Useful CLI commands for Cisco CUCM

Useful CLI commands for Cisco CUCM .

I don’t work on the command line of CUCM often, if ever – you may add, but when the need arises here is the short list of commands to keep. A little reminder – the latest (starting version 5 and on) of Cisco CUCM software is Linux (namely Red Hat) based,  which of course includes the terminal access – be it a physical via console or a network one over ssh .
You create a username/password for the terminal during the CUCM  installation.
As Cisco do not want us to mess with the underlying OS, our interaction is limited to a very restricted kind of shell . So you don’t have access to the Linux commands, but you do have a predefined set of CUCM commands of which I present most useful ones here.
I run the examples below on a MCS hardware server so your output may vary.


– Changing password for yourself/another user . Know that it is here, but do not play with it risking to lock yourself out of the server.

admin:set password { age* | complexity* | expiry* | inactivity* | user* }

–  Get the disk usage

show diskusage activelog

– Show the status of the fans (irrelevant for VMware based install)

admin:show environment fans
(RPMS)     Lower                     Critical

ID     Current   Threshold Status

Fan Sensor 1 7800     4200      OK
Fan Sensor 2 7950     4200      OK
Fan Sensor 3 7800     4200      OK
Fan Sensor 4 7350     4200      OK
Fan Sensor 5 7200     4200      OK

– Show the server temperature (irrelevant for VMware based install)

show environment temperatures

(Celcius)    Non-Critical   Critical   Threshold    Threshold

     ID       Current  Lower   Upper   Lower   Upper  Location Temperature Sensor
24          53          54           55        62   1

– Show the server hardware (irrelevant for VMware based install)

show hardware

HW Platform    : 7825I4
Processors     : 1
Type           : Intel(R) Core(TM)2 Duo CPU E8400  @ 3.00GHz
CPU Speed      : 3000
Memory         : 2048 MBytes

show logins
administ pts/0   Wed Aug 12 09:56   still logged in

– Show physical memory (irrelevant for VMware based install)

show memory modules

Bank  Locator   Size  Active Status

– Show interface status (more useful for hardware based servers than VMware ones)

show network eth0

Ethernet 0
DHCP      : disabled        Status : up
IP Address   :     IP Mask :
Link Detected: yes             Mode    : Auto enabled, Full, 100 Mbits/s
Duplicate IP : no
DNS   Not configured.
Gateway   : on Ethernet 0

– Show number of open connections . If there is some network connectivity issue this number will be unusually low as each IP Phone/voice gateway is counted as a connection.
show network ip_conntrack


– Show open and accessible over the network ports

show network ipprefs public

Application  IPProtocol   PortValue Type      XlatedPort   Status    Description

———— ———— ———— ———— ———— ———— ————

sshd      tcp       22        public    –         enabled   sftp and ssh access
clm       udp       8500      public    –         enabled   cluster manager
clm       tcp       8500      public    –         enabled   cluster manager
tomcat    tcp       8443      translated   443       enabled   secure web access
tomcat    tcp       8080      translated   80        enabled   web access
ntpd      udp       123       public    –         enabled   network time sync

Read More

Overlooked but nice utility from Checkpoint – cpview

Checkpoint has made available starting with R77 this helpful information utility called cpview of which not many are aware. This is basically a Bash script that runs a bunch of native Checkpoint commands in the background and displays the output on the terminal while updating the data every other second.
– Running the command (you have to be in the Expert mode):
– File location:
# which cpview
alias cpview='/bin/'

– Some of the commands the utility runs:
fw ctl pstat
fw ctl multik stat
fw ctl affinity -l -r

Example output:cpview

Read More

Checkpoint Mobile Access support for SHA-256 SSL certificates

The new era of sha-256 as opposed to sha-1 signed SSL certificates is slowly gaining the pace, not without a gentle push from the browser providers . And Checkpoint is catching up in its new version R77.30 for Open Servers. This means, on the other hand, earlier versions do not support SHA-256 certificates.
While on both versions – 77.20 and 77.30 cpopenssl package gives the same version info they do differ:

cpopenssl command accepting -sha-256 option

openssl in R77.30 now supports SHA-256 certificates

Read More

SNMP in Gaia default community string

Configuring SNMP in Gaia as opposed to SPLAT has been made much simpler. So simple that it is easy to overlook that default configured read-only community is public .
So , it is a good idea to change it while enabling SNMP:
set snmp agent on
set snmp agent-version any
set snmp community public read-only

PS. Another ‘feature’ of the SNMP is that you can either enable SNMP version 1 and 2 or version 3. Trying to enable just version 2c is not possible.

Read More

RIPE database query for a route object, or why my network is not advertised via BGP to the world

Once it was a nice-to-have configuration that most ISPs in the world ignored anyway, but today it is a must if you are planning to advertise your networks via BGP through your uplink provider – your route object in the AS whois database of the uplink provider. If not – you will happily advertise your networks, the uplink provider will duly advertise them to its uplink peers, which will check AS registry database of your provider and not finding this route object will silently drop the advertising.
Of course it is duty of your transit ISP provider to update their records with your network, but after all, you are the one most interested – so as they say in Russian ” Доверяй но проверяй ” , and here is how to do it:
whois -h — ‘-a -r -i or -T route AS1680’ | grep route
In this example I assume your uplink provider is Netvision with AS1680 , replace AS number with the correct one.
Output will look like:

If you don’t find in such listing your network – Houston, you have a problem here.

Read More

Cisco CUCM CDR report – call duration and called numbers extraction script

Yesterday I had to extract some data from a CDR report for a client, namely call start time, its duartion and the called number. And while I am sure Google has zillion scripts to be found, it was much faster to hack this one-liner .
The script extracts the following fields from the CDR report in this order:
dateTimeOrigination – for outgoing calls it is the time the device goes off hook
callingPartyNumber – initiator of the call
finalCalledPartyNumber – the reached/dialed number (after forwarding if any)
duration – duration of the call
The extracted data is placed in CSV format to be easily imported into Microsoft Excel.
Enjoy. Any questions – feel free to ask here.

 awk -F, 'BEGIN {OFS=","} {print strftime("%c",$5),$9,$31,$56}'  report_cdr 

Sun 04 May 2014 01:54:37 PM IDT,0555555555,2988,41
Sun 04 May 2014 01:55:07 PM IDT,2908,0555555555,25

In case you want to extract some other fields from CDR , here is the full list of available values and their position. For explanation you can look here – Cisco Call Detail Records Field Descriptions

1 cdrRecordType
2 globalCallID_callManagerId
3 globalCallID_callId
4 origLegCallIdentifier
5 dateTimeOrigination
6 origNodeId
7 origSpan
8 origIpAddr
9 callingPartyNumber
10 callingPartyUnicodeLoginUserID
11 origCause_location
12 origCause_value
13 origPrecedenceLevel
14 origMediaTransportAddress_IP
15 origMediaTransportAddress_Port
16 origMediaCap_payloadCapability
17 origMediaCap_maxFramesPerPacket
18 origMediaCap_g723BitRate
19 origVideoCap_Codec
20 origVideoCap_Bandwidth
21 origVideoCap_Resolution
22 origVideoTransportAddress_IP
23 origVideoTransportAddress_Port
24 origRSVPAudioStat
25 origRSVPVideoStat
26 destLegIdentifier
27 destNodeId
28 destSpan
29 destIpAddr
30 originalCalledPartyNumber
31 finalCalledPartyNumber
32 finalCalledPartyUnicodeLoginUserID
33 destCause_location
34 destCause_value
35 destPrecedenceLevel
36 destMediaTransportAddress_IP
37 destMediaTransportAddress_Port
38 destMediaCap_payloadCapability
39 destMediaCap_maxFramesPerPacket
40 destMediaCap_g723BitRate
41 destVideoCap_Codec
42 destVideoCap_Bandwidth
43 destVideoCap_Resolution
44 destVideoTransportAddress_IP
45 destVideoTransportAddress_Port
46 destRSVPAudioStat
47 destRSVPVideoStat
48 dateTimeConnect
49 dateTimeDisconnect
50 lastRedirectDn
51 pkid
52 originalCalledPartyNumberPartition
53 callingPartyNumberPartition
54 finalCalledPartyNumberPartition
55 lastRedirectDnPartition
56 duration
57 origDeviceName
58 destDeviceName
59 origCallTerminationOnBehalfOf
60 destCallTerminationOnBehalfOf
61 origCalledPartyRedirectOnBehalfOf
62 lastRedirectRedirectOnBehalfOf
63 origCalledPartyRedirectReason
64 lastRedirectRedirectReason
65 destConversationId
66 globalCallId_ClusterID
67 joinOnBehalfOf
68 comment
69 authCodeDescription
70 authorizationLevel
71 clientMatterCode
72 origDTMFMethod
73 destDTMFMethod
74 callSecuredStatus
75 origConversationId
76 origMediaCap_Bandwidth
77 destMediaCap_Bandwidth
78 authorizationCodeValue
79 outpulsedCallingPartyNumber
80 outpulsedCalledPartyNumber
81 origIpv4v6Addr
82 destIpv4v6Addr
83 origVideoCap_Codec_Channel2
84 origVideoCap_Bandwidth_Channel2
85 origVideoCap_Resolution_Channel2
86 origVideoTransportAddress_IP_Channel2
87 origVideoTransportAddress_Port_Channel2
88 origVideoChannel_Role_Channel2
89 destVideoCap_Codec_Channel2
90 destVideoCap_Bandwidth_Channel2
91 destVideoCap_Resolution_Channel2
92 destVideoTransportAddress_IP_Channel2
93 destVideoTransportAddress_Port_Channel2
94 destVideoChannel_Role_Channel2
95 incomingProtocolID
96 incomingProtocolCallRef
97 outgoingProtocolID
98 outgoingProtocolCallRef
99 currentRoutingReason
100 origRoutingReason
101 lastRedirectingRoutingReason
102 huntPilotDN
103 huntPilotPartition
104 calledPartyPatternUsage
105 outpulsedOriginalCalledPartyNumber
106 outpulsedLastRedirectingNumber
107 wasCallQueued
108 totalWaitTimeInQueue
109 callingPartyNumber_uri
110 originalCalledPartyNumber_uri
111 finalCalledPartyNumber_uri
112 lastRedirectDn_uri
113 mobileCallingPartyNumber
114 finalMobileCalledPartyNumber
115 origMobileDeviceName
116 destMobileDeviceName
117 origMobileCallDuration
118 destMobileCallDuration
119 mobileCallType
120 originalCalledPartyPattern
121 finalCalledPartyPattern
122 lastRedirectingPartyPattern
123 huntPilotPattern

Read More

Convert Checkpoint SPLAT routes into Gaia configuration commands

Hi there, not much of a script , just the one-liner to turn output of the Secure Platform cli command route/ip route list into the ready for copy&paste list of Gaia clish commands.
Be aware I am not doing any error checking, so examine the final result before applying to a production system.
See ya.
You should run it on SPLAT cli being in expert mode.

ip route list | awk ‘/via/ {print " set static-route ",$1," nexthop gateway address " $3," on "}’

set static-route nexthop gateway address on
set static-route nexthop gateway address on
set static-route default nexthop gateway address on

Read More