How to Implement Cisco Call Manager Express at Home, part two

Setting up Cisco CME without the setup command

For versions prior to 8x, the “setup” command has been “depreciated”, but yet it’s still seen on the Cisco router. It literally gets bitchy and basically tells you to eff-off and configure it the more complex way.

Also for $85 in the summer of 2018, it did not include the GUI. While I had an image for the GUI, it was for Release 4. And yet all the nerds love to brag doing everything in terminal  I also defend GUI because it also helps you for the small things, like changing the time at the end of the Daylight time, if you happened to fudge it up, or you want to change the music on hold, stuff like that. I consider the GUI to be the admin, and the terminal for heavier lifting tasks like the routing, etc.

If you so choose to, you’re going to have to set things up line by line.

If you have not assigned a DHCP pool yet, and the VOIP VLAN is separate to your data VLAN; you’re going have to enter (if you don’t have a DHCP server for the sets)

ip dhcp pool ITS*   

network 172.18.2.0 255.255.255.0

option 150 ip 172.18.2.2

default router 172.18.2.2

dns-server 172.18.2.16

* I used “ITS” for the sake of legacy uses because this is what would’ve been entered for the name if you had “setup” still in use.

Network means the server will spit out IP addresses along the network it’s bounded on, by the IP address set up on the interface. I used FastEthernet 0/0 because I felt internal/private LAN should be on the lowest port possible. Your option 150, handles the TFTP server, which will need it’s own discussion later.

Now enter telephony service by entering in

CORE1# telephony-service

Now you want to tell the router how many Cisco SCCP phones you want to have, say

CORE1(telephony)# max-ephones 24

For the number of extensions, double it plus a few more (especially if you want to do paging and Key system functionality)

CORE1(telephony)# max-dn 80

you want to remind the telephony service where its assigned on

CORE1(telephony)# ip source-address 172.18.1.2 port 2000

where port 2000 is the default pipe for Cisco’s SCCP

Do you want to change the line of “Cisco Unified CME” (that on the big CallManager it’s known by “Your Current Options” above the softkeys?

CORE1(telephony)# system-message  ((')) Merry Halloween (('))
CORE1(telephony)# voicemail 8*97

The voicemail button could in theory dial any pre-defined number, and I just used the most likely default carrier number if you don’t have Unity Express installed.

CORE1(telephony)# moh music-on-hold.au

ensure your music-on-hold.au meets Cisco’s spec and it’s living on the flash drive

Entering IP phones is not done in telephony-service at all. This could be because it could be used for SRST functionality, and they kept that prompt at the low level.  You can’t do SRST and CME at the same time.

For more on how the numbers game works in Cisco CME, it’s got it’s own page.

VOIP Security in 2020 – How to Defend Your Right For a Defensive Telephony Network

When seeking for SIP Trunks, or “Cloud PBX” or “Cloud Phone systems”, they are mostly provided by an Internet Telephony Service Provider known as an ITSP, believe it or not. Some coaxial ISPs like Comcast Business, Charter/Spectrum or Cox will also bundle this for their “Business Class” offerings. SIP would not work to scale on DSL, better on bonded T1 lines. While the Internet (the data/web) is considered to be Title II of the FCC regulations, the FCC has put some conditions to VOIP service providers. Your freedoms are not well as celebrated in theory like the ol Part 68/Carterfone ruling; because of the provisions the FCC put in as well as Kari’s Law for Enhanced 9-1-1 services (let’s not touch that anymore.)

I acquired these Polycom phones from a local business that was relocating. I grabbed them without really the intent of actually using them because it’s Polycom and it’s VOIP and the two together is an oxymoron, because I started to realize how bad SIP was. What’s concerning was when I took these phones, I realized they were connected directly to Comcast Business, and while today IP Polycoms are in the mainstream, the lack of any firewall protection is concerning for the overall security.

As a customer (and not a consumer); you can throw-away-the-script by using phrases like

“How are these phones going to connect with my existing network?

“What concerns should I have with security?”

“Wait, I am responsible for something right?”

“I have a SIP Proxy being implemented, and my ‘IT Manager*’ telling me we need this interconnected or we’re done!”

*he doesn’t exist because the person that’s talking, has a part time IT manager in their role!

The best way of scoring deals is to do reversed-sales tactics, and go on the offense as your best defense. Put the sales person in the call center into the fetal position (ok that’s too far) but in a way to get a higher up so then you’re holding the sales person at the ISP or ITSP accountable. This is how customer service used to be, then they went “consumer” (or dumbed-it-down) to then force the customer, the not so well versed communicated type to do anything the enterprise class ISP would tell ’em to do.

Even better, throw a Service Level Agreement to ensure if the imaginary lines go down in the packetwaves, that you can get credited in the next billing cycle for loss of potential revenue. Make sure you can reproduce the problem so you can ensure you did your part.

#

VOIP Security in 2020 – More Concerning Than Ever Before

I don’t intend to scare any potential readers with my written work, however it’s something people need to be on alert. Particularly on a specific technology, not the protocol/service itself.

Voice over IP or VOIP (sometimes spelled with the tacky “VoIP”, pronounced as Vo-eye-pee) is a technology that puts mostly telephony over the open Internet Protocol (hence the IP part of the acronym.)

IP dates back to the early 1980s and it’s offspring to the original DARPAnet that began as a Defense Department project in 1969 to have some form of a communications network in case the Soviets or some other rouge country had bad intentions against America.

Oh this phone is so sexy… and cheap! (And perhaps a bit insecure for our 300 lines we will be acquiring?)

IP then and now is a fragmented protocol, with billions of devices traditionally tied to firewall or Network Address Translation, that is better known as a “router”, so on the wild Net, what it sees is mostly machines and rarely users; except at the application level of the OSI Layer. In reality TCP/IP is your device’s driver to interconnect with other devices like the sound driver enables you to hear things on your machines. 

VOIP is mostly an application, and the IP Phones are really desktop sized streaming devices that replicate that ol telephone that was invented by either Alexander Graham Bell, or Elisha Grey or Thomas Edison.

When VOIP became popular in the enterprise in the early 2000s, the security and reliability had been a concern. “Pure IP” vendors like Cisco came from data point of view so  they felt routing telephony should be routing like accessing the Web. Early on some large-scale implementations had some major failures. Some were bone-headed from the phone guy’s point of view, and some were reliant on Microsoft Windows Server (other vendors probably laughed at Cisco.)

The issue then was a lack of encryption, lack of basic controls such as binding IP addresses for specific services, etc. Earlier versions of VOIP used proprietary protocols, and vendors like Avaya, Nortel and Mitel implemented their hard-wired telephony protocols on top of the “IP stack” (again like a plugin to that driver metaphor”.) VLANs along with firewall policies ensured that VOIP networks would be seen by the IT or phone guy and not a co-worker in accounting.

If a bad guy wanted to get into the phone system, s/he would needed to know the IP address of the server, or gateways, and manipulate the system at that point.

Problem Met Another Problem Without a Simpler Solution

Within the VOIP ecosystem, there was that proprietary way known as H323 (this is a signaling protocol of how the VOIP sets talked to the routers and servers) and then there was Session Initiation Protocol or SIP.

SIP decentralized the telephony networks by putting a switching like system on every device; and took the Web playbook for signaling the servers and gateways, and streaming audio and even video through the hand or headsets. Even that, it could support instant messaging or chat services, since the devices were chatting to each other via text, why can users?

The one thing I left out with H323 vs SIP, was, either a hostname or an IP address with H323, and with SIP it requires a server for authentication, another server for “proxy” another one for an emergency (ala 9-1-1), and another for time of day, and another set of IP addresses or Domain Names for “provisioning” to send all those stuff to the sets.

It also enabled the customer to the standard 19 Custom Calling Services features that in the old consumer landline world would cost a fortune. Any “PBX” type of features has to be “extended” from the vendor, say a Cisco, or Avaya.

SIP was great for long haul trunking between the phone company and the customer, or even inter site linking, since SIP did Caller ID well, if you had played around the graphically enhanced distro of Asterisk, Free PBX, the phrase is used very liberally.

As with any technology or service, without any baseline of historical context, the only thing SIP could relate was the unrelated H323 standard. SIP is open, meaning any vendor that adheres to the Request for Comment/RFC for SIP could theoretically work. Early on in the development of the endpoints (the “phones”) the prediction was you could go to BestBuy or RadioShack and buy a phone off the shelf and bring into the office. While those places did (or does not) carry them per se, but any eBay or Amazon store you could buy a $59 single line set and plug it into a SIP controller in the office and hello to BYOD.

Improper SIP Deployments can be a Threat to Small Businesses 

The issues in the early 2000s involved H323 and proprietary software and servers. A lot of what caused H323 issues then were taught later (such as admin web pages to stay local and not be exposed to the open Internet, or remote users requiring log in through VPN compared SIP could be logged in from anywhere; which is why it’s successful)

Many traditional Nortel, Avaya small end systems that serviced customers less than 30 stations have been replaced Key Phone Systems  “for a little more” or “better off” going a cheaper path to “Cloud PBX” systems. Most small businesses are using store bought technology (which is a whole other issue that would be beating a dead horse); worse is that these devices, Polycoms, Grandstreams, alike are likely directly connected to the Open and Wild Interwebz. If you work in an office with over 255 PCs, typically the DNS address is going to be something like a 172.16.1.x or 10.0.x.x) and not an 8.8.8.8 because if every PC and every device had that; it would stress out the network with every device pinging Google to get onto Facebook.com that then turns into Facebook’s public IP address when using browsers or apps.

For SIP deployments, these devices are going directly on the Internet and not some middleman in the datacenter or server closet. This is how many of the VOIP Phone Spam or Prank calls on steroids occur. There needs to be some device at where the Wide Area Network, WAN or “the Internet comes in” such a enterprise class firewall or a proxy server. All SIP calls would “originate” from this box. Unlike H323 or the traditional phone system, it’s not “the brain” per se, but it controls the quality, security and the “noise” that SIP devices would talk to each other if it’s going to Comcast Business or RingCentral. These things are called SIP Proxy Servers or firewalls, they aren’t “private” per se, it’s a hybrid of a multi line phone system meets the customer premise equipment like those T1-landline adaptors, or straight up modems. They can come in various shapes and sizes. You may need more servers/devices for redundancy. Cisco’s IOS routers have some level of support. If you have virtualization like VMware, you could run this as an instance, or if you have PFsense firewall, there is built in packages to do that.

In 2020, you wouldn’t plug your computer into a modem like you used to in 2002, so why would you do this to an IP enabled phone?

#

How to Implement Cisco Call Manager Express at Home

Updated in 2023 to include compliance to the Fucking Kari Hunt Law… since PBX systems kill women… not deranged men!

The future is all IP

The Future will be Rewritten to be all VOIP.

Cisco is the future.

Just kidd.

In seriousness, if you’re all wired at home, or you are interested in wiring up your home for multi line telephony or have the ability to answer calls from a number of phones or internally call people from within… I think given the consolidation and the access to them, the recommended path is to Cisco. As much as I can’t stand a lot of their technology, you do not need to need  to have everything running on Cisco to do Cisco telephony. Being frank. I have switches using Netgear, and I have some third party endpoints.

The advantage with Cisco is

  •  The “Gold-standard” in VOIP
  • Much easier to acquire, at a reasonable secondhand price (other devices that may be even better like MultiVOIP gateways, are really expensive)
  • Gets your feet wet into other platforms such as wireless, firewalls (ASA), etc.
  • Voice quality sounds better than any standard POTS phones, using the same POTS wiring from your phone company
  • They are more open to the standards-based, meaning you don’t have to be a Cisco showoff at the tables, desks. You could use SIP phones from other vendors now than historically.

I am writing this because a lot of the content out there is shit. Whether it’s written by guys who haven’t had proofread his own copy, or someone with U.S. English as a Second Language; or people who are so elitest with their Cisco certs, they’re like “it is (what it is!)”

Continue reading

Is “AKA” a Professional Phrase? NO IT IS NOT!

I am getting really tired of this startup, bro culture of scruffy guys who can’t tie a goddamned tie anymore.  Screw the hoodies, and the peer-language and nerdy words in the mainstream.

So how in the hell can “aka”, “a/k/a”, “AKA” that means “Also Known As” be unprofessional?

Because it’s slang! It’s as if you talk to your friend! AKA is synonymous with an “alias” in case you didn’t know. But I don’t like hearing it because it often comes from a nerd who is trying to be cool but he’s trying too hard. Also it comes off condescending, often pushy and aggressive and trying to win a debate. It’s quite often the male culture  to push, and convert, and if you don’t like his views, he’ll keep on pushing. Like how he want’s to get a girl to have sex, and he just rapes her…

I find this AKA even on install screens to Linux. Do these coders NOT know to use parenthesis? Oh I get it, these nerds are hyper focused on coding, that if you use parenthesis, it will mess up their workflow from coding vs graphic design! Perhaps that’s why they have to speak in flat tone because if you use a “question mark” in writing, they’ll do the same in coding which would screw up a program!

I am on a trend to gut guys balls and hold these bros accountable. I hate frat boys, I hate coders, I hate guys who are lazy, I HATE MEN!!! WRITE MORE LIKE A PROFESSIONAL AND PERHAPS I WILL TAKE YOU SERIOUSLY!

Linux Hasn’t, Isn’t and WILL NEVER be an Enterprise Operating System

“It’s Free and it’s Open Source”

The six word tagline that has no meaning, other than for nerds who don’t have a social life or rape women or mess around with little ones it seems like.  It means nothing!

There is no such thing as a free lunch. In fact more recently, more open source projects are requesting for you to give away your contact information to sell you products. In the UC world, remember how so many were gushing over the free “Asterisk PBX“? This is the product I am talking about, specifically the fork known as Free PBX.

Linux is a broken system unlike the commercial world

  • There are no “standards”
  • There are 1,000 different flavors of “distros”
  • The arrogance such as “Real men build their own drivers” and other derogatory culture of the open source world.
  • The software’s lifecycle is just as similar as the commercial world
  • There are more security holes, while it’s lesser with Windows, it is only second to the Mac
  • The super obsessed “minimal” approach, does not work well with non engineers.

Continue reading

Security Watch: BE CAREFUL WHEN YOU SIGN ONTO GOOGLE!

So for about a few months or a month, I am not sure, but my Google account for personal stuff had been logged in only because I logged into the Gmail app.

What happens in recent versions is a pop up Safari instance (similarly used for the “Captive portals” used for WiFi hotspots) requesting for your Google login. Because this shares the same Safari instance to your app, you may not realize that other Google Apps installed (such as Maps, and others) have already logged you in. Because you logged into an indirect session on Safari, this also means that your Google searches or other Google services you use on Safari will remained logged in until you log off.

Unfortunately my searches and using YouTube had also created another Clickford account without my knowledge.

If you want to do user-blaming (“Well you should look at the TOS instead of whining”), go ahead and I will call you a wife beating rapist and child molester because you think it’s OK to take advantage of vulnerable people for your own self interest on spying users.

Session Initiation Protocol – The Secrets, part two

For the end user level, SIP telephones can do cool stuff that couldn’t be done on “office phones” prior to.

One for the first time since ISDN, office grade sets can interconnect without the expense of a large PBX  system. Some can work in Peer to Peer fashion.  BUT, don’t believe in this entirely just yet.

They work in basic modes when it’s off the H323 network, if the Avayas, the Mitels and the Ciscos have “dual modes”. You have to toggle this in it’s basic configuration. Continue reading