Professional Documents
Culture Documents
s a
) h a
i l ฺ com
Oracle SBCoRel t ma6 Config i d eฺ and
Admino(Onsite)
@ h t Gu
r a v uden
a e lc Guide
Activity S t
r a ph e this
o ( us
a v t o
e l cr nse
p h a lice (EDU-CAB-C-CLI – Rev 06.j)
o ra ble
c r av sfera
h a el tran
p -
Ra non
D81945GC10
Edition 1.0
November 2013
D84217
Copyright © 2011, 2013, Oracle and/or its affiliates. All rights reserved.
Disclaimer
This document contains proprietary information and is protected by copyright and other intellectual property laws.
You may copy and print this document solely for your own use in an Oracle training course. The document may not
be modified or altered in any way. Except where your use constitutes "fair use" under copyright law, you may not use,
share, download, upload, copy, print, display, perform, reproduce, publish, license, post, transmit, or distribute this
document in whole or in part without the express authorization of Oracle.
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
The information contained in this document is subject to change without notice. If you find any problems in the
document, please report them in writing to: Oracle University, 500 Oracle Parkway, Redwood Shores, California
94065 USA. This document is not warranted to be error-free.
This training manual may include references to materials, offerings, or products that were previously offered by
Acme Packet, Inc. Certain materials, offerings, services, or products may no longer be offered or provided. Oracle
and its affiliates cannot be held responsible for any such references should they appear in the text provided.
If this documentation is delivered to the United States Government or anyone using the documentation on behalf of
s a
the United States Government, the following notice is applicable:
) h a
com
U.S. GOVERNMENT RIGHTS
i l
a deฺฺ
The U.S. Government’s rights to use, modify, reproduce, release, perform, display, or disclose these training
materials are restricted by the terms of the applicable Oracle license agreement and/or the applicable U.S.
Government contract.
t m
o Gui
h
@ ent
Trademark Notice
v o
l cra Stud
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their
e
respective owners.
p h a this
o (ra use
l c rav se to
p h ae licen
o ra ble
c r av sfera
h a el tran
p -
Ra non
Course Overview
This course provides technical network professionals with the skills needed to successfully configure the Net-
Net Session Director (SD) in both peering and access environments. This course covers the fundamentals of
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
SIP and H.323 as well as system and protocol-specific configuration of the Net-Net SD. The contents
addressed in the course apply equally to both service provider and enterprise deployments.
Further, this course includes administration of the Net-Net SD, in the form of configuration management
(backups, restores, and revision control). This course consists of lecture, discussion and significant hands-on
labs.
Intended Audience
This course is intended for individuals who will be responsible for hands-on tasks with Acme Packet Net-Net
SD series running Net-Net OS version 6.x, including implementing best current practice base configurations.
s a
) h a
com
Prerequisites
Experience with and knowledge of IP and VoIP concepts and operations. i
a deฺl ฺ
t m
o Gui
Course Agenda h
@ ent
v o
Module 0 [intr]- Course Overview
l c ra Stud
h e
o This module introduces students to theacourse contents
is and objectives
p t h
Module 1 [isbc] – Introduction to the
o (raSessionu s e Controller (SBC)
Border
v include:to
rabasic
o Student leaning objectives
Describelc
e the
n e of a SBC
sfunctions
p a
h the lhardware
Identify the e
c interfaces
components
i of the Net-Net OS
o ra Locate
b l e on the Net-Net SD
c r
Moduleav 2 [initc]
s f e r–aInitial Configuration
h a el otraStudent
n leaning objectives include being able to explain:
a p o n - The access modes and ACLI
R n
The boot parameters and the effect of changing them.
Configuration concepts, configuration tree,
and the best practice configuration methods
Configuration versions
o Student performance objectives include:
Connect to the Net-Net Session Director (Net-Net SD)
Navigate the Net-Net SD ACLI
View, save, and activate configurations
Configure boot parameters
Reboot the Net-Net SD
Reset the Net-Net SD to factory defaults
View configuration elements
Configure Net-Net SD elements and sub-elements
Copyright © 2011 Acme Packet, Inc. Net-Net 3000/4000 Configuration Basics • iii
Edit a configuration element
Delete a configuration element
l c r s f eConfigure a Steering
SIP Interface
rules (HMR)
Explain the single SIP-NAT homed in a access network (SSNHAN) model
Explain hosted NAT traversal (HNT)
Explain media latching
Explain registration caching
o Student performance objectives include:
Configure the PBRB model
Using IP addressing on your end stations
Arial Lab instructions and descriptive text. Enter Superuser mode and determine what
commands are available in this mode.
Courier New Acme command line interface out-put. The system prompt for User mode is
training>.
Courier New Bold Acme command line interface input. Use the show ? command to determine
which show commands are available in
User mode.
s a
) h a
i l ฺ com
t m a deฺ
Additional Information
h o Gui
v o @ ent
Training Offerings
l a tud
crdates,
a e
You can obtain information on the latest training offerings, course
i s S class locations from the World
and
h
ap se t
Wide Web by pointing your Web browser to: www.acmepacket.com/training.h
( r
Certification Program
r a vo to u
You can obtain information on the e lc Packet
Acme
n e Certification Program from the World Wide Web
sTechnical
by pointing your Web browserh a
p le lic
to: e
www.acmepacket.com/certification.
r a
a vo ferab
About This Publication
r
a e l c is written
This document
a n sand maintained by Acme Packet Training Department. Please email questions and
p h
suggestions for
n - t r
improvement to training@acmepacket.com.
Ra no
Technical Publications
Acme Packet is committed to providing our customers with reliable technical documentation.
The Acme Packet Documentation Set is currently available on CD, via our customer portal or on our support
website.
• One Acme Packet Documentation Set CD and one Acme Packet Hardware Installation guide is
included in the accessory kit that is shipped with each Net-Net system.
• Customers can also access the Acme Packet Documentation Set via the customer portal. To
access technical documentation via the customer portal you must contact your Acme Packet
customer support representative directly or email support@acmepacket.com to obtain a login.
single Net-Net SD
ble
fe r a
ans
- t r
SD s a n o n
) ha
c o m
wancom0 ail ฺ ฺ
t m i d e
ho t Gu
10.0.3.11
@
r a vo uden
a e lc S t
ph e thi
Hub/Switch s
( r a s
v o o u
e l cra nse t
p h a lice
o ra
c r av
a el
Raph
10.0.3.1 10.0.3.2 10.0.3.3 10.0.3.4 10.0.3.5 10.0.3.6 10.0.3.7 10.0.3.8
student1 student2 student3 student4 student5 student6 student7 student8
Available only at Acme Packet
Bedford, MA Training Center
Overview
This lab introduces you to the Acme Command Line Interface (ACLI). The instructions
use a step-by-step approach that guides you through each part of the exercises. There
are also questions for you to answer to re-enforce the knowledge and skills you have
gained from the lecture and the hands-on practices.
The exercises in this lab involve the following tasks. You will perform some tasks and the
s a
instructor will demonstrate other tasks that can only be performed by a person at a time.
• Log into the Net-Net Session Director (Net-Net SD) ) h a
• Explore the ACLI hierarchy
• Use ACLI shortcuts and usability features i l ฺ com
• Verify existing configuration elements t m a deฺ
• Revise the boot parameters h o Gui
o @ ent
• Reset the Net-Net Session Director (Net-Net SD) to factory default
v
• Create a global configuration element
e l cra Stud
p h a this
Table of Exercises: a se
(rSD
Exercise 1: Accessing the Net-Net
a o o u
vwith ACLIt............................................................................ 2
l
Exercise 2: Getting Familiarr
cthe Net-Net
s eSD (Demo) ............................................................... 64
Commands ........................................................
e
ha on lthe n
Exercise 3: Rebooting
Exercise 4: p
a Working i ceBoot Parameters (Demo) .................................................... 7
Exerciseo r Accessing
5: b le the Global Settings ...................................................................... 9
v a
r a Configuration Element (Demo).................................................. 10
ra 6:7:sfeDeleting
Exercise
l c
e Exercise
Exercise n8: Creating thethesystem-config
Resetting Net-Net SD to Factory Defaults (Demo)............................... 11
h a - t r a Element (Demo)........................................ 12
p n
Ra no
In this exercise, you will telnet into your assigned Net-Net SD and navigate through the ACLI
hierarchy between the User mode, the Superuser mode, and the Configuration mode.
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
2. Open a Telnet connection through the wancom0 port of your Net-Net SD.
Once the Telnet connection to the Net-Net SD is successful, a password prompt should
s a
appear.
) h a
l ฺ com
If you are not sure how to use PuTTY or cannot connect to the Net-Net SD,
i
please ask your instructor for assistance.
t m a deฺ
h o Gui
v o
3. At the password prompt, enter the default User mode password@ acme. e n t
e l cra Stud
Password: acme
training> p h a this
a se
(rSD
v o anduare in the User mode.
o
a
Now you have logged in the Net-Net
r
lc nse t
a e
a p h
Examine the prompt.
l i ce
o r is the prompt
• What b le for the User mode?
v
ra• Whatspart
f a
erof the prompt indicates the target name of this Net-Net SD?
l c
p h ae -tran
Ra non • What part of the prompt indicates that you are currently in User mode?
Step 2: Entering the Superuser Mode
1. At the User mode prompt, issue the command enable.
training> enable
2. At the password prompt, enter packet. This is the default password for the Superuser.
Now you are in the Superuser mode.
password: packet
training#
• What part of the prompt indicates that you are in the Superuser mode?
training# exit
training>
The exit command allows you to return to the previous level in the ACLI hierarchy.
Examine the prompt and ensure that you are back in the User mode.
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
@ ent
• Did you need a password to enter the Configuration mode?
h
v o
e l cra mode
• How do you know that you are in the Configuration
S
d
tunow?
p h a this
3. Return to the Superuser mode.
o (ra use
rav that
Examine the prompt and ensure
l c eyoutoare back in the Superuser mode.
h a e
mode. ice
ns
r a p le l
4. Return to the User
a
Examine
r aband ensure that you are back to the User mode.
vo thefeprompt
r
a e l c ans
p h n - tr your instructor that you have completed this exercise. The scenarios
Tell
Ra no and answers will be discussed in class as a group.
In this exercise, you will use the context-sensitive help to familiarize yourself with various ACLI
commands, issue some commands in the User or Superuser mode to view the Net-Net SD
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
2. Issue the context-sensitive help command ? (question mark) to display a list of available
ACLI commands. Note that ? is not echoed on the screen.
s a
Examine the list of the ACLI commands and the descriptions of the commands.
) h a
3. Issue the other context-sensitive help command <TAB> (the <TAB> key). Note that the
i l ฺ com
<TAB> key is not echoed on the screen either.
t m a deฺ
Examine the list of the ACLI commands. h o Gui
v o @ ent
l c ra Sthelp
• What is the difference between the two context-sensitive
u d commands?
h a ein the listisfor configuration and why?
( r ap se th
• Can you use any of the ACLI commands
• Are the ACLI commands available in the User mode also available in the Superuser
mode? Write down a couple of ACLI commands available in both modes.
• Are the outputs of an ACLI command available in both modes the same? You will
find out in the next step.
1. Issue the command show ? to display the available arguments of the show command.
• View the list of the arguments and descriptions. You will use the help for the next
few activities.
2. Based on the help information, issue the appropriate show command to view user logins.
You should get a list of users who are currently logged in.
3. Open another Telnet session. Now you have two Telnet sessions open.
a. Enter the User mode in one session, and Superuser mode in the other.
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
b. Issue the show command to display the current user logins in both modes.
• How do you know which mode (i.e. User or Superuser mode) each user login is in?
4. Issue appropriate show commands to view the following information of your Net-Net SD.
Record the show commands you use and examine the output information.
s a
) h a
com
• System health information, system uptime, and system version information
• Host table
i l
a deฺ ฺ
• Currently enabled features in the Net-Net SD m
• Active processes running on the Net-Net SD h t
o Gui
v o @ ent
• Prom information (Note that if you keep getting command errors, issue
show prom-info ? for help.)
e l cra Stud
As you may have discovered, the show command
p h a isthavailable
is in both User and
( r a e
us
Superuser mode.
a v o t o
• If you issue some c r
l commands s eboth User and Superuser modes, are the outputs
in
the same? ae n
a p h l i ce
o r b le
r v
a approaches
When
e
issuing
f r a
the commands, try the following convenient approaches.
e l c These n s can be used at any level of the ACLI.
a r a
a ph on-t
R n • Do not need to type full command/argument. You can type a partial
command/argument and use the <TAB> key to auto complete the rest.
• Use the shortest or abbreviated form of commands and arguments.
• Use the command history buffer to recall the last show command. Modify that
command to form a new command.
Tell your instructor that you have completed this exercise. The scenarios
and answers will be discussed in class as a group.
The instructor will demonstrate how to perform the tasks in this exercise
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
In this exercise, you will practice rebooting the Net-Net SD. In order to monitor the boot process,
you connect to the Net-Net SD via serial connection, instead of Telnet.
s a
2. Enter the Superuser mode.
) h a
Step 2: Rebooting the Net-Net SD
i l ฺ com
t m a deฺ
o Gui
1. Issue the following command and answer y to reboot the Net-Net SD.
h
training# reboot
v o @ ent
------------------------------------ ra
e l cSD! Stud
WARNING: you are about to reboot the
------------------------------------
p h a this
Reboot this SD [y/n]?: y (ra e
o u s
l avNet-Net
Watch the boot process.cIfrthe e to boots successfully, the password prompt
SD
should appear. ae
h c e ns
r a p le li
o youracan
Alternatively,
a v b issue the command reboot force to reboot without questions.
e l cr nsfe
h a t r a
If rebooting
- your Net-Net SD in the Telnet session, you lose the Telnet
p
Ra non
connection as soon as you issue the reboot command.
End of demonstration.
The instructor will demonstrate how to perform the tasks in this exercise
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
In this exercise, you will examine the boot parameters, make changes, observe the results and
restore the original parameter.
a
• What is the value ofrthe
o name
vtarget t o u
a e lc nse and what is it for?
• What is p
a the ceboot file and what is it for?
hname oflithe
o r b le
v
a image
rThe f a
efiler name may vary from /tffs0/nnC600p8trn.gz based on the
l c n s
p h ae -OStraversion.
Ra non
Step 2: Modifying the Boot Parameters
1. Access the boot parameters again.
2. Change the value of the target name to a new value, such as acmepacket.
a. Change the value of a boot parameter by simply typing the new value at the end
of the line and press <Enter>, for example:
b. View the boot parameters and ensure that the target name has its new value.
• Did the prompt name change to your new target name? Why?
• How should you connect to the Net-Net SD in order to see the boot
process?
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
• After the Net-Net SD reboots, is the prompt name your new target name?
Why?
• Can the Net-Net SD reboot and what information does the Net-Net SD give
s a
you?
) h a
• Can you recover from this error?
i l ฺ com
t m a deฺ
4. Change the boot parameters to their original values.
h o Gui
v o @ ent
cra Stud
a. Fix the boot file name error.
e l
a tvalue:
h
b. Change the target name back to its original
p h is training#
(where #=student#).
o (ra use
c. Reboot the Net-Net v Your Net-Net
raSD. to SD should now reboot successfully.
l c e
nsand it should be training# ( # is your student
e the prompt,
h a
pnumber).le li
• Examine c e
r a
r a vo ferab
a e l c End a n sdemonstration.
of
ph on-t r
R a n
In this exercise, you will access the global settings and examine the existing configurations. The
Net-Net SD group global settings are within a single-instance configuration element called the
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
system-config. The instructor previously loaded the configuration to the Net-Net SD.
a e element.
p e this
h
2. Examine the configuration of the system-config
r a
o ( location
• What are the hostname,vdescription, us parameters for?
a
cr nissassigned t o
e to the system?
a e l
• What mib-system-name
ph le lic e
r
oSNMPa b to iscreate
r a v f e r a
This parameter used in conjunction with the target name by the Net-Net SD
• What levels are the system and process logs set to?
Tell your instructor that you have completed this exercise. The scenarios
and answers will be discussed in class as a group.
The instructor will demonstrate how to perform the tasks in this exercise
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
In this exercise, you will practice deleting a configuration element. You can delete any currently
configured element. This exercise instructs you to delete a single-instance element: the system-
config element.
1. In the Configuration mode, navigate to the system-config element. The ACLI path is
s a
system>system-config.
) h a
2. Issue the no command to remove the element.
i l ฺ com
Do not need the done command when deleting an element.
t m a deฺ
training(system-config)# no h o Gui
training(system-config)#
v o @ ent
ra Stud
Step 2: Verifying the Element Removal aelc
r a p h
e t his
1. In the Superuser mode, issue the show
o ( configuration
u sindeed removed.
command to examine the
v
ra se t
configuration so as to verify that o
the element is
training# showae
l c
p h c en
configuration
l i
o rathe system-config
•vDoes b le
r a f e r a element still exist in the configurations?
a e l c aIf nyousdid not successfully remove the element, repeat the steps and ensure you
p h n - tr are not missing any of the steps.
Ra no
Configuration changes must be saved and activated for them to take effect. If
the Net-Net SD is rebooted right now, configuration changes will be lost.
Saving and activating configurations will be discussed in the next module.
End of demonstration.
The instructor will demonstrate how to perform the tasks in this exercise
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
In this exercise, you will reset the Net-Net SD configurations back to its factory defaults.
training# delete-config
s a
This command removes all the current configurations on the Net-Net SD and restores theha
factory default configurations. m )
o
a ilฺc eฺ
otm Guid
2. Reboot the Net-Net SD for the changes to take effect.
h a el tr•aDoes n resetting the Net-Net SD to factory defaults affect the boot parameters?
p -
Ra non
End of demonstration.
In this exercise, you will create a single-instance element: the system-config element, and
activate your new configuration on the Net-Net SD. In the exercises of later modules, you will
create multiple-instance elements.
1. Enter the Configuration mode. Use the content-sensitive help to see what commands are
available.
s a
2. Navigate to the system-config element. The ACLI path is system>system-config. ) h a
o m
training(configure)# system
a ilฺc eฺ
otm Guid
training(system)# system-config
h
@ ent
Alternatively, you can issue the following command:
v o
training(configure)# system system-config
e l cra Stud
p h a this
• How do you know that you arerinathe system e element or the system-config
o ( u s
rav se to
element?
a e l c ans Parameters
p h - t r Values
Ra non description
hostname Training
“CAB-C_v6_date YYYY-MM-DD”
location Name of the training room
mib-system-contact Student
mib-system-name Acmelab
mib-system-location Burlington,MA
default-gateway 10.0.3.99
telnet-timeout 3600
console-timeout 3600
If you are not sure how to create the element, review the following commands:
2. Issue the show command to view the system-config element that you just created.
training(system-config)# show
3. Issue the done command to save the configurations after you are done.
If you do not issue done, the configurations will not be saved once you exit the element.
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
If you did not issue the done command before issuing the exit command, a prompt
Save Changes [y/n]? appears. Enter y to save, n to not save the changes.
training# save-config
training# activate-config
training# backup-config student_initc.gz
It is important that this configuration and others that follow are saved and
backed up as they will be the basis for defining successful completion of
this course.
End of demonstration.
s a
) h a
i l ฺ com
t m a deฺ
h o Gui
v o @ ent
e l cra Stud
p h a this
o (ra use
l c rav se to
p h ae licen
o ra ble
c r av sfera
h a el tran
p -
Ra non
single SD
ble
fe r a
ans
SD a n o n - t r
has
m )
wancom0
l ฺ c o
10.0.3.11 mai e ฺ
t
ho t Gu i d
@
vo uden
r a
Hub/Switch elc S t
a
ph e thi s
( r a s
v o o u
e l cra nse t
p h a lice
o ra
c r av
a el
Raph
10.0.3.1 10.0.3.2 10.0.3.3 10.0.3.4 10.0.3.5 10.0.3.6 10.0.3.7 10.0.3.8
student1 student2 student3 student4 student5 student6 student7 student8
Available only at Acme Packet
Bedford, MA Training Center
ble
fe r a
ans
n - t r
no
s a
) ha
c o m
a ฺ
il eฺ
m
ot Guid
h
a v o@ dent
e l cr Stu
p h a this
o (ra use
l c rav se to
h a e en
rap lic
avo
l c r
a e
Raph
Overview
The exercises in the pint Lab require that you configure layer 2 and layer3 related
multiple-instance elements phy-interface and network-interface on the Net-Net
SD. The configuration of phy-interfaces defines the characteristics of the internet
facing and core network facing layer2 interfaces. The configuration of network-
interfaces defines the layer3 characteristics of the associated network interfaces.
( r apfor Management
Exercise 2: Provisioning Network Interfaces t Access ................................. 46
...................................................................
e
o to us
Exercise 3: Configuring Media Interface
Exercise 4: Creating VLANsv............................................................................................
a 9
l c r e
h a e ens
r a p le lic
r a vo ferab
a e l c ans
p h n - tr
Ra no
2. Examine the running configuration and verify that the system-config element
exists.
a h
p1 lM00Name
li c Slot Port Name Slot Port
o r
Student
b e 0 0 M00 0 0
r v
a Student
Student
f e2 a
r M01M10 1 0 M10 1 0
e l c n s 3 0 1 M01 0 1
h a - r a
t Student 5 M02
Student 4 M11 1 1 M11 1 1
p n
Ra no Student 6 M12
0
1
2
2
S00
S10
0
1
0
0
Student 7 M03 0 3 S01 0 1
Student 8 M13 1 3 S11 1 1
If a single Net-Net SD 3800 or 4500 is used for the lab exercises, student 1-4
will name their physical interfaces Mxy, and student 5-8 will name their
physical interfaces Sxy (x is the slot number, and y is the port number). This
is because only 4 physical ports are present on each of these platforms.
b. Use the following data for the name and operation-type parameters. In the
value of the name parameter, x is the slot number, and y is the port number.
Parameter Value
name Mxy (or Sxy)
operation-type media
If you are not sure how to create the physical interface, review the following example:
1. View the phy-interface element that you just created in the configuration mode.
If you are not sure how to perform the task, review the following commands.
s a
) h a
com
training(phy-interface)# select
<name>:
1: M00 i
a deฺl ฺ
2: M10 t m
o Gui
… …
@ enth
v o
selection: 1
e l cra Stud
training(phy-interface)# show
p h a this
Because the phy-interface element
o (ra isuasmultiple-instance
e element, the select
command outputs a list of v o
have configured twolc ra se t instances, two instances of the element
the instances of the element in the configuration. Since you
be in the list.hae
phy-interface should
e n
r a p le lic
r
To
a vselect f e ab forin the
o anrinstance list, type its sequence number at the selection prompt
e l c the list.
and
n s
press <Enter>, example, 1 for the phy-interface element named M00 in
h a - t r asequence number.
If you do not wish to view any of the instance, press <Enter> without typing
p
Ra non
any
The show command displays the configuration of the instance of the phy-
interface element you selected, for example the phy-interface element named
M00. If none of the instances are selected, the show command outputs a message: no
object selected.
When your configuration gets large and contains many multiple-instance elements, it
is helpful to use the select and show commands to examine what instances of an
element are in the configuration before editing an existing one. It helps you to avoid
editing a wrong instance.
2. Alternatively, you can issue the show configuration command to view the
phy-interface elements in the user or superuser mode.
Tell your instructor that you have completed this exercise. The scenarios
and answers will be discussed in class as a group.
Parameter Value
(# is your student number)
(x is the slot number, y is the port number)
s a
name Mxy (or Sxy)
) h a
com
sub-port-id 0
ip-address
netmask
192.168.0.1#
255.255.255.0 i l
a deฺ ฺ
gateway 172.16.0.10# t m
o Gui
@ h t
Do not forget to issue done to commit the changes to the
v o e n
editing configuration.
e l cra review
S tudhow you created a
If you are not sure how to create the network
physical interface in Exercise 1:. Thep h a isththeissame.
interface,
(ra use
procedure
o
You may have noticed thatvthe gateway o isstep.
tnext
l c ravalue insthe
e
incorrect for the 192.168.0.0 network.
ae licen
You will fix the gateway
Step 2: Editingra p h
o l
the Network
b e Interface Configuration
c
Thisr av is tospractice
step f e ra how to edit an existing multiple-instance element by fixing the
h a elreferential
t r anerror occurred in the previous step.
p -
Ra non1. Examine the value of the gateway parameter of network-interface.
It is an incorrect value for the 192.168.0.0 network.
a. Select and view the network-interface element that you created in the
previous step.
If you are not sure how to select, view, and edit the parameter, review the
following commands (# is your student number).
training(network-interface)# select
<name>:<sub-port-id>:
1: M00:0 ip=192.168.0.11 gw=172.16.0.101
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
selection: 1
training(network-interface)# show
training(network-interface)# gateway 192.168.0.100
training(network-interface)# done
Tell your instructor that you have completed this exercise. The scenarios
and answers will be discussed in class as a group.
s a
) h a
i l ฺ com
t m a deฺ
h o Gui
v o @ ent
e l cra Stud
p h a this
o (ra use
l c rav se to
p h ae licen
o ra ble
c r av sfera
h a el tran
p -
Ra non
When configuring a media interface for management access, you must configure two parts: the
address for the management access and the HIP address list.
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
In this exercise, you will configure an address and HIP address list in your network interface to
allow ping and telnet to the Net-Net SD via the media network interface.
1. Access and view the network interface that you created in the previous exercise.
s a
2. Add an ICMP entry to your network interface using the following data.
) h a
Parameter Value
l ฺ c om
(# is your student number) i
a deฺ
icmp-address 192.168.0.1# t m
o Gui
@ h t
If you are not sure how to add the ICMP entry, reviewvthe o e
following n
command.
e l cra 192.168.0.1#
S tud
training(network-interface)# add-icmp-ip
p h a this
3. Add a Telnet entry to the network a susing
(rinterface e the following data.
o u
l
Parameterc rav se to Value
a e e n
ph le lic 192.168.0.2#
(# is your student number)
r a
telnet-address
b
r a vo notrasure
If you arefe
l c s how to add the Telnet entry, review the following command.
h r an
ae -ttraining(network-interface)#
a p o n add-telnet-ip 192.168.0.2#
R n 4. View the configuration.
hip-ip-list 192.168.0.1#
192.168.0.2#
ftp-address
icmp-address 192.168.0.1#
snmp-address
telnet-address 192.168.0.2#
• Why must you add the ICMP and Telnet addresses to the HIP address list?
s a
4. Verify all changes.
) h a
l ฺ c om
Tell your instructor that you have completed this step. Continue a i
to the next ฺ
o Guide
t m
step after the instructor has saved and activated the configuration.
h
v o @ ent
Step 3: Testing the Connectivity
e l cra Stud
p h a this access to the Net-Net SD via
(rabetween
In this step, you will test whether you can make a management
the media network interface. You will ping
o u s e Net-Net SD and your student
your
workstation.
l c rav se to
h
1. Ping the Net-Net
p aeSD from
l i c n student workstation.
eyour
o a ble
r192.168.0.1#
av sfera
ping
c r
h a el tExamine
r a n the outputs. Your ping should be successful. If not, check your configuration.
p -
Ra non2. Ping the management address of your student workstation from your Net-Net SD
using ACLI. You can also issue ping in the User mode or the superuser mode.
Examine the outputs. Your ping should be successful. If not, check your configuration.
3. Launch PuTTY/Tutty on your student workstation and telnet to your Net-Net SD using
the Telnet address 192.168.0.2#.
Once you are connected successfully, the password prompt should appear to allow
you to access your Net-Net SD. If you cannot Telnet, check your configuration.
2. Examine the entries in the output. You should see that the network interfaces
displayed include:
• IP address
• MAC address that the network interface is bound to
• Transmitted and received packets
• Vlan usage
• What are the network interfaces that you configured and what are not?
s a
Step 5: Removing the ICMP and HIP Entries
) h a
i l ฺ com
Typically, you configure media interface for management access only for testing and
t m a deฺ
troubleshooting. You do not leave such configuration in any Net-Net SD in production.
training(network-interface)# h
p a this 192.168.0.1#
remove-icmp-ip
training(network-interface)#
o (ra remove-telnet-ip
u s e 192.168.0.2#
Tell your instructor that you have completed this exercise. Continue to the
next exercise after the instructor has saved and activated the configuration.
Parameter Value
(# is your student number)
name M00
sub-port-id #
ip-address 192.168.0.11#
s a
netmask 255.255.255.0
) h a
gateway 192.168.0.100
l ฺ c om
Do not forget to issue done to commit the changes. i
a deฺ
t m
o Gui
h
@ ent
2. View the list of network interfaces by using the select command.
v o
training(network-interface)# selectcra tud
<name>:<sub-port-id>: e l
a this S
ip=192.168.0.11phgw=192.168.0.100
(ra ugw=192.168.0.100
1: M00:0
2: M00:1
o
ip=192.168.0.111 s e
… … …
l c rav se to
selection: ae en
p h l i c
ra ble
training(network-interface)#
o
c r aIfvyou dosfnot
e a to view any of the interfaces, just press <Enter> at the selection
rwish
h a el tprompt.
r a n Otherwise, type a sequence number in the list to select the interface to view
a p o n - issue the show command to view the network interface configuration.
and
R n Tell your instructor that you have completed this step. Continue to the next
step after the instructor has saved and activated the configuration.
In this example, there are two network interfaces bound to the physical interface M00.
The two network interfaces are specified as Vlan 0 and Vlan 1. If both Vlan 0 and
Vlan 1 are listed in the output, the VLAN is created successfully. If Vlan 1 is not
listed in the output, the VLAN is not created successfully.
s a
Step 3: Deleting the VLAN
) h a
l ฺ com
Because none of the later exercises will use the VLAN, you remove th network interfaces for
i
the VLAN to clean up the configuration.
t m a deฺ
h o interface
G uiM00 for
v o @ ent
1. Delete the network interface that you created to bind to the physical
the VLAN.
l c ra Stud
training(network-interface)# noa e
<name>:<sub-port-id>:
r a ph e this
1: M00:0
o
ip=192.168.0.1#( u s
gw=192.168.0.100
a v t o
cr nse gw=192.168.0.100
2: M00:1 ip=192.168.0.111 gw=192.168.0.100
3: M00:2
e l
ip=192.168.0.112
4: M00:3 haip=192.168.0.113
… … … ap l i ce gw=192.168.0.100
o r b le
v
raselection:2
f er a
l c s
p h ae -trantraining(network-interface)#
All network interfaces created for the VLAN should no longer exist in the list.
1. All students: Delete the network interface that you created in Exercise 2:.
2. Student 3 – 8: Delete the physical interface that you created in Exercise 1:.
Parameter Value
(# is your student number)
name M00
sub-port-id 0
ip-address 192.168.0.10
netmask 255.255.255.0
gateway 192.168.0.100
s a
) h a
i l ฺ com
t m a deฺ
h o Gui
v o @ ent
e l cra Stud
p h a this
o (ra use
l c rav se to
p h ae licen
o ra ble
c r av sfera
h a el tran
p -
Ra non
with a single SD
wancom0
SD
ble
10.0.3.11 1 fe r a
ans
n - t r
no
s a
Hub/Switch ) ha
c o m
a ฺ
il eฺ
m
ot Guid
h
a v o@ dent
e l cr Stu
p h a this
o (ra use
l c rav se to
h a e en
rap lic
avo
10.0.3.1 l c r 10.0.3.3
hae
student1
ap
student3 10.0.3.5
student5
10.0.3.6
student6
R
10.0.3.2
student2 10.0.3.4
student4
Overview
On a running Net-Net SD, three versions of configuration can exist at any time. When
making backups, you can backup any of the configurations.
p h ae licen
Table of Exercises:
o ra Working
Exercise 1:
b lewith Configuration Backups ............................................................ 2
v
ra sfer a
l c
p h ae -tran
Ra non
In this exercise, you will back up your various versions of the configuration. You will then store
them externally and remove them from the Net-Net SD file system. Finally, you will transfer the
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
backed-up configurations back to the Net-Net SD from the external device, and then restore
them.
Ra no 2. Back up the saved configuration. Name your backup file student#_saved.gz (where #
is your student number).
• Write down the command you used to back up the saved configuration.
training# display-backups
Alternatively, you can issue the following command to display the backup files in
alphabetic order.
If you have completed all previous exercises successfully, you should have the
following backup files:
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
• What directory are the backup files stored in the Net-Net SD file system?
a e lc nse
directory. The files you up should be in the list.
c. Copyp
a l ce backup files from the Net-Net SD to the
allhof your configuration
i
o r
bootcode
b le on the desktop of your student workstation.
folder
v
ra sfer a
l c n username and password for accessing the Net-Net SD via FTP are the
p h ae -traThe
non Ask your instructor for help if you are unsure how to user FileZilla.
Net-Net SD’s default User Mode username user and password acme.
Ra
Alternatively, you open a DOS window on your student workstation and use the FTP
commands to transfer the files.
2. Once the file transfer is complete, navigate to the bootcode folder on the desktop of
your student workstation. Ensure the backup files are stored in the folder now.
• How do you verify that you have deleted all your backup files?
• What directory should you transfer the files to on the Net-Net SD?
• What command do you use to verify that these two files are transferred to the
correct directory on the Net-Net SD?
s a
) h a
Ask your instructor for help if you are unsure how to user FileZilla. i l ฺ com
t m a deฺ
h o Gui
2. Restore the saved configuration student#_saved.gz.vo
@ ent
l c ra Stud
e
a student#_saved.gz
h his
training# restore-backup-config
r a p e t
( to?us
• Where is the configuration restored
o
v
ra se to
l c
• What doeshthe
p aeNet-Net
l i c eSDnprompt you to do after the restore is complete?
o ra ble
c r avThesrestore-backup-config
f e ra
a e l n command restores the configuration to the
aequivalent to the state after the done command
p h - t r volatile memory. The restored configuration is now the editing configuration,
Ra non reboots now, the restored configuration will be lost. This is why you must save and
is issued. If the Net-Net SD
activate the restored configuration for the restored configuration to take effect.
• What command do you use to check if you have restored the correct configuration?
View the restored configuration and ensure that you have restored the correct
configuration successfully.
a. Delete the M00:# (where # is your student number) network interface element
from the configuration on the Net-Net SD and save it. Do not activate.
• List the series of commands the you used to delete the configuration
element.
b. Verify that the element you removed is no longer in the editing configuration.
Write down the command.
• Write down the command that you used to restore the last running
configuration.
Tell your instructor that you have completed this exercise. The scenarios
and answers will be discussed in class as a group.
s a
) h a
i l ฺ com
t m a deฺ
h o Gui
v o @ ent
e l cra Stud
p h a this
o (ra use
l c rav se to
p h ae licen
o ra ble
c r av sfera
h a el tran
p -
Ra non
s a
) h a
i l ฺ com
t m a deฺ
h o Gui
v o @ ent
e l cra Stud
p h a this
o (ra use
l c rav se to
p h ae licen
o ra ble
c r av sfera
h a el tran
p -
Ra non
network map
ble
fe r a
ans
n - t r
n o
Hub/Switch
s a
) ha
c o m
a ฺ
il eฺ
m
ot Guid
h
a v o@ dent
e l cr Stu
p h a this
o (ra use
l c rav se to
h a e en
rap lic
192.168.0.101 o 192.168.0.103 192.168.0.105 192.168.0.107
student1
l crav student3 student5 student7
ha e
p
Ra 192.168.0.102 192.168.0.104 192.168.0.106 192.168.0.108
student2 student4 student6 student8
network map
192.168.0.100
ble
Asterisk Server
fe r a
ans
n - t r
n o
s a
Hub/Switch ) ha
c o m
a ฺ
il eฺ
m
ot Guid
h
a v o@ dent
e l cr Stu
p h a this
o (ra use
l c rav se to
h a e en
rap lic
avo
192.168.0.101
l c r 192.168.0.103 192.168.0.105 192.168.0.107
student1 ae student3 student5 student7
a ph
R
192.168.0.102 192.168.0.104 192.168.0.106 192.168.0.108
student2 student4 student6 student8
Available only at Acme Packet
Bedford, MA Training Center
Overview
The Session Initiation Protocol (SIP) is an application-layer control (signaling) protocol for
creating, modifying, and terminating sessions with one or more participants. The Net-Net
Session Director (Net-Net SD) supports SIP signaling for the creation, management and
termination of multimedia sessions. It is important to understand SIP operation prior to
configuring your Net-Net SD.
There are three exercises in the isip Lab. They will provide you with hands-on
experience with SIP operations and SIP servers. You will make calls without going
through the Net-Net SD, examine call flows and SIP messages. You will examine SIP
s a
registration operation. You will also make calls that go through a Back-to-Back User
Agent (B2BUA), and examine SIP operations. An IP PBX, Asterisk ) h a
i l ฺ com
(http://www.asterisk.org), will be used in the exercises. Asterisk will run on the instructor’s
t m a deฺ
workstation, and will act as a SIP registrar for you to examine the SIP registration
v o @ ent
Table of Exercises:
e l cra Stud
Exercise 1: Examining SIP Messages ............................................................................. 2
h a th i s
apB2BUAse.............................................................
Exercise 2: Examining SIP Registration ........................................................................ 13
o ( r
Exercise 3: Examining Call Flows with
u
16
l c rav se to
p h ae licen
o ra ble
c r av sfera
h a el tran
p -
Ra non
Before you start the exercise, use the table below to find out your assigned IP address of the
endpoint (the address of your IP phone) in this exercise, depending on your student number.
Refer to your lab diagram for details of the IP addresses in use.
4. Select the isip profile from the profile list and click the Use… button. The Status of
the profile should be in use.
Ask your instructor for help if you are unsure of how to complete this
step.
source packet capturing and analyzing application. It is used for packet capture, network
analysis, and trouble shooting.
2. Set the filter for Wireshark to display only the SIP and RTP messages.
h a e ens
r a
Leave the pWireshark
l e licit is for now, and move on to the next step.
as
r a vo Ask f e r abinstructor for help if you are unsure of how to complete this
a e l c ansstep. your
p h n - tr
Ra no
Step 3: Making a Complete SIP Call
In this step, you will make a complete point-to-point SIP call using the SJphone to your
partner assigned as follows: Student 1 and student 2, student 3 and student 4, student 5 and
student 6, and student 7 and student 8, and so on.
1. To make a call, enter the IP address of your partner’s SJphone, and click the
button.
Observe the messages displayed in the Wireshark GUI while the call is going on.
Once the call starts, Wireshark captures, parses, and filters the packets according to
the filter criteria specified in the Filter field. It displays the captured packets as SIP
messages in the Wireshark GUI.
Wait until your partner answers the call before hanging up. This is to assure that the
SIP messages of a complete successful call will be captured.
Once you have completed the call successfully, stop capturing and save the capture.
2. To save your capture, click the Save as item in the File menu. Save the capture as
student#_regular_call (where # is your student number) on the desktop of your
student workstation.
Saving captures at the completion of each call is for comparison purposes moving
forward. s a
) h a
i l ฺ com
Repeat Step 2: through Step 4: if you need to place and capture a call
again. Please save each call as a separate capture.
t m a deฺ
h o Gui
Step 5: Viewing the Ladder Diagram of the Call
v o @ ent
e l cra GUI.
1. Click Statistics on the menu bar in the Wireshark S tud
p h a this
o ( a shown
2. Select the VoIP Calls from therStatistics
VoIP callsu s e menu. The VoIP Call window
rav se to
appears with a list of captured as below.
l c
p h ae licen
o ra ble
c r av sfera
h a el tran
p -
Ra non Examine the following information shown in the VoIP Call window:
3. Select the line representing the call you made in Step 3: from the list in
the VoIP Call Window.
4. Click the Graph button. The Graph Analysis GUI with a ladder diagram of your call
should appear as below:
• What protocols are indicated in the ladder diagram and what are they for? s a
) h a
• What messages are there for the signaling protocol?
i l ฺ com
• What SIP messages are SIP request messages and what are SIP t m a
responsede
ฺ
messages? ho t Gu i
@ en
voTheucorresponding
5. Click on each message displayed in the ladder diagram.
l r a
cthe detailst d message
in the Wireshark GUI should be highlighted,e
a and
i s Sthe details of these
of the message should
appear in the bottom of the Wireshark GUI. h
ap se t h
You will view
messages next. ( r u
r a voof the tCall
o
Step 6: Viewing SIP Messages
a e lc nse
p
In this step, youawill hview details
l i cofevarious SIP messages. To view SIP messages easily, you
r the SIPbmessages
can displayoonly le
a v
in therFilter r a captured in the Wireshark GUI by setting the filter to sip
e l c nsfe field.
p h a 1.-tView
n ra the INVITE message.
Ra no a. Select the INVITE message in your ladder diagram, the corresponding
INVITE message in the Wireshark GUI should be highlighted. The details of
the message should appear in the bottom panel of the Wireshark GUI.
Alternatively, you can select the INVITE message directly from the list of
messages displayed in the top panel of the Wireshark GUI.
• Identify the method, the request-URI, and the SIP version specified in the
Request-line.
s a
) h a
i l ฺ com
t m a deฺ
h o Gui
v o @ ent
e l cra Stud
p h a this
o (ra use
c rav andsethe tparameters
Examine the values
l
o of the following fields in the INVITE
messagee n
h a li
p Content-Lengthc e
header: From, To, Via, Contact, Call-ID, Cseq, Max-Forward,
r a
and
l e fields.
r a vo f•eWhat
r abdoes the address in the From field indicate?
a e l c ans
p h n - tr • There is a tag parameter in the From field. What is the tag for? Who
R a n o added this tag, the calling party or the called party?
• What does the address in the To field indicate? Note that there is no tag
parameter in the To field at this point.
• Is the value of the request-URI the same as the value in the To field or
the same as the value in the From field?
• What does the address in the Via field indicate? What does the branch
parameter in the Via field specify?
• What does the Cseq field indicate? What values are contained in this field?
s a
) h a
i l ฺ com
t m a deฺ
h o Gui
v o @ ent
e l cra Stud
• What codecs are offered by p h a party?
the callingth is
r a
( Description
s e
Take a look at the Media
v o o u line. Expand it to see more
details.
l c ra se t
h
• Can
p ayoue tellliifcany
enspecific codec will be used during the call at this point?
o ra• Whatbarelethe media type and media protocol?
c r av sfera
h a el tran • At what IP address and port does the calling party expect to receive media?
p -
non
Take a look at the Connection Information line, and the Media
Ra Description line. Expand them to see more details.
2. View the following messages with the same procedure as when viewing the INVITE
message:
• Should the values of the Via, To, From, CALL-ID, and CSeq header fields
the same as the values of these header fields in the INVITE message?
• In the To field, there is a tag parameter now. Who added the tag, the
calling party or the called party? What does the tag parameter indicate?
• What header field indicates that the message does not contain a Message
Body?
• What does the endpoint of the calling party do if it does not receive a 100
Trying message?
• What happens at the endpoint of the calling party when it receives a 180
Ringing message?
s a
) h a
i l ฺ com
t m a deฺ
h o Gui
v o @ ent
e l cra Stud
• Are the INVITE and the first 200
What information do youause p htoafigure t h iifsthey are
OK messages in the same transaction?
Ra no • What codec will be used when exchanging media between the calling and
called parties? Take a look at the Media Description line in SDP.
• Is this message in the same transaction as the one that the INVITE
message initiated?
Take a look at the branch parameter in the Via header field and the value
of the CSeq header field.
• If a set of packet capture contains more than one BYE message, how do
you know which BYE message is in response to which INVITE message?
3. Take a look at the all the SIP messages captured by Wireshark during the call.
To display only the SIP messages captured in the Wireshark GUI, set the filter to sip
in the Filter field.
o ( ra use
• How many SIP packets v
l c e to with this call?
ra are associated
h c e nsassociated with the call are
e SIP packets
• How many ofathe
r a
methods? p le li
r a vo feraofbthe SIP packets associated with the call are
• How many
a e l c aSIPnsresponses?
p h n - tr
Ra no • How many of the responses associated with the call are
final responses?
1. Click Statistics on the menu bar in the Wireshark GUI, and select RTP from the
Statistics menu.
2. Select Show All Streams from the RTP menu. The RTP Streams window should
look like this:
ThThe first line is the calling party’s RTP stream, and the second line is the called
party’s RTP stream.
3. Examine the calling party’s RTP stream
a. Identify the following information indicated in the calling party’s RTP stream.
s a
• The source IP address and source port ) h a
i l ฺ com
• The destination IP address and destination port
t m a deฺ
• The payload type h o Gui
v o @ ent
b. Compare the RTP information with the one
e l crain SDPS
d INVITE message
tofuthe
captured in the Wireshark GUI.
p h a this
• Is the RTP destination a in SDPsethe same as the destination port in the
(rport
a
calling party’s RTP
r v streamtothatuyou examined earlier?
o
e c nse
lparty’s
h a
4. Examine the called
p l i ceRTP stream
o r a
a. Identifyb lefollowing information indicated in the called party’s RTP stream.
v
ra sfer a the
l c
e tran •• The source IP address and source port
p h a -
R a n o n •
The
The
destination IP address and destination port
payload type
b. Compare the RTP information with the one in SDP of the 200 OK message
captured in the Wireshark GUI. Populate your observations in the table below.
• Does the SDP of the 200 OK message indicate which IP address and port
the RTP streams are originated from?
• Is the codec indicated in the RTP stream in the list of codecs offered by the
SDP of the INVITE message?
• Is it the codec indicated in the RTP stream the same as the codec specified
in the SDP of the 200 OK message in response to INVITE?
You may have observed that when you hang up before your partner answers the call,
a CANCEL request is sent by the calling party. This CANCEL request is to cancel the
INVITE request it sent. The called party that receives the CANCEL request for the
INVITE, but has not yet sent a final response, "stops ringing", and then responds to
the INVITE with a specific error response – 487 Request Terminated.
o toanyuestablished calls?
• Does a CANCEL requestvterminate
a
r
lc nse
a e
a p h
3. Save the capture
l i ce
as student#_cancel_call for future reference.
• Examine the timestamps associated with each INVITE in your Wireshark capture.
How long does it take for the call to fail?
before placing the call, and stop the capture after ending the call.
1. View the ladder diagram of the call and the messages captured in the Wireshark
GUI.
( r ap se t
and answers will be discussed in class as a group.
r a vo to u
a e lc nse
a p h l i ce
o r b le
v
ra sfer a
l c
p h ae -tran
Ra non
You will use SJphone and Wireshark again to place and capture calls as you did in
Exercise 1: in the lab.
Follow the exercise instructions, and please do not make random calls in
this exercise.
5. Review the procedure in Step 1: of Exercise 1: if you are not sure how to
complete this step.
1. Examine the SIP messages captured in the Wireshark GUI. They should look like this:
• Why does the SJphone keep sending REGISTER messages to the SIP registrar?
s a
• What is the value of the Request-URI in the REGISTER message? Whose
) h a
om
address does the Request-URI represent?
i l ฺ c
• What is the address in the From field?
t m a deฺ
h o Gui
v o @ ent
e l cra Stud
p h a this
o (ra use
The From header
l c avcontains
rfield e o address-of-record of the person responsible
tthe
a e ens
for the registration.
h
r a p le lic
a v opart r a b host
In the example above, there are two parts in the address in the From field: user
l c r s f e
7001 and part 192.168.0.100.
The Contact field in the 200 OK message in response of the REGISTER message
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
The 200 OK response to the REGISTER request contains, in the Contact header
field, a complete list of bindings that have been registered for this address-of-record at
this registrar. In this example, sip:7001@192.168.0.101 is the binding that is
s a
registered for the AOR sip:7001@192.168.0.100.
) h a
l ฺ com
In the 200 OK message, the expires parameter in the Contact field indicates how
i
long (in seconds) a binding will be valid.
t m a deฺ
h o Gui
Step 4: Examining SIP Deregistration
v o @ ent
1. Restart the live capture in Wireshark.
e l cra Stud
p h a this
2. Shutdown your SJphone application.
( r a sthe
When
e SJphone is shutdown, it deregisters
from the SIP registrar.
r a vo to u
e
3. When deregistration
a e sethe live capture and save it to a file named as
lcis done,nstop
r a ph le lic on the desktop of your student workstation.
student#_deregister
a vo fthe
4. Examine
r e r abmessages captured in Wireshark. They look like this:
SIP
a e l c ans
p h n - tr
Ra no
Tell your instructor that you have completed this exercise. This scenario
and answers will be discussed in class as a group.
go through it.
e l
a appear,
1. Restart SJphone. The SJphone GUI should
p h t h s ensure the isip_reg profile is
iand
still in use.
o (ra use
2. Start the live capture inra v
Wireshark. to
l c e
nsyour partner’s extension number.
e partnerewith
h a
p le li
3. Make a call to your c
r a
a votheflive
4. Stop
r e r ab in Wireshark when the call is complete.
capture
a e l c5. Save
a n s
r the capture in a file named as student#_registered_call on the desktop
ph on-tof your student workstation.
R a n
Step 2: Examining the SIP Messages of the Registered Call
1. Examine the call capture in Wireshark.
• What two points do you see the SIP messages flow in and out of?
2. Click the folder marked with the date the call was placed. A list of calls that were
captured should appear in the browser like this.
s a
) h a
i l ฺ com
a between
There are two entries for your call. One entry contains the SIP messages
t m d e ฺthe
calling party’s endpoint and the B2BUA. The other entry contains
ho t Gu
the SIP i
messages
between the B2BUA and the called party’s endpoint.
v @
o den
3. Select and save each entry to the files namedlas r a
c call1Sandtucall2 on the desktop of
a e
ph e this
your student workstation.
r a
in( Wireshark.
4. Merge call1 and call2 files
a v o t o us
a. Open call1e l cinr Wireshark.
n se
a e
ph le lic select call2, select Merge packets
b.ra
Select File->Merge,
r a f e r ab
vo chronologically, and then click the Open button.
c
el tran s
p h a -
Ra non
Wireshark should now show SIP messages exchanged between the calling
party and the registrar, and between the registrar and the called party
chronologically like this:
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
c. Save the merged call capture in the file called student#_isip on your
desktop on your student workstation.
s a
) h a
i l ฺ com
t m a deฺ
h o Gui
v o @ ent
e l cra Stud
p h a this
o (ra use
l c rav se to
p h ae licen
o ra ble
c r av a.sFrom
f e rathe menu bar in Wireshark GUI, select Statistics -> VoIP calls.
h a el tran The VoIP Calls window opens and lists both calls.
p -
Ra non
b. Select both calls by clicking both entries, and then click the Graph button.
The ladder diagram should appear. It should show the call flow that goes
through a B2BUA, i.e. Asterisk, between two endpoints.
6. Examine the call flow and the SIP messages exchanged among the two endpoints
(you and your partner) and the B2BUA, Asterisk.
• How many IP addresses are displayed? Fill in the IP addresses in the table below:
• Why are there two INVITE messages in the call between the endpoints of yours
and your partners?
• Compare the Call-ID in the originating INVITE with the re-originated INVITE.
Are they the same? Why?
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
• Compare the From and To fields in the originating and re-originated INVITE
messages. Are the fields the same? Why?
• When placing the call, you only used your partner’s extension number, instead of
the IP address. How was your partner’s endpoint located?
Tell your instructor that you have completed this exercise. This scenario
and answers will be discussed in class as a group.
s a
) h a
i l ฺ com
t m a deฺ
h o Gui
v o @ ent
e l cra Stud
p h a this
o (ra use
l c rav se to
p h ae licen
o ra ble
c r av sfera
h a el tran
p -
Ra non
s a
) h a
i l ฺ com
t m a deฺ
h o Gui
v o @ ent
e l cra Stud
p h a this
o (ra use
l c rav se to
p h ae licen
o ra ble
c r av sfera
h a el tran
p -
Ra non
with a single SD
wancom0
SD
ble
10.0.3.11 1 fe r a
an s
n - t r
no
s a
Hub/Switch ) ha
c o m
a ฺ
il eฺ
m
ot Guid
h
a v o@ dent
e l cr Stu
p h a this
o (ra use
l c rav se to
h a e en
rap lic
v o
10.0.3.1l cra 10.0.3.3
h ae
student1
p
student3 10.0.3.5 10.0.3.6
Ra student5 student6
10.0.3.2
student2 10.0.3.4
student4
Overview
The Session Initiation Protocol (SIP) is an application-layer control (signaling) protocol for
creating, modifying, and terminating sessions with one or more participants. The Net-Net
Session Director (Net-Net SD) supports SIP signaling for the creation, management and
termination of multimedia sessions. It is important to understand SIP operation prior to
configuring your Net-Net SD.
In this lab, you configure the elements and sub-elements needed to process SIP
s a
signaling on the Net-Net SD. These elements include:
) h a
• Realm
• Sip-interface i l ฺ com
• Sip-port
t m a deฺ
• Sip-config h o Gui
v o @ ent
You will also configure elements needed for the Net-Net
l c ra Stothandle
SD
u d media (RTP)
traffic. These elements include:
h a e is
• Media-manager ( r ap se th
• Steering-pools
r a vo to u
a e lc willsediscuss the findings as a group.
this lab, wen
At the conclusion of
a p h l i ce
Acme o r Net-Net
Packet’s b leConfiguration Basics courses are delivered at both our
r v
headquarters
f e r
aSD, restricting
and aremote sites. Remote site course delivery normally uses a single Net-
e cNet s
l single-instance
n the way student groups configure items, such as boot parameters and
h a - t r a elements. Courses at our Headquarters in Burlington and Madrid
p n
Ra no implement multiple
lab exercises.
Session Directors, which allows greater student participation during
Table of Exercises:
Exercise 1: Configuring Realms ...................................................................................... 2
Exercise 2: Configuring SIP Interfaces ............................................................................ 3
Exercise 3: Configuring Media Services .......................................................................... 6
• Which version of the configuration should you review, saved, running, or it does not
matter because they are the same?
• The existing configuration contains many elements. Focus on the elements listed in
s a
the table below, and fill in the information regarding these elements.
) h a
Element Name Identifier Identifier
l ฺ om
cInstance
Single/Multiple
i
a deฺ
phy-interface t m
o Gui
h
@ ent
network-interface
v o
system-config
e l cra Stud
h a configuration
You will view other elements in thepexisting t his in later exercises in this
( r a e
module.
a v o t o us
l cr arenssingle-instance
• What types of elements
e e elements and what are multiple-
a
ph le lic
instance elements? e
r a
r a vo feraabPeer Realm
Step 2: Configuring
Parameter Value
identifier core# (# is your student number)
network-interfaces M10:0
addr-prefix 0.0.0.0
s a
Do NOT save or activate your configuration. The instructor will do so later in the lab.
) h a
i l ฺ com
Tell your instructor that you have completed this exercise. The scenarios
t m a deฺ
and answers will be discussed in class as a group.
h o Gui
v o @ ent
e l cra Stud
p h a this
o (ra use
l c rav se to
p h ae licen
o ra ble
c r av sfera
h a el tran
p -
Ra non
p h a
n - ra rest of the parameters of this element will use the default values.
tThe
Ra no If you are not sure how to configure the SIP interface, review the following command
(# is your student number):
training(sip-interface)# realm-id peer#
2. Configure a SIP port for the SIP interface using the following data.
The configuration element is sip-port, a sub-element of sip-interface. The
ACLI path is session-router>sip-interface>sip-ports.
Parameter Value
address 192.168.0.1# (# is your student number)
The rest of the parameters of this element will use the default values.
If you are not sure how to configure the SIP port, review the following commands (# is
your student number):
training(sip-interface)# sip-ports
training(sip-port)# address 192.168.0.1#
3. Issue done to commit the sip-ports configuration when finishing configuring the
sip-port sub-element, and return to the sip-interface element.
Parameter Value
realm-id core# (# is your student number)
• Use the following data for the SIP port of the SIP interface: s a
) h a
Parameter Value
i l ฺ com
address 172.16.0.1# (# is your student number)
t m a deฺ
Step 4: Viewing the SIP Interfaces h o Gui
v o @ ent
1. View your configuration.
e l cra Stud
• Ensure that the configuration now p h a twothSIPisinterfaces, one is for the peer
contains
o ra realm.
realm and the other is for the (core
u s e
v
rainterface to a SIP port configured as well.
c
• Ensure that eachlSIP
e ens econtains
h a
phow theleSIPlicinterfaces are bound to the realms, and how realms are
r a
• Examine
o to the bnetwork interfaces.
a v bound
r a
e l c2.r Verifynyour
s feconfiguration. Do NOT save or activate your configuration. The instructor
p h a
n - rado so at the end of the lab.
twill
Ra no
Step 5: Make a Call to your Partner
1. Start the SJphone application if it is not running.
2. Configure the SJphone instance to use the peer profile. Review the isip lab if you are
not sure how to perform this task.
3. Make a call using your partner’s extension number as you did in Exercise 3 in the
isip lab. Based on the current configuration and your experience with the call,
• Was your call to your partner successful? Why do you think the call failed?
Tell your instructor that you have completed this exercise. The scenarios
and answers will be discussed in class as a group.
1. Examine the media manager configuration. This element is already defined in the
existing configuration.
The configuratione
a element
e se
lc isnsteering-pool. The ACLI path is
media-manager
a h
p le li > c
steering-pool.
r b
2. a
r vo done
Issue
f e toasave the steering-pool configuration when finishing configuring the
r
a e l c steering
a n spool.
r
ph on3.-tView the steering pool configuration.
R a n
• What is the purpose of the steering pool?
Parameter Value
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
s a
) h a
i l ฺ com
t m a deฺ
h o Gui
v o @ ent
e l cra Stud
p h a this
o (ra use
l c rav se to
p h ae licen
o ra ble
c r av sfera
h a el tran
p -
Ra non
student1 student8
192.168.0.100
student2 student1
ble
physical:network
fe r a
interface name
ans
M00:0
SD n - t r
student3
no 172.16.0.10
s a
) ha physical:network
0/0
c o m interface name
student4 a ฺ
il eฺ M10:0
m
ot Guid
h
a v o@ dent
student5
e l cr Stu 1/0
h a i s core
student6 ( r ap se th
a v o to u
a e lcr nse
a p h l i cestudent8
r
student7
o
ra v
l c
p hae
Ra
All PCs also connected
to hub going to wancom0: wancom0
studentx: 10.0.3.x 10.0.3.11
student1 student4
bl e
fe r a
an s
n - t r
Realm ID: peer1
a no ID core1
Realm :
ha s
192.168.0.101 192.168.0.11 LP+ HMR
m )
172.16.0.11 172.16.0.100
ฺ c o
a il eฺ
m
ot Guid
Realm ID: peer2 h
o@ dent
Realm ID core2
:
LP+ HMR
a v
192.168.0.102 192.168.0.12
e l cr Stu 172.16.0.12 172.16.0.100
p h a this
o (ra use
Realm ID: peer3
l c rav se to Realm ID core3
:
h a e en
192.168.0.103
a p l
192.168.0.13
i c LP+ HMR
172.16.0.13 172.16.0.100
r
r a vo
l c
p h ae Realm ID: peer4
Realm ID core4
:
a
R192.168.0.104 192.168.0.14
LP+ HMR
172.16.0.14 172.16.0.100
student5 student8
bl e
fe r a
an s
n - t r
Realm
: ID peer5
a no IDcore5
Realm :
ha s
192.168.0.105 192.168.0.15 LP+ HMR
m )
172.16.0.15 172.16.0.100
ฺ c o
a il eฺ
m
ot Guid
Realm
: ID peer6 h
o@ dent
Realm ID core6
:
LP+ HMR
a v
192.168.0.106 192.168.0.16
e l cr Stu 172.16.0.16 172.16.0.100
p h a this
o (ra use
Realm
: ID peer7
l c rav se to Realm ID core7
:
h a e en
192.168.0.107
a p l
192.168.0.17
i c LP+ HMR
172.16.0.17 172.16.0.100
r
r a vo
l c
p h ae Realm
: ID peer8
Realm ID core8
:
a
R192.168.0.108 192.168.0.18
LP+ HMR
172.16.0.18 172.16.0.100
Overview
In this lab you configure the routing and translation parameters for the Net-Net Session
Director (Net-Net SD) in order to operate in a SIP peering environment.
e l c Courses
Net SD, restricting the way student
n s eour Headquarters
configure items, such as boot parameters and
p h aSessionlicDirectors,
single-instance elements.
e at in Burlington and Madrid
o ra ble
implement multiple
lab exercises.
which allows greater student participation during
c r avof Exercises:
s f e ra
h a el Exercise
Table
t r an1: Configuring Policy-Based Realm Bridging (PBRB) ...................................... 2
p -
Ra nonExercise 2: Creating Header Manipulation Rules (HMR) ................................................ 5
Exercise 3: Configuring SIP Access Control in Peering ................................................ 11
to support routing.
Do not change any of the existing configuration parameters unless you are
instructed to do so. You will build on these parameters throughout this lab.
Changing them may cause configuration errors.
i l ฺ c
The exsiting configuration should already contain these types of elements:
t m a system- d e ฺ
config, physical-interface, network-interface, realm-config,
ho t Gu i
sip-
config, sip-interface, media-manager, steering-pool.
v @
o den
When viewing the configuration, fill in the tablelc r a tu fill in thefrom
below with information your
a e S
s built on top of each other and
realm. iOnce
a h elements
configuration for the peer realm and the core
phow t h are you information,
r
this table should help you see clearly
how they are bound together. (
o to us e
a v
Element Namee l cr nse Peer Realm Core Realm
a
ph le lic e realm-id,ip-address realm-id,ip-address
r a
steering-pool
r a vo ferab
a e l c ansip-interface
s realm-id,ip-address realm-id,ip-address
ph on-t r
R a n id,network-interface id,network-interface
realm-config
name,ip-address name,ip-address
network-interface
name,slot,port name,slot,port
phy-interface
• What SIP interface is configured for each realm, and how are they linked to the
realms?
• What media interfaces are configured for each realm and how are they bound to the
realm?
1. Configure a local policy for your peer realm, using the following data and the settings
indicated on your lab diagram.
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
Parameter Value
from-address * (a wild card)
to-address * (a wild card)
source-realm peer# (# is your student number)
p h ae 5.-tExamine
r
Ra non
the local policy that you just configured.
• If your configuration is saved and activated, when you make a call, can the Net-Net
SD route the call, and why?
• Using the following data and the settings indicated on your lab diagram to configure
the local-policy element.
Parameter Value
from-address * (a wild card)
to-address * (a wild card)
source-realm core# (# is your student number)
• Using the following data and the settings indicated on your lab diagram to configure
the policy-attributes element.
Parameter Value
next-hop 192.168.0.10#
realm peer# (# is your student number)
192.168.0.10# is the IP address of your SJphone in the peer realm. So the Net-Net
SD is configured to use your SJphone as the next hop.
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
• After your configuration is saved and activated, you make a call, will the call be
successful, and why?
cra Stud
continuing to the next step.
e l
a this
Step 5: Testing the Local Policies
p h
o (ra uscompletede
Once both you and your partner have
a v successfully
r to teststhe t o all previous steps, you should
be able to call each other using
l c each of
e
your extension number as you did in some previous
topology hiding. ph
ae licen
exercises. This should allow you local policies that you configured and examine
o ra ble
r v SJphone
1. aStart
f e raif it is not running. Ensure the peer profile is in use.
c
el 2. tStart s
h a - r anthe live capture in Wireshark.
p
Ra non a. Ensure the Filter field is set to sip.
b. Ensure to capture on the media interface of the 192.168.0.0 network.
3. Ask your partner to call you. The call should be successful. Check your configuration if
the call failed. If you cannot resolve the issues, ask the instructor for help.
4. Stop the live capture in Wireshark when the call is complete. This capture should
contain the SIP messages at the peer side.
5. Examine the SIP messages captured during the call received from your partner. Pay
attention to the SIP URI in the From and To fields of the INVITE message.
• Do you see any IP address leak between realms in the call captures, and why?
6. Save the call capture in a file named as peer1#A on the desktop of your student
workstation (# is your student number).
Tell your instructor that you have completed this exercise. This scenario
and answers will be discussed in class as a group.
Parameter Value
(# is your student number)
name NAT_IP#
s a
description “Student# peer# HMR”
) h a
The ACLI path is session-router> sip-manipulation. The sip-
i l ฺ com
manipulation element is a multiple-instance element.
t m a deฺ
h o Gui
As you can see that the sip-manipulation element does
manipulation rules yet. In the next couple of steps,a v owill@create n trulesanytoheader
not contain
e
both the To header field, and the From headerlc r Stud
you the translate
h a e is
field.
r a vo ferab
hop, $REMOTE_IP.
a e l c1. Navigate
a n s to header-rules, a sub-element of the sip-manipulation element.
r
ph on-tThe ACLI path is session-router>sip-manipulation>header-rules.
R a n training(sip-manipulation)# header-rules
training(sip-header-rules)#
Parameter Value
name To
header-name To
action manipulate
msg-type request
training(sip-header-rules)# element-rules
training(sip-element-rules)#
Parameter Value
name To
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
parameter-name
type uri-host
action replace
match-val-type ip
new-value $REMOTE_IP
5. Issue done to commit the element-rules configuration, and return to the header-
rules element.
6. Issue done to commit the header-rules configuration, and return to the sip-
s a
manipulation element.
) h a
7. Issue done to commit the sip-manipulation configuration.
i l ฺ com
m
Your sip-manipulation element now should look like this (# istyour
astudentdeฺ
number): h o Gui
v o @ ent
sip-manipulation
l ra Stud
cNAT_IP#
name
h e
a Student# is peer# HMR
description
p t h
(ra use
header-rule
name
v o o
To
l c ra se t
header-name To
h e action
a match-value
e n
comparison-type
manipulate
case-sensitive
p l i c
o ra blemsg-type request
v a
ra sfer methods new-value
l c
p h ae -tran element-rule
R a n o n name
parameter-name
To
type uri-host
action replace
match-val-type ip
comparison-type case-sensitive
match-value
new-value $REMOTE_IP
last-modified-by admin@10.0.3.1
last-modified-date 2011-03-26 20:19:34
For every incoming SIP request message, the Net-Net SD will use the rules to replace the
host portion of the URI in the From field with the IP address ($LOCAL_IP) of the SIP
interface on which the message is received from for inbound manipulation or sent on for
outbound manipulation.
In this step, you add a header rule and an element rule for the From header field in the sip-
manipulation element. The procedure is the same as in the previous step.
Ensure that you are in this element. Otherwise, you will end up creating a new sip-
manipulation element, and adding the header rule and element rule in new sip-
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
2. Use the following data for another header rule. This header rule is for the From field.
Parameter Value
name From
header-name From
action manipulate
msg-type request
s a
The configuration element is header-rules, a sub-element of the sip-
manipulation element. The ACLI path is session-router>sip- ) h a
manipulation>header-rules.
i l ฺ com
t m a value d e ฺis
3. Use the following data for the element rule. Note that the parameter-name
blank. ho t Gu i
@
vo uden
r a
From elc t
Parameter Value
a S
his
name
parameter-name
a h
puri-host t
type
o r
( replaceus e
action
a v t o
match-val-type
new-valueae
lcr nse ip
p h l i c e $LOCAL_IP
ra blelement
Theoconfiguration
e is element-rules, a sub-element of the header-rules
v a
er ACLI path is session-router>sip-manipulation>header-
raelement.sfThe
l c
p h ae -tranrules>element-rules.
Ra non4. Issue done to save the element-rules configuration, and return to the header-
rules element.
5. Issue done to save the header-rules configuration, and return to the sip-
manipulation element.
Now, your sip-manipulation element should look like this (# is your student
number):
sip-manipulation
name NAT_IP#
description Student# peer# HMR
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
header-rule
name To
header-name To
action manipulate
comparison-type case-sensitive
match-value
msg-type request
new-value
methods
element-rule
name
parameter-name
To
s a
type uri-host
) h a
com
action replace
match-val-type
comparison-type i l
a deฺฺ ip
case-sensitive
match-value t m
o Gui
new-value h
@ ent
$REMOTE_IP
header-rule
v o
cra Stud
name From
header-name
e l
a this
From
action
p h manipulate
(ra use
comparison-type case-sensitive
match-value
o
rav se to
msg-type request
l c new-value
p h ae licen methods
element-rule
c r av sfera parameter-name
type uri-host
p - match-val-type ip
Ra non comparison-type
match-value
case-sensitive
new-value $LOCAL_IP
last-modified-by admin@10.0.3.1
last-modified-date 2011-03-26 20:39:26
1. Apply the rules to the outbound traffic of the peer realm. The ACLI path is media-
manager>realm-config.
Parameter Value
out-manipulationid NAT_IP# (# is your student number)
a se configuration.
(rrealm-config
c. Issue done to commit the
a v o t o u
r
lc the e
sConfiguration
a e
Step 5: Viewing and Verifying
e n
1. Examiner a phHMRleconfiguration.
your lic
r a f e ab should contain one sip-manipulation element named as
voconfiguration
r
a e l c NAT_IP#.
Your
a n s It should contain two header-rule elements, one is for the To field, and
r
ph on-tone for the From field. Ensure the name of the header manipulation rules is set to the
R a n out-manipulationid parameter of the realm-config element, so that the rules
can be applied to the outbound SIP traffic.
Do NOT save or activate the configuration. Your instructor will perform the
tasks when everyone has completed this portion of the exercise.
Tell your instructor that you have completed this portion of the exercise.
Wait until the instructor has saved and activated the configuration before
continuing to the next step.
3. Ask your partner to call you. Remember to capture the call received from your partner
with Wireshark. s a
) h a
com
The call should be successful. Check your configuration if the call failed. If you cannot
resolve the issues, ask the instructor for help.
i l
a deฺ ฺ
t m
o Gshould ui
4. Stop the live capture in Wireshark when the call is complete. This
contain the SIP messages at the peer side. @ enth capture
v o
5. Examine the SIP messages captured during the l c ra received
call
S t d your partner. Pay
ufrom
attention to the SIP URI in the From and To
h e
a fieldsthofithe
s INVITE message.
p
• Is there still IP address leak o (rathe core
from u s e
realm to the peer realm? If there is any,
l c rav se to
check your HMR configuration.
h
• If there is no
p aIPeaddress
l i c n what are the SIP URIs in the From and To fields
eleak,
now?
o ra ble
r v fera
aSave
e c
l workstation.
6.
n s call capture in a file named as peer1#B on the desktop of your student
the
a r a
a ph on-t
R n
Tell your instructor that you have completed this exercise. This scenario and
answers will be discussed in class as a group.
The table below shows that you can configure SIP access control for three scenarios in a
peering environment.
Value of Value of
allow-anonymous addr-prefix Allowed Access
All SIP traffic from any realm regardless of
s a
all
the value of addr-prefix
) h a
com
SIP traffic from both the realm with the
IP address/number of bits
realm-prefix
e.g. 192.168.0.0/24
i l
a deฺฺ
address that match the address specified by
addr-prefix, and the session agents
t m
oagentsG ui
agents-only
h
SIP traffic from session
@ ent
only
v o
l
In this exercise, you will configure the SIP access control
e crafor twoSscenarios:
tud
• Allow only the traffic from certain peer p h a to access
t histhe Net-Net SD as specified by
r a realms
e
o ( thetoNet-Net
us SD as specified by the 3 row of the
nd
the 2 row of the table.
• Allow only session agentsatovaccess
rd
table.
e l cr nse
a p hthea Current
l i ceSIP Access Control
Step 1: Examining
o r b le
v a
ervalue of the allow-anonymous and addr-prefix parameters in the
raExaminesfthe
l c 1.
h ae -tcurrentr an configuration.
p
Ra non2. Fill in your current access control findings in the following table
Value of Value of
allow-anonymous addr-prefix Allowed Access
As you can see that the current configuration allows all SIP traffic from any realm to
access the Net-Net SD, because the allow-anonymous parameter is set to all.
Read the instructions carefully and only perform the tasks that you are
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
instructed to.
• Which one of the realms and SIP interfaces should you configure for this the SIP
access control scenario?
2. Use the following data to configure the SIP access control on the appropriate realm s a
and SIP interface.
) h a
Parameter Value
i l ฺ com
allow-anonymous realm-prefix
t m a deฺ
addr-prefix 192.168.1.0/24
h o Gui
v o @ e n t the
cra Stud
Remember to issue done when you finish configuring an element to commit
configuration.
e l
a this
p h
tasks when everyone has o (ra this
Do NOT save or activate the configuration.
u s e Your instructor will perform the
a v completed
r youshave t o portion of the exercise.
e l
Tell your instructor cthat n e completed this portion of the exercise.
a
phto instructor
Wait until the e
lic has saved and activated the configuration before
r a
continuing l
the e
next step.
r a vo ferab
e l c nthes access control by making calls between you and your partner. Remember to
3. Test
h a - t r a the calls.
capture
p
Ra non • Can you call your partner successfully or not, and why?
• Do you receive an error when placing a call, and what is the error code?
Value of Value of
allow-anonymous addr-prefix Allowed Access
4. Student 2, 4, 6, and 8 only: Alter the addr-prefix value using the following data.
Parameter Value
addr-prefix 192.168.0.0/24
Do NOT save or activate the configuration. Your instructor will perform the
tasks when everyone has completed this portion of the exercise.
Wait until the instructor has saved and activated the configuration before
continuing to the next step.
5. Test the access control again by making calls between you and your partner.
Remember to capture the calls.
• Do you receive an error when placing a call, and what is the error code?
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
6. Student 2, 4, 6, and 8 only: Change the addr-prefix value back to its previous
value.
Parameter Value
addr-prefix 192.168.1.0/24
Do NOT save or activate the configuration. Your instructor will perform the s a
tasks when everyone has completed this portion of the exercise.
) h a
com
Wait until the instructor has saved and activated the configuration before
continuing to the next step.
i l
a deฺ ฺ
t m
o GAgents ui
Step 3: Configuring the SIP Access Control to Allow only h Session
t you will
In this step, you will configure your SJphone as a sessiona v o@ e n
d the Net-Net SD
cragent S
agent first, and then
e l
configure the SIP access control so that only the session can tuaccess
for SIP processing.
p h a this
o (raand only
u s e
rav se to
Read the instructions carefully perform the tasks that you are
instructed to.
l c
p h ae licen
ra a session
1. Configure
o b leagent.
v
ra a.sfUse a
er the following data to configure the session agent. The configuration
l c
p h ae -tran element is session-agent. The ACLI path is session-
Ra non
router>session-agent.
Parameter Value
(# is your student number)
hostname Student#
ip-address 192.168.0.10#
realm-id peer#
Do NOT save or activate the configuration. Your instructor will perform the
tasks when everyone has completed this portion of the exercise.
Tell your instructor that you have completed this portion of the exercise.
Wait until the instructor has saved and activated the configuration before
continuing to the next step.
Once again, there should be two realms and two SIP interfaces configured, one of
each is for the peer realm, and one of each is for the core realm. Ensure that you
know which realm and SIP interface to configure before proceeding.
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
Use the following data to configure the SIP access control on the appropriate realm
and SIP interface.
Parameter Value
allow-anonymous agents-only
Remember to issue done when you finish configuring an element to commit the
configuration.
Do NOT save or activate the configuration. Your instructor will perform the
s a
tasks when everyone has completed this portion of the exercise.
) h a
Tell your instructor that you have completed this portion of the exercise.
i l ฺ com
t m a deฺ
Wait until the instructor has saved and activated the configuration before
continuing to the next step.
h o Gui
3. Test the access control again by making calls between v o @ enpartner.
you and your
t
Remember to capture the calls.
e l cra Stud
• Can you call your partner successfully p h aor not, and
t s
hiwhy?
( r a e
• Do you receive an error a v o t o us
cr nse
when placing a call, and what is the error code?
e l
a p ha a call
• Can you receive
l i corenot, and why?
o
•vFill
r current
in your a b leaccess control findings in the following table.
l c ra sfer
p h ae -tran allow-anonymous
Value of Value of
Allowed Access
Ra no n addr-prefix
Tell your instructor that you have completed this exercise. This scenario and
answers will be discussed in class as a group.
diagram (PBRB)
student1
11.0.0.10
student2
ble
student3
physical:network
fe r a
192.168.0.101
interface name
ans
11.0.0.102
FW M00:0
SD n - t r
no 172.16.0.100
FW
s a
192.168.0.103
) h a physical:network
student4 0/0
c o m interface name
a ฺ
il eฺ M10:0
m
ot Guid
student5 h
11.0.0.104
a v o@ dent
FW
e l cr Stu 1/0
student6
h a i s Backbone
192.168.0.105
( r ap se th
a v o to u
11.0.0.106elc
r se
a e n
student7
r a ph lic student8
vo
FW
c r a
a e l
a ph192.168.0.107 11.0.0.108
R
All PCs also connected wancom0
to sw at wancom0: 10.0.3.11
peer_x: 10.0.0.x
p h ae this 172.16.0.10
. .
sip-port
registrar
o (ra use
rav se to Local Policy: access3
:
Realm: access3
l c
e . en
192.168.0.103 FW
FW
p h a
11.0.0.13
l i c Next hop 172.16.0.100
o r a Realm-id backbone
c r av3.3.3.3
E-P-A
ae l
p h
Ra :
Realm: access4
Local Policy: access4
11.0.0.104 11.0.0.14
. Next hop 172.16.0.100
FW
Realm-id backbone
4.4.4.4
E-P-A
p h ae this 172.16.0.10
. .
sip-port
registrar
o (ra use
rav se to Local Policy: access7
:
Realm: access7
l c
e . en
192.168.0.107 FW
p h a
11.0.0.17
l i c Next hop 172.16.0.100
o ra Realm-id backbone
c r av E-P-A
7.7.7.7
h a el
p
Ra :
Realm: access8
11.0.0.18
. Local Policy: access8
11.0.0.108 FW Next hop 172.16.0.100
8.8.8.8 Realm-id backbone
E-P-A
Overview
In this lab, you will configure the necessary parameters for the Net-Net Session Director
(Net-Net SD) to operate in a SIP access-backbone environment with Hosted NAT
Traversal (HNT), using the Policy Based Realm Bridging (PBRB) model.
The first and most preferable model is the policy-based bridged realm approach, using
local policy statements to route traffic from realm to realm. This configuration does not
use the sip-nat object at all. This is the most efficient configuration for the Net-Net SD as
it eliminates the need for the Net-Net SD to parse each header, scrub it for sensitive data, s a
and encode cookies for subsequent decoding on the return path. As a side effect, the
) h a
com
configuration is considerably simpler – making it easier to implement and troubleshoot.
Use this model when: i
a deฺl ฺ
t m
o Gui
• The endpoints use domain-based Addresses of Record (AORs) h
@ entAORs sent by
• The softswitch infrastructure can accommodate the domain-based
v o
cra Stud
the endpoints.
e l
a set on
Refer to your student guide and documentation
p h t is laptop if you require any
hyour
assistance with ACLI command syntax.
( r a Use the e
s available lab diagrams for reference.
o
avperform u
to following tasks:
l c ryou e
h a e ens
By completing these labs, the
r
• Verifya pexisting
the
l e lic
configuration parameters
a o
•vConfigure
r a
theb PBRB model for SIP Access
l r
c • Observe
•
s
Observef edifferences when using Domain Names for user domains
a e n
tr•aCapture calls through the Net-Net SD and examine the output
the function of dialog-transparency
p h n -
Ra no
Table of Exercises:
Exercise 1: Configuring PBRB in Access-Backbone Environment ................................. 2
the system.
For successful practice and desired results, this exercise requires that some of the student
workstations be behind the firewall as shown in the table below. The instructor will physically
connect the firewalls for your workstations.
h anthe
ae 3.2.-tClick
r
Click the Run… icon in the displayed window.
p
Ra non4. Highlight the not_behind_firewall entry.
drop down menu at Open.
5. Click OK.
a. A window should open and a batch file should run. The batch file changes the
media network address from the 192.168.0.0/24 network to the 11.0.0.0/24
network.
b. Once the window has closed, examine the IP address for media displayed on
the lower right corner of your desktop. It should be an address on the
11.0.0.0/24 network. If not, please ask the instructor for help.
If you are using one of the Student workstation 1, 3, 5, and 7 that are behind
the firewall, perform the following tasks:
Check the media addressing information in the lower right hand corner of your desktop. It
should indicate that you are in the 192.168.0.0/24 network. If not, perform the following tasks:
1. Click the START icon on the lower left corner of your desktop.
2. Click the Run… icon in the displayed window.
3. Click the drop down menu at Open.
b. Once the window has closed, examine the IP address for media displayed on
the lower right corner of your desktop. It should be an address on the
192.168.0.0/24 network. If not, please ask the instructor for help.
Do not change the existing configuration parameters unless you are told to
s a
do so by your instructor. You build your configuration on these parameters
) h a
com
throughout this lab. Changing them may cause configuration errors.
i l
a deฺฺ
t m
o Glocated
1. Use the appropriate show command to examine the physical interfaces ui in slot
0/port 0 and slot1/port0. h
@ ent
v o
l
• What are the names of the physical interfaces?
e cra Stud
• What are the duplex-modes anda p hafor these
t s
hiinterfaces?
o ( r speeds
e
us what network interface the
2. Use the appropriate show a v
r named
command t o
to determine
a
pre-configured homee l crealm
e n se backbone is bound to. Remember that the home
ph theleNet-Net
realm is where
r a lic SD’s SIP daemon (sipd) lives.
r a o network
•vWhich
f e r abinterface is the home realm associated with?
a e l c •aWhat n s
p h n - t r is the address prefix associated with the home realm?
Ra no • What does the address prefix associated with the home realm indicate?
In the next steps, you configure the realm for your access network. Refer to
the lab diagrams, student guide, and the documentation set on your
workstation desktop.
Parameter Value
identifier access# (# is your student number)
network-interfaces M00:0
addr-prefix 0.0.0.0
Remember to issue done to commit the changes, and examine the changes to ensure
they are correct.
In this step, you will configure a SIP interface for the access realm. The SIP interface for the
backbone realm is already configured.
Parameter Value
realm-id access# (# is your student number)
nat-traversal always
registration-caching enabled
a e lc nse
a p hstate lice
sip-interface
enabled
o r b l e
realm-id access#
v a
ra sfer sip-port
description
l c
p h ae -tran address 11.0.0.1#
Ra no n port 5060
transport-protocol UDP
tls-profile
allow-anonymous all
carriers
....
nat-traversal always
....
registration-catching enabled
....
last-modified-by admin@console
last-modified-date 2011-03-30 14:34:02
3. Issue done to commit the SIP port and SIP interface configurations.
4. View the SIP interfaces in the configuration. You should have a SIP interface for your
access realm.
• For what endpoint do you have to enable registration caching for the Net-Net SD to
support it, NATed or non-NATed endpoints?
Parameter Value
s a
from-address
to-address
* (a wild card)
* (a wild card) ) h a
source-realm access# (# is your student number)
i l ฺ com
The configuration element is local-policy. The ACLI path is tm
a deฺ
session-router> local-policy. h o Gui
v o @ entdata.
cra Stud
2. Configure the policy attributes for the local policy, using the following
e l
a thValue
Parameter
p h is
next-hop
r a
172.16.0.100
( backbone e
realm
a v o t o us
The configuratione l cr isnpolicy-attributes.
se
local-policy h a
p le li
element
c
element. eThe ACLI path is
It is a sub-element of the
session-router>local-
r a
vo ferab
policy>policy-attributes.
r a
a e l c SD n s
172.16.0.100
a
is the IP address of Asterisk in the backbone realm. So the Net-Net
p h n - r
tdiagram for a depiction
is configured to use Asterisk as the next hop to route signaling to. Refer to the lab
Parameter Value
(# is your student number)
realm-id access#
ip-address 11.0.0.1#
start-port 20000
end-port 29999
Remember to issue done to commit the changes, and examine the changes to ensure
they are correct.
You only need to enable latching when configuring the media manager. Accept the default
values for the rest of the parameters in the media-manager element.
• If your student workstation is behind the firewall, do you have to enable media
latching for the Net-Net SD to support it?
• If your student workstation is not behind the firewall, do you have to enable media s a
latching for the Net-Net SD to support it? ) h a
i l ฺ com
2. Examine the registrar’s domain, address, and port and fill in the following table. They
are configured the sip-config element.
t m a deฺ
h o Gui
Parameter o
Value
v @ ent
registrar-domain
registrar-host e l cra Stud
registrar-port
p h a this
o (theraAsterisk
u s e on the instructor’s workstation.
rav se to
The registrar used in the lab is running
l
e thec
Step 8: Verifying andaSaving
p h l i c en Configuration
o a ble and ensure there are no referential errors.
rconfiguration,
av sfera
Verify the
c r
h a el trWaita nuntil your instructor saves and activates the configuration before
a. Click the X-Lite icon ( ) on your desktop to start the X-Lite application.
The X-Lite phone GUI should appear.
b. Verify the X-lite options are set correctly by right-clicking on the phone’s
display and selecting SIP Account Settings.
c. In the window that appears, click the Properties button and review the
following parameters:
s a
2. Verify that your phone registers properly.
) h a
a. Issue the command show sipd endpoint-ip 700#, where # is your
i l ฺ com
student number.
t m a deฺ
h o cache? i
uWhy
• Is your endpoint registered in the Net-Net SD registration
@ ent G do
you think this information is necessary? vo
e l cra Stud
b. Issue the command show a p haendpoint-ip
t his 700#, where # is another
o
student’s phone number. r sipd
e
( If your phone
us number is even, refer to one that is
a v t o
e l cr nse
odd, and vice-versa.)
• If your workstation is not behind the firewall, capture on the media interface
of the 11.0.0.0 network.
4. Place a call to one of the following extensions: 600, 411, or 911. Then hang up.
Your call should be successful. Check your configuration if you cannot place a call to
these numbers. If you cannot resolve the issues, ask the instructor for help.
6. Examine the call capture. This capture should contain the SIP messages captured at
the access side.
7. Save the capture in a file named as abbn#A on the desktop of your student
workstation (# is your student number).
1. Ask your partner to call you. Remember to capture the call received from your partner
with Wireshark.
Your calls should be successful. Check your configuration if the calls fail. If you cannot
resolve the issues, ask the instructor for help.
2. Examine the call capture. Focus on the SIP URI in the From, To fields of the INVITE
message.
a p h element
The configuration l i ceis sip-port. The ACLI path is session-router>sip-
o r b le
interface>sip-ports.
v
ra done f a
erto commit the changes.
l c s
ae -tran
2. Issue
p h
Ra non • What is the significance of changing the allow-anonymous setting?
• What effect should this change have on your ability to place calls?
Wait until your instructor saves and activates the configuration before
proceeding to the next step.
b. In the window that appears, click the Properties button and review the
following parameters:
2. Place a call to the number 600 (the RTP Echo extension), and the number 999 (the
music on hold extension).
• If you received an error message, explain why you received it, and where it was s a
generated.
) h a
Step 13: Using IP Addressing on your Endpoints i l ฺ com
t m a deฺ
In this step, you will re-register X-Lite to use IP address-based AORs, h o theGsame
place ui calls
as earlier in this lab, and observe the differences in messaging. @
v o e n t
1. On X-Lite, recheck the register with domain e l craand Sreceive
tud incoming
calls checkbox.
p h a this
o (rait registers
u s ewith the registrar.
rav se to
2. Restart your X-Lite and ensure that
l c
3. Start Wiresharkatoetrace the call.
p h l i c en
o
4. Ask yourrapartnerbtolecall you. Remember to capture the call in Wireshark.
r v fera
aExamine
e l c 5. n s the FROM and TO header fields on the access side.
a r a
a ph on-t • Do any of the originating Network addressing leak from the backbone side to the
R n access side in the FROM and TO header fields?
Tell your instructor that you have completed this exercise. This scenario will
be discussed in class as a group.
s a
) h a
i l ฺ com
t m a deฺ
h o Gui
v o @ ent
e l cra Stud
p h a this
o (ra use
l c rav se to
p h ae licen
o ra ble
c r av sfera
h a el tran
p -
Ra non
diagram (SSNHTN)
student1
11.0.0.10
student2
ble
student3
physical:network
fe r a
11.0.0.101
interface name
ans
192.168.0.102 M00:0
SD n - t r
FW no 172.16.0.100
s a
11.0.0.103
) h a physical:network
student4 0/0
c o m interface name
FW a ฺ
il eฺ M10:0
m
ot Guid
student5 h
192.168.0.104
a v o@ dent
e l cr Stu 1/0
student6
h a i s Backbone
ap se th
11.0.0.105 FW
( r
o to u
a v
192.168.0.106 elcr se
h a c e n FW
student7
ra p l i student8
av o
c r
h a el
11.0.0.107
p
Ra
192.168.0.108
2.2.2.2
172.16.0.12 SIP-NAT
Access2 H-A
v @
o Access2e nH-P-A
172.16.0.100
E-P-A r a
lc cache
Registration tu d 172.16.0.100.
a e i s S 172.16.0.10 registrar
p h t h
. .
sip-port
o (ra use
rav Local o access3 -> backbone
:
Realm: access3
l c e tPolicy:
h a e . ens
11.0.0.13 Next hop: 172.16.0.100
11.0..0.103 FW
3.3.3.3ap
E-A c
li 172.16.0.13 SIP-NAT
o r 172.16.0.100
e l c Registration cache
a pha
R :
Realm: access4 Local Policy: access4-> backbone
11.0.0.14
. Next hop: 172.16.0.100
192.168.0.104 FW
FW
E-A
172.16.0.14 SIP-NAT 172.16.0.100
4.4.4.4 access4 H-A
Access4 H-P-A
E-P-A
Registration cache
a v o@access6
d e nH-P-A
E-P-A
e l cr Stu
Registration cache 172.16.0.100.
p h a this 172.16.0.10
. .
sip-port
registrar
o (ra use
rav Local to Next
:
Realm: access7 Policy: access7-> backbone
e l c n s e hop: 172.16.0.100
11.0.0.107 FW a
11.0.0.17
.
e
h E--A lic 172.16.0.17 SIP-NAT
7.7.7.7ap
o r access7 H-A
172.16.0.100
av
E-P-A access7 H-P-A
l c r Registration cache
p h ae
Ra :
Realm: access8 Local Policy: access8-> backbone
Next hop: 172.16.0.100
192.168.0.108 FW 11.0.0.18
.
FW
E-A
172.16.0.18 SIP-NAT 172.16.0.100
8.8.8.8 access8 H-A
access8 H-P-A
E-P-A
Registration cache
Overview
In this lab, you will configure the necessary parameters for the Net-Net Session Director
(Net-Net SD) to operate in a SIP access environment with Hosted NAT Traversal (HNT),
using the Single SIP-NAT, Homed in a Trusted Network model (SSNHTN). You would
typically use this solution when the endpoints do not use Domain Name (DN) based
addresses of record (AORs) and Network Address Translation (NAT) is required at Layer
5. This solution is also viable when you need to perform HNT within multiple access
Networks.
s a
You will first verify the existing configuration to gather information necessary to complete ha
m )
the lab. You will then configure SIP-NATs according to the lab specification, monitor,
o and
test your configuration using the X-Lite application for making SIP calls through
a ilฺcthe eNet- ฺ
Net SD.
t m i d
Refer to your student guide and documentation set on your laptop
@ hoif you tforget
G uany of the
command syntax. Make sure you have your lab diagrams
a d n
vofor reference.
e
r
lc tasks: Stu
By completing this lab you will perform the following
a e is
• Configure a Single SIP NAT Homed r a phin a Trusted
• Verify the existing configuration parameters
e t hNetwork
backbone architecture vo
( u s for a SIP access-
a e l c ans
p h n - tr
Ra no
For successful practice and desired results, this exercise requires that some of the student
workstations be behind the firewall as shown in the table below. The instructor will physically
connect the firewalls for your workstations.
h anthe
ae 3.2.-tClick
r
Click the Run… icon in the displayed window.
p
Ra non4. Highlight the not_behind_firewall entry.
drop down menu at Open.
5. Click OK.
a. A window should open and a batch file should run. The batch file changes the
media network address from the 192.168.0.0/24 network to the 11.0.0.0/24
network.
b. Once the window has closed, examine the IP address for media displayed on
the lower right corner of your desktop. It should be an address on the
11.0.0.0/24 network. If not, please ask the instructor for help.
If you are using one of the Student workstation 2, 4, 6, and 8 that are behind
the firewall, perform the following tasks:
1. Click the START icon on the lower left corner of your desktop.
2. Click the Run… icon in the displayed window.
3. Click the drop down menu at Open.
4. Highlight the behind_firewall entry.
5. Click OK.
a. A window should open and a batch file will run. The batch file changes the
media network address from the 11.0.0.0/24 network to the 192.168.0.0/24
network.
b. Once the window has closed, examine the IP address for media displayed on
the lower right corner of your desktop. It should be an address on the
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
Do not change the existing configuration parameters unless you are told to
do so by your instructor. You build your configuration on these parameters
throughout this lab. Changing them may cause configuration errors.
s a
) h a
com
1. Use the appropriate show command to examine the physical interfaces located in slot
0/port 0 and slot1/port0.
i l
a deฺ ฺ
• What are the names of the physical interfaces? t
o Guim
h
@ ent
• What are the duplex-modes and speeds for these v o
cra Stud
interfaces?
e l
pre-configured home realm nameda p ha istbound
2. Use the appropriate show command to determine
h is to.network
what interface the
l c r av e to
• Which networke
a s home realm associated with?
interface isnthe
e
a h c
p le liprefix associated with the home realm?
• Whatr
vo ferab
is the address
r a
a e l c •aWhatn sdoes the address prefix associated with the home realm indicate?
r
ph on3.-tUse the appropriate show command to examine the home realm configuration.
R a n
• Which realm is specified as the home realm?
4. Use the appropriate show command to examine the local policy configured for your
access realm.
• What is the function of the local policy configured your access realm?
In the next steps, you configure SIP-NAT for your access network. Refer to
the lab diagrams, student guide, and the documentation set on your
workstation desktop.
Parameter Value
(# is your student number)
realm-id access#
domain-suffix .access#.acme.com
ext-proxy-address #.#.#.#
ext-address 11.0.0.1#
ext-proxy-port 5060
home-address 172.16.0.1#
home-proxy-address 172.16.0.100 s a
home-proxy-port 5060
) h a
com
route-home-proxy enabled
user-nat-tag -access#-
i l
a deฺ ฺ
host-nat-tag ACCESS#-
t m
o Gui
The configuration element is sip-nat. The ACLI path is@
h t
v o n
session-router>
e
l c ra asSittdefaults
sip-nat. Note that the value in the ext-proxy-address
u d to 0.is a dummy
parameter
value. Ensure that home-proxy-port is set
h a e is
to 5060,
( r p examine
aand e ththe changes to ensure they are
o to us
2. Issue done to commit the changes,
correct.
a v
e l crof thenSIP-NAT
se that you just configured?
a
• What is the function
ph le lic e
r
o and
Step 4: Verifying
a bSaving the Configuration
a v r a
r thesconfiguration,
fe
e l cVerify n
h a - t r a and ensure there are no referential errors.
p
Ra non Wait until your instructor saves and activates the configuration before
proceeding to the next step.
a. Click the X-Lite icon ( ) on your desktop to start the X-Lite application.
The X-Lite phone GUI should appear.
b. Verify the X-lite options are set correctly by right-clicking on the phone’s
display and selecting SIP Account Settings.
c. In the window that appears, click the Properties button and review the
following parameters:
ha lice
vice-versa.)
a p
r • Whatbislethe difference between even and odd numbered registrations, and
v o
a sfewhy? ra
c r
h a el 3. tStart
r anthe live capture in Wireshark.
p -
Ra non a. Ensure the Filter field is set to sip.
b. Ensure to capture on the media interface as specified below:
• If your workstation is not behind the firewall, capture on the media interface
of the 11.0.0.0 network.
4. Ask your partner to call you. You should receive the call successfully.
6. Examine the call flow and address information in the call capture.
7. Save the capture in a file named as ssnhtn# on the desktop of your student
workstation (# is your student number).
Parameter Value
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
allow-anonymous registered
• What effect should this change have on your ability to place calls?
s a
) h a
Wait until your instructor saves and activates the configuration before
i l ฺ com
proceeding to the next step.
t m a deฺ
h o Gui
Step 7: Testing the Access Control
v o @ ent
1. Verify the X-lite options are set correctly.
e l cra Stud
p h a this
( r
a. Right-clicking on the phone’s a seand selecting SIP Account
display
Settings.
r a vo to u
a e
b. In the window
e n se click the Properties button and review the
lcthat appears,
r a ph parameters:
following
l e lic
r a vo f•eUnder r abthe account tab, ensure that
a e l c ans o The user name is set to 700# (where # is your student number).
p h n - t r o The register with domain and receive incoming
R a n o calls checkbox is un-checked.
o Under Send outbound via, the proxy button is checked and
the value is set to the ip-address of your access realm’s SIP
interface. Refer to your lab diagrams for the correct addresses.
2. Place a call to the number 600 (the RTP Echo extension), and the number 999 (the
music on hold extension).
• Were the calls successful? If not, what error message was returned to X-Lite?
• Explain why you received or did not receive an error message, and where the error
message was generated.
• If the call was not successful, how do you make it successful again?
Tell your instructor that you have completed this exercise. This scenario will
be discussed in class as a group.
student1 student8
192.168.0.100
student2 student1
ble
physical:network
fe r a
interface name
ans
M00:0
SD n - t r
student3
no 172.16.0.10
s a
) ha physical:network
0/0
c o m interface name
student4 a ฺ
il eฺ M10:0
m
ot Guid
h
a v o@ dent
student5
e l cr Stu 1/0
h a i s core
student6 ( r ap se th
a v o to u
a e lcr nse
a p h l i cestudent8
r
student7
o
ra v
l c
p hae
Ra
All PCs also connected
to hub going to wancom0: wancom0
studentx: 10.0.3.x 10.0.3.11
student1 student4
bl e
fe r a
an s
n - t r
Realm ID: peer1 home realm : acme
a no ID: core1
Realm
sipd 127.255.255.254
ha s
192.168.0.101 192.168.0.11. 127.0.0.11 127.0.0.21
m )
172.16.0.11 172.16.0.100
E-P-A E-A peer1 H-A peer1 H-P-A
ฺ c o E-A E-P-A
core1 H-P-A
il eฺ
core1 H-A
a
m
ot Guid
Realm ID: peer2 h
o@peer2 nt
Realm ID: core2
127.0.0.12
a v e
127.0.0.22
d
192.168.0.102 192.168.0.12 peer2 H-A
core2 H-P-A
e l cr Stucore2 H-A
H-P-A
172.16.0.12 172.16.0.100
E-P-A E-A
o (ra use
Realm ID: peer3
l c rav se to Realm ID: core3
h a e en 127.0.0.13
E-Alic
192.168.0.103 127.0.0.23
E-P-A
r a p 192.168.0.13
peer3 H-A peer3 H-P-A 172.16.0.13 172.16.0.100
l cra
p h ae Realm ID: peer4
Realm ID: core4
a
R 192.168.0.104 192.168.0.14
127.0.0.14
peer4 H-A
127.0.0.24
peer4 H-P-A
E-P-A E-A core4 H-P-A core4 H-A 172.16.0.14 172.16.0.100
E-A E-P-A
student5 student8
bl e
fe r a
an s
n - t r
Realm ID: peer5 home realm : acme
a no ID: core5
Realm
sipd 127.255.255.254
ha s
192.168.0.105 192.168.0.15 127.0.0.15 127.0.0.25
m )
172.16.0.15 172.16.0.100
E-P-A E-A peer5 H-A peer5 H-P-A
ฺ c o E-A E-P-A
core5 H-P-A
il eฺ
core5 H-A
a
m
ot Guid
Realm ID: peer6 h
o@peer6 nt
Realm ID: core6
127.0.0.16
a v e
127.0.0.26
d
192.168.0.106 192.168.0.16 peer6 H-A
core6 H-P-A
e l cr Stucore6 H-A
H-P-A
172.16.0.16 172.16.0.100
E-P-A E-A
o (ra use
Realm ID: peer7
l c rav se to Realm ID: core7
h a e en 127.0.0.17
E-Alic
192.168.0.107 127.0.0.27
E-P-A
r a p 192.168.0.17
peer7 H-A peer7 H-P-A 172.16.0.17 172.16.0.100
l cra
p h ae Realm ID: peer8
Realm ID: core8
a
R 192.168.0.108 192.168.0.18
127.0.0.18
peer8 H-A
127.0.0.28
peer8 H-P-A
E-P-A E-A core8 H-P-A core8 H-A 172.16.0.18 172.16.0.100
E-A E-P-A
ble
fe r a
ans
n - t r
no
s a
) ha
c o m
a ฺ
il eฺ
m
ot Guid
h
a v o@ dent
e l cr Stu
p h a this
o (ra use
l c rav se to
h a e en
rap lic
avo
l c r
a e
Raph
Overview
In this lab exercise you configure SIP-NAT bridging for the Net-Net Session Director (Net-
Net SD) to operate in a SIP peering environment. You first verify the existing
configuration to gather information necessary for completing the lab. You will then
configure SIP-NATs to configure a SIP-NAT Bridge. Next you will monitor and test your
configuration using the SJphone application for making SIP calls through the Net-Net SD.
Refer to your student guide, lab diagrams and the documentation set on your workstation
desktop if you forget any of the command syntax.
s a
By completing this lab you will perform the following tasks:
) h a
• Verify the existing configuration parameters
• Configure a SIP-NAT bridge for a SIP peering architecture i l ฺ com
• Capture calls through the Net-Net SD and examine the output
t m a deฺ
h o Gui
Table of Exercises:
v o @ ent
l c ra Stud
Exercise 1: Configuring a SIP-NAT Bridge ...................................................................... 2
h a e is
( r ap se th
r a vo to u
a e lc nse
a p h l i ce
o r b le
v
ra sfer a
l c
p h ae -tran
Ra non
Do not change any of the existing configuration parameters unless you are
instructed to do so. You will build on these parameters throughout this lab.
Changing them may cause configuration errors.
2. Use the show command to view the existing configuration, and fill the information
s a
stated in the table below.
) h a
• Fill in the information about the physical interfaces.
i l ฺ com
t m a deฺ
Physical interfaces in the name,slot,port
h o Gui
name,slot,port
existing configuration
v o @ ent
e l
• Fill in the information about the home realm. cra Stud
p h a this
o (ra use home-realm-id
rav se to
Name
l c
Nat Mode hae n nat-mode
p le lic e
o r a b address,port
v
SIP
a
interface the
er to
rarealmsisfbound
home
l c
h an interface the
ae -trNetwork identifier,addr-prefix
p
Ra non home realm is bound to
• The home realm is bound to a network interface. What physical interface does this
network interface bound to?
Parameter Value
identifier peer# (# is your student number)
network-interfaces M00:0
addr-prefix 0.0.0.0
Parameter Value
identifier core# (# is your student number)
s a
network-interfaces
addr-prefix
M10:0
0.0.0.0
) h a
i l ฺ
2. View your realm configuration. Ensure that you have configured two realms: peer#com
t m a deฺ
o Gui
and core# (# is your student number).
h t in the lab.
@will doesonlater
Do NOT save or activate your configuration. The instructor
v
a tudo
Step 4: Configuring a SIP Interface for the Peer e l crRealm S
h a
p realmeusing h i s
t the following data.
(
1. Configure the SIP interface for ther apeer s
The configuration elementv o to u The ACLI path is
ra is sip-interface.
session-router l>csip-interface.
se
a e e n
r a ph le lic
Parameter Value
a v o rab
realm-id peer# (# is your student number)
e l cr The nrestsfofethe parameters of this element will use the default values.
p h a
n - tra
Ra no If you are not sure how to configure the SIP interface, review the following command
(# is your student number):
training(sip-interface)# realm-id peer#
2. Configure a SIP port for the SIP interface using the following data.
The configuration element is sip-port, a sub-element of sip-interface. The
ACLI path is session-router>sip-interface>sip-ports.
Parameter Value
address 192.168.0.1# (# is your student number)
The rest of the parameters of this element will use the default values.
If you are not sure how to configure the SIP port, review the following commands (# is
your student number):
training(sip-interface)# sip-ports
training(sip-port)# address 192.168.0.1#
3. Issue done to commit the sip-ports configuration when finishing configuring the
sip-port sub-element, and return to the sip-interface element.
Parameter Value
realm-id core# (# is your student number)
• Use the following data for the SIP port of the SIP interface: s a
) h a
Parameter Value
i l ฺ com
address 172.16.0.1# (# is your student number)
t m a deฺ
Step 6: Configuring a SIP-NAT for the Peer Realm h o Gui
v o @ ent
e l crtoaunderstand
In this step, you will configure a SIP-NAT in the peer realm.
S tudthe supports
The SIP-NAT routing
addressing. p h a this
and address translation. Take a look at the lab diagram SIP-NAT
a se
(rrealm
a
1. Configure a SIP-NAT for the o
vis sip-nat.
peer
t o u the following data.
using
l r
c nse
The configuration element The ACLI path is session-router>
sip-nat. e
ha lice
a p
r Parameter le
a v o r a b Value
l c r realm-id
s f e (# is your student number)
n
ae -tradomain-suffix peer#
a p h n .peer#.acme.com
R n o route-home-proxy enabled
ext-proxy-address 192.168.0.10#
ext-address 192.168.0.1#
home-address 127.0.0.1#
home-proxy-address 127.0.0.2#
home-proxy-port 5060
user-nat-tag -peer#-
host-nat-tag PEER#-
1. Configure a SIP-NAT for the core realm using the following data.
The configuration element is sip-nat. The ACLI path is session-router>
sip-nat.
Parameter Value
(# is your student number)
realm-id core#
domain-suffix .core#.acme.com
route-home-proxy enabled
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
ext-proxy-address 172.16.0.100
ext-address 172.16.0.1#
home-address 127.0.0.2#
home-proxy-address 127.0.0.1#
home-proxy-port 5060
user-nat-tag -core#-
host-nat-tag CORE#-
e l
a this
selection:
p h
(ra use
training(sip-nat)#
o r abSteering
le
r a v
Step 8: Configuring
f e r a Pool for the Peer Realm
a e l c1. Configure
a n s the steering pool for the peer realm using the following data. The rest of the
r
ph on-tparameters of the element use the default values.
R a n
Parameter Value
(# is your student number)
ip-address 192.168.0.1#
realm-id peer#
start-port 20000
end-port 29999
Parameter Value
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
2. View the steering pool configuration. There should be two steering pools in the
configuration.
Wait until your instructor save and activate the configuration before
s a
proceeding to the next step.
) h a
com
Tell your instructor that you have completed portion of the exercise.
i l
a deฺ ฺ
Step 10: Testing the SIP-NAT Configuration
t
o Guim
Once both you and your partner have successfully completed all@
h tsomeyouprevious
v o e n
previous steps, should
exercises. This should allow you to test the SIP-NATslc rayou configured.
be able to call each other using each of your extension number as
S tud
you did in
h e that
a this
r p
a thespeer
1. Start SJphone if it is not running. Ensure
e profile is in use.
(
2. Start the live capture inra vo to u
Wireshark.
a e lc nse
p
a. Ensureh the Filter
l i e is set to sip.
cfield
o a
b.rEnsure to lcapture
b e on the media interface of the 192.168.0.0 network.
v a
er to call you. Remember to capture for the call received from your
raAsk yoursfpartner
l c
an in Wireshark.
3.
p h ae -tpartner
r
Ra non The call should be successful. Check your configuration if the call failed. If you cannot
resolve the issues, ask the instructor for help.
4. Stop the live capture in Wireshark when the call is complete. This capture should
contain the SIP messages captured at the peer side.
5. Examine the call capture. Focus on the SIP URI in the From, To, Contact, and Via
fields of the INVITE message.
There should not be any IP address leak from the core realm to the peer realm. If
there is any, check your SIP-NAT configuration.
6. Save the call capture in a file named as peer2# on the desktop of your student
workstation.
Tell your instructor that you have completed this exercise. This scenario
and answers will be discussed in class as a group.
student 1 student 4
bl e
fe r a
Associated H323 Stacks
an s
Realm ID: peer 1
- t
Realm ID: core 1
n r
Gatekeeper
192. 168.0.11 172.16.0.11 n o
192. 168.0.101
Phone SD Local IP for
Peer 1 Core 1
SD Local IP
s a 172.16.0. 100
) ha
Gateway Gateway Gatekeeper
Peer 1 for Core 1
c o m
Realm ID: peer 2
a ฺ
il eฺ
Gatekeeper m
ot2 Guid172.16.0.12
Realm ID: core 2
192. 168.0.102 192.168.0.12 Peer 2 hCore
o@Gatewaynt
172. 16.0.100
Phone SD Local IP for Gateway SD Local IP
Peer 2
a v d e for Core 2
Gatekeeper
e l cr Stu
p h a this
Realm ID: peer 3
a se
(rPeer Realm ID: core 3
o 3 u
Gatekeeper
192.168.0. 103 192. 168.0.13
r a v t o Core 3 172.16.0.13
172.16.0. 100
Phone SD
3 l
c nse
Local IP for
Peer e
Gateway Gateway SD Local IP
Gatekeeper
p h a l i ce
for Core 3
o r a
v
cra
Realm ID: peer 4
Realm ID: core 4
ael
Gatekeeper
192. 168.0.104 192. 168.0.14 Peer 4 Core 4 172.16.0.14
aph
SD Local IP 172. 16.0.100
Phone SD Local IP for Gateway Gateway Gatekeeper
for Core 4
R Peer 4
student5 student8
bl e
fe r a
t r a ns
on-
Associated H323 Stacks
6
Realm ID: peer5 Realm ID: core5
n
sa
Gatekeeper
192. 168.0.15 172.16.0.15
ha
192. 168.0.105 Peer5 Core5 172.16.0. 100
SD Local IP for SD Local IP
Phone
Peer5
Gateway Gateway
m )
for Core5 Gatekeeper
ฺ c o
a il eฺ
Realm ID: peer6 m
ot Guid
Gatekeeper hCore6 nt
Realm ID: core6
192. 168.0.106 192.168.0.16 Peer6
a v o@ Gateway
d e 172.16.0.16 172. 16.0.100
cr Stu
Phone SD Local IP for Gateway SD Local IP Gatekeeper
Peer6
e l
a this
for Core6
p h
Realm ID: peer7
o (ra use
rav sePeer7to
Realm ID: core7
Gatekeeper
192.168.0. 107
e c
192. 168.0.l17
n
Core7 172.16.0.17
172.16.0. 100
Phone SD
p a
hPeer7 lice
Local IP for Gateway Gateway SD Local IP
for Core7
Gatekeeper
o r a
v
a ID: peer8
el crRealm Realm ID: core8
p h a
Gatekeeper
192. 168.0.108 Peer8 172.16.0.18
Ra
192. 168.0.18 Core8 172. 16.0.100
Phone SD Local IP for Gateway Gateway SD Local IP
Gatekeeper
Peer8 for Core8
student1 student4
bl e
fe r a
t r a ns
on-1
Associated H323 Stacks
Realm ID: peer1 Realm ID: core
n
192. 168.0.101
192. 168.0.11
f00:0 Local IP for
Peer1 Core1 172.16.0.11
f10:0
ha
Local IP
sa 172.16.0. 100
Phone Peer1
GateKeeper Gateway
m )
for Core1 Gatekeeper
ฺ c o
a il eฺ
Realm ID: peer2 m
ot Guid
h Core2nt
Realm ID: core2
cr Stu
Phone f00:0 Local IP for Gatekeeper f10:0 Local IP Gatekeeper
Peer2
e l
a this
for Core2
p h
Realm ID: peer3
o (ra use
rav sePeerto3
Realm ID: core3
192.168.0. 103
e l
192. 168.0.13c n
Core3 172.16.0.13
172.16.0. 100
Phone f 00:0
p a
hPeer3 lice
Local IP for Gatekeeper Gateway f10:0 Local IP
for Core3
Gatekeeper
o r a
v
a ID: peer4
el crRealm Realm ID: core4
h a
p .0.104
RaPhone
192. 168 192. 168.0.14 Peer4 Core4 172.16.0.14
f10:0 Local IP 172. 16.0.100
f 00:0 Local IP for Gatekeeper Gateway Gatekeeper
Peer4 for Core4
student5 student8
ble
fe r a
t r a ns
Realm ID: peer5
Associated H323 Stacks
o n-
Realm ID: core5
n
172.16.0.15 a
aIPs
192.168.0.15
. . .
192.168.0.105 peer5 core5
Phone
. . M00:0 Local IP for GateKeeper Gateway
M10:0 Local
)for hcore5 172.16.0. 100
Gatekeeper
peer5
c o m
a ฺ
il eฺ
Realm ID: peer6
o t m u id 172.16.0.16 Realm ID: core6
192.168.0.16
h core6nt
@ Gateway G M10:0 Local
192.168.0.106
. M00:0 IP for
. peer6
a v o d e . IP 172. 16.0.100
Phone peer6
Gatekeeper
lc r S tu for core6 Gatekeeper
a e s
r a ph e thi
Realm ID: peer7
o ( u s
r a v t o Realm ID: core7
192.168.0.107
. M00:0 IP for lc
192.168.0.17
e
. .
n s epeer7 core7
172.16.0.17
. . Local IP
M10:0
.172.16.0.100
. .
Phone
ph
:
peer7 a lic e Gatekeeper Gateway for
:
core7
Gatekeeper
o r a
r a v
e l c Realm ID: peer8 Realm ID: core8
h
p. . a
192.168.0.108 172.16.0.18 .172.16.0.100
R aPhone
192.168.0.18
. .
M00:0 IP for
peer8
Gatekeeper
core8
Gateway
. . .
M10:0 Local IP
for core8
.
Gatekeeper
peer8
Overview
In this lab, you first configure the Net-Net Session Director (SD) as a back to back
gateway (B2BGW) to support H.323 trunking of traffic from one zone to another, then a
gatekeeper/gateway (GK/GW).
Per best current practice, you verify the existing configuration to gather the information
necessary to complete this lab. You then configure realms, H.323 stacks and steering
pool elements on the Net-Net SD according to the lab specifications and diagrams.
You monitor and test your configuration using the SJphone application for placing H.323
s a
calls through the Net-Net SD. Refer to your student guide, lab diagram and the
documentation set on your workstation desktop if you forget any of the command syntax.
) h a
By completing this lab you will perform the following tasks: i l ฺ com
• Verify the existing configuration parameters
t m a deฺ
• Configure the Net-Net SD as an H.323 B2BGW h o Gui
• Configure the Net-Net SD as an H.323 GK/GW
v o @ ent
e l cra Stud
• Capture calls through the Net-Net SD and examine the output
Table of Exercises:
p h a this
Exercise 1: Configuring H.323 for ara e
( B2BGWusEnvironment
Exercise 2: Configuring H.323ofor a GK/GW
Environment ............................................. 2
rav se to
.............................................. 6
l c
p h ae licen
o ra ble
c r av sfera
h a el tran
p -
Ra non
registered zones. From the gatekeeper’s perspective, the network interface on the Net-Net SD is
where LRQs will be sent, and where LCFs will be received from. This is a very common
configuration, and involves passing signaling and media traffic from one H.323 zone to another
through the Net-Net SD. Initially, you verify the interface configuration, and then configure the
realm and H.323 stack elements to pass traffic and signaling across the Net-Net SD. After you
complete your configuration, you will verify proper operation by placing and tracing phone calls
from one zone to another. You will use SJphone and GNUK functions to facilitate
communications between zones. You will use the Wireshark network protocol analyzer will be
used to validate signaling and media connections. The lab is complete when each student can
complete a call to every other student phone. s a
) h a
Do not change any of the existing configuration parameters in this part
i l ฺ com
t m a deฺ
unless told to do so by your instructor. You will be building on these
v o @ ent
Step 1: Examining the Physical and Network c
l ra Stud
Interfaces
e
a show
r a p h
1. From the Superuser mode, use the appropriate
e t hiscommand to examine the
o ( 0/port 0uand
physical interfaces located in slot s slot1/port0 and answer the following
questions. v
ra se t o
l c
e of the
p h
• What are the anames l i c enphysical interfaces?
o
•vWhat
raare the bduplex-modes
le
r a f e r a and speeds for these interfaces?
a e l c2. From
a n s
r
ph on-tnetwork
the Superuser mode, use the appropriate show command to examine the
interfaces bound to the physical interfaces in slot 0/port 0 and slot1/port0 and
R a n answer the following questions.
• What network interface(s) is (are) associated with the physical interface in slot
0/port0?
• What network interface(s) is (are) associated with the physical interface in slot
1/port0?
You will start the necessary configuration for the Net-Net SD according to
your lab diagrams. In these steps, you configure the realm for your peer
network. Use the <?> to assist with the following tasks. Use your student
guide and the documentation set on your workstation desktop as an
additional reference.
1. Configure a peer realm bound to the M00:0 network interface in accordance with the
lab diagram. Accept the default values for all fields.
2. Configure a core realm bound to the M10:0 network interface in accordance with the
lab diagram. Accept the default values for all fields.
Parameter Value
(# is your student number)
name core#
isgateway enabled
realm-id core#
assoc-stack peer#
local-ip 172.16.0.1#
terminal-alias h323-ID=core#
gatekeeper 172.16.0.100:1719
gk-identifier core#
h245-tunneling disabled
fs-in-first-msg disabled
call-start-fast disabled
call-start-slow enabled
process-registration disabled
1. Configure your peer steering pool according to the addressing indicated on your lab
diagrams. Use the following start and end port allocations for your steering pool:
o Gui
diagrams. Use the following start and end port allocations for your steering pool:
h
Realm Start Port o@ denEndt Port
21000 rav
core1
core2 22000 l c
e is S t u 21999
22999
core3 h a
p 24000e th
23000 23999
core4 ( r a s 24999
v o t o u
core6 lcra
core5 25000 25999
e n s e 26000 26999
p h a lice
core7 27000 27999
r a core8
l e 28000 28999
p h n r your configuration.
1.-tVerify
Ra no DO NOT save or activate the configuration. Your instructor will perform the
appropriate commands when everyone has reached this point in the lab
exercise.
Tell your instructor that you have completed this portion of the lab exercise.
2. Double-click on the SJphone icon on your desktop to start the SJphone application. If
you have done this correctly, the SJphone GUI will appear. Ensure that your SJphone
instance is configured to use the tttc1 profile.
Ask your instructor for help if you are unsure of how to complete this step.
4. Start the Open h323 GK GUI application on your desktop (GKgui). Click the connect
button to connect the GUI to the GK.
5. Use the appropriate command from the ACLI to ensure that your h323 stacks have
registered successfully.
If there are no problems, go to the next step. If your H.323 gateway stacks
are not registered, go back and check your configuration. If you cannot find
an error, let the Instructor know so you can work through the problem before
proceeding.
s a
6. Using SJ phone, place a call to another student’s extensions. Refer to the chart below ) h a
for the extension numbers of each student. o m
a ilฺc8. This
e ฺwill
t m
To avoid chaos, student 1 should call student 2, 3 call 4, 5 call 6, and 7 call
i d
ho ttoG
make comparing captures easier as well, as each student is adjacent
@
u other.
each
p h Student
l i c e 7006
r
o rab a l e 7 7007
a v Student 8 7008
e l c7.r Stopnyour
s feWireshark capture, and graph your calls to look at call flow and address
p h a
n - ra
tinformation.
Ra no 8. Save your capture as b2bgw# (where # is your student number).
Please save each call as a separate capture. Ask your instructor for help if
you are unsure of how to use Wireshark to complete these steps.
Tell your instructor that you have completed this portion of the lab exercise.
requests directly to the Net-Net SD. These registrations will be passed through the Net-Net SD to
a GK in a bridged realm, via an associated stack. The end result will be that each student will be
able to place calls to every other student. We will use the Wireshark network protocol analyzer
software and ACLI show commands during the exercise to verify operation. Successful lab
completion is determined when each student phone can call every other student phone.
p h a
n - tr•aWhat network interface(s) is (are) associated with the physical interface in slot
Ra no 0/port0?
• What network interface(s) is (are) associated with the physical interface in slot
1/port0?
Now you will start the necessary configuration for the Net-Net SD according
to your lab diagrams. In the next steps, you will configure the realm for your
peer network. Use the <?> to assist with the following tasks. You may also
refer to your student guide and the documentation set on your workstation
desktop.
1. Configure a peer realm bound to the M00:0 network interface in accordance with the
lab diagram. Accept the default values for all fields.
2. Configure a core realm bound to the M10:0 network interface in accordance with the
lab diagram. Accept the default values for all fields.
path is session-router>h323>h323-stacks.
1. Configure a peer h323 stack in accordance with the lab diagram and table below.
Accept the default values for fields not listed.
Parameter Value
(# is your student number)
name peer#
isgateway disabled
realm-id peer#
s a
assoc-stack core#
) h a
com
local-ip 192.168.0.1#
terminal-alias h323-ID=peer#
i l
a deฺ ฺ
gk-identifier peer#
t
o Guim
h245-tunneling disabled
disabled h
@ ent
fs-in-first-msg
v o
cra Stud
call-start-fast disabled
call-start-slow
e l
enabled
a this
process-registration
p h enabled
2. Configure a core h323 stacko (ra uswith e the lab diagram and table below.
v fields nottolisted.
rafor
in accordance
c se
Accept the default values
a e l n
ph lField lic e Value
r a e
vo ferab
(# is your student number)
r
c nsa name core#
a e l isgateway
a
enabled
p h - t r
realm-id core#
Ra non local-ip
assoc-stack peer#
172.16.0.1#
terminal-alias h323-ID=core#
gatekeeper 172.16.0.100:1719
gk-identifier core#
h245-tunneling disabled
fs-in-first-msg disabled
call-start-fast disabled
call-start-slow enabled
process-registration disabled
1. Configure your peer steering pool according to the addressing indicated on your lab
diagrams. Use the following start and end port allocations for your steering pool:
2. Configure your core steering pool according to the addressing indicated on your lab
diagrams. Use the following start and end port allocations for your steering pool:
e l cra Stud
Step 5: Verifying and Saving the Configuration
p h a this
1. Verify your configuration.
o (ra use
l c
DO NOT save or activateravthesconfiguration.
e to Your instructor will perform the
a e e n
ph le lic
appropriate commands when everyone has reached this point in the lab
r a
exercise.
h a e tr
p n -
Ra Step no6: Testing your Configuration
1. Start the Wireshark application using the icon on your desktop and begin sniffing on
your media interface (192.168.0.10#, where # is the number of your student
workstation).
2. Double-click on the SJphone icon on your desktop to start the SJphone application. If
you have done this correctly, the SJphone GUI will appear. Ensure that your SJphone
instance is configured to use the tttc2 profile.
Ask your instructor for help if you are unsure of how to complete this step.
3. Use the appropriate command from the ACLI to ensure that your h323 stacks have
registered successfully.
If there are no problems, go to the next step. If your H.323 gateway stacks
are not registered, go back and check your configuration. If you cannot find
an error, let the Instructor know.
5. Using SJ phone, place a call to another student’s extensions. Refer to the chart below
for the extension numbers of each student.
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
To avoid chaos, student 1 should call student 2, 3 call 4, 5 call 6, and 7 call 8. This
will make comparing captures easier as well, as each student is adjacent each other.
r a vo to u
unsure of how to use Wireshark to complete these steps.
a e lc nse
h thate
Tell your instructor
a p l i c you have completed this portion of the lab exercise.
o r b le
v
ra sfer a
l c
p h ae -tran
Ra non
s a
) h a
i l ฺ com
t m a deฺ
h o Gui
v o @ ent
e l cra Stud
p h a this
o (ra use
l c rav se to
p h ae licen
o ra ble
c r av sfera
h a el tran
p -
Ra non