D81945GC10 Ag

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ
s a
) h a
i l ฺ com
Oracle SBCoRel t ma6 Config i d eฺ and
Admino(Onsite)
@ h t Gu
r a v uden
a e lc Guide
Activity S t
r a ph e this
o ( us
a v t o
e l cr nse
p h a lice (EDU-CAB-C-CLI – Rev 06.j)
o ra ble
c r av sfera
h a el tran
p -
Ra non
D81945GC10
Edition 1.0
November 2013
D84217
Copyright © 2011, 2013, Oracle and/or its affiliates. All rights reserved.
Disclaimer
This document contains proprietary information and is protected by copyright and other intellectual property laws.
You may copy and print this document solely for your own use in an Oracle training course. The document may not
be modified or altered in any way. Except where your use constitutes "fair use" under copyright law, you may not use,
share, download, upload, copy, print, display, perform, reproduce, publish, license, post, transmit, or distribute this
document in whole or in part without the express authorization of Oracle.
The information contained in this document is subject to change without notice. If you find any problems in the
document, please report them in writing to: Oracle University, 500 Oracle Parkway, Redwood Shores, California
94065 USA. This document is not warranted to be error-free.
This training manual may include references to materials, offerings, or products that were previously offered by
Acme Packet, Inc. Certain materials, offerings, services, or products may no longer be offered or provided. Oracle
and its affiliates cannot be held responsible for any such references should they appear in the text provided.
Restricted Rights Notice
If this documentation is delivered to the United States Government or anyone using the documentation on behalf of
s a
the United States Government, the following notice is applicable:
) h a
com
U.S. GOVERNMENT RIGHTS
i l
a deฺฺ
The U.S. Government’s rights to use, modify, reproduce, release, perform, display, or disclose these training
materials are restricted by the terms of the applicable Oracle license agreement and/or the applicable U.S.
Government contract.
t m
o Gui
h
@ ent
Trademark Notice
v o
l cra Stud
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their
e
respective owners.
p h a this
o (ra use
l c rav se to
p h ae licen
o ra ble
c r av sfera
h a el tran
p -
Ra non
Course Overview
This course provides technical network professionals with the skills needed to successfully configure the Net-
Net Session Director (SD) in both peering and access environments. This course covers the fundamentals of
SIP and H.323 as well as system and protocol-specific configuration of the Net-Net SD. The contents
addressed in the course apply equally to both service provider and enterprise deployments.
Further, this course includes administration of the Net-Net SD, in the form of configuration management
(backups, restores, and revision control). This course consists of lecture, discussion and significant hands-on
labs.
Intended Audience
This course is intended for individuals who will be responsible for hands-on tasks with Acme Packet Net-Net
SD series running Net-Net OS version 6.x, including implementing best current practice base configurations.
s a
) h a
com
Prerequisites
Experience with and knowledge of IP and VoIP concepts and operations. i
a deฺl ฺ
t m
o Gui
Course Agenda h
@ ent
v o
 Module 0 [intr]- Course Overview
l c ra Stud
h e
o This module introduces students to theacourse contents
is and objectives
p t h
 Module 1 [isbc] – Introduction to the
o (raSessionu s e Controller (SBC)
Border
v include:to
rabasic
o Student leaning objectives
 Describelc
e the
n e of a SBC
sfunctions
p a
h the lhardware
 Identify the e
c interfaces
components
i of the Net-Net OS
o ra Locate
b l e on the Net-Net SD
c r
 Moduleav 2 [initc]
s f e r–aInitial Configuration
h a el otraStudent
n leaning objectives include being able to explain:
a p o n -  The access modes and ACLI
R n 

The boot parameters and the effect of changing them.
Configuration concepts, configuration tree,
and the best practice configuration methods
 Configuration versions
o Student performance objectives include:
 Connect to the Net-Net Session Director (Net-Net SD)
 Navigate the Net-Net SD ACLI
 View, save, and activate configurations
 Configure boot parameters
 Reboot the Net-Net SD
 Reset the Net-Net SD to factory defaults
 View configuration elements
 Configure Net-Net SD elements and sub-elements
 Module 3 [pint] – Provisioning Interfaces

o Student learning objectives include being able to explain:
 The types of interfaces
 The default interface behaviors
 Provision physical and network interfaces
 Distinguish between the types of interfaces
Copyright © 2011 Acme Packet, Inc. Net-Net 3000/4000 Configuration Basics • iii
 Edit a configuration element
 Delete a configuration element
 Module 4 [cfga]: – Configuration Administration

 The use of configuration and backup files
 The types of configuration and backup files

 Backup various versions of configurations
 Restore various versions of configurations
 Module 5 [isip]: Introduction to SIP (Session Initiation Protocol)

 The basics of a SIP session
 The Parts of SIP message
 SIP Call Flow
s a
 SIP Servers
 The Role of Net-Net SD in SIP signaling ) h a
i l ฺ com
 Place PC to PC SIP calls
t m a deฺ
 Register a SIP Phone
h o Gui
 Module 6 [sdcs]: Net-Net Session Director overview and
v o @ ent
concepts
o Student learning objectives include being ablera
 Realms e l S tud
c to explain:
 SIP architectures within the p h a this
Net-Net SD
(ra theuNet-Net
 H323 architectures within
 Realm bridgingvo
se SD
 BCP access l c raand peering
e to
 Media
h a eservicesens
a
o Student
r pperformance
l e licobjectives include:
a v r a b aa Realm
o  Configure
Configure
l c r s f eConfigure a Steering
SIP Interface
h a e tran  Configure the Global Pool


a p o n -  Enable the Media Manager

SIP Parameters
R n
 Module 7 [peer1]: SIP configuration in a peering environment
 Best current practice peering models
 Pre-configuration tasks
 Shared configuration tasks
 HMR-specific configuration
 Policy-based realm bridging-specific configuration
 Configure a working peering environment
 Configure a Local Policy
 Configure an HMR
 Configure Access Constraints
iv • Net-Net 3000/4000 Configuration Basics Copyright © 2011 Acme Packet, Inc.

 Module 8 [abbn1]: SIP configuration in an Access-backbone environment
 Determine which SIP access configuration model to use based on site
requirements
 Explain the policy-based realm bridging (PBRB) model
 Determine how to extend upon the PBRB model using header manipulation
rules (HMR)
 Explain the single SIP-NAT homed in a access network (SSNHAN) model
 Explain hosted NAT traversal (HNT)
 Explain media latching
 Explain registration caching
 Configure the PBRB model
 Using IP addressing on your end stations
 Module 9 [abbn2]: SIP configuration in an Access-backbone environment

s a
o Student learning objectives include being able to:
 Determine which SIP access configuration model to use based on site ) h a
requirements
i l ฺ com
t m a deฺ
 Explain the single SIP-NAT homed in an access network (SSNHAN) model
 Explain the SIP-NAT bridge (SNB) model h o Gui

 Explain the single SIP-NAT homed in a trusted network (SSNHTN) model

v o @ ent
 Configure the SSNHTN model
e l cra Stud
p h
 Module 10 [cfha]: Configuring High Availability
a onththeisNet-Net SD
(ra being
o Student learning objectives include
o u s eable to explain:
l c ravOperation
 The Alarming Subsystem
 High Availability e to
 Thea
h e SDeNode
Net-Net
c ns States
o Student
r a pperformance
l e li objectives include**:
r a

r ab a Manual Switchover
vo feInitiate
Configure HA
a e l c ans Recognize and Respond to a System Switchover

p h n - tr module is available at Acme Packet's Bedford, USA and Madrid Spain corporate
Ra no **This
training centers only
 Appendix A [peer2]: SIP configuration in a peering environment

 The SIP-NAT bridging model
 Configure Peering using the SIP-NAT Bridging Model
 Verify SIP Peering configuration
 Appendix B [ittt]: Introduction to H.323

 H.323 components
 Basic call flow for a H.323 session
 Differences between fast a slow start
 Net-Net SD in H.323 signaling
 An H323 B2BGW
 An H323 Gateway
 Configure the Net-Net SD for Operation in a B2BGW Environment
 Configure the Net-Net SD for Operation in a B2BGK/GW Environment
Copyright © 2011 Acme Packet, Inc. Net-Net 3000/4000 Configuration Basics • v

Document Conventions
The following table lists the syntax-related style conventions used throughout this document:
Style Description Usage Example

Arial Lab instructions and descriptive text. Enter Superuser mode and determine what
commands are available in this mode.
Courier New Acme command line interface out-put. The system prompt for User mode is
training>.
Courier New Bold Acme command line interface input. Use the show ? command to determine
which show commands are available in
User mode.
s a
) h a
i l ฺ com
t m a deฺ
Additional Information
h o Gui
v o @ ent
Training Offerings
l a tud
crdates,
a e
You can obtain information on the latest training offerings, course
i s S class locations from the World
and
h
ap se t
Wide Web by pointing your Web browser to: www.acmepacket.com/training.h
( r
Certification Program
r a vo to u
You can obtain information on the e lc Packet
Acme
n e Certification Program from the World Wide Web
sTechnical
by pointing your Web browserh a
p le lic
to: e
www.acmepacket.com/certification.
r a
a vo ferab
About This Publication
r
a e l c is written
This document
a n sand maintained by Acme Packet Training Department. Please email questions and
p h
suggestions for
n - t r
improvement to training@acmepacket.com.
Ra no
Technical Publications
Acme Packet is committed to providing our customers with reliable technical documentation.
The Acme Packet Documentation Set is currently available on CD, via our customer portal or on our support
website.
• One Acme Packet Documentation Set CD and one Acme Packet Hardware Installation guide is
included in the accessory kit that is shipped with each Net-Net system.
• Customers can also access the Acme Packet Documentation Set via the customer portal. To
access technical documentation via the customer portal you must contact your Acme Packet
customer support representative directly or email support@acmepacket.com to obtain a login.
Acme Packet Support

Please contact your Acme Packet customer support representative directly or email
support@acmepacket.com if:
• You need technical product support.
• You have any questions, comments, or suggestions regarding our product documentation.
• You would like to request additional Acme Packet documentation CDs.
• You have trouble accessing the documentation through the Acme Packet secure FTP server.
vi • Net-Net 3000/4000 Configuration Basics Copyright © 2011 Acme Packet, Inc.

initc lab - network map
single Net-Net SD
ble
fe r a
ans
- t r
SD s a n o n
) ha
c o m
wancom0 ail ฺ ฺ
t m i d e
ho t Gu
10.0.3.11
@
r a vo uden
a e lc S t
ph e thi
Hub/Switch s
( r a s
v o o u
e l cra nse t
p h a lice
o ra
c r av
a el
Raph
10.0.3.1 10.0.3.2 10.0.3.3 10.0.3.4 10.0.3.5 10.0.3.6 10.0.3.7 10.0.3.8
student1 student2 student3 student4 student5 student6 student7 student8
Available only at Acme Packet
Bedford, MA Training Center
Copyright Acme Packet, Inc initc.6.j.ld- 0

initc-LG
Initial Configuration
(Single Net-Net SD)
Overview
This lab introduces you to the Acme Command Line Interface (ACLI). The instructions
use a step-by-step approach that guides you through each part of the exercises. There
are also questions for you to answer to re-enforce the knowledge and skills you have
gained from the lecture and the hands-on practices.
The exercises in this lab involve the following tasks. You will perform some tasks and the
s a
instructor will demonstrate other tasks that can only be performed by a person at a time.
• Log into the Net-Net Session Director (Net-Net SD) ) h a
• Explore the ACLI hierarchy
• Use ACLI shortcuts and usability features i l ฺ com
• Verify existing configuration elements t m a deฺ
• Revise the boot parameters h o Gui
o @ ent
• Reset the Net-Net Session Director (Net-Net SD) to factory default
v
• Create a global configuration element
e l cra Stud
p h a this
Table of Exercises: a se
(rSD
Exercise 1: Accessing the Net-Net
a o o u
vwith ACLIt............................................................................ 2
l
Exercise 2: Getting Familiarr
cthe Net-Net
s eSD (Demo) ............................................................... 64
Commands ........................................................
e
ha on lthe n
Exercise 3: Rebooting
Exercise 4: p
a Working i ceBoot Parameters (Demo) .................................................... 7
Exerciseo r Accessing
5: b le the Global Settings ...................................................................... 9
v a
r a Configuration Element (Demo).................................................. 10
ra 6:7:sfeDeleting
Exercise
l c
e Exercise
Exercise n8: Creating thethesystem-config
Resetting Net-Net SD to Factory Defaults (Demo)............................... 11
h a - t r a Element (Demo)........................................ 12
p n
Ra no
Copyright © 2011 Acme Packet, Inc. initc.6.j.m.lg-1

Initial Configuration (Single Net-Net SD)
Exercise 1: Accessing the Net-Net SD
In this exercise, you will telnet into your assigned Net-Net SD and navigate through the ACLI
hierarchy between the User mode, the Superuser mode, and the Configuration mode.
Step 1: Connecting to the Net-Net SD using PuTTY/Tutty
1. Launch PuTTY/Tutty( ), the terminal emulation application provided on the desktop

of your workstation.
2. Open a Telnet connection through the wancom0 port of your Net-Net SD.
Once the Telnet connection to the Net-Net SD is successful, a password prompt should
s a
appear.
) h a
l ฺ com
If you are not sure how to use PuTTY or cannot connect to the Net-Net SD,
i
please ask your instructor for assistance.
t m a deฺ
h o Gui
v o
3. At the password prompt, enter the default User mode password@ acme. e n t
e l cra Stud
Password: acme
training> p h a this
a se
(rSD
v o anduare in the User mode.
o
a
Now you have logged in the Net-Net
r
lc nse t
a e
a p h
Examine the prompt.
l i ce
o r is the prompt
• What b le for the User mode?
v
ra• Whatspart
f a
erof the prompt indicates the target name of this Net-Net SD?
l c
p h ae -tran
Ra non • What part of the prompt indicates that you are currently in User mode?
Step 2: Entering the Superuser Mode
1. At the User mode prompt, issue the command enable.
training> enable
2. At the password prompt, enter packet. This is the default password for the Superuser.
Now you are in the Superuser mode.
password: packet
training#
Examine the Superuser mode prompt.
• What part of the prompt indicates that you are in the Superuser mode?
3. Issue the exit command to return to the User mode.
initc.6.j.lg-2 Copyright © 2011 Acme Packet, Inc.

training# exit
training>
The exit command allows you to return to the previous level in the ACLI hierarchy.
Examine the prompt and ensure that you are back in the User mode.
Step 3: Entering the Configuration Mode (Demo)

1. Enter the Superuser mode if you are back to the User mode.
2. Issue the configure terminal command to enter the Configuration mode.
training# configure terminal

training(configure)#
s a
Alternatively, you can issue an abbreviated form of the command, such as config t, ha
m )
or co t.
o
a ilฺc eฺ
otm Guid
Examine the Configuration mode prompt.
@ ent
• Did you need a password to enter the Configuration mode?
h
v o
e l cra mode
• How do you know that you are in the Configuration
S
d
tunow?
p h a this
3. Return to the Superuser mode.
o (ra use
rav that
Examine the prompt and ensure
l c eyoutoare back in the Superuser mode.
h a e
mode. ice
ns
r a p le l
4. Return to the User
a
Examine
r aband ensure that you are back to the User mode.
vo thefeprompt
r
a e l c ans
p h n - tr your instructor that you have completed this exercise. The scenarios
Tell
Ra no and answers will be discussed in class as a group.
Copyright © 2011 Acme Packet, Inc. initc.6.j.lg-3

Exercise 2: Getting Familiar with ACLI Commands
In this exercise, you will use the context-sensitive help to familiarize yourself with various ACLI
commands, issue some commands in the User or Superuser mode to view the Net-Net SD
information, and view the available commands in the Configuration mode.
Step 1: Displaying the Available ACLI Commands

1. Enter the User mode.
2. Issue the context-sensitive help command ? (question mark) to display a list of available
ACLI commands. Note that ? is not echoed on the screen.
s a
Examine the list of the ACLI commands and the descriptions of the commands.
) h a
3. Issue the other context-sensitive help command <TAB> (the <TAB> key). Note that the
i l ฺ com
<TAB> key is not echoed on the screen either.
t m a deฺ
Examine the list of the ACLI commands. h o Gui
v o @ ent
l c ra Sthelp
• What is the difference between the two context-sensitive
u d commands?
h a ein the listisfor configuration and why?
( r ap se th
• Can you use any of the ACLI commands
• What type of operationsvdo

a othe ACLI
t o u
commands in the User mode allow you to do?
r
lc nhelp se commands in the Superuser mode.
a e
4. Issue the same context-sensitive
e
r a ph le lic
Examine
a v o the listraof bthe ACLI commands.
e l cr • Donyous feget the same ACLI commands in the Superuser mode as in the User mode?
p h a
n - tra
Ra no • What types of operations do the ACLI commands in the Superuser mode allow you
to do?
• Are the ACLI commands available in the User mode also available in the Superuser
mode? Write down a couple of ACLI commands available in both modes.
• Are the outputs of an ACLI command available in both modes the same? You will
find out in the next step.
Step 2: Using the show Command
1. Issue the command show ? to display the available arguments of the show command.
• View the list of the arguments and descriptions. You will use the help for the next
few activities.
• Does the show <TAB> command accomplish the same as show ? ?
2. Based on the help information, issue the appropriate show command to view user logins.

You should get a list of users who are currently logged in.
3. Open another Telnet session. Now you have two Telnet sessions open.
a. Enter the User mode in one session, and Superuser mode in the other.
b. Issue the show command to display the current user logins in both modes.
Examine the outputs in both modes.
• How do you identify the login sessions?
• How do you know which mode (i.e. User or Superuser mode) each user login is in?
4. Issue appropriate show commands to view the following information of your Net-Net SD.
Record the show commands you use and examine the output information.
s a
) h a
com
• System health information, system uptime, and system version information
• Host table
i l
a deฺ ฺ
• Currently enabled features in the Net-Net SD m
• Active processes running on the Net-Net SD h t
o Gui
v o @ ent
• Prom information (Note that if you keep getting command errors, issue
show prom-info ? for help.)
e l cra Stud
As you may have discovered, the show command
p h a isthavailable
is in both User and
( r a e
us
Superuser mode.
a v o t o
• If you issue some c r
l commands s eboth User and Superuser modes, are the outputs
in
the same? ae n
a p h l i ce
o r b le
r v
a approaches
When
e
issuing
f r a
the commands, try the following convenient approaches.
e l c These n s can be used at any level of the ACLI.
a r a
a ph on-t
R n • Do not need to type full command/argument. You can type a partial
command/argument and use the <TAB> key to auto complete the rest.
• Use the shortest or abbreviated form of commands and arguments.
• Use the command history buffer to recall the last show command. Modify that
command to form a new command.
Tell your instructor that you have completed this exercise. The scenarios
and answers will be discussed in class as a group.

Exercise 3: Rebooting the Net-Net SD (Demo)
The instructor will demonstrate how to perform the tasks in this exercise
because the tasks can only be performed by one person at a time.
In this exercise, you will practice rebooting the Net-Net SD. In order to monitor the boot process,
you connect to the Net-Net SD via serial connection, instead of Telnet.
Step 1: Accessing the Superuser Mode
1. Connect to your Net-Net SD via a serial connection.
s a
2. Enter the Superuser mode.
) h a
Step 2: Rebooting the Net-Net SD
i l ฺ com
t m a deฺ
o Gui
1. Issue the following command and answer y to reboot the Net-Net SD.
h
training# reboot
v o @ ent
------------------------------------ ra
e l cSD! Stud
WARNING: you are about to reboot the
------------------------------------
p h a this
Reboot this SD [y/n]?: y (ra e
o u s
l avNet-Net
Watch the boot process.cIfrthe e to boots successfully, the password prompt
SD
should appear. ae
h c e ns
r a p le li
o youracan
Alternatively,
a v b issue the command reboot force to reboot without questions.
e l cr nsfe
h a t r a
If rebooting
- your Net-Net SD in the Telnet session, you lose the Telnet
p
Ra non
connection as soon as you issue the reboot command.
End of demonstration.

Exercise 4: Working on the Boot Parameters (Demo)
In this exercise, you will examine the boot parameters, make changes, observe the results and
restore the original parameter.
Step 1: Examining the Boot Parameters

1. In the Configuration mode, issue the bootparam command to access the boot
parameters. The first boot parameter boot device and its value wancom0 should
appear as below: s a
) h a
com
‘.’ = clear field; ‘-‘= go to previous field; q = quit
i l
a deฺฺ
boot device : wancom0
t m
o Gui
The boot parameters are displayed one at a time. @ ent h
v o
2. Press the <Enter> key after each boot parameter
e l ctoraview allSoftuthem.
d
p h a this
Examine the boot parameters and answer
( r a sfollowing
the e questions:
a
• What is the value ofrthe
o name
vtarget t o u
a e lc nse and what is it for?
• What is p
a the ceboot file and what is it for?
hname oflithe
o r b le
v
a image
rThe f a
efiler name may vary from /tffs0/nnC600p8trn.gz based on the
l c n s
p h ae -OStraversion.
Ra non
Step 2: Modifying the Boot Parameters
1. Access the boot parameters again.
2. Change the value of the target name to a new value, such as acmepacket.
a. Change the value of a boot parameter by simply typing the new value at the end
of the line and press <Enter>, for example:
Target name (tn): training acmepacket <Press the Enter key>
b. View the boot parameters and ensure that the target name has its new value.
• Did the prompt name change to your new target name? Why?
c. Reboot the Net-Net SD.

• If you reboot from a Telnet session, what happens to your Telnet

connection when rebooting the Net-Net SD?
• How should you connect to the Net-Net SD in order to see the boot
process?
• After the Net-Net SD reboots, is the prompt name your new target name?
Why?
3. Change the name of the boot file.
a. Change the file name to a non-existing file, such as /tffs0/nnC600p9trn.gz.
b. Reboot the Net-Net SD.
• Can the Net-Net SD reboot and what information does the Net-Net SD give
s a
you?
) h a
• Can you recover from this error?
i l ฺ com
t m a deฺ
4. Change the boot parameters to their original values.
h o Gui
v o @ ent
cra Stud
a. Fix the boot file name error.
e l
a tvalue:
h
b. Change the target name back to its original
p h is training#
(where #=student#).
o (ra use
c. Reboot the Net-Net v Your Net-Net
raSD. to SD should now reboot successfully.
l c e
nsand it should be training# ( # is your student
e the prompt,
h a
pnumber).le li
• Examine c e
r a
r a vo ferab
a e l c End a n sdemonstration.
of
ph on-t r
R a n

Exercise 5: Accessing the Global Settings
In this exercise, you will access the global settings and examine the existing configurations. The
Net-Net SD group global settings are within a single-instance configuration element called the
system-config. The instructor previously loaded the configuration to the Net-Net SD.
Step 1: Examinging the Running Configuration

1. Display the running configuration using the appropriate show command. Record the
command you used. Use the content-sensitive help if you forget how to do it.
• In what mode can you issue the show command?
• What elements are configured in the running configuration?

s a
) h a
com
• Are all configured elements single-instance elements?
i l
a deฺ ฺ
Step 2: Examinging the system-config Element
t m
o Gui
h
@ entUse the context-
o
1. Display only the system-config element in the running configuration.
v
sensitive help if you are not sure what command to use.
l c ra Stuthed command you used.
Record
a e element.
p e this
h
2. Examine the configuration of the system-config
r a
o ( location
• What are the hostname,vdescription, us parameters for?
a
cr nissassigned t o
e to the system?
a e l
• What mib-system-name
ph le lic e
r
oSNMPa b to iscreate
r a v f e r a
This parameter used in conjunction with the target name by the Net-Net SD
l c s agent the mib-2 sysName variable.
p h ae -tranThe mib2 sysname is formed by combining ….

Ra non <target name>.<mib-system-name> e.g. training.AcmeLab
• What is the default state of snmp-enabled?
• What levels are the system and process logs set to?
• What is the value of default-gateway and what is it used for?
• What is the value of telnet-timeout, and what is it used for?
• What is the value of console-timeout, and what is it used for?
• What is the state of cli-more, and what is it used for?

Exercise 6: Deleting a Configuration Element (Demo)
In this exercise, you will practice deleting a configuration element. You can delete any currently
configured element. This exercise instructs you to delete a single-instance element: the system-
config element.
Step 1: Deleting the system-config Element
1. In the Configuration mode, navigate to the system-config element. The ACLI path is
s a
system>system-config.
) h a
2. Issue the no command to remove the element.
i l ฺ com
Do not need the done command when deleting an element.
t m a deฺ
training(system-config)# no h o Gui
training(system-config)#
v o @ ent
ra Stud
Step 2: Verifying the Element Removal aelc
r a p h
e t his
1. In the Superuser mode, issue the show
o ( configuration
u sindeed removed.
command to examine the
v
ra se t
configuration so as to verify that o
the element is
training# showae
l c
p h c en
configuration
l i
o rathe system-config
•vDoes b le
r a f e r a element still exist in the configurations?
a e l c aIf nyousdid not successfully remove the element, repeat the steps and ensure you
p h n - tr are not missing any of the steps.
Ra no
Configuration changes must be saved and activated for them to take effect. If
the Net-Net SD is rebooted right now, configuration changes will be lost.
Saving and activating configurations will be discussed in the next module.

Exercise 7: Resetting the Net-Net SD to Factory Defaults (Demo)
In this exercise, you will reset the Net-Net SD configurations back to its factory defaults.
Step 1: Resetting the Configuration to the Factory Defaults

1. Delete the entire existing configuration.
training# delete-config
s a
This command removes all the current configurations on the Net-Net SD and restores theha
factory default configurations. m )
o
a ilฺc eฺ
otm Guid
2. Reboot the Net-Net SD for the changes to take effect.
Step 2: Examining the Factory Default Configuration @ h t

v o e n
1. Display the running configuration.
e l cra Stud
p h a this
training# show running-config
o (ra use
rav sdoeyou
• What configuration elements
l c tofind after resetting to the factory defaults?
2. Display the booth
p ae licen
parameters.
o ra ble bootparam
c r av sfera
training(configure)#
h a el tr•aDoes n resetting the Net-Net SD to factory defaults affect the boot parameters?
p -
Ra non

Exercise 8: Creating the system-config Element (Demo)

In this exercise, you will create a single-instance element: the system-config element, and
activate your new configuration on the Net-Net SD. In the exercises of later modules, you will
create multiple-instance elements.
Step 1: Navigating to the system-config Element
1. Enter the Configuration mode. Use the content-sensitive help to see what commands are
available.
s a
2. Navigate to the system-config element. The ACLI path is system>system-config. ) h a
o m
training(configure)# system
a ilฺc eฺ
otm Guid
training(system)# system-config
h
@ ent
Alternatively, you can issue the following command:
v o
training(configure)# system system-config
e l cra Stud
p h a this
• How do you know that you arerinathe system e element or the system-config
o ( u s
rav se to
element?
Step 2: Creating the a

l c
e en Element
system-config
a p h lic
r l e
1. Configure
r a ab
vo thefesystem-config
r with the following parameters:
a e l c ans Parameters
p h - t r Values
Ra non description
hostname Training
“CAB-C_v6_date YYYY-MM-DD”
location Name of the training room
mib-system-contact Student
mib-system-name Acmelab
mib-system-location Burlington,MA
default-gateway 10.0.3.99
telnet-timeout 3600
console-timeout 3600
If you are not sure how to create the element, review the following commands:
training(system-config)# hostname Training

training(system-config)# description “CAB-C_v6_date YYYY-MM-DD”
training(system-config)# location RoomName
training(system-config)# mib-system-contact Student
training(system-config)# mib-system-name Acmelab
training(system-config)# mib-system-location Burlington,MA
training(system-config)# default-gateway 10.0.3.99
training(system-config)# telnet-timeout 3600
training(system-config)# console-timeout 3600

2. Issue the show command to view the system-config element that you just created.
training(system-config)# show
3. Issue the done command to save the configurations after you are done.
If you do not issue done, the configurations will not be saved once you exit the element.
4. Issue the exit command and return to the Superuser mode.
If you did not issue the done command before issuing the exit command, a prompt
Save Changes [y/n]? appears. Enter y to save, n to not save the changes.
Step 3: Verifying the Configuration

1. Verify your configuration.
s a
**training# verify-config
) h a
i l ฺ com
Configuration verification checks referential errors to ensure referential integrity. It is
t m a deฺ
recommended to perform this task before saving and activating your configuration.
h o Gui
o
2. Examine the output of the verify-config command. It should
v @ lookenliket this:
Verifying Configuration:
e l cra Stud
Checking for duplicate ALG Ports...
p h a this
Checking policy-attribute list
( r a references
for
s e
each local-policy...
Checking for loops and invalid
a v oreference
t o uin sip-manipulations
in sip-manipulations...
OK. no loops or invalid
e l cr nsdefault
e gateway (10.0.3.99) is not the
gateway for h a
ERROR: The system-config
e
lic password...
p any lnetwork-interfaces!
Checkingra e
o rab password is in sync with the configuration data
configuration
OK: vconfiguration
a
l r
cConfiguration
Checking s e
fCollection configuration...
a e t r a n is not valid!
p h -
Ra non • Did your configuration encounter any errors? What is the error, and why?
This error will be corrected when you perform exercises in the pint Lab. Your Net-
Net SD can live with the error for now.
Step 4: Saving and Backing up Your Configurations

1. Use the following commands to save, activate and backup your configurations.
The backup procedure will be fully explained in the configuration management module.
training# save-config
training# activate-config
training# backup-config student_initc.gz
It is important that this configuration and others that follow are saved and
backed up as they will be the basis for defining successful completion of
this course.

s a
) h a
i l ฺ com
t m a deฺ
h o Gui
v o @ ent
e l cra Stud
p h a this
o (ra use
l c rav se to
p h ae licen
o ra ble
c r av sfera
h a el tran
p -
Ra non

pint lab - network map
single SD
ble
fe r a
ans
SD a n o n - t r
has
m )
wancom0
l ฺ c o
10.0.3.11 mai e ฺ
t
ho t Gu i d
@
vo uden
r a
Hub/Switch elc S t
a
ph e thi s
( r a s
v o o u
e l cra nse t
p h a lice
o ra
c r av
a el
Raph
10.0.3.1 10.0.3.2 10.0.3.3 10.0.3.4 10.0.3.5 10.0.3.6 10.0.3.7 10.0.3.8
student1 student2 student3 student4 student5 student6 student7 student8
Copyright Acme Packet, Inc pint.6.j.ld- 0

Notes
ble
fe r a
ans
n - t r
no
s a
) ha
c o m
a ฺ
il eฺ
m
ot Guid
h
a v o@ dent
e l cr Stu
p h a this
o (ra use
l c rav se to
h a e en
rap lic
avo
l c r
a e
Raph
Copyright Acme Packet, Inc pint.6.j.ld- 1

pint-LG
Provisioning Interfaces
(Single Net-Net SD)
Overview
The exercises in the pint Lab require that you configure layer 2 and layer3 related
multiple-instance elements phy-interface and network-interface on the Net-Net
SD. The configuration of phy-interfaces defines the characteristics of the internet
facing and core network facing layer2 interfaces. The configuration of network-
interfaces defines the layer3 characteristics of the associated network interfaces.
You will perform the following tasks:

s a
• Provision physical interfaces ) h a
• Provision network interfaces
i l ฺ com
• Back up your configuration
t m a deฺ
• Configure the media network interface for management access
• Configure VLANs h o Gui
v o @ ent
Table of Exercises:
e l cra Stud
Exercise 1: Provisioning Physical Interfaces
h a i s
...................................................................
h
2
( r apfor Management
Exercise 2: Provisioning Network Interfaces t Access ................................. 46
...................................................................
e
o to us
Exercise 3: Configuring Media Interface
Exercise 4: Creating VLANsv............................................................................................
a 9
l c r e
h a e ens
r a p le lic
r a vo ferab
a e l c ans
p h n - tr
Ra no
Copyright © 2011 Acme Packet, Inc. pint.6.j.lg-1

Provisioning Interfaces (Single Net-Net SD)
Exercise 1: Provisioning Physical Interfaces

In this exercise, you will add the configuration of the physical interfaces to the system
configuration that was configured in the initc Lab.
Step 1: Examining the System Configuration

1. Launch PuTTY/Tutty to telnet to the Net-Net SD.
2. Examine the running configuration and verify that the system-config element
exists.
Step 2: Creating a Physical Interface

1. Navigate to the phy-interface element. s a
) h a
com
The ACLI path is system>phy-interface. The phy-interface element is a
multiple-instance element.
i
a deฺl ฺ
t m
o Gui
2. Create the physical interface.
@ enth
v o
cra Stud
a. Use the following data for the slot and port parameters.
e l
ais dependent
Note the numbering in the table below
p h t h is instructor
on the number of the
Net-Net SDs used for your course.
( r a se
Check with your for the proper
numbering.
r a vo to u
a e lc Net-Net
e n se4250 Net-Net 3800 or 4500
a h
p1 lM00Name
li c Slot Port Name Slot Port
o r
Student
b e 0 0 M00 0 0
r v
a Student
Student
f e2 a
r M01M10 1 0 M10 1 0
e l c n s 3 0 1 M01 0 1
h a - r a
t Student 5 M02
Student 4 M11 1 1 M11 1 1
p n
Ra no Student 6 M12
0
1
2
2
S00
S10
0
1
0
0
Student 7 M03 0 3 S01 0 1
Student 8 M13 1 3 S11 1 1
If a single Net-Net SD 3800 or 4500 is used for the lab exercises, student 1-4
will name their physical interfaces Mxy, and student 5-8 will name their
physical interfaces Sxy (x is the slot number, and y is the port number). This
is because only 4 physical ports are present on each of these platforms.
b. Use the following data for the name and operation-type parameters. In the
value of the name parameter, x is the slot number, and y is the port number.
Parameter Value
name Mxy (or Sxy)
operation-type media
If you are not sure how to create the physical interface, review the following example:
pint.6.j.lg-2 Copyright © 2011 Acme Packet, Inc.

training(configure)# system phy-interface

training(phy-interface)# name M00
training(phy-interface)# slot 0
training(phy-interface)# port 0
training(phy-interface)# operation-type media
training(phy-interface)# done
Step 3: Viewing the Physical Interface

You can view the configuration elements in different mode: user mode, superuser mode, or
configuration mode. You can view an element individually, or view the element in the entire
configuration.
1. View the phy-interface element that you just created in the configuration mode.
If you are not sure how to perform the task, review the following commands.
s a
) h a
com
training(phy-interface)# select
<name>:
1: M00 i
a deฺl ฺ
2: M10 t m
o Gui
… …
@ enth
v o
selection: 1
e l cra Stud
training(phy-interface)# show
p h a this
Because the phy-interface element
o (ra isuasmultiple-instance
e element, the select
command outputs a list of v o
have configured twolc ra se t instances, two instances of the element
the instances of the element in the configuration. Since you
be in the list.hae
phy-interface should
e n
r a p le lic
r
To
a vselect f e ab forin the
o anrinstance list, type its sequence number at the selection prompt
e l c the list.
and
n s
press <Enter>, example, 1 for the phy-interface element named M00 in
h a - t r asequence number.
If you do not wish to view any of the instance, press <Enter> without typing
p
Ra non
any
The show command displays the configuration of the instance of the phy-
interface element you selected, for example the phy-interface element named
M00. If none of the instances are selected, the show command outputs a message: no
object selected.
When your configuration gets large and contains many multiple-instance elements, it
is helpful to use the select and show commands to examine what instances of an
element are in the configuration before editing an existing one. It helps you to avoid
editing a wrong instance.
2. Alternatively, you can issue the show configuration command to view the
phy-interface elements in the user or superuser mode.
training# show configuration phy-interface

Exercise 2: Provisioning Network Interfaces

In this exercise, you will create a network interface for the physical interface that you created in
Exercise 1:1.
Step 1: Creating the Network Interface

1. Access the network-interface element.
The ACLI path is system > network-interface.
2. Create the first network interface with the following data:
Parameter Value
(# is your student number)
(x is the slot number, y is the port number)
s a
name Mxy (or Sxy)
) h a
com
sub-port-id 0
ip-address
netmask
192.168.0.1#
255.255.255.0 i l
a deฺ ฺ
gateway 172.16.0.10# t m
o Gui
@ h t
Do not forget to issue done to commit the changes to the
v o e n
editing configuration.
e l cra review
S tudhow you created a
If you are not sure how to create the network
physical interface in Exercise 1:. Thep h a isththeissame.
interface,
(ra use
procedure
o
You may have noticed thatvthe gateway o isstep.
tnext
l c ravalue insthe
e
incorrect for the 192.168.0.0 network.
ae licen
You will fix the gateway
Step 2: Editingra p h
o l
the Network
b e Interface Configuration
c
Thisr av is tospractice
step f e ra how to edit an existing multiple-instance element by fixing the
h a elreferential
t r anerror occurred in the previous step.
p -
Ra non1. Examine the value of the gateway parameter of network-interface.
It is an incorrect value for the 192.168.0.0 network.
2. Edit the value of the gateway parameter.
a. Select and view the network-interface element that you created in the
previous step.
b. Change the gateway parameter to 192.168.0.100.
Do not forget to issue done to commit the changes.

If you are not sure how to select, view, and edit the parameter, review the
following commands (# is your student number).
training(network-interface)# select
<name>:<sub-port-id>:
1: M00:0 ip=192.168.0.11 gw=172.16.0.101
2: M10:0 ip=192.168.0.12 gw=172.16.0.102

… …
selection: 1
training(network-interface)# show
training(network-interface)# gateway 192.168.0.100
training(network-interface)# done
s a
) h a
i l ฺ com
t m a deฺ
h o Gui
v o @ ent
e l cra Stud
p h a this
o (ra use
l c rav se to
p h ae licen
o ra ble
c r av sfera
h a el tran
p -
Ra non

Exercise 3: Configuring Media Interface for Management Access
When configuring a media interface for management access, you must configure two parts: the
address for the management access and the HIP address list.
In this exercise, you will configure an address and HIP address list in your network interface to
allow ping and telnet to the Net-Net SD via the media network interface.
Step 1: Configuring the Address

In this step, you will configure an address for ping using the following data:
1. Access and view the network interface that you created in the previous exercise.
s a
2. Add an ICMP entry to your network interface using the following data.
) h a
Parameter Value
l ฺ c om
(# is your student number) i
a deฺ
icmp-address 192.168.0.1# t m
o Gui
@ h t
If you are not sure how to add the ICMP entry, reviewvthe o e
following n
command.
e l cra 192.168.0.1#
S tud
training(network-interface)# add-icmp-ip
p h a this
3. Add a Telnet entry to the network a susing
(rinterface e the following data.
o u
l
Parameterc rav se to Value
a e e n
ph le lic 192.168.0.2#
r a
telnet-address
b
r a vo notrasure
If you arefe
l c s how to add the Telnet entry, review the following command.
h r an
ae -ttraining(network-interface)#
a p o n add-telnet-ip 192.168.0.2#
R n 4. View the configuration.
The value of the icmp-address parameter should be 192.168.0.1#.

The value of the telnet-address parameter should be 192.168.0.2#.
• What function is available when the icmp-address parameter is configured?
• What function is available when the telnet-address parameter is configured?
Step 2: Configuring the HIP Address List

1. Add the ICMP address that you previously created to the HIP address list. You can
only add one IP address each time to the list.
training(network-interface)# add-hip-ip 192.168.0.1#
2. Add the Telnet address to the HIP address list.
training(network-interface)# add-hip-ip 192.168.0.2#

3. Commit your changes by issuing done.
Examine the icmp-address, telnet-address, and hip-ip-list parameters in

the network-interface configuration. They should look like this
(# is your student number):
hip-ip-list 192.168.0.1#
192.168.0.2#
ftp-address
icmp-address 192.168.0.1#
snmp-address
telnet-address 192.168.0.2#
• Why must you add the ICMP and Telnet addresses to the HIP address list?
s a
4. Verify all changes.
) h a
l ฺ c om
Tell your instructor that you have completed this step. Continue a i
to the next ฺ
o Guide
t m
step after the instructor has saved and activated the configuration.
h
v o @ ent
Step 3: Testing the Connectivity
e l cra Stud
p h a this access to the Net-Net SD via
(rabetween
In this step, you will test whether you can make a management
the media network interface. You will ping
o u s e Net-Net SD and your student
your
workstation.
l c rav se to
h
1. Ping the Net-Net
p aeSD from
l i c n student workstation.
eyour
o a ble
r192.168.0.1#
av sfera
ping
c r
h a el tExamine
r a n the outputs. Your ping should be successful. If not, check your configuration.
p -
Ra non2. Ping the management address of your student workstation from your Net-Net SD
using ACLI. You can also issue ping in the User mode or the superuser mode.
training# ping 10.0.3.#
Examine the outputs. Your ping should be successful. If not, check your configuration.
3. Launch PuTTY/Tutty on your student workstation and telnet to your Net-Net SD using
the Telnet address 192.168.0.2#.
Once you are connected successfully, the password prompt should appear to allow
you to access your Net-Net SD. If you cannot Telnet, check your configuration.
Step 4: Viewing the Detailed Network Interface Information

1. Display the detailed network interface information.
training# show interfaces

2. Examine the entries in the output. You should see that the network interfaces
displayed include:
• The network interfaces that you configured

• The network interfaces that you did not configure.
• The information of each network interface such as
• IP address
• MAC address that the network interface is bound to
• Transmitted and received packets
• Vlan usage
• What are the network interfaces that you configured and what are not?
• Is any VLAN bound to any of the physical interfaces?
s a
Step 5: Removing the ICMP and HIP Entries
) h a
i l ฺ com
Typically, you configure media interface for management access only for testing and
t m a deฺ
troubleshooting. You do not leave such configuration in any Net-Net SD in production.
1. Access the network-interface element that you created.ho

G ui
v o @ ent
e l cra Stud
2. Remove the icmp address and empty the HIP address list.
training(network-interface)# h
p a this 192.168.0.1#
remove-icmp-ip
training(network-interface)#
o (ra remove-telnet-ip
u s e 192.168.0.2#
rav se toremove-hip-ip 192.168.0.2#

training(network-interface)# remove-hip-ip 192.168.0.1#
l c
3. Commit yourp h ae icissuing

changes lby en done.
o ra ble
r v yourfeinstructor
aTell ra that you have completed this step. Continue to the next
e l c n
step s
after the instructor has saved and activated the configuration.
a r a
a ph on4.-tPing the Net-Net SD again.
R n
• Is your ping successful now, and why?
5. Examine the running configuration.
The icmp-address, telnet-address, and hip-ip-list parameters should

contain no values now.
• Why should you remove the IP addresses configured in the icmp-address,

telnet-address, and hip-ip-list parameters?
Tell your instructor that you have completed this exercise. Continue to the
next exercise after the instructor has saved and activated the configuration.

Exercise 4: Creating VLANs

As discussed in class, you can create VLANs, and associate them with a physical interface. In
this exercise, you will create a VLAN by adding a network interface, and associate it with the
physical interface M00.
Step 1: Creating a Network Interface Bound to Physical Interface M00
1. Configure the network interface using the following data.
Parameter Value
name M00
sub-port-id #
ip-address 192.168.0.11#
s a
netmask 255.255.255.0
) h a
gateway 192.168.0.100
l ฺ c om
Do not forget to issue done to commit the changes. i
a deฺ
t m
o Gui
h
@ ent
2. View the list of network interfaces by using the select command.
v o
training(network-interface)# selectcra tud
<name>:<sub-port-id>: e l
a this S
ip=192.168.0.11phgw=192.168.0.100
(ra ugw=192.168.0.100
1: M00:0
2: M00:1
o
ip=192.168.0.111 s e
… … …
l c rav se to
selection: ae en
p h l i c
ra ble
o
c r aIfvyou dosfnot
e a to view any of the interfaces, just press <Enter> at the selection
rwish
h a el tprompt.
r a n Otherwise, type a sequence number in the list to select the interface to view
a p o n - issue the show command to view the network interface configuration.
and
R n Tell your instructor that you have completed this step. Continue to the next
step after the instructor has saved and activated the configuration.
Step 2: Verifying the VLANs

1. View the interfaces configured on your Net-Net SD.
training# show interfaces
2. Examine the entry M00(media slot 0,port 0)in the output.
An example of the output of the show interfaces command is as follows:
M00 (media slot 0, port 0)

Flags: UP BROADCAST MULTICAST ARP RUNNING
Type: ETHERNET_CSMACD
Admin State: enabled
Auto Negotiation: enabled
Duplex Mode: full

Force Speed Selection: 100 Mbps

Internet address: 192.168.0.111 Vlan: 1
Broadcast Address: 192.168.0.255
Netmask: 0xffffff00
Gateway: 192.168.0.100
Internet address: 192.168.0.11 Vlan: 0
Broadcast Address: 192.168.0.255

Netmask: 0xffffff00
Gateway: 192.168.0.100
Ethernet address is 00:08:25:02:4c:a4
In this example, there are two network interfaces bound to the physical interface M00.
The two network interfaces are specified as Vlan 0 and Vlan 1. If both Vlan 0 and
Vlan 1 are listed in the output, the VLAN is created successfully. If Vlan 1 is not
listed in the output, the VLAN is not created successfully.
s a
Step 3: Deleting the VLAN
) h a
l ฺ com
Because none of the later exercises will use the VLAN, you remove th network interfaces for
i
the VLAN to clean up the configuration.
t m a deฺ
h o interface
G uiM00 for
v o @ ent
1. Delete the network interface that you created to bind to the physical
the VLAN.
l c ra Stud
training(network-interface)# noa e
<name>:<sub-port-id>:
r a ph e this
1: M00:0
o
ip=192.168.0.1#( u s
gw=192.168.0.100
a v t o
cr nse gw=192.168.0.100
2: M00:1 ip=192.168.0.111 gw=192.168.0.100
3: M00:2
e l
ip=192.168.0.112
4: M00:3 haip=192.168.0.113
… … … ap l i ce gw=192.168.0.100
o r b le
v
raselection:2
f er a
l c s
p h ae -trantraining(network-interface)#
Ra non2. View the list of network interfaces in the configuration.

training(network-interface)# select
All network interfaces created for the VLAN should no longer exist in the list.
Step 4: Cleaning up the Configuration

In this step, you will remove the network interfaces, and some of you will remove the physical
interfaces as well. Some of you will create new network interfaces. At the end of this step,
there will be only two network interfaces: M00:0 and M10:0.
Follow the instructions carefully about what you have to do.
1. All students: Delete the network interface that you created in Exercise 2:.
2. Student 3 – 8: Delete the physical interface that you created in Exercise 1:.
Student 1 – 2: Do NOT delete your physical interfaces because physical interfaces

M00 and M10 will still be needed.

3. The following tasks are for Student 1 and Student 2.
Student 1: Configure a network interface bound to physical interface M00 using

the following data.
Parameter Value
name M00
sub-port-id 0
ip-address 192.168.0.10
netmask 255.255.255.0
gateway 192.168.0.100
Do not forget to issue done to commit the configuration.

s a
Student 2: Configure a network interface bound to physical interface M10 using ha
m )
the following data.
o
a ilฺc eฺ
Parameter Value
(# is your student number) ot
m uid
@ h t G
name M10
0 o
av tude n
172.16.0.10 lcr
sub-port-id
ip-address
h a e is S
ap se th
netmask 255.255.255.0
gateway
( r
172.16.0.100
o to commit u
r a vdone t o
l c
Do not forget to issue
s e the configuration.
Tell your p h ae that

instructor l i c n have completed this step. The instructor will
eyou
o ra activate
save and
b letheas configuration. The scenarios and answers will be
v
ra sfer
discussed a
in class a group.
l c
p h ae -tran
Ra non

s a
) h a
i l ฺ com
t m a deฺ
h o Gui
v o @ ent
e l cra Stud
p h a this
o (ra use
l c rav se to
p h ae licen
o ra ble
c r av sfera
h a el tran
p -
Ra non

cfga lab - network diagram
with a single SD
wancom0
SD
ble
10.0.3.11 1 fe r a
ans
n - t r
no
s a
Hub/Switch ) ha
c o m
a ฺ
il eฺ
m
ot Guid
h
a v o@ dent
e l cr Stu
p h a this
o (ra use
l c rav se to
h a e en
rap lic
avo
10.0.3.1 l c r 10.0.3.3
hae
student1
ap
student3 10.0.3.5
student5
10.0.3.6
student6
R
10.0.3.2
student2 10.0.3.4
student4
Copyright Acme Packet, Inc cfga.6.j.ld- 0

cfga-LG
Configuration Administration
(Single Net-Net SD)
Overview
On a running Net-Net SD, three versions of configuration can exist at any time. When
making backups, you can backup any of the configurations.
Maintaining configuration backups is part of best practice operation to prepare for

disaster recovery, upgrading systems, or just returning a system to a known state of
operation. You should always create a current backup of your latest configuration file
s a
and store it on and off your Net-Net Session Director (Net-Net SD).
) h a
com
Acme Packet’s Net-Net Configuration Basics courses are delivered at both our
i l
headquarters and remote sites. Remote site course delivery normally uses a single Net-
a deฺ ฺ
t m
Net SD, restricting the way student groups configure items, such as boot parameters and
o Gui
h
single-instance elements. Courses at our Headquarters in Burlington and Madrid
@ ent
o
implement multiple Session Directors, which allows greater student participation during
v
cra Stud
lab exercises.
e l
a ttasks:
By completing this lab you will perform theh
a p following
• Backup and restore the editingrconfiguration e his
o
• Backup and restore the saved
( configuration
us
r a v
• Store configuration backups t o
l c s e
off the Net-Net SD, for disaster recovery procedures.
p h ae licen
Table of Exercises:
o ra Working
Exercise 1:
b lewith Configuration Backups ............................................................ 2
v
ra sfer a
l c
p h ae -tran
Ra non
Copyright © 2011 Acme Packet, Inc. cfga.6.j.lg-1

Configuration Administration (Single Net-Net SD)
Exercise 1: Working with Configuration Backups
In this exercise, you will back up your various versions of the configuration. You will then store
them externally and remove them from the Net-Net SD file system. Finally, you will transfer the
backed-up configurations back to the Net-Net SD from the external device, and then restore
them.
Step 1: Backing Up Various Versions of Configurations

1. Back up the editing configuration.
a. Configure a network interface as VLAN and associate it with the physical

interface M00, as you did in Exercise 4 of the pint module.
s a
Parameter Value
) h a
com
name M00
i l
a deฺฺ
sub-port-id #
t
o Guim
ip-address
netmask
192.168.0.9#
255.255.255.0 h
@ ent
v o
cra Stud
gateway 192.168.0.100
e l
athe change
b. Issue the done command to commit
p h t h isorto activate
the volatile memory. Now
( r a se
you have the editing configuration. Do not save the configuration.
a t o u Name your backup file

vo configuration.
r
lc ns(where
c. Back up the current editing
e # is your student number).
a e
student#_editing.gz
e
r a ph le lthe
• Write down
ic command you used to back up the editing configuration.
r a vo ferab
a e l c anIfwillsyoubedoautomatically
not specify the file extension .gz in the file name, the extension .gz
p h n - t r added to the file name.
Ra no 2. Back up the saved configuration. Name your backup file student#_saved.gz (where #
is your student number).
• Write down the command you used to back up the saved configuration.
Step 2: Viewing the Backup Configuration Files

1. View the backup configuration files on the Net-Net SD.
training# display-backups
Alternatively, you can issue the following command to display the backup files in
alphabetic order.
training# display-backups sort-by-name
cfga.6.j.lg-2 Copyright © 2011 Acme Packet, Inc.

2. Examine the list of backup files.
• Are the files that you have backed up displayed?
If you have completed all previous exercises successfully, you should have the
following backup files:
• student#_initc from the initc Lab, Exercise 8.

• student#_editing.gz from Step 1 in this exercise.
• student#_saved.gz from Step 1 in this exercise.
• What directory are the backup files stored in the Net-Net SD file system?
Step 3: Storing the Configuration Backups to Another Device a

You will transfer the configuration backup files out of the Net-Net SD and store them to an ) h
as
external device, such as the student workstation you are using in the classroom.
i l ฺ com
t m a workstation
d e ฺ
1. Transfer the configuration backup files out of the Net-Net SD to the student
using the FTP client FileZilla. ho t Gu i
@
voyour studente nworkstation to
a. Click the FileZilla icon ( ) on the desktop
lc r aof
tu d
start it.
a e s S
r a ph where
directorye t hithe
b. Navigate to the /code/bkups
o (SD. A listuofsbackup files backup files are stored in the
file system on the Net-Net
r a v have backed
t o should appear in the
a e lc nse
directory. The files you up should be in the list.
c. Copyp
a l ce backup files from the Net-Net SD to the
allhof your configuration
i
o r
bootcode
b le on the desktop of your student workstation.
folder
v
ra sfer a
l c n username and password for accessing the Net-Net SD via FTP are the
p h ae -traThe
non Ask your instructor for help if you are unsure how to user FileZilla.
Net-Net SD’s default User Mode username user and password acme.
Ra
Alternatively, you open a DOS window on your student workstation and use the FTP
commands to transfer the files.
2. Once the file transfer is complete, navigate to the bootcode folder on the desktop of
your student workstation. Ensure the backup files are stored in the folder now.
Step 4: Deleting the Configuration Backups

1. Delete your configuration backup files student#_editing.gz and
student#_saved.gz from the Net-Net SD. Delete your own backup files only!
training# delete-backup-config <filename>
• How do you verify that you have deleted all your backup files?

Step 5: Restoring the Configuration Backups

Although you can restore any of the configuration files you backed up, this step instructs you
to restore two files: student#_saved.gz and student#_editing.gz (where # is your
student number) and the last running configuration.
1. Use the FTP client, FileZilla, to transfer the student#_saved.gz and

student#_editing.gz files back to the Net-Net SD. Ensure that they are transferred
to the correct location.
• What directory should you transfer the files to on the Net-Net SD?
• What command do you use to verify that these two files are transferred to the
correct directory on the Net-Net SD?
s a
) h a
Ask your instructor for help if you are unsure how to user FileZilla. i l ฺ com
t m a deฺ
h o Gui
2. Restore the saved configuration student#_saved.gz.vo
@ ent
l c ra Stud
e
a student#_saved.gz
h his
training# restore-backup-config
r a p e t
( to?us
• Where is the configuration restored
o
v
ra se to
l c
• What doeshthe
p aeNet-Net
l i c eSDnprompt you to do after the restore is complete?
o ra ble
c r avThesrestore-backup-config
f e ra
a e l n command restores the configuration to the
aequivalent to the state after the done command
p h - t r volatile memory. The restored configuration is now the editing configuration,
Ra non reboots now, the restored configuration will be lost. This is why you must save and
is issued. If the Net-Net SD
activate the restored configuration for the restored configuration to take effect.
• What command do you use to check if you have restored the correct configuration?
3. Restore the editing configuration student#_editing.gz.
View the restored configuration and ensure that you have restored the correct
configuration successfully.
4. Restore the last running configuration.
a. Delete the M00:# (where # is your student number) network interface element
from the configuration on the Net-Net SD and save it. Do not activate.
• List the series of commands the you used to delete the configuration
element.

b. Verify that the element you removed is no longer in the editing configuration.
Write down the command.
c. Restore the last running configuration.

• Write down the command that you used to restore the last running
configuration.
d. View the restored configuration.
s a
) h a
i l ฺ com
t m a deฺ
h o Gui
v o @ ent
e l cra Stud
p h a this
o (ra use
l c rav se to
p h ae licen
o ra ble
c r av sfera
h a el tran
p -
Ra non

s a
) h a
i l ฺ com
t m a deฺ
h o Gui
v o @ ent
e l cra Stud
p h a this
o (ra use
l c rav se to
p h ae licen
o ra ble
c r av sfera
h a el tran
p -
Ra non

isip lab exercise 1
network map
ble
fe r a
ans
n - t r
n o
Hub/Switch
s a
) ha
c o m
a ฺ
il eฺ
m
ot Guid
h
a v o@ dent
e l cr Stu
p h a this
o (ra use
l c rav se to
h a e en
rap lic
192.168.0.101 o 192.168.0.103 192.168.0.105 192.168.0.107
student1
l crav student3 student5 student7
ha e
p
Ra 192.168.0.102 192.168.0.104 192.168.0.106 192.168.0.108
student2 student4 student6 student8

Copyright Acme Packet, Inc isip.6.j.ld - 0

isip lab exercise 2 and 3
network map
192.168.0.100
ble
Asterisk Server
fe r a
ans
n - t r
n o
s a
Hub/Switch ) ha
c o m
a ฺ
il eฺ
m
ot Guid
h
a v o@ dent
e l cr Stu
p h a this
o (ra use
l c rav se to
h a e en
rap lic
avo
192.168.0.101
l c r 192.168.0.103 192.168.0.105 192.168.0.107
student1 ae student3 student5 student7
a ph
R
192.168.0.102 192.168.0.104 192.168.0.106 192.168.0.108
student2 student4 student6 student8
Copyright Acme Packet, Inc isip.6.j.ld - 1

isip-LG
Introduction to Session Initiation Protocol
Overview
The Session Initiation Protocol (SIP) is an application-layer control (signaling) protocol for
creating, modifying, and terminating sessions with one or more participants. The Net-Net
Session Director (Net-Net SD) supports SIP signaling for the creation, management and
termination of multimedia sessions. It is important to understand SIP operation prior to
configuring your Net-Net SD.
There are three exercises in the isip Lab. They will provide you with hands-on
experience with SIP operations and SIP servers. You will make calls without going
through the Net-Net SD, examine call flows and SIP messages. You will examine SIP
s a
registration operation. You will also make calls that go through a Back-to-Back User
Agent (B2BUA), and examine SIP operations. An IP PBX, Asterisk ) h a
i l ฺ com
(http://www.asterisk.org), will be used in the exercises. Asterisk will run on the instructor’s
t m a deฺ
workstation, and will act as a SIP registrar for you to examine the SIP registration
that go through the B2BUA. h o Gui

operations, and as Back-to-Back User Agent (B2BUA) for you to examine the call flows
v o @ ent
Table of Exercises:
e l cra Stud
Exercise 1: Examining SIP Messages ............................................................................. 2
h a th i s
apB2BUAse.............................................................
Exercise 2: Examining SIP Registration ........................................................................ 13
o ( r
Exercise 3: Examining Call Flows with
u
16
l c rav se to
p h ae licen
o ra ble
c r av sfera
h a el tran
p -
Ra non
Copyright © 2011 Acme Packet, Inc. pint.6.j.m.lg-1

Exercise 1: Examining SIP Messages

In this exercise, you will place several point-to-point SIP calls without going through the Net-Net
SD in this exercise. After each call placed, the intent of this exercise is to delve into the details of
SIP operation.
Before you start the exercise, use the table below to find out your assigned IP address of the
endpoint (the address of your IP phone) in this exercise, depending on your student number.
Refer to your lab diagram for details of the IP addresses in use.
Student PC # Endpoint IP Address

Student 1 192.168.0.101
Student 2 192.168.0.102
Student 3 192.168.0.103
Student 4 192.168.0.104
s a
Student 5 192.168.0.105
) h a
com
Student 6 192.168.0.106
Student 7
Student 8
192.168.0.107
192.168.0.108 i l
a deฺ ฺ
t
o G m uiin
Follow the exercise instructions, and please do not make h
@ ent random calls
v o
cra Stud
this exercise.
e l
a this
p h
(ra use
Step 1: Setting up the IP Phone
o
l c r IPvPhone,
In this step, you configure your a
e
antoSJphone application, to handle point-to-point
SIP calls.
h a e ens
r
1. Start the aSJphone e lic by clicking the icon (
p lapplication ) on your student
o
av sfera
workstation. Theb SJphone GUI should appear.
c r
h a el tran
p 2.- Click the
non appear. Your student name Student # (where # is your student number) should
icon in the center of the SJphone GUI. The Options window will
Ra
appear in the Name field.
3. Click the Profiles tab. A list of profiles will appear.
4. Select the isip profile from the profile list and click the Use… button. The Status of
the profile should be in use.
5. Click the OK button to close the Options window.

Now the SJphone is configured to use the isip profile.
Ask your instructor for help if you are unsure of how to complete this
step.
Step 2: Setting up the Packet Capture Application

In this step, you set up a packet capture application, Wireshark, to capture packets
between two IP endpoints when making calls. Therefore, you can examine the SIP
messages transmitted between the two IP endpoints. Wireshark is a free and open-
isip.6.j.lg-2 Copyright © 2011 Acme Packet, Inc.

source packet capturing and analyzing application. It is used for packet capture, network
analysis, and trouble shooting.
1. Start Wireshark by clicking the icon ( ) on the desktop of your student

workstation.
2. Set the filter for Wireshark to display only the SIP and RTP messages.
a. Enter sip||rtp in the Filter field in the Wireshark GUI as below:
b. Click the Apply button to apply the filter setting.

The Filter field turns green if the filter setting is correct. The Filter field
turns red if the filter setting is incorrect.
s a
3. Start packet capturing by doing the following: ) h a
i l ฺ com
a. Click Capture on the menu bar.
t m a deฺ
b. Select Interfaces in the Capture menu. h o Gui
v o @ ent
c. Click the Start button corresponding to ryour
l a assigned
c window. tudIP address of your
SJphone in the Capture Interfaces e
a this S
p h
Now Wireshark is capturing
o (rathe packets
u s e transmitted in and out of your
c
the packetslon
av assigned
SJphone at the assigned
ryour e omedia interface.
IP taddress. In another word, Wireshark is capturing
h a e ens
r a
Leave the pWireshark
l e licit is for now, and move on to the next step.
as
r a vo Ask f e r abinstructor for help if you are unsure of how to complete this
a e l c ansstep. your
p h n - tr
Ra no
Step 3: Making a Complete SIP Call
In this step, you will make a complete point-to-point SIP call using the SJphone to your
partner assigned as follows: Student 1 and student 2, student 3 and student 4, student 5 and
student 6, and student 7 and student 8, and so on.
1. To make a call, enter the IP address of your partner’s SJphone, and click the
button.
Observe the messages displayed in the Wireshark GUI while the call is going on.
Once the call starts, Wireshark captures, parses, and filters the packets according to
the filter criteria specified in the Filter field. It displays the captured packets as SIP
messages in the Wireshark GUI.
Wait until your partner answers the call before hanging up. This is to assure that the
SIP messages of a complete successful call will be captured.
Copyright © 2011 Acme Packet, Inc. isip.6.j.lg-3

2. To end the call, click the button on your SJphone.
Step 4: Saving the Captures

Once you have completed the call successfully, stop capturing and save the capture.
1. To stop the live capture, click the icon.
2. To save your capture, click the Save as item in the File menu. Save the capture as
student#_regular_call (where # is your student number) on the desktop of your
student workstation.
Saving captures at the completion of each call is for comparison purposes moving
forward. s a
) h a
i l ฺ com
Repeat Step 2: through Step 4: if you need to place and capture a call
again. Please save each call as a separate capture.
t m a deฺ
h o Gui
Step 5: Viewing the Ladder Diagram of the Call
v o @ ent
e l cra GUI.
1. Click Statistics on the menu bar in the Wireshark S tud
p h a this
o ( a shown
2. Select the VoIP Calls from therStatistics
VoIP callsu s e menu. The VoIP Call window
rav se to
appears with a list of captured as below.
l c
p h ae licen
o ra ble
c r av sfera
h a el tran
p -
Ra non Examine the following information shown in the VoIP Call window:
• The duration of the call

• The addresses of the call originator (the calling party) and the called party
• The protocol used and the number of packets exchanged during the call
• The call state
3. Select the line representing the call you made in Step 3: from the list in
the VoIP Call Window.
4. Click the Graph button. The Graph Analysis GUI with a ladder diagram of your call
should appear as below:

Examine the ladder diagram.
• What protocols are indicated in the ladder diagram and what are they for? s a
) h a
• What messages are there for the signaling protocol?
i l ฺ com
• What SIP messages are SIP request messages and what are SIP t m a
responsede
ฺ
messages? ho t Gu i
@ en
voTheucorresponding
5. Click on each message displayed in the ladder diagram.
l r a
cthe detailst d message
in the Wireshark GUI should be highlighted,e
a and
i s Sthe details of these
of the message should
appear in the bottom of the Wireshark GUI. h
ap se t h
You will view
messages next. ( r u
r a voof the tCall
o
Step 6: Viewing SIP Messages
a e lc nse
p
In this step, youawill hview details
l i cofevarious SIP messages. To view SIP messages easily, you
r the SIPbmessages
can displayoonly le
a v
in therFilter r a captured in the Wireshark GUI by setting the filter to sip
e l c nsfe field.
p h a 1.-tView
n ra the INVITE message.
Ra no a. Select the INVITE message in your ladder diagram, the corresponding
INVITE message in the Wireshark GUI should be highlighted. The details of
the message should appear in the bottom panel of the Wireshark GUI.
Alternatively, you can select the INVITE message directly from the list of
messages displayed in the top panel of the Wireshark GUI.

b. Examine the Request-line of the INVITE message.
• Identify the method, the request-URI, and the SIP version specified in the
Request-line.
• What is the IP address of the called party?

c. Examine the Message Header of the INVITE message.
Expand Session Initiation Protocol, and then expand Message

Header for the INVITE message in the Wireshark GUI.
s a
) h a
i l ฺ com
t m a deฺ
h o Gui
v o @ ent
e l cra Stud
p h a this
o (ra use
c rav andsethe tparameters
Examine the values
l
o of the following fields in the INVITE
messagee n
h a li
p Content-Lengthc e
header: From, To, Via, Contact, Call-ID, Cseq, Max-Forward,
r a
and
l e fields.
r a vo f•eWhat
r abdoes the address in the From field indicate?
a e l c ans
p h n - tr • There is a tag parameter in the From field. What is the tag for? Who
R a n o added this tag, the calling party or the called party?
• What does the address in the To field indicate? Note that there is no tag
parameter in the To field at this point.
• Is the value of the request-URI the same as the value in the To field or
the same as the value in the From field?
• What does the address in the Via field indicate? What does the branch
parameter in the Via field specify?
• What does the address in the Contact field indicate?
• What does the Cseq field indicate? What values are contained in this field?
• What does the Max-Forward field indicate?
• The Content-Length field indicates the content length of the Message

Body. Does this INVITE message have a Message Body?

d. Examine the Message Body of the INVITE message.
Expand Message Body. Examine Media Description in Session

Description Protocol.
s a
) h a
i l ฺ com
t m a deฺ
h o Gui
v o @ ent
e l cra Stud
• What codecs are offered by p h a party?
the callingth is
r a
( Description
s e
Take a look at the Media
v o o u line. Expand it to see more
details.
l c ra se t
h
• Can
p ayoue tellliifcany
enspecific codec will be used during the call at this point?
o ra• Whatbarelethe media type and media protocol?
c r av sfera
h a el tran • At what IP address and port does the calling party expect to receive media?
p -
non
Take a look at the Connection Information line, and the Media
Ra Description line. Expand them to see more details.
2. View the following messages with the same procedure as when viewing the INVITE
message:
• The 100 Trying message
• Should the values of the Via, To, From, CALL-ID, and CSeq header fields
the same as the values of these header fields in the INVITE message?
• In the To field, there is a tag parameter now. Who added the tag, the
calling party or the called party? What does the tag parameter indicate?
• What header field indicates that the message does not contain a Message
Body?
• What does the endpoint of the calling party do if it does not receive a 100
Trying message?

• The 180 Ringing message
• What happens at the endpoint of the calling party when it receives a 180
Ringing message?
• The 200 OK message

s a
) h a
i l ฺ com
t m a deฺ
h o Gui
v o @ ent
e l cra Stud
• Are the INVITE and the first 200
What information do youause p htoafigure t h iifsthey are
OK messages in the same transaction?
( r s e out in the same

transaction?
r a vo to u
• There e arelctwo 200ns OKemessages in the call, how do you know which 200
a
pOKhmessage e
liiscin response to which request message?
r a l e
b IP address and port does the called party expect to receive media?
r a vo f•eAtrawhat
a e l c ans Take a look at the Connection Information line, and the Media
p h n - t r Description line. Expand them to see more details.
Ra no • What codec will be used when exchanging media between the calling and
called parties? Take a look at the Media Description line in SDP.
• The ACK message
• Is there any response message in response to this message?
• Is this message in the same transaction as the one that the INVITE
message initiated?
Take a look at the branch parameter in the Via header field and the value
of the CSeq header field.
• The BYE message
• If a set of packet capture contains more than one BYE message, how do
you know which BYE message is in response to which INVITE message?

3. Take a look at the all the SIP messages captured by Wireshark during the call.
To display only the SIP messages captured in the Wireshark GUI, set the filter to sip
in the Filter field.
• How many transactions are involved in the call?

• What messages are involved in each transaction?
• Is there any dialog established in this call?
Step 7: Viewing SIP Packet Counter

In this step, you will view one of the SIP statistics – SIP packet counter.
1. Click Statistics on the menu bar in the Wireshark GUI.

s a
2. Select SIP from the Statistics menu. The SIP Packet Counter window
) h a
appears as below.
i l ฺ com
t m a deฺ
h o Gui
v o @ ent
e l cra window
S tudshould appear as on
p
the right. Examine the SIP Statistics h awindow.this
3. Click the Create Stat button. The SIP statistics
o ( ra use
• How many SIP packets v
l c e to with this call?
ra are associated
h c e nsassociated with the call are
e SIP packets
• How many ofathe
r a
methods? p le li
r a vo feraofbthe SIP packets associated with the call are
• How many
a e l c aSIPnsresponses?
p h n - tr
Ra no • How many of the responses associated with the call are
final responses?
• Is the number of final responses the same as the number

of methods associated with the call? Why?
• Are there any redirected packets, client and server

errors, and global failures during the call?
Step 8: Viewing RTP Streams

In this step, you will view two RTP streams of the call you made earlier: the calling party’s
RTP stream and the called party’s RTP stream.
1. Click Statistics on the menu bar in the Wireshark GUI, and select RTP from the
Statistics menu.
2. Select Show All Streams from the RTP menu. The RTP Streams window should
look like this:

ThThe first line is the calling party’s RTP stream, and the second line is the called
party’s RTP stream.
3. Examine the calling party’s RTP stream
a. Identify the following information indicated in the calling party’s RTP stream.
s a
• The source IP address and source port ) h a
i l ฺ com
• The destination IP address and destination port
t m a deฺ
• The payload type h o Gui
v o @ ent
b. Compare the RTP information with the one
e l crain SDPS
d INVITE message
tofuthe
captured in the Wireshark GUI.
p h a this
• Is the RTP destination a in SDPsethe same as the destination port in the
(rport
a
calling party’s RTP
r v streamtothatuyou examined earlier?
o
e c nse
lparty’s
h a
4. Examine the called
p l i ceRTP stream
o r a
a. Identifyb lefollowing information indicated in the called party’s RTP stream.
v
ra sfer a the
l c
e tran •• The source IP address and source port
p h a -
R a n o n •
The
The
destination IP address and destination port
payload type
b. Compare the RTP information with the one in SDP of the 200 OK message
captured in the Wireshark GUI. Populate your observations in the table below.
RTP Streams GUI 200 OK

Destination Port
Codec
• Does the SDP of the 200 OK message indicate which IP address and port
the RTP streams are originated from?
• Is the codec indicated in the RTP stream in the list of codecs offered by the
SDP of the INVITE message?
• Is it the codec indicated in the RTP stream the same as the codec specified
in the SDP of the 200 OK message in response to INVITE?

Step 9: Making a Cancelled Call

In this step, make a call to your partner. This time, hang up before your partner answers
the call. Remember to start the capture with Wireshark before placing the call, and stop
the capture after ending the call.
1. View the ladder diagram of the call.
You may have observed that when you hang up before your partner answers the call,
a CANCEL request is sent by the calling party. This CANCEL request is to cancel the
INVITE request it sent. The called party that receives the CANCEL request for the
INVITE, but has not yet sent a final response, "stops ringing", and then responds to
the INVITE with a specific error response – 487 Request Terminated.
2. View the messages of the call captured in the Wireshark GUI.

s a
• Which final responses are associated with which methods? ) h a
• How many transactions are there in the call? i l ฺ com
t m a deฺ
• What messages are included in each transaction? h o Gui
v o @ ent
l c ra Stthe
• Is the ACK message included in the same transaction as
u dINVITE message?
h a e is
( r ap se th
• Is there any dialog established in this call?
o toanyuestablished calls?
• Does a CANCEL requestvterminate
a
r
lc nse
a e
a p h
3. Save the capture
l i ce
as student#_cancel_call for future reference.
o r a Callbltoe a Non-Existing Number

v
a sfera
Step 10: Making
r
c
el In this n make a call to a non-existing number 192.168.0.99, wait until your
h a - t r astep,
p
noncall, and stop the capture after ending the call.
SJphone stops calling. Remember to start the capture with Wireshark before placing the
Ra
1. Observe the behavior of the SJphone, and the timestamp display on the SJphone
during the call.
2. When the SJphone finally stops calling,
• What error does the SJphone encounter?
• Examine the timestamps associated with each INVITE in your Wireshark capture.
How long does it take for the call to fail?
• How many INVITE messages are sent?
• What is the time between each INVITE that is sent?
3. Save the capture as student#_nonexistent_phone for future reference.

Step 11: Making a Call On-Hold

In this step, make a call to your partner. When the call connects, place your partner on
hold by clicking the Hold button, wait a few seconds, and then take your partner off of
hold by clicking the Hold button again. Remember to start the capture with Wireshark
before placing the call, and stop the capture after ending the call.
1. View the ladder diagram of the call and the messages captured in the Wireshark
GUI.
• What method is used to indicate call-on-hold, and how is it indicated in this

method?
• Which INVITE method takes off the call-on-hold?
• How many transactions are involved in the call? s a

) h a
• What messages are included in each transaction?
i l ฺ com
• Is there any dialog established in this call? t m a deฺ
h o Gui
2. Save the capture as student#_call_on_hold for future
v o @reference.
e n t
e l cra this S
d
tuexercise.
Tell your instructor that you have
h a i
completed
h s This scenario
( r ap se t
r a vo to u
a e lc nse
a p h l i ce
o r b le
v
ra sfer a
l c
p h ae -tran
Ra non

Exercise 2: Examining SIP Registration

In this exercise, you will register your endpoint with Asterisk, an IP PBX. You will place
several SIP calls and unregister your endpoint. This exercise is to expose you to SIP
operation with SIP servers, such as registrars.
You will use SJphone and Wireshark again to place and capture calls as you did in
Exercise 1: in the lab.
Follow the exercise instructions, and please do not make random calls in
this exercise.
Step 1: Setting up the Packet Capture Application

s a
1. Start Wireshark if it is not running.
) h a
2. Ensure the Filter field is set to sip||rtp.
i l ฺ com
t m a deฺ
3. Start the live capture on your media interface on our assigned IP
h o Gofuyour
address i
SJphone: 192.168.0.10# (where # is your student number).
v o @ ent
Leave Wireshark as it is for now, and move onlc
a tud
torthe next step.
a e i s S
h h
ap 2: ofseExercise
t 1: if you are not sure how to
Review the procedure inrStep
(
complete this step.
r a vo to u
a e lc nse
Step 2: Setting up
a p h IP Phone
the l i ce
v other SJphone
a b leapplication if it is not running.
l c
1. aStart
r s f er
h r an the SJphone instance to use the isip_reg profile.
ae 2.-tConfigure
p
Ra non3. Stop the live capture in Wireshark.
4. Save the capture to a file named as student#_register on the desktop of your
student workstation.
5. Review the procedure in Step 1: of Exercise 1: if you are not sure how to
complete this step.
Step 3: Examining SIP Registration

Once the isip_reg profile is in use, the SJphone starts to send REGISTER messages to the
SIP registrar for registration. The SIP registrar used in the class is Asterisk, an IP PBX
application.
1. Examine the SIP messages captured in the Wireshark GUI. They should look like this:

• What method does the SJphone use to register as an endpoint?
• Why does the SJphone keep sending REGISTER messages to the SIP registrar?
2. Examine details of the REGISTER message.
s a
• What is the value of the Request-URI in the REGISTER message? Whose
) h a
om
address does the Request-URI represent?
i l ฺ c
• What is the address in the From field?
t m a deฺ
h o Gui
v o @ ent
e l cra Stud
p h a this
o (ra use
The From header
l c avcontains
rfield e o address-of-record of the person responsible
tthe
a e ens
for the registration.
h
r a p le lic
a v opart r a b host
In the example above, there are two parts in the address in the From field: user
l c r s f e
7001 and part 192.168.0.100.
p h ae -tr•anWhat is the address in the To field? Is it an AOR?

Ra non The To field looks like this:
The To header field contains the AOR whose registration is to be created,

queried, or modified. The To header field and the Request-URI field typically
differ, as the former contains a user name, such as 7001.
• What is the address in the Contact field? What is it used for?
• What binding does the registrar create in the location service?

3. Examine details of the 200 OK message.
• What is the value of the expires parameter in the Contact field?
The Contact field in the 200 OK message in response of the REGISTER message
looks like this:
The 200 OK response to the REGISTER request contains, in the Contact header
field, a complete list of bindings that have been registered for this address-of-record at
this registrar. In this example, sip:7001@192.168.0.101 is the binding that is
s a
registered for the AOR sip:7001@192.168.0.100.
) h a
l ฺ com
In the 200 OK message, the expires parameter in the Contact field indicates how
i
long (in seconds) a binding will be valid.
t m a deฺ
h o Gui
Step 4: Examining SIP Deregistration
v o @ ent
1. Restart the live capture in Wireshark.
e l cra Stud
p h a this
2. Shutdown your SJphone application.
( r a sthe
When
e SJphone is shutdown, it deregisters
from the SIP registrar.
r a vo to u
e
3. When deregistration
a e sethe live capture and save it to a file named as
lcis done,nstop
r a ph le lic on the desktop of your student workstation.
student#_deregister
a vo fthe
4. Examine
r e r abmessages captured in Wireshark. They look like this:
SIP
a e l c ans
p h n - tr
Ra no
• What method was used to unregister your endpoint?
• How is a REGISTER message for requesting for registration or deregistration

distinguished?
Take a look at the Contact field in the REGISTER message for registration and the
Contact field in the REGISTER message for deregistration.
• What is the address in the From and To field?
Tell your instructor that you have completed this exercise. This scenario

Exercise 3: Examining Call Flows with B2BUA

In this exercise, you will make a call that will go through a B2BUA. You will then examine the
SIP messages flowing in and out of the B2BUA. The Asterisk application acted as a registrar
in the previous exercise. It will act as a B2BUA in this exercise when you make a call that will
go through it.
Step 1: Making a Registered Call

In this step, you will make a call to your partner, using your partner’s extension number
instead of the IP address. Student numbers and their extension numbers are listed in the
table below:
Student Number Extension Number

Student 1 7001
s a
Student 2 7002
) h a
com
Student 3 7003
Student 4
Student 5
7004
7005 i
a deฺl ฺ
Student 6 t
o Guim
Student 7
7006
7007 h
@ ent
v o
cra Stud
Student 8 7008
e l
a appear,
1. Restart SJphone. The SJphone GUI should
p h t h s ensure the isip_reg profile is
iand
still in use.
o (ra use
2. Start the live capture inra v
Wireshark. to
l c e
nsyour partner’s extension number.
e partnerewith
h a
p le li
3. Make a call to your c
r a
a votheflive
4. Stop
r e r ab in Wireshark when the call is complete.
capture
a e l c5. Save
a n s
r the capture in a file named as student#_registered_call on the desktop
ph on-tof your student workstation.
R a n
Step 2: Examining the SIP Messages of the Registered Call
1. Examine the call capture in Wireshark.
• What two points do you see the SIP messages flow in and out of?
• Is your partner’s endpoint listed in the call capture? Why?
• Whose address is the 192.168.0.100 address?
Step 3: Examining the Call Flows and SIP Messages

The instructor runs a sniffer on the IP PBX, Asterisk, in this course. The sniffer captures both
sides of your calls. You can examine the SIP messages flowing between your endpoint and
the B2BUA and between the B2BUA and your partner’s endpoint.
1. Open an Internet browser and navigate to http://10.0.3.100. A list of folders

should appear in the browser like this:

2. Click the folder marked with the date the call was placed. A list of calls that were
captured should appear in the browser like this.
s a
) h a
i l ฺ com
a between
There are two entries for your call. One entry contains the SIP messages
t m d e ฺthe
calling party’s endpoint and the B2BUA. The other entry contains
ho t Gu
the SIP i
messages
between the B2BUA and the called party’s endpoint.
v @
o den
3. Select and save each entry to the files namedlas r a
c call1Sandtucall2 on the desktop of
a e
ph e this
your student workstation.
r a
in( Wireshark.
4. Merge call1 and call2 files
a v o t o us
a. Open call1e l cinr Wireshark.
n se
a e
ph le lic select call2, select Merge packets
b.ra
Select File->Merge,
r a f e r ab
vo chronologically, and then click the Open button.
c
el tran s
p h a -
Ra non

Wireshark should now show SIP messages exchanged between the calling
party and the registrar, and between the registrar and the called party
chronologically like this:
c. Save the merged call capture in the file called student#_isip on your
desktop on your student workstation.
5. Display the ladder diagram.
s a
) h a
i l ฺ com
t m a deฺ
h o Gui
v o @ ent
e l cra Stud
p h a this
o (ra use
l c rav se to
p h ae licen
o ra ble
c r av a.sFrom
f e rathe menu bar in Wireshark GUI, select Statistics -> VoIP calls.
h a el tran The VoIP Calls window opens and lists both calls.
p -
Ra non
b. Select both calls by clicking both entries, and then click the Graph button.
The ladder diagram should appear. It should show the call flow that goes
through a B2BUA, i.e. Asterisk, between two endpoints.
6. Examine the call flow and the SIP messages exchanged among the two endpoints
(you and your partner) and the B2BUA, Asterisk.
• How many IP addresses are displayed? Fill in the IP addresses in the table below:
Source IP B2BUA IP Destination IP

• Why are there two INVITE messages in the call between the endpoints of yours
and your partners?
• Compare the Call-ID in the originating INVITE with the re-originated INVITE.
Are they the same? Why?
• Compare the From and To fields in the originating and re-originated INVITE
messages. Are the fields the same? Why?
• When placing the call, you only used your partner’s extension number, instead of
the IP address. How was your partner’s endpoint located?
s a
) h a
i l ฺ com
t m a deฺ
h o Gui
v o @ ent
e l cra Stud
p h a this
o (ra use
l c rav se to
p h ae licen
o ra ble
c r av sfera
h a el tran
p -
Ra non

s a
) h a
i l ฺ com
t m a deฺ
h o Gui
v o @ ent
e l cra Stud
p h a this
o (ra use
l c rav se to
p h ae licen
o ra ble
c r av sfera
h a el tran
p -
Ra non

sdcs lab - network diagram
with a single SD
wancom0
SD
ble
10.0.3.11 1 fe r a
an s
n - t r
no
s a
Hub/Switch ) ha
c o m
a ฺ
il eฺ
m
ot Guid
h
a v o@ dent
e l cr Stu
p h a this
o (ra use
l c rav se to
h a e en
rap lic
v o
10.0.3.1l cra 10.0.3.3
h ae
student1
p
student3 10.0.3.5 10.0.3.6
Ra student5 student6
10.0.3.2
student2 10.0.3.4
student4
Copyright Acme Packet, Inc sdcs.6.j.ld - 0

sdcs-LG
Net-Net Session Director Concepts
(Single Net-Net SD)
Overview
The Session Initiation Protocol (SIP) is an application-layer control (signaling) protocol for
creating, modifying, and terminating sessions with one or more participants. The Net-Net
Session Director (Net-Net SD) supports SIP signaling for the creation, management and
termination of multimedia sessions. It is important to understand SIP operation prior to
configuring your Net-Net SD.
In this lab, you configure the elements and sub-elements needed to process SIP
s a
signaling on the Net-Net SD. These elements include:
) h a
• Realm
• Sip-interface i l ฺ com
• Sip-port
t m a deฺ
• Sip-config h o Gui
v o @ ent
You will also configure elements needed for the Net-Net
l c ra Stothandle
SD
u d media (RTP)
traffic. These elements include:
h a e is
• Media-manager ( r ap se th
• Steering-pools
r a vo to u
a e lc willsediscuss the findings as a group.
this lab, wen
At the conclusion of
a p h l i ce
Acme o r Net-Net
Packet’s b leConfiguration Basics courses are delivered at both our
r v
headquarters
f e r
aSD, restricting
and aremote sites. Remote site course delivery normally uses a single Net-
e cNet s
l single-instance
n the way student groups configure items, such as boot parameters and
h a - t r a elements. Courses at our Headquarters in Burlington and Madrid
p n
Ra no implement multiple
lab exercises.
Session Directors, which allows greater student participation during
Table of Exercises:
Exercise 1: Configuring Realms ...................................................................................... 2
Exercise 2: Configuring SIP Interfaces ............................................................................ 3
Exercise 3: Configuring Media Services .......................................................................... 6
Copyright © 2011 Acme Packet, Inc. sdcs.6.j.lg-1

Net-Net Session Director Concepts (Single Net-Net SD)
Exercise 1: Configuring Realms

In this exercise, you will configure realms in the Net-Net SD needed for signaling. Your new
configuration will be built on top of the existing configuration.
Step 1: Viewing the Existing Configuration

1. Launch PuTTY/Tutty to telnet to your assigned Net-Net SD.
2. View the existing configuration.
• Which version of the configuration should you review, saved, running, or it does not
matter because they are the same?
• The existing configuration contains many elements. Focus on the elements listed in
s a
the table below, and fill in the information regarding these elements.
) h a
Element Name Identifier Identifier
l ฺ om
cInstance
Single/Multiple
i
a deฺ
phy-interface t m
o Gui
h
@ ent
network-interface
v o
system-config
e l cra Stud
h a configuration
You will view other elements in thepexisting t his in later exercises in this
( r a e
module.
a v o t o us
l cr arenssingle-instance
• What types of elements
e e elements and what are multiple-
a
ph le lic
instance elements? e
r a
r a vo feraabPeer Realm
Step 2: Configuring
a e l c1. Useanthesfollowing data to configure the peer realm.

p h n - tr
Ra no Parameter
identifier
Value
peer# (# is your student number)
network-interfaces M00:0
addr-prefix 0.0.0.0
The configuration element is realm-config. The ACLI path is media-manager >

realm-config.
If you are not sure how to configure a peer realm, review the following commands (# is
your student number).
training(realm-config)# identifier peer#
training(realm-config)# network-interfaces M00:0
training(realm-config)# addr-prefix 0.0.0.0
2. Issue done when finishing configuring the realm-config element.
sdcs.6.j.lg-2 Copyright © 2011 Acme Packet, Inc.

Step 3: Configuring a Core Realm

Follow the same procedure as in the previous step to configure a core realm in the realm-
config element, using the following data.
Parameter Value
identifier core# (# is your student number)
addr-prefix 0.0.0.0
Step 4: Viewing your Configuration

1. View your realm configuration. Ensure that you have configured two realms, one is
peer# and the other is core# (# is your student number).
s a
Do NOT save or activate your configuration. The instructor will do so later in the lab.
) h a
i l ฺ com
t m a deฺ
h o Gui
v o @ ent
e l cra Stud
p h a this
o (ra use
l c rav se to
p h ae licen
o ra ble
c r av sfera
h a el tran
p -
Ra non

Exercise 2: Configuring SIP Interfaces

In this exercise, you will enable SIP configuration, and configure two SIP interfaces: one for the
peer realm, and the other for the core realm.
Step 1: Examining SIP Configuration

1. View the sip-config element. This element is already defined in the existing
configuration.
training# show running-config sip-config
2. Check whether the state and dialog-transparency parameters are set as

below.
s a
Parameter Value
) h a
com
state enabled
dialog-transparency disabled
i l ฺ
• Why must the state of the SIP configuration be enabled? ot
ma uideฺ
@ h tG
a
• What is the purpose of disabling dialog transparency?
r v uden
o
a e lc S t
Step 2: Configuring a SIP Interface for the
ph Peer t is
hRealm
( r a e
a v o
1. Configure the SIP interface for us using the following data.
the peer realm
t o
l r is sip-interface.
The configuration element
s e
csip-interface. The ACLI path is
e
ha lice
session-router > n
a p
r Parameter le
a v o r a b Value
e l cr nsfe realm-id peer# (# is your student number)
p h a
n - ra rest of the parameters of this element will use the default values.
tThe
Ra no If you are not sure how to configure the SIP interface, review the following command
training(sip-interface)# realm-id peer#
2. Configure a SIP port for the SIP interface using the following data.
The configuration element is sip-port, a sub-element of sip-interface. The
ACLI path is session-router>sip-interface>sip-ports.
Parameter Value
address 192.168.0.1# (# is your student number)
The rest of the parameters of this element will use the default values.
If you are not sure how to configure the SIP port, review the following commands (# is
your student number):
training(sip-interface)# sip-ports
training(sip-port)# address 192.168.0.1#

3. Issue done to commit the sip-ports configuration when finishing configuring the
sip-port sub-element, and return to the sip-interface element.
4. Issue done again to commit the sip-interface configuration.

Step 3: Configuring a SIP Interface for the Core Realm

Use the same procedure as in the previous step to configure a SIP interface and SIP port
for the core realm.
• Use the following data for the SIP interface:
Parameter Value
realm-id core# (# is your student number)
• Use the following data for the SIP port of the SIP interface: s a
) h a
Parameter Value
i l ฺ com
t m a deฺ
Step 4: Viewing the SIP Interfaces h o Gui
v o @ ent
1. View your configuration.
e l cra Stud
• Ensure that the configuration now p h a twothSIPisinterfaces, one is for the peer
contains
o ra realm.
realm and the other is for the (core
u s e
v
rainterface to a SIP port configured as well.
c
• Ensure that eachlSIP
e ens econtains
h a
phow theleSIPlicinterfaces are bound to the realms, and how realms are
r a
• Examine
o to the bnetwork interfaces.
a v bound
r a
e l c2.r Verifynyour
s feconfiguration. Do NOT save or activate your configuration. The instructor
p h a
n - rado so at the end of the lab.
twill
Ra no
Step 5: Make a Call to your Partner
1. Start the SJphone application if it is not running.
2. Configure the SJphone instance to use the peer profile. Review the isip lab if you are
not sure how to perform this task.
3. Make a call using your partner’s extension number as you did in Exercise 3 in the
isip lab. Based on the current configuration and your experience with the call,
• Was your call to your partner successful? Why do you think the call failed?
• Can the Net-Net SD route SIP signaling?
• Can the Net-Net SD manage media?

Exercise 3: Configuring Media Services

In this exercise, you will configure media-related elements: a media manager, and two steering
pools, one for the peer realm and one for the core realm.
Step 1: Examining Configuration of the Media Manager

1. Examine the media manager configuration. This element is already defined in the
existing configuration.
training# show running-config media-manager
• What value is assigned to the latching parameter?
• Why must the state of the media manager be enabled?

s a
Step 2: Configuring a Steering Pool for the Peer Realm
) h a
i l ฺ com
1. Configure the steering pool for the peer realm using the following data. The rest of the
parameters of the element use the default values.
t m a deฺ
h o Gui
Parameter Value @
v onumber) en
t
a tud
(# is your student
192.168.0.1#lcr
ip-address
a e i s S
realm-id peer#
h
ap se t h
start-port
( r
20000
end-port
r a vo to u
29999
The configuratione
a element
e se
lc isnsteering-pool. The ACLI path is
media-manager
a h
p le li > c
steering-pool.
r b
2. a
r vo done
Issue
f e toasave the steering-pool configuration when finishing configuring the
r
a e l c steering
a n spool.
r
ph on3.-tView the steering pool configuration.
R a n
• What is the purpose of the steering pool?
• How is the steering pool bound to the peer realm?
• What is the steering pool allocation range?

Step 3: Configuring a Steering Pool for the Core Realm

1. Follow the same procedure as in the previous step to configure the steering pool for
the core realm using the following data.
Parameter Value

ip-address 172.16.0.1#
realm-id core#
start-port 30000
end-port 39999
2. View the steering pool configuration.
• How is the steering pool bound to the core realm?

s a
• What is the steering pool allocation range?
) h a
Step 4: Viewing the Configuration i l ฺ com
t m a deฺ
1. View your configuration and answer the following questions. ho
G ui
v o @ ent
l c ra Sfor
• In what element are the IP address and port configured
t u d signaling?
SIP
• In what element are the IP address and h a e is for media handling?

ap se th
port configured
( r uwill the call be successful?
• If you make a call to your
r a vopartner again,
t o
a e lc nse
ce
a p h l i
o
Do NOT r save orblactivate
e your configuration. Your instructor will perform
r v
aTell your
these
e
tasks
f a
r everyone has completed the lab.
when
e c
l and n s instructor that you have completed this exercise. This scenario
h a - t r a answers will be discussed in class as a group.
p n
Ra no

s a
) h a
i l ฺ com
t m a deฺ
h o Gui
v o @ ent
e l cra Stud
p h a this
o (ra use
l c rav se to
p h ae licen
o ra ble
c r av sfera
h a el tran
p -
Ra non

peer lab – physical network map
student1  student8
192.168.0.100
student2 student1
ble
physical:network
fe r a
interface name
ans
M00:0
SD n - t r
student3
no 172.16.0.10
s a
) ha physical:network
0/0
c o m interface name
student4 a ฺ
il eฺ M10:0
m
ot Guid
h
a v o@ dent
student5
e l cr Stu 1/0
h a i s core
student6 ( r ap se th
a v o to u
a e lcr nse
a p h l i cestudent8
r
student7
o
ra v
l c
p hae
Ra
All PCs also connected
to hub going to wancom0: wancom0
studentx: 10.0.3.x 10.0.3.11
Copyright Acme Packet, Inc peer1.6.j.ld - 0

peer lab – logical network map
bl e
fe r a
an s
n - t r
Realm ID: peer1
a no ID core1
Realm :
ha s
192.168.0.101 192.168.0.11 LP+ HMR
m )
172.16.0.11 172.16.0.100
ฺ c o
a il eฺ
m
ot Guid
Realm ID: peer2 h
o@ dent
Realm ID core2
:
LP+ HMR
a v
192.168.0.102 192.168.0.12
e l cr Stu 172.16.0.12 172.16.0.100
p h a this
o (ra use
Realm ID: peer3
l c rav se to Realm ID core3
:
h a e en
192.168.0.103
a p l
192.168.0.13
i c LP+ HMR
172.16.0.13 172.16.0.100
r
r a vo
l c
p h ae Realm ID: peer4
Realm ID core4
:
a
R192.168.0.104 192.168.0.14
LP+ HMR
172.16.0.14 172.16.0.100

bl e
fe r a
an s
n - t r
Realm
: ID peer5
a no IDcore5
Realm :
ha s
192.168.0.105 192.168.0.15 LP+ HMR
m )
172.16.0.15 172.16.0.100
ฺ c o
a il eฺ
m
ot Guid
Realm
: ID peer6 h
o@ dent
Realm ID core6
:
LP+ HMR
a v
192.168.0.106 192.168.0.16
e l cr Stu 172.16.0.16 172.16.0.100
p h a this
o (ra use
Realm
: ID peer7
l c rav se to Realm ID core7
:
h a e en
192.168.0.107
a p l
192.168.0.17
i c LP+ HMR
172.16.0.17 172.16.0.100
r
r a vo
l c
p h ae Realm
: ID peer8
Realm ID core8
:
a
R192.168.0.108 192.168.0.18
LP+ HMR
172.16.0.18 172.16.0.100

peer1-LG
SIP Configuration in a Peering Environment
(Single Net-Net SD)
Overview
In this lab you configure the routing and translation parameters for the Net-Net Session
Director (Net-Net SD) in order to operate in a SIP peering environment.
To complete the lab, you perform the following tasks:

• Verifying the existing configuration to gather information you will need to complete
the lab.
• Configuring local policies to allow routing functionality without translation (simulating
s a
PBRB).
• Configuring translation functionality in the form of Header Manipulation Rules. ) h a
i l ฺ com
• Configuring a session agent and observe the call admission control constraints
provided by the allow-anonymous parameter of the Sip Interface.
t m a deฺ
• Monitoring and testing your configuration by placing SIP calls using the SJphone
application through the Net-Net SD. h o Gui
v o @ ent
cra Stuset
Refer to your student guide, lab diagram and the documentation
e l d on your workstation
desktop if you forget any of the command syntax.
p h a this
Acme Packet’s Net-Net Configuration
o (raBasics u s e are delivered at both our
courses
headquarters and remote sites.
r a v groups
Remote
t o
site course delivery normally uses a single Net-
e l c Courses
Net SD, restricting the way student
n s eour Headquarters
configure items, such as boot parameters and
p h aSessionlicDirectors,
single-instance elements.
e at in Burlington and Madrid
o ra ble
implement multiple
lab exercises.
which allows greater student participation during
c r avof Exercises:
s f e ra
h a el Exercise
Table
t r an1: Configuring Policy-Based Realm Bridging (PBRB) ...................................... 2
p -
Ra nonExercise 2: Creating Header Manipulation Rules (HMR) ................................................ 5
Exercise 3: Configuring SIP Access Control in Peering ................................................ 11
Copyright © 2011 Acme Packet, Inc. peer1.6.j.lg-1

SIP Configuration in a Peering Environment (Single Net-Net SD)
Exercise 1: Configuring Policy-Based Realm Bridging (PBRB)

In this exercise, you will create a PBRB configuration that provides one-to-one (static) realm
bridges between your peer and core realms. To do this, you use previously configured peer and
core realms with SIP interfaces and steering pools. You will then add a local policy for each realm
to support routing.
Do not change any of the existing configuration parameters unless you are
instructed to do so. You will build on these parameters throughout this lab.
Changing them may cause configuration errors.
Step 1: Examining the Existing Configuration

1. Launch PuTTY/Tutty to telnet to your assigned Net-Net SD. Ensure that you are on
your assigned Net-Net SD.
s a
) h a
om
2. Use the show command to view the existing configuration.
i l ฺ c
The exsiting configuration should already contain these types of elements:
t m a system- d e ฺ
config, physical-interface, network-interface, realm-config,
ho t Gu i
sip-
config, sip-interface, media-manager, steering-pool.
v @
o den
When viewing the configuration, fill in the tablelc r a tu fill in thefrom
below with information your
a e S
s built on top of each other and
realm. iOnce
a h elements
configuration for the peer realm and the core
phow t h are you information,
r
this table should help you see clearly
how they are bound together. (
o to us e
a v
Element Namee l cr nse Peer Realm Core Realm
a
ph le lic e realm-id,ip-address realm-id,ip-address
r a
steering-pool
r a vo ferab
a e l c ansip-interface
s realm-id,ip-address realm-id,ip-address
ph on-t r
R a n id,network-interface id,network-interface
realm-config
name,ip-address name,ip-address
network-interface
name,slot,port name,slot,port
phy-interface
• What SIP interface is configured for each realm, and how are they linked to the
realms?
• What media interfaces are configured for each realm and how are they bound to the
realm?
• What is an example of an element still needed to route the calls?
peer1.6.j.lg-2 Copyright © 2011 Acme Packet, Inc.

Step 2: Configuring a Local Policy for the Peer Realm

In this exercise, you will configure a local policy for your peer realm.
1. Configure a local policy for your peer realm, using the following data and the settings
indicated on your lab diagram.
Parameter Value
from-address * (a wild card)
to-address * (a wild card)
source-realm peer# (# is your student number)
The configuration element is local-policy. The ACLI path is

session-router> local-policy.
2. Configure the policy attributes for the local policy, using the following data.
s a
) h a
com
Parameter Value
next-hop
realm
172.16.0.100
core# (# is your student number) i
a deฺl ฺ
t m
o Gofuthei
h
@ ent
The configuration element is policy-attributes. It is a sub-element
v o
cra Stud
local-policy element. The ACLI path is session-router>local-
policy>policy-attributes.
e l
a this
p h
a hopintosthe
configured to use Asterisk asothe (rnext
172.16.0.100 is IP address of Asterisk
u e core realm. So the Net-Net SD is
route signaling to the appropriate egress
a v t o
realm.
e l cr nse
p
3. Issue done to a lthe
hcommit i c epolicy-attributes configuration, and return to the
o r a
local-policy
b le
element.
v
raIssue done
f a
eragain to commit the local-policy configuration.
l c s
an
4.
p h ae 5.-tExamine
r
Ra non
the local policy that you just configured.
• If your configuration is saved and activated, when you make a call, can the Net-Net
SD route the call, and why?
Step 3: Configuring a Local Policy for the Core Realm

In this exercise, follow the same procedure as in the previous step to configure a local policy
for your core realm.
• Using the following data and the settings indicated on your lab diagram to configure
the local-policy element.
Parameter Value
from-address * (a wild card)
to-address * (a wild card)
source-realm core# (# is your student number)
• Using the following data and the settings indicated on your lab diagram to configure
the policy-attributes element.

Parameter Value
next-hop 192.168.0.10#
realm peer# (# is your student number)
192.168.0.10# is the IP address of your SJphone in the peer realm. So the Net-Net
SD is configured to use your SJphone as the next hop.
Step 4: Viewing and Verifying the Configuration

1. Examine your configuration. Ensure that two local policies are configured, one for the
peer realm, and one for the core realm.
• After your configuration is saved and activated, you make a call, will the call be
successful, and why?
2. Verify your configuration. Ensure there are no referential errors. s a

) h a
com
Do NOT save or activate the configuration. Your instructor will perform the
tasks when everyone has completed this portion of the exercise.
i l
a deฺ ฺ
t m i
othe labGexercise.
u
Tell your instructor that you have completed this portion of
Wait until the instructor has saved and activated the@
h t before
v o e n
configuration
cra Stud
continuing to the next step.
e l
a this
Step 5: Testing the Local Policies
p h
o (ra uscompletede
Once both you and your partner have
a v successfully
r to teststhe t o all previous steps, you should
be able to call each other using
l c each of
e
your extension number as you did in some previous
topology hiding. ph
ae licen
exercises. This should allow you local policies that you configured and examine
o ra ble
r v SJphone
1. aStart
f e raif it is not running. Ensure the peer profile is in use.
c
el 2. tStart s
h a - r anthe live capture in Wireshark.
p
Ra non a. Ensure the Filter field is set to sip.
b. Ensure to capture on the media interface of the 192.168.0.0 network.
3. Ask your partner to call you. The call should be successful. Check your configuration if
the call failed. If you cannot resolve the issues, ask the instructor for help.
4. Stop the live capture in Wireshark when the call is complete. This capture should
contain the SIP messages at the peer side.
5. Examine the SIP messages captured during the call received from your partner. Pay
attention to the SIP URI in the From and To fields of the INVITE message.
• Do you see any IP address leak between realms in the call captures, and why?
6. Save the call capture in a file named as peer1#A on the desktop of your student
workstation (# is your student number).

Exercise 2: Creating Header Manipulation Rules (HMR)

In the last exercise, you saw that addresses leaked between realms. Header Manipulation Rules
(HMR) provides a mechanism for targeting specific fields for translation. You will configure HMR
that translates the SIP from and To headers so that the addresses will not leak between realms.
Step 1: Creating an HMR

In this step, you create a sip-manipulation element.
1. Create the sip-manipulation element with the following data.
Parameter Value
name NAT_IP#
s a
description “Student# peer# HMR”
) h a
The ACLI path is session-router> sip-manipulation. The sip-
i l ฺ com
manipulation element is a multiple-instance element.
t m a deฺ
h o Gui
As you can see that the sip-manipulation element does
manipulation rules yet. In the next couple of steps,a v owill@create n trulesanytoheader
not contain
e
both the To header field, and the From headerlc r Stud
you the translate
h a e is
field.
Step 2: Creating a Rule for the To(Field r ap se th

a u
voand antoelement
l
In this step, you create a headerr rule
s e SIP request
c everynincoming rule for the To header field in the sip-
manipulation element.
h e
a lice
For message, the Net-Net SD will use
r a p
the rules to replace the host
l e portion of the URI in the To field with the IP address of the next
r a vo ferab
hop, $REMOTE_IP.
a e l c1. Navigate
a n s to header-rules, a sub-element of the sip-manipulation element.
r
ph on-tThe ACLI path is session-router>sip-manipulation>header-rules.
R a n training(sip-manipulation)# header-rules
training(sip-header-rules)#
2. Use the following data to create a header-rules element. The header-rules

element is a multiple-instance element.
Parameter Value
name To
header-name To
action manipulate
msg-type request
3. Navigate to the element-rules, a sub-element of the header-rules element.

The ACLI path is session-router>sip-manipulation>header-rules>
element-rules.
training(sip-header-rules)# element-rules
training(sip-element-rules)#

4. Use the following data to create an element-rules element. The element-rules

element is a multiple-instance element. Note that the parameter-name value is blank.
Parameter Value
name To
parameter-name
type uri-host
action replace
match-val-type ip
new-value $REMOTE_IP
5. Issue done to commit the element-rules configuration, and return to the header-
rules element.
6. Issue done to commit the header-rules configuration, and return to the sip-
s a
) h a
7. Issue done to commit the sip-manipulation configuration.
i l ฺ com
m
Your sip-manipulation element now should look like this (# istyour
astudentdeฺ
number): h o Gui
v o @ ent
sip-manipulation
l ra Stud
cNAT_IP#
name
h e
a Student# is peer# HMR
description
p t h
(ra use
header-rule
name
v o o
To
l c ra se t
header-name To
h e action
a match-value
e n
comparison-type
manipulate
case-sensitive
p l i c
o ra blemsg-type request
v a
ra sfer methods new-value
l c
p h ae -tran element-rule
R a n o n name
parameter-name
To
type uri-host
action replace
match-val-type ip
comparison-type case-sensitive
match-value
new-value $REMOTE_IP
last-modified-by admin@10.0.3.1
last-modified-date 2011-03-26 20:19:34
Step 3: Creating a Rule for the From Field
For every incoming SIP request message, the Net-Net SD will use the rules to replace the
host portion of the URI in the From field with the IP address ($LOCAL_IP) of the SIP
interface on which the message is received from for inbound manipulation or sent on for
outbound manipulation.
In this step, you add a header rule and an element rule for the From header field in the sip-
manipulation element. The procedure is the same as in the previous step.

1. Navigate to the sip-manipulation element named NAT_IP# that you created (# is

Ensure that you are in this element. Otherwise, you will end up creating a new sip-
manipulation element, and adding the header rule and element rule in new sip-
manipulation element, not the one named NAT_IP#.
2. Use the following data for another header rule. This header rule is for the From field.
Parameter Value
name From
header-name From
action manipulate
msg-type request
s a
The configuration element is header-rules, a sub-element of the sip-
manipulation element. The ACLI path is session-router>sip- ) h a
manipulation>header-rules.
i l ฺ com
t m a value d e ฺis
3. Use the following data for the element rule. Note that the parameter-name
blank. ho t Gu i
@
vo uden
r a
From elc t
Parameter Value
a S
his
name
parameter-name
a h
puri-host t
type
o r
( replaceus e
action
a v t o
match-val-type
new-valueae
lcr nse ip
p h l i c e $LOCAL_IP
ra blelement
Theoconfiguration
e is element-rules, a sub-element of the header-rules
v a
er ACLI path is session-router>sip-manipulation>header-
raelement.sfThe
l c
p h ae -tranrules>element-rules.
Ra non4. Issue done to save the element-rules configuration, and return to the header-
rules element.
5. Issue done to save the header-rules configuration, and return to the sip-
6. Issue done to commit the sip-manipulation configuration.
7. View the sip-manipulation element, it should contain two header-rule

elements, one is for the To field, and one is for the From field. Each header-rule
element should contain an element-rule element rule that specifies how to
manipulate the elements in each header field.

Now, your sip-manipulation element should look like this (# is your student
number):
sip-manipulation
name NAT_IP#
description Student# peer# HMR
header-rule
name To
header-name To
action manipulate
match-value
msg-type request
new-value
methods
element-rule
name
parameter-name
To
s a
type uri-host
) h a
com
action replace
match-val-type
comparison-type i l
a deฺฺ ip
case-sensitive
match-value t m
o Gui
new-value h
@ ent
$REMOTE_IP
header-rule
v o
cra Stud
name From
header-name
e l
a this
From
action
p h manipulate
(ra use
match-value
o
rav se to
msg-type request
l c new-value
p h ae licen methods
element-rule
o ra ble name From
c r av sfera parameter-name
type uri-host
h a el tran action replace
p - match-val-type ip
Ra non comparison-type
match-value
case-sensitive
new-value $LOCAL_IP
last-modified-by admin@10.0.3.1

Step 4: Applying the HMR to the Realms

You have created the rules to manipulate the From and To fields. Now you need to apply the
rules to the outbound traffic of the peer and core realms.
1. Apply the rules to the outbound traffic of the peer realm. The ACLI path is media-
manager>realm-config.
a. Select the realm-config for the peer realm.

b. Use the following data to set the out-manipulationid parameter.
Parameter Value
out-manipulationid NAT_IP# (# is your student number)
c. Issue done to commit the realm-config configuration.

a
2. Apply the rules to the outbound traffic of the core realm. The configuration element ) is h
as
realm-config. The ACLI path is media-manager>realm-config.
i l ฺ com
t m a deฺ
a. Select the realm-config for the core realm.
b. Use the following data to set the out-manipulationid h o parameter.
G ui
v o @ ent
Parameter
e l c(#risaValue
yourS
tud
out-manipulationid
p h a this
NAT_IP# student number)
a se configuration.
(rrealm-config
c. Issue done to commit the
a v o t o u
r
lc the e
sConfiguration
a e
Step 5: Viewing and Verifying
e n
1. Examiner a phHMRleconfiguration.
your lic
r a f e ab should contain one sip-manipulation element named as
voconfiguration
r
a e l c NAT_IP#.
Your
a n s It should contain two header-rule elements, one is for the To field, and
r
ph on-tone for the From field. Ensure the name of the header manipulation rules is set to the
R a n out-manipulationid parameter of the realm-config element, so that the rules
can be applied to the outbound SIP traffic.
Tell your instructor that you have completed this portion of the exercise.
Wait until the instructor has saved and activated the configuration before

Step 6: Testing the Header Manipulation Rules

Once both you and your partner have successfully completed all previous steps, you should
be able to call each other using each of your extension number as you did in some previous
exercises. This should allow you to test the header manipulation rules that you configured
and examine the topology hiding capability.
1. Start SJphone if it is not running. Ensure the peer profile is in use.
2. Start the live capture in Wireshark.
a. Ensure the Filter field is set to sip.

b. Ensure to capture on the media interface of the 192.168.0.0 network.
3. Ask your partner to call you. Remember to capture the call received from your partner
with Wireshark. s a
) h a
com
The call should be successful. Check your configuration if the call failed. If you cannot
resolve the issues, ask the instructor for help.
i l
a deฺ ฺ
t m
o Gshould ui
4. Stop the live capture in Wireshark when the call is complete. This
contain the SIP messages at the peer side. @ enth capture
v o
5. Examine the SIP messages captured during the l c ra received
call
S t d your partner. Pay
ufrom
attention to the SIP URI in the From and To
h e
a fieldsthofithe
s INVITE message.
p
• Is there still IP address leak o (rathe core
from u s e
realm to the peer realm? If there is any,
l c rav se to
check your HMR configuration.
h
• If there is no
p aIPeaddress
l i c n what are the SIP URIs in the From and To fields
eleak,
now?
o ra ble
r v fera
aSave
e c
l workstation.
6.
n s call capture in a file named as peer1#B on the desktop of your student
the
a r a
a ph on-t
R n
Tell your instructor that you have completed this exercise. This scenario and
answers will be discussed in class as a group.

Exercise 3: Configuring SIP Access Control in Peering

The SIP access control in a peering environment is achieved by coordinating the
configuration of the following two parameters:
• The allow-anonymous parameter, in the sip-port sub-element of the sip-

interface element.
• The addr-prefix parameter, in the realm-config element.
The table below shows that you can configure SIP access control for three scenarios in a
peering environment.
Value of Value of
allow-anonymous addr-prefix Allowed Access
All SIP traffic from any realm regardless of
s a
all
the value of addr-prefix
) h a
com
SIP traffic from both the realm with the
IP address/number of bits
realm-prefix
e.g. 192.168.0.0/24
i l
a deฺฺ
address that match the address specified by
addr-prefix, and the session agents
t m
oagentsG ui
agents-only
h
SIP traffic from session
@ ent
only
v o
l
In this exercise, you will configure the SIP access control
e crafor twoSscenarios:
tud
• Allow only the traffic from certain peer p h a to access
t histhe Net-Net SD as specified by
r a realms
e
o ( thetoNet-Net
us SD as specified by the 3 row of the
nd
the 2 row of the table.
• Allow only session agentsatovaccess
rd
table.
e l cr nse
a p hthea Current
l i ceSIP Access Control
Step 1: Examining
o r b le
v a
ervalue of the allow-anonymous and addr-prefix parameters in the
raExaminesfthe
l c 1.
h ae -tcurrentr an configuration.
p
Ra non2. Fill in your current access control findings in the following table
Value of Value of
As you can see that the current configuration allows all SIP traffic from any realm to
access the Net-Net SD, because the allow-anonymous parameter is set to all.

Step 2: Configuring the SIP Access Control to Allow Certain Realms

In this step, you will configure the SIP access control to allow only the traffic from a certain
peer realm to access the Net-Net SD.
Read the instructions carefully and only perform the tasks that you are
instructed to.
1. Examine the realm-config and sip-interface elements in your current

configuration. There should be two realms and two SIP interfaces configured, one is
for the peer realm, and one is for the core realm.
• Which one of the realms and SIP interfaces should you configure for this the SIP
access control scenario?
2. Use the following data to configure the SIP access control on the appropriate realm s a
and SIP interface.
) h a
Parameter Value
i l ฺ com
allow-anonymous realm-prefix
t m a deฺ
addr-prefix 192.168.1.0/24
h o Gui
v o @ e n t the
cra Stud
Remember to issue done when you finish configuring an element to commit
configuration.
e l
a this
p h
tasks when everyone has o (ra this
Do NOT save or activate the configuration.
u s e Your instructor will perform the
a v completed
r youshave t o portion of the exercise.
e l
Tell your instructor cthat n e completed this portion of the exercise.
a
phto instructor
Wait until the e
lic has saved and activated the configuration before
r a
continuing l
the e
next step.
r a vo ferab
e l c nthes access control by making calls between you and your partner. Remember to
3. Test
h a - t r a the calls.
capture
p
Ra non • Can you call your partner successfully or not, and why?
• Do you receive an error when placing a call, and what is the error code?
• Fill in your current access control findings in the following table.
Value of Value of
4. Student 2, 4, 6, and 8 only: Alter the addr-prefix value using the following data.
Parameter Value
addr-prefix 192.168.0.0/24

5. Test the access control again by making calls between you and your partner.
Remember to capture the calls.
• Can you call your partner successfully or not, and why?
• Do you receive an error when placing a call, and what is the error code?
• Can you receive a call or not, and why?
6. Student 2, 4, 6, and 8 only: Change the addr-prefix value back to its previous
value.
Parameter Value
addr-prefix 192.168.1.0/24
Do NOT save or activate the configuration. Your instructor will perform the s a
) h a
com
i l
a deฺ ฺ
t m
o GAgents ui
Step 3: Configuring the SIP Access Control to Allow only h Session
t you will
In this step, you will configure your SJphone as a sessiona v o@ e n
d the Net-Net SD
cragent S
agent first, and then
e l
configure the SIP access control so that only the session can tuaccess
for SIP processing.
p h a this
o (raand only
u s e
rav se to
Read the instructions carefully perform the tasks that you are
instructed to.
l c
p h ae licen
ra a session
1. Configure
o b leagent.
v
ra a.sfUse a
er the following data to configure the session agent. The configuration
l c
p h ae -tran element is session-agent. The ACLI path is session-
Ra non
router>session-agent.
Parameter Value
hostname Student#
ip-address 192.168.0.10#
realm-id peer#
b. Issue done to commit the configuration.
• What is the effect of configuring this session agent?

2. Configure SIP access control to allow session agents only.
Once again, there should be two realms and two SIP interfaces configured, one of
each is for the peer realm, and one of each is for the core realm. Ensure that you
know which realm and SIP interface to configure before proceeding.
Use the following data to configure the SIP access control on the appropriate realm
and SIP interface.
Parameter Value
allow-anonymous agents-only
Remember to issue done when you finish configuring an element to commit the
configuration.
s a
) h a
i l ฺ com
t m a deฺ
h o Gui
3. Test the access control again by making calls between v o @ enpartner.
you and your
t
Remember to capture the calls.
e l cra Stud
• Can you call your partner successfully p h aor not, and
t s
hiwhy?
( r a e
• Do you receive an error a v o t o us
cr nse
when placing a call, and what is the error code?
e l
a p ha a call
• Can you receive
l i corenot, and why?
o
•vFill
r current
in your a b leaccess control findings in the following table.
l c ra sfer
p h ae -tran allow-anonymous
Value of Value of
Allowed Access
Ra no n addr-prefix
Tell your instructor that you have completed this exercise. This scenario and
answers will be discussed in class as a group.

abbn1 lab 1 - physical network
diagram (PBRB)
student1
11.0.0.10
student2
ble
student3
physical:network
fe r a
192.168.0.101
interface name
ans
11.0.0.102
FW M00:0
SD n - t r
no 172.16.0.100
FW
s a
192.168.0.103
) h a physical:network
student4 0/0
a ฺ
il eฺ M10:0
m
ot Guid
student5 h
11.0.0.104
a v o@ dent
FW
e l cr Stu 1/0
student6
h a i s Backbone
192.168.0.105
( r ap se th
a v o to u
11.0.0.106elc
r se
a e n
student7
r a ph lic student8
vo
FW
c r a
a e l
a ph192.168.0.107 11.0.0.108
R
All PCs also connected wancom0
to sw at wancom0: 10.0.3.11
peer_x: 10.0.0.x
Copyright Acme Packet, Inc abbn1.6.j.ld - 0

abbn1 lab 1 - logical network
diagram student1 student4

:
Realm: access1
Local Policy: access1
ble
192.168.0.101 FW
FW 11.0.0.11
. Next hop 172.16.0.100
fe r a
Realm-id backbone
an s
1.1.1.1
n - t r
E-P-A
n o
s a
) h a
:
c o m
Realm: access2
a ฺ
il eฺ
11.0.0.102 FW 11.0.0.12.
Next hop 172.16.0.100 ot
m u id Realm: backbone
Realm-id backbone h
2.2.2.2
E-P-A
v o @ ent G
l c ra Stud 172.16.0.100.
p h ae this 172.16.0.10
. .
sip-port
registrar
o (ra use
rav se to Local Policy: access3
:
Realm: access3
l c
e . en
192.168.0.103 FW
FW
p h a
11.0.0.13
l i c Next hop 172.16.0.100
o r a Realm-id backbone
c r av3.3.3.3
E-P-A
ae l
p h
Ra :
Realm: access4
11.0.0.104 11.0.0.14
. Next hop 172.16.0.100
FW
Realm-id backbone
4.4.4.4
E-P-A


:
Realm: access5
ble
192.168.0.105 FW
FW 11.0.0.15
. Local Policy: access5
Next hop 172.16.0.100
fe r a
Realm-id backbone
an s
5.5.5.5
n - t r
E-P-A
n o
s a
) h a
:
c o m
Realm: access6
a ฺ
il eฺ
11.0..0.106 FW 11.0.0.16.
Next hop 172.16.0.100ho
Local Policy: access6 t m u id Realm: backbone
6.6.6.6
E-P-A
o @ ent G
Realm-id backbone
v
l c ra Stud 172.16.0.100.
p h ae this 172.16.0.10
. .
sip-port
registrar
o (ra use
rav se to Local Policy: access7
:
Realm: access7
l c
e . en
192.168.0.107 FW
p h a
11.0.0.17
l i c Next hop 172.16.0.100
o ra Realm-id backbone
c r av E-P-A
7.7.7.7
h a el
p
Ra :
Realm: access8
11.0.0.18
. Local Policy: access8
11.0.0.108 FW Next hop 172.16.0.100
8.8.8.8 Realm-id backbone
E-P-A

abbn1-LG
Configuring SIP in Access-Backbone Environment
(Single Net-Net SD)
Overview
In this lab, you will configure the necessary parameters for the Net-Net Session Director
(Net-Net SD) to operate in a SIP access-backbone environment with Hosted NAT
Traversal (HNT), using the Policy Based Realm Bridging (PBRB) model.
The first and most preferable model is the policy-based bridged realm approach, using
local policy statements to route traffic from realm to realm. This configuration does not
use the sip-nat object at all. This is the most efficient configuration for the Net-Net SD as
it eliminates the need for the Net-Net SD to parse each header, scrub it for sensitive data, s a
and encode cookies for subsequent decoding on the return path. As a side effect, the
) h a
com
configuration is considerably simpler – making it easier to implement and troubleshoot.
Use this model when: i
a deฺl ฺ
t m
o Gui
• The endpoints use domain-based Addresses of Record (AORs) h
@ entAORs sent by
• The softswitch infrastructure can accommodate the domain-based
v o
cra Stud
the endpoints.
e l
a set on
Refer to your student guide and documentation
p h t is laptop if you require any
hyour
assistance with ACLI command syntax.
( r a Use the e
s available lab diagrams for reference.
o
avperform u
to following tasks:
l c ryou e
h a e ens
By completing these labs, the
r
• Verifya pexisting
the
l e lic
configuration parameters
a o
•vConfigure
r a
theb PBRB model for SIP Access
l r
c • Observe
•
s
Observef edifferences when using Domain Names for user domains
a e n
tr•aCapture calls through the Net-Net SD and examine the output
the function of dialog-transparency
p h n -
Ra no
Table of Exercises:
Exercise 1: Configuring PBRB in Access-Backbone Environment ................................. 2
Copyright © 2011 Acme Packet, Inc. abbn1.6.j.lg-1

SIP Configuration in an Access Environment (Single Net-Net SD)
Exercise 1: Configuring PBRB in Access-Backbone Environment

In this exercise, you will configure the necessary parameters for the Net-Net Session Director
(Net-Net SD) to operate in a Policy-Based Realm Bridging model (PBRB) environment. You will
then monitor and test your configuration using the X-Lite application for making SIP calls through
the system.
For successful practice and desired results, this exercise requires that some of the student
workstations be behind the firewall as shown in the table below. The instructor will physically
connect the firewalls for your workstations.
Student PC # Behind Firewall Extension Number

Student 1 yes 7001
Student 2 no 7002
Student 3 yes 7003
s a
Student 4 no 7004
) h a
com
Student 5 yes 7005
Student 6
Student 7
no
yes
7006
7007 i l
a deฺ ฺ
Student 8 no t
7008 m
o Gui
@ h t details.
v o
See the lab diagrams illustrated at the end of the exercise for the lab n
environment
e
Step 1: Setting up the Lab Environment aelc
ra Stud
r a p h
e t his
( tasks
In this step, you will perform a few preparatory
o u s to set up the lab environment.
v o
If you are usinge l s e t workstation 2, 4, 6, and 8 that are not
crofathenstudent
behind the p a perform
one
hfirewall, l i ce the following tasks:
o r a b le
v
raClick the f a
er icon on the lower left corner of your desktop.
l c 1.
s START
h anthe
ae 3.2.-tClick
r
Click the Run… icon in the displayed window.
p
Ra non4. Highlight the not_behind_firewall entry.
drop down menu at Open.
5. Click OK.
a. A window should open and a batch file should run. The batch file changes the
media network address from the 192.168.0.0/24 network to the 11.0.0.0/24
network.
b. Once the window has closed, examine the IP address for media displayed on
the lower right corner of your desktop. It should be an address on the
11.0.0.0/24 network. If not, please ask the instructor for help.
If you are using one of the Student workstation 1, 3, 5, and 7 that are behind
the firewall, perform the following tasks:
Check the media addressing information in the lower right hand corner of your desktop. It
should indicate that you are in the 192.168.0.0/24 network. If not, perform the following tasks:
1. Click the START icon on the lower left corner of your desktop.
2. Click the Run… icon in the displayed window.
3. Click the drop down menu at Open.
abbn1.6.j.lg-2 Copyright © 2011 Acme Packet, Inc.

4. Highlight the behind_firewall entry.

5. Click OK.
a. A window should open and a batch file will run. The batch file changes the
network.
Step 2: Examining the Physical and Network Interfaces

In this step, you will examine the physical and network interfaces defined in the existing
configuration.
Do not change the existing configuration parameters unless you are told to
s a
do so by your instructor. You build your configuration on these parameters
) h a
com
throughout this lab. Changing them may cause configuration errors.
i l
a deฺฺ
t m
o Glocated
1. Use the appropriate show command to examine the physical interfaces ui in slot
0/port 0 and slot1/port0. h
@ ent
v o
l
• What are the names of the physical interfaces?
e cra Stud
• What are the duplex-modes anda p hafor these
t s
hiinterfaces?
o ( r speeds
e
us what network interface the
2. Use the appropriate show a v
r named
command t o
to determine
a
pre-configured homee l crealm
e n se backbone is bound to. Remember that the home
ph theleNet-Net
realm is where
r a lic SD’s SIP daemon (sipd) lives.
r a o network
•vWhich
f e r abinterface is the home realm associated with?
a e l c •aWhat n s
p h n - t r is the address prefix associated with the home realm?
Ra no • What does the address prefix associated with the home realm indicate?
In the next steps, you configure the realm for your access network. Refer to
the lab diagrams, student guide, and the documentation set on your
workstation desktop.
Step 3: Configuring an Access Realm

In this step, you will create an access realm using the following data. The backbone realm is
already configured.
Parameter Value
identifier access# (# is your student number)
addr-prefix 0.0.0.0
The configuration element is realm-config. The ACLI path is

media-manager > realm-config.

Remember to issue done to commit the changes, and examine the changes to ensure
they are correct.
Step 4: Configuring a SIP Interface for the Access Realm

In this step, you will configure a SIP interface for the access realm. The SIP interface for the
backbone realm is already configured.
1. Configure the SIP interface using the following data.
Parameter Value
realm-id access# (# is your student number)
nat-traversal always
registration-caching enabled
The configuration element is sip-interface. The ACLI path is session- s a

router>sip-interface.
) h a
2. Configure the SIP port using the following data. i l ฺ com
t m a deฺ
Parameter Value h o Gui
address
o @ number)
11.0.0.1# (# is your student
v e n t
The configuration element is sip-port. The e l crapath S
ACLI tud
is session-router>sip-
interface>sip-port.
p h a this
o ra use
(should
Your SIP interface and SIPvport
r a t o look like this:
a e lc nse
a p hstate lice
sip-interface
enabled
o r b l e
realm-id access#
v a
ra sfer sip-port
description
l c
p h ae -tran address 11.0.0.1#
Ra no n port 5060
transport-protocol UDP
tls-profile
allow-anonymous all
carriers
....
nat-traversal always
....
registration-catching enabled
....
last-modified-by admin@console
3. Issue done to commit the SIP port and SIP interface configurations.
4. View the SIP interfaces in the configuration. You should have a SIP interface for your
access realm.
• How does the Net-Net SD function with registration caching enabled?

• For what endpoint do you have to enable registration caching for the Net-Net SD to
support it, NATed or non-NATed endpoints?
• How does the Net-Net SD function with nat-traversal set to always?
• Is registration caching enabled for the backbone realm by default?

• What is the value of nat-traversal?
Step 5: Configuring a Local Policy for the Access Realm

1. Configure a local policy for your access realm, using the following data.
Parameter Value
s a
from-address
to-address
* (a wild card)
* (a wild card) ) h a
source-realm access# (# is your student number)
i l ฺ com
The configuration element is local-policy. The ACLI path is tm
a deฺ
session-router> local-policy. h o Gui
v o @ entdata.
cra Stud
2. Configure the policy attributes for the local policy, using the following
e l
a thValue
Parameter
p h is
next-hop
r a
172.16.0.100
( backbone e
realm
a v o t o us
The configuratione l cr isnpolicy-attributes.
se
local-policy h a
p le li
element
c
element. eThe ACLI path is
It is a sub-element of the
session-router>local-
r a
vo ferab
policy>policy-attributes.
r a
a e l c SD n s
172.16.0.100
a
is the IP address of Asterisk in the backbone realm. So the Net-Net
p h n - r
tdiagram for a depiction
is configured to use Asterisk as the next hop to route signaling to. Refer to the lab
Ra no of the configured local policies.
3. Issue done to save the policy-attributes and local-policy configurations.
4. Examine the local policy to ensure that it is configured correctly.
Step 6: Configuring a Steering Pool for the Access Realm

In this step, you will create a steering pool for the access realm using the following data.
Parameter Value
realm-id access#
start-port 20000
end-port 29999
The configuration element is steering-pool. The ACLI path is

media-manager > steering-pool.

Remember to issue done to commit the changes, and examine the changes to ensure
they are correct.
Step 7: Examining the Media Manager and Registrar Location

You only need to enable latching when configuring the media manager. Accept the default
values for the rest of the parameters in the media-manager element.
1. Examine the latching parameter configured in the media-manager element.
• Is media latching enabled or disabled?
• If your student workstation is behind the firewall, do you have to enable media
latching for the Net-Net SD to support it?
• If your student workstation is not behind the firewall, do you have to enable media s a
latching for the Net-Net SD to support it? ) h a
i l ฺ com
2. Examine the registrar’s domain, address, and port and fill in the following table. They
are configured the sip-config element.
t m a deฺ
h o Gui
Parameter o
Value
v @ ent
registrar-domain
registrar-host e l cra Stud
registrar-port
p h a this
o (theraAsterisk
u s e on the instructor’s workstation.
rav se to
The registrar used in the lab is running
l
e thec
Step 8: Verifying andaSaving
p h l i c en Configuration
o a ble and ensure there are no referential errors.
rconfiguration,
av sfera
Verify the
c r
h a el trWaita nuntil your instructor saves and activates the configuration before
a p o n - proceeding to the next step.

R n
Step 9: Testing your PBRB Configuration
In this step, you will use X-Lite to place calls and use Wireshark to capture calls as you did in
some of the previous exercises.
1. Start and configure the X-Lite phone.
a. Click the X-Lite icon ( ) on your desktop to start the X-Lite application.
The X-Lite phone GUI should appear.
b. Verify the X-lite options are set correctly by right-clicking on the phone’s
display and selecting SIP Account Settings.
c. In the window that appears, click the Properties button and review the
following parameters:
• Under the account tab, ensure that

o The user name is set to 700# (where # is your student number).

o The register with domain and receive incoming

calls checkbox is checked.
o Under Send outbound via, the proxy button is checked and the
value is set to the ip-address of your access realm’s SIP interface.
Refer to your lab diagrams for the correct addresses.
• Under the Topology tab, ensure that

o The Manually Specify Range checkbox is checked, and the
port number range is set from 5060 to 5061.
All other parameters can be left at their default values.
Do NOT change the values in the X-Lite profiles unless

you are asked to do so.
s a
2. Verify that your phone registers properly.
) h a
a. Issue the command show sipd endpoint-ip 700#, where # is your
i l ฺ com
student number.
t m a deฺ
h o cache? i
uWhy
• Is your endpoint registered in the Net-Net SD registration
@ ent G do
you think this information is necessary? vo
e l cra Stud
b. Issue the command show a p haendpoint-ip
t his 700#, where # is another
o
student’s phone number. r sipd
e
( If your phone
us number is even, refer to one that is
a v t o
e l cr nse
odd, and vice-versa.)
a p hais the ldifference

• What
i ce between even and odd numbered registrations, and
o r why?
b le
v
ra sfer a
l c
h r anthe live capture in Wireshark.
ae 3.-tStart
p
b. Ensure to capture on the media interface as specified below:
• If your workstation is behind the firewall, capture on the media interface of

the 192.168.0.0 network.
• If your workstation is not behind the firewall, capture on the media interface
of the 11.0.0.0 network.
4. Place a call to one of the following extensions: 600, 411, or 911. Then hang up.
Your call should be successful. Check your configuration if you cannot place a call to
these numbers. If you cannot resolve the issues, ask the instructor for help.
5. Stop the live capture in Wireshark when the call is complete.
6. Examine the call capture. This capture should contain the SIP messages captured at
the access side.
7. Save the capture in a file named as abbn#A on the desktop of your student

Step 10: Let’s Call Each Other

Once both you and your partner have successfully completed all previous steps, you should
be able to call each other using each of your extension number as you did in some previous
exercises. This should give you a more realistic experience than calling 600, etc.
1. Ask your partner to call you. Remember to capture the call received from your partner
with Wireshark.
Your calls should be successful. Check your configuration if the calls fail. If you cannot
2. Examine the call capture. Focus on the SIP URI in the From, To fields of the INVITE
message.
• What addressing do you see in the FROM and TO header fields? s a

) h a
com
• Do any other addressing from the originating network leak through?
i l
a deฺ ฺ
t m
3. Save the capture in a file named as abbn#B on the desktop of your student
o Gui
h
@ ent
v o
cra Stud
Step 11: Configuring Access Control
e l
a using
1. Configure access control for the accesshrealm
p t s following data.
hithe
( r a e
Parameter
v o t o us Value
allow-anonymous ra
a e lc nse registered
a p h element
The configuration l i ceis sip-port. The ACLI path is session-router>sip-
o r b le
interface>sip-ports.
v
ra done f a
erto commit the changes.
l c s
ae -tran
2. Issue
p h
Ra non • What is the significance of changing the allow-anonymous setting?
• What effect should this change have on your ability to place calls?
Wait until your instructor saves and activates the configuration before
proceeding to the next step.
Step 12: Testing the Access Control

1. Verify the X-lite options are set correctly.
a. Right-clicking on the phone’s display and selecting SIP Account

Settings.
b. In the window that appears, click the Properties button and review the



calls checkbox is un-checked.
o Under Send outbound via, the proxy button is checked and
the value is set to the ip-address of your access realm’s SIP
interface. Refer to your lab diagrams for the correct addresses.
2. Place a call to the number 600 (the RTP Echo extension), and the number 999 (the
music on hold extension).
• Were the calls successful?
• If not, what error message was returned to your X-Lite?
• If you received an error message, explain why you received it, and where it was s a
generated.
) h a
Step 13: Using IP Addressing on your Endpoints i l ฺ com
t m a deฺ
In this step, you will re-register X-Lite to use IP address-based AORs, h o theGsame
place ui calls
as earlier in this lab, and observe the differences in messaging. @
v o e n t
1. On X-Lite, recheck the register with domain e l craand Sreceive
tud incoming
calls checkbox.
p h a this
o (rait registers
u s ewith the registrar.
rav se to
2. Restart your X-Lite and ensure that
l c
3. Start Wiresharkatoetrace the call.
p h l i c en
o
4. Ask yourrapartnerbtolecall you. Remember to capture the call in Wireshark.
r v fera
aExamine
e l c 5. n s the FROM and TO header fields on the access side.
a r a
a ph on-t • Do any of the originating Network addressing leak from the backbone side to the
R n access side in the FROM and TO header fields?
• Does the CALL-ID header contain a leaked IP address?
6. Save the call capture in a file named as IP#.
Tell your instructor that you have completed this exercise. This scenario will
be discussed in class as a group.

s a
) h a
i l ฺ com
t m a deฺ
h o Gui
v o @ ent
e l cra Stud
p h a this
o (ra use
l c rav se to
p h ae licen
o ra ble
c r av sfera
h a el tran
p -
Ra non

abbn2 lab - physical network
diagram (SSNHTN)
student1
11.0.0.10
student2
ble
student3
physical:network
fe r a
11.0.0.101
interface name
ans
192.168.0.102 M00:0
SD n - t r
FW no 172.16.0.100
s a
11.0.0.103
student4 0/0
FW a ฺ
il eฺ M10:0
m
ot Guid
student5 h
192.168.0.104
a v o@ dent
e l cr Stu 1/0
student6
h a i s Backbone
ap se th
11.0.0.105 FW
( r
o to u
a v
192.168.0.106 elcr se
h a c e n FW
student7
ra p l i student8
av o
c r
h a el
11.0.0.107
p
Ra
192.168.0.108
All PCs also connected wancom0

to sw at wancom0: 10.0.3.11
peer_x: 10.0.0.x


:
Local Policy: access1 -> backbone
Realm: access1
Next hop: 172.16.0.100
ble
11.0..0.101 FW 11.0.0.11
.
fe r a
1.1.1.1
E-A 172.16.0.11 SIP-NAT 172.16.0.100
an s
E-P-A
access1 H-A
access1 H-P-A
n - t r
Registration cache
no
s a
) h a
:
c o m
Realm: access2
Next hop: 172.16.0.100 ai
Local Policy: access2 -> backbone
l ฺ ฺ
11.0.0.12.
t m i d e
ho t Gu
192.168.0.102 FW
E-A
2.2.2.2
172.16.0.12 SIP-NAT
Access2 H-A
v @
o Access2e nH-P-A
172.16.0.100
E-P-A r a
lc cache
Registration tu d 172.16.0.100.
a e i s S 172.16.0.10 registrar
p h t h
. .
sip-port
o (ra use
rav Local o access3 -> backbone
:
Realm: access3
l c e tPolicy:
h a e . ens
11.0.0.13 Next hop: 172.16.0.100
11.0..0.103 FW
3.3.3.3ap
E-A c
li 172.16.0.13 SIP-NAT
o r 172.16.0.100
ra v E-P-A Access3 H-A

Access3 H-P-A
e l c Registration cache
a pha
R :
Realm: access4 Local Policy: access4-> backbone
11.0.0.14
. Next hop: 172.16.0.100
192.168.0.104 FW
FW
E-A
172.16.0.14 SIP-NAT 172.16.0.100
4.4.4.4 access4 H-A
Access4 H-P-A
E-P-A
Registration cache


:
ble
11.0.0.105 FW 11.0.0.15
.
Next hop: 172.16.0.100
fe r a
5.5.5.5
E-A
172.16.0.15 SIP-NAT
an s
E-P-A access5 H-A
172.16.0.100
access5 H-P-A
n - t r
Registration cache
n o
s a
) h a
:
Local Policy: access6-> backbone
c o m
Realm: access6
Next hop: 172.16.0.100
a ฺ
il eฺ
192.168.0.106 FW 11.0.0.16.
o t m id
172.16.0.100Gu
Realm: backbone
E-A 172.16.0.16 SIP-NAT
h t
6.6.6.6
access6 H-A
a v o@access6
d e nH-P-A
E-P-A
e l cr Stu
Registration cache 172.16.0.100.
p h a this 172.16.0.10
. .
sip-port
registrar
o (ra use
rav Local to Next
:
Realm: access7 Policy: access7-> backbone
e l c n s e hop: 172.16.0.100
11.0.0.107 FW a
11.0.0.17
.
e
h E--A lic 172.16.0.17 SIP-NAT
7.7.7.7ap
o r access7 H-A
172.16.0.100
av
E-P-A access7 H-P-A
l c r Registration cache
p h ae
Ra :
Next hop: 172.16.0.100
192.168.0.108 FW 11.0.0.18
.
FW
E-A
172.16.0.18 SIP-NAT 172.16.0.100
8.8.8.8 access8 H-A
access8 H-P-A
E-P-A
Registration cache

abbn2-LG
Configuring SIP in Access-Backbone Environment
(Single Net-Net SD)
Overview
In this lab, you will configure the necessary parameters for the Net-Net Session Director
(Net-Net SD) to operate in a SIP access environment with Hosted NAT Traversal (HNT),
using the Single SIP-NAT, Homed in a Trusted Network model (SSNHTN). You would
typically use this solution when the endpoints do not use Domain Name (DN) based
addresses of record (AORs) and Network Address Translation (NAT) is required at Layer
5. This solution is also viable when you need to perform HNT within multiple access
Networks.
s a
You will first verify the existing configuration to gather information necessary to complete ha
m )
the lab. You will then configure SIP-NATs according to the lab specification, monitor,
o and
test your configuration using the X-Lite application for making SIP calls through
a ilฺcthe eNet- ฺ
Net SD.
t m i d
Refer to your student guide and documentation set on your laptop
@ hoif you tforget
G uany of the
command syntax. Make sure you have your lab diagrams
a d n
vofor reference.
e
r
lc tasks: Stu
By completing this lab you will perform the following
a e is
• Configure a Single SIP NAT Homed r a phin a Trusted
• Verify the existing configuration parameters
e t hNetwork
backbone architecture vo
( u s for a SIP access-
• Capture calls throughc rathe Net-Net

e o and examine the output
tSD
a l
e ens
a h
pConfiguring
Table of Exercises: laicSingle SIP-NAT for SSNHTN Model ...................................... 2
r l e
r a vo ferab
Exercise 1:
a e l c ans
p h n - tr
Ra no

SIP Configuration in an Access-Backbone Environment (Single Net-Net SD)
Exercise 1: Configuring a Single SIP-NAT for SSNHTN Model

In this exercise, you will configure a single SIP-NAT homed in a trusted network in an access-
backbone environment. You will build your configuration based on the existing configuration. The
configuration element that you will add is SIP-NAT. SIP-NAT will be used only for topology hiding
in this exercise. Local policy is used for routing.
For successful practice and desired results, this exercise requires that some of the student
workstations be behind the firewall as shown in the table below. The instructor will physically
connect the firewalls for your workstations.
Student PC # Behind Firewall Extension Number

Student 1 no 7001
Student 2 yes 7002
Student 3 no 7003
s a
Student 4 yes 7004
) h a
com
Student 5 no 7005
Student 6
Student 7
yes
no
7006
7007 i l
a deฺ ฺ
Student 8 yes t m
o Gui
7008
@ h t details.
v o
See the lab diagrams illustrated at the end of the exercise for the lab n
environment
e
Step 1: Setting up the Lab Environment aelc
ra Stud
r a p h
e t his
( tasks
In this step, you will perform a few preparatory
o u s to set up the lab environment.
v o
If you are usinge l s e t workstation 1, 3, 5, and 7 that are not
crofathenstudent
behind the p a perform
one
hfirewall, l i ce the following tasks:
o r a b le
v
raClick the f a
er icon on the lower left corner of your desktop.
l c 1.
s START
h anthe
ae 3.2.-tClick
r
Click the Run… icon in the displayed window.
p
Ra non4. Highlight the not_behind_firewall entry.
drop down menu at Open.
5. Click OK.
a. A window should open and a batch file should run. The batch file changes the
network.
If you are using one of the Student workstation 2, 4, 6, and 8 that are behind
the firewall, perform the following tasks:
1. Click the START icon on the lower left corner of your desktop.
2. Click the Run… icon in the displayed window.
3. Click the drop down menu at Open.
4. Highlight the behind_firewall entry.
5. Click OK.

a. A window should open and a batch file will run. The batch file changes the
network.

In this step, you will examine the physical and network interfaces, the home realm, and local
policies defined in the existing configuration.
Do not change the existing configuration parameters unless you are told to
do so by your instructor. You build your configuration on these parameters
throughout this lab. Changing them may cause configuration errors.
s a
) h a
com
1. Use the appropriate show command to examine the physical interfaces located in slot
0/port 0 and slot1/port0.
i l
a deฺ ฺ
• What are the names of the physical interfaces? t
o Guim
h
@ ent
• What are the duplex-modes and speeds for these v o
cra Stud
interfaces?
e l
pre-configured home realm nameda p ha istbound
2. Use the appropriate show command to determine
h is to.network
what interface the
realm is where the Net-Net SD’so r daemon

(SIP
backbone
u s e(sipd) lives. Remember that the home
l c r av e to
• Which networke
a s home realm associated with?
interface isnthe
e
a h c
p le liprefix associated with the home realm?
• Whatr
vo ferab
is the address
r a
a e l c •aWhatn sdoes the address prefix associated with the home realm indicate?
r
ph on3.-tUse the appropriate show command to examine the home realm configuration.
R a n
• Which realm is specified as the home realm?
• What is the NAT mode specified for the home realm?
4. Use the appropriate show command to examine the local policy configured for your
access realm.
• What is the function of the local policy configured your access realm?
In the next steps, you configure SIP-NAT for your access network. Refer to
the lab diagrams, student guide, and the documentation set on your
workstation desktop.

Step 3: Configuring SIP-NAT for the Access Realm

In this step, you will configure a SIP-NAT for your access realm. Use the lab diagrams
illustrated at the end of the exercise for detailed addressing information.
1. Configure the SIP-NAT using the following data.

Parameter Value
realm-id access#
domain-suffix .access#.acme.com
ext-proxy-address #.#.#.#
ext-address 11.0.0.1#
ext-proxy-port 5060
home-address 172.16.0.1#
home-proxy-address 172.16.0.100 s a
home-proxy-port 5060
) h a
com
route-home-proxy enabled
user-nat-tag -access#-
i l
a deฺ ฺ
host-nat-tag ACCESS#-
t m
o Gui
The configuration element is sip-nat. The ACLI path is@
h t
v o n
session-router>
e
l c ra asSittdefaults
sip-nat. Note that the value in the ext-proxy-address
u d to 0.is a dummy
parameter
value. Ensure that home-proxy-port is set
h a e is
to 5060,
( r p examine
aand e ththe changes to ensure they are
o to us
2. Issue done to commit the changes,
correct.
a v
e l crof thenSIP-NAT
se that you just configured?
a
• What is the function
ph le lic e
r
o and
Step 4: Verifying
a bSaving the Configuration
a v r a
r thesconfiguration,
fe
e l cVerify n
h a - t r a and ensure there are no referential errors.
p
Ra non Wait until your instructor saves and activates the configuration before
Step 5: Testing your SSNHTN Configuration

In this step, you will use X-Lite to place calls and use Wireshark to capture calls as you did in
some of the previous exercises.
1. Start and configure the X-Lite phone.
a. Click the X-Lite icon ( ) on your desktop to start the X-Lite application.
The X-Lite phone GUI should appear.
b. Verify the X-lite options are set correctly by right-clicking on the phone’s
display and selecting SIP Account Settings.
c. In the window that appears, click the Properties button and review the


calls checkbox is checked.
o Under Send outbound via, the proxy button is checked and the
value is set to the ip-address of your access realm’s SIP interface.

Refer to your lab diagrams for the correct addresses.
• Under the Topology tab, ensure that

o The Manually Specify Range checkbox is checked, and the
port number range is set from 5060 to 5061.
Do NOT change the values in the X-Lite profiles unless

s a
you are asked to do so.
) h a
2. Verify that your phone registers properly.
i l ฺ com
t m a deฺ
a. Issue the command show sipd endpoint-ip 700#,
h o Gwhere i
# isuyour
student number.
v o @ ent
l cra SDSregistration
• Is your endpoint registered in the Net-Net
e tud cache? Why do
h a this
you think this information is necessary?
p
b. Issue the command o (rasipduendpoint-ip
s e 700#, where # is another
a v show
t o
student’s phone
odd, and e l cr nse
number. If your phone number is even, refer to one that is
ha lice
vice-versa.)
a p
r • Whatbislethe difference between even and odd numbered registrations, and
v o
a sfewhy? ra
c r
h a el 3. tStart
r anthe live capture in Wireshark.
p -
b. Ensure to capture on the media interface as specified below:
• If your workstation is behind the firewall, capture on the media interface of

the 192.168.0.0 network.
• If your workstation is not behind the firewall, capture on the media interface
of the 11.0.0.0 network.
4. Ask your partner to call you. You should receive the call successfully.
5. Stop the live capture in Wireshark when the call is complete.
6. Examine the call flow and address information in the call capture.
7. Save the capture in a file named as ssnhtn# on the desktop of your student

Step 6: Modifying Access Control

1. Modify the access control for the access realm using the following data.
Parameter Value
allow-anonymous registered
The configuration element is sip-interface. The ACLI path is session-

router>sip-interface.
2. Issue done to commit the change.
• What is the significance of changing the allow-anonymous setting?
• What effect should this change have on your ability to place calls?
s a
) h a
Wait until your instructor saves and activates the configuration before
i l ฺ com
t m a deฺ
h o Gui
Step 7: Testing the Access Control
v o @ ent
1. Verify the X-lite options are set correctly.
e l cra Stud
p h a this
( r
a. Right-clicking on the phone’s a seand selecting SIP Account
display
Settings.
r a vo to u
a e
b. In the window
e n se click the Properties button and review the
lcthat appears,
r a ph parameters:
following
l e lic
r a vo f•eUnder r abthe account tab, ensure that
a e l c ans o The user name is set to 700# (where # is your student number).
p h n - t r o The register with domain and receive incoming
R a n o calls checkbox is un-checked.
o Under Send outbound via, the proxy button is checked and
the value is set to the ip-address of your access realm’s SIP
interface. Refer to your lab diagrams for the correct addresses.
2. Place a call to the number 600 (the RTP Echo extension), and the number 999 (the
music on hold extension).
• Were the calls successful? If not, what error message was returned to X-Lite?
• Explain why you received or did not receive an error message, and where the error
message was generated.
• If the call was not successful, how do you make it successful again?
Tell your instructor that you have completed this exercise. This scenario will
be discussed in class as a group.

peer lab – physical network map
192.168.0.100
student2 student1
ble
physical:network
fe r a
interface name
ans
M00:0
SD n - t r
student3
no 172.16.0.10
s a
) ha physical:network
0/0
student4 a ฺ
il eฺ M10:0
m
ot Guid
h
a v o@ dent
student5
e l cr Stu 1/0
h a i s core
a v o to u
a e lcr nse
a p h l i cestudent8
r
student7
o
ra v
l c
p hae
Ra
All PCs also connected
to hub going to wancom0: wancom0
studentx: 10.0.3.x 10.0.3.11

bl e
fe r a
an s
n - t r
Realm ID: peer1 home realm : acme
a no ID: core1
Realm
sipd 127.255.255.254
ha s
192.168.0.101 192.168.0.11. 127.0.0.11 127.0.0.21
m )
172.16.0.11 172.16.0.100
E-P-A E-A peer1 H-A peer1 H-P-A
ฺ c o E-A E-P-A
core1 H-P-A
il eฺ
core1 H-A
a
m
ot Guid
Realm ID: peer2 h
o@peer2 nt
Realm ID: core2
127.0.0.12
a v e
127.0.0.22
d
192.168.0.102 192.168.0.12 peer2 H-A
core2 H-P-A
e l cr Stucore2 H-A
H-P-A
172.16.0.12 172.16.0.100
E-P-A E-A
p h a this E-A E-P-A
o (ra use
Realm ID: peer3
l c rav se to Realm ID: core3
h a e en 127.0.0.13
E-Alic
192.168.0.103 127.0.0.23
E-P-A
r a p 192.168.0.13
peer3 H-A peer3 H-P-A 172.16.0.13 172.16.0.100
v o core3 H-P-A core3 H-A E-A E-P-A
l cra
Realm ID: core4
a
R 192.168.0.104 192.168.0.14
127.0.0.14
peer4 H-A
127.0.0.24
peer4 H-P-A
E-P-A E-A core4 H-P-A core4 H-A 172.16.0.14 172.16.0.100
E-A E-P-A

bl e
fe r a
an s
n - t r
Realm ID: peer5 home realm : acme
a no ID: core5
Realm
sipd 127.255.255.254
ha s
192.168.0.105 192.168.0.15 127.0.0.15 127.0.0.25
m )
172.16.0.15 172.16.0.100
E-P-A E-A peer5 H-A peer5 H-P-A
ฺ c o E-A E-P-A
core5 H-P-A
il eฺ
core5 H-A
a
m
ot Guid
Realm ID: peer6 h
o@peer6 nt
Realm ID: core6
127.0.0.16
a v e
127.0.0.26
d
192.168.0.106 192.168.0.16 peer6 H-A
core6 H-P-A
e l cr Stucore6 H-A
H-P-A
172.16.0.16 172.16.0.100
E-P-A E-A
p h a this E-A E-P-A
o (ra use
Realm ID: peer7
l c rav se to Realm ID: core7
h a e en 127.0.0.17
E-Alic
192.168.0.107 127.0.0.27
E-P-A
r a p 192.168.0.17
peer7 H-A peer7 H-P-A 172.16.0.17 172.16.0.100
v o core7 H-P-A core7 H-A E-A E-P-A
l cra
Realm ID: core8
a
R 192.168.0.108 192.168.0.18
127.0.0.18
peer8 H-A
127.0.0.28
peer8 H-P-A
E-P-A E-A core8 H-P-A core8 H-A 172.16.0.18 172.16.0.100
E-A E-P-A

Notes
ble
fe r a
ans
n - t r
no
s a
) ha
c o m
a ฺ
il eฺ
m
ot Guid
h
a v o@ dent
e l cr Stu
p h a this
o (ra use
l c rav se to
h a e en
rap lic
avo
l c r
a e
Raph

peer2-LG
SIP-NAT Configuration in a Peering Environment
(Single Net-Net SD)
Overview
In this lab exercise you configure SIP-NAT bridging for the Net-Net Session Director (Net-
Net SD) to operate in a SIP peering environment. You first verify the existing
configuration to gather information necessary for completing the lab. You will then
configure SIP-NATs to configure a SIP-NAT Bridge. Next you will monitor and test your
configuration using the SJphone application for making SIP calls through the Net-Net SD.
Refer to your student guide, lab diagrams and the documentation set on your workstation
desktop if you forget any of the command syntax.
s a
By completing this lab you will perform the following tasks:
) h a
• Configure a SIP-NAT bridge for a SIP peering architecture i l ฺ com
• Capture calls through the Net-Net SD and examine the output
t m a deฺ
h o Gui
Table of Exercises:
v o @ ent
l c ra Stud
Exercise 1: Configuring a SIP-NAT Bridge ...................................................................... 2
h a e is
( r ap se th
r a vo to u
a e lc nse
a p h l i ce
o r b le
v
ra sfer a
l c
p h ae -tran
Ra non

SIP-NAT Configuration in a Peering Environment (Single Net-Net SD)
Exercise 1: Configuring a SIP-NAT Bridge

In this exercise you will configure a SIP-NAT bridge for each of your realms. You will add new
elements and modify some existing elements in the existing configuration for SIP-NAT bridging.
Do not change any of the existing configuration parameters unless you are
instructed to do so. You will build on these parameters throughout this lab.
Changing them may cause configuration errors.

1. Launch PuTTY/Tutty to telnet to your assigned Net-Net SD. Ensure that you are on
your assigned Net-Net SD.
2. Use the show command to view the existing configuration, and fill the information
s a
stated in the table below.
) h a
• Fill in the information about the physical interfaces.
i l ฺ com
t m a deฺ
Physical interfaces in the name,slot,port
h o Gui
name,slot,port
existing configuration
v o @ ent
e l
• Fill in the information about the home realm. cra Stud
p h a this
o (ra use home-realm-id
rav se to
Name
l c
Nat Mode hae n nat-mode
p le lic e
o r a b address,port
v
SIP
a
interface the
er to
rarealmsisfbound
home
l c
h an interface the
ae -trNetwork identifier,addr-prefix
p
Ra non home realm is bound to
• The home realm is bound to a network interface. What physical interface does this
network interface bound to?
• What does the address prefix of the home realm indicate?
Step 2: Configuring a Peer Realm

1. Use the following data to configure the peer realm.
Parameter Value
identifier peer# (# is your student number)
addr-prefix 0.0.0.0
The configuration element is realm-config. The ACLI path is media-manager >

realm-config.
If you are not sure how to configure a peer realm, review the following commands (# is

training(realm-config)# identifier peer#

training(realm-config)# network-interfaces M00:0
training(realm-config)# addr-prefix 0.0.0.0
2. Issue done when finishing configuring the realm-config element.

• What does the value of addr-prefix 0.0.0.0 indicate?
Step 3: Configuring a Core Realm

1. Follow the same procedure as in the previous step to configure a core realm in the
realm-config element, using the following data.
Parameter Value
identifier core# (# is your student number)
s a
network-interfaces
addr-prefix
M10:0
0.0.0.0
) h a
i l ฺ
2. View your realm configuration. Ensure that you have configured two realms: peer#com
t m a deฺ
o Gui
and core# (# is your student number).
h t in the lab.
@will doesonlater
Do NOT save or activate your configuration. The instructor
v
a tudo
Step 4: Configuring a SIP Interface for the Peer e l crRealm S
h a
p realmeusing h i s
t the following data.
(
1. Configure the SIP interface for ther apeer s
The configuration elementv o to u The ACLI path is
ra is sip-interface.
session-router l>csip-interface.
se
a e e n
r a ph le lic
Parameter Value
a v o rab
realm-id peer# (# is your student number)
e l cr The nrestsfofethe parameters of this element will use the default values.
p h a
n - tra
Ra no If you are not sure how to configure the SIP interface, review the following command
training(sip-interface)# realm-id peer#
2. Configure a SIP port for the SIP interface using the following data.
The configuration element is sip-port, a sub-element of sip-interface. The
ACLI path is session-router>sip-interface>sip-ports.
Parameter Value
The rest of the parameters of this element will use the default values.
If you are not sure how to configure the SIP port, review the following commands (# is
your student number):
training(sip-interface)# sip-ports
training(sip-port)# address 192.168.0.1#

3. Issue done to commit the sip-ports configuration when finishing configuring the
sip-port sub-element, and return to the sip-interface element.
4. Issue done again to commit the sip-interface configuration.

Step 5: Configuring a SIP Interface for the Core Realm

Use the same procedure as in the previous step to configure a SIP interface and SIP port
for the core realm.
• Use the following data for the SIP interface:
Parameter Value
realm-id core# (# is your student number)
• Use the following data for the SIP port of the SIP interface: s a
) h a
Parameter Value
i l ฺ com
t m a deฺ
Step 6: Configuring a SIP-NAT for the Peer Realm h o Gui
v o @ ent
e l crtoaunderstand
In this step, you will configure a SIP-NAT in the peer realm.
S tudthe supports
The SIP-NAT routing
addressing. p h a this
and address translation. Take a look at the lab diagram SIP-NAT
a se
(rrealm
a
1. Configure a SIP-NAT for the o
vis sip-nat.
peer
t o u the following data.
using
l r
c nse
The configuration element The ACLI path is session-router>
sip-nat. e
ha lice
a p
r Parameter le
a v o r a b Value
l c r realm-id
s f e (# is your student number)
n
ae -tradomain-suffix peer#
a p h n .peer#.acme.com
R n o route-home-proxy enabled
ext-proxy-address 192.168.0.10#
home-proxy-address 127.0.0.2#
user-nat-tag -peer#-
host-nat-tag PEER#-
2. Issue done to commit the sip-nat configuration.
Step 7: Configuring a SIP-NAT for the Core Realm

In this step, you will configure a SIP-NAT in the peer realm. The SIP-NAT supports routing
and address translation. Take a look at the lab diagram to understand the SIP-NAT
addressing.
1. Configure a SIP-NAT for the core realm using the following data.
The configuration element is sip-nat. The ACLI path is session-router>
sip-nat.

Parameter Value
realm-id core#
domain-suffix .core#.acme.com
route-home-proxy enabled
ext-proxy-address 172.16.0.100
home-proxy-address 127.0.0.1#
user-nat-tag -core#-
host-nat-tag CORE#-
2. Issue done to commit the sip-nat configuration.

s a
3. View the SIP-NATs. You should have two of them in the configuration, one for the
) h a
peer realm, and one for the core realm.
o m
a ilฺc eฺ
tm uid
training(sip-nap)# select
<realm-id>:
h o
1: peer# H=127.0.0.1# E=192.168.0.1# P=192.168.0.10#
2: core# H=127.0.0.2# E=172.16.0.1# vo
@ ent G
cra Stud
P=172.16.0.100
e l
a this
selection:
p h
(ra use
training(sip-nat)#
4. Verify the configuration.av o to

l c r s e
Do NOT savehor a e enconfiguration.
a p l i c
activate your The instructor will do so later in the lab.
o r abSteering
le
r a v
Step 8: Configuring
f e r a Pool for the Peer Realm
a e l c1. Configure
a n s the steering pool for the peer realm using the following data. The rest of the
r
ph on-tparameters of the element use the default values.
R a n
Parameter Value
ip-address 192.168.0.1#
realm-id peer#
start-port 20000
end-port 29999
The configuration element is steering-pool. The ACLI path is

media-manager > steering-pool.
2. Issue done to commit the steering-pool configuration when finishing configuring

the steering pool.

Step 9: Configuring a Steering Pool for the Core Realm

1. Follow the same procedure as in the previous step to configure the steering pool for
the core realm using the following data.
Parameter Value

realm-id core#
start-port 30000
end-port 39999
2. View the steering pool configuration. There should be two steering pools in the
configuration.
Wait until your instructor save and activate the configuration before
s a
) h a
com
Tell your instructor that you have completed portion of the exercise.
i l
a deฺ ฺ
Step 10: Testing the SIP-NAT Configuration
t
o Guim
Once both you and your partner have successfully completed all@
h tsomeyouprevious
v o e n
previous steps, should
exercises. This should allow you to test the SIP-NATslc rayou configured.
be able to call each other using each of your extension number as
S tud
you did in
h e that
a this
r p
a thespeer
1. Start SJphone if it is not running. Ensure
e profile is in use.
(
2. Start the live capture inra vo to u
Wireshark.
a e lc nse
p
a. Ensureh the Filter
l i e is set to sip.
cfield
o a
b.rEnsure to lcapture
b e on the media interface of the 192.168.0.0 network.
v a
er to call you. Remember to capture for the call received from your
raAsk yoursfpartner
l c
an in Wireshark.
3.
p h ae -tpartner
r
Ra non The call should be successful. Check your configuration if the call failed. If you cannot
4. Stop the live capture in Wireshark when the call is complete. This capture should
contain the SIP messages captured at the peer side.
5. Examine the call capture. Focus on the SIP URI in the From, To, Contact, and Via
fields of the INVITE message.
There should not be any IP address leak from the core realm to the peer realm. If
there is any, check your SIP-NAT configuration.
6. Save the call capture in a file named as peer2# on the desktop of your student
workstation.

ittt1 lab – physical network diagram
student1 192.168.0.10
ble
student2 physical:network
fe r a
interface name
ans
192.168.0.101 M00:0
SD n - t r
no 172.16.0.10
192.168.0.102 s a
student3 00
a ฺ
il eฺ M10:0
student4 m
ot Guid
h
192.168.0.103
a v o@ dent
student5 192.168.0.104 e l cr Stu 10
h a i s core
a v o to u
192.168.0.105
a e lcr nse
a p h l i ce
o r
192.168.0.106
ra v
l c
student7
e student8
p h a
Ra
192.168.0.107 192.168.0.108
wancom0
All PCs also connected 10.0.3.11
to hub going to wancom0:
peerx: 10.0.3.x
Copyright Acme Packet, Inc ittt.6.j.ld - 0
ittt1 lab – logical network diagram
student 1  student 4
bl e
fe r a
Associated H323 Stacks
an s
Realm ID: peer 1
- t
Realm ID: core 1
n r
Gatekeeper
192. 168.0.11 172.16.0.11 n o
192. 168.0.101
Phone SD Local IP for
Peer 1 Core 1
SD Local IP
s a 172.16.0. 100
) ha
Gateway Gateway Gatekeeper
Peer 1 for Core 1
c o m
Realm ID: peer 2
a ฺ
il eฺ
Gatekeeper m
ot2 Guid172.16.0.12
Realm ID: core 2
192. 168.0.102 192.168.0.12 Peer 2 hCore
o@Gatewaynt
172. 16.0.100
Phone SD Local IP for Gateway SD Local IP
Peer 2
a v d e for Core 2
Gatekeeper
e l cr Stu
p h a this
Realm ID: peer 3
a se
(rPeer Realm ID: core 3
o 3 u
Gatekeeper
192.168.0. 103 192. 168.0.13
r a v t o Core 3 172.16.0.13
172.16.0. 100
Phone SD
3 l
c nse
Local IP for
Peer e
Gateway Gateway SD Local IP
Gatekeeper
p h a l i ce
for Core 3
o r a
v
cra
Realm ID: peer 4
Realm ID: core 4
ael
Gatekeeper
192. 168.0.104 192. 168.0.14 Peer 4 Core 4 172.16.0.14
aph
SD Local IP 172. 16.0.100
Phone SD Local IP for Gateway Gateway Gatekeeper
for Core 4
R Peer 4

bl e
fe r a
t r a ns
on-
6
Realm ID: peer5 Realm ID: core5
n
sa
Gatekeeper
192. 168.0.15 172.16.0.15
ha
192. 168.0.105 Peer5 Core5 172.16.0. 100
SD Local IP for SD Local IP
Phone
Peer5
Gateway Gateway
m )
for Core5 Gatekeeper
ฺ c o
a il eฺ
Realm ID: peer6 m
ot Guid
Gatekeeper hCore6 nt
Realm ID: core6
192. 168.0.106 192.168.0.16 Peer6
a v o@ Gateway
d e 172.16.0.16 172. 16.0.100
cr Stu
Phone SD Local IP for Gateway SD Local IP Gatekeeper
Peer6
e l
a this
for Core6
p h
Realm ID: peer7
o (ra use
rav sePeer7to
Realm ID: core7
Gatekeeper
192.168.0. 107
e c
192. 168.0.l17
n
Core7 172.16.0.17
172.16.0. 100
Phone SD
p a
hPeer7 lice
Local IP for Gateway Gateway SD Local IP
for Core7
Gatekeeper
o r a
v
a ID: peer8
el crRealm Realm ID: core8
p h a
Gatekeeper
192. 168.0.108 Peer8 172.16.0.18
Ra
192. 168.0.18 Core8 172. 16.0.100
Phone SD Local IP for Gateway Gateway SD Local IP
Gatekeeper
Peer8 for Core8

ittt2 lab – physical network diagram
student1 192.168.0.10
ble
student2 physical:network
fe r a
interface name
ans
192.168.0.101 M00:0
SD n - t r
no 172.16.0.10
192.168.0.102 s a
student3 00
a ฺ
il eฺ M10:0
student4 m
ot Guid
h
192.168.0.103
a v o@ dent
student5 192.168.0.104 e l cr Stu 10
h a i s core
a v o to u
192.168.0.105
a e lcr nse
a p h l i ce
o r
192.168.0.106
ra v
l c
student7
e student8
p h a
Ra
192.168.0.107 192.168.0.108
wancom0
All PCs also connected 10.0.3.11
to hub going to wancom0:
peerx: 10.0.3.x
bl e
fe r a
t r a ns
on-1
Realm ID: peer1 Realm ID: core
n
192. 168.0.101
192. 168.0.11
f00:0 Local IP for
Peer1 Core1 172.16.0.11
f10:0
ha
Local IP
sa 172.16.0. 100
Phone Peer1
GateKeeper Gateway
m )
for Core1 Gatekeeper
ฺ c o
a il eฺ
Realm ID: peer2 m
ot Guid
h Core2nt
Realm ID: core2
192. 168.0.102 192.168.0.12 Peer2

a v o@ Gateway
d e 172.16.0.12 172. 16.0.100
cr Stu
Phone f00:0 Local IP for Gatekeeper f10:0 Local IP Gatekeeper
Peer2
e l
a this
for Core2
p h
Realm ID: peer3
o (ra use
rav sePeerto3
Realm ID: core3
192.168.0. 103
e l
192. 168.0.13c n
Core3 172.16.0.13
172.16.0. 100
Phone f 00:0
p a
hPeer3 lice
Local IP for Gatekeeper Gateway f10:0 Local IP
for Core3
Gatekeeper
o r a
v
a ID: peer4
el crRealm Realm ID: core4
h a
p .0.104
RaPhone
192. 168 192. 168.0.14 Peer4 Core4 172.16.0.14
f10:0 Local IP 172. 16.0.100
f 00:0 Local IP for Gatekeeper Gateway Gatekeeper
Peer4 for Core4

ble
fe r a
t r a ns
Realm ID: peer5
o n-
Realm ID: core5
n
172.16.0.15 a
aIPs
192.168.0.15
. . .
192.168.0.105 peer5 core5
Phone
. . M00:0 Local IP for GateKeeper Gateway
M10:0 Local
)for hcore5 172.16.0. 100
Gatekeeper
peer5
c o m
a ฺ
il eฺ
Realm ID: peer6
o t m u id 172.16.0.16 Realm ID: core6
192.168.0.16
h core6nt
@ Gateway G M10:0 Local
192.168.0.106
. M00:0 IP for
. peer6
a v o d e . IP 172. 16.0.100
Phone peer6
Gatekeeper
lc r S tu for core6 Gatekeeper
a e s
r a ph e thi
Realm ID: peer7
o ( u s
r a v t o Realm ID: core7
192.168.0.107
. M00:0 IP for lc
192.168.0.17
e
. .
n s epeer7 core7
172.16.0.17
. . Local IP
M10:0
.172.16.0.100
. .
Phone
ph
:
peer7 a lic e Gatekeeper Gateway for
:
core7
Gatekeeper
o r a
r a v
e l c Realm ID: peer8 Realm ID: core8
h
p. . a
192.168.0.108 172.16.0.18 .172.16.0.100
R aPhone
192.168.0.18
. .
M00:0 IP for
peer8
Gatekeeper
core8
Gateway
. . .
M10:0 Local IP
for core8
.
Gatekeeper
peer8

ittt-LG
Configuring H.323
(Single Net-Net SD)
Overview
In this lab, you first configure the Net-Net Session Director (SD) as a back to back
gateway (B2BGW) to support H.323 trunking of traffic from one zone to another, then a
gatekeeper/gateway (GK/GW).
Per best current practice, you verify the existing configuration to gather the information
necessary to complete this lab. You then configure realms, H.323 stacks and steering
pool elements on the Net-Net SD according to the lab specifications and diagrams.
You monitor and test your configuration using the SJphone application for placing H.323
s a
calls through the Net-Net SD. Refer to your student guide, lab diagram and the
documentation set on your workstation desktop if you forget any of the command syntax.
) h a
By completing this lab you will perform the following tasks: i l ฺ com
t m a deฺ
• Configure the Net-Net SD as an H.323 B2BGW h o Gui
• Configure the Net-Net SD as an H.323 GK/GW
v o @ ent
e l cra Stud
• Capture calls through the Net-Net SD and examine the output
Table of Exercises:
p h a this
Exercise 1: Configuring H.323 for ara e
( B2BGWusEnvironment
Exercise 2: Configuring H.323ofor a GK/GW
Environment ............................................. 2
rav se to
.............................................. 6
l c
p h ae licen
o ra ble
c r av sfera
h a el tran
p -
Ra non
Copyright © 2011 Acme Packet, Inc. ittt.6.j.lg-1

Configuring H.323 (Single Net-Net SD)
Exercise 1: Configuring H.323 for a B2BGW Environment

In this exercise, you configure the Net-Net Session Director (SD) as a back to back gateway
(B2BGW) to support H.323 trunking of traffic from one zone to another. Gatekeepers are told
where to find their neighbors for location requests on telephone numbers outside of their
registered zones. From the gatekeeper’s perspective, the network interface on the Net-Net SD is
where LRQs will be sent, and where LCFs will be received from. This is a very common
configuration, and involves passing signaling and media traffic from one H.323 zone to another
through the Net-Net SD. Initially, you verify the interface configuration, and then configure the
realm and H.323 stack elements to pass traffic and signaling across the Net-Net SD. After you
complete your configuration, you will verify proper operation by placing and tracing phone calls
from one zone to another. You will use SJphone and GNUK functions to facilitate
communications between zones. You will use the Wireshark network protocol analyzer will be
used to validate signaling and media connections. The lab is complete when each student can
complete a call to every other student phone. s a
) h a
Do not change any of the existing configuration parameters in this part
i l ฺ com
t m a deฺ
unless told to do so by your instructor. You will be building on these
configuration errors. h o Gui

parameters throughout this lab and changing them will potentially cause
v o @ ent
Step 1: Examining the Physical and Network c
l ra Stud
Interfaces
e
a show
r a p h
1. From the Superuser mode, use the appropriate
e t hiscommand to examine the
o ( 0/port 0uand
physical interfaces located in slot s slot1/port0 and answer the following
questions. v
ra se t o
l c
e of the
p h
• What are the anames l i c enphysical interfaces?
o
•vWhat
raare the bduplex-modes
le
r a f e r a and speeds for these interfaces?
a e l c2. From
a n s
r
ph on-tnetwork
the Superuser mode, use the appropriate show command to examine the
interfaces bound to the physical interfaces in slot 0/port 0 and slot1/port0 and
R a n answer the following questions.
• What network interface(s) is (are) associated with the physical interface in slot
0/port0?
1/port0?
You will start the necessary configuration for the Net-Net SD according to
your lab diagrams. In these steps, you configure the realm for your peer
network. Use the <?> to assist with the following tasks. Use your student
guide and the documentation set on your workstation desktop as an
additional reference.
Step 2: Enabling the Global Element

1. Enable the H.323 global element. Accept the default values for all fields.
The ACLI path is session-router>h323.
ittt.6.j.lg-2 Copyright © 2011 Acme Packet, Inc.

Step 3: Configuring Realms

In this step, you will configure two realms: peer and core. The ACLI path is
media-manager>realm-config.
1. Configure a peer realm bound to the M00:0 network interface in accordance with the
lab diagram. Accept the default values for all fields.
2. Configure a core realm bound to the M10:0 network interface in accordance with the
Step 4: Configuring H.323 Stacks

In this step, you will configure a H.323 stack for a peer realm and for a core realm. The ACLI
path is session-router>h323>h323-stacks
s a
)
1. Configure a peer h323 stack in accordance with the lab diagram and the table below. h a
Accept the default values for any fields not listed. o m
a i lฺc ฺ
Parameter Value
h otm Guide
name peer#
v o @ ent
isgateway
realm-id
enabled
peer#elc
ra Stud
assoc-stack
p h a this
core#
local-ip
terminal-alias vo
(ra 192.168.0.1#
u se
gatekeeper cra e o
h323-ID=peer#
t192.168.0.10#:1719
a
gk-identifier
l
e ens peer#
a h
p le lic
h245-tunneling disabled
r b
ocall-start-fast
fs-in-first-msg disabled
a v r a
r call-start-slow
f e disabled
l c n s
e traprocess-registration enabled
p h a - disabled
R a o n
n 2. Configure a core h323 stack in accordance with the lab diagram and table below.
Accept the default values for fields not listed.
Parameter Value
name core#
isgateway enabled
realm-id core#
assoc-stack peer#
local-ip 172.16.0.1#
terminal-alias h323-ID=core#
gatekeeper 172.16.0.100:1719
gk-identifier core#
call-start-fast disabled
call-start-slow enabled
process-registration disabled

Step 5: Configuring Steering Pools

In this step, you will configure a steering pool for the peer realm and the core realm. The
ACLI path is media-manager > steering-pool.
1. Configure your peer steering pool according to the addressing indicated on your lab
diagrams. Use the following start and end port allocations for your steering pool:
Realm Start Port End Port

peer1 21000 21999
peer2 22000 22999
peer3 23000 23999
peer4 24000 24999
peer5 25000 25999
peer6 26000 26999
s a
peer7
peer8
27000
28000
27999
28999 ) h a
i l ฺ com
t m a deฺ
2. Configure your core steering pool according to the addressing indicated on your lab
o Gui
h
Realm Start Port o@ denEndt Port
21000 rav
core1
core2 22000 l c
e is S t u 21999
22999
core3 h a
p 24000e th
23000 23999
core4 ( r a s 24999
v o t o u
core6 lcra
core5 25000 25999
e n s e 26000 26999
p h a lice
core7 27000 27999
r a core8
l e 28000 28999
r a vo feand r abSaving the Configuration

a e l c ans
Step 6: Verifying
p h n r your configuration.
1.-tVerify
Ra no DO NOT save or activate the configuration. Your instructor will perform the
appropriate commands when everyone has reached this point in the lab
exercise.
Tell your instructor that you have completed this portion of the lab exercise.
Step 7: Testing your Configuration

1. Start the Wireshark application on your desktop and begin capturing packets on your
media interface (192.168.0.10#, where the # is the number of your student
workstation).
2. Double-click on the SJphone icon on your desktop to start the SJphone application. If
you have done this correctly, the SJphone GUI will appear. Ensure that your SJphone
instance is configured to use the tttc1 profile.

Ask your instructor for help if you are unsure of how to complete this step.
3. Start the Open h323 GK application (GNUGK) located on your desktop.

4. Start the Open h323 GK GUI application on your desktop (GKgui). Click the connect
button to connect the GUI to the GK.
5. Use the appropriate command from the ACLI to ensure that your h323 stacks have
registered successfully.
If there are no problems, go to the next step. If your H.323 gateway stacks
are not registered, go back and check your configuration. If you cannot find
an error, let the Instructor know so you can work through the problem before
proceeding.
s a
6. Using SJ phone, place a call to another student’s extensions. Refer to the chart below ) h a
for the extension numbers of each student. o m
a ilฺc8. This
e ฺwill
t m
To avoid chaos, student 1 should call student 2, 3 call 4, 5 call 6, and 7 call
i d
ho ttoG
make comparing captures easier as well, as each student is adjacent
@
u other.
each
Student Number r a vo uden

Extension
Student 1
a e lc 7001 St
Student 2
ph e th7002 is
( r a
us 7004
Student 3 7003
Student 4vo
a
cr 56 nse t o
e l
Student
a Student
7005
p h Student
l i c e 7006
r
o rab a l e 7 7007
a v Student 8 7008
e l c7.r Stopnyour
s feWireshark capture, and graph your calls to look at call flow and address
p h a
n - ra
tinformation.
Ra no 8. Save your capture as b2bgw# (where # is your student number).
Please save each call as a separate capture. Ask your instructor for help if
you are unsure of how to use Wireshark to complete these steps.
Tell your instructor that you have completed this portion of the lab exercise.

Exercise 2: Configuring H.323 for a GK/GW Environment

In this exercise, you configure the Net-Net Session Director (SD) as a back-to-back
gatekeeper/gateway (GK/GW). To illustrate the functionality, your H323 terminal application
(SJphone) will no longer register with a GK on your student PC. Instead, it will send registration
requests directly to the Net-Net SD. These registrations will be passed through the Net-Net SD to
a GK in a bridged realm, via an associated stack. The end result will be that each student will be
able to place calls to every other student. We will use the Wireshark network protocol analyzer
software and ACLI show commands during the exercise to verify operation. Successful lab
completion is determined when each student phone can call every other student phone.
Do not change any of the existing configuration parameters in this part

unless told to do so by your instructor. You will be building on these
parameters throughout this lab and changing them will potentially cause
s a
configuration errors.
) h a
Step 1: Examining the Physical and Network Interfaces
i l ฺ com
t m a deฺ
1. Restoring pint_student#.gz (where # is your student number).
h o Gui
2. From the Superuser mode, use the appropriate show o
v @ etonexamine
command t the
l cra Sand
physical interfaces located in slot 0/port 0 and slot1/port0
e
d the following
tuanswer
questions.
p h a this
(ra interfaces?
• What are the names of the physical
o u s e
l c rav sande speeds
• What are the duplex-modes
to for these interfaces?
p h ae licen
3. From theaSuperuser mode, use the appropriate show command to examine the
o r interfaces
b lebound to the physical interfaces in slot 0/port 0 and slot1/port0 and
v
network
raanswersthe
f r a
efollowing
e l c n
questions.
p h a
n - tr•aWhat network interface(s) is (are) associated with the physical interface in slot
Ra no 0/port0?
1/port0?
Now you will start the necessary configuration for the Net-Net SD according
to your lab diagrams. In the next steps, you will configure the realm for your
peer network. Use the <?> to assist with the following tasks. You may also
refer to your student guide and the documentation set on your workstation
desktop.
Step 2: Configuring Realms

In this step, you will configure two realms: peer and core. The ACLI path is media-
manager>realm-config.
1. Configure a peer realm bound to the M00:0 network interface in accordance with the

2. Configure a core realm bound to the M10:0 network interface in accordance with the
Step 3: Configuring H.323 Stacks

In this step, you will configure a H.323 stack for a peer realm and for a core realm. The ACLI
path is session-router>h323>h323-stacks.
1. Configure a peer h323 stack in accordance with the lab diagram and table below.
Accept the default values for fields not listed.
Parameter Value
name peer#
isgateway disabled
realm-id peer#
s a
assoc-stack core#
) h a
com
local-ip 192.168.0.1#
terminal-alias h323-ID=peer#
i l
a deฺ ฺ
gk-identifier peer#
t
o Guim
disabled h
@ ent
fs-in-first-msg
v o
cra Stud
call-start-slow
e l
enabled
a this
process-registration
p h enabled
2. Configure a core h323 stacko (ra uswith e the lab diagram and table below.
v fields nottolisted.
rafor
in accordance
c se
Accept the default values
a e l n
ph lField lic e Value
r a e
vo ferab
r
c nsa name core#
a e l isgateway
a
enabled
p h - t r
realm-id core#
Ra non local-ip
assoc-stack peer#
172.16.0.1#
terminal-alias h323-ID=core#
gatekeeper 172.16.0.100:1719
gk-identifier core#
call-start-slow enabled
process-registration disabled
Step 4: Configuring Steering Pools

In this step, you will configure a steering pool for the peer realm and the core realm. The
ACLI path is media-manager > steering-pool.
1. Configure your peer steering pool according to the addressing indicated on your lab


peer1 21000 21999
peer2 22000 22999
peer3 23000 23999
peer4 24000 24999
peer5 25000 25999

peer6 26000 26999
peer7 27000 27999
peer8 28000 28999
2. Configure your core steering pool according to the addressing indicated on your lab

core1 21000 21999
s a
core2
core3
22000
23000
22999
23999 ) h a
core4 24000
i l com
24999
ฺ
core5 25000
t m a deฺ 25999
core6
core7
26000
27000 h o Gui 26999
27999
core8 28000
v o @ ent 28999
e l cra Stud
Step 5: Verifying and Saving the Configuration
p h a this
o (ra use
l c
DO NOT save or activateravthesconfiguration.
e to Your instructor will perform the
a e e n
ph le lic
appropriate commands when everyone has reached this point in the lab
r a
exercise.
r a r ab that you have completed this portion of the lab exercise.

voyourfeinstructor
l c ans
Tell
h a e tr
p n -
Ra Step no6: Testing your Configuration
1. Start the Wireshark application using the icon on your desktop and begin sniffing on
your media interface (192.168.0.10#, where # is the number of your student
workstation).
2. Double-click on the SJphone icon on your desktop to start the SJphone application. If
you have done this correctly, the SJphone GUI will appear. Ensure that your SJphone
instance is configured to use the tttc2 profile.
Ask your instructor for help if you are unsure of how to complete this step.
3. Use the appropriate command from the ACLI to ensure that your h323 stacks have
registered successfully.
If there are no problems, go to the next step. If your H.323 gateway stacks
are not registered, go back and check your configuration. If you cannot find
an error, let the Instructor know.

4. Backup your configuration as student#_ittt2.gz.
5. Using SJ phone, place a call to another student’s extensions. Refer to the chart below
for the extension numbers of each student.
To avoid chaos, student 1 should call student 2, 3 call 4, 5 call 6, and 7 call 8. This
will make comparing captures easier as well, as each student is adjacent each other.
Student Number Extension

Student 1 7001
Student 2 7002
Student 3 7003
Student 4 7004
Student 5 7005
Student 6 7006 s a
Student 7 7007
) h a
com
Student 8 7008
i l ฺ
a address ฺ
m
6. Stop your Wireshark capture, and graph your calls to look at call flow and
t i d e
@ ho number.
information. Save your capture as b2bgw#, where # is your student
t G u
7. Save your capture as b2bgwgk#, where # is your a vo number,d e nfor comparison
lc r student
S tu
purposes.
a e is
r a ph Askeyourt hinstructor
(
Save each call as a separate capture.
s for help if you are
r a vo to u
unsure of how to use Wireshark to complete these steps.
a e lc nse
h thate
Tell your instructor
a p l i c you have completed this portion of the lab exercise.
o r b le
v
ra sfer a
l c
p h ae -tran
Ra non

s a
) h a
i l ฺ com
t m a deฺ
h o Gui
v o @ ent
e l cra Stud
p h a this
o (ra use
l c rav se to
p h ae licen
o ra ble
c r av sfera
h a el tran
p -
Ra non

D81945GC10 Ag

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

D81945GC10 Ag

Uploaded by

Copyright:

Available Formats

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2013, Oracle and/or its affiliatesฺ

Restricted Rights Notice

 Module 3 [pint] – Provisioning Interfaces

 Module 4 [cfga]: – Configuration Administration

 The types of configuration and backup files

 Module 5 [isip]: Introduction to SIP (Session Initiation Protocol)

h a e tran  Configure the Global Pool

a p o n -  Enable the Media Manager

iv • Net-Net 3000/4000 Configuration Basics Copyright © 2011 Acme Packet, Inc.

 Module 9 [abbn2]: SIP configuration in an Access-backbone environment

 Explain the SIP-NAT bridge (SNB) model h o Gui

o Student performance objectives include:

a e l c ans Recognize and Respond to a System Switchover

 Appendix A [peer2]: SIP configuration in a peering environment

 Appendix B [ittt]: Introduction to H.323

Copyright © 2011 Acme Packet, Inc. Net-Net 3000/4000 Configuration Basics • v

Style Description Usage Example

Acme Packet Support

vi • Net-Net 3000/4000 Configuration Basics Copyright © 2011 Acme Packet, Inc.

Copyright Acme Packet, Inc initc.6.j.ld- 0

Copyright © 2011 Acme Packet, Inc. initc.6.j.m.lg-1

Exercise 1: Accessing the Net-Net SD

Step 1: Connecting to the Net-Net SD using PuTTY/Tutty

1. Launch PuTTY/Tutty( ), the terminal emulation application provided on the desktop

Examine the Superuser mode prompt.

3. Issue the exit command to return to the User mode.

initc.6.j.lg-2 Copyright © 2011 Acme Packet, Inc.

Step 3: Entering the Configuration Mode (Demo)

2. Issue the configure terminal command to enter the Configuration mode.

training# configure terminal

Copyright © 2011 Acme Packet, Inc. initc.6.j.lg-3

Exercise 2: Getting Familiar with ACLI Commands

information, and view the available commands in the Configuration mode.

Step 1: Displaying the Available ACLI Commands

• What type of operationsvdo

Step 2: Using the show Command

• Does the show <TAB> command accomplish the same as show ? ?

initc.6.j.lg-4 Copyright © 2011 Acme Packet, Inc.

Examine the outputs in both modes.

• How do you identify the login sessions?

Copyright © 2011 Acme Packet, Inc. initc.6.j.lg-5

Exercise 3: Rebooting the Net-Net SD (Demo)

because the tasks can only be performed by one person at a time.

Step 1: Accessing the Superuser Mode

1. Connect to your Net-Net SD via a serial connection.

initc.6.j.lg-6 Copyright © 2011 Acme Packet, Inc.

Exercise 4: Working on the Boot Parameters (Demo)

because the tasks can only be performed by one person at a time.

Step 1: Examining the Boot Parameters

Target name (tn): training acmepacket <Press the Enter key>

c. Reboot the Net-Net SD.

Copyright © 2011 Acme Packet, Inc. initc.6.j.lg-7

• If you reboot from a Telnet session, what happens to your Telnet

3. Change the name of the boot file.

a. Change the file name to a non-existing file, such as /tffs0/nnC600p9trn.gz.

b. Reboot the Net-Net SD.

initc.6.j.lg-8 Copyright © 2011 Acme Packet, Inc.

Exercise 5: Accessing the Global Settings

Step 1: Examinging the Running Configuration

• In what mode can you issue the show command?

• What elements are configured in the running configuration?

l c s agent the mib-2 sysName variable.

p h ae -tranThe mib2 sysname is formed by combining ….