Push Knowledge base

Friday, August 2, 2019

ShoreTel: How to configure a ShoreTel IP400 series VPN phone and EGW user

Here are some step by step instructions on how to configure a ShoreTel IP 400 Series phone to use with an Edge Gateway. When setting up a VPN phone for a user I always connect the phone to the network at HQ or a remote site first so that the phone can register with the server, download any firmware and config files, ect, before configuring as a VPN phone. I know you are supposed to be able to just configure it and it should just work but I have not had much success with that working.

Connect the ShoreTel phone (IP400) that the user will be using to the local phone network to make sure it gets the latest config and firmware update
On the back of the ShoreTel phone write down the MAC address
Log in to ShoreWare Director
Go to Administration => Users => Users
Find the user you would like to configure to use a Remote phone
Click on the telephony tab
Place a check mark next to Enable remote phone authentication
Click Save
Navigate to Administration => Appliance/Servers => Platform Equipment
Find the Edge Gateway under the name column and click on it (The name should have a line under it making it a hyperlink)
The Edge Gateway web page should open
The default login is admin and ShoreTel
Click Configuration from the top of the page
Click on Phones from the left navigation panel
Click the Allowed List link
At the bottom of the page click the Add button
In the MAC address box put the MAC address of the phone you are going to use

i.e. 00:10:49:00:00:00

In the Phone Name box enter a name ( A description, I usually enter the phone model)
In the User ID box enter the Extension number of the user that will be using that phone
Click apply
With the phone on hook, press the MUTE button followed by 4636# (INFO#)
Enter the Admin password 1234# (If asked)
Press the down arrow key until you reach Diagnostic and then press Open button (Button under screen on left side)
Press the down arrow key until you reach clear configuration and then press Open
Press the Clear button
The phone will reboot
Watch the phone screen and when you see the phone ask you to press any key for set up press the # key
You will be asked for a password enter 1234#
Press the down arrow key until you reach the VPN and then press Open
Set Use VPN to “ON” by pressing the Toggle soft key
Press the down arrow to select VPN Gateway
Set the VPN Gateway value to the public IP or FQDN of your Edge Gateway (By using the keypad numbers and the * key )
Press the Back button (Button under the screen on the right side)
Press the Apply button (Button under the screen on the right side)
The phone will reboot

User experience may very a little bit after this point as not all systems act the same

The phone will say Connecting to VPN (sits here for a bit)
The phone will say Unable to connect to VPN (sits here for a bit)
The phone will say Server certificate could not be verified press the OK button (Button under the screen on the right side)
The phone will say Connecting (sits for bit)
The phone will say Requesting Service (for a bit)
The phone will say Available or your user info

This is a licensed based usage so make sure you have Remote Phone licenses available to use or get some if you do not. If you don't have the license you can still configure this but if you don't remove it within the 45 day trial period your ShoreTel system will be locked and you wont be able to make any changes to it. You will need to buy the licenses you are over and apply them to the system to unlock it or have ShoreTel unlock you system and this comes with a fee.

Wednesday, July 17, 2019

SIP: P-Asserted-Identity SIP Header mondification

ShoreTel/Mitel allows users to move their extension from one location to another as long as they are configured on the ShoreTel/Mitel system. This not only gives the users the ability to travel between sites with the same extension but also the same DID and Caller ID. This is a really cool feature but it also can create a issue with making cretin calls.

For example you have two sites, we will call them Site A and Site B, and each site has their own external SIP trunks for outbound dialing. We have a user name Jeremy, Jeremy usually works from Site B, and that is also where his DID resides on Sites B SIP trunks. Today Jeremy needs to go to Site A for the day to work. Once there he logs in to a phone and is able to make local and long distance calls like normal going out the Site A SIP trunks with his caller ID even though it does not belong to the Site A SIP trunks. He needs to dial a 800 number to join conference bridge but the call is unable to connect.

This issue is something I have run into a lot. This call is being blocked by the carrier because the caller ID does not match any of the caller ID's that resides on those external trunks. There are a lot of hacks out there that allow people to spoof calls to dial 800 numbers and this is know as toll fraud. One way the carriers combat this is only allowing caller IDs that reside on that circuit to make 800 number calls. There are a number of ways to resolve this by modifying the SIP header to include the Billing Telephone Number (BTN) of that circuit. The way I have resolved it is by configuring P-Asserted-Identity (PAI) on the Ingate SIParator.

The way to do this is, on the SIP Trunk group page in the SIParator, you need to modify the User Name in the Outgoing Calls under the PBX Lines. It normally just has a $1 in the User Name field to pass through the caller ID that it is being presented with from the PBX.

We need to modify it so that it adds the sites BTN to it also. So to do that you would enter in something like this in to the User Name field.

$1?P-Asserted-Identity=%3csip%3a2625555555%401.1.2.1%3e

The green highlight of the line above enables PAI in the SIP header, the blue highlight is the BTN to use and the purple highlight is the IP address of the carrier device. Below is what it looks like when it is in the SIParator.

Now, when Jeremy makes a 800 number call from Site A the carrier accepts the call as he is presenting them with the BTN for authentication that he is allowed to use the circuit, as well as his caller ID even though it does not belong to that circuit.

There are a lot of ways to do this, but this is the way that I have found that works best for most of the deployments I am involved in

Cisco: Track default route when Outside IP address is assigned VIA DHCP

Sometimes you need to to apply a tracking statement to a route so that if a cretin condition is met that route gets removed. In this case I needed to have the default route fail over to a second internet connection if the primary internet went down. Except, we receive a DHCP IP address on the primary connection so I can not just track reach ability to the next hop as that IP address changes. So here is a way to do tracking statements with a DHCP default route. We just set the default route to the interface instead of a IP address.

track 1 ip sla 10 reachability
delay down 30 up 30 (This makes it so that when there is a failure on the IP SLA it waits 30 seconds to make the change, this is so that it doesn't flap up/down)

ip sla auto discovery
ip sla 10
icmp-echo 8.8.4.4 source-interface GigabitEthernet0/1
tag Ping Google
threshold 1000
timeout 2000
frequency 3
ip sla schedule 10 life forever start-time now

(The above section is where you configure an IP address that you want to monitor, the router will send out a ping packet to that IP address to determine readability up/down)

interface GigabitEthernet0/1
ip dhcp client default-router distance 1
ip dhcp client route track 1

ip route 8.8.8.8 255.255.255.255 GigabitEthernet0/1 (Always forces this traffic out this interface so we dont end up sending over the backup)

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 track 1 (Primary internet connection default route with a tracking statement)

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/2 200 (Back up internet connection default route)

Cisco: DMVPN commands and configuration

DMVPN debugs

Debugs on both sides at the same time:
Debug crypto condition peer ipv4 (public ip of peer)
Debug crypto isakmp
Debug crypto ipsec

Clear DMVPN session and Crypto
Interface tunnel0
Shut
Clear dmvpn sesssion interface tunnel0
Clear crypto isa

DMVPN Sample Scripts

These scripts assume that you have the router base configuration already done. They just give you some of the base info to create a DMVPN configuration and are not anything more than base. For the ACL on the inbound interface the script has "any any" on it but should be locked down to the remote IP address of the other spokes and hub.

DMVPN HUB Sample Script

crypto keyring dmvpnspokes
description For DMVPN Tunnel
pre-shared-key address 0.0.0.0 0.0.0.0 key "PRE_SHARED_KEY" (This should be a strong key)

crypto isakmp policy 10
encr aes 256
authentication pre-share
group 2
hash md5

crypto isakmp profile DMVPNIsakmpProfile
keyring dmvpnspokes
match identity address 0.0.0.0

crypto ipsec transform-set ESP-AES-MD5 esp-aes 256 esp-md5-hmac
mode transport

crypto ipsec profile DMVPNIpsecProfile
set transform-set dmvpn-aes-sha
set isakmp-profile DMVPNIsakmpProfile

interface Tunnel0
description DMVPN_HUB
ip address "IP_ADDRESS" 255.255.255.255
ip mtu 1400
ip nhrp authentication "NHRP_PASSWORD"(This password is configured all Tunnel interfaces i.e.)
ip nhrp map multicast dynamic
ip nhrp network-id "NETWORK_ID"(i.e. 10010100)
ip nhrp holdtime 600
ip nhrp shortcut
ip nhrp redirect
ip tcp adjust-mss 1360
load-interval 30
no shutdown
qos pre-classify
tunnel source "INTERFACE"(Interface that will be making the DMVPN Connection)
tunnel mode gre multipoint
tunnel key "KEY"(i.e 10010100)
tunnel protection ipsec profile DMVPNIpsecProfile

ip access-list extended inbound
permit gre any any
permit icmp any any
permit udp any any eq isakmp
permit udp any eq isakmp any
permit udp any any eq non500-isakmp
permit esp any any
permit tcp any any established

DMVPN Spoke Script

interface Tunnel0

description DMVPN_SPOKE

ip address "IP_ADDRESS" 255.255.255.255

ip mtu 1400

ip nhrp authentication "NHRP_PASSWORD"(This password is configured all Tunnel interfaces i.e.)

ip nhrp map multicast "HUB_EXTERNAL_IP"

ip nhrp map "HUB_TUNNEL_IP" "HUB_EXTERNAL_IP"(i.e. 10.10.10.10 8.8.8.8)

ip nhrp network-id "NETWORK_ID"(i.e. 10010100)

ip nhrp holdtime 600

ip nhrp shortcut

ip nhrp redirect

ip tcp adjust-mss 1360

load-interval 30

no shutdown

qos pre-classify

tunnel source "INTERFACE"(Interface that will be making the DMVPN Connection)

tunnel mode gre multipoint

tunnel key "KEY"(i.e 10010100)

tunnel protection ipsec profile DMVPNIpsecProfile

ip access-list extended inbound

permit gre any any

permit icmp any any

permit udp any any eq isakmp

permit udp any eq isakmp any

permit udp any any eq non500-isakmp

permit esp any any

permit tcp any any established

SIP: SIP Response Codes

Here is a list of Sip Response Codes very useful with trouble shooting sip in Wire Shark.

1xx - Informational Responses

100 Trying Extended search being performed may take a significant time so a forking proxy must send a 100 Trying response
180 Ringing
181 Call Is Being Forwarded
182 Queued
183 Session Progress

2xx - Successful Responses

200 OK
202 accepted: It Indicates that the request has been understood but actually can't be processed

3xx - Redirection Responses

300 Multiple Choices
301 Moved Permanently
302 Moved Temporarily
305 Use Proxy
380 Alternative Service

4xx - Client Failure Responses

400 Bad Request
401 Unauthorized (Used only by registrars or user agents. Proxies should use proxy authorization 407)
402 Payment Required (Reserved for future use)
403 Forbidden
404 Not Found (User not found)
405 Method Not Allowed
406 Not Acceptable
407 Proxy Authentication Required
408 Request Timeout (Couldn't find the user in time)
410 Gone (The user existed once, but is not available here any more.)
412 Conditional Request Failed
413 Request Entity Too Large
414 Request-URI Too Long
415 Unsupported Media Type
416 Unsupported URI Scheme
417 Unknown Resource-Priority
420 Bad Extension (Bad SIP Protocol Extension used, not understood by the server)
421 Extension Required
422 Session Interval Too Small
423 Interval Too Brief
428 Use Identity Header
429 Provide Referrer Identity
433 Anonymity Disallowed
436 Bad Identity-Info
437 Unsupported Certificate
438 Invalid Identity Header
480 Temporarily Unavailable
481 Call/Transaction Does Not Exist
482 Loop Detected
483 Too Many Hops
484 Address Incomplete
485 Ambiguous
486 Busy Here
487 Request Terminated
488 Not Acceptable Here
489 Bad Event
491 Request Pending
493 Undecipherable (Could not decrypt S/MIME body part)
494 Security Agreement Required

5xx - Server Failure Responses

500 Server Internal Error
501 Not Implemented: The SIP request method is not implemented here
502 Bad Gateway
503 Service Unavailable
504 Server Time-out
505 Version Not Supported: The server does not support this version of the SIP protocol
513 Message Too Large
580 Precondition Failure

6xx - Global Failure Responses

600 Busy Everywhere
603 Decline
604 Does Not Exist Anywhere
606 Not Acceptable

SIP: SIP Profile Parameters and their usage

DontFwdRefer Usage: DontFwdRefer=[0|1]
When this parameter is set to 1, it inhibits the use of REFER for transfer on the trunk. It also inhibits sending INVITE with Replaces header. Peer must support INVITE without SDP for certain transfer call- flows

SendMacIn911CallSetup Usage: SendMacIn911CallSetup=[0|1]
This parameter is used in conjunction with SIP based emergency gateways, such as those provided by 911 Enable. It appends the MAC address of the IP phone in the From tag of an outgoing emergency call. From: "Dizzy Gillespie ;tag=shorUA_1077733456- 103455277-EPID-001049042E4A
This only applies to ShoreTel IP Phones, excluding the IP-8000 conference room phone

StripVideoCodec Usage: StripVideoCodec=[0|1]
This parameter should be set to 1 if the trunk does not support video properly. When set to 1, it strips video codecs from SDP in INVITE’s being sent to the trunk and properly restores and rejects the video media lines in the 200 response from the trunk. It also strips video codecs from INVITE’s coming from the trunk and properly restores and rejects the video media lines in the 200 response to the trunk

AddG729AnnexB_NO Usage: AddG729AnnexB_NO=[0|1]
This parameter should be set to 1 if the trunk does not support G729 Annex B properly. When this is set, any outgoing INVITE with G729 in the SDP will have the attribute "a=fmtp:18 annexb=no" added to the SDP.

HistoryInfo Usage: HistoryInfo=[none|diversion|history]
This parameter controls how information is presented when an external incoming call is forwarded out this trunk. In this case, the "From" header will indicate the actual caller, which may not be a valid number to present to the trunk. The Diversion or History-Info header will be used to indicate the DID number of the user on who’s behalf the call was forwarded.
If set to 'none' or omitted, then no indication of the forwarding number is presented. If set to 'diversion', the SIP Diversion header is supplied, as dictated by RFC 5806. If set to 'history', the SIP History-Info header is supplied, as dictated by RFC 4244.

EnableP-AssertedIdentity Usage: EnableP-AssertedIdentity=[0|1]
This profile parameter controls how Caller-ID is presented on outbound calls. If it is set to 0 or not pre- sent, then the old style or presenting caller-ID in From header is used when sending outgoing calls. Note that the style of presenting blocked caller-ID has changed in ShoreTel 12.
When set to 1, the Caller-ID is placed in the P-Asserted-Identity header. If privacy is indicated for the call (User dials *67, or trunk group is configured to not send Caller-ID), then a Privacy header is inserted with value “id”, and the From header is anonymous

Port Usage: Port=[5060|1-65535]
This profile parameter changes the remote port used for the SIP trunk. Currently, there is no way to con- figure the port number for SIP trunks in ShoreWare Director. Only port 5060 is supported. This profile parameter allows the port number for a trunk group to be configured

HairPin Usage: HairPin=[0|1]
This profile parameter controls if hairpin is allowed on SIP trunk calls, when enabled and available, features like Barge-in, silent monitoring, whisper-page, whisper-coach, call-record will be supported on the SIP trunks.

OptionsPing Usage: OptionsPing=[0|1]
This profile parameter controls if OPTIONS message should be sent to remote party for detecting connectivity

OptionsPeriod Usage: OptionsPeriod=[180|60-3600]
This profile parameter is used to control the time interval between SIP OPTIONS messages

OverWriteFromUser Usage: OverWriteFromUser=[none|UserID|BTN]
This profile parameter is used to choose either user’s id or billing phone number in the FROM header when making calls

DontAdvertiseUpdate Usage: DontAdvertiseUpdate=[0|1]
This profile parameter is used to decide if UPDATE should be sent in the SUPPORTED header

RFC2543Hold Usage: RFC2543Hold=[0|1]
This profile parameter is used to decide if connection field should be set to 0.0.0.0 in case of sending out- going INVITE for hold

AlwaysSend180 Usage: alwaysSend180=[0|1]
This profile parameter is used to decide if a 180 will be sent out right away after receiving an incoming INVITE

IgnoreEarlyMedia Usage: IgnoreEarlyMedia=[0|1]
This profile parameter is used to decide if early media should be forwarded to the caller, when a SIP de- vice doesn’t wish to accept early media, this parameter should be set to be 1

Register Usage: Register=[0|1]
This profile parameter is used to decide if outgoing REGISTER messages should be sent

RegisterUser Usage: RegisterUser=[BTN|UserID|DID]
This profile parameter is used to decide in what to use in FROM header in the outgoing REGISTER messages

RegisterExpiration Usage: RegisterExpiration=[3600|60-86400]
This profile parameter is used to decide the time interval between outgoing REGISTER messages

1CodecAnswer Usage: 1CodecAnswer=[0|1]
This profile parameter is used to decide if the SDP should contain only 1 codec for an outgoing answer.

SIP Extension Profile Parameters:

1CodecAnswer Usage: 1CodecAnswer=[0|1]
Some devices do not honor the codec order specified in a 200 OK response to an INVITE. This causes several problems. First, some endpoints in the system do not support asymmetric codecs during a session. Second, any bandwidth calculations based on observing the offer/answer exchange will likely be wrong. When set to 1, only 1 audio codec is sent in a 200 OK response.

AddGracePeriod Usage: AddGracePeriod=[0-1800]
Some SIP devices re-register too close to the expiration time, introducing a race condition where the sys- tem is in the process of deleting the record from the system when the re-register is received. This parameter adds a grace period to the expiration received in the REGISTER request.

AllowedCodecs Usage: AllowedCodecs=[any|[codec[,codec]*]
Valid values are ‘any’ (default) or a comma separated list of codec names. The codec name must be for- matted as shown on the Supported Codecs page (Administration, Call Control, Supported Codecs). For example: 'PCMU/8000'. This should be used if the SIP device cannot follow the normal rules of codec negotiation for all codecs supported in the installation. For example, one particular implementation would rejected requests containing some codecs it didn’t understand.
This only applies to audio codecs. Video codecs and RFC 2833 'telephony-event' is not affected by this parameter.

DelayUnregister Usage: DelayUnregister=[0-20]
Some devices, under certain circumstances, un-register, then immediately register again. This introduces a race condition similar to the one discussed in section 0. Usage of this parameter mitigates this problem.

FakeDeclineAsRedirect Usage: FakeDeclineAsRedirect=[0|1|400-606]
Some SIP devices present an option to decline a call. When invoked, various different response codes have been used by various implementations. If set to 0, only a 3xx class response will cause the call to be diverted to the busy destination. If set to 1, 603 will be sent to busy destination as well. If set to a value from 400 to 606, the selected response code will be used to send the call to the busy destination.

MWI Usage: MWI=[none|subscribe|notify]
This parameter defines how RFC 3842 Message Waiting Indication is handled. When set to "subscribe", an explicit subscription is required. If set to "notify", the NOTIFY messages are sent without requiring a SUBSCRIBE. If set to "none", then MWI is not supported.

OptionsPing Usage: OptionsPing=[0|1]
ShoreGear switches can send a periodic OPTIONS message to SIP devices, and mark them Out-Of- Service if they don’t respond. There are 2 benefits to this: Calls are diverted immediately to the busy destination, and there is logging of the event on the server.
The OPTIONS ping occurs periodically between 3 and 4.5 minutes.

OptionsResponse Usage: OptionsResponse=[200-699]
Some devices reject OPTIONS requests, such as with a 405 "Not Supported" response. This can still be used to determine if the device is alive and on the network by using this parameter. Otherwise, a 405 response would put the device Out-Of-Service.

SendEarlyMedia Usage: SendEarlyMedia=[0|1]
When set to 1, the device will be sent 183 response with SDP for certain call-flows. Currently, this is only used in error conditions when an announcement is played.

StripVideoCodec Usage: StripVideoCodec=[0|1]
This parameter should be set to 1 if the device does not support video properly. When set to 1, it strips video codecs from SDP in INVITE’s being sent to the device and properly restores and rejects the video media lines in the 200 response from the device. It also strips video codecs from INVITE’s coming from the device and properly restores and rejects the video media lines in the 200 response to the device.

XferFailureNotSupported Usage: XferFailureNotSupported=[0|1]
For scalability reasons, there are a few call-flows that use REFER as a means for the caller to hear ringback tone. These call-flows rely on the device’s capability to recover from a transfer failure and keep the original call alive. If the device cannot do this, then this parameter should be set to 1, and an alternative means of providing ringback is used.

Tuesday, July 16, 2019

Routing: Administrative Distance Values

I don't always remember even though I should, what the AD values are of the different routing protocols.

Connected Interface = 0
Static route = 1
Summary route (EIGRP) = 5
External Border Gateway Protocol (BGP) = 20
Internal EIGRP = 90
IGRP = 100
OSPF = 110
Intermediate System to Intermediate System (IS-IS) = 11
Routing Information Protocol (RIP = 120
Exterior Gateway Protocol (EGP) = 140
On Demand Routing (ODR) = 160
External EIGRP = 170
Internal BGP = 200
Unknown = 255

General IT: Crossover, Straight through and Loopback cables

When ever I am installing a new PRI or connecting two PBX's together I always need to make a cross over cable and I always end up having to look up the pin out. So I thought I would just add it here and make it easy on myself for future reference.

Straight Through patch cable

T1 Crossover Cable

T1 Loop-back

General IT: Common TCP/UDP Port Numbers

General IT: IP Network Subnets

ShoreTel: Konftel 300IP and ShoreTel/Mitel Configuration

This will provide you with some detail on how to intergrate a Konftel 300IP conference phone in to a ShoreTel/Mitel phone system.

Call Control Settings

In SWD navigate to Administration=> Features=>Call Control=>Options and make sure that the parameters (default values) are configured in the SIP section.

Switch Settings

In SWD navigate to Administration=>Appliances/Servers=>Platform Equipment. ShoreTel Voice switches can support IP phones and SIP phones in a various methods, either as a physical port, DSP resource or built in capacity. From this page you can look to see if you have any switches that are already configured with SIP Proxy resources, by looking under the SIP proxy column.

If you do not have a switch at a site that has any SIP Proxy resources enabled you will need to find a switch at that site that has an available resource and set it to SIP Proxy.

Navigate to Administration=>Sites=> then the site you are looking to add the phone to. Scroll down to the SIP proxy switch for that site and under Proxy Switch 1 click the drop down and select the phone switch that you would like to use that already has the SIP Proxy resource enabled on it. If you are using more than one switch for SIP Proxy resources then you can add the 2nd switch in the Proxy Switch 2 field and then enter in a IP address into the Virtual IP address box.

SIP Profile

To be able to optimize the Konftel phone interoperability a new SIP profile must be created. Navigate to Administration=>Telephones=>SIP Profiles and click new. Name the new SIP profile Konftel 300IP and set the User Agent to "Konftel300IP.*" Then in the Custom Parameter add "XferFailureNotSupported=1" Make sure the Enable check box is checked and click Save.

User Setup

Navigate to Administration=>Users=>Users and then find the user you wish to set up for the Konftel phone. Scroll down to the SIP password and enter a SIP password for this users. Also make not of the users Client Username, and Extension number.

Konftel 300IP Configuration

The best way to configure the Konftel phone is from the web interface. Find the IP address of the phone Menu=>Status=>Network in Konftel User interface on the phone. Navigate to that address using a web browser and log in as ADMIN and the default password of 1234

Navigate to Settings=>SIP to configure the user account that was created on the ShoreTel/Mitel system.

Account name is displayed on the idle screen of the phone
Users is the Users extension number
Registrar is the IP address of the SIP Proxy
Authentication name is the ShoreTel Client Username
Password is the ShoreTel SIP password

In SWD navigate to Maintenance=>Status and Maintenance=>IP Phones, then click the Name column to sort by phone names. You should see the Konftel phone in the list, which means the phone has resisted with the ShoreTel/Mitel system and is ready to be used.

Thursday, June 20, 2019

ShoreTel: Migrate a ShoreTel 14.2 system to a new Server

Here are the steps that I follow when I need to migrate a ShoreTel 14.2 and below system to a new server. This could be to upgrade the server OS or moving from a physical server to a virtual server.

There are a few things to note:

You will need to install the SAME version of ShoreTel on the new server that you are using on the current server
The new server will have to have the same IP address as the current server at the time you install ShoreTel on it
The new server will have to have the same computer name as the current server at the time you install ShoreTel on it
After the server is migrated you will need to request a new system key from ShoreTel

Prep new Server:

Prep the new server as per the Build Notes and Install Guide
Change IP address to the same IP as the old server
Change the name to the same name as the old server
Install the ShoreTel Software (EXACT same build as old server)

Right click on Setup and click "Run as Administrator

Reboot when Prompted
Log in to Director using the default credentials

Username: admin
Password: changeme

Verify all services are running by click on the Headquaters link to the right of the Quick Look page
Log out of Director

Back up the old server:

Databases .sql files

Navigate to C:\Program Files (x86)\Shoreline Communications\Shoreware Server\MySQL\MySQL Server 5.0\Examples and run the following files

BackupCDR.bat -> Will output an .sql file to the root of C:
BackupConfig.bat -> Will output an .sql file to the root of C:
BackupWebridge.bat -> Will output an .sql file to the root of C:

Only required if there is an SA-100/SA-400 in use.

BackupMonitoring.bat-> Will output an .sql file to the root of C:

Only required for ShoreTel 14.x

Copy the resulting .sql files folder to a safe location (Network Share, Thumb drive, etc...)

Shoreline Data folder

Stop all ST services from script at C:\Program Files (x86)\Shoreline Communications\ShoreWare Server\Script\ hq_shoretel-stop-svcs (make sure to run as administrator)

Copy the VMS, User Data, & Prompts folder from Shoreline Data, to a safe location (Network Share, Thumb drive, etc...)

Start all ST services from script at C:\Program Files (x86)\Shoreline Communications\ShoreWare Server\Script\ hq_shoretel-start-svcs (make sure to run as administrator)

Reboot the ShoreTel server
Copy the back up files to the new server
Shut down the Old server

Restore data to new server

Place the backed up configuration and CDR SQL files at the root of the C: drive and run the "Restore" batch files at C:\Program Files (x86)\Shoreline Communications\ShoreWare

Server\MySQL\MySQL Server 5.0\Example

RestoreConfig.bat
RestoreCDR.bat

Only required if the site has an SA-100/SA-400

RestoreMonitoring.bat

Stop all ST services from script at C:\Program Files (x86)\Shoreline Communications\ShoreWare Server\Script\ hq_shoretel-stop-svcs (make sure to run as administrator)
Copy the back up version of VMS, Promps, and User Data folders to the Shoreline Data folder (write over the new folders)
Delete all .dat files in the VMS folder
Start all ST services from script at C:\Program Files (x86)\Shoreline Communications\ShoreWare Server\Script\ hq_shoretel-start-svcs (make sure to run as administrator)
Reboot the server

Verify the old data is restored

Log into Director with your existing credentials

Check for your users, AA menus, switches, etc

Request a new license key for the new server

ShoreTel: How to check your Voice mail from outside the ShoreTel/Mitel system

There are sometimes where you need to call into the ShoreTel\Mitel phone system to check your voice mails. This usually happens when you are not doing voice mail to email, don't have access to the system remotely or many other reasons. To access your voice mails just follow the instructions below.

Dial your direct number or another phone number that belongs to the system
When you hear the voice mail greeting press the * and then #
The System will ask you to enter you extension number
Then the system will ask you to enter your voice mail password followed by a #
After you have completed the above, all operations are the same as the regular office voice mail

ShoreTel: How to log into a ShoreTel/Mitel phone

Here are the steps that you can use to log into a ShoreTel/Mitel phone that is in a Available state or if someone else is logged into it.

Sometimes (depends on the system configuration) on the ShoreTel/Mitel IP 400 series phones there will be a soft key that you can use to assign your extention to that phone. To do this you would:

Press the Assign soft key
Enter your extension number
Press the Next soft key
Enter you voice mail password
Press OK
If you need to unassign your extension from a phone there is a unassign soft key you can press or you can follow the steps below to unassign you extension from the phone

If your phone does not have the Assign soft key you can still assign your extension to that phone. To do this you would:

Pick up the handset to go Off-hook
Press the # to access the Voice Mail system
Enter your extension number
Enter you voice mail password
Enter 7, 3, 1, to assign your extension to that phone
If you need to unassign your extension from a phone, you would follow the steps above except you would enter 7, 3, 2

ShoreTel: How to find a call GUID from the Connect Client

How to pull a GUID for a ShoreTel/Mitel Call or Voice Mail from the Connect Client.

In the connect client Click on the Recent Navigation link
In the right pain select the drop down and select Calls or Voice Mail
Find the Call or Voice Mail that you need the GUID for
Right click that Call or Voice Mail and select Copy Call ID to Clipboard
Now you can past the GUID into a email or text document

ShoreTel: Installing Connect Windows components fail

A few times when I started installing Mitel Connect on a Windows Server 2016 I have gotten issues where some of the Microsoft windows components fail to install. Things like Web Framework, external cache, ect.

This is because there is a bug where the Connect install has a issue reading the framework version. So in order to fix this you have to edit the registry. In order to do this open regedit and navigate to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\InetStp

Once there edit the "MajorVersion" entry, and set the "DECIMAL" value to 9 and then reboot the server. Now you can go back and install the Connect software and you should be good to go.

Thursday, May 16, 2019

Cisco: Useful Cisco commands

There are a ton of useful Cisco commands that I do not use everyday but I still use often. This post is probably going to be one that gets updated frequently with new commands that I come across that I want to hold on to. So I am apologizing in advance in case this one gets a little messy. The actual Cisco command will be in bold lettering and in quotations.

Display Cisco stateful packet inspection session created becasue a policy map is applied on a specified zone pair - "show policy-map type inspect zone-pair sessions"

To show AnyConnect connected VPN users and their session info - "show vpn-sessiondb anyconnect"

To show that detailed status for active crypto sessions (i.e. VPN) - "show crypto session detail"

To delete a router config enter in the following command and reboot the router with out saving - "delete nvram:startup-config"

Here is how to create a LACP trunk on a Cisco switch:
"interface GigabitEthernet1/0/48
switchport mode trunk
channel-protocol lacp
channel-group 2 mode active"

Cisco 4K routers NAT ACL's can not use a Permit IP any any for the NAT overload statement. It has some issues with it, so you need to be more specific with the networks that it will be NAT'ing. For security reasons you should be specific anyways. By using a Permit IP any any NAT statement it will cause irregular behavior on the router, it very well may work but it also may just stop working.

"ip nat inside source list NAT interface GigabitEthernet0/0/0 overload
IP access-list extended NAT
10 permit ip 10.1.1.0 0.0.0.255 any
20 permit ip 10.1.2.0 0.0.0.255 any"

ShoreTel: Recording Audio from a Physical ShoreTel Voice Switch Port

You can capture audio output from a ShoreTel Voice Switch physical port using VxWorks commands. The audio output is save the the HQ or DVS server that controls the switch. This is great when you are trying to trouble shoot voice corruption or audio issues

From the Start menu, navigate to the Control Panel-->Administrative Tools and locate the IIS Manager
Right click on the IIS Manage and select Properties. Then enable the ability to write to the FTP server by selecting the Write checkbox and clicking OK

This enables the ability to write to the following director C:/inetpub/ftproot
You may also need to edit the permission fo the C:/inetpub/ftproot directory and give the users group write access

At the command prompt on the voice switch you would like to record from enter

Record2file2 (23, 45, "test") i.e I want to record a call on a T1 on port 23 for 45 seconds and save the file with the name of test.
The moment you press enter is when the recording will start

Go the the C:/inetpub/ftproot directory and pull the two files <NAME>rx.pcm and <NAME>tx.pcm to your desktop.
Using an audio editor (like Audacity or Cooledit) you will be able to listen and analyze the call

Import the PCM file to Audacity using the following options

File -> Import -> Raw Data
Signed 16-bit PCM
Big-endian
1 Channel (Mono)
Sample Rate 8000 (8k)

Wednesday, May 15, 2019

Cisco: Copy a routers running config to a text file or flash drive

A lot of customers ask how they can pull a back up running configuration of their Cisco router. So here are the steps to do so.

Open Putty
On the left side select Logging under Session
Select the ratio button next to All Session Output
Press the Browse button and navigate to the location you wish to save the file and enter a file name in the file name field and click Save
Click on Session
In the Host name box enter the IP address of the device you want to connect to
Select Telnet, SSH or Serial ratio button under the Connection type
Click Open
If you are using SSH and this is the first time you are connecting to this device on this computer you maybe asked to save the RSA key. Click Yes
Enter your log in info to log into the router
Depending on your privilege level you may need to type in Enable to get into enable mode
Type Show run and press enter
Some of the configuration will be shown, press the Space bar to show more
Once all the configuration has been displayed type Exit and press enter
The Putty session should close
Browse to the location where you saved your file and change the extension to .txt
Open the file and verify that you see the device configuration.

To copy config to a flash drive

Insert flash drive into the router
At an enable prompt (shown by a # instead of a >)
enter the following command copy running-config usb0:running-config
remove the flash drive and close the putty session

Cisco: How to install Cisco AnyConnect

Here are some instructions on how to download and install the Cisco AnyConnect client to a PC.

Open a web browser and go to the IP address or URL for your VPN and make sure you use https to access it (i.e. https://vpn.anycompany.com)
If the ASA is using a self-signed certificate you will see a page that says this site is not secure. This is OK, just click on the Details link if your are using Edge or IE and if you are using Chrome click the advance button
Then click on the Go on to the webpage link if you are using Edge or IE and if you are using Chrome click on Proceed to
Select the correct group you belong to from the drop down (if there is one)
Enter the Username and Password that you should use to connect to the VPN
Click Login
Click the blue download bar for your OS version
Click on the Details link if your are using Edge or IE and if you are using chrome click the advance button
Click on the Go on to the webpage link if you are using Edge or IE and if you are using Chrome click on Proceed to
A download box will appear at the bottom of your screen and you can run the file or save it to your computer. I usually tell end users just to run it, so click Run
When prompted, install the AnyConnect Application
Start the Cisco AnyConnect client

Start=>All Programs=>Cisco=>Cisco AnyConnect Secure Mobile Client=>Cisco AnyConnect Secure Mobile Client

The AnyConnect connection box will appear
If on step 1 when you entered the URL in the web browser you saw that this is not a secure site please skip the section labeled Untrusted Servers
In the AnyConnect connection box enter in the IP address or URL that you typed into your browser in step one and Click Connect

If you skipped down to the Untrusted server section you will see a security warning box once you click Connect that says this is an Untrusted server Click Connect Anyway

A box will appear; select the group that you belong to from the drop down if there is one
Enter in your username and password and click OK
When it is finished, you will see a box in the bottom right corner of your screen saying Connected
You can now close the web page as you have installed the AnyConnect VPN client and you are connected to the VPN
To disconnect from the VPN, right click on the AnyConnect icon that is in your system tray and choose VPN disconnect

Untrusted servers

Click the Gear in the bottom left corner
Click on the Preferences tab
Uncheck Block connections to untrusted servers
Click the X in the top right corner to close the window
Go back to step 15