#CLUS CCIE Collaboration Techtorial

Ben Ng, Exam PM, L@, Cisco CX Ishan Sambhi, CSE, Cisco CX

TECCCIE-3503

#CLUS Agenda

• Session 1: CCIE® Program Overview

• Session 2: CCIE Collaboration Overview

• Session 3: CCIE Collaboration Modular Lab Exams

• Session 4: Lab Exam Diagnostic Module with Case Studies

• Session 5: Lab Exam Troubleshooting Module with Case Studies

• Session 6: Lab Exam Configuration Module with Case Studies

• Session 7: Exam Preparation Tips, In-Lab Strategies, and Q&A

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 3 Cisco Webex Teams

Questions? Use Cisco Webex Teams to chat with the speaker after the session How 1 Find this session in the Cisco Live Mobile App 2 Click “Join the Discussion” 3 Install Webex Teams or go directly to the team space 4 Enter messages/questions in the team space

Webex Teams will be moderated cs.co/ciscolivebot#TECCCIE-3503 by the speaker until June 16, 2019.

#CLUS © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 4 Session 1: CCIE Program Overview Cisco CCIE Certifications

CCIE Track Major Skills R&S Configure and troubleshoot complex converged networks Security Configure complex, end-to-end secure networks, troubleshoot environments, and anticipate and respond to network attacks Service Provider Configure and troubleshoot advanced technologies to support service provider networks

Collaboration Design, implement, integrate, and troubleshoot complex collaboration networks Wireless Plan, design, implement, operate, and troubleshoot wireless network and mobility infrastructure Data Center Configure and troubleshoot Cisco Data Center technologies including DC infrastructure, compute and virtualization.

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 6 CCIE Tracks and Exams

Routing/Switching Written LAB Security Written LAB Service Provider Written LAB Collaboration Written LAB Wireless Written LAB Data Center Written LAB

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 7 Step 1: CCIE Written Exam

• Two-hour exam with 90 to 110 multiple-choice questions

• Closed book; no outside reference materials allowed

• Pass/fail results are available immediately following the exam

• Waiting period of fifteen calendar days to retake the exam

• Candidates who pass a CCIE written exam must wait a minimum of six months before taking the same number exam

• From passing written “Must” take first lab exam attempt within 18 months

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 8 Step 2: CCIE Lab Exams

• Eight-hour exam requires working configurations and troubleshooting to demonstrate expertise

• Cisco documentation available via Cisco Web; no personal materials allowed

• Scores can be viewed normally online within 48 hours and failing score reports indicate areas where additional study may be useful

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 9 Session 2: CCIE Collaboration CCIE Collaboration Certification

• CCIE Collaboration recognizes technical experts with the highest level of knowledge and hands-on experience with Cisco Collaboration solutions.

• CCIE Collaboration assesses candidates on their ability to design, implement, integrate, and troubleshoot complex collaboration networks where voice, video, presence, and mobility work together to enable highly engaging communication anytime, on any device.

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 11 CCIE Collab v2.0 New Unified Exam Topics (Written + Lab) • Improved Customer Relevancy in UC/Collab Technologies • New Unified Exam Topics (Written + Lab) • New key topics added: • Collaboration APIs • Cisco Expressway dial plan • Mobile and Remote Access • Single-Sign-On • Ad-hoc and rendezvous conferencing on Cisco Meeting Server • Increased Coverage on Collaboration programmability, cloud and hybrid services, conference and meeting, edge servers • Removed legacy topics such as T1-CAS, E1-R2, H.323 RAS, SAF and CCD • Modular Lab Exams • Diagnostics, Troubleshooting, and Configuration modules

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 12 CCIE Collab v1.0 and v2.0 Exam Topics Comparison:

CCIE Collaboration v1.0 Written and Lab CCIE Collaboration v2.0 Unified Exam Topics Exam Topics: (Written + Exams):

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 13 CCIE Collab Lab Exam v1.0 vs v2.0 HW and SW:

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 14 CCIE Collaboration v2.0 Lab Sample Topology Headquarters Cisco Meeting Server DMZ External Expressway-E IM and DNS Presence Expressway-C Internet Unity Connection Unified Communications Manager vCUBE UCCX PSTN Internal DNS

IP Branch Branch Office B Office C

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 15 CCIE Collaboration v2.0 Lab Rack Access

Candidate Exam Desk Candidate Exam Rack

HTTPS SSH RDP Candidate PC Telnet SFTP TFTP RDP …

UnifiedFX Phoneview Lab Edition Remote Control

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 16 CCIE Collaboration v2 Remote Phone Control

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 17 CCIE Collaboration v2 Lab Candidate Desk

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 18 Session 3: CCIE Collaboration Modular Lab Exam CCIE Collaboration v2.0 Modular Lab Exams

Written Exam Lab/Practical Exam pass pass CCIE TS DIAG CFG 120min 120min 60min 300 min

1. Troubleshooting 2. Diagnostic 3. Configuration

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 20 CCIE Collaboration v2.0 Modular Lab Exam Skill Assessment

A B Problem Solution

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 21 CCIE Collaboration v2.0 Modular Lab Exam Skill Assessment

TS A B Problem Solution

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 22 CCIE Collaboration v2.0 Modular Lab Exam Skill Assessment

TS DIAG A B Problem Solution

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 23 CCIE Collaboration v2.0 Modular Lab Exam Skill Assessment

Y Z Design Implementation Requirement Decision

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 24 CCIE Collaboration v2.0 Modular Lab Exam Skill Assessment

Y CFGZ Design Implementation Requirement Decision

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 25 CCIE Collaboration v2.0 Modular Lab Exam Skill Assessment Overview TS DIAG CFG • Resolve networking • Perceive problem areas • Abstract functional element of problems • Analyze symptoms of complex Collaboration • Use IOS and other networking issues, identify and network environment troubleshooting tools describe root cause • Understand how solution • Apply troubleshooting • Correlate information from components interoperate methodologies multiple sources • Implement Collaboration • Troubleshoot Collaboration • Discern appropriate solution technologies (any topic on the technologies (any topic on • Apply troubleshooting blueprint) the blueprint) Methodologies • Design appropriate solutions • Implement and verify • Troubleshoot Collaboration to Collaboration network working solution to resolve technologies (any topic on the challenges within constraints networking issues blueprint) and verify functionality

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 26 CCIE Collaboration v2.0 Modular Lab Exam Timing

• TS is maximum 150min

• DIAG is fixed to 60min

• CFG is 8h minus (TS + DIAG) == minimum 270min

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 27 CCIE Collaboration v2.0 Modular Lab Exam Scoring

• 2 required conditions to PASS: • #1: MUST meet or exceed each module’s minScore • #2: MUST meet or exceed the Lab’s TOTAL cutScore

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 28 Example#1: PASS + FAIL+ PASS = FAIL! Module Total score Min score Cut score Candidate 1 Score PASS/FAIL

TS 20 10 14 TS 15 PASS

DIAG 10 4 6 DIAG 2 FAIL

CFG 70 35 50 CFG 55 PASS

100 70 LAB 72 FAIL

• #1: DIDN’t meet or exceed each module’s minScore • #2: met or exceeded the Lab’s TOTAL cutScore

• Strong in both TS and CFG but very weak in DIAG.

This example is for illustration only! Actual values vary per exam questionnaire!

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 29 Example#2: PASS + PASS + PASS = FAIL! Module Total score Min score Cut score Candidate 2 Score PASS/FAIL

TS 20 10 14 TS 12 PASS

DIAG 10 4 6 DIAG 5 PASS

CFG 70 35 50 CFG 40 PASS

100 70 LAB 57 FAIL

• #1: met or exceeded each module’s minScore • #2: DIDN’T meet or exceed the Lab’s TOTAL cutScore

• Passed all modules minScore, but total < cutScore!

This example is for illustration only! Actual values vary per exam questionnaire!

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 30 Example#3: PASS + PASS + PASS = PASS! Module Total score Min score Cut score Candidate 3 Score PASS/FAIL

TS 20 10 14 TS 10 PASS

DIAG 10 4 6 DIAG 8 PASS

CFG 70 35 50 CFG 52 PASS

100 70 LAB 70 PASS

• #1: met or exceeded each module’s minScore • #2: met or exceeded the Lab’s TOTAL cutScore • Compensated a weakness in TS with strength in CFG!

• TS( minScore < score < cut score )

This example is for illustration only! Actual values vary per exam questionnaire!

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 31 Session 4: Lab Exam Diagnostic Module with Case Studies CCIE Collaboration v2.0 Modular Lab Exam Skill Assessment TS DIAG CFG • Resolve networking • Perceive problem areas • Abstract functional element of problems • Analyze symptoms of complex Collaboration • Use IOS and other networking issues, identify and network environment troubleshooting tools describe root cause • Understand how solution • Apply troubleshooting • Correlate information from components interoperate methodologies multiple sources • Implement Collaboration • Troubleshoot Collaboration • Discern appropriate solution technologies (any topic on the technologies (any topic on • Apply troubleshooting blueprint) the blueprint) Methodologies • Design appropriate solutions • Implement and verify • Troubleshoot Collaboration to Collaboration network working solution to resolve technologies (any topic on the challenges within constraints networking issues blueprint) and verify functionality

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 33 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Question Format

• A DIAG question consists of: • Question Body • Multiple document sources to assist candidates in making the correct diagnosis: • Email Threads • Topology Diagram • Device configuration files (IOS or device screenshots) • Debug or traces files • MCSA or MCMA options

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 34 DIAG Exam Guidelines

• Play the role of a support engineer and understand the situation, analyze the documentation, correlate information and discern between relevant vs non-relevant data point, make a choice between the options.

• Read the entire question and options before diving into the additional resources (email thread, topology diagram, logs, …)

• Select as many options as requested.

• No partial scoring on item level.

• Answers can be changed until timer is expired, final answers are auto-submitted.

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 35 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Methodology

• Game plan: 1. Understand the problem • Use Question body and customer email threads 2. Analyze the documentation • Process email, topology and debug/trace files 3. Correlate and Discern between relevant and non-relevant data point • Review and summarize provided facts • Apply technical knowledge to: • Identify key events in all documentation • Email - problem in customer’s own words – some useful, some not. • Traces and/or debugs – correlation protocol facts with problem description • Arrive at diagnostic snapshot 4. Choose the next step • Eliminate wrong or irrelevant options

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 36 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study I

• DIAG Question 1:

• John K, a Cisco Collaboration engineer at Customer.com, emailed to inform you that an user of a Cisco 8845 phone has been complaining about intermittent failures when he uses the numeric keypad to dial to voicemail pilot number to check messages. The user hears fast busy tones on failed calls. • Attached in the email is a snippet of CUCM SDI trace file which, according to John, was captured when the problem occurred. • Review the topology diagram, customer’s email and, the SDI trace file snippet and select the next step to troubleshoot this problem.

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 37 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study I (Cont’d)

• DIAG Question 1 Supplementary Document I: Topology

IP 8845 Phone Cisco Unified Communications Manager Cisco Unity Connection Cluster

DN: 2003 Publisher (Secondary Call Processing Node)

IP address: VM Pilot number: 2220 10.1.1.1 IP address: SEPF8B7E29503F0 IP address: Subscriber 1 (Primary Call Processing Node) 10.1.1.5 10.10.1.32 IP address: 10.1.1.2

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 38 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study I (Cont’d)

• DIAG Question 1 Supplementary Document II: EMAIL From Customer

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 39 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study I (Cont’d)

• DIAG Question 1 Supplementary Document III: UCM Trace Snippet 1

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 40 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study I (Cont’d)

• DIAG Question 1 Supplementary Document III: UCM Trace Snippet 2

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 41 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study I (Cont’d)

• DIAG Question 1: Answer Options • Choose one answer.  The snippet captured the call from customer’s description, but we need additional SDI traces to inspect potential Digit Analysis exceptions  The call in the snippet is not captured from the correct CUCM node, request SDI trace from all other nodes at the same time  The snippet captured the call from customer’s description, request traces from the Cisco Unity Connection to make sure the call arrived  The snippet did not capture the call from customer’s description, need to request another round of traces with the correct dialing method  The snippet showed the phone dialed correctly, inform customer to raise a case with the networking infrastructure team to see if packet drops exists on the network  The call in the snippet is an SIP Early offer, check to see if it is supported on CUC  The snippet showed the device is defective, raise an RMA to replace the phone

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 42 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study I: Debrief

• Game plan: Step 1: Understand the problem: • From Question body:

• From Customer email:

• Problem Summary: • Intermittent call failure from an 8845 IP phone to voicemail pilot when dialing via keypad

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 43 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study I: Debrief • Game plan: Step 2: Analyze the documentation: Customer email

Useful information: • Voicemail pilot: 2220 • User dials from phone keypad • Fast busy tone sometimes

Less useful information, but okay to know: • New 8845 IP phone

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 44 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study I: Debrief • Game plan: Step 2: Analyze the documentation: Topology

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 45 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study I: Debrief • Game plan: Step 2: Analyze the documentation: UCM Trace Snippet 1

The Most Valuable Information (MVI): • SIP INVITE from phone to UCM

Less useful information, but okay to know: • SDP in SIP INVITE

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 46 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study I: Debrief

• Game plan: Step 3: Correlate and Discern: • Review and summarize provided facts: • Question and customer email says voicemail pilot number was dialed via keypad entry • Provided UCM trace showed all digits came in a single SIP INVITE • Apply technical knowledges: • Background technical knowledge candidates should know about the given Collab setup: • SIP protocol between 8845 and UCM • Two ways to call VM from the phone: voicemail button vs individual numeric keypad entry • Individual dialed digits are collected via SIP SUBSCRIBE and multiple NOTIFY messages

• Arrive at diagnostic snapshot • The trace provided by the customer showed a call from an 8845 phone to the voicemail pilot number, but: • It was dialed by pressing the voicemail button instead of entering individual numeric keypad • The next step to troubleshoot this problem is:

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 47 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study I: Final Answer

• Game plan: Step 4: Choose the Next Step: • Choose one answer. The snippet captured the call from customer’s description, but we need additional SDI traces to inspect potential Digit Analysis exceptions The call in the snippet is not captured from the correct CUCM node, request SDI trace from all other nodes at the same time The snippet captured the call from customer’s description, request traces from the Cisco Unity Connection to make sure the call arrived The snippet did not capture the call from customer’s description, need to request another round of traces with the correct dialing method The snippet showed the phone dialed correctly, inform customer to raise a case with the networking infrastructure team to see if packet drops exists on the network The call in the snippet is an Sip Early offer, check to see if it is supported on CUC The snippet showed the device is defective, raise an RMA to replace the phone

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 48 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study II

• DIAG Question 2:

• John K, a Cisco Collaboration engineer at Customer.com, emailed to inform you that he could not register a new IP phone 8845 phone to a CUCME router which already has a IP phone 8865 registered. • Attached in the email thread in which John provided the CUCME router’s configuration as well as a screenshot captured on the phone which failed to register • Select the next step to get the new phone to register

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 49 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study II (Cont’d)

• DIAG Question 2 Supplementary Document: EMAIL #1 From Customer with router configuration

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 50 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study (Cont’d) • DIAG Question 2 Supplementary Document II: CUCME router configuration: Kool-CUCME#sh run voice-card 0 voice register pool 4 Building configuration... ! busy-trigger-per-button 2 version 15.7 voice service voip id mac F8B7.E295.081A service timestamps debug datetime msec allow-connections sip to sip session-transport tcp service timestamps log datetime msec sip type 8845 no service password-encryption registrar server number 1 dn 4 ! ! ! hostname Kool-CUCME voice register global license udi pid CISCO2951/K9 sn ! mode cme FTX1740ALJA boot-start-marker source-address 10.20.1.254 port 5060 ! boot system flash flash:c2951-universalk9- max-dn 24 interface GigabitEthernet1/0 mz.SPA.157-3.M.bin max-pool 6 description MGMT-To-SW boot-end-marker create profile sync 5395493377521517 ip address 10.1.1.1 255.255.255.0 ! camera ! enable password secret video interface GigabitEthernet1/1 ! auto-register description Internal switch interface no aaa new-model ! connected to Service Module ! voice register dn 3 switchport mode trunk ip dhcp excluded-address 10.20.1.1 10.20.1.100 number 1003 no ip address ! ! ! ip dhcp pool phones voice register dn 4 interface Vlan20 network 10.20.1.0 255.255.255.0 number 1004 description Voice option 150 ip 10.20.1.254 ! ip address 10.20.1.254 255.255.255.0 default-router 10.20.1.254 voice register pool 3 ! lease infinite busy-trigger-per-button 2 interface Vlan22 ! id mac 94D4.690C.E1EE description data no ip domain lookup session-transport tcp ip address 10.22.1.254 255.255.255.0 type 8865 number 1 dn 3

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 51 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study (Cont’d)

• DIAG Question 2 Supplementary Document II: CUCME router “show voice register global”

Kool-CUCME# sh voice register global Max redirect number is 5 Total SIP phones registered: 1 CONFIG [Version=12.0] IP QoS DSCP: Total Registration Statistics ======ef (the MS 6 bits, 46, in ToS, 0xB8) for media Registration requests : 88 Version 12.0 cs3 (the MS 6 bits, 24, in ToS, 0x60) for signal Registration success : 36 Mode is cme af41 (the MS 6 bits, 34, in ToS, 0x88) for video Registration failed : 6 Auto-registration is enabled default (the MS 6 bits, 0, in ToS, 0x0) for service unRegister requests : 34 Max-pool is 6 Telnet Level: 0 unRegister success : 34 Max-dn is 24 Tftp path is system: /cme/sipphone unRegister failed : 0 Outbound-proxy is enabled and will use global Generate text file is disabled Auto-Register requests : 0 configured value Tftp files are created, current syncinfo 5395493377521517 Attempts to register Security Policy: DEVICE-DEFAULT OS79XX.TXT is not created after last unregister : 20 Forced Authorization Code Refer is enabled timeout interdigit 10 Last register request time : Source-address is 10.20.1.254 port 5060 timeout transfer recall 0 *10:47:37.031 UTC Wed April 4 2018 Time-format is 12 network-locale[0] US (This is the default network locale for Last unregister request time : Date-format is M/D/Y this box) *10:02:09.831 UTC Wed April 4 2018 Time-zone is 5 network-locale[1] US Register success time : *09:57:09.832 Hold-alert is disabled network-locale[2] US UTC Wed April 4 2018 Mwi stutter is disabled network-locale[3] US Unregister success time : Mwi registration for full E.164 is disabled network-locale[4] US *10:02:09.831 UTC Wed April 4 2018 Forwarding local is enabled user-locale[0] US (This is the default user locale for this box) Video is enabled user-locale[1] US Camera is enabled user-locale[2] US Kool-CUCME# Privacy is enabled user-locale[3] US Privacy-on-hold is disabled user-locale[4] US Conference hardware is disabled MWI unsolicited notify is disabled Dst auto adjust is enabled Active registrations : 1 start at Apr week 1 day Sun time 02:00 stop at Oct week 8 day Sun time 02:00

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 52 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study II (Cont’d)

• DIAG Question 2 Supplementary Document: EMAIL #2 From Support to Customer

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 53 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study II (Cont’d)

• DIAG Question 2 Supplementary Document: EMAIL #3 From Customer to Support

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 54 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study II (Cont’d)

• DIAG Question 2 Supplementary Document: EMAIL #3 Attachment From Customer to Support

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 55 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study II (Cont’d)

• DIAG Question 2 Supplementary Document: EMAIL #3 Attachment From Customer to Support

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 56 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study II (Cont’d)

• DIAG Question 2: Answer Options • Choose two correct answers.  Add “ip helper-address” to L3 interfaces on the Kool-CUCME router  Perform password recovery on ESW and then correct the voice vlan value on the port connected to the new 8845 phone  Delete configuration on the Kool-CUCME router for the 8865 phone so that the new 8845 can register  “id mac” was mistyped for the new 8845 phone, fix the typo on the Kool-CUCME router  Manually force voice vlan on the 8845 phone by entering 20 under “Admin VLAN ID”  Under “voice service voip” and “sip’, bind SIP control traffic to the vlan 20 interface  Add another DHCP scope for vlan 22 subnet on the Kool-CUCME router  Need to disable “auto-register” under “voice register global”

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 57 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study II: Debrief

• Game plan: Step 1: Understand the problem: • From Question body:

• From Customer email:

• Problem Summary: • Can’t register a new SIP phone (8845) to a CUCME router which is currently servicing an existing, operational SIP phone.

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 58 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study II: Debrief • Game plan: Step 2: Analyze the documentation: Customer email

Useful information: • New Install • New phone added by copying and modifying config • Phone stuck at Detecting network • 8845 SIP phone’s MAC

Less useful information: • Urgency and priority

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 59 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study II: Debrief • Game plan: Step 2: Analyze the documentation: CUCME Config

Useful Info: • Router DHCP • Exclude address • Note DHCP IP and subnet info • Check SIP registrar service • SIP lineside global and phone config • L3 IP network info

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 60 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study II: Debrief • Game plan: Step 2: Analyze the documentation: show voice register global

Useful information: • Confirms existing registration

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 61 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study II: Debrief • Game plan: Step 2: Analyze the documentation: 2nd email from customer

Useful Info: • ESW module Very Important Info: • No enable access to ESW

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 62 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study II (Cont’d) • Game plan: Step 2: Analyze the documentation: Phone Screenshot

• DIAG Question 2 Supplementary Document: EMAIL #3 Attachment From Customer to Support

The Most Valuable Information (MVI): • Operational VLAN ID: 22 • This translates to “switchport voice vlan 22” for the interface connected to this phone

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 63 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study II (Cont’d) • Game plan: Step 2: Analyze the documentation: Router DHCP lease

• DIAG Question 2 Supplementary Document: EMAIL #3 Attachment From Customer to Support

Useful information:

• The entry is for the existing phone • New phone did not receive DHCP lease

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 64 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study II: Debrief • Game plan: Step 3: Correlate and Discern: • Review and summarize known facts: • CUCME SIP phone related configuration appears to be correct • Phone screenshot showed wrong operational VLAN: 22 instead of 20 • No DHCP scope configured on the router for data vlan 22 • Lack of DHCP lease adds evidence to Layer 2 configuration issue • Apply technical knowledges: • Background technical knowledge/facts candidates should know about the given setup: • Understanding of SIP endpoint (lineside) configuration for phones • Operational VLAN on phone is “switchport voice vlan x” on the switchport connected • L3 and upper OSI layers will not work until L2 works

• Arrive at diagnostic snapshot • Need to fix L2 first, but wait………. No enable access to ESW. What’s next?

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 65 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study II: Final Answer

• Game plan: Step 4: Choose correct options to get the phone registered: • Choose two answers. Add “ip helper-address” to L3 interfaces on the Kool-CUCME router Perform password recovery on ESW and then correct the voice vlan value on the port connected to the new 8845 phone Delete configuration on the Kool-CUCME router for the 8865 phone so that the new 8845 can register “id mac” was mistyped for the new 8845 phone, fix the typo on the Kool-CUCME router Manually force voice vlan on the 8845 phone by entering 20 under “Admin VLAN ID” Under “voice service voip” and “sip’, bind SIP control traffic to the vlan 20 interface Add another DHCP scope for vlan 22 subnet on the Kool-CUCME router Need to disable “auto-register” under “voice register global”

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 66 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study III

• DIAG Question 3: • John K, a Cisco Collaboration engineer at customer.com, emailed to inform you that an user imported from LDAP on the UCM is able to login to Jabber over MRA however phone services don’t register.

• Attached in the email is a snippet of Expressway-Core / Expressway- Edge and Jabber Logs which according to John were captured when the problem occurred.

• Review the topology diagram, customer’s email and, the logs and select the next step to troubleshoot this problem.

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 67 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study III (Cont’d)

• DIAG Question 3: Supplementary Document I: Topology

Jabber Client External DNS Expressway-Edge Expressway Core Internal DNS CUCM Home UDS IM&P Server

Expressway-Edge Expressway-Core Single-Node CUCM Single-Node IMP 10.201.203.76 10.201.203.75 10.201.203.67 10.201.203.72

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 68 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study III(Cont’d)

• DIAG Question 3 Supplementary Document II: EMAIL From Customer

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 69 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study III (Cont’d)

• DIAG Question 3 Supplementary Document II: Jabber Logs

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 70 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study III (Cont’d)

• DIAG Question 3 Supplementary Document III: Expressway-E Logs

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 71 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study III (Cont’d) • DIAG Question 3 Supplementary Document III: Expressway-C Logs

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 72 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study III (Cont’d)

• DIAG Question 3: Answer options • Choose one answer.

 The issue cannot be identified as the CUCM Logs are missing

 The REGISTER message is hitting the CUCM on the wrong port

 The snippet did not capture the REGISTER attempt from customer’s description, need to request another round of traces with the correct traces

 The Jabber device is not configured as a CSF device on the CUCM

 Check to see if there is a SIP trunk on the CUCM pointing to Expressway-C which is listening on port 5060

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 73 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study III: Debrief

• Game plan: Step 1: Understand the problem: • From Question body:

• From Customer email:

• Problem Summary: • Jabber client can login over MRA but phone services does not work

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 74 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study III: Debrief • Game plan: Step 2: Analyze the documentation: Jabber logs

Useful information:

• Jabber client sent SIP REGISTER

• Jabber clients received “405 Method Not Allowed” from Expressway-E

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 75 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study III: Debrief • Game plan: Step 2: Analyze the documentation: Expressway-E Logs

Useful information:

• Expressway-E sent SIP REGISTER to Expressway-C

• Expressway-E received “405 Method Not Allowed” from Expressway-C

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 76 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study III: Debrief • Game plan: Step 2: Analyze the documentation: Expressway-C Logs

Useful Information

• Expressway-C sent SIP REGISTER to UCM

• Expressway-C received “405 Method Not Allowed” from UCM with…..

Most Valuable Information (MVI):

• Warning: “SIP trunk disallows REGISTER” from UCM

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 77 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study III: Debrief • Game plan: Step 3: Correlate and Discern: • Review and summarize known facts: • Jabber client can login over MRA but phone services fails • Jabber client received SIP 405 Method not Allowed from Expressway-E • Expressway-E received the same 405 Client Failure from Expressway-C • Expressway-C received SIP 405 Method not Allowed from UCM with Warning of “SIP trunk disallows REGISTER” • Phone services works fine if Jabber client is on internal network • Apply technical knowledges: • Background technical knowledge/facts candidates should know about the given setup: • The REGISTER message is hitting the UCM on port 5060 and there is a trunk configured on the UCM towards the Expressway-Core listening for incoming traffic from the Expressway Core on port 5060 . The REGISTER is thus hitting the Trunk instead of the UCM and the Trunk is not allowing registration. Customer needs to change the listening port on the trunk to a port other than 5060 / 5061

• Arrive at diagnostic snapshot • Need to check UCM SIP trunk configuration and listening port

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 78 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study III: Final Answer

• DIAG Question 3: Answer options • Choose one answer.  The issue cannot be identified as the CUCM Logs are missing

 The Expressway-C is sending the REGISTER message to the CUCM on the wrong port

 The snippet did not capture the REGISTER attempt from customer’s description, need to request another round of traces with the correct traces

 The Jabber device is not configured as a CSF device on the CUCM

 Check to see if there is a SIP trunk on the UCM pointing to Expressway-C which is listening on port 5060

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 79 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study IV

• DIAG Question 4: • John K, a Cisco Collaboration engineer at customer.com, emailed to inform that Users are not able to initiate Adhoc conference calls using the CMS server.

• Attached in the email is a snippet of UCM logs , CMS logs and screenshots of the UCM.

• Review the topology diagram, customer’s email and, the logs and select the next step to troubleshoot this problem.

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 80 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study IV (Cont’d)

• DIAG Question 4: Supplementary Document I: Topology

User1(1002)

Jabber Client

CMS Server CUCM Jabber Client User2(1003) Single node CMS Single-Node Jabber Client cms.ciscolive.com CUCM IP : 192.168.122.17 cucm.ciscolive.com User3(1004) Webadmin FQDN : IP: 192.168.122.15 webadmin.cmslab.com Webadmin Port : 445 CallBridge FQDN : callbridge.cmslab.com

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 81 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study IV (Cont’d)

• DIAG Question 4 Supplementary Document II: EMAIL From Customer

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 82 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study IV (Cont’d)

• DIAG Question 4 Supplementary Document II: CMS Logs

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 83 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study IV (Cont’d)

• DIAG Question 4 Supplementary Document II: UCM SDI Traces

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 84 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study IV (Cont’d)

• DIAG Question 4: Answer options • Choose one answer.  Issue cannot be identified as the UCM Tomcat Logs are missing

 Issue cannot be identified without additional logs from the CMS

 The snippet did not capture the registration attempt from customer’s description, need to request another round of traces

 The UCM is trying to connect to port 443 on the CMS which is not the webadmin port

 Issue appears to be a network issue between the UCM and the CMS server

 Issue cannot be identified without packet captures on the UCM and the CMS

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 85 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study IV: Debrief

• Game plan: Step 1: Understand the problem: • From Question body:

• From Customer email:

• Problem Summary: • CMS failed to register to UCM as an adhoc conferencing resource and user cannot initiate adhoc conference

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 86 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study IV: Debrief • Game plan: Step 2: Analyze the documentation: UCM SDI Trace

Useful information:

• UCM attempting to connect to CMS at https://192.168.122.17:443 but not able to do so

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 87 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study IV: Debrief • Game plan: Step 2: Analyze the documentation: Topology

Most Valuable Information (MVI)

• UCM attempting to connect to CMS’s webadmin at https://192.168.122.17:443 but CMS listens to port 445

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 88 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study IV: Debrief • Game plan: Step 3: Correlate and Discern: • Review and summarize known facts: • CMS as an Ad Hoc conference bridge for UCM is not registered • UCM users cannot initiate Ad Hoc conferences using the CMS as conference bridge • CMS Web Admin listens to port 445 (as shown on the topology diagram) • UCM attempts to contact CMS on port 443 (as shown on the UCM SDI trace) • Apply technical knowledges: • Background technical knowledge/facts candidates should know about the given setup: • For CMS to work as Ad Hoc conference bridge, UCM needs to make an API call to CMS to create the conference • UCM needs to have the correct API credentials and Web Admin address and port configured

• Arrive at diagnostic snapshot • Need to check to make sure the Web Admin port matches between UCM and CMS

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 89 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study IV: Final Answer

• DIAG Question 4: Answer options • Choose one answer.  Issue cannot be identified as the UCM Tomcat Logs are missing

 Issue cannot be identified without additional logs from the CMS

 The snippet did not capture the registration attempt from customer’s description, need to request another round of traces

 The UCM is trying to connect to port 443 on the CMS which is not the webadmin port

 Issue appears to be a network issue between the UCM and the CMS server

 Issue cannot be identified without packet captures on the UCM and the CMS

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 90 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study V

• DIAG Question 5: • John K, a Cisco Collaboration engineer at customer.com, emailed to inform you that an user imported from LDAP on the UCM is able to login to Jabber over MRA however phone services don’t register. • Attached in the email is a snippet of Expressway-Edge ,Jabber Logs and packet captures from the Jabber PC which according to John were captured when the problem occurred. • Review the topology diagram, customer’s email and, the logs and select the next step to troubleshoot this problem.

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 91 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study V (Cont’d)

• DIAG Question 5: Supplementary Document I: Topology

Jabber Client External DNS Expressway-Edge Expressway Core Internal DNS CUCM Home UDS IM&P Server

Expressway-Edge Expressway-Core Single-Node CUCM Single-Node IMP 10.201.203.76 10.201.203.75 10.201.203.67 10.201.203.72

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 92 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study V(Cont’d)

• DIAG Question 5 Supplementary Document II: EMAIL From Customer

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 93 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study V (Cont’d)

• DIAG Question 5 Supplementary Document III: Jabber Logs

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 94 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study V (Cont’d) • DIAG Question 5 Supplementary Document IV: Jabber PC Packet Captures

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 95 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study V (Cont’d)

• DIAG Question 5 Supplementary Document V: Expressway-E Logs

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 96 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study V (Cont’d)

• DIAG Question 5: Answer options • Choose one answer. The issue cannot be identified as the Expressway-E packet captures are missing The firewall is closing the TCP connection The snippet did not capture the symptoms the customer is reporting Check if the firewall has Phone Proxy feature enabled The firewall is blocking the TCP connections

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 97 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study V: Debrief

• Game plan: Step 1: Understand the problem: • From Question body:

• From Customer email:

• Problem Summary: • Jabber client can login over MRA but phone services does not work

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 98 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study V: Debrief • Game plan: Step 2: Analyze the documentation: Jabber logs DIAG Question 5 Supplementary Document III: Jabber Logs

Useful information:

• Jabber client failed to Verify identity of the Expressway server in the CN of the cert presented by the Expressway • SSL connection to the Expressway on port 5061 failed

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 99 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study V: Debrief • Game plan: Step 2: Analyze the documentation: Expressway-E Logs DIAG Question 5 Supplementary Document IV: Jabber Packet Captures

Useful information: • Server certificate is presented by the Expressway Most Valuable Information (MVI): • Common name on the server certificate is _internal_PP_ctl_phoneprox y_file

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 100 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study V: Debrief • Game plan: Step 2: Analyze the documentation: Expressway-E Logs

Useful Information

• TCP connection from Jabber to Expressway-E gets established on port 5061

• TCP connection closes within a second with an EOF on socket

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 101 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study V: Debrief • Game plan: Step 3: Correlate and Discern: • Review and summarize known facts: • Jabber client can login over MRA but phone services fails • Jabber client failed to Verify identity of the Expressway server in the CN of the cert presented by the Expressway on port 5061 • Common name on the Expressway server certificate is _internal_PP_ctl_phoneproxy_file • Phone services works fine if Jabber client is on internal network • Apply technical knowledges: • Background technical knowledge/facts candidates should know about the given setup: • The common name on the Expressway Server certificate should match the hostname of the Expressway server. Jabber verifies to see if the Common name on the certificate matches against the hostname of the Expressway.

• Arrive at diagnostic snapshot • Need to check if Phone Proxy is enabled on the ASA.

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 102 CCIE Collaboration Modular Lab Exam Diagnostic (DIAG) Case Study V: Final Answer

• DIAG Question 5: Answer options • Choose one answer. The issue cannot be identified as the Expressway-E packet captures are missing The firewall is closing the TCP connection The snippet did not capture the symptoms the customer is reporting Check if the firewall has Phone Proxy feature enabled The firewall is blocking the TCP connections

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 103 Session 5: Lab Exam Troubleshooting Module with Case Studies CCIE Collaboration v2.0 Modular Lab Exam Skill Assessment TS DIAG CFG • Resolve networking • Perceive problem areas • Abstract functional element of problems • Analyze symptoms of complex Collaboration • Use IOS and other networking issues, identify and network environment troubleshooting tools describe root cause • Understand how solution • Apply troubleshooting • Correlate information from components interoperate methodologies multiple sources • Implement Collaboration • Troubleshoot Collaboration • Discern appropriate solution technologies (any topic on the technologies (any topic on • Apply troubleshooting blueprint) the blueprint) Methodologies • Design appropriate solutions • Implement and verify • Troubleshoot Collaboration to Collaboration network working solution to resolve technologies (any topic on the challenges within constraints networking issues blueprint) and verify functionality

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 105 CCIE Collaboration Modular Lab Exam – Troubleshooting (TS)

• Troubleshooting (TS) Question Characteristics: • Hands-on, administrative access to devices/applications provided • Goal is to resolve multiple pre-injected faults (Tickets or Incident) in the topology • Devices/application preconfigured • Faults pre-injected • Each ticket involves a question body that describes the symptoms and desired resolution • Dependency between faults is possible but kept at minimal • Restrictions to candidate’s solutions possible: • For example: Do not remove pre-configured route patterns; Do not route calls via alternate paths

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 106 CCIE Collaboration Modular Lab Exam: Troubleshooting (TS) Methodology

• Game plan: 1. Understand the problem • Use Question body 2. Narrow scope to critical components • Review topology diagram • Apply technical knowledge to identify critical components involved 3. Validate preconfigured states of critical components • Check and take mental notes of existing device/application configuration states • Apply technical knowledge to perform preliminary configuration checks 4. Collect and analyze traces/debugs • Collect and analyze traces • Pinpoint fault from trace/debug analysis 5. Implement the fix 6. Verify solution against problem statement

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 107 CCIE Collaboration Modular Lab Exam Troubleshooting (TS) Case Study I

• TS Question 1: All PSTN calls originated from HQ UCM cluster should be sent to the Internet Telephony Service Provider (ITSP) via the HQ-CUBE. HQ users reported that they cannot call any international destinations. HQ users’ dialing habit for international calls is dialing 9011 followed by variable length numbers, sometimes with trailing # and sometimes without it. The ITSP expects 011 prefixed to called numbers and +E.164 calling numbers for international calls. Troubleshoot and make the necessary configuration changes so that these calls complete through the desired path. Restrictions: • Do not add or remove any preconfigured Translation Patterns or Route Patterns on UCM • Do not add or remove any dial-peers on HQ-CUBE • Do not use any alternate path through UCM or gateways of other sites

4 Points

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 108 CCIE Collaboration Modular Lab Exam Troubleshooting (TS) Case Study I: Debrief

• Game plan: Step 1: Understand the problem:

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 109 CCIE Collaboration Modular Lab Exam Troubleshooting (TS) Case Study I: Debrief

• Game plan: Step 2: Narrow scope to critical components:

SIP SIP SIP

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 110 CCIE Collaboration Modular Lab Exam Troubleshooting (TS) Case Study I Debrief (Cont’d)

• Game plan: Step 2: Narrow scope to critical components: Device Details

Cisco Unified Communications Jabber Client Manager Cluster HQ-CUBE

DN: +14155251001 Publisher (Secondary Call Processing Node)

IP address: IP address: IP address: 10.1.1.1 64.100.26.254 10.10.1.254 PSTN Simulation

IP address: Subscriber 1 (Primary Call Processing Node) 10.20.1.11 IP address: ITSP 10.1.1.2 DN: +3227041234 IP address: 64.100.26.1

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 111 CCIE Collaboration Modular Lab Exam Troubleshooting (TS) Case Study I Debrief (Cont’d)

• Game plan: Step 3: Validate preconfigured states: Jabber Client

Jabber Client

DN: +14155251001

IP address: 10.20.1.11

Validate and take mental (or written) notes on other important configuration fields: • Partition and CSS • Device Pool • Any other settings you deem important

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 112 CCIE Collaboration Modular Lab Exam Troubleshooting (TS) Case Study I Debrief (Cont’d)

• Game plan: Step 3: Validate preconfigured states: UCM configuration

Preconfigured Translation Patterns: Cisco Unified Communications Manager Cluster

Publisher (Secondary Call Processing Node) IP address: 10.1.1.1

Subscriber 1 (Primary Call Processing Node) IP address: Preconfigured Route Patterns: 10.1.1.2

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 113 CCIE Collaboration Modular Lab Exam Troubleshooting (TS) Case Study I Debrief (Cont’d) • Game plan: Step 3: Validate preconfigured states: UCM Translation Pattern Details I

Cisco Unified Communications Manager Cluster

Publisher (Secondary Call Processing Node) IP address: 10.1.1.1

Subscriber 1 (Primary Call Processing Node) IP address: 10.1.1.2

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 114 CCIE Collaboration Modular Lab Exam Troubleshooting (TS) Case Study I Debrief (Cont’d) • Game plan: Step 3: Validate preconfigured states: UCM Translation Pattern Details II

Cisco Unified Communications Manager Cluster

Publisher (Secondary Call Processing Node) IP address: 10.1.1.1

Subscriber 1 (Primary Call Processing Node) IP address: 10.1.1.2

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 115 CCIE Collaboration Modular Lab Exam Troubleshooting (TS) Case Study I Debrief (Cont’d) • Game plan: Step 3: Validate preconfigured states: UCM Route List

Cisco Unified Communications Manager Cluster

Publisher (Secondary Call Processing Node) IP address: 10.1.1.1

Subscriber 1 (Primary Call Processing Node) IP address: 10.1.1.2

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 116 CCIE Collaboration Modular Lab Exam Troubleshooting (TS) Case Study I Debrief (Cont’d) • Game plan: Step 3: Validate preconfigured states: UCM Route Group

Cisco Unified Communications Manager Cluster

Publisher (Secondary Call Processing Node) IP address: 10.1.1.1

Subscriber 1 (Primary Call Processing Node) IP address: 10.1.1.2

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 117 CCIE Collaboration Modular Lab Exam Troubleshooting (TS) Case Study I Debrief (Cont’d) • Game plan: Step 3: Validate preconfigured states: UCM SIP Trunk to HQ-CUBE

Cisco Unified Communications Manager Cluster

Publisher (Secondary Call Processing Node) IP address: 10.1.1.1

Subscriber 1 (Primary Call Processing Node) IP address: 10.1.1.2

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 118 CCIE Collaboration Modular Lab Exam Troubleshooting (TS) Case Study I Debrief (Cont’d) • Game plan: Step 3: Validate preconfigured states: HQ-CUBE HQ-CUBE voice service voip IP address: 10.10.1.254 IP address: 64.100.26.254 mode border-element allow-connections sip to sip dial-peer voice 10 voip sip voice translation-rule 11 description Outbound to UCM; inbound match called PSTN numbers header-passing rule 1 /^\+1\([2-9]..[2-9]...... \)/ /\1/ translation-profile outgoing inbound-add-plus midcall-signaling passthru rule 2 /^\+\([2-9]\)/ /\1/ session protocol sipv2 ! ! session transport udp voice class codec 1 voice translation-rule 12 session server-group 1 codec preference 1 g711ulaw rule 1 /^\([2-9]...... \)/ /+1\1/ destination e164-pattern-map 1 codec preference 2 g729r8 rule 2 /^\([2-9]\)/ /+\1/ incoming called e164-pattern-map 2 ! ! voice-class codec 1 voice class e164-pattern-map 1 voice translation-rule 101 voice-class sip bind control source-interface GigabitEthernet1 description HQ UCM numbers rule 1 /^\+\(1[2-9]..[2-9]...... \)/ /\1/ voice-class sip bind media source-interface GigabitEthernet1 e164 415525.... rule 2 /^\+\([2-9]\)/ /01\1/ dtmf-relay rtp-nte ! ! no vad voice class e164-pattern-map 2 voice translation-rule 201 ! description PSTN e164 Patterns rule 1 /^\([2-9]...... \)/ /+1\1/ dial-peer voice 64 voip e164 +1[2-9]..[2-9]...... ! description Outbound to PSTN; inbound called SME/CUCM numbers e164 +[2-9]T voice translation-profile inbound-add-plus translation-profile outgoing outbound-strip-plus ! translate calling 12 session protocol sipv2 voice class server-group 1 translate called 201 session transport udp ipv4 10.1.1.1 preference 2 ! session server-group 2 ipv4 10.1.1.2 preference 1 voice translation-profile outbound-strip-plus destination e164-pattern-map 2 description HQ-UCM translate calling 11 incoming called e164-pattern-map 1 ! translate called 101 voice-class codec 1 voice class server-group 2 ! voice-class sip early-offer forced ipv4 64.100.26.1 interface GigabitEthernet1 voice-class sip bind control source-interface GigabitEthernet2 description PSTN ip address 10.10.1.254 255.255.255.0 voice-class sip bind media source-interface GigabitEthernet2 ! dtmf-relay rtp-nte interface GigabitEthernet2 no vad ip address 64.100.26.254 255.255.255.0 #CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 119 CCIE Collaboration Modular Lab Exam Troubleshooting (TS) Case Study I Debrief (Cont’d) • Game plan: Step 4: Enable, Collect, Analyze Traces and debugs. It might be quicker to start from the edge and work your way back: i.e. did the call even reach the CUBE?

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 120 CCIE Collaboration Modular Lab Exam Troubleshooting (TS) Case Study I Debrief (Cont’d) • Game plan: Step 4: Enable “Detailed” trace on UCM

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 121 CCIE Collaboration Modular Lab Exam Troubleshooting (TS) Case Study I Debrief (Cont’d) • Game plan: Step 4: Enable SIP debugs on CUBE. Then it’s time to test calls.

HQCUBE#debug ccsip message SIP Call messages tracing is enabled

Annunciator: Your call cannot be completed as HQCUBE#debug ccsip message dialed………….  SIP Call messages tracing is enabled

No debugs showed up on the CUBE. The call failed at UCM!

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 122 CCIE Collaboration Modular Lab Exam Troubleshooting (TS) Case Study I Debrief (Cont’d) • Game plan: Step 6: UCM SDI Trace Analysis

01077839.007 |00:49:55.362 |AppInfo |Digit analysis: patternUsage=2 01077839.008 |00:49:55.362 |AppInfo |Digit analysis: match(pi="2",fqcn="+14155251001", cn="+14155251001", plv="5", pss="PT-Internal-DN:PT-Global-Translation:Global Learned Enterprise Numbers:Global Learned E164 Numbers:Global Learned Enterprise Patterns:Global Learned E164 Patterns:PT-US-PSTN:PT-International-PSTN", TodFilteredPss="PT-Internal-DN:PT-Global- Translation:Global Learned Enterprise Numbers:Global Learned E164 Numbers:Global Learned Enterprise Patterns:Global Learned E164 Patterns:PT-US-PSTN:PT-International-PSTN", dd="90113227041234#",dac="0") 01077839.009 |00:49:55.362 |AppInfo |Digit analysis: potentialMatches=NoPotentialMatchesExist

UCM exhausted potential matches for “90113227041234#’

Which preconfigured pattern matches this? Let’s take another look.

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 123 CCIE Collaboration Modular Lab Exam Troubleshooting (TS) Case Study I Debrief (Cont’d) • Game plan: Step 5: Implementing the fix Translation Pattern, “9.011.!#” preconfigured “Called Party Transformations”:

The fix:

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 124 CCIE Collaboration Modular Lab Exam Troubleshooting (TS) Case Study I Debrief (Cont’d) • Game plan: Step 6: Verify Solutions: Place a call to the same number again

But wait……….SIP debugs are showing up on HQ-CUBE!! Annunciator: Your call cannot be completed as dialed…………. 

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 125 CCIE Collaboration Modular Lab Exam Troubleshooting (TS) Case Study I Debrief (Cont’d) • Game plan: Step 6: Let’s look at the SIP debugs on HQ-CUBE to see what happened:

*Jan 6 08:18:28.666: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg: Received: HQ-CUBE received a SIP INVITE INVITE sip:[email protected]:5060 SIP/2.0 Via: SIP/2.0/TCP 10.1.1.2:5060;branch=z9hG4bK68407b78cc from UCM: From: "HQ Jabber One" ;tag=6493~aad45c32-d9ea-4ec1-981c-48be3a5413f5-36968123 To: Calling number: +14155251001 Date: Wed, 06 Jan 2018 08:19:18 GMT Call-ID: [email protected] Called number: +3227041234 Supported: timer,resource-priority,replaces Min-SE: 1800 User-Agent: Cisco-CUCM12.0 Allow: INVITE, OPTIONS, INFO, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY CSeq: 101 INVITE Expires: 180 Allow-Events: presence, kpml Supported: X-cisco-srtp-fallback,X-cisco-original-called Call-Info: ;method="NOTIFY;Event=telephone-event;Duration=500" Call-Info: ;x-cisco-video-traffic-class=DESKTOP Session-ID: 00004f1100105000a0000050568c6b62;remote=00000000000000000000000000000000 Cisco-Guid: 1297042560-0000065536-0000000032-0205546538 Session-Expires: 1800 P-Asserted-Identity: "HQ Jabber One" Remote-Party-ID: "HQ Jabber One" ;party=calling;screen=yes;privacy=off Contact: ;video;audio;+u.sip!devicename.ccm.cisco.com="HQOneCSF";bfcp Max-Forwards: 69 Content-Length: 0

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 126 CCIE Collaboration Modular Lab Exam Troubleshooting (TS) Case Study I Debrief (Cont’d) • Game plan: Step 6: Let’s look at the SIP debugs on HQ-CUBE to see what happened:

*Jan 6 08:18:28.673: //63/4D4F4C800000/SIP/Msg/ccsipDisplayMsg: Sent: SIP/2.0 100 Trying Via: SIP/2.0/TCP 10.1.1.2:5060;branch=z9hG4bK68407b78cc From: "HQ Jabber One" ;tag=6493~aad45c32-d9ea-4ec1-981c-48be3a5413f5-36968123 To: Date: Wed, 06 Jan 2018 08:18:28 GMT Call-ID: [email protected] CSeq: 101 INVITE Allow-Events: telephone-event Server: Cisco-SIPGateway/IOS-16.3.6 Session-ID: 00000000000000000000000000000000;remote=00004f1100105000a0000050568c6b62 Content-Length: 0

HQ-CUBE sent 100 Trying to UCM:

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 127 CCIE Collaboration Modular Lab Exam Troubleshooting (TS) Case Study I Debrief (Cont’d) • Game plan: Step 6: Let’s look at the SIP debugs on HQ-CUBE to see what happened:

*Jan 6 08:18:28.676: //64/4D4F4C800000/SIP/Msg/ccsipDisplayMsg: Sent: INVITE sip:[email protected] SIP/2.0 Via: SIP/2.0/UDP 10.10.1.254:5060;branch=z9hG4bK3A1258 Remote-Party-ID: "HQ Jabber One" ;party=calling;screen=yes;privacy=off From: "HQ Jabber One" ;tag=2EF41743-10C5 To: Date: Wed, 06 Jan 2018 08:18:28 GMT HQ-CUBE sent a SIP INVITE to Call-ID: [email protected] ITSP: Supported: 100rel,timer,resource-priority,replaces,sdp-anat Min-SE: 1800 Cisco-Guid: 1297042560-0000065536-0000000032-0205546538 Calling number: +14155251001 User-Agent: Cisco-SIPGateway/IOS-16.3.6 Called number: 013227041234 Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY, INFO, REGISTER CSeq: 101 INVITE Timestamp: 1528273108 Contact: Expires: 180 Allow-Events: telephone-event Max-Forwards: 68 Session-ID: 00004f1100105000a0000050568c6b62;remote=00000000000000000000000000000000 Session-Expires: 1800 Content-Type: application/sdp Content-Disposition: session;handling=required Content-Length: 295

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 128 CCIE Collaboration Modular Lab Exam Troubleshooting (TS) Case Study I Debrief (Cont’d) • Game plan: Step 6: Let’s look at the SIP debugs on HQ-CUBE to see what happened:

*Jan 6 08:18:28.684: //64/4D4F4C800000/SIP/Msg/ccsipDisplayMsg: Received: SIP/2.0 404 Not Found Via: SIP/2.0/UDP 10.10.1.254:5060;branch=z9hG4bK3A1258 From: "HQ Jabber One" ;tag=2EF41743-10C5 To: ;tag=3ADC6E5A-257B Date: Wed, 06 Jan 2018 08:18:16 GMT HQ-CUBE received an SIP 404 Call-ID: [email protected] Not Found from ITSP: Timestamp: 1528273108 CSeq: 101 INVITE Allow-Events: telephone-event “No matching outgoing dial-peer” Warning: 399 64.100.26.1 "No matching outgoing dial-peer" Server: Cisco-SIPGateway/IOS-16.3.4 Reason: Q.850;cause=1 Session-ID: 00004f1100105000a0000050568c6b62;remote=45a84ed6169c59d0a01191e8dc42986b Content-Length: 0

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 129 CCIE Collaboration Modular Lab Exam Troubleshooting (TS) Case Study I Debrief (Cont’d) • Game plan: Step 6: Let’s look at the SIP debugs on HQ-CUBE to see what happened:

What’s not right and how can we fix it?

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 130 CCIE Collaboration Modular Lab Exam Troubleshooting (TS) Case Study II

TS Question 2:

Jabber Client ([email protected] ) registered to the HQ UCM is trying to make B2B calls to [email protected] using the Expressway infrastructure. These calls are failing for all internal users, calls to other external domains work fine.

4 Points

CUCM Home UDS Expressway Core Jabber Client Expressway-Edge External DNS

Single-Node CUCM Expressway-Core Expressway-Edge 10.201.203.67 10.201.203.75 10.201.203.76

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 131 CCIE Collaboration Modular Lab Exam Troubleshooting (TS) Case Study II Debrief (Cont’d)

• Game plan: Step 1: Understand the problem:

TS Question 2:

Jabber Client ([email protected] ) registered to the HQ UCM is trying to make B2B calls to [email protected] using the Expressway infrastructure. These calls are failing for all internal users, calls to other external domains work fine.

4 Points

. HQ Jabber Clients . Outbound calls to ccieexam.com fail . Calls to other external domains work

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 132 CCIE Collaboration Modular Lab Exam Troubleshooting (TS) Case Study II Debrief (Cont’d)

• Game plan: Step 2: Narrow scope to critical components:

CUCM Home UDS Expressway Core Jabber Expressway-Edge External DNS Client Single-Node CUCM Expressway-Core 2001@ccielab. Expressway-Edge 5001@ccieexa 10.201.202.152 10.201.203.67 com 72.163.219.244 m.com

SIP SIP SIP DNS Lookup SIP

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 133 CCIE Collaboration Modular Lab Exam Troubleshooting (TS) Case Study II Debrief (Cont’d) • Game plan: Step 4: Enable, Collect, Analyze Traces and debugs.

1. The UCM is the 1st point of entry , check if the dial plan on the UCM can route the call to the Expressway-Core • Use the DNA Tool on the UCM • Check UCM Traces 2. If the call hit the VCS , check if the search Rules on the VCS can route the call to the Expressway- Edge • Check the Search history • If the call is not being routed to the Expressway-E check Diagnostic logs 3. If the call hit the Expressway-E check if the Search rules can send the call to the DNS zone and if the _sip , _sips , h323ls or h323cs SRVs are resolving • Check the Search history • DNS Lookup Tool Utility on the Expressway • Check diagnostic Logs

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 134 CCIE Collaboration Modular Lab Exam Troubleshooting (TS) Case Study II Debrief (Cont’d)

• Game plan: Step 4: Enable, Collect, Analyze Traces and debugs (Dialed Number Analyzer)

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 135 CCIE Collaboration Modular Lab Exam Troubleshooting (TS) Case Study II Debrief (Cont’d) • Game plan: Step 4: Enable, Collect, Analyze Traces and debugs: Search History Expressway-C

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 136 CCIE Collaboration Modular Lab Exam Troubleshooting (TS) Case Study II Debrief (Cont’d) • Game plan: Step 4: Enable, Collect, Analyze Traces and debugs: Search History Expressway-E

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 137 CCIE Collaboration Modular Lab Exam Troubleshooting (TS) Case Study II Debrief (Cont’d) INVITE from the C to the E

Module="network.sip" Level="DEBUG": Action="Received" Local-ip="72.163.219.228" Local-port="7001" Src-ip="10.127.228.14" Src-port="26841" Msg-Hash="5157895310537734883" SIPMSG: |INVITE sip:[email protected] SIP/2.0 Via: SIP/2.0/TLS 10.127.228.14:5061;egress-zone=TraversalClientB2BDMZ;branch=

Search Rule towards DNS Zone matching

2018-05-31T01:51:16.333+05:30 vcs-e-cmr01 tvcs: UTCTime="2018-05-30 20:21:16,333" Module="network.search" Level="DEBUG": Detail="Considering search rule 'Route B2B Call towards DNS Zone' towards target 'DNS_Zone_B2B' at priority '80' with alias '[email protected]’”

_sips , sip , h323ls and h323cs SRVs failing

2018-05-31T01:51:16.432+05:30 vcs-e-cmr01 tvcs: UTCTime="2018-05-30 20:21:16,432" Module="network.dns" Level="DEBUG": Detail="Sending DNS query" Name="_sips._tcp.ccieexam.com" Type="SRV (IPv4 and IPv6)" 2018-05-31T01:51:16.514+05:30 vcs-e-cmr01 tvcs: UTCTime="2018-05-30 20:21:16,514" Module="network.dns" Level="DEBUG": Detail="Could not resolve hostname” 2018-05-31T01:51:16.514+05:30 vcs-e-cmr01 tvcs: UTCTime="2018-05-30 20:21:16,514" Module="network.dns" Level="DEBUG": Detail="Sending DNS query" Name="_sip._tcp.ccieexam.com" Type="SRV (IPv4 and IPv6)” 2018-05-31T01:51:16.514+05:30 vcs-e-cmr01 tvcs: UTCTime="2018-05-30 20:21:16,514" Module="network.dns" Level="DEBUG": Detail="Could not resolve hostname” 2018-05-31T01:51:16.682+05:30 vcs-e-cmr01 tvcs: UTCTime="2018-05-30 20:21:16,681" Module="network.dns" Level="DEBUG": Detail="Sending DNS query" Name="_h323ls._udp.ccieexam.com" Type="SRV (IPv4 and IPv6)" 2018-05-31T01:51:16.764+05:30 vcs-e-cmr01 tvcs: UTCTime="2018-05-30 20:21:16,763" Module="network.dns" Level="DEBUG": Detail="Could not resolve hostname" 2018-05-31T01:51:16.764+05:30 vcs-e-cmr01 tvcs: UTCTime="2018-05-30 20:21:16,764" Module="network.dns" Level="DEBUG": Detail="Sending DNS query" Name="_h323cs._tcp.ccieexam.com" Type="SRV (IPv4 and IPv6)" 2018-05-31T01:51:16.848+05:30 vcs-e-cmr01 tvcs: UTCTime="2018-05-30 20:21:16,847" Module="network.dns" Level="DEBUG": Detail="Could not resolve hostname”

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 138 CCIE Collaboration Modular Lab Exam Troubleshooting (TS) Case Study II Debrief (Cont’d)

404 Not Found sent back to the Expressway-Core

2018-05-31T01:51:16.851+05:30 vcs-e-cmr01 tvcs: UTCTime="2018-05-30 20:21:16,851" Module="network.sip" Level="DEBUG": Action="Sent" Local-ip="72.163.219.228" Local-port="7001" Dst-ip="10.127.228.14" Dst-port="26841" Msg- Hash="13695408399108411739" SIPMSG: |SIP/2.0 404 Not Found Via: SIP/2.0/TLS 10.127.228.14:5061;egress-

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 139 CCIE Collaboration Modular Lab Exam Troubleshooting (TS) Case Study III

TS Question 2:

WebRTC clients trying to login internally fail to login with error – username or password entered is incorrect even though the right username and password is used.

4 Points

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 140 CCIE Collaboration Modular Lab Exam Troubleshooting (TS) Case Study III Debrief (Cont’d) • Game plan: Step 1: Understand the problem:

TS Question 2:WebRTC clients trying to login internally fail to login with error – username or password entered is incorrect even though the right username and password is used. 4 Points

. Internal WebRTC login failing . Username or password is incorrect

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 141 CCIE Collaboration Modular Lab Exam Troubleshooting (TS) Case Study III Debrief (Cont’d) • Game plan: Step 2: Understand the Flow:

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 142 CCIE Collaboration Modular Lab Exam Troubleshooting (TS) Case Study III Debrief (Cont’d) • Game plan: Step 3: Narrow scope to critical components:

PC DNS Server CMS Webbridge CMS DNS Server CMS XMPP Server

A record Lookup SRV Lookup XMPP

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 143 CCIE Collaboration Modular Lab Exam Troubleshooting (TS) Case Study III Debrief (Cont’d) • Game plan: Step 4: Enable, Collect, Analyze Traces and debugs.

1. The PC is where the A record lookup happens and a TCP connection is established to the CMS. • Use the command Prompt to run the lookup • Check packet captures 2. If the call hit the CMS , check to see if the CMS is able to perform the _xmpp-client SRV lookup and connect to the XMPP server • Use the dns lookup utility on CMS • Check the CMS logs 3. If the login attempt hits the XMPP server check if the callbridge is able to successfully authenticate the user with the LDAP server • Check the CMS logs

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 144 CCIE Collaboration Modular Lab Exam Troubleshooting (TS) Case Study III Debrief (Cont’d)

Timestamp user.info cmslabserver webbridge: INFO : login request received - session:0 user:1 password:1 Timestamp user.info cmslabserver webbridge: INFO : Session XYZ activated - 1 currently active Timestamp user.info cmslabserver webbridge: INFO :No DNS SRV records for _xmpp-client._tcp.tplabdomain.com Timestamp user.info cmslabserver webbridge: INFO : XMPP connection dropped while session was live for reason 2 Timestamp user.info cmslabserver webbridge: INFO : Session XYZ moving from state idle to disconnected Timestamp user.info cmslabserver webbridge: INFO :XMPP connection dropped while session was live for reason 0 Timestamp user.info cmslabserver webbridge: INFO : Session XYZ moving from state disconnected to disconnected Timestamp user.info cmslabserver webbridge: INFO : Session XYZ destroyed (0 active, cumulative 11)

What’s not right and how can we fix it?

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 145 Session 6: Lab Exam Configuration Module with Case Studies CCIE Collaboration v2.0 Modular Lab Exam Skill Assessment TS DIAG CFG • Resolve networking • Perceive problem areas • Abstract functional element of problems • Analyze symptoms of complex Collaboration • Use IOS and other networking issues, identify and network environment troubleshooting tools describe root cause • Understand how solution • Apply troubleshooting • Correlate information from components interoperate methodologies multiple sources • Implement Collaboration • Troubleshoot Collaboration • Discern appropriate solution technologies (any topic on the technologies (any topic on • Apply troubleshooting blueprint) the blueprint) Methodologies • Design appropriate solutions • Implement and verify • Troubleshoot Collaboration to Collaboration network working solution to resolve technologies (any topic on the challenges within constraints networking issues blueprint) and verify functionality

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 147 CCIE Collaboration Modular Lab Exam – Configuration (CFG)

• Configuration (CFG) Question Characteristics: • Hands-on, administrative access to devices/applications provided • Candidate choose best way to implement based on requirements • Some devices/applications preconfigured • High interdependency between questions • Some restrictions to candidate’s solutions

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 148 Configuration Case Study 1: Lab Sample Question

Configure Expressway-C , Expressway-E , UCM and IMP server so that Jabber clients at the HQ location can login and register over MRA

Jabber Client External DNS Expressway Edge Expressway Core Internal DNS CUCM Home UDS IM&P Server

Expressway Edge Expressway Core Single-Node CUCM Single-Node IMP expressway.ciscolive.com SRV Record: cucm.ciscolive.com cups.ciscolive.com control.ciscolive.com

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 149 External DNS Configuration

Jabber Client External DNS Expressway E Expressway C Internal DNS CUCM Home UDS IM&P Server

Expressway Edge Expressway Core Single-Node CUCM Single-Node IMP control.ciscolive.com cucm.ciscolive.com cups.ciscolive.com expressway.ciscolive.com

* FQDN & IP Address listed above are just sample for configuration reference

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 150 External DNS Configuration Configure SRV record – External DNS Note : This step may/may not have been already completed for the lab

Service Protocol Port Record Definition/Host _collab-edge TLS 8443 expressway.ciscolive.com  External DNS Record (for general deployment not specifically Mobile and Remote Access service)  Configure A/AAAA record as needed IMPORTANT: Make sure _cisco-uds/_cuplogin SRV/FQDN record are NOT resolvable outside of internal network otherwise Jabber client won’t start Mobile and Remote Access negotiation via Expressway-E (or VCS-Expressway).

Service Protocol Port Record Definition/Host _sips TCP 5061 expressway.ciscolive.com _sip TCP 5060 expressway.ciscolive.com

* FQDN & IP Address listed above are just sample for configuration reference

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 151 Internal DNS Configuration

Jabber Client External DNS Expressway E Expressway C Internal DNS CUCM Home UDS IM&P Server

Expressway-Edge Expressway-Core Single-Node CUCM Single-Node IMP expressway.ciscolive.com control.ciscolive.com cucm.ciscolive.com cups.ciscolive.com

* FQDN & IP Address listed above are just sample for configuration reference

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 152 Internal DNS Configuration

Service Protocol Port Record Definition/Host _cisco-uds TCP 8443 cucm.ciscolive.com

 Configure A/AAAA record as needed

IMPORTANT: Make sure _cisco-uds SRV/FQDN record is NOT resolvable outside of internal network otherwise Jabber client won’t start Mobile and Remote Access negotiation via VCS Expressway (or Expressway-E).

* FQDN & IP Address listed above are just sample for configuration reference

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 153 DNS Verification

• Jabber Client PC should be able to able to resolve _collab-edge SRV and should fail on _cisco-uds and _cuplogin

• Expressway-C should be able to resolve _cisco-uds SRV

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 154 IM&P and CUCM Basic Setup

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 155 IM&P and CUCM Basic Setup

• Activate all relevant services on the IM&P server

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 156 IM&P Server : Verification •

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 157 Expressway Edge Configuration

• Single SIP domain deployment • Simple deployment with single UDS and IMP server

Jabber Client External DNS Expressway E Expressway C Internal DNS CUCM Home UDS IM&P Server

Expressway Edge Expressway Core Single-Node CUCM Single-Node IMP expressway.ciscolive.com SRV Record: cucm.ciscolive.com cups.ciscolive.com control.ciscolive.com

* FQDN & IP Address listed above are just sample for configuration reference

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 158 Expressway Edge Configuration • System host name and domain name  Ensure host name and domain name are specified for every VCS

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 159 Expressway Edge Configuration

 Ensure that time is Synchronized on every VCS . If NTP is not synchronized over traversal it may lead to a lot of problems

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 160 Expressway Edge Configuration  Install appropriate server certificates and trusted CA certificates for TLS traversal session between Expressway Core and Expressway Edge • This deployment requires secure communication between Expressway Core and Expressway Edge

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 161 Expressway Edge Configuration- Certificate Basics

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 162 Expressway Edge Configuration- Certificate Basics

Domain XMPP Extended Key Usage 1. TLS Web Server Authentication XMPP TLS 2. TLS Web Client Authentication

Expressway-C Expressway-E SAN elements configured with : 3. FQDN Expressway E 4. Public UC Domain Internet 5. IM and Presence chat node alias

SIP TLS 6. XMPP Federation Domains SIP MTLS Clustering XMPP TLS HTTPS

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 163 Expressway Edge Configuration

• Mobile and Remote Access  Enable Mobile and remote access feature from Configuration > Unified Communications > Configuration

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 164 Expressway Edge Configuration • Traversal Zone  Create Unified Communications traversal zone between Expressway Edge and Expressway Core

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 165 Expressway Edge Configuration

• Traversal Zone Create credentials to be used for Traversal authentication

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 166 Expressway Edge Configuration

• Traversal Zone  Create Unified Communications traversal zone between Expressway Edge and Expressway Core– Create a new User for Traversal Authentication

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 167 Expressway Edge Configuration • Traversal Zone  Create TLS verify enable Unified Communications traversal zone between Expressway Edge and Expressway Core – Create a new User for Traversal Authentication

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 168 Expressway Edge Configuration • Traversal Zone 

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 169 Mobile and Remote Access : Verification After the Exp-C and Exp-E are fully configured go to Status -> Unified Communications on the Exp-E and verify the below • Unified Communications Status  After all configurations, Unified Communication status should show • Unified Communications mode: Enabled • Unified Communication service: Active • Zone (Sip status): Active

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 170 Expressway Core Configuration • Solution Configuration - Deployment Scenarios • Single SIP domain deployment • Simple deployment with single UDS and IMP server

Jabber Client External DNS Expressway Edge Expressway Core Internal DNS CUCM Home UDS IM&P Server

Expressway Edge Expressway Core Single-Node CUCM Single-Node IMP expressway.ciscolive.com control.ciscolive.com cucm.ciscolive.com cups.ciscolive.com

* FQDN & IP Address listed above are just sample for configuration reference

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 171 Expressway Core Configuration

• System host name and domain name  Ensure host name and domain name are specified for every Exp-C

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 172 Expressway Core Configuration

• DNS Server on the Expressway Core  Ensure the DNS server the internal DNS is correctly configured on the Expressway Core

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 173 Expressway Core Configuration

 Ensure that VCS is Synchronized on every VCS . If NTP is not synchronized over traversal it may lead to a lot of problems

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 174 Expressway Core Configuration • Server Certificate  Install appropriate serve certificates and trusted CA certificates for TLS traversal session between Expressway Core and Edge • This deployment requires secure communication between Expressway Core and Edge

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 175 Expressway-Core Certificate Requirements

Extended Key Usage CUCM 1. TLS Web Server Authentication Unified CM 2. TLS Web Client Authentication SIP MTLS Expressway-C Expressway-E SAN elements configured with : 3. FQDN Expressway C 4. IM and Presence chat node alias 5. Unified CM Security Profile names

SIP MTLS 6. Cluster Name Clustering MTLS IM&P

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 176 Expressway Core Configuration

• Configure Unified CM servers  Add Unified Communication server used for remote access from Configuration > Unified Communications > Unified CM servers  Step 1: Click “New”

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 177 Expressway Core Configuration

• Configure Unified CM servers  Step 2: Entre Unified CM publisher address, AXL username and password, then click “Add address”

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 178 Expressway Core Configuration

• Configure Unified CM servers  VCS automatically negotiates a SIP link between Unified CM • You can establish the connection with TCP or TLS depending on the question

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 179 Expressway Core Configuration

• Neighbor zone between Unified CM  Non-configurable neighbor zone “CEtcp-” or/and “CEtls-” automatically created after configure Unified CM servers

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 180 Expressway Core Configuration

• Search rule pointing to Unified CM  Non-configurable search rule “CEtcp-” or/and “CEtls- ” automatically created after configure Unified CM servers

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 181 Expressway Core Configuration

• Configure IM and Presence server  Add IM and Presence used for remote access from Configuration > Unified Communications > IM and Presence servers  Step 1: Click “New”

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 182 Expressway Core Configuration

• Configure IM and Presence server  Step 2: Add publisher FQDN, AXL Web service username and password, then click “Add address”

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 183 Expressway Core Configuration

• Configure IM and Presence server  Configured IM and Presence server will add on VCS and status shows as “Active”

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 184 Expressway Core Configuration

• Traversal Zone  Create TLS verify enable Unified Communication traversal zone between VCS Expressway and enable Mobile and remote access

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 185 Expressway Core Configuration

• Traversal Zone  Create Unified Communications traversal zone between Expressway Edge and Core

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 186 Expressway Core Configuration

• UC Traversal Zone  Create Unified Communications traversal zone between Expressway Edge and Core

• Entire FQDN of each VCS Expressway

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 187 Expressway Core Configuration

• SIP domain to route to Unified CM  Configure the domains for registration, call control, provisioning, messaging and presence services are to be routed to Unified CM from Configuration > Domains (select target domain and click “View/Edit”)  Enable feature to route to Unified CM

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 188 Expressway Core Configuration - Verification

• Zone Status  After all configurations, UC Traversal Zone status should show “Active” (Need to complete all Expressway Edge configuration before the zone will show Active )

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 189 Expressway Core Configuration - Verification After the Exp-C and Exp-E are fully configured go to Status -> Unified Communications on the Exp-C and verify the below  After all configurations, Unified Communication status should shows… • Unified Communications mode: Enabled • Unified Communication service: Active • Zone (Sip status): Active

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 190 Expressway Core - Troubleshoot

• If the Traversal zone is not coming up , use the following tools available on the Expressway’s • DNS Lookup (Maintenance -> Tools -> Network Utilities -> DNS lookup) • Ping (Maintenance -> Tools -> Network Utilities -> Ping) • Event Logs - Exp-C (Status -> Logs -> Event Log)

• Event Logs - Exp-E (Status -> Logs -> Event Log)

• Diagnostic Logs Exp-C (Maintenance -> Diagnostics -> Diagnostic Logging) • 2014-08-16T18:41:47+05:30 VCS102 tvcs: Event="Outbound TLS Negotiation Error" Service="SIP" Src-ip="10.106.93.178" Src- port="25066" Dst-ip="10.106.93.175" Dst-port="7001" Detail="tlsv1 alert unknown ca" Protocol="TLS" Common- name="VCSE101.uctplab.com" Level="1" UTCTime="2014-08-16 13:11:47,631” • Diagnostic Logs Exp-E (Maintenance -> Diagnostics -> Diagnostic Logging) • 2014-08-16T20:55:00+05:30 VCSE101 tvcs: Event="Inbound TLS Negotiation Error" Service="SIP" Src- ip="10.106.93.178" Src-port="25011" Dst-ip="10.106.93.175" Dst-port="7002" Detail="tlsv1 alert unknown ca" Protocol="TLS" Level="1" UTCTime="2014-08-16 15:25:00,324”

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 191 Expressway Core - Troubleshoot

• IM&P domain not added or not enabled for IM&P

• Jabber login will fail – Cannot communicate with the server

• Diagnostic logs will show

xwaye XCP_JABBERD[12144]: UTCTime="2014-03-14 14:30:25,310" ThreadID="140582990952192" Module="Jabber" Level="INFO " CodeLocation="deliver.c:1492" Detail="bouncing a packet to 'domain3.com” from ‘cm- 1_jsmcp-1.xwaye-domain1.com’”

xwaye XCP_CM[12513]: UTCTime="2014-03-14 14:30:25,310" ThreadID="140004551300864" Module="cm- 1.xwaye-domain1.com" Level="INFO " CodeLocation="SASLManager.cpp:198" Detail="Failed to query auth component for SASL mechanisms"

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 192 Expressway Core - Troubleshoot

• XMPP Router is Inactive • Verify IM Server status on Expressway Core • Look for warnings on the IMP Server for XCP Service . Restart XCP Router service if required

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 193 Unified CM Configuration

• Solution Configuration - Deployment Scenarios • Single SIP domain deployment • Simple deployment with single UDS and IMP server

Jabber Client External DNS Expressway Edge Expressway Core Internal DNS CUCM Home UDS IM&P Server

Expressway Edge Expressway Core Single-Node CUCM Single-Node IMP expressway.ciscolive.com control.ciscolive.com cucm.ciscolive.com cups.ciscolive.com

* FQDN & IP Address listed above are just sample for configuration reference

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 194 Unified CM Configuration

• End User Configuration  Enable user for Unified CM IM and Presence service

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 195 Unified CM Configuration

• End User Configuration  Associated user with appropriate Controlled Devices

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 196 Unified CM Configuration

• End User Configuration  Make sure “Standard CCM End Users” are added as Access Control Groups

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 197 Unified CM Configuration

• Phone Configuration  Add Phone with appropriate profile and DN

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 198 Unified CM Configuration

• Phone Configuration  Device owner user ID must be mapped on the device to link the service profile  If owner user ID is not specified, user will use the default service profile

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 199 Unified CM Configuration

• Phone Configuration  Add owner user ID in “Associate End Users” under Directory Number Configuration

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 200 MRA Login : Verification

• Jabber Login successful and phone services registered

Phone registered on CUCM and ready for phone service Detail status available from Help > Show connection status

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 201 MRA: Critical Components • Register Jabber client on UCM via MRA Expected signaling flow for Jabber Client logon and registration on simple IM&P based deployment

Jabber Client External DNS Expressway E ExpressWay C Internal DNS CUCM Home TFTP IM&P UDS Server Server

Jabber login with [email protected]

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 202 MRA: Critical Components • Register Jabber client on UCM via MRA

Jabber Client External DNS Expressway E Expressway C Internal DNS CUCM Home TFTP IM&P UDS Server Server

DNS Query

SRV _cisco-uds._tcp.ciscolive.com

Query Response

Not Found

DNS Query

SRV _cuplogin._tcp. ciscolive.com

Query Response

Not Found

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 203 MRA: Critical Components • Register Jabber client on UCM via MRA

Jabber Client External DNS Expressway E Expressway C Internal DNS CUCM Home TFTP IM&P UDS Server Server

DNS Query

SRV _collab-edge._tls.ciscolive.com

Query Response

(Contain “Answers” including SRV and A/AAAA record) Service: collab-edge Protocol: tls Name: ciscolive.com Type: SRV Port: 8443 Target: expressway.ciscolive.com SRV ciscolive.com

DNS Query

A expressway.ciscolive.com

Query Response

(Contain “Answers” including A/AAAA record) Name: expressway.ciscolive.com Type: A Addr: 122.208.118.4

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 204 MRA: Critical Components • Register Jabber client on UCM via MRA

Jabber Client External DNS Expressway Expressway Internal DNS CUCM Home TFTP IM&P Edge Core UDS Server Server

SSL: Client Hello

SSL: Server Hello Establish secure communication channel between VCS-E SSL: Certificate, Server Hello Done

HTTPS

HTTPS: GET /get_edge_config HTTPMSG: |GET https:///dWN0cGxhYi5jb20/get_edge_config?service_name=_cisco-uds&service_name=_cuplogin HTTP/1.1 Authorization: xxxxx Client requests Edge Configuration data Host: expressway.ciscolive.com:8443 Accept: */* User-Agent: Jabber-Win-473 HTTPS

|GET http://vcs_control.uctplab.com:8443/dWN0cGxhYi5jb20/get_edge_config?service_name=_cisco- uds&service_name=_cuplogin HTTP/1.1 Authorization: xxxxx Basic username & password Host: expressway.ciscolive.com:8443 Accept: */* User-Agent: Jabber-Win-473 X-Forwarded-For: 10.106.93.185  IP-Address of Jabber client Via: https/1.1 vcs[0A6A5DAF] (ATS)

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 205 MRA: Critical Components • Register Jabber client on UCM via MRA

Jabber Client External DNS Expressway E Expressway C Internal DNS CUCM Home TFTP IM&P UDS Server Server When DNS record is not cached ExpressWay C will send out following DNS queries DNS Query SRV _cisco-uds._tcp.ciscolive.com Query Response

(Target: cucm.ciscolive.com)

A cucm.cisclive.com

Query Response DNS Query (Addr: 10.106.93.183

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 206 MRA: Critical Components • Register Jabber client on UCM via MRA

Jabber Client External DNS Expressway E Expressway C Internal DNS CUCM Home TFTP IM&P UDS Server Server

HTTP(S)

Requesting CUCM home node HTTPS: GET ///cucm-uds/clusterUser? HTTPMSG: information |GET /cucm-uds/clusterUser?username=liveuser HTTP/1.1 Host: cucm.ciscolive.com:8443

HTTP(S) 200 OK

HTTPMSG: HTTP/1.1 200 OK Content-Type: application/ Server: 172.16.1.36 2014-08-17T20:10:37+05:30 VCS102 UTCTime="2014-08-17 14:40:37,311" Module="developer.edgeconfigprovisioning.server" Level="DEBUG" CodeLocation="edgeprotocol(835)" Detail="Found user cluster" Username=”liveuser" Cluster="10.106.93.183”

2014-08-17T20:10:37+05:30 VCS102 UTCTime="2014-08-17 14:40:37,311" Module="developer.edgeconfigprovisioning.server" Level="DEBUG" CodeLocation="edgeprotocol(879)" Detail="Found UDS server" Cluster="10.106.93.183" UdsServer="10.106.93.183" ======

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 207 MRA: Critical Components • Register Jabber client on UCM via MRA

Jabber Client External DNS Expressway E Expressway C Internal DNS CUCM Home TFTP IM&P UDS Server Server

HTTP(S)

HTTPS: GET ///cucm-uds/user//devices HTTPMSG: Get Devices |GET //10.106.93.183:8443/cucm-uds/user/liveuser/devices HTTP/1.1 Authorization:

HTTP(S) 200 OK

HTTPMSG: HTTP/1.1 200 OK Set-Cookie: JSESSIONIDSSO=DDE7D3BDDED087FDA64DB84AC2C66445; Path=/; Secure; HttpOnly Set-Cookie: JSESSIONID=4B288958CE61B4A939B489D66F478B6E; Path=/cucm-uds/; Secure; HttpOnly Content-Type: application/xml 34523a0d-7d0c-c90d-5276-124985b0a2deBOTliveuserCisco Dual Mode for Android ….. CSFliveuserCisco Unified Client Services Framework390SIPhttp://1 0.106.93.183:6970/CSFliveuser.cnf.xml…….. |

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 208 MRA: Critical Components • Register Jabber client on UCM via MRA

Jabber Client External DNS Expressway E ExpressWay C Internal DNS CUCM Home TFTP IM&P UDS Server Server HTTPS 200 OK

HTTPMSG: HTTP/1.1 200 OK Returned configuration: Server: CE_C ECS 1) IMP, CUCM _cisco-phone- 2) SIP edge tftpNameError_cuplogin008443

imp.ciscolive.com
_cisco- uds008443
cucm.ciscolive.com
4) XMPP edge
tftpServer
10.106.93.183
………. etc.

HTTPS 200 OK

HTTPMSG: |HTTP/1.1 200 OK Content-Type: text/xml Server: CE_C ECS Set-Cookie: X-Auth=d5dc4a38-bf9d-46c5-bc1c-37e9e91c91b7; Expires=Sun, 17 Aug 2014 22:40:37 GMT; Domain=.uctplab.com; Path=/; Secure _cisco-phone- tftpNameError_cuplogin008443

imp.ciscolive.com
_cisco- uds008443
cucm.ciscolive.com
tftpServer
10.106.93.183
……….

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 209 MRA: Critical Components • Register Jabber client on UCM via MRA

Jabber Client External DNS Expressway E ExpressWay C Internal DNS CUCM Home TFTP IM&P UDS Server Server

HTTPS

HTTPS: GET /jabber-config.xml HTTPMSG: |GET https:///dWN0cGxhYi5jb20vaHR0cC8xMC4xMDYuOTMuMTgzLzY5NzA/jabber-config.xml HTTP/1.1 Host: VCSE101.uctplab.com:8443 Accept: */* Cookie: X-Auth=d5dc4a38-bf9d-46c5-bc1c-37e9e91c91b7 User-Agent: Jabber-Win-473

HTTPS: POST /EPASSoap/service/ login HTTPMSG: HTTPMSG: |POST https:///dWN0cGxhYi5jb20vaHR0cHMvMTAuMTA2LjkzLjE4NC84NDQz/EPASSoap/service/v80 HTTP/1.1 Host: VCSE101.uctplab.com:8443 User-Agent: gSOAP/2.8 User-Agent: Jabber-Win-473 Content-Type: application/soap+xml; charset=utf-8; action="urn:cisco:epas:soap/EpasSoapServiceInterface/login"

….

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 210 MRA: Critical Components • Register Jabber client on UCM via MRA

Jabber Client External DNS Expressway E ExpressWay C Internal DNS CUCM Home TFTP IM&P UDS Server Server

HTTPS

HTTPS: POST /EPASSoap/service/get_all_config HTTPMSG: |POST https:///dWN0cGxhYi5jb20vaHR0cHMvMTAuMTA2LjkzLjE4NC84NDQz/EPASSoap/service/v80 HTTP/1.1 Host: expressway.ciscolive.com:8443 User-Agent: gSOAP/2.8 User-Agent: Jabber-Win-473 Content-Type: application/soap+xml; charset=utf-8; action="urn:cisco:epas:soap/EpasSoapServiceInterface/get_all_config"

HTTPS: POST /EPASSoap/service/get_user_config |POST https:///dWN0cGxhYi5jb20vaHR0cHMvMTAuMTA2LjkzLjE4NC84NDQz/EPASSoap/service/v100 HTTP/1.1 Host: expressway.ciscolive.com:8443 User-Agent: gSOAP/2.8 User-Agent: Jabber-Win-473 Content-Type: application/soap+xml; charset=utf-8; action="urn:cisco:epas:soap/EpasSoapServiceInterface/get_user_config"

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 211 MRA: Critical Components • Register Jabber client on UCM via MRA

Jabber Client External DNS Expressway E ExpressWay C Internal DNS CUCM Home TFTP IM&P UDS Server Server

HTTPS

HTTPS: POST /EPASSoap/service/get_onetime_password |POST https:///dWN0cGxhYi5jb20vaHR0cHMvMTAuMTA2LjkzLjE4NC84NDQz/EPASSoap/service/v80 HTTP/1.1 Host: expressway.ciscolive.com:8443 User-Agent: gSOAP/2.8 User-Agent: Jabber-Win-473 Content-Type: application/soap+xml; charset=utf-8; action="urn:cisco:epas:soap/EpasSoapServiceInterface/get_onetime_password"

HTTPS: GET /CUCM UDS version HTTPMSG: |GET https:///dWN0cGxhYi5jb20vaHR0cHMvMTAuMTA2LjkzLjE4My84NDQz/cucm-uds/version HTTP/1.1 Host: expressway.ciscolive.com :8443 Accept: */* Cookie: X-Auth=d5dc4a38-bf9d-46c5-bc1c-37e9e91c91b7 User-Agent: Jabber-Win-473

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 212 MRA: Critical Components • Register Jabber client on UCM via MRA

Jabber Client External DNS Expressway E ExpressWay C Internal DNS CUCM Home TFTP IM&P UDS Server Server

HTTPS

HTTPS: GET /CTLSEP.cnf.xml HTTPMSG: |GET https:///dWN0cGxhYi5jb20vaHR0cC8xMC4xMDYuOTMuMTgzLzY5NzA/CSFliveuser.cnf.xml HTTP/1.1 Authorization: xxxxx Host: expressway.ciscolive.com:8443 Accept: */* Cookie: X-Auth=d5dc4a38-bf9d-46c5-bc1c-37e9e91c91b7 User-Agent: Jabber-Win-473

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 213 MRA: Critical Components • Register Jabber client on UCM via MRA

Jabber Client External DNS Expressway E ExpressWay C Internal DNS CUCM Home TFTP IM&P UDS Server Server

SIP - REGISTER

|REGISTER sip:10.106.93.183 SIP/2.0 Via: SIP/2.0/TLS 10.106.93.185:49173;branch=z9hG4bK0000072e Call-ID: [email protected] CSeq: 101 REGISTER Client includes the route set received at Contact: ;+sip.instance="";+u.sip!devicename.ccm.cisco.com="CSFAlok";+u.sip!model.ccm.cisco.com="503";video From: ;tag=005056ad6bf900020000075d-00004006 To: Max-Forwards: 70 Route: ,,

SIP 407 Proxy Authentication Required

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 214 MRA: Critical Components • Register Jabber client on UCM via MRA

Jabber Client External DNS Expressway E ExpressWay C Internal DNS CUCM Home TFTP IM&P UDS Server Server

SIP - REGISTER

|REGISTER sip:10.106.93.183 SIP/2.0 Via: SIP/2.0/TLS 10.106.93.185:49173;branch=z9hG4bK00000e15 Call-ID: [email protected] CSeq: 102 REGISTER Contact: ;+sip.instance="";+u.sip!devicename.ccm.cisco.com="CSFAlok";+u.sip!model.ccm.cisco.com="503";video From: ;tag=005056ad6bf900020000075d-00004006 To: Max-Forwards: 70 Route: ,, Proxy-Authorization: Digest username=”liveuser", realm="VCSE101.uctplab.com", uri="sip:10.106.93.183", response="baf0e381b85ddb5aebb8629ede80ba46", nonce="a177c49cd99139ca0fc7d72ce8b8afde8c628a709f3b8fb6b1199761eec4", opaque="AQAAAHzjirV+m5V1hLc0zgFv7yghsBS/", cnonce="00005e2b", qop=auth, nc=00000001, algorithm=MD5

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 215 MRA: Critical Components • Register Jabber client on UCM via MRA

Jabber Client External DNS Expressway E ExpressWay C Internal DNS CUCM Home TFTP IM&P UDS Server Server

SIP - SERVICE

SERVICE sip:[email protected] SIP/2.0 Via information include; Call-ID: [email protected]: 1001 REFER 1) Edge zone name From: ;tag=7be6e74dbefae446 To: 2) Client local and NAT address with P-Asserted-Identity: port number 00AD63151571751309liveuserVCS E101.uctplab.comcollab- edgeDigestSA1.0140828644510.106.93.183

SERVICE 200 OK

SIP/2.0 200 OK Call-ID: [email protected] CSeq: 12049 SERVICE From: ;tag=7be6e74dbefae446 To: ;tag=58c07d2f83ea795b From: ;tag=081196545e6500020000428b-00005ddf To: Route: 1571751309success50ff19a9493b1f5670f47225047a77abDigestSA1.01408286445

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 216 MRA: Critical Components • Register Jabber client on UCM via MRA

Jabber Client External DNS Expressway E ExpressWay C Internal DNS CUCM Home TFTP IM&P UDS Server Server SIP - REGISTER

REGISTER sip:10.106.93.183 SIP/2.0 Call-ID: [email protected] CSeq: 102 REGISTER Contact: ;+sip.instance="";+u.sip!devicename.ccm.cisco.com="CSFAlok";+u.sip!model.ccm.cisco.com="503";video Registration request including Contact From: ;tag=005056ad6bf900020000075d-00004006 and all Route information To: Route: P-Asserted-Identity: Reason: SIP ;cause=200;text="cisco-alarm:25 Name=CSFliveuser ActiveLoad=Jabber_for_Windows-9.7.1 InactiveLoad=Jabber_for_Windows-9.7.1 Last=initialized"

SIP - REGISTER

REGISTER sip:10.106.93.183 SIP/2.0 Via: SIP/2.0/TCP 10.106.93.178:5060;egress- zone=CEtcp1010693183;branch=z9hG4bKadc2425b2d31c472809865ebf680dedf14468.cc142c189f06ad47cb07c4fbf539 Proxy registration to CUCM e914;proxy-call-id=131f1613-19fa-42c0-b5ce-e6667fefeb2b;rport Call-ID: [email protected] CSeq: 102 REGISTER Cseq number for REGISTER is From: ;tag=005056ad6bf900020000075d-00004006 managing separately To: Route: User-Agent: Cisco-CSF/9.4.1 P-Asserted-Identity:

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 217 MRA: Critical Components • Register Jabber client on UCM via MRA

Jabber Client External DNS Expressway E ExpressWay C Internal DNS CUCM Home TFTP IM&P SIP 200OK - REGISTER UDS Server Server

SIP/2.0 200 OK Via: SIP/2.0/TLS 10.71.50.153:50036;branch=z9hG4bK00007a0d Call-ID: [email protected] CSeq: 102 REGISTER Contact: ;+sip.instance="";+u.sip!devicename.ccm.cisco.com=”CSFliveuser";+u.sip!model.ccm.cisco.com="503";video;x-cisco- newreg From: ;tag=005056ad6bf900020000075d-00004006 To: ;tag=490248183 Route: ,, SIP 200OK REGISTER

SIP/2.0 200 OK Via: SIP/2.0/TLS 10.71.50.153:50036;branch=z9hG4bK00007a0d Call-ID: [email protected] CSeq: 102 REGISTER Contact: ;+sip.instance="";+u.sip!devicename.ccm.cisco.com=”CSFliveuser";+u.sip!model.ccm.cisco.com="503";video;x-cisco- newreg From: ;tag=005056ad6bf900020000075d-00004006 To: ;tag=490248183 Route: ,,

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 218 Configuration Case Study 2: Lab Sample Question

Configure the CMS and make sure you are able to login using WebRTC and a native CMA client . Also integrate CMS with UCM to be able to make Rendezvous and Adhoc calls

User1(1002)

CUCM CMS Server Jabber Client

Single node CMS Single-Node CUCM Jabber Client cms.ciscolive.com cucm.ciscolive.com User2(1003) Jabber Client

User3(1004)

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 219 CMS Components

External Cisco Meeting App Lync/S4B Direct Cisco Meeting App Federation WebRTC

Load Balancer TURN Server Web Bridge Edge Software XMPP Recording / Core Software Call Bridge Database Server Streaming

Internal UCM

Lync FE Cisco Meeting App Call Control Active Directory SIP / H.323

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 220 CMS Basic Components

• Call Bridge

• Web Bridge

• Web Admin

• XMPP

• TURN Server

• Database

• Recording / Streaming Server

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 221 Callbridge Overview • Call Bridge service on the Meeting Server is to bridge the conference connections, enabling multiple participants to join meetings hosted on the Meeting Server • Primary component of the solution • Must exist somewhere in all deployments • Media processing engine • API integration point • Call processing and routing component • Fully brand-able audio and video prompts • Supports clustering for distributed calls

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 222 Webadmin Overview

• Webadmin is the Service to enable Web GUI for Meeting server

• Webadmin is specifically to configure how the Call Bridge talks to other components

• Required for Call routing configuration

• Required for Clustering configuration

• Required for viewing logs via web and increasing log levels

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 223 XMPP Overview

• XMPP service to enable the Cisco Meeting Apps such as PC clients and iOS (iPhone and iPad) device to connect the Meeting Server. The XMPP service handles signaling to and from Cisco Meeting Apps

• Registration point for Desktop and Mobile clients as well as Web Bridge

• Allows for calls, IM, and presence

• Traversal capable

• Can balance between multiple servers in large deployment

• Requires LDAP source to be configured on Call Bridge with users imported

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 224 Webbridge Overview

• Webbridge service to enable WebRTC app. The WebRTC app works on HTML5-compliance browsers and uses the WebRTC standard for video and audio • It equivalent of VCS Jabber Guest solution • Allows for a guest to join via special link or full access to “web” version of desktop client • Based around Web sockets and WebRTC • Utilizes XMPP signaling (acts similar to desktop client between itself and Call Bridge) • Chrome, Firefox, and Opera supported, Chrome is preferred • Must use different port or IP from Web Admin if on the same server

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 225 Database

• Automatically created when a Call Bridge is created • Stores information regarding spaces and their content • Supports clustering if desired for redundancy • When clustered, automatically elects a master which all Call Bridge servers will talk to • If 5 consecutive keepalives fail, new master is elected • A Call Bridge cluster requires a Database cluster • Database failover can take approx. 1 minute to become operational • Inter-database communication handled via SSL

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 226 Load-balancers and Trunks

• In a split deployment, the XMPP server is located on the core and the “loadbalancer” is located on the edge.

• The trunk provides the connection to the load balancer on the core side to funnel traffic internally to the xmpp server.

• The loadbalancer does not really distribute load, but rather provides one of potentially multiple points for traffic to be passed to the XMPP server. In Cisco terms, think of the loadbalancer (on the edge) as the traversal server, and the trunk (on the core) as the traversal client building a tunnel between the two.

• Multiple trunks and load balancers can be configured on a server via the MMP each with its own certs and trust bundle.

• Similar to the traversal server and client model, the load balancer never initiates connections, but listens both internally and externally. The associated ports and interfaces are customizable, but by default internal communication from the trunk is on port 4999 while external commination from clients is on 5222.

• The external side should also listen on the loopback interface if a Webbridge is on the same server as the loadbalancer.

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 227 Load-balancers and Trunks (Cont’d)

lo:5222

Trunk

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 228 WebBridge Flow

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 229 WebBridge through Expressway Flow

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 230 CMA Flow

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 231 CMS Call Processing • CMS only looks at the domain in the SIP Request-URI field • If the SIP INVITE is destined to sip:[email protected], CMS only cares about the domain.com

Incoming Call Rules Forwarding Rules Outgoing Call Rules

• Is the call for this CMS ? • Should the call • Destination? • For spaces, users, IVR ? be forwarded? • Standards-based or • Is the call for Lync ? • If domain not Lync matched, by default trunk type • If no match for domain, reject the call check Forwarding rules • Any transformation?

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 232 Configuration Prerequisites - Certificates

Certificate can be Self-signed or CA Signed • To Generate Self-signed Certificates use “pki selfsigned ” • To Generate a Certificate Sign Request for CA signed Certificates, use command “pki csr

Certificates & Key files • cmscerts.cer • cmscerts.key • RootCA.cer

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 233 CMS Webadmin Configuration

• Configure Webadmin listen interface, add certificate and key, and enable the service

• Check the Webadmin status • CMS> webadmin

• Set Webadmin listen interface and Port • CMS> webadmin listen a 445

• Set Webadmin Key, Certificate and CA Bundle • CMS> webadmin certs cmscerts.key cmscerts.cer RootCA.cer

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 234 CMS Webadmin Configuration

• Enable Webadmin • CMS> webadmin enable

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 235 CMS Callbridge Configuration

• Configure a Callbridge listen interface, add certificate and key, and restart the service

• Check the Callbridge status • CMS> callbridge

• Set Callbridge listen interface • CMS> callbridge listen a

• Set Callbridge Key, Certificate and CA Bundle • CMS> callbridge certs cmscerts.key cmscerts.cer RootCA.cer

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 236 CMS Callbridge Configuration

• Restart Callbridge • CMS> callbridge restart

• Verify Callbridge status • CMS> callbridge

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 237 CMS XMPP Server Configuration • Configure XMPP listen interface, add certificate and key, add domain, enable the service and in the end add the callbridge • Set XMPP listen interface • CMS> xmpp listen a • Set XMPP Key & Certificate • CMS> xmpp certs cmscerts.key cmscerts.cer • Set XMPP domain • CMS> xmpp domain cmslab.com • Enable XMPP • CMS> xmpp enable • Add Callbridge to XMPP • CMS>xmpp callbridge add core1 (Copy the Secret)

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 238 CMS XMPP Server Configuration

• Log in to the CMS Web admin Interface using

• Configure the XMPP server settings as follows under “Configuration General configuration” (use the secret given using the xmpp callbridge add command)

• Check XMPP status under “Status”  “General”

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 239 CMS Webbridge Configuration

• Configure the Webbridge with a listen interface, key and certificate, add a trust towards the callbridge, and enable the service • Check the Webbridge status • CMS> webbridge

• Set Webbridge listen interface • CMS> webbridge listen a

• Set Webbridge Key and Certificate • CMS> webbridge certs cmscerts.key cmscerts.cer

• Trust callbridge certificate • CMS> webbridge trust cmscerts.cer

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 240 CMS Webbridge Configuration

• Enable Webbridge

• CMS> webbridge enable

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 241 CMS Webbridge Configuration

• Log in to the webadmin Interface

• Go to “Configuration”  “General” configuration

• Configure Guest account URI and JID Domain under Web Bridge Settings

• Configure Web Bridge URI under External access

• Submit settings

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 242 Active Directory Configuration

• Import users from Active Directory, to login to CMA and WebRTC • Log in to the webadmin. Go to “Configuration”  “Active Directory” • Configure the following:

Address: 192.168.108.18 Port: 389 Username: [email protected] Password: cisco Base Distinguished name: CN=Users, DC=cmslab, DC=com Filter: (&(objectCategory=person)(objectCl ass=user)(!(cn=Administrator))(!(cn= Guest))(!(cn=krbtgt)))

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 243 Active Directory Configuration – (Continued)

• Display name: $cn$ • Username: [email protected] • Space name: $sAMAccountName$'s space • Space URI user part: $sAMAccountName$.cs • Press “Submit” and then “Sync now”

• Go to “Status”  “users” to verify that users have been imported

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 244 CMS CoSpace Configuration • Create a New Cospace (meeting Room) • Go to Configuration  spaces

• Add Name: CoSpaceTest , URI user Part: 9001 , Call ID: 9001

• Click Add New

• New meeting room “CoSpaceTest” has been created

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 245 Rendezvous Conferences Config Overview

• CUCM registered endpoints directly dial into CMS Space by number / URI

• CUCM Configuration • Create a SIP trunk to CMS Callbridge (secure or non-secure) • Create a Route pattern or SIP route pattern • Upload the callbridge certificate as CUCM-trust • Create a Secure SIP profile with X.509 as callbridge FQDN

• CMS Configuration • Create a Incoming Rule to match CMS IP / domain

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 246 Rendezvous Conferences – UCM Configuration

• Login to CUCM Web Interface

• Create a SIP trunk Security Profile in CUCM • System  Security  SIP trunk security Profile

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 247 Rendezvous Conferences – UCM Configuration

• Click Add New

• Enter Name: Secure SIP Trunk Profile CMS

• Device security Mode : Encrypted

• X.509 Subject Name : callbridge.cmslab.com, Webadmin.cmslab.com

• Click Save

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 248 Rendezvous Conferences – UCM Configuration

• Create a SIP trunk from CUCM to CMS server

• Click on Device  Trunk

• Click Add New

• Select Trunk Type: SIP Trunk

• Click Next

• Enter Name: CMS-Trunk

• Select Device Pool: Default

• Scroll Down to SIP Information

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 249 Rendezvous Conferences – UCM Configuration

• Under SIP Information provide following:

• Enter Destination is IP of the CMS

• Destination Port: 5061

• Select SIP Trunk Security Profile Secure SIP Trunk Profile CMS

• Select SIP Profile Standard SIP Profile for TelePresence Conferencing

• Click Save and Reset

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 250 Rendezvous Conference - UCM Configuration

• Create a Route pattern 900X in CUCM to dial CMS Meeting

• Click on Call Routing  Route/Hunt  Route Pattern

• Click on Add new

• Enter Route Pattern: 900X

• Choose Gateway/Route List : CMS-Trunk

• Save

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 251 Rendezvous Conference - CMS Configuration

• Create an Inbound rule in CMS to receive calls from CUCM

• Click on Configuration  Incoming calls

• Keep domain name : CMS IP , Priority : 10 and click Add new

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 252 Adhoc Conference

• Escalation of 1:1 call to add more participants

• Uses CMS as CUCM Media resource to escalate to conference calls

• CUCM uses CMS API to create / manage conferences (HTTPS Mandatory)

• CMS 2.0+ supports CUCM Adhoc calls • CA Signed certificates are required for CMS components

• Certificates should have Server and Client roles enabled

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 253 Adhoc Conference

• CUCM Configuration • Create a SIP trunk to CMS Callbridge (secure or non-secure) • Upload the callbridge certificate as CUCM-trust • Create a Secure SIP profile with X.509 as callbridge FQDN • Upload CMS Webadmin certificate as tomcat-trust • Create a Conference bridge Media Resource as Cisco Meeting Server • Add Conference bridge to MRGL and assign it to Device pool and endpoints directly

• CMS Configuration • Create a Incoming Rule to match CMS IP

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 254 Adhoc Conference – CUCM Configuration

• Login to CUCM • Click on Media Resources  Conference Bridge • Click on Add new • Select conference Bridge Type : Cisco Meeting Server • Conference Bridge Name : CMS-adhoc • Select SIP Trunk as: CMS-Trunk • Check “Override SIP Trunk Destination as HTTP Address” • Hostname/IP address: webadmin.cmslab.com • Username: admin • Password: ciscolive • HTTPS Port : 445 • Click Save and Reset

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 255 Adhoc Conference – CUCM Configuration

• Create MRG

• Click on Media Resources  Media Resource Group

• Click on Add New

• Name: CMS-MRG

• Move CMS-adhoc from Available Media Resources to Selected Media Resources

• Click Save

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 256 Adhoc Conference – CUCM Configuration

• Create MRGL

• Click on Media Resources  Media Resource Group List

• Click on Add New

• Name: CMS-MRGL

• Move CMS-MRG from Available Media Resource Groups to Selected Media Resource Groups

• Click Save

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 257 Adhoc Conference – CUCM Configuration

• Assign MRGL to Phones

• Click on Device  Phone

• Click Find

• Select Jabber1

• Assign CMS-MRGL

• Click Save and Reset the phone

• Repeat Same steps to Jabber2 and Jabber3 Phones

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 258 Configuration Case Study: Verification

• Verify Webadmin status  CMS> webadmin

Verify Callbridge status  CMS> callbridge

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 259 Configuration Case Study: Verification

• Open a browser and login to the web page of webadmin service • We add :445 at the end of the address since we earlier added port 445 as the listening port for the web admin • https://CMS:445 • Use admin credentials to login

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 260 Configuration Case Study: Verification

• Check Webbridge Status  CMS> webbridge

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 261 Configuration Case Study: Verification

• Check SIP trunk Status • It should be Full Service

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 262 Configuration Case Study: Verification

• Open a Chrome browser and type https://join.cmslab.com

• Click on Sign in

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 263 Configuration Case Study: Verification

• Click on NEW to add NEW call

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 264 Configuration Case Study: Verification

• Click on call

• Dial 9001@ and Press Enter, Select Video option to connect “CoSpaceTest” Meeting room

• It will be connected CoSpaceTest Meeting room

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 265 Configuration Case Study: Verification

• Click on Cisco Meeting Icon to Launch the CMS App

• Sign in with user credentials

• Click on New call

• Dial 9001@ and Enter, It will be connected CoSpaceTest Meeting room

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 266 Configuration Case Study: Verification

• CMS user1 (webRTC client), CMS user2 (CMS APP) and CUCM Jabber clients are connected CoSpaceTest Meeting Room • Click Status  Calls, Displays 3 active calls

• After test Disconnect All calls from Meeting Room

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 267 Configuration Case Study: Verification

• Verify the Conference bridge Status

• Status should be “Registered with CUCMPub”

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 268 Configuration Case Study: Verification

• Initiate Adhoc calls using Jabber clients registered to the UCM

• Verify the same by checking the active calls on CMS server

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 269 Session 8: Preparation Resources and Tips CCIE Collaboration Lab Exam Preparation Getting Started

• Use the CCIE Collaboration Lab content blueprint on the CCIE webpage as your guide: https://learningnetwork.cisco.com/community/certifications/ccie_collaboration • Evaluate and determine your knowledge level and hands-on experience in the major topic areas • Formulate a realistic study plan according to you own work/personal schedule, also customize it according to your technical strength and weaknesses • Don’t spend all your time and focus on collecting the exact replica of the lab equipment • Seek advise, from other Collaboration certified engineers, on preparation plans and tips

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 271 CCIE Collaboration Lab Exam Preparation: Cisco Learning Network: CLN

https://learningnetwork.cisco.com/community/certifications/ccie_collaboration

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 272 The Cisco Learning Network Study Materials

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 273 CCIE Collaboration v2 Learning Matrix

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 274 CCIE Collaboration Lab Exam Preparation (II) Practice Lab and Scenarios

• You don’t need the exact lab replica to learn • Virtual Machines are easier to build and maintain than hardware • Use what you have access to and learn each technology thoroughly • Form study groups to exchange ideas and share pods • Go beyond configuration, learn to debug and troubleshoot • Stay with real-world, applicable scenarios • Focus on learning the technologies instead of learning only what you think (or what you’ve been told) is on the lab exam • Stay aware and informed on up-coming new features

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 275 Exam Tips and Test Taking Strategies Lab Exam Tips: Pre-Lab

Before Your Lab Exam:

• Visit lab test site the day before (subject to site proctor availability)

• Don’t schedule flights too close to the end of the exam: you should be thinking about the exam instead of catching your flight

• Avoid last minute lab material cramp

• Get some sleep the night before the exam

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 277 Lab Exam Tips: In-Lab Think the 4 “C”s:

• Calm

• Careful

• Confident

• Courteous

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 278 Exam Module’ Strategy

Practical Exam

TS DIAG CFG

TS: Don’t get stuck! DIAG: Find the MVI CFG: Anticipate-Implement-Verify!

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 279 Lab Exam Environment

• 100% Web-based

• No printed workbook

• Dual-monitor

• Qwerty keyboard

• Windows 7 Candidate PC

• Custom PuTTY

• Color pens + Scratch paper

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 280 Lab Exam WebGUI

• Open individual item or diagram in separate popup

• Open all items and diagrams in a unique popup

• Consult guidelines

• Provide Feedback on any item

• Confirmation required when clicking “End Session”…

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 281 Countdown timer

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 282 Lab Exam Documentation

Familiarize With Documentation Page

DO NOT Heavily Rely On Documentation

URL Filtering Deployed In The Lab

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 283 Lab Exam Tips In-Lab (Cont.): Understanding Exam Requirements: • Read the entire exam first

• Read the questions very carefully: every word is in there for a reason.

• Don’t assume requirements that aren’t mentioned in a question

• Some questions have multiple solutions, unless the test explicitly asked you to use one versus another, all are valid

• Excessive configurations are generally ignored during grading, unless they interfere with expected solution

• Ask the proctor for clarification

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 284 Lab Exam Tips In-Lab (Cont.): Time Management:

• Use question point values to judge time

• Know time-saving configuration techniques

• Know when to move on – don’t spend too much time on a single task, no matter how important you think it is

• If you suspect hardware issues, notify the proctor immediately

• Don’t make any drastic changes towards the end of lab exam

• Save your configuration frequently

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 285 Lab Exam Tips In-Lab (Cont.): Verification:

• Verify, verify, verify, and verify again

• Some prefer to verify after each question, others like to verify until they finish the whole test. It’s a matter of personal preference

• Verify against all requirements – not just basic functionalities.

• Makes notes and check-lists

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 286 Lab Exam Tips In-Lab (Cont.): Troubleshoot:

• Troubleshooting skill is often the difference between failing and passing • Know what and where to look for debugs and traces • Look out for those seemingly “invisible” typos • Remember the test lab is not your home lab – addressing scheme is different • Troubleshooting is important but don’t spend all your time on one problem • Don’t let a unresolved problem impact your confidence • Again, seek the proctor’s assistance

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 287 For More Information

• Beware of rumors!

• Visit the CCIE web page at: https://learningnetwork.cisco.com/community/certifications

• Support: www.cisco.com/go/certsupport

• Post-lab Email: [email protected]

• Report Cheating: [email protected]

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 288 FAQs FAQ #1: How Do You Grade the Lab Exam?

• Proctors are responsible for grading all lab exams • Automatic tools aid proctors with grading tasks; e.g. capturing candidate’s configuration in database, basic configuration verifications, etc. • Automatic tools enhance exam grading with speed, quality and consistency; but they are never solely responsible for lab exam grading. Proctors are. • The proctor completes the grading of the exam and submits the final score • Partial marks are not awarded for questions • Points are awarded for working solutions only • Some questions have multiple solutions

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 290 FAQ #2: It’s Discouraging to Fail the Exam

• Remember the knowledge you acquired while preparing for the exam is yours to keep – you have become a better and more well rounded engineer through preparation alone

• Old Chinese Proverbs: “From failures, success is born”

• Don’t compare with others

• Remember to enjoy the journey

• Tell us how we could improve, submit online feedbacks or write to us at: [email protected]

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 291 Cisco Certifications SME Recruitment Program

Collaborate and network Directly influence Cisco Career with other engineers Certifications (Design, Author, Review)

Use and sharpen Give back to community technical expertise

Join creativity with experience, Experience with knowledge and skills assessment techniques

cisco.com/go/certsme SME= Subject Matter Expert

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 292 Cisco Live – Certifications Updates

We are ALWAYS exploring ways to enhance our exam portfolio. Keynote: You make Possible - KEYGEN-1001 Monday, June 10, 10:30 AM - 12:00 PM Please attend the following Chuck Robbins, Chairman & CEO sessions here at Cisco Live to learn more about our The making of tomorrow's expert: CCIE - BRKCRT-3100 future together! Tuesday, June 11, 8:30 AM - 10 AM

AND

Make sure to visit us at the certifications lounge in the World of Solutions this week.

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 293 Complete your online session • Please complete your session survey after each session. Your feedback evaluation is very important.

• Complete a minimum of 4 session surveys and the Overall Conference survey (starting on Thursday) to receive your Cisco Live water bottle.

• All surveys can be taken in the Cisco Live Mobile App or by logging in to the Session Catalog on ciscolive.cisco.com/us.

Cisco Live sessions will be available for viewing on demand after the event at ciscolive.cisco.com.

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 295 Continue your education

Demos in the Walk-in labs Cisco campus

Meet the engineer Related sessions 1:1 meetings

#CLUS TECCCIE-3503 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 296 Thank you

#CLUS #CLUS