Home Security System User Manual

ManualsBrandsCisco Systems ManualsHome Safety ProductH.323 VC-289

VC-289

Cisco IOS Voice, Video, and Fax Configuration Guide

Configuring H.323 Gatekeepers and Proxies

This chapter describes how to configure the Cisco Multimedia Conference Manager. The Multimedia

Conference Manager provides gatekeeper and proxy capabilities required for service provisioning and

management of H.323-compliant networks.

This chapter includes the following sections:

• Multimedia Conference Manager Overview, page 289

• H.323 Gatekeeper Features, page 290

• H.323 Proxy Features, page 297

• H.323 Prerequisite Tasks and Restrictions, page 302

• H.323 Gatekeeper Configuration Task List, page 303

• H.323 Gatekeeper Configuration Examples, page 345

For a complete description of the H.323 gatekeeper commands used in this chapter, refer to the

Cisco IOS Voice, Video, and Fax Command Reference. To locate documentation for other commands that

appear in this chapter, use the command reference master index or search online.

For more information regarding Resource Reservation Protocol (RSVP), synchronous reservation

timers, and slow connect, refer to the Cisco IOS Release 12.1(5)T VoIP Call Admission Control Using

RSVP or the Cisco IOS Quality of Service Solutions Configuration Guide.

To identify the hardware platform or software image information associated with a feature in this

chapter, use the Feature Navigator on Cisco.com to search for information about the feature or refer to

the software release notes for a specific release. For more information, see the “Identifying Supported

Platforms” section in the “Using Cisco IOS Software” chapter.

Multimedia Conference Manager Overview

Deploying H.323 applications and services requires careful design and planning for the network

infrastructure and for the H.323 devices. The Cisco H.323-compliant Multimedia Conference Manager

provides gatekeeper and proxy capabilities, which are required for service provisioning and management

of H.323 networks. With the Cisco Multimedia Conference Manager, your current internetwork can be

configured to route bit-intensive data, such as audio, telephony, video and audio telephony, and data

conferencing using existing telephone and ISDN links without degrading the current level of service of

the network. In addition, H.323-compliant applications can be implemented on existing networks in an

incremental fashion without upgrades.

Summary of content (76 pages)

PAGE 1
Configuring H.323 Gatekeepers and Proxies This chapter describes how to configure the Cisco Multimedia Conference Manager. The Multimedia Conference Manager provides gatekeeper and proxy capabilities required for service provisioning and management of H.323-compliant networks. This chapter includes the following sections: • Multimedia Conference Manager Overview, page 289 • H.323 Gatekeeper Features, page 290 • H.323 Proxy Features, page 297 • H.
PAGE 2
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Features Multimedia Conference Manager provides a rich list of networking capabilities, including the following: • A means to implement quality of service (QoS), which is required for the successful deployment of H.323 applications. • Interzone routing in the E.164 address space. When using H.323-identification (H.323-ID) format addresses, interzone routing is accomplished by using domain names.
PAGE 3
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Features • Interzone Routing Using E.164 Addresses, page 294 • HSRP Support, page 296 Zone and Subnet Configuration A zone is defined as the set of H.323 nodes controlled by a single gatekeeper. Gatekeepers that coexist on a network may be configured so that they register endpoints from different subnets.
PAGE 4
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Features For example, the local gatekeeper can be configured with the knowledge that zone prefix “212......” (that is, any address beginning “212” and followed by 7 arbitrary digits) is handled by the gatekeeper gatekeeper_2. Then, when the local gatekeeper is asked to admit a call to destination address 2125551111, it knows to send the LRQ to gatekeeper_2.
PAGE 5
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Features Terminal Name Registration Gatekeepers recognize one of two types of terminal aliases, or terminal names: • H.323 IDs, which are arbitrary, case-sensitive text strings • E.164 addresses, which are telephone numbers If an H.323 network deploys interzone communication, each terminal should at least have a fully qualified e-mail name as its H.323 identification (ID), for example, bob@cisco.com.
PAGE 6
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Features Interzone Routing Using E.164 Addresses Interzone routing may be configured using E.164 addresses. Two types of address destinations are used in H.323 calls. The destination can be specified using either an H.323-ID address (a character string) or an E.164 address (a string that contains telephone keypad characters). The way interzone calls are routed depends on the type of address being used. When using H.
PAGE 7
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Features To enable the gatekeeper to select the appropriate hop-off gateway, use the gw-type-prefix command to configure technology or gateway-type prefixes. Select technology prefixes to denote different types or classes of gateways. The gateways are then configured to register with their gatekeepers using these technology prefixes. For example, voice gateways might register with technology prefix 1#, and H.
PAGE 8
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Features Note For ease of maintenance, the same prefix type should be used to denote the same gateway type in all zones under your administration. No more than 50 different technology prefixes should be registered per zone. Also, with the gw-type-prefix command, a hop off can be forced to a particular zone.
PAGE 9
Configuring H.323 Gatekeepers and Proxies H.323 Proxy Features Note Gatekeeper failover will not be completely transparent to endpoints and gatekeepers. When the standby gatekeeper takes over, it does not have the state of the failed gatekeeper. If an endpoint that had registered with the failed gatekeeper now makes a request to the new gatekeeper, the gatekeeper responds with a reject, indicating that it does not recognize the endpoint.
PAGE 10
Configuring H.323 Gatekeepers and Proxies H.323 Proxy Features Proxy Inside the Firewall H.323 is a complex, dynamic protocol that consists of several interrelated subprotocols. During H.323 call setup, the ports and addresses released with this protocol require a detailed inspection as the setup progresses. If the firewall does not support this dynamic access control based on the inspection, a proxy can be used just inside the firewall.
PAGE 11
Configuring H.323 Gatekeepers and Proxies H.323 Proxy Features Proxy in Co-Edge Mode If H.323 terminals exist in an area with local interior addresses that must be translated to valid exterior addresses, the firewall must be capable of decoding and translating all addresses passed in the various H.323 protocols. If the firewall is not capable of this translation task, a proxy may be placed next to the firewall in a co-edge mode. In this configuration, interfaces lead to both inside and outside networks.
PAGE 12
Configuring H.323 Gatekeepers and Proxies H.323 Proxy Features Proxy Outside the Firewall To place the proxy and gatekeeper outside the firewall, two conditions must exist. First, the firewall must support H.323 dynamic access control. Second, Network Address Translation (NAT) must not be in use. If NAT is in use, each endpoint must register with the gatekeeper for the duration of the time it is online.
PAGE 13
Configuring H.323 Gatekeepers and Proxies H.323 Proxy Features Table 25 Guidelines for Networks That Do Not Use NAT For Networks Not Using NAT Firewall with H.323. NAT Firewall with Dynamic Access Control Gatekeeper and proxy inside the Gatekeeper and proxy inside the firewall firewall Gatekeeper and proxy outside the firewall Firewall Without Dynamic Access Control Firewall Without H.
PAGE 14
Configuring H.323 Gatekeepers and Proxies H.323 Prerequisite Tasks and Restrictions Application-specific routing is simple. When the proxy receives outbound traffic, it directs traffic to an interface that is connected directly to the QoS network. The proxy does not send the traffic using an interface that is specified for the regular routing protocol. Similarly, inbound traffic from other proxies is received on the interface that is connected to the QoS network.
PAGE 15
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List • The number of remote gatekeepers multiplied by the delay per LRQ cannot exceed the Routing Information Protocol (RIP) timeout. Therefore, we recommend that you limit your list of remote gatekeepers to two or three. • If LRQ forwarding is enabled on the directory gatekeeper, the sequential setting for LRQs is ignored. • Only E.164 address resolution is supported. • Using redundant H.
PAGE 16
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List Starting a Gatekeeper To enter gatekeeper configuration mode and to start the gatekeeper, use the following commands beginning in global configuration mode: Command Purpose Step 1 Router(config)# gatekeeper Enters gatekeeper configuration mode. Step 2 Router(config-gk)# zone local gatekeeper-name domain-name [ras-IP-address] Specifies a zone controlled by a gatekeeper.
PAGE 17
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List Step 3 Command Purpose Router(config-gk)# zone prefix gatekeeper-name e164-prefix [blast | seq] [gw-priority priority gw-alias [gw-alias, ...]] Adds a prefix to the gatekeeper zone list. The keywords and arguments are as follows: • gatekeeper-name—Specifies the name of a local or remote gatekeeper, which must have been defined by using the zone local or zone remote command. • e164-prefix—Specifies an E.
PAGE 18
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List Step 4 Command Purpose Router(config-gk)# zone subnet local-gatekeeper-name [default | subnet-address {/bits-in-mask | mask-address} enable] Defines a set of subnets that constitute the gatekeeper zone. Enables the gatekeeper for each of these subnets and disables it for all other subnets. (Repeat for all subnets.
PAGE 19
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List Note To explicitly enable or disable a particular endpoint, specify its host address using a 32-bit subnet mask.
PAGE 20
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List zone3.comintxt“ras gk.3@gk.zone3.com:1725” zone4.comintxt“ras gk4@gk.zone4.com:1725 123” zone5.comintxt“ras gk5@101.0.0.1:1725” Manual Configuration If you choose not to use DNS or if DNS is not available, configure intergatekeeper communication manually.
PAGE 21
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List zone zone zone zone remote prefix prefix prefix gnet-2503-3-gk gnet-2503-2-gk gnet-2600-1-gk gnet-2503-6-gk cisco.com 172.18.194.134 1719 919....... 919....... 919....... As you can see, the zone prefix for the local gatekeeper (gnet-2503-2-gk) has been inserted at the top of the zone prefix list. If the local gatekeeper can resolve the address, it will not send LRQs to the remote zones.
PAGE 22
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List Command Purpose Step 3 Router(config-gk)# zone remote other-gatekeeper-name other-domain-name other-gatekeeper-ip-address [port-number] Configures the remote gatekeeper. The arguments are as follows: • other-gatekeeper-name—Name of the remote gatekeeper. • other-domain-name—Domain name of the remote gatekeeper. • other-gatekeeper-ip-address—IP address of the remote gatekeeper.
PAGE 23
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List To verify whether the LRQs will be sent sequentially or simultaneously to the gatekeepers, enter the show running-config command. If the LRQs will be sent simultaneously, blast will appear beside the first entry for a particular zone (as shown in the following output for zone 919). Router# show running-config Building configuration... Current configuration: ! gatekeeper zone remote c3620-1-gk cisco.com 172.18.194.
PAGE 24
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List Command Purpose • seq | blast—(Optional) If multiple hopoffs are listed, indicates that the location requests (LRQs) should be sent sequentially or simultaneously (blast) to the gatekeepers based on the order in which they were listed. The default is to send them sequentially.
PAGE 25
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List Configuring Static Nodes In some cases, the registration information is not accessible for a terminal or endpoint from any gatekeeper. This inaccessible registration information may be because the endpoint does not use RAS, is in an area where no gatekeeper exists, or is in a zone where the gatekeeper addressing is unavailable either through DNS or through configuration.
PAGE 26
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List Command Purpose • h-323 proxy—(Optional) Indicates that the alias refers to an H.323 proxy. • voip—(Optional) Indicates that the alias refers to VoIP. • e164 e164-address—(Optional) Specifies the node E.164 address. This keyword and argument can be used more than once to specify as many E.164 addresses as needed. Note that there is a maximum number of 128 characters that can be entered for this address.
PAGE 27
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List Command Purpose – krb5-telnet—Uses the Kerberos 5 Telnet authentication protocol when using Telnet to connect to the router. – line—Uses the line password for authentication. – local—Uses the local username database for authentication – local-case—Uses case-sensitive local username authentication. – none—Uses no authentication. – group radius—Uses the list of all RADIUS servers for authentication.
PAGE 28
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List Command Purpose • timeout—(Optional) Specifies the time interval (in seconds) for which the router waits for the RADIUS server to reply before retransmitting. This setting overrides the global value of the radius-server timeout command. If no timeout value is specified, the global value is used. Enter a value in the range of from 1 to 1000. • seconds—(Optional) Specifies the timeout value.
PAGE 29
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List Step 4 Command Purpose Router(config)# radius-server key {0 string | 7 string | string} Sets the authentication and encryption key for all RADIUS communications between the router and the RADIUS daemon. The arguments are as follows: • 0—Specifies that an unencrypted key will follow. • string—Specifies the unencrypted (cleartext) shared key. • 7—Specifies that a hidden key will follow.
PAGE 30
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List Command Purpose • password separator character—Specifies the character that endpoints use to separate the H.323-ID from the piggybacked password in the registration. This allows each endpoint to supply a user-specific password. The separator character and password will be stripped from the string before it is treated as an H.323-ID alias to be registered. Note that passwords may be piggybacked only in the H.
PAGE 31
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List Step 4 Step 5 Command Purpose Router(config)# radius-server host {host-name | ip-address} [auth-port port-number] [acct-port port-number] [timeout seconds] [retransmit retries] [key string] Specifies the RADIUS server host. Router(config)# radius-server key {0 string | 7 string | string} Sets the authentication and encryption key for all RADIUS communications between the router and the RADIUS daemon.
PAGE 32
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List Configuring User Accounting Activity for RADIUS After AAA has been enabled and the gateway has been configured to recognize RADIUS as the remote security server providing authentication services, the next step is to configure the gateway to report user activity to the RADIUS server in the form of connection accounting records.
PAGE 33
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List Command Purpose Step 2 Router(config)# gatekeeper Enters gatekeeper configuration mode. Step 3 Router(config-gk)# aaa accounting Enables authentication, authorization, and accounting (AAA) of requested services for billing or security purposes when you use RADIUS or TACACS+. For more information about AAA connection accounting services, refer to the Cisco IOS Security Configuration Guide. Configuring E.
PAGE 34
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List Step 4 Step 5 Command Purpose Router(config-gk)# zone prefix gatekeeper-name e164-prefix [blast | seq] [gw-priority priority gw-alias [gw-alias, ...]] Adds a prefix to the gatekeeper zone list. Router(config-gk)# gw-type-prefix type-prefix [[hopoff gkid1] [hopoff gkid2] [hopoff gkidn] [seq | blast]] [default-technology] [[gw ipaddr ipaddr [port]]...
PAGE 35
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List Configuring a Dialing Prefix for Each Gateway To configure a dialing prefix for each gateway, use the following commands beginning in global configuration mode: Command Purpose Step 1 Router(config)# gatekeeper Enters gatekeeper configuration mode. Step 2 Router(config-gk)# zone local gatekeeper-name domain-name [ras-IP-address] Specifies a zone controlled by a gatekeeper.
PAGE 36
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List Step 3 Command Purpose Router(config-gk)# zone prefix gatekeeper-name e164-prefix [gw-priority pri-0-to-10 gw-alias [gw-alias, ...]] Adds a prefix to the gatekeeper zone list. To remove knowledge of a zone prefix, use the no form of this command with the gatekeeper name and prefix. To remove the priority assignment for a specific gateway, use the no form of this command with the gw-priority option.
PAGE 37
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List • Prefix 650 is added to gatekeeper localgk, and priority 0 is assigned to gateway gw1. • A priority 0 is assigned to gateway gw1 to exclude it from the gateway pool for prefix 650. When gw2 registers with gatekeeper localgk, it is added to the gateway pool for each prefix as follows: – For gateway pool for 415, gateway gw2 is set to priority 10. – For gateway pool for 650, gateway gw2 is set to priority 5.
PAGE 38
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List The following is an example of an RRQ notification sent from the gatekeeper to the server when the above trigger condition matches: REQUEST RRQ Version-id:1 From:sj.xyz.com To:Server-123 Notification-Only: Content-Length:89 c=I:172.18.00.00:1720 r=I:172.20.01.
PAGE 39
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List Configuring Gatekeeper Triggers for Interaction with External Applications To establish statically configured triggers on a router, use the following commands beginning in global configuration mode: Command Purpose Step 1 Router(config)# gatekeeper Enters gatekeeper configuration mode.
PAGE 40
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List Step 4 Command Purpose Router(config)# destination-info {e164 | email-id | h323-id} value Configures a trigger that is based on a particular destination. Repeat this command for more destinations. The keywords and arguments are as follows: • e164—Indicates that the destination address is an E.164 address. • email-id—Indicates that the destination address is an e-mail ID.
PAGE 41
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List Step 6 Command Purpose Router(config)# remote-ext-address [e164] value Limits the qualifying messages based on the remote extension address. Repeat this command for more destinations. The keywords and arguments are as follows: • e164—(Optional) Indicates that the remote extension address is an E.164 address. • value—Specifies the value against which to compare the destination address in the RAS messages.
PAGE 42
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List Note To remove a trigger, enter the no server trigger command. To temporarily suspend a trigger, enter the trigger configuration mode, as described in Step 2, and enter the shutdown subcommand. Configuring Inbound or Outbound Gatekeeper Proxied Access By default, a gatekeeper will offer the IP address of the local proxy when queried by a remote gatekeeper (synonymous with remote zone). This is considered proxied access.
PAGE 43
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List Command Purpose • inbound-to—Applies the proxy policy to calls that are inbound to the local zone from a remote zone. Each use-proxy command defines the policy for only one direction. • outbound-from—Applies the proxy policy to calls that are outbound from the local zone to a remote zone. Each use-proxy command defines the policy for only one direction.
PAGE 44
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List Configuring a Forced Disconnect on a Gatekeeper To force a disconnect on a gatekeeper, use the following command in privileged EXEC mode: Command Purpose Router# clear h323 gatekeeper call {all | local-callID local-callID} Forces a disconnect on a specific call or on all calls currently active on this gatekeeper.
PAGE 45
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List Configuring a Proxy Without ASR To start the proxy without application-specific routing (ASR), start the proxy and then define the H.323 name, zone, and QoS parameters on the interface whose IP address the proxy will use. To start the proxy without ASR, use the following commands beginning in global configuration mode: Command Purpose Step 1 Router(config)# proxy h323 Starts the proxy feature.
PAGE 46
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List Command Purpose • :channel-group—Specifies a T1 channel group number in the range 0 to 23 defined with the channel-group controller configuration command. On a dual port card, it is possible to run channelized on one port and primary rate on the other port. Cisco MC3810 specifies the T1/E1 channel group number in the range 0 to 23 defined with the channel-group controller configuration command.
PAGE 47
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List Step 5 Command Purpose Router(config-if)# h323 gatekeeper [id gatekeeper-id] {ipaddr ipaddr [port] | multicast} Specifies the gatekeeper associated with a proxy and controls how the gatekeeper is discovered. The keywords and arguments are as follows: Step 6 Router(config-if)# h323 qos {ip-precedence value | rsvp {controlled-load | guaranteed-qos}} • id gatekeeper-id—(Optional) Specifies the gatekeeper name.
PAGE 48
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List Command Purpose • flow—(Optional) Enables the Route Switch Processor (RSP) to perform flow switching on the interface. • distributed—Enables Versatile Interface Processor (VIP) distributed switching on the interface. This feature can be enabled on Cisco 7500 series routers with RSP and VIP controllers.
PAGE 49
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List Table 26 Interface Type Keywords (continued) Keyword Interface Type tunnel Tunnel interface; a virtual interface. The number is the number of the tunnel interface that you want to create or configure. There is no limit on the number of tunnel interfaces you can create. vg-anylan 100VG-AnyLAN port adapter. Configuring a Proxy with ASR To enable ASR on the proxy, start the proxy and then define the H.
PAGE 50
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List Step 3 Command Purpose Router(config-if)# ip address ip-address mask [secondary] Sets a primary or secondary IP address for an interface. The keywords and arguments are as follows: Step 4 Router(config-if)# h323 interface [port-number] • ip-address—Specifies the IP address. • mask—Specifies the mask for the associated IP subnet.
PAGE 51
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List Step 9 Command Purpose Router(config-if)# h323 asr [bandwidth max-bandwidth] Enables ASR and specifies the maximum bandwidth for a proxy. The keywords and arguments are as follows: • Step 10 Router(config-if)# ip address ip-address mask [secondary] bandwidth max-bandwidth—Specifies the maximum bandwidth on the interface. Value ranges are from 1 to 10,000,000 kbps.
PAGE 52
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List Step 20 Command Purpose Router(config)# access-list access-list-number {permit | deny} source source-mask [destination destination-mask] {eq | neq} [[source-object] [destination-object] [identification] any] Creates an access list. The keywords and arguments are as follows: • access-list-number—Specifies the integer that you choose. The number should be between 300 and 399, and it uniquely identifies the access list.
PAGE 53
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List Command Purpose • destination-object—(Optional) Contains the mandatory keyword dst and one of the following optional keywords: – eq | neq | lt | gt—Specifies equal to, not equal to, less than, or greater than. These keywords must be followed by the argument object-number, a numeric DECnet object number. – exp—Stands for expression; followed by a regular expression that matches a string.
PAGE 54
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List Step 21 Command Purpose Router(config)# interface type number [name-tag] Enters interface configuration mode on an ASR interface. For an explanation of the keywords and arguments, see Step 2 in the configuration task table in the “Configuring a Proxy Without ASR” section on page 333. Step 22 Router(config-if)# ip access-group {access-list-number | access-list-name}{in | out} Controls access to an interface.
PAGE 55
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List Step 3 Command Purpose Router(config-if)# ip address ip-address mask [secondary] Sets a primary or secondary IP address for an interface. The keywords and arguments are as follows: Step 4 Router(config-if)# h323 interface [port-number] • ip-address—Specifies the IP address. • mask—Specifies the mask for the associated IP subnet.
PAGE 56
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Task List Step 9 Command Purpose Router(config-if)# h323 asr [bandwidth max-bandwidth] Enables ASR and specifies the maximum bandwidth for a proxy. The optional max-bandwidth argument specifies the maximum bandwidth on the interface. Value ranges are from 1 to 10,000,000 kbps. If you do not specify max-bandwidth, this value defaults to the bandwidth on the interface.
PAGE 57
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Examples Command Purpose Step 19 Router(config)# network network-number Specifies a list of networks for the Routing Information Protocol (RIP) routing process. The network-number argument should include an ASR interface in an IGRP domain. Step 20 Router(config)# network network-number Specifies a list of networks for the RIP routing process. The network-number argument should include a loopback interface in an IGRP domain.
PAGE 58
Configuring H.323 Gatekeepers and Proxies H.
PAGE 59
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Examples ! Preserve our good QoS by not allowing excessive amounts of H.323 traffic ! on the local network. This restricts the traffic within our zone, ! for both intra-zone and interzone calls, to 2 kbps at any given time. alias static 172.21.127.49 gkid gk-eng.xyz.com terminal h323id joeblow ras 172.21.127.49 1719 ! The “user” has an H.323 terminal, which does not support RAS.
PAGE 60
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Examples Similarly, in ny (New York in the 212 area code), gateways are configured to register with gk-ny as follows: • gw-ny2 configured to register with technology prefix 2# • gw-ny3 configured to register with technology prefix 3# • gw-ny4 configured to register with technology prefix 4# For the gatekeeper for San Jose, the configuration commands are as follows: gatekeeper zone local gk-sj cisco.com zone remote gk-ny cisco.
PAGE 61
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Examples Gatekeeper gk-sj checks for a technology prefix match but does not find one. It then searches for a zone prefix match and fails again. But there is a match for default gateway prefix of 4#, and gw-sj4 is registered with 4#, so the call is routed out on gw-sj4. Configuring HSRP on the Gatekeeper Example This sample configuration uses Ethernet 0 as the HSRP interface on both gatekeepers.
PAGE 62
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Examples Note The no shut command is issued on both gatekeepers, primary and secondary.
PAGE 63
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Examples Enabling the Proxy to Forward H.323 Packets To enable the proxy to forward H.323 packets received from the edge network to the multimedia backbone, designate the interface that connects the proxy to the multimedia backbone to the ASR interface by entering the h323 asr command in interface configuration mode. Enabling the proxy to forward H.323 packets satisfies the first goal identified earlier in this section.
PAGE 64
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Examples Assuming these requirements are met, configure the network illustrated in Figure 62 as follows: • Configure each of the four networks as a separate routing autonomous system and do not redistribute routes between the multimedia backbone and any other autonomous system. • Create a loopback interface on the proxy and configure it to be the proxy interface.
PAGE 65
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Examples interface Ethernet0 ip address 172.20.0.1 255.255.0.0 ! interface Ethernet1 ip address 172.22.0.1 255.255.0.0 ip access-group 101 in ip access-group 101 out h323 asr ! router rip network 172.20.0.0 network 10.0.0.0 ! router igrp 4000 network 172.22.0.0 network 10.0.0.0 ! access-list 101 permit ip any host 10.0.0.0 access-list 101 permit ip host 10.0.0.
PAGE 66
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Examples Co-Edge Proxy with Subnetting Example Figure 64 and the examples that follow illustrate how to configure Enhanced IGRP on all networks. Figure 64 Sample Configuration with Subnetting E1: 172.21.2.2 E1: 172.21.2.1 L0: 172.21.20.1 L0: 172.21.10.1 E0: 172.21.0.1 Multimedia backbone PX1 E0: 172.21.3.1 PX2 EP1 Edge net 2 Edge net 1 EP2 R2 R1 172.21.3.2 Data backbone E2: 172.21.1.2 E1: 172.21.1.
PAGE 67
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Examples access-list access-list access-list access-list access-list 11 deny 172.21.0.0 0.0.0.63 11 permit any 101 permit ip any host 172.21.10.1 101 permit ip host 172.21.10.1 any 101 permit eigrp any any R1 Configuration The following output is for the R1 configuration: ! interface Ethernet0 ip address 172.21.0.2 255.255.255.192 ! interface Ethernet1 ip address 172.21.1.1 255.255.255.
PAGE 68
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Examples Configuring an Inside-Edge Proxy with ASR Without Subnetting Example The configuration of the co-edge proxy in Edge net 1 has already been presented above. Figure 65 illustrates the configuration of the inside-edge proxy PX2 and edge router R2 of Edge net 2. RIP is used on the edge networks. IGRP is used on the data backbone and the multimedia backbone. Figure 65 Edge Net 2 with Inside-Edge Proxy and No Subnetting E1: 172.
PAGE 69
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Examples ip access-group 101 in ip access-group 101 out ! interface Ethernet2 ip address 172.21.0.2 255.255.0.0 ! interface Serial0 ip address 10.0.0.1 255.0.0.0 ! router rip redistribute igrp 5000 metric 1 network 172.23.0.0 ! router igrp 4000 network 10.0.0.0 network 172.22.0.0 ! router igrp 5000 redistribute rip metric 10000 10 255 255 65535 network 172.21.0.0 distribute-list 10 out ! ip route 10.0.0.2 255.255.255.
PAGE 70
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Examples PX1 Configuration The following output is for the PX1 configuration: ! version 11.3 no service password-encryption service tcp-small-servers ! hostname ExampleProxy ! no ip domain-lookup ! proxy h323 ! interface Ethernet0 ip address 172.21.127.38 255.255.255.192 no ip redirects ip rsvp bandwidth 7000 7000 ip route-cache same-interface fair-queue 64 256 1000 h323 interface h323 qos rsvp controlled-load h323 h323-id px1@zone1.
PAGE 71
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Examples Configuring a Closed Co-Edge Proxy with ASR Without Subnetting Example Figure 67 illustrates how to configure RIP on the edge networks and IGRP on the two backbone networks. A Cisco 2500 router is used for the proxy. Figure 67 Configuring a Closed Co-Edge Proxy with ASR L0: 101.0.0.1 E0: 172.20.0.1 EP1 PX1 E0: 172.20.0.3 Edge net 1 R1 E1: 172.21.0.1 Multimedia backbone GK1 Data backbone 11394 E0: 172.20.0.
PAGE 72
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Examples network 172.20.0.0 network 10.0.0.0 ! router igrp 4000 network 172.22.0.0 network 101.0.0.0 ! ip classless access-list 101 permit ip any host 10.0.0.1 access-list 101 permit ip host 10.0.0.
PAGE 73
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Examples A priority 0 is assigned to gateway gw1 to exclude it from the gateway pool for prefix 650........ When gateway gw2 registers with gatekeeper localgk, it is added to the gateway pool for each prefix as follows: • For gateway pool for 415......., gateway gw2 is set to priority 10. • For gateway pool for 650......., gateway gw2 is set to priority 5. To change gateway gw2 from priority 10 for zone 415.......
PAGE 74
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Examples Removing a Proxy Example The following example shows how to remove one or more proxy statements for the remote zone germany.xyz.com from the proxy configuration list: no use-proxy sj.xyz.com remote-zone germany.xyz.com The command removes all special proxy configurations for the remote zone germany.xyz.com. After the command is entered like this, all calls between the local zone (sj.xyz.com) and germany.xyz.
PAGE 75
Configuring H.323 Gatekeepers and Proxies H.323 Gatekeeper Configuration Examples GKTMP and RAS Messages Example The following is an example of a gatekeeper that has interaction with external applications. The registration message from Server-123 establishes a connection with gatekeeper sj.xyz.com on port 20000. Server-123 sends a REGISTER RRQ message to gatekeeper sj.xyz.com to express interest in all RRQs from voice gateways that support a technology prefix of 1# or 2#.
PAGE 76
Configuring H.323 Gatekeepers and Proxies H.