manualshive.com logo in svg

AudioCodes Mediant 4000 SBC, User Manual, Page: 178 / 1037

Share
Download
AudioCodes Mediant 4000 SBC User Manual Download Page 178

CHAPTER 14    Security

Mediant 4000 SBC | User's Manual

Intrusion Detection System

The device's Intrusion Detection System (IDS) feature detects malicious attacks on the device and
reacts accordingly. A remote host is considered malicious if it has reached or exceeded a user-
defined threshold (counter) of specified malicious attacks.

If malicious activity is detected, the device can do the following:

Block (blacklist) remote hosts (IP addresses / ports) considered by the device as malicious.
The device automatically blacklists the malicious source for a user-defined period after which it
is removed from the blacklist.

Send SNMP traps to notify of malicious activity and/or whether an attacker has been added to
or removed from the blacklist. For more information, see

Viewing IDS Alarms

.

The Intrusion Detection System (IDS) is an important feature as it ensures legitimate calls are not
being adversely affected by attacks and to prevent Theft of Service and unauthorized access.

There are many types of malicious attacks, the most common being:

Denial of service:

This can be Denial of Service (DoS) where an attacker wishing to prevent a

server from functioning correctly directs a large amount of requests – sometimes meaningless
and sometimes legitimate, or it can be Distributed Denial of Service (DDoS) where the attacker
controls a large group of systems to coordinate a large scale DoS attack against a system:

Message payload tampering: Attacker may inject harmful content into a message, e.g., by
entering meaningless or wrong information, with the goal of exploiting a buffer overflow at
the target. Such messages can be used to probe for vulnerabilities at the target.

Message flow tampering: This is a special case of DoS attacks. These attacks disturb the
ongoing communication between users. An attacker can then target the connection by
injecting fake signaling messages into the communication channel (such as CANCEL
messages).

Message Flooding: The most common DoS attack is where an attacker sends a huge
amount of messages (e.g., INVITEs) to a target. The goal is to overwhelm the target’s
processing capabilities, thereby rendering the target inoperable.

SPAM over Internet Telephony (SPIT):

VoIP spam is unwanted, automatically dialed, pre-

recorded phone calls using VoIP. It is similar to e-mail spam.

Theft of Service (ToS):

Service theft can be exemplified by phreaking, which is a type of

hacking that steals service (i.e., free calls) from a service provider, or uses a service while
passing the cost to another person.

The IDS configuration is based on IDS Policies, where each policy can be configured with a set of
IDS rules. Each rule defines a type of malicious attack to detect and the number of attacks during
an interval (threshold) before an SNMP trap is sent. Each policy is then applied to a target under
attack (SIP interface) and/or source of attack (Proxy Set and/or subnet address).

Enabling IDS

By default, IDS is disabled. You can enable it, as described below.

To enable IDS:

1.

Open the IDS General Settings page (

Setup

menu >

Signaling & Media

tab >

Intrusion

Detection

folder >

IDS General Settings

).

2.

From the 'Intrusion Detection System' drop-down list, select

Enable

.

- 145 -

Summary of Contents for Mediant 4000 SBC

Page 1: ...User s Manual AudioCodes Series of Session Border Controllers SBC Mediant 4000 SBC Version 7 2...

Page 2: ...services are provided by AudioCodes or by an authorized AudioCodes Service Partner For more information on how to buy technical support for AudioCodes products and for contact information please visi...

Page 3: ...its accompanying license requires that it be provided in source code as well Buyer may receive such source code by contacting AudioCodes by following the instructions available on AudioCodes website S...

Page 4: ...d SIP header X AC Action Configuring WebRTC Web path Configuring BroadSoft s Shared Phone Line Call Appearance for Survivability example Automatic Provisioning CLI Script file Configuring RTCP XR IP G...

Page 5: ...Assigning CSR based Certificates to TLS Contexts Generating Private Keys for TLS Contexts Configuring Underlying Ethernet Devices max Configuring IP Network Interfaces max Configuring Media Realms ma...

Page 6: ...Call Setup Rules Configuring SBC IP to IP Routing note Configuring SIP Response Codes for Alternative Routing Reasons SBC Wizard screens Auxiliary Files SBC Wizard Viewing IP Connectivity typo Creati...

Page 7: ...tinations Using Dial Plan Tags for Routing Destinations Disconnecting and Reconnecting HA Viewing the License Key Installing a License Key String Viewing the Device s Product Key Debugging Web Service...

Page 8: ...UDP Ports using Tag based Routing Updated parameters WebUsers_Password note InterfaceTable_ ApplicationTypes CpMediaRealm_PortRangeStart note removed SIPInterface_UDPPort note removed ProxySet_ Succes...

Page 9: ...reenshots 42025 Updated with Patch Version 7 20A 158 Updated sections Replacing the Corporate Logo with an Image logo width removed Replacing the Corporate Logo with Text Customizing the Favicon defau...

Page 10: ...Miscellaneous New AudioCodes logo content removed fom manipulation syntax 42026 Updated to Patch Version 7 20A 200 019 Updated Sections Default OAMP IP Address Configuring Management User Accounts max...

Page 11: ...ulations_ActionValue ConditionTable_ Condition PreParsingManipulationRules_MessageType PreParsingManipulationRules_ReplaceWith AudioCoders_Sce IpProfile_SBCMediaSecurityMethod 2 removed IPProfile_ SBC...

Page 12: ...Recording on VoIP Interfaces Updated Parameters SNMPUsers_PrivProtocol 4 and 5 removed InterfaceTable_InterfaceName default Prefix replaced with Pattern for Web parameters and CLI commands and descrip...

Page 13: ...ction HTTPRemoteServices_NumOfSockets removed HTTPRemoteServices_LoginNeeded removed IPGroup_Tags ProxySet_EnableProxyKeepAlive ProxySet_ProxyRedundancyMode ProxySet_IsProxyHotSwap ProxySet_ProxyLoadB...

Page 14: ...ndManipulationSet GWOutboundManipulationSet 42033 Updated for software update Version 7 20A 250 Updated sections Alternative Routing Based on SIP Responses 806 updated Fax and Modem Capabilities remov...

Page 15: ...changed SIPInterface_PreClassificationManipulationSet note if classification fails SBCCDRFormat_FieldType 445 and 446 added GWInboundManipulationSet CLI GWOutboundManipulationSet CLI HaNetworkMonitor...

Page 16: ...ing Static IP Routes reset removed Configuring Syslog Debug Level typo Configuring Test Call Endpoints Configuring the Device s LDAP Cache typo Configuring the OVOC Server for QoE table renamed Config...

Page 17: ...T Query HTTP POST Notification CallSetupRules_QueryTarget Web name changed CallSetupRules_AttributesToQuery Web name changed CallSetupRules_ActionType None value added InterfaceTable_ PrefixLength val...

Page 18: ...tting Acquainted with the Web Interface 17 Computer Requirements 17 Accessing the Web Interface 17 Areas of the GUI 18 Accessing Configuration Pages from Navigation Tree 21 Configuring Stand alone Par...

Page 19: ...elnet for CLI 55 Enabling SSH with RSA Public Key for CLI 56 Configuring Maximum Telnet SSH Sessions 57 Establishing a CLI Session 58 Viewing Current CLI Sessions 59 Terminating a User s CLI Session 5...

Page 20: ...ying Ethernet Devices 94 Configuring IP Network Interfaces 96 Networking Configuration Examples 101 Configuring Static IP Routes 104 Configuration Example of Static IP Routes 106 Troubleshooting the S...

Page 21: ...cies 150 Viewing IDS Alarms 152 Configuring SIP Response Codes to Exclude from IDS 154 15 Media 155 Configuring Voice Settings 155 Configuring Voice Gain Volume Control 155 Configuring Echo Cancellati...

Page 22: ...204 Avaya UCID 204 Customizing Recorded SIP Messages Sent to SRS 205 RADIUS based Services 207 Enabling RADIUS Services 207 Configuring RADIUS Servers 208 Configuring Interface for RADIUS Communicati...

Page 23: ...ng HTTP Proxy Servers 263 Configuring HTTP Locations 266 Configuring TCP UDP Proxy Servers 269 Configuring Upstream Groups 272 Configuring Upstream Hosts 274 Configuring HTTP Directive Sets 275 Config...

Page 24: ...Media Realms 316 Configuring Remote Media Subnets 319 Configuring Media Realm Extensions 321 Configuring SRDs 324 Filtering Tables in Web Interface by SRD 330 Multiple SRDs for Multi tenant Deployment...

Page 25: ...BC Outbound Manipulation 476 Using Dial Plan Tags for Call Setup Rules 477 Using Dial Plan Tags for Message Manipulation 477 21 SIP Message Manipulation 478 Configuring SIP Message Manipulation 478 Co...

Page 26: ...IP 3xx 520 Interworking SIP Diversion and History Info Headers 521 Interworking SIP REFER Messages 522 Interworking SIP PRACK Messages 523 Interworking SIP Session Timer 523 Interworking SIP Early Med...

Page 27: ...dpoints 599 Configuring SBC MoH from External Media Source 601 WebRTC 604 SIP over WebSocket 606 Configuring WebRTC 608 Call Forking 610 Initiating SIP Call Forking 611 Configuring SIP Forking Initiat...

Page 28: ...v for HA Maintenance Traffic 643 Monitoring IP Entities and HA Switchover upon Ping Failure 643 33 HA Maintenance 648 Maintenance of Redundant Device 648 Replacing a Failed Device 648 Initiating an HA...

Page 29: ...onfiguration File 688 Saving and Loading CLI Script Files 689 Saving and Loading a Configuration Package File 690 40 Automatic Provisioning 692 Automatic Configuration Methods 692 DHCP based Provision...

Page 30: ...725 Restoring Defaults through ini File 725 Part IX 726 Status Performance Monitoring and Reporting 726 43 System Status 727 Viewing Device Information 727 Viewing Device Status on Monitor Page 728 44...

Page 31: ...Configuring RADIUS Accounting 804 Part X 811 Diagnostics 811 52 Syslog and Debug Recording 812 Configuring Log Filter Rules 812 Filtering IP Network Traces 817 Configuring Syslog 817 Syslog Message F...

Page 32: ...Parameters 859 General Parameters 859 Web Parameters 862 Telnet and CLI Parameters 866 ini File Parameters 868 SNMP Parameters 868 Serial Parameters 874 Auxiliary and Configuration File Name Parameter...

Page 33: ...ers 950 RTP RTCP and T 38 Parameters 951 Fax and Modem Parameters 956 Answer and Disconnect Supervision Parameters 964 SBC Parameters 966 Supplementary Services 987 IP Media Parameters 987 Services 99...

Page 34: ...list of IP PBXs unified communications solutions and SIP trunking provider networks The device provides robust protection for the IP communications infrastructure preventing fraud and service theft a...

Page 35: ...e your device more effectively and easily SBC Application The objective of your configuration is to enable the device to forward calls between telephony endpoints in the SIP based Voice over IP VoIP n...

Page 36: ...edia traffic with a specific SIP entity IP Group The Media Realm can be associated with the SIP entity by assigning the Media Realm to the IP Group of the SIP entity or by assigning it to the SIP Inte...

Page 37: ...h the Classification rule is configured IP to IP Routing IP to IP routing rules define the routes for routing calls between SIP entities As the SIP entities are represented by IP Groups the routing ru...

Page 38: ...maximum number of permitted concurrent calls SIP dialogs per IP Group SIP Interface SRD or user Accounts Accounts are used to register or authenticate a served SIP entity e g IP PBX with a serving SI...

Page 39: ...ssification rule that is associated with the dialog s SRD and that matches the incoming characteristics of the incoming dialog defined for the rule 3 IP Profile and inbound manipulation can be applied...

Page 40: ...Part I Getting Started with Initial Connectivity...

Page 41: ...troduction Mediant 4000 SBC User s Manual 2 Introduction This part describes how to initially access the device s management interface and change its default IP address to correspond with your network...

Page 42: ...s address to initially access the device from any of its management tools embedded Web server OVOC or Telnet SSH You can also access the device through the console CLI by connecting the device s seria...

Page 43: ...MP networking address through the Web based management tool Web interface The default IP address is used to initially access the device To change the default OAMP network address through Web interface...

Page 44: ...ice drop down list select the Ethernet Device that you configured in the previous step d Under the IP Address group change the IP address to correspond with your network IP addressing scheme e Under t...

Page 45: ...g a terminal emulator program such as HyperTerminal with the following communication port settings Baud Rate 115 200 bps Data Bits 8 Parity None Stop Bits 1 Flow Control None 3 At the CLI prompt type...

Page 46: ...aste the below ini file table parameter InterfaceTable into the ini file InterfaceTable FORMAT InterfaceTable_Index InterfaceTable_ApplicationTypes InterfaceTable_ InterfaceMode InterfaceTable_IPAddre...

Page 47: ...CHAPTER 4 Configuring VoIP LAN Interface for OAMP Mediant 4000 SBC User s Manual 9 Access the device using the new OAMP interface address 14...

Page 48: ...Part II Management Tools...

Page 49: ...r see Web based Management Embedded Command Line Interface CLI see CLI Based Management Simple Network Management Protocol SNMP see SNMP Based Management Configuration ini file see INI File Based Mana...

Page 50: ...pages and parameters are available only for certain hardware configurations or software features The software features are determined by the installed License Key see License Key Getting Acquainted w...

Page 51: ...rname field offers previously entered usernames To disable autocompletion use the WebLoginBlockAutoComplete ini file parameter Depending on your Web browser s settings a security warning box may be di...

Page 52: ...nce If you make a configuration change that takes effect only after a device reset the button is surrounded by a red colored border as a reminder otherwise your changes revert to previous settings if...

Page 53: ...ord button to change your login password see Changing Login Password by All User Levels on page 51 Log Out button to log out the Web session see Logging Off the Web Interface 6 Product name of device...

Page 54: ...rk pane The hierarchical structure and organization of the items in the Navigation tree allow you to easily drill down and locate the required item The Navigation tree consists of the following areas...

Page 55: ...n invalid row If a folder contains an item with an invalid row or associated with an invalid row the closed folder displays a red colored icon as shown in the following example If you hover your curso...

Page 56: ...ings to flash memory with a device reset for your changes to take effect When you change such a parameter and then click Apply the Reset button on the toolbar is encircled by a red border If you click...

Page 57: ...to their previous settings if the device later undergoes a hardware reset a software reset without saving to flash or powers down Therefore make sure that you save your configuration to the device s...

Page 58: ...le has a child table The child table is opened for the selected row 6 Navigation bar for scrolling through the table s pages see Viewing Table Rows 7 Search tool for searching parameters and values se...

Page 59: ...thods Selecting a referenced row from the drop down list Scroll down to the desired item and click it Search for the item by entering in the field the first few characters of the desired row and then...

Page 60: ...t to its previous size Modifying Table Rows The following procedure describes how to modify edit the configuration of an existing table row Remember that a gray colored dot icon displayed next to a pa...

Page 61: ...eld is surrounded by a colored border as shown in the example below If you hover your mouse over the field a pop up message appears providing the valid values If you enter a valid value the colored bo...

Page 62: ...with a parameter that references Proxy Set 0 which is configured with an invalid value Invalid Reference Line icons are displayed for the IP Groups table as shown below Invalid icon display in drop d...

Page 63: ...e Navigation Bar Description Item Description 1 Navigation buttons to view previous table rows Displays the previous table page Displays the first table page i e page with at least the first index row...

Page 64: ...n header so that the rows are sorted in ascending order e g 0 1 2 and so on 2 Select the row that you want to move 3 Do one of the following To move one index up e g from Index 3 to 2 Click the up arr...

Page 65: ...arch is unsuccessful no rows are displayed 4 To quit the Search tool and continue configuring rows click the icon located in the Search box Searching for Configuration Parameters You can search in the...

Page 66: ...avigation path link to the page on which the parameter appears Parameter s name Parameter s value Brief description of parameter 3 Click the link of the navigation path corresponding to the required f...

Page 67: ...36 Web browser Favicon see Customizing the Favicon Login welcome message see Creating a Login Welcome Message The product name also affects other management interfaces In addition to Web interface cus...

Page 68: ...ensitive suffix AdminPage to the device s IP address e g http 10 1 229 17 AdminPage 3 Log in with your credentials the Admin page appears 4 On the left pane click Image Load to Device the right pane d...

Page 69: ...zing the Browser Tab Label You can customize the label that appears on the tab of the Web browser that you use to open the device s Web interface By default the tab displays AudioCodes You can change...

Page 70: ...ings To replace the default text UseWebLogo 1 WebLogoText your text for example Hello To restore the default text AudioCodes UseWebLogo 0 2 Load the ini file using the Auxiliary Files page see Loading...

Page 71: ...that you are using to access the device s Web interface 2 In your browser s URL address field append the case sensitive suffix AdminPage to the device s IP address e g http 10 1 229 17 AdminPage 3 Lo...

Page 72: ...reate an ini file that includes the WelcomeMessage table parameter Use the parameter to configure your message where each index row is a line in your message for example WelcomeMessage FORMAT WelcomeM...

Page 73: ...ed management interfaces The following procedure describes how to configure additional management interfaces through the Web interface You can also configure it through ini file AdditionalManagementIn...

Page 74: ...on HTTP and HTTPS or HTTPS Only depends on the configuration of the global parameter HTTPSOnly see Configuring Secured HTTPS Web Configuring Management User Accounts The Local Users table lets you con...

Page 75: ...read only privileges per Web page for Monitor Administrator and Security Administrator user levels For more information see Customizing Access Levels per Web Page on page 47 The device provides the fo...

Page 76: ...st be configured with a unique index Username user WebUsers_Username Defines the Web user s username The valid value is a string of up to 40 alphanumeric characters including the period underscore _ a...

Page 77: ...last remaining Security Administrator The first Master user can be added only by a Security Administrator user Additional Master users can be added edited and deleted only by Master users If only one...

Page 78: ...ivity Timer see Configuring Web Session and Access Settings These users can only log in to the Web interface if their status is changed to New or Valid by a System Administrator or Master Note The Ina...

Page 79: ...through REST CLI Session Limit cli session limit WebUsers_ CliSessionLimit Defines the maximum number of concurrent CLI sessions allowed for the specific user For example if configured to 2 the same...

Page 80: ...ls Monitor Administrator or Security Administrator per page in the device s Web interface These rules override the default read write and read only privileges of the user levels as described in Config...

Page 81: ...e Administrator and Security Administrator are also assigned read only privileges TLS Contexts Security Administrator Security Administrator Assigns read write privileges to Security Administrator use...

Page 82: ...rator default 200 Security Administrator Read Only Access Level WebPagesAccessLevel_ ROAccessLevel Defines the minimum user level to which you want to assign read only access privileges for the select...

Page 83: ...for example The following information is displayed Username e g Admin of currently logged in user User level e g Security Administrator of currently logged in user Duration of the current Web session...

Page 84: ...ement User Accounts Session Timeout Duration in minutes of inactivity i e no actions are performed in the Web interface of a logged in user after which the Web session expires and the user is automati...

Page 85: ...in password 1 On the top bar of the Web interface click the username that is displayed for the currently logged in user e g Admin the following appears 2 Click Change Password the following appears 3...

Page 86: ...ique number When the user performs actions i e POST method on that page e g configures parameters the token is included to verify that the authenticated user is the one performing the actions To enabl...

Page 87: ...ce as the first authorized IP address in the Access List If you configure any other IP address access from your computer will be immediately denied If you configure network firewall rules in the Firew...

Page 88: ...enable a secured Telnet that uses Secure Socket Layer SSL where information is not transmitted in clear text If SSL is used a special Telnet client is required on your PC to connect to the Telnet int...

Page 89: ...er grade security Follow the instructions below to configure the device with an administrator RSA key as a means of strong authentication To enable SSH and configure RSA public keys for Windows using...

Page 90: ...in Step 4 5 Connect to the device with SSH using the username Admin RSA key negotiation occurs automatically and no password is required To configure RSA public keys for Linux using OpenSSH 4 3 1 Run...

Page 91: ...cure SHell SSH The device can be accessed through its Ethernet interface by the SSH protocol using SSH client software A popular and freeware SSH client software is Putty which can be downloaded from...

Page 92: ...show users 0 console Admin local 0d00h03m15s 1 telnet John 10 4 2 1 0d01h03m47s 2 ssh Alex 192 168 121 234 12d00h02m34s The current session from which this show command was run is displayed with an a...

Page 93: ...nal window length the MORE prompt is not displayed To configure the number of displayed output lines by dragging terminal window 1 Establish a CLI session with the device 2 Access the System menu conf...

Page 94: ...ayed encrypted the word obscured appears after the password To enable obscured password display in CLI config system cli settings cli settings password obscurity on Below shows two examples of passwor...

Page 95: ...and then reset the device with a save to flash for your settings to take effect Configuring SNMP Community Strings SNMP community strings determine the access privileges read only and read write of S...

Page 96: ...t the device with a save to flash for your settings to take effect To delete a community string delete the configured string click Apply and then reset the device with a save to flash for your setting...

Page 97: ...lid value is a string of up to 30 characters that can include only the following Upper and lower case letters a to z and A to Z Numbers 0 to 9 Hyphen Underline _ For example Trap comm_string1 The defa...

Page 98: ...SNMP trap manager with an FQDN see Configuring an SNMP Trap Destination with FQDN Table 8 2 SNMP Trap Destinations Table Parameters Description Parameter Description check box SNMPManagerIsUsed_x Ena...

Page 99: ...nation with an FQDN 1 Open the SNMP Community Settings page Setup menu Administration tab SNMP folder SNMP Community Settings 2 Under the Misc Settings group in the Trap Manager Host Name field SNMPTr...

Page 100: ...b activity 1 Open the SNMP Community Settings page Setup menu Administration tab SNMP folder SNMP Community Settings 2 Under the Misc Settings group from the Activity Trap drop down list EnableActivit...

Page 101: ...figured with a unique index User Name username SNMPUsers_ Username Name of the SNMP v3 user The name must be unique Authentication Protocol auth protocol SNMPUsers_ AuthProtocol Authentication protoco...

Page 102: ...ing for example If you have customized an alarm that has subsequently been sent by the device and you then delete the rule when the alarm is still active the device doesn t send the alarm again for th...

Page 103: ...alarm that you want to customize Note The CLI and ini file use the last digits of the alarm s OID as the name For example configure the parameter to 12 for the acActiveAlarmTableOverflow alarm OID is...

Page 104: ...n the Original Severity parameter For example if you want to change the severity of the acCertificateExpiryAlarm alarm from Minor to Major then configure the Original Severity parameter to Minor and t...

Page 105: ...ple severity levels based on conditions configure the Original Severity parameter to the severity that you don t want the device to send For example if you don t want the device to send the acProxyCon...

Page 106: ...name parameter name value parameter name value this is a comment line for example System Parameters SyslogServerIP 10 13 2 69 EnableSyslog 1 For general ini file formatting rules see General ini File...

Page 107: ...in the Data lines are interpreted according to the order specified in the Format line The double dollar sign in a Data line indicates the default value for the parameter The order of the Data lines is...

Page 108: ...st be enclosed with inverted commas e g CallProgressTonesFileName cpt_usa dat The parameter name is not case sensitive The parameter value is not case sensitive except for coder names The ini file mus...

Page 109: ...o the device s non volatile memory flash Before you load an ini file to the device make sure that the file extension name is ini Secured Encoded ini File The ini file contains sensitive information th...

Page 110: ...rds the passwords are ignored By default the format is obscured passwords thus enabling their full recovery in case of configuration restore or copy to another device Regardless of the configured pass...

Page 111: ...d the resource s state and to create update and delete the resources respectively Resource state is described in JSON format and included in the HTTP request or response bodies For security it is reco...

Page 112: ...accessing each resource menu you can access it directly using the full URL path e g api v1 alarms active For more information on REST API refer to the document REST API for Mediant Devices When access...

Page 113: ...Part III General System Settings...

Page 114: ...ages received from the NTP server Authentication is done using an authentication key with the MD5 cryptographic hash algorithm When this feature is enabled the device ignores NTP messages received wit...

Page 115: ...e g 27 Time Hours in 24 hour format e g 4 for 4 am Minutes in mm format e g 57 Seconds in ss format e g 45 3 Click Apply the date and time is displayed in the UTC Time read only field If the device i...

Page 116: ...up menu Administration tab Time Date and then scroll down to the Time Zone group 2 From the Day Light Saving Time DayLightSavingTimeEnable drop down list select Enable 3 From the DST Mode drop down li...

Page 117: ...hostname first 16 characters only instead of the device type CLI The CLI prompt displays the hostname instead of the device type The device s SNMP interface s SysName object under MIB 2 is set to the...

Page 118: ...Part IV General VoIP Configuration...

Page 119: ...hem giving you a better understanding of your network topology and configuration You can use the Network view as an alternative to configuring the entities in their respective Web pages or you can use...

Page 120: ...P Interface as desired and then click Apply the IP Interfaces table closes and you are returned to the Network View displaying the newly added IP Interface For more information on configuring IP Inter...

Page 121: ...Configure the Ethernet Group as desired and then click Apply the Ethernet Groups table closes and you are returned to the Network View For more information on configuring IP Interfaces see Configurin...

Page 122: ...work View button to refresh the connectivity status display of the Ethernet ports Configuring Physical Ethernet Ports The Physical Ports table lets you configure the device s Ethernet ports This inclu...

Page 123: ...ities folder Physical Ports 2 Select a port that you want to configure and then click Edit the following dialog box appears 3 Configure the port according to the parameters described in the table belo...

Page 124: ...When two ports are assigned to an Ethernet Group 1 1 Ethernet port redundancy can be implemented in your network In such a configuration one port can be active while the other standby or both ports ca...

Page 125: ...t is selected or select a different port Two different MAC addresses are assigned to the Ethernet ports one to ports GE 1 4 upper ports and another to ports GE 5 8 lower ports If you configure an Ethe...

Page 126: ...net Group can receive and transmit packets This option is applicable only to the Maintenance interface for High Availability HA deployments For more information see Network Topology Types and Rx Tx Et...

Page 127: ...N ID 1 Ethernet Group GROUP 1 Tagging Policy Untagged MTU 1500 The pre configured Ethernet Device is associated with the default IP network interface ie OAMP in the IP Interfaces table The Untagged po...

Page 128: ...et Output Device field see Configuring Static IP Routing VLAN ID vlan id DeviceTable_ VlanID Defines a VLAN ID for the Ethernet Device The valid value is 1 to 3999 The default is 1 Note Each Ethernet...

Page 129: ...MTU of the first Ethernet Device untagged VLAN For example if the untagged VLAN is configured with MTU of 100 bytes you can configure a tagged VLAN with an MTU value of either 100 bytes or less If yo...

Page 130: ...h Availability IP address IPv4 or IPv6 and subnet mask prefix length Default Gateway Traffic from this interface destined to a subnet that does not meet any of the routing rules local or static are fo...

Page 131: ...ame must be configured mandatory and must be unique for each interface Each network interface must be assigned an Ethernet Device For IPv4 addresses the Interface Mode column must be set to IPv4 Manua...

Page 132: ...nterface for HA mode you must reset the device for your changes to take effect To view configured IP network interfaces that are currently active click the IP Interface Status Table link located at th...

Page 133: ...Interfaces Ethernet Device underlying dev InterfaceTable_ UnderlyingDevice Assigns an Ethernet Device to the IP interface An Ethernet Device is a VLAN associated with a physical Ethernet port Ethernet...

Page 134: ...ss blocks it uses the variable length subnet masking technique to allow allocation on arbitrary length prefixes The valid value of the prefix length depends on the IP address version IPv4 0 to 30 defa...

Page 135: ...Control and one for RTP Media and each with a different VLAN ID and default gateway Inde x Name Applic ation Type Eth ernet Device Inter face Mode IP Address Prefix Lengt h Default Gateway 0 Managemen...

Page 136: ...plication is configured through the ini file to serve as OAMP applications EnableNTPasOAM 1 Configure Layer 2 QoS mapping in the QoS Mapping table Packets sent with the configured DiffServ get the con...

Page 137: ...not located behind the Default Gateway that is specified for an IP network interface in the IP Interfaces table from which the packets are sent Before sending an IP packet the device searches the Sta...

Page 138: ...eter Description Index StaticRouteTable_ Index Defines an index number for the new table row The valid value is 0 to 29 Note Each row must be configured with a unique index Description description Sta...

Page 139: ...ration Example of Static IP Routes An example of the use for static routes is shown in the figure below In the example the device needs to communicate with a softswitch at IP address 10 1 1 10 However...

Page 140: ...with the static route The same destination has been configured in two different static routing rules More than 30 static routes have been configured If a static route is required to access OAMP applic...

Page 141: ...ding to its IP address configured in the IP Interfaces table The figure below illustrates the NAT problem faced by SIP networks when the device is located behind a NAT Configuring NAT Translation per...

Page 142: ...pecified network interface are NAT ed By default no value is defined To configure IP network interfaces see Configuring IP Network Interfaces Source Start Port src start port NATTranslation_ SourceSta...

Page 143: ...ress is a local address the device considers the endpoint as located behind NAT In this case the device sends the SIP messages to the endpoint using the packet s source IP address Otherwise or if you...

Page 144: ...o the private IP address port of the UA and not the public address of the NAT server and therefore the media will not reach the UA When the UA is located behind NAT although the UA sends its private I...

Page 145: ...from the LAN to the WAN through the firewall If the firewall blocks T 38 packets sent from the termination IP fax the fax fails To overcome this problem the device sends No Op no signal packets to ope...

Page 146: ...he receipt of STUN binding requests for connectivity checks of ICE candidates and responds to them with STUN responses Note that in the response to the INVITE message received from the remote endpoint...

Page 147: ...er of continuous media packets that need to be received from a different source s before the channel can latch onto this new incoming stream Period msec during which if no packets are received from th...

Page 148: ...e expense of other traffic types By prioritizing packets DiffServ routers can minimize transmission delays for time sensitive packets such as VoIP packets You can assign DiffServ to the following clas...

Page 149: ...ervices to Application Types OAMP Control Depends on traffic type Control Control Premium Management Bronze To configure DiffServ Layer 3 QoS values per CoS 1 Open the QoS Settings page Setup menu IP...

Page 150: ...ccording to the DiffServ value in the IP header of the packet Layer 2 802 1Q frames have a 2 byte field called Tag Control Information The three most significant bits of this 2 byte field represents t...

Page 151: ...ring ICMP Messages Internet Control Message Protocol ICMP is one of the core protocols of the Internet Protocol suite It is used by network devices such as routers to send error messages indicating fo...

Page 152: ...e Internal SRV Table Configuring Default DNS Servers The device provides two default DNS server addresses primary and secondary which you can modify The default primary DNS server s address is 8 8 8 8...

Page 153: ...DNS table the device performs a DNS query with an external third party DNS server whose address is configured for the associated IP network interface in the IP Interfaces table see Configuring IP Netw...

Page 154: ...translated Configuring the Internal SRV Table The Internal SRV table lets you configure up to 10 SRV rows The table is used to resolve hostnames into DNS A Records You can assign three different A Rec...

Page 155: ...ame Srv2Ip_ InternalDomain Defines the hostname to be translated The valid value is a string of up to 31 characters By default no value is defined Transport Type transport type Srv2Ip_ TransportType D...

Page 156: ...e priority By default no value is defined Port 1 3 port 1 2 3 Srv2Ip_Port1 2 3 Defines the TCP or UDP port on which the service is to be found By default no value is defined IP Multicasting The device...

Page 157: ...ity and authenticity between two communicating applications over TCP IP The device is shipped with a default TLS Context Index 0 and named default which includes a self generated random private key an...

Page 158: ...ontext assigned to the Proxy Set is used To configure Proxy Sets see Configuring Proxy Sets b SIP Interface If the Proxy Set is either not configured for TLS i e the Transport Type parameter is set to...

Page 159: ...haracters Note The parameter value cannot contain a forward slash The default TLS Context Index 0 is named default TLS Version tls version TLSContexts_TLSVersion Defines the supported SSL TLS protocol...

Page 160: ...s determined at compile time and is normally ALL EXPORT LOW aNULL eNULL SSLv2 Strict Certificate Extension Validation require strict cert TLSContexts_ RequireStrictCert Enables the validation of the e...

Page 161: ...page appears 3 Under the Certificate Signing Request group fill in the following information a Distinguished Name DN fields uniquely identifies the device In the Common Name CN field enter the common...

Page 162: ...ERTIFICATE header 7 Scroll down to the Upload Certificates Files From Your Computer group click the Browse button corresponding to the Send Device Certificate field navigate to the cert txt file and t...

Page 163: ...Provisioning mechanism using the HTTPSCertFileName parameter Viewing Certificate Information You can view information of TLS certificates installed on the device per TLS Context To view certificate in...

Page 164: ...rocedure describes how to assign an externally created private key to a TLS Context To assign an externally created private key to a TLS Context 1 Obtain a private key in either textual PEM PKCS 7 or...

Page 165: ...Send Device Certificate file text 8 After the files successfully load to the device save the configuration with a device reset 9 Verify that the private key is correct a Open the TLS Contexts table b...

Page 166: ...the device acts as a CA The Issuer e g Issuer CN ACL_ 5967925 and Subject e g Subject CN ACL_5967925 fields of the self signed certificate have the same value The device is shipped with a default TLS...

Page 167: ...the configuration with a device reset for the new certificate to take effect Importing Certificates into Trusted Root Certificate Store The device provides its own Trusted Root Certificate store This...

Page 168: ...click the Trusted Root Certificates link located below the table the Trusted Certificates table appears 3 Click the Import button and then browse to and select the certificate file 4 Click OK the cert...

Page 169: ...ates table certificate root store so that the device can authenticate the client see Importing Certificates into Trusted Root Certificate Store Make sure that the TLS certificate is signed by a CA tha...

Page 170: ...LS Context whereby the device periodically checks the validation date of installed TLS server certificates You can also configure the device to send an SNMP alarm acCertificateExpiryAlarm at a user de...

Page 171: ...e call terminates Therefore it is unnecessary to configure specific firewall rules to allow traffic through specific ports For example if you have configured a firewall rule to block all media traffic...

Page 172: ...ives the incoming packet The valid range is 0 to 65535 The default is 0 Note When set to 0 this field is ignored and any source port matches the rule Prefix Length prefixLen AccessList_ PrefixLen Mand...

Page 173: ...Any to 255 The default is Any Note The parameter also accepts the string value HTTP which implies selection of the TCP or UDP protocols and the appropriate port numbers as defined on the device To sp...

Page 174: ...example the actual traffic rate is 45000 bytes sec then this allowance would be consumed within 10 seconds after which all traffic exceeding the allocated 40000 bytes sec is dropped If the actual tra...

Page 175: ...raffic from the LAN voice interface and limits bandwidth Rule 5 Blocks all other traffic Configuring Firewall Rules to Allow Incoming OVOC Traffic If the device needs to communicate with AudioCodes OV...

Page 176: ...on figured for file trans fer Allo w 0 0 0 N 5 QoE OV OC IP addre ss 5000 32 0 0 tcp Enabl e inter face con figured for QoE Allo w 0 0 0 N 6 QoE secur ed OV OC IP addre ss 5001 32 0 0 tcp Enabl e inte...

Page 177: ...s required see Configuring TLS Certificate Contexts 2 Assign the TLS Context to a Proxy Set or SIP Interface see Configuring Proxy Sets and Configuring SIP Interfaces respectively 3 Configure a SIP In...

Page 178: ...age e g by entering meaningless or wrong information with the goal of exploiting a buffer overflow at the target Such messages can be used to probe for vulnerabilities at the target Message flow tampe...

Page 179: ...he WAN DEFAULT_PROXY IDS Policy for proxy server DEFAULT_GLOBAL IDS Policy with global thresholds You can edit and delete the default IDS Policies If the IDS Policies table is empty i e you have delet...

Page 180: ...equired IDS Policy row and then click the IDS Rule link located below the table the IDS Rule table opens 6 Click New the following dialog box appears The figure above shows a configuration example If...

Page 181: ...ote authentication SIP 401 407 is sent if original message includes authentication 4 Dialog establish failure SIP dialog establishment e g INVITE failure which includes the following Classification fa...

Page 182: ...hold interval in seconds during which the device counts the attacks to check if a threshold is crossed The counter is automatically reset at the end of the interval The valid range is 1 to 1 000 000 T...

Page 183: ...malicious attacks from specified subnet addresses You can configure up to 20 IDS Policy Matching rules The following procedure describes how to configure the IDS Match table through the Web interface...

Page 184: ...f a Proxy Set has multiple IP addresses the device considers the Proxy Set as one entity and includes all its IP addresses in the same IDS count Subnet subnet IDSMatch_Subnet Defines the subnet to whi...

Page 185: ...rm Clear Period field IDSAlarmClearPeriod enter the timeout in seconds after which the alarm is cleared if no IDS thresholds have been crossed during the timeout 3 Click Apply However this quiet timeo...

Page 186: ...invalid msg len Any SIP parser error malformed parse error Message policy match malformed message policy Basic headers not present malformed miss header Content length header not present for TCP malf...

Page 187: ...as reasons for SIP dialog establishment failures To configure SIP responses to exclude from IDS 1 Open the IDS General Settings page Setup menu Signaling Media tab Intrusion Detection folder IDS Gener...

Page 188: ...d signal 3 Click Apply Configuring Echo Cancellation The device supports adaptive linear line echo cancellation according to G 168 2002 Echo cancellation is a mechanism that removes echo from the voic...

Page 189: ...o configure echo cancellation 1 Configure line echo cancellation a Open the Voice Settings page Setup menu Signaling Media tab Media folder Voice Settings b From the Echo Canceller drop down list Enab...

Page 190: ...nables Aggressive NLP at the first 0 5 second of the call Fax and Modem Capabilities This section describes the device s fax and modem capabilities and corresponding configuration The fax and modem co...

Page 191: ...tion see RFC 2833 ANS Report upon Fax Modem Detection Adaptations refer to automatic reconfiguration of certain DSP features for handling fax modem streams differently than voice T 38 Fax Relay Mode I...

Page 192: ...packets from the internal network To resolve this problem the device should be configured to send CNG packets in T 38 upon CNG signal detection CNGDetectorMode 1 Automatically Switching to T 38 Mode w...

Page 193: ...ly without its headers i e includes only fax data in the sent RTP packet RFC 4612 The T 38 over RTP method also depends on call initiator Device initiates a call The device always sends the SDP offer...

Page 194: ...re INVITE with G 711 VBD with the following adaptations Echo Canceller on Silence Compression off Echo Canceller Non Linear Processor Mode off Dynamic Jitter Buffer Minimum Delay 40 Dynamic Jitter Buf...

Page 195: ...ype parameter to Enable Bypass V22ModemTransportType 2 Set the V 23 Modem Transport Type parameter to Enable Bypass V23ModemTransportType 2 Set the V 32 Modem Transport Type parameter to Enable Bypass...

Page 196: ...100 X NSE 8000 The Cisco gateway must include the following definition modem passthrough nse payload type 100 codec g711alaw To configure NSE mode 1 On the Fax Modem CID Settings page do the followin...

Page 197: ...or to 13 and to enable echo cancellation for fax and disable it for modem To configure fax modem transparent mode 1 On the Fax Modem CID Settings page do the following Set the Fax Transport Mode param...

Page 198: ...38 see Relay Mode for T 30 and V 34 Faxes To configure whether to pass V 34 over T 38 fax relay or use Bypass over the High Bit Rate coder e g PCM A Law use the V 34 Fax Transport Type parameter V34F...

Page 199: ...e do the following Set the Fax Transport Mode parameter to T 38 Relay FaxTransportMode 1 Set the V 22 Modem Transport Type parameter to Disable V22ModemTransportType 0 Set the V 23 Modem Transport Typ...

Page 200: ...1 i e relay 5 Set the ini file parameter T38MaxDatagramSize to 560 default The T 38 negotiation should be completed at call start according to V 152 procedure as shown in the INVITE example below T 38...

Page 201: ...ilities is exchanged in the outgoing SDP These capabilities include whether VBD is supported and associated RTP payload types gpmd SDP attribute supported codecs and packetization periods for all code...

Page 202: ...egular intervals in order to produce continuous speech As long as delays in the network do not change jitter by more than 10 msec from one packet to the next there is always a sample in the buffer for...

Page 203: ...ype defines the RTP redundancy packet payload type according to RFC 2198 3 Click Apply Configuring RTP Base UDP Port You can configure the range pool of local UDP ports from which the device allocates...

Page 204: ...RTP RTCP Settings 2 In the RTP Base UDP Port field configure the lower boundary of the UDP port range 3 Click Apply and then reset the device with a save to flash for your settings to take effect The...

Page 205: ...using the G 711 coder The X Detect header is used for event detection as follows X Detect header in the INVITE message received from the application server requesting a specific event detection X Dete...

Page 206: ...ps AMD based Detection The device uses its beep detector that is integrated in the AMD feature You can configure the beep detection timeout and beep detection sensitivity level for more information se...

Page 207: ...95240 To sipp sip sipp 172 22 2 9 5060 tag 1 Call ID 1 29758 172 22 2 9 CSeq 1 INFO Contact sip 56700 172 22 168 249 Supported em timer replaces path resource priority Allow REGISTER OPTIONS INVITE AC...

Page 208: ...END d The application server sends its message to leave on the answering message Example 2 This example shows a SIP call flow for event detection and notification of the beep of an answering machine a...

Page 209: ...yed by an answering machine at the end of its greeting message For more information see Detecting Answering Machine Beeps The device s default AMD feature is based on voice detection for North America...

Page 210: ...nsitivity level that is more sensitive to human than machine In addition this allows you to tweak your sensitivity to meet local regulatory rules designed to protect consumers from automatic dialers w...

Page 211: ...Calls Success Rate for Answering Machine 0 Best for Answering Machine 72 97 1 77 96 2 79 95 3 80 95 4 84 94 5 86 93 6 87 92 7 88 91 8 90 89 9 90 88 10 91 87 11 94 78 12 94 73 13 95 65 14 96 62 15 Bes...

Page 212: ...ed parameters see IP Media Parameters Automatic Gain Control AGC Automatic Gain Control AGC adjusts the energy of the output signal to a required level volume This feature compensates for near far gai...

Page 213: ...P requires a cryptographic key exchange mechanism to negotiate the keys To negotiate the keys the device supports the Session Description Protocol Security Descriptions SDES protocol according to RFC...

Page 214: ...ypto 1 AES_CM_128_HMAC_SHA1_80 inline PsKoMpHlCg b5X0YLuSvNrImEh dAe a crypto 2 AES_CM_128_HMAC_SHA1_32 inline IsPtLoGkBf9a c6XVzRuMqHlDnEiAd The device also supports symmetric MKI negotiation whereby...

Page 215: ...ween WebRTC client and peer For more information on WebRTC see WebRTC In contrast to SDES DTLS key encryption is done over the media channel UDP not signaling Thus DTLS SRTP is generally known as secu...

Page 216: ...and for the IP Group associated with the SIP entity assign it the TLS Context for DTLS using the DTLS Context parameter IPGroup_ DTLSContext 3 Open the IP Profiles table see Configuring IP Profiles an...

Page 217: ...addresses of the DHCP address pool the DHCP server detects this condition using an Address Resolution Protocol ARP request and temporarily blacklists the duplicated address You can also configure the...

Page 218: ...ional DHCP Options in the DHCP Option table they override the default ones which are configured in the DHCP Servers table For example if you configure Option 67 in the DHCP Option table the device use...

Page 219: ...dotted decimal format of the IP address pool range used by the DHCP server to allocate addresses The default value is 192 168 0 149 Note The IP address must belong to the same subnet as the associated...

Page 220: ...e IP address IPv4 of the primary NTP server that the DHCP server assigns to the DHCP client The value is sent in DHCP Option 42 Network Time Protocol Server The default value is 0 0 0 0 NTP Server 2 n...

Page 221: ...verride router address DhcpServer_ OverrideRouter Defines the IP address IPv4 in dotted decimal notation of the default router that the DHCP server assigns the DHCP client The value is sent in DHCP Op...

Page 222: ...ough the Web interface You can also configure it through ini file DhcpVendorClass or CLI configure network dhcp server vendor class To configure DHCP Vendor Class Identifiers 1 Open the DHCP Servers t...

Page 223: ...ini file DhcpOption or CLI configure network dhcp server option The additional DHCP Options configured in the DHCP Option table override the default ones which are configured in the DHCP Servers table...

Page 224: ...below 0 ASCII Default Plain text string e g when the value is a domain name 1 IP address IPv4 address 2 Hexadecimal Hexadecimal encoded string For example if you set the Value parameter to company com...

Page 225: ...nt with a different IP address upon each IP address lease renewal request the DHCP server assigns the client the same IP address For DHCP clients that are not listed in the table the DHCP server assig...

Page 226: ...ring of up to 20 characters The format includes six groups of two hexadecimal digits each separated by a colon The default MAC address is 00 90 8f 00 00 00 Viewing and Deleting DHCP Clients The DHCP C...

Page 227: ...to confirm deletion SIP based Media Recording The device can record SIP based media call sessions traversing it The media recording support is in accordance with the Session Recording Protocol SIPRec...

Page 228: ...h of the Communication Session CS to a Session Recording Server SRS at the recording equipment The device functions as the SRC sending recording sessions to a third party SRS as shown in the figure be...

Page 229: ...e SRSs For SRS redundancy the device sends SIP signaling to all SRSs active and standby but sends RTP only to the active SRSs If during a recorded call session the standby SRS detects that the active...

Page 230: ...One standalone SRS SIPREC 10 Two standalone SRSs SIPREC 20 One active standby redundancy pair SIPREC 10 SIPRECRED 10 Two active standby redundancy pairs SIPREC 20 SIPRECRED 20 One standalone SRS and t...

Page 231: ...in real life scenarios INVITE sip VSRP 1 9 64 253 SIP 2 0 Via SIP 2 0 UDP 192 168 241 44 5060 branch z9hG4bKac505782914 Max Forwards 10 From sip 192 168 241 44 tag 1c505764207 To sip VSRP 1 9 64 253 C...

Page 232: ...182052092 session 0000 0000 0000 0000 00000000d0d71a52 nameID aor 182052092 voicelab local nameID associate time 2010 01 24T01 11 57Z associate time recv 00000000 0000 0000 0000 1CF23A36C4E3 recv send...

Page 233: ...re up to 30 SIP based media recording rules A SIP Recording rule defines call routes that you want to record For an overview of the feature see SIP based Media Recording To view the total number of cu...

Page 234: ...IP Group recorded ip group name SIPRecRouting_ RecordedIPGroupName Defines the IP Group participating in the call and the recording is done on the leg interfacing with this IP Group To configure IP G...

Page 235: ...ll IP Groups are defined Any Caller caller SIPRecRouting_Caller Defines which calls to record according to which party is the caller 0 Both Default Caller can be peer or recorded side 1 Recorded Party...

Page 236: ...see Configuring Message Condition Rules on page 484 click New and then configure a Message Condition rule with the following properties Index 0 Name CallRec Condition srctags record 3 In the SIP Reco...

Page 237: ...s sends its proprietary X Genesys CallUUID header which identifies the session in the first SIP message typically in the INVITE and the first 18x response If the device receives a SIP message with Gen...

Page 238: ...ules see Configuring SIP Message Manipulation on page 478 to add them to these INVITE messages The following examples describe how to configure this using Message Manipulation rules Example 1 Adding a...

Page 239: ...regular expression with manipulation rules for extracting each header a comma is used to separate headers Parameter Value Index 0 Name Store headers in var session Manipulation Set ID 11 Message Type...

Page 240: ...IP Group of the SRS configure the Outbound Message Manipulation Set parameter to 12 i e rules configured in Index 1 2 and 3 RADIUS based Services The device supports Remote Authentication Dial In Use...

Page 241: ...or RADIUS based accounting By setting the relevant port authentication or accounting to 0 disables the corresponding functionality If both ports are configured the RADIUS server is used for authentica...

Page 242: ...three servers per service type and per local port up to 2 local ports For example 402 201 2 concurrent RADIUS requests can be sent for Authentication and 402 201 2 for Accounting The following proced...

Page 243: ...diusServers_ SharedSecret Defines the shared secret password for authenticating the device with the RADIUS server This should be a cryptically strong password The shared secret is also used by the RAD...

Page 244: ...r To configure the RADIUS Vendor ID 1 Open the Authentication Server page Setup menu Administration tab Web CLI folder Authentication Server 2 Under the RADIUS group in the RADIUS VSA Vendor ID field...

Page 245: ...Third Party RADIUS Server Configure the device as a RADIUS client for communication with the RADIUS server see Configuring RADIUS Authentication Setting Up a Third Party RADIUS Server The following pr...

Page 246: ...User Password 123456 Service Type Login User ACL Auth Level ACL Auth UserLevel 4 Record and retain the IP address port number shared secret code vendor ID and VSA access level identifier if access le...

Page 247: ...gured but connectivity with the server is down if the server is up the device authenticates the user with the server Always First attempts to authenticate the user using the Local Users table but if n...

Page 248: ...responses in its local cache The cache is used for subsequent queries and or in case of LDAP server failure For more information see Configuring the Device s LDAP Cache If connection with the LDAP ser...

Page 249: ...use different LDAP service accounts for user authentication and user authorization Management type LDAP server This LDAP server account is used only for user authentication For more information about...

Page 250: ...the CLI privileged mode To enable LDAP based login authentication 1 Open the Authentication Server page Setup menu Administration tab Web CLI folder Authentication Server 2 Under the LDAP group from...

Page 251: ...nagement Service type LDAP Server Group instead of for the Management type LDAP Server Group The following procedure describes how to configure an LDAP Server Group through the Web interface You can a...

Page 252: ...archDnsMethod Defines the method for querying the Distinguished Name DN objects within each LDAP server 0 Sequential Default The query is done in each DN object one by one until a result is returned F...

Page 253: ...first configure at least one LDAP Server Group in the LDAP Server Groups table see Configuring LDAP Server Groups To configure an LDAP server 1 Open the LDAP Servers table Setup menu IP Network tab RA...

Page 254: ...LDAP server By default no value is defined and the device uses the default TLS Context ID 0 To configure TLS Contexts see Configuring TLS Certificate Contexts Note The parameter is applicable only if...

Page 255: ...nnection with the LDAP server uses TLS 0 No Default No certificate verification is done 1 Yes The device verifies the authentication of the certificate received from the LDAP server The device authent...

Page 256: ...es the LDAP server s bind Distinguished Name DN or username LDAP based SIP queries The DN is used as the username during connection and binding to the LDAP server The DN is used to uniquely name an AD...

Page 257: ...ault is 0 i e if there is no activity on the connection the device does not send abandon requests and the LDAP server may disconnect Note The parameter is applicable only to LDAP connections that are...

Page 258: ...groups of which the user is a member The LDAP query is based on the following LDAP data structure Search base object distinguished name or DN e g ou ABC dc corp dc abc dc com The DN defines the locat...

Page 259: ...user is a member and you have configured different access levels for some of these groups the device assigns the user the highest access level For example if the user is a member of two groups where...

Page 260: ...name the user is assigned the corresponding access level and login is permitted otherwise login is denied Once the LDAP response has been received success or failure the LDAP session terminates The f...

Page 261: ...handling of LDAP queries using the device s LDAP cache is shown in the flowchart below If an LDAP query is required for an Attribute of a key that is already cached with that same Attribute instead of...

Page 262: ...ollowing procedure describes how to configure the device s LDAP cache through the Web interface For a full description of the cache parameters see LDAP Parameters To enable and configure the LDAP cach...

Page 263: ...o refresh the LDAP cache per LDAP Server Group 1 Open the LDAP Settings page Setup menu IP Network tab RADIUS LDAP folder LDAP Settings 2 Under the Cache Actions group do the following a From the LDAP...

Page 264: ...igned to the user is also determined by the Local Users table This feature is applicable to LDAP and RADIUS This feature is applicable only to user management authentication To use the Local Users tab...

Page 265: ...ies to LDAP based user login authentication and authorization access level and assumes that you are familiar with other aspects of LDAP configuration e g LDAP server s address The LDAP server s entry...

Page 266: ...Mediant 4000 SBC User s Manual Management Attribute memberOf The attribute contains the member groups of the user Management Group mySecAdmin The group to which the user belongs as listed under the me...

Page 267: ...management is enabled in the LDAP Server Groups table see Configuring LDAP Server Groups The DN is configured in the LDAP Server Search Base DN table see Configuring LDAP DNs Base Paths per LDAP Serv...

Page 268: ...nt LDAP Groups table see Configuring Access Level per Management Groups Attributes Enabling LDAP Searches for Numbers with Characters Typically the device performs LDAP searches in the AD for complete...

Page 269: ...iness Typically companies wishing to deploy Microsoft Skype for Business formerly known as Lync are faced with a complex call routing dial plan when migrating users from their existing PBX or IP PBX t...

Page 270: ...ing as a primary key instead of the one defined in MSLDAPPBXNumAttributeName It requests the attributes which are described below 2 If the primary query is not found in the AD and the Secondary Key is...

Page 271: ...sed on the LDAP query result The device routes the call according to the following priority a Private line If the query is done for the private attribute and it s found the device routes the call acco...

Page 272: ...procedure describes how to configure outbound IP routing based on LDAP queries To configure LDAP based IP routing for Skype for Business 1 Configure the LDAP server parameters as described in Configur...

Page 273: ...AP server by setting the Destination Type field to LDAP for denoting the IP address of the LDAP server d For alternative routing enable the alternative routing mechanism and configure corresponding SI...

Page 274: ...Overview The LCR feature enables the device to choose the outbound IP destination routing rule based on lowest call cost This is useful in that it enables service providers to optimize routing costs f...

Page 275: ...ting table and each one is assigned a different Cost Group as listed in the table above then the rule assigned Cost Group D is selected Note that for one minute Cost Groups A and D are identical but d...

Page 276: ...st it is selected as the cheapest route Index 4 Cost Group B is only second matched rule Index 1 is the first Example 3 This example shows how the cost of a call is calculated if the call spans over m...

Page 277: ...through the Web interface You can also configure it through ini file CostGroupTable or CLI configure voip sip definition least cost routing cost group To configure a Cost Group 1 Open the Cost Groups...

Page 278: ...le lets you configure Time Bands per Cost Group A Time Band defines a day and time range e g from Saturday 05 00 to Sunday 24 00 and a fixed call connection charge and call rate per minute for this in...

Page 279: ...UN MON TUE WED THU FRI or SAT hh and mm denote the time of day where hh is the hour 00 23 and mm the minutes 00 59 For example SAT 22 00 denotes Saturday at 10 pm End Time end time CostGroupTimebands_...

Page 280: ...y status includes the following IP Group Connectivity Status is reported when the keep alive mechanism enabled for the associated Proxy Set detects that the IP Group is unavailable or when CAC thresho...

Page 281: ...eb service 1 Open the Remote Web Services table Setup menu IP Network tab Web Services folder Remote Web Services 2 Click New the following dialog box appears 3 Configure a remote Web service accordin...

Page 282: ...tus and Topology Status services If you do no configure the parameter to QoS the device sends QoS reports to the Topology server Path rest path HTTPRemoteServices_Path Defines the path prefix to the R...

Page 283: ...oup that has the highest priority e g Group 0 becomes available again the device sends the traffic to the host in this group 2 Sticky Next The device initially attempts to send traffic to the group of...

Page 284: ...ifyCertificate Enables certificate verification when connection with the host is based on HTTPS 0 Disable Default No certificate verification is done 1 Enable The device verifies the authentication of...

Page 285: ...TP REST keep alive messages are sent by the device if no other messages are sent Keep alive messages may be required for HTTP services that expire upon inactive sessions For Remote Web Service whose T...

Page 286: ...s link located below the table the HTTP Remote Hosts table appears 3 Click New the following dialog box appears 4 Configure an HTTP remote host according to the parameters described in the table below...

Page 287: ...PRemoteHosts_ Port Defines the port of the host The valid value is 0 to 65535 The default is 80 Interface rest interface HTTPRemoteHosts_ Interface Assigns one of the device s IP network interfaces th...

Page 288: ...ices The Routing server can be used to handle SBC Tel to IP and IP to Tel calls Employing a Routing server replaces the need for the device s routing tables IP to IP Routing table for SBC calls to det...

Page 289: ...Routing server is through the device s embedded Representational State Transfer RESTful API The RESTful API is used to manage the routing related information exchanged between the Routing server RESTf...

Page 290: ...uting server If 3xx is received for any of the forked destinations the device handles it after all the forked INVITEs have been terminated Call Status The device can report call status to the Routing...

Page 291: ...er local remote MOS local remote audio bandwidth Rx Tx video bandwidth Rx Tx and total bandwidth Rx Tx The device collects QoS metrics for both incoming call traffic and outgoing traffic from the remo...

Page 292: ...P server the device adds the value of the HTTP response body Alice to the From header in the outgoing SIP message To configure an HTTP GET operation 1 Open the Remote Web Services table and then confi...

Page 293: ...Dec 2017 14 35 21 GMT Server nginx 1 8 1 Content Length 6 Connection keep alive Alice 4 Outgoing SIP message INVITE sip 2000 10 7 7 246 user phone SIP 2 0 Via SIP 2 0 UDP 10 7 7 246 5060 branch z9hG4...

Page 294: ...s retrieve their configuration and firmware files from remote file servers Upstream Hosts and where the device HTTP Proxy intermediates between the two The HTTP hosts are located in the cloud and the...

Page 295: ...NAT that are managed by the AudioCodes OVOC server For more information see Configuring an HTTP based OVOC Service on page 278 Enabling the HTTP Proxy Application Before you can configure HTTP based p...

Page 296: ...y DNS Server IP field enter the IP address of your main DNS server 3 Optional In the Secondary DNS Server IP field enter the IP address of the secondary DNS server 4 Click Apply Configuring HTTP Proxy...

Page 297: ...he row in other tables The valid value is a string of up to 40 characters By default no value is defined Note Each row must be configured with a unique name The parameter is mandatory The parameter va...

Page 298: ...configure TLS Contexts see Configuring TLS Certificate Contexts on page 124 Note The NGINX directives for this parameter is tls context ssl_ certificate ssl_certificate_key ssl_ciphers ssl_protocols...

Page 299: ...received from the keep alive the device checks connectivity with the next resolved IP address and so on until a response is received Configuring HTTP Locations The HTTP Locations table lets you config...

Page 300: ...RL Pattern Type parameter see below The NGINX directive for this parameter is location modifier pattern URL Pattern Type url pattern type HTTPLocation_ URLPatternType Defines the type of URL pattern u...

Page 301: ...s see Configuring Upstream Groups on page 272 Note The NGINX directive for this parameter is proxy_pass scheme upstream Upstream Path upstream path HTTPLocation_ UpstreamPath Defines a path to prepend...

Page 302: ...f ok allows communication with the HTTPS location If authentication fails the device denies communication i e handshake fails The device can also authenticate the certificate by querying with an Onlin...

Page 303: ...is mandatory Additional Directive Set directive set TcpUdpServer_ AdditionalDirectiveSet Assigns an NGINX Directive Set for the HTTP service To con figure HTTP Directive Sets see Configuring HTTP Dire...

Page 304: ...and ssl_password_file Upstream Parameters Upstream Group upstream group TcpUdpServer_ UpstreamGroup Assigns a group of servers Upstream Group to which to forward connection requests To configure Upst...

Page 305: ...ails The device can also authenticate the certificate by querying with an Online Certificate Status Protocol OCSP server whether the certificate has been revoked This is also configured for the associ...

Page 306: ...value is defined Note Each row must be configured with a unique name The NGINX directive for this parameter is upstream name The parameter is mandatory The parameter value cannot contain a forward sla...

Page 307: ...stream Group Up to 5 Upstream Hosts can be configured per Upstream Group The following procedure describes how to configure Upstream Hosts through the Web interface You can also configure it through i...

Page 308: ...e valid range is 1 to 100 The default is 1 i e each host in the Upstream Group has equal weight Note The NGINX directive for this parameter is server ip port weight n Max Connections max connections U...

Page 309: ...he device is configured with an HTTP Directive Set for rate limiting This directive ensures that priority is given to network traffic carrying SIP signaling and media over HTTP traffic It is highly re...

Page 310: ...e up to 500 HTTP Directives The table is a child of the HTTP Directive Sets table see Configuring HTTP Directive Sets on page 275 The following procedure describes how to configure HTTP Directives thr...

Page 311: ...listed below 1 Enable the HTTP Proxy application see Enabling the HTTP Proxy Application 2 Configure two local listening IP network interfaces one for OVOC and one for the IP Phones see Configuring I...

Page 312: ...default no value is defined Note Each row must be configured with a unique name The parameter is mandatory Device Device Login Interface device login interface OVOCService_ DeviceLoginInterface Assig...

Page 313: ...ificate store associated with the assigned TLS Context see Device Login TLS Context parameter above and if ok allows communication with the client If authentication fails the device denies communicati...

Page 314: ...the trusted root certificate store associated with the assigned TLS Context see OVOC Interface TLS Context parameter above and if ok allows communication with OVOC If authentication fails the device...

Page 315: ...ng with the previous valid NGINX configuration unless the device is restarted in which case it applies and uses the modified configuration In addition if an NGINX validation error exists during config...

Page 316: ...siness environment and the E9 1 1 emergency provider The ELIN feature for E9 1 1 is a license based feature and is available only if it is included in the License Key installed on the device For order...

Page 317: ...for Business and E9 1 1 Microsoft Skype for Business enables Enterprise voice users to access its unified communications platform from virtually anywhere and through many different devices This togeth...

Page 318: ...ess Control MAC address Depends on network connectivity Wireless access point WAP Basic Service Set Identifier BSSID Link Layer Discovery Protocol Media Endpoint Discovery LLDP MED chassis ID and port...

Page 319: ...rt ChassisID PortIDSubType PortID Description Location CompanyName HouseNumber HouseNumberSuffix PreDirectional StreetName StreetSuffix PostDirectional City State PostalCode Country Switch ChassisID D...

Page 320: ...address match in the ALI database lookup The ERL defines a specific location at a street address for example the floor number of the building at that address The geographical size of an ERL is accordi...

Page 321: ...numbers into ELIN numbers sent toward the PSAP The device handles the received E9 1 1 calls as follows 1 The device identifies E9 1 1 calls if the incoming SIP INVITE message contains a PIDF LO XML me...

Page 322: ...The SIP Content Type header indicating the PIDF LO and the NAM field listing the ELINs are shown in bold typeface INVITE sip 911 phone context Redmond 192 168 1 12 user phone SIP 2 0 From voip_911_us...

Page 323: ...LocationPolicyTagID 2008 user tagid LocationPolicyTagID ms msftE911PidfExtn status timestamp 1991 09 22T13 37 31 03 timestamp tuple presence _NextPart_000_4A6D_01CAB3D6 7519F890 Pre empting Existing C...

Page 324: ...e call to the E9 1 1 caller and instead either sends it as a regular call or most likely rejects it if there are no matching routing rules However if another E9 1 1 caller has subsequently been proces...

Page 325: ...s Configuring the E9 1 1 Callback Timeout The PSAP can use the ELIN to call back the E9 1 1 caller within a user defined time interval in minutes from when the initial call established with the PSAP h...

Page 326: ...ce are Skype for Business users and John makes or receives a call on a mobile device Alice is able to see that John is in a call even though the call is not on a native Skype for Business endpoint Onc...

Page 327: ...ID 1284896643279201635736 10 33 221 57 CSeq 1 PUBLISH Via SIP 2 0 TLS 10 33 221 57 5061 alias received 10 33 221 57 ms received port 48093 ms received cid 4900 SIP ETag 2545777538 1 1 Expires 600 Con...

Page 328: ...the Skype for Business Topology as a Trusted Application Detailed configuration of Skype for Business Server is beyond the scope of this document Before performing the below procedure make sure that...

Page 329: ...cmdlet to publish and enable your new topology Enable CsTopology Configuring the Device for Skype for Business Presence The following procedure describes how to configure the device for notifying Skyp...

Page 330: ...d then in the Presence Publish IP Group ID field enter the IP Group ID of the Skype for Business Server that you configured in Step 4 above 6 Configure the Skype for Business LDAP server Active Direct...

Page 331: ...ttr ipPhone ldap attr ipPhone 8 Configure routing rules to route the calls in the network 9 Configure IP Groups to represent your call party entities and assign them the group of Call Setup Rules Set...

Page 332: ...gs on the device and on OVOC are identical OVOC uses the following default settings Trap port 162 SNMPv2 public for the read community string private for read write community string and trapuser for t...

Page 333: ...or normal HA mode when both OVOC servers are in the same subnet a single OVOC server global virtual address is used for all network components OVOC clients and managed devices In such a setup you need...

Page 334: ...DNs the device uses only the first DNS resolved IP address from each FQDN Secondary OVOC Address secondary server name QOESettings_ SecondaryServerName Defines the address of the secondary OVOC server...

Page 335: ...e certificate has been revoked This is configured for the assigned TLS Context Note The parameter is applicable only if the Use TLS parameter is configured to Enable Verify Certificate Subject Name ve...

Page 336: ...rt to OVOC see Configuring Quality of Experience Profiles Configuring Quality of Experience Profiles Quality of Experience Profiles enable you to effectively monitor the quality of voice calls travers...

Page 337: ...that indicates changes from Green or Red to Yellow Major Threshold Red Higher threshold that indicates changes from Green or Yellow to Red The device also uses hysteresis to determine whether the thre...

Page 338: ...Depending on the crossed threshold type you can configure the device to reject calls to the destination IP Group or use an alternative IP Profile for the IP Group For more information see Configuring...

Page 339: ...ity Level sensitivity level QOEProfile_ SensitivityLevel Defines the pre configured threshold profile to use 0 User Defined Need to define thresholds per monitored parameter in the Quality of Experien...

Page 340: ...s described below 1 Low Pre configured low sensitivity threshold values Thus reporting is done only if changes in parameters values are significant 2 Medium Default Pre configured medium sensitivity t...

Page 341: ...s configured by the Major Hysteresis Red parameter see below The valid threshold values are as follows MOS values are in multiples of 10 For example to denote a MOS of 3 2 the value 32 i e 3 2 10 must...

Page 342: ...es that bandwidth utilization has exceeded total bandwidth Bandwidth Profiles let you configure bandwidth thresholds which when crossed changes the color coded state for bandwidth utilization Green Ye...

Page 343: ...Yellow Minor alarm The change occurs if the current bandwidth crosses the configured Major threshold with hysteresis 57 600 Kbps 64 000 10 x 64 000 Yellow to Green alarm cleared The change occurs if...

Page 344: ...er tables The valid value is a string of up to 20 characters Note The parameter value cannot contain a forward slash Egress Audio Bandwidth egress audio bandwidth BWProfile_ EgressAudioBandwidth Defin...

Page 345: ...value is used Decrease in severity Red to Green or Yellow to Green This value is used with the hysteresis configured by the Hysteresis parameter see below Note The parameter applies to all your config...

Page 346: ...rnative Routing Reasons and the device rejects a call it searches in the IP to IP Routing table for an alternative routing rule When the device rejects calls to an IP Group based on a Quality of Servi...

Page 347: ...applies if the metric s threshold is crossed 0 Voice Quality Default The device calculates MOS of calls and if the threshold is crossed i e poor quality the configured action see Rule Action parameter...

Page 348: ...arameter to Major you can configure the parameter to any option When configured to Alternative IP Profile and the threshold is crossed the device changes the IP Profile for the entire IP Group for all...

Page 349: ...d the device can reject any new new calls on this Media Realm To configure Bandwidth Profiles see Configuring Bandwidth Profiles The Media Realms table provides the following child tables Remote Media...

Page 350: ...configured with a unique name The parameter value cannot contain a forward slash Topology Location topology location CpMediaRealm_ TopologyLocation Defines the display location of the Media Realm in...

Page 351: ...f media sessions for the configured port range By default no value is defined Port Range End port range end CpMediaRealm_ PortRangeEnd Read only field Displays the ending port for the range of media i...

Page 352: ...TP traffic on a specific Media Realm Each Remote Media Subnet can be assigned different call quality Quality of Experience Profile and bandwidth utilization Bandwidth Profile profiles These profiles a...

Page 353: ...alms table see Configuring Media Realms 2 Select the Media Realm row for which you want to add Remote Media Subnets and then click the Remote Media Subnet link located below the table the Remote Media...

Page 354: ...is 0 0 0 0 QoE Profile qoe profile RemoteMediaSubnet_ QOEProfileName Assigns a Quality of Experience Profile to the Remote Media Subnet By default no value is defined To configure QoE Profiles see Con...

Page 355: ...ons could be configured whereby one allocates 25 media sessions on interface LAN 1 and another 10 sessions on interface LAN 2 The Media Realm associated with these Media Realm Extensions would be assi...

Page 356: ...d to assign the Media Realm Extension with an IPv4 network interface IPv6 Interface Name MediaRealmExtension_ IPv6IF Assigns an IPv6 network interface configured in the IP Interfaces table to the Medi...

Page 357: ...ce is split into multiple logical devices For more information on multi tenant architecture see Multiple SRDs for Multi tenant Deployments As the device is shipped with a default SRD DefaultSRD at Ind...

Page 358: ...ology of Version 7 0 Below are the main changes in configuration topology when upgrading to Version 7 0 The SIP Interface replaces the associated SRD in several tables due to support for multiple SIP...

Page 359: ...ameter value cannot contain a forward slash Sharing Policy type SRD_SharingPolicy Defines the sharing policy of the SRD which determines whether the SRD shares its SIP resources SIP Interfaces Proxy S...

Page 360: ...ingHeaders SBCRemoteMultipleEarlyDialogs If the SBC Operation Mode parameter is configured in the IP Groups table the SBC Operation Mode parameter in the SRDs table is ignored SBC Routing Policy sbc r...

Page 361: ...s 1 which means that the number of allowed user registrations is unlimited User Security Mode block un reg users SRD_BlockUnRegUsers Defines the blocking reject policy for incoming SIP dialog initiati...

Page 362: ...hat have not been authenticated by a proxy registrar server due to proxy down and thus re routed to a User type IP Group In normal operation scenarios in which the proxy server is available the device...

Page 363: ...et to values associated with the filtered SRD The SRD filter also affects display of number of configured rows and invalid rows by status icons on table items in the Navigation tree The status icons o...

Page 364: ...olated SRDs are more relevant when each tenant needs its own separate dedicated routing table for non bleeding topology Separate routing tables are implemented using Routing Policies In such a non ble...

Page 365: ...automatically associated with the viewed tenant i e SRD name The display of tables and show running configuration commands display only rows relevant to the viewed tenant and shared tenants The show...

Page 366: ...uting Policy is also cloned and its clone is associated with the SRD clone All configuration entities associated with the original Routing Policy are also cloned and these clones are associated with t...

Page 367: ...IP Interface represents a Layer 3 network in your deployment environment by defining a local listening port number and type e g UDP and assigning an IP network interface for SIP signaling traffic For...

Page 368: ...uting rules for specifying the destination SIP Interface to where you want to route Tel to IP calls For more information see Configuring Tel to IP Routing Rules IP to Trunk Group Routing rules for spe...

Page 369: ...automatically assigns the name SIPInterface_ row index e g SIPInterface_1 when added to Index 1 Note The parameter value cannot contain a forward slash Topology Location topology location SIPInterfac...

Page 370: ...ter than 6999 Each SIP Interface must have a unique signaling port i e no two SIP Interfaces can share the same port no port overlapping TLS Port tls port SIPInterface_TLSPort Defines the device s lis...

Page 371: ...use the SIP Interface s Additional UDP Ports Mode parameter below The parameter s port range value must not overlap with the UDP port configured by the UDP Port parameter SIPInterface_UDPPort For exam...

Page 372: ...the Account s Serving IP Group or forwards a registration request from a user IP Group to a proxy Server type IP Group This option is applicable only to dynamic port allocation where a port is alloca...

Page 373: ...eRetry Used By Routing Server used by routing server SIPInterface_UsedByRoutingServer Enables the SIP Interface to be used by a third party routing server for call routing decisions 0 Not Used default...

Page 374: ...to defend the device against such attacks is to not send a SIP reject response to these unclassified calls so that the attacker assumes that no device exists at such an IP address and port Note The pa...

Page 375: ...of a REGISTER request when the source IP Group doesn t allow registers from the IP Group IPGroup Registration Mode Configuration Call Setup Rules Set ID call setup rules set id SIPInterface_CallSetup...

Page 376: ...n direct media the device does not interfere in the SIP signaling such as manipulation of IP addresses which is necessary for calls between LAN and WAN To enable direct media for all calls use the glo...

Page 377: ...locking reject policy for incoming SIP dialog initiating requests e g INVITE messages from registered and unregistered users belonging to the SIP Interface 1 Not Configured Default The corresponding p...

Page 378: ...istrar server due to proxy down and thus re routed to a User type IP Group In normal operation scenarios in which the proxy server is available the device forwards the REGISTER request to the proxy an...

Page 379: ...more information and recommended security guidelines see the parameter s description later in this section Classification of incoming SIP dialog initiating requests e g INVITE messages to IP Groups ba...

Page 380: ...table Setup menu Signaling Media tab Core Entities folder IP Groups 2 Click New the following dialog box appears 3 Configure an IP Group according to to the parameters described in the table below 4 C...

Page 381: ...group of users such as IP phones and softphones where their location is dynamically obtained by the device when REGISTER requests and responses traverse or are terminated by the device These users are...

Page 382: ...the IP Group Therefore routing to this IP Group is possible only once a REGISTER request is received i e IP Group is registered with the device If a REGISTER refresh request arrives the device update...

Page 383: ...m sessions on a specific interface for media traffic associated with the IP Group By default no value is defined To configure Media Realms see Configuring Media Realms Note If you delete a Media Realm...

Page 384: ...up was created by a third party routing server 0 No 1 Yes For more information on the third party routing server feature see Centralized Third Party Routing Server Used By Routing Server used by routi...

Page 385: ...1 Enable Default The device searches the Proxy Sets table for a Proxy Set that is configured with the same source IP address as that of the incoming INVITE if host name then according to the dynamical...

Page 386: ...es as a back to back user agent B2BUA changing the call identifiers and headers between the inbound and outbound legs 1 Call Stateful Proxy Device operates as a Stateful Proxy passing the SIP message...

Page 387: ...message s Via and Contact headers This is typically used to define an FQDN as the host name The device uses this string for Via and Contact headers in outgoing INVITE messages sent to a specific IP G...

Page 388: ...Default The device sends SIP requests according to the settings of the global parameter SIPNatDetection 1 Yes The device sends SIP requests and responses to the source IP address received in the previ...

Page 389: ...meter for routing the call For example if set to To the URI in the To header of the incoming INVITE is used as a matching characteristic for classifying the call to an IP Group in the Classification t...

Page 390: ...rface ID e g 10 33 3 3 5010 1 Key 2 The second key contains the incoming REGISTER message s URI user host of the Contact header source IP address port only if UDP and SIP Interface ID e g user host co...

Page 391: ...fault no value is defined To configure TLS Contexts see Configuring TLS Certificate Contexts Keep Original Call ID sbc keep call id IPGroup_ SBCKeepOriginalCallID Enables the device to use the same ca...

Page 392: ...termines whether the incoming SIP dialog is sent to this IP Group The parameter is used when IP to IP Routing rules are configured for destinations based on tags i e Destination Type parameter configu...

Page 393: ...r manipulation rule Manipulation Set ID to the IP Group as an Outbound Message Manipulation Set see the IPGroup_OutboundManSet parameter when the IP Group is the destination of the call Outbound Messa...

Page 394: ...s are not applied to the OPTIONS messages 1 Enable The following IP Group settings are applied if configured to the proxy keep alive SIP OPTIONS messages The IP Group s SIP Group Name parameter see ab...

Page 395: ...se of proxy load balancing there is no certainty to which IP address the request is routed 1 Enable The device always routes SIP requests INVITEs SUBSCRIBEs and REGISTER refreshes received from the us...

Page 396: ...tion for SBC User Database registrar stickiness is supported only when the user initiates the REGISTER request Therefore you must configure the Registration Mode parameter of the IP Group User type to...

Page 397: ...fter an HA switchover This feature is applicable only if the user initiates registration i e user sends the REGISTER request In other words the Registration Mode parameter of the IP Group of the user...

Page 398: ...and password then the device authenticates the user with the credentials in the User Information table see Configuring SBC User Information on page 447 If you have not configured any username and pas...

Page 399: ...service IPGroup_OAuthHTTPService Assigns a Remote Web Service to the IP Group The Remote Web Service represents the OAuth Authorization server which the device uses to authenticate incoming SIP reque...

Page 400: ...table a child of the Proxy Sets table configured as IP addresses in dotted decimal notation and or DNS hostnames FQDN Each Proxy Set supports up to 15 DNS resolved IP addresses Each Proxy Set support...

Page 401: ...ple IP Groups belonging to the same SRD It is recommended to classify incoming SIP dialogs to IP Groups based on Classification rules see Configuring Classification Rules on page 535 instead of based...

Page 402: ...table To configure SRDs see Configuring SRDs General Index configure voip voip network proxy set ProxySet_Index Defines an index number for the new table row Note Each row must be configured with a un...

Page 403: ...se the default TLS Context ID 0 is used Outgoing calls If the Transport Type parameter is set to TLS and the outgoing call is sent to an IP Group that is associated with this Proxy Set this TLS Contex...

Page 404: ...CRLF Keep Alive feature using the UsePingPongKeepAlive parameter If you enable proxy keep alive using SIP OPTIONS messages Using OPTIONS you can also enable the device to apply various settings e g SI...

Page 405: ...ful response from the proxy it sends another 1st keep alive after 5 seconds and if successful sends another 2nd keep alive after 5 seconds and if successful sends another 3rd keep alive after 5 second...

Page 406: ...roxy Address table below Proxy Hot Swap is proxy hot swap ProxySet_ IsProxyHotSwap Enables the Proxy Hot Swap feature whereby if the device sends a SIP message INVITE or REGISTER to the proxy and the...

Page 407: ...e order of the IP address entries in the list occurs all load statistics are erased and balancing starts over again 2 Random Weights The outgoing requests are not distributed equally among the proxy s...

Page 408: ...1 1 1 5070 and the parameter is configured to IP Address Port Transport Type classification to the correct IP Group is achieved Therefore when classification is by Proxy Set pay attention to the conf...

Page 409: ...APTR NAPTR query is done If successful an SRV query is sent according to the information received in the NAPTR response If the NAPTR query fails an SRV query is done according to the configured transp...

Page 410: ...esses it is highly recommended to configure each Proxy Set with a unique IP address Configuring multiple Proxy Sets with the same IP address can cause problems classifying incoming SIP requests to sou...

Page 411: ...arameter Proxy Random Weight weight ProxyIp_Weight Defines the weight of the proxy The valid value is 0 to 65535 where 0 is the highest weight and 65535 the lowest The default is 0 Note The parameter...

Page 412: ...e LAN Indicates the internal network e g inside the company To modify a demarcation name do the following 1 Click the demarcation name the name becomes editable in a text box as shown in the example b...

Page 413: ...using the following SIP Interface titled icon which includes the name and row index number If you hover your mouse over the icon a pop up appears displaying the following basic information example If...

Page 414: ...If you hover your mouse over the icon a pop up appears displaying the following basic information example If you click the icon a drop down menu appears listing the following commands Edit Opens a di...

Page 415: ...s or as when no IP Groups exist on a topology border or as when there are no IP Groups at all The IP Groups table opens with a new dialog box for adding a IP Group to the next available index row 2 Co...

Page 416: ...red SBC configuration Classification Opens the Classification table where you can configure Classification rules see Configuring Classification Rules Number Manipulation Opens the Outbound Manipulatio...

Page 417: ...use specific coders or coder settings e g packetization time for different calls entities you need to configure a Coder Group for each entity and then assign each Coder Group to an IP Profile see Conf...

Page 418: ...sing the narrowband Opus coder Alternatively if one leg uses a wideband coder e g G 722 and the other leg uses the Opus coder the device maintains the wideband coder flavor by using the wideband Opus...

Page 419: ...es how many coder payloads are combined into a single RTP packet For ptime see Supported Audio Coders Rate rate AudioCoders_rate Defines the bit rate in kbps for the coder For rates see Supported Audi...

Page 420: ...6 60 8 80 9 90 10 100 12 120 Rate kbps Payload Type Silence Suppression G 711 A law g711 alaw 1 10 20 default 30 40 50 60 80 100 120 90 64 8 0 Disable default 1 Enable G 711 U law g711 ulaw 2 10 20 d...

Page 421: ...ble only to rate 56 kbps payload can be changed G 723 1 g723 1 0 30 default 60 90 120 150 7 5 3 default 11 6 3 4 0 Disable default 1 Enable G 726 g726 5 10 20 default 30 40 50 60 80 43 16 57 24 64 32...

Page 422: ...41 15 85 48 18 25 49 19 85 53 23 05 55 23 8 default Dynamic 0 Disable 1 Enable iLBC ilbc 19 20 default 40 60 80 100 120 39 15 default Dynamic default 65 0 Disable 1 Enable 30 default 60 90 120 34 13 S...

Page 423: ...ach Allowed Audio Coders Group you can configure up to 10 audio coders The coders can include pre defined coders and user defined string coders for non standard or unknown coders Allowed Audio Coders...

Page 424: ...as the lowest priority For more information see Prioritizing Coder List in SDP Offer The Allowed Audio Coders Group for coder restriction takes precedence over the Coder Group for extension coders In...

Page 425: ...in other tables The valid value is a string of up to 40 characters Note Each row must be configured with a unique name The parameter value cannot contain a forward slash Allowed Audio Coders Table Ind...

Page 426: ...ce of the coders listed in the Allowed Video Coders Group determines the priority preference of the coders in the SDP offer The device arranges the SDP offer s coder list according to their order in t...

Page 427: ...roups_ Name Defines a descriptive name which is used when associating the row in other tables The valid value is a string of up to 40 characters Note Each row must be configured with a unique name The...

Page 428: ...e IP Profiles table have a corresponding global parameter For calls that are not associated with any IP Profile the settings of the global parameters are applied You can also use IP Profiles when usin...

Page 429: ...and SRTP media lines are removed from the incoming offer answer 3 Both Each offer answer is extended if not already to two media lines one RTP and the other SRTP If two SBC legs after offer answer ne...

Page 430: ...kEklu4kSJyl3wCtYeZLq1 QFuxw 2 31 1 1 If the device selects a crypto line that does not contain the MKI parameter then the MKI parameter is not included in the crypto line in the SDP answer even if the...

Page 431: ...the following for the SIP entity TLS Context for DTLS see Configuring TLS Certificate Contexts The server cipher Cipher Server must be configured to All IpProfile_SBCMediaSecurityBehaviourMedia config...

Page 432: ...ty associated with the IP Profile The SDP field defines the lifetime of the master key as measured in maximum number of SRTP or SRTCP packets using the master key 0 No Default The device retains the l...

Page 433: ...or 183 for forwarding early media to the caller for the SIP entity associated with the IP Profile 0 Transparent Default All early media response types are supported the device forwards all responses a...

Page 434: ...Device sends the multiple SDP answers with different To header tags to the SIP entity In other words the SIP entity supports standard multiple SDP answers with different To header tags In this case th...

Page 435: ...her the destination UA can play a local ringback tone 0 No UA does not support local ringback tone The device sends 18x with delayed SDP to the UA 1 Yes Default UA supports local ringback tone For the...

Page 436: ...Payload Types to Handle as Valid Packet and Forward Invalid RTP Packets to Forward Packets Note To implement transcoding you must configure the number of required DSP channels for transcoding using th...

Page 437: ...ee Restricting Coders Allowed Video Coders allowed video coders group name IpProfile_ SBCAllowedVideoCodersGroup Name Assigns an Allowed Video Coders Group This defines permitted video coders when for...

Page 438: ..._ SBCRFC2833Behavior Defines the handling of RFC 2833 SDP offer answer negotiation for the SIP entity associated with the IP Profile 0 As is Default The device does not intervene in the RFC 2833 negot...

Page 439: ...using both the SIP INFO and RFC 2833 methods for the same call on the leg to which this IP Profile is associated The RFC 2833 method sends out of band DTMF digits using the RTP protocol while the SIP...

Page 440: ...ods i e Send Multiple DTMF Methods is configured to Enable The configured Message Manipulation rules for this example are shown below Index 1 Message Type reinvite request Condition body sdp regex m a...

Page 441: ...ing to the coder type narrowband or wideband If narrowband it sends the telephone event as 8000 if wideband it sends it as 16000 An example when the parameter is configured to Enable is shown below wh...

Page 442: ...sion sbc use silence supp IpProfile_ SBCUseSilenceSupp Defines silence suppression support for the SIP entity associated with the IP Profile 0 Transparent Default Forward as is 1 Add Enable silence su...

Page 443: ...f the SIP entity does not support RTP redundancy Note To enable the device to generate RFC 2198 redundant packets use the IPProfile_RTPRedundancyDepth parameter To configure the payload type in the SD...

Page 444: ...associated with the IP Profile ICE is a methodology for NAT traversal employing the Session Traversal Utilities for NAT STUN and Traversal Using Relays around NAT TURN protocols to provide a peer wit...

Page 445: ...iplexing is not enabled the device uses different but adjacent ports for RTP and RTCP packets With the increased use of NAT and firewalls maintaining multiple NAT bindings can be costly and also compl...

Page 446: ...edback Off Default The device does not send the feedback flag F in SDP offers answers that are sent to the SIP entity If the SDP m attribute of an incoming message that is destined to the SIP entity i...

Page 447: ...uffer Dynamic Jitter Buffer Minimum Delay jitter buffer minimum delay IpProfile_JitterBufMinDelay Defines the minimum delay in msec of the device s dynamic Jitter Buffer The valid range is 0 to 150 Th...

Page 448: ...Optional PRACK is optional If required the device performs the PRACK process on behalf of the SIP entity 2 Mandatory PRACK is required for this SIP entity Calls from endpoints that do not support PRAC...

Page 449: ...ersion to the Diversion header depends on the SBCDiversionMode parameter For more information on interworking of the History Info and Diversion headers see Interworking SIP Diversion and History Info...

Page 450: ...ng on whether the device can bridge the media between the endpoints 1 Supported only with SDP re INVITE is supported but only with SDP If the incoming re INVITE arrives without SDP the device creates...

Page 451: ...ile_ SBCKeepVIAHeaders Enables interworking SIP Via headers between SIP entities The parameter defines the device s handling of Via headers for messages sent to the SIP entity associated with the IP P...

Page 452: ...r sbc keep user agent IpProfile_ SBCKeepUserAgentHeader Enables interworking SIP User Agent headers between SIP entities The parameter defines the device s handling of User Agent headers for response...

Page 453: ...sbc max call duration IpProfile_ SBCMaxCallDuration Defines the maximum duration in minutes per SBC call that is associated with the IP Profile If the duration is reached the device terminates the ca...

Page 454: ...ion time is according to the global parameter SBCUserRegistrationTime or IP Profile parameter IpProfile_SBCUserRegistrationTime NAT TCP Registration Time sbc usr tcp nat reg time IpProfile_ SBCUserBeh...

Page 455: ...ix c The device replaces the host part in the Request URI with the host from the REFER contact The special prefix remains in the user part for regular classification manipulation and routing The spe c...

Page 456: ...ing INVITEs containing the Replaces header for the SIP entity which does not support the header associated with the IP Profile The Replaces header is used to replace an existing SIP dialog with a new...

Page 457: ...of the transfer target to where the transferee is being transferred 0 No Default 1 Yes Typically the transferee hears a ringback tone only if the transfer target sends it early media However if the tr...

Page 458: ...o that the re route request is sent through the device The device changes the URI in the Contact header of the received SIP 3xx response to its own URI and adds a special user prefix T R_ which is the...

Page 459: ...The corresponding global parameter is SBC3xxBehavior SBC Hold Remote Hold Format remote hold Format IPProfile_ SBCRemoteHoldFormat Defines the format of the SDP in the SIP re INVITE or UPDATE for call...

Page 460: ...e Play Held Tone parameter is set to Internal or External Play Held Tone play held tone IpProfile_SBCPlayHeldTone Enables the device to play Music on Hold MoH to call parties that are placed on hold T...

Page 461: ...If a coder in the incoming offer from the calling fax matches a coder in the SBCFaxCodersGroupID the device uses this coder If no match exists the device uses the first coder listed in the Coders Grou...

Page 462: ...SIP entity fully supports fax renegotiation upon fax detection 1 Only on Answer Side The SIP entity supports fax renegotiation upon fax detection only if it is the terminating answering fax and does...

Page 463: ...detect a broken RTP connection if silence compression is disabled for the RTP session If during a call the source IP address from where the RTP packets are received by the device is changed without n...

Page 464: ...ANAT 2 4 If you configure the parameter to a prefer option the outgoing SDP offer contains two medias which are the same except for the c field The first media is the preferred address type and this...

Page 465: ...sensitivity levels from 0 to 7 This AMD Parameter Suite is provided by the AMD Sensitivity file which is shipped pre installed on the device 1 1 Parameter Suite based 1 on North American English with...

Page 466: ...ding global parameter is AMDMaxPostGreetingSilenceTime Local Tones Local RingBack Tone Index local ringback tone index IPProfile_LocalRingbackTone Defines the ringback tone that you want to play from...

Page 467: ...n the device using a loadable Prerecorded Tones PRT file which is created using AudioCodes DConvert utility When you create the PRT file each recorded tone file must be added to the PRT file with the...

Page 468: ...a SIP 401 Unauthorized in response to a sent INVITE the device checks for a matching serving and served entry in the Accounts table If a matching row exists the device authenticates the INVITE by prov...

Page 469: ...tartup enables the device to unregister and then re register Accounts upon a device reset The following procedure describes how to configure Accounts through the Web interface You can also configure i...

Page 470: ...e the device sends the SIP REGISTER requests if enabled for registration and authentication of the Served IP Group Note By default only IP Groups associated with the SRD to which the Served IP Group i...

Page 471: ...ular registration For more information see Regular Registration Mode 2 GIN The device performs registration for legacy PBXs using Global Identification Number GIN For more information see Single Regis...

Page 472: ...gistration process for the Account sending the message to one of the registrar servers according to the Proxy Set of the Account s Serving IP Group This option can used for example in scenarios where...

Page 473: ...specification The device receives a SIP 408 480 or 403 response from the Serving IP Group in response to an INVITE The transaction timeout expires for an INVITE sent to the Serving IP Group The device...

Page 474: ...message containing the Event header with the value reg Event reg Whenever a change occurs in the registration binding state the registrar notifies the device by sending a SIP NOTIFY message 0 Disable...

Page 475: ...UDPPorts associated with the Proxy Set of the Account s Serving IP Group Traffic between the Serving IP Group and device is sent from and received on the assigned unique local port If enabled for othe...

Page 476: ...mber GIN registration method is used according to RFC 6140 The device performs GIN based registration of users to a SIP registrar on behalf of a SIP PBX In effect the PBX registers with the service pr...

Page 477: ...Stickiness feature use the following parameters in the Accounts table Registrar Stickiness Enables the feature Registrar Search Mode Defines the method for choosing an IP address registrar in the Prox...

Page 478: ...istrar Proxy server may also require authentication for client registration A proxy replies to an unauthenticated INVITE with a 407 Proxy Authorization Required response containing a Proxy Authenticat...

Page 479: ...ed The method type is REGISTER Using SIP protocol sip Proxy IP from ini file is 10 2 2 222 The equation to be evaluated is REGISTER sip 10 2 2 222 The MD5 algorithm is run on this equation and stored...

Page 480: ...his section describes User Information configuration Enabling the User Information Table Before you can use the User Information table you need to enable the User Information functionality To enable U...

Page 481: ...gured in the IP Group s Username and Password parameters However if the user appears in the User Information table and configured with a username and or password then the device authenticates the user...

Page 482: ...o value is defined Note The parameter is mandatory Username SBCUserInfoTable_ Username Defines the username for registering the user when authentication is necessary The valid value is a string of up...

Page 483: ...nDee sbc user info 1 activate exit To delete a specific user use the no command sip def proxy and reg no user info sbc user info index e g 1 To import users from a file configure voip config voip sip...

Page 484: ...ser Information table The users must be configured in comma separated value CSV file format You can create the file using any standard text based editor such as Notepad or alternatively a CSV based pr...

Page 485: ...lementing simple or complex script like rules that can be used for Lightweight Directory Access Protocol LDAP based routing as well as other advanced routing logic requirements such as manipulation Th...

Page 486: ...e 247 If a response is expected from the server the query is sent as an HTTP GET or HTTP POST request configurable If no response is required from the server i e to notify the server of a specific con...

Page 487: ...uring the Action Type field to Exit If for example you want to exit the Call Setup Rule Set ID with true when LDAP query result is found and false when LDAP query result is not found Incorrect this ru...

Page 488: ...the Dial Plan To specify a Dial Plan use the Request Target parameter see below 3 ENUM The Call Setup rule performs a query with an ENUM E 164 Number to URI Mapping server for retrieving a SIP URI add...

Page 489: ...page 247 To configure the key use the Request Key parameter see below Request Key request key CallSetupRules_ AttributesToQuery Defines the key to query For LDAP the key string is queried on the LDAP...

Page 490: ...et in order for this rule to be performed 0 Use Current Condition The Condition configured for this rule must be matched in order to perform the configured action default 1 Use Previous Condition The...

Page 491: ...er called number param call src user calling number param call src name calling name param call redirect redirect number param call src host source host param call dst host destination host srctags so...

Page 492: ...l srctags http response body application x www form urlencoded for HTTP Content Type header in HTTP requests true if the Action Type is set to Exit false if the Action Type is set to Exit Call Setup R...

Page 493: ...Example 3 The example configures the device to route the incoming call according to whether or not the source number of the incoming call also exists in the AD server The device queries the AD server...

Page 494: ...ction Subject dsttags Action Type Modify Action Value ldap attr ofiSBCrouting IP Groups table Call Setup Rules Set ID 4 IP to IP Routing table Index 1 Destination Tag dep sales Destination IP Group SA...

Page 495: ...t checks the SRD If a Dial Plan is assigned to the IP Group or SRD the device first searches the Dial Plan for a dial plan rule that matches the source number and then it searches the Dial Plan for a...

Page 496: ...fic character set Most constrained implies that the dial plan pattern that has the fewest possible matches for a digit is matched first For example if one rule contains the x wildcard character which...

Page 497: ...rule with tag A is chosen and for incoming calls with prefix number 32144 the rule with tag B is chosen Prefix Tag 321xxx A 321 B For incoming calls with prefix number 5324 the rule with tag B is chos...

Page 498: ...u can configure up to 10 000 of dial plan rules in total where all can be configured for one Dial Plan or configured between different Dial Plans The following procedure describes how to configure Dia...

Page 499: ...ription Index index DialPlanRule_RuleIndex Defines an index number for the new table row Note Each row must be configured with a unique index Name name DialPlanRule_Name Defines a descriptive name whi...

Page 500: ...0 Suffix 123 130 455 766 780 790 Note The ranges and the single numbers in the syntax must have the same amount of digits For example each number range and single number in the example above consists...

Page 501: ...u choose Import the following dialog box appears 3 Use the Browse button to select the Dial Plan file on your PC and then click OK The file import feature only imports rules of Dial Plans that already...

Page 502: ...orting and Exporting Dial Plans You can create the file using any text based editor such as Notepad or Microsoft Excel The file must be saved with the csv file name extension To configure Dial Plans i...

Page 503: ...of a specific Dial Plan 1 Open the Dial Plan table 2 Select the required Dial Plan and then click the Dial Plan Rule link the Dial Plan Rule table opens displaying the rules of the selected Dial Plan...

Page 504: ...configure two routing rules where each is assigned a unique tag representing a group of local area codes and the destination IP Group associated with the SIP Trunk servicing them Source and destinatio...

Page 505: ...oming SIP dialog for a Dial Plan rule whose Prefix parameter is configured with the same called prefix number as the SIP dialog e g 102 If found the device inspects the tags in the Tag parameter e g C...

Page 506: ...ere the tag Country England is used to send calls to IP Group ENG and the tag Country Belgium is used to send calls to IP Group BEL To configure routing to destination IP Groups based on Dial Plan tag...

Page 507: ...ue include it as well In our example we will configure three IP Groups Parameter Index 0 Index 1 Index 2 Name HQ ENG BEL Dial Plan Dial Plan 1 Tags Country England Country Belgium 3 In the IP to IP Ro...

Page 508: ...s belonging to the IP Group Set Dial Plan Backward Compatibility This section is for backward compatibility only It is recommended to migrate your Dial Plan configuration to the latest Dial Plan featu...

Page 509: ...e as required 4 Configure a manipulation rule to remove the prefix tags before the device sends the message to the destination a Open the Outbound Manipulations table see Configuring IP to IP Outbound...

Page 510: ...suitable IP to IP Routing rule in the IP to IP Routing table You can configure Call Setup rules to query the Dial Plan table for a specified key prefix in a specified Dial Plan to obtain the correspo...

Page 511: ...urs only after the routing process inbound message manipulation is done first then outbound number manipulation see Configuring IP to IP Outbound Manipulations and then outbound message manipulation F...

Page 512: ...age Apply conditions per rule the condition can be on parts of the message or call s parameters Multiple manipulation rules using the same condition The following figure shows a configuration example...

Page 513: ...assigned to the source IP Group and Rule 2 to the destination IP Group Parameter Rule 1 Rule 2 Message Type Invite request Invite request Condition Header Unkown_header contains unknown_ value Header...

Page 514: ...IP headers you must apply your manipulation rule Manipulation Set ID to the IP Group as an Outbound Message Manipulation Set IPGroup_OutboundManSet when the IP Group is the destination of the call If...

Page 515: ...anipulation condition configured by the Condition parameter to use for the rule 0 Use Current Condition Default The condition configured in the table row of the rule is used 1 Use Previous Condition T...

Page 516: ...ject MessageManipulations_ ActionSubject Defines the SIP header upon which the manipulation is performed The valid value is a string case insensitive You can use the built in syntax editor to help you...

Page 517: ...ipulations table see Configuring IP to IP Outbound Manipulations Message Condition rules are configured using the same syntax as that used for Conditions when configuring Message Manipulation rules in...

Page 518: ...in syntax editor to help you configure the field Click the Editor button located alongside the field to open the Editor and then simply follow the on screen instructions Note User and host parts must...

Page 519: ...e Policy rule to calls you need to assign it to the SIP Interface associated with the relevant IP Group see Configuring SIP Interfaces The following procedure describes how to configure Message Policy...

Page 520: ...default is 1 024 Max Num Headers max num headers MessagePolicy_ MaxNumHeaders Defines the maximum number of SIP headers The valid value is any number up to 32 The default is 32 Note The device suppor...

Page 521: ...is allowed the others are rejected Malicious Signature Malicious Signature Database signature db enable MessagePolicy_ UseMaliciousSignatureDB Enables the use of the Malicious Signature database signa...

Page 522: ...rsing manip sets Pre Parsing Manipulation Rules table ini file PreParsingManipulationRules or CLI configure voip message pre parsing manip rules To configure Pre Parsing Manipulation Sets 1 Open the P...

Page 523: ...requests any request The rule is applied to any request SIP Method request The rule is applied to the specified SIP Method e g invite request SIP responses any response The rule is applied to any res...

Page 524: ...TER 21 SIP Message Manipulation Mediant 4000 SBC User s Manual Parameter Description For more information on regex refer to the Syntax for SIP Message Manipulation Reference Guide Precedence Ring Tone...

Page 525: ...Part V Session Border Controller Application...

Page 526: ...ions may be rejected based on values of incoming SIP INVITE message and other Layer 3 characteristics Packets not belonging to an authorized SIP dialog are discarded RTP Opening pinholes ports in the...

Page 527: ...and host name manipulations Coder transcoding B2BUA and Stateful Proxy Operating Modes The device can operate in one or both of the following SBC modes Back to Back User Agent B2BUA Maintains independ...

Page 528: ...oming SIP headers retained in the outgoing INVITE message Some of the reasons for implementing Stateful Proxy mode include B2BUA typically hides certain SIP headers for topology hiding In specific set...

Page 529: ...ly limited support The following features are not supported when in Stateful Proxy mode Alternative routing Call forking Terminating REFER 3xx If Stateful Proxy mode is enabled and any one of the unsu...

Page 530: ...d host parts of the URLs can be used as matching rule characteristics for classification message manipulation and call routing All SIP requests e g INVITE except REGISTER Source URL Obtained from the...

Page 531: ...IP Group i e from where the SIP dialog request originated The classification process is based on the SRD to which the dialog belongs the SRD is determined according to the SIP Interface For more info...

Page 532: ...figured destination User Registration The device provides a registration database for registering users Only users belonging to a User type IP Group can register with the device User type IP Groups re...

Page 533: ...ation request The same contact cannot belong to more than one AOR Contacts with identical URIs and different ports and transport types are not supported same key is created Multiple contacts in a sing...

Page 534: ...xclude ports from the comparison For more information see the description of the SBCURICom parisonExcludedParams parameter General Registration Request Processing The device s general handling of regi...

Page 535: ...en the device receives a successful unregister response 200 OK from the registrar proxy server This is useful in scenarios for example in which users SIP user agents such as IP Phones erroneously send...

Page 536: ...the negotiated media capabilities mainly performed by the remote user agents However it does examine and may take an active role in the SDP offer answer mechanism This is done mainly to anchor the me...

Page 537: ...the Media Realm associated with each leg The Media Realm assigned to the leg s IP Group in the IP Groups table is used If not assigned to the IP Group the Media Realm assigned to the leg s SIP Interf...

Page 538: ...calls The SIP Interface can also enable direct media for users located behind the same NAT For more information see Configuring SIP Interfaces Direct Media Tag You can enable direct media between use...

Page 539: ...is defined as a foreign user example follow me service located in the WAN while the other is located in the LAN calls between these two users cannot be established until direct media is disabled for t...

Page 540: ...r has been chosen between the legs but where coder transrating is required For example the coders may use different coder settings such as rate and packetization time G 729 at 20 ms to G 729 at 30 ms...

Page 541: ...ders listed in the incoming SDP offer The device must have available DSPs for both legs inbound and outbound The incoming SDP offer must have at least one media line that is audio m audio The device a...

Page 542: ...P 0 8 18 96 96 a rtpmap 0 PCMU 8000 a rtpmap 8 PCMA 8000 a rtpmap 18 G729 8000 a rtpmap 96 G726 32 8000 a fmtp 4 annexa no a rtpmap 96 telephone event 8000 a fmtp 96 0 15 a ptime 20 a sendrecv b The d...

Page 543: ...between the two legs To configure the transcoding mode use the global parameter TranscodingMode or the IP Profile parameter IpProfile_TranscodingMode parameter If the transcoding mode is configured t...

Page 544: ...offer answer negotiation one SBC leg uses RTP while the other uses SRTP the device performs RTP SRTP transcoding To translate between RTP and SRTP the following prerequisites must be met At least one...

Page 545: ...device adds RFC 2833 only if the incoming offer does not include RFC 2833 2 the device removes RFC 2833 from the incoming offer SBCAlternativeDTMFMethod the device s first priority for DTMF method at...

Page 546: ...nsparently without transcoding or it can handle the fax as follows Allow interoperability between different fax machines supporting fax transcoding if required Restrict usage of specific fax coders to...

Page 547: ...tion methods are described in the subsequent subsections SIP Authentication Server Functionality The device can function as an Authentication server for authenticating received SIP message requests ba...

Page 548: ...according to draft sterman aaa sip 01 Based on this standard the device generates the nonce in contrast to RFC 5090 where it is done by the RADIUS server RADIUS based on draft sterman aaa sip 01 opera...

Page 549: ...My00NjNhLWExY2ItMTgzMz A5YzlhNzBjIiwiYWNyIjoiMSIsImFsbG93ZWQtb3JpZ2lucyI6WyIqIl0sInJlYWxtX2FjY 2VzcyI6eyJyb2xlcyI6WyJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNj ZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsib...

Page 550: ...bute When it exists the device compares it to the AOR of the SIP message For REGISTER requests the AOR is taken from the To header for all other requests the AOR is taken from the From header If the u...

Page 551: ...e and then configure an HTTP Remote Host Parameter Value Comment Address oauth example com Address of the Authentication server Port 443 Port number of the Authentication server Transport Type HTTPS S...

Page 552: ...sultant INVITE Traversing Device The device can handle SIP 3xx responses so that the new INVITE message sent as a result of the 3xx traverses the device The reasons for enforcing resultant INVITEs to...

Page 553: ...new destination address e g RequestURI sip Prefix_User IPPBX 5070 transport tcp param a 6 The device removes the user prefix from the Request URI and then sends this Request URI to the new destination...

Page 554: ...History Info Header Mode IPProfile_SBCHistoryInfoMode defines the device s handling of the History Info header The handling of the SIP Diversion and History Info headers is described in the table bel...

Page 555: ...iversion Diversion removed Not present Present Diversion Header Mode Remove History Info Header Mode Remove Present Present Both removed Not present Not present Interworking SIP REFER Messages The dev...

Page 556: ...CK handling is configured using the IP Profile parameter SBC Prack Mode Optional PRACK is optional for these UAs If required the device performs the PRACK process on behalf of the destination UA Manda...

Page 557: ...hat require early media such as playing ringback tone Early Media Response Type The device supports the interworking of different SIP provisional response types between UAs for forwarding the early me...

Page 558: ...CHAPTER 22 SBC Overview Mediant 4000 SBC User s Manual Figure 22 2 SBC Early Media RTP 18x without SDP Figure 22 3 SBC Early Media RTP 18x with SDP 525...

Page 559: ...ges is configured by the IP Profile parameter SBC Remote Update Support Interworking SIP re INVITE to UPDATE The device enables communication between endpoints IP Groups that do not support re INVITE...

Page 560: ...he User Agent headers received in the incoming SIP request response from the other side Employing IP Profiles you can configure this interworking feature per SIP entity using the IpProfile_SBCKeepUser...

Page 561: ...behind the device the call dialog information sent by the application server reflects only the dialog between the device and itself not that of the involved SIP clients This is due to for example the...

Page 562: ...local tag 1c137249965 remote tag CCDORRTDRKIKWFVBRWYM referred by sip bob is not here vm example net referred by local identity display Jason Forster sip jforsters home net identity target uri sip ali...

Page 563: ...resence of tokens in the bucket Tokens in the bucket are removed cashed in for the ability to process each dialog If there are no tokens the device rejects the dialog request with a SIP 480 Temporaril...

Page 564: ...the outgoing leg is performed within each alternative route iteration This is accessed from two places during initial classification routing and during alternative routing CAC does not apply to Test C...

Page 565: ...es the type of SIP dialog initiating request to which you want to apply the rule not to subsequent requests which can be of different type and direction 0 All default 1 INVITE 2 SUBSCRIBE 3 Other All...

Page 566: ...m the bucket If a SIP dialog is received by the device and the token bucket is empty the device rejects the SIP dialog Alternatively if the bucket is full for example 100 tokens and 101 SIP dialogs ar...

Page 567: ...ls when they exceed their reserved capacity For example assume that the reserved capacity for an SRD and its associated IP Groups are as follows SRD reserved call capacity 40 IP Group ID 1 reserved ca...

Page 568: ...ault SRD Default_SRD when only one SRD is required the device automatically assigns it to the Classification rule Action Defines the action that is done if the incoming call matches the characteristic...

Page 569: ...oxy Set This classification is applicable only to Server type IP Groups and is done only if classification based on Proxy Set is enabled see the Classify By Proxy Set parameter in the IP Groups table...

Page 570: ...also with SIP message characteristics to increase the strictness of the classification process The reason for preferring classification based on Proxy Set when the IP address is unknown is that IP ad...

Page 571: ...lso configure it through ini file Classification or CLI configure voip sbc classification To configure a Classification rule 1 Open the Classification table Setup menu Signaling Media tab SBC folder C...

Page 572: ...IP dialog The default is Any i e all SIP Interfaces belonging to the SRD assigned to the rule Note The SIP Interface must belong to the SRD assigned to the rule see the SRD parameter in the table Sour...

Page 573: ...e For REGISTER requests the source URI is obtained from the To header Source Host src host Classification_SrcHost Defines the prefix of the source URI host name as a matching characteristic for the in...

Page 574: ...ts requiring different routing and manipulation rules for specific calls pertaining to the same SRD In such scenarios you need to configure multiple Classification rules for the same SRD where for som...

Page 575: ...IP Groups table to which the SIP dialog is classified Therefore assigning an IP Profile during classification allows you to assign different IP Profiles to specific users calls that belong to the sam...

Page 576: ...ength 0 1 In the Classification table add the following classification rules Index Source Username Pattern Destination Username Pattern Destination Host Source IP Group 0 333 1 1 1111 2000 10 10 10 10...

Page 577: ...the tag from the Call Setup Rule name value or value only and if found classifies the dialog to that IP Group Classification based on tags is done only if classification based on user registration an...

Page 578: ...IP Group Selection Tagged IP Group IP Group Tag Name Country Note Enter the tag s name only If the tag only has a value then enter default 5 Open the IP Groups table see Configuring IP Groups on page...

Page 579: ...ation is the address configured for the Proxy Set associated with the IP Group IP Group Set the destination can be based on multiple IP Groups for load balancing where each call may be sent to a diffe...

Page 580: ...on on Routing Policies see Configuring SBC Routing Policy Rules The IP to IP Routing table also provides the following features Alternative Routing In addition to the alternative routing load balancin...

Page 581: ...is not assigned a Cost Group the device can select it as the preferred route over other matched routing rules that are assigned Cost Groups according to the default LCR settings configured for the as...

Page 582: ...e routing rule using the tag as the source and destination number matching characteristics and a destination for the calls For more information see Using Dial Plan Tags for Matching Routing Rules Dial...

Page 583: ...routing rule or an alternative routing rule to the rule defined directly above it in the table 0 Route Row Default Main routing rule the device first attempts to route the call to this route if the i...

Page 584: ...ication table see Configuring Classification Rules The default is Any i e any IP Group Note The selectable IP Group for the parameter depends on the assigned Routing Policy in the Routing Policy param...

Page 585: ...configured in the associated Dial Plan The valid value is a string of up to 70 characters By default no value is defined You can configure the parameter with up to five tags where each tag is separat...

Page 586: ...untry Ireland Land Scotland The tag is case insensitive To configure prefix tags see Configuring Dial Plans Note Make sure that you assign the Dial Plan in which you have configured the prefix tag to...

Page 587: ...see Interworking SIP 3xx Redirect Responses and Interworking SIP REFER Messages respectively The parameter functions together with the Call Trigger parameter in the table The default is Any i e any IP...

Page 588: ...r s to query 9 Routing Server Device sends a request to a third party routing server for an appropriate destination next hop for the matching call 10 All Users Device checks whether the Request URI i...

Page 589: ...the received SIP dialog and an AOR registration record in the device s database If found the device sends the SIP dialog to the IP address specified in the database for the registered contact By defau...

Page 590: ...the address of the ENUM service for example e164 arpa e164 customer net or NRENum net The device sends the ENUM query containing the destination phone number to an external DNS server configured in th...

Page 591: ...ontain up to 20 members In other words up to 20 routing rules can be configured for the same Forking Group Cost Group cost group IP2IPRouting_ CostGroup Assigns a Cost Group to the routing rule for de...

Page 592: ...device sends to the sender of the incoming SIP dialog instead of sending the call to another destination The parameter is applicable only when the Destination Type parameter in this table is configur...

Page 593: ...xample on how to configure fax rerouting To configure fax rerouting 1 Open the Fax Modem CID Settings page Setup menu Signaling Media tab Media folder Fax Modem CID Settings a In the Fax Detection Tim...

Page 594: ...P Routing Rule 0 to route voice calls from IP Group 0 to IP Group 1 Match Source IP Group HQ IP Group 0 Call Trigger Initial Only ReRoute IP Group Voice IP Group 1 Action Destination Type IP Group Des...

Page 595: ...u want assigned to each SIP entity IP PBX from the SIP Interface port range The following procedure describes how to configure the device to use a specific local UDP port per SIP entity on the leg int...

Page 596: ...SBC Advanced Call Setup Rules Set ID 1 Tags Type PBX Port 6001 IP Group for the second IP PBX Type and Port tags are later used to identify the IP PBX and assign it a local UDP port 6002 on the leg in...

Page 597: ...le Set ID 1 Action Action Subject srctags Type Action Type Modify Action Value param ipg src tags Type If the source tag name Type equals PBX i e SIP message from an IP Group belonging to one of the I...

Page 598: ...Rule Set ID 1 Condition srctags Type ITSP Action Action Subject dsttags Port Action Type Modify Action Value message incoming local port 4 Open the IP to IP Routing table see Configuring SBC IP to IP...

Page 599: ...nfiguring the response codes described in this section you need to configure the following A Proxy Set with one or more addresses proxy servers and whose Proxy Hot Swap parameter is configured to Enab...

Page 600: ...ld is crossed 2 configuring 806 in the Alternative Routing Reasons table and 3 configuring an alternative routing rule The device also generates the response code when it rejects a call based on Quali...

Page 601: ...uired 403 Forbidden 404 Not Found 405 Method Not Allowed 406 Not Acceptable 408 Request Timeout Default 409 Conflict 410 Gone 413 Request Too Large 414 Request URI Too Long 415 Unsupported Media 420 B...

Page 602: ...y with newly added configuration entities that can be associated with the Routing Policy as mentioned later in this section except for Classification rules This facilitates configuration eliminating t...

Page 603: ...an IP Group based on the SIP Interface on which the call is received Based on the SIP Interface the device associates the call to the SRD that is assigned to the SIP Interface 2 Once the call has been...

Page 604: ...me the device automatically assigns a name in the following format SBCRoutingPolicy_ Index for example SBCRoutingPolicy_2 Note Each row must be configured with a unique name The parameter value cannot...

Page 605: ...Call Duration lcr call length SBCRoutingPolicy_ LCRAverageCallLength Defines the average call duration in minutes and is used to calculate the variable portion of the call cost This is useful for exa...

Page 606: ...Dial Plan tags In the IP Group Set table see below specify the tag name In the IP to IP Routing table configure the routing rule s Destination Type parameter to Destination Tag and then specify the t...

Page 607: ...e lowest index If unavailable it sends the calls to the next consecutive available IP Group However if the first IP Group comes online again the device selects it Note For the Random Weight optional v...

Page 608: ...number for the new table row Note Each row must be configured with a unique index IP Group ip group name IPGroupSetMember_ IPGroupName Assigns an IP Group to the IP Group Set To configure IP Groups se...

Page 609: ...ted if exists P Preferred if exists and Remote Party ID if exists You can also restrict source user identity in outgoing SIP dialogs in the Outbound Manipulation table using the column PrivacyRestrict...

Page 610: ...em 100rel timer replaces Allow REGISTER OPTIONS INVITE ACK CANCEL BYE NOTIFY PRACK REFER User Agent Sip Message Generator V1 0 0 5 Content Type application sdp Content Length 155 v 0 o SMG 5 9 IN IP4...

Page 611: ...nes a manipulation sequence for the source or destination SIP URI user part of inbound SIP dialog requests You can apply these manipulations to different SIP dialog message types e g INVITE or REGISTE...

Page 612: ...for most deployments only a single Routing Policy is required As the device provides a default Routing Policy Default_ SBCRoutingPolicy when only one Routing Policy is required the device automatical...

Page 613: ...Additional Manipulation is additional manipulation IPInboundManipulation_ IsAdditionalManipulation Determines whether additional SIP URI user part manipulation is done for the table entry rule listed...

Page 614: ...ation for Routing and Manipulation Source Host src host IPInboundManipulation_ SrcHost Defines the source SIP URI host name full name usually in the From header The default is the asterisk symbol i e...

Page 615: ...nes the number or string that you want added to the end of the user name For example if you enter 01 and the user name is john the new user name is john01 Configuring IP to IP Outbound Manipulations T...

Page 616: ...procedure describes how to configure Outbound Manipulations rules through the Web interface You can also configure it through ini file IPOutboundManipulation or CLI configure voip sbc manipulation ip...

Page 617: ...can only be done on a different item source URI destination URI or calling name to the rule configured in the row above configured by the Manipulated URI parameter Call Trigger trigger IPOutboundMani...

Page 618: ...se tags see Source Tags parameter below instead of this parameter Source Host src host IPOutboundManipulation_ SrcHost Defines the source SIP URI host name full name typically in the From header The d...

Page 619: ...ers The tag is case insensitive By default no value is defined You can configure the parameter with up to five tags where each tag is separated by a semicolon Each tag can have a name and value e g Co...

Page 620: ...user part 2 Calling Name Manipulates the calling name in the SIP message Remove From Left remove from left IPOutboundManipulation_ RemoveFromLeft Defines the number of digits to remove from the left...

Page 621: ...a Privacy header is added with the value id 2 Restrict The user identity is restricted The restriction is as follows From URL header anonymous anonymous invalid If a P Asserted Identity header exists...

Page 622: ...ociated with the IP Profile are terminated at the device However you can configure a Message Manipulation rule with the proprietary header to override this parameter setting and allow the device to fo...

Page 623: ...on configure the following manipulation rule Manipulation Set ID 1 Message Type reinvite request Condition body sdp regex m audio 7550 RTP AVP Action Subject header X AC Action Action Type Add Action...

Page 624: ...axSIPUserAgent However you can configure signature patterns based on any SIP header To configure signature patterns use the same syntax as that used for configuring Conditions in the Message Manipulat...

Page 625: ...nes an index number for the new table row Note Each row must be configured with a unique index Name name MaliciousSignatureDB_ Name Defines a descriptive name which is used when associating the row in...

Page 626: ...vice terminates the regular call it immediately sends the INVITE message of the emergency call to its destination without waiting for any response from the remote sides e g 200 OK after BYE If the dev...

Page 627: ...sing LDAP to Obtain ELIN The device can route emergency calls e g 911 for INVITE messages that are received without an ELIN number This is in contrast to when the device is deployed in a Microsoft Sky...

Page 628: ...ting between the SIP entity and the two proxy servers To differentiate between these REGISTER messages a unique SIP Interface needs to be used for each REGISTER message Each REGISTER message is regist...

Page 629: ...ac int 1 REGISTER for Secondary Proxy received on SIP Interface Interface 2 REGISTER To sip 100 audc com Contact sip 100 172 17 100 20 ac int 2 4 The device adds to the Contact header a special strin...

Page 630: ...e 1 Index 1 Manipulation Set ID 2 Action Subject header contact url ac int Action Type Modify Action Value 2 4 In the SIP Interfaces table configure the following SIP Interfaces Index 0 SIP Interface...

Page 631: ...Group Primary Proxy Destination IP Group IP Phone A Index 2 Source IP Group IP Phone B Destination IP Group Sec Proxy Index 3 Source IP Group Sec Proxy Destination IP Group IP Phone B Handling Regist...

Page 632: ...of multiple AORs with identical Contact URIs 1 Open the Proxy Registration page Setup menu Signaling Media tab SIP Definitions folder Proxy Registration 2 From the DB Routing Search Mode drop down lis...

Page 633: ...he outgoing INVITE is mapped to the Calling Party Number parameter of the IAM message The ISUP data is included in SIP messages using the Multipurpose Internet Mail Extensions MIME body part for examp...

Page 634: ...rnal media source to SBC call parties that are placed on hold Implementing an external media source offers flexibility in the type of audio that you want played as MoH e g radio adverts or music If yo...

Page 635: ...stablish Table 28 2 External Media Source Table Parameter Descriptions Parameter Description Index ExternalMediaSource_Index Defines an index number for the new table row IP Group ip group name Extern...

Page 636: ...is always used to play MoH to its branch users is shown below and subsequently described 1 Open the Coder Groups table see Configuring Coder Groups on page 384 and then configure a Coders Group e g A...

Page 637: ...consumer Web site see following figure After clicking the button the customer can start a voice and or video call with a customer service personnel directly from the browser without having to downloa...

Page 638: ...t be in the SDP offer answer e g m audio 11050 RTP SAVPF 103 For more information see the IP Profile parameter IPProfile_ SBCRTCPFeedback see Configuring IP Profiles WebSocket WebSocket is a signaling...

Page 639: ...the client on the media 9 Media flows between the WebRTC client and the SIP client located behind the device SIP over WebSocket The device supports the transmission of SIP signaling over WebSocket We...

Page 640: ...144 tag ub50pqjgpr Call ID fhddgc3kc3hhu32h01fghl CSeq 81 REGISTER Contact sip 0bfr9fd5 v6iqlt8lne5c invalid transport ws reg id 1 sip instance urn uuid 4405bbe2 cf06 4c27 9c59 6caf83af9b00 expires 60...

Page 641: ...ic requirement WebRTC JavaScript configuration is beyond the scope of this document The device s WebRTC feature WebRTC Gateway can also operate with mobile device users that are registered to the devi...

Page 642: ...aces b Do the following From the Encapsulating Protocol drop down list SIPInterface_ EncapsulatingProtocol select WebSocket In the TLS Port field configure the TLS port From the TLS Context Name drop...

Page 643: ...ect the TLS Context that you configured in Step 1 For more information on DTLS see SRTP using DTLS Protocol 6 Configure IP to IP routing rules to route calls between the WebRTC clients and the enterpr...

Page 644: ...nder the same AOR as the specific contact This is configured by the SBCSendInviteToAllContacts parameter Configuring SIP Forking Initiated by SIP Proxy The device can handle the receipt of multiple SI...

Page 645: ...red and then terminates the other SIP dialogs For more information see Configuring SBC IP to IP Routing Rules Call Survivability This section describes various call survivability features supported by...

Page 646: ...ween the device and the BroadSoft AS is down the device manages the Shared Call Appearance feature for the SIP clients The feature is supported by configuring a primary extension and associating it wi...

Page 647: ...e g 600 Manipulation Purpose Shared Line Match Request Type REGISTER Source IP Group IP Group that you created for the users e g 2 Source Username Pattern Represents the secondary extensions e g 601 a...

Page 648: ...ents for example agents and managers 2 In the Classification table see Configuring Classification Rules add rules to classify incoming calls that are received from the entities listed in Step 1 to IP...

Page 649: ...o notify the IP phones that it is currently operating in Survivability mode When this occurs the Aastra IP phones display the message Stand Alone Mode on their LCD screens If you enable the feature an...

Page 650: ...ss than or equal to 50 ISPs can therefore offer service level agreements SLAs to their customers based on the VoIPerfect feature For more information contact the sales representative of your purchased...

Page 651: ...t voice quality can also be maintained as mentioned previously Figure 28 1 VoIPerfect Managed Opus Figure 28 2 VoIPerfect Managed G 729 Configuration of the Enterprise SBC Coder Groups table see Confi...

Page 652: ...e Coder Groups table Coders Group with G 711 Coders Group with Opus Allowed Audio Coders Groups table Allowed Audio Coders Group with G 711 Allowed Audio Coders Group with Opus IP Profiles table main...

Page 653: ...eedback Feedback On Max Opus Bandwidth 0 Quality of Service Rules table see Configuring Quality of Service Rules Rule Metric Poor InVoice Quality Alternative IP Profile Name name of Alternative IP Pro...

Page 654: ...Part VI Cloud Resilience Package...

Page 655: ...se Key see License Key For the maximum number of supported CRP sessions and CRP users than can be registered in the device s registration database see Technical Specifications For cloud providers CRP...

Page 656: ...advantages of CRP is that it enables quick and easy configuration This is accomplished by its pre configured routing entities whereby only minimal configuration is required For example defining IP add...

Page 657: ...configuration pages Wherever SBC appears in the menu path for the CRP application it appears as CRP If you installed a License Key with the CRP feature and you later want to stop disable working with...

Page 658: ...CRP routes the calls between the branch users themselves as if connectivity failure has occurred with the IP PBX The CRP also registers the branch users in its registration database To configure the C...

Page 659: ...Configuring IP Groups Pre Configured IP to IP Routing Rules For the CRP application the IP to IP Routing table is pre configured with IP to IP routing rules These rules depend on the configured Call...

Page 660: ...s routing rule is used if the device can t find a matching destination user for IP Group 1 User type IP Group in its registration database If the CRPGatewayFallback parameter is disabled and no matchi...

Page 661: ...Type Destin ation Type Destin ation IP Group Destin ation Address Altern ative Route Options Auto Answer to Registratio ns 1 Any OPTION S Dest Address Internal Route Row 2 Any REGIST ER IP Group Any...

Page 662: ...nd if not located it sends the call to the PSTN IP Group 3 CRP Gateway as an alternative route To enable CRP Gateway fallback 1 Open the SBC General Settings page Setup menu Signaling Media tab SBC fo...

Page 663: ...Part VII High Availability System...

Page 664: ...ess of the other The Maintenance interface can use a dedicated Ethernet port group or share the same Ethernet port group with the other network interface types i e OAMP Media and Control When only one...

Page 665: ...g the active with 5 and redundant with 4 or active with 9 and redundant with 2 both assign highest priority to the active device Whenever the device with higher priority recovers from a failure it fir...

Page 666: ...ing HA Status on Monitor Web Page You can view the status of the HA system on the Monitor page of the device s Web interface The page provides a graphical display of both active and redundant devices...

Page 667: ...Entities folder HA Settings 2 In the HA Device Name field enter a name for the active device 3 In the Redundant HA Device Name field enter a name for the redundant device 4 Click Apply Once the device...

Page 668: ...o be done externally to the units either physically different physical networks or logically using VLANs When using VLANs make sure that you use a different Ethernet Device for each IP network interfa...

Page 669: ...y if both devices are installed with a License Key that includes this feature For installing a License Key see License Key The physical connections of the first and second devices to the network i e M...

Page 670: ...rface The Ethernet Group is associated with the Ethernet Device which is assigned to the interface The IP Interfaces table below shows an example where the Maintenance interface is configured with Eth...

Page 671: ...Second Device Once you have configured the first device for HA you can configure the second device for HA As the configuration of the second device is similar to the first device the following proced...

Page 672: ...es for HA 1 Cable the devices to the network You must connect both ports two in the Ethernet Group of the Maintenance interface to the network i e two network cables are used This provides 1 1 Mainten...

Page 673: ...ure is enabled InterfaceTable defines the IP Interfaces table with two network interfaces for the following Application Types OAMP Media Control This is the same for both devices HA Maintenance This i...

Page 674: ...ss on the redundant device requires a device reset Modifications on all other Maintenance interface parameters e g Default Gateway and VLAN ID updated to the Maintenance interface on the redundant dev...

Page 675: ...6 10 31 4 61 670 32 68 0 680 udp Enab le HA_ IF Allo w 0 0 0 17 10 31 4 62 670 32 68 0 680 udp Enab le HA_ IF Allo w 0 0 0 18 0 0 0 0 0 0 0 655 35 Any Disa ble Blo ck 0 0 0 The index numbers in the ta...

Page 676: ...0 is the lowest priority best effort and 63 is the highest priority 2 Reset the device with a burn to flash for your settings to take effect Monitoring IP Entities and HA Switchover upon Ping Failure...

Page 677: ...the row s become reachable again and then unreachable The following SNMP alarms are related to the HA Network Monitor feature acHASystemFaultAlarm This alarm is sent to indicate that you have configu...

Page 678: ...to five IP addresses in dotted decimal notation where each IP address is separated by a comma or space for example 10 1 1 1 20 2 2 2 30 3 3 3 without quotation marks Note You cannot configure the par...

Page 679: ...of the monitored row is currently undetermined In other words all the destinations configured for the monitored row have never replied to the device s pings Reachable The device considers the monitor...

Page 680: ...e destination as offline unreachable In other words the number of consecutive failed pings equaled to or was greater than that configured by the Ping Count parameter Terminated by ping error The devic...

Page 681: ...vice If you need to replace a faulty device the new device must be configured exactly as the second device as described in Configuring the HA Devices Initiating an HA Switchover You can initiate a swi...

Page 682: ...system and return them to standalone devices To disconnect HA On the active device enter the following CLI command debug ha disconnect system new OAMP address of redundant device The new OAMP address...

Page 683: ...The device performs standard user authentication where you can configure it to check the user s credentials in the device s Local Users table or with a remote authentication server Access is granted...

Page 684: ...y load this file to the devices to restore HA To backup and then restore HA 1 Save the ini file from the active device to a folder on your PC Store this file in a safe location for future use i e HA b...

Page 685: ...Part VIII Maintenance...

Page 686: ...evice through Web interface 1 Open the Maintenance Actions page Toolbar Click the Reset button Navigation tree Setup menu Administration tab Maintenance folder Maintenance Actions 2 From the Save To F...

Page 687: ...To enable remote reset upon receipt of SIP NOTIFY 1 Open the SIP Definitions General Settings page Setup menu Signaling Media tab SIP Definitions folder SIP Definitions General Settings 2 From the Rem...

Page 688: ...en in the Lock Timeout field enter the time in seconds after which the device locks 4 If you also want the device to terminate close existing TLS TCP client connections and reject new incoming TLS TCP...

Page 689: ...previous settings if the device subsequently resets hardware or software or powers down Therefore to ensure that your configuration changes are retained you must save them to the device s non volatil...

Page 690: ...SIP NOTIFY The device can be triggered to disconnect all current calls upon the receipt of a SIP NOTIFY message containing an Event header with the value soft sync proprietary to AudioCodes as shown...

Page 691: ...edundant devices install and burn the file to flash memory with a reset In other words no HA switchover occurs Hitless Upgrade The devices are upgraded without disrupting traffic i e current calls are...

Page 692: ...dant 3 When the system is operational again delete core dumps from the current redundant device through CLI Telnet Core dump deletion can take up to 10 minutes 4 Start the Hitless Software Upgrade pro...

Page 693: ...configuration by uploading the backup file to the device For more information see Configuration File 4 Open the Software Upgrade wizard Toolbar From the Actions drop down menu choose Software Upgrade...

Page 694: ...upload a cmp file Auxiliary and ini files cannot be uploaded 9 To load additional files use the Next and Back buttons to navigate through the wizard to the desired file load wizard page otherwise ski...

Page 695: ...reviously configured for these parameters 10 Click Reset a progress bar is displayed indicating the progress of saving the files to flash and device reset Device reset may take a few minutes even up t...

Page 696: ...nual 11 Click End Process the Web Login screen appears prompting you to log into the device 12 Log in with your username and password a message box appears informing you that the device s software has...

Page 697: ...ed Tones File Dial Plan Provides dialing plans Note Load a Dial Plan file using the Auxiliary Files page only for backward compatibility otherwise import Dial Plan files using the Dial Plan table see...

Page 698: ...Auxiliary Files page for backward compatibility If backward compatibility is not needed load the file or configure users in the User Information table for SBC users see Configuring SBC User Informatio...

Page 699: ...iles e g Dial Plan file and CPT file copy aux package from to URL of remote server with TAR file name For example copy aux package from http 192 169 11 11 80 aux_files tar For more information on CLI...

Page 700: ...ion time is 100 msec Cadence A repeating sequence of on and off sounds Up to four different sets of on off periods can be specified Burst A single sound followed by silence Only the First Signal On ti...

Page 701: ...ce on off cycle Can be omitted if there isn t a second cadence Second Signal Off Time 10 msec Signal Off period in 10 msec units for the second cadence on off cycle Can be omitted if there isn t a sec...

Page 702: ...all the device always selects it to eliminate the need for using DSP resources If the coder of the tone is the same as that of the call DSPs are not required If they are different DSPs are required Th...

Page 703: ...nswered the call and is based on North American English In most cases the detection algorithms in this file suffice even when your deployment is in a region where a language other than English is spok...

Page 704: ...for backward compatibility only If backward compatibility is not needed load the file or configure users in the User Information table for SBC users see Configuring SBC User Information Table through...

Page 705: ...Key For more information see Viewing the Device s Product Key Mode Displays the type of License Key Local License Key The License Key is a locally installed License Key License Pool The License Key is...

Page 706: ...re the instructions in this section must be repeated for each device To obtain and activate your License Key for initial activation 1 Make a note of the device s Serial Number fingerprint The Serial N...

Page 707: ...ng sessions and registered users can also be provided remotely from AudioCodes OVOC management tool as described in SBC Capacity Licenses from Fixed License Pool on page 681 and in SBC Capacity Licens...

Page 708: ...during periods of low traffic Installation of License Keys in string format is not applicable to devices in HA mode To install a License Key string through Web interface 1 Open the License Key page se...

Page 709: ...ss message box appears When the installation completes the following message box appears 9 Click Close to close the message box you are logged out of the Web interface and prompted to log in again The...

Page 710: ...s For backing up the License Key see Backing up the License Key 3 Click the Load By File button navigate to the License Key file on your computer and then select the file to load to the device the App...

Page 711: ...licenses one or more of them FEU SBC Coder Transcoding SBC Signaling Non hitless Upgrade The License Key is installed on both devices simultaneously both reset at the same time Therefore this method i...

Page 712: ...ou to click Reset or Close to cancel the operation to perform a non hitless upgrade In this scenario skip Step 5 5 Click one of the following buttons Hitless Upgrade Installs the License Key without a...

Page 713: ...stalling the new License Key verify that it has been installed 1 On the License Key page check that the listed features and capabilities of the newly installed License Key match those that you ordered...

Page 714: ...l the License Key page indicates this by displaying License Pool in the Mode field see Viewing the License Key on page 672 In addition you can view the SBC licenses allocated by the license pool under...

Page 715: ...icationAlarm OID 1 3 6 1 4 1 5003 9 10 1 21 2 0 107 acLicensePoolOverAllocationAlarm OID 1 3 6 1 4 1 5003 9 10 1 21 2 0 125 For more information on the alarms refer to the SNMP Reference Guide No conf...

Page 716: ...s been exceeded If the licensed capacity has been exceeded AudioCodes sends you a report detailing the excess capacity and requests that you purchase additional SBC capacity for your Floating License...

Page 717: ...hat the following OVOC related prerequisites have been fulfilled The Floating License has been purchased from AudioCodes with the required SBC license capacities and installed on OVOC The devices for...

Page 718: ...Registered Users This profile is suited for applications where user registration is required To configure your own profile select Custom and then configure the capacity for each SBC license type in th...

Page 719: ...ave enabled the Floating License feature see SBC Capacity Licenses from Floating License on page 682 To view the Floating License Report through the Web interface Open the Floating License Reports pag...

Page 720: ...ubsequent communication with AudioCodes e g for support and software upgrades The Product Key is your chassis serial number S N Product Key which also appears on the product label affixed to the chass...

Page 721: ...e monitoring MIBs whose thresholds low and or high you have changed from default threshold values To apply these same threshold values to other devices simply load the file to the devices The saved in...

Page 722: ...de When loading a CLI Startup Script file the device needs to reset twice for its settings to take effect The saved file includes only parameters whose values you have modified To save the CLI Script...

Page 723: ...wing files ini ini ini configuration file LOGO dat image file used as the logo in the Web interface FAVICON dat favicon file used for Web browsers CPT dat Call Progress Tone file present only if a CPT...

Page 724: ...h Security Administrator level Web interface a Open the Configuration File page Toolbar From the Actions drop down menu choose Configuration File Navigation tree Setup menu Administration tab Maintena...

Page 725: ...w its lease from the DHCP server The device can use a host name in the DHCP request The host name is set to acl_nnnnn where nnnnn When using DHCP to acquire an IP address VLANs and other advanced conf...

Page 726: ...0 included If the device is software reset e g from the Web interface or SNMP only a single DHCP sequence containing Option 60 is sent Provisioning from HTTP Server using DHCP Option 67 You can provis...

Page 727: ...e network in which the device is deployed includes a provisioning TFTP server for all network equipment without the capability of distinguishing between AudioCodes and non AudioCodes devices Upon star...

Page 728: ...the file does not exist on the provisioning server the device requests from the server a default configuration file whose name includes the device s product name and MAC address Product MAC ini for ex...

Page 729: ...on site using the RS 232 port or Web interface When the device is deployed at the customer site local DHCP server provides the devices with IP addressing and DNS server information From the URL provid...

Page 730: ...vice if the device is configured for Automatic Updates the Burn To FLASH field under the Reset Configuration group in the Web interface s Maintenance Actions page is automatically set to No by default...

Page 731: ...needs to authenticate itself with the server you can use the same parameters to configure the authentication username and password for more information see Access Authentication with HTTP Server on pa...

Page 732: ...eywords to denote the different file types to download and in the URL address of the provisioning server it uses a placeholder for the file names which is replaced by hardcoded file names and extensio...

Page 733: ...e following URLs http 10 8 8 20 Site1_device ini http 10 8 8 20 Site1_fk ini http 10 8 8 20 Site1_cpt data 3 Place the files to download on the provisioning server Make sure that their file names and...

Page 734: ...e g every 60 minutes configured by the ini file parameter AutoUpdateFrequency or CLI command configure system automatic update update frequency Centralized provisioning server request Upon receipt of...

Page 735: ...eful Timeout 2 Load the ini file to the device Access Authentication with HTTP Server You can configure the device to authenticate itself with the HTTP S server that contains the files that you want t...

Page 736: ...include any user defined string or the following supported string variable tags case sensitive NAME product name according to the installed License Key MAC device s MAC address VER software version c...

Page 737: ...formation see Cyclic Redundancy Check on Downloaded Configuration Files When this method is used there is typically no need for the provisioning server to check the device s current firmware version u...

Page 738: ...e Automatic Update feature is triggered see Triggers for Automatic Update the device attempts to download the files if available from the configured URLs in the following order 1 ini file 2 CLI Script...

Page 739: ...ration from the Startup Script file on the new software version CLI Script and Startup Script The device downloads and applies both files but the Startup Script file overwrites all the configuration o...

Page 740: ...x InterfaceTable_ApplicationTypes InterfaceTable_InterfaceMode InterfaceTable_IPAddress InterfaceTable_ PrefixLength InterfaceTable_Gateway InterfaceTable_VlanID InterfaceTable_ InterfaceName Interfac...

Page 741: ...pdate automatic update crc check regular 4 Power down and then power up the device Automatic Update from Remote Servers This example describes how to configure the Automatic Update feature where files...

Page 742: ...automatic update startup script https company com files startup_script txt 3 Configure the device with the IP address of the DNS server for resolving the domain names of the FTPS and HTTP servers Inte...

Page 743: ...idnight for software configuration and Auxiliary files HTTP based provisioning server at www company com for storing the files DNS server at 80 179 52 100 for resolving the domain name of the provisio...

Page 744: ...the IP address of the DNS server for resolving the domain name e g http www company com that is used in the URL for the provisioning server This is done in the IP Interfaces table ini File InterfaceT...

Page 745: ...lete device configuration you may need to manually configure additional functionality For example you may need to configure security settings e g firewalls and IDS to ensure that the device is protect...

Page 746: ...pack version field you can update it by clicking the Update from Remote Server button Alternatively if you have received a template pack file from the sales representative of your purchased device you...

Page 747: ...del is not listed select Generic IP PBX b From the SIP Trunk drop down list select the SIP trunk provider If the provider is not listed select Generic SIP Trunk c To generate a configuration template...

Page 748: ...server s IP address Note that if you enable Syslog the device generates verbose logs debug level 5 which adversely affects performance For more information on Syslog see Configuring Syslog 3 Configur...

Page 749: ...address must be part of the Enterprise LAN and therefore is typically a private IP address The address is used for communicating with the IP PBX and or users that reside on the LAN as well as for mana...

Page 750: ...e IP PBX group configure the following Address Configure the IP address or hostname of the IP PBX Note that for the One port WAN network topology when the device is assigned a public IP address you mu...

Page 751: ...pears SIP Trunk Page SIP Trunk Page The SIP Trunk wizard page configures the SIP Trunk settings The following fields are read only Network Type Displays the IP network interface for communicating with...

Page 752: ...media protocol type and ports used by the device for communicating with the IP PBX Media Protocol Configure the media protocol type Base Port Configure the first media port Number Of Sessions Configur...

Page 753: ...he Remove field configure the number of digits to be removed from the beginning of the number If configured to 0 no digits are removed d In the Add field configure a new prefix to be added to the begi...

Page 754: ...AN network topologies you must configure different listening ports for communication with the IP PBX and remote users 3 Under the Media Ports Realm group configure the media protocol type and ports us...

Page 755: ...normal format click the Configuration Summary tab 2 To save the configuration as an ini file to a folder on your PC click the Save INI file button You can later load the file to the device see Loading...

Page 756: ...iguration Wizard Mediant 4000 SBC User s Manual To complete the SBC Configuration Wizard Click Apply Reset to apply configuration to the device or click Save INI File to save configuration as an ini f...

Page 757: ...on your computer For serial cabling refer to the Hardware Installation Manual b Establish serial communication with the device using a serial communication program such as HyperTerminalTM with the fo...

Page 758: ...ration File 2 To keep your current IP network settings e g OAMP select the Preserve basic connectivity check box To overwrite all your IP network settings with the default IP network interface clear t...

Page 759: ...Part IX Status Performance Monitoring and Reporting...

Page 760: ...mation Description Parameter Description General Settings MAC Address Media access control MAC address Serial Number Serial number of the CPU This serial number also appears on the product label that...

Page 761: ...egabytes CPU Speed MHz Clock speed of the CPU measured in megahertz MHz Versions Version ID Software version number DSP Type Type of DSP DSP Software Version DSP software version DSP Software Name DSP...

Page 762: ...n in seconds of established calls The value is refreshed every 15 minutes and therefore this value reflects the average duration of all established calls made within a 15 minute period The correspondi...

Page 763: ...e Viewing Active Alarms 2 Fan tray unit status icon green Normal operation of Fan tray red Fan tray failure To view detailed information of the device s hardware components click these icons to open t...

Page 764: ...state i e Redundant device is missing and HA is unavailable or in Active state and HA is enabled yellow Steady on Redundant device while HA is unavailable before HA synchronization with Active device...

Page 765: ...mation on the percentage of DSP resources utilized by the device through the SNMP MIB table acPMDSPUsage You can also configure low and high DSP utilization thresholds for this MIB that if crossed the...

Page 766: ...if the device changes from HA to a Standalone device To configure the maximum number of active alarms that can be displayed in the table see the ini file parameter ActiveAlarmTableMaxSize The alarm b...

Page 767: ...is shown first in the list The table displays both the cleared alarm and the alarm for which it was cleared adjacent to one another as shown in the figure below for alarms 8 and 9 To configure the max...

Page 768: ...er a device reset i e the first alarm raised after a reset is assigned the number 1 Severity Severity level of the alarm Critical red Major orange Minor yellow Cleared green Source Component of the de...

Page 769: ...he procedure below To view management user activity logs Open the Activity Log table Monitor menu Monitor tab Summary folder Activity Log Table 46 1 Activity Log Table Description Parameter Descriptio...

Page 770: ...iled ratio Dialog Failed Attempts Displays failed SIP dialog attempts This includes the number of calls and subscribes which were successfully and abnormally terminated Dialog Termination Ratio Displa...

Page 771: ...Displays the number of established calls INVITEs in a 15 minute interval The x axis indicates the time hh mm ss of the call and the y axis the number of calls The graph is refreshed every 15 minutes...

Page 772: ...w ASR in the Web interface see Viewing Call Success and Failure Ratio Network Effectiveness Ratio NER The number in percentage of successfully connected calls out of the total number of attempted call...

Page 773: ...e example is based on the ASR of a call where the Major threshold is configured to 70 the Minor threshold to 90 and the hysteresis for both thresholds to 2 Table 47 1 Threshold Crossings based on Thre...

Page 774: ...stem performance profile To configure a Performance Profile rule 1 Open the Performance Profile table Monitor menu Monitor tab Performance Monitoring folder Performance Profile 2 Click New the followi...

Page 775: ...is parameter see below The valid range is 0 to 100 The default is 0 Major Threshold major threshold PerformanceProfile_ MajorThreshold Defines the Major threshold in percentage of the selected perform...

Page 776: ...alls during the interval is less than the configured minimum samples no calculation is done Configuring User Defined Performance Monitoring MIBs The User Defined Failure PM table lets you configure up...

Page 777: ...Failure PM 2 Click New the following dialog box appears 3 Configure the rule according to the parameters described in the table below 4 Click Apply Table 47 3 User Defined Failure PM Table Parameter D...

Page 778: ...eter with multiple codes where each code is separated by a comma e g 408 430 5xx To denote all SIP response codes configure the parameter to any Note For the device to apply the rule you must configur...

Page 779: ..._PREEMPTION_ DUE_TO_HIGH_PRIORITY 333 Preemption Failed RELEASE_ BECAUSE_PREEMPTION_FAILED 806 Media Limit In Crossed RELEASE_ BECAUSE_IN_MEDIA_LIMITS_ EXCEEDED 807 Call Transferred RELEASE_BECAUSE_ C...

Page 780: ...ASR_THRESHOLD_ CROSSED 852 NER Threshold Crossed RELEASE_ BECAUSE_NER_THRESHOLD_ CROSSED 853 IP Group Registration Mode RELEASE_ BECAUSE_IPGROUP_ REGISTRATION_MODE 855 Internal Route RELEASE_BECAUSE_...

Page 781: ...plays the AOR for example 1000 10 8 5 71 or Sue Contact Displays the contacts associated with the AOR for example sip 1000 10 8 5 71 5060 expires 180 Active status 1 The information displayed can incl...

Page 782: ...figured by the ProxySet_ProxyRedundancyMode parameter Load Balancing Proxy load balancing mode as configured by the ProxySet_ProxyRedundancyMode parameter Keep Alive Displays whether the Proxy Keep Al...

Page 783: ...p alive feature OFFLINE The proxy is offline as determined by the device s keep alive feature and the Proxy Set is configured for Homing Redundancy Mode parameter or enabled for load balancing Proxy L...

Page 784: ...est Call CDR history Web Open the SBC CDR History table Monitor menu Monitor tab VoIP Status folder SBC CDR History CLI All CDR history show voip calls history sbc CDR history for a specific SIP sessi...

Page 785: ...ng call this is the destination IP address Duration Displays the duration of the call displayed in the format hh mm ss where hh is hours mm minutes and ss seconds For example 00 01 20 denotes 1 minute...

Page 786: ...ce status Open the Ethernet Device Status page Monitor menu Monitor tab Network Status folder Ethernet Device Status Viewing Ethernet Port Information You can view status information of the device s E...

Page 787: ...roup to which the port belongs Viewing Static Routes Status You can view the status of static IP routes configured in the Static Routes table see Configuring Static IP Routing and routes through the D...

Page 788: ...of the associated IDS rule is configured to IP Port Transport Type The transport type used for the attack Remaining Time The duration left until the device deletes the attacker remote host from the ta...

Page 789: ...h a single asterisk show values that are calculated in a 5 minute sampling interval column labels with two asterisks show values that are calculated in a 15 second sampling interval Tx Rate Transmit r...

Page 790: ...he Components Status page If the device is in High Availability mode the page also displays the status of the hardware components of the Redundant device The page is refreshed every 10 seconds To view...

Page 791: ...lable not licensed or disabled the R factor VoIP metrics are not provided in CDRs CDR fields Local R Factor and Remote R Factor generated by the device Instead these CDR fields are sent with the value...

Page 792: ...roup Remote Group ID identification for the purposes of aggregation for the remote endpoint LocalMAC Media Access Control MAC address of the local SIP device Timestamps START Start time of the media s...

Page 793: ...Discard Rate BurstGapLoss BLD Burst Loss Density BD Burst Duration GLD Gap Loss Density GD Gap Duration GMIN Minimum Gap Threshold Delay RTD Round Trip Delay msec ESD End System Delay msec OWD One Wa...

Page 794: ...EXTRI EXTRO External R Out value is copied from RTCP XR received from the remote endpoint on the other side of this endpoint R is 0 95 for narrowband calls and 0 120 for wideband calls ExtROEstAlg Ext...

Page 795: ...6 202 user phone OrigID sip 1000 172 17 116 201 LocalAddr IP 172 17 116 201 Port 6000 SSRC 0x54c62a13 RemoteAddr IP 172 17 116 202 Port 6000 SSRC 0x243220dd LocalGroup RemoteGroup LocalMAC 00 90 8f 57...

Page 796: ...the parameter RTCPInterval Burst Threshold VQMonBurstHR defines the voice quality monitoring excessive burst alert threshold Delay Threshold VQMonDelayTHR defines the voice quality monitoring excessiv...

Page 797: ...ng server can be a dedicated CDR server or the server used for Syslog messages To enable CDR generation and configure the CDR server address 1 Enable the Syslog feature see Enabling Syslog 2 Open the...

Page 798: ...g their names For more information see Customizing CDRs for SBC Calls and Test Calls on page 799 To configure CDR reporting to a REST server 1 Enable the Syslog feature for sending log messages CDRs g...

Page 799: ...s use the TimeZoneFormat parameter Storing CDRs on the Device CDRs generated by the device can be stored locally on the device or internal SD card You can specify the calls for which you wish to creat...

Page 800: ...4000B If the device is reset or powered off locally stored CDRs are deleted Locally stored CDRs are applicable only to CALL_END CDR Report Types and to SBC signaling CDRs When the device operates in...

Page 801: ...tion Local Storage Log Type CDR Only Mode Enable If the CDR storage feature is enabled and you later change the maximum number of files CDRLocalMaxNumOfFiles to a lower value e g from 50 to 10 the dev...

Page 802: ...n the following figure Figure 51 2 CDR Report Types for SBC Signaling CDRs belonging to the same SBC session both legs have the same Session ID SessionId CDR field CDRs belonging to the same SBC leg h...

Page 803: ...nt are given in the table below Table 51 2 CDR Field Descriptions Field Description Accounting Status Type 305 Displays the CDR Report Type in numeric representation integer used mainly for the RADIUS...

Page 804: ...configure the units of measurement seconds default deciseconds centiseconds or milliseconds use the CallDurationUnits parameter The field is included in the default CDR The field is applicable only t...

Page 805: ...is applicable to all types but mainly to RADIUS SBC and Gateway CDRs The default field title is h323 call origin for RADIUS The maximum number of characters for Syslog tabular alignment is 10 Call Ori...

Page 806: ...R The field is applicable to all CDR Report Types The field is applicable only to SBC media and Gateway CDRs The default field title is Cid in the CDR The maximum number of characters for Syslog tabul...

Page 807: ...eld is applicable to all CDR Report Types The field is applicable only to SBC signaling CDRs The maximum number of characters for Syslog tabular alignment is 20 Destination Host 813 Displays the desti...

Page 808: ...destination username before manipulation if any Note The field is optional and can be included in the CDR using the SBC CDR Format tables The field is applicable to all CDR Report Types The field is a...

Page 809: ...tion on the global session ID see Enabling Same Call Session ID over Multiple Devices on page 838 H323 ID 306 Displays the SIP ID to the RADIUS server The field is a string Note The field is included...

Page 810: ...hed RTP IP 631 Displays the remote IP address of the incoming RTP stream that the device latched onto as a result of the RTP latching mechanism for NAT traversal Note The field is included in the defa...

Page 811: ...he device generates leg ID 3 for the leg belonging to the call transfer target Another example is a call forking session where the leg ID sequence may be as follows incoming leg is 1 outgoing leg to u...

Page 812: ...s included in the default CDR The field is applicable only to CALL_END and MEDIA_END CDR Report Types The field is applicable only to SBC media and Gateway CDRs The default field title is LocalMosCQ T...

Page 813: ...d title is LocalRFactor If the RTCP XR feature is unavailable not licensed or disabled this R factor VoIP metric is not provided Instead the device sends the CDR field with the value 127 meaning that...

Page 814: ...e The field is optional and can be included in the CDR using the SBC CDR Format tables The field is applicable to all CDR Report Types The field is applicable only to SBC signaling CDRs The maximum nu...

Page 815: ...DIA_END CDR Report Types The field is applicable only to SBC media and Gateway CDRs The default field title is Intrv The maximum number of characters for Syslog tabular alignment is 5 Payload Type 603...

Page 816: ...of up to 15 digits 1 Not relevant 0 Unknown reason 1 Call forward busy CFB 2 Call forward no reply CFNR 3 Call forward network busy 4 Call deflection 5 Immediate call deflection 6 Mobile subscriber no...

Page 817: ...ield title is ReleaseTime for Syslog h323 disconnect time for RADIUS and Call End Time in the Web SBC CDR History and Web Gateway CDR History tables The maximum number of characters for Syslog tabular...

Page 818: ...lity The field is an integer from 10 to 46 127 if information is unavailable Note The field is included in the default CDR The field is applicable only to CALL_END and MEDIA_END CDR Report Types The f...

Page 819: ...he field is an integer from 0 to 120 127 if information is unavailable Note The field is included in the default CDR The field is applicable only to CALL_END and MEDIA_END CDR Report Types The field i...

Page 820: ...ing the SBC CDR Format table The field is applicable only to CALL_START CALL_CONNECT and CALL_END CDR Report Types The field is applicable only to SBC signaling The maximum number of characters for Sy...

Page 821: ...NECT MEDIA_ START MEDIA_UPDATE MEDIA_END CDR Report Types The field is applicable only to SBC media and Gateway CDRs The default field title is TxRTPIPDiffServ The maximum number of characters for Sys...

Page 822: ...ar alignment is 5 SIP Interface Name 433 Displays the SIP Interface name The field value is a string of up to 40 characters Note The field is included in the default CDR The field is applicable to all...

Page 823: ...SIP call termination reason The field value is a string of up to 70 characters and is set to one of the following SIP Reason header if exists for example SIP cause 200 text Call completed elsewhere I...

Page 824: ...nt is 20 Source Host 812 Displays the source hostname after manipulation if any Note The field is optional and can be included in the CDR using the SBC CDR Format table The field is applicable to all...

Page 825: ...included in the default CDR The field is applicable to all CDRReportType values The field is applicable only to SBC signaling CDRs The default field title is SrcURI The maximum number of characters f...

Page 826: ...s or failed no Note The field is optional and can be included in the CDR using the SBC CDR Format and Gateway CDR Format tables The field is applicable only to the CALL_END Report Type The field is ap...

Page 827: ...y CDRs The default field title is h323 disconnect cause e g h323 disconnect cause 16 The maximum number of characters for Syslog tabular alignment is 5 Termination Reason 410 Displays the reason for t...

Page 828: ...APP_BC_NOT_PRESENTLY_AVAILABLE GWAPP_SERVICE_NOT_AVAILABLE GWAPP_CUG_OUT_CALLS_BARRED GWAPP_CUG_INC_CALLS_BARRED GWAPP_ACCES_INFO_SUBS_CLASS_INCONS GWAPP_BC_NOT_IMPLEMENTED GWAPP_CHANNEL_TYPE_NOT_IMPL...

Page 829: ...E_SILENCE_DISC RELEASE_BECAUSE_NORTEL_XFER_SUCCESS RELEASE_BECAUSE_RTP_CONN_BROKEN RELEASE_BECAUSE_DISCONNECT_CODE RELEASE_BECAUSE_GW_LOCKED RELEASE_BECAUSE_FAIL RELEASE_BECAUSE_FORWARD RELEASE_BECAUS...

Page 830: ...AILURE RELEASE_BECAUSE_OTHER_FORKED_CALL_ANSWERED RELEASE_BECAUSE_MEDIA_SYNC_FAILED Note The field is included in the default CDR The field is applicable only to CALL_END CDR Report Types The field is...

Page 831: ...t is 5 Transport Type 421 Displays the SIP signaling transport type protocol The field value is a string UDP TCP TLS Note The field is included in the default CDR The field is applicable to all CDR Re...

Page 832: ...Gateway CDR Format and SBC CDR Format table The field is applicable only to CALL_END CDR Report Types The field is applicable only to SBC signaling and Gateway CDRs The field is applicable only to Sy...

Page 833: ...erver on page 765 If you do not configure a CDR customization rule for a specific CDR the device generates the CDR in a default CDR format For a detailed description of all the fields that can be pres...

Page 834: ...slog SBC Default Customizes CDR fields for SIP signaling related CDRs sent in Syslog messages 3 Syslog Media Customizes CDR fields for media related CDRs sent in Syslog messages 5 Local Storage SBC Cu...

Page 835: ...P Remote Tag 447 Call Success Syslog Media and RADIUS SBC 600 Channel ID 601 Coder Type 602 Packet Interval 603 Payload Type 604 Local Input Packets 605 Local Output Packets 606 Local Input Octets 607...

Page 836: ...fault For standard RADIUS Attributes 1 Vendor Specific For vendor specific RADIUS Attributes VSA Note The parameter is applicable only to RADIUS accounting i e CDR Type parameter configured to RADIUS...

Page 837: ...hen the RADIUS server successfully receives all the CDR attributes it responds with an Accounting Response Stop ACK message to the device If the device does not receive the Accounting Response ACK mes...

Page 838: ...formation in a more readable format The example shows the attribute in string of characters format You can customize the prefix title of the RADIUS attribute name and the ID For more information see C...

Page 839: ...tion Value Format Example AAA Request Attributes 1 user name Standar d Account number or calling party number or blank String up to 15 digits long 5421385747 Star t Acc Stop Acc 4 nas ip address Stand...

Page 840: ...ated from the outgoing leg String h323 call origin answer Star t Acc Stop Acc 26 h323 call type 27 Protocol type or family used on this leg of the call The value is always VOIP String h323 call type V...

Page 841: ...or 35 Terminator of the call yes Call ter minated by the outgoing leg no Call ter minated by the incoming leg String call terminator yes Stop Acc 26 terminator 37 Terminator of the call answer Call or...

Page 842: ...ar record Numeri c 5 Star t Acc Stop Acc 42 acct input octets Standar d Number of octets received for that call duration applicable only if media anchoring Numeri c Stop Acc 43 acct output octets Stan...

Page 843: ...session id Standar d A unique accounting identifier match start stop String Stop Acc Below is an example of RADIUS Accounting where non standard parameters are preceded with brackets Accounting Reques...

Page 844: ...Part X Diagnostics...

Page 845: ...uring Log Filter Rules The Logging Filters table lets you configure up to 60 rules for filtering debug recording packets Syslog messages and Call Detail Records CDR The log filter determines the calls...

Page 846: ...s generated e g start and end of call see Configuring CDR Reporting The following procedure describes how to configure Log Filter rules through the Web interface You can also configure it through ini...

Page 847: ...lue A range using a hyphen between the two values For example to specify IP Groups 1 2 and 3 configure the parameter to 1 3 without apostrophes Multiple non contiguous values using commas between each...

Page 848: ...ow For enabling this functionality see Enabling SIP Call Flow Diagrams in OVOC on page 836 Note If the Filter Type parameter is configured to IP Trace you must configure the parameter to Debug Recordi...

Page 849: ...ed to Debug Recording Server The debug recording includes signaling Syslog messages media and PCM 5 CDR Only Only CDRs are generated The option is applicable only if the Log Destination parameter is c...

Page 850: ...protocol type PDU entered as an enumeration value e g 1 is ICMP 6 is TCP 17 is UDP udp tcp icmp sip ldap http https Single expressions for protocol type udp port tcp port Transport layer udp srcport t...

Page 851: ...ssage 10 21 28 037 10 15 7 95 NOTICE S 872 BID 3aad56 32 Activity Log WEB Successful login at 10 15 7 95 80 User Admin Session HTTP 10 13 22 54 The format of the Syslog message is described in the fol...

Page 852: ...fit of unique numbering is that it enables you to filter the information such as SIP Syslog and media according to device or session ID The syntax of the session and device identifiers are as follows...

Page 853: ...sages The Syslog message events that the device sends are denoted by unique abbreviations The following example shows an abbreviated event in a Syslog message indicating packet loss PL Apr 4 12 00 12...

Page 854: ...ceived From The Host RD No Available Release Descriptor RO RTP Reorder RP Unknown RTP Payload Type RS RTP SSRC Error UF Unrecognized Fax Relay Command Syslog Fields for Answering Machine Detection AMD...

Page 855: ...tional Info2 Additional Info3 The Messages Severity is as follows Table 52 5 Syslog Message Severity ITU Perceived Severity SNMP Alarm s Severity AudioCodes Syslog Severity Critical RecoverableMsg Maj...

Page 856: ...must be taken immediately Critical CRIT A problem has been identified that is critical Error ERROR An error has been identified Warning WARNING An error that might occur if measures are not taken to p...

Page 857: ...xBundleSyslogLength parameter 4 From the Syslog CPU Protection SyslogCpuProtection drop down list select whether you want to enable the protection feature for the device s CPU resources during debug r...

Page 858: ...rted without per parameter notifications Auxiliary file load and software update Device reset and burn to flash memory Access to unauthorized Web pages according to the Web user s access level Modific...

Page 859: ...tivity on page 67 Viewing Syslog Messages You can view Syslog messages generated by the device using any of the following Syslog server types Device s Web Interface The device provides an embedded Sys...

Page 860: ...nd detailed debugging use an external Syslog server The Message Log page provides limited Syslog server functionality Device s CLI The device sends error messages e g Syslog messages to the CLI as wel...

Page 861: ...rload CPU utilization information is shown under the CPUUtilMonitor section shown in pink The subsequent table describes the displayed information Table 52 7 CPU Overload Fields Description in Syslog...

Page 862: ...the CPU was idle 5 during which tasks were using the CPU core IRQ IRQ time in percentage SoftIRQ SoftIRQ time in percentage Configuring Debug Recording This section describes how to configure debug r...

Page 863: ...AC DR The plug in files are per major software release of Wireshark For more information contact the sales representative of your purchased device To use Wireshark to view debug recording messages 1...

Page 864: ...ss The file is saved to the device s memory not flash and erased after a device reset Marks the captured file useful for troubleshooting process debug capture VoIP physical insert pad Before running t...

Page 865: ...LAN ID proto Protocol 3 Define a source and or destination IP address to be captured any ipv4_address ipv6_ address debug capture voip interface vlan VLAN ID proto Protocol host IP Address At this sta...

Page 866: ...Debug File You can manually retrieve the debug file from the device flash memory and save it to a folder on your local PC The device creates the debug file when an exception occurs Each time the devi...

Page 867: ...e of the active device For devices in HA mode you can download the redundant device s debug file by clicking the Save Redundant Device s Debug File button The button appears only if the device is in H...

Page 868: ...clients You can configure the debug level from 1 to 3 where 3 is the most detailed The debug messages are sent to the Syslog server To configure debugging of Web services 1 Open the Web Service Setti...

Page 869: ...tter understanding of the SIP call The call flow displays all the SIP messages related to the call session including requests e g INVITEs and responses e g 200 OK For SBC calls the call flow reflects...

Page 870: ...ages that fail authentication SIP 4xx challenge The feature does not support SIPRec messages and REGISTER messages For HA systems during a switchover the device stops sending the SIP call flow message...

Page 871: ...incoming SIP message containing the Global Session ID it sends the same Global Session ID in the outgoing SIP message If the incoming SIP message does not con tain a Global Session ID or if a new sess...

Page 872: ...host and the remote endpoint can be defined as an IP Group or IP address Test calls can be dialed automatically at a user defined interval and or manually when required When a SIP test call is initiat...

Page 873: ...art is used in the SIP From header in REGISTER requests The valid value is a string of up to 150 characters By default the parameter is not configured Note The parameter is mandatory Called URI called...

Page 874: ...he IP Group but uses only its IP Profile The IP Group is used for incoming and outgoing calls Destination Address dst address Test_Call_DestAddress Defines the destination host The valid value is an I...

Page 875: ...onfigure Coder Groups see Configuring Coder Groups Note The parameter s settings override the corresponding parameter of the IP Profile associated with the rule s IP Group If you don t configure this...

Page 876: ...ured the parameter s settings override the corresponding parameter of the IP Profile associated with the rule s IP Group Media Security Mode media security mode Test_Call_MediaSecurityMode Defines the...

Page 877: ...Alternative DTMF Method As Is If the Test Call receives the SDP offer the recommended configuration is as follows i e incoming SDP offer determines the method RFC 2833 Mode As Is Alternative DTMF Meth...

Page 878: ...calls per second Note The parameter is applicable only if you configure Call Party to Caller Test Mode test mode Test_Call_TestMode Defines the test session mode 0 Once Default The test runs until the...

Page 879: ...he following early yes Indicates that NetAnn is used for playing the tone play Prompt Tone Index in PRT file Defines the tone to play from the PRT file repeat Times Defines how many times the tone is...

Page 880: ...n the call is answered The valid value is the index number 0 79 of the tone in the PRT file By default 1 the device plays the tone defined at index 22 acDialTone2 Note The parameter is applicable only...

Page 881: ...point for the test call endpoint when all these calls end the status returns to Idle Terminating Test call is in the process of terminating currently established calls when Drop Call is clicked from t...

Page 882: ...were disconnected by the remote side Average CPS Average calls per second Elapsed Time Duration of the test call since it was started or restarted Test Status Status brief description as displayed in...

Page 883: ...MOS count and color threshold status of local and remote sides according to the assigned QoE Profile Delay Status Packet delay count and color threshold status of local and remote sides according to...

Page 884: ...endpoint The figure below displays a basic test call example To configure basic call testing 1 Open the Test Call Settings page Troubleshoot menu Troubleshoot tab Test Call folder Test Call Settings...

Page 885: ...Codes devices Device A and Device B with simulated test endpoints This eliminates the need for phone users who would otherwise need to answer and end calls many times for batch testing The calls are i...

Page 886: ...eful for example for verifying that endpoints located in the LAN can register with an external proxy and subsequently communicate with one another This example assumes that you have configured your de...

Page 887: ...ote host or IP address by pinging the network entity IPv4 The ping to an IPv4 address can be done from any of the device s VoIP interfaces that is configured with an IPv4 address The ping is done usin...

Page 888: ...Part XI Appendix...

Page 889: ...ple 3 45 represents the prefix number 3 45 To denote the key when it appears at the end of the number enclose it in square brackets For example 134 denotes any number that starts with 134 asterisk sym...

Page 890: ...aracters Examples To denote a one digit number starting prefix with 2 3 4 5 or 6 2 3 4 5 6 To denote a one digit number ending suffix with 7 8 or 9 7 8 9 Prefix with suffix 2 3 4 5 6 7 8 9 prefix is d...

Page 891: ...x to 49 287303 29 165 xxxxx where 28 is the ASCII HEX value for and 29 is the ASCII HEX value for The manipulation rule in this example would denote the parenthesis in the destination number prefix us...

Page 892: ...default no value is defined For more information see Configuring a Hostname for the Device on page 84 WebLoginBlockAutoComplete Disables autocompletion when entering the management login username in...

Page 893: ...TLS TCP client connections and reject incoming TLS TCP client connections when the device is in locked state 0 Disable default 1 Enable For more information see Locking and Unlocking the Device on pag...

Page 894: ...oating License feature Note The parameter is applicable only when the Allocation Profile is configured to Custom Limit SBC Media Sessions configure system floating license limit media sessions LimitMe...

Page 895: ...this duration expires the password of the Web user must be changed The valid value is 0 to 100000 where 0 means that the password is always valid The default is 1140 Note The parameter is applicable o...

Page 896: ...gin from this same IP address The valid value is 0 to 100000 where 0 means that login is not denied regardless of number of failed login attempts The default is 60 Display Last Login Information Displ...

Page 897: ...ounts TLS Contexts Time and Date Maintenance Actions Load Auxiliary Files Software Upgrade Wizard and Configuration File Note For the parameter to take effect a device reset is required ResetWebPasswo...

Page 898: ...of the ini file table parameter is WelcomeMessage FORMAT WelcomeMessage_Index WelcomeMessage_Text WelcomeMessage For Example FORMAT WelcomeMessage_Index WelcomeMessage_Text WelcomeMessage 1 WelcomeMe...

Page 899: ...go in the Web interface The valid value is a string of up to 15 characters For more information see Replacing the Corporate Logo with Text Note The parameter is applicable only when the UseWebLogo par...

Page 900: ...netMaxSessions Defines the maximum number of permitted concurrent Telnet or SSH sessions The valid range is 1 to 5 sessions The default is 2 Note Before changing the value make sure that not more than...

Page 901: ...ce s Local Users table see Configuring Man agement User Accounts on page 41 c Save the device s CLI Script file to your local PC see Saving and Loading CLI Script Files on page 689 d Open the file and...

Page 902: ...range is a string of up to 255 characters ifAlias Defines the textual name of the interface The value is equal to the ifAlias SNMP MIB object The valid range is a string of up to 64 characters config...

Page 903: ...e Guide for Gateways SBCs MSBRs ShortCallSeconds Defines the duration in seconds of a call for it to be considered a short call and thus included in the count of the performance monitoring SNMP MIBs f...

Page 904: ...te For the parameter to take effect a device reset is required ActiveAlarmTableMaxSize Defines the maximum number of currently active alarms that can be displayed in the Active Alarms table When the t...

Page 905: ...r has the same value for both active and redundant devices i e system identifier If the two devices return to Standalone mode i e non HA mode you must configure the parameter to a NULL value i e no va...

Page 906: ...r to receive traps sent by the device The device sends the traps to the DNS resolved IP address The valid range is a string of up to 99 characters For more information see Configuring an SNMP Trap Des...

Page 907: ...ng a CLI Session Note For the parameter to take effect a device reset is required SerialBaudRate Defines the serial communication baud rate The valid values include the following 1200 2400 9600 14400...

Page 908: ...memory 0 Configuration isn t saved to flash memory 1 Default Configuration is saved to flash memory Auxiliary Filename Parameters Call Progress Tones File CallProgressTonesFilename Defines the name of...

Page 909: ...e cmp file 0 Default The Automatic Update mechanism doesn t apply to the cmp file 1 The Automatic Update mechanism includes the cmp file Note For the parameter to take effect a device reset is require...

Page 910: ...ioning server for the Automatic Update mechanism The valid value is a string of up to 511 characters The information can include any user defined string or the following string variable tags case sens...

Page 911: ...cryptographic hashing and basic access authentication with the HTTP server on which the files to download are located for the Automatic Update feature The valid value is a string of up to 128 charact...

Page 912: ...92 The default is 512 Note A higher value does not necessarily mean better performance The block size should be small enough to avoid IP fragmentation in the client network i e below MTU This feature...

Page 913: ...e date and time of the ini file are validated Only more recently dated ini files are loaded MAC Address Placeholder in Configuration File Name This option allows the loading of specific configurations...

Page 914: ...PT file and the URL address IP address or FQDN of the server where the file is located Optionally the username and password https username password 10 1 1 1 file name for access authentication with th...

Page 915: ...hentication with the server can also be configured sbc user info SBCUserInfoFileUrl Defines the name of the SBC User Information file and the URL address IP address or FQDN of the server where the fil...

Page 916: ...more information see Customizing the Favicon ConfPackageURL Defines the name of the Configuration Package file tar gz and the URL address IP address or FQDN of the server where the file is located Opt...

Page 917: ...are described in the table below Table 60 10 IP Network Routing Parameters Parameter Description Don t Send ICMP Unreachable Messages configure network network settings icmp disable unreachable Disabl...

Page 918: ...ontent Call Control applications You can also configure the feature per specific calls using IP Profiles IpProfile_SigIPDiffServ For a detailed description of the parameter and To configure the featur...

Page 919: ...e UA is behind NAT 1 Disable NAT Default The device considers the UA as not located behind NAT and sends media packets to the UA using the IP address port specified in the SDP c line Connection of the...

Page 920: ...ce is located behind NAT It is needed to keep the NAT pinhole open for the SNMP messages sent from OVOC to the device The valid range is 0 to 2 592 000 The default is 30 Note For the parameter to take...

Page 921: ...nable Note For the parameter to take effect a device reset is required For a detailed description of DHCP see DHCP based Provisioning The parameter is a hidden parameter Once defined and saved to flas...

Page 922: ...an be resolved from the DNS server providing NTP server redundancy The default IP address is 0 0 0 0 i e internal NTP client is disabled Secondary NTP Server Address secondary server NTPSecondaryServe...

Page 923: ...nables daylight saving time DST 0 Disable default 1 Enable Start Time Day of Month Start configure system clock summer time start DayLightSavingTimeStart Defines the date and time when DST begins This...

Page 924: ...e test fails the device sends information on the test results of each hardware component to the Syslog server 0 Default Rapid and Enhanced self test mode 1 Detailed self test mode full test of DSPs PC...

Page 925: ...e Syslog CDR and debug parameters are described in the table below Table 60 18 Syslog CDR and Debug Parameters Parameter Description Enable Syslog configure troubleshoot syslog syslog EnableSyslog Det...

Page 926: ...ort 514 default Syslog port This mechanism is active only when Syslog is enabled i e the parameter EnableSyslog is set to 1 Call End CDR SIP Reasons Filter configure troubleshoot cdr call end cdr sip...

Page 927: ...n some calls it may only be after the call is established but in other calls the media may start at ringback tone A CDR is also sent upon termination end of the media in the call 3 Update End Media Se...

Page 928: ...size in kilobytes of each locally stored CDR file When the Current file reaches this size the device creates a CDR file containing all the CDRs from the Current file The valid value is 1024 to 10 000...

Page 929: ...age as well as many other logged processes configure system cdr non call cdr rprt EnableNonCallCdr Enables creation of CDR messages for non call SIP dialogs such as SUBSCRIBE OPTIONS and REGISTER 0 De...

Page 930: ...at least 5 greater than threshold Debug level is reduced another level CPU usage is 5 to 19 less than threshold Debug level is increased by one level CPU usage is at least 20 less than threshold Debu...

Page 931: ...IP message 1 Enables the feature If the device receives an incoming SIP message containing a Global Session ID it sends the same Global Session ID in the outgoing SIP message If the incoming SIP messa...

Page 932: ...e actions LDAP clear cache register unregister and start stop trunk In the Web these actions are typically done by clicking a button e g the LOCK button Note For the ini file parameter enclose values...

Page 933: ...igured by the RAIHighThreshold parameter When enabled and the threshold is crossed the device sends the SNMP trap acBoardCallResourcesAlarm 0 Default Disable 1 Enable Note For the parameter to take ef...

Page 934: ...uration in seconds to delay the transition from HA non operational state which occurs during HA synchronization between active and redundant devices to HA operational state This feature may be useful...

Page 935: ...chover based on HA priority 0 Disable Default A switchover over to the redundant device is done only if a failure occurs in the currently active device 1 Enable A switchover over to the redundant devi...

Page 936: ...network monitor threshold HaNetworkMonitorThreshold Defines the minimum number of monitored rows con figured in the HA Network Monitor table whose des tinations are unreachable that are required to tr...

Page 937: ...od TimeoutToRelatch media type Msec it latches on to the next packet received from any other stream If other packets of different media type are received from the new stream based on IP address and SS...

Page 938: ...another stream The valid range is any value from 0 The default is 200 Timeout To Relatch SRTP TimeoutToRelatchSRTPMsec Defines a period msec during which if no packets are received from the current S...

Page 939: ...is required Require Client Certificates for HTTPS connection configure system web req client cert HTTPSRequireClientCertificate Enables the requirement of client certificates for HTTPS connection 0 Di...

Page 940: ...specific calls using IP Profiles IpProfile_ EnableSymmetricMKI For a detailed description of the parameter and for configuring this feature in the IP Profiles table see Configuring IP Profiles Note I...

Page 941: ...ed RTP Packets configure voip media security RTP authentication disable tx RTPAuthenticationDisableTx Enables authentication on transmitted RTP packets in a secured RTP session 0 Enable default 1 Disa...

Page 942: ...behavior mode ResetSRTPStateUponRekey Global parameter that enables synchronization of the SRTP state between the device and a server when a new SRTP key is generated upon a SIP session expire You can...

Page 943: ...er Host Name Verification Mode configure network security settings PEERHOSTNAMEVERIFICATIONMODE PeerHostNameVerificationMode Enables the device to verify the Subject Name of a TLS certificate received...

Page 944: ...as well TLS Remote Subject Name configure network security settings tls rmt subs name TLSRemoteSubjectName Defines the Subject Name that is compared with the name defined in the remote side certifica...

Page 945: ...the proxy SSH port number on the active device for accessing the redundant device s embedded SSH server from the active device for downloading files from the redundant device The valid value is any v...

Page 946: ...configure system cli settings ssh max login attempts SSHMaxLoginAttempts Defines the maximum SSH login attempts allowed for entering an incorrect password by an administrator before the SSH session i...

Page 947: ...e to this parameter OCSP Parameters The Online Certificate Status Protocol OCSP parameters are described in the table below Table 60 27 OCSP Parameters Parameter Description Enable OCSP Server configu...

Page 948: ...as the host name in SIP From and To headers in REGISTER requests 0 Disable default 1 Enable If the parameter is disabled and the device registers to an IP Group i e proxy server it uses the string co...

Page 949: ...rules 1 Enable All SIP messages and responses are sent to the Proxy server Note The parameter is applicable only if a Proxy server is used i e the parameter IsProxyUsed is set to 1 DNS Query Type con...

Page 950: ...TR query is done If successful an SRV query is sent according to the information received in the NAPTR response If the NAPTR query fails an SRV query is done according to the configured transport type...

Page 951: ...he Proxy without authorization The Proxy sends a 401 407 response with a challenge for credentials The device saves caches the response for further uses The device sends a new request with the appropr...

Page 952: ...time interval in seconds after which a registration request is re sent if registration fails with a 4xx response or if there is no response from the Proxy Registrar server The default is 30 seconds Th...

Page 953: ...seconds As can be seen from the algorithm the upper bound wait time can never exceed the value of the MaxRegistrationBackoffTime parameter Registration Time Threshold configure voip sip definition pr...

Page 954: ...value of applies to all registrations but it can only be used if the Expires header field is present with a value of 0 Add Empty Authorization Header configure voip sip definition settings add empty a...

Page 955: ...mechanism uses a client to server ping keep alive and a corresponding server to client pong message This ping pong sequence allows the client and optionally the server to tell if its flow is still ac...

Page 956: ...int GeneratedRegistersInterval Defines the rate in seconds at which the device sends user register requests REGISTER messages The parameter is based on the maximum number of REGISTER messages that ca...

Page 957: ...rval TCPKeepAliveInterval Defines the interval in sec between consecutive keep alive probes regardless of what the connection has exchanged in the meantime The valid value is 10 to 65 000 The default...

Page 958: ...OK in response The parameter is disabled When enabled again new random user parts are assigned to the Accounts To configure Accounts see Configuring Registration Accounts UnregisterOnStartup Enables t...

Page 959: ...calls Note The Event header value is proprietary to AudioCodes Max SIP Message Length MaxSIPMessageLeng th Defines the maximum size in Kbytes for each SIP message that can be sent over the network The...

Page 960: ...nditions Via Source IP and user in Request URI 3 Verify dialog initiating INVITE and in dialog requests The VerifyRecievedRequestUri parameter functions together with the RegistrarProxySetID parameter...

Page 961: ...ion settings max nb of act calls MaxActiveCalls Defines the maximum number of simultaneous active calls supported by the device If the maximum number of calls is reached new calls are not established...

Page 962: ...ter is ignored for calls associated with the profile Session Expires Disconnect Time configure voip sip definitions settings sess exp disc time SessionExpiresDisco nnectTime Defines a session expiry t...

Page 963: ...d to detect mid call fax tones and to send T 38 Re INVITE messages upon fax detection If the remote party supports T 38 the fax is relayed over T 38 Note If VBD coder negotiation fails at call start a...

Page 964: ...sportType is set to 2 or 1 i e TCP or TLS and EnableSIPS is enabled TLS is used through the entire connection over multiple hops Note If the parameter is enabled and the parameter SIPTransportType is...

Page 965: ...tial TCP connection set up Note If the destination is a Proxy server the TCP TLS connection is persistent regardless of the settings of the parameter TCP Timeout configure voip sip definition settings...

Page 966: ...ltiple values 0 Default The device includes multiple P Preferred Identity SIP headers in the outgoing message for example Incoming message containing a P Preferred Identity header with multiple values...

Page 967: ...C REFER sip C domain com SIP 2 0 From sip A domain com tag 99asd To sip C domain com Refer To URI that identifies B s UA The Refer To header needs to contain a URI that user C can use to place a call...

Page 968: ...e default string product name software version is used for example User Agent AudioCodes Sip Gateway swver The maximum string length is 50 characters Note The software version number and preceding for...

Page 969: ...ibute in the outgoing SDP PacketCable defined format The mptime attribute enables the device to define a separate packetization period for each negotiated coder in the SDP The mptime attribute is only...

Page 970: ...ues sending traffic of other entities to the proxy All other SIP dialogs e g INVITE The device ignores the Retry After header and forwards the 503 response transparently to the other user agent Retry...

Page 971: ...Pai2 is configured the calling number is obtained from a specific header using the following logic a P Preferred Identity header b If the above header is not present then the first P Asserted Identit...

Page 972: ...voip sip definition settings delayed offer EnableDelayedOffer Determines whether the device sends the initial INVITE message with or without an SDP Sending the first INVITE without SDP is typically d...

Page 973: ...all User Information Usage configure voip sip definition settings user inf usage EnableUserInfoUsag e Enables the usage of the User Information which is loaded to the device in the User Information Au...

Page 974: ...n receipt of the 200 OK when the call is answered 0 Disable default 1 Enable Note The parameter is applicable only if SRTP is used configure voip sip definition settings number of active dialogs Numbe...

Page 975: ...t 1 sip configure voip sip definition settings 100 to 18x timeout TimeoutBetween100A nd18x Defines the timeout in msec between receiving a 100 Trying response and a subsequent 18x response If a 18x re...

Page 976: ...integration with Microsoft presence see Microsoft Skype for Business Presence of Third Party Endpoints Microsoft Presence Status EnableMSPresence Enables the device to notify using SIP PUBLISH messag...

Page 977: ...When enabled and certain scenarios exist the device does the following The above behavior is done upon one of the following scenarios The device is physically disconnected from the network i e Etherne...

Page 978: ...x Defines the maximum number of UDP transmissions of SIP messages first transmission plus retransmissions The range is 1 to 30 The default is 7 Number of RTX Before Hot Swap configure voip sip definit...

Page 979: ...and for configuring the feature see Configuring IP Profiles Note If the feature is configured for a specific profile the settings of the global parameter is ignored for calls associated with the prof...

Page 980: ...cho attenuation intensity The valid range is 0 to 3 The default is 0 Max ERL Threshold DB configure voip media voice acoustic echo suppressor max ERL AcousticEchoSuppMaxERLThreshold Defines the acoust...

Page 981: ...efficients RTPSIDCoeffNum Defines the number of spectral coefficients added to an SID packet being sent according to RFC 3389 The valid values are 0 default 4 6 8 and 10 Answer Detector AD Parameters...

Page 982: ...load only no header TOC or m factor similar to RFC 3558 Header Free format 1 Supports RFC 2658 1 byte for interleaving header always 0 TOC no m factor 2 Payload including TOC only allow m factor 3 RFC...

Page 983: ...t according to RFC 2833 and muted when received Note The parameter is automatically updated if the parameters FirstTxDTMFOption or RxDTMFOption are configured DTMF Volume 31 to 0 dB configure voip med...

Page 984: ...y upon detection of an End event RTP RTCP and T 38 Parameters The RTP RTCP and T 38 parameters are described in the table below Table 60 34 RTP RTCP and T 38 Parameters Parameter Description Dynamic J...

Page 985: ...tmf and dialing telephony events payload type tx RFC2833TxPayloadType Defines the Tx RFC 2833 DTMF relay dynamic payload type for outbound calls The valid range is 96 to 127 The default is 96 Note Whe...

Page 986: ...and issues warnings to notify of the invalid packets Note The parameter is applicable only if the IPProfile_ TranscodingMode parameter is configured to RTP Forwarding Forward Unknown RTP Payload Types...

Page 987: ...Voice Device activates T 38 fax relay upon receipt of a re INVITE with T 38 and audio media in the SDP The parameter is used for transmission from fax machines connected to the device and located insi...

Page 988: ...pEnable parameter no operation interval RTPNoOpPayloadType Defines the payload type of No Op packets The valid range is 96 to 127 for the range of Dynamic RTP Payload Type for all types of non hard co...

Page 989: ...value range is 0 to 65 535 The default is 5 000 Disable RTCP XR Interval Randomization configure voip media rtp rtcp disable RTCP randomization DisableRTCPRandomize Determines whether RTCP report inte...

Page 990: ...emTransportType Determines the V 21 modem transport type 0 Disable Default Transparent 2 Enable Bypass 3 Events Only Transparent with Events Note You can also configure this feature per specific calls...

Page 991: ...media fax modem V34 modem transport type V34ModemTransportType Determines the V 90 V 34 modem transport type 0 Disable Transparent 2 Enable Bypass default 3 Events Only Transparent with Events Note Yo...

Page 992: ...r calls associated with the IP Profile SIP T 38 Version configure voip sip definition settings sip t38 ver SIPT38Version Defines the T 38 fax relay version 1 Not Configured Default No T 38 0 Version 0...

Page 993: ...te supported between the local and remote endpoints Fax Relay ECM Enable configure voip media fax modem ecm mode FaxRelayECMEnable Enables Error Correction Mode ECM mode during fax relay 0 Disable 1 E...

Page 994: ...to 31 dB in 1 dB steps The default is 0 i e no gain Modem Bypass Output Gain configure voip media fax modem modem bypass output gain ModemBypassOutputGain Defines the modem bypass output gain control...

Page 995: ...re per specific calls using IP Profiles IpProfile_NSEMode For a detailed description of the parameter and for configuring this feature in the IP Profiles table see Configuring IP Profiles Note If this...

Page 996: ...to 1 T 38 Relay or 3 Fax Fallback CED Transfer Mode configure voip media fax modem ced transfer mode CEDTransferMode Defines the method for sending fax modem CED answering tones 0 Fax Relay or VBD De...

Page 997: ...nsport Channel 0 The range is 140 to 256 The default is 140 SPRT Transport Ch 2 Max Payload Size configure voip media fax modem SPRT transport channel2 max payload size V1501SPRTTransportChannel2MaxPa...

Page 998: ...shed call i e RTP flow suddenly stops during the call The valid range is from 3 i e 300 msec to approx 2684354 i e 74 5 hours The default is 100 i e 10 000 msec or 10 seconds Note The parameter is app...

Page 999: ...g from the proxy server to the Gateway PSTN 0 Disable default 1 Enable SBC specific Parameters configure voip application enable sbc EnableSBCApplication Enables the Session Border Control SBC applica...

Page 1000: ...re per specific calls using IP Profiles IpProfile_SBCMaxCallDuration For a detailed description of the parameter and for configuring this feature in the IP Profiles table see Configuring IP Profiles I...

Page 1001: ...S to the working proxy regardless of the Contact header The working proxy address is determined by the device s keep alive mechanism for the Proxy Set that was used to route the initial SUBSCRIBE Note...

Page 1002: ...tag generated by the called party All SIP messages between the device and caller use this generated To tag while all SIP messages between the device and called party use the To tag generated by the ca...

Page 1003: ...s considered timed out This value is conveyed in the SIP Min SE header The valid range is 0 default to 1 000 000 where 0 means that the device does not limit Session Expires configure voip sbc setting...

Page 1004: ...ured using the SBCSessionExpires and SBCMinSE parameters respectively User Registration Grace Time configure voip sbc settings sbc usr reg grace time SBCUserRegistrationGraceTime Defines additional ti...

Page 1005: ...ndle P Asserted Identity configure voip sbc settings p assert id SBCAssertIdentity Global parameter that defines the handling of the SIP P Asserted Identity header You can also configure this feature...

Page 1006: ...hich are sent to Server type IP Groups Depending on the Remote Representation Mode parameter of the IP Profiles table IpProfile_ SBCRemoteRepresentationMode the host part in the SIP Contact header can...

Page 1007: ...URIs Port The ports of the URIs are excluded in the comparison of the two URIs but all other URI parameters are included in the comparison port can be combined with other URI parameters that you want...

Page 1008: ...he settings of this global parameter is ignored for calls associated with the IP Profile configure voip sbc settings sbc xfer prefix SBCXferPrefix When the SBCReferBehavior is set to 1 the device whil...

Page 1009: ...e image in its SDP offer v 0 o bob 2890844730 2890844731 IN IP4 host example com s c IN IP4 host example com t 0 0 m audio 0 RTP AVP 0 m image 12345 udptl t38 If the parameter is disabled the only m l...

Page 1010: ...e default is 300 Authentication Challenge Method configure voip sbc settings auth chlng mthd AuthChallengeMethod Defines the type of server based authentication challenge 0 0 Default Send SIP 401 Unau...

Page 1011: ...SBC User Registration Time configure voip sbc settings sbc usr rgstr time SBCUserRegistrationTime Global parameter that defines the duration in seconds of the periodic registrations that occur betwee...

Page 1012: ...ore distributed over time i e do not all occur simultaneously The valid value is 0 disabled to 20 any value from 1 to 20 is considered enabled The default is enabled 10 If disabled i e 0 the device do...

Page 1013: ...the device is in survivability state i e when REGISTER requests cannot be forwarded to the proxy and are terminated by the device When set to 0 the device uses the value set by the SBCUserRegistratio...

Page 1014: ...fines the maximum duration in seconds that the device is prepared to wait for a response from external servers when a routing rule is configured to query an external server e g LDAP server on whose re...

Page 1015: ...IP BYE request before disconnecting the call This feature prevents for example a scenario in which the SBC SIP client receives a BYE request from a third party imposer assuming the identity of a parti...

Page 1016: ...C calls whereby SIP signaling is handled by the device without handling the RTP SRTP media flow between the user agents UA The RTP packets do not traverse the device Instead the two SIP UAs establish...

Page 1017: ...0 Doesn t Include Extensions Default Extension coders are added at the end of the coder list 1 Include Extensions Extension coders and Allowed coders are arranged according to their order of appearan...

Page 1018: ...on the device Note The device always forwards REGISTER messages of the primary line SBC Forking Handling Mode configure voip sbc settings sbc forking handling mode SBCForkingHandlingMode Defines the h...

Page 1019: ...synchronization is required 1 Enable Media synchronization is performed if the media including RTP mode or any other media such as coders is different and has not been negotiated between the user agen...

Page 1020: ...mption Mode configure voip sbc settings sbc preemption mode SBCPreemptionMode Enables SBC emergency call preemption 0 Disable default 1 Enable Emergency Message Condition configure voip sbc settings s...

Page 1021: ...SBC features that require DSP resources use two DSP channels For example if the device needs to perform coder transcoding between two endpoints where one uses the G 711 coder and the other uses G 729...

Page 1022: ...sec 17 17 8 00 dB sec 18 18 9 00 dB sec 19 19 10 00 dB sec 20 20 11 00 dB sec 21 21 12 00 dB sec 22 22 13 00 dB sec 23 23 14 00 dB sec 24 24 15 00 dB sec 25 25 20 00 dB sec 26 26 25 00 dB sec 27 27 3...

Page 1023: ...so configure this feature per specific calls using IP Profiles IpProfile_ AMDSensitivityParameterSuit For a detailed description of the parameter and for configuring this feature in the IP Profiles ta...

Page 1024: ...he maximum duration of silence from after the greeting time is over configured by AMDMaxGreetingTime until the device s AMD decision You can also configure this feature per specific calls using IP Pro...

Page 1025: ...ameters are described in the table below Table 60 40 SIP based Media Recording Parameters Parameter Description SIP Recording Application configure voip sip definition sip recording settings enable si...

Page 1026: ...33 38Z associate time RADIUS and LDAP Parameters This section describes the RADIUS and LDAP parameters General Parameters The general RADIUS and LDAP parameters are described in the table below Table...

Page 1027: ...ault access level for the device when the LDAP RADIUS response doesn t include an access level attribute for determining the user s management access level The valid range is 0 to 255 The default is 2...

Page 1028: ...ission See also the RADIUSRetransmission parameter The valid range is 1 to 30 The default is 2 RADIUS Accounting Parameters RADIUS Accounting Type configure voip sip definition settings radius account...

Page 1029: ...everts to the initial value configured by RadiusLocalCacheTimeout Password Local Cache Timeout configure system radius settings local cache timeout RadiusLocalCacheTimeout Defines the time in seconds...

Page 1030: ...tribute ldap numeric attr LDAPNumericAttributes Defines up to five LDAP Attributes separated by commas for which the device employs LDAP query searches in the AD for numbers that may have characters b...

Page 1031: ...PPrimaryKey Defines the name of the attribute used as a query search key for the destination number in the AD This is used instead of the PBX attribute name configured by the MSLDAPPBXNumAttributeName...

Page 1032: ...ologyStatus API command to HTTP remote hosts 0 Disable default 1 Enable For more information see Configuring HTTP Services HTTP Proxy Parameters The HTTP Proxy service parameters are described in the...

Page 1033: ...imary DNS server in dotted decimal notation which is used for translating domain names into IP addresses for the HTTP service By default no IP address is defined Secondary DNS Server IP dns secondary...

Page 1034: ...aling Media and User Registrations For the device s supported capacity SIP signaling media and user registrations refer to the SBC Gateway MSBR Series Release Notes Ver 7 2 which can be downloaded fro...

Page 1035: ...ediant 4000 SBC User s Manual 62 Technical Specifications For technical specifications see the device s Datasheet which can be downloaded from AudioCodes website at https www audiocodes com media 2411...

Page 1036: ...This page is intentionally left blank CHAPTER 62 Technical Specifications Mediant 4000 SBC User s Manual 1003...

Page 1037: ...www audiocodes com 2019 AudioCodes Ltd All rights reserved AudioCodes AC HD VoIP HD VoIP Sounds Better IPmedia Mediant MediaPack What s Inside Matters OSN SmartTAP User Management Pack VMAS VoIPerfect...

Reviews:

No comments