Archiv des Autors: admin

Senior Network Architekt / Behörde

Zeitraum: 07/2022 – fortlaufend
Projekt:  Senior Network Architekt
Kunde:  T-Systems / Behörde

Aufgaben

  • Durchführung eines Proof of Concept für eine Netzwerkanalyse und Anomalie Erkennungssoftware auf Netflow Basis
  • Erstellung von Grob/Fein und Implementierungskonzepten für die Einführung von Cisco Secure Network Analytics
  • Implementierung von Cisco Secure Network Analytics in einer Labor und Produktiv Umgebung
  • Anbindung diverser UM-Systeme an Cisco Secure Network Analytics
  • Dokumentation in Jira und Confluence
  • Mitwirkung bei der Erstellung eines Betriebshandbuchs für Cisco Secure Network Analytics
  • Anbindung diverser Netflow Exporter auf Cisco Basis inklusive Cisco ACI

Network Solution Architekt / Patroklos


Zeitraum: 01/2021 – 07/2022
Projekt:  Network Solution Architekt
Kunde:  T-Systems / Patroklos

Aufgaben

  • Landscape Erstellung und Dokumentation für diverse Projekte verschiedener Krankenkassen
  • Identifizierung notwendiger Kommunikationsbeziehungen für diverse Projekte
  • Troubleshooting Firewall Regelwerk / Checkpoint, Cisco ASA, Fortnet/Fortigate & Cisco ACI
  • Planung und Erstellung von diversen Firewall Regelwerken / Checkpoint, Cisco ASA, Fortinet, sowie Cisco ACI
  • Dokumentation in Jira und Confluence

Überprüfung der Cisco ACI Contracts mit Hilfe von Cisco Network Assurance Engine und CLI

IT Security und LAN/WAN

Zeitraum: 01/2017 – 12/2020
Projekt:  IT Security und WAN
Kunde:  T-Systems SFR

Aufgaben

  • Transition und anschließender Betrieb des ESA Copernicus Netzwerkes zur T-Systems-SFR
  • Risiko Analysen zu Themen LAN/WAN & Firewall
  • Checkpoint R77 / R80 inklusive Chassis CP64k
  • Cisco ASA 55xx Incidents und Change-Management
  • Tufin Secure Track
  • Infoblox DNS & Bluecoat Proxy Konfiguration
  • GenuScreen / GenuCenter Konfiguration
  • Cisco ISR/ASR IPSec und DMVPN Konfiguration
  • Cisco Nexus 3000 VPC Konfiguration
  • Cisco Nexus 9000 Konfiguration

SIP debugging overview

SIP debugging overview

debug ccsip: This has various options,

  • debug ccsip all:  This command enables all ccsip type debugging. This debug command is very active, you should use it sparingly in a live network
  • debug ccsip calls: This command displays all SIP call details as they are updated in the SIP call control block. You can use this debug command to monitor call records for suspicious clearing causes.
  • debug ccsip errors: This command traces all errors that are encountered by the SIP subsystem.
  • debug ccsip events: this command traces event, such as call setups, connections and disconnections. An events version of a debug command is often the best place to start because detailed debugs provide much useful information.
  • debug ccsip info: This command enables tracing of general SIP security parameter index (SPI) information, including verification that call redirection is disabled.
  • debug ccsip media: This command enables tracing of SIP media streams
  • debug ccsip messages: This command shows the headers of SIP messages that are exchanged between a client and a server.
  • debug ccsip preauth: This command enables diagnostic reporting of authentication, authorization, accounting (AAA) for SIP calls.
  • debug ccsip states: This command displays the SIP states and state changes for sessions within the SIP subsytem.
  • debug ccsip transport: This command enables tracing the SIP transport handler and the TCP or UDP process

debug voip ccapi inout: This command shows every interaction with the call control application programming interface (API) on both the telephone interface and on the VOIP side. By monitoring the output, you can follow the progress of a call from the inbound interface or VOIP peer to the outbound side of the call. This debug command is very active. you should use it sparingly in a live network.

debug voip ccpai protoheaders: This command displays messages that are sent between the originating and terminating gateways. If no headers are being received by the terminating gateway, verify that the header-passing command is enabled on the originating gateway.

Feature Design of SIP Debug Output Filtering Support

Prior to the SIP Debug Output Filtering Support feature, debugging and troubleshooting on the VoIP gateway was made more challenging by the extensive amounts of raw data generated by debug output.

This feature allows the debug output for a SIP call to be filtered according to a variety of criteria. The SIP Debug Output Filtering Support feature provides a generic call filtering mechanism that does the following:

•Allows you to define a set of matching conditions for filtering calls.

•Identifies the desired calls based on the configured matching conditions inside VoIP gateways.

•Coordinates the filtering effort on traced calls between multiple modules inside VoIP gateways.

•Displays the debugging trace for calls that match the specified conditions.

SIP Debug Commands that Support Output Filtering

•debug ccsip all

•debug ccsip calls

•debug ccsip events

•debug ccsip messages

•debug ccsip preauth

•debug ccsip states

Configuring Call Filters

This task configures the conditions for filtering SIP calls.

SUMMARY STEPS

1. enable

2. configure terminal

3. call filter match-list number voice

4. incoming calling-number string

5. incoming called-number string

6. incoming signaling {local | remote} ipv4 ip-address

7. incoming media {local | remote} ipv4 ip-address

8. incoming dialpeer tag

9. outgoing calling-number string

10. outgoing called-number string

11. outgoing signaling {local | remote} ipv4 ip-address

12. outgoing media {local | remote} ipv4 ip-address

13. outgoing dialpeer tag

14. end

Example:

call filter match-list 1 voice
incoming called-number 4085559876
!
voice-port 0:D
!
voice-port 1:D
!
voice-port 2:D
!
voice-port 3:D

Enabling SIP Debug Output Filtering: Example

Router# debug condition match-list 1 exact-match
Router# debug ccsip all

Router# show debug

CCSIP SPI:SIP Call Statistics tracing is enabled       (filter is ON)
CCSIP SPI:SIP Call Message tracing is enabled  (filter is ON)
CCSIP SPI:SIP Call State Machine tracing is enabled    (filter is ON)
CCSIP SPI:SIP Call Events tracing is enabled   (filter is ON)
CCSIP SPI:SIP error debug tracing is enabled   (filter is ON)
CCSIP SPI:SIP info debug tracing is enabled    (filter is ON)
CCSIP SPI:SIP media debug tracing is enabled   (filter is ON)
CCSIP SPI:SIP Call preauth tracing is enabled  (filter is ON)

Router# Debug filtering is now on
Building configuration…
!
!
!
call filter match-list 1 voice
incoming called-number 4085551221
!
end

Cisco Collaboration Rollout – BAFIN

Zeitraum: 10/2017 – 04/2019
Projekt:  Cisco Collaboration Rollout
Kunde:  Bundesanstalt für Finanzdienstleitsungsaufsicht (Bafin)

Aufgaben

  • Installation und Konfiguration Cisco Communication Manager, Cisco IM&Presence, Jabber und Cisco Unity Connection v11.5
  • Installation und Konfiguration Andtek Vermittlungsarbeitsplatz & Chef/Sek
  • Enge Abstimmung mit dem Kunden zur Anpassung der Implementierung
  • Durchführung von Systemtests