How to restore the factory settings on a Cisco Access Point

1. Through the CLI via console or SSH:

  1. login to the AP using Cisco/Cisco

  • If you want to reset the access point to its default settings and a static IP address, use the write erase or erase /all nvram command.
  • If you want to erase everything including the static IP address, in addition to the above commands, use the erase and erase boot static-ipaddr static-ipmask command.

2. Through the MODE button:

  1. Power off the AP
  2. While keeping the MODE button pressed, power on the AP.
  3. Still keep the MODE button pressed until the Status LED turns to red and then release it.

3. Installing via recovery image:

  1. Download the recovery image for 3500 from Cisco site.
  2. on AP Console write the command “Debug capwap console cli”
  3. Then write the commadn “Archive download-sw /overwrite /reload tftp:///”

 

Clearing the Controller Configuration on a Cisco Wireless LAN Controller

1. Through the CLI via console or SSH:

  1. login to the WLC

  1. Enter clear config and enter y at the confirmation prompt to confirm the action.

  2. Enter reset system. At the confirmation prompt, enter n to reboot without saving configuration changes. When the controller reboots, the configuration wizard starts automatically.

  3. Follow the instructions in the “Using the Configuration Wizard” section on page 4-2 to complete the initial configuration.

 

Erasing the Controller Configuration on a Cisco Wireless LAN Controller

1. Through the CLI via console or SSH:

  1. login to the WLC

  1. Enter reset system. At the confirmation prompt, enter y to save configuration changes to NVRAM. The controller reboots.

  2. When you are prompted for a username, enter recover-config to restore the factory default configuration. The controller reboots and the configuration wizard starts automatically.

  3. Follow the instructions in the “Using the Configuration Wizard” section on page 4-2 to complete the initial configuration.

Cisco WLC AP cert issue: %DTLS-3-HANDSHAKE_FAILURE

WLC error log message: *spamApTask6:  %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:844 Failed to complete DTLS handshake with peer

or:

Failed to complete DTLS handshake with peer 10.32.41.96 for AP 00:1d:45:36:97:30 
*spamReceiveTask: Sep 19 21:42:59.855: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:631 Failed to complete DTLS handshake with peer 1.2.3.4 for AP 00:11:22:33:44:55

By default, if an AP and/or WLC certificate has expired, then the DTLS connection will fail. To get around this we had to enable a command in the WLC that ignored the AP cert. The happened because the Manufacturer Installed Certificate (MIC) has now become older than ten years and has expired. To allow AP’s to join a WLC after certificate expiration, upgrade to the fixed software version, then use the following commands:

With “config ap lifetime-check {mic|ssc} enable” or “config ap cert-expiry-ignore {mic|ssc} enable” in effect, the WLC and AP will ignore the expiration date on the devices’ MICs and SSCs. The above-noted commands must remain in effect as long as devices with expired MIC or SSC certificates are used.

Solution:

SSH into the WLC and run the following commands:

if that doesn’t help try

Introduction

This document covers the overview of SIP debugging commands which are helpful while examining the status of SIP components and troubleshooting.

 

SIP debugging overview

debug ccsip: This has various options

Feature Design of SIP Debug Output Filtering Support

Prior to the SIP Debug Output Filtering Support feature, debugging and troubleshooting on the VoIP gateway was made more challenging by the extensive amounts of raw data generated by debug output.

This feature allows the debug output for a SIP call to be filtered according to a variety of criteria. The SIP Debug Output Filtering Support feature provides a generic call filtering mechanism that does the following:

  • Allows you to define a set of matching conditions for filtering calls.
  • Identifies the desired calls based on the configured matching conditions inside VoIP gateways.
  • Coordinates the filtering effort on traced calls between multiple modules inside VoIP gateways.
  • Displays the debugging trace for calls that match the specified conditions.

SIP Debug Commands that Support Output Filtering

Configuring Call Filters

This task configures the conditions for filtering SIP calls.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. call filter match-list number voice
  4. incoming calling-number string
  5. incoming called-number string
  6. incoming signaling {local | remote} ipv4 ip-address
  7. incoming media {local | remote} ipv4 ip-address
  8. incoming dialpeer tag
  9. outgoing calling-number string
  10. outgoing called-number string
  11. outgoing signaling {local | remote} ipv4 ip-address
  12. outgoing media {local | remote} ipv4 ip-address
  13. outgoing dialpeer tag
  14. end

Example:

 

Enabling SIP Debug Output Filtering: Example

 

 

source: supportforums.cisco.com

SIP traces provide key information in troubleshooting SIP Trunks, SIP endpoints and other SIP related issues. Even though these traces are in clear text, these texts can be gibberish unless you understand fully what they mean.

This document attempts to break down each component of the SIP interaction using a practical approach. We will look at various logs, the SIP messages, headers, SDP information and try to figure out what is going on in a sip voice call transaction.

In as much as I will try to define the under lying layer of the SIP messaging, this document will not go into in-depth analysis of the SIP protocol, so it is advisable to understand SIP protocol technology to be able to understand sip traces.

One key element of troubleshooting is this: To fix a problem, you need to understand the issue, how it works before you can restore it to order.

One popular debug used in troubleshooting a sip solution on a cisco IOS router is

 

“Debug ccsip messages”.

 

To understand The output generated by this debug..We need to understand the Key/fundamental sip messages exchanged during a sip voice call..

1. Invite

2. Trying

3. Ringing

4. ACK

5. OK

 

 

We will look at these messages as we try to understand the debugs. These messages are key in knowing what’s going on. They help us to understand the language been spoken so we are not lost like a non French speaking man in Paris!

Ok enough of grammars, lets dive in! Ready?

INVITE:

An Invite is a SIP requests called methods. There are Six SIP methods described in the SIP specification document RFC 3261 [1].

The INVITE, REGISTER, BYE, ACK, CANCEL, and OPTIONS methods are the original six methods

in SIP.

 

The INVITE method is used to establish media sessions between user agents. In

telephony, it is similar to a Setup message in ISDN

 

 

An INVITE usually has a message body containing the media information

of the caller. The message body can also contain other session information, such

as a resource list in the case of an early offer. If an INVITE does not contain media information, the ACK contains the media information of the UAC.

 

To identify the caller, the called number, the media information and resources advertised in the Invite, SIP invites use headers. Headers are key parameters within the SIP invite and we shall look at them so as to gain full clarity of what’s going on.

 

Let’s look at a sample SIP trace from CUCM. Note this is very similar to what a debug ccsip messages will produce on a CUBE gateway.

 

Here is the call setup for this trace

 

CUCM———-sip trunk——>CUBE———SIP Trunk—————>ITSP

(10.105.80.114)                        (10.105.80.174)

 

INVITE with SDP.

INVITE sip:14107154522807@10.105.80.174:5060 SIP/2.0

Via: SIP/2.0/UDP 10.105.80.114:5060;branch=z9hG4bK98e4117d52a6

From: “Solihull” <sip:01214248526@10.105.80.114>;tag=25526~ffa80926-5fac-4dd6-b405-2dbbc56ae9a2-551664735

To: <sip:14107584528207@10.105.80.174>

Date: Mon, 02 Apr 2012 18:12:31 GMT

Call-ID: 68781700-f791ec0f-2d26-e28690a@10.105.80.114

Supported: timer,resource-priority,replaces

Min-SE: 1800

User-Agent: Cisco-CUCM8.6

Allow: INVITE, OPTIONS, INFO, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY

CSeq: 101 INVITE

Expires: 180

Allow-Events: presence, kpml

Supported: X-cisco-srtp-fallback

Supported: Geolocation

Call-Info: <sip:10.105.80.114:5060>;method=”NOTIFY;Event=telephone-event;Duration=500″

Cisco-Guid: 1752700672-0000065536-0000007823-0237529354

Session-Expires: 84600

Contact: <sip:01214248526@10.105.80.114:5060>

Max-Forwards: 70

Content-Length: 0

Content-Type: application/sdp

Content-Length: 238

 

v=0

o=CiscoSystemsCCM-SIP 811669 1 IN IP4 10.105.40.14

s=SIP Call

c=IN IP4 10.133.92.102

t=0 0

m=audio 25268 RTP/AVP 18 101

a=rtpmap:18 G729/8000

a=ptime:20

a=fmtp:18 annexb=no

a=rtpmap:101 telephone-event/8000

a=fmtp:101 0-15

 

Now let’s break it up or dissect this piece of information.

 

As we can see there are lots of headers in this invite…

 

 

Via

To

From

Call-ID

CSeq

Contact

Max-Forwards

Expires

 

The INVITE header

INVITE sip:14107584528207@10.105.80.174:5060 SIP/2.0

 

This is the first part of the trace usually refrred to as the Request-URI This shows four key things

1. The called number

2. The device responsible for the called number or the device through which the called number will be routed

3. SIP Port number

4. Sip Version..

 

So here we see the called number is: 14107584528207

The gateway responsible for routing to this number is 10.105.80.174

SIP port is 5060 and the Sip version is 2.0

 

The Via Header:

 

Via: SIP/2.0/UDP 10.105.80.114:5060;branch=z9hG4bK98e4117d52a6

 

The required Via header field is used to record the SIP route taken by a request

and is used to route a response back to the originator. A UA generating a request

records its own address in a Via header field.

 

Here we see that CUCM is the UA generating this invite and it stamps it IP on the call. This helps identify the origin of the call.

Via header fields contain protocol name, version number, and transport

(SIP/2.0/UDP, SIP/2.0/TCP, etc)

 

The Via header contains what is called the sent-by field. The image below shows the sent by field and this is where the required response will be sent to.

In SIP responses follow the via header except for future requests like ACK and BYE where responses are sent to the contact header

The To and From Headers

 

From: <sip:01214248526@10.105.80.114>;tag=25526~ffa80926-5fac-4dd6-b405-2dbbc56ae9a2-551664735

 

To: sip:14107584528207@10.105.80.174

 

The next header fields are the To and From header fields, which show the

originator and destination of the SIP request.

 

Note that the To and From header fields are not reversed in the response message as one might expect them to be. This is because the To and From header fields in SIP are defi ned to indicate the direction of the request, not the direction of the message. Since <sip:01214248526@10.105.80.114 initiated this request, all responses to this INVITE will read

To: sip:14107584528207@10.105.80.174

From: <sip:01214248526@10.105.80.114.

 

Date Header:

 

 

A key component of the sip message. Its tells us the time of the sip request.

 

 

Call ID:

 

Call-ID: 68781700-f791ec0f-2d26-e28690a@10.105.80.114

 

The Call-ID header field is an identifier used to keep track of a particular SIP session. The originator of the request creates a locally unique string. Some older implementations also add an “@” and its host name to the string. The initiator of the session that generates the establishing INVITE generates the unique Call-ID and From tag.

 

The Call ID is one of the key components used in troubleshooting. Each UA generates its own Call ID. Sowhen a call originates from CUCM, CUCM generates its own call id and when a call origate from the CUBE, CUBE generate its own call ID.

 

 

 

Cseq Header:

 

 

CSeq: 101 INVITE

The command sequence CSeq header field is a required header field in every request. The CSeq header field contains a decimal number that increases for each request. Usually, it increases by 1 for each new request, with the exception of CANCEL and ACK requests, which use the CSeq number of the INVITE request to which it refers. The CSeq count is used by UASs to determine out-of-sequence requests or to differentiate between a new request (different CSeq) or a retransmission (same CSeq). The CSeq header fi eld is used by UACs to match a response to the request it references

 

 

 

User Agent Header:

 

 

User-Agent: Cisco-CUCM8.6

 

 

This header identifies the UA that is originating this request/response. In this trace we can see that the UA above is CUCM version 8.6.The user agent header helps identify the originator of the request/response.

 

SDP Extensions and Attributes

 

The SDP extensions used in the application/SDP header lists the media capabilities the calling party is willing to receive or negotiate or support for the session. The table below shows the SDP attributes in this test call and the meaning of each attribute/extension. Please note that The RFC 3264[17] specifies that the attributes containing “a=rtpmap” should be used for each media field

 

 

SDP Parameter Parameter                                                             Name

 

v=0 Version Number
o=CiscoSystemsCCM-SIP 811669 1 IN IP4 10.105.40.14

 

Origin
s=SIP Call Call Subject
c=IN IP4 10.133.92.102 Connection/IP address for RTP stream
t=0 0 time
m=audio 25268 RTP/AVP 18 101 Media
a=rtpmap:18 G729/8000 Attributes-media
a=ptime:20 Attributes-Packetization
a=rtpmap:101 telephone-event/8000 Dtmf attributes
a=fmtp:101 0-15 Dtmf tones

 

Lets look at media attributes below

 

m=audio 25268 RTP/AVP 18 0 8 101

 

This line defines the media attribtes that will be used for the call.

 

Audio:           means that this is an Audio call, we can also have m=video in case of a Video call

25268:           Is the dynamic RTP port used for the call

RTP/AVP:      Represents the RTP/AVP profile number for each of the profiles listed. The profile numbers are explained below

 

18=G729

0=PCMU

8=PCMA

101=rtp-nte payload

 

 

 

DISSECTING A SIP TRACE

 

Now we have looked at the basics of sip headers and messages, lets use this to understand the following sip trace

 

The call flow for this call is as shown:

 

 

PSTN——–>ITSP——->CUBE—————>CUCM—————->IP PHONE

 

 

 

 

ITSP: 10.10.33.132

CUBE:10.100.0.74

CUCM:10.100.0.14

 

 

 

 

1. An inbound call is received on the CUBE from the ITSP. This invite was sent with SDP. NB that this inbound leg of this call will have a unique call ID that shows the origin of the call, highlighted below.

 

Received:
INVITE sip:441127653485@10.100.0.74:5060 SIP/2.0
Via: SIP/2.0/UDP 10.10.33.24:5070;branch=z9hG4bK9377fo00cg5ha7l0g3t0.1
From: <sip:07455900064@212.136.178.216:5060;user=phone>;tag=1526438727-1338998848384-
To: “voice-lab-aokanlawon”<sip:441127653485@pbx.emea.ipcom.com>
Call-ID: BW1807283840606121067600210@212.136.178.216
CSeq: 558267841 INVITE
Contact: <sip:07455900064@10.10.33.24:5070;transport=udp>
Allow: ACK,BYE,CANCEL,INFO,INVITE,OPTIONS,PRACK,REFER,NOTIFY
Accept: multipart/mixed,application/media_control+xml,application/sdp
Supported:
Max-Forwards: 69
Content-Type: application/sdp
Content-Length: 207

v=0
o=BroadWorks 161384582 1 IN IP4 10.10.33.132
s=-
c=IN IP4 10.10.33.132
t=0 0
m=audio 11164 RTP/AVP 18 0 8 101
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=ptime:20
a=fmtp:18 annexb=no

 

+++From our understanding of the traces, we see that the call originates from a device called Broadworks, which advertises G711a, G711u, G729 and uses rtp-nte for DTMF. We also see the IP address for the CUBE to stream its RTP to.+++++

 

2. A new Invite Sent to CUCM.

 

After the CUBE receives the invite, it sends an invite to cucm based on the dial-peers configured.

 

NB: that this new invite is sent with a new CALL-ID. This is very important in understanding the order of thigs especially when troubleshooting issues. We can also see that the CUBE advertises all its SDP attributes, codec, dtmf supported, fax etc.

 

002791: Jun  6 16:07:28.394: //260863/8C38FA5E95E3/SIP/Msg/ccsipDisplayMsg:
Sent:
INVITE sip:901926653485@10.100.0.14:5060 SIP/2.0
Via: SIP/2.0/TCP 10.100.0.74:5060;branch=z9hG4bK7953C1859
Remote-Party-ID: <sip:07455900064@10.100.0.74>;party=calling;screen=no;privacy=off
From: <sip:07455900064@10.100.0.74>;tag=4C85762C-1A2D
To: <sip:901127653485@10.100.0.14>
Date: Wed, 06 Jun 2012 16:07:28 GMT
Call-ID: 8C394872-AF2811E1-95E98F4D-5D7E5E41@10.100.0.74
Supported: timer,resource-priority,replaces,sdp-anat
Min-SE:  1800
Cisco-Guid: 2352544350-2938638817-2514718541-1568562753
User-Agent: Cisco-SIPGateway/IOS-12.x
Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY, INFO, REGISTER
CSeq: 101 INVITE
Timestamp: 1338998848
Contact: <sip:07455900064@10.100.0.74:5060;transport=tcp>
Expires: 180
Allow-Events: kpml, telephone-event
Max-Forwards: 68
Content-Type: application/sdp
Content-Disposition: session;handling=required
Content-Length: 355

v=0
o=CiscoSystemsSIP-GW-UserAgent 8773 2764 IN IP4 10.100.0.74
s=SIP Call
c=IN IP4 10.100.0.74
t=0 0
m=audio 19264 RTP/AVP 18 0 8 100 101
c=IN IP4 10.100.0.74
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:100 X-NSE/8000
a=fmtp:100 192-194
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15

 

3. Next the CUBE sends a trying to ITSP. Trying simply means: I am looking for the number you have requested.

 

002792: Jun  6 16:07:28.394: //260862/8C38FA5E95E3/SIP/Msg/ccsipDisplayMsg:

Sent:

SIP/2.0 100 Trying

Via: SIP/2.0/UDP 10.10.33.24:5070;branch=z9hG4bK9377fo00cg5ha7l0g3t0.1

From: <sip:07455900064@212.136.178.216:5060;user=phone>;tag=1526438727-1338998848384-

To: “voice-lab-aokanlawon”<sip:441127653485@pbx.emea.ipcom.com>

Date: Wed, 06 Jun 2012 16:07:28 GMT

Call-ID:

BW1807283840606121067600210@212.136.178.216

 

CSeq: 558267841 INVITE

Allow-Events: kpml, telephone-event

Server: Cisco-SIPGateway/IOS-12.x

Content-Length: 0

 

4. Next the CUBE receives a trying from CUCM. The call-ID help us to know where these responses are coming from.

 

002793: Jun  6 16:07:28.396: //260863/8C38FA5E95E3/SIP/Msg/ccsipDisplayMsg:
Received:
SIP/2.0 100 Trying
Via: SIP/2.0/TCP 10.100.0.74:5060;branch=z9hG4bK7953C1859
From: <sip:07455900064@10.100.0.74>;tag=4C85762C-1A2D
To: <sip:901127653485@10.100.0.14>
Date: Wed, 06 Jun 2012 16:07:28 GMT
Call-ID: 8C394872-AF2811E1-95E98F4D-5D7E5E41@10.100.0.74
CSeq: 101 INVITE
Allow-Events: presence
Content-Length: 0

 

5. Next the CUBE receives ringing from CUCM This informs the CUBE that the called endpoint is ringing

 

002794: Jun  6 16:07:28.412: //260863/8C38FA5E95E3/SIP/Msg/ccsipDisplayMsg:

Received:

SIP/2.0 180 Ringing

Via: SIP/2.0/TCP 10.100.0.74:5060;branch=z9hG4bK7953C1859

From: <sip:07455900064@10.100.0.74>;tag=4C85762C-1A2D

To: <sip:901127653485@10.100.0.14>;tag=811674~ffa80926-5fac-4dd6-b405-2dbbc56ae9a2-477917854

Date: Wed, 06 Jun 2012 16:07:28 GMT

Call-ID:

8C394872-AF2811E1-95E98F4D-5D7E5E41@10.100.0.74

 

CSeq: 101 INVITE

Allow: INVITE, OPTIONS, INFO, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY

Allow-Events: presence

Supported: X-cisco-srtp-fallback

Supported: Geolocation

Contact: <sip:901926653485@10.100.0.14:5060;transport=tcp>

Content-Length: 0

 

 

6. The CUBE relays this message to the calling party

 

002795: Jun  6 16:07:28.412: //260862/8C38FA5E95E3/SIP/Msg/ccsipDisplayMsg:

Sent:

SIP/2.0 180 Ringing

Via: SIP/2.0/UDP 10.10.33.24:5070;branch=z9hG4bK9377fo00cg5ha7l0g3t0.1

From: <sip:07455900064@212.136.178.216:5060;user=phone>;tag=1526438727-1338998848384-

To: “voice-lab-aokanlawon”<sip:441127653485@pbx.emea.ipcom.com>;tag=4C85763E-1CF8

Date: Wed, 06 Jun 2012 16:07:28 GMT

Call-ID:

BW1807283840606121067600210@212.136.178.216

 

CSeq: 558267841 INVITE

Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY, INFO, REGISTER

Allow-Events: kpml, telephone-event

Remote-Party-ID: <sip:901926653485@10.100.0.74>;party=called;screen=no;privacy=off

Contact: <sip:901127653485@10.100.0.74:5060>

Server: Cisco-SIPGateway/IOS-12.x

Content-Length: 0

 

 

7. Now the CUBE receives a 200 ok from CUCM. Please note that some elements of the SDP has changed

 

c=IN IP4 10.100.20.10————————IP address to send RTP stream to

t=0 0 ——————————————-Duration of the call

m=audio 16730 RTP/AVP 18 101———Codec to use for call and DTMF type to use

a=rtpmap:18 G729/8000——————-Codec = G729

 

 

 

002796: Jun  6 16:07:28.556: //260863/8C38FA5E95E3/SIP/Msg/ccsipDisplayMsg:
Received:
SIP/2.0 200 OK
Via: SIP/2.0/TCP 10.100.0.74:5060;branch=z9hG4bK7953C1859
From: <sip:07455900064@10.100.0.74>;tag=4C85762C-1A2D
To: <sip:901127653485@10.100.0.14>;tag=811674~ffa80926-5fac-4dd6-b405-2dbbc56ae9a2-477917854
Date: Wed, 06 Jun 2012 16:07:28 GMT
Call-ID: 8C394872-AF2811E1-95E98F4D-5D7E5E41@10.100.0.74
CSeq: 101 INVITE
Allow: INVITE, OPTIONS, INFO, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY
Allow-Events: presence, kpml
Supported: replaces
Supported: X-cisco-srtp-fallback
Supported: Geolocation
Session-Expires:  84600;refresher=uas
Require:  timer
Contact: <sip:901127653485@10.100.0.14:5060;transport=tcp>
Content-Type: application/sdp
Content-Length: 237

v=0
o=CiscoSystemsCCM-SIP 811674 1 IN IP4 10.100.0.14
s=SIP Call
c=IN IP4 10.100.20.10

t=0 0

m=audio 16730 RTP/AVP 18 101
a=rtpmap:18 G729/8000
a=ptime:20
a=fmtp:18 annexb=no
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15

 

8. CUBE sends an ACK to CUCM to acknowledge the last 200 Ok message

 

002797: Jun 6 16:07:28.556: //260863/8C38FA5E95E3/SIP/Msg/ccsipDisplayMsg:

Sent:

ACK sip:901127653485@10.105.40.14:5060;transport=tcp SIP/2.0

Via: SIP/2.0/TCP 10.100.0.74:5060;branch=z9hG4bK7953DC95

From: <sip:07455900064@10.100.0.74>;tag=4C85762C-1A2D

To: <sip:901127653485@10.105.40.14>;tag=811674~ffa80926-5fac-4dd6-b405-2dbbc56ae9a2-477917854

Date: Wed, 06 Jun 2012 16:07:28 GMT

Call-ID: 8C394872-AF2811E1-95E98F4D-5D7E5E41@10.100.0.74

Max-Forwards: 70

CSeq: 101 ACK

Allow-Events: kpml, telephone-event

Content-Length: 0

 

9. CUBE then sends a 200 OK to ITSP with the SDP attributes to use for the Call based on what it received from CUCM.

 

Sent:
SIP/2.0 200 OK
Via: SIP/2.0/TCP 10.100.0.14:5060;branch=z9hG4bK198a0b7ee5d33c
From: <sip:901127653485@10.100.0.14>;tag=811674~ffa80926-5fac-4dd6-b405-2dbbc56ae9a2-477917854
To: <sip:07455900064@10.100.0.74>;tag=4C85762C-1A2D
Date: Wed, 06 Jun 2012 16:07:28 GMT
Call-ID: 8C394872-AF2811E1-95E98F4D-5D7E5E41@10.100.0.74
CSeq: 101 SUBSCRIBE
Content-Length: 0
Contact: <sip:07455900064@10.100.0.74:5060;transport=tcp>
Expires: 7200

Sent:
SIP/2.0 200 OK
Via: SIP/2.0/UDP 10.10.33.24:5070;branch=z9hG4bK9377fo00cg5ha7l0g3t0.1
From: <sip:07455900064@212.136.178.216:5060;user=phone>;tag=1526438727-1338998848384-
To: “voice-lab-aokanlawon”<sip:441127653485@pbx.emea.ipcom.com>;tag=4C85763E-1CF8
Date: Wed, 06 Jun 2012 16:07:28 GMT
Call-ID: BW1807283840606121067600210@212.136.178.216
CSeq: 558267841 INVITE
Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY, INFO, REGISTER
Allow-Events: kpml, telephone-event
Remote-Party-ID: <sip:901926653485@10.100.0.74>;party=called;screen=no;privacy=off
Contact: <sip:441127653485@10.100.0.74:5060>
Supported: replaces
Supported: sdp-anat
Server: Cisco-SIPGateway/IOS-12.x
Supported: timer
Content-Type: application/sdp
Content-Disposition: session;handling=required
Content-Length: 270

v=0
o=CiscoSystemsSIP-GW-UserAgent 7413 6169 IN IP4 10.100.0.74
s=SIP Call
c=IN IP4 10.100.0.74
t=0 0
m=audio 29626 RTP/AVP 18 101
c=IN IP4 10.100.0.74
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=ptime:20

 

10. CUBE then receives an ACK

 

002803: Jun  6 16:07:28.594: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:

Received:

ACK sip:441127653485@10.100.0.74:5060 SIP/2.0

Via: SIP/2.0/UDP 10.10.33.24:5070;branch=z9hG4bKfj8rji3008r0m4lbg7e0.1

From: <sip:07455900064@212.136.178.216:5060;user=phone>;tag=1526438727-1338998848384-

To: “voice-lab-aokanlawon”<sip:441127653485@pbx.emea.ipcom.com>;tag=4C85763E-1CF8

Call-ID:

BW1807283840606121067600210@212.136.178.216

 

CSeq: 558267841 ACK

Contact: <sip:07455900064@10.10.33.24:5070;transport=udp>

Max-Forwards: 69

Content-Length: 0

 

11. Finally the call is ended. Now when troubleshooting the direction of call termination is important. In this case we can see that the CUBE receives a BYE, which is the sip method for call termination. However who sent the BYE, is it CUCM or ITSP…The answer is in the Call-ID. As we call can see the CALL-ID is for the leg from the ITSP. So we see that the call was terminated from the ITSP side.

 

Next important thing is the cause code. The reason why the call was terminated.

 

CSeq: 558267842 BYE

Reason: Q.850;cause=16

 

Here we see as normal call clearing Cause=16.

 

Received:
BYE sip:441127653485@10.100.0.74:5060 SIP/2.0
Via: SIP/2.0/UDP 10.10.33.24:5070;branch=z9hG4bKfj8rji3008r0m4lbg7e0cd1hhq713.1
From: <sip:07455900064@212.136.178.216:5060;user=phone>;tag=1526438727-1338998848384-
To: “voice-lab-aokanlawon”<sip:441127653485@pbx.emea.ipcom.com>;tag=4C85763E-1CF8
Call-ID: BW1807283840606121067600210@212.136.178.216
CSeq: 558267842 BYE
Max-Forwards: 69
Content-Length: 0

 

002809: Jun  6 16:07:34.470: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
Sent:
SIP/2.0 200 OK
Via: SIP/2.0/UDP 10.10.33.24:5070;branch=z9hG4bKfj8rji3008r0m4lbg7e0cd1hhq713.1
From: <sip:07455900064@212.136.178.216:5060;user=phone>;tag=1526438727-1338998848384-
To: “voice-lab-aokanlawon”<sip:441127653485@pbx.emea.ipcom.com>;tag=4C85763E-1CF8
Date: Wed, 06 Jun 2012 16:07:34 GMT
Call-ID: BW1807283840606121067600210@212.136.178.216
Server: Cisco-SIPGateway/IOS-12.x
CSeq: 558267842 BYE
Reason: Q.850;cause=16
P-RTP-Stat: PS=295,OS=5900,PR=292,OR=5840,PL=0,JI=0,LA=0,DU=5
Content-Length: 0

002810: Jun  6 16:07:34.470: //260863/8C38FA5E95E3/SIP/Msg/ccsipDisplayMsg:
Sent:
BYE sip:901127653485@10.100.0.14:5060;transport=tcp SIP/2.0
Via: SIP/2.0/TCP 10.100.0.74:5060;branch=z9hG4bK7954021A8
From: <sip:07455900064@10.100.0.74>;tag=4C85762C-1A2D
To: <sip:901127653485@10.100.0.14>;tag=811674~ffa80926-5fac-4dd6-b405-2dbbc56ae9a2-477917854
Date: Wed, 06 Jun 2012 16:07:28 GMT
Call-ID: 8C394872-AF2811E1-95E98F4D-5D7E5E41@10.100.0.74
User-Agent: Cisco-SIPGateway/IOS-12.x
Max-Forwards: 70
Timestamp: 1338998854
CSeq: 103 BYE
Reason: Q.850;cause=16

 

Received:
SIP/2.0 200 OK
Via: SIP/2.0/TCP 10.100.0.74:5060;branch=z9hG4bK7954021A8
From: <sip:07455900064@10.100.0.74>;tag=4C85762C-1A2D
To: <sip:901127653485@10.100.0.14>;tag=811674~ffa80926-5fac-4dd6-b405-2dbbc56ae9a2-477917854
Date: Wed, 06 Jun 2012 16:07:34 GMT
Call-ID: 8C394872-AF2811E1-95E98F4D-5D7E5E41@10.100.0.74
CSeq: 103 BYE
Content-Length: 0

 

Below are a few of the Threads that we have used the indepth understanding of sip trcaes to help resolve thier issues. Please take a look as this will help you to understand better sip traces and how they play a key part in troubleshooitng issues

https://supportforums.cisco.com/message/3646952#3646952

https://supportforums.cisco.com/message/3634572#3634572

https://supportforums.cisco.com/message/3624258#3624258

https://supportforums.cisco.com/message/3653801#3653801

Problem:

Attempting to test AAA authentication via LDAP to a Windows domain Controller.

AAA Server has been removed

Authentication test to host {IP-Address} failed. Following error occurred – ERROR: Authentication Server not responding: AAA Server has been removed

Solution:

This is a terribly ambiguous error! What it means is that the ASA cannot bind to active directory, either because:

  • The ASA bind account password is wrong.
  • The ASA bind username, (or path to the user object) is wrong.
  • You have set the LDAP server group to use LDAPS (port 636) and the server specified as an LDAP  host is not authenticating via LDAPS.
  • There is no connectivity between the ASA and the LDAP server.

You can narrow it down by running the following debug:

In the following output you can see either the username or the password is wrong:

In the following output you can see the firewall is trying to connect over LDAPS but the server is not configured, (or not answering on TCP 636):

 

For us the issue had been nailed down to Active Directory Group Policies based on the following message: “A stronger authentication method is required for this server”

You you need to change the following:

  • Domain controller: LDAP server signing requirements to NONE
  • Network security:LDAP client signing requirements to NEGOTIATE

cucm_ldap_problem4

 

Reference:

https://www.petenetlive.com/KB/Article/0001271
http://mehmetyeni.com/cucm-ldap-connection-problem-error-while-connecting-to-ldapip-address389-null/

1. Cisco Unified Border Element with Support for Multi-VRF

Cisco Unified Border Element Configuration Guide

2. SIPGATE

To let you CUBE register with SIPGATE for incoming calls, you need to ensure that the sip-ua, retry invite is 2 else it will not register!!!!

sip-ua
retry invite 2