Packet capture from a Cisco device and export it to Wireshark

Ran into a situation where I needed to perform a packet capture on the WAN interface of a router that was facing an ISP.  The site was rather remote and so putting a hub in between the router and ISP and capturing the packets via Wireshark was going to be very time consuming.  Here is how to perform a packet capture right on the router and then export the capture to Wireshark for analysis. Create the capture buffer monitor capture buffer holdpackets monitor capture buffer holdpackets size 2048 max-size 1024 Create capture profile.  (This will capture everything on the router, but you can use an access-list to filter this down) monitor capture point ip process-switched capturepackets both Associate the profile with the buffer monitor capture point associate capturepackets holdpackets Start the capture monitor capture point start capturepackets Generate traffic you want to capture and then view the buffer to verify captured packets (optional) show monitor capture buffer all parameters Stop the capture monitor capture point stop capturepackets Export the capture via TFTP for viewing in Wireshark monitor capture buffer holdpackets export tftp://10.1.1.11/capture.pcap Clear the buffer and start the capture over again at step 4 to repeat monitor capture buffer holdpackets clear Here is the Cisco document that goes into further detail:  https://supportforums.cisco.com/docs/DOC-5799...

Lync Enterprise Voice with Cisco or Adtran routers

These are the steps to setup Lync 2013 to work with Enterprise Voice through a Cisco router running CME (CallManager Express) or an Adtran 7000 router like the NetVanta 7100. From the Lync Topology Builder open your site, Shared Components then right-click on PSTN Gateways and select New.  Enter the IP address of your router and choose next.  Click Next again.  On the last page change SIP Transport Protocol from TLS to TCP, select your mediation server if it’s not already automatically chosen and choose finish.  Publish the updated topology.                                 Next hop over to the Lync Server 2013 Control Panel.  Choose Voice Routing and then Trunk Configuration.  Edit your site configuration and scroll down to Called Number Translation Rules.  I added 2 rules, one to remove + and the other to remove 9 for outbound calls.                         Next go to Dial Plan and edit the site dial plan.  If you don’t have one create one for your Lync site.  Scroll down to Associated Normalization Rules and create a new rule.  I created a rule where the call that matched had to be at least 3 digits and I didn’t remove or add any digits.       Next go to Route and choose New.  Name your route and then add patterns to match for outbound calls and extensions on your CME or 7100 router.  I chose to add 9 followed by anything for outbound calls and then 2.., 3.. and 60. as those are all...

CME and Lync RCC Integration

This guide will go through the steps to setup Lync Remote Call Control (RCC) with Cisco CallManager Express (CME).  I’ve used this with OCS, Lync 2010 and Lync 2013.  CME must be version 8.0 or higher. CME On the router enter the commands that are not already present: voice service voip   allow-connections sip to sip   no supplementary-service sip moved-temporarily   no supplementary-service sip refer   no cti shutdown   cti csta mode basic And then on the ephone-dns that you are remote call controlling add the following: cti watch   LYNC Step 1 On Lync we first need to create a static route to the CME.  First let’s check existing static routing config: Get-CsStaticRoutingConfiguration  OPTIONAL - If you want to view the details that Get-CsStaticRoutingConfiguration won’t show, use this two-step process: $stroute = Get-CsStaticRoutingConfiguration  $stroute.Route If there’s nothing that conflicts then create the static route with this two-step process: $tcpRoute = New-CsStaticRoute -TCPRoute -Destination “CME IP OR FQDN” -Port 5060 -MatchUri “cme.domain.com” Set-CsStaticRoutingConfiguration -Route @{Add=$tcpRoute} Step 2 Next create an application pool.  First check the existing application pools: Get-CSTrustedApplicationPool If all looks well, create the pool: New-CsTrustedApplicationpool -Identity “CME IP OR FQDN” -Registrar “LYNC FQDN” -Site “LYNC SITE NAME” Step 3 Next configure the application.  First check the existing applications to make sure there’s not an overlap: Get-CSTrustedApplication Then create the application: New-CsTrustedApplication -ApplicationID RCC -TrustedApplicationPoolFqdn “CME IP OR FQDN” -Port 5060 -EnableTcp You might receive a warning that UCMA applications only support MTLS.  Choose “Yes” Step 4 Check to see which TCP port Lync is listening on.  In Lync 2013 the default is 5061 but CME needs this to...

Show ARP reveals thousands of IPs on the outside interface

Problem:  When you run “show arp” on an edge router/firewall you see thousands of public IPs.  This will eat up the memory and cause things to run slowly.  I even saw in once case where “show run” revealed nothing, it would just come back blank because there wasn’t any memory available to perform the command. Solution:  Chances are the default route is using an interface as a destination and not an IP.  Such as ip route 0.0.0.0 0.0.0.0 Gig0/0 Change this to use an IP address and not an interface.  If an interface is used then there is no MAC that can be used as a destination and so the router sends an ARP request for the destination IP and adds it to the local...

Registering voice-ports from a Cisco 881 SRST router to CME / UC500

The Cisco 881 router comes in an SRST flavor (C881SRST-K9) which includes 1 FXO and 4 FXS ports.  We recently ran into a problem at a customer’s new install where the service provider did not run new FXO lines in time for the installation.  So seeing that we had some FXS ports available, and being familiar with integrating the VG224 and VG204 to CME, I set out to see if the FXS ports in the 881 could be registered via SCCP to the CME across the WAN.  The answer is yes! Here are the relevant parts of the config in the 881: stcapp ccm-group 1 stcapp ! interface FastEthernet0 ip address 192.168.2.1 255.255.255.0 ! voice-port 0 timeouts ringing infinity caller-id enable ! voice-port 1 timeouts ringing infinity caller-id enable ! sccp local FastEthernet0 sccp ccm 10.1.1.1 identifier 1 version 3.1 sccp ! sccp ccm group 1 associate ccm 1 priority 1 ! dial-peer voice 100 pots service stcapp port 0 ! dial-peer voice 101 pots service stcapp port 1 And on the CME interface Vlan100 ip address 10.1.1.1 255.255.255.0 ! ephone-dn 35 number 1234567 description Remote 881 ! ephone 1 device-security-mode none description 881 FXS Port 0 mac-address 0000.1234.5678 max-calls-per-button 2 type anl button 1:35 ! For me the ephone showed up automatically, but you might need to add it manually.  If that’s the case use the following command on the 881 to determine the mac address for port 0:  “show stcapp device voice-port 0”  In the output under the “Device Name” field the mac address will be the last 12 characters of the...

Music On Hold Streaming from an FXO port on CME 8.8

Here’s another CME feature that did not work quite as expected when reading the documentation.  As with the conference bridge, I read along and followed the documentation from Cisco for “Configuring Music on Hold from a Live Feed” (the link is below) and the feature was still not working.  When placed on hold, all callers heard was the default Cisco MOH audio file.  This showed that the fall back portion of the config was working fine but overall something was missing. “http://www.cisco.com/en/US/docs/voice_ip_comm/cucme/admin/configuration/guide/cmemoh.html#wp1010511 According to Cisco all that is required is a cable to connect to your live feed device, a fxo or e&m port, a dial-peer and an ephone-dn. The cable we made on our own out of a bit of cat5, a RJ11 head and male to mail 3.5mm audio cable. For those interested, the 3.5mm cable was the type with one wire running through the middle and another wrapped around like a sheath.  The blue pair of the cat5 was then connected to the two lines from the audio cable using a couple of butt splices.  These were then wrapped individually with electrical tape to prevent interference and then all wrapped together to make the finished product a little less rough (pictured below). A RJ11 head was then connected to the other end of the cat5 using the blue pair in the middle two pins. I initially thought the issue might be with my homemade cable as it does look a little kludgy but I wanted to continue researching to eliminate all configuration issue. Again, another user saved the day by providing portions of a working config...