Voice and Video
23.2 Media Classification for Voice and Video Calls
SCALANCE W1750D UI
Configuration Manual, 02/2018, C79000-G8976-C451-02
381
STUN Based Media Classification
STUN based media classification requires the ACLs permitting signaling sessions without
the classify-media flag. However, it requires an implicit deny firewall rule for User Datagram
Protocol (UDP) to be activated. All other traffic that should be allowed in the network must be
explicitly configured using ACL rules.The AP automatically allows firewall sessions for voice
and video calls made from Skype for Business and Apple Facetime. For all other S4B and
Facetime applications like desktop sharing and file transfer, the corresponding ports must be
explicitly opened by using ACL rules.
Before media transmission, a VOIP client initiates a Session Traversal Utilities for NAT
(STUN) connectivity check. Sessions created by STUN are subjected to media classification
that classifies the media as Real-time Transport Protocol (RTP) or non-RTP. The firewall
automatically allows the RTP session on the AP and denies the non-RTP sessions.
The following CLI example shows the STUN based media classification for Skype for
Business:
(scalance)(config)#wlan access-rule example_s4b_test
(scalance)(example_s4b_test)# rule alias <domain_name_for_S4B_server> match tcp 443
443 permit
(scalance)(example_s4b_test)# rule any any match tcp 5223 5223 permit
(scalance)(example_s4b_test)# rule any any match tcp 5061 5061 permit
(scalance)(example_s4b_test)# rule any any match any any any deny
(scalance)(example_s4b_test)# end
(scalance)# commit apply
Note
The Type of Service (ToS) values for calls prioritized using the above mentioned media
classification types will always carry a ToS of 40 fora voice session and 48 for a video
session.