Follow

Cisco 800 Series Routers

Updated May 2015

Notes

  • The Cisco 861 is designed for a small office of up to five people. The 871 and 881 support up to twenty users. The 891 support fifty users.
  • A SIP ALG is turned on automatically when NAT is enabled as of IOS version 12.2(8).
  • We discovered the SIP ALG to be broken in 12.4(20)T, but an upgrade to 12.4(24)T2 resolved the issue. We have also successfully tested 12.4(15)T9.

Router Configuration

Step 1: Start fresh. The 800 series ships with a number of preconfigured options that are unnecessary to a basic setup, so the first thing we did was "write erase" and "reload".

Step 2: Configure the DHCP pool for the private network:

ip dhcp pool POOLNAME
    network 10.10.10.0 255.255.255.0
    default-router 10.10.10.1
    domain-name yourdomain.com
    dns-server 1.1.1.1 2.2.2.2
    lease 0 2

Step 3: Configure the NAT pool and allow the private network to access it:

    access-list 23 permit 10.10.10.0 0.0.0.255
    ip nat pool NATPOOL 6.7.8.9 6.7.8.9 netmask 255.255.255.0
    ip nat inside source list 23 pool NATPOOL overload

(6.7.8.9 is our imaginary public IP that was assigned by our ISP)

Step 4: Configure the WAN interface and configure it for NAT:

interface FastEthernet4
    ip address 6.7.8.9 255.255.255.0
    ip nat outside
    ip virtual-reassembly
    duplex auto
    speed auto

Step 5: Set up a default route to your ISP's gateway:

    ip route 0.0.0.0 0.0.0.0 6.7.8.1

Ping your favorite Internet host to test connectivity.

Step 6: Create a VLAN interface for the private network and configure it for NAT:

interface Vlan1
    ip address 10.10.10.1 255.255.255.0
    ip nat inside
    ip virtual-reassembly

Step 7: Assign your switch port interfaces to your VLAN:

interface FastEthernet0
    switchport mode access
    switchport access vlan 1

(repeat for any further switchport interfaces required)

Troubleshooting

At this point, your phones should be up and running without having to do anything further. However, if you experience difficulties and need to debug further, you can explicitly set up a SIP firewall, which will allow you to see SIP traffic more clearly. Please note that debugging is resource intensive and will affect performance of the router.

To set up the SIP firewall, at the global config, type:

    ip inspect name VOIP sip

And then on your VLAN interface, type:

    ip inspect VOIP in

This will give you access to some useful tools, such as:

    show ip inspect all
    show ip inspect sessions
    show ip inspect statistics
    debug ip inspect protocol sip
    debug ip inspect protocol sessions

We also found the following commands helpful for debugging:

    show ip nat translations udp verbose
    debug ip cef packet all input 23 rate 0
    debug ip packet 23 detail

 


 

Optimize your network for business VoIP with the right router

Download Business Routers Guide

Was this article helpful?
0 out of 0 found this helpful

Comments