background image

 

 

 

 

 

 

 

 

 

 

 

138 

 Step 3: ETM® System Configuration 

 

 

 

 

 

 

 

 

 

 

 

 

Configuring AAA Services 

If you did not purchase a AAA Appliance, you can skip this section and 
continue with "Configuring Management Server Settings" on page 148. 

If you purchased and installed a AAA Appliance, you configured the 
network connection information via the serial port of the Card and assigned 
the AAA Server an IP address during out-of -box configuration. To enable 
the AAA Server to connect to the Management Server, the AAA Server's IP 
address must be in the Management Server's list of valid IP addresses. If 
you have not already done so, see "Authorizing Cards to Connect to the 
Management Server" on page 68. 

Configuring the AAA Service consists of the following tasks, described in 
detail in the procedures below: 

1.

 

Name the AAA Server and add a comment, if desired. 

2.

 

Select message types for various prompts. 

3.

 

Set authorization security preferences. 

4.

 

Set configuration parameters for AAA Server communication with 
Spans. 

5.

 

Configure the modems in the AAA Server. 

After AAA Services is installed and configured, refer to the 

Voice Firewall 

User Guide 

for

 

instructions for using AAA Services.  

To name the AAA Service and add a tool tip comment 

1.

 

In the 

Platform Configuration

 subtree, right-click the 

AAA 

Service 

icon, and then click 

Edit AAA Service

. The 

AAA Service 

Configuration

 dialog box appears.  

 

2.

 

Click the 

General

 tab.  

Naming the AAA 
Service and 
Adding a Tool 
Tip Comment 

The 

MAC Address

 

and 

Application Type

 

boxes are not editable.  

Summary of Contents for ETM System

Page 1: ...DOC IN ETM630 2011 1031 Release 6 3 0 ETM System Installation Guide...

Page 2: ...ogix Solutions are currently securing and managing over two million enterprise phone lines The company s customers span nearly every industry vertical from regional banks and hospitals to the largest...

Page 3: ...rotected by one or more of the following patents US 6 249 575 B1 US 6 320 948 B1 US 6 687 353 B1 US 6 718 024 B1 US 6 735 291 B1 US 6 760 420 B2 US 6 760 421 B2 US 6 879 671 B1 US 7 133 511 B2 US 7 23...

Page 4: ...HELP 1 877 752 4435 support securelogix com http support securelogix com SecureLogix Corporation offers telephone email and web based support For details on warranty information and support contracts...

Page 5: ...ecuring ETM System IP Data Network Traffic 16 Installation Quick Start 17 Understanding the Installation Process 17 Installation Process 17 Step 1 Software Installation 21 Introduction 21 Minimum Syst...

Page 6: ...Report Server Host Computer 44 Edit the hosts File for the Report Server 45 Edit the twms properties File for the Report Server 45 Edit the Report Server Configuration File 46 Step 4 On the ETM System...

Page 7: ...80 Installing Card Software 80 SIP Appliances Only 82 Configuring Telco Spans 83 How These Instructions are Organized 83 Single or Multi Span Configuration 83 Single Span Configuration 83 Multi Span...

Page 8: ...figuring AAA Server Modems 146 Importing AAA Server Configuration 147 Configuring the Call Recorder 148 Configuring Management Server Settings 148 Authorize Remote Client Connections 148 Associate a R...

Page 9: ...nce Connector Pinouts 184 10 100 Base T Ethernet Port Pinout 184 Auxiliary and Console Port Pinout 184 CO Port Pinout 185 PBX Port Pinout 185 Appendix B Removing and Replacing Appliance Components 187...

Page 10: ...Names Reference 201 Directories Created by the Database Creation Script 201 Windows Service Name 202 File Names and File Locations 202 Appendix E Appliance Status LEDs 203 LED Descriptions 203 Telco...

Page 11: ...r creating and managing Firewall Policies and instructions for viewing results of Policy monitoring and enforcement Voice IPS User Guide Provides an overview of the Voice IPS Intrusion Prevention Syst...

Page 12: ...ts via the SecureLogix Knowledge Base online at the following web address http support securelogix com The following conventions are used in this guide Functions that require two or more mouse clicks...

Page 13: ...s to communicate This approach helps minimize unforeseen complications arising from unique characteristics of a site s phone system or TCP IP network Typically ETM Appliances install transparently in...

Page 14: ...0 supports only IPv4 ETM 1060 Call Recording Cache CRC Appliances can be located anywhere that has TCP IP network connectivity for communication with the Recording Spans ETM Server and Collection Serv...

Page 15: ...em deployment IP network traffic exists between Management Servers and Appliance components the ETM System Console and the ETM Database Downloading new software to multiple Cards simultaneously can cr...

Page 16: ...e traffic The ETM System generates a low to moderate level of IP data network traffic that could contain sensitive information The ETM System includes 3DES encryption that secures data transmitted amo...

Page 17: ...of the following sequence of steps The checklist below is provided for you to check off each step of the installation as it is completed Install the ETM Software ETM Server Report Server Database Mai...

Page 18: ...ll the Appliance s in the rack p 50 Connect the SMDR cable if applicable p 51 Connect power AC or DC to the Appliances p 52 Using a direct serial connection to each Appliance Card perform initial netw...

Page 19: ...es Refer to the Call Recorder User Guide for instructions for recording and accessing calls with the Call Recorder Refer to the ETM System Administration and Maintenance Guide for task oriented instru...

Page 20: ...20 Installation Quick Start...

Page 21: ...TCP IP you can install all of the ETM applications on the same computer or you can install components on separate computers in any combination Components can also be installed on different supported o...

Page 22: ...at http support securelogix com or contact Customer Support Install the ETM Software See the minimum system requirements on the SecureLogix Knowledge Base at http support securelogix com or call Secu...

Page 23: ...eady logged on as the root user use the su command to change to the root account 3 Insert the installation CD into the CD ROM drive 4 Change your working directory to usr local by typing at the prompt...

Page 24: ...lications press ENTER To install a subset of the packages enter the numbers for the package to install separated by commas For example to install only the ETM Management Server and Report Server packa...

Page 25: ...ng on one of these operating systems Ensure a user with Administrator privileges installs the ETM System applications and then run the applications as Administrator rather than local user Install the...

Page 26: ...on includes the ETM Client applications Database Maintenance Tool and ETM System documentation optionally you can select to install the ETM Management Server Report Server and AAA Services application...

Page 27: ...e purchased AAA Services clear the check box if you have not purchased AAA Services and then click Next Advanced Allows customization of which program features will be installed where they will be ins...

Page 28: ...rrent Destination Folder dialog box appears Type a new path and then click OK 8 Click Next The System Identification dialog box appears displaying the computer s system ID The System ID is required to...

Page 29: ...Email support securelogix com 2 Provide your System ID to SecureLogix Customer Support and let them know whether you purchased the Call Recorder To view your System ID Solaris a Open an XTerm or othe...

Page 30: ...t of the box Card configuration in Initial Card Configuration on page 54 To change the Management Server TCP IP port for Card connections 1 On the Management Server computer open twms properties in a...

Page 31: ...eLogix Knowledge Base at http support securelogix com Since the procedure for installing and configuring the Oracle DBMS varies according to the operating system on which it is to be installed and the...

Page 32: ...orting directory listings and city state data files On a remote ETM Server installation install the Oracle Client Tools and then copy tnsnames ora and listener ora from ORACLE_HOME network admin to th...

Page 33: ...vers using this database schema It is strongly recommended that you have only one ETM Data Instance per schema 5 Create a data instance for the ETM Server Each ETM Server uses a specific data instance...

Page 34: ...enance Tool is installed click Start Programs SecureLogix ETM System Software Utilities ETM Database Maintenance Tool The database connection information you provide enables the ETM Database Maintenan...

Page 35: ...the Standalone Databases tree of the ETM Database Maintenance Tool right click the database and then click Connect The Login dialog box appears 2 In the Username box type the username that authorizes...

Page 36: ...n click Repair Table to correct the problem Indicates a missing expected table Right click the table and then click Create Table to create the table Indicates views and temporary tables created and ma...

Page 37: ...own arrow and then select your locale from the list of supported locales 7 The Allowed Client IP Address box is used to specify the IP address of the computer from which you will initially log in via...

Page 38: ...ver by default connects to the database through the database owner account The Management Server really only needs to change data it does not need to drop or create objects A non owner database user a...

Page 39: ...ing commands as an example Replace RUNUSER with the name of the user GRANT ALTER SESSION TO RUNUSER GRANT CREATE PROCEDURE TO RUNUSER GRANT CREATE SESSION TO RUNUSER GRANT CREATE SNAPSHOT_PERM TO RUNU...

Page 40: ...atabase preparation is complete If the Management Server is installed on a different computer from the Database Maintenance Tool do one of the following If no previous modifications have been made to...

Page 41: ...e no port conflict exists Determine the fully qualified host name of the computer on which the Management Server and the Report Server are installed These can be the same or different computers Determ...

Page 42: ...computer open the hosts file in a text editor The default location for the hosts file is the following Solaris etc Windows 2000 C WinNT system32 drivers etc Windows 2003 C Windows system32 drivers etc...

Page 43: ...4 Locate the line that reads DispatcherPort 6991 This is the default port that ETM client applications connect to when initiating a data communication socket with the Management Server If this port is...

Page 44: ...me com where the hostname com is replaced with either the correct fully qualified domain name or the IP address for the host To determine whether the host name will resolve correctly on Windows At a c...

Page 45: ...e remote Usage Managers to connect to the Report Server you must edit the twms properties file on the Report Server computer whether on the same computer as the Management Server or a different one To...

Page 46: ...useLocalHostName True For most computers these parameters will resolve the fully qualified domain name However in some cases they will resolve to the IP address of the computer instead typically when...

Page 47: ...ne mapping the Report Server s IP address to the fully qualified hostname in the same way as described for the Management Server 4 Save the modified file Required modifications vary depending on the f...

Page 48: ...ts the source port Allow traffic to port 4313 or alternate user defined port to pass from remote Appliances to the Management Server if the system is deployed in a distributed architecture Allow Manag...

Page 49: ...t rack or on the wall 3 Connect the SMDR cable to the Card that is to be the SMDR provider for the Switch if SMDR is used 4 Connect the power cable and power on the Appliance 5 1050 AAA only Connect t...

Page 50: ...idle 2 Flip the latches inward until you hear them lock 3 Insert the screws into the latches and hand tighten with a screwdriver to secure the Digital Trunk Interface in the chassis 4 At the front of...

Page 51: ...e 2 Use the appropriate type of screws not included to attach the brackets to the wall One telco Appliance Card monitoring calls at a given PBX can be connected to the SMDR CDR port on the PBX to tran...

Page 52: ...onfiguration the Card will begin initiating contact with the Server however it will be unable to establish a connection until you add its IP address to the Server s list of authorized Card IP addresse...

Page 53: ...e 1 Connect the wire harness to the 48V and RTN terminals at the rear of the Appliance 2 With power disconnected from the power source connect the wire harness to a 36 to 72VDC 7 9A power supply that...

Page 54: ...nly IPv4 Management Server IP Address DES Key This key must always be in sync between the Card and the Management Server because DES encryption is always used during the initial Card Server handshake...

Page 55: ...the Performance Manager A password can be any combination of characters It must be a minimum of eight characters in length and must include at least one change of case and one digit 6 At the Select a...

Page 56: ...ue via the Performance Manager if needed 13 At the Select Card security posture prompt type one of the following HIGH Telnet is disabled and network and security configuration changes are only allowed...

Page 57: ...the Performance Manager However if you need to change the Span type you should provide the Span license now To license additional Spans 1 After the Card reboots log in again and enter Enable mode Type...

Page 58: ...PRI type MAINT SPAN TYPE 2 PRI 5 At the FS r w prompt type RESTART The Fail Safe terminated message appears and the Card restarts with the new Span settings and returns to the ETM prompt You may have...

Page 59: ...erver accepts connections from all Cards is 4313 If you changed the Management Server port from the default in the twms properties file you must configure the Card with the new port number To specify...

Page 60: ...efault to a lesser value including 0 seconds If the Enable mode timeout is not changed from the default you will enter Enable mode on subsequent login sessions To change the Enable mode timeout At the...

Page 61: ...provide the interface that connects the Appliance to a physical span entering a PBX on a customer s premises Switches represent the PBX from which the Appliances are monitoring calls Each PBX is repr...

Page 62: ...processing SS7 Groups and or NFAS b Move each Span to the switch with which it is associated c Configure SMDR NFAS and or SS7 via the switch Object d Configure the AAA Service s 7 Configure Managemen...

Page 63: ...rt the Applications on page 63 If you are running multiple application instances on the same computer see How to Start Multiple Application Instances on page 64 To start the applications Solaris Execu...

Page 64: ...re launched from the ETM System Console after you log in to the ETM Server Standalone Usage Manager You do not need this open during configuration but will want to verify connectivity Do one of the fo...

Page 65: ...regardless of whether multiple Report Server and Management Server instances are present The Performance Manager embedded Usage Manager client and Directory Manager are launched from the ETM System C...

Page 66: ...ter After you log in the first time you can authorize connections from other remote ETM Clients To define an ETM Server object 1 Open the ETM System Console 2 Right click ETM Management Servers and th...

Page 67: ...e tree 3 Repeat for each of the other Servers this ETM System Console will connect to The password for the default admin user account on the ETM Server was defined when the data instance for the Serve...

Page 68: ...You can also use a subnet mask or prefix to authorize a range of IP addresses for example 10 1 1 0 255 255 255 0 authorizes all Cards with a 10 1 1 x IP address You configured the Card with network c...

Page 69: ...formance Manager tree pane The Card name defaults to its MAC address you will assign a more recognizable name in a later procedure 6 To authorize a range of IP addresses click New and then click IP Ra...

Page 70: ...uthorized Cards 12 Click Close to save the changes and close the Authorized Cards dialog box Continue with the following If the ETM Server Cards and ETM System Console s are communicating continue wit...

Page 71: ...e txt is present in the ETM System installation directory for both the Management Server and the Report Server if remote If the ETM System components are communicating through a firewall firewall conf...

Page 72: ...can organize the Cards according to the Appliance chassis in which they are housed Although this step is optional it is recommended for uncluttering and organizing the display Appliances in the tree...

Page 73: ...hold down CTRL while clicking each Card and then right click the selection and then click Move Card s The Move Card s to Appliance dialog box appears listing all defined Appliances 2 Click the Applia...

Page 74: ...subtree right click the Card icon and then click Edit Card s To open the Multi Card Configuration dialog box Select multiple Cards as follows To select multiple adjacent Cards In the Platform Configu...

Page 75: ...annot be modified 2 In the Card Name box type a unique identifier for the Card Note that Cards are listed in the tree in ASCII order If you are using the Multi Card Configuration dialog box the Card t...

Page 76: ...he Card IP Subnet and Gateway IP Address were assigned to the Card during out of the box configuration at the Console port 8 Click the Remote Clients tab optional The Remote Clients tab is used to aut...

Page 77: ...n IPv4 address select Mask and type the subnet mask or select Prefix and type a prefix length 16 Click OK 17 Repeat the above steps for all authorized Telnet clients 18 The settings on the ETM Server...

Page 78: ...age sequence eliminating the possibility of a Card connecting to a rogue Server and thereby potentially impacting telecommunications service b The controls access to the security related Card settings...

Page 79: ...nd Confirm Enable Password boxes 20 Click OK to save the changes and download them to the Card Continue with one of the following If you need to install new software on the Card s see Card Software In...

Page 80: ...t render the Card unresponsive Should the Card become completely unresponsive a watchdog timer will normally cause the Card to automatically reboot If it does not and you believe the Card is completel...

Page 81: ...the Card inoperable The Card automatically reboots after the software is installed Observe the Status Tool and Diagnostic Log during the download If you believe the Card is completely unresponsive be...

Page 82: ...them and isolate the upgraded node until the issues are resolved To activate newly installed software on the proxy nodes 1 After pushing the software to the Call Processor in the Performance Manager t...

Page 83: ...figuration dialog box depend upon the type s of the Spans selected For example if you select two T1 PRI Spans the General Preferences Telephony Global Line Settings PRI and T1 Setup tabs are displayed...

Page 84: ...are user modifiable Name and Comment By default all Spans are named Span n where n is the Span s number on the Card 1 4 You should change the name to something unique or the tree display and monitorin...

Page 85: ...ETM System Administration and Maintenance Guide To configure Span preferences 1 In the Span Configuration dialog box click the Preferences tab 2 In the Logging area select the Log Appliance Debug Even...

Page 86: ...tions check box to prevent any calls from being terminated on this Span The Terminate Policy setting applies to enforcement of terminate Rules in Policies manual termination via the Call Monitor and t...

Page 87: ...nd call the Rule is skipped and processing continues with the next Rule in the Policy When an ambiguous call is encountered during an outbound call the Policy stops executing and no Tracks except logg...

Page 88: ...h corresponds with the timeout value of most telephone network switches If your network differs adjust this value accordingly This setting is used for outbound analog and T1 loop start and ground star...

Page 89: ...traffic Improper settings degrade or prohibit proper signal traffic cause false signal activity or impair Policy execution See At a Glance Reference Table to TDM Span Telco Settings on page 197 for re...

Page 90: ...source number collected from SMDR is used for Policy processing and is inserted into the database Augment The Span performs Policy processing with the source number in the signaling if it is present...

Page 91: ...the country code area code and phone number of the dedicated line number main switchboard number or some other recognizable unique number associated with the channel For readability the digits typed i...

Page 92: ...runk group for an adjoining group of channels click the first Trunk Group cell hold down SHIFT and then click the last cell and then type the trunk group When you click anywhere else on the dialog box...

Page 93: ...the Outgoing Numbering Format cell and then type the applicable tokens up to 40 characters Outgoing numbering format specifies the format of the MF or DTMF digits that the PBX sends to the telephone n...

Page 94: ...formation about Dialing Plans see Defining Dialing Plans in the ETM System Technical Reference The table below lists the valid Incoming Numbering Format tokens Note that multiple tokens can be specifi...

Page 95: ...cells 13 SS7 Bearer Spans only Each channel on an ISUP bearer trunk has an associated Circuit Identification Code CIC ranging from 0 to 16383 and is unique for each LPC RPC pair In the CIC field type...

Page 96: ...ted 3 Do any of the following as appropriate to the selected Spans In the Global Signal Type box click the down arrow to set the signal type for all selected Spans In the Enabled Status area select Se...

Page 97: ...ea select the Clear All Extensions box to clear all extensions from the Extension column of the Channel Map tab on all channels on all selected Spans In the Global Request SMDR area click the down arr...

Page 98: ...ly aggregates These locations include Signaling interface of a call server LAN side of an edge or WAN router DMZ port of a data firewall H 323 configuration provides the Appliance with VoIP interface...

Page 99: ...3 The Manual Inline check box controls whether the Span automatically goes inline after it is rebooted or restarted Select the check box to cause the Span to come up offline whenever it is rebooted o...

Page 100: ...r second for signaling The default is 50 signaling messages per second A Diagnostic Log message is generated when traffic exceeds this limit This can be useful for identifying possible threats such as...

Page 101: ...ts are to be dropped Or you might define Rules to block all traffic on port 80 but allow traffic on other ports To define a packet Rule a Click the New Packet Rule icon The Packet Rule dialog box appe...

Page 102: ...dialog box appears 5 Click the Interfaces tab The Interfaces tab contains NAT specific configuration settings 6 In the Port Range area type the number of ports to be reserved for media This number mu...

Page 103: ...erface c In the Media ports box type the starting port for the number of media ports you reserved The ending port field updates automatically 9 Click the Routes tab The Routes tab displays the routes...

Page 104: ...are labeled Ethernet 0 and Ethernet 1 Ethernet 0 on the Card corresponds to eth1 in the GUI Ethernet 1 corresponds to eth2 in the GUI f In the Metric field type an integer The default is 0 Metric is u...

Page 105: ...Settings on page 115 More Spans of the same type Importing Span Configuration on page 118 If all Span settings have been supplied continue with Installing Dialing Plans on page 119 The ETM 1090 Appli...

Page 106: ...he ASCII Management Interface for the VoIP Span SERVER COMM ON 1 Once communication is enabled between the Server and the Span the Span reconnects and reappears in the tree Continue with one of the fo...

Page 107: ...one of the following to match the setting at your PBX Basic Basic standard frame CRC4 Multiframe with Cyclic Redundancy Check 4 Non CRC4 Multiframe with no cyclic redundancy check 3 In the Line Coding...

Page 108: ...atically go inline after it is rebooted or restarted 8 Do one of the following If you are configuring E1 PRI Spans continue with PRI Specific Span Settings on page 112 E1 CAS Span configuration is com...

Page 109: ...raming Format must be set to the carrier s setting to ensure proper signal synchronization SF Super Frame ESF Extended Super Frame 3 In the Line Coding box click the down arrow and select the correct...

Page 110: ...ng the Loop Up Loop Down codes On T1 CAS Spans place the Span offline before setting pass through mode to On For normal operation use Off or Autodetect Note that when auto detect is used on T1 CAS lin...

Page 111: ...links continue with SS7 Signaling Link Specific Span Settings on page 115 If you are configuring T1 CAS or SS7 bearer Spans Span configuration is complete Click OK to save the settings and close the d...

Page 112: ...down arrow and then click the applicable variant type The following protocol variants are supported on E1 EuroISDN DASS2 DPNSS If you select DPNSS select the applicable glare setting in the DPNSS Gla...

Page 113: ...tion Valid values are and is not supported for DASS2 protocol variant 5 The DPNSS Glare Setting applies only if you selected DPNSS as the protocol variant If you selected any other protocol variant le...

Page 114: ...k the down arrow and then select the TON for the number you specified in the Modify Calling Party Number box National International Subscriber or Unknown 7 PRI Span configuration is complete Click OK...

Page 115: ...Span 1 Port 4314 Span 2 Port 4315 Span 3 Port 4316 Span 4 Port 4317 To change the port number in the Signaling Link Listener Port box type or select the port for these signaling links IMPORTANT Each S...

Page 116: ...the Signaling Link data channel 7 Fully associated SS7 signaling link configuration is complete Click OK to save the settings and close the dialog box A message appears asking whether you want to dow...

Page 117: ...lues are 1 24 on T1 and 1 30 on E1 In each of the Time Slot For Link n boxes type or select the time slot associated with the Signaling Link data channel 7 Dedicated SS7 signaling link configuration i...

Page 118: ...and then click Edit Span s 2 Click Import The Import Span Attributes dialog box appears Only Spans of the same type appear as import choices 3 Click the Span whose attributes you want to apply to the...

Page 119: ...propriate sections according to your Appliance locale See About Dialing Plans in the ETM System Technical Reference available from the SecureLogix directory on the Start menu Windows systems or the ET...

Page 120: ...er installation directory appear 5 Click the LNP file that represents the Local Numbering Plan for this Appliance locale and then click OK 6 In the Dial Plan Configuration dialog box be sure that inst...

Page 121: ...DR configuration fields and enables NFAS and SS7 Group definition 2 Move all Spans that are to use the SMDR data AAA tokens Access Codes Protected Extensions NFAS and or SS7 groups to the Switch 3 Do...

Page 122: ...o Configuration subtree right click the Span point to Move Spans and then click To Switch To move multiple Spans at once hold down CTRL or SHIFT while selecting the Spans and then right click the sele...

Page 123: ...l record in the database with additional call information such as access codes when the call ends Or you can use the real time call information for policy processing but replace the data in the databa...

Page 124: ...the ETM System Technical Reference for detailed instructions for defining a new file Access codes can also be extracted from SMDR and correlated with listings in the ETM Directory Before you can modi...

Page 125: ...f the PBX SMDR serial port Options are 300 1200 2400 4800 9600 19 2k 38 4k and 57 6k and 115 2k b In the Data Bits box click the down arrow and select value that matches the corresponding settings on...

Page 126: ...the IP address of the host sending the SMDR Click New and then type the IP address of the SMDR source Optionally repeat to specify a backup source if your network is configured with one c In the Port...

Page 127: ...what the offset should be Otherwise it is highly likely that excessive drift over time will impair the Server s ability to resolve SMDR requests Raw Access Codes can be extracted from SMDR and then c...

Page 128: ...the dialog box click the tab 2 Below the box click The dialog box appears 3 In the Remove this digit sequence from the start of the extension box type one or more digits to be matched and then removed...

Page 129: ...he line 9 Click OK to close the Switch Properties dialog box and apply the settings No changes are saved or applied until you click OK Suppose the telephone company in San Antonio Texas has assigned a...

Page 130: ...ng If you are configuring T1 PRI Spans that use NFAS Groups proceed to Defining NFAS Groups on page 131 If not see the next bullet If SS7 Signaling will be used on this switch see Defining SS7 Groups...

Page 131: ...itch and then click Manage NFAS Groups The NFAS Group for Switch dialog box appears If you do not have a switch defined see Creating a Switch on page 121 2 Click New The New NFAS Group dialog box appe...

Page 132: ...to NFAS Group dialog box appears 6 Click the NFAS Group to which these Spans are to belong and then click OK The Spans move to the selected NFAS Group in the Telco Configuration subtree To view the m...

Page 133: ...cate IMPORTANT Internal system resources reserve up to 8 ports starting at the assigned base TCP IP port If two or more Spans on the same Card carry a primary or back up D channel for different NFAS G...

Page 134: ...all messaging associated with the SS7 Bearer Spans Each SS7 Bearer Span can be present in only one SS7 Group however SS7 Signaling Links can be present in multiple Groups because they can be shared by...

Page 135: ...Group The SS7 Group Properties dialog box appears a The SS7 Group Name box contains the name that you gave the Group when you created it To rename the group type a different name b In the Local Point...

Page 136: ...inks dialog box appears 1 In the Exclude box double click the Signaling Link s associated with the Bearer Spans in this SS7 Group or click it and then click the right facing arrow The Signaling Link s...

Page 137: ...In the Telco Configuration subtree the Spans move to the selected SS7 Group Continue with one of the following If you are using AAA services for the Voice Firewall see the procedure below to configure...

Page 138: ...rver on page 68 Configuring the AAA Service consists of the following tasks described in detail in the procedures below 1 Name the AAA Server and add a comment if desired 2 Select message types for va...

Page 139: ...file is saved in the ETM System installation directory on the Management Server computer at the following path INSTALL_DIR debug macaddress_Spannumber_uniqueid dbg To enable debug logging for the AAA...

Page 140: ...AAA Service Configuration dialog box click the Messages tab 2 In the Message Type column click the down arrow of the message you want to configure and then click the desired option The table on the fo...

Page 141: ...cording Error Tone None Phone Number Prompt Prompts the user to enter the phone number of the modem to be accessed Voice Recording Prompt Tone None Pin Code Prompt Prompts the user to enter the PIN fo...

Page 142: ...10 Lockout duration 1 day 1 minute 10 weeks Clear failed authorization records older than 1 hour 10 minutes 4 weeks Maximum authorization attempts per session 3 1 10 Maximum time for data entry 30 se...

Page 143: ...unt of time the AAA Server stores a record of a failed authorization attempt from 10 minutes to 4 weeks The default is 1 hour 4 In the Maximum authorization attempts per session box type or select fro...

Page 144: ...ncryption 3 In the DES Key String box change the passphrase for Span AAA Service communication if desired The passphrase in the twms properties file in the ETM System installation directory is used by...

Page 145: ...ith which this AAA Service is associated The Switch es move s to the Include box b Click OK You are returned to the AAA Service Configuration dialog box The selected Switch es appear s in the Local Sw...

Page 146: ...dem Diagnostics area displays the results of the modem scan 3 In the Enabled column clear any modems that you want to disable All modems displayed on this tab are enabled by default 4 In the Speaker u...

Page 147: ...g box Click Import The Import AAA Service Attributes dialog box appears 3 Click the AAA Server whose attributes you want to import and then click OK You are returned to the AAA Service Configuration d...

Page 148: ...The ETM Server is a background processing engine that controls the ETM Appliances and integrates the ETM System components with your data network As a security feature connections from remote client a...

Page 149: ...ange of IP addresses click New and then click IP Range The Client Hosts dialog box appears 7 In the IP Address box type the IPv4 or IPv6 base address 8 If you typed an IPv6 address click the down arro...

Page 150: ...with the path to the Oracle client tools used to import listings and city state data from external files See Specify the Path to the Oracle Client Tools on page 152 Each ETM Server is associated with...

Page 151: ...key for encrypted communication between the Report Server and the Management Server This key must always be in sync between the ETM Server and Report Server because the initial negotiation is always e...

Page 152: ...n click Servers ETM Server Data Management The Data Management Tool appears 2 On the Oracle Client Tools tab click Configure The Specify Oracle Client Tools Location dialog box appears Specify the Pat...

Page 153: ...ersion of the ETM System was released it contained the latest city state data However this information is updated regularly and must be reimported to remain current Updated files are available periodi...

Page 154: ...Start Update Congratulations If you have completed the sequence of procedures described in the preceding sections the ETM System is installed and configured You are ready to perform telephony service...

Page 155: ...circuits be wired correctly when connected to the ETM Appliance or calls may not be properly recognized It is particularly important when using Ground Start on the 1012 1024 analog Appliances that tip...

Page 156: ...ou connect the telco cable to the powered on Appliance For digital Spans on any Appliance type place the Span inline by typing the following series of commands via Console connection Telnet or the ASC...

Page 157: ...r other necessary actions Depending on the line characteristics and signaling type the threshold values may need to be tweaked to properly follow hook state throughout the call The POTS DEBUG ETM Comm...

Page 158: ...lace the Spans inline To place the Spans inline Type the following series of commands via a Console connection or the ASCII Management Interface for the Span SPAN INLINE RESTART To open the ASCII Mana...

Page 159: ...EDs are illuminated no trunks are in alarm Online All LEDs are illuminated green 3 View the CSU s and PBX and verify that both are free of alarm lights and appear to be operating normally 4 Follow a c...

Page 160: ...nated green indicating communication between the Controller Card and Digital Trunk Interfaces PMC Illuminated green indicating communication between the Controller Card and the DSP Mezzanine Card Stat...

Page 161: ...elogix com for assistance if necessary For instructions for bypassing the SIP Appliances and the SIP AXP solution see the SecureLogix Knowledge Base IMPORTANT These bypass procedures only affect the t...

Page 162: ...message reporting a potential configuration error should not be ignored For example the message Possible configuration error on channel x indicates potential Span configuration errors for signaling o...

Page 163: ...Dialing Plans SECURITY Indicates both authorized and unauthorized access connection and configuration change events START STOP Occurs when a Card or the Server is shut down or initialized TELCO Provi...

Page 164: ...e of the following In the Telco Configuration subtree right click a switch or one or more Spans and then click Call Monitor In the Platform Configuration subtree right click one or more Appliances Car...

Page 165: ...Voice Firewall User Guide for instructions for defining and using Voice Firewall Policies and AAA Services Refer to the Voice IPS User Guide for instructions for defining and using Voice IPS Policies...

Page 166: ...166 Step 4 Telephony Service Cutover...

Page 167: ...CPU 200 MHz Motorola MPC8241 Bus speed 100 MHz Asynchronous Bus PCI Bus speed width 33 MHz 32 bit DSP 4 x 200 MHz Texas Instruments TMS320VC5510 RAM 64 MB SRAM NVRAM 256 bytes for configuration param...

Page 168: ...ture 4 to 158 F 20 C to 70 C Number of Lines 12 24 REN 0 1B Reporting ETM Management Server Diagnostic Messages Line Supervision Types Loop Start Ground Start Loop Reverse Battery for DID only Address...

Page 169: ...1012 1024 Appliances are provided below Note The Ethernet Console and Auxiliary port connectors are identical to those on the 2100 3200 The VoIP port connectors Ethernet 0 and Ethernet 1 are identical...

Page 170: ...annel 11 to Network 12 Orange Black Ring Channel 12 to Network 37 Black Orange Tip Channel 12 to Network 13 Green Black Ring Channel 13 to Network 38 Black Green Tip Channel 13 to Network 14 Brown Bla...

Page 171: ...Orange Black Ring Channel 12 to CPE 37 Black Orange Tip Channel 12 to CPE 13 Green Black Ring Channel 13 to CPE 38 Black Green Tip Channel 13 to CPE 14 Brown Black Ring Channel 14 to CPE 39 Black Brow...

Page 172: ...eters Ethernet Data Network Interface RJ 45 10 Mbps or 100Mbps Serial Port 9 pin D connection Parallel Port 25 pin D connection Modem Ports 2 or 4 RJ11 ports PS 2 Port keyboard connection PS 2 Port mo...

Page 173: ...tors on the ETM 1050 Appliance used for ETM System operation is described below Only elements used for ETM System operation are labeled in the above illustration A power LED not shown appears on the f...

Page 174: ...Set Ready 2 RxD Receive Data 7 RTS Request to Send 3 TxD Transmit Data 8 CTS Clear to Send 4 DTR Data Terminal Ready 9 RI Ring Indicator 5 GND Signal Ground Four standard RJ 11 modem ports are provid...

Page 175: ...eed 100 MHz Asynchronous Bus PCI Bus speed width 33 MHz 32 bit DSP 4 x 200 MHz Texas Instruments TMS320VC5510 RAM 64 MB with ECC SRAM NVRAM 256 bytes for configuration parameters Ethernet Data Network...

Page 176: ...to 40 C Storage Temperature 4 to 158 F 20 C to 70 C EMI EMC FCC Part 15 ICES 003 EN55022 EN55024 CISPR 22 Safety CB Scheme EN IEC60950 UL cUL 60950 Marks and Approvals FCC Part 15 Industry Canada CE M...

Page 177: ...terface RJ 45 10 Mbps or 100Mbps Console and SMDR CDR Interfaces 2 RJ 45 RS 232C DCE Asynchronous up to 115 kbps Expansion Slots 2 standard size PMC daughter board with front panel I O access Telephon...

Page 178: ...rame Red RAI Yellow AIS Blue Reporting Panel LEDs Network CO Red and Yellow CPE PBX Red and Yellow ETM Management Server Diagnostic Messages Line Supervision Types Loop Start Ground Start Wink Start I...

Page 179: ...0 Appliance are identical to those in the ETM 2100 3200 Appliances The VoIP port pinouts are identical to the Ethernet port The Network and CPE ports are identical to the CO and PBX ports on the 2100...

Page 180: ...he back of the Appliance The following are the technical specifications for the ETM 2100 and 3200 Controller Cards CPU 250 MHz Motorola 8240 or 266 MHz 8245 declocked to 250 MHz Bus speed 100 MHz Asyn...

Page 181: ...typical 3 board sets 344 0 BTU hr typical 4 board sets 450 4 BTU hr typical Fuse DC 8A 250V Connection DC screw lug terminals Power Supply Dual redundant hot swappable Dimensions 2100 1 75 H x 17 5 W...

Page 182: ...p Start Ground Start Wink Start Immediate Start ISDN PRI R1 Address Signaling Types DTMF MF and Pulse Dialing Signaling Protocols DID DNIS ANI Caller ID ISDN Variants N A PRI NI 2 4ESS 5ESS DMS100 Eur...

Page 183: ...t show the status of the system The illustration below shows the access panel of the Controller Card The Digital Trunk Interface connects to the telephone lines via 8 RJ48 telco connectors 2 per Span...

Page 184: ...N C Not Used 2 Tx Transmit 6 Rx Receive 3 Rx Receive 7 N C Not Used 4 N C Not Used 8 N C Not Used A standard RJ 45 jack is provided on each 1012 1024 and 1090 Appliance and 3200 and 2100 Controller C...

Page 185: ...ansmit 2 T1 Tip 1 Receive 6 N C Not Used 3 N C Not Used 7 N C Not Used 4 R Ring Transmit 8 N C Not Used Each Digital Trunk Interface at the back of the Appliance has 4 pair of RJ 48 connectors 1 pair...

Page 186: ...186 Appendix A Appliance Technical Specifications Connectors and Pinouts...

Page 187: ...rst removing the Controller Card to which it is connected Removing a Digital Trunk Interface without first removing the Controller Card can damage both Cards and or the chassis Review the following pr...

Page 188: ...moved and replaced without disrupting the operation of other components in the Appliance The Controller Card and Digital Trunk Interface work together as a unit and require a specific ordered procedur...

Page 189: ...should face up 3 Flip the latches inward and install the screws to secure the Digital Trunk Interface 4 After installing the Controller Card as described below see Connecting the Telco Cable s on page...

Page 190: ...its slot b At the front of the Appliance insert the Controller Card into the slot that corresponds to the Digital Trunk Interface The components on the Card should face up c Flip the latches inward an...

Page 191: ...load a software package to a Card it is imperative that you do not reboot or power cycle the Card until the upgrade is complete or the firmware may become corrupted rendering the Card inoperable The C...

Page 192: ...you type the command to place it inline it goes inline when you restart it e Repeat for each Span 11 Move the Card to the correct Appliance and the Span s to the correct switch and Span Group s If th...

Page 193: ...rn the old Card to SecureLogix In the ETM 3200 Appliance if one of the power supplies fails the second power supply can temporarily handle the load while you replace the failed unit You can also quick...

Page 194: ...ring from Card software errors or changing the Span type can be performed in Fail Safe mode Fail Safe mode may be required for example if the power goes off in the middle of downloading a file to the...

Page 195: ...ort to the appropriate serial port on your terminal 2 Start the terminal emulation application such as HyperTerminal on your terminal Configure your terminal using the following serial port settings 1...

Page 196: ...ription of each menu option The Fail Safe menu offers six options Type the number of the option at the prompt 1 Enter Fail Safe ETM Shell Displays the FS r w prompt at which you can execute a limited...

Page 197: ...ring Caller ID Channel Map T1 CAS Analog Indicates whether Caller ID is available on the channel for determining source number on inbound calls This check box must be selected or Caller ID will not be...

Page 198: ...ans this field determines whether incoming calls use Direct Inward Dialing DID or normal address digit dialing On T1 CAS Spans this field indicates which DTMF or MF strings are present and the order i...

Page 199: ...specify a timeout value Outgoing Numbering Format Channel Map Analog T1 CAS SS7 For outgoing calls specifies the format for dial pulse MF or DTMF digits sent by the PBX to the telephone network durin...

Page 200: ...oming digit tone type associated with each channel during ANI DNIS or DID transmission Affects Policy enforcement and logging Trunk Group Channel Map All except AAA and SS7 signaling links Optional se...

Page 201: ...will be used This directory is referred to as ETM_DB_DIRECTORY in this document ETM_DB_DIRECTORY adhoc ETM_DB_DIRECTORY arch ETM_DB_DIRECTORY bdump ETM_DB_DIRECTORY cdump ETM_DB_DIRECTORY create wher...

Page 202: ...s you to conform to a specific naming convention it is not necessary to change the default file names of the data files Redo log files The scripts create three redo log files redo01 log redo02 log red...

Page 203: ...attention to conditions related to the Dialing Plan Voice Firewall Policy Management Server interface T1 or PRI status Fail Safe Mode and Card temperature When LEDs indicate error conditions you can i...

Page 204: ...ng Plan File access error Allocation error Bad range or entry in file Range start greater than range end Unknown file name Algorithm ID out of range no match string or no substitution string DID Polic...

Page 205: ...ff if the DSP Mezzanine Card is not present Green indicates that the DSP Mezzanine Card is operational Red indicates that the DSP Mezzanine Card has an error Alarm Rear Off during normal operation Red...

Page 206: ...of range no match string or no substitution string DID Management Server interface Initially set to indicate Card Server socket is not established Loss of Server socket connection Cabinet Card tempera...

Page 207: ...ering 144 security 142 user lockout 143 Appliance 13 14 15 16 30 49 50 51 52 53 54 57 61 68 72 73 74 76 79 1012 156 Auxiliary SMDR CDR port 184 connectors and pinouts 169 Console serial port 184 CPE c...

Page 208: ...pecifications 180 3200 14 158 159 Auxiliary SMDR CDR port 184 CO port 185 connectors and pinouts 184 Console serial port 184 Ethernet connector 184 technical specifications 180 bypassing 161 creating...

Page 209: ...ling 31 instance 36 default 38 Oracle Client Tools 32 ORACLE_BASE 201 ORACLE_HOME 201 ORACLE_SID 201 OracleService 202 remote servers 32 scripts 201 tables 36 Database Repository 33 DES Key 54 71 78 7...

Page 210: ...ftware 21 22 Solaris 23 Windows 25 license 57 Management Server 21 148 communication through a firewall 42 43 47 connecting through a firewall 41 license 29 location 14 see ETM Server 67 starting 63 T...

Page 211: ...country code 88 DTMF detection 86 E1 107 extension map 91 format precedence 95 format tokens 93 95 heartbeat interval 86 importing configuration 118 incoming numbering format 94 inline 158 licensing...

Page 212: ...Access Code Set 127 associating an Access Code Set 124 configuring 124 offset 127 SMDR 124 SMDR extension conversion 128 SMDR Provider 125 Spans 122 T1 109 TCP IP 21 telco cables 156 telephony service...

Reviews: