class-map match-all Voice
match ip dscp ef
match protocol rtp
class-map match-any Signaling
match protocol h323
match protocol rtcp
match protocol rtsp
match protocol sip
match protocol skinny
!
policy-map QoS-Policy-1
class Voice
set dscp ef
priority percent 30
class Signaling
set dscp cs3
bandwidth percent 5
class class-default
fair-queue
interface Outside
bandwidth xxxxxx <– be sure to define bandwidth kilobits
service-policy output QoS-Policy-1
call filter match-list 1 voice
incoming calling-number 9013950988 <– only show debugs from my number
debug condition match-list 1 exact-match
debug ccsip messages
TRIAD Telecom Specific Settings
voice class sip-profiles 1
request INVITE sip-header Allow-Header modify “.UPDATE,.” “..”
request REINVITE sip-header Allow-Header modify “.UPDATE,.” “..”
response 200 sip-header Allow-Header modify “.UPDATE,.” “..”
response 180 sip-header Allow-Header modify “.UPDATE,.” “..”
WINDSTREAM Specific Settings – (where 22.33.44.55 is local sip handoff)
sip
pass-thru content sdp
voice class sip-profiles 1
request INVITE sip-header Allow-Header modify “.UPDATE,.” “..”
request REINVITE sip-header Allow-Header modify “.UPDATE,.” “..”
response 200 sip-header Allow-Header modify “.UPDATE,.” “..”
response 180 sip-header Allow-Header modify “.UPDATE,.” “..”
request ANY sdp-header Connection-Info modify “0.0.0.0” “22.33.44.55”
request ANY sdp-header Audio-Connection-Info modify “0.0.0.0” “22.33.44.55”
request ANY sdp-header Audio-Attribute modify “inactive” “active”
dial-peer voice 5000 voip
description SIP INBOUND
preference 1
destination-pattern 91022209..$
session protocol sipv2
session target ipv4:10.20.1.1
incoming called-number 91039209..$
voice-class sip profiles 1
dtmf-relay rtp-nte
codec g711ulaw
clid strip name
no vad
dial-peer voice 6000 voip
description SIP 10DIG OUTBOUND
destination-pattern [2-9]………
no modem passthrough
session protocol sipv2
session target sip-server
voice-class sip early-offer forced
voice-class sip profiles 1
dtmf-relay rtp-nte
codec g711ulaw
fax rate disable
fax protocol t38 version 0 ls-redundancy 2 hs-redundancy 0 fallback cisco
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad
interface GigabitEthernet0/0
description Internet
ip address 24.175.29.2 255.255.255.252
crypto map VPN
interface GigabitEthernet0/1.10
description Data
ip address 10.2.0.1 255.255.0.0
ip policy route-map RM-PBR
interface GigabitEthernet0/1.20
description Voice
ip address 10.200.0.1 255.255.0.0
ip policy route-map RM-PBR
interface GigabitEthernet0/2
description Metro-E
ip address 10.120.0.2 255.255.255.0
track 1 ip sla 1 reachability
delay down 5 up 5
!
track 2 ip sla 2 reachability
delay down 5 up 5
route-map RM-PBR permit 10
description Prefer Data out VPN
match ip address ACL-Data
set ip next-hop verify-availability 24.175.29.1 10 track 1
set ip next-hop verify-availability 10.120.0.1 20 track 2
route-map RM-PBR permit 20
description Prefer Voice out Metro
match ip address ACL-Voice
set ip next-hop verify-availability 10.120.0.1 10 track 2
set ip next-hop verify-availability 24.175.29.1 20 track 1
ip sla 1
icmp-echo 8.8.8.8
frequency 10
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 10.120.0.1
frequency 10
ip sla schedule 2 life forever start-time now
ip sla auto discovery
ip access-list extended ACL-Data
permit ip 10.2.0.0 0.0.255.255 10.1.0.0 0.0.255.255
permit ip 10.2.0.0 0.0.255.255 10.3.0.0 0.0.255.255
ip access-list extended ACL-Voice
permit ip 10.200.0.0 0.0.255.255 10.100.0.0 0.0.255.255
permit ip 10.200.0.0 0.0.255.255 10.300.0.0 0.0.255.255
interface Vlan99
description guest
ip address 10.99.99.1 255.255.255.0
ip access-group Public-Out in
ip access-list extended Public-Out
permit udp any any eq bootps
deny ip 10.99.99.0 0.0.0.255 192.168.0.0 0.0.255.255
deny ip 10.99.99.0 0.0.0.255 172.16.0.0 0.0.15.255
deny ip 10.99.99.0 0.0.0.255 10.0.0.0 0.0.0.255
permit ip 10.99.99.0 0.0.0.255 any
New York:
crypto isakmp key pr3sh4r3dk3y! address 2.2.2.2 no-xauth
crypto ipsec transform-set GRE esp-des esp-md5-hmac
mode transport
!
crypto ipsec profile GRE_Tunnel
set transform-set GRE
interface Tunnel1
description GRE to Miami
ip address 192.168.1.1 255.255.255.0
delay 100
tunnel path-mtu-discovery
tunnel source GigabitEthernet0/1
tunnel destination 2.2.2.2
tunnel protection ipsec profile GRE_Tunnel
interface GigabitEthernet0/1
ip address 1.1.1.1 255.255.255.252
Miami:
crypto isakmp key pr3sh4r3dk3y! address 1.1.1.1 no-xauth
crypto ipsec transform-set GRE esp-des esp-md5-hmac
mode transport
!
crypto ipsec profile GRE_Tunnel
set transform-set GRE
interface GigabitEthernet0/1
ip address 2.2.2.2 255.255.255.252
interface Tunnel1
description GRE to New York
ip address 192.168.1.2 255.255.255.0
delay 100
tunnel path-mtu-discovery
tunnel source GigabitEthernet0/1
tunnel destination 1.1.1.1
tunnel protection ipsec profile GRE_Tunnel
image naming convention:
w7 = autonomous
w8 = lwapp
To downgrade LWAPP to autonomous
================================
1. plug a tftp server directly into AP
2. download latest c1140-k9w7.. rename to c1140-k9w7-tar.default
3. configure tftp server to 10.0.0.10/24
4. hold down mode button until red
5. AP will grab image and boot to autonomous
To upgrade autonomous to LWAPP
=================================
Pre 12.2 code – use upgrade utility
Newer APS:
1. Download latest LWAPP image from cisco website
2. Put laptop running tftp and access point on same network
3. Run the command below
AP# archive download-sw /overwrite /reload tftp://10.222.0.74/c1140-k9w8-tar.152-2.JB.tar
router eigrp 100
network 192.168.16.0
no auto-summary
router bgp 65001
neighbor 1.187.15.17 remote-as 32880
maximum-paths 2
!
address-family ipv4
redistribute eigrp 100 route-map EIGRP_to_BGP
route-map EIGRP_to_BGP deny 10 <–routes not to advertise
match ip address 10
match route-type internal
route-map EIGRP_TO_BGP permit 20 <– allow all other redistribution
access-list 10 permit 10.99.99.0 0.0.0.255
sla monitor 10
type echo protocol ipIcmpEcho 8.8.8.8 interface outside
num-packets 3
timeout 1000
frequency 3
sla monitor schedule 10 life forever start-time now
track 1 rtr 10 reachability
route outside 0.0.0.0 0.0.0.0 24.176.24.1 1 track 1
route backupisp 0.0.0.0 0.0.0.0 70.69.131.1 254