|
|
Table Of Contents
Settlements for Packet Voice, Phase 2
Related Features and Technologies
Supported Standards, MIBs, and RFCs
Configuring the Public Key Infrastructure
Configuring the Originating Gateway
Configuring the Settlement Provider
Configuring the Inbound POTS Dial Peer
Configuring the Outbound VoIP Dial Peer
Configuring the Terminating Gateway
Configuring the Settlement Provider
Configuring the Inbound VoIP Dial Peer
Configuring the Outbound POTS Dial Peer
Verifying Settlement Configuration
Configuring Settlement with Roaming
Configuring Settlement with Multiple Roots
Configuring Settlement with Suggested Route
Example Configuration of Settlement on the Originating Gateway
Example Configuration of Settlement on the Terminating Gateway
Example Configuration of Settlement with Roaming
Example Configuration of Settlement with Multiple Roots
Comprehensive Configuration Guidelines
Settle-call and Session Target
Actions When Session Target is "Settlement"
Actions When Session Target is IP/DNS
Actions When Session Target is RAS with No Token
Actions When Session Target is RAS with Token
Actions When Receiving Inbound Calls
Common Problems when Setting up Settlement
debug voip settlement security
debug voip settlement transaction
Settlements for Packet Voice, Phase 2
Feature History
This feature is also known as "Settlement Plus Roaming and PKI Multiple Roots on Cisco Access Platforms."
The Cisco Settlement Plus Roaming and PKI Multiple Roots feature is introduced in Cisco IOS Release 12.1(1)T. These features are new additions to the Open Settlement Protocol (OSP) which was previously released in Cisco IOS Release 12.0(4)XH and 12.0(7)T. The feature overview describes both new features in the following sections:
•
Roaming
This document includes the following sections:
•
•
•
•
•
•
Feature Overview
This is the second release of Cisco's Open Settlement Protocol (OSP) features. Some settlement vendors have required roaming users to be authenticated and accounted for by the settlement clearinghouse. Therefore, this IOS Release 12.1.(1) introduces two new features, roaming and multiple roots.
What is settlement? When you make a telephone call, the cost charged can be divided between different carriers involved in the completion of the call. Settlement is the method used to divide the cost between carriers. Traditionally, settlement agreements have been arranged between the carriers in a pairwise fashion. With the advance of voice and video conferencing over IP, pairwise settlement agreements have become cumbersome. A number of companies have entered the market offering settlement on a subscription basis. As a result, the settlement process becomes a more manageable, many-to-one system, with a set of public interfaces that service providers must implement.
The Cisco gateway-based settlement protocol (OSP) interacts between carriers to create a single authentication at initialization. The authentication is the basis for the establishment of a secure communication channel between the settlement system and the infrastructure component. This channel then allows the following three types of transactions to be handled.
•
•
•
Figure 1 shows a typical gateway based settlement network topology. A voice or fax call is originated and routed through the gateway (Cisco AS5300 access server, or Cisco 2600 or 3600 series routers) to a database server (RADIUS, TACACS+) for user authentication and intra-ISP call accounting. Using TCL IVR interactive voice response scripts to gather and manipulate the caller's data, the gateway forwards the call to the settlement server, which authorizes the call and adds settlement details in a token. The call, now carrying its unique settlement token, passes through the originating gateway to the terminating gateway. The terminating gateway uses TCL IVR to validate the settlement token and forwards the call to the receiving telephone or fax machine.
Note
When the call is completed, both the terminating and originating gateways communicate the call details to the settlement server. The settlement server then reconciles the information it receives about the call from both gateways.
Figure 1
Gateway-Based Settlement
Roaming
A caller is roaming when dialing into a gateway which is not the home gateway. A home gateway belongs to the user's service provider. Usually, the subscriber is billed with additional charges when making roaming calls The settlement server and the service provider need to know when a caller is or is not roaming in order to create accurate billing statements.
A roaming caller has to be authenticated before the call can go through the gateway. Both AAA and the settlement server can authenticate a roaming user. If AAA fails to authenticate a roaming caller, the roaming call has to be routed to a settlement server. If the settlement server can not authenticate the caller, the call is terminated.
The roaming feature is configured by the following:
•
•
•
•
Roaming User Identification
The gateway can specify a list of patterns to be matched with a user's account number to see if that user is roaming or not. The user enters the account number and PIN as part of the interaction with the TCL IVR prompts.
The roaming patterns are configured using the Global configuration mode command settlement roam-pattern. See settlement roam-pattern.
For additional information about the IVR or AAA and the E.164 addressing scheme, refer to the following Cisco IOS documents:
•
•
Roaming Settlement Provider
Some settlement providers want to know if a user is roaming so the appropriate charge is applied to the user's account. Some settlement providers do not distinguish between local and roaming users.
The settlement provider interested in roaming users is configured with the roam command in the Settlement submode. See "Command Reference" on page 42.
If a user is roaming and the settlement provider is also enabled for roaming, the gateway sends the user's account number and PIN to the settlement server so that the user could be properly authenticated.
Roaming Dial Peer
A gateway can dictate if a particular outbound dial peer can terminate roaming calls or local calls only. This can be configured with the no roam command. See Command Reference.
•
•
Dial Peer Settlement Option
The command settle-call forces the call to go through a settlement server regardless of the session target type. If the session target type is ipv4, dns or RAS, the gateway resolves the terminating gateway address using one of these methods and asks the settlement server to authorize that terminating gateway. (TGW).
Note
The restrictions and behaviors associated with use of the settle-call command with outbound dial peers are described in another section of this document. See "Common Problems when Setting up Settlement" section for examples of the gateway behavior using different session target types and the settle-call flag.
PKI Multiple Roots
Cisco devices have the capability to share public keys using digital certificates. Digital certificates are normally issued by trusted third parties, who are called certificate Authorities (CA). Every participating router should enroll its public key with the CA server. During enrollment the Certificate Administrator (human) will manually verify if the requesting router is authentic and grant the certificate (some CA servers have the capability to authenticate the routers automatically).
A certificate has many fields which include a serial number, fingerprint and expiry date. Certificate can get revoked before its expiry because of key compromise or an other security reasons. The CA server maintains a list of revoked certificates, which is called Certificate Revocation List (CRL). Routers can be configured not to accept a peer certificate that is revoked. Router downloads CRL from the CA server for this purpose.
Cisco routers use a proprietary protocol CEP (Certificate Enrollment Protocol) to communicate with the CA server. The CA server should understand CEP.
The Multiple Roots feature is based on the Cisco security and public key infrastructure (PKI) technology. For in depth information about Security, see the Cisco Security Configuration Guide.
The multiple roots feature allows a settlement server to use one certificate for a Secure Socket Layer (SSL) handshake and a different certificate for token signing.
•
•
•
Note
Benefits
•
•
•
•
•
Restrictions
•
•
•
Related Features and Technologies
The Settlement for Packet Voice feature is dependent upon the interoperability of the following features:
•
The IVR feature uses audio files that manage the voice prompting and digit collection to gather caller information for authenticating the user and identifying the destination.
Refer to the Cisco Connection Online for Cisco IOS Release 12.0(7)T software features for the documentation.
•
Ensure that this feature is functioning properly and configured as described in the task list. See "Configuration Tasks" on page 8. Additional configuration information is available in the Certification Authority Interoperability feature documentation on Cisco Connection Online (CCO).
Related Documents
Cisco Customer Documentation:
•
•
•
•
Other Documentation:
•
•
Supported Platforms
•
•
•
•
Supported Standards, MIBs, and RFCs
Standards
European Telecommunication Standards Institute (ETSI) Technical Specification (TS) 101 321
MIBS
No new or modified MIBSs are supported by this feature.
RFCs
No new or modified RFCs are supported by this feature.
Prerequisites
•
16 MB Flash and 64 MB DRAM memory minimum.
•
•
•
•
Note
Configuration Tasks
Before starting the settlement server configuration tasks, ensure that the Cisco Enrollment Protocol (CEP) router has obtained a security certificate. For detailed information, see the Certification Authority Interoperability documentation in the Cisco IOS Release 12.0 documentation set, or go to the online version.
Configuring Settlement for Packet Voice on Cisco access servers requires the following tasks:
•
•
–
–
–
•
–
–
–
•
•
•
Note
For the Cisco AS5300 access server, port designation is port.
For the Cisco AS5800 access server, port designation is shelf/slot/port.
Configuring the Public Key Infrastructure
Note
To configure the Public Key Infrastructure (PKI) use the following commands:
Configuring the Originating Gateway
Three tasks are actually involved in configuring the originating gateway:
•
•
•
Configuring the Settlement Provider
To configure the service provider to authorize calls, use the following commands:
Note
Configuring the Inbound POTS Dial Peer
To configure the inbound POTS dial peer, enter the following commands:
Note
Configuring the Outbound VoIP Dial Peer
To configure the outbound VoIP dial peer, use the following commands:
Step 1
Router(config)#dial-peer voice number voipEnters the dial-peer configuration mode to configure the outbound VoIP dial peer.
Step 2
Router(config-dial-peer)# destination-pattern [+]string[T]Configurse the dial peer's destination pattern. Enter the number or pattern of the outbound called number.
The string is a series of digits that specify the E.164 or private dialing plan telephone number. Valid entries are the digits 0-9 and the letters A-D. The following special characters can be entered in the string:
•
•
•
•
The timer (T) character can be used to configure variable length dial plans
Step 3
Router(config-dial-peer)# session target settlement [provider-number]Enters settlement as the session target to resolve the terminating gateway address.
Note
Note
Configuring the Terminating Gateway
Caution
To configure the terminating gateway, complete the following tasks:
•
•
•
Configuring the Settlement Provider
To configure the settlement provider, enter the following commands:
Note
Configuring the Inbound VoIP Dial Peer
To configure the inbound VoIP dial peer, enter the following commands:
Note
Step 1
Router#configure terminalEnters the global configuration mode.
Step 2
Router(config)#dial-peer voice number voipEnters the dial-peer configuration mode to configure a VoIP dial peer.
Step 3
Router(config-dial-peer)# application app-nameEnters the application command; then enter the desired TCL application name.
Step 4
Router(config-dial-peer)# incoming called-number stringSpecifies the telephone number of the voice port associated with this dial peer. Characters include wildcards to create the number or pattern.
Step 5
Router(config-dial-peer)#session target settlement [provider-number]Enters settlement as the session target to resolve the terminating gateway address.
Note
Configuring the Outbound POTS Dial Peer
To configure the outbound POTS dial peer, enter the following commands:
Note
Verifying Settlement Configuration
Use the show running configuration command to verify your configuration. See Example of Settlement Configurations for Originating and Terminating Gateways.
Configuring Settlement with Roaming
To configure settlement with the roaming capability, three configuration tasks must be completed:
•
•
•
Table 1
Configure the Roaming Patterns on the OGW
Table 2
Turn on the Roaming Feature for the Settlement Provider
Table 3
Turn on the Roaming Feature in the Outbound Dial Peer
See " Example Configuration of Settlement with Roaming," page 26.
Configuring Settlement with Multiple Roots
To configure the Multiple Roots capability, three configuration tasks must be completed:
•
•
•
Table 4
Configure a Settlement Server with Multiple Roots on the OGW
Table 5
Configure the Root Certificate for Token Validation on the TGW
Table 6
Define the Token Validation on the TGW
See "Example Configuration of Settlement with Multiple Roots" section.
Configuring Settlement with Suggested Route
The session target command in the dial peer dictates how the gateway resolves the terminating address to complete the call. Besides settlement, the gateway could use the ipv4 or dns options if it knows the exact address of the TGW, or it could use the ras option to consult a gatekeeper.
To force a call to be authorized by a settlement server, configure the following:
Configuration Examples
Figure 2 shows example settlement configurations for both the originating and terminating gateways.
Note
Figure 2 Example of Settlement Configurations for Originating and Terminating Gateways
See samples of screen output displays for running configurations:
•
•
•
•
Example Configuration of Settlement on the Originating Gateway
See the following output by using the running configuration command. Figure 2 is a graphic representation of the configuration.
!version 12.0service timestamps debug uptimeservice timestamps log uptimeno service password-encryptionservice internalservice udp-small-serversservice tcp-small-servers!hostname c3620-px15!ip subnet-zero!settlement 0type ospurl http://1.14.115.100!voice-port 1/0/0alerting audible!voice-port 1/0/1alerting audible!dial-peer voice 1 potsapplication sessiondestination-pattern 5551111port 1/0/0!dial-peer voice 2 voipdestination-pattern 5552222session target settlement:0!interface Ethernet0/0ip address 172.22.65.131 255.255.255.224no ip directed-broadcastip route-cache same-interfacestandby 1 priority 110!interface Serial0/0no ip addressno ip directed-broadcastshutdown!interface Ethernet0/1no ip addressno ip directed-broadcastshutdown!router eigrp 109network 172.22.0.0!router ripnetwork 172.22.0.0!ip default-gateway 172.22.65.129no ip classlessip route 0.0.0.0 0.0.0.0 172.22.65.129!!line con 0transport input noneline aux 0line vty 0 4passwordlogin!endExample Configuration of Settlement on the Terminating Gateway
See the following output by using the running configuration command. See Figure 2 for a graphic representation of the configuration.
!version 12.0service timestamps debug uptimeservice timestamps log uptimeno service password-encryptionservice internalservice udp-small-serversservice tcp-small-servers!hostname 3620-px16!ip subnet-zeroip domain-name cisco.comip name-server 198.92.30.32!settlement 0type ospurl http://1.14.115.100!voice-port 1/0/0alerting audible!voice-port 1/0/1alerting audible!dial-peer voice 1 potsdestination-pattern 5552222port 1/0/0!dial-peer voice 2 voipapplication sessionincoming called-number 5552222session target settlement:0!interface Ethernet0/0ip address 172.22.65.143 255.255.255.224no ip directed-broadcastip route-cache same-interface!interface Serial0/0no ip addressno ip directed-broadcastshutdown!interface Ethernet0/1no ip addressno ip directed-broadcastshutdown!router eigrp 109network 172.22.0.0!router ripnetwork 172.22.0.0!ip default-gateway 172.22.65.129no ip classlessip route 0.0.0.0 0.0.0.0 172.22.65.129!snmp-server community public RO!line con 0exec-timeout 0 0transport input noneline aux 0line vty 0 4passwordlogin!endExample Configuration of Settlement with Roaming
The following output is displayed when you enter the show running config command with roaming configured in the settlement server.
!version 12.0service timestamps debug datetimeservice timestamps log datetimeno service password-encryptionservice internal!hostname as5300-05!enable secret 5 $1$lFSH$khsm3jB1lldHfXNlxqmaN1enable password lab1!!!resource-pool disable!!!ip subnet-zeroip host pkiserver 1.14.115.100ip domain-name fieldlabs.cisco.comip name-server 172.16.1.4!isdn switch-type primary-5essisdn voice-call-failure 0cns event-service servermta receive maximum-recipients 1024!!crypto cisco algorithm descrypto cisco algorithm 40-bit-des!crypto ca identity transnexusenrollment retry count 100enrollment retry period 2enrollment url http://pkiserver:80crypto ca certificate chain transnexuscertificate ca 01713082024C 308201B5 02020171 300D0609 2A864886 F70D0101 04050030 6E310B3009060355 04061302 55533110 300E0603 55040813 0747656F 72676961 3118301606035504 0A130F54 72616E73 4E657875 732C204C 4C433114 30120603 55040B130B446576 656C6F70 6D656E74 311D301B 06035504 03131454 52414E53 4E45585553204245 54412043 41203130 1E170D39 39303332 32313334 3630395A 170D303030333231 31333436 30395A30 6E310B30 09060355 04061302 55533110 300E060355040813 0747656F 72676961 31183016 06035504 0A130F54 72616E73 4E657875732C204C 4C433114 30120603 55040B13 0B446576 656C6F70 6D656E74 311D301B06035504 03131454 52414E53 4E455855 53204245 54412043 41203130 819F300D06092A86 4886F70D 01010105 0003818D 00308189 02818100 B1B8ACFC D78F0C950258D164 5B6BD8A4 6F5668BD 50E7524B 2339B670 DC306537 3E1E9381 DE2619B44698CD82 739CB251 91AF90A5 52736137 658DF200 FAFEFE6B 7FC7161D 89617E5E4584D67F F018EDAB 2858DDF9 5272F108 AB791A70 580F994B 4CA54F08 38C32DF5B44077E8 79830F95 96F1DA69 4CAE16F2 2879E07B 164F5F6D 02030100 01300D06092A8648 86F70D01 01040500 03818100 2FDCB580 C29E557C 52201151 A8DB5F47C06962D5 8FDA524E A69DE3EE C3FE166A D05C8B93 2844CD66 824A8859 974F22E046F69F7E 8027064F C19D28BC CA750E4E FF2DD68E 1AA9CA41 8BB89C68 7A61E9BF49CBE41E E3A42B16 AAEDAEC7 D3B4F676 4F1A817B A5B89ED8 F03A15B0 39A6EBB90AFA6968 17A9D381 FD62BBB7 A7D379E5quitcertificate 8697B659C0E190E1A8D48961EBED0DB130820247 308201B0 A0030201 02021100 8697B659 C0E190E1 A8D48961 EBED0DB1300D0609 2A864886 F70D0101 04050030 6E310B30 09060355 04061302 55533110300E0603 55040813 0747656F 72676961 31183016 06035504 0A130F54 72616E734E657875 732C204C 4C433114 30120603 55040B13 0B446576 656C6F70 6D656E74311D301B 06035504 03131454 52414E53 4E455855 53204245 54412043 412031301E170D39 39303430 36313833 3430315A 170D3030 30343036 31383334 30315A3081873181 84300F06 03550405 13083131 38313833 37393018 06092A86 4886F70D01090813 0B312E31 342E3131 352E3835 302A0609 2A864886 F70D0109 02161D6173353330 302D3035 2E666965 6C646C61 62732E63 6973636F 2E636F6D 302B060355040314 245B7472 616E736E 65787573 2E636F6D 20475749 443D3230 303020435349443D 31303030 5D305C30 0D06092A 864886F7 0D010101 0500034B 003048024100AF40 5CC8E37D 7211E3C4 2D036E52 70B5DA88 96600C12 8654B85E 7CEFE20427A9B9DD B0F6B85C 1EB561BB 0F3481A2 D4661087 2B0B403A 5A65B7E0 ED9A0165EBC10203 010001A3 0F300D30 0B060355 1D0F0404 030205A0 300D0609 2A864886F70D0101 04050003 8181005C 1E379447 C0FCBC3F 0ABC75FA ADF79A26 770419A402BEC849 ECB7BDB1 58EA815B 48844DB3 4E8934E8 397F4762 F04EB716 8413C4184289AA64 6E2EAFE1 9C9F1F31 3A5BE996 AF749623 18FBFD36 569732BF 8335C5224ACA0BCA CFCC27C6 294AD416 15472F07 C1609E93 E1FEDA66 B69DA603 1A99699E86937EC5 609A3D52 72A45Bquit!!xgcp snmp sgcp!controller T1 0framing esfclock source line primarylinecode b8zspri-group timeslots 1-24!controller T1 1clock source line secondary 1!controller T1 2!controller T1 3!!voice-port 0:D!!dial-peer voice 1 potsapplication sessiondestination-pattern 5710877port 0:D!dial-peer voice 5 voipapplication sessionincoming called-number +1404.......session target settlement:0!dial-peer voice 2 potsdestination-pattern +255....port 0:Dprefix 255!! Enable roaming for this dialpeer!dial-peer voice 6 voiproamingdestination-pattern 1512.......session target settlement!dial-peer voice 7 potsdestination-pattern +1650.......port 0:Dprefix 1650!dial-peer voice 8 voipapplication sessionincoming called-number +1650.......session target settlement:0!dial-peer voice 3 voipapplication sessionincoming called-number +1408.......session target settlement:0!dial-peer voice 12 potsdestination-pattern 1404.......port 0:Dprefix 1404!dial-peer voice 13 potsdestination-pattern 1512.......port 0:Dprefix 1512!! User with account number matching 875.... is a roaming caller!settlement roam-pattern 875.... roam!! Enable roaming for this settlement provider using the "roaming" attribute!settlement 0type ospurl https://1.14.115.100:8443/device-id 2000customer-id 1000roamingno shutdown!!interface Ethernet0ip address 1.14.115.85 255.255.0.0no ip directed-broadcastno ip mroute-cacheno cdp enable!interface Serial0:23no ip addressno ip directed-broadcastdialer-group 1isdn switch-type primary-5essisdn protocol-emulate userisdn incoming-voice modemfair-queue 64 256 0no cdp enable!interface FastEthernet0no ip addressno ip directed-broadcastno ip mroute-cacheshutdownduplex autospeed autono cdp enable!router igrp 200network 1.0.0.0!ip default-gateway 1.14.0.1ip classlessip route 172.16.0.0 255.255.0.0 1.14.115.65no ip http server!no cdp run!!line con 0logging synchronoustransport input noneline aux 0line vty 0 4password lablogin!scheduler interval 1000endExample Configuration of Settlement with Multiple Roots
The following is the configuration file from the alice.cisco.com settlement server. The console output is displayed after executing the CLI commands show crypto ca roots, show crypto ca certificate, and show crypto key pub rsa. The router alice.cisco.com has been enrolled under VeriSign TestDerive CA. It has confided Netscape CMS as a trusted root. The Netscape CMS is installed on the server Ciscoca-ultra.
version 12.0service timestamps debug datetimeservice timestamps log datetimeno service password-encryptionservice internal!hostname as5300-04!enable secret 5 $1$Ld7z$CapnZCfz2kMSh8sMHh2hy0enable password lab1!!!resource-pool disable!!!!!ip subnet-zeroip domain-name fieldlabs.cisco.comip name-server 171.69.2.132!isdn switch-type primary-5essisdn voice-call-failure 0cns event-service servermta receive maximum-recipients 1024!!crypto cisco algorithm descrypto cisco algorithm des cfb-8crypto cisco algorithm 40-bit-des!! Configure the second root to be downloaded from tftp server!crypto ca trusted-root transnexus2root tftp 1.14.115.100 onsite_ca.der!crypto ca identity transnexusenrollment retry count 100enrollment retry period 2enrollment url http://hostnamecrypto ca certificate chain transnexuscertificate ca 01713082024C 308201B5 02020171 300D0609 2A864886 F70D0101 04050030 6E310B3009060355 04061302 55533110 300E0603 55040813 0747656F 72676961 3118301606035504 0A130F54 72616E73 4E657875 732C204C 4C433114 30120603 55040B130B446576 656C6F70 6D656E74 311D301B 06035504 03131454 52414E53 4E45585553204245 54412043 41203130 1E170D39 39303332 32313334 3630395A 170D303030333231 31333436 30395A30 6E310B30 09060355 04061302 55533110 300E060355040813 0747656F 72676961 31183016 06035504 0A130F54 72616E73 4E657875732C204C 4C433114 30120603 55040B13 0B446576 656C6F70 6D656E74 311D301B06035504 03131454 52414E53 4E455855 53204245 54412043 41203130 819F300D06092A86 4886F70D 01010105 0003818D 00308189 02818100 B1B8ACFC D78F0C950258D164 5B6BD8A4 6F5668BD 50E7524B 2339B670 DC306537 3E1E9381 DE2619B44698CD82 739CB251 91AF90A5 52736137 658DF200 FAFEFE6B 7FC7161D 89617E5E4584D67F F018EDAB 2858DDF9 5272F108 AB791A70 580F994B 4CA54F08 38C32DF5B44077E8 79830F95 96F1DA69 4CAE16F2 2879E07B 164F5F6D 02030100 01300D06092A8648 86F70D01 01040500 03818100 2FDCB580 C29E557C 52201151 A8DB5F47C06962D5 8FDA524E A69DE3EE C3FE166A D05C8B93 2844CD66 824A8859 974F22E046F69F7E 8027064F C19D28BC CA750E4E FF2DD68E 1AA9CA41 8BB89C68 7A61E9BF49CBE41E E3A42B16 AAEDAEC7 D3B4F676 4F1A817B A5B89ED8 F03A15B0 39A6EBB90AFA6968 17A9D381 FD62BBB7 A7D379E5quitcertificate B7DD210B9BFE007E41EEB177AF39F78C30820247 308201B0 A0030201 02021100 B7DD210B 9BFE007E 41EEB177 AF39F78C300D0609 2A864886 F70D0101 04050030 6E310B30 09060355 04061302 55533110300E0603 55040813 0747656F 72676961 31183016 06035504 0A130F54 72616E734E657875 732C204C 4C433114 30120603 55040B13 0B446576 656C6F70 6D656E74311D301B 06035504 03131454 52414E53 4E455855 53204245 54412043 412031301E170D39 39303430 36313833 3635325A 170D3030 30343036 31383336 35325A3081873181 84300F06 03550405 13083131 37363837 37353018 06092A86 4886F70D01090813 0B312E31 342E3131 352E3834 302A0609 2A864886 F70D0109 02161D6173353330 302D3034 2E666965 6C646C61 62732E63 6973636F 2E636F6D 302B060355040314 245B7472 616E736E 65787573 2E636F6D 20475749 443D3130 303020435349443D 31303030 5D305C30 0D06092A 864886F7 0D010101 0500034B 003048024100C82B 8E4CBD44 06C763FB 1DC1A78F 8D71F1DA 110EDAC3 C9AA6256 6E1BF15B79E48BEF 741D26CF DEBEACCC FA09D420 F54B76A1 F6CDCE33 02C8D9F7 5873E012AFC90203 010001A3 0F300D30 0B060355 1D0F0404 030205A0 300D0609 2A864886F70D0101 04050003 81810056 C05E1151 BE2D5515 624010AE 22F03D58 8BD9F2D3E037EBC8 376E321A 5C53D4C6 770CE32F CF1CB0F4 2FD44C0D CA8EE22C 2372EE64349FF062 137A6780 DC554F6A 3BA9F17C 85A7F390 D5B99E35 D7FBF927 75910E9E992C7052 54AE0887 ED1DEEA0 C6BCA9C4 49F3D98E 4835A5E2 0FD470B6 F6D727A88AA0F923 5D60985B F8DD19quitcrypto ca certificate root transnexus2 DB3882D37891B597970BF0F18B008F13308201F4 3082015D A0030201 02021100 DB3882D3 7891B597 970BF0F1 8B008F13300D0609 2A864886 F70D0101 04050030 15311330 11060355 040A130A 5472616E734E6578 7573301E 170D3939 30333138 30303030 30305A17 0D303930 3331383233353935 395A3015 31133011 06035504 0A130A54 72616E73 4E657875 7330819F300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100AB91 E2123C3FE83DE86A 3B8A18DF 750FB756 3034D692 2A363692 721F9E59 6CDB046F AAF9A2126B4B1033 9DDE94DB B132E768 085376EC 9EC7E2FD 0BB92B43 8FEC1243 35A33F8941390517 AF2D6D46 2FAAC116 8AE55865 C326C77A 3381C944 5BE107B1 E66CA111B3560313 A29A0081 201D84C5 FE24E452 6338C52C EFDE6B95 4A570203 010001A344304230 22060355 1D11041B 3019A417 30153113 30110603 55040313 0A4F6E7369746532 2D363230 0F060355 1D130408 30060101 FF020100 300B0603 551D0F0404030201 06300D06 092A8648 86F70D01 01040500 03818100 481E4F13 79EB3B5FD9BCEED9 9C756BF7 B42167B1 4DE11B8C 240D3446 5A14E2E1 A79D2454 1EA8410917EF6E8E 8AFD06C7 8209753B F760761C EC13A2D6 95348D69 4F73F0D5 9211DD950FE00D23 4583002A 242C769E 695FAFD4 EE12D014 580C5DFC F377F3FF F20F25D6831E4F2B 253DFA9C 8B3E00A8 002F03D7 BC0C19D8 7EA134A6quit!!xgcp snmp sgcp!controller T1 0framing esfclock source line primarylinecode b8zspri-group timeslots 1-24!controller T1 1clock source line secondary 1!controller T1 2!controller T1 3!!voice-port 0:D!!dial-peer voice 1 potsapplication sessiondestination-pattern 5710876port 0:D!dial-peer voice 7 voipdestination-pattern +255....session target settlement:0!dial-peer voice 13 potsdestination-pattern 1770.......port 0:Dprefix 1770!dial-peer voice 1770 voipincoming called-number 1770.......ip precedence 7session target settlement:0!dial-peer voice 1650 voipdestination-pattern +1650.......session target settlement:0!dial-peer voice 10 voipdestination-pattern 1408.......session target settlement!dial-peer voice 1404 voipdestination-pattern 1404.......session target settlement!dial-peer voice 1512 voipdestination-pattern 1512.......session target settlement!! Specify which root to use to validate the settlement token! via token-root-name attribute!settlement 0type ospurl https://1.14.115.100:8443/retry-delay 2device-id 1000customer-id 1000token-root-ca transnexus2no shutdown!!interface Ethernet0ip address 1.14.115.84 255.255.0.0no ip directed-broadcastno ip route-cacheno ip mroute-cacheno cdp enable!interface Serial0:23no ip addressno ip directed-broadcastdialer-group 1isdn switch-type primary-5essisdn protocol-emulate userisdn incoming-voice modemfair-queue 64 256 0no cdp enable!interface FastEthernet0no ip addressno ip directed-broadcastshutdownduplex autospeed autono cdp enable!router igrp 200network 1.0.0.0!ip default-gateway 1.14.0.1ip classlessno ip http server!no cdp run!!line con 0logging synchronoustransport input noneline aux 0line vty 0 4password lablogin!ntp clock-period 17180879ntp update-calendarntp server 1.14.42.23scheduler interval 1000endComprehensive Configuration Guidelines
This section contains a set of matrixes that describe exactly how settlement will proceed for various combinations of Cisco IOS command options, based on whether the caller is Roaming or not.
Settle-call and Session Target
There is a minor ambiguity between the session target settlement dial-peer command and the settle-call command. The following matrix describes whether settlement is enabled on a dial peer or not, based on various combinations of session targets and the settle-call command.
Note
Actions When Session Target is "Settlement"
Actions When Session Target is IP/DNS
Actions When Session Target is RAS with No Token
Note
The gateway needs a way to decide whether the GK has done settlement authorization or not. This is determined by checking to see whether the returned ACF contains a settlement token or not. This matrix applies to the case where no token is returned.
Actions When Session Target is RAS with Token
In these scenarios, the ACF returns a valid token, indicating that the call has already been authorized and routed by settlement.
Note
Actions When Receiving Inbound Calls
This matrix describes what happens when a incoming voip call is detected, based on whether the setup message contains a token or not.
Troubleshooting Tips
This section offers helpful hints and reminders users may need while resolving problems with their feature configuration.
Common Problems when Setting up Settlement
The following section is provided to assist in determining if your OSP network is set up correctly. The problems listed have been reported as the most common errors made when configuring settlement in a network.
Settlement Database Not Set Up Properly
Problem:
Calls are routed through a settlement server, but the OGW gets no response, or negative response.
Solution:
Check with settlement provider, make sure the router is properly registered with that provider. Router registration with settlement provider is normally done outside of OSP.
TCL/IVR Script Not Called
Problem::
TCL/IVR script is not used on the OGW or TGW.
Solution:
Configure a TCL/IVR script for the dial peer using application <session app name>.
Note
–
–
–
as5300-04#sho call app voi sumname descriptionsession Basic app to do DID, or supply dialtone.fax_hop_on Script to talk to a fax redialerclid_authen Authenticate with (ani, dnis)clid_authen_collect Authenticate with (ani, dnis), collect if that failsclid_authen_npw Authenticate with (ani, NULL)clid_authen_col_npw Authenticate with (ani, NULL), collect if that failsclid_col_npw_3 Authenticate with (ani, NULL), and 3 tries collectingclid_col_npw_npw Authenticate with (ani, NULL) and 3 tries without pwSESSION Default system session applicationNo "destination-pattern" Set
Problem:
The OGW inbound POTS dial peer has no "destination-pattern" set.
Solution:
Since some PBX does not pass along the calling number in the setup message, the router uses the "destination-pattern" number or "answer-address" as an alternative. Calling number is a required field for settlement.
No "session target settlement" Set On OGW
Problem:
The OGW outbound VoIP dial peer doesn't have "session target settlement".
The router could make successful calls, but not through a settlement server. Session target attribute dictates how the router resolves the TGW's address for a particular called number.
Solution:
Configure session target settlement [: provider-num].
No VoIP Inbound Dial Peer On TGW
Problem:
TGW has no VoIP inbound dial peer. The settlement token in the incoming setup message from the OGW can't be validated, the TGW rejects the call.
Solution:
Create an inbound dial peer with session target settlement [: provider-num].
No "application" Attribute on TGW
Problem:
TGW has an inbound dial peer configured, but with no "application" attribute, so the default session application, SESSION processes the call but it does not support settlement.
Solution:
The default application, SESSION does not support the settlement feature. Therefore, you must configure the application application name attribute in the inbound dial peer.
TGW Not In Sync With Settlement Server
Problem:
TGW clock is not in sync with the server. The TGW rejects the call because it's too soon or too late to use the settlement token in the incoming set-up message.
Solution:
Use ntp or clock set command to sync the clocks between the TGW and the settlement server.
Settlement Provider Not Running
Problem:
The settlement provider on the OGW or TGW is not up. No settlement transaction processing is allowed unless the provider is up.
Solution:
Bring up settlement using no shutdown command in Settlement submode. Use show settlement command to verify the provider status.
Router and Server Not Using SSL to Communicate
Problem:
Router can not use SSL to communicate with the server. Two possibilities:
•
Solution: Configure a secured URL using "https".
•
Solution: Check the certificate enrollment process for both the server and the router.
Multiple Dial Peers Have Random Order
Problem:
OGW has multiple dial peers for the same called number, and settlement is never used. The order for rotary dial peers is random, unless a preference is specified. The dial peer with lower preference is chosen first.
Solution:
Define dial peer preference using preference num command.
H.323 Setup Connection Timeout Workaround
Problem:
The OGW can not successfully setup a call with the first TGW that is returned from the OSP server. This occurs when a gateway attempts to setup the call with thee terminating gateways in the order they are received. If for some reason, the H.323 call setup is not successful, there is a 15 second timeout (by default, before the next terminating gateway on the list is contacted.
Solution:
The H.323 call setup timeout can be tuned using the Cisco IOS command "h225 timeout"
For example:
voice class h323 1h225 timeout tcp etablish <value 0 to 30 seconds>dial-peer voice 919 voipapplication sessiondestination-pattern 919555....voice-class codec 1voice-class h323 1session target settlementProblem Isolations
•
•
•
•
•
•
•
•
Command Reference
This section documents only the following new commands. The asterisk (*) indicates the commands developed for the second phase of the settlement feature introduced in Cisco IOS Release 12.1(1)T. All other commands for this feature are documented in the Cisco IOS Release 12.0(4)XH, 12.0(7)T and the Cisco IOS Release 12.1 command references.
•
•
•
•
connection-timeout
To configure the time in seconds that a connection is maintained after completing a communication exchange, enter the connection-timeout command in the settlement configuration mode. The router maintains the connection for this period in anticipation of future communication exchanges to the same server. Use the no form of this command to reset to the default value of this command.
connection timeout number
no connection timeout number
Syntax Description
Defaults
The default connection timeout is 3600 seconds (1 hour).
Command Modes
Settlement configuration
Command History
12.0(4)XH1
This command was introduced.
12.0(7)T
First released on the T train.
Examples
settlement 0connection timeout 3600
Related Commands
crypto ca authenticate
To authenticate the CA (by getting the CA's certificate), enter the crypto ca authenticate Global configuration command. Use the no form of this command to clear the CA authentication.
crypto ca authenticate identify-name | trust-point-name
no crypto ca authenticate identify-name
Syntax Description
identify-name
Specify the name of the CA. This is the same name used when the CA was declared with the crypto ca identity command.
trust-point-name
Specify the name of the
Defaults
There are no defaults for this command.
Command Modes
Global configuration
Command History
11.3 T
This command was introduced.
12.1(1)T
The option to authenticate the CA Root is introduced in Cisco IOS Release 12.1(1)T.
Usage Guidelines
This command is required when you initially configure CA support at your router.
This command authenticates the CA to your router by obtaining the CA's self-signed certificate contains the CA's public key. Because the CA signs its own certificate, you should manually authenticate the CA's public key by contacting the CA administrator when you perform this command.
If you are using RA mode (using the enrollment mode ra command) when you issue the crypto ca authenticate command, then RA signing and encryption certificates will be returned from the CA in addition to the CA certificate.
This command is not saved to the router configuration; however, the public keys embedded in the received CA (and RA) certificates are saved to the configuration as part of the RSA public key record (called the "RSA public key chain").
If the CA does not respond by a timeout period after this command is issued, the terminal control will be returned so it will not be tied up. If this happens, you must re-enter the command.
Examples
In this example, the router requests the CA's certificate. The CA sends its certificate and the router prompts the administrator to verify the CA's certificate by checking the CA certificate's fingerprint. The CA administrator can also view the CA certificate's fingerprint, so you should compare what the CA administrator sees to what the router displays on the screen. If the fingerprint on the router's screen matches the fingerprint viewed by the CA administrator, you should accept the certificate as valid.
Router# crypto ca authenticate mycaCertificate has the following attributes:Fingerprint: 0123 4567 89AB CDEF 0123Do you accept this certificate? [yes/no] yrouter#This example displays the usage of the command with ca root identity.
!Root CA identitycrypto ca trusted-root my_root_identityroot CEP http://my_root..exitRelated Commands
crypto ca trusted-root
To configure a root with a selected name use the crypto ca trusted-root Global configuration command. Use the no form of this command to reset to the default value of this command.
crypto ca trusted-root identity
no crypto ca trusted-root ident
Syntax Description
Defaults
No default behavior or values.
Command Modes
Global configuration
Command History
Usage Guidelines
The root which signs the OSP settlement tokens can be set as a private root. Performing this command allows you to enter additional conditions:
•
•
•
Examples
!Root CA identity
crypto ca trusted-root my_root_identityroot CEP http://my_root
..exitRelated Commands
Authenticates the CA (by getting the CA's certificate).
crypto ca identity
Declares the CA your router should use.
Shows the roots confided in the router.
customer-id
To identify a carrier or ISP with a settlement provider, enter the customer-id command in the settlement configuration mode. This is an optional attribute. Use the no form of this command to reset to the default value of this command.
customer-id number
no customer-id number
Syntax Description
Defaults
The default customer ID is 0.
Command Modes
Settlement configuration
Command History
Examples
settlement 0custom id 1000Related Commands
device-id
To identify a gateway associated with a settlement provider, enter the device-id command in the settlement configuration mode. This is an optional attribute. Use the no form of this command to reset to the default value of this command.
device-id number
no device-id number
Syntax Description
Defaults
The default device ID is 0.
Command Modes
Settlement configuration
Command History
Examples
settlement 0device-id 1000Related Commands
encryption
To set the algorithm to be negotiated with the provider, enter the encryption command in the Settlement configuration mode. For Cisco IOS Release 12.0(4)XH, only one encryption method is allowed for each provider. Use the no form of this command to reset to the default value of this command.
encryption {des-cbc-sha | des40-cbc-sha | dh-des-cbc-sha | dh-des40-cbc-sha | null-md5 | null-sha}
no encryption {des-cbc-sha | des40-cbc-sha | dh-des-cbc-sha | dh-des40-cbc-sha | null-md5 | null-sha}
Syntax Description
Defaults
The default encryption method is all. If none of the encryption methods are configured, then the system configures to use all of the encryption methods in the SSL session negotiation.
Command Modes
Settlement configuration
Command History
Examples
settlement 0encryption des-cbc-shaRelated Commands
max-connection
To set the maximum number of simultaneous connections to be used for communication with a settlement provider, enter the max-connection command in the Settlement configuration mode. Use the no form of this command to reset to the default value of this command.
max-connection number
no max-connection number
Syntax Description
Defaults
The default is 10 maximum connections.
Command Modes
Settlement configuration
Command History
Examples
settlement 0max-connections 10Related Commands
response-timeout
To configure the maximum time, in milliseconds, to wait for a response from a server, enter the response-timeout command in the Settlement configuration mode. If no response is received within this time limit, the current connection ends and the router attempts to contact the next service point. Use the no form of this command to reset to the default value of this command.
response-timeout number
no response-timeout number
Syntax Description
Defaults
The default response timeout is one (1) second.
Command Modes
Settlement configuration
Command History
Examples
settlement 0response-timeout 1Related Commands
retry-delay
To set the time in seconds between attempts to connect with the settlement provider, enter the retry-delay command in the Settlement configuration mode. After exhausting all service points for the provider, the router is delayed for this length of time before resuming connection attempts. Use the no form of this command to reset to the default value of this command.
retry-delay number
no retry-delay number
Syntax Description
number
Length of time (in seconds) between attempts to connect with the settlement provider. The valid range for retry-delay is 1-600 seconds.
Defaults
The default retry delay is 2 seconds.
Command Modes
Settlement configuration
Command History
Examples
settlement 0relay-delay 15Related Commands
retry-limit
To set the maximum number of connection attempts to the provider, enter the retry-limit command in the Settlement configuration mode. If no connection is established after the configured retries, the router ceases connection attempts. The retry limit number does not count the initial connection attempt. A retry limit of one (default) results in a total of two connection attempts to every service point. Use the no form of this command to reset to the default value of this command.
retry-limit number
no retry-limit number
Syntax Description
Defaults
The default retry limit is one (1) retry.
Command Modes
Settlement configuration
Command History
Examples
settlement 0relay-limit 1Related Commands
roaming (dial-peer mode)
To enable the roaming capability for the dial peer, enter the roaming command in the Dial-peer submode. Use the no form of this command to disable the roaming capability.
roaming
no roaming
Defaults
Roaming is off by default.
Command Modes
Dial-peer configuration
Command History
Usage Guidelines
•
•
•
•
Examples
dial-peer voice 10 voiproamingRelated Commands
roaming (settlement mode)
To enable the roaming capability for a settlement provider, enter the roaming command in the Settlement submode. Use the no form of this command to disable the roaming capability.
roaming
no roaming
Defaults
No roaming
Command Modes
Settlement configuration
Command History
Usage Guidelines
Enable roaming capability of a settlement provider if that provider can authenticate a roaming user and route roaming calls.
A roaming call is successful only if both the settlement provider and the outbound dial peer for that call are both roaming-enabled.
Examples
settlement 0roamingRelated Commands
session target (VoIP)
To specify a network-specific address for a specified dial peer, use the session target command in dial-peer configuration mode. To restore default values for this parameter, use the no form of this command.
Note
session target {ipv4:destination-address | dns:[$s$. | $d$. | $e$. | $u$.] host-name | loopback:rtp | loopback:compressed | loopback:uncompressed | ras | settlement}
no session target {ipv4:destination-address | dns:[$s$. | $d$. | $e$. | $u$.] host-name | loopback:rtp | loopback:compressed | loopback:uncompressed | ras | settlement}
Syntax Description
Defaults
The default for this command is enabled with no IP address or domain name defined.
Command Modes
Dial-peer configuration
Command History
Usage Guidelines
•
•
•
•
•
•
Examples
The following example configures a session target using DNS for a host, "voice_router," in the domain "cisco.com":
dial-peer voice 10 voipsession target dns:voice_router.cisco.comThe following example configures a session target using DNS, with the optional $u$. wildcard. In this example, the destination pattern has been configured to allow for any four-digit extension, beginning with the numbers 1310222. The optional wildcard $u$. indicates that the router will use the unmatched portion of the dialed number—in this case, the four-digit extension, to identify the dial peer. As in the previous example, the domain is "cisco.com."
dial-peer voice 10 voipdestination-pattern 1310222....session target dns:$u$.cisco.comThe following example configures a session target using dns, with the optional $d$. wildcard. In this example, the destination pattern has been configured for 13102221111. The optional wildcard $d$. indicates that the router will use the destination pattern to identify the dial peer in the "cisco.com" domain.
dial-peer voice 10 voipdestination-pattern 13102221111session target dns:$d$.cisco.comThe following example configures a session target using DNS, with the optional $e$. wildcard. In this example, the destination pattern has been configured for 12345. The optional wildcard $e$. indicates that the router will reverse the digits in the destination pattern, add periods between the digits, and then use this reverse-exploded destination pattern to identify the dial peer in the "cisco.com" domain.
dial-peer voice 10 voipdestination-pattern 12345session target dns:$e$.cisco.comThe following example configures a session target using RAS:
dial-peer voice 11 voipdestination-pattern 13102221111session target rasThe following example configures a session target using settlement:
session target settlement:0Related Commands
session-timeout
To configure the lifetime, in seconds, of a single SSL session key, enter the session-timeout command in the Settlement configuration mode. When this time limit is exceeded, the router negotiates a new session key. Communication exchanges in progress are not interrupted when this time limit expires. Use the no form of this command to reset to the default value of this command.
session-timeout number
no session-timeout number
Syntax Description
Defaults
The default session timeout is 86,400 seconds (one day).
Command Modes
Settlement configuration
Command History
Examples
settlement 0session timeout 86400Related Commands
settle-call
To force a call to be authorized with a settlement server that uses the address resolution method specified in the session target type command, enter the settle-call attribute in the dial peer configuration command. Use the no form of this command to have the terminating gateway address resolved by the method specified in the session target type command, no authorization will be performed by a settlement server.
settle-call [<provider-number>]
no settle-call [<provider-number>]
Syntax Description
Defaults
No default behavior or values.
Command Modes
Dial-peer sub-mode
Command History
Usage Guidelines
•
•
•
Examples
dial-peer voice 10 voipdestination-pattern 1408.......session target ipv4:172.22.95.14settle-call 0Related Commands
settlement
To enter the Settlement mode and specify the attributes specific to a settlement provider, enter the settlement global configuration command. For Cisco IOS Release 12.0(4)XH, only one clearinghouse per system is allowed, and the only valid value for provider-number is 0. Use the no form of this command to reset to the default value of this command.
settlement provider-number
no settlement provider-number
Syntax Description
Defaults
The default is 0.
Command Modes
Global configuration
Command History
Examples
settlement 0Related Commands
settlement roam-pattern
To configure a pattern to match against when determining if a user is roaming or not, enter the settlement roam-pattern Global configuration command. Multiple "roam-patterns" could be entered on one gateway. Use the no form of this command to delete a particular pattern.
settlement [<provider-number>] roam-pattern pattern {roaming|noroaming}
no settlement [<provider-number>] roam-pattern pattern {roaming|noroaming}
Syntax Description
provider-number
Digit defining the ID of particular settlement server. The only valid entry is 0.
pattern
Specify a user account pattern.
roaming|noroaming
Determines if user is roaming or not.
Defaults
No default pattern
Command Modes
Global configuration mode.
Command History
Examples
settlement 0 roam-pattern 1222 roamsettlement 0 roam-pattern 1333 noroamsettlement roam-pattern 1444 roamsettlement roam-pattern 1555 noroamRelated Commands
Enables the roaming capability for a settlement provider.
Enters the Settlement configuration mode.
show crypto ca roots
To show the roots confided in the router, enter the show crypto ca roots command.
show crypto ca roots
Defaults
No default behavior or values.
Command Modes
Privileged EXEC
Command History
Examples
The example that follows is the configuration file from alice.cisco.com, and the console output after executing the CLI command show crypto ca roots, show crypto ca cert, and show crypto key pub rsa. The router alice.cisco.com has been enrolled under VeriSign TestDerive CA. It has confided Netscape CMS as a trusted root. The Netscape CMS is installed on the server Ciscoca-ultra.
version 12.0no service timestamps debug uptimeno service timestamps log uptimeno service password-encryptionservice udp-small-serversservice tcp-small-servers!hostname alice!hostname#hostname#show crypto ca rootsRoot netscape:Subject Name:CN = Certificate ManagerOU = On 07/01O = ciscoC = USSerial Number: 01Certificate configured.Root identity: netscapeCEP URL: http://cisco-ultraCRL query url: ldap://cisco-ultrahostname#Related Commands
Authenticates the CA (by getting the CA's certificate).
Configures the root certificate the server uses to sign the settlement tokens.
show settlement
To display the configuration for all settlement servers see the specific provider and transactions, enter the show settlement privileged EXEC command. Use the no form of this command to reset to the default value of this command.
show settlement [<provider-number> [transactions]]
no show settlement [<provider-number> [transactions]]
Syntax Description
provider number
Displays the attributes of a specific provider.
transactions
Displays the transaction status of a specific provider.
Defaults
None
Command Modes
Privileged EXEC
Command History
Usage Guidelines
See Table 7 "Show Settlement Output" for a description of the fields that appear with the show settlement command.
The provider attributes not configured are not shown.
Examples
Router# show settlementSettlement Provider 0Type = ospAddress url = https://1.14.115.100:6556/Encryption = all (default)Max Concurrent Connections = 20 (default)Connection Timeout = 3600 (s) (default)Response Timeout = 1 (s) (default)Retry Delay = 2 (s) (default)Retry Limit = 1 (default)Session Timeout = 86400 (s) (default)Customer Id = 1000Device Id = 1000Roaming = Disabled (default)Signed Token = onNumber of Connections = 0Number of Transactions = 7Example Output with Key Words
Router# show settlement 0 transactionsTransaction ID=8796304133625270342state=OSPC_GET_DEST_SUCCESS, index=0callingNumber=5710868, calledNumber=15125551212Example Settlement Output with Token Root Name
Router# show settlementSettlement Provider 0Operation Status = UPType = ospAddress url = https://1.14.115.100:xxxx/Encryption = all (default)Token Root Name = transnexus2Max Concurrent Connections = 20 (default)Connection Timeout = 3600 (s) (default)Response Timeout = 1 (s) (default)Retry Delay = 2 (s)Retry Limit = 1 (default)Session Timeout = 86400 (s) (default)Customer Id = 1000Device Id = 1000Roaming = Disabled (default)Signed Token = OnNumber of Connections = 0Number of Transactions = 0Related Commands
shutdown/no shutdown
To activate a settlement provider, enter the no shutdown command in the Settlement configuration mode. To deactivate the settlement provider, enter the shutdown command. Otherwise, transactions will not go through the provider to be audited and charged.
shutdown
no shutdown
Defaults
The default status of a settlement provider is deactivated.
Command Modes
Settlement configuration
Command History
Examples
settlement 0shutdownRelated Commands
token-root-name
To specify which root or CA certificate the router should use to validate the settlement token in the incoming setup message, enter the token-root-name command. Use the no form of this command to reset to the default value of this command.
token-root-name name
no token-root-name name
Syntax Description
name
Specify the name that is the certificate identification as configured through the crypto ca identity <name> command or crypto ca trusted-root <name> command.
Defaults
None. The terminating gateway uses the CA certificate to validate the settlement token.
Command Modes
Settlement configuration
Command History
Examples
token-root-name fooExample Output
There is new output for the show settlement command to display the value of the token-root-name attribute:
Settlement Provider 0Operation Status = UPType = ospAddress url = https://1.14.115.100:8444/Encryption = all (default)Token Root Name = fooMax Concurrent Connections = 20 (default)Connection Timeout = 3600 (s) (default)Response Timeout = 1 (s) (default)Retry Delay = 2 (s) (default)Retry Limit = 1 (default)Session Timeout = 86400 (s) (default)Customer Id = 1000Device Id = 2000Roaming = Disabled (default)Signed Token = OnNumber of Connections = 1Number of Transactions = 0Related Commands
type
To point to the provider type and the specific settlement server, enter the type command in the Settlement configuration mode. This command line defines the settlement server that is doing the accounting, and enables the server to do the accounting. In Cisco IOS Release 12.0(4)XH, osp is the only settlement server type supported. Use the no form of this command to disable this command.
type {osp}
no type
Syntax Description
Defaults
The default is osp.
Command Modes
Settlement configuration
Command History
Examples
settlement 0type ospRelated Commands
url
To configure the Internet service provider (ISP) address, enter the url command in the Settlement configuration mode. You can configure the address type multiple times. If you configure multiple URLs for the settlement server, the gateway attempts to send the request to each URL in the order that you configured these addresses. Use the no form of this command to disable this command.
url url-address
no url url-address
Syntax Description
Defaults
None
Command Modes
Settlement configuration
Command History
Examples
settlement 0url http://1.2.3.4/url http://1.2.3.4:80/url https://1.2.3.4:4444/url https://yourcompany.com:443/Related Commands
Debug Commands
This section documents new and modified debug commands associated with the settlement feature. All other commands used with this feature are documented in the Cisco Release 12.0 command references. All debug commands are EXEC commands.
•
•
•
•
debug voip ivr settlement
The debug voip ivr command is used to debug the IVR application. IVR debug messages appear when a call is being actively handled by the IVR scripts. Error outputs only occurs if something is not working or an error condition has been raised. The output when the keyword states is used, supplies information about the current status of the IVR script and the different events, that occur in that state. This document, for Cisco IOS Release 12.0(4)XH shows the debug voip ivr settlement command using the output for the keyword settlement only. Use the no form of this command to disable this command.
Note
debug voip ivr [states | error | settlement | dynamic| all]
no debug voip ivr [states | error | settlement | dynamic| all]
Syntax Description
Defaults
Not enabled
Usage Guidelines
IVR debug messages appear when a call is handled by the IVR scripts. Error output should only occur if something is not working or an error condition is indicated. States output supplies information about the current status of the IVR script and the different events that occur in that state.
Settlement output logs activities related to settlement when a call is processed.
Command History
Examples
Example On the Originating Gateway
Router # debug voip ivr settlementivr settlement activities debugging is onas5300-04#00:00:52:settlement_validate_token:cid(1), target=, tokenp=0x000:00:54:pcSettlementAuthorize:cid(1) authorizing using calling=408,called=1512555121200:00:54:pcSettlementAuthorize:cid(1) sending authorize request type=100:00:57:pcSettlementSetup:cid(1) settlement_curr_dest=0, num_dest=300:00:57:pcSettlementGetDestination:trans=0 gets error=0,credit_time=1440000:00:57:pcSettlementSetup:cid(1) placing call throughip(1.14.115.85), calling(408),called(15125551212), digits(15125551212)00:00:57:pcSettlementSetup:set settlement acct for cid(2) onip=1.14.115.85as5300-04#Example On the Terminating Gateway
Router # debug voip ivr settlementivr settlement activities debugging is onas5300-05#00:10:02:settlement_validate_token:cid(1), target=settlement,tokenp=0x618386B400:10:02:settlement_validate_token:cid(1) return 1, credit_time=1440000:10:02:Set settlement acct on cid(1) for trans=0, prov=0as5300-05#debug voip settlement all
To enable debugging in all settlement areas, enter the debug voip settlement all EXEC command. Use the no form of this command to disable debugging output.
[no] debug voip settlement all
Syntax Description
Defaults
Not enabled
Command History
Usage Guidelines
The debug voip settlement all EXEC command enables the following debug settlement commands:
•
•
•
•
debug voip settlement enter
To show all the settlement function entrances, enter the debug voip settlement enter command. Use the no form of this command to disable debugging output.
[no] debug voip settlement enter
Defaults
Not enabled.
Command History
Examples
00:43:40:OSP:ENTER:OSPPMimeMessageCreate()00:43:40:OSP:ENTER:OSPPMimeMessageInit()00:43:40:OSP:ENTER:OSPPMimeMessageSetContentAndLength()00:43:40:OSP:ENTER:OSPPMimeMessageBuild()00:43:40:OSP:ENTER:OSPPMimeDataFree()00:43:40:OSP:ENTER:OSPPMimePartFree()00:43:40:OSP:ENTER:OSPPMimePartFree()00:43:40:OSP:ENTER:OSPPMsgInfoAssignRequestMsg()00:43:40:OSP:ENTER:osppHttpSelectConnection00:43:40:OSP:ENTER:OSPPSockCheckServicePoint() ospvConnected = <1>00:43:40:OSP:ENTER:OSPPSockWaitTillReady()00:43:40:OSP:ENTER:osppHttpBuildMsg()00:43:40:OSP:ENTER:OSPPSSLSessionWrite()00:43:40:OSP:ENTER:OSPPSockWrite()00:43:40:OSP:ENTER:OSPPSockWaitTillReady()debug voip settlement error
To show all the settlement errors, enter the debug voip settlement error command. Use the no form of this command to disable debugging output.
[no] debug voip settlement error
Defaults
Not enabled
Command History
Examples
00:45:50:OSP:OSPPSockProcessRequest:http recv init header failed00:45:50:OSP:osppHttpSetupAndMonitor:attempt#0 on http=0x6141A514, limit=1 error=14310Usage Guidelines
See "Error Code Definitions" section.
Error Code Definitions
-1:OSP internal software error.16:A bad service was chosen.17:An invalid parameter was passed to OSP.9010:Attempted to access an invalid pointer.9020:A time related error occurred.10010:OSP provider module failed initialization.10020:OSP provider tried to access a NULL pointer.10030:OSP provider could not fine transaction collection.10040:OSP provider failed to obtain provider space.10050:OSP provider tried to access an invalid handle.10060:OSP provider has reached the maximum number of providers.11010:OSP transaction tried to delete a transaction which was not allowed.11020:OSP transaction tried a transaction which does not exist.11030:OSP transaction tried to start a transaction, but data had already been delivered.11040:OSP transaction could not identify the response given.11050:OSP transaction failed to obtain transaction space.11060:OSP transaction failed (possibly ran out) to allocate memory.11070:OSP transaction tried to perform a transaction which is not allowed.11080:OSP transaction found no more responses.11090:OSP transaction could not find a specified value.11100:OSP transaction did not have enough space to copy.11110:OSP transaction - call id did not match destination.11120:OSP transaction encountered an invalid entry.11130:OSP transaction tried to use a token too soon.11140:OSP transaction tried to use a token too late.11150:OSP transaction - source is invalid.11160:OSP transaction - destination is invalid.11170:OSP transaction - calling number is invalid.11180:OSP transaction - called number is invalid.11190:OSP transaction - call id is invalid.11200:OSP transaction - authentication id is invalid.11210:OSP transaction - call id was not found11220:OSP transaction - The IDS of the called number was invalid.11230:OSP transaction - function not implemented.11240:OSP transaction tried to access an invalid handle.11250:OSP transaction returned an invalid return code.11260:OSP transaction reported an invalid status code.11270:OSP transaction encountered an invalid token.11280:OSP transaction reported a status which could not be identified.11290:OSP transaction in now valid after it was not found.11300:OSP transaction could not find the specified destination.11310:OSP transaction is valid until not found.11320:OSP transaction - invalid signaling address.11330:OSP transaction could not find the ID of the transmitter.11340:OSP transaction could not find the source number.11350:OSP transaction could not find the destination number.11360:OSP transaction could not find the token.11370:OSP transaction could not find the list.11380:OSP transaction was not allowed to accumulate.11390:OSP transaction - transaction usage was already reported.11400:OSP transaction could not find statistics.11410:OSP transaction failed to create new statistics.11420:OSP transaction made an invalid calculation.11430:OSP transaction was not allowed to get the destination.11440:OSP transaction could not fine the authorization request.11450:OSP transaction - invalid transmitter ID.11460:OSP transaction could not find any data.11470:OSP transaction found no new authorization requests.12010:OSP security did not have enough space to copy.12020:OSP security received and invalid argument.12030:OSP security could not find the private key.12040:OSP security encountered an un-implemented function.12050:OSP security ran out of memory.12060:OSP security received an invalid signal.12065:OSP security could not initialize the SSL database.12070:OSP security could not find space for the certificate.12080:OSP security has no local certificate info defined.12090:OSP security encountered a zero length certificate.12100:OSP security encountered a certificate that is too big.12110:OSP security encountered an invalid certificate.12120:OSP security encountered a NULL certificate.12130:OSP security has too many certificates.12140:OSP security has no storage provided.12150:OSP security has no private key.12160:OSP security encountered an invalid context.12170:OSP security was unable to allocate space.12180:OSP security - CA certificates do not match.12190:OSP security found no authority certificates12200:OSP security - CA certificate index overflow.13010:OSP error message - failed to allocate memory.13110:OSP MIME error - buffer is too small.13115:OSP MIME error - failed to allocate memory.13120:OSP MIME error - could not find variable.13125:OSP MIME error - no input was found.13130:OSP MIME error - invalid argument.13135:OSP MIME error - no more space.13140:OSP MIME error - received an invalid type.13145:OSP MIME error - received an invalid subtype.13150:OSP MIME error - could not find the specified protocol.13155:OSP MIME error - could not find MICALG.13160:OSP MIME error - boundary was not found.13165:OSP MIME error - content type was not found.13170:OSP MIME error - message parts were not found.13301:OSP XML error - received incomplete XML data.13302:OSP XML error - bad encoding of XML data.13303:OSP XML error - bad entity in XML data.13304:OSP XML error - bad name in XML data.13305:OSP XML error - bad tag in XML data.13306:OSP XML error - bad attribute in XML data.13307:OSP XML error - bad CID encoding in XML data.13308:OSP XML error - bad element found in XML data.13309:OSP XML error - no element found in XML data.13310:OSP XML error - no attribute found in XML data.13311:OSP XML error - OSP received invalid arguments.13312:OSP XML error - failed to create a new buffer.13313:OSP XML error - failed to get the size of a buffer.13314:OSP XML error - failed to send the buffer.13315:OSP XML error - failed to read a block from the buffer.13316:OSP XML error - failed to allocate memory.13317:OSP XML error - could not find the parent.13318:OSP XML error - could not find the child.13319:OSP XML error - data type not found in XML data.13320:OSP XML error - failed to write a clock to the buffer.13410:OSP data error - no call id preset.13415:OSP data error - no token present.13420:OSP data error - bad number presented.13425:OSP data error - no destination found.13430:OSP data error - no usage indicator present.13435:OSP data error - no status present.13440:OSP data error - no usage configured.13445:OSP data error - no authentication indicator.13450:OSP data error - no authentication request.13455:OSP data error - no authentication response.13460:OSP data error - no authentication configuration.13465:OSP data error - no re-authentication request.13470:OSP data error - no re-authentication response.13475:OSP data error - invalid data type present.13480:OSP data error - no usage information available.13485:OSP data error - no token info present.13490:OSP data error - invalid data present.13500:OSP data error - no alternative info present.13510:OSP data error - no statistics available.13520:OSP data error - no delay present.13610:OSP certificate error - memory allocation failed.14010:OSP communications error - invalid communication size.14020:OSP communications error - bad communication value.14030:OSP communications error - parser error.14040:OSP communications error - no more memory available.14050:OSP communications error - communication channel currently in use.14060:OSP communications error - invalid argument passed.14070:OSP communications error - no service points present.14080:OSP communications error - no service points available.14085:OSP communications error - thread initialization failed.14086:OSP communications error - communications is shutdown.14110:OSP message queue error - no more memory available.14120:OSP message queue error - failed to add a request.14130:OSP message queue error - no event queue present.14140:OSP message queue error - invalid arguments passed.14210:OSP HTTP error - 100 - bad header.14220:OSP HTTP error - 200 - bad header.14221:OSP HTTP error - 400 - bad request.14222:OSP HTTP error - bas service port present.14223:OSP HTTP error - failed to add a request.14230:OSP HTTP error - invalid queue present.14240:OSP HTTP error - bad message received.14250:OSP HTTP error - invalid argument passed.14260:OSP HTTP error - memory allocation failed.14270:OSP HTTP error - failed to create a new connection.14280:OSP HTTP error - server error.14290:OSP HTTP error - HTTP server is shutdown.14292:OSP HTTP error - failed to create a new SSL connection.14295:OSP HTTP error - failed to create a new SSL context.14297:OSP HTTP error - service unavailable.14300:OSP socket error - socket select failed.14310:OSP socket error - socket receive failed.14315:OSP socket error - socket send failed.14320:OSP socket error - failed to allocate memory for the receive buffer.14320:OSP socket error - socket reset.14330:OSP socket error - failed to create the socket.14340:OSP socket error - failed to close the socket.14350:OSP socket error - failed to connect the socket.14360:OSP socket error - failed to block I/O on the socket.14370:OSP socket error - failed to disable nagle on the socket.14400:OSP SSL error - failed to allocate memory.14410:OSP SSL error - failed to initialize the context.14420:OSP SSL error - failed to retrieve the version.14430:OSP SSL error - failed to initialize the session.14440:OSP SSL error - failed to attach the socket.14450:OSP SSL error - handshake failed.14460:OSP SSL error - failed to close SSL.14470:OSP SSL error - failed to read from SSL.14480:OSP SSL error - failed to write to SSL.14490:OSP SSL error - could not get certificate.14495:OSP SSL error - no root certificate found.14496:OSP SSL error - failed to set the private key.14497:OSP SSL error - failed to parse the private key.14498:OSP SSL error - failed to add certificates.14499:OSP SSL error - failed to add DN.15410:OSP utility error - not enough space for copy.15420:OSP utility error - no time stamp has been created.15430:OSP utility error - value not found.15440:OSP utility error - failed to allocate memory.15450:OSP utility error - invalid argument passed.15500:OSP buffer error - buffer is empty.15510:OSP buffer error - buffer is incomplete.15980:OSP POW error.15990:OSP Operating system conditional variable timeout.16010:OSP X509 error - serial number undefined.16020:OSP X509 error - certificate undefined.16030:OSP X509 error - invalid context.16040:OSP X509 error - decoding error.16050:OSP X509 error - unable to allocate space.16060:OSP X509 error - invalid data present.16070:OSP X509 error - certificate has expired.16080:OSP X509 error - certificate not found.17010:OSP PKCS1 error - tried to access invalid private key pointer17020:OSP PKCS1 error - unable to allocate space.17030:OSP PKCS1 error - invalid context found.17040:OSP PKCS1 error - tried to access NULL pointer.17050:OSP PKCS1 error - private key overflow.18010:OSP PKCS7 error - signer missing.18020:OSP PKCS7 error - invalid signature found.18020:OSP PKCS7 error - unable to allocate space.18030:OSP PKCS7 error - encoding error.18040:OSP PKCS7 error - tried to access invalid pointer.18050:OSP PKCS7 error - buffer overflow.19010:OSP ASN1 error - tried to access NULL pointer.19020:OSP ASN1 error - invalid element tag found.19030:OSP ASN1 error - unexpected high tag found.19040:OSP ASN1 error - invalid primitive tag found.19050:OSP ASN1 error - unable to allocate space.19060:OSP ASN1 error - invalid context found.19070:OSP ASN1 error - invalid time found.19080:OSP ASN1 error - parser error occurred.19090:OSP ASN1 error - parsing complete.19100:OSP ASN1 error - parsing defaulted.19110:OSP ASN1 error - length overflow.19120:OSP ASN1 error - unsupported tag found.19130:OSP ASN1 error - object ID not found.19140:OSP ASN1 error - object ID mismatch.19150:OSP ASN1 error - unexpected int base.19160:OSP ASN1 error - buffer overflow.19170:OSP ASN1 error - invalid data reference ID found.19180:OSP ASN1 error - no content value for element found.19190:OSP ASN1 error - integer overflow.20010:OSP Crypto error - invalid parameters found.20020:OSP Crypto error - unable to allocate space.20030:OSP Crypto error - could not verify signature.20040:OSP Crypto error - implementation specific error.20050:OSP Crypto error - tried to access invalid pointer.20060:OSP Crypto error - not enough space to perform operation.21010:OSP PKCS8 error - invalid private key pointer found.21020:OSP PKCS8 error - unable to allocate space for operation.21030:OSP PKCS8 error - invalid context found.21040:OSP PKCS8 error - tried to access NULL pointer.21050:OSP PKCS8 error - private key overflow.22010:OSP Base 64 error - encode failed.22020:OSP Base 64 error - decode failed.22510:OSP audit error - failed to allocate memory.156010:OSP RSN failure error - no data present.156020:OSP RSN failure error - data is invalid.debug voip settlement exit
To show all the settlement function exits, enter the debug voip settlement exit command. Use the no form of this command to disable debugging output.
[no] debug voip settlement exit
Defaults
Not enabled
Command History
Examples
01:21:10:OSP:EXIT :OSPPMimeMessageInit()01:21:10:OSP:EXIT :OSPPMimeMessageSetContentAndLength()01:21:10:OSP:EXIT :OSPPMimeMessageBuild()01:21:10:OSP:EXIT :OSPPMimePartFree()01:21:10:OSP:EXIT :OSPPMimePartFree()01:21:10:OSP:EXIT :OSPPMimeDataFree()01:21:10:OSP:EXIT :OSPPMimeMessageCreate()01:21:10:OSP:EXIT :OSPPMsgInfoAssignRequestMsg()01:21:10:OSP:EXIT :osppHttpSelectConnection01:21:10:OSP:EXIT :OSPPSockCheckServicePoint() isconnected(1)01:21:10:OSP:EXIT :osppHttpBuildMsg()01:21:10:OSP:EXIT :OSPPSockWrite() (0)01:21:10:OSP:EXIT :OSPPSSLSessionWrite() (0)01:21:10:OSP:EXIT :OSPPSSLSessionRead() (0)01:21:10:OSP:EXIT :OSPPSSLSessionRead() (0)01:21:10:OSP:EXIT :OSPPHttpParseHeader01:21:10:OSP:EXIT :OSPPHttpParseHeader01:21:10:OSP:EXIT :OSPPSSLSessionRead() (0)01:21:10:OSP:EXIT :OSPPUtilMemCaseCmp()debug voip settlement misc
To show the details on the code flow of each settlement transaction, enter the debug voip settlement misc command. Use the no form of this command to disable debugging output.
[no] debug voip settlement misc
Defaults
Not enabled
Command History
Examples
00:52:03:OSP:osp_authorize:callp=0x6142770C00:52:03:OSP:OSPPTransactionRequestNew:ospvTrans=0x614278A800:52:03:OSP:osppCommMonitor:major:minor=(0x2:0x1)00:52:03:OSP:HTTP connection:reused00:52:03:OSP:osppHttpSetupAndMonitor:HTTP=0x6141A514, QUEUE_EVENT from eventQ=0x6141A87C, comm=0x613F16C4, msginfo=0x6142792C00:52:03:OSP:osppHttpSetupAndMonitor:connected = <TRUE>00:52:03:OSP:osppHttpSetupAndMonitor:HTTP=0x6141A514, build msginfo=0x6142792C, trans=0x200:52:04:OSP:osppHttpSetupAndMonitor:HTTP=0x6141A514, msg built and sent:error=0, msginfo=0x6142792C00:52:04:OSP:osppHttpSetupAndMonitor:monitor exit. errorcode=000:52:04:OSP:osppHttpSetupAndMonitor:msginfo=0x6142792C, error=0, shutdown=000:52:04:OSP:OSPPMsgInfoProcessResponse:msginfo=0x6142792C, err=0, trans=0x614278A8, handle=200:52:04:OSP:OSPPMsgInfoChangeState:transp=0x614278A8, msgtype=12 current state=200:52:04:OSP:OSPPMsgInfoChangeState:transp=0x614278A8, new state=400:52:04:OSP:OSPPMsgInfoProcessResponse:msginfo=0x6142792C, context=0x6142770C, error=000:52:04:OSP:osp_get_destination:trans_handle=2, get_first=1, callinfop=0x614275E000:52:04:OSP:osp_get_destination:callinfop=0x614275E0 get dest=1.14.115.51, validafter=1999-01-20T02:04:32Z, validuntil=1999-01-20T02:14:32Z00:52:04:OSP:osp_parse_destination:dest=1.14.115.5100:52:04:OSP:osp_get_destination:callinfop=0x614275E0, error=0, ip_addr=1.14.115.51, credit=6000:52:06:OSP:stop_settlement_ccapi_accounting:send report for callid=0x11, transhandle=200:52:06:OSP:osp_report_usage:transaction=2, duration=0, lostpkts=0, lostfrs=0, lostpktr=0, lostfrr=0debug voip settlement network
To show all the messages exchanged between a router and a settlement provider, enter the debug voip settlement network command. Use the no form of this command to disable debugging output.
[no] debug voip settlement network
Defaults
Not enabled
Command History
Usage Guidelines
Using the debug voip settlement network command shows the messages, in detail, in HTTP and XML formats.
Examples
00:47:25:OSP:HTTP connection:reused00:47:25:OSP:OSPPSockWaitTillReady:HTTPCONN=0x6141A514, fd=000:47:25:OSP:OSPPSockWaitTillReady:read=0, timeout=0, select=100:47:25:OSP:osppHttpBuildAndSend():http=0x6141A514 sending:POST /scripts/simulator.dll?handler HTTP/1.1Host:1.14.115.12content-type:text/plainContent-Length:439Connection:Keep-AliveContent-Type:text/plainContent-Length:370<?xml version="1.0"?><Message messageId="1" random="8896"><AuthorisationRequest componentId="1"><Timestamp>1993-03-01T00:47:25Z</Timestamp><CallId><![CDATA[12]]></CallId><SourceInfo type="e164">5551111</SourceInfo><DestinationInfo type="e164">5552222</DestinationInfo><Service/><MaximumDestinations>3</MaximumDestinations></AuthorisationRequest></Message>00:47:25:OSP:OSPPSockWaitTillReady:HTTPCONN=0x6141A514, fd=000:47:25:OSP:OSPPSockWaitTillReady:read=0, timeout=1, select=100:47:25:OSP:OSPM_SEND:bytes_sent = 57700:47:25:OSP:OSPPSockProcessRequest:SOCKFD=0, Expecting 100, got00:47:25:OSP:OSPPSockWaitTillReady:HTTPCONN=0x6141A514, fd=000:47:25:OSP:OSPPSockWaitTillReady:read=1, timeout=1, select=100:47:25:OSP:OSPPSSLSessionRead() recving 1 bytes:HTTP/1.1 100 ContinueServer:Microsoft-IIS/4.0Date:Wed, 20 Jan 1999 02:01:54 GMT00:47:25:OSP:OSPPSockProcessRequest:SOCKFD=0, Expecting 200, got00:47:25:OSP:OSPPSockWaitTillReady:HTTPCONN=0x6141A514, fd=000:47:25:OSP:OSPPSockWaitTillReady:read=1, timeout=1, select=100:47:25:OSP:OSPPSSLSessionRead() recving 1 bytes:HTTP/1.1 200 OKServer:Microsoft-IIS/4.0Date:Wed, 20 Jan 1999 02:01:54 GMTConnection:Keep-AliveContent-Type:multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary=barContent-Length:168900:47:25:OSP:OSPPSockProcessRequest:SOCKFD=0, error=0, HTTP response00:47:25:OSP:OSPPSockWaitTillReady:HTTPCONN=0x6141A514, fd=000:47:25:OSP:OSPPSockWaitTillReady:read=1, timeout=1, select=100:47:25:OSP:OSPPSSLSessionRead() recving 1689 bytes:--barContent-Type:text/plainContent-Length:1510<?xml version="1.0"?><Message messageId="1" random="27285"><AuthorisationResponse componentId="1"><Timestamp>1999-01-20T02:01:54Z</Timestamp><Status><Description>success</Description><Code>200</Code></Status><TransactionId>101</TransactionId><Destination><AuthorityURL>http://www.myauthority.com</AuthorityURL><CallId><![CDATA[12]]></CallId><DestinationInfo type="e164">5552222</DestinationInfo><DestinationSignalAddress>1.14.115.51</DestinationSignalAddress><Token encoding="base64">PD94bWwgdmVyc2lvbj0xLjA/PjxNZXNzYWdlIG1lc3NhZ2VJZD0iMSIgcmFuZG9tPSIxODM0OSI+PFRva2VuSW5mb z48U291cmNlSW5mbyB0eXBlPSJlMTY0Ij41NTUxMTExPC9Tb3VyY2VJbmZvPjxEZXN0aW5hdGlvbkluZm8gdHlwZT 0iZTE2NCI+NTU1MjIyMjwvRGVzdGluYXRpb25JbmZvPjxDYWxsSWQ+PCFbQ0RBVEFbMV1dPjwvQ2FsbElkPjxWYWx pZEFmdGVyPjE5OTgtMTItMDhUMjA6MDQ6MFo8L1ZhbGlkQWZ0ZXI+PFZhbGlkVW50aWw+MTk5OS0xMi0zMVQyMzo1 OTo1OVo8L1ZhbGlkVW50aWw+PFRyYW5zYWN0aW9uSWQ+MTAxPC9UcmFuc2FjdGlvbklkPjxVc2FnZURldGFpbD48Q W1vdW50PjE0NDAwPC9BbW91bnQ+PEluY3JlbWVudD4xPC9JbmNyZW1lbnQ+PFNlcnZpY2UvPjxVbml0PnM8L1VuaX Q+PC9Vc2FnZURldGFpbD48L1Rva2VuSW5mbz48L01lc3NhZ2U+</Token><UsageDetail><Amount>60</Amount><Increment>1</Increment><Service/><Unit>s</Unit></UsageDetail><ValidAfter>1999-01-20T01:59:54Z</ValidAfter><ValidUntil>1999-01-20T02:09:54Z</ValidUntil></Destination><transnexus.com:DelayLimit critical="False">1000</transnexus.com:DelayLimit><transnexus.com:DelayPreference critical="False">1</transnexus.com:DelayPreference></AuthorisationResponse></Message>--barContent-Type:application/pkcs7-signatureContent-Length:31This is your response signature--bar--debug voip settlement security
To show all the tracing related to security, such as SSL or S/MIME, enter the debug voip settlement security command. Use the no form of this command to disable debugging output.
[no] debug voip settlement security
Defaults
Not enabled
Command History
Examples
Not available due to security issues.
debug voip settlement transaction
To see all the attributes of the transactions on the settlement gateway, enter the debug voip settlement transaction command. Use the no form of this command to disable debugging output.
[no] debug voip settlement transaction
Defaults
Not enabled
Command History
Examples
Sample output from the originating gateway:
00:44:54:OSP:OSPPTransactionNew:trans=0, err=000:44:54:OSP:osp_authorize:authorizing trans=0, err=0as5300-04>00:45:05:OSP:stop_settlement_ccapi_accounting:send report forcallid=7, trans=0, calling=5710868, called=15125551212, curr_Dest=100:45:05:OSP:OSPPTransactionDelete:deleting trans=0Sample output from the terminating gateway:
00:44:40:OSP:OSPPTransactionNew:trans=0, err=000:44:40:OSP:osp_validate:validated trans=0, error=0, authorised=1Glossary
AAA—Authentication Authorization and Accounting. A Cisco IOS Security feature.
ACF—Admission Confirmation.
ARQ—Admission Request
CA—Certificate Authority.
CDR—Call detail record.
CEP—Cisco Enrollment Protocol.
ETSI— European Telecommunication Standards Institute.
ISP—Internet service provider.
IVR—Interactive Voice Response. A Cisco IOS software voice feature for internet telephony service providers.
MD 5—Message Digest 5. The algorithm used for message authentication in SNMP v.2; MDS verifies the integrity of the communication, authenticates the origin, and checks for timeliness.
OGW—originating gateway.
OSP—Open Settlement Protocol.
PKCS7—Public Key Cryptography Standard No.7.
PKI—Public key infrastructure.
RADIUS—Database for authenticating modem and ISDN connections and for tracking connections.
RAS—Registration, admission, and status. RAS is the protocol that is used between endpoints and the gatekeeper to perform management functions.
ROOT—The ultimate CA which signs the certificates of the sub CA.
RSA—Rivest, Shamir, and Aldeman. Inventors of the public-key cryptographic system used for encryption and authentication.
SSL—Secure Socket Layer. Encryption technology for the Web used to provide secure transactions, such as the transmission of credit card numbers for e-commerce.
TACACS—Terminal access controller access control system.
TCL—Tool command language. TCL is an interpreted script language developed by Dr. John Ousterhout of the University of California, Berkeley, and is now developed and maintained by Sun Microsystems Laboratories.
TCP—Transmission Control Protocol.
TGW—terminating gateway.
VoIP—Voice over IP. The ability to carry normal telephone-style voice over an IP-based Internet with POTs-like functionality, reliability, and voice quality. VoIP is a blanket term, which generally refers to Cisco's standards based (for example H.323) approach to IP voice traffic.
Posted: Thu Dec 15 14:41:22 PST 2005
All contents are Copyright © 1992--2005 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.
