《对基于 Webex 呼叫本地的 PSTN 进行故障排除.pdf》由会员分享,可在线阅读,更多相关《对基于 Webex 呼叫本地的 PSTN 进行故障排除.pdf(132页珍藏版)》请在三个皮匠报告上搜索。
1、#CiscoLive#CiscoLivePaul GBRKCOL-2812Troubleshooting Webex Calling Premises-based PSTN 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnter your personal notes hereCisco Webex App Questions?Use Cisco Webex App to chat with the speaker after the sessionFind this session in
2、 the Cisco Live Mobile AppClick“Join the Discussion”Install the Webex App or go directly to the Webex spaceEnter messages/questions in the Webex spaceHowWebex spaces will be moderated by the speaker until June 9,2023.12343https:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKCO
3、L-28123#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicAgendaWebex Calling PSTN ArchitectureCUBE SIP RegistrationCall Routing SIP TroubleshootingVoice QualityBRKCOL-28124Webex Calling PSTN Architecture 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#Cisc
4、oLiveWebex Calling PSTN OptionsBRKCOL-28126 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePremises-based PSTN Deployment ModelsSingle Site with and without separate PSTN gatewayCustomer ALocalLocalgatewaygateway(ExistingPSTN GW or CUBE)Webex Calling sends PSTN calls to t
5、he local gatewayLocal gateway routes calls coming from Webex Calling to the PSTN(and vice versa)PSTN gateway may be dedicated or co-resident with the local gatewayInternetWebex endpointsPSTNBRKCOL-28127 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePremises-based PSTN De
6、ployment ModelsSingle Site with UCM IntegrationCustomer siteLocal GWLocal GWWebex endpointsPSTNgatewayUCMLocal gateway routes calls coming from Webex Calling to UCM(and vice versa)PSTN gateway may be dedicated or co-resident with the local gatewayInternetPSTNBRKCOL-28128 2023 Cisco and/or its affili
7、ates.All rights reserved.Cisco Public#CiscoLiveLocal Gateway Connection OptionsSIP/SIP/mTLSmTLSsRTPsRTP/UDP/UDPCustomerFirewall(No NAT)InternetLocal GatewayLocal Gateway(CUBE)(CUBE)SIP/TLSSIP/TLSsRTPsRTP/UDP/UDPCustomerFirewall(NAT allowed)Local GatewayLocal Gateway(CUBE)(CUBE)Public CA-signed Certi
8、ficateRegistration-BasedCertificate-BasedInternetBRKCOL-28129Registration-Based Local Gateway:CUBE SIP Registration 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveInternetCUBE as a local gatewayFirewall and NAT traversalCustomer siteLocal gatewayLocal gateway(CUBE/IOS GW)
9、(CUBE/IOS GW)Webex endpointsPinholes for outboundoutbound traffic(return traffic uses same flow)CustomerfirewallIn most cases,the local gateway and endpoints can sit on the internalinternal customer network using private IP addresses(with NAT and PAT)Firewall needs to allow outboundoutbound traffic(
10、SIP,RTP/UDP,HTTP)to specific IP addresses/ports(see updated Webex Calling port reference guide)BRKCOL-281211 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCUBE as a local gatewayFirewall and NAT traversalhttps:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco
11、Public#CiscoLiveCUBE as a local gatewayFirewall and NAT traversalhttps:/ TCP port 8934 or 5062Permit UDP ports 19560-65535Access to DNSAccess to NTPBRKCOL-281213 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCUBE Configuration Guidehttps:/ 2023 Cisco and/or its affiliate
12、s.All rights reserved.Cisco Public#CiscoLiveCUBE Configurationvoice class tenant 200registrar dns: scheme sips expires 240 refresh-ratio 50 tcp tlscredentials number svs-rtp-dmz-cube8a5913_LGU username svs-rtp-dmz-cube8a2637_LGU password 0 Password123 realm BroadWorksauthentication username svs-rtp-
13、dmz-cube8a2637_LGU password 0 Password123 realm BroadWorksauthentication username svs-rtp-dmz-cube8a2637_LGU password 0 Password123 realm no remote-party-idsip-server dns:connection-reusesrtp-crypto 200session transport tcp tlsurl sipserror-passthruasserted-id paibind control source-interface Gigabi
14、tEthernet1bind media source-interface GigabitEthernet1no pass-thru content custom-sdpsip-profiles 200outbound-proxy dns:ch05.sipconnect-privacy-policy passthruBRKCOL-281215 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveManaged Gateway Config ValidationCalling Managed Gat
15、eways BRKCOL-281216 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveManaged GatewayRequires Gateway Connector be installed on Local GatewayPerforms basic configuration validationNot all configuration is checked today Can miss some misconfiguration such as invalid password(
16、it cannot see what your password is)BRKCOL-281217 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveManaged GatewayRequires Gateway Connector be installed on Local GatewayPerforms basic configuration validationNot all configuration is checked today Can miss some misconfigura
17、tion such as invalid password(it cannot see what your password is)BRKCOL-281218 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCisco PKICUBE Onboarding and RegistrationRegistration-based TrunksProvisioning LayerEdge ServicesPeeringSBCLoadBalancersNetworkFunctionsCustomer
18、SiteLocalGateway(CUBE)Webex Calling EndpointsIP or TDMIP or TDMDownload signed CA root bundle from Cisco PKI1Cisco Trusted Core Root Bundle(Public CA trust anchors)12Provision SIP digest credentials generated by Webex Calling on LGW2TLS connection:LGW validates SBC certificate using CA root bundle4W
19、ebex Calling authenticates LGW registration with SIP digest545CertificateSIP Digest Credentials(offline)Cisco Webex CallingPSTNAccessNetworkPublic DNS3BRKCOL-281219 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCUBE Registration ProcessDNS SRV(outbound proxy)CUBETLS Conn
20、ection EstablishedWebex CallingDNS SRV responseDNSTLS Connection(outbound proxy)TLS Handshake w/CertificateCertificate ValidationSIP REGISTER(registrar address)401 Unauthorized with WWW-Authenticate header SIP REGISTER(registrar address)w/Authorization200 OKBRKCOL-281220 2023 Cisco and/or its affili
21、ates.All rights reserved.Cisco Public#CiscoLiveTroubleshooting DNS Issues dig SRV _sips._tcp.ch05.sipconnect-;ANSWER SECTION:_sips._tcp.ch05.sipconnect-.300 IN SRV 10 50 8934 sipconnect01ac-._sips._tcp.ch05.sipconnect-.300 IN SRV5 50 8934 sipconnect02ac-.dig A sipconnect02ac-;ANSWER SECTION:sipconne
22、ct02ac-.5 INA139.177.65.12 dig A sipconnect01ac-;ANSWER SECTION:sipconnect01ac-.5 INA139.177.64.12BRKCOL-281221 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTroubleshooting DNS IssuesCUBE#show sip-ua statistics|beg SIP GlobalSIP Global Counters:0 x12 ,1155 :5May 27 2022
23、 09:38:00 Jun 02 2022 20:53:59DNS Query failed for query_type:%dBRKCOL-281222 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTroubleshooting DNS IssuesCUBE#debug ip domain*May 31 17:29:22.434:DNS:detail:cdns_get_first_hop:dst 64.102.6.247,intf NULL*May 31 17:29:23.435:DNS
24、:detail:iter_operate:iteratormodule 1 operate:extstate:module_wait_reply event:module_event_noreply*May 31 17:29:23.435:DNS:info:log_nametypeclass:iterator operate:query _sips._.SRV IN*May 31 17:29:23.435:DNS:info:log_nametypeclass:processQueryTargets:_sips._.SRV IN*May 31 17:29:23.435:DNS:info:log_
25、nametypeclass:sending query:_sips._.SRV IN*May 31 17:29:23.435:DNS:detail:log_name_addr:sending to target:64.102.6.247#53*May 31 17:29:23.435:DNS:detail:cdns_get_first_hop:dst 64.102.6.247,intf NULL*May 31 17:29:25.435:DNS:detail:cdns_get_first_hop:dst 64.102.6.247,intf NULL*May 31 17:29:27.436:DNS:
26、detail:iter_operate:iteratormodule 1 operate:extstate:module_wait_reply event:module_event_noreply*May 31 17:29:27.436:DNS:info:log_nametypeclass:iterator operate:query _sips._.SRV IN*May 31 17:29:27.436:DNS:info:log_nametypeclass:processQueryTargets:_sips._.SRV IN*May 31 17:29:27.436:DNS:detail:can
27、_have_last_resort:configured forward servers failed-returning SERVFAIL*May 31 17:29:27.436:DNS:detail:error_response:return error response SERVFAILBRKCOL-281223 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTroubleshooting DNS IssuesCUBE#debug ip domain*May 31 17:27:04.7
28、13:DNS:detail:cdns_get_rr_type:converting name kind 20000 to type 33*May 31 17:27:04.713:DNS:detail:read_forwards:Forward zone server list:*May 31 17:27:04.713:DNS:info:delegpt_log:DelegationPoint:0 names(0 missing),1 addrs(0 result,1 avail)parentNS*May 31 17:27:04.713:DNS:detail:val_operate:validat
29、ormodule 0 operate:extstate:module_state_initial event:module_event_new*May 31 17:27:04.713:DNS:info:log_nametypeclass:validator operate:query _sips._tcp.ch05.sipconnect-.SRV IN*May 31 17:27:04.713:DNS:detail:iter_operate:iteratormodule 1 operate:extstate:module_state_initial event:module_event_pass
30、*May 31 17:27:04.714:DNS:info:log_nametypeclass:resolving _sips._tcp.ch05.sipconnect-.SRV IN*May 31 17:27:04.714:DNS:info:log_nametypeclass:finishing processing for _sips._tcp.ch05.sipconnect-.SRV IN*May 31 17:27:04.714:DNS:detail:val_operate:validatormodule 0 operate:extstate:module_wait_module eve
31、nt:module_event_moddone*May 31 17:27:04.714:DNS:info:log_nametypeclass:validator operate:query _sips._tcp.ch05.sipconnect-.SRV IN*May 31 17:27:04.714:DNS:detail:cdns_new_nametype:new nametype 0 x80007F39A6FE2CE0*May 31 17:27:04.714:DNS:detail:cdns_get_rr_type:converting name kind 4 to type 1*May 31
32、17:27:04.714:DNS:detail:read_forwards:Forward zone server list:*May 31 17:27:04.714:DNS:info:delegpt_log:DelegationPoint:0 names(0 missing),1 addrs(0 result,1 avail)parentNS*May 31 17:27:04.715:DNS:detail:val_operate:validatormodule 0 operate:extstate:module_state_initial event:module_event_new*May
33、31 17:27:04.715:DNS:info:log_nametypeclass:validator operate:query sipconnect02ac-.A IN*May 31 17:27:04.715:DNS:detail:iter_operate:iteratormodule 1 operate:extstate:module_state_initial event:module_event_pass*May 31 17:27:04.715:DNS:info:log_nametypeclass:resolving sipconnect02ac-.A IN*May 31 17:2
34、7:04.715:DNS:info:log_nametypeclass:finishing processing for sipconnect02ac-.A IN*May 31 17:27:04.715:DNS:detail:val_operate:validatormodule 0 operate:extstate:module_wait_module event:module_event_moddone*May 31 17:27:04.715:DNS:info:log_nametypeclass:validator operate:query sipconnect02ac-.A IN*Ma
35、y 31 17:27:04.715:DNS:detail:cdns_new_nametype:new nametype 0 x80007F39AF441638*May 31 17:27:04.715:DNS:detail:cdns_nametype_free:deleting nametype 0 x80007F39AF441638*May 31 17:27:04.715:DNS:detail:cdns_nametype_free:deleting nametype 0 x80007F39A6FE2CE0BRKCOL-281224 2023 Cisco and/or its affiliate
36、s.All rights reserved.Cisco Public#CiscoLiveCheck TCP Session Establishmentsvs-rtp-dmz-cube8a#show tcp brief numericTCB Local Address Foreign Address (state)7F39A6F861A8 64.102.250.135.50993 139.177.65.12.8934ESTABBRKCOL-281225 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoL
37、iveCheck TCP Session Establishment-Failuresvs-rtp-dmz-cube8a#debug ip tcp transactions address 139.177.65.12May 26 13:41:30.135:TCP:Setting Keepalive interval and retries to 60 and 4May 26 13:41:30.135:tcp_uniqueport:using ephemeral max 55000 May 26 13:41:30.139:TCP:Setting Keepalive interval and re
38、tries to 60 and 4May 26 13:41:30.139:tcp_uniqueport:using ephemeral max 55000 May 26 13:41:30.139:Reserved port 20588 in Transport Port Agent for TCP IP type 1May 26 13:41:30.140:TCP0:Connection to 139.177.65.12:8934,advertising MSS 536May 26 13:41:30.140:TCP0:state was CLOSED-SYNSENT 20588-139.177.
39、65.12(8934)May 26 13:41:30.140:Released port 20588 in Transport Port Agent for TCP IP type 1 delay 240000May 26 13:41:30.141:TCP0:state was SYNSENT-CLOSED 20588-139.177.65.12(8934)May 26 13:41:30.141:TCP0:bad seg from 139.177.65.12-closing connection:port 20588 seq 0 ack 19785811 rcvnxt 0 rcvwnd 0 l
40、en 0May 26 13:41:30.141:TCP0:connection closed-remote sent RSTMay 26 13:41:30.141:TCB7F5EFFA41B78 getting property TCP_VRFTABLEID(20)May 26 13:41:30.141:TCB 0 x7F5EFFA41B78 destroyedBRKCOL-281226 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTLS Handshake FailureTLS Hand
41、shake failure will display a Syslog message:Jan 24 08:11:50.364:%SIPSIP-2 2-TLS_HANDSHAKE_FAILED:TLS handshake TLS_HANDSHAKE_FAILED:TLS handshake failure failure-remote_addrremote_addr=139.177.65.12,remote_portremote_port=8934=8934BRKCOL-281227 2023 Cisco and/or its affiliates.All rights reserved.Ci
42、sco Public#CiscoLiveVerify TLS ConnectionCUBE#show sip-ua connections tcp tls detailTotal active connections :1No.of send failures :1No.of remote closures :0No.of conn.failures :0No.of inactive conn.ageouts:0Max.tls send msg queue size of 1,recorded for 139.177.65.12:8934TLS client handshake failure
43、s:0TLS server handshake failures:0-Printing Detailed Connection Report-Note:*Tuples with no matching socket entry-Do clear sip conn t ipv4:to overcome this error condition+Tuples with mismatched address/port entry-Do clear sip conn t ipv4:id to overcome this error condition*Connections with SIP OAut
44、h portsRemote-Agent:139.177.65.12,Connections-Count:1Remote-Port Conn-Id Conn-State WriteQ-Size Local-Address TLS-Version Cipher Curve Tenant=8934 7 Established0 64.102.250.135:50993 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 P-521 0-SIP Transport Layer Listen Sockets-Conn-Id Local-Address Tenant=0 0.0.0.0
45、:5061:06 64.102.250.135:5061:Internet 0BRKCOL-281228 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveLocal Gateway Trustpool UpdateThe default trustpool bundle does not include the“DigiCert Root CA”certificate needed for validating the server-side certificate during TLS co
46、nnection establishment to BroadCloudDownload the latest“Cisco Trusted Core Root Bundle”“Cisco Trusted Core Root Bundle”from http:/ crypto pki trustpool|include DigiCertCUBE#configure terminalEnter configuration commands,one per line.End with CNTL/Z.LocalGateway(config)#crypto pki trustpool import cl
47、ean urlhttp:/ file from http:/ http:/ files import succeeded.LocalGateway(config)#endCUBE#show crypto pki trustpool|include DigiCertcn=DigiCert Global Root CAo=DigiCert Inccn=DigiCert Global Root CAo=DigiCert IncCheckCheckUpdateUpdateVerifyVerifyREFERENCEBRKCOL-281229 2023 Cisco and/or its affiliate
48、s.All rights reserved.Cisco Public#CiscoLiveTLS Connection Setupvoice class tenant 200registrar dns: scheme sips expires 240 refresh-ratio 50 tcp tlscredentials number svs-rtp-dmz-cube8a5913_LGU username svs-rtp-dmz-cube8a2637_LGU password 6 authentication username svs-rtp-dmz-cube8a2637_LGU passwor
49、d 6 realm BroadWorksauthentication username svs-rtp-dmz-cube8a2637_LGU password 6 realm no remote-party-idsip-server dns:connection-reusesrtp-crypto 200session transport tcp tlsurl sipserror-passthruasserted-id paibind control source-interface GigabitEthernet1bind media source-interface GigabitEther
50、net1no pass-thru content custom-sdpsip-profiles 200outbound-proxy dns:ch05.sipconnect-privacy-policy passthrusip-uatransport tcp tls v1.2crypto signaling default trustpoint dummyTp cn-san-validate serverSource IP is based on the bind controlbind control configuration.Source port is ephemeralTLS vers
51、ion and crypto trustpoint and CN/SAN validation is configured under sip-uaNote:The crypto trustpoint is needed for TLS to work even though a local client certificate(i.e.mTLS)is not required for the connection to be setupBRKCOL-281230 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public
52、#CiscoLiveShowing SIP registration statusCUBE#show sip-ua register statusTenant:200-Registrar-Index 1-Line peer expires(sec)reg survival P-Associ-URI=svs-rtp-dmz-cube8a5913_LGU -1 56 nonormalBRKCOL-281231 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTroubleshooting Regi
53、stration IssuesCUBE#debug ccsip messageCUBE#debug ccsip non-call*Jun 2 20:00:55.047:/-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:Sent:REGISTER sip:5061 SIP/2.0Via:SIP/2.0/TLS 64.102.250.135:5061;branch=z9hG4bK37F2657From:;tag=3229010F-153To:Date:Thu,02 Jun 2022 20:00:55 GMTCall-ID:ABBD84C-E03E11EC-8005C
54、535-8219C882User-Agent:Cisco-SIPGateway/IOS-17.8.1aMax-Forwards:70Timestamp:1654200055CSeq:3028 REGISTERContact:Expires:240Supported:pathContent-Length:0BRKCOL-281232 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTroubleshooting Registration Issues*Jun 2 20:00:55.097:/12
55、502/000000000000/SIP/Msg/ccsipDisplayMsg:Received:SIP/2.0 401 UnauthorizedVia:SIP/2.0/TLS 64.102.250.135:5061;branch=z9hG4bK37F2657From:;tag=3229010F-153To:;tag=139749Call-ID:ABBD84C-E03E11EC-8005C535-8219C882CSeq:3028 REGISTERSession-ID:84b3c5760080414f9684277168c26d0b;remote=13a94
56、7af00804b4dba1347ec16e6cc55WWW-Authenticate:DIGESTrealm=BroadWorks,qop=auth,nonce=BroadWorksXl3xh0jboTdvjlnkBW,algorithm=MD5Contact:;expires=120Content-Length:0BRKCOL-281233 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTroubleshooting Registration Issues*Jun 2 20:00:55.
57、098:/-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:Sent:REGISTER sip:5061 SIP/2.0Via:SIP/2.0/TLS 64.102.250.135:5061;branch=z9hG4bK37F32160From:;tag=3229010F-153To:Date:Thu,02 Jun 2022 20:00:55 GMTCall-ID:ABBD84C-E03E11EC-8005C535-8219C882User-Agent:Cisco-SIPGateway/IOS-17.8.1aMax-Forwards:70Timestamp:165
58、4200055CSeq:3029 REGISTERContact:Expires:240Supported:pathAuthorization:Digest username=svs-rtp-dmz-cube8a2637_LGU,realm=BroadWorks,uri=sips:5061,response=3e5fb6c7664832a0de686e9fd9defcf3,nonce=BroadWorksXl3xh0jboTdvjlnkBW,cnonce=59C09EF6,qop=auth,algorithm=MD5,nc=00000001Content-Length:0BRKCOL-2812
59、34 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTroubleshooting Registration Issues*Jun 2 20:00:55.146:/12502/000000000000/SIP/Msg/ccsipDisplayMsg:Received:SIP/2.0 401 UnauthorizedVia:SIP/2.0/TLS 64.102.250.135:5061;branch=z9hG4bK37F32160From:;tag=3229010F-153To:;tag=18
60、7798Call-ID:ABBD84C-E03E11EC-8005C535-8219C882CSeq:3029 REGISTERSession-ID:84b3c5760080414f9684277168c26d0b;remote=13a947af00804b4dba1347ec16e6cc55Content-Length:0BRKCOL-281235 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTroubleshooting Registration Is
61、suesCUBE(config)#voice class tenant 200CUBE(config-class)#$svs-rtp-dmz-cube8a5913_LGU username svs-rtp-dmz-cube8a2637_LGU password 0 NewPassword realm BroadWorksUpdating passwordCUBE(config-class)#authentication username svs-rtp-dmz-cube8a2637_LGU password 0 NewPasswordrealm BroadWorksUpdating usern
62、ame/password for realm BroadWorksCUBE(config-class)#authentication username svs-rtp-dmz-cube8a2637_LGU password 0 NewPasswordrealm Updating username/password for realm svs-rtp-dmz-cube8a(config-class)#endBRKCOL-281236 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTrouble
63、shooting Registration Issues*Jun 2 20:10:55.744:/-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:Sent:REGISTER sip:5061 SIP/2.0Via:SIP/2.0/TLS 64.102.250.135:5061;branch=z9hG4bK37FC26BDFrom:;tag=32322B88-25CDTo:Date:Thu,02 Jun 2022 20:10:55 GMTCall-ID:ABBD84C-E03E11EC-8005C535-8219C882User-Agent:Cisco-SIPGa
64、teway/IOS-17.8.1aMax-Forwards:70Timestamp:1654200655CSeq:3038 REGISTERContact:Expires:240Supported:pathContent-Length:0BRKCOL-281237 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTroubleshooting Registration Issues*Jun 2 20:10:55.793:/12507/000000000000/SIP/Msg/ccsipDisp
65、layMsg:Received:SIP/2.0 401 UnauthorizedVia:SIP/2.0/TLS 64.102.250.135:5061;branch=z9hG4bK37FC26BDFrom:;tag=32322B88-25CDTo:;tag=45460Call-ID:ABBD84C-E03E11EC-8005C535-8219C882CSeq:3038 REGISTERSession-ID:7a89fbce008049b78a69e029c3dcf14d;remote=982680ab00804b63afafa55ec45f8f8bWWW-Au
66、thenticate:DIGESTrealm=BroadWorks,qop=auth,nonce=BroadWorksXl3xgdeu4T9663sfBW,algorithm=MD5Contact:;expires=120Content-Length:0BRKCOL-281238 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTroubleshooting Registration Issues*Jun 2 20:10:55.795:/-1/xxxxxxxxxxxx/SIP/Msg/ccsi
67、pDisplayMsg:Sent:REGISTER sip:5061 SIP/2.0Via:SIP/2.0/TLS 64.102.250.135:5061;branch=z9hG4bK37FD946From:;tag=32322B88-25CDTo:Date:Thu,02 Jun 2022 20:10:55 GMTCall-ID:ABBD84C-E03E11EC-8005C535-8219C882User-Agent:Cisco-SIPGateway/IOS-17.8.1aMax-Forwards:70Timestamp:1654200655CSeq:3039 REGISTERContact:
68、Expires:240Supported:pathAuthorization:Digest username=svs-rtp-dmz-cube8a2637_LGU,realm=BroadWorks,uri=sips:5061,response=84ee9b374977c02315e6c75579a47175,nonce=BroadWorksXl3xgdeu4T9663sfBW,cnonce=D193A761,qop=auth,algorithm=MD5,nc=00000001Content-Length:0BRKCOL-281239 2023 Cisco and/or its affiliat
69、es.All rights reserved.Cisco Public#CiscoLiveTroubleshooting Registration Issues*Jun 2 20:10:55.843:/12507/000000000000/SIP/Msg/ccsipDisplayMsg:Received:SIP/2.0 200 OKVia:SIP/2.0/TLS 64.102.250.135:5061;branch=z9hG4bK37FD946From:;tag=32322B88-25CDTo:;tag=656510Call-ID:ABBD84C-E03E11
70、EC-8005C535-8219C882CSeq:3039 REGISTERSession-ID:7a89fbce008049b78a69e029c3dcf14d;remote=982680ab00804b63afafa55ec45f8f8bAllow-Events:call-info,line-seize,dialog,message-summary,as-feature-event,x-broadworks-hoteling,x-broadworks-call-center-status,conferenceContact:;q=0.5;expires=120Path:;x-bw-nat=
71、64.102.250.135:50993;transport=tlsContent-Length:0BRKCOL-281240 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTroubleshooting Registration Issuessvs-rtp-dmz-cube8a#show sip-ua register statusTenant:200-Registrar-Index 1-Line peer expires(sec)reg survival P-Associ-URI=svs
72、-rtp-dmz-cube8a5913_LGU -1 30 yes normalResponse Error CodeResponse Error CodeResolution Resolution 404 User Not FoundCheck“number”configured under credentials is correct401 UnauthorizedCheck”realm”is configured to“BroadWorks”Check“username”,“password”under credentials is correct403 Authentication F
73、ailureCheck“username”,“password”under credentials is correctBRKCOL-281241Certificate-Based Local Gateway:Troubleshooting Peering 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCisco PKICUBE Onboarding and RegistrationCertificate-Based TrunksProvisioning LayerEdge Services
74、Peering SBCLoadBalancersNetworkFunctionsCustomer SiteLocalGateway(CUBE)Webex Calling EndpointsIP or TDMIP or TDMDownload signed CA root bundle from Cisco PKI*1Cisco Trusted Core Root Bundle(Public CA trust anchors)1Verify Domain in Control Hub/DNS3mTLS connection:LGW validates SBC certificate5Webex
75、Calling verifies LGW certificate matches FQDN and is signed by a known CA656CertificateCisco Webex CallingPSTNAccessNetworkPublic CA4Obtain Public CA-signed Certificate2Public DNS233BRKCOL-281243 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCUBE Configuration Guidehttps
76、:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveConfiguring 3rdParty SBCshttps:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveControl Hub Status for Certificate-Based TrunksCheck Control Hub for status/warnings/errorshttps:/ 2023 Cisco and/
77、or its affiliates.All rights reserved.Cisco Public#CiscoLiveControl Hub Status for Certificate-Based Trunks1.TLS Connection to Local Gateway failed due to DNS resolution failure of the FQDN configured for your gateway2.TLS Connection to Local Gateway failed due to a transport issue3.TLS Connection t
78、o Local Gateway failed as the gateways certificate is signed by an invalid Certificate Authority4.TLS Connection to Local Gateway failed as the gateways certificate has expired5.TLS Connection to Local Gateway failed as the gateways certificate has been issued by an expired Certificate Authority6.TL
79、S Connection to Local Gateway failed as the FQDN configured for your gateway is missing from CN or SAN7.SIP options sent to the Local Gateway received no response8.TLS connection from Local Gateway to Webex Calling failed due to an invalid gateway certificate9.TLS connection from Local Gateway to We
80、bex Calling failed as we were unable to trust the Certificate Authority10.TLS connection from Local Gateway to Webex Calling failed due to expired certificates in the chain11.TLS connection and SIP options from Local Gateway to Webex Calling have failed12.SIP options response from the Local Gateway
81、indicates a Server error or Service Unavailable13.TLS Connection to Local Gateway failed as Local gateways certificate has been revoked14.TLS Connection from Local Gateway to Webex Calling failed as the gateways certificate has been revoked15.TLS Connection from Local Gateway to Webex Calling failed
82、 as the gateways certificate has expired16.TLS Connection from Local Gateway to Webex Calling failed due to a certificate error17.TLS Connection to Local Gateway from Webex Calling failed due to a certificate errorhttps:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCUB
83、E Certificated-Based Peering ProcessDNS A/SRV(session-target)CUBETLS Connection EstablishedWebex CallingDNS response(Webex SBC IP)DNSTLS Connection port 5062(session-target)(x4 peers)TLS Handshake w/CertificateCertificate ValidationTLS Connection port 5061(LGW FQDN)(from x4 peers)TLS Handshake w/Cer
84、tificateCertificate ValidationCertificate ValidationCertificate ValidationTLS Connection EstablishedSIP OPTIONSDNS A/SRV(LGW FQDN)DNS response(LGW IP)BRKCOL-281248 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCheck TCP Session EstablishmentBRKCOL-281249 2023 Cisco and/o
85、r its affiliates.All rights reserved.Cisco Public#CiscoLiveCheck TCP Session Establishmentsvs-rtp-dmz-cube8a#show tcp brief numericTCB Local Address Foreign Address (state)7F6EB38F1DB0 10.81.2.20.5060172.18.106.58.41601 ESTAB7F6E47C940B8 10.81.2.20.5060172.18.106.59.35575 ESTAB7F6EB38C24D8 10.81.2.2
86、0.5060172.18.106.60.44110 ESTAB7F6EB38C12E8 64.102.250.137.5061139.177.65.53.8934ESTAB7F6E47E0BA68 64.102.250.137.5061139.177.64.54.8934ESTAB7F6E47E85BE8 64.102.250.137.5061139.177.64.53.8934ESTAB7F6E47E5BDC8 64.102.250.137.5061139.177.65.54.8934ESTAB7F6E47DE2CB0 64.102.250.137.21819 139.177.65.54.5
87、062ESTAB7F6E48DD75E0 64.102.250.137.11636 139.177.65.53.5062ESTAB7F6E47E7FCB8 64.102.250.137.39113 139.177.64.53.5062ESTAB7F6E47D92AD8 64.102.250.137.48188 139.177.64.54.5062ESTABCUBE to WxCWxC to CUBECUBE to UCMBRKCOL-281250 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiv
88、eCheck TCP Session Establishmentsvs-rtp-dmz-cube9a#deb ip tcp transactions port 5062 TCP special event debugging is on*Nov 21 20:53:14.864:TCP:Setting Keepalive interval and retries to 60 and 4*Nov 21 20:53:14.864:tcp_uniqueport:using ephemeral max 55000*Nov 21 20:53:14.864:Reserved port 54086 in Tr
89、ansport Port Agent for TCP IP type 1*Nov 21 20:53:14.864:TCP:sending SYN,seq 3703836424,ack 0*Nov 21 20:53:14.864:TCP0:Connection to 135.84.175.164:5062,advertising MSS 536*Nov 21 20:53:14.865:TCP0:state was CLOSED-SYNSENT 54086-135.84.175.164(5062)*Nov 21 20:53:14.891:Released port 54086 in Transpo
90、rt Port Agent for TCP IP type 1 delay 240000*Nov 21 20:53:14.891:TCP0:state was SYNSENT-CLOSED 54086-135.84.175.164(5062)*Nov 21 20:53:14.891:TCP0:bad seg from 135.84.175.164-closing connection:port 54086 seq 2075661766 ack 3703836425 rcvnxt 0 rcvwnd 0 len 0*Nov 21 20:53:14.891:TCP0:connection close
91、d-remote sent RST*Nov 21 20:53:14.891:TCB7F6E47D97548 getting property TCP_VRFTABLEID(20)*Nov 21 20:53:14.891:TCB 0 x7F6E47D97548 destroyedBRKCOL-281251 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTLS Handshake FailureTLS Handshake failure will display a Syslog message
92、:Control Hub will show TLS Connection errors on Trunk Configuration(CallingCalling Call Routing Call Routing TrunkTrunk Trunk InfoTrunk Info)Nov 22 21:45:31.712:%SIP-2-TLS_HANDSHAKE_FAILED:TLS handshake failure-remote_addr=139.177.64.53,remote_port=5062BRKCOL-281252 2023 Cisco and/or its affiliates.
93、All rights reserved.Cisco Public#CiscoLiveVerify Correct Certificate Configuredcrypto pki trustpoint CUBE_CA_CERTenrollment terminal pemserial-number nonesubject-name CN=svs-rtp-dmz-subject-alt-name svs-rtp-dmz-revocation-check nonersakeypair svs-rtp-dmz-cube9asip-uatransport tcp tls v1.2crypto sign
94、aling default trustpoint CUBE_CA_CERT BRKCOL-281253 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveVerify CA is trusted by Webexhttps:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveVerify CA is trusted by Webexsvs-rtp-dmz-cube9a#show crypto p
95、ki certificatesCertificateStatus:AvailableCertificate Serial Number(hex):00FADBC625153DAA0Certificate Usage:General PurposeIssuer:cn=Sectigo RSA Domain Validation Secure Server CAo=Sectigo Limitedl=Salfordst=Greater Manchesterc=GBSubject:Name:svs-rtp-dmz-cn=svs-rtp-dmz-Validity Date:start date:19:00
96、:00 EST Nov 20 2022end date:18:59:59 EST Dec 22 2023Associated Trustpoints:CUBE_CA_CERT Storage:nvram:SectigoRSADo#A910.cerBRKCOL-281255 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveVerify CA is trusted by Webexsvs-rtp-dmz-cube9a#show crypto pki certificatesCertificateS
97、tatus:AvailableCertificate Serial Number(hex):00FADBC625153DAA0Certificate Usage:General PurposeIssuer:cn=Sectigo RSA Domain Validation Secure Server CAo=Sectigo Limitedl=Salfordst=Greater Manchesterc=GBSubject:Name:svs-rtp-dmz-cn=svs-rtp-dmz-Validity Date:start date:19:00:00 EST Nov 20 2022end date
98、:18:59:59 EST Dec 22 2023Associated Trustpoints:CUBE_CA_CERT Storage:nvram:SectigoRSADo#A910.cerCA CertificateStatus:AvailableCertificate Serial Number(hex):7D5B5126B476BA11DB74160BBC530DA7Certificate Usage:SignatureIssuer:cn=USERTrust RSA Certification Authorityo=The USERTRUST Networkl=Jersey Citys
99、t=New Jerseyc=USSubject:cn=Sectigo RSA Domain Validation Secure Server CAo=Sectigo Limitedl=Salfordst=Greater Manchesterc=GBCRL Distribution Points:http:/ Date:start date:20:00:00 EDT Nov 1 2018end date:18:59:59 EST Dec 31 2030Associated Trustpoints:CUBE_CA_CERT Intermediate_CA2 Storage:nvram:USERTr
100、ustRSA#DA7CA.cerBRKCOL-281256 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveVerify CA is trusted by WebexCA CertificateStatus:AvailableCertificate Serial Number(hex):7D5B5126B476BA11DB7Certificate Usage:SignatureIssuer:cn=USERTrust RSA Certification Authorityo=The USERTR
101、UST Networkl=Jersey Cityst=New Jerseyc=USSubject:cn=Sectigo RSA Domain Validation Secure Server CAo=Sectigo Limitedl=Salfordst=Greater Manchesterc=GBCRL Distribution Points:http:/ Validity Date:start date:20:00:00 EDT Nov 1 2018end date:18:59:59 EST Dec 31 2030Associated Trustpoints:CUBE_CA_CERT Int
102、ermediate_CA2 Storage:nvram:USERTrustRSA#DA7CA.cerCA CertificateStatus:AvailableCertificate Serial Number(hex):3972443AF922B751D7D36C10DD313595Certificate Usage:SignatureIssuer:cn=AAA Certificate Serviceso=Comodo CA Limitedl=Salfordst=Greater Manchesterc=GBSubject:cn=USERTrust RSA Certification Auth
103、orityo=The USERTRUST Networkl=Jersey Cityst=New Jerseyc=USCRL Distribution Points:http:/ Date:start date:20:00:00 EDT Mar 11 2019end date:18:59:59 EST Dec 31 2028Associated Trustpoints:Intermediate_CAStorage:nvram:AAACertifica#3595CA.cerBRKCOL-281257 2023 Cisco and/or its affiliates.All rights reser
104、ved.Cisco Public#CiscoLiveVerify CA is trusted by WebexCA CertificateStatus:AvailableCertificate Serial Number(hex):3972443AF922B751DCertificate Usage:SignatureIssuer:cn=AAA Certificate Serviceso=Comodo CA Limitedl=Salfordst=Greater Manchesterc=GBSubject:cn=USERTrust RSA Certification Authorityo=The
105、 USERTRUST Networkl=Jersey Cityst=New Jerseyc=USCRL Distribution Points:http:/ Date:start date:20:00:00 EDT Mar 11 2019end date:18:59:59 EST Dec 31 2028Associated Trustpoints:Intermediate_CAStorage:nvram:AAACertifica#3595CA.cerCA CertificateStatus:AvailableCertificate Serial Number(hex):01Certificat
106、e Usage:SignatureIssuer:cn=AAA Certificate Serviceso=Comodo CA Limitedl=Salfordst=Greater Manchesterc=GBSubject:cn=AAA Certificate Serviceso=Comodo CA Limitedl=Salfordst=Greater Manchesterc=GBCRL Distribution Points:http:/ Date:start date:19:00:00 EST Dec 31 2003end date:18:59:59 EST Dec 31 2028Asso
107、ciated Trustpoints:Root_CA_CERTStorage:nvram:AAACertifica#1CA.cerBRKCOL-281258 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveVerify CA is trusted by WebexCA CertificateStatus:AvailableCertificate Serial Number(hex):01Certificate Usage:SignatureIssuer:cn=AAA Certificate S
108、erviceso=Comodo CA Limitedl=Salfordst=Greater Manchesterc=GBSubject:cn=AAA Certificate Serviceso=Comodo CA Limitedl=Salfordst=Greater Manchesterc=GBCRL Distribution Points:http:/ Date:start date:19:00:00 EST Dec 31 2003end date:18:59:59 EST Dec 31 2028Associated Trustpoints:Root_CA_CERTSelf-signed i
109、ndicates Root CAshow crypto pki trustpoints Root_CA_CERT status BRKCOL-281259 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveVerify CA is trusted by WebexAssociated Trustpoints:Root_CA_CERTsvs-rtp-dmz-cube9a#show crypto pki trustpoints Root_CA_CERT status Trustpoint Root_
110、CA_CERT:Issuing CA certificate configured:Subject Name:cn=AAA Certificate Services,o=Comodo CA Limited,l=Salford,st=Greater Manchester,c=GBFingerprint MD5:497904B0 EB8719AC 47B0BC11 519B74D0 Fingerprint SHA1:D1EB23A4 6D17D68F D92564C2 F1F16017 64D8E349 State:Keys generated.NoIssuing CA authenticated
111、.YesCertificate request(s).Nonehttps:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveVerify TLS Connectionssvs-rtp-dmz-cube9a#show sip-ua connections tcp tls detailTotal active connections :8No.of send failures :4No.of remote closures :105No.of conn.failures :1595No.of i
112、nactive conn.ageouts:0Max.tls send msg queue size of 3,recorded for 139.177.65.53:8934TLS client handshake failures:0TLS server handshake failures:0Remote-Agent:139.177.65.54,Connections-Count:2Remote-Port Conn-Id Conn-State WriteQ-Size Local-Address TLS-Version Cipher Curve Tenant=5062 1658 Establi
113、shed 0 64.102.250.137:21819 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 P-256 08934 1715 Established 0 64.102.250.137:5061 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 P-256 0Remote-Agent:139.177.64.53,Connections-Count:2Remote-Port Conn-Id Conn-State WriteQ-Size Local-Address TLS-Version Cipher Curve Tenant=5062 16
114、57 Established 0 64.102.250.137:39113 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 P-256 08934 1717 Established 0 64.102.250.137:5061 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 P-256 0Remote-Agent:139.177.64.54,Connections-Count:2Remote-Port Conn-Id Conn-State WriteQ-Size Local-Address TLS-Version Cipher Curve Tena
115、nt=5062 1659 Established 0 64.102.250.137:48188 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 P-256 08934 1714 Established 0 64.102.250.137:5061 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 P-256 0Remote-Agent:139.177.65.53,Connections-Count:2Remote-Port Conn-Id Conn-State WriteQ-Size Local-Address TLS-Version Cipher
116、Curve Tenant=5062 1660 Established 0 64.102.250.137:11636 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 P-256 08934 1716 Established 0 64.102.250.137:5061 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 P-256 0BRKCOL-281261 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSuccessful Connection f
117、rom Control HubBRKCOL-281262CUBE Call Routing 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveInternetPremises-based PSTN Deployment ModelsMulti-site with Multiple Local GatewaysLocation 1Location 1LGWLGW-A ALocation 2Location 2Location 3Location 3LGWLGW-B BLoc 1Loc 1Loc 2
118、Loc 2Loc 3Loc 3RGRG-ABABLGWLGW-B BControl Hub configurationMultiple locations can use the same Trunk/Route GroupOne Trunk or Route Group must be assigned to each locationPSTNPSTNLGWLGW-A ABRKCOL-281264 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDial Peer MatchingLocal
119、 GatewayPSTNUnified CMvoice class uri 200 sippattern dtg=cube7958_lgudial-peer voice 200202 voipdescription Webex Callingincoming uri request 200destination dpg 300voice class dpg 300dial-peer 301 preference 1INVITE sip:+64.102.250.133:5061;transport=tls;dtg=cube7958_lgu SIP/2.0dial-peer
120、voice 301 voipdescription WxC to UCMdestination-pattern BAD.BADsession server-group 3015065voice class server-group 301ipv4 port 5065ipv4 port 5065ipv4 port 50651 12 23 34 45 5BRKCOL-281265 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDial Peer MatchingINVITE sip:+18008
121、001180172.19.54.10:5060;transport=Via:SIP/2.0/TCP 172.18.2.20:5060;branch=z9hG4bK247eLocal GatewayPSTNUnified CMvoice class uri 302 sippattern 172.18.2.*:5060dial-peer voice 302 voipdescription UCM to PSTNincoming uri via 302destination dpg 100voice class dpg 100dial-peer 101 preference 1dial-peer v
122、oice 101 voipdescription UCM to PSTNdestination-pattern BAD.BADsession target ipv4:50601 12 23 34 4BRKCOL-281266 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDial Peer MatchingINVITE sip:+64.102.2.123:5060;transport=Via:SIP/2.0/TCP:5060;branch=z9hG4bK247eLoca
123、l GatewayUnified CMvoice class uri 100 siphost dial-peer voice 100 voipdescription PSTN to UCMincoming uri via 100destination dpg 302voice class dpg 302dial-peer 305 preference 1dial-peer voice 305 voipdescription PSTN to UCMdestination-pattern BAD.BADsession server-group 30550601 12 23 34 4PSTNvoic
124、e class server-group 305ipv4 ipv4 ipv4 5 5BRKCOL-281267 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDial Peer MatchingINVITE sip:+Via:SIP/2.0/TCP 172.18.2.20:5065;branch=z9hG4bK247eLocal GatewayPSTNUnified CMvoice class uri 300 sippattern 172.18.2.*:5065dial-peer voice
125、 300 voipdescription UCM to WxCincoming uri via 300destination dpg 200voice class dpg 200dial-peer 200201 preference 1dial-peer voice 200201 voipdescription UCM to WxCdestination-pattern BAD.BADvoice-class sip tenant 200session target sip-server50651 12 23 34 4BRKCOL-281268 2023 Cisco and/or its aff
126、iliates.All rights reserved.Cisco Public#CiscoLiveWebex Calling call routing overviewCall Routing undergoes three distinct phasesSource Classification(User,Premises,or External)Destination SelectionScreening&Routing(User,Trunk,Route Group,PSTN)BRKCOL-281269 2023 Cisco and/or its affiliates.All right
127、s reserved.Cisco Public#CiscoLiveWebex Calling Source ClassificationUserPremisesExternal(PSTN)Webex DevicesWebex CallingDedicated InstanceLocal GatewayCisco PSTN orCloud-Connected PSTNSource LocationSource LocationSource LocationDepending on CLID orDiversion Header*Depending on CLID or Diversion Hea
128、der*Depends on incoming calling party number,presence of Diversion header,number of dialed digits,and configuration settingsBRKCOL-281270 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCall Routing Configuration Service SettingsBRKCOL-281271 2023 Cisco and/or its affiliat
129、es.All rights reserved.Cisco Public#CiscoLiveSource ClassificationInbound Trunk Call(w/source location)BRKCOL-281272 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSource ClassificationInbound Trunk Call(w/source location)YesNoUserINVITE sip:5062 SIP/2.0Via:SIP/2.0/TLS 64
130、.102.250.137:5061;branch=z9hG4bK8BF831C1EFrom:;tag=FD340CF9-200DTo:Call-ID:2EB7BD48-EF7111ED-B8429147-F554AD6264.102.250.137Supported:timer,resource-priority,replacesMin-SE:1800User-Agent:Cisco-SIPGateway/IOS-17.10.1aAllow:INVITE,OPTIONS,BYE,CANCEL,ACK,PRACK,UPDATE,REFER,SUBSCRIBE,NOTIFY,INFO,REGIST
131、ERCSeq:101 INVITEContact:Diversion:Expires:180Max-Forwards:68 snip Number in Diversion header used if present,if not number in From header is used CLID/DH*matchesRoute List Entry?*CLID=Calling Party IDDH=SIP Diversion HeaderBRKCOL-281273 2023 Cisco and/or its affiliates.All rights reserved.Cisco Pub
132、lic#CiscoLiveSource ClassificationInbound Trunk Call(w/source location)YesYesNoNoPremisesUserCLID/DH*matchesRoute List Entry?CLID/DH*matchesDial Plan Entry?*CLID=Calling Party IDDH=SIP Diversion HeaderBRKCOL-281274 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSource Cla
133、ssificationInbound Trunk Call(w/source location)Unknown Numbers HandlingLegacyStandardYesYesNoNoPremisesPremisesUserOrg-wide ConfigurationCLID/DH*matchesRoute List Entry?CLID/DH*matchesDial Plan Entry?*CLID=Calling Party IDDH=SIP Diversion HeaderBRKCOL-281275 2023 Cisco and/or its affiliates.All rig
134、hts reserved.Cisco Public#CiscoLiveSource ClassificationInbound Trunk Call(w/source location)Unknown Numbers HandlingLegacyStandardYesYesYesNoNoNoPremisesExternalPremisesUserOrg-wide ConfigurationCLID/DH*contains2-6 digits?CLID/DH*matchesRoute List Entry?CLID/DH*matchesDial Plan Entry?*CLID=Calling
135、Party IDDH=SIP Diversion HeaderBRKCOL-281276 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveSource ClassificationInbound Trunk Call(w/source location)Unknown Numbers HandlingLegacyStandardCLID/DH*contains2-6 digits?YesCLID/DH*matchesRoute List Entry?YesCLID/DH*matchesDial
136、 Plan Entry?YesNoNoNoUnknown ext toPremises as int for Loc?YesNoPremisesExternalPremisesUserExternalPremisesTrunk Location ConfigurationOrg-wide Configuration*CLID=Calling Party IDDH=SIP Diversion HeaderBRKCOL-281277 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveRouting
137、overview2)Destination selectionIncoming CallBRKCOL-281278 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveRouting overview2)Destination selectionIncoming CallEmergencyYesPSTN3BRKCOL-281279 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveRouting o
138、verview2)Destination selectionTest dialed number against+E.164,extension,and enterprise numbers of users within customer.Exact match:“90”“+496100123”Differentiation between a TN(+E.164)and ESN/ExtensionIncoming CallEmergencyYesPSTN3User TN3UserTNYesUserESN/Ext3UserESN/ExtYesBRKCOL-281280
139、2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveRouting overview2)Destination selectionStrict match:“9”does not match“+1408555!”Incoming CallEmergencyYesPSTN3User TN3VON3DP3RL3UserTNRoutelistVONDial PlanStrict matchStrict matchYesYesYesYesUserESN/Ext3UserESN/Ext
140、YesBRKCOL-281281 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveRouting overview2)Destination selectionVON ranges treated the same as VON,but only match after enterprise dial plansIncoming CallEmergencyYesPSTN3User TN3VON3DP3RL3UserTNRoutelistVONDial PlanVON RangeVON3Stri
141、ct matchStrict matchYesYesYesYesYesTECCOL-2191UserESN/Ext3UserESN/ExtYesBRKCOL-281282 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveRouting overview2)Destination selectionDialed number might be translated to+E.164 based on national numbering plan.For example:901149610012
142、3 +496100123If number is translated,then go back to check for+E.164 matchesIncoming CallEmergencyYesPSTN3User TN3VON3DP3+E.164 translatedRL3UserTNRoutelistVONDial PlanNSLookupVON RangePSTN3Based on national dial planNS lookup skipped in 2nd round;straight to PSTN insteadVON3Strict matchStrict matchY
143、esYesYesYesYesUnknown NumberUserESN/Ext3UserESN/ExtYesBRKCOL-281283 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCountry Calling PlansNS Lookup uses calling plan for the country of the LocationCall Type tagging used for call restrictions(covered later)https:/ 2023 Cisco
144、 and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveRouting overview2)Destination selection?Unknown ext.Unknown extension policy enabled and 2-6 dialed digits3YesUnknown number handlingIncoming CallEmergencyYesPSTN3User TN3VON3DP3+E.164 translatedRL3UserTNRoutelistVONDial PlanNSLookupVO
145、N RangePSTN3Based on national dial planNS lookup skipped in 2nd round;straight to PSTN insteadVON3Strict matchStrict matchYesYesYesYesYesUnknown NumberUserESN/Ext3UserESN/ExtYesBRKCOL-281285 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveRouting overview2)Destination sele
146、ction?LocationPSTNUnknown ext.Prem PSTNUnknown extension policy enabled and 2-6 dialed digitsCloud PSTN3YesUnknown number handlingIncoming CallEmergencyYesPSTN3User TN3VON3DP3+E.164 translatedRL3UserTNRoutelistVONDial PlanNSLookupVON RangePSTN3Based on national dial planNS lookup skipped in 2nd roun
147、d;straight to PSTN insteadVON3Strict matchStrict matchYesYesYesYesYesUnknown NumberUserESN/Ext3UserESN/ExtYesBRKCOL-281286 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive?LocationPSTNUnknown ext.Prem PSTN2)Destination selectionPSTNLegacyUnknownNumberUnknown extension poli
148、cy enabled and 2-6 dialed digitsCloud PSTN33StandardRouting overviewYesUnknown number handlingIncoming CallEmergencyYesPSTN3User TN3VON3DP3+E.164 translatedRL3UserTNRoutelistVONDial PlanNSLookupVON RangePSTN3Based on national dial planNS lookup skipped in 2nd round;straight to PSTN insteadVON3Strict
149、 matchStrict matchYesYesYesYesYesUnknown NumberUserESN/Ext3UserESN/ExtYesBRKCOL-281287 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive?LocationPSTNYesUnknown ext.Prem PSTN2)Destination selection3)Block or allow based on calling permissions and routePSTNRoute to userPSTNVO
150、NCall TypeRLDPUnknown ext.UserLegacyUnknownNumberUnknown extension policy enabled and 2-6 dialed digitsCloud PSTN333Unknown number handlingRoute to Location PSTNMeetingnumberRoute to meetings SRV for locations countryRoute to Trunk/RGYesNoStandardBased on Webex dial-in numbers tableRouting overviewI
151、ncoming CallEmergencyYesPSTN3User TN3VON3DP3+E.164 translatedRL3UserTNRoutelistVONDial PlanNSLookupVON RangePSTN3Based on national dial planNS lookup skipped in 2nd round;straight to PSTN insteadVON3Strict matchStrict matchYesYesYesYesYesUnknown NumberUserESN/Ext3UserESN/ExtYesBRKCOL-281288 2023 Cis
152、co and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveScreening and RoutingToUser(TN)User(ESN/Ext)Trunk(RL)Trunk(DP or unknown ext)PSTN/VONUserPremisesExternalFromFromToToBRKCOL-281289 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveScreening and RoutingCalls
153、from Webex Calling users(including DI users)can be routed anywhereToUser(TN)User(ESN/Ext)Trunk(RL)Trunk(DP or unknown ext)PSTN/VONUserPremisesExternalFromFromToToBRKCOL-281290 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveScreening and RoutingCalls from On-Premises Users
154、 can be routed anywhere except for the PSTNToUser(TN)User(ESN/Ext)Trunk(RL)Trunk(DP or unknown ext)PSTN/VONUserPremisesExternalFromFromToToBRKCOL-281291 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveScreening and RoutingCalls from PSTN can only route to User TNs(includin
155、g DI users).Calls from PSTN cannot call ESN/Extension.ToUser(TN)User(ESN/Ext)Trunk(RL)Trunk(DP or unknown ext)PSTN/VONUserPremisesExternalFromFromToToBRKCOL-281292 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCall Routing Troubleshooting ToolSelect Source(User or Trunk
156、and Number)Enter DestinationTool performs a live route lookupCalling Call Routing Verify Call RoutingBRKCOL-281293 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCall Routing Troubleshooting ToolExample call from User to PSTNBRKCOL-281294 2023 Cisco and/or its affiliates.
157、All rights reserved.Cisco Public#CiscoLiveCall Routing Troubleshooting ToolDP or RL matches must point route to selected TrunkBRKCOL-281295 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCall Routing Troubleshooting ToolDP or RL matches must point route to selected TrunkB
158、RKCOL-281296 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCall Routing Troubleshooting ToolSource Location may influence dialed digits and trunk selectionExample:NANP 7-digit dialing uses NPA of calling deviceBRKCOL-281297SIP Troubleshootingon CUBE 2023 Cisco and/or its
159、 affiliates.All rights reserved.Cisco Public#CiscoLiveUnderstanding the Session Initiation Protocol(SIP)Watch Chapter 2 from DGTLDGTL-BRKUCCBRKUCC-2932 2932 on Cisco Live On-Demand Library https:/ sure you log in after Make sure you log in after going to the above sitegoing to the above siteBRKCOL-2
160、81299 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCUBE VOIP Trace FeatureLogs debugs for individual calls automaticallyVOIP Trace is enabled by default from IOS-XE 17.4.1,17.3.2VOIP Trace captures:SIP messages for SIP Trunk to Trunk callsEvents and API calls from SIP l
161、ayer to other layers in CUBESIP ErrorsCall Control(unified communication call flows processed by CUBE)FSM(Finite State Machines)states and eventsDial peer matchedRTP ports allocatedWill not log REGISTER,OPTIONS,SUBSCRIBE/NOTIFY,INFOvoice sevice voiptraceBRKCOL-2812100 2023 Cisco and/or its affiliate
162、s.All rights reserved.Cisco Public#CiscoLiveVOIP Trace-ConfigurationMemory allocated for VOIP Trace is configurable:CUBE(conf-serv-trace)#memory-limit?Specify maximum memory limit in MB platform Use 10 percent of available memoryRouter#show processes memoryProcessor Pool Total:8039169484 Used:403977
163、744 Free:7635191740reserve P Pool Total:102404 Used:88 Free:102316lsmpi_io Pool Total:6295128 Used:6294296 Free:832BRKCOL-2812101 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveVOIP Trace Show commands CUBE#show voip trace?allDisplay all VoIP Tracescall-idFilter traces ba
164、sed on Internal Call Idcorrelator Filter traces based on FPI Correlatorcover-buffersDisplay the summary of all cover bufferssession-id Filter traces based on SIP Session IDsip-call-idFilter traces based on SIP Call Idstatistics Display statistics for VoIP TraceExecuting”show voip trace all”to displa
165、y a huge voip trace will impact the performance and will display a warning seeking confirmation CUBE#sh voip trace allDisplaying 11858 cover buffersThis may severely impact system performance.Continue?yes/no noBRKCOL-2812102 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive
166、VOIP Trace-Cover Buffer-Search-KeySearch key is added in each cover buffer and for each call legSearch key is a combination of Calling number,Called number and call-id In-legSearch-key:9898:4000:9972Out-legSearch-key:9898:4000:9973BRKCOL-2812103 2023 Cisco and/or its affiliates.All rights reserved.C
167、isco Public#CiscoLiveVOIP Trace-Cover Buffer-Search-KeyTo find a call,search for calling or called numbershow voip trace cover-buffer|include show voip trace cover-buffer|section Detailed call information can be filtered further using the call-id from the search-keyshow voip trace call-id BRKCOL-281
168、2104 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveVOIP Trace Tip!Create aliases to make finding and showing calls easier.alias exec fc show voip trace cover-buffer|sectionalias exec sc show voip trace call-idUsage:To find a call by calling/called number:CUBE#fc 91955512
169、34 To show the call details based on callTo show the call details based on call-id:id:CUBE#sc 37298BRKCOL-2812105 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveVOIP Trace Show VOIP Trace StatisticsVOIP trace statistics displays extensive information about the status,memo
170、ry consumption,errored or failure calls,successful calls etc.Router#show voip trace statisticsVoIP Trace StatisticsTracing status:ENABLED at*Sep 12 06:44:02.349Memory limit configured:803209216 bytesMemory consumed:254550928 bytes(31%)Total call legs dumped:2Oldest trace dumped:*Sep 12 07:29:21.077
171、Search-key:9898:30000:64Latest trace dumped:*Sep 12 07:29:21.010 Search-key:9898:30000:63Total call legs captured:11858Total call legs available:11858Oldest trace available:*Sep 12 06:57:23.923,Search-key:5250001:4720001:11Latest trace available:*Sep 13 05:08:25.353,Search-key::30000:1317
172、7Total traces missed:0BRKCOL-2812106 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveExample Issue:Calls not ringing destinationScenario:Calling from UCM phone to Webex Calling IVR numberUser gets ring back continuously-Call is never answeredCall from Webex Calling registe
173、red phone worksLocalgatewayInternetIVRWebex Calling Edge SBCCisco UCMIP Phone++IP PhoneBRKCOL-2812107 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveExample Issue:Calls not ringing destinationCUBE#show voip trace cover-buffers|section+Sear
174、ch-key =+:+:13542Timestamp =*Jun 3 03:10:43.063Buffer-Id =13CallID=13542Peer-CallID=13543Correlator =NACalled-Number =+Calling-Number=+SIP CallID=cc4e5980-1ee100ed-33f97f9-3b6a12ac172.18.106.59SIP Session ID=d443532f00804a2bb4c1dcb68423024dGUID =CC4E598000
175、00Tenant =300Search-key =+:+:13543Timestamp =*Jun 3 03:10:43.067Buffer-Id =14CallID=13543Peer-CallID=13542Correlator =NACalled-Number =+Calling-Number=+SIP CallID=96A29B58-E22111EC-8290C535-8219C88264.102.250.135SIP Session ID=377caecb00105000a000ac7e8ab60
176、43bGUID =CC4E59800000Tenant =200CUBE#show voip trace call-id 13542Save output to.txt fileBRKCOL-2812108 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveExample Issue:Calls not ringing destinationCollaboration Solutions Analyzer-https:/https:/ show ver and show run in the f
177、ile in addition to tracesBRKCOL-2812109 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveExample Issue:Calls not ringing destinationCollaboration Solutions Analyzer-https:/https:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveExample Issue:Calls
178、 not ringing destinationBRKCOL-2812111 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveExample Issue:Calls not ringing destinationBRKCOL-2812112 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveExample Issue:Calls not ringing destinationCopy Text
179、debug output from CLI and Paste into TranslatorXUse TranslatorX translatorx.orgBRKCOL-2812113 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveExample Issue:Calls not ringing destinationClick“Generate Diagram”buttonUse TranslatorX translatorx.orgBRKCOL-2812114 2023 Cisco an
180、d/or its affiliates.All rights reserved.Cisco Public#CiscoLiveExample Issue:Calls not ringing destinationBRKCOL-2812115 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveExample Issue:Calls not ringing destinationClick on outbound INVITE to Webex CallingUse TranslatorX trans
181、latorx.orgBRKCOL-2812116 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveExample Issue:Calls not ringing destinationExamine 180 Ringing coming from Webex CallingUse TranslatorX translatorx.orgBRKCOL-2812117 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#
182、CiscoLiveExample Issue:Calls not ringing destinationExamine 180 Ringing coming from Webex CallingUse TranslatorX translatorx.orgBRKCOL-2812118 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveExample Issue:Calls not ringing destinationvoice class sip-profiles 200rule 9 requ
183、est ANY sip-header SIP-Req-URI modify sips:(.*)sip:1rule 10 request ANY sip-header To modify sips:(.*)sip:1rule 11 request ANY sip-header From modify sips:(.*)sip:1rule 12 request ANY sip-header Contact modify rule 13 response ANY sip-header To modify sips:(.*)sip:1rule 14 response ANY sip-header Fr
184、om modify sips:(.*)sip:1rule 15 response ANY sip-header Contact modify sips:(.*);otg=hussain2572_lgurule 30 request ANY sip-header P-Asserted-Identity modify sips:(.*)sip:1BRKCOL-2812119 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveExample Issue:Calls not ringing destin
185、ationvoice class sip-profiles 200rule 9 request ANY sip-header SIP-Req-URI modify sips:(.*)sip:1rule 10 request ANY sip-header To modify sips:(.*)sip:1rule 11 request ANY sip-header From modify sips:(.*)sip:1rule 12 request ANY sip-header Contact modify rule 13 response ANY sip-header To modify sips
186、:(.*)sip:1rule 14 response ANY sip-header From modify sips:(.*)sip:1rule 15 response ANY sip-header Contact modify sips:(.*);otg=svs-rtp-dmz-cube8a2637_lgurule 30 request ANY sip-header P-Asserted-Identity modify sips:(.*)sip:1BRKCOL-2812120 2023 Cisco and/or its affiliates.All rights reserved.Cisco
187、 Public#CiscoLiveExample Issue:Calls not ringing destinationAfter fixing the otgconfiguration in the SIP profileUse TranslatorX translatorx.orgBRKCOL-2812121 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCUBE not responding to OPTIONSCUBE#debug ccsip all*Jun 3 01:58:05.2
188、55:/-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:Received:OPTIONS sip:64.102.250.135:5061;transport=tls SIP/2.0Via:SIP/2.0/TLS 139.177.65.12:8934;branch=z9hG4bKBroadworksSSE.-64.102.250.135V11176-0--18-From:;tag=1997418-To:Call-ID:SSE0
189、.177.65.12CSeq:100 OPTIONSMax-Forwards:0Content-Length:0*Jun 3 01:58:05.255:/-1/xxxxxxxxxxxx/SIP/Info/verbose/4096/ccsip_new_msg_preprocessor:Checking Invite Dialog*Jun 3 01:58:05.260:/-1/xxxxxxxxxxxx/SIP/Info/verbose/8192/sipSPIIpTrustSilentDiscard:sipSPIIpTrustSilentDiscard:called for method 101*J
190、un 3 01:58:05.260:/-1/xxxxxxxxxxxx/SIP/Info/info/8192/sipSPIIpTrustSilentDiscard:Message from untrusted ip address.Silently discardBRKCOL-2812122 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCUBE not responding to OPTIONSvoice service voipip address trusted listipv4 172
191、.18.106.0 255.255.255.0ipv4 139.177.72.0 255.255.254.0ipv4 23.89.1.128 255.255.255.128ipv4 23.89.33.0 255.255.255.0ipv4 23.89.40.0 255.255.255.128ipv4 23.89.76.128 255.255.255.128ipv4 52.26.82.0 255.255.255.0ipv4 85.119.56.0 255.255.254.0ipv4 128.177.14.0 255.255.255.0ipv4 128.177.36.0 255.255.255.0
192、ipv4 135.84.168.0 255.255.248.0ipv4 139.177.64.0 255.255.248.0ipv4 150.253.209.128 255.255.255.128ipv4 170.72.0.128 255.255.255.128ipv4 170.72.17.128 255.255.255.128ipv4 170.72.29.0 255.255.255.0ipv4 170.72.82.0 255.255.255.128ipv4 185.115.196.0 255.255.252.0ipv4 199.19.196.0 255.255.254.0ipv4 199.1
193、9.199.0 255.255.255.0ipv4 199.59.64.0 255.255.248.0https:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTroubleshooting from Webex Control HubBRKCOL-2812124 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTroubleshooting from Webex Control Hub
194、BRKCOL-2812125 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTroubleshooting from Webex Control HubBRKCOL-2812126Local Gateway Troubleshooting Demo 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFill out your session surveys!Attendees who fill
195、 out a minimum of four session surveys and the overall event survey will get Cisco Live-branded socks(while supplies last)!These points help you get on the leaderboard and increase your chances of winning daily and grand prizesAttendees will also earn 100 points in the Cisco Live Challenge for every
196、 survey completed.BRKCOL-2812128 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicContinue your educationVisit the Cisco Showcase for related demosBook your one-on-oneMeet the Engineer meetingAttend the interactive education with DevNet,Capture the Flag,and Walk-in LabsVisit the On-D
197、emand Library for more sessions at www.CiscoL you#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive131Gamify your Cisco Live experience!Get points Get points for attending this session!for attending this session!Open the Cisco Events App.Click on Cisco Live Challenge in the side menu.Click on View Your Badges at the top.Click the+at the bottom of the screen and scan the QR code:How:1234131 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKCOL-2812#CiscoLive