Versions Compared

Old Version 34

changes.mady.by.user Carl Pamplin

Saved on

compared with

New Version Current

changes.mady.by.user Carl Pamplin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagetext
Router# show running-config
Router# show startup-config
Router# show platform software mount
Router# show version
Router# show dial-peer voice summary

CUBE SNMP Configuration

There are two options for SNMP monitoring of the CUBE, SNMP Version 2c and SNMP version 3. SNMP Version 3 is more secure and is the preferred method.

SNMP Version 2 option

To configure SNMP V2c monitoring of the CUBE you will need the following:

ParameterDescription
VSM Collector IP AddressIP address of the VSM Collector at the customers site

Configure the SNMP Community using the following commands:

Code Block
languagetext
Router        # Conf t
Router(config)# snmp-server community {Enter SNMP Value here}virsae RO
Router(Config)# snmp-server locationhost <location>{VSM #ThisCollector commandIP isAddress} optionalversion and may needed only if you want to specify the location.2c virsae
Router(Config)# snmp-server contact <contact info> #This command is optional
Router(Config)# snmp-server host {Enter VSM Probe IP Address here} [traps | informs] version  2c  community-string  [udp-port port-number] [notification-type]enable traps
Router(Config)#exit

Use the following commands to verify SNMP V2 Configuration 

...

Code Block
languagetext
Router        # Conf t
Router(Config)# snmp-server community VirsaeVSM RO
Router(Config)# snmp-server location BHIVE Auckland
Router(Config)# snmp-server contact Virsae Support Teamvirsae RO
Router(Config)# snmp-server host 10.10.10.20 version 2c VirsaeVSMvirsae
Router(Config)# snmp-server enable traps
Router (Config) # Exit

...

Code Block
languagetext
Router    # Show snmp Community
Community name: VirsaeVSMvirsae
Community Index: VirsaeVSMvirsae
Community SecurityName: VirsaeVSMvirsae
storage-type: nonvolatile        active

Router # Show snmp host
Notification host: 10.10.10.20        udp-port: 162   type: trap  user: VirsaeVSMvirsae       security model: v2c

...

SNMP Version 3 option
To configure SNMP v3 monitoring of the CUBE you will need the following:
ParameterValueDescription
View NameVirsaeviewUse Virsaeview by default
Group NameVirsaegroupUse Virsagroup by default
User Name
The SNMP Trap username administered in your VSM equipment location
Authentication ProtocolSHA or MD5The SNMP Trap Authentication protocol administered in your VSM equipment location
Authentication Password
The SNMP Trap Authentication password administered in your VSM equipment location
Privacy ProtocolAES 128, AES 196, AES 256, DESThe SNMP Trap privacy protocol administered in your VSM equipment location
Privacy Password

The SNMP Trap privacy password administered in your VSM equipment location
VSM Collector IP Address
The IP address of the VSM Collector
The SNMP Trap configuration in VSM is documented here SNMP Configuration

Configure the SNMP V3 using the following commands:
 Code Block
languagetext
Router        #  Conf t
Router(Configconfig)# snmp-server communityview VirsaeVSM RO
Router(Config)# snmp-server location BHIVE Auckland<View Name> iso included
Router(Config)# snmp-server contactgroup Virsae<Group Support Team
Router(Config)# snmp-server host 10.10.10.20 version 2c VirsaeVSMName> v3 priv read <View Name>
Router(Config)# snmp-server enableuser traps<User snmpName> authentication<Group linkdownName> linkup coldstart
Router(Config)# snmp-server enable traps cpu threshold
Router(Config)# snmp-server enable traps ipslav3 auth <Authentication Protocol> <Authentication Password> priv <Privacy Protocol> <Privacy Password>
Router(Config)# snmp-server enablehost traps config-copy
Router(Config)# snmp-server enable traps license
Router(Config)# snmp-server enable traps envmon<VSM Collector IP Address> version 3 priv <User Name>
Router(Config)# snmp-server enable traps bgp
SNMP Version 3 option
...
exit
Example (View name=Virsaeview, Groupname = Virsaegroup, Username = Virsaesnmp):
 Code Block
languagetext
Router        #  Conf t
Router(configConfig)# snmp-server view {EnterVirsaeview View Name Here}iso included
Router(Config)# snmp-server group <Group Name>Virsaegroup v3 [priv|auth|noauth] read <View Name >Virsaeview
Router(Config)# snmp-server user <username>Virsaesnmp <GroupVirsaegroup Name>v3 v3auth [encrypted] [auth {md5 | sha} auth-password]}sha P@ssword123 priv aes 256 P@ssword123
Router(Config)# snmp-server host <Enter VSM Probe IP Address here>192.168.5.180 version 3 [auth|no auth|priv] <Enter user name here> Virsaesnmp
Router(Config)# snmp-server enable traps
Router(Config)# exitExit


Use the following commands to verify the SNMP V3 Configuration Configuration is correct administered:
 Code Block
languagetext
Router # Show snmp user  << This will display configured snmp V3 user
Router # show snmp host       << This should display the configured SNMP host which should match the configured one
The following  demonstrates a sample configuration of SNMP Version 3 with Parameters shown in the following table with option to enable all traps with Authentication and Privacy
...
Example Verification output :
 Code Block
languagetext
Router(Config)    # Show snmp-server view virsaelab iso included
Router(Config)# snmp-server group VSMMonitor v3 priv read virsaelab
Router(Config)# snmp-server user VSMUser VSMMonitor v3 auth sha P@ssword123 priv aes 256 P@ssword123
Router(Config)# snmp-server host 192.168.5.180 version 3 priv VSMUser
Router(Config)# snmp-server enable traps
Router(Config)# Exit


 Verification output :
 Code Block
languagetext
Router    # Show snmp user
User name: VSMUser
Engine ID: 800000090300005056BA6363
storage-type: nonvolatile        active
Authentication Protocol: SHA
Privacy Protocol: AES256
Group-name: VSMMonitor


Router # Show snmp host
Notification host: 192.168.5.180  udp-port: 162   type: trap user: VSMUser     security model: v3 priv


The following  demonstrates a sample configuration of SNMP Version 3 with Parameters shown in the following table with option to enable  traps with Authentication Only
...
languagetext
...
 user
User name: Virsaesnmp
Engine ID: 800000090300005056BA6363
storage-type: nonvolatile        active
Authentication Protocol: SHA
Privacy Protocol: None
Group-name: Virsaegroup


Router # Show snmp host
Notification host: 192.168.5.180  udp-port: 162   type: trap user: Virsaesnmp     security model: v3 auth
CDR Configuration
Voice Quality Metrics (VQM) Configuration

 Code Block
languagetext
Router    #Conf t
Router (config)# voice service voip
Router (conf-voi-serv)# callmonitor
Router (conf-voi-serv)# media statistics
Router (conf-voi-serv)# exit

Enter media monitoring command for each required dial-peer in order to enable monitoring of the calls on each dial peer
 Code Block
languagetext
Router    #Conf t
Router (config)# dial-peer voice <tag> voip
Router (config-dialpeer)# media monitoring
Router (config-dialpeer)# end

RADIUS Accounting Configuration
There are two possible options for configuring RADIUS accounting 
1- VSM is the only RADIUS Server to be configured on Cisco CUBE
2- VSM is not the only RADIUS Server , There is an existing  RADIUS Server Set up on Cisco CUBE for AAA Operation 
Single RADIUS Server Option (VSM Only)
Perform the following steps to configure  CUBE as Radius client to send accounting information to VSM
 Code Block
languagetext
Router    #Conf t
Router (config)# aaa new-model
Router (config)# radius server VSM
Router (config-radius-server)# address ipv4 <VSM Probe IP Address> auth-port  1812 acct-port 1813
Router (config-radius-server)# key <shared secret - this key to be used in VSM Web Portal>
Router (config-radius-server)# exit
Router (config)# aaa group server radius VSMradiusgroup
Router (config-sg-radius)#server name VSM
Router (config-sg-radius)#ip radius source-interface <Enter Interface Name that will be used to send CDR information to VSM>
Router (config-sg-radius)#exit
Router (config)#aaa accounting connection h323 start-stop group VSMradiusgroup
Router (config)#gw-accounting aaa
Router (config-gw-accounting-aaa)# acct-template callhistory-detail
Router (config-gw-accounting-aaa)# exit
Router (config)# radius-server vsa send accounting
Router (config)# exit


Multiple RADIUS Servers option
If Cisco CUBE has already been configured to use other Radius server for AAA operations make sure that this server is placed in another server group by using the following commands .
 Code Block
languagetext
Router    #Conf t
Router (config)# aaa group server radius <groupname>  
Router (config-sg-radius)# server <ip-address > auth-port 1812 acct-port 1813
Router (config-sg-radius)# exit
Router (config)# aaa authentication login default group <groupname> local
Router (config)# aaa authorization exec default group <groupname> none
Router (config)# aaa accounting exec default start-stop group <groupname>
Router (config)# radius-server host <ip-address> auth-port 1812 acct-port 1813 key <shared-secret>
Router (config)# exit



ParameterValue
groupnameName of the server group which contains all the RADIUS Servers being used for AAA operations.
ip-addressThe IP address of the RADIUS Server group being used for AAA operations
<shared-secret>Secret Key used to authenticate with the RADIUS Server
Follow the steps mentioned in  Single RADIUS Server option to send call accounting details to VSM.
CUBE Syslog Configuration
...
 Code Block
languagetext
Router(Config)# logging host (Enter VSM ProbCollector IP Address) 
Router(Config)# logging traps (i.e 0 1 2 3 4 5 .. according to your requirement)


Once complete you can move onto the VSM Web Portal Configuration
...