...
| Code Block | ||
|---|---|---|
| ||
Router # Conf t
Router(config)# username {Enter User Here} privilege 5 Password {Type Password}
Router(config)# privilege exec level 5 show platform software mount
Router(config)# privilege exec level 5 show dial-peer voice summary
Router(config)# privilege exec level 5 show version
|
...
| Code Block | ||
|---|---|---|
| ||
Router# show running-config Router# show startup-config Router# show platform software mount Router# show version Router# show dial-peer voice summary |
CUBE SNMP Configuration
There are two options for SNMP monitoring of the CUBE, SNMP Version 2c and SNMP version 3. SNMP Version 3 is more secure and is the preferred method.
SNMP Version 2 option
To configure SNMP V2c monitoring of the CUBE you will need the following:
| Parameter | Description |
|---|---|
| VSM Collector IP Address | IP address of the VSM Collector at the customers site |
Configure the SNMP Community using the following commands:
| Code Block | ||
|---|---|---|
| ||
Router # Conf t Router(config)# snmp-server community {Enter SNMP Value here}virsae RO Router(Config)# snmp-server locationhost <location>{VSM #ThisCollector commandIP isAddress} optionalversion and may needed only if you want to specify the location.2c virsae Router(Config)# snmp-server contact <contact info> #This command is optional |
...
enable traps
Router(Config)#exit
|
Use the following commands to verify SNMP V2 Configuration
| Code Block | ||
|---|---|---|
| ||
Router (Config)# snmp-server host {Enter VSM Probe IP Address here} [traps | informs] version 2c community-string [udp-port port-number] [notification-type]Router # Show snmp community << This will display configured community string Router # show snmp host << This should display the configured SNMP host which should match the configured one |
The following example demonstrates a sample configuration of SNMP Version 2 with option to enable all traps
| Code Block | ||
|---|---|---|
| ||
Router # Conf t Router(Config)# snmp-server community VirsaeVSMvirsae RO Router(Config)# snmp-server location BHIVE Auckland host 10.10.10.20 version 2c virsae Router(Config)# snmp-server contact Virsae Support Teamenable traps Router (Config) # Exit |
Verification output :
| Code Block | ||
|---|---|---|
| ||
Router # Show snmp-server host Community Community name: virsae Community Index: virsae Community SecurityName: virsae storage-type: nonvolatile active Router # Show snmp host Notification host: 10.10.10.20 version 2c VirsaeVSM Router(Config)# snmp-server enable traps |
...
udp-port: 162 type: trap user: virsae security model: v2c |
SNMP Version 3 option
To configure SNMP v3 monitoring of the CUBE you will need the following:
| Parameter | Value | Description |
|---|---|---|
| View Name | Virsaeview | Use Virsaeview by default |
| Group Name | Virsaegroup | Use Virsagroup by default |
| User Name | The SNMP Trap username administered in your VSM equipment location | |
| Authentication Protocol | SHA or MD5 | The SNMP Trap Authentication protocol administered in your VSM equipment location |
| Authentication Password | The SNMP Trap Authentication password administered in your VSM equipment location | |
| Privacy Protocol | AES 128, AES 196, AES 256, DES | The SNMP Trap privacy protocol administered in your VSM equipment location |
Privacy Password | The SNMP Trap privacy password administered in your VSM equipment location | |
| VSM Collector IP Address | The IP address of the VSM Collector |
The SNMP Trap configuration in VSM is documented here SNMP Configuration
Configure the SNMP V3 using the following commands:
| Code Block | ||
|---|---|---|
| ||
Router(Config)# snmp-server community VirsaeVSM RO # Conf t Router(Configconfig)# snmp-server location BHIVE Aucklandview <View Name> iso included Router(Config)# snmp-server contact Virsae Support Team group <Group Name> v3 priv read <View Name> Router(Config)# snmp-server host 10.10.10.20 version 2c VirsaeVSM user <User Name> <Group Name> v3 auth <Authentication Protocol> <Authentication Password> priv <Privacy Protocol> <Privacy Password> Router(Config)# snmp-server enable traps snmp authentication linkdown linkup coldstart host <VSM Collector IP Address> version 3 priv <User Name> Router(Config)# exit |
Example (View name=Virsaeview, Groupname = Virsaegroup, Username = Virsaesnmp):
| Code Block | ||
|---|---|---|
| ||
Router(Config)# snmp-server enableview trapsVirsaeview cpuiso thresholdincluded Router(Config)# snmp-server enable traps ipsla group Virsaegroup v3 priv read Virsaeview Router(Config)# snmp-server enable traps config-copy user Virsaesnmp Virsaegroup v3 auth sha P@ssword123 priv aes 256 P@ssword123 Router(Config)# snmp-server enable traps license host 192.168.5.180 version 3 priv Virsaesnmp Router(Config)# snmp-server enable traps envmon Router(Config)# snmp-server enable traps bgp |
...
Exit
|
Use the following commands to verify the SNMP V3 Configuration is correct administered:
| Code Block | ||
|---|---|---|
| ||
Router(config) # Show snmp-server view {Enter View Name Here} Router(Config)# snmp-server group <Group Name> v3 [priv|auth|noauth] read <View Name > Router(Config)# snmp-server user <username> <Group Name> v3 [encrypted] [auth {md5 | sha} auth-password]} Router(Config)# snmp-server host <Enter VSM Probe IP Address here> version 3 [auth|no auth|priv] <Enter user name here> |
The following demonstrates a sample configuration of SNMP Version 3 with Parameters shown in the following table
...
user << This will display configured snmp V3 user
Router # show snmp host << This should display the configured SNMP host which should match the configured one |
Example Verification output :
| Code Block | ||
|---|---|---|
| ||
Router # Show snmp user
User name: Virsaesnmp
Engine ID: 800000090300005056BA6363
storage-type: nonvolatile active
Authentication Protocol: SHA
Privacy Protocol: None
Group-name: Virsaegroup
Router # Show snmp host
Notification host: 192.168.5.180 udp-port: 162 type: trap user: Virsaesnmp security model: v3 auth |
CDR Configuration
Voice Quality Metrics (VQM) Configuration
| Code Block | ||
|---|---|---|
| ||
Router #Conf t
Router (config)# voice service voip
Router (conf-voi-serv)# callmonitor
Router (conf-voi-serv)# media statistics
Router (conf-voi-serv)# exit
|
Enter media monitoring command for each required dial-peer in order to enable monitoring of the calls on each dial peer
| Code Block | ||
|---|---|---|
| ||
Router #Conf t
Router (config)# dial-peer voice <tag> voip
Router (config-dialpeer)# media monitoring
Router (config-dialpeer)# end
|
RADIUS Accounting Configuration
There are two possible options for configuring RADIUS accounting
1- VSM is the only RADIUS Server to be configured on Cisco CUBE
2- VSM is not the only RADIUS Server , There is an existing RADIUS Server Set up on Cisco CUBE for AAA Operation
Single RADIUS Server Option (VSM Only)
Perform the following steps to configure CUBE as Radius client to send accounting information to VSM
...
| Code Block | ||
|---|---|---|
| ||
Router(Config)# snmp-server view virsaelab iso included Router(Config)# snmp-server group VSMMonitor v3 priv read virsaelab Router(Config)# snmp-server user VSMUser VSMMonitor v3 auth sha P@ssword123 priv aes 256 P@ssword123 Router(Config)# snmp-server host 192.168.5.180 version 3 auth VSMUser Router(Config)# snmp-server enable traps snmp authentication linkdown linkup coldstart Router(Config)# snmp-server enable traps cpu threshold Router(Config)# snmp-server enable traps ipsla Router(Config)# snmp-server enable traps config-copy Router(Config)# snmp-server enable traps license Router(Config)# snmp-server enable traps envmon Router(Config)# snmp-server enable traps bgp #Conf t Router (config)# aaa new-model Router (config)# radius server VSM Router (config-radius-server)# address ipv4 <VSM Probe IP Address> auth-port 1812 acct-port 1813 Router (config-radius-server)# key <shared secret - this key to be used in VSM Web Portal> Router (config-radius-server)# exit Router (config)# aaa group server radius VSMradiusgroup Router (config-sg-radius)#server name VSM Router (config-sg-radius)#ip radius source-interface <Enter Interface Name that will be used to send CDR information to VSM> Router (config-sg-radius)#exit Router (config)#aaa accounting connection h323 start-stop group VSMradiusgroup Router (config)#gw-accounting aaa Router (config-gw-accounting-aaa)# acct-template callhistory-detail Router (config-gw-accounting-aaa)# exit Router (config)# radius-server vsa send accounting Router (config)# exit |
Multiple RADIUS Servers option
If Cisco CUBE has already been configured to use other Radius server for AAA operations make sure that this server is placed in another server group by using the following commands .
| Code Block | ||
|---|---|---|
| ||
Router #Conf t
Router (config)# aaa group server radius <groupname>
Router (config-sg-radius)# server <ip-address > auth-port 1812 acct-port 1813
Router (config-sg-radius)# exit
Router (config)# aaa authentication login default group <groupname> local
Router (config)# aaa authorization exec default group <groupname> none
Router (config)# aaa accounting exec default start-stop group <groupname>
Router (config)# radius-server host <ip-address> auth-port 1812 acct-port 1813 key <shared-secret>
Router (config)# exit
|
| Parameter | Value |
|---|---|
| groupname | Name of the server group which contains all the RADIUS Servers being used for AAA operations. |
| ip-address | The IP address of the RADIUS Server group being used for AAA operations |
| <shared-secret> | Secret Key used to authenticate with the RADIUS Server |
Follow the steps mentioned in Single RADIUS Server option to send call accounting details to VSM.
CUBE Syslog Configuration
...
| Code Block | ||
|---|---|---|
| ||
Router(Config)# logging host (Enter VSM ProbCollector IP Address) Router(Config)# logging traps (i.e 0 1 2 3 4 5 .. according to your requirement) |
Once complete you can move onto the VSM Web Portal Configuration
Web Portal Configuration
Add CUBE
Log in to the VSM web portal using your VSM credentials and password.
...
| Field | Setting |
|---|---|
Vendor | Cisco Systems |
Product | Unified Border Element |
Equipment Name | Friendly name for this CUBE |
Username | Administrative Username |
Password | Administrative Password |
IP Address / Host Name | IP Address of server (Virtual in duplicated servers) |
Site | Free text field, this information will be included in alarm notifications from the VSM Workflow. |
| Info |
|---|
Site ID information in the ‘Site’ field will advise your NOC staff of the site where the Microsoft Server (i.e. the VSM Collector) is physically located. This is particularly helpful when the customer has multiple sites. |
...