Wednesday, 27 November 2013

Cisco UCS system top level part

Here is a quick little post because I keep forgetting the top level part for a Cisco UCS system and it always takes me a little while to find it, so I'm putting it here so there is easy access to it for next time I need it.

So without further ado...

N20-Z0001

Enjoy!

Monday, 4 November 2013

Unified Attendant Console Receptionists at Multliple Sites

Something I was looking into as part of some recent work I was doing is the ability to have receptionists at multiple sites who can operate together as one team, effectively pooling their resources together so that call volume to a single site doesn't really matter. If there are too many calls coming into one site then receptionists at other sites will see this and can answer the calls as if they were local to that site.

This feature in the Cisco Unified Attendant Console is called remote attendant. And this it is further described in the design guide, see the below link.

Just one thing to be aware of though when considering the remote attendant feature is that there needs to be the ability to transcode across the WAN, I.E. you'll need an ISR at each site with receptionists and some DSP resources in the ISR.

References:
Unified Attendant Consoles Design Guides
http://www.cisco.com/en/US/products/ps7282/products_implementation_design_guides_list.html

Tuesday, 15 October 2013

Webinar: Cisco Wired and Wireless Convergence and Mobility Architecture

Here's a WebEx meeting I found tucked away and thought I'd put it up.

recording links are below, CCO login required:
WebEx recording: http://tools.cisco.com/pecx/login?URL=searchCourse%3FcourseId%3D00052036
PDF: http://tools.cisco.com/pecx/login?URL=searchCourse%3FcourseId%3D00052035
MP4: http://tools.cisco.com/pecx/login?URL=searchCourse%3FcourseId%3D00052037

Webinar: Nexus 7700

Notes from this Webinar

The Fab2 and CB Fab2 are different modules. the Fab2 modules are not interchangeable between the N7k or the N7700. (The CB stand for Crossbow). This is to do with the architecture.

2200 FEX can be used with the N7700:
2248PQ
2232TM-E

NX-OS 6.2 introduces the ability to configure M1, M1-XL, M2, F2e modules in the same VDC
Fabric Path Anycast - multiple active L3 default gateways. L3 ECMP load balancing

Here are the Links to the recording, CCO Login required:
WebEx recording: http://tools.cisco.com/pecx/login?URL=searchCourse%3FcourseId%3D00054194
PDF: http://tools.cisco.com/pecx/login?URL=searchCourse%3FcourseId%3D00054193
MP4: http://tools.cisco.com/pecx/login?URL=searchCourse%3FcourseId%3D00054382

Cisco 3850 Directly Connected APs Only

The 3850 switches are part of the converged access solution by using the embedded controller to terminate CAPWAP tunnels on the switch itself. One note which perhaps is obvious to someone else but wasn't to me is that the AP must be directly connected to the 3850 switch, you cannot have another switch in the way.

I queried this with Cisco and they said it was a software decision not a hardware limitation, so maybe it could change but at this point in time that doesn't look likely. 

While I'm on the subject of 3850s, a new release of code is out which brings the features more in line with the 3750X. Still not exactly there but better:


References:
Cisco Unified Access Technology Overview: Converged Access Whitepaper

Cisco WebEx Meetings Server: Scheduled Audio Meetings

Another quick little note.

Conferencing is a great feature and used pretty much by any company using a UC&C solution. With CUCM you get the ability to do Adhoc and Meet me conferences for up to 128 parties, however what you don't get and what a lot of people ask for, is scheduled audio conferencing, the ability do create invites from Outlook, send it to your parties and then have a conference at that specific time.

Scheduled audio conferencing would be best done using WebEx, it integrates brilliantly and you get all the features of full WebEx meetings, one of which is the scheduling. What if you don't want the full WebEx suite though? If you only have CUWL standard and just want to be able to Schedule audio conferences? Well for that you need WebEx meetings server.

References:
WebEx Meetings Server ordering Guide:
http://www.cisco.com/en/US/partner/prod/collateral/ps10352/ps10362/ps12732/ordering_guide_c07-719906.html

Cisco Wireless Bits Worth Knowing: Beamforming

Here are a few wireless Tidbits I want to get down so I remember them later:

Beamforming:
Beamforming creates a stronger signal for downstream clients by noticing the client and adjusting the transmitter timing so that the signal appears stronger to the client. This is also known as Cisco clientlink. Clientlink 1.0 is used for abg devices, clientlink 2.0 is for 802.11n devices using 1,2 or 3 spatial streams.

This feature was configurable in pre 7.2 releases of code but from 7.2 onwards it is on by defualt and cannot be disabled as there would be no advantage to doing so.

Clientlink is a Cisco standard, there is an 802.11n enhanced beamforming specification but it is not as mature and feature rich:
This table is taken from the Cisco 166/2600/3600 deployment guide, link below.


References:
1600/2600/3600 deployment guide:
http://www.cisco.com/en/US/docs/wireless/technology/apdeploy/7.5/Cisco_Aironet75.pdf


CCX Encrypted Calls

Just a quick note here.

A requirement came up recently to encrypt the calls stored recording on the CCX server. This is currently not something which is supported by Cisco, however there is a work around if you are brave:


Juniper WLC2 / MXR2 & WLC8 / MX8 different revisions and MSS

Here is an issue I bumped into whilst working on Juniper WLAN implementations. The scenario is that a customer has multiple Juniper WLC2 Wireless LAN Controllers, many of which they purchased before Juniper acquired Trapeze networks. This means they are actually MXR2s and some were quite old.

Now the WLC has now been called EOL (as of 4th October 2013) so it is not the best platform for use going forward, however at the time it was still a current product, and in honesty how many customers do you know who throw away hardware as soon as it's called EOL? Not many that I know, hardware is sweated until the end of support date gets too close for comfort and then the upgrade happens.

Back to the story, the newest Juniper APs, such like the WLA322 require a minimum of MSS 7.7 to work. The WLC2 technically supports MSS up to version 9.0, however the gotcha here, which is stated in the release notes, is that the Hardware revision must be at least "revision P". Here is the note from Juniper:

Warning: This release of MSS no longer supports older MXR-2, MX-8, and MX-8R WLAN controller platforms
that were initially built with 32MB of flash. Newer models support 128MB or 256MB. The best method for
determining if your controller can support MSS 7.7 is by checking the revision label on the unit:

  • Models MX-8 and MX-8R controller - Revision "P" and above
  • Model MXR-2 controller - Revision "N" and above
  • All Juniper-branded equivalents will support MSS 7.7.
Please note this appliease to the WLC8 /  MX8, as above.

There is a free upgrade program with Juniper, as long as your device has a valid support contract, whereby you can RMA your older revision with Juniper and they will send you a newer version, however this is an RMA so can take a good amount of time, be aware.

To help myself I've put together a quick table showing WLA, WLC and the various MSS version supported:

7.0 7.1 7.3 7.5 7.6 7.7 8.0 9.0
Access Points
WLA632 N N Y* Y Y Y Y Y
WLA532E N N N N N N Y Y
WLA532 N N N N Y Y Y Y
WLA522 N N Y Y Y Y Y Y
WLA322 N N N N N Y* Y Y
WLA321 N N N N N Y* Y Y
MP-432 Y Y Y Y Y Y Y Y
MP-422B Y Y Y Y Y Y Y Y
MP-371 Y Y Y Y Y Y N N
MP-372 Y Y Y Y Y Y N N
MP-352 N N N N N N N N
MP-341 N N N N N N N N
MP-262 N N N N N N N N
MP-252 N N N N N N N N
MP-241 N N N N N N N N
MP-82 Y Y Y Y Y Y Y Y
MP-71 Y Y Y Y Y Y N N


7.07.17.37.57.67.78.09.0
WLC
vWLC N N N N N N N Y
WLC2800R Y Y Y Y Y Y Y Y
WLC880R N N N Y Y Y Y Y
WLC800R N N Y Y Y Y Y Y
WLC200 N N Y Y Y Y Y Y
WLC100 N N N N N N N Y
WLC8 N N Y* Y Y Y Y Y
WLC2 N N Y* Y Y Y Y Y
MX8R Y Y Y Y Y Y* Y* Y*
MXR2 Y Y Y Y Y Y* Y* Y*

The Stars here show where minimum software versions or hardware revisions are required. Check the release notes for full details.

References:
Juniper MSS 7.7.4.4 release Notes:

http://www.juniper.net/techpubs/en_US/release-independent/wireless/information-products/topic-collections/wireless-lan/software/7.7/mss-rn-77-mr4.pdf

CUCM Business Edition, More Scalable than you might think...

So an interesting question came up recently which I've always assumed the answer to be true, but I've never checked it, until now.

CUCM Business Edition 6000 (CUCMBE6K) is a low (ish) end UC&C solution from Cisco. The call processing element scales up to 1000 users and 2500 devices. But what do you do if you purchased and run CUCMBE6K, and need to expand to over 1000 users?

Well, Business Edition 6K is capped at 1000 users, and as I understand there is nothing you can do about that, but the licenses you have are essentially just CUWL standard, and I assume you are running this on a virtualised server? Even better if you purchased one of the BE6K hardware bundles. So you can migrate the CUWL business edition licenses to CUWL standard (because they are the same), which is a process with the GLO team at Cisco, and this entitles you to download the full version of CUCM. You can therefore just install the full blown CUCM, add your new CUWL standard licenses and scale up to your hearts delight, No more 1000 user cap.

Granted there will be some work here, you'll need to be reasonably savy with CUCM, or just utilise your integrator who sold you the solution in the first place. The other thing is if you purchased a CUCMBE6K hardware bundle you'll need to buy a copy of VMware vSphere (the version with the bundle is cut down for BE6K). But these things are still minimal compared to a whole new system.

I think this is a real unsung scalability feature, its such a minimal cost for such a flexible, scalable solution.

Thursday, 25 July 2013

Juniper Dynamic VPN and Pulse

There are couple of different types of VPN which can be configured with Juniper products. The MAG and SA products configure SSL VPNs and there are different ways of doing this but this quick post is just to mention Dynamic VPN using the SRX.

Dynamic VPN is an IPSec type VPN but it's not a site-to-site VPN it is a remote access VPN for endpoints. The client used is still Pulse.

The below document is a great reference for Dynamic VPN and Junos Pulse.

References:
[Dynamic VPN] Using Junos Pulse to connect Dynamic VPN client to SRX

Tuesday, 23 July 2013

Webinar: C Series-UCSM Integration of C-Series Servers

Another Webinar to keep, this one about the Integration between C-Series servers and UCSM. I haven't seen it yet but here is the link to download the recording, Cisco CCO Login required:
WebEx recording: http://tools.cisco.com/pecx/login?URL=searchCourse%3FcourseId%3D00054025

Thursday, 18 July 2013

Cisco StackPower Budgets and Info

So Cisco StackPower is a way of distributing power across a stack of C3750X and C3850 switches. The idea is that instead of each switch having multiple redundant PSUs you just need a couple and should a single PSU fail in the stack, if the switch wouldn't have enough power to maintain full operation it can draw unused power from other switches in the stack which have excess power.

Pretty cool but one thing to be aware of is each switches power budget. So although the datasheet for each switch states the power consumption of a switch this is not the amount a switch requires for operation and this is the power budget. For example C3750X-24 switches state that the power consumption at 100% load is 93.5W. You would then assume that a 350W power supply would be able to power 3 of these switches. This is not the case. A C3750X-24 switch actually has a power budget requirement of 190W, meaning you cannot power 2 switches with a single 350W power supply.

Stack power switch power budgets and further information can be found at the below reference:

References and Resources:

Cisco Stack Power White Paper
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps6406/white_paper_c11-578931.html

Cisco Flexconnect (Previously HREAP)

Cisco Flexconnect (which was previously known as HREAP) is a technology which allows access points (APs) to be deployed remotely from the controller but allow for distributed switching of local packets, which saves some traffic from being sent back down the CAPWAP tunnel, and over the WAN, back to the controller only to be sent back again to the AP to be switched. When using Flexconnect mode the AP actually terminates the CAPWAP tunnel rather than the WLC.

The opposite of Flexconnect is called local mode. And just to be confusing in Flexconnect mode the traffic is "locally switched", local to the AP. Where as in Local mode the traffic is centrally switched, centrally on the WLC.

In local mode there are 2 CAPWAP tunnels between the AP and WLC, one for data and one for management. In Flexconnect mode there is just one, for management, the data CAPWAP tunnel is terminated on the AP.

Flexconnect is supported on a number of different controllers, currently just the CUWN controllers (2500, 4400 [EOS] 5508, 7500, 8500). The unified access controllers (5760 Catalyst 3850) will get an upgrade at some point but do not currently support it and there is no date set. This is true as per 18/07/2013.

Flexconnect is the same regardless of the WLC, the 5508 implementation is the same as the 7500 implementation. A note on this is that the 7500 controller only supports Flexconnect mode, not local mode.

Guest networks function with the Flexconnect feature, the CAPWAP tunnel is terminated at the AP for corporate traffic that can be switched at the AP but guest traffic is tunnelled back to the controller and then onwards to the guest anchor controller as normal. See the reference link below regarding Flexconnect and auto anchor. This image, taken from that link, illustrates this well:

Auto-Anchor_and_FlexConnect_v0.01.jpg

There are a number of limitations to Flexconnect, which I've listed below, which stops it replacing Local mode completely:


  • L3 roaming is not possible with HREAP APs using locally switched WLAN.
  • L2 roaming between two WLC(inter-controller) using locally switched WLAN with same mobility works only from 7.2.103.0.
  • Data DTLS is unsupported for locally switched WLAN.
  • Interface group is not supported however we can use AAA override.
  • Mediastream feature won't work.
  • Bandwidth contracts won't work for local switching.
  • WGB can't connect to HREAP AP. (it may connect & work with central but doesn't work with local switching)
  • All edge switches connecting to AP needs to be trunked to the core.
  • HREAP AP doesn't join Multicast group. however it bridges the multicast packet to unicast for centrally switched WLAN.
  • DHCP proxy by WLC is not possible. so we're exposing the DHCP server IP.
  • ACLs needs to be configured & managed per AP for locally switched traffic or configure at your switch.
  • CPU & interface ACL are NA for locally switched WLAN.
  • RLDP may not work.
  • AP group won't work for locally switched WLAN.
  • Locally switched WLANs may optionally carry 802.1Q tagging to allow such WLANs to be segmented over the wired network at the Ethernet port of the access point.
  • NAC out-of-band integration is supported only on WLANs configured for H REAP central switching. It is not supported for use on WLANs configured for H REAP local switching.
  • External Web Authentication is not supported on local switching


References and Resources:
Flexconnect Feature Matrix
http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080b3690b.shtml

Flexconnect and AutoAnchor (Cisco Support Community)
https://supportforums.cisco.com/docs/DOC-24096

Local Mode vs Flexconnect (Cisco Learning Network)
https://learningnetwork.cisco.com/thread/51502

Thursday, 11 July 2013

Cisco FabricPath - As I Understand It

Cisco FabricPath is a Layer 2 fabric technology, used between the access and aggregation in the data center, which is an alternative to using spanning tree or layer 2 "pods" separated by layer 3 boundaries. This image taken from the Cisco FabricPath whitepaper illustrates this well:


Data centers are different to many enterprise campuses in that they need to extend layer 2 connectivity across large portions of the data center, often to take advantage technologies such as moving virtual machines around the data center.

Without going too far under the hood and staying very conceptual at this stage FabricPath uses a control protocol on top of IS-IS to delivery scalable L2 connectivity without blocking links.

Instead of the classic "data center triangle" using vPC and 2 connections to each pods aggregation switch FabricPath has a single connection to each aggregation switch. Using the example above the bandwidth is the same (40Gbps) but aggregation switch failure only reduces this by 25% rather than 50%.

FabricPath uses ECMP (Equal Cost MultiPath) so that all  links are forwarding and the ports in a port channel is 16 and ECMP v1 supports 16 way ECMP, making the fabrics potential 2.56Tbps (16 ports x 16 way x 10Gbps = 2560Gbps) as illustrated in the next diagram, again taken from the Cisco FabricPath white paper:

 Some benefits of FabricPath include:

  • Simpler configuration
  • Scalable layer 2 connectivity
  • Higher Bandwidth
  • Better availability in failure scenarios
Resources:
This information was mainly taken from the Cisco FabricPath whitepaper but trimmed and reworded for my own reference:
Cisco FabricPath Whitepaper

Tuesday, 9 July 2013

Cisco Guest Anchor WLC + Licensing

When deploying guest services in a Cisco WLAN you need to have an anchor WLC controller, which is located in the DMZ, which terminates the Ethernet over IP tunnels (EoIP) coming from the other campus controller, the foreign controller. EoIP is used in order to keep the guest traffic separate from the other enterprise traffic.

This image is taken from the Cisco Mobility design guide, link below, and illustrates the anchor controller functionality.


There is no additional licensing required to implement anchor controllers and no AP licenses are required, in fact you should purchased the appropriate controller with the least amount of AP licenses. This is because APs do not register to the anchor controller but rather to the foreign controller (the main WLC for the enterprise).

References:
Enterprise Mobility Design - Wireless Guest Access Services:

Cisco WLC HA Deployment modes & AP SSO

There are 2 (that I know of) ways to deploy Cisco WLANs with regards to High Availability (HA):
N+1
1:1
Hybrid

One quick note before I start is that the SSO here is AP SSO not Client SSO, so a voice call would still be dropped. There is sub second failover but the client is required to reinitialise. Client SSO should be coming in version 7.5 of code.

N+1
As described in my previous post about N+1 HA this deployment models allows a dedicated HA WLC to be installed with the purpose of backing up an environment. An example would be a single primary controller with all APs connected to it with a HA controller, located physically somewhere else, running with the sole purpose of picking up in the event of a primary WLC failure.

An important consideration with this model is that there is no AP SSO (Stateful Switch Over) meaning there is approximately a 45 second period of delay while the APs connect to the HA controller after the primary has failed.

It's worth noting here that if you want to use the HA controller (for example AIR-CT5760-HA-K9) you need to run code 7.4 or later. Code pre 7.4 requires the HA controller to have access point licenses to operate as a secondary or tertiary controller.

The HA controller picks up licenses from a failed primary controller. So whether there is a single primary controller or multiple primaries for different groups of APs the HA controller can back up a number of different WLC. Further to this point the HA controller can pick up APs from multiple failed primary controllers. A 5508 HA has a wireless AP capacity of the device maximum, which is 500. So if there are 2 primary 5508 controllers, each with 250 APs, if one fails the 250 APs will fail over to the HA controller, then should the other primary controller fail those access points can fail over to the HA controller as well to the maximum of 500. See the HA Q&A for details.

Previous post:
http://twhittle1.blogspot.co.uk/2013/05/cisco-wireless-n1-ha.html

1:1
1:1 HA redundancy describes 2 controllers, one as the active and one as the standby. These controllers are physically located next to each other because there is a redundancy port on each controller which must have a physical cable between them. The reason for this connection is in order to achieve the AP SSO there must be a very small latency when noticing the failed primary controller. Even though theoretically it is possible to have AP SSO work when the controllers are layer 2 adjacent, the only Cisco supported configuration is with a direct link in between the two controllers.

When using 1:1 HA the APs will see this as a single controller, in fact the APs will not notice a controller failing this is how the AP SSO is achieved.

Hybrid
The Hybrid method is a best of both worlds implementation because you have a primary controller with the hot standby physically connected and located together, as well as other controllers, secondary or tertiary in remote, geographically separate, locations so that should the HQ with primary WLC go down there are other controllers in different locations ready to step up.

Another way of implementing a hybrid deployment would be to have 2 sets of 2 WLC in geographically separate locations. In one location there is a primary with a hot standby and in the other a secondary controller with a hot standby. This way a single controller can fail in each location and retain the AP SSO. However is a whole site goes down and the primary has to fail over to the secondary then AP SSO will not be retained, failing over between primary and secondary controllers will always introduce downtime.

References:
High Availability (AP SSO) Deployment Guide:
http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bd3504.shtml

High Availability Q&A:
http://www.cisco.com/en/US/prod/collateral/wireless/ps6302/ps8322/ps10315/qa_c67-714540_ps2706_Products_Q_and_A_Item.html

Cisco Voice Gateways with MS Lync

Cisco voice gateways can be used in a MS Lync environment. If local breakout to the PSTN is required then some kind of voice gateway is needed.

Cisco and Microsoft have an established history of cooperating across technologies to provide customers with innovative business solutions. From Cisco's standpoint we support voice gateways connected to anything that complies with the standards, including MS Lync. From MS's standpoint, I believe they do certification tests with vendors' equipment before they say they support it. 

As far as I know, deploying Cisco ISR G2 in integration with Microsoft Lync has no issues except for a couple of caveat which is Cisco does not support Microsoft proprietary codecs (ie RTAudio and RTVideo).

The below document is a good reference for an ISR voice gateway terminating a SIP trunk in a Lync enironment:
http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns728/ns833/1197443.pdf

Just an update to the above post, I've since found that there are companies, such as Sonus, who build Lync SBAs which are affectively SRST boxes which also have the voice gateway features, you specify the interfaces and they can build the device, I believe it's just a server with the appropriate cards, but this is certainly something worth bearing in mind.

Cisco Prime and IP Phones

Within Cisco Prime Infrastructure IP phones are not counted with regards to licensing. This is because Cisco Prime Infrastructure does not manage IP phones. Here is a link which details the devices which can be managed with Prime Infrastructure: http://www.cisco.com/en/US/products/ps12239/products_device_support_tables_list.html.

I am told there is a limited amount of management which can be done to IP phones within Prime infrastructure if you know what you are doing but for a comprehensive UC management solution see below:

In order to manage IP phones, you will need to have Cisco Prime Collaboration, which does count the IP phones for licenses. For more information regarding Prime Collaboration licensing, please refer to http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps6491/ps12363/guide_c07-728239.html.


Cisco MSE and 3rd Party APs

Just a quick post...


At this time the MSE is compatible with only Cisco Access Points for wIPS and location tracking in addition to other key functions such as ClearAir which are specific to the Cisco APs. 

Cisco does have the Ability to manage 3rd party APs with the MSE’s management front end under Prime Infrastructure, however the advanced features are specific to the Unified Cisco Wireless Solution.

Thursday, 20 June 2013

ISDN Q.931 = QSIG

So here's something I didn't know... ISDN Q.931 signalling is often abbreviated as QSIG.

Sufficise to say if you need an interface on an ISRG2 to connect to an ISDN circuit or another device using Q.931 signalling then this is the kind of card you need: VWIC3-1MFT-T1/E1
 There is no information on the datasheet that I can see but here is a support forums reference:

Monday, 17 June 2013

A quick post on SIP trunking


SIP trunks are not the circuits themselves. a SIP trunk is the voice channels being delivered over an IP circuit rather than something else like ISDN.

The physical media the SIP trunk is delivered on can vary and is normally specified by the SP, it could be Ethernet, ADSL, a leased line of some kind, or perhaps delivered into an MPLS cloud and then onwards from there.

SIP trunks need to be terminated by a SBC for example Cisco CUBE.

That'll do for now. I'll add later if I find out more.

Here's a link to my previous post:
http://twhittle1.blogspot.co.uk/2013/04/cisco-cube-and-sip-trunks.html?view=mosaic

Monday, 3 June 2013

Cisco UC on UCS

So the way things are going Cisco is looking to have all UC applications on UCS servers rather than the existing MCS boxes. This is not new and makes complete sense, it's just a little more complex to size.

I've previously written about BE6K (which is fantastic!):
http://twhittle1.blogspot.co.uk/2013/05/cucmbe6k-ucs-bundle.html

However what do you do if you need something bigger? The answer is Cisco TRC - Trusted Reference Configurations.

Here is the link which details what the TRCs actually are, including a Bill of Materials (BoM):
http://docwiki.cisco.com/wiki/UC_Virtualization_Supported_Hardware#UC_on_UCS_Tested_Reference_Configurations
http://docwiki.cisco.com/wiki/UC_Virtualization_Supported_Hardware

And how do you know if your application is supported on these TRCs? Well use these links:
http://docwiki.cisco.com/wiki/Unified_Communications_in_a_Virtualized_Environment
http://docwiki.cisco.com/wiki/Unified_Communications_Virtualization_Supported_Applications
They have the same information on them, I've just included them both for reference.

And how many applications will be supported on your TRC hardware? Well this information can be found here:
http://docwiki.cisco.com/wiki/Unified_Communications_Virtualization_Downloads_(including_OVA/OVF_Templates)

For example, the OVA Capacity for CUCM 7,500 users requires (2) vCPU (vCPU is equal to core on the processor) and it will use 12gig of RAM, (6 being used and 6 as a reserve), and 110Gb of hard drive space.

Looking at TRC 1 it includes (2) quad core processor, 64Gb RAM, and more than 2Tb of hard Drive.

Taking the given System requirements for CUCM 9.0 for 7500 users, that leaves us 6Core, 52Gb of RAM, and at least 2Tb of hard drive on the UCS Server, this could then be used for other UC Applications.

Brilliant!

Other Links:
Datasheet:
http://www.cisco.com/en/US/prod/collateral/voicesw/ps6790/ps5748/ps378/solution_overview_c22-597556.html

Monday, 20 May 2013

CUCMBE6K UCS Bundle

So, CUCM business edition 6000 is great! It's reasonably simple and easy to quote, so any UC opportunities for sub 1000 should always be BE6K.

There are 2 main elements, the licensing and the hardware, I'll ignore the phone here because you can add them on later depending on the customer environment.

BE6K Licensing Top level Part - R-CBE6K-K9
BE6K UCS Bundle Top level part - BE6K-ST-BDL-K9=

Within the licensing you select the licensing type. UCL or UWL. UWL is usually often preferred due to the included features for the price, see my previous post:
http://twhittle1.blogspot.co.uk/2013/04/webex-audio-entitlement-with-cuwl-pro.html?view=mosaic

One note on the licensing is that the version of UWL which can be selected is Business edition UWL. Despite having a different name it is functionally the same as Standard UWL, and can be upgraded in the same way as standard to Pro if needed. Professional cannot be purchased from the BE6K top level part.

With the hardware you only need to select the power cable (although consider an extra PSU), the bundle includes all the hardware you need, and specifically it includes all the hardware required to run up to 5 UC applications, CUCM, Unity, CUCM in presence mode (for Jabber), Unified Attendant console (on top of an instance of windows server) and CCX. Attendant console needs to be purchased separately and so does CCX licensing but you get the idea, that's a lot of UC application in one place and one package.


here's a link to a later blog entry which I've written which talks more on it's scalability beyond the 1000 user limit:
http://twhittle1.blogspot.co.uk/2013/10/cucm-business-edition-more-scalable.html

Remote access to voicemail using Unity Connection

Remote access to voicemail can be provided in Unity Connection by the users dialling into the voicemail system, from anywhere internal or external, then entering the user extension and pin.

The following user guide shows this interaction from the users point of view:


Databases in Cisco UC applications

An obscure question came up in a piece of work I was doing so I'm recording it here for future reference just in case it comes back. I was trying to find out what were the databases used by UC applications and what formats were they.

CUCM and Unity Connection both have relational databases (using the SQL language) however they are accessed via IBM Informix. CWMS uses oracle 11g and Attendant console uses MS SQL Server 2005 or 2008

Cisco Nexus B22 Fabric Extender

If you are searching for the B22 fabric extended but cannot find a price from Cisco, the reason is because you cannot buy this product from Cisco. It is something that HP OEMs so you will have to go to HP instead.

Datasheet:
http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps10110/ps11975/data_sheet_c78-685265.html

Cisco Wireless N+1 HA

Here is a little scatter shot information about Cisco WLCs in the N+1 HA model:

When using N+1 HA make sure the controllers are running V7.4 or later. Pre 7.4 the N+1 HA model requires a permanent AP count license on the backup controller. With Release 7.4 and later, an HA-SKU secondary controller can be used as the backup controller for multiple primary controllers. The overall goal for the addition of N+1 HA with HA-SKU is to reduce the total cost of ownership (TCO) for geographically separate HA deployments across the WAN link.

Keep in mind that Access Point Stateful Switch Over (AP SSO) functionality is not supported for N+1 HA. The AP Control and Provisioning of Wireless Access Points (CAPWAP) state machine is restarted when the primary controller fails. With Release 7.4, the backup controller for N+1 HA can be an HA-SKU secondary controller. AIR-CT5760-HA-K9 is the HA SKU for the new Cisco 5760 WLC, for example.

an HA WLC, with a different user count to the main controllers, can be used as the HA controller. For example 2 x WISM2 each with 750 AP licenses can be backed up by a WLC5670 which could only support 1000 APs.

The new 5760 WLC does support N+1 High Availability. If interworking with AireOS controllers in the same Mobility group, you will need either a WiSM2 or a CT5508 running 7.3.112.0 release and also in  "Hierarchal Mobility Mode"  to form a Mobility group with IOS-XE based Controllers [3.2.0SE release]. Be aware that in the current release, when AP's fail between dissimilar WLC Operating Systems (AireOS and IOS-XE) the AP's do download a new CAPWAP image and reboot; so this failover is not "sub 45 seconds"  but rather 2~3 minutes depending on download speeds and reboot times of Access Points.  

References:

Cisco Catalyst 3850 Series Switches – Q&A

Cisco Catalyst 3850 Switch Deployment Guide

Cisco Unified Access Technology Overview: Converged Access

Converged Access Mode for the Cisco 5760 WLC and the Catalyst 3850 Switch

Cisco Wireless Software Compatibility Matrix - (Converged Access WLC Compatibility Matrix – Table 6)

Release Notes for Cisco WLC's and Lightweight Access Points

WLC High Availability

N+1 High Availability Deployment Guide

Cisco 5760 WLC Deployment Guide

Release Notes for the Cisco 5760 WLC, IOS XE Release 3.2.x SE


Friday, 26 April 2013

Juniper WLC Licensing + Cluster - Update

So Juniper wireless licensing as I know it has changed! Previous I thought it was the same as Cisco where you had to have enough licenses per controller to handle all APs should a single controller fail but this is no longer the case.

The way that AP licensing now works on Juniper WLC is that WLC can burst up to double their current installed license count as long as they have installed the HA license: WLCXXX-HA-RTU

Therefore if you have 100 APs, each WLC can have 50APs licensed and the HA license, this allows up to 100 APs in the event of a single AP failure.

One note on this is that you do not require the HA-RTU license in order to cluster Juniper WLCs. The only thing that the HA-RTU license grants you is the ability to burst to double the installed license capacity. Clustering is configurable without it, but each WLC will be limited to the number of AP licenses is currently has installed.

Here is a great description of Juniper WLC Clustering I was given:
A cluster is something you create inside a mobility domain which enhances the reliability and redundancy features in a mobility domain. A mobility domain does provide controller redundancy but an AP needs to reboot in order to find the redundant controller. If you enable A/A clustering it provides stateful peering between controllers therefore the APs do not need to reboot during controller failure. This is a powerful feature specific to Juniper which clients like for ISSU and unplanned outages. A mobility domain supports up to 64 WLCs from which a maximum of 32 can participate in a A/A cluster (currently max size of a cluster is 4096 APs) . Clustering provides the following benefits:
o   Hitless Failover (AP switches to secondary AP manager subsecond)
o   Hitless software failover
o   AP load balancing (automatic balancing of all APs across all clustered WLCs in your mobility domain)
o   Cluster configuration - you define your complete wireless configuration once on the seed

Juniper Clustering is great because of the truly hitless failover, the WLC are configured in a A/A cluster and when controllers are clustered each AP maintains connectivity with it's Primary AP Manager (PAM) and Secondary AP Manager (SAM), the PAM propagates client sessions to the SAM. For voice, once a call is setup, local switching would occur to avoid any issues with latency caused by tromboning traffic via a controller. Data can also be locally switched which is great because you can choose how extensively you want to implement local switching choosing when to use either local or central switching. An AP failure is not even considered as 'system failure’, it is seen as a roaming event. The nearby AP taking over the session will not distinguish between ‘nearby AP failure’ or ‘user approaching AP with better signal strength’.

ISSU works in a similar fashion when running a virtual controller cluster. APs without sessions are targeted first and those with sessions take neighbouring APs into consideration allowing session roaming to neighbours before updating the now session free AP.

Wednesday, 24 April 2013

Webinar: Cisco VIC Advantages

I'm going to start recording all my notes from Webinars which I attend, also with a link to the webinar recording. So here is my first:

Cisco VIC Advantages:

  • VIC cards are managed by CIMC, the VIC it has extra copper pins on the board, so it can be managed via the CIMC without the server being powered on, unlike generic interfaces on other servers which require the server to be powered on and a keystroke hit.
  •   FIP mode (Fibrechannel initialization mode) allows the port to do FCoE
  • VNTAG mode = Adapter FEX mode / NIV Mode
  • VIC firmware can be managed out of band on CMIC. It’s not reliant on the OS, it can be done out of band. Flash is actually on the adapter, 2 locations, 1 for the active and one for the backup firmware.
    • This means firmware can be put on a adapter without affecting the operation, just put a new firmware in the backup flash location then change the firmware over to make it active later on.
    • Firmware is loaded per card, so if there are 2 cards in the UCS server you need to upload the new firmware to each VIC
  • Classical Ethernet mode is IEEE 10Gig Ethernet, it can be used to connect to any vendors 10 Gig switches
  • vNICs can be swapped between the physical uplink ports. For example if a switch on uplink port 1 goes down the vNICs can be swapped over to port 
    • Classic Ethernet mode the failover is manual
    • Adapter FEX can be automatic
  • VICs are only available in Cisco servers, the reason is because there is no option ROM, it can only be configured via CIMC
Recording Links:

E1 ISDN G703 Cisco VIC cards

So this is something which has always confused me, which interface to choose when connecting to a ISDN30 being used for voice and what the difference is. Here is the information I've picked up from researching this:

PRI ISDN is a service which operates on top of an E1 circuit.

VWIC3-1MFT-G703 vs VWIC3-1MFT-T1/E1
The difference here is essentially if you want framed or unframed E1.
Unframed (G.703) allows you to use the full bandwidth of the circuit (2048kbps), this mode is not often given and is more costly.
Framed E1 gives you 1984kbps bandwidth because timeslot 0 is reserved for signalling and sync

The E1 connector is either 2 pairs (RX and TX) on a single RJ48 interface or 2 x BNC coax.

Sources:
http://www.farsite.com/cable_standards/G.703_E1_ANSI_T1.403_T1.shtml

Thursday, 11 April 2013

CUCM UCL License types

The license types available for UCL are the following:

Essential
Basic
Enhanced
Enhanced Plus
Public Space
Telepresence

The different licenses allow different things as shown on this page:
http://www.cisco.com/en/US/prod/collateral/voicesw/ps6882/ps9156/product_solution_overview0900aecd806cc7a4.html

However Just a couple of notes:
Public space licenses are exactly that, for use on public space devices such as conference phones and other public phones. There is no user profile attached to a public space phone, if you need an employee extension on the device you need the enhanced license.
Public Space phones are going away in UCL 9.0 and onwards, to be replaced with enhanced licenses.

Below is a good graphic which shows the licenses for each phone in UCL version 9.0 onwards


Thursday, 4 April 2013

Cisco C3750X vs C3750E Switches

Cisco has, fairly recently, made end of life a number of older 3750 switches end of life. The way forward with the 3X50 series are the C3750X and the C3850 switches and this depends on your exact features required as well as if you want to do unified access (CAPWAP termination on controllers built into access layer switches - and that's another story!). But the reason for my post is to document some of differences between the C3750E (end of life) and C3750X (the recommended replacement). This post focuses on how the C3750E and C3750X are different and similar.

The C3750X is very similar to the C3750E except it is more feature rich. They are both built on the same ASICs and switch fabric and both employ stackwise plus, so you can have stacks consisting of E and X switches. There are, however, a number of features available in the C3750X switches not available in the C3750E:

  • Four optional uplink network modules with GE or 10GE ports
  • PoE+ with 30W power on all ports in 1 rack unit (RU) form factor
  • Dual redundant, modular power supplies and fans
  • Cisco StackPower technology
  • Media Access Control Security (MACsec) hardware-based encryption
  • Flexible NetFlow and switch-to-switch hardware encryption with the Service Module
  • USB Type-A and Type-B ports for storage and console
  • Three software feature sets: LAN Base, IP Base, and IP Services(LAN Base is not available on the 3750E series)
There aren't any features on the E which isn't on the X, the only items which are worth considering are the 10Gigabit Ethernet modules - The C3750E has them built in where as the C3750X requires an additional module, the 10Gigabit interfaces are also different, X2 and SFP+. Lastly the backup is different - The C3750E uses RPS2300 where as the C3750X uses the XPS2200.

As a bonus, as long as the IOS is the same and a 10Gigabit module is installed the configurations should be compatible, I've not tested it but the theory is most definately there.

Wednesday, 3 April 2013

Cat6500 with SUP720-3B NAT performance figures

Here's a little query I had about performance figures for a Cat6500 with the SUP720-3B. The answers and some transcript is below:

Regarding static NAT on the Catalyst 6500 with Sup 720, we do not recommend configuring large numbers of static NAT entries on Supervisor 720 (100-200 entries is a safe ballpark figure, and should be adequate for most deployments).


Since NAT uses the NetFlow TCAM to store its entries, the total number of NAT entries depends on the forwarding engine being used :

Non-XL – 512K (Ingress / Egress)
XL – 512K Ingress, 512K Egress

The non-XL TCAM is shared for both directions, while the XL TCAMs are unique to each direction.

Cisco VMware parts

When buying VMware virtualisation software from Cisco there are 2 options available vSphere and vCenter.

vSphere is the the hypervisor software which enabled virtualisation on a server. Please note this is licensed per CPU.

vCenter is management software used to manage an estate of virtual machines. The licensing is per instance, so purchasing one vCenter license will allow you to manage a number of  virtual machines.

The maximums details for vSphere and vCenter can be found here:

Meetingplace 8.5 Scheduling, Call recording

I've done a previous port about Cisco Meetingplace 8.5 Licensing which lists a couple of different types of servers, here's the link for reference:
http://twhittle1.blogspot.co.uk/2013/04/meetingplace-85-licensing.html

But I've got a number of extra bits of information I want to get down so here is a follow up.

A web scheduling server is used to schedule meetings / calls through outlook or through a web interface. If this functionality is not required and only phone scheduling is needed then the web scheduler server isn't needed. A gotcha here is recordings, despite being a scheduler server it is required for recording meetings. 


With regards to the recordings, the Application (A/V) Server can store up to 1000 hours of audio recording or 160 hours of video recordings, and is limited to 100 simultaneous meetings being recorded.  Also note that each recording will consume an audio port so this will effect overall system capacity.

Cisco Unified MeetingPlace audio and video meeting recordings are initially stored only on the Application Server. Shortly after each recorded meeting ends, the Replication Service copies the meeting recording from the Application Server to the Web Server, where the recording is converted and stored for user playback.

Every day at 2 a.m. (local server time), the system deletes all recordings on the Application Server that are older than 24 hours. To display the available disk space for recordings (/mpx-record directory) on the Application Server, sign in to the CLI and enter df -k.

By default, the Web Server stores all recordings for meetings held on the server on a local disk. You can change the storage configuration to copy these items to an external backup location (such as a shared network drive on a dedicated storage server, a network-attached storage device, or a storage area network).  If the customer will have a large number of recordings, or would like to keep recordings for an extended period of time, using external storage will be needed.

If you want to record calls then the Web Server is practically mandatory. Using CUCM to initiate the recordings is definitely not a recommended option.  First of all, CUCM can initiate call recording but it doesn't "do" the call recording.  You would still need to add a 3rd party recording application.  Also, recording in CUCM pre-9.0 is not done on-demand, it is done via admin config or CTI invocation (MP is not CTI), and would turn on recording for all phones.  This means that all calls would be recorded, so you would have "x" number of copies of that meeting where "x" is the number of meeting attendees.  
Also, regardless of whether or not you have a version of CUCM that supports on-demand recording, there wouldn't be a good way of differentiating the calls that are an MP meeting from just normal calls in the recording database, so it would be difficult to manage and retrieve the recordings.  All calls would just look like a phone call that "phone x" made at this date/time, so you'd have to know which exact calls are an MP meeting.

WebEx audio entitlement with CUWL Pro subscription

If you look at the list of included items within CUWL pro you'll notice that WebEx social and WebEx meetings in in there, the following table is UC Licensing 9.0:



<--- You can see here WebEx listed.














Ignore WebEx Social for the time being because this the old Cisco Quad (social networking for the enterprise) very very good but not the subject of this post.

When you think of WebEx you normally think of a collaborative online meeting environment, which is audio, video, chat, slide show and an interactive white board. But what do you get with CUWL Pro? The quick answer is most of it, the longer answer is below...

First of all there are 2 options for WebEx with CUWL, Hosted (WebEx Meetings) or on-premises (WebEx Meeting Server). The Hosted version gives you a subscription to WebEx Meetings for 1 year (which can be increased to 3 or 5 years). One big note here is you get 1 port for every 10 CUWL users. So if you are deploying 100 CUWL users you will get 10 ports. A port allows 1 user to participate in a WebEx meeting, this can either be hosting a meeting or a participant. Ports don't have a bearing on the number of meetings you can have, so for the 10 port example this could be 1 meeting of 10 or 5 meetings of 2 etc. This service must be activated within 90 days otherwise you risk loosing days of the service.

The Hosted version requires that you have a dedicated server, virtual or otherwise, to install the WebEx Meeting Server software on. You don't have the concept of ports but rather "Meeting Server users" of which you get 1 Meeting Server user per CUWL Pro User, allowing everyone to take part in meetings. This is obviously better but you will have to host and maintain your own WebEx Meeting Server.

One other very important note is the audio minutes. Within the WebEx Meetings (both hosted and on-premise ) functionality you get unlimited VoIP minutes, meaning that all the users can join a WebEx meeting, user their USB headset / computer speakers and participate in the conference. WebEx also has the to dial in on the phone for free however someone has to front the bill for this and Cisco sells you this service in the form of audio minutes. If you do not pay for WebEx audio minutes your participants will only be able to participate using the computer audio. If you want a freephone number and particpants to be able to dial in you must purchase audio minutes, which are sold in minutes per month, here is an example top level part: L-WBX-AUDIO-5K. Audio license subscriptions must run in line with the WebEx data subscription.

References:
Cisco UC Licensing version 9.0
http://www.cisco.com/en/US/prod/collateral/voicesw/ps6882/ps9156/product_solution_overview0900aecd806cc7a4.html

Cisco CUBE and SIP Trunks

SIP trunking is becoming more common place nowadays so here is a little post containing information and some specific references to CUBE - The Cisco Unified Border Element.

First off SIP trunks can be used for a number of different applications but a popular use, and the one I'm describing here, is to replace traditional connectivity to the PSTN. A SIP trunk can be provided by a ITSP (Internet Telephony Service Provider), the ITSP then provides the connection to the PSTN. The primary advantages are cost and scalability, a SIP trunk often connects over Ethernet (Gigabit or Fast Ethernet) and so has a much higher scalability for calls compared to traditional circuits.

The 3 basic components would be
1) The SIP Trunk from the ITSP
2) A Border Element which is essentially a gateway between the IP PBX and the ITSP
3) A PBX, IP or Otherwise

In a Cisco environment element 2 is a router with CUBE licensing on it, often just referred to as a CUBE. A CUBE router requires the relevant UC licenses, such as the UC package license for the ISRG2's, DSPs for translating between calls with different codecs, CUBE licenses and appropriate interface, most commonly Ethernet but check with the ITSP.

CUBE Licenses are cumulative and licensed based on a number of sessions. An example is:
FL-CUBE-25

CUBE is defined as an IPIPGW (i.e. H.323-SIP, SIP-SIP or H.323-H.323 dial-peer connections, using the "voice service voip > allow-connections" CLI). Gatekeeper is defined as the H.323 GK functionality (and "gatekeeper" CLI). Meaning the SIP trunk to Provider network requires a CUBE license.

You do not need a CUBE license for a SIP trunk built directly between CUCM clusters. For example:
|<-----------------------signaling--------------------------------->|
IP Phone----CUCM Cluster 1-----------IP WAN--------------------CUCM Cluster 2-----TDM GW--------External Phone

You do need a SIP trunk license when you use a gateway to terminate the CUCM signalling (and often media as well) and re-generate the signalling to the SIP trunk provider or third party PBX. For example:
|<---signaling--------->|<-----------signaling---------->|
IP Phone-----CUCM Cluster------------------29xxGW-----------------------SIP provider/third party IP PBX-------External Phon



References:
What is SIP Trunking?
http://www.siptrunk.org/whatissiptrunking.php

CUBE FAQ (2011)
https://supportforums.cisco.com/docs/DOC-17964

CUBE v8.8 datasheet
http://www.cisco.com/en/US/prod/collateral/voicesw/ps6790/gatecont/ps5640/product_data_sheet09186a00801da698.html