Layer 2 tunneling: L2TP metoda statica & Cisco IOS

Cred ca imi lipsesc cursurile de la academia Cisco si ma razbun pe platforma asta de blog, dar asa le trebuie daca m-au lasat sa imi fac cont.

Vreau sa va arat o tehnica de conectare a aceluiasi subnet, in cazul nostru 192.168.1.0/24, prin intermediul a doua routere Cisco, reteaua Internet fiind folosita la interconectarea celor doua. Practic, din punctul de vedere al calculatoarelor,  cele doua routere se comporta ca un switch.

Config router stanga

l2tp-class <nume-clasa-cevretivoi>
   hello 10
   password 0 cisco

pseudowire-class <nume-pseudoclass-totcevacevretvoi>
   encapsulation l2tpv3
   protocol l2tpv3 <nume-clasa-cevretivoi>
   ip local interface Fa0/0

interface Fa0/0
   descritpion *** link to IP cloud *** 
   ip address 200.100.50.1 <SM-cevreaISPulvostru>

interface Fa0/1
   description *** link to LAN ***
   no ip address
   xconnect 100.50.25.1 <circuit-ID> encapsulation l2tpv3 pw-class <nume-pseudoclass-totcevretvoi>

show l2tun


Config router dreapta


l2tp-class <nume-clasa-totcevretivoi>
   hello 10
   password 0 cisco

pseudowire-class <nume-pseudoclass-totcevacevretvoi>
   encapsulation l2tpv3
   protocol l2tpv3 <nume-clasa-totcevretivoi>
   ip local interface Fa0/0

interface Fa0/0
   descritpion *** link to IP cloud *** 
   ip address 100.50.25.1 <SM-cevreaISPulvostru>


interface Fa0/1
   description *** link to LAN ***
   no ip address
   xconnect 200.100.50.1 <circuit-ID> encapsulation l2tpv3 pw-class <nume-pseudoclass-totcevacevretvoi>


show l2tun


Aveti grija ca <circuit-ID> sa aibe aceeasi valoare pe ambele routere !!!


Spor la treaba

Asterisk & SIP & Cisco IP Communicator (softphone)

De vreo doua zile ma straduiesc sa pun in functiune scenariul in care un telefon software, in cazul meu Cisco IP Communicator 2.1.3.0, se inregistreaza la un IP PBX, cum ar putea fi altul decat Asterisk 1.8.8, folosind protocolul de semnalizare SIP. Intr-un final am reusit si cum nu am gasit foarte usor documentat acest scenariu, iaca-ta-l:

Asterisk are adresa IP publica, presupunem ca ar fi 100.50.25.1; inlocuiti, mai jos, aceasta adresa cu cea din scenariul vostru
IP Communicator este instalat pe un calculator OS Windows 7 conectat in LAN si pe care avem IP privat 192.168.1.104

Pe un server TFTP, a carei adresa IP o configuram in softphone Preferences->Network->Use these TFTP servers, trebuie sa avem fisierul XML cu denumirea SEP<MAC_softphone>.xml
Telefonul este configurat cu extensia 1008 si parola asistent si deschide portul UDP 53801 pe calculator; inlocuiti, mai jos, aceasta valoare cu cea din scenariul vostru.
Routerul (default-gateway pentru LAN in care este conectat calculatorul) pe care s-a configurat NAT astfel incat calculatorul sa aibe acces la Internet are IP public fix 200.100.50.1; inlocuiti, mai jos, aceasta adresa cu cea din scenariul vostru.
In plus, pe router am fost nevoit sa configurez o translatie pentru portul 53801 si anume 200.100.50.1:53801 se translateaza la 192.168.1.104:53801, protocol UDP.

<?xml version="1.0" encoding="UTF-8"?>
<device>
<deviceProtocol>SIP</deviceProtocol>
<sshUserId>admin</sshUserId>
<sshPassword>password</sshPassword>
<devicePool>
<dateTimeSetting>
<dateTemplate>D-M-Y</dateTemplate>
<timeZone>E. Europe Standard/Daylight Time</timeZone>
<ntps>
<ntp>
<name>80.96.120.252</name>
<ntpMode>Unicast</ntpMode>
</ntp>
</ntps>
</dateTimeSetting>
<callManagerGroup>
<members>
<member priority="0">
<callManager>
<ports>
<ethernetPhonePort>2000</ethernetPhonePort>
<sipPort>5060</sipPort>
<securedSipPort>5061</securedSipPort>
</ports>
<processNodeName>100.50.25.1</processNodeName>
</callManager>
</member>
</members>
</callManagerGroup>
</devicePool>
<sipProfile>
<sipProxies>
<backupProxy></backupProxy>
<backupProxyPort>5060</backupProxyPort>
<emergencyProxy></emergencyProxy>
<emergencyProxyPort></emergencyProxyPort>
<outboundProxy></outboundProxy>
<outboundProxyPort></outboundProxyPort>
<registerWithProxy>true</registerWithProxy>
</sipProxies>
<sipCallFeatures>
<cnfJoinEnabled>true</cnfJoinEnabled>
<callForwardURI>x-serviceuri-cfwdall</callForwardURI>
<callPickupURI>x-cisco-serviceuri-pickup</callPickupURI>
<callPickupListURI>x-cisco-serviceuri-opickup</callPickupListURI>
<callPickupGroupURI>x-cisco-serviceuri-gpickup</callPickupGroupURI>
<meetMeServiceURI>x-cisco-serviceuri-meetme</meetMeServiceURI>
<abbreviatedDialURI>x-cisco-serviceuri-abbrdial</abbreviatedDialURI>
<rfc2543Hold>false</rfc2543Hold>
<callHoldRingback>2</callHoldRingback>
<localCfwdEnable>true</localCfwdEnable>
<semiAttendedTransfer>true</semiAttendedTransfer>
<anonymousCallBlock>2</anonymousCallBlock>
<callerIdBlocking>2</callerIdBlocking>
<dndControl>0</dndControl>
<remoteCcEnable>true</remoteCcEnable>
</sipCallFeatures>
<sipStack>
<sipInviteRetx>6</sipInviteRetx>
<sipRetx>10</sipRetx>
<timerInviteExpires>180</timerInviteExpires>
<timerRegisterExpires>3600</timerRegisterExpires>
<timerRegisterDelta>5</timerRegisterDelta>
<timerKeepAliveExpires>120</timerKeepAliveExpires>
<timerSubscribeExpires>120</timerSubscribeExpires>
<timerSubscribeDelta>5</timerSubscribeDelta>
<timerT1>500</timerT1>
<timerT2>4000</timerT2>
<maxRedirects>70</maxRedirects>
<remotePartyID>false</remotePartyID>
<userInfo>None</userInfo>
</sipStack>
<autoAnswerTimer>1</autoAnswerTimer>
<autoAnswerAltBehavior>false</autoAnswerAltBehavior>
<autoAnswerOverride>true</autoAnswerOverride>
<transferOnhookEnabled>false</transferOnhookEnabled>
<enableVad>false</enableVad>
<dtmfAvtPayload>101</dtmfAvtPayload>
<dtmfDbLevel>3</dtmfDbLevel>
<dtmfOutofBand>avt</dtmfOutofBand>
<alwaysUsePrimeLine>false</alwaysUsePrimeLine>
<alwaysUsePrimeLineVoiceMail>false</alwaysUsePrimeLineVoiceMail>
<kpml>3</kpml>
<phoneLabel>ASISTENT</phoneLabel>
<stutterMsgWaiting>1</stutterMsgWaiting>
<callStats>false</callStats>
<silentPeriodBetweenCallWaitingBursts>10</silentPeriodBetweenCallWaitingBursts>
<disableLocalSpeedDialConfig>false</disableLocalSpeedDialConfig>

<natEnabled>1</natEnabled>
<natAddress>200.100.50.1</natAddress>

<sipLines>
<line button="1">
<featureID>9</featureID>
<featureLabel>1008</featureLabel>

<proxy>100.50.25.1</proxy>
<port>5060</port>

<name>1008</name>
<displayName>asistent_1008</displayName>
<autoAnswer>
<autoAnswerEnabled>2</autoAnswerEnabled>
</autoAnswer>
<callWaiting>3</callWaiting>

<authName>1008</authName>
<authPassword>asistent</authPassword>

<sharedLine>false</sharedLine>
<messageWaitingLampPolicy>1</messageWaitingLampPolicy>
<messagesNumber>*99</messagesNumber>
<ringSettingIdle>4</ringSettingIdle>
<ringSettingActive>5</ringSettingActive>
<contact>1008</contact>
<proxy>100.50.25.1</proxy>
<port>5060</port>
<forwardCallInfoDisplay>
<callerName>true</callerName>
<callerNumber>false</callerNumber>
<redirectedNumber>false</redirectedNumber>
<dialedNumber>true</dialedNumber>
</forwardCallInfoDisplay>
</line>
</sipLines>

<voipControlPort>58301</voipControlPort>

<startMediaPort>10000</startMediaPort>
<stopMediaPort>20000</stopMediaPort>
<dscpForAudio>184</dscpForAudio>
<ringSettingBusyStationPolicy>0</ringSettingBusyStationPolicy>
<dialTemplate>dialplan.xml</dialTemplate>
<softKeyFile></softKeyFile>
</sipProfile>
<commonProfile>
<phonePassword></phonePassword>
<backgroundImageAccess>true</backgroundImageAccess>
<callLogBlfEnabled>2</callLogBlfEnabled>
</commonProfile>
<loadInformation>SIP70.8-0-2SR1S</loadInformation>
<vendorConfig>
<disableSpeaker>false</disableSpeaker>
<disableSpeakerAndHeadset>false</disableSpeakerAndHeadset>
<pcPort>0</pcPort>
<settingsAccess>1</settingsAccess>
<garp>0</garp>
<voiceVlanAccess>0</voiceVlanAccess>
<videoCapability>0</videoCapability>
<autoSelectLineEnable>0</autoSelectLineEnable>
<webAccess>0</webAccess>
<daysDisplayNotActive>1,2,3,4,5,6,7</daysDisplayNotActive>
<displayOnTime>00:00</displayOnTime>
<displayOnDuration>00:00</displayOnDuration>
<displayIdleTimeout>00:00</displayIdleTimeout>
<spanToPCPort>1</spanToPCPort>
<loggingDisplay>1</loggingDisplay>
<loadServer></loadServer>
</vendorConfig>
<userLocale>
<name></name>
<uid></uid>
<langCode>en_US</langCode>
<version>1.0.0.0-1</version>
<winCharSet>iso-8859-1</winCharSet>
</userLocale>
<networkLocale></networkLocale>
<networkLocaleInfo>
<name></name>
<uid></uid>
<version>1.0.0.0-1</version>
</networkLocaleInfo>
<deviceSecurityMode>1</deviceSecurityMode>
<authenticationURL>http://example.domain.ext/services/authenticate.php</authenticationURL>
<directoryURL>http://example.domain.ext/services/directory.php</directoryURL>
<servicesURL>http://example.domain.ext/services/menu.xml</servicesURL>
<idleURL></idleURL>
<informationURL></informationURL>
<messagesURL></messagesURL>
<proxyServerURL></proxyServerURL>
<dscpForSCCPPhoneConfig>96</dscpForSCCPPhoneConfig>
<dscpForSCCPPhoneServices>0</dscpForSCCPPhoneServices>
<dscpForCm2Dvce>96</dscpForCm2Dvce>
<transportLayerProtocol>4</transportLayerProtocol>
<capfAuthMode>0</capfAuthMode>
<capfList>
<capf>
<phonePort>3804</phonePort>
</capf>
</capfList>
<certHash></certHash>
<encrConfig>false</encrConfig>
</device>

In fisierul sip.conf de configurare din Asterisk trebuie sa avem urmatoarea configuratie:

[1008]
secret=asistent
nat=no
qualify=no

Spor la treaba