• Home

    • Welcome to the next step of Collaboration within the Cisco technical community in Belgium and Luxembourg
  • Categories

  • Archives

  • Cisco Belgium Tweets

    Error: Twitter did not respond. Please wait a few minutes and refresh this page.

Trusted Relay Point configuration

The Cisco Unified Communications system can be deployed in a network virtualization environment. Cisco Unified Communications Manager enables the insertion of trusted relay points (TRPs). The insertion of TRPs into the media path constitutes a first step toward VoIP deployment within a virtual network.

The underlying network infrastructure comprises one of the key shared assets in an overall network design. A number of customer use cases require support for network infrastructure virtualization, such as the following examples:

-Guest internet access

-Partner access

-Departmental or divisional separation

-Subsidiaries/mergers and acquisitions

-Application segregation (data/voice)

All these applications include a requirement to maintain traffic separation on the network device as well as between network devices.

Traffic separation translates into concepts such as Virtual Routing and Forwarding (VRF). VRF allows multiple instances of a routing table to co-exist within the same router at the same time. In a virtualized network, these different routing domains, or VRFs, typically cannot communicate directly without transiting through the data center.

This situation challenges applications such as Cisco Unified Communications, where devices in the data VRF domain, such as software endpoints running on PCs, need to communicate directly with hard phones in the voice VRF domain without hairpinning media in the data center and without directly exposing the voice and data VRFs to each other.

Below a sample configuration off TRP.  This sample setup will force softclient RTP streams (voice or video) through the MTP control point in the router. In this router you might want to add additional security settings (FW, ACL, QOS,…). We will focus here on the basic TRP configuration in the  Cisco callmanager and  ISRG2 router.

Basic Principle:


As you can see in this setup we make a direct call between a Cisco EX90 and the CUPC client. Both devices are registered to the Callmanager 8.6.



ISRG2 Configuration:


voice-card 0


dsp services dspfarm


interface Loopback0

ip address

no ip redirects


interface GigabitEthernet0/0

ip address

no ip redirects

no ip unreachables

duplex auto

speed auto

no mop enabled

hold-queue 1024 in


interface GigabitEthernet0/1

ip address

duplex auto

speed auto


ip route


sccp local Loopback0

sccp ccm identifier 1 version 7.0



sccp ccm group 1

description register to callmanager

bind interface Loopback0

associate ccm 1 priority 1

associate profile 1 register MTP00254530ab00

keepalive retries 20


dspfarm profile 1 mtp

codec g711ulaw

codec pass-through

maximum sessions software 50

associate application SCCP

Cisco CallManager Configuration:

First remark do not forget to look at the following parameter depending on the policy you want to follow:

Cisco Unified Communications Manager uses the following service parameter with trusted relay points:

•Fail Call If Trusted Relay Point Allocation Fails

This service parameter, which is found in the Clusterwide Parameters (System – General) section, determines whether a call that requires a Trusted Relay Point (TRP) is allowed to proceed if no TRP resource is available. Valid values specify True (the call fails if no TRP resource is available) or False (the call proceeds regardless even if a TRP resource is not available).

Step 1: Configure the MTP resource (residing in the ISRG2 router).

Remark that below the MTP definition corresponds with the

associate profile 1 register MTP00254530ab00 line in the Cisco Router.

Step 2:  Add the MTP resources to your media resource group and add it to to the media resource group list , so you can activate the resource later on to your soft client definition.

Step 3:

Configure your client device and make sure to activate TRP (on) & add the previously defined media resource group list.

In our case device jderidde3.


To verify what is happening in the network can use the following IOS commands on the ISRG2:

Start with sho dspfarm profile

It will give you the view wether the MTP resource is associated with the callmanager.

Dspfarm Profile Configuration

Profile ID = 1, Service = MTP, Resource ID = 1

Profile Description :

Profile Service Mode : Non Secure

Profile Admin State : UP

Profile Operation State : ACTIVE

Application : SCCP   Status : ASSOCIATED

Resource Provider : NONE   Status : NONE

Number of Resource Configured : 50

Number of Resource Available : 50

Hardware Configured Resources : 0

Hardware Available Resources : 0

Software Resources : 50

Codec Configuration: num_of_codecs:2

Codec : g711ulaw, Maximum Packetization Period : 30

Codec : pass-through, Maximum Packetization Period : 0

Note that MTP resource supports sRTP as well, so you might want to activate this to make your TRP even more secure.

For the full statistics output use: show sccp output

You will see in the stats the RTP ports both voice & video streams pass (EX90 – CUPC):

ef sess_id    conn_id      stype mode     codec   sport rport ripaddr conn_id_tx

16778249   16777372     mtp   sendrecv pass_th 31820 16646

16778249   16777371     mtp   sendrecv pass_th 28694 16644

16778249   16777370     mtp   sendrecv pass_th 22942 32596

16778249   16777369     mtp   sendrecv pass_th 29008 16790

Have fun!


Get every new post delivered to your Inbox.

Join 26 other followers

%d bloggers like this: