Asterisk server on an outside IP address and in a production environment we would want to ensure the Asterisk system has a firewall and other safeguards such as intrusion prevention systems in place to block dangerous traffic.

! Change the XX on this line to the same IP as the ESXi-1 server address for your pod.
ip nat inside source static 192.168.10.3 172.17.144.XX

Adding ISDN <-> SIP Gateway Support to the Router

These additions to the configuration of your router allow it to act as a VoIP gateway which converts a digital ISDN PRI trunk from the Public Switched Telephone Network (PSTN) to a SIP trunk which Asterisk can send and receive calls on. This means that calls sent to the router (only from the IP of our Asterisk server thanks to the ACLs) are able to be sent to the PSTN over a T1 PRI voice trunk with guaranteed quality and calls coming from the PSTN can be converted into VoIP by the router and sent on to Asterisk.

! Put the T1/E1 card found in slot 0 , subslot 3 into T1 mode
card type t1 0 3
!
! Setup ISDN on the router to use signaling for PRI connections to a National ISDN switch
isdn switch-type primary-ni
!
! Tell the router to synchronize the DSP clock to the card in WIC slot 3
network-clock-participate wic 3
!
! Enable SIP VoIP capabilities on the router and set the router to use the IP on the VoIP internal network for SIP signalling 
voice service voip
 sip
  bind control source-interface FastEthernet0/1.10
  bind media source-interface FastEthernet0/1.10
!
! Configure the T1 settings on port 0 in subslot 3, slot 0 to use the correct modes for the ISDN switch and to use only the first 6 channels on the T1 PRI (due to limited DSP resources on our routers)
controller T1 0/3/0
 framing esf
 linecode b8zs
 clock source line
 pri-group timeslots 1-6
!
! Prevent any connections to the router's SIP port from the outside network
ip access-list extended block-sip-outside
 ! change the next two lines to have the correct outside IP address for your router
 deny   tcp any host 172.17.144.XX eq 5060
 deny   udp any host 172.17.144.XX eq 5060
 permit ip any any
!
! Prevent any connections to the router's SIP port from the inside EXCEPT from the Asterisk server
ip access-list extended block-sip-inside
 permit udp host 192.168.10.3 host 192.168.10.1 eq 5060
 deny   tcp any host 192.168.10.1 eq 5060
 deny   udp any host 192.168.10.1 eq 5060
 permit ip any any
!
! Apply the outside ACL
interface FastEthernet0/0
 ip access-group block-sip-outside in
!
! Apply the inside ACL
interface FastEthernet0/1.10
 ip access-group block-sip-inside in
!
! Send calls to any phone number received by the router (from Asterisk) to the PSTN over the T1.
!   Note this is why we need the ACLs to only allow access from Asterisk, otherwise anyone could send a SIP call to the router out over our T1 which could cause us to be charged!
dial-peer voice 1 pots
 description Calls from Asterisk to PSTN
 destination-pattern .T
 port 0/3/0:23
!
! Send calls to 510555ZZ.. numbers to the Asterisk server using SIP to route further
dial-peer voice 2 voip
 description Calls from PSTN to Asterisk
 ! change the two ZZs in the next line to match the incoming numbers for your pod (the last two characters should be periods to match any number)
 destination-pattern 510555ZZ..
 session protocol sipv2
 session target ipv4:192.168.10.3:5060
 incoming called-number .T
 dtmf-relay rtp-nte
 codec g711ulaw
 no vad
!
dial-peer voice 3 pots
 description Inbound calls from PSTN will pass to dial peer 2 which will send them to Asterisk
 ! change the two ZZs in the next line to match the incoming numbers for your pod (the last two characters should be periods to match any number)
 incoming called-number 510555ZZ..
 direct-inward-dial
 port 0/3/0:23
!