1531-DBC 422 02 Uen B3 2013-12-02
58
I
NSTALLATION
7.21.2 UDP
Filtering
All the UDP ports that are not used, can be blocked for security reasons.
For a description of all UDP and TCP ports, see 7.18 Selection of trans-
port address (port numbers) on page 49.
The default value is that the UDP filtering is enabled, but can be disabled
with a parameter in the configuration file, see description of Configura-
tion File for DBC 42x.
7.21.3 TCP
filtering
All the TCP ports that are not used, can be blocked for security reasons.
For a description of all UDP and TCP ports, see 7.18 Selection of trans-
port address (port numbers) on page 49.
The default value is that the TCP filtering is enabled, but can be disabled
with a parameter in the configuration file, see description of Configura-
tion File for DBC 42x.
7.21.4 SRTP
Secure RTP, SRTP (RFC 3711), is supported by DBC 42x 02 phones.
The supported encryption algorithm is AES 128 (Advanced Encryption
Standard) in counter mode for SRTP and SRTCP. HMAC_SHA1_80 is
supported for SRTCP.
Media encryption is negotiated using H.245 i. e. both the capability as
well as the keys. (The key negotiation phase is based on H.235.8).
The following codecs have SRTP support: G.711
Α
-law, G.711 µ-law,
G.723.1, G.729a and G.729ab.
Beside the possibility to enable/disable TLS and SRTP via the phone
configuration file, SRTP can be temporary disabled for a certain phone
via a SSH command.
7.22
LAN access control (according to
IEEE802.1x)
The IEEE802.1x standard is used for port access control authentication.
The LAN must support IEEE802.1x signalling and there must be a
RADIUS server handling the authentication, according to EAP-MD5. The
system administrator, or the end-user, enters the user identity and the
password into the phone and if the authentication is successful, the
phone gets access to the LAN and continues with the ordinary boot
sequence.
