Cisco IPT + Routing @ Home – BETA

Work In Progress.

This is a Non CCIE ZoneThis is not written for people studying their CCNA/CCIE for VOIP or whatever. It’s for the phone guy/girl who wants to get their hands on a Cisco Router and enabling VOIP and do data routing too. Or the data guy/gal who doesn’t get how to make a phone call because s/he doesn’t use the phone to talk to many people as they just hide in their cubicles! Opps, sorry I think I offended you,

You may want to join the bandwagon of using Cisco’s IP Telephony/Unified Communications solution for your home. Perhaps your Avaya TDM system died or you bricked some other system. You may need to practice using a Cisco environment because your company may be the next target “all the way” with Cisco solutions.

Here I’ll walk you through how to have a network be setup for a local area network (LAN), tie the wide area network (WAN) and retain reliability for VOIP.

The requirements (if you do not have it already)

  • A Cisco router such as a 1760, a 1811, a 28xx series, or a current router that supports for a small environment.
  • An Ethernet switch such as a Cisco Catalyst Express, a traditional Catalyst, or a Netgear or Nortel/Avaya or equivalent thereof. Be sure to get one with managed switching with a Layer 2, if you’re lucky to get Layer 3, this gets pretty awesome because you can turn your switch into a LAN router. Layer 2 supports things like VLANs, which carves out a switch into mutliple different hubs without needing an external one!
  • Compatible Cisco IP Phones, I’d go for the 79×1 series, because a) its much easier to troubleshoot, b) no worries about screen burn in unlike the original series and c) it supports native POE, which makes life easier if you have non Cisco inline power switches
  • One of the many mistakes in implementing a converged Cisco IPT with older hardware with newer Internet services, is they use both a Linksys or Netgear router with the existing Cisco router. YOU can actually use one of those cheap Linksys routers if you can’t afford the highly expensive ASA or other Cisco firewalls. Most enterprise environments use a “firewall” device to connect to the internet known as a WAN. In fact such configuration is “normal”
  • If you have a copy of Windows Server 2000, 2003 or 2008 or 2012, you are going to use this for the DHCP server and a TFTP server. Treat this as a secured application server whether or not it’s still supported by Microsoft. Personally, I prefer a Graphical User Interface (GUI) because I like to see things visually organized and save the hassle of entering in commands perfectly in the IOS or other NOS routers. And many VOIP phones take DHCP in different ways, and Windows can actually be the only best gateway to give any type of VOIP set that needed IP address.

Because older Cisco routers can’t handle the lighting fast internet speeds such as Comcast, Verizon and others, the fastest Ethernet based cable/broadband connection would max at 10mbps if you used a Cisco Wide Interface Card or WIC. While this would be acceptable 5 years ago, well many are now getting up to 50mbps down, and 15 up, so this leaves you to have to use a newer firewall or get your Linksys, Netgear or WRT-hacked router to serve as the firewall to handle that speed and not loose the modern quality. And it’s good security sense

How my network works:

I have a LAN, for intranet use on 192.168.0.1 with a subnet of 255.255.255.0

My local DNS server (a domain controller) is 192.168.1.10

My default-gateway set on the Cisco Router is going to forward this to 192.168.1.5

In order for me to access wordpress.com, or twitter.com, the DNS for the WAN will be the same 192.168.1.5, because in turn the firewall will then at that point forward that to my Comcast DNS addresses, as setup on my firewall.

The best way to setup a Cisco router is to have it fully defaulted. I won’t discuss defaulting the router on this venue, but there are sites out there that can explain that. You’ll need a serial connection in order to the initial provisioning of the router.

The default serial connection should be 9600/8/none/1/none

Cisco will instruct you to use HyperTerminal, if I were you, I’d go for PUTTY, a link can be accessed here, go to the Download link find the stable version and ensure you install it with an administrator account. By the way, Windows is recommended, Linux or Macs could bring unpredictable results in terms of serial access or support for terminals to access in serial or what have you.

Initial Router Configuration

To setup enter into enable mode, by typing enable at the prompt and press Enter (because this emulates a terminal they call this “Return” – the former title will be just fine to press).

If you get this on your screen, then type what you see in bold and press Enter

Router#setup

The following screen appears, follow the boldface

         --- System Configuration Dialog ---
Continue with configuration dialog? [yes/no]: yes
At any point you may enter a question mark '?' for help. 
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.
Basic management setup configures only enough connectivity 
for management of the system, extended setup will ask you to
 configure each interface on the system
Would you like to enter basic management setup? [yes/no]:

Type “y” (then Enter)

Configuring global parameters:
  Enter host name:


We’ll use “
Cisco1760″ then Enter again

Then the prompt will ask you to enter in a password that will be encrypted and you won’t see this password in any of the dumps (like show config) the boldface will be used as an example

The enable secret is a password used to protect access to
  privileged EXEC and configuration modes. This password, after entered, becomes encrypted in the configuration.
  Enter enable secret:

Alyss@Mil@no!$ahott!etfor42 (then return)

Again, your crush with Alyssa Milano will be kept in secret and won’t be shared in any show configs – at least on the customer level!

The next screen shows the enable password that typically follows after initial login on say Telnet after you type enable. This password can be stored on the config dump, so my superiors may know I have a crush on CharliXCX.

The enable password is used when you do not specify an enable 
secret password, with some older software versions, and some boot images.
  Enter enable password:

I<3CharliXCX (Then press Enter)

Both the virtual terminal password and the enable password is sent in the clear, so its not fully secure, for a home setting, I’d just use the same password as above and hit return..

The virtual terminal password is used to protect access to the
 router over a network interface.
  Enter virtual terminal password:

 I<3CharliXCX

Say yes to the following, if you got an SNMP Network Management system, I presently don’t, but hopefully get something running sooner rather than later.

  Configure SNMP Network Management? [no]:

The next screen shows the interfaces (what connects the router to the inside or outside world.) Typically many beginners to Cisco’s routing with VOIP will start with the FastEthernet0/0. For the Cisco 1760 (in this exercise), there is only one port. Slashes refer to slot number, then port number. For the 1760, there are two slots for two types of cards, Wide Interface Cards (WICs) and Voice Interface Cards (VICs) see the question below

Current interface summary
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            192.168.1.1     YES NVRAM  up                    up      
BRI0/0                     unassigned      YES NVRAM  administratively down down    
BRI0/0:1                   unassigned      YES unset  administratively down down    
BRI0/0:2                   unassigned      YES unset  administratively down down    
Serial1/0                  unassigned      YES unset  administratively down down    
NVI0                       unassigned      YES unset  administratively down down    

BRI 0/0 means its on Slot 0, the port (jack) on the card is the following 0.

We are going to configure just the FastEthernet, type in FastEthernet0/0 exactly then Enter

Follow the boldface instructions as you see the questions appear. After answering, press Enter

Configuring interface FastEthernet0/0:
Use the 100 Base-TX (RJ-45) connector? yes
Operate in full-duplex mode? [no]: yes
Configure IP on this interface? yes
IP address for this interface: 192.168.1.1
Subnet mask for this interface: 255.255.255.0

The router then makes a statement based on your answers

Class C network is 192.168.1.0, 24 subnet bits; mask is /24

The following configuration command script was created:

hostname Cisco1760
enable secret
enable password I<3CharliXCX
line vty 0 4
password I<3CharliXCX
no snmp-server
!
no ip routing
!
interface FastEthernet0/0
no shutdown
media-type 100BaseX
full-duplex
ip address 192.168.1.1 255.255.255.0
!
interface Serial1/0
shutdown
no ip address
!
end
[0] Go to the IOS command prompt without saving this config.
[1] Return back to the setup without saving this config.
[2] Save this configuration to nvram and exit.

Type “2” and Return, the router won’t reboot

Enter your selection: 2

 Configuring telephony-service

The Cisco CallManager Express is a very stripped down version of the CallManager/whatever it’s current name is, residing in a special flash chip space in the IOS router. Your next step is to enable the telephony-service, but before that you’ll need to go through a setup wizard.

To do this, log into your router (whether its your serial, or preferbaly your Telnet session and go into enable mode, enter in the example, I<3CharliXCX) and move on by typing the boldface command

Cisco1760# config t

this enters you into a “Global config setup”

Cisco1760# (conf) telephony-service setup

If you get an error message such as it’s already running then type no telephony-service and it will disable it. Cisco warns you to enable telephony-service before you add trunks, as weird as it is.

On to the prompts:

Do you want to setup DHCP service for your IP phones? [yes/no]: no

If you are going to use an external DHCP server, then say no. (Oh and you’ll need to tell the router to redirect DHCP requests for both your phones and PCs, more on that in the Router config.)

The boldface are for examples, use appropriate settings as you wish

Do you want to start telephony-service setup? Yes

Enter the IP source address for Cisco CallManager Express: 192.168.1.1

Enter the Skinny Port for Cisco CallManager Express:  [2000]: (leave this at the default, this is a known Internet port for Cisco IPT)

How many IP phones do you want to configure : [0]: 5
(lets assume you have 2 7960s, a 7961, and 2 7911s)

Do you want dual-line extensions assigned to phones? [yes for dual-line / no for single-line]: yes

because you paid a lot for multi line telephones, and using the single line is well…

What language do you want on IP phones? 0


(use a different number if you are reading this through Google Translate)

Which Call Progress tone set do you want on IP phones :

0
(use a different number if you are reading this through Google Translate)

What is the first extension number you want to configure :[0]: 2100

Do you have Direct-Inward-Dial service for all your phones? [yes/no]: no

since this typically will be in a home, non digital environment

Do you want to forward calls to a voice message service? [yes/no]: no

(For this exercise, I’m going to say no only because my system doesn’t have Cisco Unity Express and there are third party SIP forwarding abilities, but SIP goes beyond the scope of this post.)

Do you wish to change any of the above information? [yes/no]: no

and the service will load and save the settings. Always do reload prior to logging off and say yes to save changes, but don’t reboot unless you’re told to do so.

Configuring the Router’s Internet settings

In this case, because the Cisco router won’t be exposed to the Internet directly, this will save you from being exposed to the outside world, doesn’t guarantee you, but hey – it’s better than being totally insecure.

The easiest way (the less hair pulling, the better) is to have a Windows DHCP server direct you to the firewall (or that cheap Linksys or Netgear router’s) IP address. What the Cisco router does is just forwards requests off the router to another part of the network

You’ll need to tell the router do this redirection called the ip-helper command.

Follow the boldface commands as an example, at the end of each paragraph, press Enter

Cisco1760> enable

Cisco1760# config t

Cisco1760 (config)# interface fastethernet0/0

Cisco1760(config-if)

(Notice how the config has a suffix – this reminds you what prompt level you’re in when in config mode.)

Continue with:

Cisco1760(config-if) ip helper-address 192.168.1.10

(The IP address that using Windows’ DHCP services)

 

Using Microsoft Windows’ DHCP Services to give Cisco sets an IP address automaticlly

As mentioned earlier, the various phones that connect to the network differently to get an IP address automatically. Mitel polls the DHCP much differently than say Avaya. Cisco uses Option 150 to provision IP addresses.