Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Smart Business Communications System 1.1 Design Guide Cisco Validated Design I March 3, 2007 Text Part Number: OL-15367-01 Cisco Validated Design The Cisco Validated Design Program consists of systems and solutions designed, tested, and documented to facilitate faster, more reliable, and more predictable customer deployments. For more information visit www.cisco.com/go/validateddesigns. ALL DESIGNS, SPECIFICATIONS, STATEMENTS, INFORMATION, AND RECOMMENDATIONS (COLLECTIVELY, "DESIGNS") IN THIS MANUAL ARE PRESENTED "AS IS," WITH ALL FAULTS. CISCO AND ITS SUPPLIERS DISCLAIM ALL WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THE DESIGNS, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE DESIGNS ARE SUBJECT TO CHANGE WITHOUT NOTICE. USERS ARE SOLELY RESPONSIBLE FOR THEIR APPLICATION OF THE DESIGNS. THE DESIGNS DO NOT CONSTITUTE THE TECHNICAL OR OTHER PROFESSIONAL ADVICE OF CISCO, ITS SUPPLIERS OR PARTNERS. USERS SHOULD CONSULT THEIR OWN TECHNICAL ADVISORS BEFORE IMPLEMENTING THE DESIGNS. RESULTS MAY VARY DEPENDING ON FACTORS NOT TESTED BY CISCO. CCDE, CCVP, Cisco Eos, Cisco StadiumVision, the Cisco logo, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn is a service mark; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0801R) Smart Business Communications System 1.1 Design Guide © 2008 Cisco Systems, Inc. All rights reserved. 1 Smart Business Communications System 1.1 Design Guide OL-15367-01 CONTENTS Overview 3 Solution Components 5 Secure Network Foundation 6 Local Area Network Design 6 Virtual Local Area Networks 7 IEEE 802.1Q Trunking 8 Spanning Tree 8 SmartPort Roles 8 Cisco Smart Assist 9 Power-over-Ethernet 9 Wide Area Network Design 10 Layer-3 Design 10 IP Addressing 10 Trivial File Transfer Protocol 12 Domain Name System 13 Network Address Translation 13 IP Routing 14 Network Time Protocol 15 Quality of Service 15 Basic Concepts of QoS 15 LAN QoS 17 WAN QoS 17 Integrated Security Design 18 Infrastructure Protection 19 Policy Enforcement 19 Secure Connectivity 20 Unified Communications 21 Call Processing Capabilities 21 Call Coverage Features 22 Call Handling Features 22 IP Phone Features 22 Remote IP Phones 23 Ephones and Ephone-DNs 24 Dial Plan 25 Contents 2 Smart Business Communications System 1.1 Design Guide OL-15367-01 Analog Devices 25 Cisco Unified IP End-points 26 Voice Gateway 27 Telephony Interfaces 27 Digital Signal Processor Resources 28 SIP Trunking 29 Messaging and Auto Attendant 29 System Parameters 30 Mailboxes, Users, and Groups 30 Auto Attendant (AA) 31 Wireless LAN—The Cisco Mobility Express 32 Wireless LAN Overview 32 Cisco Mobility Express Solution 32 Autonomous Wireless Networks 33 Controller-based Wireless Networks 34 Selecting the Optimal WLAN Solution 35 Key Design Recommendations for Cisco Mobility Express Solution 36 System Management 36 Cisco Configuration Assistant 37 Network Monitoring 37 Cisco Monitor Manager 37 Cisco Monitor Director 37 External Application Integration 37 References 38 Product References 38 Technology References 38 Bill of Materials 40 Corporate Headquarters: Copyright © 2007 Cisco Systems, Inc. All rights reserved. Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA Smart Business Communications System 1.1 Design Guide Overview The Cisco Smart Business Communications System is designed for small- and medium-sized businesses (SMB) to provide voice, data, video, security, and wireless capabilities—while integrating with existing applications, such as calendar, E-mail, and customer relationship management (CRM). The Cisco Smart Business Communications System provides a complete portfolio of Cisco Unified Communications products, as well as wired and wireless networking solutions. It provides access to the right mix of key communications, productivity, and business applications. This document provides practical design guidance for a secure business networking solution where everyday communications are made more efficient. Cisco partners and resellers can help small-to-medium businesses (SMBs) leverage the full value of their voice and data networks by deploying reliable and secure Cisco Unified Communications 500 Series devices (UC520), Cisco Catalyst Express 520 Series switches (CE520), Cisco 500 Series Wireless Express Mobility Controllers (WLC526), autonomous or controller-based (AP521 or LAP521) access points (AP), and IP end points from Cisco Systems. The Cisco Smart Business Communications System is provisioned using Cisco Configuration Assistant (CCA)—an easy-to-use Graphical User Interface (GUI)-based tool. The design guidance provided in this document and the implementation guidance covered in the Smart Business Communications System 1.1 Implementation Guide combine to provide a verified reference that ensures each individual system component, and those configurable using Cisco Configuration Assistant, work well together. This design guide explains how to implement a secure voice and data network that supports up to 48 voice users and up to 250 data users with centralized, controller-based WLAN capability. The core of this design is the Cisco Unified Communications 500 Series device, which provides data networking, integrated security, local call processing, integrated messaging, and voice gateway services. A Cisco 871w router at a home office or mobile worker location provides data networking as well as integrated security services, but leverages the main office for call processing, messaging, and voice gateway services. To summarize this solution, the Cisco Smart Business Communications System provides the following capabilities: • Wide Area Network (WAN) access • Local Area Network (LAN) switching 4 Smart Business Communications System 1.1 Design Guide OL-15367-01 Overview • Controller-based Wireless LAN roaming connectivity • Integrated security • Call processing • Integrated messaging • GUI-based provisioning using Cisco Configuration Assistant • GUI-based network management using Cisco Monitor Director Agent and Cisco Monitor Director This design provides enhanced functionality; however, it is implemented with the objective of reducing overall system complexity. This enables partners and customers with varying levels of technical knowledge to deploy the Cisco Smart Business Communications System solution. Figure 1 shows a typical network topology of Smart Business Communication System: Figure 1 Smart Business Communications System 1.1 Topology WAN connectivity on the UC520 device is provided through a FastEthernet port by connecting the UC520 LAN port to the LAN port of the device provided by the Internet service provider—such as a cable or DSL modem. PSTN trunks can be either analog FXO, ISDN BRI, T1/E1 PRI or a mix of two such connections. Data connectivity is not supported on via BRI or PRI of a UC520 device—only voice can be used. 222712 WS-CE520 Fax UC520 Cisco 871W Main Office Teleworker At Home Office (optional) Mobile Worker At any public place (optional) Cisco Configuration Assistant and Cisco Monitor Director Agent Cable/DSL Modem Cisco Monitor Director V Internet IP PSTN IP V Partner Site WLC526 LAP521 IP 5 Smart Business Communications System 1.1 Design Guide OL-15367-01 Overview Solution Components Two general network schemes are addressed in this publication: fully wired networks; and networks supporting wireless clients. Table 1 provides a list of the hardware platforms used to build the system without wireless. Table 2 provides a list of hardware and capacity to add the wireless solution in Smart Business Communications System system. PSTN voice calls, and Analog stations capacity as same as shown in Table 1. Note Even though one AP can support seven 802.11b or 12 802.11g wireless IP phones, very large numbers of wireless data users on a single AP might impact wireless voice quality. Table 3 lists the various software applications required to provision and manage all of the products in the design summarized in this publication. Download the latest version of software to a common directory of your laptop PC. Ta b l e 1 Hardware Platforms for SBCS Wired-only Solution—Sample Configuration Number of Voice-Users Wired Data-Users PSTN Voice Calls 1 1. The VIC slot in all models can be used to increase the number of supported PSTN calls or analog stations by four. Analog Stations 1 UC Device Access Switch 0-8 8 4 4 UC520-8U No 9-16 16 4 4 UC520-16U WS-CE520-8PC 17-24 24 8 4 UC520-24U WS-CE520-8PC (2) 25-32 32 8 0 UC520-32U WS-CE520-24PC 33-48 56 12 2 2. If the 48-user model has T1/E1 port, the number of PSTN calls can be 23 or 30. 0 UC520-48U WS-CE520-24PC (2) Home Office 4 NA NA C871 No Ta b l e 2 Hardware Platforms for SBSC with Wireless Solution—Sample Configuration Number of Voice-Users Wired Data-Users Wireless Data-Users UC Device Access Switch Wireless LAN Solution 0-8 8 Up to 20 UC520W-8U No Integrated AP 9-16 16 Up to 60 UC520W-16U WS-CE520-8PC Integrated AP or 1-2 AP521s 1 1. Up to three autonomous Cisco IOS-based AP-521s (including a UC520W’s integrated AP) can be used to increase coverage when there are fewer users, but those users are spread across a large area. Only controller-based WLANs be used for more that 16 voice-users Smart Business Communications System solution. 17-24 24 Up to 90 UC520-24U UC520-24U Three AP521 or WLC526 & 3-6 LAP521 25-32 32 Up to 120 UC520-32U WS-CE520-24PC WLC526 (1), LAP521s (3-6) 33-48 56 Up to 240 UC520-48U WS-CE520-24PC (2) WLC526 (1-2), LAP521s (4-12) Home Office 4 NA C871 No Integrated AP 6 Smart Business Communications System 1.1 Design Guide OL-15367-01 Secure Network Foundation The Bill of Materials for the design described in this document is provided in the “Bill of Materials” section on page 40. Secure Network Foundation The Secure Network Foundation (SNF) addresses small business requirements for a secure network infrastructure. SNF design implements the LAN, WAN, and integrated security services and thus builds the foundation for the Cisco Smart Business Communications System. The SNF design is flexible, modular, and scalable and allows future introduction of enhanced capabilities in network. It is a fully adapted design for the unified communications need of a small business with up to 48 voice-users and up to 250 data-users. Local Area Network Design For larger deployments, LAN designs consist of core, distribution, and access layers. Core and distribution layers are often collapsed into one layer for smaller deployments. LAN designs are typically deployed in one of three ways. Each of these deployment options provides certain benefits. These three types of LAN designs are: • Layer-2 switching between all layers Ta b l e 3 Software Applications Required Location Purpose Software Applications A PC at customer’s main office Provision of all devices listed in Table 1 or Table 2. Cisco Configuration Assistant, Version 1.5 from: http://www.cisco.com/go/configassist (click download software) Upgrading UC520 device. Version 4.2.6 of UC520-Complete ZIP/TAR with all components from: http://www.cisco.com/cgi-bin/tablebuild.pl/UC520 Upgrading CE520 switch. http://www.cisco.com/kobayashi/sw-center/index.shtml Click Switches Software. On next web page click LAN Switches and navigate to download Cisco IOS software for applicable Catalyst Express 520 switch. Upgrading WLC-526 Controller http://www.cisco.com/cgi-bin/tablebuild.pl/520_series_Wireless_ LAN_controller Network Monitoring & Management Cisco Monitor Manager version 1.1.2 Follow this link to download: http://www.cisco.com/en/US/products/ps7244/index.html Mobile worker’s laptop PC Access to main office Appropriate Cisco VPN Client Software from: http://www.cisco.com/cgi-bin/tablebuild.pl/vpnclient-3des IP Phone connected to main office Cisco IP Communicator, version 2.1.2 from: http://www.cisco.com/cgi-bin/tablebuild.pl/ip-comm Teleworker’s home-office Cisco IOS image on Cisco 871 router c870-advipservicesk9-mz.124-11.XW5 image from http://www.cisco.com A PC at the partner site Monitoring and management of customer network Cisco Monitor Director version 1.1.2 Follow this link to download: http://www.cisco.com/en/US/products/ps7246/index.html 7 Smart Business Communications System 1.1 Design Guide OL-15367-01 Secure Network Foundation • Layer-3 routing between the core and distribution layers, with Layer-2 switching between the distribution and access layers • Layer-3 routing between all layers The LAN design used in this system consists only of Layer-2 switching, mainly because of its simplicity. The design, regardless of the number of users supported, contains only an access layer, no redundant components, and a loop-free, Layer-2 topology. Virtual Local Area Networks Virtual LANs (VLANs) are logical connections that enable groups of devices, such as PCs, desktops, and IP phones, to communicate as if they were connected to the same physical wire even though they might be connected to completely different LAN switches. In this design, VLANs are used to group voice devices on the Cisco Voice VLAN (assigned the value of 100) and data devices on the Cisco Data VLAN (assigned the value of 1). In contrast to large unified network designs, this design uses only two VLANs even after adding centralized controller-based WLAN. When AP-521s are used to expand the WLAN, VLANs are assigned in same manner as with the integrated AP. In this design, WLC-526 and LAP-521 are used to build a centralized, controller -based WLAN. This design continues to use only two VLANs by manually synchronizing VLANs between the WLC-526 and UC520. Use of only two VLAN makes it very simple to separate the two types of devices and eases other tasks, such as Dynamic Host Configuration Protocol (DHCP) server administration and IP addressing. Figure 2 illustrates the Layer-2 characteristics of the LAN design. Figure 2 Layer-2 LAN in Smart Business Communications System 1.1 Design Note One benefit of using IEEE 802.1q trunking on Cisco IP Phones is that it permits PC access via an IP phone port. Most Cisco IP Phones have a built-in three-port switch: One port is invisible and is used internally for IP phones using the Voice VLAN; one port is used to connect a PC using the Data VLAN; 223089 LAP521 V Layer 2 LAN V IP WS-CE520 WLC526 Cisco-Data VLAN 100 Cisco-Voice VLAN 1 Native VLAN for 802.1Q 802.1Q Trunk over physical connection between Switchports UC520 IP 8 Smart Business Communications System 1.1 Design Guide OL-15367-01 Secure Network Foundation and, one port is used to connect the IP phone to a switch using an IEEE 802.1q trunk. With this setup, when an IP phone is added to a switch there is no loss of ports. The PC that is to be connected to the switch can be connected to the network via the access port of the IP phone. IEEE 802.1Q Trunking Trunking enables the physical connections between devices to carry traffic from multiple VLANs configured on these devices. It is pre-configured on the UC520 and CE520. WLC-526s and LAP-521s (or AP-521s) are configured to match this factory default trunking configuration. A native VLAN (such as VLAN 1 in this solution) is required to configure the IEEE 802.1Q trunk. When deployed in this manner, security risks—such as VLAN hopping and double IEEE 802.1Q tagging attacks—are mitigated. Spanning Tree The Spanning Tree Protocol (STP) is used by Layer-2 devices to enable them to dynamically discover loops in the network and to block them. STP is not an issue in this design because no physical loops exist. However, STP is enabled as a precautionary measure to prevent any issues in the event that two switches are connected together with two separate cables. STP provides following capabilities: • Fast convergence using IEEE 802.1w; enabled by default • PortFast or fast-start feature: Supported for Desktop, IP phone + Desktop, Printer, and Server SmartPort roles The IEEE 802.1d-based STP dictates that the port starts out blocking, and then immediately moves through the listening and learning phases, before going to the forwarding or disabled state. Cisco switches use the IEEE 802.1w standard where disabled, blocking, and listening states are merged in discarded state, and thus enable fast convergence. The PortFast, or fast-start, feature of STP assumes that the port is not part of a loop, immediately moves to the forwarding state, and does not go through the blocking, listening, or learning states. It does not disable STP, but makes STP skip the initial steps (unnecessary steps, in this circumstance) on the selected port. SmartPort Roles The SmartPort roles are Cisco-verified feature templates based on the type of devices (such as desktops, IP phones, servers, and switches) that are connected to the switch ports. These templates consistently and reliably configure essential Layer-2 switching, security, Power-over-Ethernet (PoE) for IP phones and wireless APs, and Quality of Service (QoS) features with minimal effort and expertise. The templates also streamline the configuration process by reducing redundant command entries and preventing problems caused by switch port misconfiguration. The SmartPort role for a switchport is selected from a drop-down menu in GUI-based provisioning application. A SmartPort role reflects the type of device to be connected. Table 4shows the recommended SmartPort roles for this design. [...]... number of publicly registered IP addresses See Figure 5 Smart Business Communications System 1.1 Design Guide OL-15367-01 13 Secure Network Foundation Figure 5 Network Address Translation on UC520 Inside Device B 10 .1.1. 12 Device A 10 .1.1. 11 IP Private IP Address Space 10 .1.1. 11-10 .1.1. 254 IP V WS-CE520 NAT Translation Table Inside IP 10 .1.1. 1 10 .1.1. 10 UC520 Outside IP 100.100.1.2:5001 100.100.1.2:5002... the Cisco EasyVPN client, support the recommendations and specific customer security policies Smart Business Communications System 1.1 Design Guide 20 OL-15367-01 Unified Communications Unified Communications This section discusses the Unified Communications design used for the Smart Business Communications System Descriptions are included of the features that are implemented to provide call processing... numbers, and voice channels The Smart Business Communications System includes the Cisco IP Smart Business Communications System 1.1 Design Guide OL-15367-01 21 Unified Communications telephony system pre-configured on the UC520 The following section, although not required for completing an installation of the Cisco Smart Business Communications System, is provided for a better understanding of underlying... are not supported by the dial-by-name feature Smart Business Communications System 1.1 Design Guide OL-15367-01 31 Wireless LAN—The Cisco Mobility Express Wireless LAN—The Cisco Mobility Express The Cisco Smart Business Communications System integrates Cisco Mobility Express, which is the advanced WLAN Solution designed specifically for small and medium businesses This solution scales from a single... fixed on the 8-to-16 user UC520 model and the VIC-4FXS voice card used in the VIC slot of 32-to-48 user model of UC520 Smart Business Communications System 1.1 Design Guide OL-15367-01 25 Unified Communications Note If analog devices are connected to the Cisco Smart Business Communications System via the Analog Telephone Adapter (ATA) or an analog voice gateway, the analog devices count against the maximum... in this design provide inline power by default The CE520 used in this design supports both Cisco PoE inline power and the IEEE 802.3af PoE standard All 24 PoE ports on the CE520-24PC can supply up to 15.4W (IEEE 802.3af standard maximum) of PoE for a total of 370W of inline power Smart Business Communications System 1.1 Design Guide OL-15367-01 9 Secure Network Foundation Wide Area Network Design Wide... ready-to-use with the initial installation Call Processing Capabilities The UC520 is a feature-rich IP telephony system that provides the call processing for small and medium businesses and is at the core of the Smart Business Communications System The Cisco Smart Business Communications System provides a secure network infrastructure, thereby reducing the number of devices deployed within the network... low-density digital PSTN connectivity High density PSTN Smart Business Communications System 1.1 Design Guide OL-15367-01 27 Unified Communications connectivity usually requires a digital connection such as T1 CAS, E1R2, T1/E1 PRI, or QSIG A high density digital trunk contains multiple channels and can carry multiple calls over each physical connection This design guide recommends a ratio of 4:1 (users-to-PSTN... length of time for which messages are stored in the system Smart Business Communications System 1.1 Design Guide 30 OL-15367-01 Unified Communications • Mailboxes can be configured with different storage sizes; however, we recommend that the default size be used The aggregate size of all mailboxes cannot exceed the maximum storage allowed on the system • VoiceView Express is enabled by default This... lines depending on phone user’s role in the organization The Smart Business Communications System provides a critical communications component in any customer network Therefore, Cisco recommends that all elements of the Cisco Smart Business Communications System always remain connected to an uninterrupted power supply (UPS) Traditional telephony systems are based on physical connections between analog . UC520 10 0 .10 0 .1. 2 Device 1 10 Inside IP 10 .1. 1 .1 10 .1. 1 .10 Outside IP 10 0 .10 0 .1. 2:50 01 100 .10 0 .1. 2:5002 NAT Translation Table V Internet IP IP V 15 Smart Business Communications System 1. 1 Design Guide OL -15 367- 01 Secure. A 10 .1. 1 .11 UC520 WS-CE520 Cable/DSL Modem 223090 Inside Device B 10 .1. 1 .12 Private IP Address Space 10 .1. 1 .11 -10 .1. 1.254 Outside Public IP Address of UC520 10 0 .10 0 .1. 2 Device 1 10 Inside IP 10 .1. 1 .1 10 .1. 1 .10 Outside. company. (0801R) Smart Business Communications System 1. 1 Design Guide © 2008 Cisco Systems, Inc. All rights reserved. 1 Smart Business Communications System 1. 1 Design Guide OL -15 367- 01 CONTENTS Overview