Cisco CallManager Best PracticesDelivers the proven solutions that make a difference in your Cisco IP Telephony deployment
IP telephony represents the future of telecommunications: a converged data and voice infrastructure boasting greater flexibility and more cost-effective scalability than traditional telephony. Having access to proven best practices, developed in the field by Cisco IP Telephony experts, helps you ensure a solid, successful deployment. Cisco CallManager Best Practices offers best practice solutions for CallManager and related IP telephony components such as IP phones, gateways, and applications. Written in short, to-the-point sections, this book lets you explore the tips, tricks, and lessons learned that will help you plan, install, configure, back up, restore, upgrade, patch, and secure Cisco CallManager, the core call processing component in a Cisco IP Telephony deployment. You'll also discover the best ways to use services and parameters, directory integration, call detail records, management and monitoring applications, and more. Customers inspired this book by asking the same questions time after time: How do I configure intercom? What's the best way to use partitions and calling search spaces? How do I deploy CallManager regionally on my WAN? What do all those services really do? How do I know how many calls are active? How do I integrate CallManager with Active Directory? Years of expert experiences condensed for you in this book enable you to run a top-notch system while enhancing the performance and functionality of your IP telephony deployment. |
Contents
Planning the Call Manager Implementation | 3 |
Read the Solution Reference Network Designs | 4 |
Check the Compatibility Matrix | 5 |
Implement Quality of Service | 6 |
Build Redundancy into Your Network Design | 7 |
Document the Current Data Infrastructure | 8 |
Assess the Current Voice Environment | 9 |
Document the Existing and Desired Dial Plan | 14 |
General Deployment Guidelines | 256 |
Use Dial Plan Features to Prevent Toll Fraud | 257 |
Restrict AutoRegistered IP Phones | 258 |
Block Common Fraudulent Area Codes Using a Single Partition | 261 |
Configure Explicit External Route Patterns | 263 |
Use the Cisco Dialed Number Analyzer to Test Your Configuration | 264 |
Use MRGLs to Ensure Tone on Hold Rather than MOH if Desired | 265 |
Configure a Continuously Running MOH Stream | 266 |
Document Classes of Service | 15 |
Document the CDR Method | 16 |
Determine the Current Applications | 18 |
Document All Existing Hardware | 20 |
Choose the Right Equipment | 21 |
Server Memory Requirements | 22 |
Choosing Phone Types | 23 |
Create a Training Curriculum for Users and Administrators | 24 |
User Training Techniques | 25 |
Administrator Training | 26 |
Establish a Rollout Plan | 28 |
Number of Phones | 29 |
Amount of Time to Cutover | 30 |
Determine the Cutover Method | 31 |
Dual Phone and Then Flash Cut | 33 |
Create User Information Packets | 34 |
Institute a Problem Reporting and Escalation Plan | 35 |
Establish Operations Procedures | 36 |
Summary | 38 |
Planning Centralized Call Processing Deployments | 41 |
Establishing Basic WAN Connectivity | 43 |
Deployment Using Frame Relay | 45 |
Deployment Using Asynchronous Transfer Mode | 46 |
Deployment Using Multiprotocol Label Switching MPLS | 47 |
Deployment Using Voice and Video Virtual Private Networks | 48 |
Tuning Quality of Service on the WAN | 49 |
Use IP RTP Priority Queuing if You Cannot Use LLQ | 50 |
At a Minimum Use LLQ for Marked or Unmarked Packets | 52 |
Use LLQ with Marked and Trusted Incoming Packets | 55 |
Reducing Jitter | 56 |
Use LFI with Traffic Shaping for Frame Relay | 57 |
Adjusting Bandwidth Consumption | 58 |
Choosing the Codec | 59 |
Preventing WAN Oversubscription by Using LocationsBased Call Admission Control CAC | 60 |
Configure Locations | 62 |
Dynamically Rerouting Calls Using Automated Alternate Routing | 66 |
Survive WAN Outages by Using SRST | 69 |
Understanding SRST User Functionality | 70 |
Understanding SRST at the Central Site | 71 |
Deploying SRST at the Location | 73 |
Limit the Number of Lines on Particular Phone Types | 75 |
Enable G711 Music on Hold Sourcing at the Location | 76 |
Voice Mail During SRST Fallback | 78 |
PSTN Calling During SRST Fallback | 82 |
Choosing Gateways to Support Centralized Call Processing Functionality | 85 |
Summary | 88 |
Installing CallManager | 91 |
Determine the Installation Logistics | 92 |
Prepare the Installation Checklist | 93 |
Prepare the Installation Media | 94 |
Verify Network Connectivity | 95 |
Use Dual Network Interface Cards Adapter Teaming | 96 |
Locate Your Cisco SmartNet Contract Number or System Serial Number | 97 |
Hardware Compatibility | 98 |
Avoid Windows Domain Participation | 100 |
Use Consistent Passwords Across Servers | 101 |
After the Installation | 102 |
Do Not Change OS Parameters | 103 |
Do Not Create Other Accounts on the System | 104 |
Verify Database Synchronization | 105 |
Use the Cisco Security Agent | 107 |
Backing Up and Restoring the Environment | 111 |
Consider the Whole Deployment | 112 |
Back Up All Important Data on the CallManager Server | 113 |
Back Up All Music on Hold Audio Sources | 114 |
Back Up the Cisco Unity Messaging Repository | 115 |
Back Up Ethernet Switches and Router Configurations | 116 |
Planning Your Backup Strategy | 117 |
Determine Backup Schedules | 118 |
Use BARS to Back Up the Environment | 119 |
Become Familiar with BARS | 121 |
Use Consistent Private Password Phrases | 123 |
Things to Be Aware of When Restoring from a BARS Backup | 125 |
Reinstall Restore or Recover? | 126 |
Troubleshooting Typical Backup Problems | 127 |
Resolving NetBIOS and Windows Internet Name Service Issues | 128 |
Identifying SQL Password and Replication Problems | 133 |
Summary | 135 |
Upgrading and Patching CallManager | 137 |
Understand the Difference Between Patching and Upgrading | 138 |
Use a Staging Environment if Applicable | 140 |
Select the Appropriate Upgrade Version of CallManager | 141 |
Read the Release Notes | 142 |
Obtain Media Well in Advance of Upgrading by Using the Product Upgrade Tool | 143 |
Download Maintenance Releases | 144 |
Run the Upgrade Assistant Utility | 145 |
Performing a CallManager Upgrade Using a Staging Server | 146 |
Schedule an Outage Window | 147 |
Freeze Call Forward All Setting from IP Phones | 148 |
Use a Spare Drive to Remirror | 150 |
Check the Event Log | 151 |
Move the Hard Disk into the Production System in Careful Order | 152 |
Install the Service Release While Observing Precautions | 154 |
Summary | 155 |
Securing the Environment | 157 |
Classes of Voice Security Threats | 159 |
Violation of Integrity | 160 |
Create a Security Policy to Guide Your Efforts | 161 |
Review an Infrastructure Security Feature Checklist | 164 |
Harden Access to Routers and Switches | 165 |
OutofBand Management for CatOSIOS Devices | 167 |
Encrypted Connections for Management Control Traffic | 168 |
Statically Restrict MAC Addresses on a Switch Port Using Port Security | 169 |
Dynamically Restrict Ethernet Port Access with 8021x Ethernet Port Authentication | 170 |
Which Ethernet Ports Require 8021x Authentication? | 172 |
Do All Your Clients Support 8021x? | 173 |
Dont Trust Class of Service Settings from PCs Behind IP Phones | 174 |
DHCP Option 82 Stops Broadcast of DHCP Replies | 175 |
DHCP Snooping Protects Against DHCP Spoofing | 176 |
ARP and GARP Associate Layer 2 and Layer 3 Addresses | 177 |
DAI Blocks Inconsistent GARPs and ARP Replies | 178 |
Lock Down Layer 2 Control Protocols | 179 |
Stop VLAN Membership Policy Service Query Protocol to VLAN Membership Policy Server | 180 |
Stop Bridge Protocol Data Unit SpanningTree Attacks with BPDU Guard | 181 |
Enable STP on Client Ports if They Behave Well | 182 |
Configure VTP Transparent Mode to Disable VLAN Trunking Protocol | 183 |
Change the Default Native VLAN to a Value Other Than VLAN 1 | 184 |
Beware of 8021q Tunneling | 185 |
Beware of Broadcast Storm Control | 186 |
Restrict Access by Filtering Network Traffic | 187 |
VLAN and Port Access Control Lists | 188 |
NetworkBased Application Recognition | 189 |
Simplify ACLs by Smartly Allocating IP Addresses | 190 |
Authenticate Routing Protocol Traffic | 191 |
Authenticate HSRP and VRRP | 192 |
VSPNs Let Voice Traffic Traverse an Untrusted IP Network | 193 |
Harden Access via IP Phones | 194 |
Drop 8021q Frames Received via the PC Port on IP Phones | 196 |
Harden CallManager and Voice Application Servers | 197 |
Updates and Product Patches | 198 |
Use McAfee or NortonSymantec Virus Protection | 200 |
Use CiscoWorks VPNSecurity Management Solution to Manage Your Cisco Security Agent | 201 |
Secure Remote Administration of CallManager | 202 |
Use IPSec VPN to Reach an IPBased KVM Switch | 203 |
Turn off IIS on Subscribers | 204 |
Secure Endpoint Provisioning | 207 |
Endpoint Image Authentication | 208 |
Generate Unique PublicPrivate Key Pairs in Phones | 209 |
Phones with Manufacturing Installed Certificates | 210 |
Establish a CTL File | 212 |
Get a CTL into Phones | 214 |
Secure Endpoint Operation | 215 |
Encrypt RTF Media Streams via Secure RTF | 216 |
SRTP Behavior with Call Features | 218 |
Secure Interserver Communication for MGCP SIP H323 and Java Telephony API Signaling via IPSec | 219 |
Implementation Considerations | 220 |
Summary | 221 |
Configuring Call Manager and IP Telephony Components | 225 |
Read the Documentation Recommended Reading List | 226 |
Use IP Addresses Instead of Server Host Names | 227 |
Leave the Default CallManager Name as Is | 228 |
Name CallManager Redundancy Groups Descriptively | 229 |
Use Standard Usernames | 230 |
Use Device Pools to Configure Common Parameters and BulkReset Devices | 231 |
Enable Dependency Records | 232 |
Reduce the Interdigit Timeout Default Value | 233 |
Teach Users How to Use IP Phones | 234 |
Teach Users to Use the Cisco CallManager User Options Web Page | 235 |
Download the Cisco IP Phone Services SDK to Deploy Free Services on Your Phones | 236 |
Write Your Own Custom Phone Services | 237 |
Configure Private Line Automatic Ringdown for Emergency Access | 238 |
Use Abbreviated Dialing to Provide More Speed Dials for Users | 241 |
Gateway Best Practices | 242 |
Do Not Include Other Gateways in Gateway Calling Search Spaces | 243 |
Dial Plan Best Practices | 244 |
Implement Class of Service Restrictions by Ordering Your Partitions in Calling Search Spaces | 246 |
Use WellNamed Partitions and Calling Search Spaces to Effectively Segment the Dial Plan | 247 |
Create a Partition for Globally Blocked Numbers and Create Specific Partitions for Exceptions to the Globally Blocked Numbers | 248 |
Use the 9 Route Pattern with Great Care | 249 |
Use LineBased Calling Search Spaces in Addition to PhoneBased Calling Search Spaces with Caveats | 250 |
Accommodate Extension Mobility in the Dial Plan | 255 |
Deploy Video as Needed | 267 |
Force Automatic Logout When a User Logs in to Another Phone | 268 |
Implementing Intercom Using PLAR Extensions | 269 |
Implementing Intercom Using Speed Dial Buttons | 271 |
Implementing Group Intercom Using the Speed Dial Await Further Digits Service Parameter | 272 |
Changing Outbound Caller ID to the Main Number | 273 |
Enabling Outbound Caller ID for Extensions Connected to Different Exchanges | 274 |
Blocking Outbound Caller ID on a PerCall Basis | 275 |
Configure System and Group Speed Dials | 276 |
Get More Lines for Fewer Buttons | 277 |
Check the Busy Trigger | 278 |
Understand Call Stacking the Behavior of Multiple Calls Per Line the Busy Trigger and No Answer Ring Duration | 279 |
Think of the Buttons on the Phone as LineFeature Buttons | 281 |
Consider Not Using the IPMA Configuration Wizard | 282 |
Save Directory Numbers in Proxy Line Mode by Using a Prefix Character | 283 |
Verify Your Configuration and Physical Connection When Using CMI | 286 |
Tools and Application Best Practices | 287 |
Use the Trace Collection Tool for Convenient Trace Collection | 288 |
Use the Bulk Administration Tool | 289 |
Use Standard Calling Party Names | 290 |
Use a Barcode Scanner with Keyboard Input | 291 |
Run a Query in BAT to Generate a List of Unassigned DNs | 292 |
Use Cisco IP Communicator as the Preferred SoftwareBased Phone Model Unless Collaboration Is Needed | 293 |
Use G729 for Best Audio Quality in a LimitedBandwidth Environment | 294 |
Attendant Console Best Practices | 295 |
Provide Personalized Call Distribution via Cisco Personal Assistant with or Without Speech Recognition | 296 |
Managing Services and Parameters | 299 |
About Services | 301 |
Changing or Displaying the Status of Services | 313 |
Restarting Services | 314 |
Document the System Before Making Changes and Limit the Number of Changes Made at One Time | 315 |
Distinguishing Clusterwide Parameters | 316 |
Beware of Enterprise Parameters That Require a Restart of All Devices | 317 |
Cisco Call Manager Service and Related Parameters | 318 |
Customize Data for CCM Traces and Cisco Dialed Number Analyzer | 319 |
Locations Trace Details Enabled | 320 |
Parameters You Should Ignore | 321 |
Forward Maximum Hop Count | 322 |
Check the Display Text for Translated Parameters | 323 |
If Secondary Lines Are Shared Use the Primary Line for Voice Mail Access | 324 |
Enable Distinctive Rings for OnNet and OffNet Calls | 326 |
Enable FastStart with Centralized Call Processing | 327 |
Prevent Hold Music from Streaming to a Conference | 328 |
Choose a Dial Tone | 329 |
Cisco Messaging Interface Service and Related Parameters | 331 |
Do Not Configure CMI Parameters if You Use Cisco Unity or Integrate Legacy Voice Mail Using SMDI on a Cisco VG248 | 332 |
Specify a CallManager Name and a Backup CallManager Name | 333 |
Cisco CTIManager Service | 334 |
Cisco Telephony Call Dispatcher Service | 335 |
Cisco MOH Audio Translator Service and Related Parameter | 336 |
IncreaseDecrease the MOH Volume | 337 |
Leave the Data Collection Enabled Parameter at the Default Setting to Collect Systemwide Statistics | 338 |
Cisco CDR Insert Service | 339 |
Cisco Extended Functions Service and a Related Parameter | 340 |
Change the Call Back Sound Using the Audio File Name Parameter if Desired | 341 |
Cisco IP Manager Assistant Service | 342 |
Enforce a Maximum Login Time for Extension Mobility | 343 |
Configure Extension Mobility So That Phones Remember the Last User Logged In | 344 |
Let Users Customize Ring Tones | 345 |
Choose Your Locale | 346 |
Using Multilevel Administration | 349 |
Changes from the Previous Release | 353 |
Integrated Database | 354 |
Enable MLA for Added Security | 355 |
Monitor the Access Log for Malicious Login Attempts | 356 |
Create UserSpecific Accounts | 357 |
Create Custom User Groups | 358 |
Assign Group Privileges | 359 |
Keep an Eye on Your System | 360 |
Use the IIS Log File to Trace a CCMAdministrator Login to a Machine | 361 |
Get to Know Your Companys Human Resources Managers | 362 |
Always Close the Web Browser | 363 |
Conduct Periodic Security Audits | 364 |
Mastering Directory Integration | 367 |
Directory Access for IP Telephony Endpoints | 369 |
Directory Integration for CallManager | 372 |
Run the Cisco Customer Directory Configuration Plugin | 374 |
Adding CallManager Servers to a Domain | 375 |
Preparing the Directory for Integration | 377 |
Integrating CallManager with the Directory | 383 |
Maintaining the Directory Integration | 388 |
CallManager Upgrades | 390 |
Administering Call Detail Records | 393 |
Use CDR Data for AccountingBilling or Troubleshooting | 394 |
Limit the Number of CDR and CMR Entries | 395 |
Configure CDR Enterprise Parameters | 396 |
Enable Network Time Synchronization on All CallManagers and Update the Configuration File if Needed | 398 |
Understanding the Call Detail Record Format | 399 |
New CDR Fields in CallManager Release 40 | 404 |
Frequently Searched CDR Fields | 409 |
ITU Q850 Cause Codes Table | 410 |
Understanding CDR Data Through Call Examples | 414 |
Establish Baseline Jitter and Latency Characteristics | 415 |
An Example of an Unsuccessful Call | 416 |
Search the CDR SQL Database | 417 |
Export CDR Data for Further Analysis | 418 |
Convert Epoch Time to HumanReadable Time Using the CDR Time Converter Utility | 419 |
Convert a 32Bit Signed Integer Value to an IP Address | 420 |
Using Microsoft Excel Formulas to Convert UTC and IP Addresses | 421 |
Using the CAR Tool | 422 |
Avoid Common Installation Pitfalls | 424 |
Examine Weekly and Monthly Utilization Reports | 425 |
Run Weekly Voice Messaging Utilization Reports to Check for Oversubscription | 426 |
ThirdParty CDR Applications | 428 |
Summary | 430 |
Managing and Monitoring the System | 433 |
Choosing the Best Overall Methodology | 434 |
ToolBased Monitoring | 435 |
Make Monitoring a Daily Process | 436 |
Choose the Right AAA Protocol | 437 |
Configure Authentication to Limit and Track Access | 439 |
TACACS+ Configuration | 440 |
Configure Authorization to Limit Allowable Commands | 442 |
Configure Accounting to Track Issued Commands | 444 |
Using Syslog to Monitor the System | 445 |
Facilities | 446 |
Syslog Message Format | 447 |
Determine the Right Logging Severity | 448 |
Configure IOS Gateways for Syslog | 449 |
Configure a LinuxBased Syslog Server if Your Network Doesnt Have a Server | 451 |
Use the CiscoWorks Syslog Service if Available | 454 |
What to Do When You Dont Control the Syslog Server | 456 |
Use a Syslog Analyzer if You Can | 457 |
Using SNMP Where Possible | 459 |
Choose Complex Community Strings | 460 |
Limit Allowable Hosts | 461 |
Configure Trap Destinations | 462 |
Traps in CISCOCCMMIB | 463 |
CCM Alarm Facility Traps | 465 |
Use Microsoft Performance for RealTime Data If It Fits Your Current Model | 466 |
Check the Call Manager Trace Facility Configuration and Log Files | 467 |
Using Windows Terminal Services | 468 |
Upgrades Are Not Supported via Terminal Services | 469 |
Using VNC | 470 |
Close VNC After Initiating Upgrades | 471 |
Using RealTime Monitoring Tool | 473 |
Changes from Earlier Releases | 474 |
Decide What to Monitor | 475 |
Monitor Trunk Utilization Closely | 476 |
Modify Preconfigured Alerts if Needed | 477 |
Configure Perfmon Counters and Set Alerts | 482 |
Use the Serviceability Reports Archive | 483 |
Create Custom Reports from Raw RISDC Data | 484 |
Alert Log Format | 485 |
Service Log Format | 486 |
Call Log Format | 487 |
Device Log Format | 489 |
Perfmon Log Format | 490 |
Summary | 491 |
Call Manager 40 New Feature Description | 493 |
Multilevel Precedence and Preemption | 494 |
Precedence Calls Between Selected IP Phones in the Same Cluster | 496 |
Annunciator | 497 |
Desktop Video Telephony | 498 |
Cisco VT Advantage | 499 |
Configure CiscoApproved H323 Video Endpoints in CallManager Administration Instead of Using a Gatekeeper | 500 |
Multiple Calls Per Line Appearance | 502 |
Barge Enhancements cBarge | 503 |
Privacy Enhancements Privacy | 504 |
Drop Any Party from Ad Hoc Conference Drop | 505 |
Direct Transfer DirTrfr | 506 |
Conferencing Infrastructure Enhancements | 508 |
Malicious Call Identification MCID | 510 |
Published API Enhancements | 511 |
Logon Services Enhancements | 512 |
Management and Monitoring Enhancements | 513 |
Cisco CallManager Attendant Console Enhancements | 514 |
Other Enhancements and Caveats | 515 |
Glossary | 517 |
| 557 | |
Other editions - View all
Cisco CallManager Best Practices: A Cisco AVVID Solution Salvatore Collora,Anne Smith,Ed Leonhardt Limited preview - 2013 |
Common terms and phrases
Active Directory alert allows applications audio authentication AVVID backup bandwidth best practices button call detail records calling search spaces CallManager Administration CallManager cluster CallManager servers CDR data Chapter Cisco CallManager Cisco IP Phone Cisco IP Telephony Cisco Systems Cisco.com Click configuration connected database Deactivated Deactivated default deployment device pool DHCP dial plan digits directory number documentation enable endpoints Ethernet example extension mobility feature following link functionality gateway hacker implementation installation integration interface IP address IP Phone Services IP Telephony IPMA kbps Layer LDAP log files login MAC address MGCP Microsoft Monitor Music on Hold packets partition password port Protocol provides PSTN route patterns Router RTMT service parameter SNMP softkey specific speed dials SRST Step Subscriber Server switch syslog Table TFTP Tool traffic translation pattern troubleshooting Update upgrade VLAN voice mail Windows