CIPT1 Passed – Have Some Notes

So last Wednesday I passed my Cisco CIPT1 v 8.0 test bringing me 2/5 tests complete for my CCNP – Voice certification. Majority of the test like many have said pertains to media selection. So know your SW / HW media resources and MRG and MRGLs.

Test blueprint can be found at (CCO Required)

Cisco UC Layers:

  • Infrastructure
    • Routing
    • Switching
    • QoS
  • Call Control
    • CUCM
    • CUCME
  • Applications
    • Resources
    • Unity
    • UCCX
  • Endpoints
    • Phones


CUCM Functions

  • Call Processing
  • Signaling and device control
  • Dial Plan Administration
  • Phone feature administration
  • Directory services
  • Backup and Restore tools


Phones maintain active TCP 2000 to primary and backup CUCM servers


CUCM is involved only during call setup, teardown and supplementary services


SCCP phones – digit by digit / enbloc

SIP Phones – digit by digit or enbloc

Type A – phones are en bloc only

Type B – enbloc or KPML

RTP – Real Time Transport Protocol – phone to phone not through CUCM


CUCM access via 3rd only through documented APIs

Linux Based – Closed off no root access – GUI / Power CLI only

No File system access


Remote root access can be initiated via Remote Support from Cisco TAC for limited time access


CUCM cluster can have up to 20 servers

  • 1 Publisher
  • 4 Active CM servers
  • 4 Standby CM servers
  • Other 11 are various roles, TFTP, Conferencing, MoH, Transcoding


CM Group used to determine failover and redundancy of CUCM nodes.


Informix Database – IDS – Star replication topology – Publisher out to subscribers

Run-time data replicated in mesh topology / CUFF data


Cluster UFF (User Facing Feature) Data – replicated amongst all servers in cluster

  • Call Forward All (CFA)
  • MWI
  • Privacy, enable/disable
  • DND
  • Extension Mobility Login
  • Hunt group login status
  • Monitor
  • Device Mobility


Min HW requirements:

2Ghz CPU

2GB Ram



Spec Based HP / IBM server or Vmware ESX 4x


OS Updates bundled as part of CUCM updates


IBM IDS DB contains:

Static Data:

  • Servers / services enabled in the cluster
  • Phones, GW, Trunks etc.
  • Dial-plan, Users

Dynamic Data:

  • Call Forwarding, DND, MWI,
  • Hunt Group Login Status

Read write on the publisher only

Except for User Facing Features


Services Dependent on Publisher:

  • CCMAdmin
  • CCMUser
  • BAT
  • TAPS
  • AXL
  • CCM
  • LDAP Sync
  • License Audit


IP Tables – Used for FW on servers

Add new server IP to Publisher CUCM

Security Password – used to admit new nodes to the cluster


Licensing Model:

Device License

  • Different devices consume different number of DLUs

User Licenses

  • Licensing per user, independent of used devices


Publisher maintains licensing.

  • Software version license
  • Device licenses
  • Node licenses


Licenses bound to MAC / License MAC for physical / virtual


License file contains:

  • MAC address of the license server (publisher)
  • Version of CUCM
  • Number of DLUs or Nodes


License Files are additive


FlexLM Process

  1. Order
  2. PAK shipped
  3. MAC + PAK registered on
  4. Email with .LIC file
  5. Install on Publisher


License Server – Publisher

License Manager – Service that runs on the Subscriber forwards off to license server


License Manager

  • Admin Subsystem
    • Keeps track of licenses installed / in use / available
  • Alarm Subsystem
    • SNMP traps when overdraft ~5% allowed


Upload license

  • System > Licensing > License File Upload
    • Upload license file, browse and upload.


Deployment Models:

  • Single-Site
    • 30k phones per cluster
    • 2100 H323 or 1100 MGCP
    • G711 codec
  • Multisite WAN with Centralized Call Processing
    • 30k phones per cluster
    • 2k locations per CUCM cluster
    • Max 2100 H323 or 1100 MGCP
    • Minimum 768k WAN
    • SRST for remote branches.
    • CAC
    • AAR used if WAN BW exceeded
    • Max 1200 phones in SRST on 3945 ISR G2
  • Multisite Deployment with Distributed Call Processing
    • Each site gets a CUCM cluster
    • 30k phones per cluster
    • GK used for scalability
    • Transparent use of the PSTN if the IP WAN is unavailable
    • Deploy a single WAN codec
    • No loss of functionality during WAN failure
  • Cluster over WAN
    • 30k phones per cluster
    • Nodes located across the WAN from each other
    • IP WAN carries intracluster traffic.
    • Can’t have greater than 80ms RTT
    • Minimum BW 1.544Mbps per 10k BHCAs
    • Minimum BW 1.544MBPS for every subscriber remote to the Publisher
    • Single point of administration
  • Deployment on Vmware


Redundancy designs

  • 1:1 – For every active 1 backup
  • 2:1 – For every 2 active 1 backup


Basic Setup

  • Initial Configuration
    • Network Settings
      • NTP, DHCP services, remove DNS reliance
    • Network / Feature Services
      • Activate the necessary services , CCM, IP Media Streaming etc.
  • Enterprise Parameters
    • Modify as needed
  • Service parameters
    • Modify as needed


  • Network Settings Overview
    • NTP – Mandatory (must be reachable during install)
      • Needs master reference clock could be Cisco router
      • Publisher gives time out to subscribers
      • Added under OS admin on the publisher (read only on subscribers)
    • IP Addresses, SM, GW
    • DNS Server
    • DHCP / TFTP
      • Option 150 for TFTP server
      • Meant to serve IP Phones, not other network devices
      • Only for smaller deployments (up to 1000)
      • Multiple servers can serve DHCP and multiple DHCP
  • Activating DHCP
    1. Activate the DHCP monitor service
      1. Under unified serviceability – Cisco DHCP Monitor Service
    1. Add / configure DHCP Server
      1. Select the host server
      2. TFTP server address
      3. Lease times
    1. Configure DHCP subnets
      1. Network / Mask / GW
      2. DNS Servers
      3. Start / End ranges
      4. Exclude ranges
  • Remove reliance on DNS for CUCM
Advantage of IP Advantage of DNS
Does not need DNS server Simplifies manage by use of names versus IP
Prevents the IP Telephony network from failing when DNS fails Easier IP address changes because of name to IP resolution
Decreases the amount of time required when a device attempts to contact CUCM server Server to IP phone NAT possible
Simplifies troubleshooting Possibility to have redundant IP Phone services
  • SCCP call flow with DNS
    1. DNS query and response (where is CUCM)
    2. Signaling to CUCM
    3. RTP setup between devices
  • SCCP call flow without DNS
    1. Phone knows IP of CUCM so does call setup
    2. RTP stream established between phones
  • Disable DNS reliance
    • Under System > Server
      • Change hostname to IP address
    • Update Enterprise / Service parameters of service URL to IP.
  • Network Services
    • Services required by CUCM platform to function e.g. database replication, NTP. Can not be activated / disabled can only be restarted.
    • Managed from Unified Serviceability > Network Services
  • Feature Services
    • Call Manager, MoH, TFTP, DHCP etc.
    • Managed from Unified Serviceability > Feature Services
  • Tools > Service activation for activating services.
    • Validate under Unified Serviceability > Control Center Feature Services
  • Enterprise Parameters
    • Cluster wide system settings
    • Apply to all devices and services in the same cluster
    • Only change if you completely understand the feature or instructed by TAC
    • Can sometimes be overwritten at the device level
    • Examples: Dependency records, Phone URL parameters, Cluster ID
    • Accessed via CM Admin > System > Enterprise Parameters
  • Enterprise Phone Configuration
    • Used to define parameters that will apply to all phones
    • Parameters may also appear under Common Phone Profile
    • Closest to the source wins when conflict
      1. Device Configuration
      2. Common Phone Profile
      3. Enterprise Phone Config
  • Service Parameters
    • Define settings specific to a Feature Service e.g. Call Manager, MoH.
      • T302 timer – inter-digit timer
      • Enable of CDR
      • Defining Extension Mobility settings
      • Define IP Media streaming codec settings
    • Accessed via CM Admin > System > Service Parameters
      • Select Server and choose service
      • Advanced button will show hidden parameters


CUCM Users

  • Administrative Account
  • User Account
  • Application Users
End User Application User
Can be provisioned and authenticated via LDAP Cannot use LDAP
Included in user directory Not included in user directory
Used for user features and individual admin logins Used for application authorization
For person use in interactive login For non interactive logins
Associated with a person Associated with an Application


User account attributes:

  • User ID
  • First Name
  • Middle Name
  • Last Name
  • Manager User ID, Department
  • Phone Number, Mail ID
  • Password
  • CUCM Sepcific
    • PIN / SIP digest credentials
    • User priviliages
    • Associated PCs / controlled devices
    • Applications, extension mobility, presence, CAPF

User Privileges

  • Assigned to end users / application users
  • What they can access
  • User Groups
    • Contain a list of users / application users
  • Roles (can be customized to contain just the right permissions)
    • Contain the access permissions to specific parts of CUCM
  • Permissions are cumulative (least restrictive wins)


How to add users:

  • Manually
  • Bulk – BAT tool
  • LDAP integration (end user only)
    • LDAP Sync
      • Pulls in users only
    • LDAP authentication
      • Passes authentication off to LDAP server


LDAP v3 can be used (MS AD, Sun ONE, iPlanet…)

No LDAP – all data local

LDAP Sync – userid, first, midle, last all in LDAP, password in CUCM

LDAP Auth- same attributes but now password is stored in LDAP and PIN still in CUCM.


Standard = default role built into the system and can’t be deleted.


Users > User Groups > Roles


Credential Policies = Password requirements / lockout policy / minimum strength

  • Can be assigned to end users, applications users, or individually to specific app / end users

Default Credential Policy – built in can not be deleted


Minimum Credential Length – applies to both PIN / password


Credential Policy assigned to Default Credential Policy Configuration


Credential Policy assigned to end user via “Edit Credential button on End User Page”


BAT tool

  • Bulk Provisioning service must be enabled on the Publisher
  • Bulk Add / Delete / Update
  • Supports localization


BAT template – excel file that creates CSV for import into the BAT tool


LDAP v3 – Database holds all user information, centralized repository.

  • MS AD 2k+ – Full Sync
  • MS ADAM – Full Sync
  • iPlanet / SUN One – Incremental Sync
  • OpeLDAP – Incremental Sync

All sync types have to be the same LDAP Family e.g. Multiple AD or Multiple OpenLDAP but not OpenLDAP and AD

Users can’t be added or deleted from CUCM once LDAP sync is enabled. It is taken care of by LDAP sync.

LDAP is required for LDAP Auth. If LDAP down authentication fails.



User account grants access to CCMUSER / Extension mobility page.


BAT Template contains common attributes, then the CSV file contains data.

BAT > Upload / Download Files – BAT.xlt is Cisco BAT template



Phone Startup Process

  1. Obtains Power
  2. Load locally stored image (phone-load)
  3. If no voice-vlan configured then CDP asks for Voice VLAN
  4. If the switch has a Voice VLAN it will send it to the phone via CDP
  5. If DHCP is enabled it will ask for IP / TFTP server information.
  6. The phone connects to TFTP and requests the following in Order:
    1. CTLSEP<MAC>.tlv* – Certificate trust list
    2. SEP<MAC>.cnf.xml  – SCCP config file
    3. SIP<MAC>.cnf – SIP config file
  1. If no config, it will request XMLDefault.cnf.xml
  2. Phone compares it’s version of SW to CUCM and if different downloads the CUCM version.
  3. Phone tries to register.
  4. If the phone is configured in CUCM it will register
  5. If localization or customer ringers are configured additional files will be downloaded.
  6. If the phone wasn’t configured
    1. Auto registration enabled – CUCM will dynamically create CNF file and phone will reboot and register.
    2. Auto registration disabled – Phone rejected and will display “Registration Rejected”


SIP configuration file size larger than SCCP phone.

SIP Phone will download local dial rules

Some SIP phones will have to download a separate softkey file.


H.323 Endpoints

Most common is Video

Do not register with CUCM

Could be voice or Video

Could be multi-lines

Independent dial-plan (peer to peer)

H323 client consumes two DLUs


H.323 Endpoints Limitations

No MAC registration

No Phone button templates

No Softkey templates

No Telephony featurs / apps

  • IP Phone services
  • Manager Assistant
  • CUVA
  • Call Pickup
  • Barge
  • CUP

Configuration is easy, put in the IP of the endpoint and assign a DN.

On the H323 endpoint ensure it is configured for call routing toward CUCM.


Third Party SIP Phones

Basic – One line and 3 DLU

Advanced – Eight lines and 6 DLUs

Will register with CUCM – Use SIP Digest to authenticate against CUCM not MAC.

Configuration is performed on CUCM and the Phone.


7940 / 7960 can be loaded with SIP SW


Third Party SIP Limitations

No MAC Registration

No Phone button templates

No Softkey templates

No Telephony features:

  • IP Phone Services
  • Manager Assistant
  • CUVA
  • Call Pickup
  • Barge
  • CUP


SIP Digest – username and a keyed MD5 hash (MD5 not mandatory)

Digest auth based on client / server model.

Configure 3rd Party SIP

  1. Configure end user in CUCM
  2. Configure 3rd party SIP and it’s DN in CUCM
  3. Select the configured end user as the digest user on the Phone config.
  4. Configure the phone with IP of CUCM, username, MD5 digest credentials, and DN.



Adding Phones



CUCM AtuoRegister- Requires CRS



Items needed:

Phone NTP Reference

Date / Time Group

Device Pool

UCM Group



Enterprise Phone Config

Phone Security Profile

Softkey Template

Phone Button Template

Sip Profile

Common Phone Profile


NTP Phone reference only for SIP phones


Device pool defines common characteristics for devices.


Region defines max audio / video BW a call can use. Codec Selection


Location defines how much BW is available to calls. CAC


For enterprise phone config to go into effect you must check override common settings box.


Device > Device Settings > contains device defaults / templates


Device defaults contains default phone load / device pool


Phone Button Template – Applies to the physical buttons on the side.

Softkey template – applies to the buttons on the bottom dependent on phone state.

Common phone profile – sets various phone behavior settings.



  • Supported by all Cisco IP Phones
  • Only applies to new phones
  • Adds IP Phones not already configured
  • DN range required


Auto Register process

  1. Phone requests individual config file from TFP server
  2. TFTP responds with file not found.
  3. Phone requests XMLDefault.cnf.xml
  4. TFTP provides the default XML file.
  5. Phone validates it’s SW and downloads a new one if needed.
  6. Phone tries to register with CUCM.
  7. CUCM creates new config file and tells the phone to reboot.
  8. Phone pulls individual config file.


Auto Registration – can only be turned on, one subscriber.

Setting up Auto Reg

  1. Verify the autoreg phone protocol (enterprise param)
  2. Verify the CM group is enabled for autoreg
  3. For each CM server in the group autoreg must be turned on and a DN range specified
  4. Manually change phones or use BAT to personalize devices


Digest credentials used by SIP phone when registering if used and enabled in the SIP device security profile


DNs can be – Single Line, Shared Line


Call Routing > DN

Only shared settings are shown


Device > DN

Shows shared and device specific settings.


You can go through a max of 10 Translation patterns before CUCM denies the call.


XXXX pattern could be used as a catch all for unconfigured DIDs


Transformation Masks – change either the calling or called numbers, used to expand or truncate numbers


ISDN TON – Type Of Number – Changes what digits are expected by the PSTN


CUCM Order of operations on Incoming calling party settings

  1. Digit Striping
  2. Prefix
  3. Local / Device Pool CSS


Calling-part transformation order

  1. Apply the external phone number mask
  2. Apply the calling party transformation mask


Called-party transformation order

  1. Apply Discard digits
  2. Apply the called-party transformation mask
  3. Apply prefix digits


Called-party transformation priority from PSTN

  1. Significant Digits
  2. Prefix DN
  3. Incoming called party settings


CSS is processed top down first match wins.


Time Period – Time range

Time Schedule – group of time periods

Assign Schedule to partitions


CMC – Client Matter Codes – Allows billing and tracking of calls made per client

FAC – Forced Authorization Code – Prevents users from making calls without the appropriate code.

Both generate CDR


If no valid CMC then the call will not proceed.


Must meet or beet the FAC auth level on the route pattern for the call to proceed.


Call Coverage Features:


  • Call Forward
  • Shared Number
  • Call Pickup Group


Groups with Pilot Numbers

  • Hunt group
  • Broadcast


Shared Line – same number on multiple phones

Hunt Pilot > Hunt List > Line Group > DNs

Hunt Distribution Algorithm – circular, longest idle, broadcast or member the follows the last used.

CTI route points can not be in a line group.

If no final forwarding options on hunt pilot caller gets reorder tone

No Coverage / No Coverage External – Settings to be used when personal preference set on Hunt Pilot.


Media Resources

Voice Termination – Analog to Digital PSTN -> IP phones – DSPs







Media Resource Software Hardware
Voice Termination NO YES
Transcoder NO YES
Annunciator YES NO
MOH YES NO* – SRST MoH Supported


All media resources register with CUCM via SCCP

Phones can do G711 and G729 natively.


Conference Bridge Options -> SW CFB must all be the same codec

HW CFB -> Can be mixed mode so G711 / G729


Transcoder – converts from one codec to another using the DSPs on the router.


MTP – Bridge two media streams. E.g. G711u to G711a or DTMF inband to out-of-band


Three MTP Types:

  • Software MTP provided by CUCM
    • Only provides G711mu to a-law and packetization conversion
  • Software MTP on Cisco IOS
    • No DSP required
    • Uses same codec and packetization on both call legs
    • Used for CUBE functions
  • Hardware MTP provided by IOS
    • DSP required
    • Use the same codec but different packetization on both call legs possible.


Insert DTMF Signaling YES YES YES
G711mu to G711a conversion YES NO NO
Sample size conversion YES NO YES
Provide H323v1 sup services YES YES YES


ANN – Speaks various call-progress tones

CFB – SW / HW – SW is on CUCM G711 only. HW CFB can be G711 / G729 and be muxed together.

Software CFB – Unicast only audio stream

Conference Type Min Participant Max Participant Default Participant
Ad Hoc 3 64 4
Meet-Me 1 128 4

Max 128 per server. If on CUCM CM node you shouldn’t exceed 48 CFB session.


HW Conferencing Resources

Cisco Conference Bridge HW – WS-X6608-T1, WS-X6608-E1 – 32 per port / 256 per module – 6 Participants per Conf

Cisco IOS CFB – NMHDV = 60 per module – 6 Participants per Conf

Cisco Conference Bridge – WS-SVC-CMM – 64 per port adapter / 256 per module – 8 Participants per Conf

Cisco IOS Enhanced CFB – PVDM2, NM-HD, NM-HDV2 –  64 per port adapter / 256 per module – 8 Participants per Conf

Cisco Video Conference Bridge – IP/VC-35xx


  • If Security is enabled with G711 cut resources in half.
  • IP Phones with built in CFB allow 3-way conferences.
  • Invoked by the Barge feature
  • G711 support only



  • Admin creates DNs
  • Manually distributed
  • No Password access needed to enter the conference

Basic Ad Hoc

  • Originator controls conference
  • Originator can add more people

Advanced Ad Hoc – Cluster Param

  • Any participant can add and remove other participants
  • Link multiple Ad Hoc Conferences together



Setting up a SW CFB resource

  • If SW based IP Voice Media Streaming App must be running.
  • Configure App service params
  • Verify CFB resource exists


Setting up a HW CFB resource

  • Configure HW media resource in CUCM
  • Configure hardware media resource in IOS
  • Verify it registers to CUCM
  • Name on the router CFB SCCP resource must match CUCM or it will not register


Suppress MoH to conference bridge

Advanced Ad Hoc Conference – Linking of Ad Hoc conferences


Call Routing > Meet-me Number / Pattern


Multi-cast MoH requires Network multi-cast support.

One Fixed sources that uses Cisco USB sound card

50 audio files

Codecs for MoH G711, G729, Wideband

  • G729 optimized for speech not music

Consider the legalities of rebroadcasting copyrighted audio materials


Unitcast MoH – has a negative impact on network.

Multicast MoH – uses IP group to, increment multicast IP for different audio streams


Holdee (person put on hold) – consults MRGL to find it’s local MoH server. Audio files must be available on all TFTP servers.

Max 51 unique audio sources for the cluster including the USB. Max 250 Unicast Moh streams per server. Max of 204 multicast streams.


Media Resource > MOH Audio File Management

16bit PCM Wav File sample 48, 32 16Khz

Allow muti-cast must be enabled on the audio source and on the MoH server and on the Media Resource Group


ANN – Requires SCCP devices to use it.

Supports G711 / G729 / Wideband without needing transcoding.

Can support 255 streams on a stand alone server. Default is 48 streams when co-resident.


By default, all existing media resources use is load-balanced, HW preferred over SW.

MRGs are listed in prioritized MRGLs


Media Resource > MRG > MRGLs

If Media Resource not in a group it is Globally Available


Module 6- IP Phone Services

IP Phone services – are XML based services on the phones.

  • Display data text / graphics
  • User input
  • Authentication
  • A mix of the above


Admin and end users can subscribe to services

Admin subscribed by administrator can not be removed by users.

Service Subscription Type

Internal –  Configured directly to the phone itself

External – Phone retrieves list of services by accessing the services URL


Services Button:

  1. Phone receives list of services via config URL
  2. Service Selected.
  3. HTTP request is sent to the service URL


Device > Device Settings > Phone Service

Enterprise Subscription check box globally enables the service on all phones.


Service Redundancy

DNS redundancy or HTTP server load balancer.


Verify or change enterprise params

Add phone service

Configure phone service.


If not enterprise subscribed, admin can individually subscribe the service, or end user can as well.


Native Presence features

  • See status of caller in speed dials
  • Call history presence
  • Presence Policy



  • User status information
  • Cisco IP Phone Messenger app
  • CUPC
  • Third Party Presence Server integration


Watcher – person that is interested in other persons status

  • Unknown
  • On-hook
  • Off-hook

Presence Entity – directory number / unit


We can watch DNs and DNs reached via SIP trunk


All modern SIP / SCCP can see presence on directory / speed-dial


7940/7960 SIP can’t see DN / speed-dial presence.


Presence enabled speed dials setup by admin

  • Controlled via subscribe CSS / partitions


Presence enabled call / directory list

  • Subscribe CSS / partitions
  • Presence groups


The partition that a DN / route pattern is in is used for both calling privilege and presence

If no partition on the line / route pattern then available to all watchers.


Subscribe CSS used for presence


Presence groups – only apply to presence enabled call lists not speed dials.

BLF call list is enterprise param disabled by default.

Accept presence subscription / Accept unsolicited notification needed for SIP trunk presence information.


Phone Subscription applies to what it can see. Line Subscription determines who can see it.


Speed dials are only affected by Subscribe CSS.


Mobile Voice

MVA – Mobile Voice Access – Call into CUCM to make outbound calls.

  • Dial into a number – enter a PIN
  • Enter destination to be called.
  • Outbound calls reflect corporate caller-id


Mobile Connect – Single Number Reach.

  • Receive calls on multiple devices
  • Answer incoming calls on office / remote phone
  • Switch from Cell to Desk phone





Mobile connect when calling in via PSTN re-writes CLID to internal extension to reflect your internal extension


Mobility requirements

  • CUCM
  • CUCM MVA activated
  • H.323 or SIP gateway providing MVA IVR application
  • Remote destinations must be external devices


End user



Remote Destination

Access list

MVA media resource – Media resource for VXML application running on IOS router. Only needed for MVA.


RDP – is configured with a CSS to be used for MVA.


If MGCP gateway forward calls off to H323 gateway to do MVA IVR.


Outgoing MVA uses line + RDP CSS


Mobility Access lists

  • Can block on time of day
  • Or CLID
  • Setup as an Admin or User via CCMUSER


Ringing Schedule then Access List.


Matching caller ID with RD – Change to Partial match / and specify how many digits for caller ID partial match.


End user – Enable Mobility / Set Remote Destination Limit

Assign user to physical phone.

Activate MVA service

Configure *codes in service parameters.

Enable MVA under the user.

Setup MVA DN – Partition must be reachable by the gateway.

URL for MVA found inside CUCM

Permanent link to this article:

Leave a Reply