manualshive.com logo in svg

Samsung Ubigate iBG2016, Configuration Manual

Share
Download
Samsung Ubigate iBG2016 Configuration Manual Download Page 286

CHAPTER 3. Firewall NAT 

236

 

© SAMSUNG Electronics Co., Ltd. 

Application Level Gateways 

For packets to pass through firewall a corresponding allow policy will be 
required. If there is no policy, then the packet will be dropped by firewall.   
But some applications(for ex: FTP, games) open connections dynamically 
based on respective application parameter. It is a security threat to add firewall 
rules to pre-open such port numbers. Intelligence can be added to parse 
packets for such application and open appropriate dynamic connections.   
This is referred as Application Level Gateway(ALG), wherein the firewall, 
acting at routing level can parse application’s data. With this, firewall can 
allow packets for many applications(that require some special processing) and 
at the same time not compromising on firewall.   
 
All the ALGs are enabled by default and there are CLI commands to enable or 
disable ALGs administratively. 
 

Network Address Translation 

NAT functionality in firewall conceals network addresses avoiding this 
disclosure as public information. This functionality also provides solutions for 
IP address depletion issue, by allowing multiple hosts to share limited public 
IP addresses. Firewall has reverse NAT capabilities, which enables users to 
host various Internet services in the private IP address space, such as web 
servers, e-mail servers, Real Audio servers, and others. 
 
Firewall has an inbuilt functionality for providing Network Address 
Translation. Firewall supports configuration of NAT records, by which NAT IP 
addresses can be configured before attaching them to policies. NAT database 
maintains a list of such NAT IP addresses and it can be eventually attached to 
access policies.   
 
There are the 3 types of NAT that can be configured with the NAT database: 
many-to-one(PAT), one-to-one(static) and many-to-many(dynamic). 
 
The NAT records created in the NAT databases would eventually be attached 
to the access policy database, based on the access policy type(whether it is out 
bound or in bound). The NAT record would eventually be used in one of the 
following category.   

y

 

Many-to-one regular NAT(NAT record attached to out bound policy) 

y

 

One-to-one regular NAT(NAT record attached to out bound policy) 

Summary of Contents for Ubigate iBG2016

Page 1: ......

Page 2: ...cs All other company and product names may be trademarks of the respective companies with which they are associated This manual should be read before the installation and operation and the operator should correctly install and operate the product by using this manual This manual may be changed for the system improvement standardization and other technical reasons without prior notice For further i...

Page 3: ... communications Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense FCC REQUIREMENTS Thie equipment the Ubigate iBG2016 complies with Part 68 of the FCC rules and the requirements adopted by the ATCA On the top of this equipment is a label that contains among other informati...

Page 4: ...th Part 68 of the FCC rules The FCC Part 68 label is located on the bottom chassis panel This label contains the FCC Registration Number and Ringer Equivalence Number REN for this equipment If requested this information must be provided to your telephone company Connection to the telephone network should be made by using standard modular telephone jacks type RJ 11C The RJ 11C plug and or jacks use...

Page 5: ...you will be advised of your right to file a complaint with the FCC if you believe it is necessary CHANGES TO TELEPHONE COMPANY EQUIPMENT OR FACILITIES The telephone company may make changes in its facilities equipment operations or procedures that could affect the operation of the equipment If this happens the telephone company will provide advance notice in order for you to make necessary modific...

Page 6: ...hed Telephone Network PSTN when DID calls are y Answered by the called station y Answered by the attendant y Routed to a recorded announcement that can be administered by the Customer Premises Equipment CPE user y Routed to a dial prompt B This equipment returns answer supervision on all DID calls forwarded to the PSTN Permissible exceptions are y A call is unanswered y A busy tone is received y A...

Page 7: ...ws a license may be required from the American Society of Composers Authors and Publishers ASCAP or other similar organizations if copyright music is transmitted through the Music on Hold feature SAMSUNG ELECTRONICS CO LTD hereby disclaims any liability arising out of failure to obtain such a license DISA WARNING Lines that are used for the Direct Inward System Access feature must have the disconn...

Page 8: ...stem has been tested to comply with safety standards in the United States and Canada This system is listed with Underwriters Laboratories The cUL Mark is separately shown on the label The following statement from Underwriters Labs applies to the Ubigate iBG2016 System 1 Separation of TNV and SELV Pluggable A The separate protective earthing terminal provided on this product shall be permanently co...

Page 9: ... in Part K of Article 250 of the National Electrical Code ANSI NFPA 70 and Article 10 of Part 1 of the Canadian Electrical Code Part 1 C22 1 Termination of the supplementary earthing conductor is permitted to be made to building steel to a metal electrical raceway system or to any earthed item that is permanently and reliably connected to the electrical service equipment earthed 3 Bare covered or ...

Page 10: ...nection of the equipment to the supply circuit and the effect that overloading of the circuits might have on overcurrent protection and supply wiring Appropriate consideration of equipment nameplate ratings should be used when addressing this concern E Reliable Earthing Reliable earthing of rack mounted equipment should be maintained Particular attention should be given to supply connections other...

Page 11: ...te iBG2016 This manual is for engineers technicians and others involved with the planning and operation of the Ubigate iBG2016 Document Content and Organization This manual contains the following chapters PART I System Configuration CHAPTER 1 Basic Configuration CHAPTER 2 Port Numbering CHAPTER 3 Management Configuration CHAPTER 4 System Logging CHAPTER 5 RMON Configuration ...

Page 12: ...ng and Routing Protocols CHAPTER 1 Layer 2 Switching CHAPTER 2 DHCP Relay CHAPTER 3 Static Routing CHAPTER 4 RIP CHAPTER 5 OSPF CHAPTER 6 BGP CHAPTER 7 MultiCast Protocols CHAPTER 8 VRRP CHAPTER 9 MPLS CHAPTER 10 QoS CHAPTER 11 VLAN forwarding with QoS PART IV Security CHAPTER 1 Authentication Authorization Accounting CHAPTER 2 Packet Filtering CHAPTER 3 Firewall NAT CHAPTER 4 GRE CHAPTER 5 IPSEC ...

Page 13: ...ER 8 Routing and Digit Manipulation CHAPTER 9 Extended VoIP Services CHAPTER 10 Call Admission Control CHAPTER 11 Management CHAPTER 12 Survivable Telephony Conventions The following types of paragraphs contain special information that must be carefully read and thoroughly understood Such information may or may not be enclosed in a rectangular box separating it from the main text but is always pre...

Page 14: ...r on the console screen Reference Ubigate iBG2016 System Description Ubigate iBG2016 Installation Manual Ubigate iBG2016 Command Reference Ubigate iBG2016 Message Reference Ubigate iBG2016 TroubleShooting Manual Ubigate iBG2016 Quick Start Guide Ubigate iBG2016 iBG DM User Guide Ubigate ISM User Guide Ubigate iPX User Guide Contacting Technical Support For questions regarding the product and the c...

Page 15: ...NG Electronics Co Ltd XIII Obtaining Publications and Additional Information The Ubigate iBG2016 documentation set and additional literature is available at http www samsungen com Revision History EDITION DATE OF ISSUE REMARKS 00 12 2006 First Draft ...

Page 16: ...INTRODUCTION XIV SAMSUNG Electronics Co Ltd This page is intentionally left blank ...

Page 17: ... WARNING 오류 책갈피가 정의되어 있지 않습니다 UNDERWRITERS LABORATORIES 오류 책갈피가 정의되어 있지 않습니다 INTRODUCTION IX Purpose IX Document Content and Organization IX Conventions XI Console Screen Output XII Reference XII Contacting Technical Support XII Obtaining Publications and Additional Information XIII Revision History XIII PART I System Configuration CHAPTER 1 Basic Configuration 24 Logging in 24 Command Line Interf...

Page 18: ...gging System Events 24 CHAPTER 5 RMON Configuration 24 Configuring Remote Monitoring 24 Configuring RMON 24 Verifying RMON Configuration 24 PART II WAN Interface and Protocols CHAPTER 1 Serial Interfaces 24 Serial Interfaces Overview 24 Multi Protocol Serial Interface 24 HSSI Interface 24 Module Configuration 24 Configuring V 35 24 Bundle Configuration 24 Configuring HSSI 24 CHAPTER 2 WAN Interfac...

Page 19: ...ting Protocols CHAPTER 1 Layer 2 Switching 24 Layer 2 LAN Switching and Bridging 24 IGMP Snooping 24 Protocol Configuration 24 Bridge Configurations 24 Configuring 802 1x 24 LACP Configuration 24 GVRP Configuration 24 Configuring IGMP Snooping 24 CHAPTER 2 DHCP Relay 24 CHAPTER 3 Static Routing 24 Configuring Static Routes 24 CHAPTER 4 RIP 24 RIP Protocol Features 24 Configuring RIP 24 Configuring...

Page 20: ...Management Protocol IGMP 24 CHAPTER 8 VRRP 24 Configuring VRRP 24 CHAPTER 9 MPLS 24 MPLS Overview 24 MPLS Forwarding 24 QoS 24 Martini L2 VPN Overview 24 MPLS Configuration Example 24 Label Distribution Protocol LDP Overview 24 Enabling label switching minimal configuration 24 Establishing a Trunk CSPF disabled 24 Establishing a Trunk Using CSPF 24 Establishing a Trunk Using Explicitly Defined Pat...

Page 21: ...Historical Statistics 24 Traffic Policing versus Traffic Shaping 24 Need for Traffic Policing 24 Traffic Policing Functionality on iBG2016 24 Configuring Traffic Policing 24 Verifying Policing Status and Configuration 24 Limitations 24 Multi Field Classification 24 Packet Marking 24 Configuring MF Classification 24 Traffic Policing 24 Policing Using Single Rate Three Color Marking srTCM 24 Configu...

Page 22: ...ware QoS 24 CoS Attributes Marking 24 L2 Bridge Based CoS Marking 24 Configuration Example 24 Verifying the Configuration 24 InLIF Based CoS Marking 24 Configuration Example 24 Verifying the Configuration 24 Policy Based CoS Marking 24 Configuration Example 24 Verifying the Configuration 24 Policing based CoS Marking CoS Re marking and L2 based CoS Re marking 24 Configuration Example 24 Verifying ...

Page 23: ...ain 24 Configuring Bridging on the WAN Interface 24 Creating a Bridge Group 24 Verifying the Configuration 24 PART IV Security CHAPTER 1 Authentication Authorization Accounting 24 Configuration Examples 24 CHAPTER 2 Packet Filtering 24 Example Blocking Telnet Access 24 Configure the Ubigate iBG2016 24 CHAPTER 3 Firewall NAT 24 Overview 24 Virtual Firewall 24 Access Policy Database 24 Application L...

Page 24: ...uction to Security 24 Securing Remote Access Using IPSec VPN 24 Access Methods 24 Securely Managing the Ubigate iBG2016 System Example 24 Joining Two Private Networks Example 24 Joining Two Networks using Multiple IPSec Proposals Example 24 Supporting Remote User Access Example 24 Configuring IPSec Remote Access Example 24 PART V Voice CHAPTER 1 Voice Feature 24 Introduction of Voice Feature 24 Ne...

Page 25: ...ing a H 323 Gateway 24 Verifying and Troubleshooting H 323 Features 24 CHAPTER 5 Analog Voice Port 24 Introduction to Analog Voice Port Features 24 Analog Voice Port Monitoring 24 Configuring Analog FXS Voice Port 24 Configuring Analog FXO Voice Port 24 Configuring Analog E M Voice Port 24 Configuring Analog DID 24 Configuring E911 CAMA 24 CHAPTER 6 Digital Voice Port 24 Digital Trunk E1 R2 Featur...

Page 26: ...ble Telephony Mode 24 Supplementary Services for Stand Alone Mode 24 CHAPTER 10 Call Admission Control 24 Local CAC 24 Resource based CAC 24 Call admission Spike 24 Call admission Treatment 24 CHAPTER 11 Management 24 Alarm 24 Statistics 24 Debug Management 24 CDR Management 24 CHAPTER 12 Survivable Telephony 24 Configuring Call Forward for Survivable Telephony 24 Configuring System Message for Su...

Page 27: ...1 Overview of PPP 24 Figure 4 1 Multlink Frame Relay with Three Sites 24 Figure 4 2 Multilink Frame Relay with Three Site Details 24 PART III Figure 1 1 Configuring 802 1x Security 24 Figure 1 2 Link Aggregation Example 24 Figure 1 3 GVRP Configuration 24 Figure 1 4 IGMP Snooping Example 24 Figure 2 1 DHCP relay overview 24 Figure 2 2 BOOTP Requests 24 Figure 2 3 BOOTP Replies 24 Figure 2 4 Typica...

Page 28: ...g 24 Figure 11 1 VLAN Forwarding Multi Tenant Internet Access 24 PART IV Figure 3 1 Virtual Firewall 24 Figure 3 2 Three Legged Firewall Network 24 Figure 3 3 Access policy database lookup 24 Figure 3 4 Dynamic NAT 24 Figure 3 5 Mapping Multiple NAT Addresses to One Public IP Address 24 Figure 3 6 Static NAT 24 Figure 3 7 Dynamic and Static NAT 24 Figure 3 8 Mapping Ports 24 Figure 3 9 Reverse NAT...

Page 29: ...r 24 Figure 3 9 SIP Gateway to SIP Gateway Call via SIP Proxy Server with Record Route Enabled 24 Figure 4 1 Call Setup from a known H 323 Endpoint 24 Figure 4 2 Call Setup from a unknown H 323 Endpoint no Gatekeepers 24 Figure 4 3 Call Setup from a unknown H 323 Endpoint with Gatekeeper 24 Figure 4 4 Call Setup from Gatekeeper 24 Figure 4 5 Call Setup to a known H 323 Endpoint 24 Figure 4 6 Call ...

Page 30: ... Legs 24 Figure 8 2 Call Legs from the Perspective of the Originating Router 24 Figure 8 3 Call Legs from the Perspective of the Terminating Router 24 Figure 8 4 Matching Call Legs to Dial Peers 24 Figure 8 5 Dial Peers from the Perspective of the Originating Ubigate iBG2016 24 Figure 8 6 Dial Peers from the Perspective of the Terminating Ubigate iBG2016 24 Figure 8 7 Communication Between Dial Pe...

Page 31: ...nd 24 Table 4 6 H 323 Call Tracing Debug Command 24 Table 4 7 combination to enable or shutdown H 323 Service 24 Table 4 8 commands of voice service h323 configuration and voice class h323 configuration 24 Table 7 1 switch type parameter description BRI 24 Table 7 2 switch type parameter description PRI 24 Table 8 1 Wild card Symbol 24 Table 8 2 Number Expansion Commands 24 Table 8 3 Characters of...

Page 32: ... H 225 0 CS Statistics command 24 Table 11 9 H 225 0 RAS Statistics command 24 Table 11 10 H 245Statistics command 24 Table 11 11 Voice Call Control Debug 24 Table 11 12 Voice Protocol Module Debug 24 Table 11 13 H323 Debug 24 Table 11 14 SIP Debug 24 Table 11 15 Voice Debug 24 Table 11 16 Voice Call log Debug 24 Table 11 17 Attribute List 24 Table 11 18 Vendor Specific Attribute List 24 ...

Page 33: ...PART I System Configuration Chapter 1 Basic Configuration Chapter 2 Port Numbering Chapter 3 Management Configuration Chapter 4 System Logging Chapter 5 RMON Configuration ...

Page 34: ......

Page 35: ...as in the figure login samsung password samsung samsung logged in on Fri May 7 05 28 01 2004 from console Router Changing Login Parameters The System Administrator login consists of two components the account name and the password The initial login name is always samsung but you can change this to suit the needs of your facility after logging in The default administrative password samsung should b...

Page 36: ... The system prompts for the current password 4 Type your new password and then press Return The system prompts for the new password 5 Type the new password again and then press Return The system prompts you to verify the new password Changing Administrator Account This procedure changes the system administrator login name to a user specific name Note that the default is samsung Step Command Descri...

Page 37: ...igure date 04 30 2005 sets the date to April 30 2005 3 Router configure time 18 14 sets the time to 18 14 User Account The system administrator can add up to 15 users and assign privileges from level 2 to level 4 The system administrator has the privilege level 1 and only can add modify remove the user information Adding a new user Step Command Description 1 Router configure terminal Enters the te...

Page 38: ...ns a text based help facility Access this help by typing in the full or partial command string then typing The CLI displays the command keywords or parameters plus a short description For example at the CLI command prompt type show the CLI does not display the question mark The CLI displays this keyword list with short descriptions for each keyword Router show aaa To access AAA display commands ac...

Page 39: ...B once again then it displays another parameter show ip Any available paramters can be fetched by typing TAB Type and the CLI shows the list of parameters for the show interface command Router show interface avc display information about an DTE to DTE MFR avc Bundle display information about a bundle Bundles display all the names of bundles Configured in the system Ethernet display an ethernet int...

Page 40: ...57393 Configuration File Operation By using the configure flash command you can set the Router system parameters from a configuration file stored in the flash memory This method is useful if the system configuration differs from the configuration file in flash memory and you want to restore the flash configuration It is recommended that all configuration files have a CFG extension At the main CLI ...

Page 41: ...TP protocol then executes the commands from that file without operator intervention It is recommended to use the configure network command if you want to configure one or more Router systems with the same configuration An example is shown below Router configure network host testhost type t tftp s scp t fileName test cfg shown below To save current configuration in a file on a remote server use the...

Page 42: ...CHAPTER 1 Basic Configuration 8 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...

Page 43: ...ule the bottom row is numbered first from right to left starting at port zero then the next row up is numbered from right to left starting with the next port number based on the lower rows last left most numbered port Main Board Ports Numbering There are five LAN interfaces on the main processing unit One Gigabit Ethernet SFP port and four Fast ports Then the Gigabit Ethernet ports follow the numb...

Page 44: ... number zero Figure 2 3 1 Port WAN Network Module Port Numbering Figure 2 4 4 Port WAN Network Module Port Numbering Voice carrier Modules can have voice only mini modules plugged into them Here is an example of a voice carrier module in slot 2 with a 4 port inimodule in sub slot 0 and a 2 port mini module in sub slot 1 X 1 or 2 10 G Gb bE E0 0 19 1 11 1 10 1 1 1 0 1 13 1 12 1 3 1 2 1 14 1 4 L LM ...

Page 45: ...r ports Port numbering is from right to left starting with port number zero X 0 1 2 or 3 Figure 2 6 1 Port Mini Module Port Numbering Figure 2 7 2 Port Mini Module Port Numbering Figure 2 8 4 Port Mini Module Port Numbering 1 0 1 1 0 0 1 1 1 1 1 0 VCU A BRI 1ST B1 B0 RDY ST 0 2 X 0 BRI 2ST B1 B0 RDY ST 0 ST 1 B1 B0 2 X 1 2 X 0 2 0 3 1 FXO 3 FXO 0 FXO 4M 2 X 0 2 X 1 2 X 2 2 X 3 FXO 1 FXO 2 ...

Page 46: ...r row of Ethernet ports numbered from right to left on the 20 port LAN network module in the network module slot 1 0 Right most port on the WAN network module in the network module slot WAN Network Module Port 1 3 Left most port of four ports on the WAN network module in the network module slot 1 0 0 Right most port on the voice mini module in the right hand sub slot in the voice carrier module pl...

Page 47: ...terprise MIB and the Standard MIB Enterprise MIBs The Enterprise mibs should be compiled in the following order 1 SUBMARINE SMI 2 SUBMARINE SNMP MIB mib 3 SUBMARINE SYSTEM MIB mib 4 SUBMARINE BUNDLE MIB mib 5 SUBMARINE PPP MIB mib 6 SUBMARINE FR MIB mib 7 SUBMARINE CONFIG MIB mib 8 SUBMARINE DSX TC mib 9 SUBMARINE DSX TE1 MIB mib 10 SUBMARINE DSX TE3 MIB mib 11 SUBMARINE CHASSIS MIB mib 12 SUBMARI...

Page 48: ...n a bundle comes up bundleUpTrap y Be notified when a link goes down linkDownTrap y Be notified when a link comes up linkUpTrap SUBMARINE CHASSIS MIB mib Use chassis mib to manage the platform SUBMARINE CONFIG MIB mib Use config mib to manage configuration data on the router in memory or on the network Use this MIB to y Be notified when the configuration changes cfgEventChangeNotification y Be not...

Page 49: ...o true and the specified power supply shuts off envPowerSupply1DownNotification envPowerSupply2DownNotification y Be notified if the trap is set to true and the specified power supply turns on envPowerSupply1UpNotification envPowerSupply2UpNotification SUBMARINE FR MIB mib This MIB manages Frame Relay and Multilink Frame Relay bundles and does not contain any traps SUBMARINE GHDLC MIB mib This MIB...

Page 50: ...e server sntpErrorNotification y Be notified when an there is a system shutdown shutDownNotification y Be notified when a user logs in successfully userAccessNotification y Be notified when a user logs off userLogOffNotification y Be notified when a user is having trouble logging in userLoginFailNotification SUBMARINE CLOCKMGR MIB mib This MIB defines objects related to manage the network clocking...

Page 51: ... does not contain any traps SUBMARINE SYSLOG MIB mib This MIB defines objects related to manage the system messages which is logging to console terminal buffer and syslog server This MIB does not contain any traps SUBMARINE RM MIB mib This MIB defines objects related to manage the system resource such as a cpu and a memory Use this MIB to y Be notified when Cpu utilization goes over threshold valu...

Page 52: ...call limit voiceMaxCallMajNotification voiceMaxCallMinNotification y Be notified when exceeding a threshold of the DSP channel capacity limit y voiceDspChanMajNotification voiceDspChanMinNotification y Be notified when connection fails between iBG and SIP entity voiceSipEntityNotification y Be notified when the FXO port is connected when using Loop Start ONLY voiceFXOConnNotification SUBMARINE ISM...

Page 53: ...fc2575 mib 13 rfc2572 mib 14 rfc2573 mib 15 rfc2574 mib 16 rfc2576 mib 17 rfc1907 mib 18 iftype mib 19 rfc2233 mib 20 rfc2127 mib 21 rfc2128 mib 22 rfc2618 mib 23 rfc2620 mib The Standard MIB folder contains the following MIBs iana iftype mib This contains the ifType enumerated values needed for rfc1213 mib and rfc2233 mib Compile iana iftype mib before you compile rfc2233 mib This MIB does not co...

Page 54: ...et like interface This MIB does not contain any traps rfc1657 mib This MIB manages specified BGP parameters This MIB does not contain any traps rfc1724 mib The objects in this MIB manage the RIP2 V2 Protocol in the router rfc1850 mib This MIB manages specified OSPF parameters This MIB does not contain any traps rfc2233 mib MIB objects for Interface Table extensions including StackTable and ifXTabl...

Page 55: ...issary release 4 0 rfc1757 mib This MIB defines objects for managing remote network monitoring devices rfc2571 mib This is the SNMP Management Architecture MIB rfc2575 mib The management information definitions for the View based Access Control Model for SNMP rfc2572 mib The MIB for Message Processing and Dispatching rfc2573 mib This MIB module defines MIB objects which provide mechanisms to remot...

Page 56: ...Type Textual Convention and thus the enumerated values of the ifType object defined in MIB II s ifTable rfc2127 mib The MIB module to describe the management of ISDN interfaces rfc2128 mib The MIB module to describe peer information for demand access and possibly other kinds of interfaces rfc2618 mib The MIB module for entities implementing the client side of the Remote Access Dialin User Service ...

Page 57: ... the SNMP community name and access privileges This entry is a password string that assigns access privileges to SNMP MIBs Router configure snmp server community readuser ro Router configure snmp server community writeuser rw snmp server target This command configures the recipient of an SNMP v2 trap Router configure snmp server target 90 90 90 240 162 v2c snmp server enable target traps This comm...

Page 58: ...x3 group traps dvmrp Sends DVMRP group traps environ Sends environment group traps fr Sends frame relay group traps imc Sends inter module communication group traps ism Sends ISM group traps mpls_ldp Sends MPLS LDP group traps mpls_lsr Sends MPLS LSR group traps mpls_te Sends MPLS TE group traps ospf Sends OSPF group traps pim Sends PIM group traps rm Sends resource managements group traps rmon Se...

Page 59: ...evel commands for configuring consolelogging and syslog event reporting y system logging consol This command configures system messages to be sent to the console y clear cfg_log This command clears the system configuration log y clear command_log This command clears all information in the command log y event This command accesses next level commands for configuring the event log y log local y log ...

Page 60: ...g server For more information on syslog see RFC 3164 The following bable shows the different levels of syslog message impact The first five message levels Emergency through Warning have the potential for affecting system performance or normal functionality The last three messagelevels Notification through Debug report events that do not typically require user monitoring and Samsung recommends that...

Page 61: ...efer to the Ubigate iBG2016 Message Reference Manual Use the following commands to configure and manage syslog y system logging syslog This command accesses next level commands for configuring syslog on the Router system y show system logging syslog Use this command to display configured status related to syslog ...

Page 62: ...CHAPTER 4 System Logging 28 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...

Page 63: ...ines the following groups 1 Statistics RMON group 1 Used for Ethernet Fast Ethernet and Gigabit Ethernet ports 2 History RMON group 2 Used for Ethernet Fast Ethernet and Gigabit Ethernet ports 3 Alarm RMON group 3 4 Event RMON group 9 The RMON agent does not require monitoring equipment or network analyzers however it is useful to collect agent data at Network Management System which must support ...

Page 64: ...nfigure rmon history ethernet 0 1 interval 100 buckets 10 owner Manager 1 To configure RMON alarms for specified MIB OIDs alarm entry index numbers interval rising falling alarm threshold rising falling event index alarm sample type absolute or delta alarm startup direction rising falling alarm or default and owner RMON group 3 enter Router configure rmon alarm 1 1 3 6 1 2 1 2 2 1 10 1 300 1000 0 ...

Page 65: ...To add an RMON events which can be a log a trap or log trap with additional information of community for sending traps event description and owner enter Router configure rmon event 2 log community ABC description event 2 owner Manager 2 Enabling RMON can have a significant impact on performance When RMON is running be aware of its impact on data processing and CPU cycles ...

Page 66: ...on alarm 1 Alarm Index 1 Variable OID 1 3 6 1 2 1 16 1 1 1 5 1 Last Sample Value 0 Interval 30 Sample Type absolute Alarm Startup Rise_Fall Rising or Falling Rising Threshold 100 Falling Threshold 0 Rising Event 1 Falling Event 1 Alarm Owner CLI Manager To show Ethernet history statistics for the specified Ethernet interface enter Router show rmon ethernet_history ethernet0 4 ethernet0 4 Rmon hist...

Page 67: ...re rmon show rmon history_control ethernet0 0 IndexBucketsInterval Owner 110 1800 CLI Manager RMON configure rmon To show the configured RMON events enter Router configure show rmon events RMON Events Configured Event Event Community Descrir index type 1 log 2 none r 2 trap 3 public none r To show RMON statistics for the specified interface enter Router configure rmon show rmon statistics ethernet...

Page 68: ...o127Octets 0 Packets of 128to255Octets 0 Packets of 256to511Octets 0 Packets of 512to1023Octets 0 Packets of 1024to1518Octets 0 RMON configure rmon To show RMON status enter Router configure show rmon status Rmon is ENABLED Router configure no rmon enable Rmon is disabled globally Router configure show rmon status Rmon is DISABLED ...

Page 69: ...PART II WAN Interface and Protocols Chapter 1 Serial Interfaces Chapter 2 WAN interfaces Chapter 3 PPP MLPPP and HDLC Chapter 4 FR and MFR ...

Page 70: ......

Page 71: ...dle configuration occurs within the configure interface bundle tree Serial Interfaces Overview Multi Protocol Serial Interface The Serial Network Module provides a user with four multi protocol serial interfaces with the ability to support the following serial protocol standards in either DCE or DTE mode EIA 232C EIA 449 EIA 530 EIA 530A V 35 and X 21 A Multi Protocol Transceiver in Ubigate iBG201...

Page 72: ...put of 10Mbps For the interface separate clock lines are used for receiving and transmitting data and DB 37 connector are used EIA 530 EIA 530A EIA 530 EIA 530A interface is a combination single ended differential synchronous interface EIA 530 EIA 530A uses V 11 EIA 422 electrical characteristics for data and timing differential It uses V 10 EIA 423 electrical characteristics for link management c...

Page 73: ... Token Ring and Ethernet The use of differential emitter coupled logic ECL helps HSSI achieve high data rates and low noise levels ECL has been used in Cray computer system interfaces for years and is specified by the ANSI High Performance Parallel Interface HIPPI communications standard for supercomputer LAN communications ECL is an off the shelf technology that permits excellent retiming on the ...

Page 74: ...are expected to be capable of managing the networks behind their interfaces Reducing the number of control signals improves circuit reliability by reducing the number of circuits that can fail The HSSI interface may be operated in either DTE or DCE mode depending on the cable type For consistency all signal names and functional definitions use DTE terminology Thus Receive Data is data received by ...

Page 75: ...onfiguration mode 2 Router configure module serial slot port Selects a port to configure as a serial module 3 Router configure module serial slot port mode V 35 Selects a serial interface as a V 35 4 Router configure module serial slot port V35 Enters the V 35 interface 5 Router configure module serial slot port V35 mode dce Selects V 35 mode as a DCE 6 Router configure module serial slot port V35...

Page 76: ...llowing example shows the commands used to configure the connection in The figure Router configure terminal Router configure module serial 1 0 Router configure module serial 1 0 mode V 35 Router configure module serial 1 0 v35 Router configure module serial 1 0 v35 mode dce Router configure module serial 1 0 v35 clock_rate 2000000 Router configure module serial 1 0 v35 clock_source internal Router...

Page 77: ...ter configure interface bundle bundle name link hssi 1 0 Links a HSSI interface to a wan interface 4 Router configure interface bundle bundle name encapsulation frelay Selects Frame Relay as an encapsulation method 5 Router configure interface bundle bundle name fr Enters the frame relay prompt for setting frame relay parameters 6 Router configure interface bundle bundle name fr Selects a clock ra...

Page 78: ... wan1 Router configure interface bundle wan1 link hssi 1 0 Router configure interface bundle wan1 encapsulation frelay Router configure interface bundle wan1 fr Router configure interface bundle wan1 fr intf_type dte Router configure interface bundle wan1 fr pvc 101 Router configure interface bundle wan1 fr pvc 101 ip address 165 213 89 237 24 Router configure interface bundle wan1 fr pvc 101 end ...

Page 79: ...apsulation ppp Selects PPP as an encapsulation method 5 Router configure interface bundle bundle name ip address IP address bit mask number of bits for mask Sets an IP address for the interface 6 Router configure interface bundle bundle name end Goes back to the Router prompt 7 Router show interface bundle bundle name bundles Shows configured information of the bundle interface or all bundle inter...

Page 80: ...ace to a wan interface 4 Router configure interface bundle bundle name encapsulation hdlc Selects HDLC as an encapsulation method 5 Router configure interface bundle bundle name ip address IP address bit mask number of bits for mask Sets an IP address for the interface 6 Router configure interface bundle bundle name end Returns to the Router prompt 7 Router show interface bundle bundle name bundle...

Page 81: ...slot port denotes a specified port in a specified slot 3 Router configure hssi slot port mode dte Selects a HSSI mode as a DTE 4 Router configure hssi slot port clock_source internal line Selects a synchronization clock source As a DTE the option line is recommended 5 Router configure hssi slot port clock_rate 56 000 to 52 000 000 Selects a clock rate 6 Router configure hssi slot port crc 16 32 Se...

Page 82: ...re hssi 1 0 clock_rate 45000000 Router configure hssi 1 0 crc 16 Router configure hssi 1 0 data_mode normal Router configure hssi 1 0 name hssi1 Router configure hssi 1 0 end Router show module configuration hssi 1 0 Configuring HSSI as a DCE Configuring Step Step Command Purpose 1 Router configure terminal Enters the terminal configuration mode 2 Router configure module hssi slot port Selects a p...

Page 83: ...Selects a CRC mode 7 Router configure hssi slot port data_mode normal inverted Selects a data mode 8 Router configure hssi slot port name name string Name the interface 9 Router configure hssi slot port end Goes back to the Router prompt 10 Router show module configuration hssi slot port Show configured information of the slot plort HSSI interface Configuring Example The following figure illustrat...

Page 84: ... 0 Router configure hssi 1 0 mode dce Router configure hssi 1 0 clock_source internal Router configure hssi 1 0 clock_rate 45000000 Router configure hssi 1 0 crc 16 Router configure hssi 1 0 data_mode normal Router configure hssi 1 0 name hssi1 Router configure hssi 1 0 end Router show module configuration hssi 1 0 ...

Page 85: ... linking of physical interfaces modules to logical interfaces bundles Module configuration occurs within the configure module tree of the Ubigate CLI and bundle configuration occurs within the configure interface bundle tree The T1 and CT3 interfaces support logical interfaces made up of fractional T1 single T1 and multi link T1 connections Module Configuration This section describes how to config...

Page 86: ...1 slot sub slot port linecode b8zs ami Selects a linecode mode 8 Router configure module t1 slot subslo t port clock_source line internal Selects a clock source 9 Router configure module t1 slot sub slot port end Returns to the Router prompt 10 Router show module configuration t1 slot subslot port Shows T1 module information Configuring Example The following example shows the commands used to conf...

Page 87: ...port 3 Router configure module e1 slot su bslot port circuitId circuit ID Sets a circuit ID 4 Router configure module e1 slot su bslot port contactInfo Contcat Information Sets contact information such as manager s name or number 5 Router configure module e1 slot su bslot port description Description Sets an interface description 6 Router configure module e1 slot su bslot port framing crc noncrc d...

Page 88: ...uration e1 0 2 0 Configuring CT3 The following shows simple steps to configure T3 interface module WT3 1C Configuring CT3 interface The following steps shows how to configure communication modes for CT3 interface Configuring Step Step Command Purpose 1 Router configure terminal Enters the terminal configuration mode 2 Router configure module ct3 slot port Enters CT3 configuration mode 3 Router con...

Page 89: ...terminal configuration mode 2 Router configure module ct3 slot port Enters CT3 configuration mode 3 Router configure module ct3 slot port t1 T1 number framing esf d4 Sets a T1 interface and its framing mode T1 number ranges from 1 to 28 4 Router configure module ct3 slot port t1 T1 number linecode b8zs ami Sets a T1 interface and its linecode mode 5 Router configure module ct3 slot port t1 T1 numb...

Page 90: ...ws the commands used to configure the connection in the figure Router configure terminal Router configure module ct3 2 0 Router configure module ct3 2 0 t1 3 framing esf Router configure module ct3 2 0 t1 3 linecode b8zs Router configure module ct3 2 0 t1 3 yellowalarm generate Router configure module ct3 2 0 t1 3 circuitId CT3_T1_3 Router configure module ct3 2 0 t1 3 contactInfo David Router con...

Page 91: ... 384 Kbps fractional T1 bundle utilizing DS0s 1 3 and 8 10 of T1 number 3 Router configure interface bundle demo Router configure interface bundle demo link ct3 2 0 3 1 3 Router configure interface bundle demo link ct3 2 0 3 8 10 Router configure interface bundle demo encap hdlc Router configure interface bundle demo ip address 10 1 1 9 24 Router configure interface bundle demo exit CT3 T1 The fol...

Page 92: ...y specified a PPP bundle with two or more linked T1s uses the multi link protocol by definition Router configure interface bundle demo2 Router configure interface bundle demo2 link ct3 2 0 6 8 Router configure interface bundle demo1 encap mlppp Router configure interface bundle demo2 ip addr 30 1 1 3 255 255 255 0 Router configure interface bundle demo2 exit ...

Page 93: ... transporting multi protocol datagrams over point to point links These links provide full duplex simultaneous bi directional operation and are assumed to deliver packets in order The following figure explains how PPP fits into the Ubigate iBG2016 routing forwarding architecture Figure 3 1 Overview of PPP Network Protocol IP IP Control Protocol IPCP Authentication LCP HDLC T1 F raming WAN Driver Au...

Page 94: ...ls NCPs for establishing and configuring different network layer protocols There is a NCP for each network protocol for ex IPCP for IP networks and XNSCP for XNS network and so on Optionally before PPP NCP is established peers may need to authenticate themselves and any failure during this can result in the link termination There are two authentication protocols y PAP Password Authentication Proto...

Page 95: ...emises equipment sites to a main site Site 1 uses a Multilink T1 Router system to establish a 6 Mbps MLPPP connection four T1 lines to the main site In this example MLPPP segmentation is configured lower than the default setting of 512 bytes and the differential delay tolerance is tighter than the default 128 milliseconds Site 2 connects to the main site over a single T1 link with PPP encapsulatio...

Page 96: ...lized T1 interface to a wan interface 4 Router configure bundle bundle name encapsulation ppp Selects PPP as an encapsulation method 5 Router configure bundle bundle name ip address IP address bit mask number of bits for mask Sets an IP address for the interface 6 Router configure bundle bundle name exit Returns to the upper configuration mode Configuring Example R1 configure terminal R1 configure...

Page 97: ...uter configure bundle bundle name encapsulation ppp Selects PPP as an encapsulation method 5 Router configure bundle bundle name mlppp seg_threshold 64 4500 differenctial_delay 0 128 Selects PPP as an encapsulation method 6 Router configure bundle bundle name ip address IP address bit mask number of bits for mask Sets an IP address for the interface 7 Router configure bundle bundle name exit Retur...

Page 98: ...ace to a wan interface 15 Router configure bundle bundle name encapsulation ppp Selects PPP as an encapsulation method 16 Router configure bundle bundle name mlppp seg_threshold 64 4500 differenctial_delay 0 128 Selects PPP as an encapsulation method 17 Router configure bundle bundle name ip address IP address bit mask number of bits for mask Sets an IP address for the interface 18 Router configur...

Page 99: ... 1 Router configure terminal Goes into the terminal configuration mode 2 Router configure interface bundle bundle name Sets a bundle interface bundle name represents a specific bundle interface to be configured at the moment 3 Router configure bundle bundle name link ct3 slot port channel Links a channelized T3 interface to a wan interface 4 Router configure bundle bundle name encapsulation hdlc S...

Page 100: ...main configure interface bundle HDLC main configure interface bundle HDLC link ct3 1 0 5 main configure interface bundle HDLC encapsulation hdlc main configure interface bundle HDLC hdlc keepalive 20 main configure interface bundle HDLC ip address 192 168 2 1 24 main configure interface bundle HDLC exit ...

Page 101: ...y MFR configuration with three sites PVC 16 connects Site 1 to Site 3 while PVC 31 connects Site 2 to Site 3 The Frame Relay switching equipment is represented simply as a Frame cloud Figure 4 1 Multlink Frame Relay with Three Sites SITE 1 HSSI PVC 16 Router PVC 16 PVC 31 Router SITE 2 Router Frame Cloud PVC 16 4 T1 PVC 31 2 T1 100 Base T Router A Router B SITE 3 ...

Page 102: ...r and a 4 x T1 MFR bundle connecting to the Router Continuity of PVC 16 is maintained through the Router though this is not required The HSSI connection between the router and the Router is defined as type UNI The Router serves as Frame Relay DCE and the router as the Frame Relay DTE Note that the Frame Relay Layer 2 interface type is independent of and not necessarily the same as the HSSI Layer 1...

Page 103: ...g of 3 072 Mbps is maintained across all PVC 16 configurations to correspond to the Class C setting of the MFR portion of the PVC Configure the Clear Channel Bundle on the Router Router configure int bundle toFRSwit Router configure interface bundle toFRSwit link ct3 2 0 1 28 Router configure interface bundle toFRSwit description DS 3 bundle to FR Switch Router configure interface bundle toFRSwit ...

Page 104: ...e bundle wan1 fr lmi keepalive 8 Router configure interface bundle wan1 fr lmi exit Router configure interface bundle wan1 fr pvc 16 Router configure interface bundle wan1 fr pvc shaping cir 6144000 bcmax 6144000 bcmin 3072000 Configure the Router interface connecting to Router A Router configure int bundle toRouter Router configure interface bundle toRouter link t1 0 1 0 3 Router configure interf...

Page 105: ...keepalive 10 Router configure interface bundle frame1 fr lmi exit Router configure interface bundle frame1 fr pvc 31 Router configure interface bundle frame1 fr pvc shaping cir 3072000 bcmax 3072000 bcmin 1536000 Router configure interface bundle frame1 fr pvc ip address 10 0 2 1 255 255 255 0 Router configure interface bundle frame1 fr pvc enable Router configure interface bundle frame1 fr pvc ex...

Page 106: ... BundleName DLCI debug fr mfr states FRF16 States debugging debug fr mfr state machine enable statemachine changes debug fr packet invarp dump the inverse arp packets debug fr packet lmi dump the lmi packets debug fr packet mfr debug fr pvc info bundlename DLCI show inter bundle bundlename DLCI show fr lmistats bundlename show fr vcstats bundlename DLCI show fr invarp all show fr pvcs ...

Page 107: ...ng Protocols Chapter 1 Layer 2 Switching Chapter 2 DHCP Relay Chapter 3 Static Routing Chapter 4 RIP Chapter 5 OSPF Chapter 6 BGP Chapter 7 Multicast Protocols Chapter 8 VRRP Chapter 9 MPLS Chapter 10 QoS Chapter 11 VLAN with QoS ...

Page 108: ......

Page 109: ...tagram the bridge drops the datagram because forwarding is not required However if the destination is on another segment the bridge transmits the datagram on that segment only If the bridge does not know the destination segment it transmits the datagram on all segments except the source segment a technique known as flooding IEEE 802 1d Media Access Control MAC Bridging and Spanning Tree Protocol M...

Page 110: ...ertain data paths to be disabled 802 1S Multiple Spanning Tree Protocol MSTP resolves the problem by supporting multiple spanning trees within a network The standard lets administrators assign VLAN traffic to unique paths With this feature load balancing can be achieved through assigning multiple VLANs to 2 distinct paths With MSTP each VLAN is mapped to an instance of a MSTP Moving bridge ports i...

Page 111: ...l configuration steps to configure MSTP Configuring Step Step Command Purpose 1 Router configure terminal Enters the terminal configuration mode 2 Router configure bridge 1 protocol mstp Runs MSTP on the bridge 1 3 Router configure vlan database Enters VLAN database mode 4 Router configure vlan database vlan vlan number bridge 1 Maps VLAN to bridge Repeats as many as required vlan_number ranges 2 ...

Page 112: ...er configure interface interface name switchport Sets the interface as a switch port 11 Router configure interface interface name bridge group 1 Includes this interface in a bridge group 12 Router configure interface interface name bridge group 1 instance instance number Optional Hitches this bridge to an instance 13 Router configure interface interface name bridge group 1 instance instance number...

Page 113: ...oup 1 BRIDGE_A configure interface ethernet 2 2 bridge group 1 instance 2 BRIDGE_A configure interface ethernet 2 2 bridge group 1 instance 2 priority 96 BRIDGE_A configure interface ethernet 2 2 exit BRIDGE_A configure interface ethernet 2 3 BRIDGE_A configure interface ethernet 2 3 switchport BRIDGE_A configure interface ethernet 2 3 bridge group 1 BRIDGE_A configure interface ethernet 2 3 bridg...

Page 114: ...thernet 2 2 bridge group 1 BRIDGE_B configure interface ethernet 2 2 bridge group 1 instance 2 BRIDGE_B configure interface ethernet 2 2 exit BRIDGE_B configure interface ethernet 2 3 BRIDGE_B configure interface ethernet 2 3 switchport BRIDGE_B configure interface ethernet 2 3 bridge group 1 instance 3 BRIDGE_B configure interface ethernet 2 3 bridge group 1 instance 3 priority 196 BRIDGE_B confi...

Page 115: ...C configure interface ethernet 2 2 BRIDGE_C configure interface ethernet 2 2 switchport BRIDGE_C configure interface ethernet 2 2 bridge group 1 BRIDGE_C configure interface ethernet 2 2 bridge group 1 instance 2 BRIDGE_C configure interface ethernet 2 2 exit BRIDGE_C configure interface ethernet 2 3 BRIDGE_C configure interface ethernet 2 3 switchport BRIDGE_C configure interface ethernet 2 3 bri...

Page 116: ...gure interface ethernet 2 2 BRIDGE_D configure interface ethernet 2 2 switchport BRIDGE_D configure interface ethernet 2 2 bridge group 1 BRIDGE_D configure interface ethernet 2 2 bridge group 1 instance 2 BRIDGE_D configure interface ethernet 2 2 exit BRIDGE_D configure interface ethernet 2 3 BRIDGE_D configure interface ethernet 2 3 switchport BRIDGE_D configure interface ethernet 2 3 bridge gro...

Page 117: ...t information validating the identity of the client and updating the router about the client authentication status The router is the physical path between the two clients and the RADIUS server The Ubigate iBG2016 relays information to the Server and then back to each client To configure 802 1x authentication enable authentication on ports Ethernet 1 1 and Ethernet 2 1 then specify the RADIUS Serve...

Page 118: ...rnet 1 0 exit Router configure interface ethernet 1 1 Router configure interface ethernet 1 1 switchport Router configure interface ethernet 1 1 bridge group 1 Router configure interface ethernet 1 1 switchport access vlan 2 Router configure interface ethernet 1 1 dot1x port control auto Router configure interface ethernet 1 1 exit Router configure interface vlan vlan1 2 Router configure interface...

Page 119: ... S2 These three links are assigned the same administrative key 1 so that they aggregate to form a single channel 1 They are viewed by the STP as one interface Figure 1 2 Link Aggregation Example Configuring Router 1 Router configure terminal Router configure lacp system priority 20000 Router configure interface ethernet 1 1 Router configure interface ethernet 1 1 channel group 10 mode active Route...

Page 120: ...nnel group 10 mode active Router configure interface ethernet 3 2 exit GVRP Configuration GVRP GARP VLAN Registration Protocol allows routers to exchange VLAN information in a network If one router is manually configured with multiple VLANs other routers in the network learn about these VLANs dynamically through GVRP To configure GVRP you must enable GVRP on ports on each end of the trunk Add a VL...

Page 121: ...gvrp enable ethernet2 0 Router configure set gvrp dynamic vlan creation enable bridge 1 Router configure interface ethernet 4 0 Router configure interface ethernet 4 0 bridge group 1 Router configure interface ethernet 4 0 switchport mode access Router configure interface ethernet 4 0 switchport access vlan 5 Bridge 3 Router configure interface ethernet 4 0 switchport access Router configure bridg...

Page 122: ... instead of a report from each host in the group To achieve this IGMP proxy is enabled on the routers This example describes the configuration on Router S1 The interface Ethernet 1 1 is configured as an mrouter port Since IGMP Snooping is used in bridged LAN environment only router R1 does not require running IGMP Snooping and can run any multicast protocol such as PIM SM The configuration on R1 i...

Page 123: ...es a IGMP Query message on Ethernet 1 1 it forwards it to both Host A and Host B As a result both the hosts reply with a Membership report as Layer 2 IGMP is running on the hosts Since Host A and Host B are members of the same Multicast group the router is not notified when Host A leaves the group as the group still has another member Host B remaining When Host B also leaves the group the router w...

Page 124: ...igmp snooping ssm safe reporting vlan 2 bridge 1 Router configure ip igmp snooping version 2 vlan 2 bridge 1 ethernet1 1 Verify and Troubleshooting Use the following show commands to verify your IGMP and IGMP snooping configuration y show ip igmp groups displays the multicast groups with hosts directly connected to the router and learned through IGMP y show ip igmp groups detail displays informati...

Page 125: ...ces y show ip igmp snooping other querier interval shows the querier interval setting y show ip igmp snooping querier shows the querier interval setting y show ip igmp snooping ssm safe reporting shows the status of IGMP snooping SSM safe reporting y show ip igmp snooping interface version shows the version of IGMP being used y show ip igmp snooping vlan shows the IGMP snooping state for the defau...

Page 126: ...CHAPTER 1 Layer 2 Switching 90 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...

Page 127: ...elay agent receives a DHCP message it generates a new DHCP and sends it out on another interface This differs from normal IP forwarding on routers wherein traffic is switched between networks Ubigate iBG2016 Modular Router s implementation of DHCP relay is based on RFC 1542 Additional RFCs supported are y RFC 951 Bootstrap Protocol BOOTP y RFC 2131 Dynamic Host Configuration Protocol y RFC 2132 DH...

Page 128: ... relay information to the DHCP gateway address giaddr field The server replies to the gateway address specified in the packet s giaddr field Figure 2 2 BOOTP Requests BOOTP Replies BOOTP replies are messages from the server to the client Reply messages include DHCP OFFER DHCP ACK DHCP NAK etc The relay agent looks up the MAC address and either sends the packet to the client or broadcasts it on the...

Page 129: ...llow configuration using IP addresses from a different subnet although this is mentioned in the RFC Figure 2 4 Typical Scenario for DHCP Relay with NAT Command Line Interface The following are examples of command strings relevant to DHCP relay Router configure terminal Router configure interface ethernet 0 0 Router configure interface ethernet 0 0 dhcp_relay server_address 20 1 1 1 Disabling DHCP ...

Page 130: ...ion The following screen captures show the displayed results of issuing show commands relevant to DHCP relay with and without gateway addresses configured Router show dhcp_relay DHCP RELAY CONFIGURATION Ethernet 0 0 Enabled DHCP Server 20 1 1 1 Figure 2 5 show dhcp_relay Command ...

Page 131: ...y in a large network where the administrator would have to operate complex manual tasks This chapter describes how to configure static routing in the Ubigate iBG2016 Router Configuring Static Routes Static routes are specified by adding and deleting route entries to and from the route table This shection shows how to add a route entry The following steps show the way to add a route entry Configuri...

Page 132: ...gure ip route 165 213 100 0 255 255 255 0 165 213 89 238 or Router configure terminal Router configure ip route 165 213 100 0 24 165 213 89 238 To delete the entry simply add no just as follows Router configure terminal Router configure no ip route 165 213 100 0 255 255 255 0 165 213 89 238 or Router configure terminal Router configure no ip route 165 213 100 0 24 165 213 89 238 Network 165 213 89...

Page 133: ...itical feature that was not available in RIP RIP Protocol Features RIP sends routing update messages at regular intervals and when the network topology changes When a router receives a routing update that includes changes to an entry it updates its routing table to reflect the new route The metric value for the path is increased by 1 and the sender is indicated as the next hop RIP routers maintain...

Page 134: ...e time by not allowing routers to advertise networks in the direction from which those networks were learned The only information sent in RIP announcements are for those networks that are beyond the neighboring router in the opposite direction Networks learned from the neighboring router are not included Split horizon eliminates count to infinity and routing loops during convergence in single path...

Page 135: ...announced with a hop count of 16 through a triggered update Note that the update is sent almost immediately where a time interval to wait is typically specified on the router If triggered updates were sent by all routers immediately each triggered update could cause a cascade of broadcast traffic across the IP internetwork Triggered updates improve the convergence time of RIP internetworks but at ...

Page 136: ...e To configure and enable RIP after changing modes for RIP configuration associate networks to run RIP on by specifying neworks with a subnet number or an interface name The following example shows the commands used to configure RIP for R1 R1 configure terminal R1 configure router rip R1 configure router rip network 10 10 10 0 24 R1 configure router rip network 10 10 11 0 24 R1 configure router ri...

Page 137: ... Command Purpose 1 Router configure terminal Enters the terminal configuration mode 2 Router configure router rip Enters the RIP setup mode 3 Router configure router rip network interface number of bit masks Associates a network to RIP 4 Router configure router rip redistribute connected Enables redistributing from connected routes 5 Router configure router rip exit Returns to the upper level prom...

Page 138: ...onfigure RIPv2 authentication for R2 R2 configure terminal R2 configure router rip R2 configure router rip network 10 10 11 0 24 R2 configure router rip redistribute connected R2 configure router rip exit R2 configure interface ethernet 1 1 R2 configure interface ethernet 1 1 ip rip authentication mode md5 R2 configure interface ethernet 1 1 ip rip authentication string UBI As in the examples RIP ...

Page 139: ...outer rip end Retruns to the Router prompt 5 Router show ip protocols rip Display RIP configuration Configuring Example The following figure illustrates a simple network configuration The following example shows the commands used to configure RIP using a bundle interface Router configure terminal Router configure router rip Router configure router rip network 165 213 89 0 24 Router configure route...

Page 140: ...CHAPTER 4 RIP 104 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...

Page 141: ... solely on the destination IP address contained in the IP packet header OSPF quickly detects topological changes such as when router interfaces become unavailable and calculates new loop free routes quickly and with a minimum of routing overhead traffic Each interface running OSPF is assigned a cost which is a unitless number based on factors such as throughput round trip time and reliability whic...

Page 142: ...ent on the network and it reduces the size of the topological database that each router must maintain OSPF network architecture is built around hub and spoke topology where the backbone area designated area id 0 0 0 0 provides the connectivity to the areas that attach to it Small networks can be accommodated with in a single area and large networks require multi level area architecture OSPF Config...

Page 143: ...rnet slot port Enters the ethernet interface configuration mode 2 iBG2016 configure interface ethernet ip address IP address bit mask number of bits for mask Sets the local ip address 3 iBG2016 configure interface ethernet exit Returns to the upper configuration level Configuring Example The following example shows the commands used to configure the local network ip address iBG2016 configure inter...

Page 144: ... as an encapsulation method 4 iBG2016 configure interface bundle Bundle name ip address IP address bit mask number of bits for mask Sets the bundle interface ip address 3 iBG2016 configure interface bundle Bundle name exit Returns to the upper configuration level Configuring Example The following example shows the commands used to configure the bundle interface iBG2016 configure interface bundle W...

Page 145: ...d to configure the bundle interface iBG2016 configure interface loopback lo iBG2016 configure interface loopback lo ip address 1 1 1 1 32 iBG2016 configure interface loopback lo exit iBG2016 configure Configuring OSPF Configuring Step Step Command Purpose 1 iBG2016 configure router id loopback interface ip address Sets the router ID iBG2016 utilizes its loopback address for the router ID 2 iBG2016...

Page 146: ...le The following example shows the commands used to configure the bundle interface iBG2016 configure router id 1 1 1 1 iBG2016 configure router ospf 1 iBG2016 configure router ospf network 10 10 10 1 24 area 760 iBG2016 configure router ospf exit iBG2016 configure ...

Page 147: ...otocol using port 179 for establishing connections Running over a reliable transport protocol eliminates the need for BGP to implement update fragmentation retransmission acknowledgment and sequencing BGP supports classless interdomain routing CIDR which eliminates the concept of network classes Instead of assuming which bits of an address represent the network by looking at the first octet CIDR a...

Page 148: ...P NEXT_HOP This leads to the distinction between Internal BGP IBGP sessions between routers in the same AS and External BGP EBGP sessions between routers in different ASs NEXT_HOPs are only changed across EBGP sessions but left intact across IBGP sessions Also BGP does not relay routing traffic from one IBGP session to another only from an EBGP session to an IBGP session or another EBGP session Th...

Page 149: ... information between clients and to other IBGP and EBGP peers AS confederations is a second approach to solve the scaling problem with full mesh IBGP sessions This approach divides a given AS into many sub ASs For other ASs this AS doesn t look any different from the outside There is a full mesh of IBGP sessions within a sub AS BGP sessions between routers in different sub ASs of the same confeder...

Page 150: ...event this a mechanism called soft reconfiguration is used It allows attribute reconfigurations to be made without terminating an already established TCP session This is a means of requesting that a peer re advertise all the prefixes learned from other peers its Adj RIB Out The purpose of Capability Negotiation is to facilitate the introduction of new features in BGP by providing graceful capabili...

Page 151: ...ssigned to the group That way the operator is saved from repetitive configuration It also reduces the load on system resources by allowing the routing table to be checked only once and updates to be replicated to all peer group members instead of formulating updates individually for each peer in the peer group Multi protocol BGP MBGP can be used to carry routing information for the IPv6 address fa...

Page 152: ...mode 3 Router configure router bgp AS No neighbor IP address remote as Autonomous Number Defines a BGP neighbor with its ip address and antonomous number Configuring Example In the figure R1 and R2 are two Ubigate iBG2016 Routers belonging to the same AS autonomous system with the ID of 200 The following example shows the commands used to configure the BGP for R1 in the figure R1 configure termina...

Page 153: ...ng Example The following figure shows two Ubigate iBG2016 Routers in the different AS The following example shows the commands used to configure the BGP for R1 in the figure R1 configure terminal R1 configure router bgp 200 R1 configure bgp 200 neighbor 10 10 10 2 remote as 300 The following example shows the commands used to configure the BGP for R2 in the figure R2 configure terminal R2 configur...

Page 154: ...figure route map match ip address prefix list prefix name Set the match criteria 5 R1 configure route map exit Returns to the upper configuration level 6 R1 configure router bgp id Enters a BGP configuration mode 7 R1 configure router bgp id neighbor 192 168 10 2 remote as 300 Defines a BGP neighbor with its ip address and autonomous number 8 R1 configure router bgp id neighbor IP address route ma...

Page 155: ...f seq 10 permit any R1 configure route map infp permit 1 R1 configure route map match ip address prefix list inpf R1 configure route map exit R1 configure router bgp 200 R1 configure bgp 200 neighbor 192 168 10 2 remote as 300 R1 configure bgp 200 neighbor 192 168 10 2 route map inpf in The following example shows the commands used to configure the BGP for R2 R1 configure terminal R1 configure rou...

Page 156: ...CHAPTER 6 BGP 120 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...

Page 157: ...ly and then generates prune messages as required PIM SM attempts to send multicast data only to networks which have active receivers This is achieved by having a common Rendezvous Point RP known to the senders and receivers and by forming shared trees from the RP to the receivers The Protocol Independent Multicasting Sparse Mode PIM SM is a multicast routing protocol designed to operate efficientl...

Page 158: ...ffic destined for the group Multicast Routing Information Base MRIB The MRIB is a multicast topology table derived from the unicast routing table In PIM SM the MRIB is used to decide where to send Join Prune messages It also provides routing metrics for destination addresses These metrics are used when sending and processing Assert messages PIM SM SPT Switchover Phase 3 Ethernet et 1 1 R3 RP R4 Se...

Page 159: ...mation Base TIB The TIB is the collection of state at a PIM router storing the state of all multicast distribution trees at that router It is created by receiving Join Prune messages Assert messages and IGMP information from local hosts Upstream Towards the root of the tree The root of the tree might be either the Source or the RP Downstream Away from the root of the tree The root of tree might be...

Page 160: ...a source it can only use the tree to receive packets from the RP and not to send packets to the RP unless the source is located between the RP and the receivers Bootstrap Router BSR When a new multicast sender starts sending data packets or a new receiver starts sending the Join message towards the RP for that multicast group it needs to know the next hop router towards the RP The BSR provides gro...

Page 161: ...nd RP is reachable through Ethernet 2 1 The 0 position on this 32 bit index is for Ethernet 1 1 as illustrated in the interface display above The j on the 0 index indicates that the Join has come from Ethernet 1 1 Since Router_C is the RP and the root of this multicast tree the show ip pim sparse mode mroute command on Router_C shows RPF nbr as 0 0 0 0 and RPF idx as none Router_C show ip pim spar...

Page 162: ...Stat F Forwarder installedTimers Uptime Stat ExpiryInterface State Interface TTL 10 10 1 52 224 0 1 3 uptime 00 03 24 stat expires 00 01 28 Owner PIM SM Flags TF Incoming interface wm0 Outgoing interface list wm1 1 The following example shows how to display the multicast routing table for a source and destination address Router show ip mroute 10 10 3 34 224 1 4 3 The following is a sample output f...

Page 163: ...pim sparse mode rp mapping This system is the Bootstrap Router v2 Group s 224 0 0 0 4 RP 10 10 1 5 Info source 172 16 1 2 via bootstrap priority 192 Uptime 00 00 13 expires 00 02 29 RP 172 16 1 2 Info source 172 16 1 2 via bootstrap priority 2 Uptime 00 34 42 expires 00 01 49 RP Details To display information about the RP router for a particular group use the following command This output displays...

Page 164: ...andidate bootstratp router to 45 enter Router configure ip pim bsr candidate ethernet1 0 To enter the candidate Rendezvous Point interface enter Router configure ip pim rp candidate ethernet1 0 To set the group IP address for CRP advertisements to 224 1 1 0 using the group list ACL enter Router configure ip pim rp candidate ethernet1 0 group list ACL To set the flag at the DR to switch to the SPT ...

Page 165: ...re encapsulated packet rather than just over the Register message header enter Router configure ip pim cisco register checksum To set the hello hold time to 60 seconds enter Router configure interface ethernet 1 0 ip pim hello holdtime 60 To set the hello interval time to 145 seconds enter Router configure interface ethernet 1 0 ip pim hello interval 145 To set the jp timer to 30 seconds enter Rou...

Page 166: ... 45 Candidate BSR Period 30 Candidate BSR Hold Time 2048 Candidate BSR Admin Scope Disabled No BSR s Verifying PIM Use the following commands to verify your PIM configuration y show debugging pim y show ip mroute y show ip pim sparse mode nexthop y show memory pim sparse mode Other PIM Commands Supported Other useful PIM commands supported in this release are y Interface mode commands ip pim accep...

Page 167: ...p set all y debug pim all y debug pim sparse mode all y debug pim sparse mode events y debug pim sparse mode nexthop y debug pim sparse mode mib y debug pim sparse mode mfc y debug pim sparse mode nsm y debug pim sparse mode packet y debug pim sparse mode state y debug pim sparse mode timer assert y debug pim sparse mode timer bsr y debug pim sparse mode timer hello y debug pim sparse mode timer j...

Page 168: ...icast sources learned through DVMRP route exchanges Both the upstream and the downstream parts of a route state reside physically in a combined single DRIB node A DRIB node is called a DVMRP Routing Table DRT entry The DRT entry contains a vector of downstream interfaces each vector slot position represents a virtual interface VIF It is used to store all required information for the state to ultim...

Page 169: ...rting Configuration Example The main requirement is to enable DVMRP on the desired interfaces This section provides a DVMRP configuration example for a relevant scenario In this example the Source_1 address is 10 10 1 52 and the group address is set to 224 0 1 3 The following figure displays the network topology used in this example 10 101 52 Figure 7 1 DVMRP Network 10 101 52 Source_1 224 10 1 3 ...

Page 170: ...has a downstream receiver hence it does not send a prune message to its upstream neighbor router Router_B Enabling DVMRP Use the following command to enable DVMRP on an interface Use this command for each interface ip dvmrp enable For example Router configure terminal Router configure interface ethernet 1 1 Router configure interface ethernet 1 1 ip dvmrp enable Router configure interface ethernet...

Page 171: ...ys the neighbor information for Router_C For example Router_C show ip dvmrp neighbor Route Information The show ip dvmrp route command displays the route information for Router_C For example Router_C show ip dvmrp route DVMRP Prune Information The show ip dvmrp prune command displays DVMRP prune information for Router_C For example Router_C show ip dvmrp prune DVMRP Global State The show ip dvmrp ...

Page 172: ...st routers This reporting system allows distribution trees to be formed to deliver multicast datagrams The original version of IGMP was defined in RFC 1112 Host Extensions for IP Multicasting Extensions to IGMP known as IGMP version 2 IGMPv2 improves performance and supports the following message types 1 IGMP Query IGMP Query is sent by the router to know which groups have members on the attached ...

Page 173: ...interval y ip igmp querier timeout y ip igmp query interval y ip igmp query max response time y ip igmp version y debug igmp all y debug igmp decode y debug igmp encode y debug igmp events y debug igmp fsm y debug igmp tib y clear ip igmp groups y clear ip igmp interface y Can we add more explanation to each command Verifying the Configuration To verify your IGMP configuration use the following co...

Page 174: ...ersion 2 Example 2 The following example configures Ethernet 0 1 with the Query Interval to be 100 seconds Router configure interface ethernet 0 1 ip igmp query interval 100 Example 3 The following example configures Ethernet 0 1 with the Query time out to be 300 seconds Router configure interface ethernet 0 1 ip igmp querier timeout 300 Example 4 The following example configures Ethernet 0 1 with...

Page 175: ...et 0 1 ip igmp last member query interval 2000 Example 7 The following example configures an Access Group on the Router for multicast group 224 7 7 7 with mask 0 0 0 0 with permit option Router configure access list 1 permit 224 7 7 7 0 0 0 0 Router configure interface ethernet 0 1 Router configure interface ethernet 0 1 ip igmp access group 1 Example 8 The following example configures Immediate l...

Page 176: ...CHAPTER 7 MultiCast Protocols 140 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...

Page 177: ...is configured with a priority setting that determines the order in which backup routers take over in the event the Master fails When the Master router fails the backup router with the smallest priority number will preempt all other backup routers in assuming the duties of the Master router If you disable the preempt feature using the no vrrp preempt command the backup virtual router that is config...

Page 178: ...ackup virtual router In the event Ubigate iBG2016 1 fails Ubigate iBG2016 2 automatically takes over routing traffic between the subnets labeled Host A B and C and the Gateway Router providing Internet connectivity To configure VRRP in this environment you need to configure Ubigate iBG2016 1 as the Master virtual router and Ubigate iBG2016 2 as the backup virtual router Figure 8 1 Configuring a VR...

Page 179: ...gure terminal Router configure interface ethernet 0 1 Router configure interface ethernet 0 1 vrrp 10 Router configure interface ethernet 0 1 vrrp 10 ipaddr 10 1 1 2 24 Router configure interface ethernet 0 1 vrrp 10 priority 120 Router configure interface ethernet 0 1 vrrp 10 preempt Router configure interface ethernet 0 1 vrrp 10 advertisement_interval 2 Router configure interface ethernet 0 1 v...

Page 180: ...CHAPTER 8 VRRP 144 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...

Page 181: ...dentifies the path a packet should traverse A MPLS label is carried or encapsulated in between the Layer 2 and the Layer 3 header The receiving router examines the packet for its label content to determine the next hop Once a packet has been labeled the rest of the journey of the packet through the backbone is based on label switching The label values are of local significance only meaning that th...

Page 182: ... to end devices to remain private The end nodes don t see this DA SA 0x8847 1076 2055 DA SA Etype Payload DA SA 0x8847 1094 2055 DA SA Etype Payload LSP1 LSR LER LER LSR LSR DA SA Etype Payload DA SA Etype Payload DA SA Etype Payload 192 168 1 54 24 192 168 1 108 24 192 168 1 54 24 192 168 1 108 24 They see this ...

Page 183: ...et as L2 packets by popping the MPLS outer label and examine the inner VC label The MPLS architecture defines the components of the forwarding information base FIB as follows y Next Hop Label Forwarding Entry NHLFE An entry containing next hop information interface and next hop address and label manipulation instructions it may also include label encoding L2 encapsulation information and other inf...

Page 184: ...rview An L2 VPN leverages the MPLS tunneling capability to extend a Layer 2 network and allows bridging of remote subnet with Virtual Circuits VCs A Virtual Circuit is a pair of LSPs in opposite directions allowing bidirectional traffic That is a VC is a bidirectional virtual link that bridges remote subnet Figure 9 2 Martini L2 VPN Configuration Since MPLS LSP is uni directional by nature a VC is...

Page 185: ...e top of the stack is the tunnel label and is used to carry the frame across the provider backbone The second label at the bottom of the stack is the VC label and is used by the egress switch to determine how to process the frame After adding the two MPLS headers one for each label the frame is encapsulated into the proper format corresponding to the outgoing interface The backbone Label Switch Ro...

Page 186: ... interface ethernet 0 2 label switching Router configure interface ethernet 0 2 enable ldp Router configure interface ethernet 0 2 exit Configuring PE1 OSPF Router configure router ospf 1 Router configure router ospf network 20 20 1 0 0 0 0 255 area 0 Router configure router ospf redistribute connected Router configure router ospf exit Configuring PE1 LDP Router configure router ldp Router configu...

Page 187: ...configure interface ethernet 3 2 mpls l2 circuit MPLS exit Router configure interface ethernet 3 2 exit Configuring P NSM Router configure terminal Router configure interface loopback 0 Router configure interface loopback 0 ip address 2 2 2 2 32 Router configure interface loopback 0 exit Router configure router id 2 2 2 2 Router configure interface ethernet 0 2 Router configure interface ethernet ...

Page 188: ...nfiguring PE2 NSM Router configure terminal Router configure interface loopback 0 Router configure interface loopback 0 ip address 3 3 3 3 32 Router configure interface loopback 0 exit Router configure router id 3 3 3 3 Router configure interface ethernet 0 2 Router configure interface ethernet 0 2 ip address 10 10 1 2 24 Router configure interface ethernet 0 2 label switching Router configure int...

Page 189: ...2 Router configure mpls l2 circuit MPLS 100 1 1 1 1 Configuring PE1 OSPF 9 1 7 15 Binding the L2 Circuit on the PW interface PE2 Router configure interface ethernet 3 2 Router configure interface ethernet 3 2 switchport Router configure interface ethernet 3 2 bridge group 1 Router configure interface ethernet 3 2 switchport mode trunk Router configure interface ethernet 3 2 switchport trunk allowe...

Page 190: ...be forwarded through the LSP The following example binds the L2 circuit on PE1 with VLAN filtering enabled Only packets coming in on the PE1 PW interface with VLAN ID 10 are forwarded to the remote end through L2VPN All other packets are dropped Binding an L2 Circuit on a PW interface with VLAN filtering PE1 Router configure interface ethernet 3 2 Router configure interface ethernet 3 2 switchport...

Page 191: ...t LSP LDP assigns labels to every destination address and destination prefix provided by Ubigate iBG2016 The LDP interface to the MPLS forwarder adds labels to and deletes labels from the forwarding tables Running LDP on a system requires the following tasks y Enabling label switching on the interface on NSM y Enabling LDP on an interface in the LDP daemon y Running an IGP for example OSPF to dist...

Page 192: ...ce loopback lo1 ip address 192 168 1 1 255 255 255 0 Router configure interface loopback lo1 exit R1 LDP Router configure router id 192 168 0 1 Router configure router ldp Router configure router ldp transport address 192 168 0 1 Router configure router ldp exit Router configure interface ethernet 1 1 Router configure interface ethernet 1 1 enable ldp Router configure interface ethernet 1 1 exit R...

Page 193: ...hernet 1 2 label switching Router configure interface ethernet 1 2 exit Router configure interface ethernet 2 2 Router configure interface ethernet 2 2 label switching Router configure interface ethernet 2 2 exit R2 LDP Router configure router ldp Router configure router ldp transport address 192 168 0 2 Router configure router ldp exit Router configure interface ethernet 1 2 Router configure inte...

Page 194: ...thernet 2 3 label switching Router configure interface ethernet 2 3 exit R3 LDP Router configure router id 192 168 0 3 Router configure router ldp Router configure router ldp transport address 192 168 0 3 Router configure router ldp exit Router configure interface ethernet 2 3 Router configure interface ethernet 2 3 enable ldp Router configure interface ethernet 2 3 exit R3 OSPF Router configure r...

Page 195: ...evious router by looking up the best nexthop available in its IP routing table Figure 9 4 Lable switching Configuration R1 NSM Router configure terminal Router configure interface loopback lo1 configuring new loopback interface lo1 Router configure interface loopback lo1 ip address 192 168 0 63 32 Router configure interface loopback lo1 exit Router configure interface ethernet 0 1 Router configure...

Page 196: ...igure router rsvp exit Router configure interface Ethernet 0 1 Router configure interface ethernet 0 1 enable rsvp Router configure interface ethernet 0 1 exit R1 OSPF Router configure router ospf 100 Router configure router ospf network 10 10 23 0 0 0 0 255 area 0 Router configure router ospf network 192 168 0 63 0 0 0 0 area 0 Router configure router ospf exit ...

Page 197: ...ns and configure LSPs manually to use an explicit path In this case LSP is established only along the path specified by the operator Figure 9 5 Establishing a Trunk Without CSPF R1 RSVP TE Router configure terminal Router Configuration Manual Router configure rsvp trunk T1 Router configure rsvp trunk primary no cspf Router configure rsvp trunk to 192 168 0 90 Router configure rsvp trunk lo 192 168...

Page 198: ...emon to be used in the Explicit Route Object ERO Each router along the path sends a Path message only to the nexthop specified in the ERO In the Ubigate iBG2016 implementation CSPF is enabled by default and if no cspf is not specified the trunk is CSPF enabled automatically Figure 9 6 Establishing a Trunk with CSPE R1 rsvpd Router configure terminal Router configure rsvp trunk T1 Router configure ...

Page 199: ...ilable route Whereas a strict hop must be reached via a direct link and cannot be routed over any alternate routers in between In this example since R1 is defined as loose hop R2 can use R4 as an intermediate hop to reach R3 However if it was strict then R2 would have to use interface Ethernet 1 1 to reach R3 directly Figure 9 7 Explicitily Defined Path R1 RSVP TE Router configure terminal Router ...

Page 200: ...re 9 8 Reserved Trunk Bandwidth R1 NSM Router configure terminal Router configure interface ethernet 0 1 Router configure interface ethernet 0 1 ip address 10 10 23 63 255 255 255 0 Router configure interface ethernet 0 1 label switching Control enters func enableMplsCp mplscli c 1529 Router configure interface ethernet 0 1 enable rsvp Router configure interface ethernet 0 1 bandwidth 100m Router ...

Page 201: ...endent of the Primary LSP a Secondary LSP cannot be configured without first configuring a Primary LSP Besides information on how to configure a secondary LSP this example illustrates how to define non default setup and hold priority for an LSP Setup and hold priorities are used to determine which LSP should be given a preference when competing for resources Specifically the setup priority of an u...

Page 202: ...onfigure rsvp trunk Adding Administrative Group Constraints to an LSP To add administrative group constraints also known as color constraints to an LSP y Configure support for required admin groups in NSM on all participating routers y Configure required administrative groups on all participating interfaces The configuration in this example forces the primary LSP to be setup through links that bel...

Page 203: ...onfiguring existing Ethernet interface Router configure interface ethernet 1 0 admin group D Router configure interface ethernet 1 0 admin group E Router configure interface ethernet 1 0 exit R1 RSVP TE Router configure terminal Router configure rsvp trunk T1 Router configure rsvp trunk primary no cspf Router configure rsvp trunk primary path P1 Router configure rsvp trunk primary no cspf Router c...

Page 204: ...10 23 60 Figure 9 11 Configuring Globle Parameters R1 RSVP TE Router configure terminal Router configure router rsvp Router configure router rsvp hello interval 10 Router configure router rsvp hello timeout 35 Router configure router rsvp neighbor 10 10 23 60 Router configure router rsvp exit R2 RSVP TE Router configure terminal Router configure router rsvp Router configure router rsvp hello inter...

Page 205: ...o address congestion and Class Based Queuing CBQ to address traffic policing iBG2016 s bandwidth management capability allows multiple agencies or customers to share access bandwidth on a WAN link in a controlled fashion to effectively and efficiently utilize available bandwidth Even during times of congestion each customer is guaranteed a share of the access bandwidth and is allowed to borrow unu...

Page 206: ...identifiers Traffic classes are arranged in a hierarchical manner A class has a parent class and can have one or more child classes The root class has no parent and is identified as root out or root in The only limit to the number of classes that can be created is 1500 per interface Definitions y Committed Rate Each traffic class can be assigned a CR parameter in Kbps This is the amount of bandwid...

Page 207: ...d is configured with a CR of 1024 Kbps Additionally the SrcTwo class is further divided into application port classes All other hosts in Figure 19 1 the default class are configured for a CR of 512 Kbps The classification type must be the same across a given level of traffic class Note in Figure 19 1 that the classification type at the first level traffic class is the source IP address for the sec...

Page 208: ...re interface bundle AppTest qos add policy class AppDef SrcTwo port default Router configure interface bundle AppTest qos add policy class AppSMTP SrcTwo port 25 Router configure interface bundle AppTest qos add policy class AppHTML SrcTwo port 80 Router configure interface bundle AppTest qos policy class SrcOne Router configure interface bundle AppTest qos policy class SrcOne cbq cr 1536 pr 1536 ...

Page 209: ...icy class Router configure interface bundle AppTest qos policy class AppDef Router configure interface bundle AppTest qos policy class AppDef cbq cr 128 pr 1024 Router configure interface bundle AppTest qos policy class AppDef exit policy class Router configure interface bundle AppTest qos policy class SrcDef Router configure interface bundle AppTest qos policy class SrcDef cbq cr 256 pr 512 Route...

Page 210: ...iers Note that these classes are leaf classes and do not have child classes Figure 10 2 Assigning VLAN Identifiers Interface Bundle VLANTest 4 x T1 Bandwidth 6144 Kbps Smithlnc VLAN ID 25 29 CR 2048 Kbps BR 6144 Kbps Default VLAN ID default CR 1024 Kbps BR 2048 Kbps Joneslnc VLAN ID 24 CR 3072 Kbps BR 6144 Kbps Traffic Classes ...

Page 211: ...thInc root out vlan id 25 29 Router configure interface bundle VLANtest qos add policy class Default root out vlan id default Router configure interface bundle VLANtest qos policy class JonesInc Router configure interface bundle VLANtest qos class JonesInc cbq cr 3072 pr 6144 Router configure interface bundle VLANtest qos class JonesInc exit Router configure interface bundle VLANtest qos policy cl...

Page 212: ...he character B and class statistics start with the character C These designations allow easier parsing of the file Configuring Historical Statistics Router configure terminal Router configure qos Router configure qos historical stats Router configure qos historical stats ftp parameters Primary Ftp Server 105 52 35 77 Secondary Ftp Server 105 52 35 78 Ftp user name test Ftp password password Router...

Page 213: ...opping packets can cause exponential back off of TCP which can affect the throughput This problem with policing can be minimized by configuring the peak parameter of the policer to be a sufficiently large value Need for Traffic Policing Policing has the advantage of providing low latency since it does not queue packets This makes policing a good choice for interactive and streaming voice and video...

Page 214: ...of tokens Rate is specified in Kbps Peak can be specified in kilobits or as a duration based on the configured rate in milliseconds Rate determines the average bandwidth for the policed flow and Peak determines the maximum peak in bits or bytes permitted for the flow Packets conforming to these limits will be forwarded and those violating these limits will be dropped Specifying just the Rate and P...

Page 215: ... Statistics CBQ on Policing off MON off Traffic Class CBQ CR CBQ PR Police Avg Out Avg In Packets Packets kbps kbps kbps kbps kbps Fwded Dropped s1 500 3072 1781 2 2666 6 4451 2220 s1 def 100 3072 800 891 6 1333 1 2229 1107 s1 web 100 3072 900 889 5 1333 4 2222 1113 def o 500 3072 1333 1290 7 1333 4 3230 109 Interface Inbound Configuration Statistics Policing on MON off Traffic Class CBQ CR CBQ PR...

Page 216: ...ped 3786900 Policing 2913 RED 0 R87 Limitations The following limitations apply for this release y Policing is not supported for outbound traffic on Ethernet interfaces y Multi level policing is not supported Policing is done only for leaf classes Any policing configuration on non leaf classes is ignored y Policing and CBQ shaping are independent and mutually exclusive features You must configure ...

Page 217: ...mbination of the following header fields y Packet class y Source IPv4 address or prefix y Destination IPv4 address or prefix y IPv4 DiffServ codepoint DSCP y IPv4 precedence y IPv4 protocol type y Source destination TCP UDP ports y VLAN ID y 802 1p values User Priority y MPLS EXP bits Traffic classification can be configured for inbound and outbound traffic on any interface Multiple values can be ...

Page 218: ...t is expected from the user Please refer to Figure 19 4 for the following explanation Figure 10 4 MF Classification Interface Class root out Class ipv6 Ether type iPv6 Class def Ether type Default Class ipv4 Ether type iPv4 Class mpls Ether type MPLS Class ipv4 hi Dscp default Class ipv4 lo Dscp 0 Class mpls hi EXP default Class mpls lo EXP 0 Class ipv6 hi TC default Class ipv6 lo TC 0 Classify ba...

Page 219: ...in for the inbound tree These root classes are automatically created at interface creation time So the general command format for creating class is add policy class class name parent class match field type match field values where class name is name of the class being added parent class can be ether root out or root in match field type can be either packet class src ip dest ip port vlan id dscp us...

Page 220: ...acket class ipv4 Configure interface bundle wan1 qos add policy class ipv4 lo ipv4 dscp 0 Configure interface bundle wan1 qos add policy class ipv4 hi ipv4 dscp default Configure interface bundle wan1 qos add policy class def root out packet class default In the above commands packet class exp dscp and tc are the matching field classification types for various rules specified above Whenever the ma...

Page 221: ...For a given parent class if the search does not yield a match the packet is matched to the child class pointed to by the default_class attribute This class is known as a default class One of the child classes of a given parent class can be configured as a default class If there is no default class packets for which the search does not yield a match will be dropped In our example class def is a def...

Page 222: ...ice and video applications Policing also uses much less resources in the router than shaping It is a better method to provide QoS for incoming traffic on an interface In the iBG2016 system policing can be enabled in both the ingress and egress directions on the WAN interfaces MAN interfaces FE interfaces and the GE interfaces on the main board For LAN GE interfaces traffic policing will be done in...

Page 223: ...iscussion about policing CIR Committed Information Rate CBS Committed Burst Size CBT Committed Burst Time EBS Excess Burst Size PIR Peak Information Rate PBS Peak Burst Size PBT Peak Burst Time BS Burst Size tc Burst Interval Tc Token bucket representing committed rates Te Token bucket representing excess rates Tp Token bucket representing peak rates ...

Page 224: ...one byte Tc 0 is equal to CBS and Te 0 is equal to EBS Thereafter tokens are replenished as follows If Tc CBS then Tc is incremented by CIR bytes per second up to CBS else if Te EBS then Te is incremented by CIR bytes per second up to EBS When packet of size B bytes arrives for policing if Tc t B 0 then the packet is marked green transmit and Tc is decremented by B else if Te t B 0 then packet is ...

Page 225: ...plenish tokens in all buckets configured on all interfaces in the system Running the token filler more frequently results in more frequent and incremental updates to the token bucket which can result in a smoother traffic pattern This process will execute within the context of the forwarding task tRxPoll so that no context switches are involved leading to better performance Is Tc full Get pkt size...

Page 226: ...ec EBS will have a default value of 0 Kbits An action corresponding to each color assigned to the packet can also be configured The types of actions that will be supported are permit markdscp and drop A DSCP value must be provided if the action type selected is mark dscp The configuration of actions will not be mandatory They will have the following default values green packets permit yellow packe...

Page 227: ...he Tc 0 is equal to CBS and Tp 0 is equal to PBS Thereafter tokens are replenished as follows If Tc CBS then Tc is incremented by CIR bytes per second up to CBS and if Tp PBS then Tp is incremented by PIR bytes per second up to PBS When packet of size B bytes arrives for policing if Tp t B 0 then the packet is marked red else if Tc t B 0 then the packet is marked yellow and Tp is decremented by B ...

Page 228: ... bucket and PBS number of tokens into the Tp bucket However in our implementation the token filler will run every 100 ms Note that the same token filling process will replenish tokens in all srTCM and trTCM token buckets Is Tc full Get pkt size number of tokens Tc No tokens Green packet Green action Permit mark dscp drop Packets sent for further processing Yes Insufficient tokens Is Tc full Get pk...

Page 229: ...ed are permit mark dscp and drop A DSCP value must be provided if the action type selected is mark dscp The configuration of actions will not be mandatory They will have the following default values green packets permit yellow packets mark dscp 0 and red packets drop trTCM can be configured and enabled for each leaf traffic class on an interface Statistics The following traffic statistics will col...

Page 230: ... the destination look up the outgoing interface is identified and the packet is taken through the hierarchical MF classification configured on that interface After the packet is classified into a leaf traffic class it is placed in its class queue The CBQ scheduler periodically services the class queues of all leaf traffic classes on each interface The service that each class queue receives depends...

Page 231: ...o so by their BR Let us define Bc as the total number of bytes that can be sent on an interface in one scheduling interval 5 ms proportional to its bandwidth If the total number of bytes sent or credited in the first pass is less than Bc it means additional bytes can still be transmitted This excess bandwidth can be given to the classes that still have packets to send and whose BR CR For this a se...

Page 232: ...irst pass Therefore a higher priority class will always be serviced prior to a lower priority class during the both the first and second pass Consequently its traffic will experience lower average latency and will also have access to any excess bandwidth before the traffic in the lower priority class When CBQ is enabled the backpressure from packet driver is automatically handled in CBQ scheduling...

Page 233: ...class node it needs to be queued in to packet queue of the leaf traffic class node This queuing process in controlled by RED algorithm By default RED is enabled on traffic classes Either RED or DSWRED can be enabled at a time Peak Rate Limiting for Parent Class As explained earlier CBQ service parameters are configured for leaf classes because they define the traffic flows Parent classes are an in...

Page 234: ...ass which is nothing but a maximum limit which indicates the number of buffers that the interface or class can use The sum of these limits plus the limits for other uses cannot exceed the total number of buffers available Following is an explanation of variables terms used in the following subsections y BCR Committed rate bytes Root out class parameter Number of bytes that can be sent from an inte...

Page 235: ...by borrowing queue buffers from the global pool if available However only the portion allocated for transmit queues can be borrowed Therefore it is not possible for traffic flooding a WAN interface to consume all buffers and starve other interfaces including Ethernet of receive buffers The calculation below shows how the number of reserved buffers is calculated for a WAN interface MAX NxBCR_BUFS_R...

Page 236: ...can be equal to a maximum of the interface s bandwidth which means bbr can be a maximum of BCR interface bandwidth A class can transmit more than its CR and up to its BR if enough unused bandwidth is available The scheduler offers unused bandwidth to higher priority classes before the lower priority ones For a class to potentially transmit up to its BR it needs to have at least bbr bytes in its qu...

Page 237: ...classes because of which it will gain access to majority of the buffers and hence most of the bandwidth Buffer Requirements Analysis and Buffer Management Scheme A more economical scheme can be developed by making a calculated compromise on the buffer guarantee availability for a class In most cases not all classes would simultaneously need to transmit at their BR Which means only a few classes at...

Page 238: ...00 burst tolerance at Burst Rate If a class is configured with a very low CR it is possible that 6 bcr average_packet_size results in a very low value for example 2 buffers To handle this we always a reserve a minimum of QOS_MIN_RES_ CLASS_Q_SIZE which is 5 in the current code version buffers The expression below summarizes the above logic for calculating the number of reserved buffers for a traff...

Page 239: ...g the BR this will accommodate a burst of 2 scheduler interval 10 ms at a rate of BR kbps For packet sizes larger than average_packet_size bytes the burst duration will be even longer In this case the maximum buffers that a traffic class can loan from the common pool is as shown below Max loaned buffers 3 bbr average_packet_size reserved_buffers For a class with BR interface BR and CR 0 Max loaned...

Page 240: ...ted as an EWMA Exponential Weighted Moving Average of the current queue size Simply put the average queue size is a smoothened out version of the instantaneous queue size The average queue size is compared against the minimum threshold or minth and maximum threshold or maxth When the average queue size is less than minth all packets are queued When it is between minth and maxth packets are dropped...

Page 241: ...Size Calculation for Traffic Classes The average queue size calculation for traffic classes is little bit different than for interfaces The packet scheduler services the class queues every scheduling interval Ts msec 5 msec In a Ts msec interval if the queues are serviced for T ms during the remaining time Ts T msec the packets are classified and queued in to the respective queues So the queuing p...

Page 242: ...ated Drop rate maxTh minTh 2mpd Qaverage minTh Also the numerator in the above expression which is fixed for a given configuration maxTh minTh 2mpd is pre calculated at the time of initialization configuration This saves CPU time in the forwarding path The above drop rate procedure is same for both interfaces and traffic classes SWRED DSWRED allows specifying the separate set of RED parameters onl...

Page 243: ...tiveness of RED Therefore it is important to strike a good balance in the value of EWF The default value of ewf will be 5 which means the actual EWF value 1 32 The MPD value determines the drop probability when the average queue size is close to maxth A high value will result in more aggressive drops for a given increase in average queue size and could potentially lead to queue size oscillations A...

Page 244: ...fference between minth and maxth will reduce the effectiveness of RED by causing frequent tail drops The maximum permissible value for maxth is H where H corresponds to 3 Ts msec of buffering for 100 byte packets at the rate interface bandwidth or 20 whichever is higher Class Queue RED parameters The EWF and MPD parameters considerations are same as described in the section Interface RED parameter...

Page 245: ...Too small a difference between minth and maxth will reduce the effectiveness of RED by causing frequent tail drops The maximum permissible value for maxth is a value slightly less than the maximum queue buffers by worth of Ts msec of buffering at BR Kbps The permissible range for minth and maxth values will be displayed in the CLI Minth can never be greater than maxth Statistics The following RED ...

Page 246: ... color is extracted from the DiffServ code point For the expedited traffic the color code will be set as Green For example the following command sequence configures the proper treatment for AF11 DSCP 10 traffic If DS RED is configured for a given DSCP then those RED parameters will be instead Otherwise color RED parameters will be used Router configure interface bundle wan1 configuring new WAN bun...

Page 247: ...fic Statistics Avg Rate Out 0 Kbps Avg Pending Q 0 pkts Avg Rate In 0 Kbps Current Q 0 pkts 0 bytes Current WRED Q 0 pkts Max recorded Q 0 pkts 0 bytes Counters since last boot clear Packet drop details Packets Forwarded 0 Queue overflow 0 Bytes Forwarded 0 No buffers 0 Packets Dropped 0 Policing pkts dropped 0 Bytes Dropped 0 RED pkts dropped 0 WRED Statistics Color Pkts Fwd Pkts Fwd Pkts Dropd P...

Page 248: ...l one of the rule matches So it is a sequential search After matching rule is found the matching process terminates and corresponding action is attempted If IP flow classification look up fails then policy profile default table is used For handling congestion on egress queues the hardware supports three levels of drop precedence DP When congestion occurs on an egress queue packets with higher DP c...

Page 249: ...f tagged to assign the TC attribute To configure the associated table enter Router configure qos no map up to outq UP 0 7 TC 1 8 Using the no form will reset a specific row to default UP based DP assignment uses the UP attribute of the packet to assign the DP attribute The associated table can be configured using the following command Router configure qos no map up to dp UP 0 7 DP 0 2 Using the no...

Page 250: ...qos no map outq to up 4 Router configure qos map up to dp 4 2 Router configure qos no map up to dp Router configure qos no map up to dp 4 Router configure qos map up to outq 4 5 Router configure qos no map up to outq 4 Verifying the Configuration Use the following command to display the configuration y show qos global config ...

Page 251: ... To configure the inLIF based DSCP attribute assignment enter Router configure interface ethernet 3 0 qos mark dscp DSCP 0 63 Configuration Example Router configure interface ethernet 3 0 qos mark dscp 10 Router configure interface ethernet 3 0 qos no mark dscp Router configure interface ethernet 3 0 qos mark up 3 Router configure interface ethernet 3 0 qos no mark up Router configure interface et...

Page 252: ...olicy class classname To create a policy rule enter Router configure qos policy map map name policy class classname match ipv4 src ip 20 20 20 20 To configure CoS marking actions enter Router configure qos policy map map name policy class classname mark dscp DSCP 0 63 Router configure qos policy map map name policy class classname mark up UP 0 7 Router configure qos policy map map name policy clas...

Page 253: ...er configure qos policy map map2 policy class class2 mark dp 2 Router configure qos policy map map2 policy class class2 markdscp 3 Router configure qos policy map map2 policy class class2 markoutq 5 Router configure qos policy map map2 policy class class2 mark up 3 Router configure interface ethernet 3 0 qos service policyinput map2 Verifying the Configuration Use the following commands to verify ...

Page 254: ...nce level Policing based CoS marking can be achieved using the following configuration To create a policy map enter Router configure qos policy map map name To create a policy class enter Router configure qos policy map map name policy class classname To create a policy rule enter Router configure qos policy map map name policy class classname match ipv4 src ip 20 20 20 20 To map this policy to an...

Page 255: ...nformance green yellow red mark dscp DSCP 0 63 mark up UP 0 7 mark dp DP 0 2 Configuration Example Router configure qos police l2 cos map 0 green mark dscp 10 markdp 2 mark up 5 Router configure qos police no l2 cos map 0 green Router configure qos police l3 cos map 50 green mark dscp 20 mark dp 1 mark up 4 Router configure qos policy map map1 policy class class1 police srtcm 100 cbs 100 ebs 200 V...

Page 256: ...olicy rule enter Router configure qos policy map map name policy class classname no match packet class match field matchoperation value1 match operation value2 match field match operation value3 match operation value4 packet class can be ipv4 or ethernet or ipv6 match field can be src ip or dest ip or ip proto or srcport or dest port or dscp or tos or precedence or traffic class or user priority o...

Page 257: ...match ipv6 ip proto 10 Router configure qos policy map map1 policy class class1 match ipv4 ip proto 17 src port 100 Router configure qos policy map map1 policy class class1 match ipv4 ip proto 17 src port 200 Verifying the Configuration Use the following commands to verify the configuration y show qos policy class Traffic Policing Traffic policing allows metering of traffic flows classification of...

Page 258: ...ss configured above enter Router configure qos policy map map name policy class classname police Router configure qos policy map map name policy class classname police srtcm rate_in_kbps cbs committed_burst_in_bytes ebs excess_burst_in_bytes To configure a trTCM policer for the class configured above enter Router configure qos policy map map name policy class classname police Router configure qos ...

Page 259: ...nfigure qos policy map map1 policy class class1 police no srtcm 100 Router configure qos policy map map1 policy class class1 police trtcm 100 200 cbs 200 pbs 300 Router configure qos policy map map1 policy class class1 police no trtcm 100 200 Verifying the Configuration To verify the configuration enter Router configure qos policy map map1 show qos policer policy name map1 policy class class1 ...

Page 260: ...illing enable To enable for disable billing at the class level enter Router configure qos policy map map name policy class classname police no billing enable To enable or disable conformance counters at the global level enter Router configure qos no conformance counter enable Configuration Example Router configure qos billing enable Router configure qos no billing enable Router configure qos confo...

Page 261: ...ueuing discipline enter Router configure interface ethernet 3 0 qos queue discipline 1 Router configure interface ethernet 3 0 qos queue discipline 1 spq Router configure interface ethernet 3 0 qos queue discipline 1 Router configure interface ethernet 3 0 qos queue discipline 2 Router configure interface ethernet 3 0 qos queue discipline 2 wrr 3 To configure port and queue shaping enter Router co...

Page 262: ...nfigure RED and tail drop congestion management strategies enter Router configure qos qos congestion set 1 Router configure qos qos congestion set 1 red 1 0 minTh 10 maxTh 20 mpd 2 Router configure qos qos congestion set 1 red ewma wt 8 10 Router configure interface ethernet 3 0 qos qos congestion map 1 Verifying the Configuration To verify the configuration enter Router configure interface ethern...

Page 263: ...rnet 3 0 qos tx descriptorlimit 3000 Router configure interface ethernet 3 0 qos xoff threshold 500 Router configure interface ethernet 3 0 qos xon threshold 200 Router configure interface ethernet 3 0 qos queue tx descrlimit 1 2000 Verifying the Configuration To verify the configuration enter Router configure interface ethernet 3 0 show qos port info ethernet3 0 Router configure interface etherne...

Page 264: ...CHAPTER 10 QoS 228 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...

Page 265: ... The connection in the customer office can be routed or bridged depending on whether the provider will be hosting customer applications at the POP The Ethernet switch passes a VLAN trunk to the iBG2016 that forwards traffic based on the VLAN tags from this interface to the multilink bundle Multilink T1 Router Tagged VLAN Trunk Channelized T3 Router Channelized T3 Gigabit Ethernet Ethernet Switch T...

Page 266: ... not match the address of the iBG2016 the packet will be forwarded to all interfaces configured for the management VLAN with the exception of the interface where it was received This allows all transmission equipment to be managed in a single flat VLAN When the iBG2016 generates traffic on to the management VLAN an ARP request is generated in the direction of the VLAN s default route If no default...

Page 267: ...erface say an Ethernet configured for VLD tagging are also tagged only one level with the tag ID configured for VLD tagging on that interface These single level tagged VLAN packets can now be forwarded on the trunk port say a WAN interface using the VLD forwarding table itself In the return path packets arriving on the trunk port as VLAN packets can be forwarded to the Ethernet interface based on ...

Page 268: ... interface ethernet 3 3 switchport access vlan 600 Router configure interface ethernet 3 3 exit Router configure interface ethernet 3 4 switchport 2006 03 15 08 54 50 NSM interface ethernet3 4 index 9 is already a switchport Interface already a switchport Router configure interface ethernet 3 4 br 1 Interface already bound to a bridge Router configure interface ethernet 3 4 switchport mode access ...

Page 269: ...ridge group by creating a new VLAN which is bridged through the WAN interface Then it shows how to create a WAN bundle Router configure terminal Router config bridge 1 protocol mstp Router config vlan database Router Config vlan database vlan 600 bridge 1 Router Config vlan database vlan 700 bridge 1 Router configure interface bundle wan1 Router configure interface bundle wan1 link t1 0 0 2 Router...

Page 270: ...CHAPTER 11 VLAN forwarding with QoS 234 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...

Page 271: ...PART IV Security Chapter 1 Authentication Authorization and Accounting Chapter 2 Packet Filtering Chapter 3 Firewall and NAT Chapter 4 GRE Chapter 5 IPSEC ...

Page 272: ......

Page 273: ...o all interfaces When you define a method list it overrides this default method list Authorization AAAAuthorization controls remote access by defining the methods used to authorize user activities on the network In other words authorization is the process of determining what you are allowed to do Authorization manages a set of attributes describing what each user is allowed to do when they access ...

Page 274: ...d network resources your uses are consuming Accounting records consist of accounting attribute value pairs and is typically stored on the access control server Configuration Examples This section describes basic AAA configurations It shows how to enable AAA configure RADIUS and TACACS clients with related parameter settings such as authentication list Enabling AAA The following example shows how t...

Page 275: ...ports you may use default list shown in the following example Router configure terminal Router configure aaa Router configure aaa authentication login default radius local none Router configure aaa exit Configuring RADIUS Router configure terminal Router configure aaa Router configure aaa radius Router configure aaa radius primary_server 172 168 2 1 Router configure aaa radius primary_server share...

Page 276: ...10 10 1 41 Primary server 172 168 2 1 Secondary server 192 168 2 1 Authentication port 1670 Accounting port 1580 Shared secret 45J1T4n Timeout in seconds 20 Maximum retries 4 Configuring TACACS Router configure terminal Router configure aaa Router configure aaa enable Router configure aaa authentication login list1 tacacs local none Router configure aaa authentication protocols list1 ascii pap cha...

Page 277: ...list1 tacacs local none To confirm the protocols list enter Router configure aaa show aaa authentication protocols Protocol List Name Protocols Order default NOT CONFIGURED list1 ascii pap chap To confirm TACACS server configuration enter Router configure aaa show aaa tacacs TACACS CLIENT CONFIGURATION Primary server 192 168 203 213 Secondary server 192 170 200 211 Server port 49 Timeout in second...

Page 278: ...CHAPTER 1 Authentication Authorization Accounting 228 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...

Page 279: ...to the Ubigate iBG2016 and allows only specific internal users Telnet access to the system y At the end of every rule list is an implied deny all traffic statement Therefore all packets not explicitly permitted by filtering rules are denied This effectively means that once you enter a deny statement in your filter list you are implicitly denying all packets from crossing the interface Therefore it...

Page 280: ...istrator wants to completely block Telnet access to the Ubigate iBG2016 from all external networks as well as from all internal networks except 222 199 19 0 28 All other TCP IP traffic such as FTP Ping and HTTP is to flow unrestricted through the Ubigate iBG2016 Configure the Ubigate iBG2016 Router configure term Router configure ip access list filtera Router configure ip access list filtera add d...

Page 281: ...P etc Whenever an IP packet in transit gets to Smart Forwarder it checks whether the interface on which the packet arrived is registered for security processing or not If registered it is processed for security Otherwise it is put through regular IP forwarding Similarly whenever a packet gets to the Smart Forwarder from the local TCP IP stack it is checked if the outbound interface is registered w...

Page 282: ... the one device one policy database constraint Instead many discrete firewalls can be run on a single device with the Virtual Firewall capability A Virtual Firewall VF provides multiple logical firewalls for multiple networks on one system This is accomplished by establishing firewall maps with each map having its own user defined security policy Each map has its own outbound and inbound policies ...

Page 283: ...Configuration Three Legged Firewall Network A small firm has divided its corporate network into two security zones 1 corp private network of the firm 2 dmz web and mail servers exposed to internet Firewal Corp Firewall dmz Firewall internet Firewall Inciming Policy Database Outing Policy Database Inciming Policy Database Outing Policy Database Inciming Policy Database Outing Policy Database Transi...

Page 284: ... rule that defines from host A to host B what action needs to be taken Every time a new connection comes from host A to host B this policy will be referred and the corresponding action will be taken This policy is available on network basis and within that direction Currently supported policy categories are y Outbound Policies that govern traffic originated from one map to the external world y Inb...

Page 285: ...estined map For self packets going towards internet firewall looks for the outbound self policies on internet map If the packet is destined to the firewall then the firewall looks for a self inbound firewall policy on the packet originated map For self packets going coming from internet firewall looks for the inbound self policies on internet map Access Policy Database Lookup Policy Lookup Session...

Page 286: ...ng this disclosure as public information This functionality also provides solutions for IP address depletion issue by allowing multiple hosts to share limited public IP addresses Firewall has reverse NAT capabilities which enables users to host various Internet services in the private IP address space such as web servers e mail servers Real Audio servers and others Firewall has an inbuilt function...

Page 287: ... of these applications and selectively filter out some commands Some of these commands might reveal unwanted information For this purpose firewall maintains a database where such protocol commands can be configured and this database will eventually be used when the actual datagram travels in the network This application control database maintains the above mentioned protocol commands Every applica...

Page 288: ... the RFC 1918 address range y A public address routable over the Internet on the WAN side Consider a PC on the LAN sending a packet destined for some server com The source IP address and port are in the packet together with the destination IP address and port When the packet arrives at the Ubigate iBG2016 it will be de encapsulated modified and re encapsulated The re encapsulated packet sent by th...

Page 289: ... public source IP address assigned to the local router Dynamic NAT performs this task well but it does not permit providing services to the Internet from inside a LAN which requires the use of static NAT Static NAT also requires a public address from the upstream service provider Individual PCs within a LAN are assigned RFC 1918 reserved IP addresses to enable access to other PCs within the LAN Th...

Page 290: ...yahoo com Firewall only substitutes the source address in the IP header with one of the NAT IP address and the source port will be the same as the original If traffic emanates from the same client to any other server the same NAT IP address is assigned The advantage is that the NAT IP addresses are utilized in a better and optimum manner dynamically If a NAT IP address cannot be allocated dynamica...

Page 291: ... out address 10 1 1 1 10 1 1 4 any any Router configure firewall corp policy 8 out apply object nat pool dynPooll Router configure firewall corp policy 8 out exit 2 Router configure Port Address Translation Many to one NAT allows multiple IP addresses to be mapped to one address Figure 3 5 Mapping Multiple NAT Addresses to One Public IP Address There are two methods to configure Port Address Trans...

Page 292: ... configure firewall corp policy 2 out exit 2 Router configure Method 2 Attaching nat pool to the policy To configure the second type of NAT create a NAT pool with type pat and specify the IP address Then add the policy with the source IP address range Finally attach the NAT pool to the policy Router configure firewall corp Router configure firewall corp object Router configure firewall corp object...

Page 293: ...s the original The static NAT configuration shown in Figure 23 6 includes y Private network address 10 1 1 1 10 1 1 3 y Public NAT IP address range 50 1 1 1 50 1 1 3 To create NAT pool with type static specify the IP address and the ending NAT IP address Add a policy with source IP address range and attach NAT pool to the policy Router configure firewall corp Router configure firewall corp object ...

Page 294: ...ress listed in the static mapping the Ubigate iBG2016 forwards the packets to the correct PC within the LAN according to the mapping relationship established Figure 23 7 illustrates dynamic and static NAT The static translation between 192 168 1 6 and 100 1 1 6 automatically matches the port addresses thus a request destined for 100 1 1 6 tcp port 25 is translated to 192 168 1 6 tcp port 25 and so...

Page 295: ... 168 1 6 32 any Router configure firewall corp policy 8 out apply object nat pool staticNat Router configure firewall corp policy 8 out end Router Figure 23 8 provides an example of static port mapping TCP port 81 of the web server at private address 192 168 1 6 is mapped to the same TCP port of the public address Figure 3 8 Mapping Ports Internet 100 1 1 1 29 192 168 1 254 24 10 100 BaceT Etherne...

Page 296: ...se NAT could be used in a situation where one LAN is using private RFC 1918 IP addresses and a second LAN is using real Internet routable IP addresses Figure 23 9 illustrates how reverse NAT would be applied Figure 3 9 Reverse NAT Internet 100 1 1 1 29 10 100 BaceT Ethernet FTP SMTP HTTP Server 192 168 1 6 24 Workstation 192 168 1 1 24 Workstation 192 168 1 2 24 Workstation 192 168 1 3 24 Workstat...

Page 297: ...rewall based Port Address Translation This feature applies to firewall NAT policies which are configured with the interface name of the primary interface The user must specify the primary and backup interface using the firewall global nat failover command When the primary interface is up packets going out through it will be translated using the IP address of the primary interface When it goes down...

Page 298: ...CHAPTER 3 Firewall NAT 248 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...

Page 299: ... logical interface that provides a way to encapsulate passenger packets inside a transport protocol Tunnels can be created using GRE the default or IPIP By connecting multiprotocol subnetworks in a single protocol backbone environment IP tunneling using GRE allows network expansion across a single protocol backbone environment IPSec and GRE complement each other well while IPSec provides a secure ...

Page 300: ...onfigure interface bundle wan1 link t1 0 2 0 Router configure interface bundle wan1 encapsulation ppp Router configure interface bundle wan1 ip address 192 168 94 220 255 255 255 0 Router configure interface bundle wan1 exit 2 Configure the tunnel Router configure interface tunnel t0 Router configure interface tunnel t0 ip address 103 1 1 2 24 Router configure interface tunnel t0 tunnel source 192...

Page 301: ...03 1 1 2 Internet Netmask 255 255 255 0 Internet Broadcast 103 1 1 255 Maximum Transfer Unit 1476 bytes Source Address 192 168 94 220 Destination Address 192 168 55 75 Gateway wan1 Protocol GRE Mac Address 00 50 52 60 00 00 For more information enter Router show interface tunnel t0 Tunnel t0 Status up Internet Address 103 1 1 2 Internet Netmask 255 255 255 0 Source Address 192 168 94 220 Destinati...

Page 302: ... config interface Ethernet2 0 cisco config if ip address 192 168 55 75255 255 255 0 cisco config if exit cisco config interface Tunnel 0 cisco config if ip address 103 1 1 1 255 255 255 0 cisco config if tunnel source 192 168 55 75 cisco config if tunnel destination 192 168 94 220 cisco config if exit cisco config ip route 0 0 0 0 0 0 0 0 192 168 55 254 cisco config ip route 10 3 1 0 255 255 255 0...

Page 303: ...unnel t0 ip address 103 1 1 2 24 Router configure interface tunnel t0 tunnel source 192 168 94 220 Router configure interface tunnel t0 tunnel destination 192 168 55 75 Router configure interface tunnel t0 tunnel protection grecisco secretkeyfortest Router configure interface tunnel t0 crypto untrusted Router configure interface tunnel t0 exit 3 Configure the routes Router configure ip route 0 0 0...

Page 304: ... To enable OSPF add to the Ubigate iBG2016 configuration above Router configure terminal Router configure router id 2 2 2 2 Router configure router ospf Router configure router ospf network 103 1 1 0 24 area 0 Router configure router ospf exit 2 Add to the Cisco compatible configuration above cisco config t cisco config router ospf 1 cisco config router network 103 1 1 0 0 0 0 255 area 0 3 To veri...

Page 305: ...pter explains each of these features in detail Securing Remote Access Using IPSec VPN The features in SNOS allow administrators to form a security tunnel to join two private networks over the Internet The following examples show how to set up an end to end tunnel with a single proposal and pre shared key authentication with multiple proposals and pre shared key authentication and with an SA Bundle...

Page 306: ...n limitations in providing remote access is the typical remote user connects with a dynamically assigned IP address provided by the ISP IPSec uses the IP address of users as an index to apply the Internet Key Exchange IKE and IPSec policies to be used for negotiation with each peer When the VPN client has a dynamic IP address the VPN server cannot access the policies based on the IP address of the...

Page 307: ...header is the private address allocated by the VPN server to the VPN client As in the case of user group method the administrator creates an IKE policy for a logical group of users such as a department in an organization The identity information used to identify each user uniquely is configured in the IKE policy The IKE policy is attached to a mode configuration record The mode configuration recor...

Page 308: ...ure a WAN bundle of network type untrusted Router configure interface bundle wan1 Router configure interface bundle wan1 link t1 0 2 0 Router configure interface bundle wan1 encapsulation ppp Router configure interface bundle wan1 ip address 172 16 0 1 24 Router configure interface bundle wan1 crypto untrusted Router configure interface bundle wan1 exit 2 Configure the Ethernet interface with trus...

Page 309: ...to ike policy NW2 172 16 0 2 Router configure crypto ike policy NW2 172 16 0 2 local address 172 16 0 1 Router configure crypto ike policy NW2 172 16 0 2 key secretkey Router configure crypto ike policy NW2 172 16 0 2 proposal 1 Router configure crypto ike policy NW2 172 16 0 2 proposal 1 encryption algorithm 3des cbc Router configure crypto ike policy NW2 172 16 0 2 proposal 1 exit Router configu...

Page 310: ...IPSec tunnel to the remote host Router configure terminal Router configure crypto Router configure crypto ipsec policy NW2 172 16 0 2 Router configure crypto ipsec policy NW2 172 16 0 2 match address 172 16 0 1 32 10 0 2 0 24 Router configure crypto ipsec policy NW2 172 16 0 2 proposal 1 Router configure crypto ipsec policy NW2 172 16 0 2 proposal 1 encryption algorithm aes128 cbc Router configure...

Page 311: ...on is Apply Key Management is Automatic PFS Group is disabled Match Address Protocol is Any Source ip address ip mask port 172 16 0 1 255 255 255 255 any Destination ip address ip mask port 10 0 2 0 255 255 255 0 any Proposal of priority 1 Protocol esp Mode tunnel Encryption Algorithm aes128 key length 128 bits Hash Algorithm sha1 Lifetime in seconds 3600 Lifetime in Kilobytes 4608000 Policy name ...

Page 312: ...all policies to allow desired services through untrusted interface to manage the router Router configure firewall internet Router configure firewall internet policy 1001 in service snmp self Router configure firewall internet policy 1001 in exit Router configure firewall internet policy 1002 in service telnet self Router configure firewall internet policy 1002 in exit Router configure firewall int...

Page 313: ...s disabled Bytes In 0 Bytes Out 0 Policy with Priority 1001 is enabled Direction is inbound Action permit Traffic is self Logging is disable Source Address is any Dest Address is any Source Port is any Service Name is snmp Schedule is disabled Ftp Filter is disabled Smtp Filter is disabled Http Filter is disabled Rpc Filter is disabled Nat is disabled Bytes In 0 Bytes Out 0 Policy with Priority 10...

Page 314: ...r is disabled Smtp Filter is disabled Http Filter is disabled 15 Enable SNMP on the Router router Router configure crypto exit Router configure snmp server Router configure snmp server community public rw Router configure snmp server exit 16 Display SNMP communities Router show snmp communities Community public privilege rw 17 Repeat steps 1 16 with suitable modifications on NW2 prior to managing ...

Page 315: ...e8453c2b 256 esp aes sha1 tunl NW2 172 16 0 2 0xa1f673aa 256 esp aes sha1 tunl Router show crypto ipsec sa all detail Crypto Policy name INNW2 Protocol is Any Local ident ip mask port 10 0 2 0 255 255 255 0 any Remote ident ip mask port 172 16 0 1 255 255 255 255 any Peer Address is 172 16 0 1 PFS Group is disabled inbound ESP sas Spi 0xe8453c2b Transform aes128 key length 128 bits sha1 In use set...

Page 316: ... tunnel to join two private networks 10 0 1 0 24 and 10 0 2 0 24 The security requirements are as follows y Phase 1 3DES with SHA1 y Phase 2 IPSec ESP with AES 256 bit and HMAC SHA1 Figure 5 2 Tunnel Mode Between Two Security Gateways Single Proposals 1 Configure a WAN bundle of network type untrusted Router configure interface bundle wan1 link t1 0 2 0 Router configure interface bundle wan1 encap...

Page 317: ...w crypto interfaces Interface Network Name Type ethernet 0 1 trusted wan1 untrusted 4 Add route to peer LAN Router configure ip route 10 0 2 0 255 255 255 0 wan1 5 Configure IKE to the peer gateway Router configure crypto Router configure crypto ike policy NW2 172 16 0 2 Router configure crypto ike policy NW2 172 16 0 2 local address 172 16 0 1 Router configure crypto ike policy NW2 172 16 0 2 key...

Page 318: ...y DH Group group1 Lifetime in seconds 86400 Lifetime in kilobytes unlimited 8 Configure IPSec tunnel to the remote host Router configure crypto ipsec policy NW2 172 16 0 2 Router configure crypto ipsec policy NW2 172 16 0 2 match address 10 0 1 0 24 10 0 2 0 24 Router configure crypto ipsec policy NW2 172 16 0 2 proposal 1 Router configure crypto ipsec policy NW2 172 16 0 2 proposal 1 encryption a...

Page 319: ...y Management is Automatic PFS Group is disabled Match Address Protocol is Any Source ip address ip mask port 10 0 1 0 255 255 255 0 any Destination ip address ip mask port 10 0 2 0 255 255 255 0 any Proposal of priority 1 Protocol esp Mode tunnel Encryption Algorithm aes256 key length 256 bits Hash Algorithm sha1 Lifetime in seconds 3600 Lifetime in Kilobytes 4608000 Policy name INNW2 is enabled D...

Page 320: ... internet map Router show firewall policy internet Advanced S Self Traffic F Ftp Filter H Http Filter R Rpc Filter N Nat Ip Nat Pool L Logging E Policy Enabled M Smtp Filter Pri Dir Source Addr Destination Addr Sport Dport Proto Action Advanced 1000 in any any ike PERMIT SE 1024 out any any any any any PERMIT SE 13 Display firewall policies in the internet map in detail Router show firewall policy...

Page 321: ...ic from remote LAN to the local LAN Router configure firewall corp Router configure firewall corp policy 1000 in address 10 0 2 0 24 10 0 1 0 24 Router configure firewall corp policy 1000 in exit Router configure firewall corp exit 15 Display firewall policies in the corp map Router show firewall policy corp Advanced S Self Traffic F Ftp Filter H Http Filter R Rpc Filter N Nat Ip Nat Pool L Loggin...

Page 322: ...urce Port is any Dest Port is any any Schedule is disabled Ftp Filter is disabled Smtp Filter is disabled Http Filter is disabled Rpc Filter is disabled Nat is disabled Bytes In 0 Bytes Out 0 Policy with Priority 1023 is enabled Direction is inbound Action permit Traffic is self Logging is disable Source Address is any Dest Address is any Source Port is any Dest Port is any any Schedule is disable...

Page 323: ...SA_MATURE 1796 pre g1 3des sha1 Router show crypto ike sa all detail Crypto Policy name NW2 Remote ident 172 16 0 2 Peer Address is 172 16 0 2 Transform 3des sha1 pre shared key DH Group group1 Bytes Processed 1796 State is SA_MATURE Mode is Main Remaining Time in Sec 86376 Life Time in Sec 86400 Life Time in Bytes is unlimited Router show crypto ipsec sa all Policy Dest IP Spi Bytes Transform INN...

Page 324: ...es 413696 Soft lifetime in seconds 0 Soft lifetime in kilobytes is unlimited Crypto Policy name NW2 Protocol is Any Local ident ip mask port 10 0 1 0 255 255 255 0 any Remote ident ip mask port 10 0 2 0 255 255 255 0 any Peer Address is 172 16 0 2 PFS Group is disabled outbound ESP sas Spi 0xb013de87 Transform aes256 key length 256 bits sha1 In use settings tunnel Bytes Processed 256 Hard lifetime...

Page 325: ...1 In this example the Router router offers two IPSec proposals to the peer while the NW2 router offers only one proposal As a result of quick mode negotiation the two routers are expected to converge on a mutually acceptable proposal which is the proposal IPSec ESP with AES 256 bit and HMAC SHA1 in this example Figure 5 3 Tunnel Mode Between Two Security Gateways Multiple Proposals 1 Configure a W...

Page 326: ...ethernet 0 1 trusted wan1 untrusted 4 Add the route to the peer LAN Router configure ip route 10 0 2 0 255 255 255 0 wan1 5 Configure IKE to the peer gateway Router configure crypto Router configure crypto ike policy NW2 172 16 0 2 Router configure crypto ike policy NW2 172 16 0 2 local address 172 16 0 1 Router configure crypto ike policy NW2 172 16 0 2 key secretkey Router configure crypto ike p...

Page 327: ...ifetime in seconds 86400 Lifetime in kilobytes unlimited 8 Configure IPSec tunnel to the remote host Router configure crypto ipsec policy NW2 172 16 0 2 Router configure crypto ipsec policy NW2 172 16 0 2 match address 10 0 1 0 24 10 0 2 0 24 Router configure crypto ipsec policy NW2 172 16 0 2 proposal 1 Router configure crypto ipsec policy NW2 172 16 0 2 proposal 1 encryption algorithm des cbc Ro...

Page 328: ...p des sha1 tunl D 10 0 1 0 24 any P2 esp aes sha1 tunl Router show crypto ipsec policy all detail Policy name NW2 is enabled Direction is outbound Peer Address is 172 16 0 2 Action is Apply Key Management is Automatic PFS Group is disabled Match Address Protocol is Any Source ip address ip mask port 10 0 1 0 255 255 255 0 any Destination ip address ip mask port 10 0 2 0 255 255 255 0 any Proposal ...

Page 329: ...ority 1 Protocol esp Mode tunnel Encryption Algorithm des Hash Algorithm sha1 Lifetime in seconds 3600 Lifetime in Kilobytes 4608000 Proposal of priority 2 Protocol esp Mode tunnel Encryption Algorithm aes256 key length 256 bits Hash Algorithm sha1 Lifetime in seconds 3600 Lifetime in Kilobytes 4608000 10 Configure firewall policies to allow IKE negotiation through untrusted interface Router confi...

Page 330: ...cy internet detail Policy with Priority 1000 is enabled Direction is inbound Action permit Traffic is self Logging is disable Source Address is any Dest Address is any Source Port is any Service Name is ike Schedule is disabled Ftp Filter is disabled Smtp Filter is disabled Http Filter is disabled Rpc Filter is disabled Nat is disabled Bytes In 0 Bytes Out 0 Policy with Priority 1024 is enabled Di...

Page 331: ...e Addr Destination Addr Sport Dport Proto Action Advanced 1000 in 10 0 2 0 24 10 0 1 0 24 any any any PERMIT E 1022 out any any any any any PERMIT SE 1023 in any any any any any PERMIT SE 1024 out any any any any any PERMIT E 15 Display firewall policies in the corp map in detail Router show firewall policy corp detail Policy with Priority 1000 is enabled Direction is inbound Action permit Traffic...

Page 332: ...abled Ftp Filter is disabled Smtp Filter is disabled Http Filter is disabled Rpc Filter is disabled Nat is disabled Bytes In 0 Bytes Out 0 Policy with Priority 1024 is enabled Direction is outbound Action permit Traffic is transit Logging is disable Source Address is any Dest Address is any Source Port is any Dest Port is any any Schedule is disabled Ftp Filter is disabled Smtp Filter is disabled ...

Page 333: ...nsform 3des sha1 pre shared key DH Group group1 Bytes Processed 1796 State is SA_MATURE Mode is Main Remaining Time in Sec 86380 Life Time in Sec 86400 Life Time in Bytes is unlimited Router show crypto ipsec sa all Policy Dest IP Spi Bytes Transform INNW2 172 16 0 1 0x8eabe4b3 256 esp aes sha1 tunl NW2 172 16 0 2 0xa9a506f9 256 esp aes sha1 tunl Router show crypto ipsec sa all detail Crypto Polic...

Page 334: ...2 16 0 2 PFS Group is disabled outbound ESP sas Spi 0xa9a506f9 Transform aes256 key length 256 bits sha1 In use settings tunnel Bytes Processed 256 Hard lifetime in seconds 3570 Hard lifetime in kilobytes 413695 Soft lifetime in seconds 3540 Soft lifetime in kilobytes 20233 Configuration on the other end is as follows Configure the Ethernet interface with trusted network type Networks2Router confi...

Page 335: ...ddress 172 16 0 2 message Default proposal created with priority1 des sha1 pre_shared g1 message Key String has to be configured by the user Networks2Router configure crypto ike policy Networks2 172 16 0 1 key secretkey Networks2Router configure crypto ike policy Networks2 172 16 0 1 proposal 1 Networks2Router configure crypto ike policy Networks2 172 16 0 1 proposal 1 encryption algorithm 3des cb...

Page 336: ...pto ipsec policy Networks2 172 16 0 1 Networks2Router configure crypto ipsec policy Networks2 172 16 0 1 match address 10 0 2 0 24 10 0 1 0 24 message Default proposal created with priority1 esp 3des sha1 tunnel and activated Networks2Router configure crypto ipsec policy Networks2 172 16 0 1 proposal 2 Networks1Router configure crypto ipsec policy Networks2 172 16 0 1 proposal 2 message Proposal a...

Page 337: ...d Router configure interface bundle wan1 Router configure interface bundle wan1 link t1 0 2 0 Router configure interface bundle wan1 encapsulation ppp Router configure interface bundle wan1 ip address 172 16 0 1 24 Router configure interface bundle wan1 crypto untrusted Router configure interface bundle wan1 exit 2 Configure the Ethernet interface with trusted network type Router configure interfa...

Page 338: ...added to the group sales Default proposal created with priority1 des sha1 pre_shared g1 Key String has to be configured by the user Router configure crypto dynamic ike policy sales remote id email id mike abc corp com mike New user mike is added to the group sales Router configure crypto dynamic ike policy sales key secretkeyforsalesusers Router configure crypto dynamic ike policy sales proposal 1...

Page 339: ...e abc corp com email id Proposal of priority 1 Encryption algorithm 3des Hash Algorithm sha1 Authentication Mode pre shared key DH Group group1 Lifetime in seconds 86400 Lifetime in kilobytes unlimited 7 Configure dynamic IPSec policy for a group of mobile users Router configure crypto dynamic ipsec policy sales Router configure crypto dynamic ipsec policy sales match address 10 0 1 0 24 Default p...

Page 340: ... Action is Apply Key Management is Automatic PFS Group is disabled Match Address Protocol is Any Source ip address ip mask port 10 0 1 0 255 255 255 0 any Destination ip address ip mask port any any any Proposal of priority 1 Protocol esp Mode tunnel Encryption Algorithm aes256 key length 256 bits Hash Algorithm sha1 Lifetime in seconds 3600 Lifetime in Kilobytes 4608000 Policy INsales is enabled ...

Page 341: ...dary_server 192 168 2 1 Secondary Radius server configured Router configure aaa radius enable radius Router configure aaa radius exit Router configure aaa exit 11 Configure firewall policies to allow IKE negotiation through untrusted interface Router configure firewall internet Router configure firewall internet policy 1000 in service ike self Router configure firewall internet policy 1000 in exit...

Page 342: ...Out 0 Policy with Priority 1024 is enabled Direction is outbound Action permit Traffic is self Logging is disable Source Address is any Dest Address is any Source Port is any Dest Port is any any Schedule is disabled Ftp Filter is disabled Smtp Filter is disabled Http Filter is disabled Rpc Filter is disabled Nat is disabled Bytes In 0 Bytes Out 0 14 Configure firewall policies for a group of mobi...

Page 343: ...cy with Priority 1000 is enabled Direction is inbound Action permit Traffic is transit User Group is sales Logging is disable Source Address is any Dest Address is 10 0 1 0 24 Source Port is any Dest Port is any any Schedule is disabled Ftp Filter is disabled Smtp Filter is disabled Http Filter is disabled Rpc Filter is disabled Nat is disabled Max Connections 1024 Connection Rate is disabled Poli...

Page 344: ...est Port is any any Schedule is disabled Ftp Filter is disabled Smtp Filter is disabled Http Filter is disabled Rpc Filter is disabled Nat is disabled Max Connections 1024 Connection Rate is disabled Policing is disabled Bandwidth is disabled Bytes In 11258 Bytes Out 5813 17 Test the IPSec tunnel between the VPN client and the server by passing traffic from the client to the 10 0 1 0 network 18 Af...

Page 345: ... esp aes sha1 tunl T Router show crypto ipsec sa all detail Crypto Policy name INsales Protocol is Any Local ident ip mask port 192 168 107 105 255 255 255 255 any Remote ident ip mask port 10 0 1 0 255 255 255 0 any Peer Address is 172 16 0 1 PFS Group is disabled inbound ESP sas Spi 0xf43c5e3b Transform aes256 key length 256 bits sha1 In use settings tunnel Bytes Processed 360 Hard lifetime in s...

Page 346: ...e VPN tunnel The server has a pool of ip addresses from 20 1 1 100 through 20 1 1 150 to be allocated for mode configuration enabled VPN clients The assigned IP address will be used by the VPN client as the source address in the inner IP header The outer IP header will carry the dynamic IP address assigned by the Internet Service Provider as the source address The security requirements are as foll...

Page 347: ...k type Router configure interface ethernet 0 1 message Configuring existing Ethernet interface Router configure interface ethernet 0 1 ip address 10 0 1 1 24 Router configure interface ethernet 0 1 crypto trusted Router configure interface ethernet 0 1 exit 3 Display the crypto interfaces Router show crypto interfaces Interface Network Name Type ethernet 0 1 trusted wan1 untrusted 4 Configure dyna...

Page 348: ...mic ike policy sales proposal 1 encryption algorithm 3des cbc Router configure crypto dynamic ike policy sales proposal 1 exit Router configure crypto dynamic ike policy sales client configuration Router configure crypto dynamic ike policy sales client configuration address pool 1 20 1 1 100 20 1 1 150 Router configure crypto dynamic ike policy sales client configuration exit Router configure cryp...

Page 349: ...Algorithm sha1 Authentication Mode pre shared key DH Group group1 Lifetime in seconds 86400 Lifetime in kilobytes unlimited 7 Configure dynamic IPSec policy for a group of mobile users Router configure crypto Router configure crypto dynamic Router configure crypto dynamic ipsec policy sales modecfg group Router configure crypto dynamic ipsec policy sales match address 10 0 1 0 24 Router configure ...

Page 350: ... is Automatic PFS Group is disabled Match Address Protocol is Any Source ip address ip mask port 10 0 1 0 255 255 255 0 any Destination ip address ip mask port any any any Proposal of priority 1 Protocol esp Mode Tunnel Encryption Algorithm aes256 key length 256 bits Hash Algorithm sha1 Lifetime in seconds 3600 Lifetime in Kilobytes 4608000 10 Configure firewall policies to allow IKE negotiation t...

Page 351: ...licy internet detail Policy with Priority 1000 is enabled Direction is inbound Action permit Traffic is self Logging is disable Source Address is any Dest Address is any Source Port is any Service Name is ike Schedule is disabled Ftp Filter is disabled Smtp Filter is disabled Http Filter is disabled Rpc Filter is disabled Nat is disabled Bytes In 0 Bytes Out 0 Policy with Priority 1024 is enabled ...

Page 352: ...mmand typically matches the address range configured in the dynamic IKE policy see Step 4 14 Display firewall policies in the corp map Router show firewall policy corp Advanced S Self Traffic F Ftp Filter H Http Filter R Rpc Filter N Nat Ip Nat Pool L Logging E Policy Enabled M Smtp Filter Pri Dir Source Addr Destination Addr Sport Dport Proto Action Advanced 1000 in 20 1 1 100 10 0 1 0 24 any any...

Page 353: ... Source Port is any Dest Port is any any Schedule is disabled Ftp Filter is disabled Smtp Filter is disabled Http Filter is disabled Rpc Filter is disabled Nat is disabled Bytes In 0 Bytes Out 0 Policy with Priority 1023 is enabled Direction is inbound Action permit Traffic is self Logging is disable Source Address is any Dest Address is any Source Port is any Dest Port is any any Schedule is disa...

Page 354: ... sales 192 168 107 105 SA_MATURE 2052 pre g1 3des sha1 Router show crypto ike sa all detail Crypto Policy name sales Remote ident david abc corp com Peer Address is 192 168 107 105 Transform 3des sha1 pre shared key DH Group group1 Bytes Processed 2052 State is SA_MATURE Mode is Aggressive Life Time in Sec is unlimited Life Time in Bytes is unlimited Router show crypto ipsec sa all Policy Dest IP ...

Page 355: ...ytes Processed 840 Hard lifetime in seconds 28750 Hard lifetime in kilobytes is unlimited Soft lifetime in seconds 0 Soft lifetime in kilobytes is unlimited Crypto Policy name sales Protocol is Any Local ident ip mask port 10 0 1 0 255 255 255 0 any Remote ident ip mask port 20 1 1 1 255 255 255 255 any Peer Address is 192 168 107 105 PFS Group is disabled outbound ESP sas Spi 0xcb0e23f3 Transform...

Page 356: ...CHAPTER 5 IPSEC 306 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...

Page 357: ...SIP Gateway Management Chapter 4 H 323 Gateway Management Chapter 5 Analog Voice Port Chapter 6 Digital Voice Port Chapter 7 ISDN Chapter 8 Routing and Digit Manipulation Chapter 9 VoIP Services Chapter 10 Call Admission Control Chapter 11 Management Chapter 12 Survivable Telephony ...

Page 358: ......

Page 359: ...ter which provides VoIP gateway feature VoIP gateway as like Ubigate iBG2016 provides real time two way voice communications between packet network and circuit network This system has two major functions The one is signaling conversion function and another is a media conversion function Network Architecture The network architecture in the view of Ubigate iBG2016 is shown in Figure 26 1 ...

Page 360: ...aces such as T1 E1 ISDN PRI BRI and Q SIG and analog trunk interfaces such as FXS DID FXO CAMA and E M Ubigate iBG2016 terminates the PSTN ISDN and analog trunk signals Ubigate iBG2016 acts as a VoIP gateway converting the TDM to packets and vice versa and communicates with the Call Manager using standard protocols such as SIP IP Video PhoNe Analog Phone FAX Analog Phone FAX FXS Proprietary SNMP P...

Page 361: ... a partial extension from a standard Analog Phone FAX Analog phone is the terminal to provide a generic voice call via legacy analog line FAX is the terminal to provide a fax service via legacy analog line PBX K P PBX or Key phone is the equipment to connect the in house extension calls or external calls in the legacy analog and digital method instead of IP Network method CLI Web It is the OAM int...

Page 362: ...s and Ubigate iBG2016s Generally the Ubigate iBG2016 delivers the calls to be routed to SIP to Call Manager Call Manager makes a decision on actual routing to route a call to other Ubigate iBG2016 IP Phone or other Call Manager The generic network configuration in Call Manager Interworking Mode is shown in the Figure 26 1 Figure 26 2 shows the configuration a single Call Manager exists in a headqu...

Page 363: ...not allowable even if Call Manager is normal To overcome this failure the Ubigate iBG2016 continuously monitors the status of connection to Call Manager and if a failure is detected it is automatically changed to a Survivable Telephony mode where Ubigate iBG2016 can provide basic functions without Call Manager In a Survivable Telephony mode the default call and minimum supplementary services withi...

Page 364: ... settings Figure 1 3 Example of Stand alone mode network configuration Figure 26 3 shows the stand alone mode network configuration In this network configuration a separate Call Manager and IP phone do not exist The internal call in each office headquarter and branch is made by using the legacy PBX as in the headquarter and Branch Office 2 or analog phone or Fax is directly connected to the Ubigat...

Page 365: ... interworks with other SIP network entities residing on a network in the following way Direct Connection Direct connection enables call processing without SIP registration It is used where there is no Call Manager or a proxy server directly connected to a network where signaling is executed directly among gateways without passing through Call Manager or SIP proxy server Indirect Connection via SIP...

Page 366: ...TN Signaling Ubigate iBG2016 acts as a VoIP Gateway to interconnect between legacy PSTN and VoIP network To seamless interwork with PSTN Ubigate iBG2016 support various PSTN signalings that have been used for several decades y Ubigate iBG2016 supports following PSTN signaling Analog FXS loop start ground start Analog E M wink immediate delay Analog FXO loop start ground start Analog DID Direct Inw...

Page 367: ... Codec y ITU T G 711 Pulse code modulation PCM of voice frequencies y ITU T G 711 Appendix I A high quality low complexity algorithm for packet loss concealment with G 711 y ITU T G 711 Appendix II A comfort noise payload definition for ITU T G 711 use in packet based multimedia communication systems y ITU T G 723 1 Dual rate speech coder for multimedia communications transmitting at 5 3 and 6 3 k...

Page 368: ...ages transceived from to a network entity sRTP Secure RTP sRTP is the function to encode and transceive the End to End RTP data over IP network to prevent the wiretapping of conversation IPSec IPSec function is used to encode and transceive all packet data between two nodes connected via IPSec Since both SIP H 323 signaling and RTP are a type of packet data they are transceived after being encoded...

Page 369: ...tem controls the number of digits that are stripped before the dialed string is passed to the telephony interface Digit Translation Digit translation rules are used to manipulate the calling number ANI or called number DNIS digits for a voice call or to change the numbering type of a call Translation rules are used to convert a telephone number into a different number before the call is matched to...

Page 370: ...016 system provide Call Admission Control based on Maximum Call Number per Dial Peer The Ubigate iBG2016 system provide Call Admission Control based on Physical DS0 Limitation Resource based CAC Resource based CAC mechanisms function on the outgoing Ubigate iBG2016 system The CAC decision is based on nodal information such as the state of the CPU memory and DSP channels load level The Ubigate iBG2...

Page 371: ...nfigured threshold permitting the selection of a system DSP channel load level value This feature helps ensure the quality of service of existing calls and reliability of system processes by preventing system overload caused by excessive incoming calls The feature rejects new calls with minor disruption to system users The administrator of the Ubigate iBG2016 system sets a threshold at which denia...

Page 372: ...Call Manager when a low bandwidth codec is used RFC2833 The Ubigate iBG2016 system support RFC 2833 for reliable DTMF relay The Ubigate iBG2016 system to relay DTMF tones provides a standardized means of transporting DTMF tones in Real Time Transport Protocol RTP packets according to section 3 of RFC 2833 DTMF events through SIP signaling The Ubigate iBG2016 system support NOTIFY method for DTMF r...

Page 373: ... PBX LVBO Local Voice Busy Out LVBO provides the Ubigate iBG2016 with the ability to monitor the state of various network interfaces both LAN and WAN and busy back the trunk to the PSTN interface if any of the monitored links should fail If an ISDN lines enters a LVBO state a specific fail code is sent in regard to the ISDN Inbound Call Attempt to notify a busyout status For the LVBO PSTN FXS FXO ...

Page 374: ...l Manager y Calling Line Identification CLID y Call Forward All y Call Forward Busy y Call Forward NoAnswer y Call Hold and Retrieve y Call Park y Call Pickup Group y Call Pickup Direct y Call Pickup Universal y Call Restriction by User y Call Waiting and Retrieve y Call Transfer Blind y Call Transfer Consultative y Call Forwarding to VMS All y Call Forwarding to VMS Busy y Call Forwarding to VMS ...

Page 375: ...ll Forward All y Call Forward Busy y Call Forward NoAnswer y Call Hold and Retrieve y Call Pickup Group y Call Pickup Direct y Call Pickup Universal y Call Waiting and Retrieve y Call Transfer Blind y Call Transfer Consultative y Distinctive Ring Stand Alone Mode When running in a Stand Alone mode a Ubigate iBG2016 provides the following supplementary services to the FXS subscribers connected to i...

Page 376: ...s those services for the caller s location High Availability of Voice Feature As enterprises extend their IP telephony and high value application deployments from central sites out to remote offices one of the factors considered vital in deployment is the ability to cost effectively provide backup redundancy functions at the remote branch office However the size and number of these small office si...

Page 377: ... Ubigate iBG2016 systems act as a stateless proxy server which sends and receives SIP message between IP phone and Call Manager transparently When IP Phone register to Call Manager Ubigate iBG2016 system finds the information about IP phone location and subscriber profile Ubigate iBG2016 system always checks WAN connection status between Call Manager and Ubigate iBG2016 If Ubigate iBG2016 detects ...

Page 378: ... Ubigate iBG2016 and Call Manager The Call Manager communicate across the IP network using SIP or H 323 Packets are then routed over the IP network to destination where the reverse operation is performed and thus the call is completed over the IP network bypassing the traditional toll network PSTN When Ubigate iBG2016 is in Stand alone mode a call is established across the IP network between Ubiga...

Page 379: ...upport IP phones connected to Ubigate iBG2016 is to connect Ubigate iBG2016 to the PBX or PSTN enabling the IP phones to make calls to traditional phones In this case the IP phones communicate with the Call Manager and in turn the Call Manager establishes the call to the PBX or PSTN through Ubigate iBG2016 The packets from the IP phone are then routed through DSP and delivered to the PBX or PSTN v...

Page 380: ...k Management System uses Simple Network Management Protocol SNMP to communicate with Ubigate iBG2016 systems The SNMP get and set commands can be used to configure either system and retrieve current configuration and status information These Management Systems can be located anywhere in the IP network Figure 1 6 Management using CLI GUI NMS Ubigate iBG2016 FAX Analog Phone PABX Call Manager PSTN I...

Page 381: ...d over IP network Ubigate iBG2016 supports SIP and H 323 out of VoIP Call processing protocols That is it routes calls from PSTN to SIP or H 323 section and terminates the calls incoming from SIP or H 323 network toward PSTN In addition a Ubigate iBG2016 provides a Voip call service via interwrok with SIP Proxy SIP registrar SIP Gateway SIP terminal H 323 Gatekeeper H 323 Gateway etc Figure 2 1 Ar...

Page 382: ...mmand or specify the IP address directly by host ip address command Restrictions for VoIP Bind The interfaces which you can specify as the source address of VoIP signaling and media stream via Bind command are ethernet bundle and loopback Prerequisites for VoIP Bind You must shut down the VoIP service before executing Bind command or host ip address command To execute the Bind command it is necess...

Page 383: ...rface ethernet 0 0 ip address 90 90 90 90 255 255 255 0 Configure a IP Address for an interface 4 exit Example configure interface ethernet 0 0 exit Exits the current mode 2 shutdown voip gateway This procedure should be executed first before executing the bind command or host ip address command y Configuration Steps configure terminal voip gateway shutdown exit y Detailed Steps Step Command Purpo...

Page 384: ... signaling you have to do the followings y Configuration Steps configure terminal voip gateway bind control exit y Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 voip gateway Example configure voip gateway Enters voip gateway configuration mode 3 bind control interface type num Example configure voip gateway bind control inter...

Page 385: ...nd media exit y Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 voip gateway Example configure voip gateway Enters voip gateway configuration mode 3 bind media interface type num Example configure voip gateway bind media interface ethernet 0 0 Sets source interface for media streams 4 exit Example configure voip gateway exit Ex...

Page 386: ...ure terminal voip gateway host ip address exit y Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 voip gateway Example configure voip gateway Enters voip gateway configuration mode 3 host ip address ip address Example configure voip gateway host ip address 90 90 90 90 Sets source ip address for signaling and media streams 4 exit...

Page 387: ...e but also H323 service that is the entire voip call service This section describes only the shutdown command in voip gateway configuration mode How to Enable or Disable All Voip call services The procedure to enable or disable all voip call services including SIP service is as follows If you want to terminate the current call together with stopping the service use the forced parameter y Configura...

Page 388: ...istration expire value and the interval of reattempt upon registration fail Depending on the registration status of the URI specified by gw uri command it is divided into Call Manager Inter working and Survivable Telephony mode You can make a setting which enables SIP registration in Call Manager per dial peer using register command in a dial peer configuration mode Prerequisites for Call Manager ...

Page 389: ...y retry Example configure voip gatway call server ip address ipv4 90 90 90 100 Sets the SIP Signaling IP Address of Call Manager And you can also configure transport type uri type default registration expires and retry interval 5 gw uri uri expires expires retry retry Example configure voip gateway call server gw uri test test com Set the URI where a Ubigate iBG2016 will be registered in Call Mana...

Page 390: ...CHAPTER 2 VoIP Gateway Management 336 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...

Page 391: ... common services between the endpoints through Session Description Protocol SDP Conferences are established using only the media capabilities that can be supported by all endpoints y Determines the availability of the target endpoint If a call cannot be completed because the target endpoint is unavailable SIP determines whether the called party is connected to a call already or did not answer in t...

Page 392: ...unction in one of the following roles y User agent client UAC A UAC is capable of generating a request based on some external stimulus the user clicking a button or a signal on a PSTN line and processing a response y User agent server UAS A UAS is capable of receiving a request and generating a response based on user input external stimulus the result of a program execution or some other mechanism...

Page 393: ...io and video codecs and performs call setup and clearing on both the LAN side and the switched circuit network side 2 SIP Server y Proxy server An intermediary entity that acts as both a server and a client for the purpose of making requests on behalf of other clients Proxy servers can provide functions such as authentication authorization network access control routing reliable request retransmis...

Page 394: ...the proxy server proceeds with the call using the address resulting from the location service Finally SIP request is delivered to a callee to complete a call setup After a request is sent to a redirect server the redirect server sends the location service result to a caller using the Contact header field of a response The redirect server does not participate in the call anymore Caller sends a new ...

Page 395: ...erver which in turn forwards the response to the caller The proxy server forwards the acknowledgments of both parties A session is then established between the caller and called party Real time Transfer Protocol RTP is used for the communication between the caller and the called party Figure 28 2 Figure 28 3 and Figure 28 4 illustrate the SIP works with a Proxy Server Figure 3 2 SIP Request Throug...

Page 396: ... Proxy server Figure 3 4 SIP Session Through a Proxy Server Client Server Client Server User agents User agents Proxy Redirect Server Client Response 200 OK Response 200 OK IP based network Client Server Client Server User agents User agents Proxy Redirect Server Client Ack Ack IP based network RTP ...

Page 397: ...dges receipt of the information The caller then sends a request to the device indicated in the redirection information which could be the callee or another server that forwards the request Once the request reaches the called party it sends back a response and the caller acknowledges the response RTP is used for the communication between the caller and the callee Figure 28 5 and Figure 28 6 illustr...

Page 398: ...Gateway Management 344 SAMSUNG Electronics Co Ltd Figure 3 6 SIP Request Through a Redirect Server Client Server Client Server User agents User agents Proxy Redirect IP based network Invite 302 Moved ternporarity Ack ...

Page 399: ...t PBX B which is connected to SIP gateway 2 via a T1 E1 Table 28 1 briefly describes the messages used in the call flow Figure 3 7 SIP Gateway to SIP Gateway Call Setup and Disconnect User A PBX A GWI IP Network GW2 PBX B User B 1 Setup 3 Call Proceeding 9 Alerting 1 way voice path 12 Connect 13 Connect ACK 2 way voice path 19 Disconnect 20 Release 23 Release Complete 2 INVITE 5 100 Trying 8 180 R...

Page 400: ...ceeding indicates that PBX B after receiving Setup proceeds with a call 7 Alerting SIP Gateway 2 receives Alerting from PBX B Alerting indicates that User B is ringing 8 180 Ringing SIP Gateway 2 sends 180 Ringing to SIP Gateway 1 180 Ringing indicates that a callee is located at SIP Gateway 2 and the User B is currently alerted 9 Alerting Upon receiving 180 Ringing SIP Gateway 1 sends Alerting to...

Page 401: ... SIP Gateway1 BYE request indicates the end of a session 18 Release SIP Gateway2 sends Release to PBX B Release indicates the end of a call 19 Disconnect Upon receiving BYE SIP Gateway 1 sends Disconnect to PBX A 20 Release SIP Gateway1 receives Release from PBX A 21 200 OK SIP Gateway 1 sends 200 OK to SIP Gateway 2 200 OK indicates that a session was terminated normally by BYE request 22 Release...

Page 402: ...ll Via SIP Redirect Server User A PBX A GW1 IP Network GW2 PBX B User B RS 1 Setup 2 INVITE 3 300 Multiple Choice 4 ACK 5 INVITE 6 Setup 7 Call Proceeding 8 100 Trying 9 Call Proceeding 10 Alerting 11 180 Ringing 12 Alerting 1 way Voice Path 2 way RTP channel 1 way Voice Path 13 Connect 14 200 OK 15 Connect 16 Connect ACK 17 ACK 18 Connect ACK 2 way Voice Path 2 way RTP channel 2 way Voice Path 19...

Page 403: ...ice response INVITE request indicates the call attempt from User A to User B INVITE includes the media capability of SIP Gateway1 6 Setup SIP Gateway 2 upon receiving INVITE sends Setup to PBX B 7 Call Proceeding SIP Gateway 1 sends Call Proceeding to PBX A Call Proceeding indicates that SIP Gateway1 received Setup and attempts SIP signaling call 8 100 Trying SIP Gateway 2 sends a response to INVI...

Page 404: ...s that SIP Gateway 1 received 200 OK response normally 18 Connect ACK SIP Gateway 2 sends Connect ACK from PBX B 19 Disconnect If a subscriber hangs up the phone SIP Gateway 2 receives Disconnect from PBX B 20 BYE SIP Gateway 2 sends BYE request to SIP Gateway1 BYE request indicates the end of a session 21 Disconnect Upon receiving BYE SIP Gateway2 sends Disconnect to PBX A 22 Release Sends a Rele...

Page 405: ...ord Route Enabled User A PBX A GW1 IP Network GW2 PBX B User B Proxy Server 1 Setup 2 INVITE 3 Call Proceeding 1 way Voice Path 2 way RTP channel 1 way Voice Path 13 Connect 2 way Voice Path 2 way RTP channel 2 way Voice Path 21 Disconnect 23 BYE 24 Disconnect 25 Release 26 Release 27 200 OK 29 Release Complete 30 Release Complete 4 INVITE 5 100 Trying 6 Setup 7 100 Trying 8 Call Proceeding 9 Aler...

Page 406: ... server Gateway 2 sends Setup to PBX B 7 100 Trying Upon receiving INVITE from a proxy server SIP Gateway 2 replies with 100 Trying 8 Call Proceeding SIP Gateway 2 receives Call Proceeding from PBX B 9 Alerting SIP Gateway 2 receives Alerting from PBX B 10 180 Ringing Upon receiving Ringing SIP Gateway 2 sends 180 Ringing to a proxy server 180 Ringing indicates that a callee is located at SIP Gate...

Page 407: ...ect from PBX B 22 BYE SIP Gateway 2 sends BYE request to a Proxy server BYE request indicates the end of a session 23 BYE Proxy Server 2 sends Bye Request to SIP Gateway 1 24 Disconnect Upon receiving BYE SIP Gateway 1 sends Disconnect to PBX A 25 Release Receives a Release in regard to Disconnect 26 Release Receives a Release in regard to Disconnect 27 200 OK SIP Gateway 1 sends 200 OK to Proxy S...

Page 408: ...ges and interaction with SIP proxies The gateway can redirect an unanswered call to another SIP gateway or SIP enabled IP phone In addition the gateway supports proxy routed calls y Support for SIP over TCP and User Datagram Protocol UDP y Support RTP RTCP for media transport in VoIP networks y Support for the following codecs G711ulaw G711alaw G723 G726 32 G729 y Support for record route headers ...

Page 409: ...nal Responses in SIP 4 RFC3265 SIP Specific Event Notification 5 RFC3311 The SIP UPDATE Method 6 RFC3323 A Privacy Mechanism for the SIP 7 RFC3325 Private Extensions to the SIP for Asserted Identity within Trusted Networks 8 RFC3326 The Reason Header Field for the SIP 9 RFC3515 The SIP Refer Method 10 RFC3665 SIP Basic Call Flow Examples 11 RFC3666 SIP Public Switched Telephone Network PSTN Call F...

Page 410: ...ess for media stream as well You can specify the interface by Bind command or specify the IP address directly by host ip address command Restrictions for SIP Bind The interfaces which you can specify as the source address of SIP signaling and media stream via Bind command are ethernet bundle and loopback Prerequisites for SIP Bind You must shut down the VoIP service before executing Bind command o...

Page 411: ...rface ethernet 0 0 ip address 90 90 90 90 255 255 255 0 Configure a IP Address for an interface 4 exit Example configure interface ethernet 0 0 exit Exits the current mode 2 shutdown voip gateway This procedure should be executed first before executing the bind command or host ip address command y Configuration Steps configure terminal voip gateway shutdown exit y Detailed Steps Step Command Purpo...

Page 412: ...signaling you have to do the followings y Configuration Steps configure terminal voip gateway bind control exit y Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 voip gateway Example configure voip gateway Enters voip gateway configuration mode 3 bind control interface type num Example configure voip gateway bind control interf...

Page 413: ...nd media exit y Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 voip gateway Example configure voip gateway Enters voip gateway configuration mode 3 bind media interface type num Example configure voip gateway bind media interface ethernet 0 0 Sets source interface for media streams 4 exit Example configure voip gateway exit Ex...

Page 414: ...re terminal voip gateway host ip address exit y Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 voip gateway Example configure voip gateway Enters voip gateway configuration mode 3 host ip address ip address Example configure voip gateway host ip address 90 90 90 90 Sets source ip address for signaling and media streams 4 exit ...

Page 415: ... ip address command And the default domain name to be used in SIP signaling should already be set using host domain name command How to Configure Default domain name To specify the default domain name to be used in SIP signaling follow the procedure below y Configuration Steps configure terminal voip gateway host domain name exit y Detailed Steps Step Command Purpose 1 configure terminal Example c...

Page 416: ...t only sip service but also H323 service that is the entire voip call service 1 shutdown in voip gateway configuration mode The procedure to enable or disable all voip call services including SIP service is as follows y Configuration Steps configure terminal voip gateway no shutdown forced exit y Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global conf...

Page 417: ... 1 configure terminal Example configure terminal Enters global configuration mode 2 voip gateway Example configure voip gateway Enters voip gateway configuration mode 3 sip ua Example configure voip gateway sip ua Enters sip ua configuration mode 4 no shutdown forced Example configure voip gatway sip ua no shutdown Shuts down or enables voip call services 5 exit Example configure voip gateway sip ...

Page 418: ...al of reattempt upon registration fail Depending on the registration status of the URI specified by gw uri command it is divided into Call Manager Inter working and Survivable Telephony mode You can make a setting which enables SIP registration in Call Manager per dial peer using register command in a dial peer configuration mode Prerequisites for Call Manager Configurations For interworking with ...

Page 419: ...ry Example configure voip gatway call server ip address ipv4 90 90 90 100 Sets the SIP Signaling IP Address of Call Manager And you can also configure transport type uri type default registration expires and retry interval 5 gw uri uri expires expires retry retry Example configure voip gateway call server gw uri sip ibg2016 samsung com Set the URI where a Ubigate iBG2016 will be registered in Call...

Page 420: ...dial peer voice pots voip tag Example configure dial peer voice pots 11 Enters POTS dial peer configuration mode 3 destination pattern dest pattern Example configure dial peer voice pots 11 dest pattern 1234 Sets a destination pattern 4 register e164 register uri uri Example configure dial peer voice pots 11 register e164 Configure gateway to register fully qualified destination pattern of dial pe...

Page 421: ...l Manager Inter working mode or Survivable Telephony mode To set SIP proxy first you must cancel the call server setting using no call server ip address command This changes the operation mode to Stand Alone mode How to Configure SIP Proxy You can set the SIP Proxy in the following way y Configuration Steps configure terminal voip gateway sip ua sip server exit exit y Detailed Steps Step Command P...

Page 422: ... exit Exits the current mode 6 exit Example configure voip gateway exit Exits the current mode How to Configure Dial Peer for Call Routing To send calls to SIP proxy for the destination number of a given pattern set a dial peer in the following way y Configuration Steps configure terminal dial peer destination pattern session target exit y Detailed Steps Step Command Purpose 1 configure terminal E...

Page 423: ...e current mode Configuring SIP Registrar This section describes how to set the SIP Registrar used in a Stand Alone mode Together with SIP Registrar setting you can register POTS dial peer to each SIP Registrar using a register command in a POTS dial peer configuration mode Restrictions for SIP Registrar You can set SIP Registrar only when Call Manager is not set already You cannot set SIP Registra...

Page 424: ...igure voip gateway Enters voip gateway configuration mode 3 sip ua Example configure voip gateway sip ua Enters sip ua configuration mode 4 registrar ip address ip addr udp tcp tls sip sips expires expires retry retry Example configure voip gateway sip ua registrar ip address ipv4 90 90 90 100 Sets the SIP Signaling IP Address of SIP Registrar And you can also configure transport type uri type reg...

Page 425: ...e 2 dial peer voice pots voip tag Example configure dial peer voice pots 11 Enters POTS dial peer configuration mode 3 destination pattern dest pattern Example configure dial peer voice pots 11 dest pattern 1234 Sets a destination pattern 4 register e164 register uri uri Example configure dial peer voice pots 11 register e164 Configure gateway to register fully qualified destination pattern of dia...

Page 426: ...empted based on the contact header of a response message Otherwise the call processing fails In addition the number of redirect response processing times can be limited using the max redirects command in a dial peer configuration mode How to Configure SIP Redirect Processing You can enable or disable the SIP redirect response processing in the following way The default setting is disable y Configu...

Page 427: ...edirects exit y Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 dial peer voice pots voip tag Example configure dial peer voice voip 100 Enters VoIP dial peer configuration mode 3 max redirects count Example configure dial peer voice voip 100 max redirects 3 Sets the maximum count for SIP redirect response handling 4 exit Examp...

Page 428: ...or an operator to change the mapping is also provided You can change the mapping using set pstn cause command and set sip status command You can check the current mapping table settings using the show sip ua maps command Restrictions for PSTN Cause Code Mapping Using the command described above you can change the existing inter code mapping not create a new code Default Mapping y Default PSTN Caus...

Page 429: ...ary failure 503 Service unavailable 42 Switching equipment congestion 503 Service unavailable 47 Resource unavailable 503 Service unavailable 55 Incoming class barred within Closed User Group CUG 403 Forbidden 57 Bearer capability not authorized 403 Forbidden 58 Bearer capability not presently available 501 Not implemented 65 Bearer capability not implemented 501 Not implemented 79 Service or opti...

Page 430: ...erworking unspecified 406 Not acceptable 127 Interworking unspecified 407 Proxy authentication required 21 Call rejected 408 Request timeout 102 Recover on Expires timeout 409 Conflict 41 Temporary failure 410 Gone 1 Unallocated number 411 Length required 127 Interworking unspecified 413 Request entity too long 127 Interworking unspecified 414 Request URI URL too long 127 Interworking unspecified ...

Page 431: ...8 Not acceptable here 127 Interworking unspecified 500 Internal server error 41 Temporary failure 501 Not implemented 79 Service or option not implemented 502 Bad gateway 38 Network out of order 503 Service unavailable 63 Service or option unavailable 504 Gateway timeout 102 Recover on Expires timeout 505 Version not implemented 127 Interworking unspecified 580 Precondition Failed 47 Resource unav...

Page 432: ...lobal configuration mode 2 voip gateway Example configure voip gateway Enters voip gateway configuration mode 3 sip ua Example configure voip gateway sip ua Enters sip ua configuration mode 4 set pstn cause cause sip status code Example configure voip gateway sip ua set pstn cause 1 sip status 404 Changes pstn cause code to sip status code mapping 5 exit Example configure voip gateway sip ua exit ...

Page 433: ...rs global configuration mode 2 voip gateway Example configure voip gateway Enters voip gateway configuration mode 3 sip ua Example configure voip gateway sip ua Enters sip ua configuration mode 4 set sip status code pstn cause cause Example configure voip gateway sip ua set sip status 404 pstn cause 1 Changes sip status code to pstn cause code mapping 5 exit Example configure voip gateway sip ua e...

Page 434: ... contrary it is possible to control whether when Ubigate iBG2016 sends a 18x provisional response including SDP to send 180 or 183 response or send it together with SDP by using the alert cut through command How to Configure 180 Provisional Response Handling You can set the method of handling 180 provisional response where SDP is included in the following way y Configuration Steps configure termin...

Page 435: ...voip gateway sip ua exit Exits the current mode 6 exit Example configure voip gateway exit Exits the current mode How to Configure Early Media Cut through You can set the Early media cut through method in the following way y Configuration Steps configure terminal voip gateway sip ua alert cut through exit exit y Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal En...

Page 436: ...ow to enable the SIP Session Timer feature For the established session SIP Session Timer feature periodically updates the session via re INVITE or UPDATE method If no reply is received in response to re INVITE or UPDATE for session updating or an error response is received the session is closed by sending BYE method A session is also closed when the session is not updated within the mutually negot...

Page 437: ...n se exit y Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 voice service sip Example configure voice service sip Enters SIP Service configuration mode 3 no min se duration Example configure voice service sip min se 300 Sets the minimum session expires default value 90 seconds no mean disabling this feature 4 Exit Example confi...

Page 438: ...PSTN How to Configure Reason Header Support You can enable the reason header function as follows The default setting does not support a reason header y Configuration Steps configure terminal voip gateway sip ua reason header override exit exit y Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 voip gateway Example configure voip...

Page 439: ... to the response the originating side cannot hear announcement To complement this an additional method called PRACK is used to ensure reliability of Provisional response Ubigate iBG2016 supports this function by default or it can disable or forcibly provide the function Restrictions for Reliable Provisional Response Reliable Provisional Response feature is available only when both originating side...

Page 440: ...ay This section describes how to set the method of delivering DTMF tone via SIP signaling To relay DTMF tone Ubigate iBG2016 supports the 4 methods as follows y inband y rtp nte y sip notify y sip info The inband method delivers DTMF to a voice path without separate processing In this case a distortion may occur due to loss of RTP packets The rtp nte method delivers DTMF tone via RTP according to ...

Page 441: ...he end of the DTMF event Thus the duration parameter in this final NOTIFY message measures the complete duration of the event R Reserved unused In RFC2833 unused corresponds to the volume field but is not used in NOTIFY based out of band DTMF relay duration Duration of the DTMF event in milliseconds On SIP INFO method use application dtmf relay content type header contain signal and duration attri...

Page 442: ...gure terminal Example configure terminal Enters global configuration mode 2 voip gateway Example configure voip gateway Enters voip gateway configuration mode 3 sip ua Example configure voip gateway sip ua Enters sip ua configuration mode 4 dtmf relay inband rtp nte sip info sip notify Example configure voip gateway sip ua dtmf relay sip info Specifies how to relay DTMF tone between telephony inte...

Page 443: ... peer configuration mode 3 no dtmf relay inband rtp nte h245 alphanumeric sip info sip notify Example configure dial peer voice voip 100 dtmf relay sip info Specifies how to relay DTMF tone between telephony interface and IP network 4 Exit Example configure dial peer voice voip 100 exit Exits the current mode Configuring ISDN Suspend Resume Support This section describes how to set the function in...

Page 444: ...ommand Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 voip gateway Example configure voip gateway Enters voip gateway configuration mode 3 sip ua Example configure voip gateway sip ua Enters sip ua configuration mode 4 no suspend resume Example configure voip gateway sip ua suspend resume Enables or Disables ISDN Suspend Resume support 5 exit Example con...

Page 445: ...ial Peer of SIP type How to Configure QSIG Tunneling You can enable the QSIG Tunneling function in VoIP Dial Peer of SIP type in the following way y Configuration Steps configure terminal dial peer sip class qsig tunneling exit y Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 dial peer voice pots voip tag Example configure dia...

Page 446: ...for SIP MWI Feature The MWI feature of Ubigate iBG2016 via interworking with MWI server only notifies if a waiting message exists via audible or visible indication but does not provide the Call redirection to the voice mail server when the line is busy or there is no answer function How to Configure SIP MWI Server You can set the SIP MWI Server in the following way y Configuration Steps configure ...

Page 447: ... exit Example configure voip gateway sip ua exit Exits the current mode 6 exit Example configure voip gateway exit Exits the current mode How to Configure Voice Port for SIP MWI You can set MWI function in FXS phone in the following way y Configuration Steps configure terminal voice port mwi exit y Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global co...

Page 448: ...change them to what configured To change the calling information for PSTN to SIP call forcibly you can make a setting using a calling info pstn to sip command and to change the calling information for SIP to PSTN call forcibly you can make a setting using a calling info sip to pstn command Restrictions for Calling Info Feature This configuration affect all SIP inbound and outbound call So be caref...

Page 449: ...y configuration mode 3 sip ua Example configure voip gateway sip ua Enters sip ua configuration mode 4 no calling info pstn to sip unscreened discard name name string number number Example configure voip gateway sip ua calling info pstn to sip number 7778888 Sets the calling info for pstn to sip call 5 exit Example configure voip gateway sip ua exit Exits the current mode 6 exit Example configure ...

Page 450: ...e configure terminal Enters global configuration mode 2 voip gateway Example configure voip gateway Enters voip gateway configuration mode 3 sip ua Example configure voip gateway sip ua Enters sip ua configuration mode 4 no calling info sip to pstn unscreened discard name name string number number Example configure voip gateway sip ua calling info sip to pstn number 7778888 Sets the calling info f...

Page 451: ...ity Monitoring Feature This feature is available only when SIP remote entity can generate response which is positive or negative to OPTIONS request If SIP entity ignore OPTIONS request and make no response its status is always abnormal and it never receive call from iBG How to Configure SIP Entity Monitoring Feature You can enable or disable SIP entity monitoring feature in the following way y Con...

Page 452: ...mon duration duration seconds retry retry seconds Example configure voip gateway sip ua peer mon duration 200 retry 30 Enables or Disables SIP entity monitoring feature 5 exit Example configure voip gateway sip ua exit Exits the current mode 6 exit Example configure voip gateway exit Exits the current mode ...

Page 453: ...Protocol SIP stack by default max forwards SIP Service Specify the Max Forwards Header value to used in the request message no answer timer SIP Service Specify the timer value to specify the interval from the receipt of 1xx response to 2xx response message registrar local service expires SIP Service Specify the allowable expires header value of a REGISTER message when it runs as a register in a Su...

Page 454: ...s Authorization Token to a request Upon receiving the request where Authorization Token is added SIP server verifies the authorization token using the shared information Via this verification procedure SIP server authenticates SIP clients Restrictions for HTTP Authentication Digest HTTP Authentication Digest follows the Digest procedure of RFC 2617 HTTP authentication Basic and Digest Access Authe...

Page 455: ... peer voice pots voip tag Example configure dial peer voice pots 11 Enters POTS dial peer configuration mode 3 authentication username username password password Example configure dial peer voice pots 11 authentication username 1001 password 12345678 Configure a user name and password for a POTS dial peer 4 exit Example configure dial peer voice pots 11 exit Exits the current mode ...

Page 456: ...ed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 voip gateway Example configure voip gateway Enters voip gateway configuration mode 3 sip ua Example configure voip gateway sip ua Enters sip ua configuration mode 4 authentication username username password password realm realm Example configure voip gateway sip ua authentication userna...

Page 457: ... perform system global configuration for SIP URI with TLS transport in the following way y Configuration Steps configure terminal voice service sip uri transport exit y Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 voice service sip Example configure voice service sip Enters SIP Service configuration mode 3 uri sip sips Examp...

Page 458: ...Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 dial peer voice pots voip tag Example configure dial peer voice voip 100 Enters VoIP dial peer configuration mode 3 sip class uri sip sips Example configure dial peer voice voip 100 sip class uri sips Specifies SIP URI type 4 session transport udp tcp tls Example configure dial peer voice voip 100 se...

Page 459: ...on Before specifying a certificate and private key to POTS Dial peer a certificate and private key should be saved in the file system of Ubigate iBG2016 in a PEM format How to Configure S MIME Support You can specify the certificate and private key to a desired dial peer where S MIME will be used in the following way y Configuration Steps configure terminal dial peer voice pots smime exit y Detail...

Page 460: ...To use this SRTP it is necessary to specify crypto suite to a dial peer where SRTP will be used y Configuration Steps configure terminal dial peer srtp crypto exit y Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 dial peer voice pots voip tag Example configure dial peer voice voip 100 Enters VoIP dial peer configuration mode 3...

Page 461: ... the SIP feature of Ubigate iBG2016 Using show commands You can use the show command commands as follows to confirm or see the current status of the SIP feature settings show sip ua service Shows the sip service status The service status is up or down Example show sip ua service SIP Service is up show sip ua operation mode Shows the operation mode The operation mode is one of Call Manager interwor...

Page 462: ...ws the SIP Proxy settings Example show sip ua sip server proxy type is Call Manager host ip is ipv4 90 90 90 100 tranport is system port is used system configuration expires is 3600 uri type is system show sip ua registration Shows the registration status of Ubigate iBG2016 and each dial peer Example show sip ua registeration line peer expires registered Call Server 30 yes sip 90 90 90 100 2300 11...

Page 463: ...ed mwi server is not configured SIP timer T1 500 SIP timer T2 4000 SIP timer T4 5000 peer monitoring OPTIONS duration time 3600 peer monitoring OPTIONS retry time 200 minimum session timer 90 sip ua default dtmf relay RTP NTE sip ua default transport udp sip ua default uri type sip sip ua default udp port 5060 sip ua default tcp port 5060 sip ua default tls port 5061 sip ua default max forwards 50...

Page 464: ...e Normal Mode voip fallback survivable system message Survivable Mode show sip ua calls Shows the status of SIP calls in progress Example show sip ua calls SIP CALL CTXID 1 SIP CALLID AAFfkD4bDhsAAAAAAAAAAA 10 254 167 249 CALL STATES PIC_T_Active FROM sip 2301 samsung com tag 7267517 TO sip 2302 samsung com tag 7267170 SOURCE ADDRESS udp 10 254 167 249 0 DESTINATION ADDRESS udp 10 254 167 244 0 ME...

Page 465: ... ID CODEC g711u RTP LOCAL ADDRESS 10 10 10 10 16386 RTP REMOTE ADDRESS 10 10 10 10 16388 DTMF PAYLOAD TYPE 101 TOTLA NUMBER 2 show sip ua connections Shows the SIP connection status It shows the connection status per the transport type of UDP TCP and TLS show sip ua connections udp UDP CONNECTION INFO No Local Address Remote Address Status 0 10 254 167 249 5060 Listen 1 10 254 167 249 5060 10 254 ...

Page 466: ...e sent or received debug sip log Command to view the SIP message You can display messages by filtering them with calling number or called number debug sip vcc Displays the debugging messages of SIP call processing task debug sip stack Displays the debugging messages of SIP Stack level debug sip dump req Displays SIP message s request and response line debug sip dump msg Displays SIP messages ...

Page 467: ...l Statistics Conformance H 323 gateway basically follows the recommendations below Table 4 1 Standards Standards Title ITU T H 323 Version4 Packet based multimedia communications systems ITU T H 225 Call signalling protocols and media stream packetization for packet based multimedia communication systems ITU T H 245 Control protocol for multimedia communication ITU T E 164 Overall network operatio...

Page 468: ...lling depending on the call model supported by a gatekeeper This section will discuss how Ubigate iBG2016 performs a call setup procedure in dial peer depending on the registered information session target The H 225 0 SETUP message from the H 323 Endpoint registered as a session target on dial peer follows the call procedure illustrated in Figure 29 1 In this case call setup is done regardless of ...

Page 469: ...red in a gatekeeper the H 225 0 SETUP message from the H 323 Endpoint not registered as a session target on dial peer reject calls as in Figure 29 2 Figure 4 2 Call Setup from a unknown H 323 Endpoint no Gatekeepers RelaseComplete iBG2016 a known H 323 endpoint Call Signalling Messages RAS Messages SETUP ...

Page 470: ...d as a session target on dial peer follows the call procedure illustrated in Figure 29 3 Figure 29 3 shows the case where a gatekeeper uses a Direct Call Signalling method Figure 4 3 Call Setup from a unknown H 323 Endpoint with Gatekeeper CallProceeding iBG2016 a known H 323 endpoint Call Signalling Messages RAS Messages SETUP ARQ ACF Alerting or Progress Connect Gatekeeper ...

Page 471: ...ssage from gatekeeper follows the call procedure illustrated in Figure 29 4 Figure 29 4 shows the case where a gatekeeper usually uses a Gatekeeper Routed Call Signalling Figure 4 4 Call Setup from Gatekeeper CallProceeding iBG2016 H 323 endpoint Call Signalling Messages RAS Messages SETUP ARQ ACF Alerting or Progress Connect Gatekeeper SETUP ...

Page 472: ...225 0 SETUP message sent from H 323Gateway follows the call procedure illustrated in Figure 29 5 In this case call setup is done regardless of the existence of the gatekeeper to interwork over H 323 network Figure 4 5 Call Setup to a known H 323 Endpoint CallProceeding iBG2016 a known H 323 endpoint Call Signalling Messages RAS Messages Alerting or Progress Connect Gatekeeper SETUP ...

Page 473: ...ge sent from H 323 gateway follows the call procedure illustrated in Figure 29 6 Figure 29 6 shows the case where a gatekeeper usually uses a Gatekeeper Routed Call Signalling Figure 4 6 Call Setup to a Gatekeeper CallProceeding iBG2016 H 323 endpoint Call Signalling Messages RAS Messages SETUP ARQ ACF Alerting or Progress Connect Gatekeeper SETUP ...

Page 474: ...ion Attempt Time Point Related CLI Remarks Time when primary gatekeeper information is set gatekeeper gatekeeper name When H 323 Service is already running When H 323 Service becomes up no shutdown h323 gateway configuration mode When primary gatekeeper information is already set The time points when H 323 gateway attempts unregistration from a gatekeeper are as follows Table 4 3 RAS UnRegistratio...

Page 475: ...from the flowchart Figure 4 7 RAS Registration Procedure start current gatekeeper is primary gatekeeper send full RRQ to current gatekeeper recv RCF recv RRJ is the reason disc overy Required chosen recv GCF send lightweight RRQ to current gatekeeper is the current gatekeeper primary gatekeeper current gatekeeper is secondary gatekeeper yes no yes yes yes send GRQ to current gatekeeper no no no ye...

Page 476: ... H 323 gateway is cleared y AltGKInfo in GRJ Messages The alternative gatekeeper list currently managed by H 323 gateway is replaced by the list in this field H 323 gateway selects a gatekeeper with high priority out of the list to perform the RAS registration procedure If no response is received from the selected gatekeeper it selects the gatekeeper with the next higher priority to perform the RA...

Page 477: ...g priority When a H 323 call occurs from a Ubigate iBG2016 the codec list or a single codec related to the selected dial peer is delivered to a remote H 323 endpoint via H 245 Terminal Capability Set message When a call is received from H 323 endpoint the codec list or a single codec related to the selected dial peer is also delivered to a remote H 323 endpoint via H 245 Terminal Capability Set me...

Page 478: ...hook off Æ A and C are connected B in Hold status Æ A does hook on Æ Call between B and C is made H 323 party cannot be other party A C than B party any configuration is not needed Call Hold Retrieve While A and B are busy if A presses a hook flash B turns to a hold status and if A presses a hook flash again B is retrieved H 323 party cannot be other party A than B party any confiquration is not n...

Page 479: ... enter the command described in Table 29 5 in a privileged EXEC mode Table 4 5 H 323 Call Statistics Command Command Description show h323 gateway h225 Accumulated data per H 225 0 CS message transceived by H 323 gateway after Ubigate iBG2016 is booted show h323 gateway h245 Accumulated data per H 245 message transceived by H 323 gateway after Ubigate iBG2016 is booted show h323 gateway ras Accumu...

Page 480: ...45 ras all Shows the ASN 1 information and the encoded messages of the following messages in hexadecimal number h225 H 225 0 Call Signalling Message h245 H 245 Message ras H 225 0 RAS Message debug h323 vcc in out all deb0 deb1 deb2 info all For the H 323 calls in progress the following information is displayed deb0 H 323 Message send and received deb1 Internal Call Control Message and Call State ...

Page 481: ...rs Proxies to interwork with y Establishing a network plan for the requirements and features of VoIP network where H 323 gateway belongs y Establishing a Call Routing Plan on H 323 Network Configuring H 323 Bind This section describes the H 323 bind feature With this feature you can specify the source address of H 323 signaling and the source address for media stream as well You can specify the in...

Page 482: ...xit y Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 Interface type number Example configure interface Ethernet 0 0 Enters interface configuration mode to configure specific interface 3 ip address ip_address subnet_mask Example configure interface ethernet 0 0 ip address 90 90 90 90 255 255 255 0 Configures a IP Address for an...

Page 483: ... configure terminal voip gateway shutdown exit y Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 voip gateway Example configure voip gateway Enters voip gateway configuration mode 3 shutdown forced Example configure voip gateway shutdown forced Shutdowns voip call services 4 exit Example configure interface ethernet 0 0 exit Ex...

Page 484: ... control exit y Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 voip gateway Example configure voip gateway Enters voip gateway configuration mode 3 bind control interface type num Example configure voip gateway bind control interface ethernet 0 0 Sets source interface for signaling 4 exit Example configure voip gateway exit Ex...

Page 485: ...nd media exit y Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 voip gateway Example configure voip gateway Enters voip gateway configuration mode 3 bind media interface type num Example configure voip gateway bind media interface ethernet 0 0 Sets source interface for media streams 4 exit Example configure voip gateway exit Ex...

Page 486: ...ure terminal voip gateway host ip address exit y Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 voip gateway Example configure voip gateway Enters voip gateway configuration mode 3 host ip address ip address Example configure voip gateway host ip address 90 90 90 90 Sets source ip address for signaling and media streams 4 exit...

Page 487: ...e two ways of enabling or shutting down H 323 service One uses a shutdown command in voip gateway configuration mode the other one uses a shutdown command in h323 gateway configuration mode The shutdown command in a h323 gateway configuration mode enables or disables only the h 323 service and the shutdown command in a voip gateway configuration mode enables or disables not only H 323 service but ...

Page 488: ...inal Example configure terminal Enters global configuration mode 2 voip gateway Example configure voip gateway Enters voip gateway configuration mode 3 no shutdown forced Example configure voip gateway no shutdown Shuts down or enables voip call services 4 Exit Example configure voip gateway exit Exits the current mode 2 shutdown in h323 gateway configuration mode The procedure to enable or disabl...

Page 489: ... voip gateway Enters voip gateway configuration mode 3 h323 gateway Example configure voip gateway h323 gateway Enters h323 gateway configuration mode 4 no shutdown forced Example configure voip gatway h323 gateway no shutdown Shuts down or enables H 323 services 5 exit Example configure voip gateway h323 gateway exit Exits the current mode 6 exit Example configure voip gateway exit Exits the curr...

Page 490: ...ateway should be set normally y Indirect Connection where H 323 gateway is managed by a gatekeeper How to Configure Basic H 323 Services To set a configuration enabling H 323 gateway to perform a basic call processing it should be done in a dial peer voice voip configuration mode in the following way y Configuration Steps configure terminal dial peer voice voip destination pattern session protocol...

Page 491: ... When the timer T character is included at the end of the destination pattern the router collects dialed digits until the interdigit timer expires 5 seconds by default or until you dial the termination character the default is The timer character must be a capital T 4 session protocol h323 sip Example configure dial peer voice voip 100 session protocol h323 A session protocol for calls between loc...

Page 492: ...mple configure dial peer voice 100 voice class h323 100 Tag value of the voice class created using voice class h323 command 8 exit Example configure dial peer voice 100 exit Exits the current mode Configuring RAS This section describes the configuration necessary for H 323 gateway to perform RAS Signalling with a gatekeeper Since this configuration is essential in the Indirect Connection mode wher...

Page 493: ...command where you must enter the information of the gatekeeper to interwork directly and the other one is gatekeeper name command where you enter the gatekeeper information named by voip peer command You can register or unregister H 323 gateway in from a gatekeeper in the following way 1 RAS registration or unregistration using gatekeeper ip address command y Configuration Steps configure terminal...

Page 494: ...k1 samsung com defines H 323 identification of the gatekeeper that H 323 gateway will be register with 6 no gatekeeper ip address ipv4 ip address ipv6 ip address port primary secondary Example configure voip gateway h323 gateway gatekeeper ip address ipv4 192 168 10 200 1719 primary defines the location of the gatekeeper if no flag is not used this command causes RAS registration if no flag is use...

Page 495: ...led Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 voip peer peer name h323 sip Example configure voip peer pri gatekeeper h323 Enters voip peer configuration mode 3 ip address ipv4 ip address port ipv6 ip address port dns hostname port Example configure voip peer pri gatekeeper h323 ip address ipv4 10 254 10 200 1719 specifies ip addr...

Page 496: ...onfigure voip gateway h323 gateway gatekeeper id gk1 samsung com defines H 323 identification of the gatekeeper that H 323 gateway will be register with 9 no gatekeeper name peer name primary secondary Example configure voip gateway h323 gateway gatekeeper name gk samsung com pri gatekeeper primary specifies peer name registered using voip peer command if no flag is not used this command causes RA...

Page 497: ...ut and retry count values for each RAS message is as follows y Configuration Steps configure terminal voice service h323 ras timeout ras retry exit y Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 voice service h323 Example configure voice service h323 Enters voice service h323 configuration mode 3 ras timeout all arq drq grq ...

Page 498: ...t RRQ message counter urq Unregistration Request URQ message counter value How long the gateway waits for a message from the gatekeeper before timing out in seconds Range 1 to 30 4 ras retry all arq drq grq rai rrq urq value Example configure voice service h323 ras retry rrq 5 Sets RAS retry conditions Keywords are as above The argument is as follows value Number of times that the gateway resends ...

Page 499: ...and changes the status to a unregistration status You can set the TimeToLive value to RRQ message in the following way y Configuration Steps configure terminal voice service h323 ras rrq ttl exit y Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 voice service h323 Example configure voice service h323 Enters voice service h323 c...

Page 500: ...mmand Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 voice class codec tag Example configure voice class codec 100 Enters voice class configuration mode and assigns an identification tag number for a codec voice class The tag argument is the unique number assigned to the voice class Range 1 to 10000 3 codec preference value g711alaw g711ulaw g723r53 g72 ...

Page 501: ...00 Enters dial peer configuration mode for the VoIP peer designated by tag 6 voice class codec tag Example configure dial peer voice voip 1000 voice class codec 100 Assigns a previously configured codec selection preference list codec voice class to the VoIP dial peer designated by tag Range 1 to 10000 Maps to the tag number created using the voice class codec command 7 exit Example configure dial...

Page 502: ...ackets The rtp nte method delivers DTMF tone via RTP according to RFC 2833 RTP Payload for DTMF Digits Telephony Tones and Telephony Signals The h245 alphanumeric method delivers DTMF tone via H 245 UserInputIndication message The queued digits method delivers DTMF tone as RTP packets according to RFC 2833 and Queued Digits are supported for analog FXS subscribers How to Configure H 323 DTMF Relay...

Page 503: ... h323 dtmf relay h245 alphanumeric Specifies how to relay DTMF tone between telephony interface and H 323 network inband DTMF is sent together with general voice stream rtp nte DTMF is sent unsing the voice stream according to the RFC2833 recommendation h245 alphanumeric DTMF is sent using H 245 UserInputIndication alphanumeric message queued digits DTMF is sent using the voice stream according to...

Page 504: ... inband rtp nte h245 alphanumeric queued digits Example configure dial peer voice voip 100 dtmf relay h245 alphanumeric Specifies how to relay DTMF tone between telephony interface and IP network inband DTMF is sent together with general voice stream rtp nte DTMF is sent unsing the voice stream according to the RFC2833 recommendation h245 alphanumeric DTMF is sent using H 245 UserInputIndication a...

Page 505: ...ce h323 voice class h323 h225 call start Specifies the H 323 call setup method O O h225 early h245 Specifies whether to perform the normal H 245 procedure before or after CONNECT message O O h225 h245 tunnel Specifies the H 245 Tunnelling support O O h225 T301 Maximum time to wait for CONNECT or RELCOMP message after receiving ALERT message O O h225 T303 Maximum time to wait for CALLPROCEEDING or ...

Page 506: ...xit y Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 voice service h323 Example configure voice service h323 Enters voice service h323 configuration mode 3 h225 call start fast slow Example configure voice service h323 h225 call start fast Specifies how to setup H323 call 4 exit Example configure voice service h323 exit Exits ...

Page 507: ...xit y Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 voice service h323 Example configure voice service h323 Enters voice service h323 configuration mode 3 h225 early h245 on off Example configure voice service h323 h225 early h245 on Specifies whether early H245 procedure should be implemented during call signalling 4 exit Ex...

Page 508: ... Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 voice service h323 Example configure voice service h323 Enters voice service h323 configuration mode 3 h225 h245 tunnel on off Example configure voice service h323 h225 h245 tunnel on Specifies whether h245 tunneling method will be supported during call signaling 4 exit Example c...

Page 509: ...y Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 voice service h323 Example configure voice service h323 Enters voice service h323 configuration mode 3 h225 call response alert progress Example configure voice service h323 h225 call response progress Specifies which message to be send in response to H 225 0 SETUP message 4 exi...

Page 510: ...tings show h323 gateway service Shows the H 323 service status The service status is up or down Example show h323 gateway service H 323 service is up show h323 gateway status It shows the information of a server port of H 323 gateway Example show h323 gateway status H 323 Server Port Configuration H 225 0 Call Signalling Port 1720 H 225 0 RAS Signalling Port 1719 H 245 Server Port Range 32768 3302...

Page 511: ... off call response alert t301 180 t303 15 ras rrq ttl 60 msg retry timeout all 2 3 arq 2 5 drq 2 3 grq 2 5 rrq 2 3 rai 2 3 urq 1 3 show h323 gateway registration It shows the gatekeeper registration of H 323 gateway Example show h323 gateway registration H323 ID ibg samsung com Primary gatekeeper information is configured as below Gatekeeper ID GK1 IP address 10 254 139 50 RAS port 1719 Secondary ...

Page 512: ...GK3 IPAddr 10 254 159 50 Port 1719 Priority 1 NeedToReg True show h323 gateway calls Shows the status of H 323 calls in progress Example show h323 gateway calls Current H323 Calls Current Time 2005 11 29 06 09 55 280 Total 2 calls CRV CallState SrcIpAddr SrcPort DstIpAddr DstPort StartTime 13 CallDelivered 10 254 167 239 1111 10 254 167 235 1720 2005 11 29 06 09 40 370 14 Active 10 254 167 239 111...

Page 513: ...ebugging messages of an application or the H 323 message sent or received debug h323 log Command to view the H 323 message You can display messages by filtering them with calling number or called number debug h323 vcc Displays the debugging messages of H 323 call processing task debug h323 stack Displays the debugging messages of H 323 stack level ...

Page 514: ...CHAPTER 4 H 323 Gateway Management 460 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...

Page 515: ... Subscriber interface FXS the plug on the wall delivers POTS service from the local phone company s Central Office CO and must be connected to subscriber equipment telephones modems and fax machines In other words an FXS interface points to the subscriber FXO Foreign eXchange Office interface FXO the plug on the phone receives POTS Service typically from a Central Office of the Public Switched Tel...

Page 516: ...status is detected while submarine sends dial tone Also it sends on off pattern ring to receive dial tone Figure 5 1 Loop Start Signaling 1 Idle state Analog FXS Interface or module in submarine Telephone set or PBX Ring Generator 48DC Battery Tip Ring Opened loop broken 2 Hook Off state Analog FXS Interface or module in submarine Telephone set or PBX Ring Generator 48DC Battery Tip Ring Closed lo...

Page 517: ... For these reasons ground start method is used as inter PBX Trunk line Figure 5 2 Ground start signaling for Analog FXS Idle state Idle state Analog FXS Interface or module in submarine Ring Generator 48DC Battery Tip Ring The PBX are constantly monitoring the tip line for ground Tip Detector The module of Analog FXS are constantly monitoring the ring line for ground Battery 48 VDC is still connec...

Page 518: ...tor 48DC Battery Tip Ring PBX grounds the ring line to indicate to the Analog FXS that there is an incoming call Tip Detector PBX CO Analog FXS Interface or module in submarine Ring Generator 48DC Battery Tip Ring Tip Detector the Analog FXS grounds the tip line and then superimposes a 20 Hz 90 VAC ringing voltage over the ring line to alert the PBX of an incoming call PBX CO 2 Outgoing call ...

Page 519: ...ified as either two wire or four wire This refers to whether the audio path is full duplex on one pair of wires two wire or on two pair of wires four wire A connection may be called a four wire E M circuit although it actually has six to eight physical wires It is an analog connection although an analog E M circuit may be emulated on a digital line For more information on digital voice port config...

Page 520: ... Wink start method hooks off E lead to enter seizure action and then receives Wink of M lead on the counterpart office and transmits address information Figure 5 5 wink method signaling sequence Originating Destination M wire E wire M wire E wire seizure digits digits answer Min 70 msec Max 10 sec Min 200 msec Min 120 msec Max 6 sec Pulse 200 msec answer ...

Page 521: ...de takes a look at the status of terminating side if the terminating side is on hook status or he she awaits till the terminating side enters into on hook status calling side sends address information Figure 5 6 delay method signaling sequence Originating Destination M wire E wire M wire E wire seizure digits digits answer Min 70 msec Max 10 sec Min 200 msec Min 120 msec Max 6 sec Seizure ack Star...

Page 522: ...or E M type Table 30 1 E M Wiring and Signaling Methods E M Type E Lead Configuration M Lead Configuration Signaling Battery Lead Signaling Ground Lead I Output Relay to ground Input referenced to ground II Output Relay to SG Input referenced to ground Feed for M connected to 48V Return for E Galvanically isolated from ground III Output Relay to ground Input referenced to ground Connected to 48V C...

Page 523: ... ls up up on hook idle y 0 0 2 fxs ls up up on hook idle y 0 0 3 fxs ls up up on hook idle y 0 1 0 10 01 r2 mfc up up idle idle y 0 1 0 10 02 r2 mfc up up idle idle y 0 1 0 10 03 r2 mfc up up idle idle y 0 1 0 10 04 r2 mfc up up idle idle y 0 1 0 10 05 r2 mfc up up idle idle y 0 1 0 10 06 r2 mfc up up idle idle y 0 1 0 10 07 r2 mfc up up idle idle y 0 1 0 10 08 r2 mfc up up idle idle y 0 1 0 10 09...

Page 524: ...tate is indicated differently according to signaling method in each SIG Type analog of voice port or DS0 channel idle ringing off hook out_of_svc busy seized answered etc OUT STATUS indicates status changes when analog voice port or DS0 channel handles a call At this time call state is indicated differently according to signaling method in each SIG Type analog of voice port or DS0 channel idle rin...

Page 525: ...aling DTMF or MF Configuring Analog FXS Voice Port This section describes the configuration of analog FXS voice port How to Configure Analog FXS Voice Port To set up each parameter of basic analog voice port follow the next procedures y Configuration Steps configure terminal voice port dial peer voice pots exit y Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal E...

Page 526: ...uency 25 Hz frequency 30 Hz frequency 50 Hz frequency 6 ring cadence on net cadence define pulse interval pulse interval pulse interval Changes Ring Cadence for on net Call 7 ring cadence off net cadence define pulse interval pulse interval pulse interval Changres Ring Cadence for off net Call 8 locale locale Selects the two letter locale for the voice call progress tones and other locale specific...

Page 527: ...continue if a call is not answered The range is from 0 to 60000 The default is 180 0 means infinity wait release Specifies the duration that a voice port stays in the call failure state while the device sends a busy tone reorder tone or an out of service tone to the port The range is from 0 to 3600 The default is 30 0 means infinity 10 timing hookflash out timer value the duration of the hookflash...

Page 528: ...the letters A through D You can also enter the following special characters The asterisk or pound sign on standard touch tone dial pads can be used anywhere in the pattern The period acts as a wildcard character When the timer T character is included at the end of the destination pattern the router collects dialed digits until the interdigit timer expires 5 seconds by default or until you dial the...

Page 529: ...f y pattern05 1 second on 5 seconds off y pattern06 1 second on 3 seconds off y pattern07 0 8 second on 3 2 seconds off y pattern08 1 5 seconds on 3 seconds off y pattern09 1 2 seconds on 3 7 seconds off y pattern09 1 2 seconds on 4 7 seconds off y pattern11 0 4 second on 0 2 second off 0 4 second on 2 seconds off y pattern12 0 4 second on 0 2 second off 0 4 second on 2 6 seconds off In case of SI...

Page 530: ... time in hundreds of milliseconds Range is from 1 to 50 for pulses of 100 to 5000 ms For example 1 100 ms 10 1 s 40 4 s interval Number 1 or 2 digits specifying ring interval off time in hundreds of milliseconds Range is from 1 to 50 for pulses of 100 to 5000 ms For example 1 100 ms 10 1 s 40 4 s Dualtone The dualtone command enters the custom cptone configuration mode and specifies a call progres...

Page 531: ...t is 0 cycle 2 on time Optional Tone on duration for the first cycle of the cadence pattern in milliseconds ms Range is from 0 to 1000 The default is 0 cycle 2 off time Optional Tone off duration for the first cycle of the cadence pattern in milliseconds ms Range is from 0 to 1000 The default is 0 cycle 3 on time Optional Tone on duration for the first cycle of the cadence pattern in milliseconds ...

Page 532: ...de 2 voice port slot subslot port Enter voice port Configuration Mode slot Specifies the number of the router slot where the voice module in installed subslot Specifies the number of subslot in the slot port Indicates the voice port 3 shutdown Change status of voice port to shutdown 4 signal loop start ground start Selects the access signaling type to match that of the telephony connection you are...

Page 533: ...efault is 10 interdigit Configures the number of seconds that the system waits after the caller has input the initial digit or a subsequent digit of the dialed string If the timeout ends before the Destination is identified a tone sounds and the call ends This value is important when using variable length dial peer destination patterns dial plans The seconds argument is the interdigit timeout wait...

Page 534: ...ial peer using basic telephone service 14 destination pattern WORD Example configure voice port destination pattern 1004 Setting Destination pattern Matches dialed digits to a telephony device The string argument is a series of digits that specify the E 164 or private dialing plan telephone number Valid entries are the numbers 0 through 9 and the letters A through D You can also enter the followin...

Page 535: ...Signal wire from trunking CO side to signaling side y M Mouth or Magnet Signal wire from signaling side to trunking CO side y SG Signal Ground Used on E M Types II III IV y SB Signal Battery Used on E M Types II III IV y TIP RING T R leads carry audio between the signaling unit and the trunking circuit On a 2 wire audio operation circuit this pair carries the full duplex audio path y TIP1 RING1 Us...

Page 536: ...er information for E M Board Figure 5 8 E M Jumper Information J1 J2 J11 J12 2W 4W 1 2 2 3 CH0 J1 J2 CH1 J11 J12 1 2 2 3 Type J6 J7 E SG J4 J5 M 1 Not used 1 2 2 1 2 1 2 3 1 2 3 4 1 2 5 3 4 2 3 J1 3 1 J2 3 1 J4 1 3 J5 1 3 J6 1 Gnd 4 J7 Gnd 1 4 J11 3 1 J12 3 1 Gnd Vcc_3 3V 1 8 Black line J10 CPLD Download ...

Page 537: ... four leads for supervision signaling E M SB and SG During inactivity both the E lead and M lead are open The PBX indicates the off hook condition by connecting the M lead to the signal battery SB lead connected to battery of the signaling side E M Type III Not commonly used in modern systems Type III uses four leads for supervision signaling E M SB and SG During inactivity the E lead is open and ...

Page 538: ...slot port Indicates the voice port 3 shutdown Change status of voice port to shutdown 4 signal wink start immediate start delay dial This command enables Direct Inward Dialing on the voice port immediate if the voice port must use the immediate start protocol wink start if the voice port must use the wink start protocol delay dial if the voice port must use the delay start protocol 5 operation 2 w...

Page 539: ...s parameters initial Sets the number of seconds that the system waits between the caller input of the initial digit and the subsequent digit of dialed string A valid entry is from 0 to 120 The default is 10 interdigit Configures the number of seconds that the system waits after the caller has input the initial digit or a subsequent digit of the dialed string If the timeout ends before the Destinat...

Page 540: ...004 Setting Destination pattern Matches dialed digits to a telephony device The string argument is a series of digits that specify the E 164 or private dialing plan telephone number Valid entries are the numbers 0 through 9 and the letters A through D You can also enter the following special characters The asterisk or pound sign on standard touch tone dial pads can be used anywhere in the pattern ...

Page 541: ...a response it begins to outpulse digits The address signaling used with immediate start signaling Consists only of dial pulsing y wink Start The originating end seizes the line by going off hook It waits for acknowledgement from the other end before outpulsing digits This serves as an integrity check that will identify a malfunctioning trunk and allow the network to send a re order tone to the cal...

Page 542: ... the router slot where the voice module in installed subslot Specifies the number of subslot in the slot port Indicates the voice port 3 shutdown Change status of voice port to shutdown 4 signal did immediate wink start delay dial This command enables Direct Inward Dialing on the voice port immediate if the voice port must use the immediate start protocol wink start if the voice port must use the ...

Page 543: ...e is important when using variable length dial peer destination patterns dial plans The seconds argument is the interdigit timeout wait time in seconds A valid entry is an integer from 0 to 120 The default is 5 ringing Specifies the duration that the voice port allows ringing to continue if a call is not answered The range is from 0 to 60000 The default is 180 0 means infinity wait release Specifi...

Page 544: ... They are treated specially because they are routed differently within the PSTN than normal traffic Calls to emergency services are routed based on the calling number not the called number The calling number is checked against a database of emergency service providers that cross references the service providers for the caller s particular location When this information is known the call is then ro...

Page 545: ...er Identification y CAMA Centralized Automatic Message Accounting y NPA Numbering Plan Area y NPD Numbering Plan Digit y NRF No Record Found y PBX Private Branch Exchange y PSAP Public Safety Answering Point or Primary Public Safety Answering Point y SR Selective Routing End Office PSTN Traffic ALI Database Selective Router Tandem PSAP ANI ALI Controller Analog Phone IP Phone SCM 9 1 1 Service Pro...

Page 546: ... Plan Digit NPD in the look up table or when the calling number is fewer than 10 digits NPA digits are not available y KP NPD NXX XXXX ST 8 digit ANI transmission in which the NPD is a single multifrequency MF digit that is expanded into the NPA The NPD table is preprogrammed by configuring ANI mapping in the sending and receiving equipment on each end of the MF trunk for example 0 408 1 510 2 650...

Page 547: ...s exit y Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 voice port slot subslot port Enter voice port Configuration Mode slot Specifies the number of the router slot where the voice module in installed subslot Specifies the number of subslot in the slot port Indicates the voice port 3 shutdown Change status of voice port to sh...

Page 548: ...an Area NPA or area code is implied by the trunk group and is not transmitted kp 2 st Default transmission when the CAMA trunk cannot get a corresponding Numbering Plan Digit NPD digit in the look up table or when the calling number is fewer than 10 digits in length NPA digits are not available kp npd nxx xxxx st 8 digit ANI transmission where the NPD is a single multifrequency MF digit that is ex...

Page 549: ... the duration that the voice port allows ringing to continue if a call is not answered The range is from 5 to 60000 The default is 180 wait release Specifies the duration that a voice port stays in the call failure state while the device sends a busy tone reorder tone or an out of service tone to the port The range is from 3 to 3600 The default is 30 11 timing digit timer value specifies the DTMF ...

Page 550: ...the letters A through D You can also enter the following special characters The asterisk or pound sign on standard touch tone dial pads can be used anywhere in the pattern The period acts as a wildcard character When the timer T character is included at the end of the destination pattern the router collects dialed digits until the interdigit timer expires 5 seconds by default or until you dial the...

Page 551: ...ling standard for PSTN E1 trunk A detailed specification for R2 signaling is included in ITU T Q 400 to Q 490 Digital E1 Trunk E1 trunk working in TDM method has 32 timeslots each timeslot is called as DS0 One of R2 signaling working in E1 digital trunk is used as frame synchronization of E1 trunk and the other one is used for signal transmission for R2 signaling The remaining 30 timeslots are use...

Page 552: ...s custom in order to customize the E1 R2 variants for different countries or regions Configuration Steps y Complete physical layer of E1 trunk settings y Create ds0 groups to manage the DS0 channels on the E1 trunk y Configure ds0 group with sub commands such as timeslots and signal cas y Customize country variants in cas custom configuration mode y Configure basic voice port parameters in voice p...

Page 553: ...nfiguration mode To configure E1 R2 do the following steps 1 Set up the E1 trunk that connects to the private automatic branch exchange PBX or switch 2 Ensure that the framing and linecoding of the E1 are properly set 3 For E1 framing choose either CRC or non CRC 4 For E1 linecoding choose either HDB3 or AMI 5 For the E1 clock source choose either internal or line Keep in mind that different PBXs ...

Page 554: ...VSLOT 0 0 FXS_ 4M NORMAL 7 MM_2_VSLOT 0 1 WTE_ 2M NORMAL 6 MM_1_VSLOT 0 2 1 0 1 1 2 0 2 1 2 show module configuration all Displays all the digital trunk active in the system So if you use this command it helps you to recognize the carrier types of the trunks installed in the system v239 show module configuration all E1 Framing Coding ClkSrc LBO CableLength State Alarm 0 1 1 crc hdb3 int long haul ...

Page 555: ...e1 trunk Specify the E1 trunk that you want to configure physical layer settings trunk is a simple notation of slot sub slot port for convenience 7 clock_source internal line Configures the clock source line Specifies that the clock facility on this port derives clocking from the external source to which the port is connected generally the CO internal Optional Specifies that the clock is generated...

Page 556: ...roup is a logical voice port configurable in digital voice port consisting of one or more DS0 channels y Logical voice port is used with the same meaning of DS0 group is a logical unit that can exist in multiple units in digital voice port of E1 T1 unit each logical voice port is able to work with its own property In summary logical voice port is a multi phased abstract unit having both signaling ...

Page 557: ...rred to DS0 This created DS0 group can set up specific properties via voice port command Here is the visualized depiction of DS0 groups on a digital trunk Figure 6 5 DS0 groups on a digital voice port IP Voice Port PSTN Signaling Properties PSTN PCM Voice Properties Voice Packet Properties PSTN iBG2016 iBG2016 Network module slot 1 VWIC slot 0 Creates DSO group or Logical voice port 1 0 1 By group...

Page 558: ...fferent time slots Defining additional DS0 groups also creates individual DS0 voice ports Step Command Purpose 1 configure terminal Assumes the trunk becomes normal active according to the steps above Here the description starts with configuring R2 signaling to trunk 2 module e1 trunk Enter the module configuration mode 3 cas ds0 group ds0 group no Enter the ds0 group number to create in this E1 t...

Page 559: ...gions are set by entering the cas custom channel command followed by the country name command Configuring R2 Signaling Step Command Purpose 1 configure terminal Enter the global configuration mode 2 voice port slot sub slot port ds0 group no Enter the module configuration mode 3 Shutdown Shuts down the voice port for further configuration 4 timeslots timeslot list timeslots Specifies the single ti...

Page 560: ...r2 mfc up up idle idle y 0 1 0 10 10 r2 mfc up up idle idle y Trunk Status Monitoring The next sub chapter addresses digital trunk status and information configured in the trunk In detail we will check out the following subject y check out if configured digital trunk works normally y check out if logical voice ports configured in digital trunk are normally configured y check out if the configurati...

Page 561: ...n band Overwrite CIRCUIT ID Not Configured CONTACT INFO Not Configured DESCRIPTION Not Configured LINK NAME Not Configured Line Status RLOS OFF RAIS OFF RLOF OFF RRAI OFF TAIS OFF TRAI OFF TPtrn OFF Loop OFF Timeslot Map 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 ____________________________________________________________________ 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0...

Page 562: ... 10 06 r2 mfc up up idle idle y 0 1 0 10 07 r2 mfc up up idle idle y 0 1 0 10 08 r2 mfc up up idle idle y 0 1 0 10 09 r2 mfc up up idle idle y 0 1 0 10 10 r2 mfc up up idle idle y PORT presents the logical voice ports created in analog voice port and digital voice port by using geographical location presentation method Form of slot sub slot port analog voice card such as analog FXS analog FXO anal...

Page 563: ...n analog voice port or DS0 channel handles a call At this time call state is indicated differently according to signaling method in each SIG Type analog of voice port or DS0 channel idle ringing off hook out_of_svc busy seized answered etc EC indicates working of echo cancellation function set up in analog voice port or DS0 Logical Voice Port In Detail displays the concrete setup values of the par...

Page 564: ...ase guard time is set to 2000 CAS custom seize ack time is set to 100 CAS custom ANI timeout is set to 0 CAS custom answer guard time is set to 0 CAS custom DNIS digit complete is set to 0 CAS custom DNIS min digits is set to 0 CAS custom DNIS max digits is set to 0 CAS custom metering is set to 0 Timeout initial is set to 10 Timeout interdigit is set to 5 Timeout ringing is set to 180 Timeout wai...

Page 565: ...23 for T1 or from 0 to 30 for E1 in a specific trunk 4 exit Exit the module configuration mode 5 show voice port summary Displays all the voice port configured in the system Checks out whether the ds0 group just created exists or not Delete Trunk Voice Port deletes DS0 group created in a specific digital trunk The following describes the process to delete DS0 group Step Command Purpose 1 configure...

Page 566: ...cifies companding standard used Even though the set up values are different each other a conversion is made by internal TDM switch 5 description optional a representative ID set up in this voice port names text string 6 exit Exit the voice port configuration mode 7 show voice port slot sub slot port ds0 group no checks out if the values set up in the voice port are set up normally Configure Advanc...

Page 567: ...Enter the global configuration mode 2 voice port slot sub slot port ds0 group no Enter the module configuration mode 3 echo cancel enable Enables the echo cancellation on this voice port Echo cancellation works on the echo cancellation coverage which is configured by user or as default 4 echo cancel coverage 8 16 128 Choose the echo tail length echo cancel coverage to which echo cancellor is commi...

Page 568: ...tion mode 3 digital gain input vauel Sets the PCM to encoder input gain in decibels ranging from 13 9 to 6 0 The changes take effect at the next trial of voice connection 4 digital gain output value Sets the decoder to PCM output gain in decibels ranging from 13 9 to 6 0 The changes take effect at the next trial of voice connection 5 Exit Exit the voice port configuration mode 6 show voice port sl...

Page 569: ... a maximum size whose jitter buffer can be extended dynamically this allows for the delay to the limit established where instant delay may increase dramatically in the network and discards the packets over the limit 6 playout delay minimum value In case that jitter buffer size is set up in a adaptive mode set up a maximum size whose jitter buffer can be extended dynamically In the network delay be...

Page 570: ...select the appropriate country by the commands below parameters available for setting may be initialized to the appropriate values for corresponding country if you don t input use defaults apply signaling state by country The countries supported are as follows Australia australia country specification brazil brazil country specification china china country specification easteurope easteurope count...

Page 571: ...tegory DNIS digits to be collected before requesting a line category 16 unused abcd Specifies unused ABCD bit values 17 exit Exit the cas custom configuration mode 18 exit Exit the voice port configuration mode Country Variant Parameters 1 ANI digits Expected number of ANI digits sets up the maximum and minimum digits of ANI digits that the receiver wants to get from the calling side 2 Answer sign...

Page 572: ...ver and then determine the progress of a call 6 Invert ABCD Inverts the ABCD bits before tx and after rx 7 KA determines signal number that may be used in KA signal 8 KD determines signal number that may be used in KD signal 9 Metering determines if it would create metering pulse for outgoing call 10 Request category DNIS digits to be collected before requesting line category When it works as R2 c...

Page 573: ...of user bandwidth in order to perform signaling functions The most common forms of CAS signaling are loopstart groundstart Equal Access North American EANA and E M T1 CAS Signalings CAS stands for Channel Associated Signalling and various types of CAS signaling are available in the T1 world The most common forms of CAS signaling are loopstart groundstart and E M signaling These protocols provide i...

Page 574: ... as it is Thus there are more defects than other CAS signaling One of the defects is that there is no way to notify users of far end disconnect or answer making users impossible to know about the status In the case of loop start signaling FXS only uses the A bit and the FXO side only uses the B bit to communicate call information 2 Groundstart signaling Is very similar with loop start signaling in...

Page 575: ...Because it is the signaling type devised to complement defects of FXS FXO E M connection is preferable to FXS FXO E M connections from routers to telephone switches or to PBXs provide better answer and disconnect supervision E M signaling has many advantages over the previous CAS signaling methods discussed in this document It provides both disconnect and answer supervision as well as glare avoida...

Page 576: ...ng on PSTN the specific characteristic of T1 trunk line should be met This configuration is made typically in module configuration mode To configure T1 CAS the following procedure shoud be complete 1 Set up the T1 trunk that connects to the private automatic branch exchange PBX or switch 2 Ensure that the framing and linecoding of the T1 are properly set 3 For T1 framing choose either ESFor D4 4 F...

Page 577: ...required Otherwise the system will prompt you to reboot the system for the change to take effect 5 configure terminal 6 module t1 trunk Specify the T1 trunk that you want to configure physical layer settings trunk is a simple notation of slot sub slot port for convenience 7 clock_source internal line Configures the clock source line Specifies that the clock facility on this port derives clocking f...

Page 578: ...onfigure terminal Assumes the trunk becomes normal active according to the steps above Here the description starts with configuring CAS signaling to trunk 2 module t1 trunk Enter the module configuration mode 3 cas ds0 group ds0 group no Enter the ds0 group number to create in this T1 trunk 4 exit Exit module configuration mode 5 show voice port summary Check if ds0 group is normally created Ds0 g...

Page 579: ...iguration carrier type and status of trunk in operation can be checked v239 show module configuration t1 0 1 0 T1 0 1 0 is ENABLED Alarm Hierarchy TRUE Yellow Alarm DISABLE Framing ESF LineCode B8ZS ClockSource INT LineMode CSU LBO 0 db FDL ANSI Unit Protocol enabled ATT Unit Protocol disabled CsuDsuType CSU Loopback Framing In band Overwrite CIRCUIT ID Not Configured CONTACT INFO Not Configured D...

Page 580: ... N A 0 1 0 esf b8zs int csu 0db up N A Logical Voice Port Summary Using show voice port summary check the status of logical voice port DS0 Groups created in digital trunk It displays all the voice ports created in the system including DS0 group Logical Voice Port In Detail Using show voice port port check the detailed setup value of parameters used in the particular voice port ...

Page 581: ...up 3 cas ds0 group ds0 group no ds0 group no Identifies the unique DS0 group number from 0 to 23 for T1 or from 0 to 30 for E1 in a specific trunk 4 exit Exit the module configuration mode 5 show voice port summary Displays all the voice port configured in the system Checks out whether the ds0 group just created exists or not Delete Trunk Voice Port It is a function to delete DS0 group created in ...

Page 582: ...ation function to support more detailed setup or additional setup Step Command Purpose 1 configure terminal Enter the global configuration mode 2 voice port slot sub slot port ds0 group no Enter the module configuration mode 3 locale locale Selects a two letter country name define in the voice port mode It decides call progress tone parameters and other locale specific parameters 4 compand type u ...

Page 583: ...rts use the following commands as necessary in voice port configuration mode Step Command Purpose 1 voice port slot sub slot port ds0 group no To set up the attribute values of created ds0 group starts with voice port configuration mode if ds0 group was created normally there is no error in this CLI command 2 shutdown Shuts down the voice port to manipulate timeslots and signal cas command 3 condi...

Page 584: ...ze Indicates that the pattern represents line seizure idle Indicates that the pattern represents an idle condition 0000 1111 Represents the bit pattern to use 5 ignore rx a bit rx b bit rx c bit rx d bit Configures the voice port to ignore the specified receive bit for North American E M if patterns different from the defaults are required 6 no shutdown Activate the voice port at the final step of...

Page 585: ... string2 and for generating the sequence of ANI by rotating through the range until string2 is reached and then starting from string1 again If strings are less than four digits in length then entire strings are used 4 calling number outbound sequence string1 string2 string3 string4 string5 Specifies ANI to be sent out when the T1 CAS fgd eana command is configured as signaling type This option con...

Page 586: ...tion A valid entry is an integer from 0 to 120 The default is 10 5 timeouts interdigit seconds Configures the number of seconds that the system waits after the caller has input the initial digit or a subsequent digit of the dialed string If the timeout ends before the destination is identified a tone sounds and the call ends This value is important when using variable length dial peer destination ...

Page 587: ...ming dialout delay milliseconds Specifies dialout delay in milliseconds for the sending digit or cut through on an FXO trunk or an E M immediate trunk Valid entries are from 100 to 5000 The default is 300 6 timing digit milliseconds Specifies the DTMF digit signal duration in milliseconds Valid entries are from 50 to 100 The default is 100 7 timing guard out milliseconds FXO ports only Specifies t...

Page 588: ...TS diagram above Loop Start signaling uses only two basic states Ringing sent to the FXO interface and Off Hook sent to the FXS interface Loop Start signaling is the most common type of signaling deployed in the PSTN Although it is very common problems can occur whenever automatic answering equipment is used as the phone Since there is no way for the CO to tell the phone to hang up go On Hook if t...

Page 589: ...an additional state Tip Closed which tells the FXO circuit that there is an inbound call in progress even during the quiet ringing cycle For outbound calls the PBX or FXO interface must first seize the line by applying ground to the Ring lead of the Tip Ring pair Ring Ground The CO or FXS interface now knows that the FXO is trying to make an outbound call and it will not terminate inbound calls on...

Page 590: ...ed 0 1 1 1 Configure T1 CAS FXO signaling Step Command Purpose 1 configure terminal Enter the global configuration mode 2 module t1 slot sub slot port Enter the module configuration mode 3 cas ds0 group ds0 group no Enter the ds0 group number to create in this E1 trunk 4 Exit Exit module configuration mode 5 voice port slot sub slot port ds0 group no To set up the attribute values of created ds0 g...

Page 591: ...lows 2 3 5 1 7 9 1 12 8 signal cas fxo loop start or signal cas fxo ground start Choose FXO signaling method 9 no shutdown Activate the voice port at the final step of configuration 10 exit T1 CAS FXS Features Digital Loop Start signaling In case of Loop start signaling it works according to the following state table Incoming Call Sent Received State a f b f a b b b Idle 0 1 0 1 Seizured 0 1 0 0 R...

Page 592: ...ed 1 1 0 1 Configure T1 CAS FXS signaling Step Command Purpose 1 configure terminal Enter the global configuration mode 2 module t1 slot sub slot port Enter the module configuration mode 3 cas ds0 group ds0 group no Enter the ds0 group number to create in this E1 trunk 4 exit Exits the module configuration mode 5 voice port slot sub slot port ds0 group no To set up the attribute values of created ...

Page 593: ...d start Choose FXS signaling method 9 no shutdown Activate the voice port at the final step of configuration 10 exit T1 CAS E M Features For digital T1 Channel Associated Signaling CAS trunks running ear and mouth E M signaling there are generally only two states that a voice channel can be in When there is no call on a channel it is in the Idle or On Hook state When there is an active call on a c...

Page 594: ... 6 11 Immediate start method signaling sequence Originating Destination M wire E wire M wire E wire 1111 1111 0000 1111 seizure digits digits Start dial answer Min 120 msec Max 6 sec Min 70 msec Max 10 sec Duration 200 msec Min 200 msec Originating Destination M wire E wire M wire E wire 1111 1111 seizure digits digits answer Min 120 msec Max 10 sec Min 200 msec ...

Page 595: ...s0 group no To set up the attribute values of created ds0 group starts with voice port configuration mode if ds0 group was created normally there is no error in this CLI command 6 shutdown Shuts down the voice port to manipulate timeslots and signal cas command 7 timeslots timeslot list timeslots Specifies the single time slot number single range of numbers or multiple ranges of numbers separated ...

Page 596: ... final step of configuration 10 exit T1 CAS R1 Features T1 CAS R1 is a type of Channel Associated Signaling CAS used widely in places other than North America Line Signaling Is in compliance with ITU T Q 311 Q 314 Q 315 Recommendation Transmitted state Signal Signal direction Transmitted duration Originating end Terminating end Idle continuous 0 0 Connect seizing continuous 1 0 Delay dialing conti...

Page 597: ...ter the global configuration mode 2 module t1 slot sub slot port Enter the module configuration mode 3 cas ds0 group ds0 group no Enter the ds0 group number to create in this E1 trunk 4 exit Exits the module configuration mode 5 voice port slot sub slot port ds0 group no To set up the attribute values of created ds0 group enter voice port configuration mode if ds0 group was created normally there ...

Page 598: ...se 8 signal cas r1 itu or signal cas r1 modifited Choose T1 R1 signaling method r1 itu R1 signaling compliant with ITU T recommendation r1 modified R1 signaling variants 9 no shutdown Activate the voice port at the final step of configuration 10 exit Exit the voice port configuration mode ...

Page 599: ...hone transmission of high capacity file and videoconference at high speed This section briefly introduces ISDN service Services BRI Service BRI Basic Rate Interface service possesses two B channels and one D channel which is composed of Two B channels and One D channel 2B D BRI B channel service is operated with 64 Kbps and this means User data BRI D channel service is operated with 16 Kbps transm...

Page 600: ...hysical layer specification is ITU T I 431 ISDN Call Flow Two Layer 3 specifications are used for ISDN signaling ITU T formerly CCITT I 450 also known as ITU T Q 930 and ITU T I 451 also known as ITU T Q 931 Together these protocols support user to user circuit switched and packet switched connections A variety of call establishment call termination information and miscellaneous messages are speci...

Page 601: ...CE Called DTE Called router Pick up Ring back indication Stop ring back indication Information Information Hang up Set up Set up ACK Information Call Proceeding Alerting Alerting Connect Connect ACK Flow Flow Disconnect Release Release complete Release complete Release Disconnect Information Information Connect Set up Ringing Pick up Flow Flow ...

Page 602: ...vices might be attached ask for point to multipoint service and a voice and data line Configuration Steps y Create interface bundle to manage the bundle channels on the BRI bundle y Configure ISDN switch type y Configure Voice type y Activate the ISDN y Delete the ISDN y Optional Configuration ISDN Create interface bundle To create the interface bundle use the following command Step Command Purpos...

Page 603: ...ISDN 5 switch type switch type Sets the pertinent switch type with the content like the below table 36 1 timeslots BRI is just 1 or 2 but ignored value Table 7 1 switch type parameter description BRI Switch Type Keywords Description Basic ni National ISDN Basic Rate Switch Type only user side Basic dms NT DMS 100 Basic Reate Switch Type Basic 5ess AT T Basic Rate Switch Type default Basic ntt NTT ...

Page 604: ...owing table 6 incoming voice Sets up for voice 7 spid1 spid number Optional TE Only Spefies a service profile identifier for B1 channel Currently only the DMS 100 and NI switch types require SPIDs 8 spid2 spid number Optional TE only Specifies a SPID for B2 channel 9 sending alerting Optional Specify if Alerting message to be sent out before Connect message 10 overlap receiving Optional Specify if...

Page 605: ...p ISDN 5 switch type switch type Sets up the pertinent switch type with the content like the following table 6 incoming voice Sets up for voice 7 activate Activates ISDN 8 exit 9 voice port 0 0 0 Configure to set up voice port 10 no shutdown Turns on the port Delete the ISDN To delete the ISDN use the following command Step Command Purpose 1 configure terminal Configures to set up bundle 2 voice p...

Page 606: ...ntify the billing number use the following command in interface configuration mode Step Command Purpose 1 configure terminal Configures to set up bundle 2 interface bundle bundle name Sets up bundle name 3 link bri 0 0 0 1 Sets up the pertinent physical link 4 isdn Sets up ISDN 5 switch type switch type Sets up the pertinent switch type with the content like the following table 6 incoming voice Se...

Page 607: ... Complete information element in the outgoing call Setup message use the following command in interface configuration mode Step Command Purpose 1 configure terminal Configures to set up bundle 2 interface bundle bundle name Sets up bundle name 3 link bri 0 0 0 1 Sets up the pertinent physical link 4 isdn Sets up ISDN 5 switch type switch type Sets up the pertinent switch type with contents like th...

Page 608: ...pid1 spid2 idle timeout 5 connect delay 15 keep alive 10000 disconnect cause 17 switch type basic dms tei mode point to multipoint show isdn interfaces Displays the ISDN interface information v239 show isdn interfaces ISDN Information bri000 caller answer1 answer2 called number spid1 spid2 idle timeout 5 connect delay 15 keep alive 10000 disconnect cause 17 switch type basic dms tei mode point to ...

Page 609: ...alls show isdn bri statistics WORD Displays the ISDN BRI statistics v239 show isdn bri statistics bri000 HDLC Statistics for D Channel GT0 rx packet counter 0 GT0 rx Byte counter 0 GT0 rx chRxErr counter 0 GT0 rx crc counter 0 GT0 rx abort counter 0 GT0 rx chainedError counter 0 GT0 rx all error counter 0 GT0 tx packet counter 73347 GT0 tx Byte counter 586761 GT0 tx packet request 73347 GT0 tx pac...

Page 610: ...e USR Primary Rate interface Switch Type primary 5ess Tei value for Point to Point 0 Side USR Troubleshooting ISDN Interfaces Command Purpose debug isdn q921 WORD Checks Layer 2 debug isdn q931 WORD Checks Layer 3 debug isdn q921 timers WORD Displays q921 timers v239 show isdn q921 timers bri000 ISDN Layer 2 Timer Values K 7 Outstanding I Frames N200 3 Max number of retransmission of a frame N203 ...

Page 611: ...conds T308 4 Seconds T310 40 Seconds T313 4 Seconds T316 120 Seconds T319 4 Seconds T322 4 Seconds debug isdn q931Statistics WORD Displays q931 statistics v239 show isdn q931Statistics bri000 ISDN Global Configuration Setup Tx 0 Setup Ack Tx 0 Alert Tx 0 Call P Tx 0 Conn Tx 0 Con Ack Tx 0 Prog Tx 0 Disc Tx 0 Rel Tx 0 Rel Cmp Tx 0 Stat Tx 0 Stat Enq Tx 0 Info Tx 0 Stat Enq Tx 0 Stat Enq Tx 0 Setup ...

Page 612: ...q921Statistics WORD Displays q921 statistics v239 show isdn q921Statistics bri000 Setup Tx 0 Setup Ack Tx 0 Alert Tx 0 Call P Tx 0 Conn Tx 0 Con Ack Tx 0 Prog Tx 0 Disc Tx 0 Rel Tx 0 Rel Cmp Tx 0 Stat Tx 0 Stat Enq Tx 0 Info Tx 0 Stat Enq Tx 0 Stat Enq Tx 0 Setup Rx 0 Setup AckRx 0 Alert Rx 0 Call P Rx 0 Conn Rx 0 Con Ack Rx 0 Prog Rx 0 Disc Rx 0 Rel Rx 0 Rel Cmp Rx 0 Stat Rx 0 Stat Enq Rx 0 Info ...

Page 613: ...which other ISDN devices might be attached ask for point to multipoint serice and a voice and data line Configuration Steps y Create interface bundle to manage the bundle channels on the PRI bundle y Configure ISDN switch type y Configure Voice type y Activate the ISDN y Delete the ISDN y Optional Configuration ISDN Create interface bundle To create interface bundle for th PRI Step Command Purpose...

Page 614: ...e with the content like the following table 36 2 timeslots E1 PRI is 1 to 31 T1 PRI is 1 to 24 Table 7 2 switch type parameter description PRI Switch Type Keywords Description Primary 4ess AT T Primary Rate Switch Type Primary 5ess AT T Primary Rate Switch Type default Primary dms250 DMS250 Primary Rate Switch Type Primary dms100 DMS100 Primary Rate Switch Type Primary ntt NTT Primary Rate Switch ...

Page 615: ...ch type with the content like the following table 6 incoming voice Sets up for voice Actviate the ISDN To activate the ISDN use the following command Step Command Purpose 1 configure terminal Configures to set up bundle 2 interface bundle bundle name Sets up bundle name 3 link pri_t1 pri_e1 0 0 0 1 Sets up the pertinent physical link 4 isdn Sets up ISDN 5 switch type switch type Sets up the pertin...

Page 616: ... on calls in which the number is presented When configured the calling number information is included in the outgoing Setup message To configure the interface to identify the billing number use the following command in interface configuration mode Step Command Purpose 1 configure terminal Configures to set up bundle 2 interface bundle bundle name Sets up bundle name 3 link pri_t1 pri_e1 0 0 0 1 Se...

Page 617: ...re the interface to include the Sending Complete information element in the outgoing call Setup message use the following command in interface configuration mode Step Command Purpose 1 configure terminal Configures to set up bundle 2 interface bundle bundle name Sets up bundle name 3 link pri_t1 pri_e1 0 0 0 1 Sets up the pertinent physical link 4 isdn Sets up ISDN 5 switch type switch type Sets u...

Page 618: ...tomatic link restoral time 10 link speed bw inverted status diffdelay msec PRI_E1 0 2 1 1 64 64 no down bundle not yet encaped PRI_E1 0 2 1 2 64 64 no down bundle not yet encaped ISDN Information Switch Type primary ccitt caller called number sub address v239 show isdn interfaces ISDN Information pri000 caller answer1 answer2 called number spid1 spid2 idle timeout 5 connect delay 15 keep alive 100...

Page 619: ...pri statistics pri000 HDLC Statistics for D Channel GT0 rx packet counter 0 GT0 rx Byte counter 0 GT0 rx chRxErr counter 0 GT0 rx crc counter 0 GT0 rx abort counter 0 GT0 rx chainedError counter 0 GT0 rx all error counter 0 GT0 tx packet counter 73347 GT0 tx Byte counter 586761 GT0 tx packet request 73347 GT0 tx packet request error 0 GT0 tx packet release 73347 GT0 tx packet stop release 0 GT0 tx...

Page 620: ...g isdn q921 WORD Checks Layer 2 debug isdn q931 WORD Checks Layer 3 debug isdn q921 timers WORD Displays q921 timers v239 show isdn q921 timers pri000 ISDN Layer 2 Timer Values K 7 Outstanding I Frames N200 3 Max number of retransmission of a frame N203 260 Max number of TEI notification retransmits T200 2 Seconds T203 10 Seconds debug isdn q931 timers WORD Displays q931 timers v239 show isdn q931...

Page 621: ...tatistics WORD Displays q931 statistics v239 show isdn q931Statistics pri000 ISDN Global Configuration Setup Tx 0 Setup Ack Tx 0 Alert Tx 0 Call P Tx 0 Conn Tx 0 Con Ack Tx 0 Prog Tx 0 Disc Tx 0 Rel Tx 0 Rel Cmp Tx 0 Stat Tx 0 Stat Enq Tx 0 Info Tx 0 Stat Enq Tx 0 Stat Enq Tx 0 Setup Rx 0 Setup AckRx 0 Alert Rx 0 Call P Rx 0 Conn Rx 0 Con Ack Rx 0 Prog Rx 0 Disc Rx 0 Rel Rx 0 Rel Cmp Rx 0 Stat Rx ...

Page 622: ... pri000 Setup Tx 0 Setup Ack Tx 0 Alert Tx 0 Call P Tx 0 Conn Tx 0 Con Ack Tx 0 Prog Tx 0 Disc Tx 0 Rel Tx 0 Rel Cmp Tx 0 Stat Tx 0 Stat Enq Tx 0 Info Tx 0 Stat Enq Tx 0 Stat Enq Tx 0 Setup Rx 0 Setup AckRx 0 Alert Rx 0 Call P Rx 0 Conn Rx 0 Con Ack Rx 0 Prog Rx 0 Disc Rx 0 Rel Rx 0 Rel Cmp Rx 0 Stat Rx 0 Stat Enq Rx 0 Info Rx 0 Stat Enq Rx 0 Stat Enq Rx 0 ...

Page 623: ... used for defining characters to apply to each call leg in connecting call and identifying origination or termination of call Call leg is the logical connection between two Ubigate iBG2016s or Ubigate iBG2016 and telephony device One voice call is made up of four call legs Like the figure 33 1 it is made up of two call legs from originating Ubigate iBG2016 point of view and it is composed of two c...

Page 624: ...ket network It is IP address of Destination Ubigate iBG2016 To connect voice call through packet network both POTS and VoIP dial peer are necessary Inbound and Outbound Dial Peers Dial peer is used in both inbound and outbound call leg The meaning of Inbound and outbound is defined from Ubigate iBG2016 aspect When call enters Ubigate iBG2016 inbound call leg occurs Outbound call leg occurs when ca...

Page 625: ...eces of information in call setup message VoIP incoming call uses IP address and five pieces of configuration information on dial peer Three call setup elements are as follows y Called number or dialed number identification service DNIS is a series of digit string which is derived from the ISDN setup message or CASDNIS representing destination y Calling number or dialed number identification servi...

Page 626: ...l peer matching y Port displays that port makes call y Session target The network address of telephony device or gatekeeper sip server Inbound Dial Peers Matching Process Ubigate iBG2016 tries matching the above information like the following order 1 In the case of POTS VoIP call called number and incoming called number 2 In the case of VoIP call calling number and answer address 3 In the case of ...

Page 627: ...n target command to transmit call In the case of POTS incoming call Ubigate iBG2016 selects outbound dial peer based on whether it is DID of inbound POTS dial peer Both cases support longest matching DID Direct Inward Dial Case In DID call characteristic of One stage dialing set up message includes all digits necessary to route call Ubigate iBG2016 does not collect additional digits Ubigate iBG201...

Page 628: ...al peers necessary to complete a voice call Figure 8 4 Matching Call Legs to Dial Peers The following example shows the example of call made possible from number 0315854000 to 0234381000 Figure 33 5 shows inbound POTS dial peer are outbound VoIP dial peer set in originating Ubigate iBG2016 POTS dial peer displays the origination of call after being matched to either calling number or port informat...

Page 629: ... desitination parttern is replaced as wild card This means call with ITU T Recommendation P digit number starting with 023438 in Ubigate iBG2016 A is made possible with Ubigate iBG2016 B iBG2016 B IP Network iBG2016 A Source Destination 10 1 1 1 10 1 1 2 1 0 0 1 0 0 0315854000 0234381000 dial peer voice pots 1 destination pattern 31585 port 1 0 0 dial peer voice voip 2 destination pattern 23438 se...

Page 630: ... not necessarily to configure VoIP dial peer This case is similar to hairpinning which is the status of being detoured to PSTN after call bound to packet network becomes the impossible condition in terms of packet network Figure 8 7 Communication Between Dial Peers Sharing the Same Ubigate iBG2016 Configuring POTS Dial Peers To configure POTS dial peer the following should be done y Assign dial pe...

Page 631: ...lobal configuration mode 2 dial peer voice pots num Example sbm configure dial peer voice pots 10 Enters dial peer configuration mode and defines a local dial peer that connects to a POTS interface The number argument is one or more digits identifying the dial peer Valid entries are from 1 to 10000 3 destination pattern string T Matches dialed digits to a telephony device The string argument is a ...

Page 632: ...g Dial Plan Options for POTS Dial Peers When dial plan is configured the different option value should be possessed depending on how dial plan is configured To configure optional feature about POTS dial peer see the following command Command Purpose incoming called number Example sbm configure pots num incoming called number 3438 Optional Selects the inbound dial peer based on the called number di...

Page 633: ... a prefix that the system adds automatically to the front of the dial string before passing it to the telephony interface Valid entries for the string argument are 0 through 9 Configuring VoIP Dial Peers VoIP dial peer makes possible call with the particular Ubigate iBG2016 telephony device To set VoIP dial peer the followings should be done y Assign dial peer with the tag number only y Define ter...

Page 634: ...pound sign on standard touch tone dial pads can be used anywhere in the pattern The period acts as a wildcard character When the timer T character is included at the end of the destination pattern the router collects dialed digits until the interdigit timer expires 5 seconds by default or until you dial the termination character the default is The timer character must be a capital T 4 session targ...

Page 635: ...Designating this list with either dial peer or system codec list is possible The method to make codec list is as follows Setp Command Purpose 1 voice class codec num Example sbm configure voice class codec 1 Creates a voice class for a codec preference list The range for the tag number is from 1 through 10000 The number must be unique on the router 2 codec preference prefer num g711alaw g711ulaw g...

Page 636: ...nact Example sbm configure voice class sip num offer call hold conn addr optional Specifies the call hold request value rel1xx supported require system disable Example sbm configure voice class sip num rel1xx supported optional Specifies the rel1xx value uri sip sips Example sbm configure voice class sip num uri sip optional Specifies the uri value url system sip tel Example sbm configure voice cl...

Page 637: ...pending on which dial plan is possessed To configure optional dial plan feature use the following command in dial peer configuration mode Command Purpose incoming called number string Example sbm configure voip num incoming called number 024 Optional Selects the inbound dial peer based on the called number answer address string Example sbm configure voip num answer address 2445 Optional Selects th...

Page 638: ...ional Specifies the amount of time that a packet is held in the jitter buffer before it is played out on the audio path preference value Example sbm configure voip num preference 1 Optional Configures a preference for the POTS dial peer The valid range is 0 through 10 where the lower the number the higher the preference tech prefix string Example sbm configure voip num tech prefix 34 Optional Spec...

Page 639: ...d string matchs with destination pattern POTS dial peer is routed to voice port and VoIP dial peer is routed to session target Against Outbound VoIP dial peer destination pattern determines dialed digit Ubigate iBG2016 should collect and transmit The entire dial peer created in Ubigate iBG2016 should possess destination pattern Destination pattern should possess full telephone number or the partia...

Page 640: ...ne or more times Indicates a match to the beginning of the string Can be used with a single character with no other significance matching that character Indicates that the preceding digit occurred zero or one time Indicate a range A range is a sequence of characters enclosed in the brackets only numeric characters from 0 to 9 are allowed in the range Indicate a pattern and are the same as the regu...

Page 641: ...nbound matching When Voip incoming does not match due to number condition try matching the set session target and the ip address Voip peer Voip peer has protocol type and ip address To designate a network specific address to receive calls from a VoIP dial peer in addition to use session target ip address command use the session target name command in dial peer configuration mode The type of voip p...

Page 642: ... 4 DID for POTS Dial Peers Direct Inward Dialing immediately enables outbound dial peer matching with called number against call from POTS interface If it is set up in DID inbound POTS dial peer called number attempts to automatically match with destination pattern to find outbound call leg If DID is not setup on the moment of incoming call Ubigate iBG2016 transmits dial tone to caller and collect...

Page 643: ... port 0 0 3 preference 3 If priority should be given between dial peers within the set hunt group use preference command Ubigate iBG2016 first makes possible call in terms of dial peer which possesses preference in hunt group Low preference number gets higher priority When the same preference number in hunt group occurs it is selected randomly In the case of the above example dial peer 1 has prior...

Page 644: ...bm configure dial peer hunt hunt order num Set the standard of selecting dial peer within optional hunt group The selection is possible from 0 to 7 and 0 is default value 0 longest match in phone number explicit preference random selection 1 longest match in phone number explicit preference least recent use 2 explicit preference longest match in phone number random selection 3 explicit preference ...

Page 645: ... Abbreviated Abbreviated representation of the complete number as supported by this network y International Number called to reach a subscriber in another country y National Number called to reach a subscriber in the same country but outside the local network y Network Administrative or service number specific to the serving network y Reserved Reserved for extension y Subscriber Number called to r...

Page 646: ...ate a global prefix that can be used to expand the extension numbers of inbound and outbound calls into fully qualified E 164 numbers in toll by pass mode use the fxs pattern command The maximum number that could be configured is 5 Digit and dot could be entered max call num Example sbm configure dial plan max call 512 To set the maximum number of calls that a system can handle use the max call co...

Page 647: ...peer voice voip 1 y destination pattern 3456T y session target ip address ipv4 10 10 6 8 In the above example Ubigate iBG2016 waits inputting the additional digit which is undefined after receiving the number 3456 If inter digit time does not exceed inputting digit up to the maximum of 31 is possible If inter digit time exceeds Ubigate iBG2016 connects call The basic value of inter digit timeout i...

Page 648: ...hat the partial digit has not been deleted like the above In this case it is possible to make the basically executed digit strip behavior impossible with no digit strip dial peer configuration command or to enable transmitting with telephony interface by pasting the particular digit with prefix dial peer configuration command This command is supported only in POTS dial peer no digit strip command ...

Page 649: ...gulates the number of digit stripped before dialed string transmitted to the other telephony device Generally outbound POTS dial peers strips the entire digit matchable specifically with destination pattern and transmits only the matchable digit in wildcard pattern Forward digits command transmits the entire digit or the fixed number of digit among dialed digit regardless of the number of digit ma...

Page 650: ...r should dial to remote location Application is made for called number of the entire incoming call Number expansion is similar to prefix command except that it is applied to the entire dial peer and the status before matching with destination pattern The figure 33 9 shows the network of the small company which desires to use VoIP for integrating the telephone network in the current ip network Dest...

Page 651: ...mexp 6 408116 7 408117 numexp 7 408117 1 729555 numexp 1 729555 Num exp rule of the above table 33 2 should be applied to both Ubigate iBG2016 A and B Command Purpose sbm dialplan num exp extension number expanded number Configures number expansion globally for all dial peers The extension number means extension number to be expanded with the value of expanded number The expanded number argument m...

Page 652: ...ation rules to convert the five digit extension into the 10 digit format that is recognized by the central office switch Translation rule Set can be configured with translation rule up to 15 sets The kind of rule includes both match replace rule and reject rule The pattern expression in each rule uses the expression characteristic of SED like Designating translation rule set against called number ...

Page 653: ...igure voice translation rule 1 Confiruging translation rule set Creates translation rule set Ruelset id can have the single value ranging form 1 to 10000 3 1 rule match replace precedence match pattern replace pattern match type type replace type type match plan plan replace plan plan sbm configure rule 1 rule match replace 0 111 333 Configuring Reject Rule Precedence value can have the value rang...

Page 654: ...s regexp zero or more times Repeat the previous regular expression zero or one time use CTRL V in order to enter Groups regular expressions Configuring Translation Profile Creating translation profile is possible by using voice translation profile global configuration command Designating rule set in called number and calling number is possible by using translate voice translation profile command S...

Page 655: ...g trans prof name Example sbm pots 1 call block translation profile incoming trans prof name Configuring Call Block Translation Profile in Dial Peer Translation profile is used for designating call block In this case designating reject rule in rule set should be done Designates call block translation profile against incoming call Applying Translation in Voice Port Command Purpose translation profi...

Page 656: ...ommand Purpose translation profile incoming outgoing trans prof name Example sbm access group ag1 translation profile incoming prof1 Applying Translation Profile in Access Group Applying Translation in VoIP Incoming Calls Command Purpose translation profile trans prof name Example sbm voip incoming translation profile prof1 Applying Translation Profile in VoIP incoming calls translation rule calle...

Page 657: ...e the below table when it comes to the method to set access group and access list y Configuration Steps configure terminal voice access group access list access list permit access list deny optional description optional disconnect cause optional translation profile optional exit y Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2...

Page 658: ...t is impossible to input For example if permit ip member is designated with 10 10 10 0 it is possible to designate 10 10 10 10 as deny ip member 6 description string Example sbm access group name description description for access group Inputs description on optional Access group Uses Quotation mark 7 disconnect cause invalid number unassigned number user busy call rejected Example sbm access grou...

Page 659: ...runk group command users can limit the number of call made possible with the pertinent trunk group in terms of in and out By using Block trunk group command call to the pertinent trunk group is possible to prevent Multiple Trunk Group Designating trunk group as target up to 12 in POTS dial peer is possible Dial peer decreases the number of dial peer desired to configure by having more than a singl...

Page 660: ... for selecting voice port or channel Trunk group having various members uses hunt scheme to find idle channel for routing outgoing call Hunt scheme provided in Ubigate iBG2016 is random round robin sequential Assume the three trunk groups A has the preference value which is the smallest Let s assume that C has the biggest value and B has the larger value than A Optional parameters can modify the s...

Page 661: ...es not have any available both numbered channel the search tries to find an channel in the next highest trunk group member which is C If successful that channel is used for the call routing A new idle channel request would start with A Sequential Regardless of the previously selected channel it is similar to the round robin method except the fact it finds the empty channel from the beginning part ...

Page 662: ...hen call is made to the termination telephone or PBX Figure 8 10 Example of PLAR configuration How to Configure PLAR y Configuration Steps configure terminal voice port connection plar exit Internet Backbone iBG2016 A iBG2016 B FXS FXO PABX Voice port PLAR SIP Direct Call Setup Dial peer voice voip 1 destination pattern yyy dtmf relay sip notify codec g729a session target ip address ipv4 iBG2016 2...

Page 663: ...Enters global configuration mode 2 voice port slot subslot port Example configure voice port 0 0 0 Enters voice port configuration mode 3 connection plar digit string Example configure voice port slot subslot port connection plar 01034381234 Enters connection mode for voice port 4 exit Example configure voice port slot subslot port exit Exits the current mode ...

Page 664: ...nd to a dial peer Figure 8 11 Example of PLAR OPX configuration Internet Backbone iBG2016 A iBG2016 B FXS FXO PABX Voice port PLAR SIP Direct Call Setup Dial peer voice voip 1 destination pattern yyy dtmf relay sip notify codec g729a session target ip address ipv4 iBG2016 2 Dial peer voice pots 2 destination pattern xxx port slot subslot port Voice port slot subslot port timing hookflash out 500 c...

Page 665: ...e port slot subslot port Example configure voice port 0 0 0 Enters voice port configuration mode 3 connection plar opx digit string Example configure voice port slot subslot port connection plar opx 01034381234 Enters connection mode for voice port 4 exit Example configure voice port slot subslot port exit Exits the current mode PLAR and PLAR OPX are able to configure in SCM interworking mode When...

Page 666: ...going cor list of outgoing dial peer The names are the values of any string so a user can define it easily Next stage defines how many call admission groups are needed Each group defines COR list Designate COR list to a dial peer and it that means defining the number of calls which an incoming dial peer can make Number Description dial peer cor custom name 2a name 6a name 060b dial peer cor list l...

Page 667: ...tailed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 dial peer cor custom Example sbm configure dial peer cor custom Enters COR configuration mode 3 name cor name Example sbm configure custom name corname1 Defines COR name This step should be repeated as many as COR names 4 exit Example sbm configure custom exit Exits COR configuratio...

Page 668: ...e exit Exits COR list configuration mode 8 dial peer voice pots voip num Example Sbm configure dial peer voice pots voip 10 Creates dial peer 9 corlist incoming cor list name Example Sbm configure pots num corlist incoming corlist1 When the appropriate dial peer is used as incoming set up a cor list 10 corlist outgoing cor list name Example Sbm configure pots num corlist outgoing corlist2 When the...

Page 669: ...ame corname3 COR list list1 member corname1 member corname2 COR list list2 member corname2 member corname3 y To check COR list which dial peer is set use show dial peer voice command VoiceEncapPeer1 Dial Peer Common Info id 1 type pots description admin state up operation state up destination pattern 1001 answer address preference 0 numbering type none incoming called number connections maximum 0 ...

Page 670: ...CHAPTER 8 Routing and Digit Manipulation 616 SAMSUNG Electronics Co Ltd This page is intentionally left blank ...

Page 671: ...nder a VoIP environment the following methods are supported y pass through High bandwidth codec y T 38 The method using Pass through High bandwidth codec transmits fax through the use of voice stream of G 711 alaw or G 711 ulaw and the method using T 38 exchanges the T 38 Internet Fax Protocol IFP packets to transmit the real time Group 3 fax documents which is the ITU T recommendation Regardless ...

Page 672: ...ng High bandwidth codec G 711 alaw or G 711 ulaw and the setting in VoIP dial peer configuration mode has a priority over the setting in voice service configuration mode 1 fax protocol pass through command in VoIP dial peer configuration mode y Configuration Steps configure terminal dial peer voice voip fax protocol pass through exit y Detailed Steps Step Command Purpose 1 configure terminal Examp...

Page 673: ... voice service voip fax protocol pass through exit y Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 voice service voip Example configure voice service voip Enters voice service configuration mode 3 fax protocol pass through Example configure voice service voip fax protocol pass through g711alaw specifies a high bandwidth codec...

Page 674: ...ps configure terminal dial peer voice voip fax protocol t38 fax rate fax error correction mode exit y Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 dial peer voice voip Example configure dial peer voice voip 1000 Enters VoIP dial peer configuration mode 3 fax protocol t38 Example configure dial peer voice voip 1000 fax protoc...

Page 675: ...uration mode y Configuration Steps configure terminal voice service voip fax protocol t38 fax rate fax error correction mode exit y Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 voice service voip Example configure voice service voip Enters voice service configuration mode 3 fax protocol t38 Example configure voice service vo...

Page 676: ...ice service voip fax rate 14400 specifies fax transmission speed 5 fax error correction mode Example configure voice service voip fax error correction mode enables fax relay Error Correction Mode ECM to disable ECM use no fax error correction mode command 6 exit Example configure voice service voip exit Exits the current mode ...

Page 677: ... a called party does not reply to forward automatically all the calls incoming to a subscriber toward the pre designated number inside or outside the system Call Hold and Retrieve This is the function allows you to place a call on hold try a new call and retrieve the call Call Park The Call Park feature allows you to place a call on hold so it can be retrieved from another phone in the Call Manage...

Page 678: ...riginates a new call to an extension number you want to transfer your call It is the function to transfer a call by hooking on a phone when a ring tone is given to a target extension subscriber to transfer If the target does not reply the call is re terminated toward the transferring subscriber Call Transfer Consultative Call Transfer holds a call in conversation and originates a new call to an ex...

Page 679: ...ll Intrusion With the call override function when a subscriber A and B registered with this function are busy in an emergency status if A or B are called and they are busy if a subscriber presses the number of A or B followed by the feature code the conference call is established between A B and such subscriber Privacy If a subscriber does not want interruption during call with other subscriber ac...

Page 680: ...after registering the Call Manager subscribers as the member of a group call all the members can talk over the phone at the same time Distinctive Ring This function is to transmit distinctively designated rings according as the terminating call of a subscriber is on net or off net Music On Hold Service Music On Hold Service enables call held party to listen to music designated in the Call Manager ...

Page 681: ...unction at FXS voice port follow the below procedures y Configuration Steps configure terminal voice port caller id enable exit y Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 voice port slot subslot port Example configure voice port 0 1 2 Enters Voice Port configuration mode 3 no caller id enable type1 type2 Example configur...

Page 682: ...er to deploy network wide to syncronize the usage of feature code No Command Purpose 1 activate call conference It is the feature code to dial prior to a phone number to call a third party or another for conference call During generic call between A and B do a hook flash and then dial active call conference feature C number When the call between A and C is placed do hook flash again to proceed wit...

Page 683: ...u do hook flash during a busy status and dial the disable call waiting for current call feature code the Call waiting service is disabled for the duration of such call If such call is released the service is enabled again 6 disable call waiting for next call This function disables the Call waiting service for a new call If you dial the disable call waiting for next call feature code in front of th...

Page 684: ...l home no User ID Password VMS URI Used Services CTR CWT CPU GPU CID LCR MOH PARK TWC CC GRC CINT OVRD CTR Call Transfer CWT Call Waiting CPU Call Pickup GPU Group Call Pickup CID Calling Line Identification LCR Last Call Redial MOH Music On Hold PARK Call Park TWC Three Way Call CC Conference Call GRC Group Call CINT Call Intrusion OVRD Call Override Call forward any Call forward busy Call forwar...

Page 685: ...all forward busy Call forward no answer Group pickup number 20003 Auth User ID Auth Password 2700 Algorithm global MD5 Realm global qop auth int global no iBG_03 show voip sip service list ID EXT CFA CFB CFN CTR CWT CPU GPU CID CGD LCR MOH PRK TWC CC HLN GRC CB PRI CIN OVR F 1 2130 use use use use use use use use use use use use use F 2 2131 use use use use use use use use use use use use use S 1 ...

Page 686: ...he system Call Forward NoAnswer It is the function when a called party does not reply to forward automatically all the calls incoming to a subscriber toward the pre designated number inside or outside the system Call Hold and Retrieve This is the function allows you to place a call on hold try a new call and retrieve the call Call Pickup Group It is the function that another subscriber can answer ...

Page 687: ...n and originates a new call to an extension number you want to transfer your call It is the function to transfer a call by hooking on a phone when a ring tone is given to a target extension subscriber to transfer If the target does not reply the call is re terminated toward the transferring subscriber Call Transfer Consultative Call Transfer holds a call in conversation and originates a new call t...

Page 688: ...hone in FXS voice port How to Configure Voice Port for CLID To enable the Caller Id function in FXS voice port follow the below procedures y Configuration Steps configure terminal voice port caller id enable exit y Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 voice port slot subslot port Example configure voice port 0 1 2 En...

Page 689: ...ber can answer the phone when a call is terminated to an extension subscriber and rings It is the function that when a call is terminated to a subscriber of a group picks up the call by dialing the number of the group Call Waiting and Retrieve Call waiting lets users receive a second incoming call on the same line without disconnecting the first call When the second call arrives the user receives ...

Page 690: ... y Configuration Steps configure terminal voice port caller id enable exit y Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 voice port slot subslot port Example configure voice port 0 1 2 Enters Voice Port configuration mode 3 no caller id enable type1 type2 Example configure voice port 0 1 2 caller id enable type1 Enables or ...

Page 691: ...inal Example configure terminal Enters global configuration mode 2 voice port slot subslot port Example configure voice port 0 1 2 Enters Voice Port configuration mode 3 no caller id block Example configure voice port 0 1 2 caller id block Block or re enable the caller id of the calls made from this port 4 Exit Example configure voice port 0 1 2 exit Exits the current mode How to Configure for Cal...

Page 692: ... group exit y Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 dial peer voice pots tag Example configure dial peer voice pots 11 Enters POTS Dial peer configuration mode 3 no call pickup group group number Example configure dial peer voice pots 11 call pickup group 8400 Specifies call pickup group number for Call Pickup service...

Page 693: ...l Example configure terminal Enters global configuration mode 2 dial peer voice pots tag Example configure dial peer voice pots 11 Enters POTS Dial peer configuration mode 3 no call waiting Example configure dial peer voice pots 11 call waiting Enables or Disables Call waiting and retrieve service 4 Exit Example configure dial peer voice pots 11 exit Exits the current mode How to Configure Call Tr...

Page 694: ...rminal Example configure terminal Enters global configuration mode 2 voice port slot subslot port Example configure voice port 0 1 2 Enters Voice Port configuration mode 3 ring cadence on net ring type Example configure voice port 0 1 2 ring cadence on net bellcore01 Specifies On Net Ring type for the voice port 3 ring cadence off net ring type Example configure voice port 0 1 2 ring cadence off n...

Page 695: ...ng to the maximum number of calls allowed on a system wide basis and a dial peer basis For example Local CAC provides a function to cut off calls when there are more than 10 calls in excess of the bandwidth allocated in the network interface since it is set to have less than 10 calls in a WAN network interface Max call for system Max call for system is the function to set max limitation calls in t...

Page 696: ...on procedure y Configuration Steps configure terminal call admission max call exit y Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 6 Call admission max call Example configure call admission max call Configure max call 7 Exit Example configure exit Exits the current mode call admission max calls 2000 In Call Manager interworking...

Page 697: ...f heavy traffic Figure 10 1 DS0 Limitation Max call per dial peer Provides a way to limit the number of max connection of Dial peer A user is able to set this using max conn command in dial peer configuration mode This is a way to control connection number available at the same time in Dial peer for Outbound in order that current connection may not exceed the connection number set This tool is eas...

Page 698: ...y egress WAN link it provides little or no protection for links in the network backbone y It does not work for IP telephony applications that do not use dial peers y It is limited to simple topologies y It does not react to link failures or changing network conditions Figure 10 2 max call per dialpeer In Call Manager interworking mode the mechanism of Max call per dial peer is not used PBX iBG2016...

Page 699: ...726 24 kbps 40 kbps G 726 32 kbps 48 kbps G 728 32 kbps G 729 all versions 24 kbps In Call Manager interworking mode mechanism of Voice Bandwidth is not used Local voice busyout Local voice busyout monitors the status of Ethernet WAN etc and set a certain port or Digital trunk timeslot to busyout An operator is also able to set voice port DS0 group voice port BRI port and Digital trunk timeslots t...

Page 700: ...rejected the call and hairpinned it CCS trunk types manage this hairpinning problem because cause code information can be returned to the PBX that triggers rerouting logic However on CAS trunks the PBX does not know what went wrong and unless digits are manipulated in the gateway the PBX cannot easily make a decision to reroute the call over a different trunk group LVBO provides the outgoing gatew...

Page 701: ...provides the method used in busyout monitoring Gateway monitoring works upon down To configure a voice port to enter the busyout state if connectivity to the gatekeeper is lost use the busyout monitor gatekeeper command in voice port configuration mode To disable use the no form of this command busyout monitor gatekeeper no busyout monitor gatekeeper SIP server monitoring This can check out the st...

Page 702: ...to service its state changes to up If the keyword is not entered the voice port is busied out when all monitored interfaces go out of service their state changes to down WAN link monitoring Wan link monitoring detects the links of interfaces configured as WAN and provides busyout monitoring that used WAN link in order to set up release busyout according to down up of WAN link and supports to set u...

Page 703: ...ing SIP OPTIONS message for the system designated to IP address busyout monitor ip address ip address no busyout monitor ip address ip address Class monitoring To make busyout monitoring of busyout class of a voice port use busyout monitor class command in voice port configuration mode To remove busyout monitoring of busyout class use no command Refer voice class busyout section for more inforatmi...

Page 704: ... from the busyout state use the no form of this command ds0 busyout ds0 time slot no ds0 busyout ds0 time slot ds0 time slot DS0 time slots to be forced into the busyout state Range is from 1 to 24 and can include any combination of time slots voice class busyout This sets up resources information to be monitored using busyout in which items are collected voice class busyout tag no voice class bus...

Page 705: ...bundle interface to busyout monitoring class busyout monitor sip server y add sip server or call server status to busyout monitoring class busyout monitor gatekeeper y add gatekeeper status to busyout monitoring class busyout monitor ip address y add SIP UA by ip address status to busyout monitoring class To check set up and status information on voice class busyout a user is able to use show voic...

Page 706: ...less than the low value To monitor utilization which is the global resource of Ubigate iBG2016 gateway A user can set it up using call admission threshold global command that is the global CAC configuration and release it using no command A user is able to call admission control monitor utilization by using cpu 5sec cpu avg trigger of call admission threshold global call admission threshold global...

Page 707: ...al CAC configuration and release it using no command A user is able to call admission control monitor utilization by using total mem trigger of call admission threshold global Call admission threshold global trigger name low value high value busyout treatment no call admission threshold global trigger name low 0 high 0 show call admission threshold config Trigger name is the value of total mem aga...

Page 708: ...the threshold according to utilization of DSP chip mounted in the system not to utilization of DSP resource use call admission threshold alarm max dsp and change the initial value using no command The initially set min value is 70 and max value is 80 The initial min value is 70 and max value is 80 call admission threshold alarm max dsp min value maj value no call admission threshold alarm max dsp ...

Page 709: ...mber of steps in a sliding window The range is from 3 to 10 y size The size of the step in milliseconds The range is from 100 to 2000 A user is able to limit incoming calls in intervals of size time using call admission spike command Size and step make windows the windows are made by size intervals and a size of a window would be size step The relationship between size and step is drawn in the fig...

Page 710: ...mission treatment action reject hairpin cause code When the call treatment is enabled and the call treatment is reject use the call admission treatment causecode command in a global configuration mode to select the error code to be used for rejection and use no command to release it call admission treatment causecode busy no resource no call admission treatment causecode busy no resource isdn reje...

Page 711: ... about RAISE CLEAR of alarm using show system logging buffered Table 11 1 Alarm List Alarm Name Level Description MaximumCallLimitMaj Major Exceeding a threshold of the system maximum call limit Major thresholds MaximumCallLimitMin Minor Exceeding a threshold of the system maximum call limit Minor thresholds DSPChannelLimitMaj Major Exceeding a threshold of the DSP channel capacity limit Major thr...

Page 712: ...max call min value Is the percentage of current call count against max call count that minor alarm would be created maj value Is the percentage of current call count against max call count that major alarm would be created Set up max call used as the basis using call admission max calls command in global configuration command mode A user is able to check current value set with show running config ...

Page 713: ...y whether ports are connected or not in analog channels of FXS card using loop start Falut The fault which might be occurred related to Voice Feature of Ubigate iBG2016 is a fault related to DSP and Voice Task When a fault is occurred a user has to restore it by resetting the system Table 11 2 Falut List Fault Name Description DSP init fail Fail to Initialize DSP resource Voice task fail Voice tas...

Page 714: ... Command Explanation show statistics call pots call voip call checks statistics of whole call POTS call and VoIP call clear statistics all call initializes statistics of whole call call Call Statistics Item Table 11 4 Call Statistics Item Item Object explanation Inbound Total Calls Num POTS VoIP Call Incoming call number Outbound Total Callse Num POTS VoIP Call Outgoing call number Inbound Success...

Page 715: ...rmal Inbound Abandon Calls Num POTS VoIP Call Incoming abandon call number of incoming not answerd calls with normal cause Outbound Abandon Calls Num POTS VoIP Call Outgoing abandon call number of outgoing not answerd calls with normal cause Canceled Calls Num Call Cancelled calls number of calls encountering the originating side having been disconnected before the outgoing calls were connected Ex...

Page 716: ...g request Req Info Num Number of information messages the gateway has received inbound and how many have been transmitted outbound Req Invite Num Number of Initiates a call Req Notify Num Number of Notify requests Req Options Num Number of Request an Options Req Prack Num Number of a PRACK request Req Register Num Number of Register requests Req Subscriber Num Number of Subscribe requests Req Refe...

Page 717: ... the message is queued Session Progress Num 183 Indicates in band alerting Accepted Num 202 A successful response to a Refer request received Multiple Choices Num 300 The address resolved several choices UA can select preferred communication Moved Permanently Num 301 User is no longer available at this location Moved Temporarily Num 302 User is temporarily unavailable Use Proxy Num 305 Caller must...

Page 718: ... Extension Num 420 Server could not understand the protocol extension in the Require header Extension Required Num 421 The UAS needs a particular extension to process the request but this extension is not listed in a Supported header field in the request Session Interval Too Small Num 422 The request contains a Session Expires header field with a duration below the minimum timer for server Interva...

Page 719: ... processing the request Not Implemented Num 501 Service or option not implemented in the server or gateway Bad Gateway Num 502 Network is out of order Service Unavailable Num 503 Server is temporarily unable to process the request due to a temporary overloading or maintenace of ther server Server Timeout Num 504 Server could not produce a response before the Expires time out Version Not Supported ...

Page 720: ...the gateway has received and transmitted Setup Acknowledge Number of SetupAcknowledge messages the gateway has received and transmitted Call Proceeding Number of CallProceeding messages the gateway has received and transmitted Progress Number of Progress messages the gateway has received and transmitted Alerting Number of Alerting messages the gateway has received and transmitted Connect Number of...

Page 721: ...eceived and transmitted GatekeeperReject Number of GRJ messages the gateway has received and transmitted RegistrationRequest Number of RRQ messages the gateway has received and transmitted RegistrationConfirm Number of RCF messages the gateway has received and transmitted RegistrationReject Number of RRJ messages the gateway has received and transmitted UnregistrationRequest Number of URQ messages...

Page 722: ...Number of LCF messages the gateway has received and transmitted LocationReject Number of LRJ messages the gateway has received and transmitted InfoRequest Number of IRQ messages the gateway has received and transmitted InfoRequestResponse Number of IRR messages the gateway has received and transmitted NonStandardMessage Number of Non Standard message the gateway has received and transmitted Unknow...

Page 723: ... MasterSlaveDeterminationRel ease Number of MasterSlaveDeterminationRelease messages the gateway has received and transmitted TerminalCapabilitySet Number of TerminalCapabilitySet messages the gateway has received and transmitted TerminalCapabilitySetAck Number of TerminalCapabilitySetAck messages the gateway has received and transmitted TerminalCapabilitySetReject Number of TerminalCapabilitySetR...

Page 724: ...es the gateway has received and transmitted RequestChannelCloseRelease Number of RequestChannelCloseRelease messages the gateway has received and transmitted RequestMode Number of RequestMode messages the gateway has received and transmitted RequestModeAck Number of RequestModeAck messages the gateway has received and transmitted RequestModeReject Number of RequestModeReject messages the gateway h...

Page 725: ...Debug Mode This is the function that shows an appropriate call log after a voice call There are parameters of in out all that set up Incoming Outgoing and deb0 deb1 info all that set up levels Especially set up log commands when displaying debug Message of a specific port Table 11 11 Voice Call Control Debug Command Purpose Debug vcc ascc Analog Signal Call Control debug Debug vcc ccac CCAC debug ...

Page 726: ...s is the function that shows a debug message of H323 and shows the contents of stack and call control Log displays an appropriate calling number and called number All displays a debug message regardless of calling called number Table 11 13 H323 Debug Command Purpose Debug h323 stack h323 stack related command Debug h323 vcc h323 Voice Call Control related command Debug h323 log h323 calling or cal...

Page 727: ... deb1 info all of the displayed message Especially debug voice off command is to off all the debugs related to voice Table 11 15 Voice Debug Command Purpose Debug voice base BASE LIB debug Debug voice bcc Basc Call Control LIB debug Debug voie cac Call Admin Control debug Debug voice log LOG class debug Debug voice nrc Number Resource Control debug Debug voice off debug voice off Debug voice rmdh ...

Page 728: ...on those universal gateways that are configured for AAA How to Configure RADIUS server Set up AAA configuration first and then set up gw accounting y Configuration Steps configure terminal aaa authentication login aaa radius voip gateway gw accounting exit y Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 aaa authentication log...

Page 729: ...re aaa radius primary 10 254 167 244 configure aaa radius shared testing123 Configure RADIUS 5 voip gateway Example configure voip gateway Enter voip gateway configuration mode 6 gw accounting Example configure voip gateway ga accounting Configure gw accounting enable 7 Exit Example configure voip gateway exit Exits the current mode ...

Page 730: ...D Attribute type 30 Length 3 This Attribute allows the NAS to send in the Access Request packet the phone number that the user called using Dialed Number Identification DNIS or similar technology Note that this may be different from the phone number the call comes in on It is only used in Access Request packets Calling Station ID Attribute type 31 Length 3 This Attribute allows the NAS to send in ...

Page 731: ...cket MAY have an Acct Session Id if it does then the NAS MUST use the same Acct Session Id in the Accounting Request packets for that session vendor specific attribute Vendor specific attributes used in the Ubigate iBG2016 system are arranged in the following table and the values of VSA attribute field are as followings y Type field 26 y Length field 7 byte vendor string field has to be more than ...

Page 732: ... is YYYYmmddHHMMSS For example at 08 09 10 on the 2nd of January in 2000 input 20000102080910 Connect time VSA No 16 Length 40 Calling setup time and time format is YYYYmmddHHMMSS For example at 08 09 10 on the 2nd of January in 2000 input 20000102080910 Disconnect time VSA No 17 Length 40 Calling disconnect time and time format is YYYYmmddHHMMSS For example at 08 09 10 on the 2nd of January in 20...

Page 733: ... mode set up the additional functions described in this section Configuring Call Forward for Survivable Telephony This section describes how to set up Call Forwarding Feature in Survivable Telephony mode Generally Call Forwarding in Survivable Telephony mode progresses according to the situation of Call Manager interworking That is it operates as a subscriber set up in Call Manager interworking mo...

Page 734: ...usy exit y Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 voip fallback Example configure voip fallback Enters VOIP Fallback configuration mode 3 call forward busy forward number Example configure voip fallback call forward busy 4400 Specifies Call forward Number for Call Forward Busy in Survivable Telephony mode 4 Exit Exampl...

Page 735: ...ack call forward noan 4400 timeout 30 Specifies Call forward Number and no answer timeout duration for Call Forward NoAnswer in Survivable Telephony mode 4 Exit Example configure voip fallback exit Exits the current mode If a call forwarding number is configured in subscriber s profile it uses that forwarding number first and the timeout value is 30 second After 30 second if still there is no answ...

Page 736: ...lephony mode it sets up the message that would be sent to SIP phone as following procedures The basic message is Survivable Mode y Summary Steps configure terminal voip fallback system message survivable exit y Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 voip fallback Example configure voip fallback Enters VOIP Fallback con...

Page 737: ...Steps configure terminal voip fallback system message normal exit y Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 voip fallback Example configure voip fallback Enters VOIP Fallback configuration mode 3 system message normal system message Example configure voip fallback system message normal Normal Mode Specifies message cont...

Page 738: ... incoming COR list is same as the outgoing COR list or less than the outgoing COR list How to Configure COR list When Call Manager interworking mode is converted to Survivable Telephony mode a user is able to register up to 20 COR lists that is to apply y Summary Steps configure terminal voip fallback cor incoming outgoing cor list name cor list number starting number ending number exit y Detailed...

Page 739: ...le rule set id rule precedence match pattern replace pattern exit y Detailed Steps Step Command Purpose 1 configure terminal Example configure terminal Enters global configuration mode 2 voice translation rule rule set id Example configure voice translation rule rule set id Defines a translation rule for voice calls and enters voice translatioon rule configuration mode 3 rule match replace num mat...

Page 740: ...mple configure terminal Enters global configuration mode 2 voice translation profile prof name Example configure voice translation profile name1 Defines a translation profile for voice calls 3 translate called calling rule set id Example configure voice translation profile prof name translate called 11 Associates a voice translation rule with a voice translation profile 4 Exit Example configure vo...

Page 741: ...rpose 1 configure terminal Example configure terminal Enters global configuration mode 2 voip fallback Example configure voip fallback Enters VOIP Fallback configuration mode 3 translate called calling rule set id Example configure voip fallback translate called 11 Applies a translation rule to modify the phone number dialed or received by IP phone user while fallback is active 4 Exit Example conf...

Page 742: ...ters VOIP Fallback configuration mode 3 translation profile incoming outgoing prof name Example configure voip fallback translation profile incoming prof1 Applies a translation profile to modify the phone number dialed or received by IP phone user while fallback is active 4 Exit Example configure voip fallback exit Exits the current mode If translation rule or translation profile is ocnfigured in ...

Page 743: ... reserved Information in this manual is proprietary to SAMSUNG Electronics Co Ltd No information contained here may be copied translated transcribed or duplicated by any form without the prior written consent of SAMSUNG Information in this manual is subject to change without notice ...

Page 744: ...EQBD 000071 Ed 00 ...

Reviews:

No comments

Brands by name

Popular brands

Load more brands