Hide Navigation Pane
Show Navigation Pane
Feedback
Download
SHA1
Example: Configuring Media Gateways in Subscriber Homes Using MGCP ALGs
This example shows how to configure media gateways in subscriber homes using MGCP ALGs.
Requirements
Before you begin:
- Configure zones. See Example: Creating Security Zones.
- Configure addresses and interfaces. See Example: Configuring Address Books.
- Configure security policies. See Security Policies Configuration Overview.
Overview
When a cable service provider offers MGCP services to residential subscribers, they locate the Juniper Networks device and call agent on their premises and install a set-top box, in each subscriber's home. The set-top boxes act as gateways for the residences.
After creating zones—external_subscriber for the customer and internal_ca for the service provider—you configure addresses, then interfaces, and finally policies to allow signaling between endpoints. Note that although gateways frequently reside in different zones, requiring policies for media traffic, in this example both gateways are in the same subnet. Note also that because RTP traffic between the gateways never passes through the device, no policy is needed for the media. See Figure 30.
Figure 30: Media Gateway in Subscriber Homes
Configuration
CLI Quick Configuration
To quickly configure media gateways in subscriber homes using MGCP ALGs, copy the following commands and paste them into the CLI:
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode.
To configure media gateways in subscriber homes using MGCP ALGs:
- Create security zones for the customer and for
the service provider.[edit security zones security-zone external-subscriber]user@host# set host-inbound-traffic system-services alluser@host# set host-inbound-traffic protocols all
[edit security zones security-zone internal-ca]user@host# set host-inbound-traffic system-services all user@host# set host-inbound-traffic protocols all - Configure addresses for the zones.[edit]user@host# set security zones security-zone internal-ca address-book address ca-agent-1 10.1.1.101/32 user@host# set security zones security-zone external-subscriber address-book address subscriber-subnet 2.2.2.1/24
- Configure interfaces for the zones.[edit]user@host# set security zones security-zone external-subscriber interfaces ge-0/0/0 user@host# set interfaces ge-0/0/0 unit 0 family inetuser@host# set security zones security-zone internal-ca interfaces ge-0/0/1user@host# set interfaces ge-0/0/1 unit 0 family inet address 2.2.2.1/24
- Configure policies for traffic from the
internal to the external zone.[edit security policies from-zone internal-ca to-zone external-subscriber policy ca-to-subscribers]user@host# set match source-address ca-agent-1 user@host# set match destination-address subscriber-subnet user@host# set match application junos-mgcp user@host# set then permit
- Configure policies for traffic from the
external to the internal zone.[edit security policies from-zone external-subscriber to-zone internal-ca policy subscriber-to-ca]user@host# set match source-address subscriber-subnet user@host# set match destination-address ca-agent-1user@host# set match application junos-mgcp user@host# set then permit
- Configure policies for traffic between
two internal zones.[edit security policies from-zone internal-ca to-zone internal-ca policy intra-ca]user@host# set match source-address any user@host# set match destination-address any user@host# set match application any user@host# set then permit
- Configure policies for traffic between
two external zones.[edit security policies from-zone external-subscriber to-zone external-subscriber policy intra-subscriber]user@host# set match source-address any user@host# set match destination-address any user@host# set match application any user@host# set then permit
Results
From configuration mode, confirm your configuration by entering the show security policies command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.
If you are done configuring the device, enter commit from configuration mode.
Verification
To confirm that the configuration is working properly, perform this task:
Verifying MGCP ALGs
Purpose
Verify the MGCP ALG verification options.
Action
From operational mode, enter the show security alg mgcp ? command.
user@host> show security alg mgcp ?Possible completions: calls Show MGCP calls counters Show MGCP counters endpoints Show MGCP endpoints
Meaning
The output shows a list of all MGCP verification parameters. Verify the following information:
- All MGCP calls
- Counters for all MGCP calls
- Information about all MGCP endpoints
Verifying MGCP ALG Calls
Purpose
Verify information about active MGCP calls.
Action
From operational mode, enter the show security alg mgcp calls command.
user@host> show security alg mgcp callsEndpoint@GW Zone Call ID RM Group
d001@101.50.10.1 Trust 10d55b81140e0f76 512
Connection Id> 0
Local SDP> o: 101.50.10.1 x_o: 101.50.10.1
c: 101.50.10.1/32206 x_c: 101.50.10.1/32206
Remote SDP> c: 3.3.3.5/16928 x_c: 3.3.3.5/16928
Endpoint@GW Zone Call ID RM Group
d001@3.3.3.5 Untrust 3a104e9b41a7c4c9 511
Connection Id> 0
Local SDP> o: 3.3.3.5 x_o: 3.3.3.5
c: 3.3.3.5/16928 x_c: 3.3.3.5/16928
Remote SDP> c: 101.50.10.1/32206 x_c: 101.50.10.1/32206
Meaning
The output displays information about all MGCP calls. Verify the following information:
- Endpoint
- Zone
- Call identifier
- Resource Manager group
Verifying MGCP ALG Endpoints
Purpose
Verify information about MGCP endpoints.
Action
From operational mode, enter the enter the show security alg mgcp endpoints command.
user@host> show security alg mgcp endpointsGateway: 101.50.10.1 Zone: Trust IP: 101.50.10.1 -> 101.50.10.1 Endpoint Trans # Call # Notified Entity d001 1 1 0.0.0.0/0->0.0.0.0/0 Gateway: 3.3.3.5 Zone: Untrust IP: 3.3.3.5 -> 3.3.3.5 Endpoint Trans # Call # Notified Entity d001 1 1 0.0.0.0/0->0.0.0.0/0
Meaning
The output displays information about all MGCP endpoints. Verify the following information:
- Gateway IP address and zone of both endpoints
- Endpoint identifier, transaction number, call number, and notified entity for each gateway
Verifying MGCP ALG Counters
Purpose
Verify information about MGCP counters.
Action
From operational mode, enter the enter the show security alg mgcp counters command.
user@host> show security alg mgcp countersMGCP counters summary: Packets received :284 Packets dropped :0 Message received :284 Number of connections :4 Number of active connections :3 Number of calls :4 Number of active calls :3 Number of transactions :121 Number of active transactions:52 Number of re-transmission :68 MGCP Error Counters: Unknown-method :0 Decoding error :0 Transaction error :0 Call error :0 Connection error :0 Connection flood drop :0 Message flood drop :0 IP resolve error :0 NAT error :0 Resource manager error :0 MGCP Packet Counters: CRCX :4 MDCX :9 DLCX :2 AUEP :1 AUCX :0 NTFY :43 RSIP :79 EPCF :0 RQNT :51 000-199 :0 200-299 :95 300-999 :0
Meaning
The output displays information about all MGCP counters. Verify the following information:
- Summary of MGCP counters
- MGCP error counters
- MGCP packet counters
Related Topics
- Junos OS Feature Support Reference for SRX Series and J Series Devices
- Understanding MGCP ALGs
- MGCP ALG Configuration Overview
