Search this Blog

Sunday, November 28, 2010

ERROR CcSetup failed - no streams available

We are seeing this error on some traces when trying to add phones to a meet me conference (more than 30 participants). On service parameters the participants limit for meet me conferences is more than 100. The IPVMS limit for each server is the default of 48 streams. Having an MRG assigned to the phone which has much more than one CFB, the attempt of joining the conference fails when the 48 streams from the first CFB from the list are used.

11/25/2010 16:44:39.912 CCM|UnicastBridgeControl::allocateStream - Device Name=CFB_BLZ, StreamAvailable=0 StreamUsed=48 MaxStreams=48|

11/25/2010 16:44:39.912 CCM|UnicastBridgeControl::allocateStream - Device Name=CFB_BLZ, StreamAvailable=0 StreamUsed=48 MaxStreams=48|

11/25/2010 16:44:39.912 CCM|UnicastBridgeControl - ERROR CcSetup failed - no streams available -- Ci = 121017196, ConferenceId= 117445904, Cdpn=b00703221016|.

11/25/2010 16:44:39.913 CCM|ConnectionManager - wait_AuDisconnectRequest ERROR:NO ENTRY FOUND IN TABLE,CI(121017194,121017196),dcType=1,IFCreated(0,0),PID(0-0,0-0),IFHandling(0,0),MCNode(0,0)|

How come its not jumping to the next CFB from the list? Are we missing something?

On RTMT, monitoring performance, all the other CFBs have available streams to use...

Tips:

A single conference call will only use a single bridge. Your debug shows this because it is only attempting to allocate a stream from the already-allocated bridge resource. It is not searching the MRGL for other bridges to use.

If you want to exceed it's capacity you will need to link two calls together manually using an ad-hoc conference. To be honest for this type of scale you should be using MeetingPlace; this is way beyond what MeetMe was intended to be used for.

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

How do we avoid that calls to internal numbers go through gateway

How do we enable it so that if an internal user at DN 1234, want to call 2345, but are entering the full 0 + 8 digit dial string, does not go through the GW.

( we are using 4 digit for internal calls, 8 for external + 0 ) . Some of the internal users are entering the full dial string, as if they where to call local extension. We want the Translation Pattern , to be set up so that if an internal caller, want to dial another internal user, and he is entering 0 + 8 digit, then my CUCM should strip some digits of, and see that this is meant to be an call from internal to internal users. We know that this should be possible. We are using 4 CSS. Int, Norm, Foreign and All.

Tips:

You need to use translation patterns. Create a new translation pattern in the same partition as your phone directory numbers. For each DID range that you have enter the full number that a user would dial to reach the phones including the 8 access code and XXXX for the last four digits. Assign a Calling Search space that allows the translation pattern access to the partition containing the phone directory numbers. Enter XXXX as the Called Party Transformation Mask. The image below shows a translation pattern configured on CUCM 7 configured as described above - CCM4 should be similar.














Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Monday, November 22, 2010

Which platforms support GRE in hardware?

Is there a document which summarizes the devices which support GRE in hardware and the limitations ? is it correct that the entry level for h/w based GRE is the SUP32 PISA ? Is there no hardware support for GRE in the 4500, even with 10Gb Sup ?

Tips:

On 6k, Sups running in PFC-3B mode and up will support GRE in hardware. Use "show platform hardware pfc mode" to verify.

On 4500, the sup7E has the capabilities for hardware support, but I don't think the software has yet been released to support GRE in hardware. Last I can find, the software release was aimed at post-launch, which I believe just came recently in August or so.

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

How to set up the 881 to do the same as our WRT54GS?

We have a Cisco 881 router and we can access it using the CCP 2.3. With this router we can surf internet with no problem and we want to replace it with my old router Linksys WRT54GS, but we need to open this ports on the 881:

Linksys WRT54GS configuration under -Applications & Gaming - Port Range Foward:

Application Start End Protocol IP Address

Apache 80 80 Both 1.100.100.240 (this is our web server ip)

MySQL 3306 3306 Both 1.100.100.240

FTP 21 21 Both 1.100.100.240

SSH 22 22 Both 1.100.100.240

Can anyone pls tell how to set up the 881 to do the same as our WRT54GS?

Tips:

if you can connect to router with telnet, you can use configuration below.

for example;

wan ip = x.x.x.x

#conf t

(config)#ip nat inside source static tcp 1.100.100.240 80 int x.x.x.x 80

(config)#ip nat inside source static tcp 1.100.100.240 3306 int x.x.x.x 3306

(config)#ip nat inside source static tcp 1.100.100.240 21 int x.x.x.x 21

(config)#ip nat inside source static tcp 1.100.100.240 22 int x.x.x.x 22

(config)#end

#wr

Or

Click here for the document for other remedies.

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Monday, November 15, 2010

How to connect to Internet through 1 interface and Vpn through another interface?

We are trying to setup a environment where we want Vlans 1 and 2 to communicate with each other through inter-vlan routing. Vlan 2 should be accessed through the VPN tunnel on the from the other end. These should however be no access to Vlan 1 through the vpn tunnel. Finally we want both vlan 1 and vlan 2 to connect to the internet through another interface of the router.

R1 Se 0/0 1.1.1.1

R2 Se0/0 is 1.1.1.1

R1 Se0/1 2.2.2.2

R3 Se0/0 2.2.2.1

We have managed to implement ipsec vpn between R1 and R2 and access to Vlan 2 from R2 is working fine and there is no access to Vlan 1 from R2. However we are not able to connect to the internet from Vlan 1 and Vlan 2. Any suggestions welcome

This is the config

R1#sh run

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

!

crypto isakmp key cisco address 1.1.1.2

!

!

crypto ipsec transform-set TXRX esp-3des esp-md5-hmac

!

crypto map MAP 1 ipsec-isakmp

set peer 1.1.1.2

set pfs group2

set transform-set TXRX

match address 101

interface FastEthernet0/0

no ip address

duplex auto

speed auto

!

interface FastEthernet0/0.1

encapsulation dot1Q 1 native

ip address 10.1.6.1 255.255.255.0

!

interface FastEthernet0/0.2

encapsulation dot1Q 2

ip address 10.2.16.1 255.255.255.0

!

interface FastEthernet0/1

no ip address

duplex auto

speed auto

shutdown

!

interface Serial0/0/0

ip address 1.1.1.1 255.255.255.0

crypto map MAP

!

interface Serial0/0/1

ip address 2.2.2.2 255.255.255.0

!

interface Vlan1

no ip address

shutdown

!

ip classless

ip route 10.10.10.0 255.255.255.0 1.1.1.2

!

access-list 101 permit ip host 10.2.16.2 10.10.10.0 0.0.0.255

access-list 102 permit udp host 1.1.1.2 any eq isakmp

access-list 102 permit esp host 1.1.1.2 any

!

End

R2 Config

R2#sh run

hostname R2

!

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

!

crypto isakmp key cisco address 1.1.1.1

!

!

crypto ipsec transform-set TXRX esp-3des esp-md5-hmac

!

crypto map MAP 1 ipsec-isakmp

set peer 1.1.1.1

set pfs group2

set transform-set TXRX

match address 101

!

interface FastEthernet0/0

ip address 10.10.10.1 255.255.255.0

duplex auto

speed auto

!

interface Serial0/0/0

ip address 1.1.1.2 255.255.255.0

clock rate 1000000

crypto map MAP

!

!

ip classless

ip route 10.2.16.0 255.255.255.0 1.1.1.1

!

!

access-list 101 permit ip 10.10.10.0 0.0.0.255 10.2.16.0 0.0.0.255

access-list 102 permit udp host 1.1.1.1 any eq isakmp

access-list 102 permit esp host 1.1.1.1 any

end

R3 config is

R3#sh run

Building configuration...

hostname R3

interface Serial0/0/0

ip address 2.2.2.1 255.255.255.0

clock rate 1000000

end

R3#

access-list 101 permit ip host 10.2.16.2 10.10.10.0 0.0.0.255?

Even if we configure L3 to perform inter-vlan routing how will traffic be passing from the lan to the internet and for vpn connectivity. What will happen to the already existing acl 101 which is responsible for vpn traffic.

Tips:

Well you are using 10.x.x.x addressing and you have no NAT setup so none of your addressing will be routable on the Internet.You need -

fa0/0.1

ip nat inside

fa0/0.2

ip nat inside

s0/0/1

ip nat outside

access-list 101 permit ip 10.1.6.0 0.0.0.255 any

access-list 101 permit ip 10.2.16.0 0.0.0.255 any

ip nat inside source list 101 interface s0/0/1 overload.

You should use an unused acl number for the NAT, between 100 - 199.

It's not changing to L3 inter-vlan routing on the switch would make it work, it's just that if you have a L3 switch in your network it's usually better to use it for it's intended purpose. If the amount of traffic between vlan 1 and vlan 2 is not that much then you can stick with what you have but L3 switches provide much better throughput generally than equivalent routers so the interface on the router you are using sub interface on could actually become a bottleneck between the 2 vlans.

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.
 
/* Google Analytics begin ----------------------------------------------- */ /* Google Analytics end ----------------------------------------------- */